v1 published on 22/03/2022
v2 published on 11/04/2022
LightOn Muse API Terms & Conditions
- Registering and Accessing the API
(a) Accepting the Terms. To start using the API, you have to explicitly agree to these Terms. You can neither use the API nor accept these Terms if you are not of legal age to form a binding contract with LightOn.
(b) Authority. When using our API on behalf of a person, company or entity, you are agreeing to these Terms for that person, company or entity and thus the terms “you” and “your” in these Terms which refer to that person, company or entity except for this Section 1(b). In this case, you implicitly guarantee that you have the full legal authority to accept these Terms on behalf of that person, company or entity.
(c) Access and Credentials. To use the API, you must register according to our procedures and, as part of the process, provide LightOn with certain information (such as identification or contact details) as part of the registration process. Once registered, you will be given certain credentials to access the API. These credentials are to be kept confidential and cannot be shared, transferred, or otherwise made accessible to others. You are responsible for all activities that occur using your access credentials. When accessing and using the API, you are to use only your real identity and your own credentials.
(d) Registration Information. Any registration information that you provide to us must be accurate and up to date. Should any changes occur, you must inform us without delay. You agree that we can use, store, and internally share your registration information to contact you for purposes under these Terms.
(e) Applications built on top of Muse API. If you use the API for a software application, website, tool, service or product (collectively “Application”), this and the affiliated Content display must comply with these Terms and any documentation, usage guidelines, parameters, and other requirements provided to you by LightOn and which can be modified. By “Content”, we mean any LightOn’s data or content created and accessed via our API. Your access to the API and Content can be limited at our discretion.
- Using the API
(a) License. Subject to your compliance with these Terms, LightOn provides you with a limited, non-exclusive, non-sublicensable, non-transferable, non-assignable, revocable license during the Duration. This license solely allows you to (i) use the API to develop, test, run, operate, and support your Application; (ii) to let end-users use your integration of the API within your Application; (iii) to display the Content accessed through the API within your Application and (iv) as do whatever else is explicitly authorized by LightOn in written form.
(b) Ownership. All rights, title, and interest in and to the API, Content, and all associated elements, components, and executables are owned by LightOn and its affiliates. Subject to the foregoing, you own all rights, title, and interest in and to your Application. You have no right to distribute or allow access to the API. Except as expressly provided in these Terms, neither party grants nor shall the other party acquire any right, title, or interest (including any implied license) in or to any property of the first party or its affiliates under these Terms. Any rights that are not expressly granted in these Terms are withheld.
(c) Copyright. LightOn will not claim copyright over Content generated by the API for you or your end-users through your Application.
(d) Feedback. Any feedback provided to LightOn about the API or Content or any other technology, data, business or systems belonging to LightOn, may be used, shared, commercialized, and otherwise exploited by LightOn and its affiliates in any manner and for any purpose without any obligation to you.
(e) Support. LightOn may provide you with technical support and guidance through email and through our community website (https://community.lighton.ai) for using the API and we may stop providing such support to you at any time without obligation to you.
(f) Children. You must be at least 18 years old to use or access the API. LightOn does not knowingly collect, either online or offline, personal information from persons under the age of 13.
(g) Third Party Products. Third-party software, services, or other products (“Third Party Products”) you may use in connection with your use of the API are subject to their own the terms and conditions. LightOn is not responsible neither for any Third Party Products nor your use of any Third Party Products.
(i) Early Access, Previews, and Private/Public Betas. Certain features of the API may be made available to you through an early access, preview, or public/private beta access (“Preview Services”). We offer Preview Services for testing, evaluating, and improving such services. Note that Preview Services may have a reduced or different level of privacy, security, or compliance commitments, and may not become generally available or be error-free. In particular, Content in Preview Services may not be secured and may be partially or completely altered or lost, and output generated by Preview Services may also be subject to Third Party Products licenses without limitation.
- Usage Requirements
While using our API, you (and anyone acting on your behalf) must agree to the following:
(a) The API and the Content will only be used (i) in compliance with all applicable laws; (ii) in compliance with these Terms, any other relevant document provided by LightOn, as well as with the license granted in Section 2(a); (iii) in a manner that does not infringe, misappropriate, or violate in any way any of our rights or those of any other person or entity.
(b) You are forbidden to: (i) distribute, sell, transfer, or otherwise give any rights concerning all or any portion of the API or Content to any third party (except to your end-users by making Content available to them and allowing them to use your integration of the API through your Application); (ii) create any software that functions substantially the same as the API and offer it to third parties; (iii) reverse assemble, reverse compile, decompile, translate or otherwise attempt to discover the source code of any part of the API; (iv) change, alter, falsify or otherwise create derivative works of the API or Content or attempt to do so; (v) use the API or Content in connection with any spyware, virus, worm, time bomb, Trojan horse, or any other malicious or harmful code, or any software application not expressly and knowingly authorized by users prior to being downloaded or installed on their computer or other electronic device; (vi) interfere or attempt to do so in any way with the functionality or proper functioning of the API; or (vii) use the API to create products or services that may be directly compete with the API and LightOn’s activities.
(c) You are solely responsible for making sure that the use of the API or Content with your Application does not break in any way these Terms or any agreement between you and anyone else.
(d) The API may not be used to discover or extract any underlying components of LightOn’s models, algorithms, and systems.
(e) The use of web scraping, web harvesting, or web data extraction methods to get data from the API, the Content, or LightOn’s or its affiliates’ software, models or systems, is strictly forbidden.
(f) Removing or altering in any way any notice, including any notice of intellectual property right, appearing on or contained within the API or Content, is strictly forbidden.
(g) When using the API, you must respect and will not attempt to circumvent any API’s call rate limits.
(h) Solely or in your Application, the API and Content will not be used by you, nor by your end-users through your Application, in a way that violates applicable law, including:
- (i) Illegal activities, such as child pornography, gambling, cybercrime, piracy, violating copyright or any intellectual property laws;
- (ii) You are not located or affiliated with an entity or individual that is located in, or organized under the laws of, or ordinarily resident in any country or geographic region subject to sanctions administered by the E.U. or by OFAC, including Iran, Russia, North Korea, Sudan, Syria, Cuba and the Crimean Peninsula.
- (iii) You are not a person included on one or more restricted party lists or a person owned by or acting on behalf of a person on one or more restricted party lists, including (i) the list of sanctioned entities maintained by the UN, (ii) the Specially Designated Nationals and Blocked Persons List (the “SDN List”), the Foreign Sanctions Evaders List, and the Sectoral Sanctions Identifications List, all administered by OFAC, (iii) the U.S. Denied Persons List, the U.S. Entity List, and the U.S. Unverified List, all administered by the U.S. Department of Commerce, (iv) the consolidated list of Persons, Groups and Entities subject to EU Financial Sanctions, as implemented by the EU Common Foreign & Security Policy, and (v) similar lists of restricted parties maintained by other applicable Governments.)
- (iv) You will not threaten, stalk, defame, defraud, degrade, intimidate or otherwise cause psychological harm to anyone for any reason.
(i) You will not use the API or Content or allow any user to use the Application in a way that causes societal harm and misleads, including but not limited to:
- (i) Presenting to your end-user’s outputs of your Application generated with no human in the loop as human-generated;
- (ii) Generating any spam or scam
(j) You are forbidden to buy, sell, share or transfer API keys from, to or with a third party without LightOn’s prior written consent.
(a) You may be granted access to certain non-public confidential or proprietary information of LightOn, its affiliates and other third parties, including, software and specifications related to the API and LightOn’s and its affiliates’ algorithms, software, models or other business information (collectively “Confidential Information”). Confidential Information includes any information that LightOn or its affiliates consider confidential or would normally be considered confidential given the circumstances. This Confidential Information may only be used to exercise your rights under the present Terms. You may not share any Confidential Information with any third party without LightOn’s prior written consent. Furthermore, you agree that you will protect this Confidential Information from unauthorized use, access, or disclosure as you would protect your own confidential and proprietary information of a similar nature and in any event, in the best way reasonably possible.
(b) The following categories are not part of Confidential Information : (i) is or becomes generally available to the public without any implication from your side; (ii) information you already had in your possession without any clause of confidentiality when you received it under these Terms; (iii) was or is later rightfully disclosed to you by a third party without any clause of confidentiality; (iv) we approved for release in writing; or (v) you independently developed without using or referencing any Confidential Information. You are allowed to disclose Confidential Information when required by law or the valid order of a court or other governmental authority if you give prior written notice to LightOn of the disclosure in a reasonable delay.
(a) Your network, operating system and the software of your servers, databases, and computer systems must be properly configured to securely operate your Application and store content collected through your Application.
(b) You agree that LightOn and its affiliates may monitor any API activity from its own systems to secure, ensure the quality of, and improve LightOn systems, products and services; perform research, and ensure compliance with these Terms and all applicable laws. You will give LightOn reasonable access to your Application to monitor compliance with these Terms. You will not interfere with this monitoring and LightOn may use any technical means to overcome such interference.
(c) You must have a process to respond to any vulnerabilities or breaches in your Application. If you discover or a third party reports to you any vulnerabilities or breaches related to your Application’s connection to the API, you will promptly contact LightOn and provide details of the vulnerability or breach.
- Privacy and Data Protection
(b) Submission of Content. LightOn does not have any ownership over any intellectual property rights in the content that you submit to our API through your Application, except as expressly provided in these Terms. Exclusively in order to enable LightOn and its affiliates to provide, secure, and improve the API (and related software, models, and algorithms), you give LightOn and its affiliates a perpetual, irrevocable, worldwide, sublicensable, royalty-free, and non-exclusive license to use, host, store, modify, communicate and publish all content submitted, posted or displayed to or from the API through your Application. Whenever allowed under applicable Privacy Laws, the foregoing license survives consumer requests for deletion of personal data or Personal Information for the sole purpose of enabling LightOn and its affiliates to provide, secure, and improve the API. Before submitting any content to our API through your Application, you will ensure that you have the necessary rights (including rights from your end-users) to grant LightOn the license.
You agree that we may change our rules and procedures relating to the use of the API at any time. Furthermore, we may change or amend these Terms for a variety of reasons, such as to reflect changes in applicable law or updates to services and to account for new services or functionality at any time. We will post notice of changes within the documentation of each applicable API and/or to our website. The most current version will always be posted on our website. Changes will not apply retroactively and will become effective at the earliest 14 days after they are posted, except for changes concerning new API functions or changes made for legal reasons, which will be effective immediately. In case you do not agree to such changes or amendments, you must stop using the API and Content immediately and terminate these Terms. If you continue using the API and Content after any change or amendment, you are considered to agree to such changes or amendments.
- Term and Termination
(a) Term. These Terms will be effective starting your first use of the API and will remain in effect for a renewable period of 10 years, or until terminated according to these Terms.
(b) LightOn’s Right to Terminate; Suspension. LightOn has the right to terminate these Terms and suspend or revoke your access to all or any of the API and Content, for convenience and for cause:
– For Convenience. We may terminate these Terms and revoke all access effective at the end of a billing cycle by providing at least 30 days’ prior written notice to you without refund for any prior period.
– For Cause. We may suspend or terminate these Terms for any of the following reasons: (a) you have materially breached these Terms and failed to cure that breach within 30 days after We have so notified you in writing; (b) you fail to pay fees for 30 days past the due date.
Additionally, We may limit, suspend the services to you: (i) if you fail to comply with these Terms, (ii) if you use the services in a way that causes legal liability to us or disrupts others’ use of the services; or (iii) if we are investigating suspected misconduct by you.
(c) Your Right to Terminate. You may terminate these Terms by stopping your use of the API and cancelling your subscription through muse.lighton.ai or by contacting us through email at [email protected]. The termination will be effective on the first day of the following “Subscription Month” (as defined in paragraph 10d). There will be no refund of the on-going monthly fees.
(d) Your Obligation Post-Termination. Upon termination, all licenses granted within these Terms immediately and automatically expire and you must immediately cease using the API and Content. You will promptly destroy or return to LightOn everything tangible or electronic that contains any Confidential Information.
(e) Survival. The provisions of these Terms which, by their nature, should survive termination or expiration of these Terms, including but not limited to Section 2(b) – 2(i); Section 4 (Confidentiality); Section 5 (Security); Section 6 (Privacy and Data Protection); Section 8 (Termination); Section 9 (Indemnification; Disclaimer of Warranties; Limitation of Liability), Section 10 (Fees and Payments), Section 11 (Export Control, Sanctions Compliance, and Related Matters) and Section 12 (General Terms), shall survive and remain effective after the expiration or termination of these Terms, and apply to respective permitted successors and permitted assigns.
- Indemnification; Disclaimer of Warranties; Limitations on Liability
(a) Indemnity. You agree to defend, indemnify, and hold harmless us, our affiliates, and each of our employees, officers, directors, agents and representatives, from and against all claims, damages, losses, liabilities, judgments, penalties, fines, costs, and expenses (including attorneys’ fees) arising from or relating to (i) your breaking of these Terms; (ii) your use of the API, Content; (iii) your Application; (iv) any content or data routed into or used with the API by you, those acting on your behalf, or your end-users; (v) your actual or alleged infringement, misappropriation or violation of LightOn, its affiliate’s or any third party’s intellectual property or proprietary rights.
(b) Disclaimer. THE API IS LICENSED ON AN “AS IS” AND “AS AVAILABLE” BASIS. LIGHTON AND ITS AFFILIATES MAKE NO WARRANTIES (EXPRESS, IMPLIED, STATUTORY OR OTHERWISE) WITH RESPECT TO THE API, AND EXPRESSLY DISCLAIM ALL IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, SATISFACTORY QUALITY, NON-INFRINGEMENT AND ANY WARRANTIES ARISING OUT OF ANY COURSE OF DEALING, PERFORMANCE, OR TRADE USAGE. LIGHTON AND ITS AFFILIATES DO NOT WARRANT THAT THE API WILL BE UNINTERRUPTED, ACCURATE OR ERROR-FREE OR SUCCEED IN RESOLVING ANY PROBLEM. YOU AGREE THAT THE USE OF THE API IS AT YOUR OWN RISK. YOU HAVE NO WARRANTY OR GUARANTEE UNDER THESE TERMS THAT THE OPERABILITY OF ANY OF YOUR APPLICATIONS RUNNING WITH THE API WILL BE MAINTAINED WITH ANY SUBSEQUENT OR GENERALLY AVAILABLE VERSIONS OF THE API OR THAT ANY VERSION OF THE API WILL EVER BE MADE AVAILABLE OR MARKETED. WE MAY DISCONTINUE PROVIDING THE API OR ACCESS TO OUR SYSTEM OR MAY CHANGE THE NATURE FEATURES, FUNCTIONS, SCOPE, OR OPERATION THEREOF, AT ANY TIME AND FROM TIME TO TIME. NEITHER WE NOR ANY OF OUR AFFILIATES OR LICENSORS WARRANT THAT THE SERVICE OFFERINGS WILL CONTINUE TO BE PROVIDED, WILL FUNCTION AS DESCRIBED, CONSISTENTLY OR IN ANY PARTICULAR MANNER, OR WILL BE UNINTERRUPTED, ACCURATE, ERROR-FREE OR FREE OF HARMFUL COMPONENTS.
(c) Limitations of Liability. NEITHER LIGHTON NOR ITS AFFILIATES OR LICENSORS WILL BE HELD RESPONSIBLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL OR EXEMPLARY DAMAGES, INCLUDING, BUT NOT LIMITED TO, DAMAGES FOR LOSS OF PROFITS, GOODWILL, USE, OR DATA OR OTHER LOSSES (EVEN IF WE HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES) IN CONNECTION WITH THESE TERMS. IN ANY CASE, LIGHTON’S AGGREGATE LIABILITY UNDER THESE TERMS SHALL BE LIMITED TO €100.
- Fees and Payments
- a) Fees. You agree to pay all fees or charges to your account (“Fees”) in accordance with the prices and billing terms in effect at the time the Fees is incurred. Except as otherwise provided in a separate agreement between you and LightOn, the current API pricing is set forth on our pricing page located at https://muse.lighton.ai/pricing. We reserve the right to correct any errors or mistakes that we identify even if we have already issued an invoice or received payment. Pricing and subscription plans may change at any time without notice. If you are already subscribed to a subscription plan you will be notified of all changes at least 30 days before the next billing date.
- b) Taxes. Unless otherwise explicitly stated, Fees do not include federal, state, local, and foreign taxes, duties, levies, imposts, withholdings, and other similar assessments or any interest and penalties thereon (“Taxes”). You are solely responsible for all Taxes associated with your purchase, excluding Taxes based on our net income. When necessary, we will invoice you for such Taxes by adding the requisite amount to your Fees. You agree to pay such Taxes in time and promptly provide us with an original receipt showing the payment, together with any additional documentary evidence that we may reasonably require. You hereby confirm that LightOn can rely on the name and address from your account registration as being the place of supply for tax purposes. You understand that you are solely responsible for keeping this information accurate and up-to-date in your Account Settings.
- c) Billing Information. You must provide your contact information, including bill-to address and email address, if applicable, as well as information for a valid payment method that you are authorized to use. Maintaining complete and accurate billing information is entirely under your responsibility.
- d) Payments. LightOn will charge your credit card or digital payment method on monthly intervals, starting from the date of your initial subscription. The day of the month of this initial subscription constitutes the “Monthly Anniversary Date” (for example if you subscribe on January 17th your “Monthly Anniversary Date” is the 17th of each subsequent month, or the next calendar day if not applicable). A “Subscription Month” is defined as the period between a “Monthly Anniversary Date” and the subsequent “Monthly Anniversary Date”. At the beginning of each “Subscription Month”, starting from your “Monthly Anniversary Date”, you are billed for the upcoming “Subscription Month” + the extra usage of API you had in the previous “Subscription Month” (not included in your monthly subscription plan). Fees are payable in Euro (€) and due upon invoice issuance. All payment obligations are non-cancelable, and all amounts paid are non-refundable except in cases for which it is stated otherwise in these Terms. Contracts can be terminated according to section 8 of these Terms. In case of termination, you are billed at the next “Monthly Anniversary Date” following termination for the extra usage of API you had in the last “Subscription Month”.
- e) Payment Authorization. By providing us with credit card information or information for any supported digital payment method, you give authorization to LightOn and its affiliates to store this information and to charge the credit card or digital payment method you have provided for the Fees when due until your account is terminated. Furthermore, you give LightOn authorization to use a third-party payment processor for payment processing. If you notify us to stop using a previously designated payment method and do not designate an alternative, your credit card expires or is declined, your payment information requires an update, or your payment cannot be completed for any other reason, your use of the API and you access to it will be suspended until we receive payment without any prior notice.
- f) Disputes and Late Payments. If you decide to dispute any Fees or Taxes, it is mandatory you notify LightOn in written form by emailing [email protected] within thirty (30) days of the date of the disputed invoice. Any undisputed amounts past due are subject to a finance charge of three times the legal interest rate in effect of the unpaid balance per month (or the highest rate permitted by law, whichever is lower) from the date such payment was due until the date paid. You will have to pay for all reasonable expenses (including attorneys’ fees) LightOn had to make for collecting past due amounts. If any amount of your Fees is past due, LightOn may suspend your API access after providing you with written notice of late payment. Any amounts due under the present Agreement shall not be withheld or offset by you against amounts due to you for any reason.
You agree to exclude, control, screen or limit (i) the regions from which your end-users may access or use any of your Applications, and (ii) the persons or organizations who are your end-users, in either case, in order to comply with all applicable laws related to Embargoed Countries or Restricted Party Lists, including any requirements or obligations to know your end-users directly. LightOn does not have the means to know and cannot be held responsible for your end-users.
- General Terms
(a) Relationship of the Parties. No partnership, joint venture or agency relationship between you and LightOn or any of LightOn’s affiliates is created by these Terms. LightOn and you are independent contractors and neither party will have the power to bind the other or to incur obligations on the other’s behalf without the other party’s prior written consent.
(b) Use of Brands. You will not use LightOn’s or any of its affiliates’ names, logos, or trademarks unless you get prior written consent from us.
(c) Assignment and Delegation. You may not assign or delegate any rights or obligations under these Terms, including in connection with a change of control. Any purported assignment and delegation shall be null and void. LightOn has the right to freely assign or delegate any rights and obligations under these Terms without notice to you.
(d) Equitable Remedies. You agree that any violation or breach of these Terms may cause irreparable harm to LightOn and its affiliates. Thus, you agree that, if you violate or breach the present Terms, LightOn will have the right to use any legal remedies that LightOn may have, including seeking injunctive relief against you.
(e) Entire Agreement. These Terms and any policies incorporated in these Terms contain the entire agreement between you and LightOn regarding the use of the API and prevail over any prior or contemporaneous agreements, communications, or understandings between you and LightOn on that subject.
(f) Jurisdiction, Venue and Choice of Law. These Terms will be governed by the laws of France. Except as provided in Section 12(j) below, all claims arising out of the present Terms will be brought exclusively in the courts of Paris, France, and you and LightOn each consent to personal jurisdiction in these courts.
(g) Notices. All notices will be given in a written form and will reference these Terms. LightOn may notify you using the registration information you provided, or the email address associated with your Application. Service will be deemed given on the date of receipt when delivered by email or on the date sent via courier when delivered by post. LightOn accepts service of process at this address:
Headquarters: 2, rue de la Bourse F-75002 Paris
Offices: 5, Impasse Reille F-75014 Paris
(h) Waiver and Severability. If you do not comply with these Terms, and LightOn does not take action right away, this does not mean that LightOn is giving up any rights it may have (such as taking action in the future). If a particular term of these Terms is invalidated or declared unenforceable by a court of competent jurisdiction, that term will be enforced to the maximum extent permissible, and it will not affect the enforceability of any other terms.
(i) Dispute Resolution. In case of a dispute, claim, or controversy arising out of the present Terms or the breach, termination, enforcement, interpretation, or validity thereof (collectively, “Disputes”), each party’s senior representatives will engage in good faith negotiations with the other party’s senior representatives to amicably resolve a Dispute (except for Disputes concerning the intellectual property of a party, which will be resolved in litigation before the courts of Paris).
(j) Class Waiver. Each party agrees that any Disputes between them must be brought against each other on an individual basis only. That means neither party can bring a Dispute as a plaintiff or class member in a class action, consolidated action, or representative action, in court, an arbitration proceeding or otherwise. If a court decides that this Section 12(j) is not enforceable or valid, then this Section 12(j) will be null and void, but the rest of the present Terms will still apply.
(k) Notice of Business Acquisitions, Combinations and Similar Transactions. If you are a corporation, limited liability company, limited partnership, trust or other entity, you are under the obligation to notify us in written form at least 30 days prior to consummating a transaction or several transactions in which you buy, sell, share or transfer one or more API keys pursuant to a business combination, acquisition, merger, joint venture, partnership transaction, purchase or sale of all or substantially all of the assets of an entity, or liquidation.
13 Personal data protection
The parties agree that it is in their common interest to explicitly determine their respective obligations with regard to personal data protection. Therefore, the parties have concluded an Annex on personal data protection (the “Data Protection Annex” or “DPA”) which is attached to the present Terms and Conditions.
ANNEX ON PERSONAL DATA PROCESSING
TO THE ATTENTION OF LIGHTON’S CUSTOMERS
This Data Processing Appendix (“DPA”) forms an integral part of the Terms and Conditions. This DPA will remain in effect as long as LightOn processes Personal Data on behalf of the customer (the “Customer”).
All capitalized terms not otherwise defined in this DPA shall have the meaning given to them in the Terms and Conditions. In the event of any inconsistency between this DPA and any provision of the Terms and Conditions, this DPA shall be deemed to be a binding agreement between LightOn and the Customer.
The terms of this DPA shall prevail only with respect to matters relating to the protection or processing of Personal Data. This DPA applies only to the extent that LightOn processes Personal Data on behalf of the Customer.
LIGHTON AND THE CUSTOMER HAVE AGREED AS FOLLOWS:
“Data Protection Legislation” means all applicable laws, rules, regulations, decisions, ordinances, regulatory guidelines and industry self-regulations relating to data protection, including the French Data Protection Act No. 78-17 dated January 6, 1978, as amended from time to time, the General Data Protection Regulation (EU) 2016/679 (“GDPR“) of the European Parliament and of the Council of April 27, 2016, as well as all equivalent laws and regulations applicable in any relevant territory, and any legislation that may replace such laws and regulations and the instruments and recommendations adopted by the competent supervisory authorities.
“Data controller”, “Data Subject”, “Personal data“, “Processing”, “Processor” and “Supervisory authority” have the meaning given to them in the GDPR.
“Customer’s Personal Data” means Personal Data provided to LightOn by the Customer or entered or uploaded for use with or through LightOn’s products by or on behalf of the Customer in accordance with the Terms and Conditions.
“Personal Data Breach” means a breach of security in the systems managed or controlled by LightOn resulting in the destruction, loss, alteration, unauthorized disclosure of, or access to, the Customer’s Personal Data.
“Sub-Processor” means any other processor engaged by LightOn to carry out Processing activities in relation to the Customer’s Personal Data in compliance with LightOn’s contractual obligations.
- ROLE OF THE PARTIES:
For the purposes of this DPA, the parties acknowledge that the Customer is the Data Controller and LightOn is the Processor of the Customer’s Personal Data.
- PROCESSING :
The Customer instructs LightOn with regard to the Processing of the Customer’s Personal Data in order for LightOn to carry out its obligations under the provisions of the Terms and Conditions and as described in this DPA, and in any event in strict compliance with Data Protection Legislation. The objective and duration of the Processing, the nature and purpose of the Processing, the types of Personal Data that LightOn will process and the categories of Data Subjects whose Personal Data will be Processed are detailed below.
a) Objective: The objective of the Processing governed by this DPA is the Processing of the Customer’s Personal Data in order to provide the services to the Customer. The services provided by LightOn to the Customer and the objectives of the Processing under this DPA are more thoroughly described in the Terms and Conditions.
b) Duration of the Processing: Personal Data Processing begin on the effective date of the Terms and Conditions and will end once the Customer’s Personal Data has been returned or destroyed
c) Purpose of the Processing: The purpose of the Processing consists in supplying the Cloud services provided by LightOn to the Customer in accordance with the Terms and Conditions and all applicable contractual documents.
d) Types of Personal Data: LightOn may process the categories of Personal Data identified in Article 4 of the GDPR, as well as any other Personal Data provided by or collected on behalf of the Customer under the Terms and Conditions.
e) Category of Data Subjects: LightOn may process Personal Data concerning the Customer’s business partners, employees and suppliers.
f) Sub-processors: Information concerning Sub-processors is made available to the Customer in Appendix 1 which lists the relevant Sub-Processors, having access to the Customer’s Personal Data. This list will be updated with information in the event of any change of Sub-processors or change in the services subscribed to by the Customer.
- OBLIGATIONS OF THE CUSTOMER
As the Data Controller, the Customer:
a) will ensure that it has a legal basis, in accordance with Article 6 of the GDPR, to process the Customer’s Personal Data in accordance with this DPA and the Terms and Conditions;
b) will provide LightOn with the name and contact details of its representative and the name and contact details of its data protection officer (if any) or any person responsible for data protection within the company;
c) will be responsible for providing the Data Subjects with an Information Notice in accordance with Articles 13 and 14 of the GDPR. The Customer shall guarantee LightOn that it has informed the Data Subjects in compliance with Articles 13 and 14 of the GDPR and shall hold LightOn harmless from any claim or administrative fine in this regard;
d) will be solely responsible for making decisions and determining: (i) the purpose and scope of the Customer’s Personal Data to be collected and processed, including which Personal Data are to be processed; (ii) the purpose and method of processing of the Customer’s Personal Data; (iii) the third parties to whom the Customer’s Personal Data are disclosed; and (iv) the period of retention of the Customer’s Personal Data;
e) will be responsible for ensuring that all Personal Data of the Customer processed by LightOn are accurate and up to date.
f) will be responsible for ensuring that all instructions it gives to LightOn regarding the Customer’s Personal Data comply with Data Protection Legislation, and LightOn shall have no liability in the case where any of the Customer’s instructions does not comply with such Data Protection Legislation.
- OBLIGATIONS OF LIGHTON
As the Data Processor, LightOn:
a) will comply with the obligations imposed to any Processor by applicable Data Protection Legislation;
b) will process the Customer’s Personal Data only on the Customer’s documented instructions, which are contained in this DPA and the Terms and Conditions, unless otherwise agreed in writing by the parties or required by law under Data Protection Legislation. Where under Data Protection Legislation, LightOn is obligated to process Personal Data other than in accordance with the Customer’s written instructions, LightOn shall notify the Customer prior to such Processing (unless applicable law prohibits such notification on important public interest grounds), unless required to do so by Union or Member State law to which the processor is subject;
c) will modify, correct or erase the Customer’s Personal Data at the Customer’s request, or allow the Customer to do any of the foregoing, except in cases where the storage of all or part of the Customer’s Personal Data is required by applicable law;
d) taking into account the nature of the Processing, will assist the Customer, at the Customer’s request, with appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of the controller’s obligation to respond to requests for the Data Subject’s rights to be exercised under the Data Protection Legislation;
e) will forward to the Customer without undue delay any request concerning Data Subjects requests which are received directly by LightOn and shall inform the Data Subject that such requests shall be sent to the Customer who is responsible for handling such requests;
f) will assist the Customer in ensuring compliance with the obligations laid down in Articles 32 to 36 of the GDPR, taking into account the nature of the Processing and the information available to LightOn;
g) will ensure that the persons authorized to process the Customer’s Personal Data have duly executed the relevant confidentiality agreements or are under an appropriate statutory obligation of confidentiality. LightOn shall ensure that such obligation of confidentiality survives the employment relationship with its staff members.
6. SUB-PROCESSORS ENGAGEMENT:
The Customer agrees to the disclosure of its Personal Data to Sub-processors and to the Processing of its Personal Data by Sub-processors of LightOn only to the extent necessary for LightOn to comply with its obligations under the Terms and Conditions. Details of LightOn’s Sub-processors shall be made available to the Customer in Appendix 1 which may be updated from time to time. LightOn shall be liable for the acts and omissions of its Sub-processors to the extent that it would itself be liable in respect of its processing activities hereunder or under the Terms and Conditions. LightOn shall also subject its Sub-processors to contractual obligations at least comparable to the obligations imposed on LightOn under this DPA.
If LightOn appoints a new Sub-processor from the list set out in Appendix 1 below, it shall first inform the Customer who may reasonably object. LightOn shall have the right to respond to such objection with one of the following options at its sole discretion: (a) cease using the relevant Sub-processor; (b) take such steps as the Customer may suggest resolving the objection; (c) cease providing the Customer with services involving the relevant Sub-processor, where possible. The Customer shall reimburse LightOn for all reasonable costs and efforts caused by such objection. The Customer acknowledges and agrees that it shall have no right to audit and inspect Sub-processors facilities and/or sites and that LightOn shall not be obligated to include such rights in its contracts with Sub-processors.
- DATA TRANSFERS:
LightOn guarantees that it will not transfer Customer’s Personal Data outside the European Economic Area unless instructed to do so by the Customer. If the Customer consents or has consented to such a transfer, LightOn warrants that it will comply with the applicable legal and regulatory provisions relating to the protection of Personal Data. In this respect, it guarantees, in particular, the implementation of an appropriate guarantee within the meaning of Article 46 of the GDPR, to enable the Customer and LightOn to comply with their obligations under the Data Protection Legislation.
- SECURITY MEASURES:
Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, LightOn shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, in accordance with Article 32 of the GDPR.
- RESTITUTION OR DESTRUCTION OF PERSONAL DATA:
At the choice of the Customer or when LightOn no longer needs to process the Customer’s Personal Data in order to fulfil its obligations under the Terms and Conditions, LightOn (a) shall cease all use of the Customer’s Personal Data; (b) return to the Customer or delete all Customer Personal Data and copies thereof and certify in writing that such destruction has been carried out, unless, in accordance with applicable law, LightOn is obliged to retain a copy of the Customer’s Personal Data.
The Customer may audit LightOn’s compliance with its obligations under this DPA, subject to the following:
a) The Customer may conduct audits once a year, including as a result of a Personal Data Breach;
b The Customer may use a third party to conduct an audit on its behalf, provided that the third party is not a competitor of LightOn and has signed a confidentiality agreement;
c) Audits shall be conducted during normal business hours, shall be subject to LightOn’s policies applicable to the sites concerned by the audit, such as, in particular, the internal regulations which will be communicated in advance to the Customer, and shall not unreasonably interfere with LightOn’s business activities;
d) The Customer shall provide to LightOn, on a free of charge basis, any audit report produced as a result of such audit, unless prohibited by law. The Customer may use the audit reports solely for the purpose of complying with the requirements of the Data Protection Legislation and/or confirming compliance with the provisions of this DPA. Audit reports shall be treated as confidential information of LightOn;
e) In order to request an audit, the Customer must submit a detailed audit plan to LightOn at least three (3) weeks prior to the proposed audit date. The audit plan must describe the proposed scope, duration and start date of the audit. LightOn will review the audit plan and inform the Customer of any concerns or questions (for example, any requests for information that may compromise LightOn’s confidentiality obligations or security, privacy, terms and conditions of employment or any relevant policies). LightOn shall cooperate with the Customer to agree on a final audit plan prior to the commencement of the audit;
f) Nothing in this clause requires LightOn to breach any obligation of confidentiality that LightOn has with regard to any client or employee;
g) if the scope of the audit is covered by an audit report conducted by a qualified third-party auditor within twelve (12) months of the Customer’s request for an audit and LightOn confirms that there are no substantial changes in the audited scope, LightOn will forward the said audit report(s) to the Customer. The Customer accepts these conclusions in lieu of its request for an audit in respect of the matters covered by the report;
h) the Customer shall bear all costs and expenses relating to the audit carried out by the Customer. If the Customer requests additional services from LightOn in connection with the audit, such services will be chargeable and LightOn will prepare a quotation in advance for acceptance by the Customer.
- PERSONAL DATA BREACH:
With respect to any Personal Data Breach, LightOn shall notify the Customer of such Personal Data Breach without delay after becoming aware of the Personal Data Breach. This notification shall include, as a minimum, the information provided for in Article 33 (3) of the GDPR:
(a) A description of the nature of the Personal Data Breach, including, if possible, the categories and approximate number of data subjects concerned and the categories and approximate number of Personal Data records concerned;
(b) A description of the likely consequences of the Personal Data Breach;
(c) A description of the measures taken or proposed to be taken to address the Personal Data Breach, including, where appropriate, measures to mitigate its possible adverse effects.
If, and to the extent that, it is not possible to provide all information at the same time, information may be provided without further undue delay.
As a data controller, the Customer is solely responsible for the notification obligations under the Personal Data Breach in accordance with the Data Protection Legislation, including providing any required notification to the supervisory authorities and Data Subjects (where applicable).
Damages for breach of the obligations under this DPA shall be subject to ten (10) times the monthly subscription services fee paid by the Customer to LightOn.
The parties have signed this DPA through their respective authorized representatives.
BY : _____________________________
(AUTHORIZED SIGNATORY) (AUTHORIZED SIGNATORY)
(DATE OF SIGNATURE) (DATE OF SIGNATURE)
APPENDIX 1 – LIST OF AUTHORIZED SUB-PROCESSORS:
- STRIPE (Payment)
- HubSpot (Mailing)
- Google Cloud Platform (Data Center)