SERVICE AGREEMENT

General terms and conditions
GENERAL TERMS AND CONDITIONS
1. Definitions of terms
1.1. Prices an integral part of this Agreement, defining the prices for the use of the Services, which is
attached as Annex 1 "Prices" to this Agreement, available on the Client’s Portal under "Prices", as
well as sent to the Client's e-mail after registration on the Service Provider's website;
1.2. The Guarantee Amount the amount of money the Client has to pay to the Service Provider by
choosing the Post-payment (Clause 3.1.2 of the General Terms and Conditions of the Agreement)
or Credit Limit (Clause 3.1.3 of the General Terms and Conditions of the Agreement) Method of
payment for the Services, which will serve as a security for the Client’s possible default on the
payment obligations (including debts of the Service Payment, contractual penalties, compensation
of loss and other payments under the Agreement), which may be incurred if the Client does not
comply with the terms of the Agreement. The Service Provider shall set the amount of the
Guarantee equal to 150% of the Client's estimated average 1 (one) month turnover of the Services.
1. Definitions of terms ..................................................................................................................................
2. Conclusion of the Agreement ....................................................................................................................
1
3. Use of the Services and Method of payment for the Services ..................................................................
2
4. Payments and Review of the Service Fees ..............................................................................................
3
5. Rights and Obligations of the Parties ........................................................................................................
3
6. Liability ......................................................................................................................................................
5
7. Term of the Agreement and termination of the Agreement .......................................................................
5
8. Force Majeure ...........................................................................................................................................
6
9. Intellectual Property ..................................................................................................................................
6
10. Service Provider’s personnel ....................................................................................................................
7
11. Confidentiality obligation and Processing and of personal data ..................................................................
7
12. Use of the Client’s logo .............................................................................................................................
9
13. Correspondence .......................................................................................................................................
9
14. Other provisions ..........................................................................................................................................
9
15. Right of withdrawal in respect of a Client who is a consumer (this section of the
Agreement shall not apply to Clients who are legal persons and shall not apply to
Agreements concluded in person at the same location) .........................................................................
9
16. Annexes of the Agreement: .........................................................................................................................
10
Annex No. 1 – Scope of entrustment .................................................................................................................
17
Annex No. 2 – Area of processing .....................................................................................................................
21
Annex No. 3 – Adequate security measures .....................................................................................................
22
Annex No. 4 – Specification of further processors ............................................................................................
23
Coverage of the Client’s payments from the Guarantee Amount takes place by means of a set-off.
When, in compliance to this Agreement, several events take place in which the Service Provider is
entitled to utilise the Guarantee Amount, the Service Provider is entitled to direct the Guarantee
Amount for covering a relevant claim at its own discretion starting from the 10th (tenth) day of late
payment. If the Service Provider uses the Guarantee Amount or any part thereof during the validity
term of the Agreement, the Client undertakes to pay the relevant amount of money to ensure that
the amount of the Guarantee reaches the amount provided for in the Agreement within 5 (five)
working days from the moment when the Service Provider’s written notification has been sent
concerning use or decrease of the Guarantee Amount. Following expire of the validity of this
Agreement, if the Service Provider does not have any objections or claims towards the Client, it
repays the Guarantee Amount or its relevant balance to the Client within 30 (thirty) days after the
date of termination of the Agreement. The Client is not entitled to claim interest on the Guarantee
Amount;
1.3. The Special Terms and Conditions Special Terms and Conditions, that form an integral part of
this Agreement that sets the provisions for rendering the Services that are specific to the Client and
the Client’s preferences, including the Method of payment for the Services. The Special Terms and
Conditions are attached as Annex No.2 to this Agreement, available on the Client’s Portal under
"Special Terms and Conditions", as well as sent to the Client's e-mail after registration on the
Service Provider's website;
1.4. The Client – a natural or legal person who uses the Services provided by the Service Provider;
1.5. The Client’s Portal a portal that combines multiple Client communication channels and is
operated by the Service Provider. The Client shall be solely responsible for the access granted to
each User of the Client’s Portal, for the use of all Services by each User of the Client’s Portal, and
for each User’s of the Client’s Portal compliance with the terms of this Agreement;
1.6. The Credit Limit the total limit set by the Service Provider in the Client’s Portal system on the
amount of unpaid invoices for the Services that may be allowed to have a negative balance. The
Client will be able to use the Services until the balance of unpaid invoices for the Services has
reached the Credit Limit;
1.7. The User of the Client’s Portal the User of the Client’s Portal to whom the Client, at its sole
discretion, grants the right to use the Client’s Portal by making appropriate selections on the
Client’s Portal, specifying the access rights of each User of the Client’s Portal, i.e. the scope of
information and communication channels available to each User of the Client’s Portal. Each User
of the Client’s Portal is assigned a username and password. The Client shall also revoke a User’s
of the Client’s Portal access to the Client’s Portal at its sole discretion;
1.8. The Agreement - this Agreement between the Client and the Service Provider, which includes the
General Terms and Conditions, the Prices and the Special Terms and Conditions, as well as any
and all of its subsequent annexes, amendments and/or supplements to the Agreement;
1.9. The Services - combining of the Client's contact centre communication software (email, telephone,
whatsapp, telegram, etc.) under a single platform on the Client’s Portal, provided by the Service
Provider to the Client and for which the Client pays the Service Provider a Service Fee. At the
Clients request, the Service Provider, in cooperation with a licensed communications operator,
provides the Client with a geographic, non-geographic, mobile or special number in accordance with
the procedures set out in the Agreement;
1.10. The Service fee the fee that the Client pays to the Service Provider for the Services in
accordance with the Method of payment for the Services chosen by the Client and approved by the
Service provider. The Service fee consists of (i) a fee for the number of Users on the Client’s portal,
(ii) a fee for outgoing correspondence units from the Client's Portal (e-mails, calls, SMS, etc.) and
(iii) a fee for the subscription and assignment of numbers. Detailed information on the Service fee is
set out in Annex No. 1 "Prices" to the Agreement;
1.11. The Method of payment for the Services any of the three methods set out in Clause 3.1 of the
General Terms and Conditions of the Agreement as a Method of payment for the Services. The
Client shall select and inform the Service Provider of the preferred Method of payment for the
Services simultaneously with the registration on the Service Provider's website under "Client’s
Portal". The Service Provider shall confirm or deny the Client's preferred Method of payment for the
Services by sending an e-mail to the Client or by notifying the Client via the Client’s Portal. The
Method of payment for the Services are set out in the Special Terms and Conditions attached as
Annex No.2 to this Agreement;
1.12. The Service Provider – SIA "The One", registration No. 40203418528;
1.13. The Service Provider's website www.octella.com;
1.14. The General Terms and Conditions - these General Terms and Conditions, that form an integral
part of the Agreement and are available on the Service Provider's website setting out the terms and
conditions applicable to the Client who uses the Services provided by the Service Provider.
2. Conclusion of the Agreement
2.1. A legal entity or a natural person who has reached at least 18 years of age can become a Client of
the Service Provider. By entering into the Agreement, the Client confirms that the information
provided about personal data, contact information and payment data is true and accurate. In the
event of a breach of this provision, the Service Provider has the right to impose a contractual
penalty of EUR 500.00 (five hundred euros) to the Client and/or cancel the Client's access to the
Client's Portal, as well as unilaterally terminate the Agreement. In such cases, the Client shall not
be refunded for already purchased Services.
2.2. The Client places an order, purchases the Service by selecting the Method of payment for the
Services and filling in all the necessary information in the relevant areas marked with an asterisk
1
(*), and registers on the Service Provider’s website under "Client’s Portal".
2.3. The Agreement shall be deemed to be concluded when it is signed by both Parties. The Service
Provider shall provide the Client with an access to the Services within 5 (five) working days after (i)
the Client has registered (created his Client’s Portal profile) on the Service Provider's website
under "Client’s Portal", (ii) the Service Provider has sent the Client a confirmation of the Client's
chosen Method of payment for the Services, (iii) the Service Provider has received the Agreement
signed by the Client and (vi) the Service Provider has received the first payment of the issued
invoice from the Client in case of the Pre-payment Method payment for the Services (Clause 3.1.1
of the General Terms and Conditions of the Agreement) or the Client has received the Guarantee
Amount in case of the Post-payment Method of payment for the Services (Clause 3.1.2 of the
General Terms and Conditions of the Agreement) or Credit Limit Method of payment for the
Services (Clause 3.1.3 of the General Terms and Conditions of the Agreement).
2.4. The Parties agree that all Services are provided in accordance with the laws and regulations of the
Republic of Latvia.
3. Use of the Services and Method of payment for the Services
3.1. The Client shall choose the most appropriate Method of payment for the Services from the
following three types of payment for the Services:
3.1.1. "Pre-payment", i.e. the Client pays for the Services in advance and the Services are provided until
the amount of the Client's Pre-payment is reached. The Client shall make the Pre-payment again
in order to continue receiving the Services, otherwise if the Client fails to make the Pre-payment
for more than 5 (five) working days since the Client's balance is "0" (zero), the Client will have
limited access to the Client’s Portal, i.e. the Client's profile will be frozen resulting in limited
activities (the Client will not be able to receive incoming calls, chat will not work, etc.). After the
Client makes a Pre-payment (top-up), the Client will again have access to the Client’s Portal and
will be able to use the Services offered by the Service Provider. For the Client’s convenience, the
balance of the Pre-payment is available in the Client’s Portal. If the Client chooses to pay for the
Services by Pre-payment, the Client is obliged to make the first Pre-payment within 2 (two)
working days of the conclusion of the Agreement;
3.1.2. "Post- payment", i.e. the Service Provider invoices the Client once a month by the 5th (fifth) day
of the month for the Services provided to the Client in the previous month, which the Client is
obliged to pay within 5 (five) working days from the date of the invoice. The Client shall pay the
invoice in order to continue receiving the Services, otherwise if the Client fails to pay the invoice
for more than 5 (five) working days, the Client will have limited access to the Client’s Portal until
the Client pays the invoice. If the Client chooses to pay for the Services by "Post-payment", the
Client shall pay the Guarantee Amount to the Service Provider within 2 (two) working days of the
conclusion of the Agreement;
3.1.3. "Credit Limit" (the maximum limit of unpaid invoices for the Services) to the extent of which the
Service Provider provides the Services to the Client. The Client confirms that it will comply with the
principle of paying invoices as soon as possible. The Parties grant the Service Provider the right to
individually reduce the Credit Limit at its sole discretion, if payments on invoices are not made in
accordance with the agreed Credit Limit within the time limit set out in the Agreement, or the
Service Provider becomes aware of information about a deterioration of the Client's solvency or
reorganisation, structural changes, change of ownership, which may affect the performance of the
Agreement. In order to continue receiving the Services, upon reaching the Credit Limit, the Client
must pay the invoice, otherwise, if the Client fails to pay the invoice for more than 5 (five) working
days, the Client will have limited access to the Client’s Portal until the Client pays the invoice. If the
Client chooses to pay for the Services by "Credit Limit", the Client shall pay the Guarantee Amount
to the Service Provider within 2 (two) working days of the conclusion of the Agreement.
3.2. Access information to the Client's portal may only be used by the Client to whom the access code
of the Client's portal profile is connected. The transfer of access information to third parties is
prohibited. If the Services are used on the Client’s Portal, the Services shall be deemed to be used
by the Client and the Client is obliged to pay for the Services provided by the Service Provider.
3.3. The Service Provider, upon receipt of the Client's number request on the Client’s Portal, in
cooperation with licensed communications operators, shall provide the Client with a geographic,
non-geographic, mobile or special number. The Client shall specify in the number request the
purpose of using the number, describing the provided services and the volumes related to them.
The Service Provider reserves the right to refuse the number request, depending on how this
number will be used, and/or to block the number if its use does not comply with the applicable laws
and regulations and/or is justified by a court ruling, an order, instruction or request from a public
authority or other competent administrative or regulatory authority and/or the non-compliance has
been notified by the communications operator or interconnection partner. The Client is informed
that the Service Provider processes the identity and (KYC) information of the end-user of the
number until the request of the communications operator with which the Service Provider
cooperates is fulfilled. In order to comply with the applicable laws and regulations and/or upon
request of the supervisory authorities and/or the police, the Client agrees to provide the Service
Provider with the end-user identity and KYC information immediately but no later than within 3
(three) working days of the Service Provider's request. Failure to comply with this requirement
shall be grounds for immediate termination of this Agreement. If the Client fails to provide accurate
and complete information in regards to the number request (including end-user information), the
Service Provider has the right not to assign the number to the Client. The Client is also informed
that in order to comply with applicable the laws and regulations and/or upon requests by
supervisory authorities and/or the police, the Service Provider is entitled to inform the supervisory
authorities and/or the police of the communication operator with which the Service Provider
cooperates in order to assign the Client a number, which includes the identity and (KYC)
information of the end-user of the number.
3.4. If the Service Provider suspends the provision of its Services and the Client has limited access to
2
the Client’s Portal:
3.4.1. The Client is not entitled to use the Services when the Services are suspended;
3.4.2. The Client has limited access to the Client’s portal;
3.4.3. The Service Provider will inform the Client of the suspension of its Services and the amount of the
Client's debt within 2 (two) working days;
3.4.4. In the event of any interruption in the provision of the Service, the Client waives any claim or
demand against the Service Provider;
3.4.5. the Service Provider shall immediately, but no later than within 1 (one) working day, restore the
provision of the Services to the Client and access to the Client’s Portal as soon as the payment to
cover the Client's debt has been received in the Service Provider's bank account.
3.5. In the event the Client does not use the Services and does not visit the Client’s Portal for reasons
beyond the control of the Service Provider, the Service Provider shall not reimburse the Client for
any fees paid by the Client.
3.6. The Client guarantees and warrants that the Client will have sufficient and readily available funds
to pay the Service Fees as set out in the Agreement and that any such funds used to pay the
Service Fees and/or other payments as set out in the Agreement will be of lawful origin and will
fully comply with all applicable anti-money laundering and anti-terrorist and anti-proliferation
financing requirements.
4. Payments and Review of the Service Fees
4.1. The Client shall pay to the Service Provider the Service Fees on a monthly basis. The Service Fee
consists of::
4.1.1. a fee for the number of Users on the Client’s portal;
4.1.2. a fee for outgoing correspondence units from the Client's Portal (e-mails, calls, SMS, etc.) and
4.1.3. a fee for the subscription and assignment of numbers.
4.2. All payments under the Agreement shall be deemed to have been made when the relevant
payment is received in the Service Provider's bank account. The Bank's fee for transferring funds
to the Service Provider's account and/or currency conversion costs shall be borne by the Client.
4.3. The Service Provider and the Client agree that the Service Provider shall issue invoices
electronically without the signature of a representative of the Service Provider and such invoices
issued electronically shall be valid without signature.
4.4. In the event that the Client fails to make any payment under this Agreement, the Client shall pay to
the Service Provider late payment interest at the rate of 0.15% of the overdue amount for each day
of delay.
4.5. Payment of late payment interest or penalty shall not relieve the Client from the performance of its
obligations under the Agreement.
4.6. If the amount of money received from the Client is not sufficient to pay off the entire debt for the
Services, first the late payment interest is paid off from the received amount, then the debt is paid
off from the received amount, starting with the oldest, and only then the penalty payment is paid off
from the received amount.
4.7. The Client hereby confirms and agrees that the tariffs for calls, SMS and telephone numbers are
subject to change and may be adjusted in accordance with price changes between operators. The
Service Provider shall inform the Client of tariff changes where this may affect the Client's bill by
more than 10% (ten percent).
4.8. The Parties agree that 12 (twelve) months after the signing of the Agreement, the Service Provider
shall have the right to unilaterally change the Service Fee for the following year, but not less than
by 10% (ten percent), 1 (one) time per year. The Service Provider shall inform the Client about the
increase of the Service Fee by sending a notification to the Client's e-mail address specified in the
Agreement or by announcing it on the Client’s Portal. The Client shall start paying the increased
Service Fee after 30 (thirty) days from the date of receipt of the aforesaid notification. The amount
of the increased Service Fees applied in the previous year may be increased annually in
accordance with this Clause of the General Terms and Conditions of the Agreement. If the
changed Service Fee is not acceptable to the Client, the Client shall have the right to terminate the
Agreement by giving 30 (thirty) days' notice after the Service Provider has sent to the Client the
notice on the increase of the Service Fee.
4.9. Claims arising out of the Agreement shall not relieve the Client from the obligation to pay the
Service Fee or other payments under the Agreement.
5. Rights and Obligations of the Parties
5.1. The Service Provider undertakes to provide the Services to the Client in an efficient quality and to
provide access to the Client’s Portal during the term of this Agreement, except in the events set out
in the Agreement.
5.2. The Service Provider may, at its sole discretion:
5.2.1. unilaterally change the Service Fees and the Methods of payment for the Services, as well as
other fees set out in Annex No.1 "Prices" and arising from the Agreement, by notifying the Client of
such change at least 30 (thirty) days prior to the effective date of the new Service Fees and
Methods of payment for the Services. The Service Provider shall have the right not to inform the
3
Client of changes in the Service Fee, as well as in other fees specified in Annex 1 "Prices" and
resulting from the Agreement, in the event that the aforementioned fees are subject to decrease;
5.2.2. in the event that the Service Provider exercises its right to suspend the provision of the Service,
the Service Provider shall notify the Client of such suspension as soon as possible. In such
circumstances, the Service Provider shall resume the provision of the Services as soon as
reasonably practicable after there are no longer any obstacles to the suspension of the Services;
5.2.3. use the services of third parties to provide the Services;
5.2.4. not to enter into a new agreement with the Client or its related parties where the provision of
Services to the Client has been terminated and access to the Client’s Portal has been suspended
and/or the Client's previous agreement has been terminated and the Client has not settled its
obligations thereunder;
5.2.5. unilaterally amend the terms of the Agreement. In the event that the amendments adversely affect
the Client and as a result the Client is unable to perform the Agreement, the Client shall have the
right to unilaterally terminate the Agreement prior to the effective date of the amendments by
notifying the Service Provider in writing. If the Client does not notify the Service Provider in writing
of the termination of the Agreement by the effective date of the amendments, the Client shall be
deemed to have accepted the amendments;
5.2.6. hand over the debt of the Client arising from the Agreement against the Service Provider for
collection to out-of-court debt collection service providers that have obtained a special permit
(licence). At the same time, the Client is hereby informed and agrees that the Service Provider is
entitled, without obtaining the Client's separate consent, to provide information on the Client's debt
by transferring the Client's personal data for processing to credit information bureaus for inclusion
in credit history databases and to debt collection service providers for inclusion in debt history
databases, as a result the data will be processed in accordance with applicable laws and
regulations and the data will be transferred to third parties for the assessment of the Client's
creditworthiness or for third party credit risk management. The Client agrees that his/her data from
the credit history database and the debt history database will be disclosed to third parties;
5.2.7. assign the claims arising from the Agreement against the Client to any third party, if any debt is
incurred;
5.2.8. suspend the provision of Services 1 (one) time per calendar quarter in order to carry out technical
improvement works, which does not exceed a 1 (one) hour break, for which the Client shall be
notified 3 (three) working days in advance.
5.3. The Client undertakes:
5.3.1. to become acquainted with and comply with the terms of this Agreement;
5.3.2. to pay the Service Provider in the procedure and within the terms set out in this Agreement;
5.3.3. provide the Service Provider with truthful information;
5.3.4. not to incur any debt, and if any debt is incurred, to pay all costs related to the administration and
collection of the debt;
5.3.5. to inform the Service Provider in writing not later than within 5 (five) days of any changes in his/her
data, e.g. change of address. In the event that the Client does not inform the Service Provider of
any changes in the data, all data provided by the Client shall be deemed to be correct and up-to-
date;
5.3.6. to ensure that the content of e-mails, calls and text messages complies with the requirements of
applicable laws and regulations, and certifies that the Services will be used only for lawful
purposes and will not be used for illegal or unethical activities. The Service Provider does not
control the content of these e-mails, calls and text messages and shall not be held liable for their
content under any circumstances;
5.3.7. to provide confidential management of Client’s Portal user access data and a higher level of
protection for Client Data, including the Client's responsibility to apply IP address screening,
regular password changes and a stronger password policy than the default passwords. The Client
is responsible for ensuring that only one user of the Client’s Portal uses the access data of one
user of the Client’s Portal;
5.3.8. to send electronic advertisements to a natural person as the addressee of the advertisement only
if the addressee of such electronic advertisement has previously given a clearly and explicit
consent to it, without violating the requirements of laws and regulations. The Client shall be fully
responsible for the content of all emails, SMS, chats, voice and other messages sent by the Client
using the Services, as well as for any illegal use of the Services, and the Client shall indemnify the
Service Provider for any damages caused in this regard.
5.4. The Client is prohibited from using the Services and functions offered on or through the Client’s
Portal in any means or form, directly or indirectly:
5.4.1. in connection with or for the purpose of surveys, contests, fundraisers, chain letters, unsolicited
emails, spam, junk mail or any duplicative or unsolicited messages;
5.4.2. upload content that contains viruses, Trojan horses, time bombs, corrupted files or other similar
software or programs that may damage the operation of the Service Provider's website (or any
part thereof) or the computer or property of others (including the Service Provider);
5.4.3. defame, abuse, insult, harass, threaten or otherwise violate the legal rights of other users;
5.4.4. restrict or interfere with another user's ability to use and access the Service Provider's website;
5.4.5. transmit or facilitate the transmission or distribution of content that is false or misleading,
promotes racism, hatred or harm to any group or individual, or is obscene or indecent;
4
5.4.6. infringe the rights of others, such as, but not limited to, intellectual property rights;
5.4.7. falsify or delete any copyright management information, including material contained in an
uploaded file;
5.4.8. attempt to gain unauthorized access to the Service Provider's website, another user's account,
computer systems or networks connected to the Service Provider's server;
5.4.9. attempt to damage, disable, overburden or interfere with the Service Provider's website or server
or any network connected to the Service Provider's server;
5.4.10.download any file posted by another user which the Client knows or should know that it cannot
lawfully be reproduced, displayed, performed and/or transmitted in this way;
5.4.11.collect or otherwise obtain information about others, including email addresses or other personal
information;
5.4.12.impersonate any person or organisation or falsely state your affiliation with any other person or
organisation;
5.4.13.create a false identity to deceive others; or
5.4.14.violate any applicable laws, regulations or codes of conduct;
5.4.15.engage in any activity the nature or content of which, in the sole opinion of the Service Provider, is
reputational or contrary to the Service Provider's image, standards or business principles;
5.4.16.resell the Services to any third party without the written consent of the Service Provider.
5.5. To perform the Service, each Party shall bear the investment cost, the provisioning and
maintenance of the connecting facility located within its network territory, as well as bear the
investment cost, the provisioning and maintenance of all the circuits located inside its respective
network territory. If either Party intends to upgrade or reconfigure its equipment, it shall inform the
other Party in advance so that both Parties can test and approve the new equipment system and
ensure continuity of Services. The Service Provider shall not be liable if the Service is interrupted
due to an unconfirmed and untested system, weak internet or telecommunications network,
overload of systems (e.g. network, software) or force majeure. The Service Provider may, at its
sole discretion, change the technical parameters of the Services in order to comply with regulatory
requirements or to make necessary changes in accordance with the latest technological
achievements and developments, in particular to ensure the security and stability of the Services,
by informing the Client in advance.
6. Liability
6.1. Each Party shall be liable for direct damages caused by its fault to the other Party.
6.2. The Service Provider shall not be liable for any failure to provide or improper provision of the
Services and/or for any loss suffered by the Client where this is not due to the fault of the Service
Provider, nor for the acts of third parties (including but not limited to DDOS attacks). The Service
Provider shall not be obliged to cover the Client's losses in such case.
6.3. The Service Provider shall only be liable for any breach by the Service Provider of the terms of the
Agreement in respect to the Client, if such breach arises from its wilful misconduct or gross
negligence.
6.4. I If the Service Provider discontinues the provision of the Services to the Client through the Client's
own fault, the Client shall not be exempt from payment of the Service Fee in accordance with the
terms of this Agreement.
7. Term of the Agreement and termination of the Agreement
7.1. The Agreement shall remain in force until the Parties have fully fulfilled their obligations under this
Agreement.
7.2. This Agreement may be terminated by written agreement of the Parties.
7.3. The Service Provider may unilaterally, at its sole discretion, terminate the Service Agreement
immediately, without prior notice, or suspend the provision of the Service until further notice, if:
7.3.1. the Client delays payment of the Service Fee for more than 20 (twenty) consecutive days or more
than 3 (three) times in a year;
7.3.2. the Client has failed to make the first Pre-payment within the time limits set out in Clause 3.1.1 or
in the amount set out in Schedule 2 "Special Terms" or the Client has failed to deposit or top up
the Guarantee Amount within the time limits set out in Clauses 3.1.2 or 3.1.3 or in the amount set
out in Schedule 2 "Special Terms";
7.3.3. the Service Provider is unable to provide the Services to the Client due to circumstances beyond
its control;
7.3.4. the Service Provider is obliged to terminate the Service Agreement or suspend the provision of the
Services until further notice pursuant to a court ruling, order, instruction or request of a public
authority or other competent administrative or regulatory authority;
7.3.5. the Service Provider needs to carry out emergency works on its network or on the Service
Provider's equipment;
7.3.6. the Client interferes with or endangers the proper functioning of the Service Provider's network and
does not remedy the breach within (2) days of written notice from the Service Provider;
7.3.7. the Service Provider has reasonable grounds to believe that the Service is being used fraudulently
or illegally or for unlawful or fraudulent purposes;
5
7.3.8. the Client resells the Services to a third party without the Service Provider's written consent;
7.3.9. the Client breaches intellectual property and/or confidentiality obligations;
7.3.10.the Client uses the Services in breach of the terms set out in this Agreement;
7.3.11.the Client has provided false, inaccurate or incomplete personal data, contact details or payment
card details or has attempted to use third party data to enter into the Agreement;
7.3.12.the Client has transferred access information to the Client’s Portal to other persons or has allowed
third parties to use the Client’s Portal with access information (access data) to the Client’ Portal.
7.4. The Parties shall be entitled to terminate the Agreement unilaterally by giving 5 (five) working days'
prior written notice to the other Party, the Client shall pay the Service Provider for Services
provided by the Service Provider in full until the termination of the Agreement.
7.5. Termination or expiry of the Agreement shall not relieve the Client of its obligation to pay the
Service Provider for the Services until the termination of the Agreement.
7.6. In the event of termination of the Agreement, if the Service Provider has no claims or demands
against the Client, the Service Provider shall, within 10 (ten) working days of the date of
termination of the Agreement, refund the Client's previously paid but unused fees for the Services,
or the remaining amount thereof, if any, after all Services have been disconnected.
7.7. Termination or expiry of the Agreement shall not exempt the Client from its obligation to pay the
late payment interest and/or penalty, as well as damages.
7.8. Upon termination of the Agreement for any reason, the Service Provider shall delete all data (e.g.
settings, Client Data, voice files, statistics, etc.) uploaded or created by the Client on the Client’s
Portal. The Client has 30 (thirty) days after termination of the Agreement to download all data it
manages. The Client hereby acknowledges that after the expiry of the 30 (thirty) day period, the
Service Provider shall have no obligation to provide the Client with access to or the ability to
download the data and the Service Provider shall delete the Client's data after the expiry of the 30
(thirty) day period without the possibility of restoring it.
8. Force Majeure
8.1. If the performance of the provisions of the Agreement are affected by force majeure conditions,
none of the Parties shall be liable for the non-performance of this Agreement, including
compensation for damages, if the aforementioned non-performance of the Agreement has arisen
due to such reasons that are not controlled by the Parties and that could not have been foreseen
or prevented, including, but not limited to (a) armed violence, including: war, domestic war,
revolution, riots, commotions, acts of sabotage, and acts of terrorism; (b) strike actions, blockades;
(c) acts of God, such as: natural disasters, severe storms, hurricanes, earthquakes, floods,
lightning strikes, epidemic, long-term severe rain; (d) acts of government and international
authorities; (e) fire and explosions, if these conditions have direct influence on the performance of
this Agreement.
8.2. Upon the occurrence of the event of force majeure rendering, directly or indirectly, the
performance or proper performance of contractual obligations of the Party hereunder impossible or
materially hindered, such Party shall notify the other Party within 14 days of the occurrence
thereof, about: (a) the occurrence of such circumstances; (b) probable consequences of such
circumstances affecting the performance of contractual obligations hereunder. Upon cessation of
the event of force majeure, the aforementioned Party shall notify the other Party thereof within 14
days following the date of cessation.
8.3. Both Parties shall take all reasonable actions to prevent or overcome the force majeure conditions
affecting the performance of this Agreement as soon as possible.
8.4. In the case of force majeure, the period for the performance of the obligations stipulated by the
Agreement shall be extended for such amount of time as long the aforementioned force majeure
persists. If the force majeure lasts for more than 3 (three) months, each Party shall be entitled to
unilaterally withdraw from the performance of the Agreement and in such case none of the Parties
shall be entitled to request the other Party to compensate the damages caused by the termination
of the Agreement.
8.5. Force majeure shall not include circumstances already existing at the time of conclusion of this
Agreement.
9. Intellectual Property
9.1. By entering into the Agreement, the Client hereby warrants that:
9.1.1. the Service Provider is the sole owner of the intellectual property (hereinafter also referred to as
the work): any patent, supplementary protection certificate, utility model, trademark, service mark,
license, source codes, industrial design, trade and business name, service name, domain name,
copyright and related (neighbouring) rights and any right related or similar to the above (including
both registered and unregistered intellectual property as well as any applications or rights to
register the intellectual property), which may currently or in the future be located in any part of the
world. Intellectual Property in the context of this Agreement also includes, but is not restricted to,
expertise and know-how, trade secrets, inventions and other scientific and technological results
and their improvements, graphic art, design works, computer programs (source programme, code
and all software), databases or source code or a part thereof, information and documentation
(online and hard copy), including procedures, policies, methodologies applied (including
management systems), also unfinished works, regardless of the purpose of the work and the
value, form or type of expression made, created, manufactured or improved by the Service
Provider within the framework of the Agreement;
9.1.2. the Client and its affiliates are strictly prohibited to exercise the right to communicate the
intellectual property of the Service Provider to the public, to publish the work, to publicly perform
6
the work, to distribute, to broadcast and to retransmit the work, to make the work available to the
public by wire or by other means, so that it is accessible in an individually selected location and at
an individually selected time, to lease, rent or to publicly lend originals or copies of a work, directly
or indirectly, temporarily or permanently to reproduce the work, to translate, to arrange, to adapt, to
screen or to otherwise transform work and reproduce the results obtained thereby as set out under
Section 15 of Copyright Law of Republic of Latvia;
9.1.3. any payments paid by the Client to the Service Provider shall not give the Client any ownership
rights to the intellectual property of the Service Provider;
9.1.4. the Service Provider neither transfers to the Client any author’s economic rights nor grant the
Client any license;
9.1.5. the Client shall not have the right to transfer or license the Service Provider's intellectual property
or the right to use it to a third party;
9.1.6. the Client undertakes that during the term of the Agreement and for a period of 24 (twenty-four)
months after its termination on any grounds, the Client and its affiliates shall be permitted to
undertake or engage in any work that is intended to compete with the Services provided by the
Service Provider, including the development of computer software which serves identical or similar
functions to, or is identified as identical or similar to, the Service Provider's website and/or Client’s
Portal, except with the written consent of the Service Provider. The Client shall provide the Service
Provider with detailed information within 5 (five) working days of the Service Provider's written
request to prove that the Client has not used the Service Provider's intellectual property. In the
event the Client breaches its obligations under this Clause of the General Terms and Conditions of
the Agreement, the Client shall pay the Service Provider a penalty of EUR 50'000.00 (fifty
thousand euro) per each infringement event.
10. Service Providers personnel
10.1. The Service Provider shall appoint a team of natural persons (both employees under an
employment contract and self-employed persons under any other form of civil law agreement) to
perform the Agreement (hereinafter collectively referred to as the “Personnel”).
10.2. The Client is obliged during the term of the Agreement and for a period of 24 (twenty-four) months
of the date of dissolution or expiry of the Agreement on any grounds not to employ on any grounds
(employment contract or a civil law agreement), whatsoever (also through other entities, including
entities providing outsourcing services for the Client, as well as parent companies or companies
controlled by or affiliated with the Client), any member of the Service Provider’s Personnel. The
Client shall provide the Service Provider with detailed information within 5 (five) working days of
the Service Provider's written request to prove that the Client has not employed the Service
Provider's Personnel. In the event the Client breaches its obligations under this Clause of the
General Terms and Conditions of the Agreement, the Client shall pay the Service Provider a
penalty of EUR 50'000.00 (fifty thousand euro) per each infringement event.
11. Confidentiality obligation and Processing and of personal data
11.1. The Client and the Service Provider agree that the Parties undertake to use the personal data
obtained during the term of this Agreement (hereinafter referred to as "Personal Data") only to
ensure the performance of the obligations and transactions between the Parties set out in the
Agreement and its Annexes or to ensure compliance with applicable laws and regulations
(accounting laws, etc.) or to protect their legitimate interests (achieving the Service Provider's
business purposes, promoting visibility, promoting credibility, providing evidence in case of claims).
11.2. The processing of Personal Data in respect of which the Client is the controller and the Service
Provider is the processor shall be governed by the Data Processing Agreement between the
Parties. The Service Provider, acting as a processor of Personal Data, undertakes to comply with
the instructions and rules given by the Client in relation to the protection of the processing of
Personal Data.
11.3. The Client confirms to the Service Provider that, in respect of Personal Data that the Client
transfers to the Service Provider (such as, but not limited to, types of Personal Data and
categories of data subjects: Identification Data of users of the Client’s Portal, employees and
business partners of the Client (name, surname, personal identification number, date of birth,
month and year); Contact Data of users of the Client’s Portal, employees and business partners of
the Client (telephone number, e-mail address, residential address), Identification Data of
customers of the Client (name, surname, personal identification number, date of birth, month and
year); Client's customer contact details (customer's telephone number, email address, residential
address); financial details (bank name, account holder, current account number) and other
Personal Data), there is at least one of the legal grounds set out under Article 6 of the Regulation
(EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of
natural persons with regard to the processing of personal data and on the free movement of such
data, and repealing Directive 95/46/EC (General Data Protection Regulation).
11.4. The Client undertakes not to disclose, transfer or disclose to any third party, without the consent of
the Service Provider, any confidential information which has become available to the Client in
connection with the performance of the Agreement or which the Service Provider has provided to
the Client. Confidential information within the scope of the Agreement means:
11.4.1.Personal Data of others;
11.4.2.financial information (including, but not limited to, income, expenses and components thereof,
profit and loss statements, amount and movement of funds in current accounts, creditors and
debtors, costing and sales of goods and services, or other financial information relevant to the
Service Provider and the submitted material under review, both in whole and in part);
11.4.3.the intellectual property of the Service Provider made available to the Client, including know-how,
7
business plans, project work and drafts;
11.4.4.the Service Provider's business transactions, commercial offers and any contracts, agreements or
similar instruments entered into and the information arising therefrom (including, but not limited to,
the contractual amount, terms, discounts);
11.4.5.the transactions concluded and planned to be concluded by the Service Provider and any
correspondence or discussions entered into in connection therewith and the information contained
in such correspondence or discussions;
11.4.6.decisions, orders, instructions and similar documents of the Board of Directors of the Service
Provider;
11.4.7.minutes and decisions of meetings of the shareholders of the Service Provider;
11.4.8.the costs of the services or goods of the Service Provider and their selling prices, including details
of the components and formation of prices;
11.4.9.any other costs and revenue items of the Service Provider;
11.4.10.the Service Provider's business plans, marketing plans, development projects and documents or
other information produced as a result of or in the process of their implementation;
11.4.11.the information and details provided in the Service Provider's accounting records;
11.4.12.information about the Service Provider's employees and contacts established in the course of
business with suppliers of goods or services and customers, cooperation partners, including
aggregate information or databases of such persons;
11.4.13.any internal or external correspondence of the Service Provider with any person which contains
any of the components referred to in Clause 11.4 of the General Terms and Conditions of the
Agreement;
11.4.14.any other information of a business or technical nature and whether or not recorded in writing or
otherwise, provided to the Client by the Service Provider or made available to the Client in the
performance of this Agreement;
11.4.15.the content of the Service Provider's internal, received and forwarded documents;
11.4.16.the Service Provider's methodologies for calculating remuneration, bonuses;
11.4.17.the Service Provider's working procedures and other procedures binding on the Service Provider;
11.4.18.the software to be used by the Service Provider;
11.4.19.payment card PINs, bank access, computer and server access, email and VPN access, remote
access facilities, open ports on computers, AGM and reservation system passwords and other
access passwords to the Service Provider's databases;
11.4.20.private data of the Service Provider's employees;
11.4.21.any other technical, commercial or other information relating to the Service Provider which is a
trade secret and/or which is not generally known and publicly available.
11.5.Confidential information shall not include information which is publicly accessible to third parties in
accordance with the laws and regulations of the Republic of Latvia.
11.6. The Client shall only use the information referred to in Clause 11.4 of the General Terms and
Conditions of the Agreement in a place and manner that is in the best interests of the Service
Provider. The Client shall take all necessary steps to prevent the disclosure of confidential
information.
11.7. When processing confidential information, including Personal Data, the Client shall restrict others'
access to the confidential information, including Personal Data. In the event of any incident, e.g.
theft, loss of data media, the Client shall immediately notify the Service Provider of any
irregularities or breaches during the storage and processing of confidential information, including
Personal Data, and shall inform the Service Provider of any circumstances that threaten or may
threaten the disclosure of confidential information, including Personal Data, making all reasonable
efforts to prevent the disclosure of confidential information, including Personal Data.
11.8. The Client acknowledges that he/she is aware that the Service Provider, as an independent
controller, stores e-mail correspondence with the Client (Client's requests) when processing
Personal Data as such processing is necessary for the legitimate interests of the Service Provider
(for the purposes of monitoring and improving the quality of customer service and/or service
provision; to provide evidence against claims of non-compliance with the service and/or
contractual obligations, as well as to provide evidence against a possible claim arising in tort) for a
period of 10 (ten) years (the general statutory limitation period for possible claims arising in tort)
from the date of completion of the service or contract or email correspondence.
11.9. By entering into the Agreement, the Client is informed that the Service Provider transfers the
Client's Personal Data to third parties and/or institutions in order to ensure the performance of the
Agreement, compliance with the requirements of applicable laws and regulations.
11.10. By entering into the Agreement, the Client is informed that in order to perform the Agreement with
the Client and provide the Services, including to receive payment paid by the Client for the
Services and to provide the Service in accordance with the Agreement, the Service Provider's
website contains links to third party websites that process the Client's personal data as
independent controllers (including Stripe, Inc., which uses and processes payment instrument data
provided by the Client, including payment card number, type, expiry date and CVV/CVC
authentication codes). The Service Provider shall collect and store the Payment Instrument Data
referred to in this paragraph in a non-exhaustive and non-decryptable form. The Client's payment
instrument data in its full, usable scope shall be held by Stripe, Inc. as an independent controller
8
and processed by Stripe, Inc. who shall process the personal data in accordance with its privacy
policy which are available on its website.
11.11. By entering into the Agreement, the Client is informed that unauthorized disclosure of confidential
information, including Personal Data, or other unlawful processing of Personal Data is subject to
administrative and criminal liability.
11.12. The Parties are obliged to update their Personal Data in the event that the Personal Data held by
the other Party is inaccurate.
11.13. The Parties shall keep the Personal Data of the other Party only for as long as is necessary for the
purposes for which they are processed, allowing a reasonable period for the destruction of the
data. Personal Data shall be destroyed in a secure manner. Printed materials containing data shall
be destroyed by shredding or other secure means. Electronic data shall be permanently deleted.
12. Use of the Client’s logo
12.1. During the term of the Agreement and following its termination or expiry, regardless of the grounds,
the Service Provider shall have a right to use the Client’s logo(s) for information purposes, as
logo(s) of the Service Provider’s client.
13. Correspondence
13.1. All notices by the Parties shall be in writing in Latvian or English and shall be sent to the other
Party by post, delivered personally upon signature, sent on the Client’s Portal or sent to the
electronic mail address specified in the Agreement or during the Client registration, unless
otherwise specified in the Agreement.
13.2. Any notices and correspondence shall be deemed to have been received if:
13.2.1. delivered by hand upon signature - on the date of delivery;
13.2.2. delivered by registered mail, unless actually received earlier, on the 5th (fifth) day after posting if
the correspondence is sent within the territory of the Republic of Latvia, or on the 7th (seventh) day if the
correspondence is sent to or from a place outside the Republic of Latvia;
13.2.3. delivered via the Client's portal - on the day of delivery;
13.2.4. delivered by e-mail - on the day of delivery.
14. Other provisions
14.1. In cases not provided in this Agreement, the Agreement may be amended only by mutual written
agreement of the Parties. Any amendment to the Agreement shall take effect on the date specified
in the amendment. All amendments to the Agreement shall, upon mutual signature, become an
integral part of the Agreement. If the Agreement is translated into another language, the translation
shall be for information only and the English or Latvian version shall apply. By entering into this
Agreement and accepting the Services of the Service Provider, the Client acknowledges that the
Client (and any person authorised by the Client) understands English or Latvian and agrees to
communicate with the Service Provider in English or Latvian as far as the legal relationship arising
out of this Agreement is concerned, including with respect to the submission and resolution of any
complaints.
14.2. All disputes and claims arising out of or in relation with this Agreement shall first be settled by way
of negotiations between the Parties. If a dispute cannot be solved by way of negotiation, the Client shall
submit to the Service Provider a written application stating the name, surname, residential
address, contact details, date of submission, nature of the dispute, claim and the grounds for the
claim, accompanied by supporting documents, if any. The Service Provider shall examine the
Client's application and reply within 15 working days from the date of submission.
14.3. If an agreement pursuant to Clause 14.2 of the General Terms and Conditions of the Agreement
cannot be reached within 30 (thirty) days, the Parties shall submit the said dispute to a court of
general jurisdiction of the Republic of Latvia in accordance with the laws and regulations of the
Republic of Latvia. The Client, being a consumer, shall be entitled to apply to: (a) to the Consumer
Rights Protection Centre or (b) to a consumer out-of-court dispute resolution body , if one is
1
established in the relevant area, or (c) to the Consumer Dispute Resolution Commission, if the
assistance provided to the Client by the Consumer Rights Protection Centre in resolving the
dispute has not provided results and it is possible to convene the Consumer Dispute Resolution
Commission in the relevant area to resolve the dispute; or (d) to a court of the Republic of Latvia in
accordance with applicable laws and regulations of the Republic of Latvia; or (e) to settle the
dispute online .
2
14.4. The obligations of confidentiality, processing and non-disclosure of Personal Data and use of
intellectual property set out in this Agreement shall apply for an unlimited period of time and shall
not apply to the duration of the Agreement.
14.5. By entering into this Agreement, the Client acknowledges that it has read, agrees to and
undertakes to comply with the terms of the Agreement, including the Annexes to the Agreement.
14.6. The Agreement shall be signed electronically or by ink signature.
15. Right of withdrawal in respect of a Client who is a consumer (this section of the Agreement
shall not apply to Clients who are legal persons and shall not apply to Agreements
concluded in person at the same location)
15.1. If the Client is a consumer, the Client may exercise the right of withdrawal under the Consumer
Consumer out-of-court dispute resolution bodies available at: www.ptac.gov.lv/lv/content/arpustiesas-pateretaju-
1
stridu-risinataju-datubaze
SIT platform: https://ec.europa.eu/consumers/odr/main/index.cfm?event=main.home2.show&lng=LV
2
9
Rights Protection Law and unilaterally withdraw from this Agreement within 14 (fourteen) calendar
days from the date of this Agreement. To exercise the right of withdrawal, the Client shall send his/
her application to the registered office or to the e-mail address of the Service Provider set out in
the Agreement.
15.2. To meet the withdrawal deadline, it is sufficient that the Client shall send its notice of exercise of
the right of withdrawal to the Service Provider before the withdrawal period has expired.
15.3. In the event the Client withdraws from this Agreement within 14 (fourteen) calendar days of the
date of the Agreement, the Service Provider shall refund to the Client all payments received from
the Client without undue delay and in any event not later than 14 (fourteen) days from the date on
which the Service Provider was informed of the Client's decision to withdraw from the Agreement.
15.4. The refund shall be made by transfer to the bank account set out in the Client's application for
cancellation.
15.5. If the Client uses the Client Portal within the period of exercise of the right of withdrawal, the
Service Provider shall deduct from the fees paid by the Client an amount proportionate to the full
performance of the Agreement in relation to the portion of the Agreement performed at the time
when the Client informs the Service Provider of the exercise of the right of withdrawal.
15.6. The Client shall lose the right to exercise the right of withdrawal if the Client has agreed that the
Services will be provided during the period of exercising the right of withdrawal and that the Client
loses the right to exercise the right of withdrawal.
16. Annexes of the Agreement:
16.1. Annex 1 of the Agreement - Prices;
16.2. Annex 2 of the Agreement - Special Provisions;
16.3. Annex 3 of the Agreement - Data Processing Agreement.
10
Annex 1 of the Agreement - Prices
(the Annex may be supplemented as agreed between the Parties for individual services and their
prices)
1. Fee for the number of Users on the Client’s portal
The Client shall pay a monthly fee according to the tariff plan chosen by the Client, charged for
each user of the Client Portal created by the Client. The fee shall be applied on a daily basis in
proportion to the monthly fee. In the event that the Client no longer requires any of the functions
separated in each tariff plan, the Client shall inform the Service Provider thereof by the beginning of
the following month.
In addition, the Client undertakes to pay to the Service Provider value added tax (VAT) and other
applicable taxes in accordance with the payment procedure and at the rate specified in the
applicable laws and regulations.
2. Fee for outgoing correspondence units from the Client's Portal (e-mails, calls, SMS, etc.)
The fee for outgoing correspondence units shall be determined in accordance with a prior
agreement with the Client, in accordance with the Client's purposes and requirements.
In addition, the Client undertakes to pay to the Service Provider value added tax (VAT) and other
applicable taxes in accordance with the payment procedure and at the rate specified in the
applicable laws and regulations.
3. Fee for the subscription and assignment of numbers
The fee for subscription and assignment of numbers shall be determined in accordance with a prior
agreement with the Client.
In addition, the Client undertakes to pay to the Service Provider value added tax (VAT) and other
applicable taxes in accordance with the payment procedure and at the rate specified in the
applicable laws and regulations.
11
Annex 2 of the Agreement - Special Provisions
The Client:
Name of the Company/
Name, surname
Registration No/Personal
identification number
Address
Name, surname of the authorised
signatory
Basis of the representation of the
person authorised to be a signatory
Contact person
E-mail
Phone number
The Service Provider
Name of the Company
SIA "The One"
Registration No
40203418528
Address
Rasenes iela 5 - 2, Upesciems, Garkalnes pag., Ropažu nov.,
LV-2137
Name, surname of the authorised
signatory
Rolands Smilga
Basis of the representation of the
person authorised to be a signatory
Member of the Management Board in accordance with the
Company's Articles of Association
Contact person
E-mail
Phone number
Method of payment for the Services
Pre-payment
Amount of the Pre-payment, EUR:
________
Post- payment
Guarantee Amount, EUR: ________
Credit Limit
Amount of the Credit Limit, EUR:
________
Guarantee Amount, EUR: ________
The tariff plan:
12
Annex 3 of the Agreement
PERSONAL DATA PROCESSING AGREEMENT
(hereinafter the “DPA”)
SIA "The One", registered in the Commercial Register of the Republic of Latvia with the unified
registration No. 40203418528, legal address: Rasenes Street 5 - 2, Upesciems, Garkalnes pag., Ropažu
nov., LV-2137, the Republic of Latvia, represented by the Member of the Board Rolands Smilga, acting on
the bases of the Articles of Association, hereinafter referred to as the “Processor”,
and
_____________________, registered in the Commercial Register of ________________ with unified
registration No. ________________, legal address: ________________, represented by the Director
________________, acting based on the Articles of Association, hereinafter referred to as the “Controller”,
hereinafter also jointly referred to as the “Parties”, and individually as the “Party”.
1. GENERAL PROVISIONS
1.1. The DPA is concluded as a complementary Agreement to the Service Agreement No.
_____ concluded on __.__.2023 by and between the Controller and the Processor,
hereinafter referred to as the “Principal Agreement”.
1.2. The Parties agree that all capitalised terms, used and not defined in the DPA, shall have the
meaning given to them in the Principal Agreement.
2. SCOPE OF ENTRUSTMENT
2.1. Pursuant to the DPA, the Controller entrusts the Processor with personal data processing (as
specified in Clause 3 of Annex No. 1 hereto) (hereinafter referred to as the Personal Data”) in
the scope specified in Annex No.1 to the DPA (hereinafter referred to as the Scope of
entrustment”). For the processing of Personal Data under this DPA, the Controller shall be
regarded as the ‘data controller and the Processor shall be regarded as the ‘data processor.
2.2. The Processor shall process the Personal Data:
2.2.1. exclusively to perform the tasks resulting from the cooperation of the Parties in relation to the
Principal Agreement, to the extent necessary to perform those tasks, and exclusively during
the term of the Principal Agreement;
2.2.2. pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the
protection of natural persons with regard to the processing of personal data and on the free
movement of such data, and repealing Directive 95/46/EC (General Data Protection
Regulation) (hereinafter referred to as the “GDPR”), other provisions of law, and the DPA.
2.3. The Processor is authorised to empower entities acting on its behalf to process the Personal Data
in the name of the Controller, including to give instructions to those entities on behalf of the
Controller with respect to processing the Personal Data.
2.4. The Controller confirms that this DPA contains su!cient instructions to the Processor regarding
the processing of Personal Data, as well as the scope and purposes thereof and therefore
constitutes a binding data processing agreement in accordance with the GDPR.
2.5. The Controller is responsible for ensuring that the instructions provided to the Processor in
relation to processing of Personal Data comply with any applicable laws, including the GDPR.
2.6. The Controller confirms that Personal Data transferred to the Processor has been collected by the
Controller on a valid lawful basis and the Controller has obtained any necessary consents, if
required, or given any necessary notices as prescribed by the GDPR, and that the Controller is
entitled to provide the Personal Data to the Processor.
3. OBLIGATIONS OF THE PROCESSOR
3.1. The Processor shall:
3.1.1. ensure a level of security appropriate to the risk, upon the terms specified in Article 32 GDPR;
3.1.2. apply all appropriate technical and organisational security measures to protect the
confidentiality, integrity and availability of the Personal Data. The set of these measures is
further defined and set out in Annex No. 3 hereto;
3.1.3. process the Personal Data upon documented instructions from the Controller (including with
regard to transfers of the Personal Data to a third country or an international organization),
unless the obligation to process is imposed by applicable provisions of the law (whereas in
such a case, the Processor shall notify the Controller thereof prior to the commencement of
the processing, unless such notification is forbidden by applicable provisions of the law on
important grounds of public interest);
3.1.4. immediately inform the Controller if it is unable to follow Controller’s instructions or if, in the
Processor’s opinion, an instruction of the Controller infringes the GDPR or other applicable
data protection provisions.
4. ADEQUATE SECURITY MEASURES
4.1. Pursuant to the obligation to apply all technical and organisational measures securing the
Personal Data, adequate to the risk level, referred to under Clause 3.1.1 above, the Processor
shall implement measures specified in Annex No. 3 to the DPA [“Adequate security measures”].
4.2. The Controller confirms that the measures specified in Annex No. 3 to the DPA [“Adequate
security measures”] are sufficient for the performance of the obligation, referred to under Clause
3.1.1 above. In the event that, despite the above confirmation, such measures prove insufficient,
the Controller shall not be authorised to raise on that grounds any claims towards the Processor.
13
5. ASSISTANCE TO THE CONTROLLER
5.1. The Processor shall immediately inform the Controller in writing if it receives:
5.1.1. any requests from an individual with respect to the Personal Data processed, including but not
limited to requests for access and/or rectification, blocking, data portability and all similar
requests;
5.1.2. any complaint relating to the processing of the Personal Data, including allegations that the
processing infringes on a Personal Data Subject’s rights under the GDPR or other applicable
data protection laws; or
5.1.3. any order, demand, warrant, or any other document purporting to compel the production of the
Personal Data under applicable law.
5.2. The Processor shall immediately notify the Controller in writing if it receives any of the requests
set in Clause 5.1, unless specifically prohibited by applicable laws. The Processor shall not
respond to any of the requests set in Clause 5.1 unless expressly authorized to do so by the
Controller or as obligated under applicable law or a court order.
5.3. The Processor shall cooperate with and assist the Controller with respect to any action taken
relating to the request, complaint, order or other document as described under Clause 5.1 above.
As far as reasonably possible and considering the nature of the processing, the information
available to the Processor, the Processor shall implement appropriate technical and organisational
measures to provide the Controller with such cooperation and assistance.
5.4. The Processor shall provide the Controller with reasonable assistance with regards to:
5.4.1. ensuring compliance with the Controller’s obligations pursuant to the GDPR;
5.4.2. making available to the Controller all reasonable information necessary to demonstrate
compliance with the GDPR; and
5.4.3. performing the necessary data protection impact assessments and prior consultation
procedures as mentioned in Articles 35 and 36 of the GDPR.
6. USE OF SUB-PROCESSORS
6.1. The Processor has a right to delegate its powers to process the Personal Data to further
processors specified in Annex No. 4 to the DPA [“Specification of further processors”] (hereinafter
the “Specification of further processors”).
6.2. The Processor has a right to amend the Specification of further processors, by submitting
information thereof to the Controller, in a written or electronic form, whereas electronic form
means sending an electronic message (e-mail) to the e-mail address of the Controller set out in
the Principal Agreement.
6.3. The Controller has a right to object against amending the Specification of further processors,
within 7 (seven) days of receiving the Processor’s message including information regarding a
given proposed amendment (provided, however, that the Controller sets out reasons for the
objection). The Controller acknowledges that a lack of consent to amend the Specification of
further processors may prevent the Processor from continuing the performance of the tasks,
referred to under Clause 2.2.1 above (in such case the Processor has a right to cease performing
these tasks without assuming any liability thereunder), of which the Processor shall notify the
Controller promptly upon learning of raising an objection against the amendment.
6.4. The Processor warrants that it will employ only further processors providing for sufficient
guarantees of implementing appropriate technical and organisational measures to the effect that
the processing satisfies the GDPR requirements and the rights of data subjects are protected.
6.5. The Processor shall procure that the same data protection obligations as set out in the DPA as
referred to in Article 28(3) GDPR shall be imposed on further processor.
7. TRANSFER OF THE PERSONAL DATA
7.1. The geographical area on which the Processor may process the Personal Data shall be agreed by
the Parties in accordance with Annex No. 2 [“Area of processing”]. Annex No. 4 ["Specification of
further processors"] contains a list of entities, including entities from outside the EEA, which the
Processor may entrust with further processing of the Personal Data.
7.2. The Processor shall transfer the Personal Data to a third party located outside the European
Economic Area ("EEA"), if the third party is or agrees to be bound by these Clauses, or if:
(i) the transfer is to a country benefitting from an adequacy decision pursuant to Article 45 of
GDPR that covers the onward transfer;
(ii) the third party otherwise ensures appropriate safeguards pursuant to Articles 46 or 47 of
GDPR with respect to the processing in question;
(iii) the transfer is necessary for the establishment, exercise or defence of legal claims in the
context of specific administrative, regulatory or judicial proceedings; or
(iv) the transfer is necessary in order to protect the vital interests of the data subject or of
another natural person.
8. NOTIFICATION OF PERSONAL DATA BREACH
8.1. The Processor undertakes to implement and apply adequate measures to detect Personal Data
breaches and to implement appropriate corrective measures.
8.2. The Processor shall notify the Controller without undue delay after becoming aware of a Personal
Data breach, informing of the circumstances of the breach and the potential risks to the protection
of Personal Data. When notifying the Controller, the Processor shall provide:
14
8.2.1. description of the nature of the Personal Data breach including, where possible, the
categories and number of the Personal Data Subjects;
8.2.2. name and contact details of the Processor’s data protection officer or other point of contact
where more information can be obtained;
8.2.3. description of the likely consequences of the Personal Data breach;
8.2.4. description of the measures taken or proposed to be taken by the Processor to address the
Personal Data breach, including, where appropriate, measures to mitigate its possible
adverse effects.
8.3. The Processor will promptly take any necessary and appropriate actions to investigate, mitigate
and remediate any effects of a Personal Data breach, and provide assistance to the Controller to
ensure that the Controller can comply with its obligations under the GDPR it may be subject to in
relation to the Personal Data breach.
8.4. The Processor is not authorised to independently notify the breach to:
8.4.1. the Personal Data subjects; or
8.4.2. the supervisory authority.
9. AUDIT
9.1. The Controller has a right to carry out an audit verifying whether the Processor processes the
Personal Data in compliance with the DPA and applicable provisions of the law (hereinafter
referred to as the Audit”), provided that the Controller each time submits to the Processor an
Audit request including a detailed description of its scope, and such scope shall not exceed
actions necessary to verify whether the Processor processes the Personal Data in compliance
with the DPA and applicable provisions of the law.
9.2. The Audit shall be conducted within the term agreed upon by the Parties. The Audit may be
conducted on working days from 9:00 a.m. to 5:00 p.m., in the place where the Personal Data are
being processed.
9.3. In performance of the Audit:
9.3.1. the Controller is authorised to take only actions specified, within the scope of the Audit, in the
Audit request;
9.3.2. the Processor shall make available to the Controller documents including the Personal Data
and shall provide the Controller with information concerning the manner of processing the
Personal Data, Processor’s IT infrastructure, to the extent resulting from the Audit request,
subject to the necessity to ensure continued operations related to the current business
pursued by the Processor.
9.4. The Controller’s personnel or third parties agreed by the Parties may be employed to conduct the
Audits. Should the Audit be conducted by a third party, the Controller undertakes to ensure
confidence in degree corresponding to that resulting from the provisions of the Principal
Agreement. The Controller is held liable towards the Processor for any infringement of the
confidentiality obligation by the third party as for its own infringement.
9.5. In case during the Audit the works carried out by the Processor in performance of the Principal
Agreement are interrupted, the time limits for the Processor to perform its obligations under the
Principal Agreement, the performance of which has become impossible or hindered, are
automatically prolonged.
9.6. Following the Audit, the Controller’s representative prepares a post inspection report to be signed
by the representatives of the Processor and of the Controller. The Processor undertakes, in a
reasonable time, within the time limit agreed upon with the Controller, to adjust to the post
inspection recommendations provided for in the report, to the effect of remedying defects and
enhancing the safety of the Personal Data processing. In case implementation of such
recommendations generates additional costs, the Processor and the Controller shall agree on
their distribution. Notwithstanding the above, the Parties agree that the Controller bears the costs
of the Audit. The Processor is not obliged to reimburse the Controller for any costs related to the
conducted Audit, regardless of the outcome of the Audit.
9.7. Audits may be carried out not more often than once in 6 (six) calendar months, however, an Audit
is permitted despite the fact that the last Audit was carried out within the preceding 6 (six)
calendar months, in case the rights or freedoms of the Personal Data subjects are threatened due
to processing the Personal Data by the Processor.
10. LIABILITY
10.1. Subject to the absolutely binding provisions of the law, the liability of the Processor for
lost profits on the part of the Controller is hereby excluded, and the total aggregate
liability of the Processor towards the Controller on any grounds in relation to the
Personal Data processing is limited, at a given time, to the amount corresponding to the
total remuneration actually received by the Processor from the Controller under the
Principal Agreement within the period of the last 3 (three) months.
11. TERM AND TERMINATION, DURATION OF PROCESSING AND ERASURE OR RETURN OF
DATA
11.1. This DPA has been concluded for the term of the Principal Agreement.
11.2. This DPA may be terminated by the Controller, should the Processor grossly or recurrently infringe
the DPA, the GDPR, or other regulations on Personal Data protection, subject to ineffective lapse
of the additional cure period not shorter than 30 (thirty) days, granted by the Controller in a notice
demanding the Processor to cease the infringement.
15
11.3. Upon termination or expiry of the DPA the Processor shall, at the choice of the Controller, delete
all Personal Data processed on behalf of the Processor and certify to the Controller that it has
done so, or return all the Personal Data processed on its behalf to the Controller and delete
existing copies, unless applicable provisions of the law provide otherwise.
12. FINAL PROVISIONS
12.1. This DPA is concluded under the laws in force on the territory of the Republic of Latvia.
12.2. The Parties agree that any potential future litigations instituted on the grounds of this DPA shall be
resolved exclusively by the courts of the Republic of Latvia.
12.3. Unless this DPA provides otherwise, any and all amendments to the DPA shall be made in the
form of a written annex, otherwise being null and void.
12.4. No claim related to the DPA may be subject to set-off against any remuneration payable to the
Processor under the Principal Agreement.
12.5. All communications under this DPA shall be given to the persons and the addresses set forth in
the Principal Agreement.
12.6. The following Annexes are attached to the DPA and form an integral part of this DPA:
Annex No. 1
-
Scope of entrustment
Annex No. 2
-
Area of processing
Annex No. 3
-
Adequate security measures
Annex No. 4
-
Specification of further processors
Director
_________
Member of the Board
Rolands Smilga
CONTROLLER
PROCESSOR
16
Annex No. 1 – Scope of entrustment
1. Nature and purposes of processing: Personal Data shall be processed for the purpose to perform
the tasks resulting from the cooperation of the Parties in relation to the Principal Agreement, in
manner resulting from the nature of services rendered as part of performing those tasks, i.e. the
Processor shall:
1.1. ensure the Client's (Controller's) contact centre communication software (email, telephone,
whatsapp, telegram, etc.) under one platform in the Client's (Controller's) Portal, as part of
which it shall receive on behalf of the Controller the data related to the Client's (Controller's)
Users of the Client's (Controller's) Portal and Client's (Controller's) customers;
1.2. at the Client's (Controller's) request, the Service Provider, in cooperation with a licensed mobile
communications operator, shall provide the Client (Controller) with a geographic, non-
geographic, mobile telephone or special number in accordance with the procedures set out in
the Principal Agreement, as part of which it shall receive on behalf of the Controller the data
related to the Client's (Controller's) Users of the Client's (Controller's) Portal and Client's
(Controller's) customers.
2. Categories of Personal Data subjects:
2.1. Natural persons - Users of the Client's (Controller's) Portal and
2.2. Natural persons - Client's (Controller's) customers.
3. Type of Personal Data:
E x t e n t o f t h e
processed personal
data
P u r p o s e o f
processing
Legal grounds of
processing
D u r a t i o n o f
processing
Identification and
contact information
data of the Users of the
Client's (Controller's)
Portal, to whom the
Service provider shall
provide access through
the user interface to be
able to use the
Services: name and
surname, personal
identification number (if
any); date, month and
year of birth, phone
number, address and
e-mail address.
Notifications related to
t h e S e r v i c e s i n
particular, to
maintenance and other
notifications, and—in
case of error reporting
the identification of
the person reporting
the error.
Performance of the
Principal Agreement
and the monitoring
thereof under GDPR
article 6 (1) b).
During the validity of
the Principal
Agreement.
Establishing,
defending, assigning
and providing evidence
against claims of non-
conformity of service,
as well as providing
evidence against a
possible claim arising
in delict.
The legitimate interest
of Service provider
under GDPR article 6
(1) f) (establishment of
a right of recourse).
3 (three) years from
the end of the Users of
t h e C l i e n t ' s
(Controller's) Portal
status. If the Users of
t h e C l i e n t ' s
(Controller's) Portal
status remains in effect
until the termination of
the Principal
Agreement, then for a
period of 3 (three)
y e a r s a f t e r t h e
termination of the
principal Agreement.
Identification and
contact information
data of the Client’s
(Controller's) contact
person: name and
surname, personal
identification number (if
any); date, month and
year of birth, phone
number, address and
e-mail address.
Notifications related to
the performance of the
Principal Agreement,
including:
- tech nical syste m
notifications and error
messages;
- financial balance
notifications, invoicing;
- legal contract related
notifications;
- security notifications.
Performance of the
Principal Agreement
and the monitoring
thereof under GDPR
article 6 (1) b).
During the validity of
the Principal
Agreement.
17
Establishing,
defending, assigning
and providing evidence
against claims of non-
conformity of service,
as well as providing
evidence against a
possible claim arising
in delict.
The legitimate interest
of Service provider
under GDPR article 6
(1) f) (establishment of
a right of recourse).
3 (three) years from
the end of the
termination of the
c o n t a c t p e r s o n s
status.
If the contact person
status of the person
concerned exists until
the termination of the
Principal Agreement,
then for a period of 3
(three) years from the
termination of the
Principal Agreement.
Identification and
contact information of
the Client’s customers
( e n d - u s e r o f t h e
number), to whom the
S e r v i c e p r o v i d e r
provides the number:
name and surname,
personal identification
number (if any); date,
month and year of
birth, phone number,
address and e-mail
address, copy of the
passport, KYC
information.
To comply with the
requirements set out in
the agreement with the
communication
operator, with whom
the Service provider
cooperates to issue
number used by the
Client’s customer (end-
user of the number).
Performance of the
Principal Agreement
and the monitoring
thereof under GDPR
article 6 (1) b).
Until the request of the
communication
operator, with whom
the Service provider
cooperates, is fulfilled
Unique identifiers (user
n a m e , p a s s w o r d )
assigned to the Users
o f t h e C l i e n t ' s
(Controller's) Portal, to
w h om t he S e rv i c e
provider shall provide
access through the
user interface to be
able to use the
Services.
Identification of the
Users of the Client's
(Controller's) Portal
Performance of the
Principal Agreement
and the monitoring
thereof under GDPR
article 6 (1) b).
Until the termination of
t h e U s e r s o f t h e
Client's (Controller's)
Portal status
Log files, statistics and
sy stem infor mati on
created on the server
and client side,
containing data related
to the functionality of
the Services.
Trouble hunting and
the provision of quality
target values
The legitimate interest
of the Service Provider
under GDPR Article 6.
(1) f).
90 (ninety) days from
creation
Total unit that can be
accounted for in the
specific accounting
period; Time and
duration of the use of
the service, the extent
of the transferred data,
a n d o t h e r f a c t o r s
affecting the
remuneration; Data
related to the invoicing.
Issuance and retention
of documents under
the Accounting Law.
Statutory processing
Article 6. (1) c) of the
GDPR.
5 (five) to 10 (ten)
years
Invoicing, the collection
of the fees, and the
monitoring of the
Principal Agreement.
Performance of the
agreement under
GDPR Article 6. (1) b).
Until the forfeiture of
the claims arising from
the Principal
Agreement (3 (three)
years).
18
Communication and
device data: data
contained in
communications,
emails, visual images,
video and/or audio
recordings, and other
f o r m s o f
communication and
interaction data;
Data collected when
t h e U s e r s o f t h e
Client's (Controller's)
P o r t a l v i s i t s t h e
website, mobile
application or other
channels of
communication;
data on habits,
p r e f e r e n c e s a n d
satisfaction, such as
usage activity, services
used, personal
preferences, survey
responses, customer
satisfaction:
1) technical information
(e.g. device type,
Internet Protocol (IP)
address and Internet
Service Provider (ISP)
used to connect the
device to the Internet;
registration
information; browser
type and version; time
zone settings, browser
p l u g - i n t y p e s a n d
versions, operating
system and platform,
screen resolution,
location, font encoding;
2) visit information,
including full URLs,
c l i c k s t r e a m s t o ,
through and from the
website (including date
and time); services
viewed or searched for;
reference/exit pages,
files viewed on the
website (e.g. HTML
pages, graphics, etc.);
and (e.g. HTML pages,
HTML files, web pages
(e.g. HTML pages,
HTML files, web pages
with HTML content,
etc.), page response
times, download errors,
duration of visit to
certain pages, page
interaction information
(such as scrolling,
clic k s a n d m o u s e -
overs) and methods
used to navigate away
from the page, date/
time sta m p a n d / o r
clickstream data.
Information security
and technical system
and IT infrastructure
development;
Prevention or detection
of criminal offences in
connection with the
protection of property
owned or used by the
S e r v i c e P r o v i d e r
(including website
security);
The performance of
management functions
(business strategy,
s o u n d r i s k
management and
corporate governance);
Monitoring, improving
and enhancing the
q u a l i t y o f s e r v i c e
provision and/or
c u s t o m e r s e r v i c e ;
measuring productivity;
Prevention of
fraudulent use and
proper performance of
services, to sanction
and control access to
and operation of digital
channels, to prevent
unauthorised access
and fraudulent use,
and to ensure
information security;
To improve technical
systems, IT
infrastructure, to adapt
the di s play of the
service on devices and
to develop services, for
example: by testing
and improving
technical systems and
IT infrastructure.
The legitimate interest
of the Service Provider
under GDPR Article 6.
(1) f) (performance of
management
functions; monitoring,
improving and
developing the quality
of service provision
a n d / o r c u s t o m e r
service; testing the
website, digital
environment;
information security
and improvement of
technical systems and
IT infrastructure to
prevent, limit and
investigate misuse or
u n l a w f u l u s e o r
disruption of services,
including fraudulent
activities;
establishment of rights
of recourse).
90 (ninety) days from
creation
Preparation of
personalized and
tailored information,
provision of a more
user-friendly service:
-F o r
administering
personalised
o f f e r s a n d
other benefits;
Direct marketing.
Consent to the
processing of personal
data (including the use
o f c o o k i e s w h e n
visiting the website);
Consent to automated
processing of personal
data, including
profiling;
Consent to the
processing of personal
data (including direct
marketing).
Until withdrawal of the
consent.
Director
__________
Member of the Board
Rolands Smilga
CONTROLLER
PROCESSOR
19
20
Annex No. 2 – Area of processing
The area on which the Processor may process the Personal Data:
1) the European Economic Area
Director
__________
Member of the Board
Rolands Smilga
CONTROLLER
PROCESSOR
21
__.__.2023. Pakalpojumu līgums Nr._____
Annex No. 3 – Adequate security measures
1. Measures of pseudonymisation and encryption of personal data (Encrypted communication TLS, SSH,
VPN / tunnels; all backups on request are encrypted by the AES-256 cipher during the transmission over the
Internet and are stored in encrypted containers on the servers).
2. Measures for ensuring ongoing confidentiality, integrity, availability and resilience of processing
systems and services (physical and logical access control; access to the personal data to employees only to
the extent strictly necessary for the implementation, management and monitoring of the contract and for the
performance of their duties; confidentiality clause in the employment contracts; access to the personal data to
employees who have been acquainted with the rules on the processing of personal data; security trainings).
3. Measures for ensuring the ability to restore the availability and access to personal data in a timely
manner in the event of a physical or technical incident (The servers are equipped with multiple redundant
components, including, but not limited to BIOS, power supplies, disk drives. The servers are connected to
multiple power sources which are protected by the Uninterruptible Power Supply system and Diesel Generator.
UPS and Diesel Generator systems undergo annual health checks. The Processor runs a number of cold spare
servers that can be used to recover from single server failure. In case of total damage to the data center the
Processor uses off-site backup technique to recover from the disaster in any available data center space within
7 (seven) working days after the new data center deployment date. In case of personal data compromise the
Processor`s employees will not have access to personal data inside the backups. As a matter of fact nature of
encryption denies real-life possibility to obtain data from encrypted disk safes).
4. Processes for regularly testing, assessing and evaluating the effectiveness of technical and
organisational measures in order to ensure the security of the processing (the Processor undergoes
yearly monitoring the efficiency and security of data storage. All internal data processing regulations are
documented, including, but limited to IT security policy, access controls policy, internal system audit policy).
5. Measures for user identification and authorisation (physical and logical access control; access to the client
system is denied to terminated employees).
6. Measures for the protection of data during transmission (by assessing the appropriate level of security, the
Processor takes into account technical feasibility of using encryption or pseudonymization, the costs of
imple