fbpx
 

TabSquare Policy Page

[vc_row css_animation=”” row_type=”row” use_row_as_full_screen_section=”no” type=”grid” angled_section=”no” text_align=”center” background_image=”148″ background_image_as_pattern=”without_pattern” background_color=”#ffffff” border_color=”#ffffff” css=”.vc_custom_1544135385836{padding-top: 10px !important;padding-bottom: 40px !important;background-color: #ffffff !important;}” z_index=””][vc_column][qode_elements_holder number_of_columns=”one_column”][qode_elements_holder_item item_padding=”37px 10% 20px” horizontal_alignment=”center” advanced_animations=”no” item_padding_768_1024=”107px 10% 70px” item_padding_600_768=”107px 4% 70px” item_padding_480_600=”107px 0% 70px” item_padding_480=”107px 0% 70px”][vc_empty_space height=”16px”][vc_column_text]

Partner Policies

[/vc_column_text][vc_empty_space][/qode_elements_holder_item][/qode_elements_holder][vc_empty_space][qode_elements_holder number_of_columns=”one_column”][qode_elements_holder_item item_padding=”37px 10% 20px” horizontal_alignment=”center” advanced_animations=”no” item_padding_768_1024=”107px 10% 70px” item_padding_600_768=”107px 4% 70px” item_padding_480_600=”107px 0% 70px” item_padding_480=”107px 0% 70px”][vc_empty_space height=”16px”][vc_column_text]

Google

[/vc_column_text][vc_empty_space][vc_column_text]

Merchants agree to Google’s Policy given in the links below

https://developers.google.com/terms

https://pay.google.com/intl/en_in/about/business/policy/partners/

 

Google reserves the right to :

(a) suspend or terminate any/all Merchant Microapps, as are/may be created under the terms of this Agreement, at it sole discretion upon notice to the Partner of such suspension or termination; or

(b)immediately terminate such Merchant Microapps where the concerned Participating Merchants, in Google’s opinion, are in breach of the GPay Policies, Merchant Terms or Applicable Laws.

 

Merchant grants to Google an irrevocable, royalty-free, nonexclusive, worldwide license to use the Licensed Content, during the period of listing on the Google pay app, in connection with Google products or services and/or in connection with GPay. Google may sublicense such license

(a) to its Affiliates; and
(b) only to the extent necessary to permit end users to use Google products and services and/or in connection with GPay.

 

Google Data – Merchants may use Google data as defined in the table below solely to the extent that the data relates to the specific Users who selected any product or services of that specific Merchant in the Order and only to the extent required and necessary for the Merchant to contact and provide requisite products and/or services to that User. Merchant may not provide any Google Data to any third party and will not allow or permit  any other third party on its behalf to:

  • (i)  sell or resell Google Data (or any data compiled or in any way derived from Google Data) in any capacity or form (this does not apply to use of Google Data as a part of larger aggregated data set for use in reports and dashboards created by the TabSquare for the Merchant and in such use Google Data should not be individually identifiable) ;
  • (ii)  use Google Data for purposes other than  to service the order, including but not limited to, for commercial purposes to derive profits, fee, revenue and/or any other commercial gains (this does not apply to use of Google Data by the TabSquare as a part of larger aggregated data set for use to provide end users of the TabSquare’s products and services with recommendations based on their use of TabSquare’s products and services and in such use Google Data should not be individually identifiable);
  • (iii)  use, make a copy or store (original or copy) Google Data in contravention of the terms of this policy;
  • (iv)  use such Google Data for marketing purposes or to re-engage the User(s) outside the GPay Platform; or

 

Further, Merchant will not make a copy of the Google Data or store it beyond the allowed Google Data Use Period as set out above.

 

Brand Features

Merchant Brand Features

Merchant grants and hereby confirms that it has procured requisite rights, licenses and authority  to hereby grant, to Google a nonexclusive, worldwide, royalty- free license during the Agreement Term to display Merchant’s Brand Features on GPay and Merchant Microapp and also in connection with promotions, marketing, offers and rewards related to Merchant Services, Merchant Microapp or GPay generally. Google may sublicense the license in this Section  to its Affiliates but only to the extent necessary to display  Merchant’s Brand Features in connection with Google’s fulfillment of its obligations under this policy

 

Google Brand Features. Subject to this Policy, Google grants Merchant a limited, nonexclusive and non-sublicensable license to display the GPay Brand Features in the Merchant outlets and otherwise in Territory to promote adoption of Merchant Microapps available on GPay during the time Merchant is listed on the GPay app. At all times during this time Merchant must comply with and ensure compliance by its agents of the Google’s Brand Feature Guidelines for the GPay (available at http://g.co/pay/brand ). Any other use of GPay Brand Features requires Google’s prior approval. Google may revoke the permission to use the GPay’s Brand Features by giving Merchant notice and a reasonable period of time to cease use. For the avoidance of doubt, the Google Brand Features licensed hereunder are limited to those associated with the GPay. Merchant may not use the Google Brand Features for purposes other than promotion of the Merchant Microapps.

 

Merchant Obligations

GPay Policies. Merchant will comply with the GPay Policies (as may be amended from time to time by Google)  agree to abide by the same at all times during the period of listing on Gpay app. Notwithstanding anything written elsewhere in this policy, in the event the Merchant is found in breach of the said GPay Policies, Google shall have, at its sole discretion, the right to forthwith terminate & immediately cease operation of and terminate the Merchant Microapp of theMerchant, with or without notice to the Merchant.

 

Licensed Content.

    • (a)  Merchant will ensure that it has and will retain all necessary rights to grant the license
      of the Licensed Content at all times during the time of listing of merchant microapp of Google pay app;

 

Merchant hereby confirms that they have given consent to open and make available to Users their Partner Microapps on GPay and to use the Merchants’ Brand Features on/for the Merchant Microapps and GPay in accordance with the form  Google has provided  .

 

Partner Terms of Service and Privacy Policy.

    • (a)  Merchant will be solely responsible for making available the most up-to-date terms of service and privacy policies of the their restaurants (if applicable) to the User at all times through the TabSquare System.
    • (b)  If Merchant updates/intends to update its terms of service or privacy policy, Merchant will give a 60(sixty) days prior notice to Google of the applicable changes through TabSquare, and ensure that the updated terms of service and privacy policies are provided to TabSquare through TabSquare System along with such notice.
    • (d)  Merchant will ensure that the Merchant’s terms of service and privacy policies as reflected in the Merchant Microapp shall be the same in its essence as the relevant Merchant’s terms of service and privacy policies made available by the Merchant to its customers through Merchant’s website, mobile application, printed materials (if any) or any other medium as applicable.
    • (e)  Merchant will ensure that  they clearly communicate to the Users, in the respective Merchant’s terms of service and privacy policies, that the Orders will be fulfilled solely by the concerned Merchant and that Google shall not be responsible or held accountable for the same for any reason whatsoever.

 

Compliance.

(a)Merchant

    • (i)  must comply with all Applicable Laws in the Territory;
    • (ii)  must comply with all applicable laws (including all applicable privacy and electronic communications laws) with respect to all communications with Users; and
    • (iii)  is responsible for the Personal Information Merchant processes with respect to the Merchant Services.

(b)  Accurate Information. Merchant must provide honest, complete, and accurate information in connection with Merchant Microapps, including to third parties.

(c) Cooperation. Merchant will cooperate with TabSquare if Google or its partners seek to gather information about the Merchants, or the Merchant Services to verify identity, confirm compliance with applicable law, for quality assurance purposes, or as required to operate the Merchant Microapps.

(d) User ExperienceMerchants will provide services to Users in the same manner that they provide services to their customers/users generally and will work with TabSquare and Google in good faith to provide a positive user experience. Merchant will ensure that they have and maintain during the time of listing on the Google Pay app, an end user complaints procedure that complies with all applicable laws in respect of the Merchant Services. Any use by Merhcant’s of Google’s name (including in connection with any message or communication to a customer, user, or Participating Merchants) will require Google’s written pre-approval.

 

Payment for Orders. All Payment Transactions for the Merchant’s listing on the Google Pay app should be facilitated through GPay

 

Prohibited Actions. In connection with Merchant Microapp, Merchant will not, and will not authorize any third party to:

(a)  Misrepresent to anyone that the Merchant and Google are in any sort of partnership thereby jointly providing Merchant Services to the Users;

(b)  use any automated means or data scraping or extraction to access or collect Merchant Microapp-related information except as expressly permitted by Google or allowed under the terms of this policy;

(c)  provide inaccurate or outdated information, including for Licensed Content;

(d)  engage in deceptive, misleading, and/or unethical practices (including in connection with the provision of Merchant Services);

(e)  make false or misleading representations either to Google or the User with regards to the Merchant Microapp;

(f)  alter, interfere with, or otherwise tamper with customer reviews of its services or the services of its competitors;

(g)  store Google Data for a period longer than prescribed in the policy for any reason whatsoever. To ensure compliance of this sub-clause, any failure to meet the obligation set out in this policy and more specifically in Google Data Sub Clause, shall be considered a breach of this Agreement; or

(h) attempttointerferewiththeproperfunctioningofMerchantMicroapporGPayatlarge.

 

Authorization with respect to Merchant Services. To participate in GPay to create and operationalise Merchant Microapps, Merchant hereby confirms that it has appropriate permissions, approvals and licenses to authorize Google and its Affiliates to:

(a)  include Merchant Services in GPay under Merchant Microapps;

(b)  format or modify Licensed Content and/or TabSquare Data to make it function properly on or for Merchant Microapp;

(c)  access, monitor, review, and record all interactions that take place on Merchant Microapp between Merchants and Users; and

(d)  use information collected through the Merchant Microapp as per the terms of this Policy.

 

Customer Support and User Disputes. Merchants hereby agree that

(a)  Google & TabSquare are not responsible for ongoing activities as between the Merchant or its or their end users or customers, including but not limited to (i) managing customer service issues, refunds, chargebacks, cancellations or collecting fees from end usersand (ii) checking the deliveries against the order for Merchant Services and reporting any discrepancies or handling any issues or complaints with respect to the quality of Merchant Services.

(b)  As between the parties, User’s satisfaction with Merchant Services is solely Merchant’s responsibility.

(c)  Merchant, and not Google, is responsible for all claims made by a User or other person or entity against TabSquare or Merchant in connection with the provision of Merchant Services through GPay or otherwise.

(d)  If the Merchant no longer wants to be surfaced to Users via Merchant Microapp or if the Merchant’s business has ceased to exist, Merchant will ensure promptly notify TabSquare and Goole and that they remove their listing (by disabling Gpay  or Licensed content from the TabSquare Content Management system) so as to enable removal from the TabSquare’s feed to Google   and/or ensure removal of their information from the Licensed Content within 24 hours of such request so that it is no longer shown to Google and the Users.  Merchant will work with TabSquare & Google to takedown the relevant Merchant Microapps in such cases.

(e)  Merchant will provide customer support and resolve customer issues in accordance with the TabSquare’s Terms & Conditions.

Fees and Charges on Merchant Microapps. Merchant shall ensure that the fees charged  to the User for Orders made through the relevant Merchant Microapp on GPay will be no higher than those levied by the Merchant on similar goods or services made via other platforms or methods (including any non-voice interactive method or platform or at Merchant’s physical outlets)

 

Privacy and Security. The Merchants will comply with the obligations stated in Partner Information Protection Addendum 

Google may, with prior notice to the Partner, start charging listing fees payable by  Merchant  and/or revenue shares (or other monetisation commissions) payable by the Merchant. Prior to any such change, Google will provide Merchant with 90 days’ notice and an opportunity to terminate  or delist the relevant Merchant listing who do not wish to continue with their Merchant Microapps post such fee being put in effect prior to the effectiveness of such change.

 

Warranties.
(a) Merchant Warranties. Merchant represents, warrants, agrees, covenants and undertakes to the TabSquare & Google that:

(i)  it has full power and authority to enter into this Agreement;

(ii)  it will perform its obligations under this policy with reasonable care and skill;

(iii)  this policy, assuming due authorization and execution from the Merchant, constitutes a legal, valid and binding obligation on the Merchant.

(iv)  the execution, delivery and performance of its obligations under this policy does not and will not:
(1) contravene any Applicable Law; or
(2) conflict with or result in any breach or default under any agreement, instrument, regulation, license or authorization binding upon it or any of its assets;

(v)  there are no other commitments / agreements entered into by it which may be in breach of the terms of this policy or the obligations of Merchant thereunder.

(vi)  all the information provided by Merchant to the TabSquare & Google, in pursuance of the terms and conditions set forth in this Policy, is true and correct.

(vii)  it shall at all times comply with Applicable Laws, insofar as relevant to the provision of this Policy.

(viii) Merchant has obtained requisite rights, license and approvals from each of the Brand features & Licensed Content to include their proprietary information and data in Licensed Content and TabSquare Data;

(ix)  Merchant has and shall maintain during the period of merchant listing on Gpay, requisite rights (owned or from any other relevant party) to license the License Content and Brand features to  Google and its Affiliates along with the ability for Google to sub-license the same in accordance with the terms of this Agreement;

(x)  Merchant will provide necessary rights and licenses  each time their proprietary information/ data, which is not otherwise covered under Licensed Content, needs to be used in connection with this policy;

(xi)  Merchant has obtained, and shall maintain during the period of Merchant listing on Gpay app, requisite rights and licenses for such Licensed Content & Brand Features;

(v)   Merchants have provided their consent for creation of their respective Merchant Microapp ;

(vi)  Merchants will to keep any information that is deemed Confidential under this policy as confidential; and

(vii)  Merchant represents and warrants the Merchant Microapp and Licensed Content meets the Web Content Accessibility Guidelines 2.0 AA requirements, available at https://www.w3.org/TR/WCAG20/

 

Indemnities 

Obligations.

(a) By Merchant. Merchant will indemnify TabSquare, Google and Google’s Affiliates against damages and costs relating to any claim or third-party legal proceeding (including regulatory proceedings) to the extent arising from:

(i)  Merchant Services or any component thereof being in infringement of any third-party rights including but not limited to intellectual property rights of such third party;

(ii)  an allegation that Google’s use of the Licensed Content, Merchant Data and/or Merchants Brand Features in accordance with this Agreement infringes a third party’s
Intellectual Property Rights;

(iii)  Google’s use of Brand Features of the Merchants for the Merchant Microapps and in accordance with the terms of this policy;

(iv)  the offer or provision of Merchant Services through Merchant Microapps;

(v)  Merchant’s breach of any of its obligations under this Agreement, including breach of its obligations under the Feature Schedules and all violations/ non-compliance of any applicable laws, rules, regulations, guidelines, etc.;

(vi)  Merchant’s disclosure or use of User information in breach of this Agreement; or

(vii)  Merchant’s breach of Exhibit D (Partner Information Protection Addendum).

 

Exclusions.

(a) Obligations will not apply to the extent the underlying allegation arises from the indemnified party’s breach of this Agreement or from modifications or combinations to the technology or content that were not provided or authorised by the indemnifying party ; or

(b) will not apply to the extent the underlying allegation arises from Google’s use of Merchants’ Brand Features in accordance with the terms of this Policy.

Confidentiality. The Merchant will not disclose the TabSquare’s or Googles’s Confidential Information, except to employees, Affiliates, agents, or professional advisors (“Delegates”) who need to know it and who have a legal obligation to keep it confidential. The Merchant will use the the Confidential Information only to exercise rights and fulfill obligations under this Policy. The Merchant will ensure that its Delegates are also subject to the same non- disclosure and use obligations. The Merchant may disclose Confidential Information when required by law after giving reasonable notice to the discloser, if permitted by law.

12.2  Publicity. Other than as may be specifically approved under the terms of this Policy, Merchant will not make any public statement regarding or relating to this Agreement without the Google’s prior written approval.

 

Google may contact the Merchants via the TabSquare from time to time for the purposes related to the Merchant Microapps. Merchants hereby provide express consent  for receipt of communications from Google in connection with Merchant Microapp and/or Merchant Services.

 

Termination 

Google may terminate the Merchant’s listing on Gpay app

(a)  for convenience with 15 days’ prior written notice to the Merchant.

(b)  immediately on written notice if the Merchant is in material breach of this Agreement and fails to cure that breach within 15 (fifteen) days after receiving written notice  identifying the breach; or

(c)  immediately if the Merchant breaches Privacy and Security clauses as mentioned in the Policy

(d) immediately upon notice if Google elects not to continue to offer GPay.

(e) Google determines in its reasonable discretion that the GPay or Google may be negatively affected as a result of  Merchant’s acts or omissions and Google may terminate  merchant’s listing on Gpay app upon notice within fifteen (15) days of such suspension if the Merchant does not remedy the foregoing.

 

Google may immediately suspend its performance under this Agreement if

Effects of Termination. On expiration or termination of the Merchant’s listing for any reason

(a)  Google may continue to use content submitted through Google API(s), in accordance with Google API Terms to maintain order and payment history for the Users; and

(b)  the following Sections of the Policy will survive: Retention of Rights, No Other Restrictions, Privacy and Security,  and Representations, Warranties and Disclaimers of this policy (and any other sections that under their terms or by implication ought to survive).

 

Partner Information Protection Addendum

Version 4.1

  1. Status of the Addendum. This Partner Information Protection Addendum (“PIPA”) forms part of the Agreement and incorporates (a) the mandatory terms set out in this Addendum and (b) the Standard Contractual Clauses (as defined below), to the extent applicable.
  1. Defined Terms. In this Addendum:

(a) “Applicable Laws” means privacy, data security, and data protection laws, directives, regulations, and rules in any jurisdiction applicable to the Personal Information Processed for the Services.

(b) “Applicable Standards” means government standards, industry standards, and best practices applicable to the Personal Information Processed for the Services.

(c) “Data Controller” has the same meaning as “controller” under EU Data Protection Laws.

(d) “Disclosing Controller” means the data controller party that discloses the Personal Information to the other data controller party under this Addendum.

(e) “GDPR” means the European Union General Data Protection Regulation (EU) 2016/679 on data protection and privacy for all individuals within the European Union (“EU”) and the European Economic Area (“EEA”).

(f) “EU Data Protection Laws” means, as applicable: (i) the GDPR; and, (ii) any other applicable data protection laws or regulations modeled on the GDPR.

(g) “EU Personal Information” means Personal Information subject to EU Data Protection Laws.

(h) the “Privacy Shield“ means EU-U.S. and Swiss-US Privacy Shield Framework agreements between the United States Department of Commerce and the European Union and Swiss Administration, respectively, that regulates transferring Personal Data from the European Union (“EU”) and Switzerland to the United States (“US”).

(i) “includes” or “including” means “including but not limited to”.

(j) “Personal Information” means (i) any information about an identifiable individual; or (ii)information that is not specifically about an identifiable individual but, when combined with other information, may identify an individual. Personal Information includes names, email addresses, postal addresses, telephone numbers, government identification numbers, financial account numbers, payment card information, credit report information, biometric information, IP addresses, network and hardware identifiers, and geolocation information. In this Addendum “Personal Information” has the same meaning as “personal data” under the EU Data Protection Laws.

(k) “Process” or “Processing” means to access, create, collect, acquire, receive, record, consult, use, process, alter, store, maintain, retrieve, disclose, or dispose of. Process includes “processing” within the meaning of EU Data Protection Laws.

(l) “reasonable” means reasonable and appropriate to (i) the size, scope, and complexity of the party’s business; (ii) the nature of the Personal Information being processed; and (iii) the need for privacy, confidentiality, and security of the Personal Information.

(m) “Regulator” or “Regulatory” means an entity with supervisory or regulatory authority over Google or any Google affiliate under Applicable Laws.

(n) “Receiving Controller” means the data controller party that receives the Personal Information from the other data controller party under this Addendum.

(o) “Standard Contractual Clauses” means the agreement between Partner and Google based on the European Commission’s Decision 2001/497/EC (as amended by Commission Decision C(2004)5271 on Standard Contractual Clauses for the transfer of Personal Information between Controllers).

(p) “Third Party Provider” means any agent or other third party that a party to this Agreement authorizes to act on its behalf in connection with the Services. “Third Party Provider” includes “sub-processor” within the meaning of EU Data Protection Laws.

  1. Data Controllers’ Mutual Representations. The parties represent that each:

(a) is an independent controller with respect to the Personal Information;

(b) will individually determine the purposes and means of its Processing of Personal Information;

(c) will comply with the obligations applicable to it under Applicable Law regarding the Processing of

Personal Information;

(d) will Process the Personal Information for the limited and specified purposes described in the Agreement; and

(e) provide individuals with rights in connection with Personal Information, including the ability to: (i)access the Personal Information held about them; and (ii) correct, amend, or delete that information where it is inaccurate, or has been Processed in violation of Applicable Laws.

  1. Obligations of the Disclosing Controller. The Disclosing Controller represents that:

(a) the Personal Information has been Processed in accordance with Applicable Laws; and

(b) it will respond to enquiries from data subjects and regulator concerning its Processing of Personal Information, and that responses will be made within a reasonable time.

  1. Obligations of the Receiving Controller. The Receiving Controller represents that:

(a) it will have in place appropriate technical and organizational measures to protect Personal Information against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, and that such measures provide a level of security appropriate to the risk represented by the processing and the nature of the data to be protected.

(b) it will have in place procedures so that any Third Party Provider will respect and maintain the confidentiality, integrity, availability, and security of the Personal Information.

(c) to the extent the Receiving Controller Processes the Disclosing Controller’s owned or managed networks, systems, or devices (including APIs, corporate email accounts, equipment, or facilities) to Process the Disclosing Controller’s Personal Information, the Receiving Controller will comply with the other party’s written instructions, and system requirements made available to the Receiving Controller.

(d) within fifteen (15) days of the Disclosing Controller’s written request to ascertain Receiving Controller’s compliance with the Addendum, the Receiving Controller will provide certification, audit reports, or other reports relative to the Receiving Controller’s compliance with the Safeguards and Applicable Standards as defined by the International Organization for Standardization (ISO), International Electrotechnical Commission (IEC), or Statement on Standards for Attestation Engagements (SSAE) and International Standard on Assurance Engagements (ISAE) as published by the American Institute of Certified Public Accountants (AICPA), Payment Card Industry Data Security Standards, and International Auditing and Assurance Standards Board (IAASB), respectively. Examples of acceptable reports on Safeguards include:

  • SOC 2 Type II (based on SSAE 16, 18 or ISAE 3402)
  • SOC 1 Type II (based on SSAE 16, 18 or ISAE 3402)
  • ISO/IEC 27001:2013 certification
  • PCI DSS certification

(e) it will use appropriately secure data transfer methods to transfer any Personal Information across any network other than an internal company network owned and managed by that party.

  1. Cross-Border Data Transfers.

(a) Transfers of Data Out of the European Economic Area, and Switzerland. Either party may transfer EU Personal Information outside the European Economic Area, Switzerland (as applicable) if it complies with the provisions on the transfer of personal data to third countries in EU Data Protection Laws.

(b) Transfers under the Privacy Shield.

  1. Google LLC has certified under the Privacy Shield on behalf of itself and certain of its US subsidiaries with respect to the transfer of EU Personal Information from the EU, and Switzerland, to the US. Google’s certification is at https://www.commerce.gov/page/eu-us-privacy-shield.
  1. To the extent a Receiving Controller will Process EU Personal Information transferred to the Disclosing Controller in reliance on the Privacy Shield, the Receiving

Controller will:

  1. provide at least the same level of protection for the EU Personal Information as required by the relevant principles of the Privacy Shield; and
  1. promptly notify the Disclosing Controller in writing if it determines that it can no longer provide such protection and, upon making such a determination, cease Processing the EU Personal Information or take other reasonable and appropriate remediation steps.

(c) Transfers under Standard Contractual Clauses. To the extent Standard Contractual Clauses are applicable to the transfer of EU Personal Information from the EU and Switzerland, the Receiving Controller expressly agrees that the Standard Contractual Clauses will apply to the Services, and Receiving Controller’s signature on the Agreement will be treated as acceptance of the Standard

Contractual Clauses and appendices.

(d) Order of Precedence. In the event that Services are covered by more than one transfer mechanism, the transfer of EU Personal Information will be subject to a single transfer mechanism in accordance with the following order of precedence:

  1. Privacy Shield
  2. Standard Contractual Clauses
  1. Suspension; Termination. Either party may terminate the Agreement if it reasonably determines that (a) the other party has failed to cure material noncompliance with the Addendum within a reasonable time; or (b) it needs to do so to comply with Applicable Law.
  1. Survival. The parties’ obligations under this Addendum will survive expiration or termination of the Agreement as long as the parties continue to Process the other party’s Personal Information.

[/vc_column_text][vc_column_text]

Partner Information Protection Addendum

Version 4.1

1. Status of the Addendum. This Partner Information Protection Addendum (“PIPA”) forms part of the
Agreement and incorporates (a) the mandatory terms set out in this Addendum and (b) the Standard
Contractual Clauses (as defined below), to the extent applicable.
2. Defined Terms. In this Addendum:
(a) “Applicable Laws” means privacy, data security, and data protection laws, directives, regulations,
and rules in any jurisdiction applicable to the Personal Information Processed for the Services.
(b) “Applicable Standards” means government standards, industry standards, and best practices
applicable to the Personal Information Processed for the Services.
(c) “Data Controller” has the same meaning as “controller” under EU Data Protection Laws.
(d) “Disclosing Controller” means the data controller party that discloses the Personal Information
to the other data controller party under this Addendum.
(e) “GDPR” means the European Union General Data Protection Regulation (EU) 2016/679 on data
protection and privacy for all individuals within the European Union (“EU”) and the European
Economic Area (“EEA”).
(f) “EU Data Protection Laws” means, as applicable: (i) the GDPR; and, (ii) any other applicable
data protection laws or regulations modeled on the GDPR.
(g) “EU Personal Information” means Personal Information subject to EU Data Protection Laws.
(h) the “Privacy Shield“ means EU-U.S. and Swiss-US Privacy Shield Framework agreements
between the United States Department of Commerce and the European Union and Swiss
Administration, respectively, that regulates transferring Personal Data from the European Union (“EU”)
and Switzerland to the United States (“US”).
(i) “includes” or “including” means “including but not limited to”.
(j) “Personal Information” means (i) any information about an identifiable individual; or (ii)
information that is not specifically about an identifiable individual but, when combined with other
information, may identify an individual. Personal Information includes names, email addresses, postal
addresses, telephone numbers, government identification numbers, financial account numbers,
payment card information, credit report information, biometric information, IP addresses, network and
hardware identifiers, and geolocation information. In this Addendum “Personal Information” has the
same meaning as “personal data” under the EU Data Protection Laws.
(k) “Process” or “Processing” means to access, create, collect, acquire, receive, record, consult, use,
process, alter, store, maintain, retrieve, disclose, or dispose of. Process includes “processing” within the
meaning of EU Data Protection Laws.

(l) “reasonable” means reasonable and appropriate to (i) the size, scope, and complexity of the
party’s business; (ii) the nature of the Personal Information being processed; and (iii) the need for
privacy, confidentiality, and security of the Personal Information.
(m) “Regulator” or “Regulatory” means an entity with supervisory or regulatory authority over
Google or any Google affiliate under Applicable Laws.
(n) “Receiving Controller” means the data controller party that receives the Personal Information
from the other data controller party under this Addendum.
(o) “Standard Contractual Clauses” means the agreement between Partner and Google based on
the European Commission’s Decision 2001/497/EC (as amended by Commission Decision C(2004)5271
on Standard Contractual Clauses for the transfer of Personal Information between Controllers).
(p) “Third Party Provider” means any agent or other third party that a party to this Agreement

authorizes to act on its behalf in connection with the Services. “Third Party Provider” includes “sub-
processor” within the meaning of EU Data Protection Laws.

3. Data Controllers’ Mutual Representations. The parties represent that each:

(a) is an independent controller with respect to the Personal Information;
(b) will individually determine the purposes and means of its Processing of Personal Information;
(c) will comply with the obligations applicable to it under Applicable Law regarding the Processing of
Personal Information;
(d) will Process the Personal Information for the limited and specified purposes described in the
Agreement; and
(e) provide individuals with rights in connection with Personal Information, including the ability to: (i)
access the Personal Information held about them; and (ii) correct, amend, or delete that information
where it is inaccurate, or has been Processed in violation of Applicable Laws.
4. Obligations of the Disclosing Controller. The Disclosing Controller represents that:
(a) the Personal Information has been Processed in accordance with Applicable Laws; and
(b) it will respond to enquiries from data subjects and regulator concerning its Processing of Personal
Information, and that responses will be made within a reasonable time.
5. Obligations of the Receiving Controller. The Receiving Controller represents that:
(a) it will have in place appropriate technical and organizational measures to protect Personal
Information against accidental or unlawful destruction or accidental loss, alteration, unauthorized
disclosure or access, and that such measures provide a level of security appropriate to the risk
represented by the processing and the nature of the data to be protected.

(b) it will have in place procedures so that any Third Party Provider will respect and maintain the
confidentiality, integrity, availability, and security of the Personal Information.
(c) to the extent the Receiving Controller Processes the Disclosing Controller’s owned or managed
networks, systems, or devices (including APIs, corporate email accounts, equipment, or facilities) to
Process the Disclosing Controller’s Personal Information, the Receiving Controller will comply with the
other party’s written instructions, and system requirements made available to the Receiving Controller.
(d) within fifteen (15) days of the Disclosing Controller’s written request to ascertain Receiving
Controller’s compliance with the Addendum, the Receiving Controller will provide certification, audit
reports, or other reports relative to the Receiving Controller’s compliance with the Safeguards and
Applicable Standards as defined by the International Organization for Standardization (ISO),
International Electrotechnical Commission (IEC), or Statement on Standards for Attestation
Engagements (SSAE) and International Standard on Assurance Engagements (ISAE) as published by
the American Institute of Certified Public Accountants (AICPA), Payment Card Industry Data Security
Standards, and International Auditing and Assurance Standards Board (IAASB), respectively. Examples
of acceptable reports on Safeguards include:
● SOC 2 Type II (based on SSAE 16, 18 or ISAE 3402)
● SOC 1 Type II (based on SSAE 16, 18 or ISAE 3402)
● ISO/IEC 27001:2013 certification
● PCI DSS certification
(e) it will use appropriately secure data transfer methods to transfer any Personal Information across
any network other than an internal company network owned and managed by that party.
6. Cross-Border Data Transfers.
(a) Transfers of Data Out of the European Economic Area, and Switzerland. Either party
may transfer EU Personal Information outside the European Economic Area, Switzerland (as
applicable) if it complies with the provisions on the transfer of personal data to third countries in EU
Data Protection Laws.
(b) Transfers under the Privacy Shield.
i. Google LLC has certified under the Privacy Shield on behalf of itself and certain
of its US subsidiaries with respect to the transfer of EU Personal Information from the EU, and

Switzerland, to the US. Google’s certification is at https://www.commerce.gov/page/eu-us-
privacy-shield.

ii. To the extent a Receiving Controller will Process EU Personal Information
transferred to the Disclosing Controller in reliance on the Privacy Shield, the Receiving
Controller will:
a. provide at least the same level of protection for the EU Personal Information as
required by the relevant principles of the Privacy Shield; and
b. promptly notify the Disclosing Controller in writing if it determines that it can
no longer provide such protection and, upon making such a determination, cease
Processing the EU Personal Information or take other reasonable and appropriate

remediation steps.

(c) Transfers under Standard Contractual Clauses. To the extent Standard Contractual
Clauses are applicable to the transfer of EU Personal Information from the EU and Switzerland, the
Receiving Controller expressly agrees that the Standard Contractual Clauses will apply to the Services,
and Receiving Controller’s signature on the Agreement will be treated as acceptance of the Standard
Contractual Clauses and appendices.
(d) Order of Precedence. In the event that Services are covered by more than one transfer
mechanism, the transfer of EU Personal Information will be subject to a single transfer mechanism in
accordance with the following order of precedence:
i. Privacy Shield
ii. Standard Contractual Clauses

7. Suspension; Termination. Either party may terminate the Agreement if it reasonably determines
that (a) the other party has failed to cure material noncompliance with the Addendum within a reasonable
time; or (b) it needs to do so to comply with Applicable Law.
8. Survival. The parties’ obligations under this Addendum will survive expiration or termination of the
Agreement as long as the parties continue to Process the other party’s Personal Information.

[/vc_column_text][/qode_elements_holder_item][/qode_elements_holder][vc_empty_space][/vc_column][/vc_row][vc_row css_animation=”” row_type=”row” use_row_as_full_screen_section=”no” type=”grid” angled_section=”no” text_align=”left” background_image=”916″ background_image_as_pattern=”with_pattern” css=”.vc_custom_1545870444337{padding-bottom: 26px !important;}” z_index=”” el_id=”hide-sec”][vc_column width=”4/12″][vc_empty_space][vc_column_text]

Singapore

[/vc_column_text][vc_empty_space height=”20px”][vc_row_inner row_type=”row” type=”full_width” text_align=”left” css_animation=””][vc_column_inner][vc_single_image image=”2166″ img_size=”150×150″ alignment=”center” qode_css_animation=””][vc_column_text]

2 Kallang Ave #06-17,
CT Hub Singapore,
339407

[/vc_column_text][vc_empty_space height=”20px”][/vc_column_inner][/vc_row_inner][/vc_column][vc_column width=”8/12″][vc_empty_space][vc_column_text]

Australia

[/vc_column_text][vc_empty_space height=”20px”][vc_row_inner row_type=”row” type=”full_width” text_align=”left” css_animation=””][vc_column_inner width=”1/3″][vc_single_image image=”2167″ img_size=”150×150″ alignment=”center” qode_css_animation=””][vc_column_text]

1-9 Buckingham Street,
Surry Hills, Sydney,
NSW 2010 Australia

[/vc_column_text][vc_empty_space height=”20px”][/vc_column_inner][vc_column_inner width=”1/3″][vc_single_image image=”2164″ img_size=”150×150″ alignment=”center” qode_css_animation=””][vc_column_text]

Suite 8, 44 Ellingworth Parade,
Box Hill, VIC 3128,
Australia

[/vc_column_text][vc_empty_space height=”20px”][/vc_column_inner][vc_column_inner width=”1/3″][vc_single_image image=”2165″ img_size=”150×150″ alignment=”center” qode_css_animation=””][vc_column_text]

12 Kerry Road, Archerfield
Brisbane, QLD 4108,
Australia

[/vc_column_text][vc_empty_space height=”20px”][/vc_column_inner][/vc_row_inner][/vc_column][/vc_row]

Our Client

Open chat
Got any questions? I'm happy to help :)