SPITCHE
GENERAL TERMS OF SERVICE
1. DEFINITIONS
2. CONTRACTUAL DOCUMENTS
The General Terms shall apply to any purchase of SPITCHE Platform or Services, confirmed in writing (whether online or not). An order placed with SPITCHE entails formal acceptance by the Client of the General Terms.
In case of conflict or inconsistency between the terms of contractual elements of the Contract, precedence amongst element of contractual documentation shall be, in descending order:
- Order
- SPITCHE General Terms of Sale
- The Data Protection Agreement (Appendix 1)
- Other Appendices to the General Terms of Sale, if any
- SPITCHE Terms of Use.
Any change to the content of the Contract (including an Order) shall be made by written, mutual agreement between the Parties.
The Contract covers the entirety of the agreement of the Parties. Previous agreements reached by and between the Parties on services similar to the Services shall be voided and replaced by the Contract upon its signature – or entry into force, whichever is earlier.
Respective documentation issued by either Party, including terms and conditions of purchase of the Client that are not included in – or expressly referenced by – the Contract shall not apply to the relationship between the Parties.
3. ORDERS AND PAYMENT
Order process. Signature by the Client of an Order accepted by SPITCHE amounts to a firm and final order. Any modification or cancellation must be expressly accepted by SPITCHE.
Prices. Unless otherwise stated in the Order, the price for the Services is set by the SPITCHE price list in force on the date on which the order is placed and available upon request. Prices are in euros and exclusive of taxes. SPITCHE may modify its price list at any time, without impacting the price applicable for the ongoing Service Terms. Prices set out in an Order are applicable to this Order only and can never be considered as tacitly agreed for future Orders.
Payment terms. Unless otherwise stated in the Order, invoices are payable in full upon receipt. Payment can be made by bank transfer or through Stripe.
Late payment. In the event of late payment by the Client of an invoice issued by SPITCHE, in addition to all other remedies that may be available to SPITCHE, late payment penalties calculated on the basis of three (3) times the legal interest rate, will be payable by Client, without the need for a reminder, on the day following the applicable payment date. In accordance with Article D. 441-5 of the French Commercial Code, SPITCHE may require payment by Client of a fixed indemnity of forty (40) euros for collection costs in addition to the aforementioned late payment penalties. In the event of a payment delay of more than fifteen (15) days, SPITCHE reserves the right to stop or discontinue any Service without notice, and shall not be held liable for any consequences resulting from the exercise of such right, nor for any indemnification. The Contract may also be terminated by SPITCHE, as detailed in the “Termination” section, due to breach of contractual obligations by the Client. Any pending invoices will remain due.
4. PLATFORM LICENCE AND ACCESS
Grant of Rights. When the Services include access to the Platform, SPITCHE grants Client a non-exclusive and non-transferable Licence for the Service Term defined in the Order, to access and use the Platform, and to provide access to the Platform to Authorised Users. The grant of the licence is conditioned upon Client’s ongoing compliance with its obligations under the Contract.
Access. Authorized Users are required to choose a password and username to access the Platform. Client shall keep all usernames, passwords, IP addresses, and computer names strictly confidential, and is solely responsible for any liability or damages resulting from its or an Authorized User’s failure to maintain confidentiality of such information.
Compliance with Terms of Use. Client is also solely responsible and liable for all activities on the Platform originating from Authorized Users’ IP addresses and in breach of SPITCHE Terms of Use. If Client believes unauthorized activity has taken place on its account, Client must immediately notify SPITCHE of any such unauthorized activity. SPITCHE Terms of Use shall be formally accepted by the Authorized Users upon first use of the Platform.
Restrictions of use. Client shall not, and shall use reasonable efforts to ensure that other parties under its control do not:
- use the Platform for any use other than for its own purposes;
- reproduce or distribute, in whole or in part, the Platform;
- modify, translate, reverse engineer, decompile, disassemble the Platform, or otherwise attempt to defeat, avoid, bypass, remove, deactivate or otherwise circumvent any protection mechanisms in the Platform or components thereof, including any such mechanism used to restrict or control the functionality of the Platform, or to derive the source code or the underlying ideas, algorithms, structure or organization from the Platform or any components thereof;
- distribute, rent, loan, lease, transfer, or grant any rights in the Platform or modifications thereof in any form to any person except to the extent expressly permitted under this Contract or with the prior written consent of SPITCHE;
- file any patent or other applications for intellectual property protection with respect to the Platform.
Auditing and Reporting. SPITCHE may, from time to time, at its own discretion, audit Client’s usage of the Platform. Upon SPITCHE’s request, Client agrees to provide all information reasonably necessary for SPITCHE to determine its use of the Platform and its compliance with the terms and conditions of the Contract.
Evolution. Client agrees that SPITCHE may, at its own discretion, develop and/or evolve the Platform, including by adding or adjusting functionalities without incurring significant obligations or restrictions for Client.
5. CLIENT’S OBLIGATIONS
Client’s Data. The Client alone is responsible of the accuracy, quality, integrity, reliability, suitability and intellectual property rights of and in all Client’s Data, and neither SPITCHE nor its suppliers will be responsible for its elimination, correction, destruction, damage, loss or error arising during the storage of the Client’s Data.
Client uses the User-Generated Content, and uploads it to the Platform, at its own risks and is solely responsible for ensuring that SPITCHE Terms of use are properly communicated to and accepted by any Authorised User. SPITCHE shall not be held liable for User-Generated Content.
Client warrants and represents that Client’s Data, the processing of the Client’s Data and any other activities in connection with the Platform or the Services do not violate, infringe or misappropriate any third party’s rights nor any applicable laws. Client will defend and indemnify SPITCHE, at its sole expense, against any third-party action or suit against SPITCHE alleging that the Client’s Data infringes a third party’s rights or result in a damage for a third party.
Any Client’s Data may be deleted and/or discarded if the Client fails to fulfil any of its obligations or breaches any conditions of this Agreement, including without limitation the obligation to pay fees for the Service.
For purposes of maintenance, statistics and for developing, improving and providing SPITCHE’s products and services, Client’s data may be randomly and anonymously recorded and processed by SPITCHE and its technology suppliers.
Cooperation. The Client undertakes to cooperate fully and in good faith with SPITCHE, by providing without undue delay correct and up-to-date information needed by SPITCHE to carry out its obligations pursuant to the Contract.
Compliance with SPITCHE Documentation. Clients shall always comply with SPITCHE instructions available in the Help center, when using the Platform. SPITCHE will not be liable in case of issues in implementing the Platform to the extent it is attributable to actions or omissions of the Client in spite of unambiguous, written instruction provided (or otherwise made available) by SPITCHE to the Client.
6. TERM AND TERMINATION
Term. Regardless of the date of its signature, these General Terms shall enter into force at the date of their signature and remain in force as long as an Order referencing them is in force. Termination of the General Terms do not result in the termination of the ongoing Orders (except as agreed otherwise by the Parties).
Termination. An Order or the Contract can be terminated:
- By either Party notifying the other Party in writing of the termination thereof due to a material breach of the Order or the Contract (which includes, without limitation, non-payment) which is not curable or has not been remedied or rectified within twenty (20) days after delivery of a written notice to such defaulting Party. If Client is the defaulting Party, SPITCHE may temporarily suspend the Services. In the event of a termination by SPITCHE, SPITCHE will not be responsible for any liability or damage suffered by Client because of such suspension or termination in accordance with this section.
- By a Party in the event of dissolution or winding-up of the other Party.
Effects of termination. If the Contract or an Order is terminated or for any reason expires, each Party shall cease use of the other Party’s Confidential Information in relation to this Order or to the Contract and destroy or return to the other Party all tangible property, data, Confidential Information and any other information, belonging to the other Party that is in its possession. Client shall stop using the Platform.
Survival. The following provisions shall survive termination or expiration of the Contract: Term and Termination, Confidentiality, Data Protection, Intellectual Property Rights, Liabilities, and Miscellaneous.
7. CONFIDENTIALITY
Each Party shall keep secret, treat as confidential and preserve the confidentiality of all Confidential Information, and shall use the Confidential Information solely for the purposes for which it was disclosed and use the same care and discretion to avoid disclosure, publication, or dissemination of the other Party’s Confidential Information as it uses with its own similar information that it does not wish to disclose, publish, or disseminate.
The current confidentiality obligation shall apply for the duration of the Contract as well as for a period of two (2) years after expiration or termination of the Contract for whatever reason.
8. INTELLECTUAL PROPERTY
Each Party holds all the intellectual property rights to its proprietary software (including, for SPITCHE, the Platform), trademarks and logos and the other Party has no right of copy or use of these trademarks and logos without prior express authorization. Client is not allowed to remove trademarks, logos, copyright notices as well as any intellectual property rights notices, used by SPITCHE to identify its products. The license provided herein is not a sale.
SPITCHE will defend and indemnify the Client, at its sole expense, against any third-party action or suit against the Client alleging that the Services infringes such third party’s intellectual property rights (a “Claim”) provided that the Client:
- promptly notifies SPITCHE in writing upon being served a notice by the third party asserting the infringement;
- gives SPITCHE sole control of the defence and settlement of the Claim (for the avoidance of doubt, a settlement may not be directly adverse to the Client’s legitimate interests);
- and reasonably cooperates with SPITCHE requests for assistance with the defence and settlement of the Claim. SPITCHE will not be bound by any settlement or compromise that the Client enters into without SPITCHE’s prior written consent.
SPITCHE obligations detailed above shall not apply to an infringement claim resulting directly from modifications or combination of the Platform or the Services by the Client or third parties acting on its behalf, that were not expressly authorized.
The foregoing terms state SPITCHE sole and exclusive liability and the Client’s sole and exclusive remedy for any claims of intellectual property infringement or misappropriation.
9. PERSONAL DATA
10. LIMITED WARRANTIES
SPITCHE warrants that the Services and the Platform will be delivered in compliance with the Contract. If at any time during the Service Term, Client discovers one or more material or significant defects or errors in the Services or the Platform, SPITCHE shall, as Client’s sole and exclusive remedy, use reasonable efforts to correct such defect, error or non-conformity, , provided that adequate notice and description of the defect or error is provided to SPITCHE.
The limited warranties provided by SPITCHE in this clause do not cover: (a) parts of the Service or the Platform that have been subjected to misuse, tampering, experimentation, alteration, or negligence by Client or any third party on behalf of Client; (b) issues arising from Client’s network connections or caused by the Internet; (c) damages that occurs due to act of God, failures due to power surge; (d) any other materials or services provided by anyone other SPITCHE where applicable; and (e) repairs to the Platform or Service by anyone other than SPITCHE.
The Platform includes certain Open-Source Software. Open-Source Software is governed solely by the applicable open-source licensing terms and is provided “AS IS”. SPITCHE provides no warranty specifically related to any Open-Source Software or any applicable Open-Source Software licensing terms.
Except as expressly provided herein and to the maximum extent allowed by applicable law, the Services and the Platform are provided “as is” and SPITCHE makes no other warranties, either express or implied, regarding their accuracy, reliability, merchantability or satisfactory quality, non-infringement or their fitness for any particular purpose.
11. LIABILITY
To the maximum extent permitted by applicable law, in no event will SPITCHE be liable for any indirect damages arising out of or in any way relating to the Contract, the Services or the Platform including, without limitation, damages for loss of goodwill, work stoppage, lost profits, loss of data, computer failure or any and all other commercial damages or losses regardless of the legal or equitable theory (contract, tort or otherwise) upon which the claim is based.
For all events and circumstances, SPITCHE’s maximum aggregate and cumulative liability arising out of or relating to the Contract shall not exceed the amounts paid by Client pursuant to the Contract during the twelve (12) months preceding the event giving rise to liability. SPITCHE shall not be liable to Client to the extent any liability would not have occurred but for Client’s breach of the Contract.
12. APPLICABLE LAW AND COMPETENTE COURTS
Any dispute or disagreement between the Parties that may not be settled amicably, shall be brought to the exclusive jurisdiction of the Commercial Courts of Paris, who shall have exclusive jurisdiction, notwithstanding plurality of defendants or the introduction of third parties, even for summary or conservatory proceedings, by appeal or by petition.
13. MISCELLANEOUS
Outsourcing. SPITCHE may outsource a part of the Services to third-party suppliers under SPITCHE’s sole control, authority, and responsibility, without exonerating SPITCHE of its liability towards the Client for the subcontracted Services. In such case, SPITCHE shall (i) comply with all applicable provisions of French Law governing relationship with subcontractors; (ii) arrange and manage payment of subcontractors without the Client needing to be involved or engaged in the relationship between SPITCHE and appointed sub-contractor; (iii) warrant on-going compliance of its contractual arrangements with its sub-contractor within the terms of this Contract and all Applicable Laws.
Notices. Unless otherwise provided, notices issued by either Party under this Contract shall be deemed to have been validly served on confirmation of receipt of an email. Where the terms of the Contract require a notice to be sent with a formal letter, it shall be deemed to have been served on the date of first delivery attempt.by postal services at the address provided by the receiving Party for correspondence.
No Partnership. The Parties declare that the Contract cannot be considered as an incorporation of a legal person or legal entity, and that their relation is deprived of “affectio societatis”. The Parties also declare that nothing in the Contract shall constitute one Party as an employee, agent, joint venture partner or servant of another.
Severability. In the event any provision of this Contract is found invalid or unenforceable due to any law, rule or definitive legal ruling, such provision will be considered void. The terms of the Contract that are not directly affected by a cause of nullification shall remain valid and in full force, as if the void provision were no longer part of the Contract.
Transfer. Client is not allowed to assign its rights and obligations under the Contract to a third-party, without prior written authorization from SPITCHE. However, either Party may assign its rights and obligations under the Contract to a third-party in case of merger, acquisition, or other such operations resulting in a change in control of the company under French law, provided that the transferring Party shall send the other Party a written notice of such assignment.
Appendix 1 – SPITCHE Data Protection Agreement
Regulation (EU) 2016/679, adopted by the European Parliament and Council on April 27, 2016, is applicable as of May 25, 2018 (hereinafter referred to as the “Regulation”).
Since SPITCHE, acting as Data Processor processes Personal Data within the framework of a commercial contract signed with the Client (the “Contract”) who is the Data Controller, the Parties wish to define the specific obligations of the Data Processor.
As such, the Parties agree as follows:
1 - DEFINITIONS
The terms with a capital letter below shall have the same meaning as in the Regulation or in the Contract.
“Data Controller” refers to “the Client” or “You” (depending on the term used in the Contract).
“Data Processor” refers to SPITCHE.
2 - DESCRIPTION OF THE PROCESSING
The Data Processor is authorized to process on behalf of the Data Controller the Personal Data necessary to provide the Service(s), and listed in Exhibit A.
3 - DATA PROCESSOR’S OBLIGATIONS
3.1 The Data Processor agrees to process the data only in accordance with the Data Controller’s documented instructions appearing in Exhibit A and/or in the Contract, and/or any written instruction provided by the Data Controller to the Data Processor during the term of the Contract.
If the Data Processor considers the instructions to be in violation of the Regulation or of any other EU law or law of a Member State relating to Data protection, it shall inform the Data Controller immediately.
In the event that the Data Processor is required to proceed with the processing of Personal Data by virtue of a mandatory provision resulting from EU law or the law of a Member State to which it is subject, the Data Processor will inform the Data Controller of this legal obligation prior to processing the Data, except when the applicable law forbids such notice for important public interest reasons.
3.2 In the event of a transfer of Personal Data to a country that is not a Member State of the European Union nor a third party country benefiting from an adequacy decision of the EU Commission, or to an international organization, the Parties shall sign the Standard Contractual Clauses published by the European Commission (updated 2021 version):
- when the Data Processor is the exporter and the Data Controller is the importer :
- Module 4 is applicable;
- Clause 7 (docking clause) is included;
- The optional paragraph in Clause 11 is not included;
- Clause 17 : the Governing law is the one of the Contract;
- Clause 18 : The competent courts are the ones of the Contract;
- The SCCs Appendix I (Sections A and B) is completed by the Parties and attached to this Data Protection Agreement.
- when the Data Processor is the exporter and the Data Controller is the importer :
- Module 2 is applicable;
- Clause 7 (docking clause) is included;
- Clause 9(a) : Option 2 is applied;
- The optional paragraph in Clause 11 is not included;
- Clause 17 : Option 1 is applied : the Governing law is the one of the Contract or, if the law of the Contract is not the law of an EU Member State, French law;
- Clause 18(b) : The competent courts are the ones of the Contract or, if the courts of the Contracts are not in the EU, the French courts.
- The SCCs Appendices I, II and III (all sections) are completed by the Parties and attached to this Data Protection Agreement.
3.3 The Data Processor agrees to ensure that persons authorized to process Personal Data under this Data Protection Agreement:
- agree to respect confidentiality or are subject to an appropriate legal obligation of confidentiality.
- receive the necessary training regarding the protection of Personal Data.
3.4 Sub Processors
Data Processor shall not provide access to the Personal Data of Data Controller to any third party, with the exception of the subprocessors mentioned in Exhibit A.
Any addition or replacement of the Sub processors shall be notified to Data Controller with a 30-day prior notice.
This notice must clearly indicate the outsourced processing activities as well as the Sub Processor’s identity and contact information, and the possibility of Personal Data being transferred outside the European Union or to an international organization. The Data Controller has a maximum period of fifteen (15) days from the date of the receipt of this information to raise written objections.
If the Parties do not agree on a solution following objections raised by the Data Controller, the Data Processor will be granted the right to terminate the Contract without penalty.
The Sub Processor must comply with the obligations of the Contract and the Data Protection Agreement, and to process Personal Data only for the account and according to the Data Controller’s instructions. Consequently, the initial Data Processor agrees to sign a written contract with the Sub Processor – imposing on the Sub Processor equivalent obligations on the protection of Personal Data as outlined in the Contract and the Data Protection Agreement.
If the Sub Processor does not fulfill his or her obligations regarding the protection of Personal Data, the Data Processor remains fully responsible to the Data Controller for the Subsequent Data Processor’s performance of its obligations.
3.5 Data subjects’ right to information
Given the nature of the Services, it is the responsibility of the Data Controller to provide information on the Personal Data Processing to the Data Subjects.
3.6 Exercise of the rights of Data Subjects
As far as possible, the Data Processor shall assist the Data Controller in fulfilling its obligation to respond to requests for the exercise of Data Subjects’ rights under the Regulation.
When Data Subjects exercise their rights with the Data Processor, the Data Processor shall send these requests via email to the person designated by the Data Controller in Exhibit A or communicate by any other means that the Data Controller chooses. The Data Processor can respond directly to the Data Subject’s request only at the Data Controller’s instruction.
3.7 Notification of Personal Data breaches
The Data Processor notifies the Data Controller of all Personal Data breaches as soon as possible and, in any case, within seventy-two (72) hours after having become aware of it. This notification shall be accompanied by all relevant documentation enabling the Data Controller, if necessary, to notify the relevant supervisory authority of the breach, including :
- A description of the nature of the Personal Data breach including, if possible, the categories and the approximate number of Data Subjects affected by the breach and the categories and approximate number of Personal Data records concerned.
- the name and contact information of the data protection officer or other point of contact from whom additional information can be obtained.
- a description of the likely consequences of the Personal Data breach.
- a description of the measures taken or how the Data Processor proposes to remedy the Personal Data breach, including if necessary, measures for mitigating any negative consequences.
If, insofar as it’s not possible to supply all the information at once, it may be communicated in increments without undue delay.
The Data Processor agrees to actively collaborate with the Data Controller in order to meet their regulatory and contractual obligations. Only the Data Controller can inform the relevant supervisory authority of the Personal Data breach and provide information on this breach to the persons concerned; the Data Processor therefore refrains from making such notification and communication.
3.8 Data Processor assistance in complying with the Data Controller’s obligations
Data Processor shall assist Data Controller in ensuring compliance with its obligations pursuant to Articles 32 to 36 of the Regulation taking into account the nature of processing and the information available to the Data Processor.
Data Processor shall make available to Data Controller all information necessary to demonstrate compliance with Data Processor’s obligations laid down in Article 28 of the Regulation and allow for and contribute to audits, including inspections, conducted by Data Controller or another auditor mandated by Data Controller pursuant to Article 5.
3.9 Security Measures
Without prejudice to the provisions in the body of the Contract, the Data Processor shall implement all appropriate technical and organizational measures to protect Personal Data, taking into account the state of knowledge, implementation costs, nature, scope, context and the purposes of the processing as well as the risks, whose degree of probability and severity may vary to the rights and freedoms of natural persons in order to guarantee a level of security appropriate to the risk.
The Data Processor especially agrees to take all necessary precautions with respect to the nature of the Data and the risks encountered by its processing in order to preserve the security of the Data files and especially the prevention of any corruption, alteration, damage, accidental or unlawful destruction, loss, disclosure and/or access by any unauthorized third parties.
The means implemented by the Data Processor for ensuring the security and confidentiality of the Data especially includes the following measures, to be outlined in Exhibit A. The Data Processor agrees to maintain these measures throughout the entire Contract period.
3.10 Fate of the data
Upon termination of the Contract the Data Processor agrees, at Data Controller’s choice:
- to return all Personal Data and files to the Data Controller in a useable format and within the specific conditions specified by the Data Controller, or to send the Personal Data to another data processor designated by the Data Controller and then,
and/or
- to destroy all Personal Data and manual or computerized files containing the information collected within a timeframe of two (2) months after its return, unless stipulated otherwise by community law or the law of a Member State of the European Union applicable to the processing covered by this agreement.
4 - DATA CONTROLLER’S OBLIGATIONS
The Data Controller agrees:
- to provide the Data Processor with the Personal Data listed in Exhibit A;
- to provide written documentation of all instructions regarding the Data Processor’s processing of Data;
- to ensure in advance and throughout the duration of processing that the Data Processor complies with the obligations outlined in the Regulation.
- Not to give to the Data Processor instructions which do not comply with the Regulation.
5 - COOPERATION IN THE EVENT OF AUDIT
Data Processor shall keep records in a reasonable manner evidencing that it complies with its obligations pursuant to this DPA and will allow Data Controller to audit such evidence to verify its compliance.
Such audit may be conducted by either Data Controller’s own staff or by a third-party auditor under contract with Data Controller, provided such third-party auditor is subject to a non-disclosure agreement. All audits must be conducted remotely and shall be limited to five (5) business days.
The scope of any audits shall be mutually agreed in advance between the Parties acting reasonably and in good faith. Such right shall not be exercised more than once a year.
Processing of personal data :
A Data processing agreement has been signed between the Parties. Below are the characteristics of the data processing activities necessary to provide the Services pursuant to the present Order.