Details of versioning
This LightOn Cloud Agreement (this “Agreement”) contains the terms and conditions that govern your access to and use of the LightOn Cloud website (as defined below) and is an agreement between LightOn SAS, as specified in Section 14 below (also referred to as “LightOn” “we,” “us,” or “our”) and you or the entity you represent (hereinafter referred to as “you” or “your”). This Agreement takes effect when you click on an “I Accept” button or checkbox presented with these terms or, if earlier when you use any of the Service Offerings (the “Effective Date”). You warrant and represent to us that you are lawfully able to enter into contracts (e.g., you are not a minor). If you are entering into this Agreement for an entity, such as the company you work for, you warrant and represent to us that you have the legal authority to bind that entity. You represent and warrant that you are entering into this Agreement as a professional, acting for the purposes of his business.
Please see Section 16 for definitions of certain capitalized terms used in this Agreement.
1. Use of the Services
1.1 You may access and use the Services in accordance with the terms of this Agreement and all laws, rules and regulations applicable to your use of the Services. Specific Service Terms may apply to certain Services.
1.2 To access the Services, you must have a LightOn Cloud account associated with a valid email address, provided that you agree to only create one account per email address, unless explicitly permitted by the Service Terms. It is your responsibility to keep your access data confidential.
1.3 Third-Party Content may be used by you at your election. Third-Party Content is governed by this Agreement and, if applicable, separate terms and conditions accompanying such Third-Party Content, which terms and conditions may include separate fees and charges.
2.1 We may change or discontinue any of the Services from time to time. We will provide you at least 3 months’ prior notice if we discontinue material functionality of a Service that you are using, or materially alter a customer-facing API that you are using in a backwards-incompatible fashion, except that this notice will not be required if the 3 month notice period (a) would pose a security or intellectual property issue to us or the Services, (b) is economically or technically burdensome, or (c) would cause us to violate legal requirements.
3. Security and Data Privacy
3.1 Without limiting Section 10 or your obligations under Section 4.2, we will implement reasonable and appropriate measures designed to help you secure Your Content against accidental or unlawful loss, access or disclosure.
4. Your Responsibilities
4.1 Except to the extent caused by our breach of this Agreement, (a) you are responsible for all activities that occur under your account, regardless of whether the activities are authorized by you or undertaken by you, your employees or a third party (including your contractors, agents or End Users), and (b) we and our affiliates are not responsible for unauthorized access to your account.
4.2 You will ensure that Your Content will not violate any of the Policies or any applicable law. You are solely responsible for the development, content, operation, maintenance, and use of Your Content.
4.3 You are responsible for properly configuring and using the Services and otherwise taking appropriate action in due time to secure, protect and backup your accounts and Your Content in a manner that will provide appropriate security and protection, which might include use of encryption to protect Your Content from unauthorized access and routinely archiving Your Content.
4.4 LightOn Cloud log-in credentials and private keys generated by the Services are for your internal use only and you will not sell, transfer or sublicense them to any other entity or person, except that you may disclose your private key to your agents and subcontractors performing work on your behalf.
4.5 You will be responsible for any action of any entity or person that you permit, assist or facilitate in relation with this Agreement, Your Content or use of the Services. You are responsible for End Users’ use of Your Content and the Services. You will ensure that all End Users comply with your obligations under this Agreement and that the terms of your agreement with each End User are consistent with this Agreement. If you become aware of any violation of your obligations under this Agreement caused by an End User, you should immediately suspend access to Your Content and the Service Offerings by such End User. We do not provide any support or services to End Users unless we have a separate agreement with you or an End User obligating us to provide such support or services.
5. Fees and Payment
5.1 In order to use the Services you have to prepay the applicable fees that correspond to the use of Services that you request. You may pay us the applicable fees and charges for use of the Services as described on the LightOn Cloud Site using one of the payment methods we support. Payments may be processed by third parties; in this case, you agree to operate in accordance with the third party’s terms and conditions. All amounts payable by you under this Agreement will be paid to us without setoff or counterclaim and without any deduction or withholding. Fees and charges for any new Service or new feature of a Service will be effective when we post updated fees and charges on the LightOn Cloud Site, unless we expressly state otherwise in a written notice. We may increase or add new fees and charges for any existing Services you subscribed by giving you at least 30 days’ prior notice. In the absence of any objection from you within the above-mentioned 30 days, you will be deemed to have accepted these new fees and charges. On the contrary, if you object in writing to these new fees and charges within the above-mentioned time-limit, the Agreement shall be terminated within 30 days from the day we receive your written notice of opposition, unless otherwise agreed between us.
5.2 Each party will be responsible, as required under applicable law, for identifying and paying all taxes and other governmental fees and charges (and any penalties, interest, and other additions thereto) that are imposed on that party upon or with respect to the transactions and payments under this Agreement. All fees indicated are exclusive of Taxes which will be due in addition. We may charge and you will pay applicable Indirect Taxes that we are legally obligated or authorized to collect from you. You will provide such information to us as reasonably required to determine whether we are obligated to collect Indirect Taxes from you. We will not collect, and you will not pay, any Tax for which you furnish us a properly completed exemption certificate or a direct payment permit certificate for which we may claim an available exemption from such Tax. All payments made by you to us under this Agreement will be made free and clear of any deduction or withholding, as may be required by any applicable law. If any such deduction or withholding (including but not limited to cross-border withholding taxes) is required on any payment, you will pay such additional amounts as are necessary so that the net amount received by us is equal to the amount then due and payable under this Agreement. We will provide you with such tax forms as are reasonably requested in order to reduce or eliminate the amount of any withholding or deduction for taxes in respect of payments made under this Agreement.
6. Temporary Suspension
6.1 We may suspend your or any End User’s right to access or use any portion or all of the Services immediately upon notice to you if we determine:
6.2 If we suspend your right to access or use any portion or all of the Services you remain responsible for all fees and charges you incur during the period of suspension.
7. Term and Termination
7.1 The term of this Agreement will commence on the Effective Date and will remain in effect until terminated under Section 7 (this section). Any notice of termination of this Agreement by either party to the other must include a termination date (“Termination Date”) that complies with the notice periods in Section 7.2.
7.3 Effect of Termination.
For any use of the Services after the Termination Date, the terms of this Agreement will apply and you shall pay the applicable fees at the rates under Section 5.
8. Proprietary Rights
8.1 Except as provided in this Section 8, we obtain no rights under this Agreement from you (or your licensors) to Your Content. You consent to our use of Your Content to provide the Services to you and any End Users.
8.2 You represent and warrant to us that: (a) you or your licensors own all right, title, and interest in and to Your Content; (b) you have all rights in Your Content necessary to grant the rights contemplated by this Agreement; (c) none of Your Content or End Users’ use of Your Content or the Services will violate the Acceptable Use Policy (paragraph 14 of this document).
8.3 We or our licensors own all right, title, and interest in and to the Services, and all related technology, source code, and intellectual property rights. Subject to the terms of this Agreement, we grant you a limited, revocable, non-exclusive, non-sublicensable, non-transferable license to do the following: (a) access and use the Services solely in accordance with this Agreement; (b) copy and use the LightOn Content solely in connection with your permitted use of the Services; and (c) use the LightOnOPU library for the sole purpose of using the Services. Except as provided in this Section 8.3, you obtain no rights under this Agreement from us, our affiliates or our licensors to the Services, including any related intellectual property rights. Some LightOn Cloud Content and Third-Party Content may be provided to you under a separate license, such as the Apache License, or other open-source licenses. In the event of a conflict between this Agreement and any separate license, the separate license will prevail with respect to the LightOn Cloud Content or Third-Party Content that is the subject of such separate license.
8.4 Neither you nor any End User will use the Services in any manner or for any purpose other than as expressly permitted by this Agreement. Neither you nor any End User will, or will attempt to (a) modify, distribute, alter, tamper with, repair, or otherwise create derivative works of any Content included in the Services (except to the extent Content included in the Services is provided to you under a separate license that expressly permits the creation of derivative works), (b) reverse engineer, disassemble, or decompile the Services or apply any other process or procedure to derive the source code of any software included in the Services (except to the extent applicable law doesn’t allow this restriction), (c) access or use the Services in a way intended to avoid incurring fees or exceeding usage limits or quotas, or (d) resell or sublicense the Service Offerings. You will not misrepresent or embellish the relationship between us and you (including by expressing or implying that we support, sponsor, endorse, or contribute to you or your business endeavours). You will not imply any relationship or affiliation between us and you except as expressly permitted by this Agreement.
8.5 If you provide any suggestions to us or our affiliates, we and our affiliates will be entitled to use the suggestions without restriction and free of any charge. You hereby irrevocably assign to us all right, title, and interest in and to the suggestions and agree to provide us with any assistance we require to document, perfect, and maintain our rights in the suggestions.
9.1 You will defend, indemnify, and hold harmless us, our affiliates and licensors, and each of their respective employees, officers, directors, and representatives from and against any Losses arising out of or relating to any third-party claim concerning:
9.2 Subject to the limitations in this Section 9
9.3 The obligations under this Section 9 will apply only if the party seeking defence or indemnity:
The services are provided “AS IS”. Except to the extent prohibited by law, or to the extent any statutory rights apply that cannot be excluded, limited or waived, we and our affiliates and licensors (a) make no representations or warranties of any kind, whether express, implied, statutory or otherwise regarding the service offerings or the third-party content, and (b) disclaim all warranties, including any implied or express warranties (i) of merchantability, satisfactory quality, fitness for a particular purpose, non-infringement, or quiet enjoyment, (ii) arising out of any course of dealing or usage of trade, (iii) that the service offerings or third-party content will be uninterrupted, error-free or free of harmful components, and (iv) that any content will be secure or not otherwise lost or altered.
11. Limitations of Liability
We and our affiliates and licensors will not be liable to you for any damages and in particular direct, indirect, incidental, special, consequential or exemplary damages (including damages for loss of profits, revenues, customers, opportunities, goodwill, use, or data), even if we or our affiliate have been advised of the possibility of such damages. Furthermore, neither we nor any of our affiliates or licensors will be responsible for any compensation, reimbursement, or damages arising in connection with: (a) your inability to use the services, including as a result of any (i) termination or suspension of this agreement or your use of or access to the services, (ii) our discontinuation of any or all of the services, or, (iii) without limiting any downtime of all or a portion of the services for any reason; (b) the cost of procurement of substitute goods or services; (c) any investments, expenditures, or commitments by you in connection with this agreement or your use of or access to the services; or (d) any unauthorized access to, alteration of, or the deletion, destruction, damage, loss or failure to store any of your content or other data. In any case, except for payment obligations under section 9.2, our and our affiliates’ and licensors’ aggregate liability under this agreement will not exceed the amount you actually pay us under this agreement for the service that gave rise to the claim during the 12 months before the liability arose. The limitations in this section 11 apply only to the maximum extent permitted by applicable law.
12. Modifications to the agreement
We may modify this Agreement (including any Policies) at any time by posting a revised version on the LightOn Cloud Site and by otherwise notifying you in accordance with Section 13.6 and 13.8; provided, however, that we will provide at least 30 days’ advance notice. The modified terms will become effective upon your reception of our notification sent to you by e-mail, unless we receive a notification of objection to these new terms and conditions as provided in this Section 12. By continuing to use the Services after the effective date of any modifications to this Agreement, you agree to be bound by the modified terms. On the contrary, if you object in writing to these new terms and conditions in the 30 days following the reception of our e-mail of notification of the modification, the Agreement shall be terminated within 30 days from the day we receive your written notice of opposition, unless otherwise agreed between us.
13.1 You will not assign or otherwise transfer this Agreement or any of your rights and obligations under this Agreement, without our prior written consent. Any assignment or transfer in violation of this Section 13.1 will be void. We may assign this Agreement without your consent (a) in connection with a merger, acquisition or sale of all or substantially part of our assets, or (b) to any affiliate or as part of a corporate or group reorganization; and effective upon such assignment, the assignee is deemed substituted for LightOn as a party to this Agreement and LightOn is fully released from all of its obligations and duties to perform under this Agreement. Subject to the foregoing, this Agreement will be binding upon, and inure to the benefit of the parties and their respective permitted successors and assigns.
13.2 This Agreement incorporates the Policies by reference and is the entire agreement between you and us regarding the subject matter of this Agreement. This Agreement supersedes all prior or contemporaneous representations, understandings, agreements, or communications between you and us, whether written or verbal, regarding the subject matter of this Agreement. We will not be bound by, and specifically object to, any term, condition or other provision that is different from or in addition to the provisions of this Agreement (whether or not it would materially alter this Agreement) including, for example, any term, condition or other provision (a) submitted by you in any order, receipt, acceptance, confirmation, correspondence or other document, (b) related to any online registration, Request for Information, or other questionnaire, or (c) related to any invoicing process that you submit or require us to complete. If the terms of this document are inconsistent with the terms contained in any Policy, the terms contained in this document will control, except that the Service Terms will control over this document.
13.3 The Governing Laws, without reference to conflict of law rules, govern this Agreement and any dispute of any sort that might arise between you and us.
13.4 We and you are independent contractors, and this Agreement will not be construed to create a partnership, joint venture, agency, or employment relationship. Neither party, nor any of their respective affiliates, is an agent of the other for any purpose or has the authority to bind the other. Both parties to this Agreement reserve the right (a) to develop or have developed for it products, services, concepts, systems, or techniques that are similar to or compete with the products, services, concepts, systems, or techniques developed or contemplated by the other party, and (b) to assist third party developers or systems integrators who may offer products or services which compete with the other party’s products or services.
13.5 All communications and notices made or given pursuant to this Agreement must be in the English language. If we provide a translation of the English language version of this Agreement, the English language version of the Agreement will prevail if there is any conflict.
13.6 You may use LightOn Confidential Information only in connection with your use of the Services as permitted under this Agreement. You will not disclose LightOn Confidential Information during the Term or at any time during the 5-year period following the end of the Term. You will take all reasonable measures to avoid disclosure, dissemination or unauthorized use of LightOn Confidential Information, including, at a minimum, those measures you take to protect your own confidential information of a similar nature. You will not issue any press release or make any other public communication with respect to this Agreement or your use of the Service Offerings.
13.7 Notice. Unless otherwise agreed in this Agreement:
(a) To You. We may provide any notice to you under this Agreement by: (i) posting a notice on the LightOn Cloud Site; or (ii) sending a message to the email address then associated with your account. Notices we provide by posting on the LightOn Site will be effective upon posting and notices we provide by email will be effective when you receive the email. It is your responsibility to keep your email address current. You will be deemed to have received any email sent to the email address then associated with your account when we send the email.
(b) To Us. To give us notice under this Agreement, you must contact LightOn by facsimile transmission or personal delivery, overnight courier or registered or certified mail to the facsimile number or mailing address, as applicable, listed in Section 14 below. We may update the facsimile number or address for notices to us by posting a notice on the LightOn Site. Notices provided by personal delivery will be effective immediately. Notices provided by facsimile transmission or overnight courier will be effective one business day after they are sent. Notices provided registered or certified mail will be effective three business days after they are sent.
13.8 No Third-Party Beneficiaries. Except as set forth in Section 9, this Agreement does not create any third-party beneficiary rights in any individual or entity that is not a party to this Agreement.
13.9 The failure by us to enforce any provision of this Agreement will not constitute a present or future waiver of such provision nor limit our right to enforce such provision at a later time. All waivers by us must be in writing to be effective.
13.10 If any provision of this Agreement is held to be invalid or unenforceable, the remaining provisions of this Agreement will remain in full force and effect. Any invalid or unenforceable provision will be interpreted to the effect and intent of the original provision. If such construction is not possible, the invalid or unenforceable provision will be severed from this Agreement but the rest of the Agreement will remain in full force and effect except if the concerned invalid or unenforceable provision is a essential provision of this Agreement.
14. Acceptable Use Policy (AUP)
This Acceptable Use Policy (this “Policy”) describes prohibited uses of the services offered by LightOn SAS, and its affiliates (the “Services”) and the website located at https://cloud.lighton.ai (the “LightOn Cloud Site”). Capitalized terms have the meaning stated in the applicable agreement between Customer and LightOn SAS.
The examples described in this Policy are not exhaustive. We may modify this Policy at any time by posting a revised version on the LightOn Cloud Site in accordance with Section 12. By using the Services or accessing the LightOn Cloud Site, you agree to the latest version of this Policy, in accordance with Section 12. If you violate the Policy or authorize or help others to do so, we may suspend or terminate your use of the Services.
14.1 No Illegal, Harmful, or Offensive Use or Content
You may not use, or encourage, promote, facilitate or instruct others to use, the Services or LightOn Cloud Site for any illegal, harmful, fraudulent, infringing or offensive use, or to transmit, store, display, distribute or otherwise make available content that is illegal, harmful, fraudulent, infringing or offensive. Prohibited activities or content include:
14.2 You may not use the Services to violate the security or integrity of the Services, or any network, computer or communications system, software application, or network or computing device (each, a “System”). Prohibited activities include:
14.3 You may not make network connections to any users, hosts, or networks unless you have permission to communicate with them. Prohibited activities include:
14.4 You will not distribute, publish, send, or facilitate the sending of unsolicited mass e-mail or other messages, promotions, advertising, or solicitations (like “spam”), including commercial advertising and informational announcements. You will not alter or obscure mail headers or assume a sender’s identity without the sender’s explicit permission. You will not collect replies to messages sent from another internet service provider if those messages violate this Policy or the acceptable use policy of that provider.
14.5 We reserve the right, but do not assume the obligation, to investigate any violation of this Policy or misuse of the Services or LightOn Cloud Site. We may:
We may report any activity that we suspect violates any law or regulation to appropriate law enforcement officials, regulators, or other appropriate third parties. Our reporting may include disclosing appropriate customer information. We also may cooperate with appropriate law enforcement agencies, regulators, or other appropriate third parties to help with the investigation and prosecution of illegal conduct by providing network and systems information related to alleged violations of this Policy.
14.6 If you become aware of any violation of this Policy, you will immediately notify us and provide us with assistance, as requested, to stop or remedy the violation. To report any violation of this Policy, please send an email to support[at]lighton.ai making sure to include as much identifying information as possible. Note that we will not open any attachments. Please also note that the LightOn Cloud abuse team may not process or respond to spam or to reports that contain offensive or vulgar language. Threats of harm to LightOn, LightOn personnel, or third parties may be reported to law enforcement.
14. Global Trade Compliance – Export Control
The LightOn Cloud service may be subject to control laws and regulations imposed by the European Union (“E.U.“), by the United Nations (“U.N.“) and/or laws applicable in other jurisdictions (including the Export Administration Regulations (“EAR”) maintained by the U.S. Department of Commerce, trade and economic sanctions maintained by the Treasury Department’s Office of Foreign Assets Control (“OFAC”), and the International Traffic in Arms Regulations (“ITAR”) maintained by the U.S. Department of State).
By agreeing to these Terms and Conditions you warrant that:
15. Force Majeure
We and our affiliates will not be liable for any delay or failure to perform any obligation under these Terms where the delay or failure results from any cause beyond our reasonable control, including acts of God, acts of the government in its sovereign or contractual capacity, labor disputes, strikes, lockouts, unavailability of parts or other industrial disturbances, electrical or power outages, utilities or other telecommunication failures, earthquake, storms, or other elements of nature, blockages, embargoes, riots, acts or orders of government, acts of terrorism, epidemics, quarantine restrictions, or war of any kind.
16. Personal Data Protection
The parties considered it to be in their common interest to explicitly determine their respective obligations with regard to personal data protection. Therefore, the parties have concluded an Annex on personal data protection (the “Data Protection Annex” or “DPA”) which is attached to the Terms and Conditions.
“Acceptable Use Policy” means the policy described in section 14 and any subsequent policy in any location designated by us, as it may be updated by us from time to time.
“Account Country” is the country associated with your account. If you have provided a valid tax registration number for your account, then your Account Country is the country associated with your tax registration. If you have not provided a valid tax registration, then your Account Country is the country where your billing address is located, except if your credit card account is issued in a different country and your contact address is also in that country, then your Account Country is that different country.
“Account Information” means information about you that you provide to us in connection with the creation or administration of your LightOn Cloud account. For example, Account Information includes names, usernames, phone numbers, email addresses and billing information associated with your LightOn account.
“API” means an application program interface.
“LightOn Cloud Confidential Information” means all non-public information disclosed by us, our affiliates, business partners or our or their respective employees, contractors or agents that is designated as confidential or that, given the nature of the information or circumstances surrounding its disclosure, reasonably should be understood to be confidential. LightOn Cloud Confidential Information includes: (a) non-public information relating to our or our affiliates or business partners’ technology, customers, business plans, promotional and marketing activities, finances and other business affairs; (b) third-party information that we are obligated to keep confidential; and (c) the nature, content and existence of any discussions or negotiations between you and us or our affiliates. LightOn Cloud Confidential Information does not include any information that: (i) is or becomes publicly available without breach of this Agreement; (ii) can be shown by documentation to have been known to you at the time of your receipt from us; (iii) is received from a third party who did not acquire or disclose the same by a wrongful or tortious act; or (iv) can be shown by documentation to have been independently developed by you without reference to the LightOn Cloud Confidential Information.
“LightOn Cloud Content” means Content we or any of our affiliates make available in connection with the Services or on the LightOn Cloud Site to allow access to and use of the Services, including APIs; WSDLs; Documentation; sample code; software libraries; command line tools; proofs of concept; templates; and other related technology (including any of the foregoing that are provided by our personnel). LightOn Cloud Content does not include the Services or Third-Party Content.
“LightOn” means the party identified below:
“LightOn Cloud Site” means https://www.cloud.lighton.ai (and any successor or related site designated by us), as may be updated by us from time to time.
“Content” means software (including machine images), data, text, audio, video or images.
“Documentation” means the user guides and admin guides (in each case exclusive of content referenced via hyperlink) for the Services, located at docs.lighton.ai, at community.lighton.ai, or at cloud.lighton.ai (and any successor or related locations designated by us), as such user guides and admin guides may be updated by LightOn from time to time.
“End User” means any individual or entity that directly or indirectly through another user: (a) accesses or uses Your Content; or (b) otherwise accesses or uses the Service Offerings under your account. The term “End User” does not include individuals or entities when they are accessing or using the Services or any Content under their own LightOn Cloud account, rather than under your account.
“Governing Laws” and “Governing Courts” mean the laws and courts set forth in the following:
Governing Laws: The laws of France
Governing Courts: The courts of Paris, France.
“Indirect Taxes” means applicable taxes and duties, including, without limitation, VAT, Service Tax, sales and transactions taxes, and gross receipts tax.
“Losses” means any claims, damages, losses, liabilities, costs, and expenses (including reasonable attorneys’ fees).
“Service Attributes” means Service usage data related to your account, such as resource identifiers, metadata tags, security and access roles, rules, usage policies, permissions, usage statistics and analytics.
“Services” means the Services (including associated APIs), the LightOn Cloud, the LightOn Cloud Content, the LightOn Marks, and any other product or service provided by us under this Agreement. Services do not include Third-Party Content.
“Service Terms” means the rights and restrictions for particular Services.
“Suggestions” means all suggested improvements to the Service Offerings that you provide to us.
“Term” means the term of this Agreement described in Section 7.1.
“Termination Date” means the effective date of termination provided in accordance with Section 7, in a notice from one party to the other.
“Third-Party Content” means Content made available to you by any third party on the LightOn Cloud Site or in conjunction with the Services.
“Your Content” means Content that you or any End User transfers to us for processing, storage or hosting by the Services in connection with your LightOn Cloud account and any computational results that you or any End User derive from the foregoing through their use of the Services. Your Content does not include Account Information.
“LightOnOPU library” means the Python library that allows to access the OPU operations. It is installed on the LOC computes.
This Data Processing Appendix (“DPA“) forms an integral part of the Terms and Conditions. This DPA will remain in effect as long as LightOn processes Personal Data on behalf of the customer (the “Customer”).
All capitalized terms not otherwise defined in this DPA shall have the meaning given to them in the Terms and Conditions. In the event of any inconsistency between this DPA and any provision of the Terms and Conditions, this DPA shall be deemed to be as a binding agreement between LightOn and the Customer.
The terms of this DPA shall prevail only with respect to matters relating to the protection or processing of Personal Data. This DPA applies only to the extent that LightOn processes Personal Data on behalf of the Customer.
“Data Protection Legislation” means all applicable laws, rules, regulations, decisions, ordinances, regulatory guidelines and industry self-regulations relating to data protection, including the French Data Protection Act No. 78-17 dated January 6, 1978, as amended from time to time, the General Data Protection Regulation (EU) 2016/679 (“GDPR“) of the European Parliament and of the Council of April 27, 2016, as well as all equivalent laws and regulations applicable in any relevant territory, and any legislation that may replace such laws and regulations and the instruments and recommendations adopted by the competent supervisory authorities.
“Data controller“, “Data subject“, “Personal data“, “Processing“, “Processor” and “Supervisory authority” have the meaning given to them in the GDPR.
“Customer’s Personal Data” means Personal Data provided to LightOn by the Customer or entered or uploaded for use with or through LightOn’s products by or on behalf of the Customer in accordance with the Terms and Conditions.
“Personal Data Breach” means a breach of security in the systems managed or controlled by LightOn resulting in the destruction, loss, alteration, unauthorized disclosure of, or access to, the Customer’s Personal Data.
“Sub-Processor” means any other processor engaged by LightOn to carry out Processing activities in relation to the Customer’s Personal Data in compliance with LightOn’s contractual obligations.
2. Role of the parties
For the purposes of this DPA, the parties acknowledge that the Customer is the Data Controller and LightOn is the Processor of the Customer’s Personal Data.
The Customer instructs LightOn with regard to the Processing of the Customer’s Personal Data in order for LightOn to carry out its obligations under the provisions of the Terms and Conditions and as described in this DPA, and in any event in strict compliance with Data Protection Legislation. The objective and duration of the Processing, the nature and purpose of the Processing, the types of Personal Data that LightOn will process and the categories of Data Subjects whose Personal Data will be Processed are detailed below.
a) Objective: The objective of the Processing governed by this DPA is the Processing of the Customer’s Personal Data in order to provide the services to the Customer. The services provided by LightOn to the Customer and the objectives of the Processing under this DPA are more thoroughly described in the Terms and Conditions.
b) Duration of the Processing: Personal Data Processing begins on the effective date of the Terms and Conditions and will end once the Customer’s Personal Data has been returned or destroyed.
c) Purpose of the Processing: The purpose of the Processing consists of supplying the Cloud services provided by LightOn to the Customer in accordance with the Terms and Conditions and all applicable contractual documents.
d) Types of Personal Data: LightOn may process the categories of Personal Data identified in Article 4 of the GDPR, as well as any other Personal Data provided by or collected on behalf of the Customer under the Terms and Conditions.
e) Category of Data Subjects: LightOn may process Personal Data concerning the Customer’s business partners, employees and suppliers.
f) Approved Sub-processors: Information concerning Sub-processors is made available to the Customer in Appendix 1 which lists the relevant Sub-Processors, having access to the Customer’s Personal Data. This list will be updated by an amendment in the event of any change of Sub-processors or change in the services subscribed to by the Customer.
4. Obligations of the customer
As the Data Controller, the Customer:
a) will ensure that it has a legal basis, in accordance with Article 6 of the GDPR, to process the Customer’s Personal Data in accordance with this DPA and the Terms and Conditions
b) will provide LightOn with the name and contact details of its representative and the name and contact details of its data protection officer (if any) or any person responsible for data protection within the company;
c) will be responsible for providing the Data Subjects with an Information notice in accordance with Article 13 and 14 of the GDPR. The Customer shall guarantee LightOn that it has informed the Data Subjects in compliance with Article 13 and 14 of the GDPR and shall hold LightOn harmless from any claim or administrative fine in this regard;
d) will be solely responsible for making decisions and determining : (i) the purpose and scope of the Customer’s Personal Data to be collected and processed, including which Personal Data is to be processed; (ii) the purpose and method of Processing of the Customer’s Personal Data; (iii) the third parties to whom the Customer’s Personal Data are disclosed; and (iv) the period of retention of the Customer’s Personal Data;
e) will be responsible for ensuring that all Personal Data of the Customer processed by LightOn is accurate and up to date.
f) will be responsible for ensuring that all instructions it gives to LightOn regarding the Customer’s Personal Data comply with Data Protection Legislation, and LightOn shall have no liability in the case where any of the Customer’s instruction does not comply with such Data Protection Legislation.
5. Obligations of LightOn
As the Data Processor, LightOn:
a) will comply with the obligations imposed to any Processor by applicable Data Protection Legislation;
b) will process the Customer’s Personal Data only on the Customer’s documented instructions, which are contained in this DPA and the Terms and Conditions, unless otherwise agreed in writing by the parties or required by law under Data Protection Legislation. Where under Data Protection Legislation, LightOn is obligated to process Personal Data other than in accordance with the Customer’s written instructions, LightOn shall notify the Customer prior to such Processing (unless applicable law prohibits such notification on important public interest grounds) unless required to do so by Union or Member State law to which the processor is subject;
c) will modify, correct or erase the Customer’s Personal Data at the Customer’s request, or allow the Customer to do any of the foregoing, except in cases where the storage of all or part of the Customer’s Personal Data is required by applicable law;
d) taking into account the nature of the Processing, will assist the Customer, at the Customer’s request, with appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of the controller’s obligation to respond to requests for the Data Subject’s rights to be exercised under the Data Protection Legislation;
e) will forward to the Customer without undue delay any request concerning Data Subjects requests which are received directly by LightOn and shall inform the Data Subject that such requests shall be sent to the Customer who is responsible for handling such requests;
f) will assist the Customer in ensuring compliance with the obligations laid down in Articles 32 to 36 of the GDPR, taking into account the nature of the Processing and the information available to LightOn;
g) will ensure that the persons authorized to process the Customer’s Personal Data have duly executed the relevant confidentiality agreements or are under an appropriate statutory obligation of confidentiality. LightOn shall ensure that such obligation of confidentiality survives the employment relationship with its staff members.
6. Sub-processors engagement
The Customer agrees to the disclosure of its Personal Data to Sub-processors and to the Processing of its Personal Data by Sub-processors of LightOn only to the extent necessary for LightOn to comply with its obligations under the Terms and Conditions. Details of LightOn’s Sub-processors shall be made available to the Customer in Appendix 1 which may be updated from time to time. LightOn shall be liable for the acts and omissions of its Sub-processors to the extent that it would itself be liable in respect of its processing activities hereunder or under the Terms and Conditions. LightOn shall also subject its Sub-processors to contractual obligations at least comparable to the obligations imposed to LightOn under this DPA.
If LightOn appoints a new Sub-processor from the list set out in Appendix 1 below, it shall first inform the Customer who may reasonably object. LightOn shall have the right to respond to such objection with one of the following options at its sole discretion: (a) cease using the relevant Sub-processor; (b) take such steps as the Customer may suggest to resolve the objection; (c) cease providing the Customer with services involving the relevant Sub-processor, where possible. The Customer shall reimburse LightOn for all reasonable costs and efforts caused by such objection. The Customer acknowledges and agrees that it shall have no right to audit and inspect Sub-processors facilities and/or sites and that LightOn shall not be obligated to include such rights in its contracts with Sub-processors.
7. Data transfers
LightOn guarantees that it will not transfer Customer’s Personal Data outside the European Economic Area, unless instructed to do so by the Customer. If the Customer consents or has consented to such a transfer, LightOn warrants that it will comply with the applicable legal and regulatory provisions relating to the protection of Personal Data. In this respect, it guarantees, in particular, the implementation of an appropriate guarantee within the meaning of Article 46 of the GDPR, to enable the Customer and LightOn to comply with their obligations under the Data Protection Legislation.
8. Security measures
Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, LightOn shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, in accordance with Article 32 of the GDPR.
9. Restitution or destruction of personal data
At the choice of the Customer or when LightOn no longer needs to process the Customer’s Personal Data in order to fulfil its obligations under the Terms and Conditions, LightOn (a) shall cease all use of the Customer’s Personal Data; (b) return to the Customer or delete all Customer Personal Data and copies thereof and certify in writing that such destruction has been carried out, unless, in accordance with applicable law, LightOn is obliged to retain a copy of the Customer’s Personal Data.
The Customer may audit LightOn’s compliance with its obligations under this DPA, subject to the following:
a) The Customer may conduct audits once a year, including as a result of a Personal Data Breach;
b) The Customer may use a third party to conduct an audit on its behalf, provided that the third party is not a competitor of LightOn and has signed a confidentiality agreement;
c) Audits shall be conducted during normal business hours, shall be subject to LightOn’s policies applicable to the sites concerned by the audit, such as, in particular, the internal regulations which will be communicated in advance to the Customer, and shall not unreasonably interfere with LightOn’s business activities;
d) The Customer shall provide to LightOn, on a free of charge basis, any audit report produced as a result of such audit, unless prohibited by law. The Customer may use the audit reports solely for the purpose of complying with the requirements of the Data Protection Legislation and/or confirming compliance with the provisions of this DPA. Audit reports shall be treated as confidential information of LightOn;
e) In order to request an audit, the Customer must submit a detailed audit plan to LightOn at least three (3) weeks prior to the proposed audit date. The audit plan must describe the proposed scope, duration and start date of the audit. LightOn will review the audit plan and inform the Customer of any concerns or questions (for example, any requests for information that may compromise LightOn’s confidentiality obligations or security, privacy, terms and conditions of employment or any relevant policies). LightOn shall cooperate with the Customer to agree on a final audit plan prior to the commencement of the audit;
f) Nothing in this clause requires LightOn to breach any obligation of confidentiality that LightOn has with regard to any client or employee;
g) if the scope of the audit is covered by an audit report conducted by a qualified third-party auditor within twelve (12) months of the Customer’s request for an audit and LightOn confirms that there are no substantial changes in the audited scope, LightOn will forward the said audit report(s) to the Customer. The Customer accepts these conclusions in lieu of its request for an audit in respect of the matters covered by the report;
h) the Customer shall bear all costs and expenses relating to the audit carried out by the Customer. If the Customer requests additional services from LightOn in connection with the audit, such services will be chargeable and LightOn will prepare a quotation in advance for acceptance by the Customer.
11. Personal data breach
With respect to any Personal Data Breach, LightOn shall notify the Customer of such Personal Data Breach without delay after becoming aware of the Personal Data Breach. This notification shall include, as a minimum, the information provided for in Article 33 (3) of the GDPR:
(a) A description of the nature of the Personal Data Breach, including, if possible, the categories and approximate number of data subjects concerned and the categories and approximate number of Personal Data records concerned;
(b) A description of the likely consequences of the Personal Data Breach;
(c) A description of the measures taken or proposed to be taken to address the Personal Data Breach, including, where appropriate, measures to mitigate its possible adverse effects.
If, and to the extent that, it is not possible to provide all information at the same time, information may be provided without further undue delay.
As a data controller, the Customer is solely responsible for the notification obligations under the Personal Data Breach in accordance with the Data Protection Legislation, including providing any required notification to the supervisory authorities and Data Subjects (where applicable).
Damages for breach of the obligations under this DPA shall be subject to ten (10) times the value of the packages that were bought during the last year by the Customer.
The parties have signed this DPA through their respective authorised representatives.
BY : ____________________________ _____________________________
(AUTHORIZED SIGNATORY) (AUTHORIZED SIGNATORY)
(DATE OF SIGNATURE) (DATE OF SIGNATURE)
APPENDIX 1 – List of authorised Sub-processors:
1. PayPal (Payment)
2. Scaleway (Data Centre)
3. Enix (Maintenance)
4. SuperSaas (Booking platform)
5. Mailchimp (Mailing)