By using the Conectoo application, the Provider and the Beneficiary of the application - hereinafter referred to individually as the Party and collectively as the Parties – have agreed on the following terms and conditions (the Contract):
Subscriber – shall refer to the recipient, identified by means of his/ her e-mail address in a database owned by the Beneficiary, used within the Conectoo Platform, in observance of the legislation in force;
Sent E-mails – shall refer to the messages sent by the Beneficiary to the Subscribers, through the Conectoo Platform;
Conectoo Startup – shall refer to the manner of collaboration that is based on a free-of-charge subscription to the Conectoo Platform throughout the collaboration, for a maximum number of 2,000 single subscribers imported in the platform and a number of 12,000 e-mails sent monthly;
Conectoo Express – shall refer to the manner of collaboration that is based on the issue of a monthly invoice for the number of e-mails sent by the Beneficiary and an additional monthly fee for the maintenance of the IP allocated by the Provider to the Beneficiary;
Dedicated IP – shall refer to the paid allocation of a unique internet protocol address to the Beneficiary by the Provider, to be used exclusively for sending e-mails through the Conectoo Platform;
Conectoo Platform – shall refer to the technical system operated by S.C. Conversion Marketing S.R.L., made available to the Beneficiaries at www.conectoo.ro and www.conectoo.com, together with all relevant information and specific tools required for them to be able to use the Conectoo Service – to enable them to send messages. The Conectoo Platform allows:
- Managing information about the Subscribers and the messages of the Beneficiary;
- Drafting messages by the Beneficiary using the templates;
- Managing the forwarding of messages to the Subscribers, at the request of the Beneficiary;
- Collecting and reporting further information concerning the submission of messages;
Spam – shall refer to the submission of unrequested electronic messages. A message sent to any of the e-mail addresses in the Subscriber list is considered unrequested if the Beneficiary obtained such e-mail address by any means other than by direct subscription request from its holder, expressed explicitly and prior to the submission of the first message.
First month of the subscription– shall refer to the calendar month during which the Contract is concluded;
Newsletter – shall refer to a commercial message sent electronically using the Conectoo Platform, according to the provisions concerning personal data protection and free movement of such data;
“Processing”, “Processor”, “Person authorized by the Processor”, “Subject”, “Personal data”, “Special categories of personal data”, “Personal data breach” shall have the same meaning as in the applicable legislation on data protection;
“Supervisory Authority” shall mean: (a) an independent public authority set up by a Member state on the grounds of Article 51 of the GDPR and (b) any similar regulatory authority in charge of enforcing the Legislation on Data Protection;
“Personal data from the Beneficiary” shall mean any Personal Data processed by Conectoo on behalf of the Beneficiary, based on or with regard to the Contract;
“Applicable legislation on Data Protection” shall refer to Law No. 677 of 21 November 2001 for the protection of natural persons with regard to the processing of personal data and free movement of such data, as amended and supplemented, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (GDPR), any law implementing the GDPR or regulating personal data protection in Romania, as well as any decision, order, regulation or piece of legislation issued by the Supervisory Authority or other competent authorities, meant to protect fundamental rights and freedoms of the Subjects and, in particular, their right to privacy with regard to the processing of Personal Data, applicable in Romania;
“Services” shall mean the services to be provided by Conectoo to the Beneficiary, in line with the Contract.
2. SUBJECT MATTER OF THE CONTRACT
2.1. The Subject Matter of the Contract consists in the provision of e-mail marketing services for the benefit of the Beneficiary, so as to allow the Beneficiary to send messages to the Subscribers through the Conectoo Platform.
2.2. The e-mail marketing services provided to the Beneficiary are the following:
a) use of the Conectoo Platform to manage information about Subscribers and messages;
b) ensuring availability of one or several IPs for the submission of messages;
c) administration by the Providers of the hardware and software infrastructure referred to in paragraphs a) and b);
d) monitoring the submission of messages and instant or periodic reporting of errors caused following the integration with external IT systems, as well as reactive reporting of any blacklisting;
e) consultancy services with regard to the e-mail marketing activity;
f) developing customized e-mail templates, according to the requirements of the Beneficiary;
g) graphic design services for newsletters;
h) management services for e-mail marketing, for the benefit of the Beneficiary;
i) other e-mail marketing related-activities.
3. GENERAL PROVISIONS
3.1. The Conectoo platform may be used on a monthly subscription basis (Conectoo Business), or on a per e-mail sent basis (Conectoo Express).
3.2. The monthly subscription fee paid by the Beneficiary to the Supplier for the use of the Conectoo Platform shall be as follows:
Number of Subscribers
(up to 12,000 emails sent on a monthly basis)
10,001 – 25,000 subscribers
25,001 – 50,000 subscribers
50,001 – 100,000 subscribers
Over 100,000 subscribers
* It is forbidden to use several free clone accounts (several accounts of the same user, website, commercial company or campaign). Conectoo reserves the right to deactivate any identified clone accounts. 3.3. Using the Conectoo Platform on a per e-mail sent basis (Conectoo Express) means that the Beneficiary shall pay a monthly cost for the maintenance of the IP allocated to it by the Provider. The costs are:
Rate per e-mail sent
150 / month
4. RATES AND PAYMENT
4.1. The Beneficiary shall pay to the Provider a monthly subscription fee for a Conectoo Business subscription for a maximum number of 100,000 unique Subscribers imported to the Conectoo Platform. Beyond this number, the rate shall be negotiated, based on the number of e-mails sent monthly and the number of unique subscribers.
4.2. The Beneficiary is under the obligation of making full payment of the subscription fee, irrespective of whether or not it made use of the Conectoo Services during the respective month.
4.3. Invoicing shall be done as follows:
a) for the first month of the subscription, the invoice shall be issued in advance, based on the number of days left from the conclusion of the Contract to the end of the month;
b) at the end of each calendar month, an invoice shall be issued covering the subscription fee in full, in advance, for the following month.
4.4. The Provider shall issue a tax invoices in RON, using the RON/ EUR exchange rate published by the National Bank of Romania on the date of the invoice, and shall send it to the Beneficiary.
4.5. The Beneficiary may use the selected Conectoo Platform only after the Provider has collected the first payment under the Conectoo Business subscription in full.
4.6. Subsequently to making the payment for the first month of the subscription, the Beneficiary shall pay for the Conectoo subscription within 15 (fifteen) days of the issue of the invoice by the Provider. The Provider reserves the right to suspend its services without prior notice in case the Beneficiary does not make payment within 15 (fifteen) days of the issue of the invoice.
4.7. Given the nature of the services provided, since the Beneficiary is able to use the Conectoo Platform immediately after making the payment, the Beneficiary acknowledges and expressly agrees that the right of withdrawal within 14 days following the provision of the Service, provided for in Directive 2011/83/EU of the European Parliament and of the Council of 25 October 2011 on consumer rights - transposed in the national legislation through Emergency Ordinance No. 34/2014 on consumer rights in contracts concluded with professionals, amending and supplementing certain normative acts - shall not apply in the case of the Conectoo Service, in line with the exceptions referred to under Article 16 (including Article 16, letters a and m) of the Directive and of Emergency Ordinance No. 34/2014.
4.8. In case the 300 GB/IP/month cap is exceeded, an amount of EUR 0.7 shall be charged for each additional GB of data traffic.
5. RIGHTS AND DUTIES OF THE BENEFICIARY
5.1. Aside from all other rights set forth herein, the Beneficiary shall have the following rights:
a) to use the Conectoo Platform to send messages in observance of this Contract;
b) to use Subscriber lists within the Conectoo Platform, in full observance of the legislation in force.
5.2. Aside from all obligations set forth herein, the Beneficiary shall have the following obligations:
a) not to use the Conectoo Platform to send any unrequested messages (Spam), irrespective if the purpose of the message is commercial or non-commercial.
b) not to contribute to disseminating electronic messages containing or promoting any materials hazardous to the IT equipment of the recipient or containing obscene or indecent language, illegal, intimidating, abusive, indecent, racist, or chauvinistic messages, or which might be discriminatory towards any individual in any manner, or which would infringe in any way or to any extent any standard or regulation in force;
c) to observe all duties stipulated hereunder and in the applicable legislation in force pertaining to the activity carried out, including, but without limitation to the legislation in force in the field of electronic communication and the legislation on personal data protection;
d) to pay to the Supplier, in observance of the deadline set hereunder, the amount of the Conectoo Business subscription fee, as well as any other e-mail marketing fees ordered by it;
e) not to provide access to the Conectoo Platform to un-authorized persons or entities, bearing responsibility for the consequences of such un-authorized access to the Conectoo Platform. In case there is a breach of security or the Beneficiary notices any un-authorized access to their account, the Beneficiary is under the obligation of notifying the Provider immediately, providing all relevant details about the incident;
f) not to take any actions which could cause damage, including reputational damage, to the Provider;
g) to hold all intellectual property rights on all materials (texts, images, files) sent through the messages and to be accountable for the content thereof.
6. RIGHTS AND DUTIES OF THE PROVIDER
6.1. Aside from the other rights set forth herein, the Provider shall have the following rights:
a) to check, at any time, the observance by the Beneficiary of the Contract, and of the legal provisions in force, and to suspend, at any time, the provision of the e-mail marketing services, if the Beneficiary fails to meet this obligation;
b) to use the logo and brand of the Beneficiary for marketing purposes;
c) to amend, at any time, the Contract, the commercial policy and the rates, as it considers fit. Any amendment of the rates shall operate immediately upon notification of the Beneficiary.
d) to suspend the provision of e-mail marketing services to the Beneficiary whenever there is suspicion or proof that the Beneficiary is infringing the provisions hereof.
6.2. Aside from the other right set forth herein, the Provider shall have the following duties:
a) to allow the Beneficiary to have access to the Conectoo Platform enabling it to send messages, in exchange for the rates agreed hereunder;
b) to ensure proper operation of the Conectoo Platform and to repair, as fast as possible, any error or technical problem;
c) to inform the Beneficiary prior to any maintenance works on the Conectoo Platform;
7.1. The liability for the content of the messages rests solely with the Beneficiary;
7.2. In case of any delay in the payment of the invoices due, the Beneficiary is in default by operation of law, and must pay default penalties of 0.5% per day of the total amount of the invoice issued. Aside from the right to apply default penalties for non-observance of the payment deadlines set forth herein, the Provider is entitled to suspend the provision of the Service until all due payment are made by the Beneficiary, including any compensations and/ or any penalties.
7.3. For any payment obligation, the Beneficiary shall be deemed in default by operation of law, without any prior notification from the Provider, as of the date on which the payment obligation becomes due.
7.4. The Provider is entitled to direct any amount received from the Beneficiary towards cover any of the outstanding amounts owed by the Beneficiary, without taking into account the destination indicated by the Beneficiary for the payment.
7.5. In case of failure by the Beneficiary to observe any obligation set hereunder, the Provider is entitled to suspend the provision of the Service or to interrupt the Service, without any formalities or without the intervention of any court of law, until the repair/ fulfilment of the obligation by the Beneficiary.
7.6. The Provider shall not be held liable by the Beneficiary for any damages - direct, indirect, current or potential - or for any loss of profit, including (for example, but not limited to): financial loss, loss of revenue or profit, loss of clients or any other type of loss or damage of any nature and for any reason, if it is a result of the suspension and/ or termination of the Service.
8. CONFIDENTIALITY OF THE INFORMATION
8.1. The Parties acknowledge that, in consideration of the provision of the Conectoo Service, the following information shall become confidential, subject to the confidentiality agreement undertaken herein:
- access data of the Beneficiary to the Conectoo Platform;
- all information related to the Subscribers of the Beneficiary.
9. INTELLECTUAL/ INDUSTRIAL PROPERTY RIGHTS
9.1. The Beneficiary declares and acknowledges that the technology and know-how – whether patented or not - incorporated in the Conectoo Platform and in the Conectoo Service are and shall remain property of the Provider. Therefore, the Beneficiary acknowledges and agrees that the Provider holds all intellectual property rights concerning the Conectoo Platform and the Conectoo Service and, that, except for the right to use the Conectoo Platform and the Conectoo Service, and that, on condition that all obligations herein are observed in full, it does not acquire any other right with respect to the Conectoo Platform and/ or the Conectoo Service.
9.2. The Beneficiary acknowledges and undertakes to observe at any time the property right of the Provider on the Conectoo Platform and on the Conectoo Service;
9.3. The Beneficiary declares and warrants that it holds all rights (including intellectual property rights) and authorizations required to send the messages and undertakes full responsibility for the content thereof and is solely responsible in case of infringement of any intellectual property rights or any other third-party rights in connection to the content of the Newsletter. In case the Provider receives a notification or a complaint from a third party, the Provider shall forward it to the Beneficiary, which shall be solely responsible for correcting the situation and indemnifying the affected third parties, as well as the Provider for any costs or damages incurred.
10. TERMINATION OF USE OF SERVICE
10.1. The Parties may terminate this Contract unilaterally, by sending a 30-day prior notification to the other party. The termination shall operate after the expiry of the 30-day period following the receipt of the notification.
10.2. In case of suspicion and/ or non-observance by the Beneficiary of any obligation set for it under this Contract, the Provider, as it deems fit, may notify the Beneficiary about the termination of provision of the Conectoo Service, which termination shall operate immediately, by operation of law, without any other formalities and without the intervention of any court of law, the Beneficiary being directly responsible for any damage generated. In case of contract termination for such provisions, the Beneficiary shall lose any right to request reimbursement of the amounts paid in advance.
11. SPECIAL CLAUSES
11.1. The Beneficiary shall guarantee and shall hold the Provider harmless against any claims, actions, causes of action, suits, damages, liabilities, obligations, costs and expenses (including, but without limitation, any legal fees, in-house conciliation costs, court litigation expenses, hereinafter collectively referred to as Losses) which can be attributed or which are corelated with the infringements by the Beneficiary of this Contract and any other liability claim.
11.2. The conclusion of this Contract and/ or the use by the Beneficiary of the Conectoo Platform is equivalent to acknowledging that the Beneficiary read, understood and agreed with the provisions hereunder and with the Terms and Conditions of the Service, as displayed at any time on the Conectoo Platform.
11.3. The Beneficiary shall be liable for all obligations, operations and debts resulted from this Contract and/ or the use of the Service until full discharge therefrom.
12. PROCESSING OF PERSONAL DATA FROM THE BENEFICIARY
12.1. During the provision of the Services by the Provider in line with the Contract, the Provider, in its capacity as Person authorized by the Beneficiary, may process Personal Data from the Beneficiary on behalf of the Beneficiary, as Personal Data Processor.
12.2. In all cases in which Personal Data from the Beneficiary is processed on the basis of, or in connection to the Contract, the Provider:
12.2.1. shall process, transfer, modify, change or alter Personal Data from the Beneficiary or shall disclose or allow the disclosure of Personal Data from the Beneficiary to third parties according to Annex 1 (Details on the Processing of Personal Data from the Beneficiary), and exclusively:
• according to the requirements concerning the observance of the Beneficiary’s instructions - documented and reasonable (which, except if provided otherwise, shall relate to the processing of personal data from the Beneficiary as required for the purpose of providing the Services hereunder), including with regard to the transfer of Personal Data from the Beneficiary to a third party or an international organization; or
• according to the requirements concerning the observance of the applicable legislation by the Provider, case in which the Provider (to the extent permitted under the law) shall inform the Beneficiary with regard to the legal requirement in question before processing the respective Personal Date from the Beneficiary.
12.2.2. when learning of a personal data breach:
• shall notify the Beneficiary immediately, and
• shall cooperate with the Beneficiary and shall take all reasonable commercial measures indicated by the Beneficiary in view of providing assistance in investigating, mitigating and repairing a personal data breach, on condition of full reimbursement by the Beneficiary in each case of all costs incurred by the Provider (including with internal resources and any costs with third parties), in a reasonable manner with regard to the fulfilment of the obligations in this paragraph 12.2.2, to the extent to which the personal data breach was not caused by the Provider. 12.2.3. upon receipt of any request, complaint or communication related to the obligations of the Beneficiary based on the applicable legislation on data protection:
• shall notify the Beneficiary as soon as possible, in a reasonable manner;
• shall cooperate with the Beneficiary and shall take the reasonable commercial measures indicated by the Beneficiary to allow the latter to observe any exercise of rights by a Subject on the grounds of the applicable data protection legislation, or the observance of any evaluation, inquiry, notification or investigation based on the applicable data protection legislation, on condition of full reimbursement in each case by the Beneficiary of all costs incurred by the Provider (including with internal resources and any costs with third parties) in a reasonable manner with regard to the fulfilment of the obligations in this paragraph 12.2.3.
12.2.4. shall implement the technical and organizational measures provided in Annex 2 hereto, in collaboration with the Beneficiary. The Beneficiary has confirmed that it has reviewed and approved these measures as providing a proper security level with regard to the Personal data from the Beneficiary to be processed by the Provider in its capacity as a Person authorized by the Beneficiary;
12.2.5. shall ensure that its employees with access to personal data from the Beneficiary are under contractual, professional or legal obligations of confidentiality;
12.2.6. shall provide reasonable support to the Beneficiary with regard to the impact assessment concerning the data requested on the grounds of Article 35 GDPR and to the prior consultations addressed to any Supervisory Authority of the Beneficiary which is requested on the grounds of Article 36 of GDPR, related to the processing of personal data from the Beneficiary by the Provider on behalf of the Beneficiary and in consideration of the nature of the Processing and of the information available to the Provider; and
12.2.7. with the exception of cases in which the applicable legislation imposes contrary obligation, it shall stop processing personal data from the Beneficiary within 90 days of the termination or expiry of the Contract, of, if it occurs earlier, the termination or expiry of the Service it refers to, and, as soon as possible thereafter, it shall either return or delete from its systems the personal data from the Beneficiary and any copies thereof.
12.3. The Beneficiary authorizes the Provider to hire the subcontractors referred to in Annex 3 (Authorized subcontractors) with regard to the processing of personal data from the Beneficiary. During the term of the Contract, the Provider may hire other subcontractors, in observance of the following obligations:
• The Provider shall notify the Beneficiary (via e-mail or otherwise) with regard to its intention of using a new subcontractor to process personal data from the Beneficiary;
• The Provider shall include in the contract concluded with each subcontractor terms that are substantially similar to those provided in clause 12 thereof;
• In case a subcontractor fails to meet its obligations concerning the protection of personal data from the Beneficiary, the Provider shall be fully liable before the Beneficiary with regard to the fulfilment of these obligations. With regard to any notification set based on Art. 12.3, Paragraph 1, the Beneficiary shall have 30 (thirty) days following the receipt of the notification, to inform the Provider with regard to any reasonable objection related to the hiring of the subcontractor in question. In such situation, the parties shall attempt - in good faith and throughout a period of maximum 30 (thirty) days as of the date of the objection - to reach a reasonable solution from a commercial standpoint, which would allow to avoid hiring such subcontractor. In case such solution cannot be reached, the Provider shall be entitled to terminate the Contract unilateral, through a written notification sent to the Beneficiary.
12.4. The Provider shall make the information available to the Beneficiary and (as applicable) shall collaborate in conducting any audit or inspection, upon reasonable request from the Beneficiary to give assurance that the Provider observes the obligations set hereunder, on condition that such request does impose a duty on the Provider to provide or to allow access to:
(i) internal information of the Provider concerning prices,
(ii) information concerning other clients of the Provider,
(iii) any of the external reports of the Provider that have not been made public or
(iv) any internal reports prepared by the internal audit functions of the Provider. Moreover, the Beneficiary may
request a maximum of one audit or one inspection during any period of 12 consecutive months.
12.5. The Beneficiary guarantees that all Personal Data from the Beneficiary processed by the Provider according to this section were and shall be collected and processed by the Beneficiary in observance of the applicable law on data protection, including, but without limitation:
(i) ensuring that all notifications sent to regulatory authorities and all approval from such authorities required according to the applicable Legislation on data protection are made and kept by the Beneficiary, and
(ii) ensuring that all Personal Data from the Beneficiary is collected and processed in an equitable and legal manner, that they are correct and updated, and a notification concerning the processing of personal data is sent to the Subjects to describe the processing to be carried out by the Provider based on this Contract.
12.6. The Beneficiary shall indemnify and exempt the Provider from any responsibility for all losses incurred and all fines and sanctions applied by public authorities, including by any Supervisory Authority, which derive from any request by a third party or public authority, including any Supervisory Authority, which derives from any infringement of section 12.5.
ANNEX 1: DETAILS FOR THE PROCESSING OF PERSONAL DATA FROM THE BENEFICIARY
This Annex 1 includes certain details regarding the Processing of Personal Data in line with Article 28, paragraph (3) of the GDPR. Subject matter and duration of processing of Personal Data from the Beneficiary The Subject matter and duration of processing of Personal Data from the Beneficiary are set in the Contract. Nature and purpose of the Processing of Personal Data from the Beneficiary The purpose of the Processing of Personal Data from the Beneficiary is set in the Contract. Upon request, the Provider shall provide Account Management services, which means that an account manager of the Provider manages the e-mail marketing campaigns of the Beneficiary and carries out import of the Subscriber lists sent by the Beneficiary. The types of personal data from the Beneficiary to be processes are, as applicable: The e-mail addresses of subscribers, subscriber attributes as defined by the Beneficiary. Such attributes may represent names associated to e-mail addresses, first name, phone numbers. etc., and other data provided by the Beneficiary together with the e-mail address. The categories of Subjects to which the Personal Data from the Beneficiary refer: Subscribers The rights and duties of the Beneficiary are set within the Contract.
ANNEX 2: TECHNICAL AND ORGANISATIONAL MEASURES
The minimum security requirements for the Processing of Personal Data from the Beneficiary shall cover the following:
1. Identification and authentication of users
A user is any person acting under the authority of the Provider, with the right to access the Personal Data from the Beneficiary. In order to gain access to a personal data database, users must identify themselves. Identification is done through username and password. Each user shall have its own identification code. It is not possible for several users to share the same identification code. Any user account is accompanied by a method of authentication. Authentication is done using a password. Passwords are changed periodically. The Provider’s computer system shall automatically deny access to a user after introducing a wrong password 5 times. Any user receiving an identification code and a method of authentication must observe the confidentiality thereof and shall be accountable to the Provider. The Provider shall authorize certain users to revoke or suspend an identification and authentication code, following their user’s resignation or dismissal, contract termination, transfer to another service or assignation of new tasks that do not require access to Personal Data from the Beneficiary, in case of misuse of the codes received or in case of lengthy absence for a period determined by the entity. Access of users to Personal Data from the Beneficiary carried out manually shall be done based on an authorization issued by the Provider. 2. Type of access
Users shall only access Personal Data from the Beneficiary required for the fulfilment of the purpose set in the Contract. The department providing technical support shall have access to Personal Data from the Beneficiary to solve exceptional situations. 3. Collecting personal data from the Beneficiary
The Provider shall nominate users authorized for the collection and introduction of Personal Data from the Beneficiary in a computer system. Any modification of the Personal Data from the Beneficiary can only be done by authorized user nominated by the Provider. 4. Creating backup copies
The Provider shall determine the timeline for the backup copies of the Personal Data from the Beneficiary, as well as for the programs used for automated processing. A limited number of users shall be appointed by the Providers to create backup copies. 5. Computers and access terminals
Computers and other access terminals are installed in rooms where access is allowed using magnetic cards or keys. 6. Access files
The Provider shall take measures to ensure that any access of Personal data from the Beneficiary is recorded in an access file (entitled log for the purpose of automated processing (or in a registry for manual processing of personal data. For automatic processing, this information shall be stored in a general access file or in separate files for each user. 7. Telecommunication systems
The Provider shall carry out periodic control of authentications and on the types of access to detect dysfunctionalities pertaining to the use of telecommunication systems. 8. Training of personnel
During user trainings, the Provider shall provide information on the provisions of the applicable legislation on data protection as well as regarding risks entailed by personal data processing. Users with access to personal data from the Beneficiary shall be informed by the Provider concerning the confidentiality thereof.
9. Use of computers
To maintain security in the processing of Personal data from the Beneficiary (particularly against computer malware), the Provider has implemented measures consisting in:
a) forbidding the use by the users of software programs from external or suspicious sources;
b) informing users about the dangers of computer malware;
c) implementing automated malware removal and computer security systems.