Egyéb – Carmen Cloud https://carmencloud.com Tue, 13 May 2025 14:03:16 +0000 en-US hourly 1 https://wordpress.org/?v=7.0.1 https://carmencloud.com/wp-content/uploads/2023/12/cropped-carmen_cloud_favicon-32x32.png Egyéb – Carmen Cloud https://carmencloud.com 32 32 Service Level Agreement https://carmencloud.com/service-level-agreement/ https://carmencloud.com/service-level-agreement/#respond Fri, 06 Dec 2024 09:19:06 +0000 http://carmencloud.ar.local/?p=722

								

Carmen Cloud Service Level Agreement (SLA)

Definitions:

  • Service”: For the purposes of this Service Level Agreement (the “SLA”), the term “Service” refers to the Carmen Cloud solution, which includes both the Carmen Recognition Service (a cloud-based image processing service) and the License Service.
  • Request”: A “Request” is an invocation of a Service function by directly calling the Vehicle API or Transport API, or analyzing an image with Carmen engines that validate usage permissions through the License Service.
  • “Error”: An “Error” is defined as any Request that:
    • In the case of API calls, results in an error response with a status code of 500 or higher (excluding errors with a 504 status code returned by AWS ApiGateway for requests exceeding the permitted size), or
    • In the case of using the Carmen engine, results in an NNC_LOCK error caused by an internal error in the License Service.
  • Availability”: Availability is calculated for each 5-minute interval as the percentage of Requests processed by the Service that do not fail with Errors and pertain solely to the provisioned Service functions. If no Requests are made during a given 5-minute interval, that interval is assumed to have 100% Availability.
  • Monthly Uptime Percentage”: The Monthly Uptime Percentage is calculated as the average Availability across all 5-minute intervals in a monthly billing cycle. The calculation excludes downtime directly or indirectly caused by any SLA Exclusions.
  • A “Service Credit”: A “Service Credit” refers to a monetary credit (in dollars or euros), calculated as detailed below, which may be applied to an eligible account.

Service Commitment

Adaptive Recognition Nordic A/S will use commercially reasonable efforts to maintain a Monthly Uptime Percentage of at least 99.95% for the Service during any monthly billing cycle (the “Service Commitment”). If the Service fails to meet this Service Commitment, you may be eligible to receive Service Credits as described below.

Service Credits

Service Credits are calculated as a percentage of the total charges paid for the Service during the monthly billing cycle in which the Monthly Uptime Percentage falls within the ranges specified below:

Monthly Uptime Percentage

Service Credit Percentage

Less than 99.95% but greater than or equal to 99.0%

10%

Less than 99.0% but greater than or equal to 95.0%

25%

Less than 95.0%

100%

  • Service Credits are applied exclusively to future Service payments.
  • They do not entitle you to refunds or any other payments from Adaptive Recognition Nordic A/S.
  • Credits are issued only if their value for the applicable monthly billing cycle exceeds one dollar ($1 USD).
  • Service Credits cannot be transferred or applied to other accounts.
  • Unless explicitly stated otherwise in the Agreement, Service Credits constitute the sole and exclusive remedy for unavailability. Recognition/detection accuracy is not part of the present SLA.

Credit Request and Payment Procedures

To receive Service Credits, you must submit a claim through the ATSS Support system. The claim must meet the following criteria:

  1. The words “SLA Credit Request” in the subject line;
  2. Specify the billing cycle for which Service Credits are requested, along with:
  • The calculated Monthly Uptime Percentage for the cycle.
  • Specific dates, times, and Availability metrics for each 5-minute interval with less than 100% Availability.
  1. Provide supporting logs that document the errors for your claimed outage. This includes:
  • Logs of requests sent to the Vehicle API and Transport API (REST APIs), detailing the request structure and corresponding responses (or absence of responses).
  • Any client-side logs capturing API interaction details. Ensure any sensitive or confidential information in these logs is redacted or replaced with asterisks.

Claims must be submitted no later than the end of the second billing cycle following the incident. If the Monthly Uptime Percentage in your claim is confirmed to be below the Service Commitment, Service Credits will be issued within one billing cycle after the claim is processed. Failure to provide all required information as specified above will disqualify you from receiving Service Credits.

SLA Exclusions

  1. The Service Commitment does not apply to any unavailability, suspension, termination, or performance issues caused by: The words “SLA Credit Request” in the subject line;
  2. Issues or errors on the user side, including but not limited to:
  • Security misconfigurations (e.g., improperly managed user roles, insufficiently secured API endpoints).
  • Network misconfigurations (e.g., incorrect firewall settings, improper routing of API traffic, or DNS errors).
  • Local network outages or Internet connection issues on the client’s side.
  • Use of invalid, revoked, or expired API keys.
  • Overloaded client-side systems that fail to handle API responses in a timely manner.
  • Incorrect API calls or malformed requests that do not conform to the Service documentation.
  • Failure to update client applications to align with changes in Service functionality or endpoints.
  • Deliberate misuse or overloading of the Service, such as sending excessive or unnecessary requests.
  • Any unapproved modifications to the Service integration (e.g., altering API connection settings without consultation).
  1. Your failure to adhere to Service documentation or guidelines.
  2. Issues originating from your equipment, software, or technology.
  3. Suspension or termination of your Service access in accordance with the Agreement (“Terms of Use”).
]]>
https://carmencloud.com/service-level-agreement/feed/ 0
Data Processing Agreement https://carmencloud.com/data-processing-agreement/ Tue, 12 Dec 2023 07:18:17 +0000 http://10.0.11.18/2023/12/12/data-processing-agreement/

 

For the purposes of Article 28(3) of Regulation 2016/679 (the „GDPR”)

between

Adaptive Recognition Nordic A/S’ customers at all times

(the „data controller”)

and

Adaptive Recognition Nordic A/S

(the „data processor”)

Company registration no. DK40343229
Ørestads Boulevard 73
DK-2300 København S.
Denmark

(each a „party”; together „the parties”)

HAVE AGREED on the following Contractual Clauses (the Clauses) in order to meet the requirements of the GDPR and to ensure the protection of the rights of the data subject.

1. Preamble

1.1. These Contractual Clauses (the Clauses) set out the rights and obligations of the data controller and the data processor, when processing personal data on behalf of the data controller.

1.2. The Clauses have been designed to ensure the parties’ compliance with Article 28(3) of the GDPR of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).

1.3. In connection with the parties’ agreement on the data controller’s access and use of the data processor’s services described in the data processor’s Terms of Use (the „Main Agreement”), the data processor will process personal data on behalf of the data controller in accordance with the Clauses.

1.4. The Clauses forms an integral part of the parties’ Main Agreement. However, the Clauses shall take priority over any similar provisions contained in other agreements between the parties.

1.5. Four appendices are attached to the Clauses and form an integral part of the Clauses.

1.6. Appendix A contains details about the processing of personal data, including the purpose and nature of the processing, type of personal data, categories of data subject and duration of the processing.

1.7. Appendix B contains the data controller’s conditions for the data processor’s use of sub-processors and a list of sub-processors authorised by the data controller.

1.8. Appendix C contains the data controller’s instructions with regards to the processing of personal data, the minimum security measures to be implemented by the data processor and how audits of the data processor and any sub-processors are to be performed.

1.9. Appendix D contains provisions for other activities which are not covered by the Clauses.

1.10. The Clauses along with appendices shall be retained in writing, including electronically, by both parties.

1.11. The Clauses shall not exempt the data processor from obligations to which the data processor is subject pursuant to the General Data Protection Regulation (the GDPR) or other legislation.

2. The rights and obligations of the data controller

2.1. The data controller is responsible for ensuring that the processing of personal data takes place in compliance with the GDPR (see Article 24 GDPR), the applicable EU or Member State data protection provisions and the Clauses.

2.2. The data controller has the right and obligation to make decisions about the purposes and means of the processing of personal data.

2.3. The data controller shall be responsible, among other, for ensuring that the processing of personal data, which the data processor is instructed to perform, has a legal basis.

3. The data processor acts according to instructions

3.1. The data processor shall process personal data only on documented instructions from the data controller, unless required to do so by Union or Member State law to which the processor is subject. Such instructions shall be specified in appendices A and C.

3.2. Subsequent instructions can also be given by the data controller throughout the duration of the processing of personal data, but such instructions shall always be documented and kept in writing, including electronically, in connection with the Clauses.

3.3. The data processor shall immediately inform the data controller if instructions given by the data controller, in the opinion of the data processor, contravene the GDPR or the applicable EU or Member State data protection provisions.

4. Confidentiality

4.1. The data processor shall only grant access to the personal data being processed on behalf of the data controller to persons under the data processor’s authority who have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality and only on a need to know basis. The list of persons to whom access has been granted shall be kept under periodic review. On the basis of this review, such access to personal data can be withdrawn, if access is no longer necessary, and personal data shall consequently not be accessible anymore to those persons.

4.2. The data processor shall at the request of the data controller demonstrate that the concerned persons under the data processor’s authority are subject to the abovementioned confidentiality.

5. Security of processing

5.1. Article 32 GDPR stipulates that, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the data controller and data processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk.

The data controller shall evaluate the risks to the rights and freedoms of natural persons inherent in the processing and implement measures to mitigate those risks. Depending on their relevance, the measures may include the following:

    a. Pseudonymisation and encryption of personal data;

    b. the ability to ensure ongoing confidentiality, integrity, availability and resilience of processing systems and services;

    c. the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;

    d. a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.

5.2. According to Article 32 GDPR, the data processor shall also – independently from the data controller – evaluate the risks to the rights and freedoms of natural persons inherent in the processing and implement measures to mitigate those risks. To this effect, the data controller shall provide the data processor with all information necessary to identify and evaluate such risks.

5.3. Furthermore, the data processor shall assist the data controller in ensuring compliance with the data controller’s obligations pursuant to Articles 32 GDPR, by inter alia providing the data controller with information concerning the technical and organisational measures already implemented by the data processor pursuant to Article 32 GDPR along with all other information necessary for the data controller to comply with the data controller’s obligation under Article 32 GDPR.

If subsequently – in the assessment of the data controller – mitigation of the identified risks requires further measures to be implemented by the data processor, than those already implemented by the data processor pursuant to Article 32 GDPR, the data controller shall specify these additional measures to be implemented in Appendix C.

6. Use of sub-processors

6.1. The data processor shall meet the requirements specified in Article 28(2) and (4) GDPR in order to engage another processor (a sub-processor).

6.2. The data processor shall therefore not engage another processor (sub-processor) for the fulfilment of the Clauses without the prior general written authorisation of the data controller.

6.3. The data processor has the data controller’s general authorisation for the engagement of sub-processors. The data processor shall inform in writing the data controller of any intended changes concerning the addition or replacement of sub-processors at least 14 days in advance, thereby giving the data controller the opportunity to object to such changes prior to the engagement of the concerned sub-processor(s). Longer time periods of prior notice for specific sub-processing services can be provided in Appendix B. The data processor will notify the data controller of any changes in sub-processors in the same manner as the data processor provides notice of changes to the Terms of Use that applies for the Services. The data controller can only make reasonable and relevant objections against such changes, provided that such objection is received within 14 days from the data processor publishing the updated list of sub-processors. If the data processor continues to wish to use a sub-processor that the data controller has objected to, the parties have the right to terminate the Clauses and the Services with the notice stipulated in the Terms of Use. During this period the data controller cannot require that the data processor do not use the sub-processor in question. The list of sub-processors already authorised by the data controller can be found in Appendix B.

6.4. Where the data processor engages a sub-processor for carrying out specific processing activities on behalf of the data controller, the same data protection obligations as set out in the Clauses shall be imposed on that sub-processor by way of a contract or other legal act under EU or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the Clauses and the GDPR.

The data processor shall therefore be responsible for requiring that the sub-processor at least complies with the obligations to which the data processor is subject pursuant to the Clauses and the GDPR.

6.5. A copy of such a sub-processor agreement and subsequent amendments shall – at the data controller’s request – be submitted to the data controller, thereby giving the data controller the opportunity to ensure that the same data protection obligations as set out in the Clauses are imposed on the sub-processor. Clauses on business related issues that do not affect the legal data protection content of the sub-processor agreement, shall not require submission to the data controller.

6.6. The data processor shall agree a third-party beneficiary clause with the sub-processor where – in the event of bankruptcy of the data processor – the data controller shall be a third-party beneficiary to the sub-processor agreement and shall have the right to enforce the agreement against the sub-processor engaged by the data processor, e.g. enabling the data controller to instruct the sub-processor to delete or return the personal data.

6.7. If the sub-processor does not fulfil his data protection obligations, the data processor shall remain fully liable to the data controller as regards the fulfilment of the obligations of the sub-processor. This does not affect the rights of the data subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the data controller and the data processor, including the sub-processor.

7. Transfer of data to third countries or international organisations

7.1. Any transfer of personal data to third countries or international organisations by the data processor shall only occur on the basis of documented instructions from the data controller and shall always take place in compliance with Chapter V GDPR.

7.2. In case transfers to third countries or international organisations, which the data processor has not been instructed to perform by the data controller, is required under EU or Member State law to which the data processor is subject, the data processor shall inform the data controller of that legal requirement prior to processing unless that law prohibits such information on important grounds of public interest.

7.3. Without documented instructions from the data controller, the data processor therefore cannot within the framework of the Clauses:

    a. transfer personal data to a data controller or a data processor in a third country or in an international organization

    b. transfer the processing of personal data to a sub-processor in a third country

    c. have the personal data processed in by the data processor in a third country

7.4. The data controller’s instructions regarding the transfer of personal data to a third country including, if applicable, the transfer tool under Chapter V GDPR on which they are based, shall be set out in Appendix C.5.

7.5. The Clauses shall not be confused with standard data protection clauses within the meaning of Article 46(2)(c) and (d) GDPR, and the Clauses cannot be relied upon by the parties as a transfer tool under Chapter V GDPR.

8. Assistance to the data controller

8.1. Taking into account the nature of the processing, the data processor shall assist the data controller by appropriate technical and organisational measures, insofar as this is possible, in the fulfilment of the data controller’s obligations to respond to requests for exercising the data subject’s rights laid down in Chapter III GDPR.

This entails that the data processor shall, insofar as this is possible, assist the data controller in the data controller’s compliance with:

    a. the right to be informed when collecting personal data from the data subject

    b. the right to be informed when personal data have not been obtained from the data subject

    c. the right of access by the data subject

    d. the right to rectification

    e. the right to erasure (‘the right to be forgotten’)

    f. the right to restriction of processing

    g. notification obligation regarding rectification or erasure of personal data or restriction of processing

    h. the right to data portability

    i. the right to object

    j. the right not to be subject to a decision based solely on automated processing, including profiling

8.2. In addition to the data processor’s obligation to assist the data controller pursuant to Clause 5.3, the data processor shall furthermore, taking into account the nature of the processing and the information available to the data processor, assist the data controller in ensuring compliance with:
   a. The data controller’s obligation to without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the competent supervisory authority, The Danish Data Protection Agency, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons;

    b. the data controller’s obligation to without undue delay communicate the personal data breach to the data subject, when the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons;

    c. the data controller’s obligation to carry out an assessment of the impact of the envisaged processing operations on the protection of personal data (a data protection impact assessment);

    d. the data controller’s obligation to consult the competent supervisory authority, The Danish Data Protection Agency, prior to processing where a data protection impact assessment indicates that the processing would result in a high risk in the absence of measures taken by the data controller to mitigate the risk.

8.3. The parties shall define in Appendix C the appropriate technical and organisational measures by which the data processor is required to assist the data controller as well as the scope and the extent of the assistance required. This applies to the obligations foreseen in Clause 8.1 and 8.2.

8.4. The data controller shall remunerate the data processor for its assistance in accordance with Appendix D.

9. Notification of personal data breach

9.1. In case of any personal data breach, the data processor shall, without undue delay after having become aware of it, notify the data controller of the personal data breach.

9.2. The data processor’s notification to the data controller shall, if possible, take place within 24 hours after the data processor has become aware of the personal data breach to enable the data controller to comply with the data controller’s obligation to notify the personal data breach to the competent supervisory authority, cf. Article 33 GDPR.

9.3. In accordance with Clause 8.2(a), the data processor shall assist the data controller in notifying the personal data breach to the competent supervisory authority, meaning that the data processor is required to assist in obtaining the information listed below which, pursuant to Article 33(3)GDPR, shall be stated in the data controller’s notification to the competent supervisory authority:

    a. The nature of the personal data including where possible, the categories and approximate number of data subjects concerned, and the categories and approximate number of personal data records concerned;

    b. the likely consequences of the personal data breach;

    c. the measures taken or proposed to be taken by the controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.

10. Erasure and return of data

10.1. Upon termination of the personal data processing services, the data processor shall be under obligation to, upon request from the data controller, either delete or return all personal data processed on behalf of the data controller, as well as to delete existing copies, unless Union or Member State law requires storage of the personal data. The data controller can request the necessary documentation that such deletion has happened.

The data processor commits to exclusively process the personal data for the purposes and duration provided for by this law and under the strict applicable conditions.

11. Audit and inspection

11.1. The data processor shall make available to the data controller all information necessary to demonstrate compliance with the obligations laid down in Article 28 and the Clauses and allow for and contribute to audits, including inspections, conducted by the data controller or another auditor mandated by the data controller.

11.2. Procedures applicable to the data controller’s audits, including inspections, of the data processor and sub-processors are specified in appendices C.7. and C.8.

11.3. The data processor shall be required to provide the supervisory authorities, which pursuant to applicable legislation have access to the data controller’s and data processor’s facilities, or representatives acting on behalf of such supervisory authorities, with access to the data processor’s physical facilities on presentation of appropriate identification.

12. The parties’ agreement on other terms

12.1. The parties may agree other clauses concerning the provision of the personal data processing service specifying e.g. liability, as long as they do not contradict directly or indirectly the Clauses or prejudice the fundamental rights or freedoms of the data subject and the protection afforded by the GDPR.

12.2. Such other clauses are set out in Appendix D.

13. Commencement and termination

13.1. The Clauses shall become effective on the date of both parties’ signature.

13.2. Both parties shall be entitled to require the Clauses renegotiated if changes to the law or inexpediency of the Clauses should give rise to such renegotiation.

13.3. The Clauses shall apply for the duration of the personal data processing services. For the duration of the personal data processing services, the Clauses cannot be terminated unless other Clauses governing the personal data processing services have been agreed between the parties.

13.4. If the personal data processing services are terminated, and the personal data is deleted or returned to the data controller pursuant to Clause 10.1. and Appendix C.3., the Clauses may be terminated by written notice by either party.

Appendix A: Information about the processing

A.1. The purpose of the data processor’s processing of personal data on behalf of the data controller is:

The data processor processes personal data in connection with the delivery of Services as set out in the Main Agreement between the parties.

A.2. The data processor’s processing of personal data on behalf of the data controller shall mainly pertain to (the nature of the processing):

Recognition services related to the use of Carmen Cloud

A.3. The processing includes the following types of personal data about data subjects:

Information that can be extracted from the still images sent by the data controller to the service endpoint, e.g. license plate, image of vehicle passengers.

A.4. The data processor’s processing of personal data on behalf of the data controller may be performed when the Clauses commence. Processing has the following duration:

For as long as the Main Agreement is in force

Appendix B: Authorised sub-processors

B.1. Approved sub-processors

On commencement of the Clauses, the data controller authorises the engagement of the following sub-processors:

NAME OF THE SERVICE Company Business Reg. no ADDRESS DESCRIPTION OF PROCESSING
Web services B 186284 Amazon Web Services EMEA SARL, Luxembourg Providing serverless computing resources and temporary storage
Operation and development 01-10-049169 Adaptive Recognition Hungary Zrt., Budapest Developing and operating the Cloud Services

The data controller shall on the commencement of the Clauses authorise the use of the abovementioned sub-processors for the processing described for that party. The data processor shall not be entitled – without the data controller’s explicit written authorisation – to engage a sub-processor for a ‘different’ processing than the one which has been agreed upon or have another sub-processor perform the described processing.

Appendix C: Instruction pertaining to the use of personal data

C.1. The subject of/instruction for the processing

The data processor’s processing of personal data on behalf of the data controller shall be carried out by the data processor performing the following:

The data processor uses Web Services (including but not limited to AWS ApiGateway, Lambda, DynamoDB, Cognito, EC2, SNS, SQS, and SSM services) to process the data controller’s images, optionally store the images and the extracted information for up to 24 hours, and/or on the instructions of the data controller, forward the stored images and information to the HTTP/HTTPS endpoint specified by the data controller.

C.2. Security of processing

The level of security shall take into account:

That the processing only involves a limited volume of personal data on each data subject. Furthermore, the personal data processed is only subject to Article 6 GDPR. No personal data subject to Article 9 GDPR on ‘special categories of personal data’ is processed.

The data processor shall hereafter be entitled and under obligation to make decisions about the technical and organisational security measures that are to be applied to create the necessary (and agreed) level of data security.

C.3. Storage period/erasure procedures

By default, personal data (still images and the information extracted from the still images sent by the data controller to the service endpoint) is only stored for the recognition process (80ms up to 500ms) after which the personal data is automatically erased by the data processor. On the instructions of the data controller, the images and the extracted information is stored for a maximum of 24 hours, and/or forwarded to the HTTP/HTTPS endpoint specified by the data controller.

C.4. Processing location

The processing of personal data under these Clauses is restricted to the following AWS availability zones, unless otherwise explicitly authorized in writing by the data controller or unless a new location is determined by the data processor to offer at least an equivalent level of technical and organizational security:

  • Frankfurt, Germany (eu-central-1)

  • Northern Virginia, USA (us-east-1)

  • Oregon, USA (us-west-2)

  • Singapore (ap-southeast-1)

By default, personal data will be processed in the region that is geographically closest to the data subject or user, as determined via AWS latency-based routing when using the standard endpoint (api.carmencloud.com). This ensures optimal performance while maintaining regional proximity.

However, customers who require strict regional data residency can enforce processing exclusively within a specific region by directing their API requests to the appropriate regional subdomain (e.g., eu-central-1.api.carmencloud.com, us-east-1.api.carmencloud.com, etc.). In these cases, personal data will not leave the selected region.

This approach provides both flexibility and control, ensuring high performance without compromising on data protection requirements.

C.5. Instruction on the transfer of personal data to third countries

On the date of entering into the Agreement and the Clauses, no instructions are given in relation to the transfer of personal data to third countries.

If the data controller does not in the Clauses or subsequently provide documented instructions pertaining to the transfer of personal data to a third country, the data processor shall not be entitled within the framework of the Clauses to perform such transfer. Setting the HTTP/HTTPS endpoint (hook URL) that can be specified by the data controller on the Temporary Storage & Hooks subpage of the Cloud Console is also considered a documented instruction.

C.6. Procedures for the data controller’s audits, including inspections, of the processing of personal data being performed by the data processor

The data controller or a representative of the data controller may annually perform physical inspection of compliance with the Clauses at the data processor’s location.

In addition to the planned inspection, the data processor may be inspected when the data controller has a reasonable and legitimate need for this.

The data controller is responsible for all expenses associated with the inspection. The data processor is, however, obliged to allocate the resources necessary (mainly time) for the data controller to carry out the inspection, but the data controller will remunerate the data processor as set out in Appendix D.

C.7. Procedures for audits, including inspections, of the processing of personal data being performed by sub-processors

The data processor or a data processor representative has access to carry out inspection, including physical inspection, at the sub-processor, when the data processor or the data controller has a reasonable and legitimate need for this.

Documentation for the inspections performed shall be sent to the data controller as soon as possible.

The data controller is responsible for all expenses associated with the inspection.

Appendix D: The parties’ terms of agreement on other subjects

D.1. Liability

The parties’ liability is governed by the Main Agreement.

The parties’ liability in damages under the Clauses is governed by the Main Agreement.

D.2. Costs

The data controller shall remunerate the data processor for the time spent in accordance with the data processor’s at all times applicable hourly rates for the data processor’s assistance as set out in clauses 8 and 11.

]]>
Privacy Policy https://carmencloud.com/privacy-policy/ Tue, 12 Dec 2023 07:18:17 +0000 http://10.0.11.18/2023/12/12/privacy-policy/

1. INTRODUCTION

Adaptive Recognition Nordic A/S (hereinafter referred to as „we”/„us”/„our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how information about you is collected, used, and disclosed by us and our subsidiaries, affiliated companies, consultants, employees. This Privacy Policy applies to information we collect when you use the Carmen Cloud EU website (the „Cloud Console”) and all Carmen Cloud EU APIs (the „Cloud APIs”, collectively the „Cloud Services”) or when you otherwise interact with us.

Contacts:
Data controller: Adaptive Recognition Nordic A/S
Address: Ørestads Boulevard 73, DK-2300 København S, Denmark
Email: dataprotection@arnordic.dk

2. USER CONSENT

By submitting or making available personal data through the Cloud Console or the Cloud APIs, you agree to the terms of this Privacy Policy and you expressly consent to the processing of your personal data in accordance with this Privacy Policy.

3. A NOTE ABOUT CHILDREN

We do not intentionally gather personal data about visitors who are under the age of 13/14. If you are under the age of 13, you are not permitted to visit the Cloud Console or use the Cloud APIs.

4. DATA PROCESSING IN RELATION TO CONTRACTS

4.1. PURPOSE OF DATA PROCESSING

We might process your personal data for the preparation, conclusion, performance and/or termination of a contract and in order to be able to contact you during the contracting period.

We collect your email address and password, first and last name, company name, phone number, and country code when you register an account on the Cloud Console.

We collect additional personal data, billing name, billing address, tax ID, and credit card information (card number, expiration date, CVC code) when you subscribe to a prepaid package on the Cloud Console.

The above data processing is considered legitimate even if the data processing is necessary before the contract is concluded to take action on the request of the person concerned.

4.2. SCOPE OF PROCESSED DATA

Information required for authentication: email address and password.

Contact information: first and last name, company name, country code, email address, phone number, information included in any email.

Financial information: billing name and address, tax ID, credit card information (card number, expiration date, CVC code).

4.3. LEGAL GROUNDS FOR PROCESSING DATA

If you enter into a contract on your own behalf, the processing of the data is for the purpose of the processing, performance and termination of the contract with you, cf. Article 6(1)(b) of the GDPR.

4.4. RETENTION TIME OF PROCESSED DATA

We process your personal data as long as the contract is in force and for a defined period after the termination of the contract.

We will retain the personal data until the deadline for enforcing legal claims in relation to a contract expires. For bookkeeping reasons we will retain the relevant data for 5 years after termination of the contract.

4.5. POSSIBLE CONSEQUENSES OF FAILURE TO PROVIDE DATA

Providing your personal data is required to establish a contractual relationship and to maintain contact with you.

If you do not provide the necessary personal data, it is not possible to fulfill the contract and/or maintain a business relationship with us.

4.6. DATA TRANSMISSION

We will not forward your personal data to third parties except in the following cases:

      a) Data processors participating in the performance of the contract (see Appendix A for the list of our data processors); or

      b) If the transmission of the data to a third party is necessary to provide you with the Cloud Services.

In addition, we use a number of third parties, which store and process personal data on behalf of us. These data processors are not entitled to use your personal data for their own purposes. We only use data processors within the EU and the EEA or countries providing a sufficient level of protection.

5. WHEN YOU VOLUNTARILY PROVIDE DATA DURING REGISTRATION

5.1. PURPOSE OF DATA PROCESSING

We collect your use case and the type of camera you mainly use when you register an account on the Cloud Console to improve our Cloud Services.

5.2. SCOPE OF PROCESSED DATA

Your use case and the type of camera you mainly use.

5.3. LEGAL GROUNDS FOR PROCESSING DATA

You have given consent to the processing of your personal data for one or more specific purposes, cf. Article 6(1)(a) of the GDPR.

5.4. RETENTION TIME OF PROCESSED DATA

We process your personal data until you close your account.

5.6. DATA TRANSMISSION

We will not forward your personal data to third parties.

6. WHEN YOU COMMUNICATE WITH US IN ANY WAY

6.1. SCOPE OF PROCESSED DATA

Contact information, e.g. name, email address, any information included in the email or in the feedback form of the Cloud Console, phone number, country, company name and/or purpose of visit.

6.2. LEGAL GROUNDS FOR PROCESSING DATA

Communication with you can be based on either a consent, e.g. when you subscribe for newsletters or any other promotional activity, cf. Article 6(1)(a) of the GDPR.

The communication with you can also be for the purpose of fulfilling our contractual obligations, e.g. when updating or supporting our Cloud Services, cf. Article 6(1)(b) of the GDPR.

6.3. RETENTION TIME OF PROCESSED DATA

If the communication is regarding a contract you have entered into with us, we process your personal data as long as the contract is in force and for a defined period after the termination of the contract. We will retain the personal data until the deadline for enforcing legal claims in relation to a contract expire or 3 years after our last support service contact. For bookkeeping reasons we will retain the relevant personal data for 5 years after termination of the contract.

If you have signed up for a newsletter or any other promotional activities, we will process your personal data as long as you have consented hereto. If you withddraw your consent, we will cease to process your personal data.

6.4. POSSIBLE CONSEQUENSES OF FAILURE TO PROVIDE DATA

If you do not provide us with the required information, we will not be able to provide you with the Cloud Services that you have requested, whether it is in relation to the fulfillment of the contract or promotional activities.

If you do not provide the necessary personal data, it is not possible to fulfill the contract and/or maintain a business relationship with us.

6.5. DATA TRANSMISSION

We will not forward your personal data to third parties except in the following cases:

      a) Data processors participating in the performance of the contract (see Appendix A for the list of our data processors); or

      b) If the transmission of the data to a third party is necessary to provide you with the Cloud Services.

In addition, we use a number of third parties, which store and process personal data on behalf of us. These data processors are not entitled to use your personal data for their own purposes. We only use data processors within the EU and the EEA or countries providing a sufficient level of protection.

7. DATA PROCESSED VIA VISITING THE CLOUD CONSOLE OR USING THE CLOUD APIS

7.1. PURPOSE OF DATA PROCESSING

To make the Cloud Console and Cloud APIs more useful to you, our servers (which are hosted by a third-party service provider) collect data from you, such as browser type, operating system, Internet Protocol (IP) address (a number that is automatically assigned to your computer when you use the Internet, which may vary from session to session), domain name, and/or a date/time stamp for your visit.

We may also use Cookies (as defined below) and navigational data like Uniform Resource Locators (URL) to gather information regarding the date and time of your visit and the solutions and information for which you searched and which you viewed. Like most Internet services, we automatically gather this personal data and store it in log files each time you visit the Site or access your account on our network.

Cookies” are small pieces of information that a website sends to your computer’s hard drive while you are viewing a web site. We link the information we store in cookies to the personally identifiable information you submit while on the Cloud Console. We may use both session Cookies (which expire once you close your web browser) and persistent Cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience on the Cloud Console. Persistent Cookies can be removed by following your browser help file directions. If you choose to disable Cookies, some areas of the Cloud Console may not work properly.

The use of cookies by third-parties is not covered by our privacy statement. We do not have access or control over these cookies. Our third-party partners use cookies to improve the quality of experience when you interact with the Cloud Services.

7.2. SCOPE OF PROCESSED DATA

Browser type, operating system, Internet Protocol (IP) address, domain name, and/or time stamp for your visit, cookies and navigational data.

7.3. LEGAL GROUNDS FOR PROCESSING DATA

We might process your personal data on the basis of you consent, e.g. when we collect data through cookies, cf. Article 6(1)(a) of the GDPR.

8. SECURITY OF YOUR APPLICATION AND PERSONAL DATA – COPY OF DATA MINIMIZATION OR PRIVACY-BY-DESIGN

We are committed to protect the security of your personal data. We use a variety of industry-standard security technologies and procedures to help protect your personal data from unauthorized access, use, or disclosure. We encrypt the transmission of that information using secure socket layer technology (SSL). We also require you to enter a password to access your account information. Please do not disclose your account password to unauthorized people. Despite these measures, you should know that we cannot fully eliminate security risks associated with data, and mistakes and security breaches may happen. If you have any questions about security on the Cloud Services, you can contact us at the information above.

Personal data may only be managed for the purpose of the given data management. We ensure the security of the data. To this end, we shall take the necessary technical and organizational measures in respect of the files stored by means of IT. We shall ensure that the data security rules laid down in the relevant legislation are complied with.

We shall also ensure the security of the data, take the technical and organizational measures and establish the procedural rules set out in this Privacy Policy, which are necessary for the enforcement of the applicable legislation, data and confidentiality rules.

According to this, only employees with authorization and access code can access their computer systems, and data-related operations performed in the system can be tracked. Permissions are complete for all accessors.

Paper-based data management is performed by us in such a way that the documents stored on a paper basis are stored in a lockable cabinet, and then, in case of archiving, they are placed in a traceable paper box, a lockable warehouse.

Within the scope of our tasks related to IT protection, we shall in particular ensure:

a) Measures to protect against unauthorized access, including software and hardware protection and physical protection (access protection, network protection);

b) Measures to enable data files to be restored, including regular backups and separate, secure management of copies (mirroring, backup);

c) Protection of data files against viruses (virus protection);

d) The physical protection of data files and the devices carrying them, including protection against fire, water damage, lightning, other elemental damage, and the recoverability of damage resulting from such events (archiving, fire protection).

e) The managed data must be accessible to authorized persons (availability)

f) The authenticity and authentication of the processed data must be ensured (authenticity of data management)

g) The integrity of the data be verified (data integrity)

h) The data must be protected against unauthorized access (data confidentiality)

We provide the required level of protection during the management of the data – in particular their storage, correction, deletion – when requesting or protesting the relevant information.

Us during data management retains

a) confidentiality: it protects the information so that only those who have access to it can access it

b) integrity: protects the accuracy and completeness of the information and the method of processing,

c) availability: ensuring that, when the authorized user needs it, he/she actually has access to the information required and the means to do so.

9. DATA PROTECTION INCIDENT

We shall keep a record of any data protection incidents, indicating the facts related to the data protection incident, its effects and the measures taken to remedy it.

The possible privacy incident:

• shall be reported by the us to the Authority without delay, within 72 hours of becoming aware of it, unless the data protection incident is not likely to pose a risk to the rights and freedoms of natural persons.

• If the data protection incident is likely to pose a high risk to the rights and freedoms of natural persons, the we shall inform the data subject of the data protection incident without undue delay.

• we keep records of data protection incidents.

In the privacy incident report:

• the nature of the data protection incident, including, where possible, the categories and approximate number of data subjects and the categories and approximate number of data affected by the incident shall be described.

• the name and contact details of the Data Protection Officer or other contact person for further information shall be communicated.

• the likely consequences of the data protection incident shall be described.

• the measures taken or planned by us to remedy the data protection incident, including, where appropriate, measures to mitigate any adverse consequences arising from the data protection incident, shall be described.

If we can demonstrate, in accordance with the principle of accountability, that the data protection incident is not likely to pose a risk to the rights and freedoms of natural persons, the notification may be waived. (Eg a letter sent by the data controller to the wrong address is returned without being opened, ie no personal data was accessed by an unauthorized person.)

The data subject does not need to be informed of the data protection incident if

• we have implemented appropriate technical and organizational protection measures, and these measures have been applied to the data affected by the data protection incident (in particular measures such as the use of encryption) which make it incomprehensible to persons not authorized to access personal data the data);

• we have taken further measures following the data protection incident to ensure that the high risk to the data subject’s rights and freedoms is no longer likely to materialize;

• information would require a disproportionate effort. (In such cases, the data subject must be informed through publicly available information or a similar measure must be taken to ensure that the data subject is informed in a similarly effective manner, eg. by releasing a press statement).

10. YOUR RIGHTS

Under the rules of the GDPR, from us you can:

– request access to personal information and information about you;

– request the correction of personal data concerning you, for example if any of your personal data changes;

– request the deletion of personal data concerning you, unless, inter alia, the management of the data is necessary for the submission, enforcement or protection of legal claims;

– request restrictions on the management of personal data concerning you;

– object to the management of personal data.

10.1. RIGHT OF ACCESS, RECTIFICATION AND DELETION OF DATA

You may access or change any of your personal data in your account by enterin your profile and editing your profile within the registration portion of the Cloud Console or by sending an email to us at the email address set forth above.

You may request deletion of your account information by us by sending an email to dataprotection@arnordic.dk, but please note that we may be required (by law or otherwise) to keep this information and not delete it (or to keep this information for a certain time, in which case we will comply with your deletion request only after we have fulfilled such requirements).

When we delete account information, it will be deleted from the active database, but may remain in our archives. We will otherwise retain your information for as long as your account is active or as needed to provide you services as well as is necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

You have the right to ask the us for information on whether your personal data is being managed through the contact details provided in this Privacy Policy, and if such management is in progress, you have the right to know what personal data we have about you, on what legal basis, for what purpose of data management, for how long, and to whom, when, under what legislation did the we provide access to his personal data or to whom did it transfer your personal data; the source of your personal data (if not provided to us by you), whether we use automated decision-making and its logic, including profiling. You may also request a copy of this information as long as it does not adversely affect the rights of others.

You can request in writing, through the contact details provided in this section, that we modify, correct any of your personal data or supplement your incomplete data.

You may request in writing from us, through the contact details provided in this section, the deletion of personal data concerning you which have been managed with your consent. The request for deletion shall be rejected by us in the event that we have a legal basis for the further storage and use of the data after the withdrawal of the data subject’s consent. 

10.2. RIGHT TO RESTRICT DATA MANAGEMENT

You can request in writing through the contact details provided in this section, that your personal data be blocked by us provided that:

• You dispute the accuracy of your personal information, in which case the restriction applies to the period of time that allows you to verify the accuracy of your personal information;

• the management is unlawful and you oppose the deletion of the data and instead ask for a restriction on its use;

• we no longer need the personal data for the purpose of data management, but the data subject requests it in order to make, enforce or protect legal claims; or

• You objected to the data processing; in that case, the restriction shall apply for as long as it is established whether the legitimate grounds of we take precedence over the legitimate grounds of the data subject.

The blocking lasts as long as the reason given by the data subject requires the data to be stored. The data subject may request the blocking of the data, for example, if he or she believes that his or her application has been treated unlawfully by the Authority, but it is necessary for the official or court proceedings initiated by him or her not to be deleted by the Authority. In this case, the Authority will continue to store the personal data (such as the application) until it is requested by the authority or the court, after which the data will be deleted.

Where management is restricted, personal data may be managed, with the exception of storage, only with the consent of the data subject or for the purpose of bringing, enforcing or protecting legal claims or protecting the rights of another natural or legal person or in the important public interest of the Union or a Member State.

10.3. RIGHT TO OBJECTION

You may object to the management of data at any time, for reasons related to your own situation, through the contact details provided in section I, if you consider that we would manage your personal data improperly in connection with the purpose stated in this privacy statement. In this case, we must prove that the management of personal data is justified by compelling legitimate reasons which take precedence over the interests, rights and freedoms of the data subject or which relate to the submission, enforcement or protection of legal claims.

10.4. WITHDRAWAL OF CONSENT IN CASE OF CONSENT-BASED DATA MANAGEMENT

If we manage any of your personal data with your consent, you have the right to withdraw that consent at any time. However, the withdrawal of consent shall not affect the lawfulness of the data management carried out under the consent prior to the withdrawal.

If you consent, we will periodically send you free newsletters and emails that directly promote the use of or purchase of the Cloud Services. When you receive newsletters or promotional communications from us, you may indicate a preference to stop receiving further communications from us and you will have the opportunity to “opt-out” by following the unsubscribe instructions provided in the email you receive or by contacting us directly (please see contact information below).

Should you decide to opt-out of receiving future mailings, we may share your email address with third parties to ensure that you do not receive further communications from third parties. Despite your indicated email preferences, we may send you notices of any updates to our Terms of Use or Privacy Policy.

10.5. INFORMATION ON STATUTORY DATA MANAGEMENT

If the legal basis for the management of a personal data is the fulfillment of a legal obligation incumbent on us, in this case you are obliged to provide the given personal data. Failing this, we will not be able to fulfill our legal obligation.

10.6. INFORMATION ON CONTRACTUAL DATA MANAGEMENT

If the legal basis for the management of any of your personal data is a contract, in this case you are obliged to provide that personal data. Failing this, we will not be able to enter into a contract with you. 

11. DATA MANAGEMENT REMEDIES

11.1. AMICABLE SETTLEMENT OF THE DISPUTE

Should you have any complaints about your personal data, please first contact us at one of the contact details provided in this section in order to resolve the dispute amicably.

11.2. DATA PROTECTION AUTHORITY PROCEDURE

Anyone may, by notification to the competent data protection authority, initiate an investigation on the grounds that the management of personal data or the exercise of rights of access to public data or data of public interest or have been infringed or are in imminent danger. Any complaints regarding personal data shall be filed with the Danish Data Protection Agency, Borgergade 28, 5, 1300 Copenhagen K, on www.datatilsynet.dk

11.3. RIGHT TO GO TO COURT

In the event of a violation of his or her rights, regardless of the submission of the complaint, the data subject may apply to the competent court according to the place of residence and stay of ours. The court is acting out of turn in the case.

12. PRINCIPLES RELATING TO PROCESSING OF PERSONAL DATA

We shall comply with the data management principles set out in Article 5 of the GDPR.

We shall specify in this Privacy Policy the specific legal basis/bases and purpose/purposes of the data management.

We shall use and store the personal data provided by you lawfully, fairly and in a transparent manner only for specified purposes determined in this Privacy Policy.

The process of the personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.

The processed personal data shall be accurate and, where necessary, kept up to date. Every reasonable step must be taken by us to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.

The personal data shell be processed by us in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.

Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.

We shall be responsible for, and be able to demonstrate compliance with the provisions of this paragraph.

13. CHANGES TO THIS PRIVACY POLICY

This Privacy Policy is subject to occasional revision, and if we make any substantial changes in the way we use your personal data, we will notify you by sending you an email to the last email address you provided to us and/or by prominently posting notice of the changes on the Cloud Console.

Any material changes to this Privacy Policy will be effective upon the earlier of thirty (30) calendar days following our dispatch of an email notice to you of the changes, thirty (30) calendar days following our posting of notice of the changes on the Cloud Console, or the date that you accept the changes (e.g., by clicking an “I Accept” button or similar means).

These changes will be effective immediately for new users of the Cloud Services. Please note that at all times you are responsible for updating your data to provide us with your most current email address. In the event that the last email address that you have provided us is not valid, or for any reason is not capable of delivering to you the notice described above, our dispatch of the email containing such notice will nonetheless constitute effective notice of the changes described in the notice.

In any event, changes to this Privacy Policy may affect our use of personal data that you provided us prior to our notification to you of the changes. If you do not wish to permit changes in our use of your personal data, you must notify us prior to the effective date of the changes that you wish to deactivate your account with us. Continued use of the Site or the Services following notice of such changes shall indicate your acknowledgement of such changes and agreement to be bound by the terms and conditions of such changes.

Appendix A: Data processors

NAME OF THE SERVICE

Company Business Reg. no

ADDRESS

DESCRIPTION OF PROCESSING

Web services

B 186284

Amazon Web Services EMEA SARL, Luxembourg

Managing authentication and account information

Payment services

IE513174

Stripe Payments Europe, Limited, Ireland

Managing billing and credit card information, and subscriptions, as well as issuing invoices on behalf of us

Billing services

EIN 45-3529919

Adaptive Recognition America Corporation, 28059 US Highway 19 North, Suite 203, Clearwater, FL 33761, USA

Providing billing services for customers who register from the American continent

Customer Relationship Management

IE256796

Microsoft Ireland Operations, Limited, Ireland

Managing CRM database and email services

Technical support

01-10-049169

Adaptive Recognition Hungary Zrt., Budapest, Hungary

Providing technical support

]]>
Terms of Use https://carmencloud.com/terms-of-use/ Tue, 12 Dec 2023 07:18:17 +0000 http://10.0.11.18/2023/12/12/terms-of-use/

These Terms of Use (the „Terms of Use”) govern your access to and use of the Adaptive Recognition Nordic A/S’s (registered seat is at Ørestads Boulevard 73, DK-2300 København S. Denmark, company registration no. DK40343229, hereinafter referred to as „we”/„us”/„our”) Carmen Cloud EU website (the „Cloud Console”) and all Carmen Cloud EU APIs (the „Cloud APIs”, collectively the „Cloud Services”).

If you are using the Cloud Services on behalf of an entity, you represent and warrant that you are authorized to accept these Terms of Use on the entity’s behalf and that the entity agrees to be responsible to us if you violate these Terms of Use.

THE CLOUD SERVICES

The Cloud Services provides a platform for the use, integrate our recognition algorithms. Your right to access and use the Cloud Services is contingent upon your access and use of the Cloud Services in accordance with these Terms of Use.

ACCEPTANCE AND CHANGES

By using the Cloud Services, completing the registration process, you represent that (1) you have read, understood, and agreed to be bound by the Terms of Use, (2) you are of legal age to form a binding contract with us, and (3) you have the authority to enter into the Terms of Use personally or on behalf of the company or other organization you have named as the user, and to bind that entity to these Terms of Use. In the event you are agreeing to these Terms of Use on behalf of a company or an organization, „you” and „your” will refer to the entity you are representing.

We reserve the right at any time to modify these Terms of Use and to impose new or additional terms or conditions on your use of the Cloud Services. We will notify you by e-mail to the account advised by you of the modifications and/or new or additional terms or conditions and will revise the date at the top of the Terms of Use. If you disagree with any changes, you must stop using the Cloud Services within 30 days after receiving notice. Your continued use of the Cloud Services after the notice period will be deemed acceptance of the changes. You should review these Terms of Use prior to accessing the Cloud Services and at least when notified of changes to make sure that you understand the rights and restrictions that will apply to your use of the Cloud Services.

We reserve the right to change, suspend, remove, or disable access to the Cloud Services or any content or other materials comprising a part of the Cloud Services at any time without notice. In no event will we be liable for making these changes. We may also impose such limitation on the use of or access to certain features or portions of the Cloud Services, which are deemed strictly necessary or are due to adherence to legislation without notice or liability.

You furthermore acknowledge and accept that some aspects of the Cloud Services entail the ongoing involvement of us. If we change any part of or discontinues the Cloud Services, which we may do at our sole discretion, you may not be able to use the Cloud Services to the same extent as prior due to such change or discontinuation, and that we shall have no liability to you in such case.

YOUR ACCOUNT

You agree to provide accurate and complete information as required when you register for and make use of the Cloud Services (the „Registration Data”), subscribe to any prepaid packages (the „Financial Data”, including billing and credit card details), and you agree to update your Registration Data and Financial Data to keep it accurate and complete.

As a registered user of the Cloud Services, you will establish an account („Account”). You may not reveal your Account information to anyone else. You are solely responsible for maintaining the confidentiality and security of your Account, and for all activities that occur on or through your Account, and you agree to immediately notify us of any security breach of your Account. You accept all risks of unauthorized access and use relating to your use of the Cloud Services. We reserve the right to deny access, deactivate, or terminate your Account at our sole discretion in case of suspicious behaviour and/or misuse and we shall not be held responsible for any losses arising out of the unauthorized use of your Account. You may not assign or otherwise transfer your Account to any other person or entity.

In order to use the Clous APIs, you must obtain an appropriate API credential (an „API Key”) via registration on the Cloud Console. You may not reveal your API Key to anyone else and must keep your API Key secure. You are solely responsible for maintaining the confidentiality and security of your API Key, and for all activities that occur through the use of your API Key. You agree to immediately notify us of any security breach of your API Key. You accept all risks of unauthorized use of your API Key. We reserve the right to deny, deactivate, or terminate your API Key for any reason at our discretion and we shall not be responsible for any losses arising out of the unauthorized use of your API Key.

PRIVACY

Please ensure that you have read and understood the Privacy Policy on handling of data regarding users of the Cloud Services.

RESTRICTIONS ON USE OF CLOUD SERVICES

You are solely responsible for your conduct (and the conduct of anyone who uses the Cloud Services from your account or on your behalf) with respect to the use of the Cloud Services. Except as expressly permitted in writing by us, you will not do, and will not permit any third party to do, any of the following:

  • violate, circumvent, reverse-engineer, decompile, disassemble, or otherwise tamper with any technology, including but not limited to security technology related to the Cloud Services for any reason;

  • access or attempt to access an Account that you are not authorized to access

  • copy, adapt, hack, of reproduce the Cloud Services;

  • rent, lease, lend, sell, transfer or sublicense the Cloud Services;

  • modify, port or translate the Cloud Services;

  • remove, alter, or obscure any copyright, trademark, or other proprietary rights notice or labels on or in the Cloud Services;

  • use the Cloud Services in any manner that could interfere with, disrupt, negatively affect, or inhibit other users from fully enjoying the Cloud Services or that could damage, disable, overburden, or impair the functioning of the Cloud Services;

  • stalk, intimidate, threaten, harass, or cause discomfort to other users of the Cloud Services;

  • harvest or collect information about other users of the Cloud Services without their consent;

  • impersonate or use the Cloud Services on behalf of any person or entity or otherwise misrepresent your affiliation with a person or entity;

  • use the Cloud Services for any illegal or unauthorized purpose or engage in, encourage, or promote any illegal activity, or any activity that violates these Terms of Use; or

  • infringe or violate any of our rights.

If you violate (or are alleged to have violated) any of the foregoing restrictions, your right to use of the Cloud Services will immediately and automatically terminate, and you may have infringed our copyright or other rights. Violations of copyrights, system or network security may result in civil or criminal liability.

PRICING STRUCTURE

The pricing structure is prepaid credit packages well known for SaaS (Software as a Service) business, which are listed in detail and updated on our payment portals, that is on the AWS Marketplace and the Dashboard subpage on the Cloud Console.

YOUR DATA

Use of the Cloud Services may depend on your transmission of certain data (in conjunction with Registration Data and Financial Data, your „Data”). The processing of the Data is described in our Privacy Policy, which you accept when entering into an agreement regarding the Cloud Services.

In case we are considered a data processor, e.g. when processing license plate data on your behalf, we refer you to our Data Processing Agreement, which forms an integral part of the Terms of Use.

Except as may be stated to the contrary in the Privacy Policy or in the Data Processing Agreement, you retain all rights and ownership of your Data, and we do not claim any ownership rights of your Data.

You represent and warrant that you have the necessary rights and licenses required to provide your Data to us in connection with your use of the Cloud Services and that by providing your Data in this manner, you will not violate any intellectual property rights of third parties, confidential relationships, contractual obligations or laws.

Without limiting the generality of the foregoing, you shall provide all notices to, and obtain any consents from, any data subject as required by any applicable law including but not limited to data privacy rules established by the European General Data Protection Regulation, rule or regulation in connection with the processing of any personally identifiable information of such data subjects via the Cloud Services by us and/or you. You shall be solely responsible for ensuring that any processing of Data by us and/or you via the Cloud Services does not violate any applicable laws.

You shall not process or submit to the Cloud Services any Data that includes any:

  • „personal health information,” as defined under the Health Insurance Portability and Accountability Act;
  • government issued personal identification numbers, including Social Security numbers, driver’s license numbers and other state-issued personal identification numbers;
  • „special categories of personal data” (sensitive data), „personal data relating to criminal convictions and offences”, as defined under European Union Regulation 2016/679, including but not limited to racial or ethnic origin, political opinions, religious beliefs, trade union membership, physical or mental health or condition, sexual life, or the commission or alleged commission any crime or offense.

PROPRIETARY RIGHTS 

Except with respect to your Data and the content derived from your paid use of the Cloud Services („User Content”) , you agree that we and/or our suppliers own all rights, title and interest in the Cloud Services. The Cloud Services and any supporting technology provided for use of the Cloud Services or which you access by use of the Cloud Services are protected by copyright, trademark, and other proprietary legislation. You shall not remove, alter or obscure any copyright, trademark, service mark or other proprietary rights notices incorporated in or accompanying the Cloud Services. These terms do not grant you any right, title, or interest in any of the Cloud Services or any Content other than your Data and your User Content. These Terms of Use do not grant you any rights to use the Adaptive Recognition trademarks, logos, domain names, or other brand features or the trademarks, logos, domain names, or other brand features of our affiliates.

LIMITATION OF LIABILITY & WARRANTY EXCUSION

We provide the Cloud Services „as is” and on an „as available” basis. Your use of the Cloud Services is at your own risk. We provide the Cloud Services without express or implied warranty or condition of any kind. We also disclaim any warranties or conditions of merchantability, fitness for a particular purpose or non-infringement. We make no warranty or condition that the Cloud Services will meet your requirements or be uninterrupted, timely, secure or error-free. We make no warranty or condition that results obtained from your use of the Cloud Services will be accurate or reliable or that any errors in the Cloud Services will be corrected. We will have no responsibility for any harm to your computer system, loss or corruption of data, or other harm that results from your access to or use of the Cloud Services. No advice or information, whether oral or written, obtained by you in connection with your use of the Cloud Services shall create any warranty not expressly stated in these Terms. From time to time, We may offer new „BETA” features or tools with which users may experiment. Such features or tools are offered solely for experimental purposes and without any warranty or condition of any kind and may be modified or discontinued at any time at our sole discretion. The provisions of this section apply with full force to such features and tools. Some states do not allow the types of disclaimers in this paragraph, so they may not apply to you.

In no event to the fullest extent permitted by law will we, our affiliates, officers, employees, agents, suppliers or licensors be liable for any indirect, special, incidental, punitive, exemplary or consequential (including loss of use, data, business, or profits) damages, regardless of legal theory, whether or not we have been warned of the possibility of such damages, and even if a remedy fails of its essential purpose. Our aggregate liability for all claims relating to the Cloud Services and the Cloud Console will at all times be limited to the greater of fifty euro or the amounts you paid to us in the twelve (12) months immediately preceding the incident giving rise to the claim. The limitations of damages set forth above are fundamental elements of the basis of the bargain between us and you.

INDEMNIFICATION

You agree to indemnify and hold us, our parents, subsidiaries, affiliates, officers, agents, employees, resellers or other partners and licensors harmless from any claim, demand, loss, or damages, including attorneys’ fees, arising out of or related to your input of Data, or the use of Cloud Services in relation hereto, including but not limited to allegations that any processing of your Data by us and/or you under this Agreement violates any applicable law or regulation, or infringes the privacy or intellectual property rights of a third party, your User Content, your use of the Cloud Services, your violation of these terms, or your violation of any law.

TERMINATION

Termination of any Cloud Services includes removal of access to Cloud Services and barring of further use of the Cloud Services. Termination of all Cloud Services also includes deletion of your password and all related information, files and data associated with or inside your account, including your Credits. Upon termination of any Cloud Services, your right to use such Cloud Services will automatically terminate immediately. You understand that any termination of the Cloud Services may involve a deletion of your Data associated therewith from our live databases.

We will not have any liability whatsoever to you for any suspension or termination, including for deletion of your Data. All provisions of these Terms, which by their nature should survive, shall survive termination of the Cloud Services, including without limitation ownership provisions, warranty disclaimers and limitations of liability.

We reserve the right to suspend or cease providing the Cloud Services or any portion of the Cloud Services, at any time, with or without cause, and with or without notice. We may suspend or terminate your use of the Cloud Services if you are not complying with these Terms, or if you use the Cloud Services in any way that could cause us legal liability or disrupt others’ use of the Cloud Services. If we suspend or terminate your use, we will try to let you know in advance. If you want to terminate the Cloud Services at any time, you may do so by (a) notifying us and (b) closing your account for the Cloud Services that you use. Your written notice should be sent to our address set forth in the Notice section.

GOVERNING LAW AND VENUE

The Terms and any action related thereto shall be governed by and interpreted in accordance with Danish law.

Any dispute arising out of or in connection with these Terms of Use, including any disputes regarding the existence, validity or termination thereof, shall be settled by arbitration administrated by The Danish Institute of Arbitration in accordance with the rules of arbitration procedure adopted by The Danish Institute of Arbitration and in force at the time when such proceedings are commenced.

The place of arbitration shall be Copenhagen, Denmark. The language to be used in the arbitral proceedings shall be English.

]]>