Privacy Policy

AtomChat provides to its customers ready to use chat messaging plugins for websites or mobile applications. These services are part of CometChat, Inc. and can be accessed at www.Atomchat.com (“our Website”) or you may subscribe to AtomChat services either through cloud based SaaS model or by downloading the AtomChat application. For more information, reference is made to our Terms of Service.This Privacy Policy describes AtomChat’s policies and procedures on the collection, use and disclosure of your personal data when you use our services or our Website (collectively “the Services”). We will not use or share your information with anyone except as described in this Privacy Policy. Please note that this Privacy Policy does not apply to the data AtomChat processes on behalf of our customers in our capacity as a processor. If you have any question on this, please contact us – see our contact details below.

Cookies

A cookie is a small text file that is placed on your computer, mobile phone, or other devices when you visit a website.

We use essential operational cookies because they are necessary to allow us to operate the AtomChat Services as you have requested. We use cookies to personalize your experience on the AtomChat Website and App (such as dynamically generating content on webpages specifically designed for you), to assist you in using the AtomChat Services (such as saving time by not having to reenter your name each time you use the AtomChat Services).

We also use cookies to allow us to statistically monitor how you are using the AtomChat Services so that we can improve our offerings, and to target certain advertisements to your browser which may be of interest to you or to determine the popularity of certain content. We will only use these cookies if you consent to it: when you visit our Website, a banner appears asking you whether you allow us to use these cookies. Many web browsers also allow you to manage your preferences. You can set your browser to refuse cookies or delete certain cookies.

How Long Do We Keep Your Personal Data

We will only retain your personal information for as long as necessary to fulfill the purposes described above i.e. for as long as you have a AtomChat account and/or have subscribed to our Services.

We may also retain your data longer in accordance with any limitation periods and records retention obligations that are imposed by applicable laws.

If you have elected to receive marketing communications from us, we retain information about your marketing preferences for a reasonable period of time from the date you last expressed interest in our content, products, or services.

We retain information derived from cookies and other tracking technologies for no more than 13 months from the date such information was created.

International Data Transfers

Your Rights

You have the right:
To be told about how your data is processed
To access your data
To stop or restrict certain processes
To correct incorrect info
To ask us to delete certain info
To port data (i.e. to ask us to provide you with your data in in an easy-to-read manner t and to transfer it to another data controller)
To access info about profiling or automated decision making
To object to how we are handling your personal data
To ask us to delete certain info
You can do so by contacting us at privacy@cometchat.com.
If you have a complaint about our use or processing of your personal information, you have a right to lodge a complaint with a national Data Protection Authority. Each European Union member nation has established its own Data Protection Authority; you can find out about the Data Protection Authority in your country here.

How We Protect Your Information

We use a variety of security technologies and procedures to help protect your personal information from unauthorized access, use or disclosure. We secure the personal information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use or disclosure. All personal information is protected using appropriate physical, technical and organizational measures.

Changes to Our Privacy Policy

About AtomChat – Contact information

AtomChat is a CometChat Inc. Brand.
CometChat Inc is the data controller and is based in the United States at 1002 Walnut St, Suite 200, Boulder, CO, 80302. You can contact us at the following email address privacy@cometchat.com.
Our representative in the EU for GDPR purposes is Anuj Garg. You can contact our representative at the following address: 1002 Walnut St, Suite 200, Boulder, CO, 80302, or by sending an email to privacy@cometchat.com.

Terms of Service

Terms of Service (this “Agreement”) set out the terms on which AtomChat, a CometChat Inc., brand (“AtomChat”, “we” or “us”) will provide access to and use of certain services available on or through its website (collectively, the “Service”) to you, a user of the Service (“you” or “User”). You should read this Agreement carefully. By indicating acceptance of this Agreement or by otherwise using the Service, you are entering into a legally binding agreement with us (and you hereby represent that you are of legal age, and are otherwise fully able and competent, to enter into a binding agreement). If you are using the Service on behalf of an organization, you represent that you have the right to bind such organization to this Agreement, and the terms “User” and “you” will include both you, the individual user, and such organization. If you are a Third Party User (as defined herein), you agree that the restrictions and other limitations in Sections 1.c, 4-9, 11-13, 16 and 17 of this Agreement shall apply to your use of the Service (and references to “you” and “User” in those Sections shall also apply to you, the Third Party User). If you do not agree to these terms and conditions, you must not use the Service.

Each of AtomChat’s customers may be subject to one or more separate subscription or other written agreements with AtomChat (each, a “Subscription Agreement”). This Agreement applies only to use of AtomChat’s websites and the Service and in no way affects the terms and conditions of any Subscription Agreement.

THIS AGREEMENT CREATES A BINDING LEGAL AGREEMENT BETWEEN YOU AND ATOMCHAT, AND INCLUDES AN ARBITRATION CLAUSE UNDER WHICH CERTAIN CLAIMS MAY NOT BE BROUGHT IN COURT OR DECIDED BY A JURY. PLEASE READ THIS AGREEMENT CAREFULLY.

1. Nature of the Service

1.General: The Service allows Users to access certain information or other content (which may include data, text, photos or other materials or content) related to real-time voice, video and text chat, and certain data or other information associated therewith, or related topics.
2.Third Party Systems: In order to utilize certain functionality provided by the Service, User may need to authorize the Service to access information in User’s accounts on relevant third party systems. This is often accomplished using APIs made available by those third party systems or other mechanisms. User represents and warrants to AtomChat that it shall only authorize such access for accounts it controls, and only to the extent permitted by the relevant system providers. User acknowledges that the Service, including certain analyses or other information provided thereby, may depend on access to such third party systems and relevant information therein in order to continue to function as intended, and that any discrepancies or changes in the above-referenced APIs, authorizations or permitted access can negatively impact the Service and its output. AtomChat makes no representation, warranty or endorsement regarding any third party system with which the Service may interact, and shall not be liable or responsible therefor in any way.
3.Children: The Service is not directed to users under the age of 18. The Service does not knowingly collect personal information from children under the age of 18. If you are under the age of 18, you are not permitted to register as a User or to send personal information to AtomChat.
4.Third Party Users: You may permit your third-party customers or end users (“Third Party Users”) to access certain functionality of the Service, subject to applicable restrictions or limitations set forth herein, provided that: (i) all acts and omissions of Third Party Users shall be deemed to be your acts and omissions, and you shall be responsible for such acts and omissions; and (ii) each such Third Party User (A) is permitted to access the Service solely for his or her own personal use, and (B) has agreed in writing to be bound by the restrictions and other limitations set forth in Sections 1.c, 4-9, 11-13, 16 and 17 of this Agreement. You shall maintain written records relating to such access (including written agreements with Third Party Users) and make such records available to AtomChat upon written request.

2. Registration

In order to use certain parts of the Service, you may be required to provide us with your first name, last name, title, name of organization, and other contact information, create a password and register with us. To the extent you are using the Service on behalf of an organization, you may need to also provide us with information in order to confirm, or permit us to confirm, any relationship between you and such organization. We may also request additional information from you. You represent and warrant to us that you will provide us with accurate, current and complete registration information. You are responsible for your registration, and for all use of the Service using any User credentials or passwords issued to you or chosen by you. You will keep all such credentials and passwords confidential.

3. Fees and Orders

1.General Payment Terms: The Service, or certain features of the Service, may be available only if certain subscription fees or other fees (collectively, “Fees”) are paid by you, or for your benefit (e.g., we may permit a third party to pay certain Fees for your benefit). If you purchase any subscription plan for the Service or certain features of the Service, you must pay any applicable Fees. Unless we separately agree with you to receive payment by another means, you will provide us (or our designated third-party payment provider) with accurate and valid credit card or other payment information and update your credit card or other payment information in the event any information provided becomes invalid or incomplete. If any charge is rejected by our bank or payment providers, you are still liable to pay the Fees. We retain the right to charge interest on any overdue balance at the rate of 1.5% per month, or the maximum amount permitted by law (if lower). You will also be responsible for our reasonable costs of collection, including attorneys’ fees, if we deem it necessary to take any legal or administrative action to collect unpaid Fees. We reserve the right to accept, refuse or cancel any orders placed through the Service, without liability or justification. We will refund you in case your order was cancelled by us after your credit card or other payment method has been charged.
‍
2.Subscription Plans: We offer paid subscription plans that allow you to access additional or exclusive features or content made available through the Service. If you purchase a subscription plan, your subscription will continue in effect and renew on a recurring basis, monthly or annually, unless and until you cancel your subscription. If you provide a credit card or other payment method accepted by AtomChat and sign up for a monthly or annual paid subscription through the Service, you are expressly agreeing that AtomChat (or our designated third-party payment provider) is authorized to charge your payment method for the applicable subscription fee (plus any applicable taxes) on a recurring monthly or annual basis, as applicable. AtomChat reserves the right to change the terms of your subscription, including price, from time to time, effective as of the beginning of your next billing period following the date of the change. If AtomChat changes the subscription fee or other charges for your subscription, we will give you advance notice of these changes. If you purchase a subscription from us with promotional pricing, it will renew at non-promotional pricing unless you cancel your subscription prior to renewal (as may also be explained in more detail at the time of your purchase at the promotion pricing).
‍
3.Cancellation of Auto-Renew Subscription Plans: You must cancel your subscription before your next renewal date in order to avoid the next billing (subscription) period. You may cancel your subscription by logging into your account on the Service and cancelling it there (if such functionality is provided therein), or you may send us written notice of cancellation to support@atomchat.com specifying that you would like to cancel your subscription for the Service. If you cancel your subscription, the cancellation will be effective upon your receipt of confirmation from AtomChat of the cancellation. You will remain liable for all charges accrued on your account up to the time that you cancel your Subscription with AtomChat.
‍
4.Free Trial: If we offer you a free trial, once your free trial period ends, we will begin billing your payment method for your periodic subscription fees (plus any applicable taxes), unless you cancel prior to the end of your free trial.

4. Your Content

You retain your rights in all information or other content (which may include data, text or other materials or content) which you input or upload to the Service or authorize the Service to access in your accounts on relevant third party systems as described in Section 1.b above (collectively, “Your Content”), subject to the rights granted below and our rights in Our Property (as defined below). You hereby grant and agree to grant us a worldwide, non-exclusive, royalty-free, fully-paid, transferable license, with the right to sublicense through multiple tiers, to use, reproduce, manipulate, display, transmit and distribute Your Content solely in connection with the Service, and improving and developing the Service. In addition, you agree that AtomChat may analyze Your Content, and similar information or other content of other AtomChat customers, to create aggregated or anonymized statistics or data that do not identify User or any individual, and AtomChat may during and after the term of this Agreement use and disclose such statistics or data in any manner in its discretion. Except as specified otherwise in this Agreement, you shall be solely responsible for providing, updating, uploading and maintaining Your Content. AtomChat shall operate the Service in a manner that provides reasonable information security, consistent with generally accepted industry standards, for Your Content, using appropriate administrative, physical and technical safeguards.

You represent and warrant that you own all proprietary rights in Your Content or, with respect to any of Your Content you do not own, that you have the full authority and right to input, upload and/or authorize the Service to access Your Content, and to grant the licenses and rights you have granted in this Agreement, and that your inputting, uploading and/or authorization to access Your Content, and the exercise by us of the licenses and rights granted by you herein, shall not infringe any third party intellectual property or proprietary rights, nor violate any rights of privacy or publicity, nor be defamatory, libelous, vulgar, profane or obscene, nor violate any law or other right, privilege or interest of any third party.
‍
On termination of your account, or this Agreement, we have no obligation to return any of Your Content to you, so you should retain copies of all of Your Content.

5. Our Ownership Rights

The Service, including all aspects of the AtomChat websites and software applications and mobile applications (including Our Property), is the property of, and owned by, AtomChat or its licensors. All the software, algorithms, functionality, inventions, concepts, text, images, sound, music, videos, marks, logos, compilations, content and technology used to deliver the Service or otherwise embodied in, displayed through, or provided directly or indirectly (e.g., emails or other communications from us to you) via, the Service are “Our Property.” For clarity, any formats, templates, methodologies, rules, algorithms and software used to create Your Content are Our Property. Except as otherwise expressly permitted by this Agreement, any use, copying, making derivative works, transmitting, posting, linking, deep linking, framing, redistribution, sale, decompilation, modification, reverse engineering, translation or disassembly of Our Property is prohibited. You acknowledge that Our Property has been created, compiled, developed and maintained by us at great expense of time and money such that misappropriation or unauthorized disclosure or use of Our Property by others for commercial gain would unfairly and irreparably harm us in a manner for which damages would not be an adequate remedy, and you consent to our obtaining injunctive relief to restrain any breach or threatened breach of this Agreement, without any requirement to post bond. You may be subject to criminal or civil penalties for violation of this paragraph.

The marks ATOMCHAT, INSCRIPTS, and any associated logos, are registered or unregistered trademarks or service marks of AtomChat or its licensors. You may not use them, or any of our other marks or logos, in any manner, including any use that is likely to cause confusion or that disparages or discredits us, without our consent; provided that, during your subscription term you may publicly reference that you are a customer of AtomChat and the Service. The Service may also feature the trademarks, service marks, and logos of third parties, and each owner retains all rights in such marks. Any use of such marks, or any others displayed on the Service, will insure solely to the benefit of their respective owners.

Subject to the terms and conditions herein, we grant you the non-exclusive, limited, revocable right to access and use Our Property solely to the extent necessary for you to use the Service for your own internal business purposes (or in the case of a User that is a Third Party User or other individual, for your own personal purposes) (“Permitted Purpose”), as permitted by this Agreement. We reserve all other rights. For clarity and without limiting other obligations herein, Users shall not distribute or otherwise commercialize Our Property.

6. Use of the Service

You must comply with any rules and policies about use of the Service that we publish from time to time. These rules and policies will be available on the Service. Certain features, pages or content within the Service may contain supplemental terms of use, to which you must agree in order to use the relevant features, pages or content.

Subject to the terms and conditions herein, you are permitted to use the Service solely for your own Permitted Purpose (as defined above).
‍
You must not (a) create, upload or transmit Your Content if you do not have the right to do so; (b) create, upload or transmit Your Content or use the Service in any way that would violate any law or the rights of any person; (c) impersonate any person or entity, or forge or manipulate headers to disguise the origin of any of Your Content; (d) except as otherwise expressly permitted by this Agreement, harvest or otherwise collect information about others from the Service; (e) take any action that imposes or may impose an unreasonable or disproportionately large load on the Service or its infrastructure, or bypass any measures we may use to prevent or restrict access to any portion of the Service (or other accounts, networks or services connected thereto); (f) use manual or automated software, devices, or other processes to “crawl,” “scrape” or “spider” any of the Service or otherwise to copy, obtain, propagate, distribute or misappropriate any information or other content from the Service, including any of Our Property; (g) distribute or otherwise make available any information or other content obtained through the Service to any third party, except as expressly permitted herein; (h) otherwise interfere in any manner with the use or operation of the Service; or (i) use the Service in the development, directly or indirectly, of any product, software or service that offers any functionality substantially similar to, or competitive with, the Service.

Your Content must not: (i) be libelous, threatening, abusive, unlawful, illegal or encourage a criminal offense; (ii) contain material from other copyrighted works without the written consent of the owner of such copyrighted material; (iii) infringe any copyright or violate any property rights, rights of privacy or publicity, or any other rights of any third party; or (iv) contain any software viruses, malware, spyware or any other code, file or program that is designed to interrupt, destroy or limit the functionality of any computer software, hardware or telecommunications equipment.

7. Feedback

If you provide to us (directly or indirectly, and by any means) any comments, feedback, suggestions, ideas, or other submissions related to the Service (collectively “Feedback”), the Feedback will be the sole property of AtomChat. We will be entitled to use, reproduce, disclose, publish, distribute, and otherwise exploit in any manner, all Feedback, without restriction and without compensating you in any way. We have no obligation to maintain any Feedback in confidence, or to respond to any Feedback.

8. Warranty; Disclaimers; Limitations of Liability

1.WARRANTY AND WARRANTY DISCLAIMERS: FOR FEE-PAYING USERS, COMETCHAT WARRANTS THAT THE SERVICE WILL PERFORM SUBSTANTIALLY IN ACCORDANCE WITH ITS DOCUMENTATION DURING THE APPLICABLE SUBSCRIPTION TERM; PROVIDED THAT, USER’S SOLE REMEDY AND COMETCHAT’S SOLE LIABILITY OR OBLIGATION FOR A BREACH OF SUCH WARRANTY SHALL BE THAT COMETCHAT SHALL USE COMMERCIALLY REASONABLE EFFORTS TO REMEDY SUCH FAILURE IN ACCORDANCE WITH ITS THEN-STANDARD SUPPORT PRACTICES. FOR FREE-TRIAL OR OTHER NON-FEE-PAYING USERS, THE SERVICE IS PROVIDED “AS IS”, WITH ALL FAULTS. EXCEPT AS EXPRESSLY PROVIDED ABOVE IN THIS SECTION 8, WE DISCLAIM ANY AND ALL WARRANTIES, WHETHER EXPRESS OR IMPLIED, INCLUDING: (i) ALL WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT, AND ANY AND ALL WARRANTIES ARISING FROM COURSE OF DEALING OR USAGE OF TRADE; (ii) THAT THE SERVICE OR OUR PROPERTY WILL MEET YOUR REQUIREMENTS, WILL ALWAYS BE AVAILABLE, ACCESSIBLE, UNINTERRUPTED, TIMELY, SECURE OR OPERATE WITHOUT ERROR; AND (iii) AS TO THE ACCURACY OR RELIABILITY OF ANY INFORMATION OBTAINED FROM THE SERVICE OR OUR PROPERTY. We may pause or interrupt the Service at any time, and you should expect periodic downtime for updates to the Service. No advice or information, whether oral or written, obtained by you from us or through the Service will create any other warranty.
‍
2.DISCLAIMER OF INDIRECT DAMAGES: UNDER NO CIRCUMSTANCES WILL YOU BE ENTITLED TO RECOVER FROM US ANY INCIDENTAL, CONSEQUENTIAL, INDIRECT, PUNITIVE OR SPECIAL DAMAGES (INCLUDING DAMAGES FOR LOSS OF BUSINESS, LOSS OF REVENUE, LOSS OF DATA, OR LOSS OF USE), WHETHER BASED ON CONTRACT, TORT (INCLUDING NEGLIGENCE), OR OTHERWISE, ARISING FROM OR RELATING TO THIS AGREEMENT, THE SERVICE OR OUR PROPERTY, EVEN IF WE HAVE BEEN INFORMED OR SHOULD HAVE KNOWN OF THE POSSIBILITY OF SUCH DAMAGES.

3.OVERALL LIABILITY CAP: TO THE EXTENT PERMITTED BY APPLICABLE LAW, OUR MAXIMUM AGGREGATE LIABILITY TO YOU FOR ANY DAMAGES ARISING FROM OR RELATING TO THIS AGREEMENT, THE SERVICE OR OUR PROPERTY, WHETHER BASED ON CONTRACT, TORT (INCLUDING NEGLIGENCE), OR OTHERWISE, SHALL BE LIMITED TO THE AMOUNTS PAID BY YOU TO US FOR THE SERVICE IN THE PRIOR YEAR (OR, IF YOU ARE A FREE-TRIAL OR OTHER NON-FEE-PAYING USER, TO THE AMOUNT OF $10).

SOME JURISDICTIONS DO NOT ALLOW THE LIMITATION OR EXCLUSION OF WARRANTIES OR OF LIABILITY FOR CERTAIN TYPES OF DAMAGES, SO SOME OF THE ABOVE LIMITATIONS OR EXCLUSIONS MAY NOT APPLY TO YOU.

9. Cloud Services and Third Party Services

You acknowledge that the Service is hosted by third party cloud providers, which may change from time to time (the “Cloud Providers”), and that your use of the Service is subject to any applicable restrictions or requirements imposed by the Cloud Providers. In addition, if you are a free-trial or other non-fee-paying User, without limitation of the disclaimers and limitations of liability set forth in Section 8, you acknowledge and agree that (a) the price at which we could afford to offer the Service would vary if we provided the Service other than using such cloud services; and (b) we shall not be responsible or liable to you for any act, omission or failure of any Cloud Provider.

The Service may depend upon, interact with or enable access to third parties’ information, other content, services or websites (each, a “Third Party Service”), which may in each case be accompanied by separate terms of use. Use of each Third Party Service may require that you accept additional terms of use. You must comply with the applicable terms of use when using the Third Party Service and the Service. AtomChat does not endorse, and hereby disclaims all liability or responsibility to you or any other person for, any Third Party Services.

10. Indemnity

You will indemnify and hold us, and our licensors, providers and agents, harmless against any and all claims, actions, proceedings, suits, liabilities, losses, damages, costs and expenses (including attorneys’ fees) (collectively, “Liabilities”) arising out of or related to your (or any Third Party User’s) breach of this Agreement or your (or any Third Party User’s) use of the Service (but excluding any Liabilities to the extent caused by our gross negligence or willful misconduct). We reserve the right to assume the sole control of the defense and settlement of any third party claim, action, suit or proceeding for which you are obliged to indemnify us. You will cooperate with us with respect to such defense and settlement.

Without limitation of the foregoing, if we receive a subpoena or similar requirement to disclose Your Content issued by any court or governmental authority, and we are not a party to the proceeding in question, you will reimburse us for our reasonable costs and expenses of complying with such subpoena, including time spent by our personnel and our attorneys at time and materials rates.

11. Suspension and Termination

You may terminate this Agreement at any time by closing your account and ceasing to use the Service. We reserve the right to suspend your account and/or access to the Service at any time if we believe you are in breach of this Agreement. We reserve the right to terminate this Agreement or to cease to offer the Service at any time on written notice to you (including by email to registered Users or posting on our website), for any reason or no reason; provided that, if we terminate this Agreement for convenience (and not, without limitation, for your breach) and you are a fee-paying User, we will refund to you a pro rata portion of your previously paid subscription fee associated with the then-remaining term of your terminated subscription.

If your account is terminated for any reason or no reason, you agree: (a) to continue to be bound by this Agreement, (b) to immediately stop using the Service, (c) that the license and rights provided by us under this Agreement shall end, (d) that we reserve the right (but have no obligation) to delete all of Your Content, and (e) that we shall not be liable to you, or any third party, for compensation, reimbursement, or damages for termination of access to your account.

Sections 1.d, 5 and 7-17, any accrued obligations and remedies hereunder, and any other provisions that by their nature should reasonably survive, shall survive the termination or expiration of this Agreement.

12. Modification of Service and Agreement

We reserve the right to modify the Service at any time, without notice to you. We may also from time to time amend this Agreement prospectively. If we do so, we will notify you by email (for registered Users) and posting on our website. You agree that your continued use of the Service constitutes your agreement to the amended Agreement. If you do not agree to any amended Agreement that we publish, you must terminate your account and cease using the Service. Except as set forth above, this Agreement may be amended or modified only by an express writing signed by AtomChat.

13. Governing Law and Disputes

1.Choice of Law: This Agreement and any dispute arising out of or related to this Agreement shall be governed by and interpreted and construed in accordance with the laws of the State of Delaware, USA, without regard to any conflict of law principles that would apply another law. The application of the United Nations Convention of Contracts for the International Sale of Goods is hereby excluded.
‍
2.Default Approach for Disputes: Except to the extent a User dispute is covered by Section 13.c below, User hereby consents to jurisdiction and venue in any federal or state court located within the State of Colorado, USA, and User shall not bring any suit, claim or other cause of action except in a court located within the State of Colorado, USA.

3.Approach for Disputes with Certain Customers: (I) This Section 13.c applies to User disputes to the extent that either (a) User’s principal place of business, or jurisdiction of incorporation/formation, is outside the United States in a country that is a signatory or ‘Contracting State’ to The New York Arbitration Convention on the Recognition and Enforcement of Foreign Arbitral Awards (see http://www.newyorkconvention.org/countries), or (b) AtomChat opts, in its sole discretion, for the dispute to be covered by this Section 13.c. (II) AtomChat (and its affiliates) and User hereby consent to resolve any applicable dispute arising out of or related to this Agreement by submission of such dispute to binding and final arbitration in accordance with the Rules of Arbitration (the “Rules”) of the International Chamber of Commerce, by an arbitral tribunal composed of one or more arbitrators appointed in accordance with the Rules. Arbitration proceedings may be commenced by either party by providing written notice to the other party. All arbitration proceedings will be held in Denver, Colorado, USA (provided that proceedings may be conducted at another location or by telephone conference call with the consent of the parties and the arbitrator(s)). All arbitration proceedings will be conducted in the English language. The arbitrator(s) may render early or summary disposition of some or all issues, after the parties have had a reasonable opportunity to make submissions on these issues. The parties agree that the arbitrator(s) will be empowered to grant injunctive or other equitable relief, but will have no authority to award punitive damages. The above obligation to arbitrate shall extend to any claim by or against any affiliate, agent, officer, employee, director, manager, member or shareholder of a party. (III) Notwithstanding clause II above, (a) either party may initiate litigation in any court of competent jurisdiction seeking any preliminary or temporary remedy in equity, including the issuance of a preliminary or temporary injunction; and (b) judgment on the arbitration award granted in any arbitration hereunder may be entered in, and the parties shall have the right to seek enforcement thereof by, any court of competent jurisdiction (and any additional expenses incurred in enforcing the arbitration award will be charged against the party that resists its enforcement); and (c) the parties hereby consent to the non-exclusive jurisdiction of any federal or state court located in State of Colorado, USA, and waive any objections of improper venue or inconvenient forum, in connection with clauses (III)(a) or (III)(b) above.

14. Force Majeure

In no event will we be liable for any failure to comply with this Agreement to the extent that such failure arises from factors outside our reasonable control.

15. Compliance with Laws

You will comply with all laws and regulations applicable to your activities under or in connection with this Agreement, including without limitation United States export control laws, regulations and executive orders. In addition:
‍
1.You represent and warrant that you are not engaged in development of defense articles, the provision of defense services, or any activities prohibited by U.S. export control regulation, including the development of nuclear facilities not licensed by the U.S. Government; chemical, biological, or nuclear weapons; rocket, missile or unmanned aircraft systems, or terrorist activities, and further that you will not permit or facilitate the use of the Service by any person or entity engaged in such activities;
‍
2.You represent and warrant that you are not a resident of or an entity organized under the laws of Cuba, Crimea, Iran, North Korea or Syria, and that you will not facilitate or permit the use of the Service in Cuba, Crimea, Iran, North Korea, or Syria, or any other location prohibited by U.S. law; and

3.You represent and warrant that you are not, and are not owned or controlled by, a person or entity that is the subject of any sanctions administered or enforced by any relevant sanctions authority, including the Office of Foreign Assets Control of the U.S. Department of Treasury, nor will you permit or facilitate the use of the Service by any such person or entity.

16. Miscellaneous Provisions

No delay or omission by us in exercising any of our rights occurring upon any noncompliance or default by you with respect to any of the terms and conditions of this Agreement will impair any such right or be construed to be a waiver thereof, and a waiver by us of any of the covenants, conditions or agreements to be performed by you will not be construed to be a waiver of any succeeding breach thereof or of any other covenant, condition or agreement herein. No waiver will be binding on us unless made in an express writing signed by us. If any provision of this Agreement is found by a court of competent jurisdiction to be invalid or unenforceable, then this Agreement will remain in full force and effect and will be reformed to be valid and enforceable while reflecting the intent of the parties to the greatest extent permitted by law. Except as otherwise expressly provided herein, this Agreement sets forth the entire agreement between us and you regarding its subject matter, and supersedes all prior promises, agreements or representations, whether written or oral, regarding such subject matter. Your registration, this Agreement and your rights and obligations hereunder are not assignable, or otherwise transferable or delegable, by you to any third party without our prior written consent in our sole discretion. Any purported assignment, transfer or delegation without such consent will be null and void. We may assign or otherwise transfer or delegate this Agreement (including any rights or obligations hereunder), including to any purchaser of our business, from time-to-time at our sole discretion. This Agreement will be binding upon and inure to the benefit of the parties’ successors and permitted assigns. This Agreement may be executed electronically, and your electronic assent or use of the Service shall constitute execution of this Agreement. You agree that the electronic text of this Agreement constitutes a writing and your assent to the terms and conditions thereof constitutes a “signing” for all purposes. As used herein and unless the intent is expressly otherwise in a specific instance, the terms “include,” “includes” or “including” shall not be limiting and “or” shall not be exclusive. Any section headings herein are for convenience only and do not form a part of, and will not be used in the interpretation of, the substantive provisions of this Agreement. You agree that email to your email address on record will constitute formal notice under this Agreement. There shall be no third party beneficiaries to this Agreement.

Data Processing Agreement

The purpose of this AtomChat Data Processing Agreement (this “DPA”) is to define the conditions under which CometChat, Inc. with registered office in Colorado/USA, at address Suite 200, 1002 Walnut St, Boulder, CO, 80302, USA (also referred in this DPA as the “Processor”) undertakes to carry out, on the User’s behalf (also being referred in this DPA as the “Controller”), the personal data processing operations under the AtomChat’s Terms of Service (the “Agreement”) and defined below.

This DPA amends and forms part of a contract of service between AtomChat and the User together with the Terms of Service. Terms not otherwise defined herein shall have the meaning as set forth in the AtomChat’s Terms of Service.

If you need a sign copy of this DPA or if you think we should tailor this DPA to your specific activities (in particular if you think Article 1 on Description of the Processing should be amended), please contact us at privacy@cometchat.com

‍As part of their contractual relations, the parties shall undertake to comply with the applicable regulations on personal data processing (hereinafter “the Applicable Laws”) and, in particular, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter “the General Data Protection Regulation”).

1. Description of the Processing

Categories of data subjects: data subjects include the individuals about whom personal data is provided to AtomChat via the Services by the User (the “End Users”), the extent of which is determined and controlled by the User in its sole discretion.
Subject-matter, nature and purpose of the processing: the subject-matter of the processing operations carried out by the Processor is the provision of the Services to the Controller under the Agreement or otherwise agreed between the parties.
Types of personal data: depending on how the Controller chooses to use the Services, the processing of personal data may cover the following types/categories of personal data relating to the End Users:
Name
Email address
Phone
Conversation / chat content (voice, video or text)
Duration of the processing: personal data will be processed for the duration of the Agreement.

2. Processor’s Obligations

a. General Obligations of the Processor:
‍The Processor shall undertake to process the personal data solely for the purposes subject to AtomChat’s Terms of Service, and in accordance with the documented instructions from the Controller appended hereto. Where the Processor considers that an instruction infringes the General Data Protection Regulation or the Applicable Laws, it shall immediately inform the Controller thereof. Moreover, where the Processor is obliged to transfer personal data to a third country or an international organization, under Union law or Member State law to which the Processor is subject, the Processor shall inform the Controller of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest.The Processor will guarantee the confidentiality of personal data processed hereunder and ensures that the persons authorized to process the personal data hereunder have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality. The Processor ensures that these persons have received the appropriate personal data protection training.

‍b. Sub-Processing:
‍For the performance of this DPA and the Agreement the Processor may use Sub-processors as listed here.In case there is an addition or a replacement of a sub-processor in this list, the Processor will inform the Controller of this change by email. If the Controller does not object within two weeks after receiving this email, the consent to the addition or replacement of subprocessor shall be deemed to be given. If the Controller objects and the parties are unable to resolve such objection, either party may terminate the Agreement by providing a written notice to the other party.

c. Data subjects’ Right to Information:
It is the Controller’s responsibility to inform the data subjects concerned by the processing operations at the time personal data are being collected.

d. Exercise of Data Subjects’ Rights:
The Processor shall assist the Controller, insofar as it is possible, for the fulfilment of its obligation to respond to requests for exercising the data subject’s rights: right of access, to rectification, erasure and to object, right to restriction of processing, right to data portability, right not to be subject to an automated individual decision (including profiling).Where the data subjects submit requests to the Processor to exercise their rights, the Processor will forward these requests to the Controller.

e. Notification of Personal Data Breaches:
The Processor shall notify the Controller of any personal data breach without undue delay after having become aware of it. Said notification shall be sent along with any available necessary documentation to enable the Controller, where necessary, to notify this breach to the competent supervisory authority.

f. Processor’s Assistance to the Controller Regarding Compliance with its Obligations:
The Processor assists the Controller in carrying out data protection impact assessments.The Processor assists the Controller with regard to prior consultation of the supervisory authority.

g. Security Measures
The Processor shall take the appropriate technical and organizational measures to adequately protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data.

These measures are:
the Processor implements and maintains a reasonable and appropriate security program comprising adequate security, technical and organizational measures to protect against unauthorized, unlawful or accidental processing, use, erasure, loss or destruction of, or damage to, customer personal data;
the Processor does not modify, alter, delete, publish or disclose any User’ personal data to any third party, nor allow any third party to process such personal data on the Processor’s behalf unless the third party is bound to similar confidentiality and data handling provisions;
the Processor shall ensure that access to personal data is limited to those personnel who require such access to perform its obligations under the Agreement, and its personnel engaged in the processing of personal data are informed of the confidential nature of the personal data, have received appropriate training on their responsibilities and have executed written confidentiality agreements; and
the Processor will only process User’s personal data to the extent necessary to perform its obligations under the Agreement, upon written instructions of the User (only as mutually agreed upon), and in accordance with the Applicable Laws.
h. Data Exit:
Other than to the extent required to comply with Applicable Laws, following termination or expiration of the Agreement, the Processor will delete the personal data processed pursuant to this DPA.

i. The Data Protection Officer
The Processor communicates to the Controller the name and contact details of its data protection officer, if it has designated one, in accordance with Article 37 of the General Data Protection Regulation.

k. Documentation
‍At the request of the Controller, the Processor provides the Controller with the necessary information for demonstrating compliance with all of its obligations and for allowing the Controller or any other auditor it has authorized to conduct audits, including inspections, and for contributing to such audits.

3. Controller’s Obligations

provide the Processor with the data mentioned in Section 1 hereof
document, in writing, any instruction bearing on the processing of data by the Processor;
ensure, before and throughout the processing, compliance with the obligations set out in the Applicable Laws on the Processor’s part;
supervise the processing, including by conducting audits and inspections with the Processor.

4. Transfer of Personal Data outside the EEA

As the Processor is located in the United States, the parties are entering into the Standard Contractual Clauses pursuant to the European Commission Decision of 5 February 2010 on standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC as set out in SCHEDULE 1.

IN WITNESS WHEREOF, the parties have caused this DPA to be executed by their duly authorized officers or agents.

SCHEDULE 1
EU STANDARD CONTRACTUAL CLAUSES (PROCESSORS)

For the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection
The entity identified as “the Controller” in this DPA (the “data exporter”)

And

‍The entity identified as “the Processor” in this DPA (the “data importer”) based in the United States

each a ‘party’; together ‘the parties’,

HAVE AGREED on the following Contractual Clauses (the Clauses) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Appendix 1.

CLAUSE 1

Definitions

‍For the purposes of the Clauses:
‘personal data’, ‘special categories of data’, ‘process/processing’, ‘controller’, ‘processor’, ‘data subject’ and ‘supervisory authority’ shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (1);
‘the data exporter’ means the controller who transfers the personal data;
‘the data importer’ means the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country’s system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC;
‘the sub-processor’ means any processor engaged by the data importer or by any other sub-processor of the data importer who agrees to receive from the data importer or from any other sub-processor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract;
‘the applicable data protection law’ means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established;
‘technical and organisational security measures’ means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.

CLAUSE 2

Details of the transfer

‍The details of the transfer and in particular the special categories of personal data where applicable are specified in Appendix 1 which forms an integral part of the Clauses.

CLAUSE 3

Third-party beneficiary clause
The data subject can enforce against the data exporter this Clause, Clause 4(b) to (i), Clause 5(a) to (e), and (g) to (j), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third-party beneficiary.
The data subject can enforce against the data importer this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.
The data subject can enforce against the sub-processor this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the sub-processor shall be limited to its own processing operations under the Clauses.
The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law.

CLAUSE 4

Obligations of the data exporter
‍
‍The data exporter agrees and warrants:
that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;
that it has instructed and throughout the duration of the personal data-processing services will instruct the data importer to process the personal data transferred only on the data exporter’s behalf and in accordance with the applicable data protection law and the Clauses;
that the data importer will provide sufficient guarantees in respect of the technical and organisational security measures specified in Appendix 2 to this contract;
that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;
that it will ensure compliance with the security measures;
that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;
to forward any notification received from the data importer or any sub-processor pursuant to Clause 5(b) and Clause 8(3) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;
to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for sub-processing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;
that, in the event of sub-processing, the processing activity is carried out in accordance with Clause 11 by a sub-processor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and
that it will ensure compliance with Clause 4(a) to (i).

CLAUSE 5

Obligations of the data exporter(2)
‍
‍The data exporter agrees and warrants:
to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
that it has implemented the technical and organisational security measures specified in Appendix 2 before processing the personal data transferred;
that it will promptly notify the data exporter about:
any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation;
any accidental or unauthorised access; and
any request received directly from the data subjects without responding to that request, unless it has been otherwise authorised to do so;
to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;
at the request of the data exporter to submit its data-processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority;
to make available to the data subject upon request a copy of the Clauses, or any existing contract for sub-processing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;
that, in the event of sub-processing, it has previously informed the data exporter and obtained its prior written consent;
that the processing services by the sub-processor will be carried out in accordance with Clause 11;
to send promptly a copy of any sub-processor agreement it concludes under the Clauses to the data exporter.

CLAUSE 6

Liability
The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or sub-processor is entitled to receive compensation from the data exporter for the damage suffered.
If a data subject is not able to bring a claim for compensation in accordance with paragraph 1 against the data exporter, arising out of a breach by the data importer or his sub-processor of any of their obligations referred to in Clause 3 or in Clause 11, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract of by operation of law, in which case the data subject can enforce its rights against such entity.
The data importer may not rely on a breach by a sub-processor of its obligations in order to avoid its own liabilities
If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs 1 and 2, arising out of a breach by the sub-processor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the sub-processor agrees that the data subject may issue a claim against the data sub-processor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the sub-processor shall be limited to its own processing operations under the Clauses.

CLAUSE 7

Mediation and jurisdiction
The data importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject:
to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority;
to refer the dispute to the courts in the Member State in which the data exporter is established.
The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.

CLAUSE 8

Cooperation with supervisory authorities
The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.
The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any sub-processor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law.
The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any sub-processor preventing the conduct of an audit of the data importer, or any sub-processor, pursuant to paragraph 2. In such a case the data exporter shall be entitled to take the measures foreseen in Clause 5(b).

CLAUSE 9

Governing law

‍The Clauses shall be governed by the law of the Member State in which the data exporter is established.

CLAUSE 10

Variation of the contract

‍The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause.

CLAUSE 11

Sub-processing
The Controller acknowledges and consents that the Processor subcontracts part of its obligations under the Clauses to sub-processors listed here.
In case there is an addition or a replacement of a sub-processor in this list, the Processor will inform the Controller of this change by email. If the Controller does not object within two weeks after receiving this email, the consent to the addition or replacement of sub-processor shall be deemed to be given. If the Controller objects and the parties are unable to resolve such objection, either party may terminate the Agreement by providing a written notice to the other party.
Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the sub-processor which imposes the same obligations on the sub-processor as are imposed on the data importer under the Clauses ( 3 ). Where the sub-processor fails to fulfil its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the sub-processor’s obligations under such agreement.
The prior written contract between the data importer and the sub-processor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the sub-processor shall be limited to its own processing operations under the Clauses.
The provisions relating to data protection aspects for sub-processing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the data exporter is established.
The data exporter shall keep a list of sub-processing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5(j), which shall be updated at least once a year. The list shall be available to the data exporter’s data protection supervisory authority.

CLAUSE 12

Obligation after the termination of personal data-processing services
The parties agree that on the termination of the provision of data-processing services, the data importer and the sub-processor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.
The data importer and the sub-processor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data-processing facilities for an audit of the measures referred to in paragraph 1.
(1)Parties may reproduce definitions and meanings contained in Directive 95/46/EC within this Clause if they considered it better for the contract to stand alone.
(2) Mandatory requirements of the national legislation applicable to the data importer which do not go beyond what is necessary in a democratic society on the basis of one of the interests listed in Article 13(1) of Directive 95/46/EC, that is, if they constitute a necessary measure to safeguard national security, defence, public security, the prevention, investigation, detection and prosecution of criminal offences or of breaches of ethics for the regulated professions, an important economic or financial interest of the State or the protection of the data subject or the rights and freedoms of others, are not in contradiction with the standard contractual clauses. Some examples of such mandatory requirements which do not go beyond what is necessary in a democratic society are, inter alia, internationally recognised sanctions, tax-reporting requirements or anti-money-laundering reporting requirements.
(3) This requirement may be satisfied by the sub-processor co-signing the contract entered into between the data exporter and the data importer under this Decision.

Appendix 1
to the Standard Contractual Clauses

Data exporter
‍The data exporter is the entity identified as “the Controller” in this DPA.

‍Data importer
‍The data importer is the Processor.Relevant activities to the transfer: as described in Section 1 of this DPA.

‍Data subjects
‍The categories of data subjects are defined in Section 1 of this DPA.

‍Categories of data
‍The categories of personal data are defined in Section 1 of this DPA.

‍Special categories of data (if appropriate)
‍The special categories of personal data, if any, are listed in Section 1 of this DPA.

‍Processing operations
‍The nature of operations to be carried out on the personal data are specified in Section 1 of this DPA.

Appendix 2
to the Standard Contractual Clauses

This Appendix forms part of the Clauses and must be completed and signed by the parties.

‍Description of the technical and organizational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c) (or document/legislation attached):

‍The technical and organizational measures implemented by the data importer are to be requested as described in Section 2.g of this DPA.