Data processing agreement

what is it about?

This agreement is an integral part of our overall Privacy Policy. The agreement establishes the procedure for the processing and exchange of personal data that you provide to us and that we process.

1. APPLICABLE TERMS

1.1. "We" refers to Netpeak LTD, a limited liability company with its principal place of business at 41 Devonshire Street, Ground Floor, London, United Kingdom, W1G 7AJ.

1.2. "Service" refers to the intellectual property rights object, specifically the computer program (software product) called "RINGOSTAT," which users can access via the internet at the website: https://ringostat.com.

1.3. "You" refers to each of our registered users and their employees and/or representatives who have been granted access to the Service and its functionalities via Account.

1.4. "Contract" refers to the Terms of use placed at the following link: https://ringostat.com/terms-of-use/

1.5. “Agreement” refers to this Data Processing Agreement.

1.6. "Representatives" refers to individuals participating in the conclusion, execution, and termination of the Contract on behalf of the respective party, including signatories, workers and experts engaged to ensure proper performance and exercise of rights under the Agreement. Each party independently determines the need and conditions for involving its representatives and remains fully responsible to the other party for their actions and their consequences.

1.7. "Account" refers to the tool that provides access to the Service via the internet. It contains information about the user, their means of access, identification, authentication, authorization procedures, account identifier, statistical data, and other information regarding Service usage and your actions. It also contains a virtual section of our website where you can configure, manage, and control the Service, select functionality, create and modify project settings, access usage statistics, and more. Access to the account is provided through the registration process in accordance to the Contract.

1.8. "Project" refers to a collection of information specified by the user and performed by the user in relation to the specific website, connection, or configuration of the Service. The Project is identified in the Account by indicating the your website (websites), for which the Service has been connected and will be used.

1.9. "Site" encompasses any information resource on the Internet, consisting of a specific number of web pages, each with its own content and Internet address, and which is freely or conditionally accessible to users under a particular domain name.

1.10. "Your information" refers to an extensive amount of information collected by you using the Service. This information is stored on the technical media of the Service, which collectively ensures the functioning of the Service. It may also be transmitted by us to relevant sub-processors in accordance with the Sub-processor list (located and accessible at the following link: https://ringostat.com/subprocessor-list/). Such amount of information includes personal data.

1.11. "Information about you" includes data pertaining to: a) the email address registered to your Account; b) phone numbers that either belong to you or are used by you while utilizing the Service; c) the name, surname and position, of your representative, as provided during registration and in the Account; d) any other data that you may disclose to us during your use of the Service (for example, through communication with our technical support service). We recognize this information as the personal data of your representatives.

1.12. "Our email" refers to a specially created email address by us: [email protected], used for communication with data subjects regarding the collection and processing of their personal data, including processing instructions regarding personal data.

1.13. The terms: "Personal data", "Sensitive data", "Controller", "Processor", "Processing", "Data subjectconsent", "Data subject" and "Personal data breach" carry the meanings as defined by the General Data Protection Regulation, available at the following link: https://eur-lex.europa.eu/eli/reg/2016/679/oj

1.14. If you register and engage in a relationship with us as an individual, all provisions of the Agreement where the terms "you" and "representative" (in all declensions and cases) are used apply to you equally and carry the same legal force.

2. OUR ROLES

2.1. Data processing contexts. The specificity of using the Service entails two contexts of personal data processing.

Context 1: When you provide us with information about you and your own representatives.
Context 2: When you provide us with information about your clients.

The specified contexts of personal data processing necessitate clarification of our respective roles. Therefore, let’s determine when and under which circumstances we assumes a specific role.

2.2. We are the controller. When we receive and process information about you (i.e., Context 1), we act as an independent controller as we independently determine the purposes and means of processing personal data of your representatives

2.3. We are the processor. When we receive and process your information (i.e., Context 2), we act as a processor, and you act as the controller. In this context, you (either independently or in conjunction with other parties) determine the purposes and means of processing personal data of your clients (users, subscribers, etc.) that you collect or process through the Service. In this context, we merely provide you with the opportunity to use our Service, but we do not know and cannot know the purposes and methods for which you will use it.

In turn, your clients (users, subscribers, etc.), within the scope of your Project and depending on the situation, assume the following roles:

Data subjects (e.g., if your user is an individual);
Processors (e.g., if your client provides you with data about data subjects but is not the controller of such transmitted data and has received the data from the respective controller as a third party);
Controller/Joint controller (if your client provides you with data about data subjects under predefined conditions regarding the purposes and means of processing such data, and the controller directly received the data from the data subject).

However, regardless of the type of role your client assumes, you act as controllers in relation to us and within the use of the Service. Your role in processing personal data with your clients (users, subscribers, etc.) does not affect your role as a controller in your relationship with us when performing the Agreement, Contract, using the Service, and conducting the Project.

3. PURPOSES OF PROCESSIN

3.1. The purposes of processing Information about you. The processing of such information serves the following purposes:

Account registration in the Service;
marketing and communication with you;
fulfilling our obligations under the Agreement and Contract and providing support and/or ensuring the functionality of the Service for you as a client;
accounting, taxation, invoicing, auditing, and compliance with legal requirements;
ensuring and/or enhancing the level of security of the Service;
investigating fraud, spam, improper or illegal use of the Service;
improvement of the Service as a product;
other purposes expressly provided for by current legislation or a requirement of a governmental authority.

We acknowledge that any purposes not explicitly stated in this paragraph are limited to our own use.

3.2. The purposes of processing Your information. As the controller, you independently determine these purposes. We do not modify, expand, or limit the list or scope of purposes for which you collect information from your customers, users, subscribers, etc., using the Service within the Project. We have no control over the specific purposes of personal data collection. However, we require you to ensure that the purposes for collecting and processing personal data, as determined by you, adhere to the legality criterion defined by the Regulation and comply with the applicable laws of the country where you and each of your users reside.

You agree, that if we become aware of your unlawful purposes for obtaining and/or processing such data through our service, we will prohibit your use of the service. In such cases, we may also contact third parties, including public authorities, as necessary and based on the circumstances. You acknowledge that, in accordance with this section, and for the protection of the rights or interests of third parties (data subjects) or to restore the situation preceding the violation:

we may disclose any information about your information to third parties and government authorities (including data that forms part of the project, account, personal cabinet, and our communication with you);
our actions (and any consequences thereof) shall not be considered a violation of your rights and/or interests.

4. BASIS OF PROCESSIN

4.1. The legal basis for processing of Information about you. We rely on consent of yours Representative to the processing of his or her personal data for one or more specific purposes stated in Section 3.1. of this Agreement;

4.2. The legal basis for processing of Your information. Your information - we require that you process personal information of your users using the Service based on one of the grounds specified in Article 6 of the Regulation, depending on the category of personal data, data subjects, and the type of data processing. Since we receive third-party data from you, we further require that any transfer of such data (as a processing activity) be based solely on the consent obtained from the data subject, in accordance with the purposes of processing determined by suchconsent. Additionally, you must provide proof to each data subject, whose personal data you provide to us, about our role as your processor (as outlined in the information list specified in Clause 1 and 2 of Article 14 of the Regulation).

5. CATEGORIES OF PERSONAL DAT

5.1. Categories of Information about you. We collect and process the following categories of personal data of your representatives:

Identity Data: includes name, surname, middle name or patronymic, salutation.
Contact Data: includes email address, phone number.
Financial Data: includes information about financial transactions, such as bank account details, credit card information, and payment history.
Biometric Data: includes voice recordings.
Technical Data: includes information collected through automated means, such as IP addresses, device information, browsing history, and cookies.
Employment Data: includes job title and employer information;
Personal Preferences: this category encompasses personal preferences, interests, and characteristics, such as language preferences and marketing preferences.

5.2. Categories of Your information. We will process all categories of personal data that you provide to us. Since the accumulation of personal data on our servers occurs automatically during your use of the Service, we do not have real-time control over the categorization of such personal information by you.

6. PROCESSING

6.1. Our processing of Information about you. We process information about you based on the following principles and grounds:

Lawfulness, fairness, and transparency: We process information about you based on your consent (Clause 4.1 of the Agreement), and this process is open and transparent. You (or your representatives) provide us with consent by ticking the appropriate banner next to the statement "I accept the terms of the SaaS Agreement and Privacy Policy" when registering and logging into your Account. You can withdraw your consent at any time by sending us a corresponding message to Our email;
Purpose limitation: We receive and process data solely for the purposes stated in Clause 3.1 of the Agreement.
Data minimization: We receive and process only the amount of data (Clause 5.1 of the Agreement) necessary to achieve our defined purposes;
Accuracy: We enable you to maintain the accuracy of your personal data and will update them when necessary. You can do this yourself in your Account or provide us with instructions by sending them to Our email;
Storage limitation: We retain the received personal data only for the necessary period to achieve the defined purposes. Data retention periods are established in Clause 6.9 of the Agreement;
Integrity and confidentiality: We ensure an appropriate level of protection for the personal data we receive, safeguarding them against unauthorized access, loss, or damage (Section 8 of the Agreement).
Accountability: We are responsible for complying with the terms of the Agreement, ensuring proper processing of personal data, and ensuring our activities align with the requirements of the GDPR.

6.2. Your instructions. We process Your information based on your instructions. Your instructions encompass the actions and settings performed within the Project using the Personal Account of the Service, as well as the instructions sent directly to us via email or call. However, if we are unable to fulfill any of your instructions regarding the processing of personal data at any point during our cooperation, we will notify you of the impossibility and may refuse further use of the personal data received from you, limiting the use of the Service accordingly. In such cases, we will delete all personal data received from you, and you acknowledge that our actions cannot be considered a violation of your rights and/or interests or cause harm.

For example. You have made a recording of a conversation with your client using the Service. An individual contacts us via email requesting the deletion of such a recording. We relay this information to you, and without providing adequate grounds, you instruct us to deny the deletion request. As we are unable to independently ascertain whether the voice on the recorded conversation belongs to the contacting individual, we are compelled to delete the corresponding data from our servers. Our conduct in this matter is justified by the balance of interests between the person who may genuinely have a voice on the recorded conversation, your interest in providing services to that person using our Service, or the interest of an individual without a voice. In our view, the right to be forgotten (as well as other rights under the Regulation) prevails in similar situations over the interests of other individuals. Additionally, we emphasize the following: a) our data deletion request form includes assurances from the requester that they are the data subject or acting on behalf of the data subject (therefore, we consider the requester to have all the rights necessary for such a request); b) we are unable to restrict you from retaining the recording of such a conversation on your servers and independently resolving the matter with the subject of the request.

Regardless of the flow of personal data from the data subject to you, you guarantee and undertake that upon receiving a notification from the data subject regarding the exercise of any of their legal rights (if such exercise pertains to the data we received from you and process) in accordance with the Regulation, particularly Articles 15-21, you will promptly, but no later than 10 business days from the date of receiving such notification, inform us about the receipt of the notification and its content. This allows us to comply with the data subject's rights to manage their personal data. Furthermore, you agree that in the event of your breach of this obligation, and if such breach directly or indirectly causes damages to us, including any penalties, you shall indemnify us for such damages in full within 10 business days from the date of receiving our initial claims.

This clause of the Agreement also applies to situations where we directly receive a relevant notification from the data subject or their authorized representative. In such cases, we undertake to inform you of the receipt of such a message and its content within 10 business days from the moment of receiving it. We will act in accordance with your instructions and the provisions of the Regulation. If we do not receive instructions from you or if the instructions received do not comply with the provisions of the Regulation, we reserve the right to delete the data volume associated with the received message from the data subject from our servers. In some cases, we may consider such data volume as disputed since we cannot ascertain whether the requester of the message is a data subject under the definition provided in the Regulation.

6.3. Your obligation. As you are the controller of Your information, we require you to comply with the obligations set forth by the Regulation, the local legislation of your country of residence, or the legislation applicable to each of your users. Specifically, you are expected to respect the rights, such as the right to be forgotten, of each data subject who is your user or whose personal data you provide to us.

6.4. Data providing and control. You provide us with data through the functionalities of the Service's Account while working on the Project. It is within your discretion to determine the extent of data you transmit to the Service. Furthermore, you have autonomous control over all your personal data, including Your information and Information about you, through the your account of the Service.

6.5. Sub-processing. The parties mutually agree and acknowledge that we are authorized to transfer Your information and the Information about you to our sub-processors, as specified and in accordance with our Sub-processor List, which is accessible at the following link: https://ringostat.com/subprocessor-list/.

Furthermore, you confirm and warrant that such transfer of the aforementioned information:

is based on the consent obtained by you from the data subject whose data we receive from you;
does not infringe upon your rights/interests or the rights of the data subjects whose personal information you have provided to us; and that you have obtained consent from each data subject.

6.6. Warranties regarding the processing of personal data. You guarantee us and, by agreeing to this Agreement, you commit to comply with all Regulation requirements when providing us with personal data and when collecting personal data through the Service. If at any time you fail to meet the GDPR requirements, you are obligated to immediately notify us and cease the use of the Service.

6.7. Our warranties. We also guarantee and commit to complying with GDPR requirements and notifying you in case of any non-compliance.

6.8. Automated Decision-Making. We do not use Automated Decision-Making technologies and/or algorithms in our Service.

6.9. Processing Period. The commencement of the processing period of your personal data shall be the day on which you accepted the terms of this Agreement. The termination of the processing period for personal data, depending on the circumstances, shall be:

The last calendar day of the fifth year from the day you last used our Service.
The day you withdraw your consent for the processing of personal data.

6.10. Liability. Both parties to the agreement are fully responsible, in all applicable cases, for ensuring that the collection and processing of personal data comply with Regulation requirements, as well as for any consequences resulting from the breach of Regulation provisions by either party.

7. YOUR AND YOUR REPRESENTATIVE RIGHTS

7.1. Right to Information: the right to receive clear and understandable information about what personal data is being collected, how it is used, with whom it may be disclosed, and how long it will be retained. All of this information consists at scope of our documents: Privacy Policy, Agreement, Cookie Policy and Sub-processor list. You and your Representatives may also always contact us with any request regarding your personal data at the Our email;

7.2. Right to Access: the right to request a copy of Your and Representatives personal data held by Us and obtain information about its processing. To exercise this right, please contact us via email at Our email and we will provide you with a copy of your personal data;

7.3. Right to rectification: the right to request the correction of inaccurate or incomplete personal data concerning them. You can do this yourself in your Account or provide us with instructions by sending them to Our email;