Terms of Service

Robust Theme

Terms of Service

Effective from 25 November 2018 (Updated 20th September 2021)

 

 

 

 

1.

Agreement

1.1.

These Terms specify the agreement between You and BinderPOS Limited (“BinderPOS”) regarding the Services. They set out our obligations as a service provider and Your obligations as a customer. Please read them carefully.

1.2.

These Terms apply from the time that BinderPOS provides You with access to any Service. By clicking I have read and agree to the BinderPOS terms of use and privacy policy during the checkout process, or using the Services, You acknowledge that You have read and understood and agree to be bound by these Terms.

1.3.

If You are using the Services on behalf of another person (e.g. a business or other entity), You represent to us that You have authority to agree to these Terms on that person’s behalf and that, by agreeing to these Terms on that person’s behalf,  that person is bound by these Terms.

1.4

Capitalised terms used in these Terms have the meanings given in clause 26.2.

1.5.

The Services are provided for the length of term chosen by You when you select your plan, subject to Your right to cancel Your account or terminate the Services in accordance with clause 7 and Our right to suspend the Services or terminate this Agreement in accordance with clause 8.

1.6.

Whilst BinderPOS prohibits unauthorized conduct and content on the Services as indicated below, you may be exposed to such materials and you agree to use the Services at your own risk.

2.

Access to Services

2.1.

BinderPOS grants You the right to access and use the Services You have purchased via the Website and according to Your subscription type. This right is non-exclusive, non-transferable, and limited by and subject to this Agreement.

3.

Changes to the Services

3.1.

BinderPOS may modify the Services, the BinderPOS Software Materials and Technology and/or the manner in which the Services are delivered at any time. We will notify You if we make a significant change to the Services.

4.

Restrictions on Use

4.1.

You must only use the Services and Website for Your own lawful purposes, and in accordance with this Agreement and any notice sent by BinderPOS or condition posted on the Website.

4.2.

You must not operate or use the Services if You are under the age of 16.

4.3.

As a condition of access, when accessing and using the Services, You must:

4.3.1.

not collect or attempt to collect any information or communication about any other users of the Services including by monitoring or by intercepting any process or communication initiated by the Services;

4.3.2.

not attempt to undermine the security or integrity of BinderPOS computing systems or networks or, where the Services are hosted by a third party, that third party's computing systems and networks;

4.3.3.

not attempt to gain unauthorized access to any materials other than those to which You have been given express permission to access or to the computer system on which the Services are hosted;

4.3.4.

not transmit, or input into the Services or the Website, any files that may damage any other person's computing devices or software (including by introducing any malicious software or code);

4.3.5.

not input into the Services or the Website any content that may be offensive, or material or data in violation of any law (including data or other material protected by copyright or trade secrets which You do not have the right to use);

4.3.6.

not attempt to modify, copy, adapt, reproduce, disassemble, decompile or reverse engineer any computer programs used to deliver the Services or to operate the Website; and

4.3.7.

not grant or assign rights in the Services or the Website in any way).

4.4.

Your subscription and Our Service Fees are “per user”. The maximum number of users You are allowed to have access the Services is specified in your subscription plan. Only one person may be associated with a user account. You may swap out, delete or suspend a user, and then assign a new user to Your account but you must not exceed the number of users in any way.

5.

Fees and Payment

5.1.

The Website sets out the Service Fees. You must pay the Services Fees in advance.

5.2.

You may pay by credit card or PayPal. Late payments may result in Your account suspension and subsequent cancellation.

5.3.

No refunds will be made for partial months of service or unused subscriptions.

5.4.

All fees charged are exclusive of local sales taxes which are Your responsibility to pay.

5.5.

We may change the Services Fees at any time. Any changes will commence at the beginning of any further or renewal terms after your current subscription term.

6.

Your Account Information

6.1.

You agree to provide us with accurate and complete registration and account information and to maintain and promptly update that information in the event of any changes to ensure it is current at all times.

6.2.

You agree to keep Your login details confidential and secure and will not share them with others.

6.3.

You are solely responsible for all activity in connection with access to the Services and/or Website through your account or using your login.

6.4.

If You know or suspect that Your login information has or is likely to become used in an unauthorized way You must immediately change Your password. If You are unable to change Your password, You must immediately notify BinderPOS. We may request that you change your password(s) in connection with the Services at any time, and you will promptly comply with any such request and all reasonable directions We issue in relation to the Services.

7.

Cancellation

7.1.

You can cancel Your account and/or terminate the Services at any time by email sent to [email protected]

7.2.

If You cancel Your account or terminate the Services before the end of Your subscription term, BinderPOS will not provide any refund for any remaining prepaid period for that term.

8.

Suspension and termination

8.1.

If:

8.1.1.

You breach any of these Terms and the breach is not capable of being remedied;

8.1.2

You breach any of these Terms where the breach is capable of being remedied but You do not remedy the breach within 14 days after receiving notice of the breach;

8.1.3.

You or Your business become insolvent, go into liquidation, have a receiver or manager appointed, make any arrangement with Your creditors, or become subject to any similar insolvency event in any jurisdiction;

8.1.4.

BinderPOS has not received payment for services to You within 30 days after the due date, and You have failed to remedy the non-payment within 14 days of receiving notice of the non-payment;

8.1.5.

as determined by BinderPOS, Your use of the Services may result in material harm to BinderPOS services or any of its users;

8.1.6.

BinderPOS decides, at its sole discretion, to terminate this Agreement and/or Your use of the Services and the Website;

8.2.

then BinderPOS may, at its sole discretion:

8.2.1.

terminate this Agreement and/or Your use of the Services and the Website; or

8.2.2.

suspend for any definite or indefinite period of time, Your access to and use of the Services and the Website.

8.3.

Where We take any action under this clause 8, We will promptly notify you.

9.

Consequences of termination

9.1.

Termination of these Terms is without prejudice to any rights and obligations of the parties accrued up to and including the date of termination. On termination of this Agreement You will:

9.1.1.

remain liable for any accrued charges and amounts which become due for payment before or after termination; and

9.1.2.

immediately cease to use the Services and the Website.

9.2.

Clauses 5, 9.2, 11, 16, 17, 18, 19, 20, and 23 survive the expiry or termination of these Terms.

10.

Service Availability and Support

10.1.

BinderPOS aims to provide a Service availability of 99.99%. In the event of an outage or server access issue, BinderPOS will act to restore customer server access.

10.2.

BinderPOS aims to provide updates to card pricing twice a day. In the event of an update not occurring, BinderPOS will act to provide the update.

10.3.

While BinderPOS makes all efforts to prevent any disruption to Services during any update or upgrade, there may be times where the Services are inaccessible for a period of time.

10.4.

BinderPOS is committed to providing excellent customer service, we aim to answer most support issues within one working day but BinderPOS makes no guarantee on the period of time before support is provided.

10.5.

In the event that urgent support is required, we will do take all practical steps to assist. Email support is available 24/7, live support is available 7am-6pm, Mon-Fri based on Pacific time - GMT+12.

11.

Intellectual Property

11.1.

You acknowledge and agree that BinderPOS or its licensor is and remains the owner of, and retains all Intellectual Property Rights in the BinderPOS Materials and Technology, the Services, the Website and any derivative works of them. Except for the right to access the Services and the Website provided for in this Agreement, You do not obtain any rights in the BinderPOS Materials and Technology or the Services.

11.2.

Each party consents to the other party’s use of its brand for the purpose of promoting the use of the BinderPOS services by other potential customers. There is no charge associated with such use and use must be in accordance with any brand use guidelines notified by the owning party from time to time.

12.

Data

12.1.

As between You and BinderPOS:

12.1.1.

BinderPOS owns the rights, title, interest and Intellectual Property Rights in the BinderPOS Data. BinderPOS grants You the right, for the term of this Agreement, to access and use any BinderPOS Data that We supply to You in relation to the Services; and

12.1.2.

You own the rights, title, and interest and Intellectual Property Rights in the Customer Data. You grant BinderPOS the right to access and use the Customer Data in relation to the Services and to provide support.

12.2.

Where You incorporate or enter data into the Services You must ensure, in relation to such data, that:

12.2.1.

You collect and maintain any Personal Information in the data in compliance with Applicable Data Protection Law;

12.2.2.

You obtain any necessary third party permissions or consents;

12.2.3.

You provide an appropriate and current privacy notice;

12.2.4.

You comply with any applicable third party license terms; and

12.2.5.

the data does not incorporate any unlawful, illegal, fraudulent or harmful data

12.3.

BinderPOS does not pre-screen any content but reserves the right (but not the obligation) to refuse or remove any content available via the Services that violates our Terms.

12.4.

Subject to clause 12.5, You may export or delete the Customer Data at any time. If You delete information it will be held for 30 days and then permanently deleted.

12.5.

On Your cancellation of Your account or termination of Services in accordance with clause 7 or Our termination of this Agreement or Your access to the Services in accordance with clause 8, Your Customer Data will be held for 3 months and then permanently deleted unless applicable law requires retention. Retained data is subject to the confidentiality provisions of the Agreement.

13.

Transactions

13.1.

You may elect to enter into the purchase of goods offered by Your customers for sale through the BinderPOS services. Any transactions entered into are the sole responsibility and liability of You.

13.2.

Prior to purchasing goods offered for sale through the BinderPOS services You must confirm the seller is the legal owner of the item.

13.3.

You represent and warrant that You have the authority to sell and/or purchase the items You transact via the “Buy List” or “Trade In” feature.

13.4.

BinderPOS is not liable for any such transaction, the failure of such transaction, any negligent or wrongful act related to the transaction, or any result thereof.

13.5.

All shipping and handling charges that result from transactions are the sole responsibility of You.

13.6.

BinderPOS does not assume and shall not have any “Risk of Loss” or other obligations as it relates to the transactions. You agree that all transactions You enters into with third parties in connection with the Services will be managed exclusively through BinderPOS and You will not circumvent BinderPOS and conduct such transactions outside of the Services.

13.7.

Your customers may be given the opportunity to make binding offers to buy or sell one or more products at a specific price. You acknowledge and agree that if You utilise the “Buy” or “Sell” feature on the Services, that the purchase or sale the applicable product is binding once You and Your customer agree to a specified price.

13.8.

In the event that Your buy/sell offer is accepted through BinderPOS You must complete the agreed upon Transaction.

13.9.

By utilising the Buy List or Sell List feature of BinderPOS, You represent and warrant that the contents of Your buy list and sell list will be accurate and that You will honor the offers represented by such buy list and/or sell list.

14.

Data Processing Addendum

14.1.

The Data Processing Addendum applies to the extent that BinderPOS is processing Personal Information that is subject to the data protection laws of the European Union or the United Kingdom in the course of the performance of the Services.

15.

Security and privacy

15.1.

You agree to BinderPOS’s Privacy Policy (available here Privacy Policy) which explains how We process any Personal Information We collect for our own business purposes.

15.2.

We will endeavor to provide a secure environment to protect the integrity and security of the Services and of Your information and to prevent data loss. However, except where We are liable under the Applicable Data Protection Law, We provide no guarantee or warranty in relation to data loss or data breaches. You are responsible for backing up the Customer Data.

15.3.

In the event of a security incident or privacy breach, We will take reasonable and necessary measures and actions to mitigate the incident or breach and/or impact of its effects and We will notify You of any subsequent changes to the Website or Services.

16.

Confidentiality

16.1.

Each party's obligations under this clause will survive termination of these Terms. Unless the relevant party has the prior written consent of the other or unless required to do so by law:

16.1.1.

Each party will preserve the confidentiality of all Confidential Information of the other obtained in connection with these Terms. Neither party will, without the prior written consent of the other, disclose or make any Confidential Information available to any person, or use the same for its own benefit, other than as contemplated by these Terms.

16.1.2.

Clause 16.1.1 will not apply to any information which:

 

16.1.2.1       is or becomes public knowledge other than by a breach of this clause;

 

16.1.2.2       is received from a third party who lawfully acquired it and who is under no obligation restricting its disclosure;

 

16.1.2.3       is in the possession of the receiving party without restriction in relation to disclosure before the date of receipt from the disclosing party; or

 

16.1.2.4       is independently developed without access to the Confidential Information.

17.

Warranties

17.1.

Each party warrants:

17.1.1.

it has full power, capacity and authority to execute, deliver and perform its obligations under this Agreement; and

17.1.2.

once executed, this Agreement constitutes legal, valid and binding obligations and is enforceable in accordance with its terms.

18.

Warranty limitations

18.1.

Other than the warranties in clause 17.1, BinderPOS makes no other warranty, representation or undertaking whatsoever in respect of the Services, including that BinderPOS does not warrant that the Services or any data will meet Your requirements or that they will be suitable for any particular purpose, will be compatible with any application, program or software not specifically identified as compatible or will be secure, uninterrupted or error-free.

18.2.

To avoid doubt, all implied conditions or warranties are excluded in so far as is permitted by law, including warranties of merchantability, fitness for purpose, title and non-infringement.

18.3.

You are acquiring the Services for the purposes of a business and the Consumer Guarantees Act 1993 does not apply to this Agreement.

19.

Limitation of Liability

19.1.

Your use of the Services is at your sole risk. The Services are provided on an "as is" and "as available" basis. To the greatest extent possible in accordance with applicable laws, We specifically disclaim any liability (whether based in contract, tort, strict liability or otherwise) for any direct, indirect, incidental or consequential damages arising out of or in any way connected with the access to or use of the Services or the Website.

19.2.

In all cases where our liability is not excluded:

19.2.1.

our liability is limited to the total amount We have received from You for the Service that the liability directly relates to; and

19.2.2.

We will not be liable for any indirect, incidental, special or consequential damages, (including loss of profit, business, revenue, goodwill, anticipated savings, information or data).

19.3.

Your only right with respect to dissatisfaction or problems with the Services is to cease to access and to use the Services.

20.

Indemnity

20.1.

You indemnify BinderPOS against all claims, costs, damage and losses arising from Your breach of any of these Terms or any obligation You may have to BinderPOS, including any third party claims and any costs relating to the recovery of any fees that are due but have not been paid.

21.

Revisions

21.1.

We may amend these Terms at any time without notice, by posting the revised version on the Website, by notifying you in accordance with clause 22 or by communicating it to You through the Services). Revised terms will be effective from the time they are posted, but will not apply retroactively. Your continued use of the Services after the posting of revised terms constitutes Your acceptance of such revised terms.

22.

Notices

22.1.

BinderPOS will deliver all notices under this Agreement by email sent to the email address used by You to register for the Services. You will deliver any notice by email sent to [email protected]

23.

Data Migration Service

23.1.

BinderPOS reserves the right to refuse to complete a data migration if it considers, at its sole discretion, that the data is of insufficient quality to effectively migrate. In the event BinderPOS refuses to complete a data migration for this reason, You will receive a full refund.

23.2.

BinderPOS will only migrate images if they are able to be exported from its current system. BinderPOS will not migrate images that include the intellectual property of Your existing or previous provider(s).

23.3.

BinderPOS will only migrate clean data on its standard data migration platform.

23.4.

BinderPOS will complete data migration within seven working days of Our staff obtaining access to the data to be migrated.

23.5.

BinderPOS will communicate any issues with data quality or access to the data within two working days of obtaining access to the data.

24.

Custom design and development

24.1.

Unless agreed in writing, You will not have an exclusive right to any custom design or development.

24.2.

If a custom design or development You paid for is adopted as part of Our other services, You will be notified and You will receive BinderPOS store credit equal to the amount You paid for the custom design or development. If You are no longer a BinderPOS customer at the time the custom design or development is adopted as part of Our other services, You will surrender any store credit You would have otherwise accrued.

24.3.

Any timeframes for the custom design or development are calculated on the basis that You will communicate promptly with BinderPOS. BinderPOS reserves the right to extend the timeframes on the basis on a lack of customer communication.

24.4.

You may retain any Shopify website themes, including custom Shopify website themes, when You terminate the Services.

24.5.

You may continue to use themes from the BinderPOS theme beyond the term of this Agreement, however BinderPOS remains the owner of, and retains all Intellectual Property Rights in, the BinderPOS theme.

25.

Miscellaneous

25.1.

Entire agreement: These Terms, together with the Privacy Policy, the Data Processing Addendum where applicable, and the terms of any other notices or instructions We give to You under these Terms constitute the entire agreement between You and BinderPOS and govern your use of the Services and Website. These Terms supersede any prior agreements or earlier versions of these Terms between You and BinderPOS for the use of the Services and Website as of the effective date indicated at the beginning of these Terms.

25.2.

Delays: Neither party will be liable for any delay or failure in performance of its obligations under these Terms if the delay or failure is due to any cause outside its reasonable control. This clause does not apply to any obligation to pay money.

25.3.

No Assignment: You may not assign or transfer any rights to any other person without BinderPOS’s prior written consent.

25.4.

Waiver: The failure by any party to enforce any provisions of this agreement at any time shall not operate as a waiver of that provision in respect of the particular act or omission or any other act or omission.

25.5.

Governing law: This Agreement is governed by the laws of New Zealand, and each party irrevocably submits to the non-exclusive jurisdiction of the New Zealand courts.

25.6.

Jurisdictional Matters: If You are residing in a jurisdiction which restricts the use of internet-based applications according to age, or which restricts the ability to enter into agreements such as this Agreement according to age and You are under such a jurisdiction and under such age limit, You may not enter into this Agreement and access or use the Services. If You are residing in a jurisdiction where it is forbidden by law to offer or use software for internet communication, You may not enter into this Agreement and You may not download, access or use the Services. By entering into this Agreement, You represent that You have verified in Your own jurisdiction that Your use of the Services is allowed.

26.

Interpretation and definitions

26.1.

Interpretation: In these Terms, unless the context otherwise requires:

26.1.1.

the singular includes the plural and vice versa;

26.1.2.

a reference to materials means a reference to materials of any kind whether in the form of documentation, software or otherwise;

26.1.3.

a reference to either party includes reference to its successors and permitted assigns (and where the context so permits) its personnel and representatives;

26.1.4.

any agreement not to do a thing also constitutes an agreement not to suffer or permit or cause that thing to be done;

26.1.5.

the words “includes” and “including” are to be read as being followed by the words “without limitation”; 

26.1.6.

a reference to any documentation and the Website includes as varied or substituted; and

26.1.7.

a reference to a person includes an individual, a body corporate, an association of persons

(whether corporate or not), a trust, a government department, or any other entity.

26.2.

Defined terms:

 

Applicable Data Protection Law means all applicable data protection and privacy laws including, where applicable, data protection laws of the European Union or the United Kingdom or New Zealand privacy law.

 

BinderPOS Data means all data collected by Us or inputted by Us into a Service or supplied by Us to You that is not Customer Data.

 

BinderPOS, We and Us means BinderPOS Limited (New Zealand Registered Company number 1439564) and includes its successors and assigns, related companies, officers, directors, employees and agents.

 

BinderPOS Materials and Technology means the materials and technology used by BinderPOS in relation to the Services including design and architecture, methodologies and tools, software and products and any online documentation.

 

Customer Data means any data inputted by You or with Your authority into the Website or the Services.

 

Data Processing Addendum means the data processing addendum attached to these Terms.

 

Online Documentation means the documentation available on the Website regarding the Services and use of the Services.

 

Parties means the customer and BinderPOS.

 

Personal Information means information about an identifiable, living person, and includes personal data, personally identifiable information and equivalent information under applicable data protection and privacy laws

 

Privacy Policy means BinderPOS’s privacy policy (available here Privacy Policy).

 

Services means the software related services supplied by BinderPOS Limited under the trading name BinderPOS.

 

Terms means these Terms of Service.

 

Website means BinderPOS’s website at https://binderpos.com.

 

You means you and, if clause 1.3 applies, the other person on whose

behalf you are acting and Your has a corresponding meaning.

 

Data Processing Addendum
Agreement

 

    1. Application: This Data Processing Addendum applies to the extent that Personal Data which is subject to EU/UK Data Protection Law is Processed in the course of the performance of the Services. The Parties acknowledge and agree that with regard to such Processing of Personal Data, the customer is the Data Controller and BinderPOS is a Data Processor.
    2. Authority: If the customer is using the Services on behalf of a business, the customer represents to BinderPOS that it has authority to bind that business or entity to this Data Processing Addendum and that the business accepts this Data Processing Addendum.
    3. Personal Data: An overview of the categories of Personal Data, the types of Data Subjects, and purposes for which the Personal Data are being processed is provided in Annex 1.
    4. Definitions: Capitalised terms used in this Data Processing Addendum have the meanings given in clause 17.2.

 

 

  • Data Processing

 

    1. Data Controller’s authority: The Data Controller will, in determining the Services purchased and the Personal Data used in relation to those Services, determine the scope, purposes, and manner by which the Personal Data may be accessed or processed by the Data Processor.
    2. Restrictions on processing: The Data Processor will only process the Personal Data:
      1. on documented instructions of the Data Controller. This Data Processing Addendum constitutes the initial instructions and each use of the Services then constitutes further instructions. The Data Processor will use reasonable efforts to follow any later Data Controller instructions, as long as they are required by Applicable Data Protection Law, technically feasible and do not require changes to the Services. If the Data Processor otherwise cannot comply with an instruction or is of the opinion that an instruction infringes the GDPR or Applicable Data Protection Law, the Data Processor will immediately notify the Data Controller; or
      2. to comply with a legal obligation to which the Data Processor is subject. In such a case, the Data Processor shall inform the Data Controller of that legal obligation before processing, unless that law explicitly prohibits the furnishing of such information to the Data Controller.
    3. Customer Agreement and discretion: The Parties have entered into a Customer Agreement in order to benefit from the expertise of the Data Processor in processing the Personal Data for the purposes of the supply of the Services. The Data Processor may exercise its own discretion in the selection and use of such means as it considers necessary to pursue those purposes, subject to the requirements of this Data Processing Addendum.
    4. Data Controller warranty: The Data Controller warrants that it has all necessary rights to provide the Personal Data to the Data Processor for the Processing to be performed in relation to the Services. To the extent required by the Applicable Data Protection Law, the Data Controller is responsible for ensuring that any necessary data subject consents to this Processing are obtained, and for ensuring that a record of such consents is maintained. If such consent is revoked by the data subject, the Data Controller is responsible for removing the relevant Personal Data from the Services.

 

 

  • Confidentiality

 

    1. Personal Data confidential: The Data Processor shall:
      1. treat all Personal Data as strictly confidential;
      2. inform all its employees, agents and/or Sub-processors engaged in processing the Personal Data of the confidential nature of the Personal Data; and
      3. ensure that all such persons or parties have signed an appropriate confidentiality agreement, are otherwise bound to a duty of confidentiality, or are under an appropriate statutory obligation of confidentiality.

 

 

  • Security

 

      1. Technical and organisational measures: The Data Processor shall implement and maintain the Technical and Organisational Measures. The Data Controller agrees that it has reviewed the Technical and Organisational Measures. Each party acknowledges that it considers the Technical and Organisational Measures to be appropriate, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing, taking account all the risks that are presented by processing, in particular from a Personal Data Breach.
      2. Types of Personal Data: The Data Controller acknowledges that the Data Processor does not review the types of Personal Data collected in relation to the Services. If the Data Controller submits Personal Data to the Services that is not specified in Annex 1, the Data Controller agrees that it is responsible if the Technical and Organisational Measures do not meet the standard of appropriateness required by the GDPR or other Applicable Data Protection Law.
      3. Changes to measures: The Data Processor may change the Technical and Organisational Measures at any time without notice so long as it maintains a comparable or better level of security. The Parties will negotiate in good faith the cost, if any, to implement changes required by specific updated security requirements in Applicable Data Protection Law or by data protection authorities of competent jurisdiction.
      4. Login details: The Data Controller shall keep its login details confidential and secure and will not share them with others. If the Data Controller knows or suspects that its login information has or is likely to become used in an unauthorized way it shall immediately change its password or notify the Data Processor if it cannot change its password.
      5. Directions: The Data Controller shall promptly comply with all reasonable directions issued by the Data Processor in relation to security or the Services.

 

  • Demonstration and audit

 

    1. Demonstration: At the request of the Data Controller, the Data Processor shall make available to the controller all information necessary to demonstrate compliance with the obligations laid down in Article 28 of the GDPR and the equivalent provisions of other Applicable Data Protection Law.
    2. Audit: The Data Controller shall be entitled on giving at least 14 days’ notice to the Data Processor to carry out, or have carried out by a third party who has entered into a confidentiality agreement with the Data Processor, audits of the Data Processor ́s premises and operations as these relate to the Personal Data. The Data Processor shall cooperate with such audits carried out by or on behalf of the Data Controller and shall grant the Data Controller ́s auditors reasonable access to any premises and devices involved with the Processing of the Personal Data. The Data Processor shall provide the Data Controller and/or the Data Controller ́s auditors with access to any information relating to the Processing of the Personal Data as may be reasonably required by the Data Controller to ascertain the Data Processor ́s compliance with this Data Processing Addendum.

 

 

  • Personal Data Breach

 

    1. Notifications: The Data Processor shall notify the Data Controller without undue delay upon becoming aware of a Personal Data Breach affecting Personal Data, providing Data Controller with sufficient information to allow the Data Controller to meet any obligations to report or inform Data Subjects of the Personal Data Breach under the Applicable Data Protection Laws. Such shall contain:
      1. a description of the nature of the incident, including where possible the categories and approximate number of data subjects concerned and the categories and approximate number of Personal Data records concerned;
      2. the name and contact details of the Data Processor’s data protection officer or another contact point where more information can be obtained;
      3. a description of the likely consequences of the incident; and
      4. a description of the measures taken or proposed to be taken by the Data Processor to address the incident including, where appropriate, measures to mitigate its possible adverse effects.
    2. Co-operation: The Data Processor shall co-operate with the Data Controller and take such reasonable commercial steps as are directed by Data Controller to assist in the investigation, mitigation and remediation of each such Personal Data Breach.

 

 

  • Contracting with Sub-Processors

 

    1. Authorisation: The Data Processor lists the Sub-processors on its Website, including the name, website and role of each Sub-processor. The Data Controller authorises the engagement of such Sub-processors.
    2. Changes: Where the Data Processor removes, adds or replaces a Sub-processor, it will update the list on the Website, thereby giving the Data Controller the opportunity to object to such changes. If the Data Controller objects to such changes to the sub-processors, its sole remedy is to cancel or terminate its account or the Services.
    3. Liability: Notwithstanding authorisation by the Data Controller in accordance with this clause 7, the Data Processor shall remain fully liable vis-à-vis the Data Controller for the performance of any such subprocessor that fails to fulfil its data protection obligations.
    4. Sub-processor obligations: The Data Processor shall ensure that where it engages a Sub-processor for carrying out specific processing activities on behalf of the Data Controller, it will impose the data protection obligations as set out in this Data Protection Addendum as referred to in paragraph 3 of Article 28 of the GDPR (or the equivalent provisions of other Applicable Data Protection Law) on that Sub-processor, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the GDPR and other Applicable Data Protection Law.
    5. Transfer: The Data Processor may transfer information to multiple countries as part of providing Services. If information originates from the European Economic Area (“EEA”) the Data Processor will not transfer the information outside of the EEA unless it has taken such measures as are necessary to ensure the transfer is compliance with the EU/UK Data Protection Law.
    6. Requests from data subjects: The Data Processor shall promptly notify Data Controller if any Sub-processor receives a request from a Data Subject under any Applicable Data Protection Law in respect of Personal Data and ensure that the Sub-processor does not respond to that request except on the documented instructions of Data Controller or as required by Applicable Data Protection Laws to which the Sub-processor is subject, in which case Data Processor shall to the extent permitted by applicable laws inform Data Controller of that legal requirement before the Sub-processor responds to the request.

 

 

  • Data Transfers

 

    1. Transfers: The Data Processor shall be entitled to process Personal Data, including by using Subprocessors, outside the country in which the Data Controller is located as permitted under Applicable Data Protection Law. The Data Controller authorises such transfers. If the Data Controller objects to such transfers, its sole remedy is to cancel or terminate its account or the Services.
    2. Statutory mechanism: To the extent that the Data Controller or the Data Processor are relying on a specific statutory mechanism to normalize international data transfers that are subsequently modified, revoked, or held in a court of competent jurisdiction to be invalid, the Data Controller and the Data Processor agree to cooperate in good faith to promptly terminate the transfer or to pursue a suitable alternate mechanism that can lawfully support the transfer.

 

 

  • Returning or Destruction of Personal Data

 

    1. Deletion or destruction: The Data Processor shall at the choice of the Data Controller, delete or return all the Personal Data to the Data Controller after the end of the provision of the Services, and delete existing copies subject to clause 9.3.
    2. Return: The Data Controller agrees that return of Personal Data shall be undertaken by the Data Controller exporting the applicable Personal Data from the Services prior to any termination of the Services.
    3. Retained data: The Data Processor may retain Personal Data to the extent and for such period as required by applicable laws (for example, applicable New Zealand tax laws). The Data Processor shall ensure the confidentiality of all such retained Personal Data.
    4. Notification of third parties: The Data Processor shall notify all third parties supporting its own processing of the Personal Data of the termination of the Data Processing Addendum and shall ensure that all such third parties shall either destroy the Personal Data or return the Personal Data to the Data Controller, at the discretion of the Data Controller.

 

 

  • Assistance to Data Controller

 

    1. Technical and organisational measures: The Data Processor shall assist the Data Controller by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Data Controller’s obligation to respond to requests for exercising the data subject’s rights under EU/UK Data Protection Law.
    2. Assistance: The Data Processor shall assist the Data Controller in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR (and the equivalent provisions of other Applicable Data Protection Law) taking into account the nature of processing and the information available to the Data Processor.
    3. Impact assessments: The Data Processor shall provide reasonable assistance to the Data Controller for any data protection impact assessments, and prior consultations with Supervising Authorities or other competent data privacy authorities, which the Data Controller reasonably considers to be required by article 35 or 36 of the GDPR or equivalent provisions of any other Applicable Data Protection Law, in each case solely in relation to Processing of Personal Data by the Data Processor, and taking into account the nature of the Processing and information available to the Data Processor. The Data Processor may charge for such assistance at its standard rates.

 

 

  • Records

 

    1. Each party is responsible for its compliance with its documentation requirements in particular maintaining records of processing where required under Applicable Data Protection Law. Each party shall reasonably assist the other party in its documentation requirements, including providing the information that the other party reasonably requests (such as through use of the Services), in order to enable the other party to comply with any obligations relating to maintaining records of processing.

 

 

  • Liability

 

    1. Data subjects: The Parties agree that any Data Subject who has suffered damage as a result of any breach of this DPA may be entitled to seek compensation either from the Data Controller or the Data Processor. If the one Party has paid damages that are partly or fully attributable to the other Party, the former is entitled to claim back the relevant part of the damages from the latter.

 

 

  • Duration and Termination

 

    1. Confidentiality: Termination or expiration of this Data Processing Addendum shall not discharge the Data Processor from its confidentiality obligations pursuant to clause 3.
    2. Effective date: The Data Processor shall process Personal Data until the earlier of:
      1. the date of termination of the Customer Agreement;
      2. any date that the Data Controller instructs that Processing cease; or
      3. the return or destruction of all Personal Data in accordance with clause 9.

 

 

  • Variations

 

    1. Changes due to Applicable Data Protection Law: Either Party may propose variations to this Data Processing Addendum if it reasonably considers it to be necessary to address the requirements of any Applicable Data Protection Law. If either Party gives such notice, the Parties shall promptly discuss the proposed variations and negotiate in good faith with a view to agreeing and implementing those or alternative variations designed to address the identified requirements as soon as is reasonably practicable.
    2. Changes due to Controller instruction: Where an amendment to the Customer Agreement or this Data Protection Addendum is necessary in order to execute a Data Controller instruction to the Data Processor including to improve security measures:
      1. the Parties shall promptly discuss the proposed instruction and negotiate in good faith as soon as is reasonably practicable with a view to agreeing and implementing instruction; and
      2. if the Parties are not able to reach agreement, the Data Controller’s sole remedy is to sole remedy is to cancel or terminate its account or the Services.

 

 

  • Notices

 

    1. Contract details: Each Party will deliver all notices under this Data Processing Addendum to addresses specified in Annex 2.

 

 

  • Miscellaneous

 

    1. Conflict in terms: In the event of any conflict between this Data Processing Addendum and the Customer Agreement, this Data Processing Addendum will take precedence.
    2. Governing law: This Data Processing Addendum is governed by the laws of New Zealand, and each party irrevocably submits to the non-exclusive jurisdiction of the New Zealand courts.

 

 

  • Interpretation and definitions

 

      1. Interpretation: In these Terms, unless the context otherwise requires:
        1. the singular includes the plural and vice versa;
        2. a reference to materials means a reference to materials of any kind whether in the form of documentation, software or otherwise;
        3. a reference to either party includes reference to its respective successors in title and permitted assigns (and where the context so permits) its personnel and representatives;
        4. any agreement not to do a thing also constitutes an agreement not to suffer or permit or cause that thing to be done;
        5. the words “includes” and “including” are to be read as being followed by the words “without limitation”; and
        6. a reference to any documentation and the Website includes as varied or substituted.

 

  • Defined terms:

 

      1. Terms such as Processing and Personal Data Breach have the meaning ascribed to them in the GDPR and the equivalent laws and regulations of the United Kingdom.
      2. In addition:

Applicable Data Protection Law means all applicable data protection and privacy laws including, where applicable, EU/UK Data Protection Law or New Zealand privacy law.

BinderPOS means BinderPOS Limited (New Zealand Registered Company number 904598) and includes its successors and assigns.

Customer Agreement means the Terms of Service or, if the Parties have entered into a separate written agreement for the supply and use of the Services and the Website, that written agreement, each of which addresses the supply of Services to the customer.

Data Controller has the meaning given to “Controller” in the GDPR and the equivalent laws and regulations of the United Kingdom.

Data Processor has the meaning given to “Processor” in the GDPR and the equivalent laws and regulations of the United Kingdom.

EU/UK Data Protection Law means all laws and regulations of the European Union, its member states and the United Kingdom that apply to the Processing of Personal Data, including (where applicable) the GDPR.

GDPR means  the European Union General Data Protection Regulation 2016/679.

Parties means the customer and BinderPOS.

Personal Data means such personal data (as that term is defined in the GDPR and the equivalent laws and regulations of the United Kingdom) as is provided by the Data Controller to the Data Processor for the purposes of the Data Processor providing the Services.

Services means the software and related services supplied by BinderPOS under a Customer Agreement.

Sub-processor means a processor engaged by BinderPOS for carrying out specific processing activities on the customer’s behalf.

Technical and Organisational Measures means the technical and organisational measures outlined on the Website.

Terms of Service means the terms of service to which this Data Processing Addendum is attached.

Website means the website at www.binderpos.com

ANNEX 1: DETAILS OF PROCESSING OF COMPANY PERSONAL DATA

This Annex 1 includes certain details of the Processing of Personal Data as required by Article 28(3) GDPR and the equivalent provisions of the data protection laws of the United Kingdom.

Subject matter and duration of the Processing of Personal Data

The subject matter and duration of the Processing of the Personal Data are set out in the principal part of this Data Processing Addendum.

Categories of Data Subject to whom the Personal Data relates

Data Controller may submit Personal Data to the Services, the extent of which is determined and controlled by the Data Controller in its sole discretion, and which may include, but is not limited to Personal Data relating to the following categories of data subjects:

 

  • Data Controller’s users as authorised by Data Controller to use the Services.
  • Data Controller’s customers

 

Categories of data

Data Controller may submit Personal Data to the Services, the extent of which is determined and controlled by the Data Controller in its sole discretion, and which may include, but is not limited to the following categories of Personal Data:

 

  • Email address of authorized users
  • Email address of customers
  • Phone number of customers
  • Delivery address of customers
  • Billing address of customers
  • Order details of products and payments

 

Special categories of data/data regarding minors (if appropriate)

Data Controller may submit special categories of data or data regarding minors to the Services, the extent of which is determined and controlled by the Data Controller in its sole discretion. Such data includes, for the sake of clarity, Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and the processing of data concerning health or sex life.

Processing operations

The objective of Processing of Personal Data by data importer is the performance of the Services pursuant to the Customer Agreement.

ANNEX 2: CONTACT DETAILS

Contact information of the Data Protection Officer of the Data Processor: [email protected]

Contact information for support requests: [email protected]

All the tools you need!

Get started with BinderPOS today!

50% Complete

Two Step

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.