These Terms of Processing (hereinafter the ”Terms”) shall apply to all Services (as defined below) provided by OPIN S.L. (hereinafter ”OPIN”).
Each individual, company or business that holds an account with the OPIN platform or makes use of the Services in any other way (hereinafter “Customer”) shall be deemed to have accepted these Terms in full.
For purposes of these Terms, Customer shall be the Data Controller and OPIN shall be Data Processor.
Pursuant to Article 28 of Regulation (EU) 2016/679 (GDPR), these Terms shall apply to all Services provided by OPIN to Customer and reflect the parties’ agreement with regard to the processing of Customer Personal Data.
1.1 “Customer Personal Data”, shall mean any Personal Data processed by OPIN or third parties commissioned by OPIN in connection with the Services;
1.2 “Data Breach”, shall mean any unauthorised or unlawful processing, disclosure of, or access to, Customer Personal Data or any accidental or unlawful destruction of, loss of, alteration to, or corruption of Customer Personal Data;
1.3 ‘’Data Controller’’, shall have the meaning as set out in Article 4 of the GDPR;
1.4 ‘’Data Processor’’, meaning as set out in Article 4 of the GDPR;
1.5 “Data Subject”, shall mean a natural person whose Personal Data are processed by OPIN;
1.6 “EEA”, shall mean the European Economic Area;
1.7 “GDPR”, shall mean the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC;
1.8 “Personal Data”, shall have the meaning as set out in Article 4 of the GDPR;
1.9 “Privacy Shield”, shall mean the EU-U.S. framework to provide companies with a mechanism to comply with data protection requirements when transferring Personal Data from the European Union to the United States;
1.10 “Services”, shall mean any activities to be supplied or carried out by OPIN for Customer, in relation to the use of software integrated and downloaded via OPIN365.com and other related websites provided including those pre-integrated services developed by commissioned third parties;
1.11 “Sub-processor”, shall mean any person or entity appointed by or behalf of OPIN to process Customer Personal Data.
1.12 All terms not defined shall have the same meaning as in the GDPR, and their cognate terms shall be construed accordingly.
In the course of providing Services to Customer, OPIN may process Customer Personal Data on behalf of Customer. Parties agree to comply with the following provisions with respect to any Customer Personal Data, each acting reasonably and in good faith.
2. Applicability and Duration of Terms
2.1 These Terms shall apply to all Customer Personal Data processed by OPIN in relation to the Services. OPIN trusts that the person accepting these Terms is entitled to do so in the name of Customer. The Terms shall remain in effect until, and automatically expire upon deletion of all Customer Personal Data, as described in Section 11 of these Terms (Deletion or Return of Personal Data).
3. Processing of Personal Data
3.1 OPIN shall process Customer Personal Data solely for the purposes of improving and providing Services to Customer. OPIN shall only process Customer Personal Data on behalf of Customer and in accordance with these Terms and the documented instructions of Customer, unless required otherwise by the relevant law to which OPIN is subject.
3.2 OPIN shall comply with all applicable data protection laws in the processing of Customer Personal Data.
3.3 OPIN shall promptly inform Customer if, in the opinion of OPIN, an instruction of Customer in relation to the processing of Customer Personal Data, infringes relevant data protection laws and/or these Terms, unless the applicable law prohibits from doing so on important grounds of public interest.
4. Security Measures and Confidentiality
4.2 Security measures shall include, but not be limited to, measures to protect Customer Personal Data; the ability to ensure ongoing confidentiality, integrity, availability and resilience of processing systems and services; the ability to restore timely availability and access to Customer Personal Data following an incident; and regular testing/assessing/evaluating the effectiveness of applied measures for ensuring security of the processing.
4.3 OPIN shall take appropriate steps to ensure compliance with the security measures by the persons authorised to process Customer Personal Data, including ensuring that all persons authorised to process Customer Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
4.4 OPIN shall ensure that only the persons authorised to process Customer Personal Data are given access and only to the extent necessary to provide and improve Services to Customer.
5.1 OPIN shall only engage a Sub-processor for any processing activities pursuant to these Terms if such Sub-processor is located within the EEA, or the United States of America (subject to such US party being compliant with the Privacy Shield). In all other cases OPIN shall notify Customer before using a Sub-processor and provide Customer the right to opt-out from the provision of Services by deleting Customer account.
5.2 Customer specifically authorizes the engagement of the Sub-processors listed in Appendix 1 (Sub-processors as of 10 May 2018). In addition, Customer generally authorizes the engagement of any other third parties as Sub-processors, as long as such parties are appointed in accordance with the rules stipulated in this Section. OPIN shall update his overview of Sub-processors on a regular bases. The overview can be found here.
5.3 With respect to each Sub-processor, OPIN shall ensure that:
5.3.1 Such engagement is set out in a written contract or other written
5.3.2 The obligations as laid out in these Terms and under Article 28(3) of the GDPR are imposed mutatis mutandis on the Sub-processor;
5.3.3 Sub-processor processes Customer Personal Data in line with appropriate and technical organizational measures pursuant to these Terms and Article 32 of the GDPR;
5.4 OPIN shall be responsible for the Customer Personal Data processed by a Sub-processor. This shall not apply to carrier-related liabilities, as described in the OPIN Terms & Conditions.
6. Data Subject’s Rights
6.1 OPIN shall enable Customer on request to access, rectify, delete, object, or restrict the processing of Customer Personal Data, and to export Customer Personal Data in accordance with the procedures and timeframes specified in these Terms.
6.2 Data Subject Requests
6.2.1 In the event of receiving any request from a Data Subject in relation
to Customer Personal Data, OPIN shall support Data Subject to submit
his/her request to Customer, who shall respond to such requests.
6.2.2 OPIN shall assist Customer in meeting its obligation to respond to requests by Data Subjects, in order to enable exercising Data Subject’s rights, as laid down in Chapter III of the GDPR.
7. Data Transfers
7.1 Customer Personal Data shall only be processed by OPIN and/or appointed Sub-processors: (i) within the EEA; or (ii) the United States of America, if subject to such US party being compliant with the Privacy Shield; or (iii) in a country recognised by the European Commission as providing an adequate level of protection for Personal Data.
7.2 Whenever OPIN is permitted by Customer to transfer Customer Personal Data to any recipient or country outside the EEA or the United States of America, if subject to such US party being compliant with Privacy Shield; and such country is (i) not recognized by the European Commission as providing an adequate level of protection for Personal Data; or (ii) not covered by a suitable framework or certification recognized by the relevant authorities or courts as providing an adequate level of protection of Personal Data, then OPIN shall implement Standard Contractual Clauses (pursuant to the European Commission’s decision of 5th February 2010 on Standard Contractual Clauses for the transfer of Personal Data to processors established in third countries which do not ensure an adequate level of data protection).
8. Personal Data Breach
8.1 In the event of a Data Breach affecting Customer Personal Data, OPIN shall promptly notify Customer after becoming aware of the breach. OPIN shall promptly take measures to address the breach and mitigate any adverse effects.
8.2 OPIN shall support Customer in ensuring compliance with any legal obligations to report the breach to a supervisory authority or inform Data Subjects of the Data Breach pursuant to Articles 33 and 34 of the GDPR.
9. Data Protection Impact Assessments and Prior Consultation
9.1 OPIN shall provide assistance to Customer with regard to conducting data protection impact assessments, including any consultations with supervising authorities or other competent data privacy authorities, in order to fulfil obligations as outlined under Articles 35 and 36 of the GDPR, or equivalent provisions of any other data protection law.
10. Record of Processing Activities
10.1 OPIN shall maintain a record of processing activities relating to these Terms and to Customer Personal Data, in accordance with the requirements stipulated under Article 30 of the GDPR [insert link].
10.2 OPIN shall make such records available to Customer upon request and without undue delay.
11. Deletion or Return of Personal Data
11.1 Any Customer Personal Data shall be anonymized within 12 months after
having been incorporated in the OPIN system.
11.2 Customer may at all times request OPIN to close its account and/or delete all Customer Personal Data in writing. In such event OPIN shall delete all Customer Personal Data within six (6) months from the request. OPIN cannot support earlier deletion as this data may be required for adequate provision of the Services.
11.3 The provisions of this Section 11 are subject to EU or EU Member State law requirements regarding storage and retention of Personal Data.
12.1 Customer, or a third-party auditor acting under Customer’s direction, shall have the right to conduct data privacy and security audits at own expense, concerning OPIN’s data security and privacy procedures relating to the processing of Customer Personal Data, and its compliance with these Terms and the relevant data protection legislation. Customer may require OPIN to demonstrate evidence of compliance with these procedures in lieu of or in addition to conducting such an audit.
13.1 The liability of OPIN, under these Terms or by law, shall at all times be limited to the amount covered by the liability insurance of OPIN. If such liability insurance does not provide for adequate coverage, the aggregate liability of OPIN shall at all times be limited to the amount of fees paid by Customer to OPIN for the related Services in a given calendar year.
14. Final Provisions
14.1 These terms and its interpretation shall be governed by the law of Spain
14.2. Any disputes arising in relation to the Terms shall be brought before the courts in Spain, which shall have exclusive jurisdiction to adjudicate, unless specifically agreed otherwise by the parties, in writing.
14.3 Any future modifications to these Terms shall be made in writing. Such modifications shall be made in the form of providing an updated version of these Terms.
14.4 Should any provision of these Terms be deemed invalid or unenforceable, the remainder of these Terms shall remain valid and in force. The invalid or unenforceable provision shall be either (i) amended as necessary to ensure its validity and enforceability whilst preserving the parties’ intentions as closely as possible or, if this is not possible, (ii) construed in a manner as if the invalid or part had never been contained therein.
15: Invoice and Payment Terms
From the date of sign up and thereby initialisation of the contract, free trial (if applicable) lasts for a period of no more than two weeks. Upon cessation of the trial period (if applicable) the payment terms for all customers is 30 days of initial provision of services as notified via written invoice (all accounts queries to be directed to firstname.lastname@example.org.
15.1 The price set out on the pricing page of the opin365.com site is binding unless otherwise agreed. Prices quoted are exclusive of the statutory rate of vat. Exceptions might only be made via written consent logged with both OPIN and the customer.
15.2 Where no specific agreement has been made, invoices shall be paid within 30 days of generation.
15.3 If the customer is in arrears with a payment, OPIN is entitled to declare that all amounts owed to it are due for payment at once, without taking account of due dates otherwise agreed, and to refuse any further provision of service as long as these payments have not been made in full. Moreover, OPIN may claim the statutory rate of interest on all late payments. If OPIN provides evidence of damages as a result of delayed payment over and above the rate of interest, OPIN is entitled to claim the respective damages, unless the customer proves that OPIN did not suffer any or only suffered less damage as a result of late payment.
16. OPIN SL reserves all proprietary and intellectual property rights over all OPIN services and provision thereof.