United States Terms and Conditions of Service
As of December 31, 2017
These ValetNow for Business terms and conditions (the “Agreement”) are entered into by and between the company identified within this sign-up page (“Customer”) and ValetNow Technologies, Inc., a Texas corporation (“ValetNow”). Capitalized terms used herein shall have the meaning ascribed to them in this Agreement.
This Agreement sets forth the terms under which a Customer may utilize Customer Billing in conjunction with the ValetNow Service and the associated ValetNow App. Customer’s use of Customer Billing is subject to this Agreement, as may be modified or updated by ValetNow from time to time. . ValetNow will provide updates via Google Play updates/Apple iTunes. Customer with a notice of any such modifications or updates via email and/or the Dashboard, and Customer is responsible for regularly reviewing the Agreement. Continued use of Customer Billing after any such modifications or updates shall constitute Customer’s consent to such changes.
“Active Account” shall have the meaning set forth in Section 2.3.
“Customer Billing” shall mean an enterprise billing and payment process for the ValetNow Service provided by ValetNow to the Customer hereunder for User Charges, with payment by Customer either (a) by direct charge to a Customer credit card, or (b) if ValetNow has approved monthly billing for Customer, subject to a monthly statement delivered by ValetNow to Customer on a monthly basis.
“Customer Card” shall have the meaning set forth in Section 2.1.
“Customer User” shall mean an individual authorized to use Customer Billing in connection with use of the ValetNow Services, and linked to Customer Billing via that individual’s Active Account, each as identified by Customer to ValetNow as set forth in this Agreement.
“Dashboard” shall have the meaning set forth in Section 3.1.
“Dashboard Data” shall have the meaning set forth in Section 3.1.
“End User Terms” shall mean the terms and conditions applicable to all users of the ValetNow Service, available at www.ValetNow.com/legal, as may be updated by ValetNow from time to time.
“Monthly Statement” shall have the meaning set forth in Section 5.2.
“Monthly Billing” shall have the meaning set forth in Section 5.2.
“Proposed User” shall have the meaning set forth in Section 2.3.
“Service Fee” shall mean the service fees applicable to User Charges and/or Customer’s use of the ValetNow Services, if any, as set forth on the account creation form associated with this Agreement or otherwise agreed to between ValetNow and Customer.
“Term” shall have the meaning set forth in Section 6.1.
“ValetNow App” shall mean ValetNow’s mobile application or mobile website (m.ValetNow.com) required for use of the ValetNow Service, as may be updated by ValetNow from time to time.
“ValetNow Service” shall mean ValetNow’s technology platform that, when used in conjunction with the ValetNow App, enables users to request on-demand ground transportation or other services from independent providers.
“User Charges” shall mean charges incurred by Customer Users for transportation or other services obtained through the use of the ValetNow Service, including any applicable tolls, foreign transaction fees, taxes, and any other fees or charges that may be due for a particular use of the ValetNow Service.
2. PROVISION OF SERVICES
2.1 Access to Services.
Upon execution of this Agreement, ValetNow will establish a Customer corporate account that will enable Customer to provide Customer Billing to authorized Customer Users with Active Accounts. As part of the corporate account, Customer agrees to provide and maintain during the Term one or more valid Customer credit card numbers (the “Customer Card”) that may be charged for Customer Billing as set forth herein. Using such corporate account, Customer, at its discretion, may permit Customer Users with an Active Account to employ Customer Billing when using the ValetNow Service. Customer acknowledges a Customer User employing Customer Billing will be incurring User Charges to the account of Customer, and not to the Customer User’s personal account or credit card, and Customer agrees to pay all User Charges incurred under Customer Billing, as well as any applicable Services Fees, in accordance with the terms and conditions of this Agreement. Subject to Customer’s compliance with this Agreement, ValetNow agrees to use commercially reasonable efforts to provide the ValetNow Service and Customer Billing to Customer and the Customer Users as set forth herein.
2.2 ValetNow Policies.
CUSTOMER ACKNOWLEDGES AND AGREES THAT THE VALETNOW SERVICE IS A TECHNOLOGY PLATFORM THAT ENABLES ACCESS TO RESERVE, REQUEST, AND PAY FOR VALET COMPANY SERVICES. VALETNOW IS NOT A VALET SERVICE PROVIDER. VALETNOW DOES NOT GUARANTEE AVAILABILITY OF VALET OR ANY OTHER SERVICE, ON-TIME ARRIVALS OR DEPARTURES THEREOF, OR ANY OTHER SERVICES LEVELS RELATED TO INDEPENDENT VALETS OR OTHER PROVIDERS THAT MAY BE OBTAINED VIA THE VALETNOW SERVICE. VALETNOW IS NOT RESPONSIBLE FOR DAMAGE, THEFT, OR ANY PROPERTY WHILE USING THE VALETNOW APP.
2.3 Active Account Required.
(b) Customer acknowledges that certain Proposed Users may be suspended or banned from use of the ValetNow Service due to future or past violations of the End User Terms (“Violations”), and that ValetNow shall have no obligation or liability related to a Proposed User that is unable to obtain or maintain an Active Account for the purposes of Customer Billing hereunder due to Violations.
2.4 User Account Linking
(a) To enable Customer Billing for a Proposed User with an Active Account, Customer must provide ValetNow with (i) such Active Account holder’s full name, (ii) the Active Account holder’s email address on the top level domain of Customer (e.g., dsmith@Customer.com), and (iii) other identifying information about the Active Account holder as reasonably requested by ValetNow (“Linking Data”). ValetNow will use the Linking Data provided by Customer for the purpose of (x) authenticating the identified Active Account holder and linking such Active Account with the Customer Billing option to establish the Active Account holder as a Customer User, and (y) verifying the Customer Billing status of such Customer User from time to time during the Term. All Proposed Users invited to enable Customer Billing will receive an email to the email address in the Linking Data with instructions for linking their individual Active Account with Customer’s account for Customer Billing. Upon the linking of Customer Billing to an Active Account, such Customer User shall be provided the option, on an individual valet basis, to apply User Charges to either (A) such Customer User’s personal credit card or (B) the Customer account via the Customer Billing option.
(b) Customer acknowledges that the verification and linking described in Section 2.4(a) will require ValetNow to contact each such Proposed User using the Linking Data, and Customer agrees to inform, and get all necessary consents from, each Proposed User for ValetNow to contact such Proposed User for the purpose of implementing the Customer Billing option in the applicable Active Account. Customer shall ensure that Linking Data provided to ValetNow is accurate and complete, and ValetNow shall not be liable to Customer, a Customer User, a Proposed User or any other party with respect to inaccurate or incomplete Linking Data supplied by Customer.
(c) A Customer User’s personal account may be unlinked from Customer’s account and the Customer Billing option at any time by (i) Customer unlinking such Customer User through the Dashboard, or (ii) the Customer User deleting the Customer Billing option from the Active Account.
2.5 Responsibility for User Activity.
Customer agrees that (a) Customer is responsible for all User Charges incurred by Customer Users on a then-current authorized Customer User list via the Customer Billing option, regardless of whether such User Charge was authorized between Customer User and Customer and (b) User Charges may be subject to price changes at any time, including without limitation, occasional increases during periods of high demand as further described in the End User Terms. Further, Customer agrees that ValetNow shall not be responsible for User Charges incurred by a Customer User after Customer has attempted removal of such Customer User from the Customer Billing option to the extent Customer provides incomplete or inaccurate Customer User removal information via the Dashboard. Finally, as between Customer and ValetNow, Customer shall be responsible for the User Charges incurred due to fraudulent or other unpermitted activity on the part of Customer User’s use of Customer Billing for the ValetNow Service. Customer shall notify ValetNow promptly upon discovery of fraudulent or unpermitted activity occurring under Customer’s account.
Customer agrees to, and to cause all Customer Users to, use the ValetNow Service and ValetNow App solely as set forth in this Agreement and the End User Terms; provided, however, that in the event of a conflict between this Agreement and the End User terms with respect to Customer or any authorized Customer User employing Customer Billing with the ValetNow Service, the terms of this Agreement shall control. ValetNow reserves the right to suspend participation in Customer Billing to Customer and/or any Customer Users for violations of this Agreement or the End User Terms. In the event that a Customer User’s Active Account is suspended or terminated pursuant to the End User Terms, such Customer User’s access to Customer Billing shall also be suspended. Customer shall not, and shall not authorize others to, (a) decompile, disassemble, reverse engineer or otherwise attempt to derive the source code or underlying technology, methodologies or algorithms of the ValetNow Service or ValetNow App, except to the extent allowed by applicable law, (b) sublicense, lease, rent, sell, give, or otherwise transfer or provide the ValetNow Service or ValetNow App to any unaffiliated third party, (c) upcharge, increase or otherwise modify the User Charges as calculated through the ValetNow App for any usage of the ValetNow Service or (d) impose any additional fees or charges on a Customer User related to use of the ValetNow Service. ValetNow reserves all rights not expressly granted to Customer or Customer Users under this Agreement.
3. ACCOUNT ADMINISTRATION
3.1 Customer Dashboard.
Valet Business Customer shall be provided with access to ValetNow’s browser-based online dashboard for “ValetNow for Business” customers (“Dashboard”). ValetNow’s primary contact with Customer shall be by way of Customer’s administrator set forth on the account creation form associated with this Agreement (“Administrator”). ValetNow will inform the Administrator of Dashboard login credentials. The Dashboard will enable Customer to (a) view a current list of all Proposed Users who have been invited to, and Customer Users who have linked to, Customer Billing, (b) provide additional Linking Data to invite additional Proposed Users, (c) revoke any Customer User’s access to Customer Billing, (d) view detailed trip information, which may include, without limitation, Customer User name together with request time and date, drop-off time and date, pick-up and drop-off address, trip route, distance, duration, fare amount, service type, trip ID, expense memo (“Dashboard Data”) and prepare and review activity reports using Dashboard Data, (e) disable all current Customer Users of Customer Billing, (f) manage and update the Customer Card on file, (g) review and manage payment statements, as applicable, (h) settle outstanding balances on the Customer account, and (i) view current, appoint new, and remove Administrators. Customer agrees to use Dashboard Data solely for legitimate business purposes including, but not limited to, business expense processing, accounting, and budgeting purposes. ValetNow reserves the right to add, remove and update features and functionality of the Dashboard at any time.
Customer may appoint additional administrators at its discretion, and ValetNow will cooperate with Customer to inform new administrators of Dashboard login credentials. Customer agrees to (a) maintain all Dashboard login credentials in confidence, (b) only permit the lead Administrator and Customer’s other authorized administrators to access the Dashboard, and (c) update all information of the lead Administrator and other authorized administrators to ensure that it is current, accurate, and complete. Customer shall limit access to Dashboard Data to only those Customer personnel who have a legitimate business need to access such Dashboard Data. Customer shall be responsible for all activity that occurs under its Dashboard login credentials.
3.3 Customer User Updates.
It is Customer’s sole responsibility to keep and maintain an accurate list of current authorized Customer Users entitled to access Customer Billing via the Dashboard. ValetNow may review the current list of Customer Users from time to time via the Dashboard to maintain and support the ValetNow App and ValetNow Service and ensure compliance with this Agreement.
4. PRIVACY AND DATA SECURITY
“Personal Data” means any information Customer obtains from ValetNow in connection with this Agreement that can reasonably be used to identify an individual, including but not limited to Dashboard Data as defined in Section 3.1, or that may otherwise be considered “Personal Data” under the European Parliament and Council Data Protection Directive 95/46/EC. For the avoidance of doubt, Dashboard Data shall constitute “Personal Data,” which is subject to ValetNow’s Privacy Statement, as may be modified or updated by ValetNow from time to time.
4.2 Notice and Consent.
Customer agrees to (i) notify each Proposed User that by linking Proposed User’s personal Active Account with Customer’s account for Customer Billing that ValetNow will provide Customer with detailed valet information for the valet services charged to Customer’s account, and (ii) to obtain any necessary consent from each Customer User for ValetNow to share detailed valet services information with Customer.
Customer agrees that (a) any Personal data obtained from ValetNow shall be processed by Customer solely for legitimate business purposes and to retained only so long as necessary, (b) access to Personal Data will be limited to Customer’s employees who have a legitimate business need to access such Personal Data, and (c) Customer will not disclose Personal Data to any third party, including vendors, unless expressly authorized in writing by ValetNow. Customer agrees to hold employees accountable for violations of this Agreement, including imposing sanctions, and where appropriate, terminating contracts and employment. Personal Data will at all times remain the property of ValetNow. Customer shall not rent or sell Personal Data for any purpose. Customer shall not use Personal Data in any way that harms ValetNow or that benefits a competitor of ValetNow.
Customer agrees to implement appropriate legal, technical and organizational measures to protect Personal Data against unauthorized or unlawful processing and against unauthorized loss, destruction, damage, alteration, or disclosure, as well as any breach or attempted breach of Customer security measures (“Information Security Incident”). Customer shall promptly notify ValetNow in the event that Customer learns or has reason to believe that an Information Security Incident has occurred including at least: (1) the nature of the breach of security measures; (2) the types of potentially compromised Personal Data; (3) the duration and expected consequences of the Information Security Incident; and (4) any mitigation or remediation measures taken or planned in response to the Information Security Incident. Upon any such discovery, Customer will (a) take all reasonable steps to investigate, remediate, and mitigate the effects of the Information Security Incident, and (b) provide ValetNow with assurances reasonably satisfactory to ValetNow that such Information Security Incident will not recur. Additionally, if and to the extent any Information Security Breach occurs as a result of an act or omission of Customer, and if ValetNow determines that notices (whether in ValetNow’s or Customer’s name) or other remedial measures are warranted, Customer will, at ValetNow’s request and at Customer’s cost and expense, undertake the aforementioned remedial actions.
4.5 Standard Contractual Clauses.
To the extent this Agreement involves Personal Data of residents of jurisdictions outside the United States, Customer agrees that the Standard Contractual Clauses, included in this Agreement as Exhibit A, shall apply.
5. FEES AND PAYMENTS
In consideration of ValetNow’s provision of the ValetNow Services and Customer Billing as set forth herein, Customer shall pay to ValetNow all User Charges and any applicable Services Fees ValetNow may charge for certain functionality and features (collectively, the “Fees”) on the terms set forth below.
5.2 Payment Terms.
ValetNow shall charge the Valet Business Card for Fees at the end of each Customer User’s transaction. Unless otherwise indicated on a Customer User receipt, all Fees are exclusive of applicable taxes, and Customer agrees to be responsible for the payment of any such taxes assessed on Fees, including, but not limited to, all sales, use, VAT or similar taxes, except for taxes based on ValetNow’s income. All payments shall be processed in the local currency applicable to the geography of the Customer User’s applicable valet except in certain instances when ValetNow may process foreign transactions in United States dollars. All payments are nonrefundable except as may be expressly provided otherwise herein.
ValetNow reserves the right to immediately charge the Customer Card in the event that any transaction has not been paid within 7 days of transaction date. ValetNow reserves the right to immediately suspend Customer’s account and suspend any or all Customer Billing by all Customer Users in the event of any unpaid Fees by Customer due to past due Monthly Statements (as applicable), an invalid credit Customer Card on the Customer account, or a rejected Customer Card transaction. ValetNow further reserves the right to pursue any and all remedies available to it under applicable law, including reporting Customer to applicable credit reporting agencies, in the event of any unpaid Fees hereunder. Reestablishing a Customer account after full payment of late Fees shall be at ValetNow’s sole discretion. All late payments shall bear a $10 service charge.
6. TERM AND TERMINATION
This Agreement shall commence on the Effective Date and shall remain in effect until terminated as set forth herein (the “Term”).
Either party may terminate this Agreement with or without cause upon five (5) days’ advance written notice to the other party. All outstanding payment obligations and Sections 4-10 of these Terms shall survive the termination of this Agreement.
7. WARRANTY AND DISCLAIMER OF LIABILITY
7.1 Mutual Warranties.
Each party represents and warrants that: (a) such party has the full right, power and authority to enter into this Agreement; and (b) such party’s acceptance of this Agreement, as well as such party’s performance of the obligations set forth in this Agreement, does not and will not violate any other agreement to which such party is a party.
7.2 Customer Warranties.
Customer represents and warrants that: (a) Customer has all rights and permissions necessary to provide ValetNow with the Linking Data and any other information provided to ValetNow hereunder in connection with the ValetNow Service and Customer Billing; (b) Customer has obtained legally-adequate consent from Proposed Users and Customer Users as necessary to provide ValetNow with any personally identifiable information in connection with the ValetNow Service and Customer Billing, (c) Customer has notified, and obtained legally adequate consent from, Proposed Users and Customer Users that ValetNow will provide Customer with detailed valet services information for the valet fees charged to Customer’s account, and (d) Customer is in compliance, and shall remain in compliance during the term of the Agreement, with all applicable local, city, state, federal, national, and international laws, rules and regulations relating to data protection, privacy, identity theft, data breach, consumer protection, and data security, and any applicable industry standards relating to privacy and data security.
7.3 Disclaimer of Warranties.
EXCEPT AS EXPRESSLY PROVIDED HEREIN, VALETNOW PROVIDES THE VALETNOW SERVICE AND VALETNOW APP “AS IS” AND WITHOUT WARRANTY. VALETNOW DOES NOT WARRANT THAT THE FUNCTIONS CONTAINED IN THE VALETNOW SERVICE AND VALETNOW APP WILL MEET CUSTOMER’S REQUIREMENTS OR THAT THE OPERATION OF THE VALETNOW SERVICE OR VALETNOW APP WILL BE UNINTERRUPTED OR ERROR FREE. VALETNOW HEREBY DISCLAIMS ALL OTHER WARRANTIES WITH RESPECT TO THIS AGREEMENT, WHETHER EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, (A) ANY IMPLIED OR STATUTORY WARRANTIES COVERING THE VALETNOW SERVICE OR THE VALETNOW APP, AND (B) ANY IMPLIED WARRANTIES OF MERCHANTABILITY, NONINFRINGEMENT OR FITNESS FOR A PARTICULAR PURPOSE.
8. LIMITATIONS OF LIABILITY
OTHER THAN WITH RESPECT TO A BREACH OF CONFIDENTIALITY, (A) IN NO EVENT SHALL VALETNOW OR CUSTOMER BE LIABLE FOR ANY INDIRECT, PUNITIVE, INCIDENTAL, EXEMPLARY, SPECIAL OR CONSEQUENTIAL DAMAGES, OR FOR LOSS OF BUSINESS OR PROFITS, SUFFERED BY THE OTHER PARTY OR ANY THIRD PARTY ARISING OUT OF THIS AGREEMENT, WHETHER BASED ON CONTRACT, TORT OR ANY OTHER LEGAL THEORY, EVEN IF VALETNOW OR CUSTOMER (OR THEIR AGENTS) HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES AND (B) IN NO EVENT SHALL EITHER PARTY BE LIABLE UNDER THIS AGREEMENT FOR ANY DIRECT DAMAGES IN AN AMOUNT EXCEEDING THE GREATER OF (X) ONE MILLION DOLLARS ($1,000,000), AND (Y) THE TOTAL FEES PAYABLE BY COMPANY TO VALETNOW HEREUNDER..
9. PROPRIETARY RIGHTS.
9.1 No Publicity.
Neither party may use or reference the other party’s name, logo, trademarks or service marks in a press release or otherwise without the prior consent of such other party in each instance.
ValetNow and its affiliates are and shall remain the owners of all right, title and interest in and to the ValetNow Service, ValetNow App, and Dashboard Data including any updates, enhancements and new versions thereof, and all related documentation and materials provided or available to Customer or any Proposed User or Customer User in connection with this Agreement.
10. GENERAL CONDITIONS
10.1 Governing Law.
This Agreement shall in all respects be interpreted, construed in accordance with, and governed by the internal laws of the State of Texas, without regard to its principles regarding conflict of laws. In the event of any litigation between the parties related to this Agreement, the parties agree to submit to personal and exclusive jurisdiction for such action in the State Courts for the County of Kaufman, Texas or the United States District Court for the North Texas Area.
Any notice required or permitted to be delivered to Customer by this Agreement shall be posted to the Customer’s Dashboard. Any notice required or permitted to be delivered to ValetNow by this Agreement shall be submitted via email@example.com.
10.3 Force Majeure.
Nonperformance of either party under this Agreement shall be excused to the extent and during the period that performance is rendered impossible by strike, fire, flood, earthquakes, governmental acts or orders or restrictions, failure of suppliers, or contractors, or any other reason where failure to perform is beyond the reasonable control and not caused by the negligence of the non-performing party.
If any provision or provisions of this Agreement shall be held to be invalid, illegal or unenforceable, the validity, legality and enforceability of the remaining provisions shall not in any way be affected or impaired thereby.
This Agreement is not transferable and may not be assigned by Customer, in whole or in part, without the prior written consent of ValetNow, provided that Customer may assign this Agreement without such consent, but with notice to ValetNow, in connection with a merger or a sale of all of the equity or assets of Customer. Subject to the foregoing, this Agreement shall be binding upon all successors and assigns of a party.
10.6 Attorney’s Fees.
In any litigation between the parties, the prevailing party shall be entitled to reasonable attorney fees and all costs of proceedings incurred in enforcing this Agreement.
Section headings are for convenience only and shall not be considered in the interpretation of this Agreement.
10.8 Independent Contractor.
ValetNow and Customer are and shall remain independent contractors. Neither party is the representative or agent of the other and neither party shall have any power to assume any obligations on behalf of the other. Customer hereby represents that the individual clicking to accept this Agreement is authorized by Customer to bind, and does hereby bind, Customer to the terms hereof.
Commission Decision C(2004)5721
Standard contractual clauses for the transfer of personal data from the Community to third countries (controller to controller transfers)
Data transfer agreement Between
the Customer identified within this sign-up page as accepting the online ValetNow for Business terms and conditions these Clauses (the “Data Importer”)
each a “party”; together “the parties”.
HAVE AGREED on the following Standard Contractual Clauses (the “Clauses”) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the Data Exporter to the Data Importer of the personal data specified in Annex A.
The Clauses (including Annex A and B) are effective from the date the Data Importer entity has clicked to accept the “ValetNow for Business Agreement” and these Clauses. If you are accepting on behalf of the Data Importer, you represent and warrant that: (i) you have full legal authority to bind your employer, or the applicable entity, to these terms and conditions; (ii) you have read and understand the Clauses; and (iii) you agree, on behalf of the party that you represent, to the Clauses. The parties agree that where Data Importer has been presented with these Clauses and clicked to accept these terms electronically, such acceptance shall constitute execution of the entirety of the Clauses by both parties, subject to the effective date described above.
For the purposes of the clauses: a) “personal data”, “special categories of data/sensitive data”, “process/processing”, “controller”, “processor”, “data subject” and “supervisory authority/authority” shall have the same meaning as in Directive 95/46/EC of 24 October 1995 (whereby “the authority” shall mean the competent data protection authority in the territory in which the data exporter is established); b) “the data exporter” shall mean the controller who transfers the personal data; c) “the data importer” shall mean the controller who agrees to receive from the data exporter personal data for further processing in accordance with the terms of these clauses and who is not subject to a third country’s system ensuring adequate protection; d) “clauses” shall mean these contractual clauses, which are a free-standing document that does not incorporate commercial business terms established by the parties under separate commercial arrangements. The details of the transfer (as well as the personal data covered) are specified in Annex B, which forms an integral part of the clauses.
I. Obligations of the data exporter
The data exporter warrants and undertakes that: a) The personal data have been collected, processed and transferred in accordance with the laws applicable to the data exporter. b) It has used reasonable efforts to determine that the data importer is able to satisfy its legal obligations under these clauses. c) It will provide the data importer, when so requested, with copies of relevant data protection laws or references to them (where relevant, and not including legal advice) of the country in which the data exporter is established. d) It will respond to enquiries from data subjects and the authority concerning processing of the personal data by the data importer, unless the parties have agreed that the data importer will so respond, in which case the data exporter will still respond to the extent reasonably possible and with the information reasonably available to it if the data importer is unwilling or unable to respond. Responses will be made within a reasonable time. e) It will make available, upon request, a copy of the clauses to data subjects who are third party beneficiaries under clause III, unless the clauses contain confidential information, in which case it may remove such information. Where information is removed, the data exporter shall inform data subjects in writing of the reason for removal and of their right to draw the removal to the attention of the authority. However, the data exporter shall abide by a decision of the authority regarding access to the full text of the clauses by data subjects, as long as data subjects have agreed to respect the confidentiality of the confidential information removed. The data exporter shall also provide a copy of the clauses to the authority where required.
II. Obligations of the data importer
The data importer warrants and undertakes that: a) It will have in place appropriate technical and organizational measures to protect the personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, and which provide a level of security appropriate to the risk represented by the processing and the nature of the data to be protected. b) It will have in place procedures so that any third party it authorizes to have access to the personal data, including processors, will respect and maintain the confidentiality and security of the personal data. Any person acting under the authority of the data importer, including a data processor, shall be obligated to process the personal data only on instructions from the data importer. This provision does not apply to persons authorized or required by law or regulation to have access to the personal data. c) It has no reason to believe, at the time of entering into these clauses, in the existence of any local laws that would have a substantial adverse effect on the guarantees provided for under these clauses, and it will inform the data exporter (which will pass such notification on to the authority where required) if it becomes aware of any such laws. d) It will process the personal data for purposes described in Annex B, and has the legal authority to give the warranties and fulfil the undertakings set out in these clauses. e) It will identify to the data exporter a contact point within its organization authorized to respond to enquiries concerning processing of the personal data, and will cooperate in good faith with the data exporter, the data subject and the authority concerning all such enquiries within a reasonable time. In case of legal dissolution of the data exporter, or if the parties have so agreed, the data importer will assume responsibility for compliance with the provisions of clause I(e). f) At the request of the data exporter, it will provide the data exporter with evidence of financial resources sufficient to fulfil its responsibilities under clause III (which may include insurance coverage). g) Upon reasonable request of the data exporter, it will submit its data processing facilities, data files and documentation needed for processing to reviewing, auditing and/or certifying by the data exporter (or any independent or impartial inspection agents or auditors, selected by the data exporter and not reasonably objected to by the data importer) to ascertain compliance with the warranties and undertakings in these clauses, with reasonable notice and during regular business hours. The request will be subject to any necessary consent or approval from a regulatory or supervisory authority within the country of the data importer, which consent or approval the data importer will attempt to obtain in a timely fashion. h) It will process the personal data, at its option, in accordance with: i. the data protection laws of the country in which the data exporter is established, or ii. the relevant provisions of any Commission decision pursuant to Article 25(6) of Directive 95/46/EC, where the data importer complies with the relevant provisions of such an authorization or decision and is based in a country to which such an authorization or decision pertains, but is not covered by such authorization or decision for the purposes of the transfer(s) of the personal data, or iii. the data processing principles set forth in Annex A. i) It will not disclose or transfer the personal data to a third party data controller located outside the European Economic Area (EEA) unless it notifies the data exporter about the transfer and i. the third party data controller processes the personal data in accordance with a Commission decision finding that a third country provides adequate protection, or ii. the third party data controller becomes a signatory to these clauses or another data transfer agreement approved by a competent authority in the EU, or iii. data subjects have been given the opportunity to object, after having been informed of the purposes of the transfer, the categories of recipients and the fact that the countries to which data is exported may have different data protection standards, or iv. with regard to onward transfers of sensitive data, data subjects have given their unambiguous consent to the onward transfer
III. Liability and third party rights
a) Each party shall be liable to the other parties for damages it causes by any breach of these clauses. Liability as between the parties is limited to actual damage suffered. Punitive damages (i.e. damages intended to punish a party for its outrageous conduct) are specifically excluded. Each party shall be liable to data subjects for damages it causes by any breach of third party rights under these clauses. This does not affect the liability of the data exporter under its data protection law. b) The parties agree that a data subject shall have the right to enforce as a third party beneficiary this clause and clauses I(b), I(d), I(e), II(a), II(c), II(d), II(e), II(h), II(i), III(a), V, VI(d) and VII against the data importer or the data exporter, for their respective breach of their contractual obligations, with regard to his personal data, and accept jurisdiction for this purpose in the data exporter’s country of establishment. In cases involving allegations of breach by the data importer, the data subject must first request the data exporter to take appropriate action to enforce his rights against the data importer; if the data exporter does not take such action within a reasonable period (which under normal circumstances would be one month), the data subject may then enforce his rights against the data importer directly. A data subject is entitled to proceed directly against a data exporter that has failed to use reasonable efforts to determine that the data importer is able to satisfy its legal obligations under these clauses (the data exporter shall have the burden to prove that it took reasonable efforts).
IV. Law applicable to the clauses
These clauses shall be governed by the law of the country in which the data exporter is established, with the exception of the laws and regulations relating to processing of the personal data by the data importer under clause II(h), which shall apply only if so selected by the data importer under that clause.
V. Resolution of disputes with data subjects or the authority
a) In the event of a dispute or claim brought by a data subject or the authority concerning the processing of the personal data against either or both of the parties, the parties will inform each other about any such disputes or claims, and will cooperate with a view to settling them amicably in a timely fashion. b) The parties agree to respond to any generally available non-binding mediation procedure initiated by a data subject or by the authority. If they do participate in the proceedings, the parties may elect to do so remotely (such as by telephone or other electronic means). The parties also agree to consider participating in any other arbitration, mediation or other dispute resolution proceedings developed for data protection disputes. c) Each party shall abide by a decision of a competent court of the data exporter’s country of establishment or of the authority which is final and against which no further appeal is possible.
a) In the event that the data importer is in breach of its obligations under these clauses, then the data exporter may temporarily suspend the transfer of personal data to the data importer until the breach is repaired or the contract is terminated. b) In the event that: i. the transfer of personal data to the data importer has been temporarily suspended by the data exporter for longer than one month pursuant to paragraph (a); ii. compliance by the data importer with these clauses would put it in breach of its legal or regulatory obligations in the country of import; iii. the data importer is in substantial or persistent breach of any warranties or undertakings given by it under these clauses; iv. a final decision against which no further appeal is possible of a competent court of the data exporter’s country of establishment or of the authority rules that there has been a breach of the clauses by the data importer or the data exporter; or v. a petition is presented for the administration or winding up of the data importer, whether in its personal or business capacity, which petition is not dismissed within the applicable period for such dismissal under applicable law; a winding up order is made; a receiver is appointed over any of its assets; a trustee in bankruptcy is appointed, if the data importer is an individual; a company voluntary arrangement is commenced by it; or any equivalent event in any jurisdiction occurs then the data exporter, without prejudice to any other rights which it may have against the data importer, shall be entitled to terminate these clauses, in which case the authority shall be informed where required. In cases covered by (i), (ii), or (iv) above the data importer may also terminate these clauses. c) Either party may terminate these clauses if (i) any Commission positive adequacy decision under Article 25(6) of Directive 95/46/EC (or any superseding text) is issued in relation to the country (or a sector thereof) to which the data is transferred and processed by the data importer, or (ii) Directive 95/46/EC (or any superseding text) becomes directly applicable in such country. d) The parties agree that the termination of these clauses at any time, in any circumstances and for whatever reason (except for termination under clause VI(c)) does not exempt them from the obligations and/or conditions under the clauses as regards the processing of the personal data transferred.
VII. Variation of these clauses
The parties may not modify these clauses except to update any information in Annex B, in which case they will inform the authority where required. This does not preclude the parties from adding additional commercial clauses where required.
VIII. Description of the Transfer
The details of the transfer and of the personal data are specified in Annex B. The parties agree that Annex B may contain confidential business information which they will not disclose to third parties, except as required by law or in response to a competent regulatory or government agency, or as required under clause I(e). The parties may execute additional annexes to cover additional transfers, which will be submitted to the authority where required. Annex B may, in the alternative, be drafted to cover multiple transfers.
DATA PROCESSING PRINCIPLES
1. Purpose limitation: Personal data may be processed and subsequently used or further communicated only for purposes described in Annex B or subsequently authorized by the data subject. 2. Data quality and proportionality: Personal data must be accurate and, where necessary, kept up to date. The personal data must be adequate, relevant and not excessive in relation to the purposes for which they are transferred and further processed. 3. Transparency: Data subjects must be provided with information necessary to ensure fair processing (such as information about the purposes of processing and about the transfer), unless such information has already been given by the data exporter. 4. Security and confidentiality: Technical and organizational security measures must be taken by the data controller that are appropriate to the risks, such as against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, presented by the processing. Any person acting under the authority of the data controller, including a processor, must not process the data except on instructions from the data controller. 5. Rights of access, rectification, deletion and objection: As provided in Article 12 of Directive 95/46/EC, data subjects must, whether directly or via a third party, be provided with the personal information about them that an organization holds, except for requests which are manifestly abusive, based on unreasonable intervals or their number or repetitive or systematic nature, or for which access need not be granted under the law of the country of the data exporter. Provided that the authority has given its prior approval, access need also not be granted when doing so would be likely to seriously harm the interests of the data importer or other organizations dealing with the data importer and such interests are not overridden by the interests for fundamental rights and freedoms of the data subject. The sources of the personal data need not be identified when this is not possible by reasonable efforts, or where the rights of persons other than the individual would be violated. Data subjects must be able to have the personal information about them rectified, amended, or deleted where it is inaccurate or processed against these principles. If there are compelling grounds to doubt the legitimacy of the request, the organization may require further justifications before proceeding to rectification, amendment or deletion. Notification of any rectification, amendment or deletion to third parties to whom the data have been disclosed need not be made when this involves a disproportionate effort. A data subject must also be able to object to the processing of the personal data relating to him if there are compelling legitimate grounds relating to his particular situation. The burden of proof for any refusal rests on the data importer, and the data subject may always challenge a refusal before the authority. 6. Sensitive data: The data importer shall take such additional measures (e.g. relating to security) as are necessary to protect such sensitive data in accordance with its obligations under clause II. 7. Data used for marketing purposes: Where data are processed for the purposes of direct marketing, effective procedures should exist allowing the data subject at any time to “opt-out” from having his data used for such purposes. 8. Automated decisions: For purposes hereof “automated decision” shall mean a decision by the data exporter or the data importer which produces legal effects concerning a data subject or significantly affects a data subject and which is based solely on automated processing of personal data intended to evaluate certain personal aspects relating to him, such as his performance at work, creditworthiness, reliability, conduct, etc. The data importer shall not make any automated decisions concerning data subjects, except when: a) i. such decisions are made by the data importer in entering into or performing a contract with the data subject, and ii. the data subject is given an opportunity to discuss the results of a relevant automated decision with a representative of the parties making such decision or otherwise to make representations to that parties. or b) where otherwise provided by the law of the data exporter.
DESCRIPTION OF THE TRANSFER
The personal data transferred concern the following categories of data subjects:
Past, present and prospective employees and partners, contractors, subcontractors and agents.
Purposes of the transfer(s)
The transfer is made for the following purposes:
The data will enable Data Importer view detailed trip information, which may include, without limitation, Customer User name together with detailed trip information, including request time and date, drop-off time and date, pick-up and drop-off address, trip route, distance, duration, fare amount, service type, trip ID, expense memo (“Dashboard Data”) and prepare and review activity reports using such Dashboard Data.
Categories of data
The personal data transferred concern the following categories of data:
All data provided by Account Holders to ValetNow and to data created by ValetNow. The data subjects’ personal data transferred may concern detailed trip information, including request time and date, drop-off time and date, pick-up and drop-off address, trip route, distance, duration, fare amount, service type, trip ID, expense memo.
The personal data transferred may be disclosed only to the following recipients or categories of recipients:
The personal data transferred may be disclosed only to the following recipients or categories of recipients: Data Importer’s personnel who have a legitimate business purpose access the personal data, including personnel involved in: Travel and Expense services and management, Finance, Audit, Human Resources, Legal, Ethics and Compliance, and supervisors of the employees using the ValetNow for Business Service.
Sensitive data (if appropriate)
The personal data transferred concern the following categories of sensitive data: