Login
cover-legal-2

WeAproove

Legal Agreements

Terms of Service

View or Download WeAproove Terms of Service

Privacy Policy

View or Download WeAproove Privacy Policy

Data Processing Agreement

View or Download WeAproove Data Processing Agreement

Cookie List

View or Download WeAproove Cookie List

WeAproove Terms of Service

pdf-usa

BY CLICKING THE "I ACCEPT"/I AGREE” BUTTON OR OTHERWISE ACCEPTING THESE TERMS OF SERVICE THROUGH AN ORDERING DOCUMENT THAT INCORPORATES THESE TERMS OF SERVICE, YOU AGREE TO FOLLOW AND BE BOUND BY THESE TERMS AND CONDITIONS. IF YOU ARE ACCEPTING THESE TERMS OF SERVICE ON BEHALF OF A COMPANY OR OTHER LEGAL ENTITY, YOU REPRESENT THAT YOU HAVE THE AUTHORITY TO BIND SUCH ENTITY TO THESE TERMS OF SERVICE AND, IN SUCH EVENT, “YOU” AND “YOUR” AS USED IN THESE TERMS OF SERVICE SHALL REFER TO SUCH ENTITY. IF YOU DO NOT HAVE SUCH AUTHORITY, OR IF YOU OR SUCH ENTITY DO NOT AGREE TO THESE TERMS OF SERVICE, YOU MAY NOT USE THE SERVICES.


WEAPROOVE
TERMS OF SERVICE
Version: 22 May 2020


The following are terms of a legal agreement between you ("You" or "Your") and Aproove SA, 1 Boulevard Initalis, 7000 Mons, Belgium, Crossroads bank for Enterprise number 0867.065.974 (“We” or “Aproove”). By accessing or using our services, software, websites (including browser extensions) and/or applications (“Services”), you agree to follow and be bound by the following terms and conditions ("Terms") and our Privacy Policy.

The Services may be provided to you online, in the form of a mobile and/or desktop application(s) and/or may be integrated in a third party service.

The Services allow you to perform online proofing and to upload, submit, store, share, receive, collect, capture and/or visualize your ideas, texts, graphics, videos, data, information, files, presentation decks or other content, including third party content used by you (“Your Content”).


1. APPLICABILITY

1.1. Persons who are not of the age of majority are not eligible to use the Services, and we ask that no information in relation to such persons be submitted to us.

1.2. Consumers are not eligible to use the Services. ‘Consumer’ means any natural person who, in contracts covered by this Directive, is acting for purposes which are outside his trade, business, craft or profession. By accessing the Services you are confirming that you act as a ‘trader’ (i.e. any natural person or any legal person, irrespective of whether privately or publicly owned, who is acting, including through any other person acting in his name or on his behalf, for purposes relating to his trade, business, craft or profession in relation to these Terms).

1.3. If the Services include, are used in connection with, or are integrated in the services of third parties, the terms and conditions, notice and take down policies and/or privacy and cookie policies of those third parties may apply in addition to these Terms. If you are using the Services on behalf of your employer or another organization, you are agreeing to the terms of that organization and you represent and warrant that you have the authority to do so. Aproove is not responsible for any third party services, terms and/or policies.

1.4. Aproove may revise the Terms and/or Privacy Policy at any time without notice to you. The revised Terms and/or Privacy Policy will become effective upon them being posted on Aproove’s website(s) and/or on Aproove’s mobile and/or desktop application(s), or at such later date as may be stated on the amended Terms. By continuing your use of the Services you accept the amended Terms. In case of material changes to the Terms, you will be informed prior to the change: (i) at the moment you use the Services, or (ii) by a message to the contact details you provided to us, or (iii) by a posting of the notice of the change on Aproove’s website(s) and/or on Aproove’s mobile and/or desktop application(s). In the event you don’t accept a change you can cancel your subscription.

1.5. These Terms supersede any and all prior oral and written quotations, terms, communications, agreements and understandings between you and Aproove.

2. WEAPROOVE AND WEAPROOVE+

2.1. WeAproove allows you to share your Content with others in order to perform online proofing.

2.2. To use WeAproove you have to create an account and provide us with your email address and other details.

2.3. To share your Content you need to upload it and provide us with (a limited number of) email addresses of recipient(s).

2.4. WeAproove provides the possibility to share Content up to a maximum total capacity. Uploaded Content is stored on Aproove’s servers for a limited period of time after which the ability to access the Content expires.

2.5. After the expiry period Aproove will permanently delete the uploaded files. These files will not be available nor retrievable anymore.

2.6. The basic functionality of WeAproove is (currently) free from registration and charge. We also offer WeAproove+, a paid subscription version that - compared to the free version - offers you a set of premium services and different subscription terms. You can find the current subscription options and their specific characteristics here.

2.7. Aproove reserves the right to automatically delete all Content uploaded with WeAproove+ and still available on our servers, 30 days after your WeAproove+ subscription has ended

2.8. Aproove treats Content as confidential. Recipients can access your Content and allow others to use them. You are solely responsible for the Content you upload and share.

3. PAYMENT CONDITIONS

3.1. If you use a paid subscription Service, the initial subscription term starts once the fees due have been paid in full.

3.2. We may introduce or change the fees for the Services from time to time, for which we will give you advance notice. If you have a fixed term and price subscription, that price will remain in force for the fixed term. If you do not agree with the price change, you must cancel your subscription and stop using the Services by the end of the then-current Service term. If you continue to use the Services after the price change goes into effect, you agree to pay the changed price. Fee introductions will require your prior consent and registration.

3.3. Depending on the payment method you choose, the issuer of the payment method may charge you certain fees relating to the processing of your payment.

3.4. Aproove may suspend or cancel the Services to you if a payment is not successfully settled (for instance in case of insufficient funds, expiration of credit cards, a change in payment details or otherwise). Suspension or cancellation of the Services for non-payment can result in a loss of access to and use of your account and your Content.

4. TERM AND CANCELLATION OF A SUBSCRIPTION

4.1. The initial subscription term varies depending on your choice and/or the Service it applies to.

4.2. The subscription period will be renewed automatically for the selected subscription period, unless you have cancelled your subscription on time (before the last day of your subscription).

4.3. In case of cancellation you will continue to have access to the Services until the end of your paid subscription period.

4.4. Cancellation does not give you any right to reimbursement of (part of) the subscription fee.

4.5. Upon cancellation or if a payment is not successfully settled (for instance due to expiration or insufficient funds), your account will be deactivated after the end of your subscription period. You will then not have access to your information and any Content stored using the Services. You can reactivate your subscription at any time in your account settings by making payment within four weeks after deactivation. Your subscription will then be renewed as from the day of reactivation.

4.6. If you do not reactivate your subscription within the term set out above, any of your Content stored using the Service(s) and any of your information may have been automatically and permanently deleted from our servers.

5. CONTENT OWNERSHIP, PERMISSIONS AND RESPONSIBILITY

5.1. Aproove does not claim any ownership of the Content you create, use, store or share through the Services and you are solely responsible for it. Also you are solely responsible for sharing it with the correct recipients. Any liability for damages relating to the Content lies with the individual that creates, uses, stores and/or shares it within the Services. You acknowledge that download and/or access links can be forwarded and that recipients having access to such link, can access the Content it is connected with.

5.2. Some of the Services allow you to protect Content or transfers with a password. The user is solely responsible for the confidentiality and/or the distribution of passwords.

5.3. By using the Services you warrant that you have, for any Content you create, use, store or share using the Services, all required permissions (including from copyright and other intellectual property rights owners) to distribute, sub-license, transfer, store and/or make the Content online available as part of the Services.

5.4. Aproove is not liable to you or any third party for any damages arising out of or in relation to the Content created, used, stored or shared by you within the Services, including but not limited to, copyright protected works and/or trademarks.

5.5. Aproove requires a license from you with regards to the Content FOR THE SOLE PURPOSE OF OPERATING, ENABLING, AND IMPROVING THE SERVICES. Solely for this explicit purpose and until you delete the Content from the Services, you agree and acknowledge that by using the Services, you grant us an unlimited, worldwide, royalty-free license to (i) use, host, store, scan, search, sort, index, create previews and (ii) reproduce, communicate, publish, publicly display, distribute and edit (including but not limited to scaling, cropping, adapting and translating) the Content. This licence is for the duration of the Services period plus any additional post-termination period during which Aproove provides You with access to retrieve an export file of Your Content if applicable.

6. USE OF THE SERVICES

6.1. You are responsible for identifying and authenticating all users, for approving access by such users to the Services, for controlling against unauthorized access by users, and for maintaining the confidentiality of usernames, passwords and account information. By federating or otherwise associating Your and Your users’ usernames, passwords and accounts with Aproove, You accept responsibility for the confidentiality and timely and proper termination of user records in Your local (intranet) identity infrastructure or on Your local device. Aproove is not responsible for any harm caused by Your users, including individuals who were not authorized to have access to the Services but who were able to gain access because usernames, passwords or accounts were not terminated on a timely basis in Your local identity management infrastructure or Your local device. You are responsible for all activities that occur under Your and Your users’ usernames, passwords or accounts or as a result of Your or Your users’ access to the Services, and agree to notify Aproove immediately of any unauthorized use. You agree to make every reasonable effort to prevent unauthorized third parties from accessing the Services.

6.2. You shall respect right of others, including Aproove and third parties. This includes respecting the right to privacy, corporate intelligence, business secrets and intellectual property rights, such as trademarks, copyrights, trade names and logos. You agree not to use the Services to commit, promote, enable or facilitate any unlawful or criminal acts or breach of these Terms or facilitate or promote others to do so.

6.3. You shall have sole responsibility for the accuracy, quality, integrity, legality, reliability, appropriateness and ownership of all of Your Content.

6.4. As a condition to make use of the Services you agree not to create, use, store or share any Content that: features CSAI (child sexual abuse imagery); is obscene, defamatory, libelous, slanderous, profane, indecent, discriminating, threatening, abusive, harmful, lewd, vulgar, or unlawful; promotes racism, violence or hatred; is factually inaccurate, false, misleading, misrepresenting or deceptive; you do not hold the rights to infringes, violates or misappropriates intellectual property rights, privacy rights, including data protection rights, and/or any other kind of rights; infringes on or violates any applicable law or regulation; constitutes ‘hate speech’, whether directed at an individual or a group, and whether based upon the race, sex, creed, national origin, religious affiliation, sexual orientation, language or another characteristic of such individual or group.

6.5. In addition, you agree not to: abuse, harass, stalk, intimidate, threaten, commit violence, cause damage or injury to any person or property or otherwise act unlawful, or encourage anyone else to do so; impersonate or falsely pretend affiliation with any person or entity; access any non-public areas of the Services; interfere with any access or use restrictions; use any data mining or data gathering or extraction methods, or otherwise collect information about the users of the Services; send viruses, worms, malware, ransomware, junk email, spam, chain letters, phishing emails, unsolicited messages, promotions or advertisements of any kind and for any purpose; interfere with, damage or disrupt the Services or act in a way that may do so; attempt to probe, scan, compromise or test the vulnerability of the Services or any related service, system or network or breach any security or authentication ; use automated means to access or use the Services without our permission; reverse engineer or decompile any (part) of the Services; resell, sublicence, rent, lease, offer or otherwise commercialize the Services without our permission; allow others to use your account.

6.6. Aproove has no obligation to monitor the Services or screen your Content. However, Aproove reserves the right to review the Services and Content and to monitor all use of and activity with the Services, and to remove or choose not to make available on or through the Services any Content in its sole discretion. Aproove may remove Content that is confidential or proprietary to a third party without that third party's permission. In addition to any other rights afforded to Aproove under the Terms, Aproove reserves the right, but has no obligation, to take remedial action if any material violates the restrictions in the foregoing section, including the removal or disablement of access to such material. Aproove shall have no liability to You in the event that Aproove takes such action. You agree to defend and indemnify Aproove against any claim arising out of a violation of Your obligations under this Section.


7. VIOLATION OF THE TERMS OF SERVICE

Aproove reserves the right to investigate, provide to third parties, (temporarily) block and/or permanently delete from it servers, without prior notice or liability, any Content and/or accounts or to block anyone from accessing any part of the Services, when Aproove ascertains, at its sole discretion or after receiving substantiated and valid complaints, that you breach these Terms or act in violation of any applicable law or regulation.


8. INTELLECTUAL PROPERTY RIGHTS

8.1. All intellectual property rights and/or similar rights on the Services (including the software, content, photography, graphic design, typography, portraits, logos, trademarks, trade names, domain names, copyrights and patents) are vested in Aproove and/or its licensors and you are not allowed to use, remove, modify, copy, mirror, distribute, decompile, or reverse engineer any of it in any way.

8.2. Aproove is not responsible or liable for third party content published within the Services, in-ad links to external websites or the content, products or services offered on external websites. You acknowledge and accept that all use outside the Services is at your own risk.

8.3. You will always respect and observe the good name and reputation of Aproove and ensure that your use of the Services will in no way prejudice any rights and/or the good name and reputation of Aproove and its licensors.


9. WARRANTIES, DISCLAIMERS AND EXCLUSIVE REMEDIES

9.1. APROOVE PROVIDES THE SERVICES “AS-IS”, WITHOUT ANY WARRANTY OF ANY KIND. WITHOUT LIMITING THE FOREGOING, APROOVE DOES NOT GUARANTEE THAT (A) THE SERVICES WILL BE PERFORMED ERROR-FREE OR UNINTERRUPTED, OR THAT APROOVE WILL CORRECT ALL SERVICES ERRORS, (B) THE SERVICES WILL OPERATE IN COMBINATION WITH YOUR CONTENT OR YOUR APPLICATIONS, OR WITH ANY OTHER HARDWARE, SOFTWARE, SYSTEMS, SERVICES OR DATA NOT PROVIDED BY APROOVE, AND (C) THE SERVICES WILL MEET YOUR REQUIREMENTS, SPECIFICATIONS OR EXPECTATIONS. YOU ACKNOWLEDGE THAT APROOVE DOES NOT CONTROL THE TRANSFER OF DATA OVER COMMUNICATIONS FACILITIES, INCLUDING THE INTERNET, AND THAT THE SERVICES MAY BE SUBJECT TO LIMITATIONS, DELAYS, AND OTHER PROBLEMS INHERENT IN THE USE OF SUCH COMMUNICATIONS FACILITIES. APROOVE IS NOT RESPONSIBLE FOR ANY DELAYS, DELIVERY FAILURES, OR OTHER DAMAGE RESULTING FROM SUCH PROBLEMS. APROOVE IS NOT RESPONSIBLE FOR ANY ISSUES RELATED TO THE PERFORMANCE, OPERATION OR SECURITY OF THE SERVICES THAT ARISE FROM YOUR CONTENT, YOUR APPLICATIONS OR THIRD PARTY CONTENT. APROOVE DOES NOT MAKE ANY REPRESENTATION OR WARRANTY REGARDING THE RELIABILITY, ACCURACY, COMPLETENESS, CORRECTNESS, OR USEFULNESS OF THIRD PARTY CONTENT OR SERVICES, AND DISCLAIMS ALL LIABILITIES ARISING FROM OR RELATED TO THIRD PARTY CONTENT OR SERVICES. YOUR USE OF THE SERVICES IS AT YOUR OWN RISK. YOU ACKNOWLEDGE AND AGREE THAT APROOVE IS NOT RESPONSIBLE FOR ANY DAMAGES TO THE COMPUTER SYSTEM OR MOBILE DEVICE OF YOU OR ANY THIRD PARTY THAT RESULT FROM THE USE OF THE SERVICES AND IS NOT RESPONSIBLE FOR ANY FAILURE OF THE SERVICES TO STORE, TRANSFER OR DELETE A FILE OR FOR THE CORRUPTION OR LOSS OF ANY DATA, INFORMATION OR CONTENT CONTAINED IN A FILE.

9.2. FOR ANY BREACH OF THE SERVICES WARRANTY, YOUR EXCLUSIVE REMEDY AND APROOVE’S ENTIRE LIABILITY SHALL BE THE CORRECTION OF THE DEFICIENT SERVICES THAT CAUSED THE BREACH OF WARRANTY, OR, IF APROOVE CANNOT SUBSTANTIALLY CORRECT THE DEFICIENCY IN A COMMERCIALLY REASONABLE MANNER, YOU MAY END THE DEFICIENT SERVICES AND APROOVE WILL REFUND TO YOU THE FEES FOR THE TERMINATED SERVICES THAT YOU PRE-PAID TO APROOVE FOR THE PERIOD FOLLOWING THE EFFECTIVE DATE OF TERMINATION.

9.3. TO THE EXTENT NOT PROHIBITED BY LAW, THESE WARRANTIES ARE EXCLUSIVE AND ALL OTHER WARRANTIES OR CONDITIONS, WHETHER EXPRESS OR IMPLIED, ARE EXPRESSLY EXCLUDED, INCLUDING FOR SOFTWARE, HARDWARE, SYSTEMS, NETWORKS OR ENVIRONMENTS OR FOR MERCHANTABILITY, SATISFACTORY QUALITY AND FITNESS FOR A PARTICULAR PURPOSE.

9.4. Aproove may change, terminate or expand its Services from time to time and reserves the right to limit access to or eliminate any features or functionality of the Services in its own discretion.

9.5. Some of the Services require you to register and provide us with data such as your email address, password and/or payment details. You must ensure that these are accurate and keep them updated in your account settings. You are responsible for any activity from or by your account, so you should not share your password and you should protect it carefully. Should registrations or account data appear to be misused, Aproove reserves the right to delete the account. Aproove is not liable for any loss or damage arising from the unauthorized use of your account.

9.6. Some of the Services including in paid-up subscription may be delivered under a specific service level agreement. Under such circumstances the specific service level agreement shall complement this section but shall not prejudice its application.

10. INDEMNITY AND LIABILITY

10.1. APROOVE SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, OR ANY LOSS OF REVENUE OR PROFITS, DATA, OR DATA USE. APROOVE IS NOT LIABLE FOR ANY DAMAGE OR PERSONAL INJURY RESULTING FROM ANY USE OF THE SERVICES, INCLUDING ANY (TEMPORARY) UNAVAILABILITY OR (ACCIDENTAL) REMOVAL OF YOUR CONTENT OR ACCOUNT. THE LIMITATION OF LIABILITY REFERRED TO IN THIS CLAUSE SHALL NOT APPLY IF THE LIABILITY FOR DAMAGE CAUSED BY INTENT OR GROSS NEGLIGENCE ON THE PART OF APROOVE. IN THE EVENT APROOVE IS LIABLE FOR DAMAGE UNDER MANDATORY LAW APROOVE’S AGGREGATE LIABILITY FOR ALL DAMAGES ARISING OUT OF OR RELATED TO THE USE OF THE SERVICES, WHETHER IN CONTRACT OR TORT, OR OTHERWISE, SHALL BE LIMITED TO THE TOTAL AMOUNT OF ONE HUNDRED EURO (€100) .

10.2. You will defend, indemnify and hold harmless Aproove (including its employees and affiliates) from and against any claims, incidents, liabilities, procedures, damages, losses and expenses (including legal and accounting fees), arising out of or in any way connected with your access to or use of the Services or your breach of these Terms, including any third party claims that Content created, used, stored or shared using the Services by you or through your account, infringe or violate any third party rights.

10.3. The Services may provide integration with third-party services. You acknowledge that: (i) Aproove is not responsible for any acts or omissions of such third-party services; (ii) that Aproove is not an agent of such third-party services; and (iii) your use of those services is subject to any applicable terms and conditions between you and the providers of such services.


11. DATA PROTECTION

11.1. In performing the Services, Aproove will comply with the Aproove Privacy Policy, which is available at https://www.weaproove.com/legals and incorporated herein by reference. The Aproove Privacy Policy is subject to change at Aproove’s discretion; however, Aproove policy changes will not result in a material reduction in the level of protection provided for Your personal data provided as part of Your Content during the Services period.

11.2. If applicable, the Aproove’s Data Processing Agreement for Services (the “Data Processing Agreement”), which is available at https://www.weaproove.com/legals and incorporated herein by reference, describes the parties’ respective roles for the processing and control of personal data that You provide to Aproove as part of the Services. Aproove will act as a data processor, and will act on Your instruction concerning the treatment of Your personal data residing in the Services, as specified in these Terms and the Data Processing Agreement. You agree to provide any notices and obtain any consents related to Your use of the Services and Aproove’s provision of the Services, including those related to the collection, use, processing, transfer and disclosure of personal data.

11.3. You may not provide Aproove access to health, political opinions, racial or ethnic, religious or philosophical beliefs, financials or similarly sensitive personal information that imposes specific data security obligations for the processing of such data unless specified in the order payment and Data Processing Agreement.


12. EXPORT

12.1. Local Export laws and regulations may apply to the Services. You agree that such export laws may govern Your use of the Services (including technical data) and any Services deliverables provided under these Terms, and You agree to comply with all such export laws and regulations (including “deemed export” and “deemed re-export” regulations). You agree that no data, information, software programs and/or materials resulting from Services (or direct product thereof) will be exported, directly or indirectly, in violation of these laws, or will be used for any purpose prohibited by these laws including, without limitation, nuclear, chemical, or biological weapons proliferation, or development of missile technology.

12.2. You acknowledge that the Services are designed with capabilities for You and Your users to access the Services without regard to geographic location and to transfer or otherwise move Your Content between the Services environment and other locations such as user workstations. You are solely responsible for the authorization and management of user accounts, as well as export control and geographic transfer of Your Content.

13. FORCE MAJEURE

Neither of us shall be responsible for failure or delay of performance if caused by: an act of war, hostility, or sabotage; act of God; pandemic; electrical, internet, or telecommunication outage that is not caused by the obligated party; government restrictions (including the denial or cancelation of any export, import or other license); or other event outside the reasonable control of the obligated party. We both will use reasonable efforts to mitigate the effect of a force majeure event. If such event continues for more than 30 calendar days, either of us may cancel unperformed Services upon written notice. This Section does not excuse either party’s obligation to take reasonable steps to follow its normal disaster recovery procedures or Your obligation to pay for the Services.

14. ASSIGNMENT

You may not assign any of your rights under these Terms or give or transfer the Services or an interest in them to another individual or entity. If You grant a security interest in any portion of the Services, the secured party has no right to use or transfer the Services or any deliverables. Aproove is at any time entitled to assign its rights to any of its affiliates or subsidiaries, or to any successor in interest of any business associated with the Services without your consent or any other restriction.

15. OTHER

15.1. Aproove is an independent contractor and we agree that no partnership, joint venture, or agency relationship exists between us. We each will be responsible for paying our own employees, including employment related taxes and insurance. You shall defend and indemnify Aproove against liability arising under any applicable laws, ordinances or regulations related to Your termination or modification of the employment of any of Your employees in connection with any Services under these Terms. You understand that Aproove’s business partners and other third parties, including any third party firms retained by You to provide consulting or implementation services or applications that interact with the Services, are independent of Aproove and are not Aproove’s agents. Aproove is not liable for, bound by, or responsible for any problems with the Services arising due to, any acts of any such business partner or third party, unless the business partner or third party is providing Services as an Aproove subcontractor on an engagement ordered under these Terms and, if so, then only to the same extent as Aproove would be responsible for Aproove resources under these Terms.

15.2. If any of these Terms is found to be invalid or unenforceable, the remaining provisions will remain effective and such term shall be replaced with another term consistent with the purpose and intent of these Terms.

15.3. A failure by either Party at any time to require the performance of any obligation hereunder or enforce any provision hereof shall neither be construed as a waiver of any right or remedy hereunder nor in any way affect the validity of these Terms or any part hereof. No waiver shall be effective unless given in writing, and no waiver of a breach of these Terms shall constitute a waiver of any preceding or subsequent breach.

16. ENTIRE AGREEMENT

16.1. You agree that these Terms and the information which is incorporated into these Terms by written reference (including reference to information contained in a URL or referenced policy) is the complete agreement for the Services ordered by You and supersedes all prior or contemporaneous agreements or representations, written or oral, regarding such Services.

16.2. It is expressly agreed that these Terms shall supersede the terms in any purchase order, procurement internet portal, or other similar non-Aproove document and no terms included in any such purchase order, portal, or other non-Aproove document shall apply to the Services ordered. In the event of any inconsistencies between the terms of any other contractual document (including but not limited to service level agreement, privacy policy, specifications) and these Terms, these Terms shall take precedence; however, unless expressly stated otherwise, the terms of the Data Processing Agreement shall take precedence over any inconsistent terms in these Terms.

16.3. No third party beneficiary relationships are created by these Terms.

17. APPLICABLE LAW AND JURISDICTION

17.1. The Terms (including matters of construction, enforcement, and performance) and any claim, controversy, non-contractual obligations or dispute arising under, related to or in connection with these Terms, the relationship of the parties to these Terms, and/or the interpretation and enforcement of the rights, duties and obligations of the parties to these Terms shall be governed by and construed in accordance with the laws of Belgium (without regards to its choice of laws principles that would require the application of the laws of another jurisdiction).

17.2. You and Aproove agree to the exclusive jurisdiction of the Brussels courts located in Belgium, and agree to submit to the exercise of personal jurisdiction of such courts for the purposes of any applicable claim or action.





***

WeAproove Privacy Policy

pdf-usa

WHAT THIS POLICY COVERS

Your privacy is important to us, and so is being transparent about how we collect, use, and share information about you. This policy is intended to help you understand:

  1. What information we collect about you
  2. How we use information we collect
  3. How we share information we collect
  4. How we store and secure information we collect
  5. How to access and control your information
  6. How we transfer information we collect internationally
  7. Why and how are cookies used
  8. Other important privacy information

This Privacy Policy covers the information we collect about you when you use our products or services, or otherwise interact with us (for example, by attending our premises or events or by communicating with us), unless a different policy is displayed. 

Aproove, we and us refers to Aproove SA, Aproove Technologies Inc. and any of our corporate affiliates.  We refer to all our products, services and websites as "Services" in this policy.  

This policy also explains your choices surrounding how we use information about you, which include how you can object to certain uses of information about you and how you can access and update certain information about you.  If you do not agree with this policy, do not access or use our Services or interact with any other aspect of our business. 

Where we provide the Services under contract with an organization (for example, your employer) that organization controls the information processed by the Services. For more information, please see Notice to End Users below. This policy does not apply to the extent we process personal information in the role of a processor on behalf of such organizations.

1.  WHAT INFORMATION WE COLLECT ABOUT YOU

We collect information about you when you provide it to us, when you use our Services, and when other sources provide it to us, as further described below. 

 Information you provide to us

We collect, process and store information about you when you input it into the Services or otherwise provide it directly to us, such as :

  • Contact information: your name and your email address or the email address of the recipient(s).
  • Information about yourself: location, phone number, city etc.
  • Preferences: for example language settings or interests.
  • Content and metadata: you may choose to upload or create Content which contains all sorts of personal information about you and others. Such Content also contains a filename, size and filetype.
  • Personal messages: the ones you send to people along with sharing your files.

Account and Profile Information: We collect information about you when you register for an account, create or modify your profile, set preferences, sign-up for or make purchases through the Services. For example, you provide your contact information and, in some cases, billing information, when you register for the Services. You also have the option of adding a display name, profile photo, job title, and other details to your profile information to be displayed in our Services.  We keep track of your preferences when you select settings within the Services.

Content you provide through our Services: When you use our Services we collect and store content that you post, send, receive and share. This content includes any information about you that you may choose to include. Content also includes the files and links you upload to the Services. If you use a server or data center version of the Services, we do not host, store, transmit, receive or collect information about you (including your Content), except in limited cases, where permitted by your administrator: we collect feedback you provide directly to us through the Services and; we collect content using analytics techniques that hash, filter or otherwise scrub the information to exclude information that might identify you or your organization; and we collect clickstream data about how you interact with and use features in the Services. Server and data center administrators can disable our collection of this information from the Services via the administrator settings or prevent this information from being shared with us by blocking transmission at the local network level.

Content you provide through our websites: The Services also include our websites owned or operated by us. We collect other content that you submit to these websites, which include social media or social networking websites operated by us. For example, you provide content to us when you provide feedback or when you participate in any interactive features, surveys, contests, promotions, sweepstakes, activities or events. 

Information you provide through our support channels: The Services also include our customer support, where you may choose to submit information regarding a problem you are experiencing with a Service.  Whether you designate yourself as a technical contact, open a support ticket, speak to one of our representatives directly or otherwise engage with our support team, you will be asked to provide contact information, a summary of the problem you are experiencing, and any other documentation, screenshots or information that would be helpful in resolving the issue.

Payment Information:  We collect payment and billing information when you register for certain paid Services.  For example, we ask you to designate a billing representative, including name and contact information, upon registration.  You might also provide payment information, such as payment card details, which we collect via secure payment processing services (Stripe).

Information we collect automatically when you use the Services: We collect information about you when you use our Services, including browsing our websites and taking certain actions within the Services, such as

Your use of the Services: We keep track of certain information about you when you visit and interact with any of our Services. This information includes the features you use; the links you click on; the type, size and filenames of attachments you upload to the Services; frequently used search terms; how you interact with others on the Services.  We also collect information about the teams and people you work with and how you work with them, like who you collaborate with and communicate with most frequently.  If you use a server or data center version of the Services, the information we collect about your use of the Services is limited to clickstream data about how you interact with and use features in the Services, in addition to content-related information described in "Content you provide through our products," above.  Server and data center administrators can disable our collection of this information from the Services via the administrator settings or prevent this information from being shared with us by blocking transmission at the local network level.

Device and Connection Information: We collect information about your computer, phone, tablet, or other devices you use to access the Services. This device information includes your connection type and settings when you install, access, update, or use our Services. We also collect information through your device about your operating system, browser type, IP address, URLs of referring/exit pages, device identifiers, and crash data. We use your IP address and/or country preference in order to approximate your location to provide you with a better Service experience.  How much of this information we collect depends on the type and settings of the device you use to access the Services.  Server and data center Service administrators can disable collection of this information via the administrator settings or prevent this information from being shared with us by blocking transmission at the local network level.  

Cookies and Other Tracking Technologies: Aproove and our third-party partners, such as our advertising and analytics partners, use cookies and other tracking technologies (e.g., web beacons, device identifiers and pixels) to provide functionality and to recognize you across different Services and devices.

Information we receive from other sources: We receive information about you from other Service users, from third-party services, from our related companies, social media platforms, public databases, and from our business and channel partners. We may combine this information with information we collect through other means described above. This helps us to update and improve our records, identify new customers, create more personalized advertising and suggest services that may be of interest to you.

Other users of the Services: Other users of our Services may provide information about you when they submit content through the Services.  We also receive your email address from other Service users when they provide it in order to invite you to the Services.  Similarly, an administrator may provide your contact information when they designate you as the billing or technical contact on your company's account or when they designate you as an administrator.

Other services you link to your account: We receive information about you when you or your administrator integrate third-party apps or link a third-party service with our Services. For example, if you create an account or log into the Services using your Google credentials, we receive your name and email address as permitted by your Google profile settings in order to authenticate you. You or your administrator may also integrate our Services with other services you use, such as to allow you to access, store, share and edit certain content from a third-party through our Services.  For example, you may authorize our Services to access, display and store files from a third-party document-sharing service within the Services interface. Or you may authorize our Services to connect with a third-party calendaring service or to sync a contact list or address book so that your meetings and connections are available to you through the Services, so you can invite others to collaborate with you on our Services or so your organization can limit access to certain users. Your administrator may also authorize our Services to connect with a third party reporting service so your organization can review how the Services are being used. The information we receive when you link or integrate our Services with a third-party service depends on the settings, permissions and privacy policy controlled by that third-party service. You should always check the privacy settings and notices in these third-party services to understand what data may be disclosed to us or shared with our Services.

Aproove companies:  We receive information about you from Approve affiliated companies.

Aproove Partners:  We work with a global network of partners who provide consulting, implementation, training and other services around our products.  Some of these partners also help us to market and promote our Services, generate leads for us, and resell our Services.  We receive information from these partners, such as billing information, billing and technical contact information, company name, what Services you have purchased or may be interested in, evaluation information you have provided, what events you have attended, and what country you are in.

Other Partners: We receive information about you and your activities on and off the Services from third-party partners, such as advertising and market research partners who provide us with information about your interest in and engagement with, our Services and online advertisements.  

Third Party Providers: We may receive information about you from third party providers of business information and publicly available sources (like social media platforms), including physical mail addresses, job titles, email addresses, phone numbers, intent data (or user behavior data), IP addresses and social media profiles, for the purposes of targeted advertising of products that may interest you, delivering personalized communications, event promotion, and profiling.

2.  HOW WE USE INFORMATION WE COLLECT

How we use the information we collect depends in part on which Services you use, how you use them, and any preferences you have communicated to us.  Below are the specific purposes for which we use the information we collect about you.

  • To provide the Services and personalize your experience: We use information about you to provide the Services to you, including to process transactions with you, authenticate you when you log in, provide customer support, and operate, maintain, and improve the Services. Our Services also include tailored features that personalize your experience, enhance your productivity, and improve your ability to collaborate effectively with others by automatically analyzing the activities of your team to provide search results, activity feeds, notifications, connections and recommendations that are most relevant for you and your team. To opt out of this personalization, please contact privacy@aproove.com. 
  • Customer support: We use your information to resolve technical issues you encounter, to respond to your requests for assistance, to analyze crash information, and to repair and improve the Services. Where you give us express permission to do so, we share information with a third party expert for the purpose of responding to support-related requests.

  • Account & billing: creating and upholding your personal account for example to facilitate your address book and to enable you to access your Content across different devices, facilitating payment of your subscription fee and perform accounting, auditing & billing activities.

  • For safety and security: We use information about you and your Service use to verify accounts and activity, to detect, prevent, and respond to potential or actual security incidents and to monitor and protect against other malicious, deceptive, fraudulent or illegal activity, including violations of Terms of Service.

  • For research and development: We are always looking for ways to make our Services smarter, faster, secure, integrated, and useful.  We use information and collective learnings (including feedback) about how people use our Services to troubleshoot, to identify trends, usage, activity patterns, and areas for integration and to improve our Services and to develop new products, features and technologies that benefit our users and the public.

  • To market, promote and drive engagement with the Services: We use your contact information and information about how you use the Services to send promotional communications that may be of specific interest to you, including by email and by displaying Aproove ads on other companies' websites and applications. These communications may be informed by audits of interactions (like counting ad impressions), and are aimed at driving engagement and maximizing what you get out of the Services, including information about new features, survey requests, newsletters, and events we think may be of interest to you.  We also communicate with you about new Services, product offers, promotions, and contests.  You can control whether you receive these communications as described below under "Opt-out of communications."

  • To protect our legitimate business interests and legal rights: Where required by law or where we believe it is necessary to protect our legal rights, interests and the interests of others, we use information about you in connection with legal claims, compliance, regulatory, and audit functions, and disclosures in connection with the acquisition, merger or sale of a business.

  • To communicate with you about the Services: We use your contact information to send transactional communications via email and within the Services, including confirming your purchases, reminding you of subscription expirations, responding to your comments, questions and requests, providing customer support, and sending you technical notices, updates, security alerts, and administrative messages. We send you email notifications when you or others interact with you on the Services. We also provide tailored communications based on your activity and interactions with us.  We also send you communications as you onboard to a particular Service to help you become more proficient in using that Service. These communications are part of the Services and in most cases you cannot opt out of them.  If an opt out is available, you will find that option within the communication itself or in your account settings.  
  • With your consent: We use information about you where you have given us consent to do so for a specific purpose not listed above. For example, we may publish testimonials or featured customer stories to promote the Services, with your permission.   

Legal bases for processing (for EEA users):

If you are an individual in the European Economic Area (EEA), we collect and process information about you only where we have legal ground for doing so under applicable EU laws.  Each processing activity has a valid legal ground, which is described below.

  • Contractual obligations with you: regarding the activities and purposes mentioned under 1, 2, 3, 8 and 9. We need to process personal information to offer our Services through our websites and mobile apps, to provide (technical) support and to bill your subscription fee.
  • Legal obligations: regarding the activities and purposes under 3, 4 and 7. We are legally obliged to process your personal information for accounting purposes, to respond to legal requests and NTD or DMCA requests.
  • Consent: (partially) regarding activities and purposes mentioned under 2 (e.g. accessing your Content for support), 6 (except when we communicate direct marketing in relation to our own and similar Services to you as a paid user) and 8.
  • Legitimate interests: (partially) regarding activities and purposes under 1, 3 and 7 (e.g. to provide cross device access). For the purposes mentioned under 4 in order to provide safe Services, to prevent fraud and react against illegal use of our Services. For our innovative interests as mentioned under 5. And finally for our (direct) marketing, brand interests under 6 and legal & compliance interests as stated under 7. When we use your personal information based on our or a third party’s legitimate interest, we will make sure to balance your rights and freedoms against said legitimate interest. If, to the extent applicable, you wish to object to the activities based on our legitimate interest and there’s no opt-out available in your account settings or received communication, please contact privacy@aproove.com.

If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place.  Where we are using your information because we or a third party (e.g. your employer) have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using the Services.

3.  HOW WE SHARE INFORMATION WE COLLECT

We make collaboration tools, and we want them to work well for you.  This means sharing information through the Services and with certain third parties.  We share information we collect about you in the ways discussed below, including in connection with possible business transfers. We are not in the business of selling information about you to advertisers or other third parties.

  • Service Providers: We work with third-party service providers to provide website and application development, hosting, maintenance, backup, storage, virtual infrastructure, payment processing, analysis and other services for us, which may require them to access or use information about you. If a service provider needs to access information about you to perform services on our behalf, they do so under close instruction from us, including appropriate security and confidentiality procedures designed to protect your information.

  • Sharing with third parties: We share information with third parties that help us operate, provide, improve, integrate, customize, support and market our Services.

  • Sharing with other Service users: When you use the Services, we share certain information about you with other Service users.

  • For collaboration: You can create content, which may contain information about you, and grant permission to others to see, share, edit, copy and download that content based on settings you or your administrator (if applicable) select. Some of the collaboration features of the Services display some or all of your profile information to other Service users when you share or interact with specific content.  

  • Managed accounts and administrators: If you register or access the Services using an email address with a domain that is owned by your employer or organization or associate that email address with your existing account, and such organization wishes to establish an account or site, certain information about you including your name, profile picture, contact info, content and past use of your account may become accessible to that organization’s administrator and other Service users sharing the same domain. If you are an administrator for a particular site or group of users within the Services, we may share your contact information with current or past Service users, for the purpose of facilitating Service-related requests. 

  • Aproove Partners: We work with third parties who provide consulting, sales, support, and technical services to deliver and implement customer solutions around the Services. We may share your information with these third parties in connection with their services, such as to assist with billing and collections, to provide localized support, and to provide customizations. We may also share information with these third parties where you have agreed to that sharing.

  • Third Party Apps: You, your administrator or other Service users may choose to add new functionality or change the behavior of the Services by installing third party apps within the Services. Doing so may give third-party apps access to your account and information about you like your name and email address, and any content you choose to use in connection with those apps.  If you are an administrator, or a technical or billing contact listed on an account, we share your details with the third-party app provider upon installation. Third-party app policies and procedures are not controlled by us, and this privacy policy does not cover how third-party apps use your information. We encourage you to review the privacy policies of third parties before connecting to or using their applications or services to learn more about their privacy and information handling practices. If you object to information about you being shared with these third parties, please uninstall the app.

  • Links to Third Party Sites: The Services may include links that direct you to other websites or services whose privacy practices may differ from ours. If you submit information to any of those third party sites, your information is governed by their privacy policies, not this one. We encourage you to carefully read the privacy policy of any website you visit.

  • Social Media Widgets: The Services may include links that direct you to other websites or services whose privacy practices may differ from ours. Your use of and any information you submit to any of those third-party sites is governed by their privacy policies, not this one.

  • Third-Party Widgets: Some of our Services contain widgets and social media features. These widgets and features collect your IP address, which page you are visiting on the Services, and may set a cookie to enable the feature to function properly. Widgets and social media features are either hosted by a third party or hosted directly on our Services. Your interactions with these features are governed by the privacy policy of the company providing it.
  • With your consent: We share information about you with third parties when you give us consent to do so. For example, we often display personal testimonials of satisfied customers on our public websites. With your consent, we may post your name alongside the testimonial.

  • Compliance with Enforcement Requests and Applicable Laws; Enforcement of Our Rights: In exceptional circumstances, we may share information about you with a third party if we believe that sharing is reasonably necessary to (a) comply with any applicable law, regulation, legal process or governmental request, including to meet national security requirements, (b) enforce our agreements, policies and terms of service, (c) protect the security or integrity of our products and services, (d) protect Aproove, our customers or the public from harm or illegal activities, or (e) respond to an emergency which we believe in good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person.
  • Sharing with affiliated companies: We share information we collect with affiliated companies and, in some cases, with prospective affiliates. Affiliated companies are companies owned or operated by us.  The protections of this privacy policy apply to the information we share in these circumstances.

  • Business Transfers: We may share or transfer information we collect under this privacy policy in connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. You will be notified via email and/or a prominent notice on the Services if a transaction takes place, as well as any choices you may have regarding your information.

4.  HOW WE STORE AND SECURE INFORMATION WE COLLECT

Information storage and security

We use industry standard technical and organizational measures to secure the information we store.

We make sure that personal information is only accessible by those who need access to do their job and that they are properly authorised. That means we keep logs of who has access to personal information, we limit the amount of people that have access and we make sure that personal information can only be read, copied, modified or removed by properly authorised staff. We monitor internal activity to ensure the safety and accuracy of personal information.

Aproove staff is required to conduct themselves in a manner consistent with the company’s guidelines regarding confidentiality, ethics, and appropriate usage of personal information. Staff is required to sign a confidentiality agreement.

During an upload, while it is stored on our servers and during a download, Content is encrypted and only sent over a secure connection (https). The servers we use to store your Content for you are GDPR compliant and secure.

While we implement safeguards designed to protect your information, no security system is impenetrable and due to the inherent nature of the Internet, we cannot guarantee that information, during transmission through the Internet or while stored on our systems or otherwise in our care, is absolutely safe from intrusion by others.

If you use our server or data center Services, responsibility for securing storage and access to the information you put into the Services rests with you and not Aproove. We strongly recommend that server or data center users configure SSL to prevent interception of information transmitted over networks and to restrict access to the databases and other storage points used.

How long we keep information

How long we keep information we collect about you depends on the type of information, as described in further detail below.  Aproove retains your personal information as long as its necessary to provide our Services to you (e.g. upholding your user account), to conduct our business activities and fulfill our legitimate interests, such as providing safe and secure services, to fix bugs and to reach out to you, to comply with applicable laws (e.g. retaining financial information for 7 years for tax purposes) and legal requests and to resolve (legal) disputes. After such time, we will either delete or anonymize your information or, if this is not possible (for example, because the information has been stored in backup archives), then we will securely store your information and isolate it from any further use until deletion is possible. 

  • Account information: We retain your account information for as long as your account is active and a reasonable period thereafter in case you decide to re-activate the Services. We also retain some of your information as necessary to comply with our legal obligations, to resolve disputes, to enforce our agreements, to support business operations, and to continue to develop and improve our Services. Where we retain information for Service improvement and development, we take steps to eliminate information that directly identifies you, and we only use the information to uncover collective insights about the use of our Services, not to specifically analyze personal characteristics about you. 

  • Your Content: The Content you create, use, store or share on our Services is, in principle, retained until you stop interacting with our Service(s), when you delete your Content from the Service(s), when you delete the Service(s) from your device(s) or when you delete your account. Always check out the website(s) or app(s) of the Service(s) you use for specific information. When using WeAproove your Content will be deleted 7 days after initial download, unless you have a WeAproove+ account in which case your Content is stored for the duration of your account and 30 days after the expiration of the account . After this period, a file is automatically deleted from our servers. The personal information that accompanies your Content upload is kept for a maximum of 12 months. Such personal information is only accessible to very few people within Aproove, those that need it to perform their job, for example to provide you with support. When data is older than 12 months, we scrub it from the database, pseudonymise or anonymise it for analysis. Pseudonomising your personal information means that we do not use your email address or IP address for analytical purposes, but create a random pseudonym for both and use that pseudonym instead. That way we don’t have to handle directly identifiable personal information, which is privacy-friendly.

  • Managed accounts: If the Services are made available to you through an organization (e.g., your employer), we retain your information as long as required by the administrator of your account. For more information, see "Managed accounts and administrators" above.

  • Marketing information: If you have elected to receive marketing emails from us, we retain information about your marketing preferences for a reasonable period of time from the date you last expressed interest in our Services, such as when you last opened an email from us or ceased using your Aproove account. We retain information derived from cookies and other tracking technologies for a reasonable period of time from the date such information was created.  

5.  HOW TO ACCESS AND CONTROL YOUR INFORMATION

You have certain choices available to you when it comes to your information. Below is a summary of those choices, how to exercise them and any limitations.

Your Choices:

You have the right to request a copy of your information, to object to our use of your information (including for marketing purposes), to request the deletion or restriction of your information, or to request your information in a structured, electronic format.  Below, we describe the tools and processes for making these requests.  You can exercise some of the choices by logging into the Services and using settings available within the Services or your account. Where the Services are administered for you by an administrator (see "Notice to End Users" below), you may need to contact your administrator to assist with your requests first.  For all other requests, you may contact us as provided in the Contact Us section below to request assistance.

Your request and choices may be limited in certain cases: for example, if fulfilling your request would reveal information about another person, or if you ask to delete information which we or your administrator are permitted by law or have compelling legitimate interests to keep.  Where you have asked us to share data with third parties, for example, by installing third-party apps, you will need to contact those third-party service providers directly to have your information deleted or otherwise restricted.  If you have unresolved concerns, you may have the right to complain to a data protection authority in the country where you live, where you work or where you feel your rights were infringed.

Access and update your information: Our Services and related documentation give you the ability to access and update certain information about you from within the Service. For example, you can access your profile information from your account and search for content containing information about you using key word searches in the Service.  You can update your profile information within your profile settings and modify content that contains information about you using the editing tools associated with that content.

Deactivate your account:  If you no longer wish to use our Services, you or your administrator may be able to deactivate your Services account. If you can deactivate your own account, that setting is available to you in your account settings. Otherwise, please contact your administrator. If you are an administrator and are unable to deactivate an account through your administrator settings, please contact the appropriate support team. 

Delete your information: Our Services and related documentation give you the ability to delete certain information about you from within the Service. For example, you can remove content that contains information about you using the key word search and editing tools associated with that content, and you can remove certain profile information within your profile settings. Please note, however, that we may need to retain certain information for record keeping purposes, to complete transactions or to comply with our legal obligations.  

Request that we stop using your information:  In some cases, you may ask us to stop accessing, storing, using and otherwise processing your information where you believe we don't have the appropriate rights to do so.  For example, if you believe a Services account was created for you without your permission or you are no longer an active user, you can request that we delete your account as provided in this policy.  Where you gave us consent to use your information for a limited purpose, you can contact us to withdraw that consent, but this will not affect any processing that has already taken place at the time. You can also opt-out of our use of your information for marketing purposes by contacting us, as provided below.  When you make such requests, we may need time to investigate and facilitate your request.  If there is delay or dispute as to whether we have the right to continue using your information, we will restrict any further use of your information until the request is honored or the dispute is resolved, provided your administrator does not object (where applicable).  If you object to information about you being shared with a third-party app, please disable the app or contact your administrator to do so.

Opt out of communications: You may opt out of receiving promotional communications from us by using the unsubscribe link within each email, updating your email preferences within your Service account settings menu, or by contacting us as provided below to have your contact information removed from our promotional email list or registration database.  Even after you opt out from receiving promotional messages from us, you will continue to receive transactional messages from us regarding our Services. You can opt out of some notification messages in your account settings. Please note, you will continue to receive generic ads.

Turn off Cookie Controls: Relevant browser-based cookie controls are described in our section below.

Send "Do Not Track" Signals: Some browsers have incorporated "Do Not Track" (DNT) features that can send a signal to the websites you visit indicating you do not wish to be tracked. Because there is not yet a common understanding of how to interpret the DNT signal, our Services do not currently respond to browser DNT signals. You can use the range of other tools we provide to control data collection and use, including the ability to opt out of receiving marketing from us as described above.

Data portability: Data portability is the ability to obtain some of your information in a format you can move from one service provider to another (for instance, when you transfer your mobile phone number to another carrier).  Depending on the context, this applies to some of your information, but not to all of your information.  Should you request it, we will provide you with an electronic file of your basic account information and the information you create on the spaces under your sole control. 

If you think we have infringed your privacy rights, you can lodge a complaint with the relevant supervisory authority. You can lodge your complaint in particular in the country where you live, your place of work or place where you believe we infringed your right(s). For EU click here

6.  HOW WE TRANSFER INFORMATION WE COLLECT INTERNATIONALLY

We are a global business, which means we might share or store personal information in countries outside of the European Economic Area (“EEA”). Those countries have different data protection laws in place. However, when we transfer and host data globally, we will make sure that appropriate safeguards are in place in order to ensure your personal information enjoys a similar level of protection as it would within the EEA. For example, we will verify that the receiving partner is certified under EU-US Privacy Shield or we will sign EU Standard Contractual Clauses.

EU-US Privacy Shield

Our subsidiary in the United States, Aproove Inc., complies with the EU-US Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the use and retention of personal information transferred from the European Economic Area and the United Kingdom to the United States.

Aproove Inc. adheres to the EU-US Privacy Shield principles and is subject to oversight by the U.S. Federal Trade Commission. If you have any complaints regarding the transfer of your personal information to the US, please first file them directly at us via privacy@Aproove.com. The panel of EU Data Protection Authorities (DPA Panel) acts as the independent recourse mechanism for complaints regarding EU-US Privacy Shield complaints. The examination of such complaints is free of charge to you. You can find the contact information of your local DPA here. In case your concern still isn’t addressed by the DPA Panel, you may be entitled to invoke binding arbitration under the EU-US Privacy Shield Principles.

As explained under section ‘What parties do we share personal information with’, we sometimes provide personal information with third parties to perform services on our behalf. If we transfer personal information received under the Privacy Shield to a third party, the third party’s use of the personal data must also comply with our Privacy Shield obligations. In such a case we will remain liable under Privacy Shield for any failure to comply by the third party, unless we prove we’re not responsible for the event giving rise to the damage.

To learn more about EU-US Privacy Shield click here.

7.  WHY AND HOW ARE COOKIES USED?

We place cookies with the intention of making Aproove even better. Feel free to block cookies, but this may affect how well our Services work.

We place several cookies (or similar technologies, like pixels or web beacons) on your device for the purpose of facilitating your use of the Service, controlling your use of the Services and to find out how the Service may be improved. We or our advertising partners also place cookies on our website(s). Being a global service, these partners can vary per country. When our advertising partners place cookies, these cookies can process personal information to measure the effectiveness of the campaign.

Cookies are small text files that are stored on your computer by your browser when you visit a website. Examples of cookie purposes are: your language preferences, logging into an account, remembering login details, controlling when you last accessed our Services and acceptance of the Terms of Service and Privacy Policy. Our website can place these cookies for the following purposes:

  1. Functional cookies are used to provide functionalities when using our Service, such as the possibility to set preferences or to remember your previous settings.

  2. Analytical cookies are used to optimise our Service. We also use analytical cookies to stop bots and malicious behaviour like spam. When we use analytical cookies, this could include third party cookies, as found in the cookie list. These third party analytical cookies process personal information, which is detailed in the cookie list too.

  3. Advertisement cookies are used for commercial, editorial and promotional purposes. With these cookies your internet- and surf behaviour can be followed over various domains and websites. Aproove only checks the (one) website you visited prior to your visit to one of our websites. We do not track the website you visit after you leave our website. Advertisement cookies are often also placed by third parties to measure the effectiveness of their advertising campaigns and to follow your internet- and surf behaviour over other domains and websites where they have placed a cookie. Aproove does not have access to or control over personal information collected via these cookies or other features that advertisers and third parties may use. Our Privacy Policy is therefore not applicable to these third party cookies and we refer you to third parties’ Privacy Statements to read how they handle personal information.

  4. Pixel tags or web beacons are a piece of code embedded on the website that collects personal information about users' engagement on that web page. The use of a pixel allows us to record, for example, that a user has visited a particular web page or clicked on a particular advertisement. The pixel also allows us to see from which previous website or channel a user arrived at our website.

We have an extensive cookie list available on the Cookies Tab on this webpage. Due to the changing nature of our Service, this may result in the cookie list not being fully up to date at times. If you would want to remove certain cookies, or block them from being stored in your browser, it is possible to arrange this through your browser settings for cookies. You can find these settings under the Privacy tab in the Preferences section of most browsers. Here you can specify your cookie preferences or remove cookies. Please note that if you remove or refuse Aproove cookies, the Service might not function in optimal form.

8.  OTHER IMPORTANT PRIVACY INFORMATION

 Notice to End Users

Many of our Services are intended for use by organizations. Where the Services are made available to you through an organization (e.g. your employer), that organization is the administrator of the Services and is responsible for the accounts and/or Service sites over which it has control. If this is the case, please direct your data privacy questions to your administrator, as your use of the Services is subject to that organization's policies. We are not responsible for the privacy or security practices of an administrator's organization, which may be different than this policy.

Administrators are able to:

  • require you to reset your account password;
  • restrict, suspend or terminate your access to the Services;
  • access information in and about your account;
  • access or retain information stored as part of your account;
  • install or uninstall third-party apps or other integrations

In some cases, administrators can also:

  • restrict, suspend or terminate your account access;
  • change the email address associated with your account;
  • change your information, including profile information;
  • restrict your ability to edit, restrict, modify or delete information

California Requirements

 Exercising your rights: If you are a California resident, there are some additional rights that may be available to you under the California Consumer Protection Act (“CCPA”). This policy explains the tools that we have made available to you to exercise your data rights under the CCPA, such as the right to deletion and the right to request access to the categories of information we have collected about you. For more information on how to exercise your rights please visit the “How to access and control your information” section of this policy. We encourage you to manage your information, and to make use of the privacy controls we have included in our Services. You will not be discriminated against for exercising any of your privacy rights under the CCPA. In order to protect your information from unauthorized access or deletion, we may require you to provide additional information for verification. If we cannot verify your identity, we will not provide or delete your information.

Sharing your personal information: We do not sell your personal information. We do share your information with others as described in the “How we share information we collect” section of this policy. We also show ads that we think are relevant. We've provided more information about how you can manage your advertising, and do-not-track preferences, within this policy.

Processing your information: This policy describes the categories of personal information we may collect, the sources of that information, and our deletion and retention policies. We’ve also included information about how we may process your information, which includes for "business purposes" under the CCPA  - such as to protect against illegal activities, and for the development of new products, features, and technologies.  If you have questions about the categories of information we may collect about you, please be sure to visit the section of this policy called, “What information we collect about you.” For more details about our processing activities, please be sure to visit the section called, “How we use information we collect.”

If you have any questions or would like to exercise your rights under the CCPA, you can reach out to us at privacy@aproove.com.

Our policy towards children

The Services are not directed to individuals under 16. We do not knowingly collect personal information from children under 16. If we become aware that a child under 16 has provided us with personal information, we will take steps to delete such information. If you become aware that a child has provided us with personal information, please contact the appropriate support team.

Changes to our Privacy Policy

We may change this privacy policy from time to time. We will post any privacy policy changes on this page and, if the changes are significant, we will provide a more prominent notice by adding a notice on the Services homepages, login screens, or by sending you an email notification. We will also keep prior versions of this Privacy Policy in an archive for your review.  We encourage you to review our privacy policy whenever you use the Services to stay informed about our information practices and the ways you can help protect your privacy.

If you disagree with any changes to this privacy policy, you will need to stop using the Services and deactivate your account(s), as outlined above.

CONTACT US
Your information is controlled by Aproove SA, a company incorporated under the laws of Belgium with registered office at 1, Boulevard Initalis, 7000 Mons, Belgium and registered with Crossroads bank for Enterprise under number 0867.065.974.

If you have questions or concerns about how your information is handled, please direct your inquiry to Aproove SA.

Aproove SA
1, Boulevard Initalis,
7000 Mons,
Belgium
E-Mail: privacy@aproove.com

WeAproove Data Processing Agreement

pdf-usa

Data Processing Agreement for Aproove Services
(“Data Processing Agreement ”)

1. SCOPE AND APPLICABILITY

1.1. This Data Processing Agreement applies to Aproove’s processing of Personal Data on Your behalf as a Processor for the provision of the Services specified in Your Services Agreement. Unless otherwise expressly stated in Your Services Agreement, this version of the Data Processing Agreement shall be effective and remain in force for the term of Your Services Agreement.

1.2. The scope and duration, as well as the extent and nature of the collection, processing and use of Client Personal Data under this Data Processing Agreement shall be as defined in the Services Agreement. The term of this Data Processing Agreement corresponds to the duration of the Services Agreement.

1.3. The parties acknowledge that GDPR will apply to the processing of Client Personal Data if, for example, the processing is carried out in the context of the activities of an establishment of Clients in the territory of the EU. The parties further agree that U.S. Data Protection Laws, including the CCPA, may also apply to the processing of Client Personal Data. Unless expressly stated in this Data Processing Agreement, this Data Processing Agreement will apply irrespective of whether GDPR or U.S. Data Protection Law applies to the processing of Client Personal Data.

2. DEFINITIONS

The terms below shall have the following meanings:

“Aproove” means the Aproove Affiliate that has executed the Services Agreement.

“Aproove Affiliate(s)” means the affiliated company(ies) of the Aproove group as listed in Annex 3.

“CCPA” means the California Consumer Privacy Act, as may be amended from time to time, and any rules or regulations implementing the foregoing.

“Client”, “you”, “your” means the individual or entity that has executed the Services Agreement.

"Client Personal Data" means the personal data processed by Aproove on your behalf in the course of providing the Services to you.

“Controller” means the entity which determines the purposes and means of the processing of Personal Data as defined in the Data Protection Law, including as applicable any "business' as defined under the CCPA.

"data processor", "data subject", "personal data", "processing" "subprocessor" and "appropriate technical and organisational measures” as used in this Data Processing Agreement shall have the meanings given in the GDPR irrespective of whether GDPR or U.S. Data Protection Law applies.

"Data Protection Law" means the GDPR, the applicable U.S. Data Protection Law, the Swiss Federal Act of 19 June 1992 on Data Protection, as amended and the UK Data Protection Act 2018, that are applicable to the processing of Client Personal Data under this Data Processing Agreement.

“End Users” means an individual you permit or invite to use the Services. For the avoidance of doubt: (a) individuals invited by your End Users, (b) individuals under managed accounts, and (c) individuals interacting with a Service as your customers, suppliers or other third parties are also considered End Users.

“Europe” means for the purposes of this Data Processing Agreement (i) the European Economic Area, consisting of the EU Member States, Iceland, Lichtenstein and Norway; (ii) Switzerland and (iii) the UK after it withdraws from the EU.

“GDPR” means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation),as supplemented by applicable EU Member State law and as incorporated into the EEA Agreement;.

“Personal Data Breach” means a breach of security leading to the misappropriation or accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise Processed on Aproove systems or the Services environment that compromises the security, confidentiality or integrity of such Personal Data.

“Processor” means the entity which Processes Client Personal Data on behalf of the Controller means, collectively, both the Cloud Services and Professional Services, including as applicable any “service provider” as defined by the CCPA.

“Services” means our means, collectively, both the Cloud Services and Professional Services provided to you under the Services Agreement.

“Services Agreement” means (i) the applicable order for the Services you have purchased from Aproove;
(ii) the applicable cloud services agreement referenced in the applicable Order Form, and (iii) the Service Specifications.

“U.S. Data Protection Law” means data protection or privacy laws applicable to Client Personal Data in force within the United States, including the CCPA.

Other capitalized terms have the definitions provided for them in the Services Agreement.

3. PROCESSING OF PERSONAL DATA

3.1. The provisions of this Section 3 shall apply where Data Protection Law applies to your processing of Client Personal Data and where we process that Client Personal Data as a data processor in the course of providing you the Services. If U.S. Data Protection Law applies to either party’s processing of Client Personal Data, the relevant party will comply with any obligations applicable to it under that law with respect to the processing of that Client Personal Data.

3.2. The subject-matter of the data processing is providing the Services and the processing will be carried out until we cease to provide any Services to you. Annex 1 of this Data Processing Agreement sets out the nature and purpose of the processing, the types of Client Personal Data we process and the data subjects whose Client Personal Data is processed.

3.3. You are responsible for ensuring that the processing of personal data takes place in compliance with Data Protection Law and this Data Processing Agreement. You have the right and obligation to make decisions about the purposes and means of the processing of personal data. You shall be responsible, among other, for ensuring that the processing of personal data, which we are instructed to perform, has a legal basis.

3.4. When we process Client Personal Data in the course of providing Services to you, we will:

3.4.1. process the Client Personal Data only in accordance with documented instructions from you (as set forth in this Data Processing Agreement or the Services Agreement or as directed by you through the Services). If applicable law requires us to process the Client Personal Data for any other purpose, we will inform you of this requirement first, unless such law(s) prohibit this on important grounds of public interest;

3.4.2. notify you promptly if, in our opinion, an instruction for the processing of Client Personal Data given by you infringes applicable Data Protection Law;

3.4.3. assist you, taking into account the nature of the processing:

a) by appropriate technical and organizational measures and where possible, in fulfilling your obligations to respond to requests from data subjects exercising their rights;

b) in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR, taking into account the information available to us; and

c) by making available to you all information reasonably requested by you for the purpose of demonstrating that your obligations relating to the appointment of processors as set out in Article 28 of the GDPR have been met.

3.4.4. not give access to or transfer any Client Personal Data to any third party for such third party’s independent use (e.g., not directly related to providing the Services) without your prior written consent. You consent to our appointment of the Aproove affiliates and applicable third party sub-processors listed at https://www.aproove.com/legals for the purposes described in this Data Processing Agreement. We may update the list of approved sub-processors, at which point you will have the opportunity to object within forty-five (45) days by terminating the Services Agreement for convenience. To receive notice of updates to the list of sub-processors please subscribe at the link provided above. When engaging sub-processors in the processing of Client Personal Data, we are responsible for the performance of each sub-processor. We will include in our agreement with any such third party sub-processor terms which are at least as favourable to you as those contained herein and as are required by applicable Data Protection Law.;

3.4.5. ensure that our personnel required to access the Client Personal Data are subject to a binding duty of confidentiality with regard to such Client Personal Data;

3.4.6. except as set forth in Section 3.3.5 above or in accordance with documented instructions from you (as set forth in this Data Processing Agreement or the Services Agreement or as directed by you through the Services), ensure that none of our personnel publish, disclose or divulge any Client Personal Data to any third party;

3.4.7. upon your written request following the expiration or earlier termination of the Services Agreement securely return to you such Client Personal Data, and unless prohibited under applicable law delete such Client Data in our possession in compliance with procedures and retention periods outlined in our Services Agreement;

3.4.8. on the condition that you have entered into an applicable non-disclosure agreement with us:

a) allow you and your authorized representatives to access and review up-to- date attestations, certifications, reports or extracts thereof from independent bodies (e.g., external auditors, internal audit, data protection auditors) or other suitable certifications to ensure compliance with the terms of this Data Processing Agreement; or

b) where required by Data Protection Law or the Standard Contractual Clauses (where the GDPR is applicable) contained in Annex 4 (and in accordance with this Section 3.4.8), allow you and authorized representatives to conduct audits (including inspections) during the term of the Services Agreement to ensure compliance with the terms of this Data Processing Agreement. Notwithstanding the foregoing, any audit must be conducted during our regular business hours, with reasonable advance notice to us and subject to reasonable confidentiality procedures. The scope of any audit shall not require us to disclose to you or your authorized representatives, or to allow you or your authorized representatives to access:

  • any data or information of any other Aproove Client;

  • any Aproove internal accounting or financial information;

  • any Aproove trade secret;

  • any information that, in our reasonable opinion could: 1) compromise the security of our systems or premises; or 2) cause us to breach our obligations under Data Protection Law or our security, confidentiality and or privacy obligations to any other Aproove Client or any third party;

    or

  • any information that you or your authorized representatives seek to access for any reason other than the good faith fulfilment of your obligations under the Data Protection Law and our compliance with the terms of this Data Processing Agreement.

    c) In addition, audits shall be limited to once per year, unless 1) we have experienced a Personal Data Breach within the prior twelve (12) months which has impacted your Client Personal Data; or 2) an audit reveals a material noncompliance. If we decline or are unable to follow your instructions regarding audits permitted under this Section 3.4.8 (or the Standard Contractual Clauses, where applicable), you are entitled to terminate this Data Processing Agreement and the Services Agreement for convenience.

    4. PROCESSING OF CLIENT PERSONAL DATA SUBJECT TO U.S. DATA PROTECTION LAW

    The parties agree that this section 4 shall apply only to Client Personal Data that is protected by U.S. Data Protection Law. In addition to the processing requirements set out in Section 3 above, where we process Client Data Under U.S. Data Protection Law, we shall not retain, use, sell or otherwise disclose Client Personal Data other than as required by law or as needed to provide the Services to you. For purposes of this section 4, the term “sell” shall have the meanings given in the CCPA irrespective of whether CCPA or GDPR applies.

    5. SECURITY AND NOTIFICATION OF PERSONAL DATA BREACH

    5.1. We shall implement and maintain appropriate technical and organizational measures to protect the Client Personal Data against unauthorized or unlawful processing and against accidental loss, destruction, damage, theft, alteration or disclosure in accordance with Annex 2. These measures shall be appropriate to the harm which might result from any unauthorized or unlawful processing, accidental loss, destruction, damage or theft of Client Personal Data and appropriate to the nature of the Client Personal Data which is to be protected. We may amend the technical and organizational measures, provided that the new measures do not fall short of the level of security provided by the specified measures

    5.2. If we become aware of and confirm any Personal Data Breach we will notify you without undue delay. We shall assist You in notifying the personal data breach to the competent supervisory authority.

    6. DATA TRANSFERS

    The parties agree that this section 6 shall apply only to Client Personal Data that is protected by GDPR and such Client Personal Data is transferred outside the European Economic Area (EEA) to Aproove, either directly or via onward transfer.

    6.1. EU-U.S. and Swiss-U.S. Privacy Shield Frameworks
    Aproove Affiliates comply with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks ("Privacy Shield"). Where the transfer of Client Personal Data is made to a Privacy Shield-certified entity, we agree to process Client Personal Data covered by Privacy Shield in accordance with the Privacy Shield Principles. We agree to comply with Privacy Shield throughout the term of the Services Agreement.

    6.2. European Commission Standard Contractual Clauses (2010/87/EU)
    The terms of the Standard Contractual Clauses outlined in Annex 4 will apply where the applicable transfer of Client Personal Data is (a) not subject to the laws of a jurisdiction recognized by the European Commission as providing an adequate level of protection for personal data (as described in the GDPR); or (b) not covered by a suitable framework or other legally adequate transfer mechanism recognized by the relevant authorities or courts as providing an adequate level of protection for personal data, including but not limited to EU-U.S. and Swiss-U.S. Privacy Shield Frameworks. In the event of any conflict or inconsistency between the provisions of this Data Processing Agreement and the Standard Contractual Clauses outlined in Annex 4, the provisions of the Standard Contractual Clauses shall prevail. In the event that any provision of the Standard Contractual Clauses is held illegal or unenforceable in a judicial proceeding, such provision shall be severed and shall be inoperative, and the remainder of the Standard Contractual Clauses and the terms of this Data Processing Agreement shall remain operative and binding on the parties.

    7. MISCELLANEOUS.

    7.1. Client acknowledges and agrees that as part of providing the Services and services, Aproove has the right to use data relating to or obtained in connection with the operation, support or use of the Services for its legitimate internal business purposes, such as to support billing processes, to administer the Services, to improve, benchmark, and develop our products and services, to comply with applicable laws (including law enforcement requests), to ensure the security of our Services and to prevent fraud or mitigate risk. To the extent any such data is personal data, Aproove warrants and agrees that: (i) it will process such personal data in compliance with Data Protection Law and only for the purposes that are compatible with those described in this Section 7.1; (ii) it will not use Client Personal Data for any other purpose or disclose it externally unless it has first aggregated and anonymised the data so that it does not identify the Client or any other person or entity. Aproove further agrees that it shall be a Controller and solely responsible and liable for any of its processing of personal data pursuant to this Section 7.1.

    7.2. Through use of the Services, as further described in the Services Agreement, you or your End Users, as applicable, may elect to grant third parties visibility to your data or content (which may include Client Personal Data). You also understand that user profile information for the Services may be publicly visible. Nothing in this Data Processing Agreement prohibits (and, for the avoidance of doubt, Sections 3.3.5 and 3.3.7 above do not apply to) Aproove making visible your data or content (which may include Client Personal Data) to third parties consistent with this paragraph, as directed by you or your End Users through the Services.

    7.3. In the event of any conflict or inconsistency between the provisions of the Services Agreement and this Data Processing Agreement, the provisions of this Data Processing Agreement shall prevail. This Data Processing Agreement is subject to the governing law and venue terms in the Services Agreement, except as otherwise provided in Annex 4 to the extent Annex 4 applies. For avoidance of doubt and to the extent allowed by applicable law, any and all liability under this Data Processing Agreement (including its Annexes) will be governed by the limitations of liability and other relevant provisions of the Services Agreement. Without limiting the foregoing, any liability arising under this Data Processing Agreement shall be subject to the limitations of liability under the Services Agreement as if such liability arose under the Services Agreement or the applicable order, and any liability of a party, its affiliates, their signatories or their suppliers arising under this Data Processing Agreement will be aggregated with any other applicable liability arising under the Services Agreement for purposes of applying any applicable liability caps. Save as specifically modified and amended in this Data Processing Agreement, all of the terms, provisions and requirements contained in the Services Agreement shall remain in full force and effect and govern this Data Processing Agreement. Except as otherwise expressly provided herein, no supplement, modification, or amendment of this Data Processing Agreement will be binding, unless executed in writing by a duly authorized representative of each party to this Data Processing Agreement. If any provision of the Data Processing Agreement is held illegal or unenforceable in a judicial proceeding, such provision shall be severed and shall be inoperative, and the remainder of this Data Processing Agreement shall remain operative and binding on the parties.


    ***

    Annex 1
    Data


    A.1. Data subjects

    The personal data concern End Users of the Services, in addition to individuals whose personal data is supplied by End Users of the Services.

    A.2. Categories of data

    The personal data transferred concern the following categories of data:

    • Direct identifying information (e.g., name, email address, telephone).

    • Indirect identifying information (e.g., job title, gender, date of birth).

    • Device identification data and traffic data (e.g., IP addresses, MAC addresses, web logs).

    • Any personal data supplied by users of the Services.

    A.3. Special categories of data

    Aproove does not knowingly collect (and Client or End Users shall not submit or upload) any special categories of data (as defined under the Data Protection Legislation).

    A.4. Purposes of processing

    The personal data is processed for the purposes of providing the Services in accordance with the Services Agreement.


    Annex 2
    Security Measures


    1. Access control to premises and facilities

    Measures must be taken to prevent unauthorized physical access to premises and facilities holding personal data. Measures shall include:

    • Access control system

    • ID reader, magnetic card, chip card

    • (Issue of) keys

    • Door locking (electric door openers etc.)

    • Surveillance facilities

    • Alarm system, video/CCTV monitor

    • Logging of facility exits/entries

    2. Access control to systems

    Measures must be taken to prevent unauthorized access to IT systems. These must include the following technical and organizational measures for user identification and authentication:

    • Password procedures (incl. special characters, minimum length, forced change of password)

    • No access for guest users or anonymous accounts

    • Central management of system access

    • Access to IT systems subject to approval from HR management and IT system administrators

    3. Access control to data

    Measures must be taken to prevent authorized users from accessing data beyond their authorized access rights and prevent the unauthorized input, reading, copying, removal modification or disclosure of data. These measures shall include:

    • Differentiated access rights

    • Access rights defined according to duties

    • Automated log of user access via IT systems

    • Measures to prevent the use of automated data-processing systems by unauthorized persons using data communication equipment


    4. Disclosure control

    Measures must be taken to prevent the unauthorized access, alteration or removal of data during transfer, and to ensure that all transfers are secure and are logged. These measures shall include:

    • Compulsory use of a wholly-owned private network for all data transfers

    • Encryption using a VPN for remote access, transport and communication of data.

    • Creating an audit trail of all data transfers

    5. Input control

    Measures must be put in place to ensure all data management and maintenance is logged, and an audit trail of whether data have been entered, changed or removed (deleted) and by whom must be maintained.

    Measures should include:

    • Logging user activities on IT systems

    • That it is possible to verify and establish to which bodies personal data have been or may be transmitted or made available using data communication equipment

    • That it is possible to verify and establish which personal data have been input into automated data-processing systems and when and by whom the data have been input;

    6. Job control

    Measures should be put in place to ensure that data is processed strictly in compliance
    with the data importer’s instructions. These measures must include:

    • Unambiguous wording of contractual instructions

    • Monitoring of contract performance

    7. Availability control

    Measures should be put in place designed to ensure that data are protected against accidental destruction or loss.

    These measures must include:

    • Installed systems may, in the case of interruption, be restored

    • Systems are functioning, and that faults are reported

    • Stored personal data cannot be corrupted by means of a malfunctioning of the system

    • Uninterruptible power supply (UPS)

    • Business Continuity procedures

    • Remote storage

    • Anti-virus/firewall systems

    8. Segregation control

    Measures should be put in place to allow data collected for different purposes to be processed separately.

    These measures should include:

    • Restriction of access to data stored for different purposes according to staff duties.

    • Segregation of business IT systems

    • Segregation of IT testing and production environments



    Annex 3
    Aproove Affiliates


    Aproove SA, a company incorporated under the laws of Belgium with registered office at 1, Boulevard Initalis, 7000 Mons, Belgium and registered with Crossroads bank for Enterprise under number 0867.065.974.

    Aproove Technologies, Inc., an Illinois corporation, with offices located at 132 N. York Street, Suite 1A, Elmhurst, IL 60120


    Annex 4 – Standard Contractual Clauses

    Standard contractual clauses for the transfer of personal data from the Community to third countries (controller to processor transfers)

    Data Transfer Services Agreement


    For the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection

    Aproove (hereinafter the "data importer") and
    Client (hereinafter the "data exporter")

    each a “party”; together “the parties”,
    HAVE AGREED on the following Contractual Clauses (the Clauses) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Annex 1.

    Clause 1

    Definitions

    For the purposes of the Clauses:
    (a) 'personal data', 'special categories of data', 'process/processing', 'controller', 'processor', 'data subject' and 'supervisory authority' shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data;

    (b) 'the data exporter' means the controller who transfers the personal data;

    (c) 'the data importer' means the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country's system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC;

    (d) 'the subprocessor' means any processor engaged by the data importer or by any other subprocessor of the data importer who agrees to receive from the data importer or from any other subprocessor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract;

    (e) 'the applicable data protection law' means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established;

    (f) 'technical and organisational security measures' means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.

    Clause 2

    Details of the transfer

    The details of the transfer and in particular the special categories of personal data where applicable are specified in Annex 1 which forms an integral part of the Clauses.

    Clause 3

    Third-party beneficiary clause

    1. The data subject can enforce against the data exporter this Clause, Clause 4(b) to (i), Clause 5(a) to (e), and (g) to (j), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third-party beneficiary.

    2. The data subject can enforce against the data importer this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.

    3. The data subject can enforce against the subprocessor this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.

    4. The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law.

    Clause 4

    Obligations of the data exporter
    The data exporter agrees and warrants:
    (a) that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;

    (b) that it has instructed and throughout the duration of the personal data processing services will instruct the data importer to process the personal data transferred only on the data exporter's behalf and in accordance with the applicable data protection law and the Clauses;

    (c) that the data importer will provide sufficient guarantees in respect of the technical and organisational security measures specified in Annex 2 to this contract;

    (d) that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their

    implementation;
    (e) that it will ensure compliance with the security measures;

    (f) that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;

    (g) to forward any notification received from the data importer or any subprocessor pursuant to Clause 5(b) and Clause 8(3) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;

    (h) to make available to the data subjects upon request a copy of the Clauses, with the exception of Annex 2, and a summary description of the security measures, as well as a copy of any contract for subprocessing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;

    (i) that, in the event of subprocessing, the processing activity is carried out in accordance with Clause 11 by a subprocessor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and

    (j) that it will ensure compliance with Clause 4(a) to (i).

    Clause 5

    Obligations of the data importer

    The data importer agrees and warrants:

    (a) to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;

    (b) that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;

    (c) that it has implemented the technical and organisational security measures specified in Annex 2 before processing the personal data transferred;

    (d) that it will promptly notify the data exporter about:

    (i) any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation,

    (ii) any accidental or unauthorised access, and

    (iii) any request received directly from the data subjects without responding to that request, unless it has been otherwise authorised to do so;

    (e) to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;

    (f) at the request of the data exporter to submit its data processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional

    qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority;

    (g) to make available to the data subject upon request a copy of the Clauses, or any existing contract for subprocessing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Annex 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;

    (h) that, in the event of subprocessing, it has previously informed the data exporter and obtained its prior written consent;

    (i) that the processing services by the subprocessor will be carried out in accordance with Clause 11; and

    (j) to send promptly a copy of any subprocessor agreement it concludes under the Clauses to the data exporter.

    Clause 6

    Liability

    1. The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or subprocessor is entitled to receive compensation from the data exporter for the damage suffered.

    2. If a data subject is not able to bring a claim for compensation in accordance with paragraph 1 against the data exporter, arising out of a breach by the data importer or his subprocessor of any of their obligations referred to in Clause 3 or in Clause 11, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract of by operation of law, in which case the data subject can enforce its rights against such entity.
    The data importer may not rely on a breach by a subprocessor of its obligations in order to avoid its own liabilities.

    3. If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs 1 and 2, arising out of a breach by the subprocessor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the subprocessor agrees that the data subject may issue a claim against the data subprocessor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the subprocessor shall be limited to its own processing operations under the Clauses.

    Clause 7

    Mediation and jurisdiction

    1. The data importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject:
    (a) to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority;

    (b) to refer the dispute to the courts in the Member State in which the data exporter is established.

    2. The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.

    Clause 8

    Cooperation with supervisory authorities

    1. The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.

    2. The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any subprocessor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law.

    3. The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any subprocessor preventing the conduct of an audit of the data importer, or any subprocessor, pursuant to paragraph 2. In such a case the data exporter shall be entitled to take the measures foreseen in Clause 5 (b).

    Clause 9

    Governing Law

    The Clauses shall be governed by the law of the Member State in which the data exporter is established.

    Clause 10

    Variation of the contract

    The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause.

    Clause 11

    Subprocessing

    1. The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the subprocessor which imposes the same obligations on the subprocessor as are imposed on the data importer under the Clauses. Where the subprocessor fails to fulfil its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the subprocessor's obligations under such agreement.

    2. The prior written contract between the data importer and the subprocessor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.

    3. The provisions relating to data protection aspects for subprocessing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the data exporter is established.

    4. The data exporter shall keep a list of subprocessing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5 (j), which shall be updated at least once a year. The list shall be available to the data exporter's data protection supervisory authority.

    Clause 12

    Obligation after the termination of personal data processing services

    1. The parties agree that on the termination of the provision of data processing services, the data importer and the subprocessor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.

    2. The data importer and the subprocessor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data processing facilities for an audit of the measures referred to in paragraph 1.

    Appendix 1 to the Standard Contractual Clauses

    Data exporter Client Data importer Aproove Data subjects

    The personal data concern End Users of the Services, in addition to individuals whose personal data is supplied by End Users of the Services.

    Categories of data

    The personal data transferred concern the following categories of data:

    • Direct identifying information (e.g., name, email address, telephone).

    • Indirect identifying information (e.g., job title, gender, date of birth).

    • Device identification data and traffic data (e.g., IP addresses, MAC addresses, web logs).

    • Any personal data supplied by users of the Cloud Product.

    Special categories of data

    Aproove does not knowingly collect (and Client or End Users shall not submit or upload) any special categories of data (as defined under the Data Protection Legislation).

    Purposes of processing

    The personal data is processed for the purposes of providing the Services in accordance with this Services Agreement.

    Appendix 2 to the Standard Contractual Clauses

    Description of the technical and organizational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c):

    The technical and organizational security measures implemented by the data importer are as described in Annex 2 of the Data Processing Data Processing Agreement.

WeAproove Cookie List

pdf-usa

Version: 25 may 2020


WeAproove Lite service

Functional cookies

Cookie: s
• Description: functional cookie
• Website on which the cookie is dropped: https://app2.aproove.com.
• Purpose: store sender’s email address for convenience
• Retention period: 7 days

Cookie: w
• Description: functional cookie
• Website on which the cookie is dropped: https://app2.aproove.com.
• Purpose: Flag for whether or not if the WeAproove Lite service has already been used in the last 24 hours
• Retention period: 24 hours

Cookie: Ppa
• Description: functional cookie
• Website on which the cookie is dropped: https://app2.aproove.com.
• Purpose: flag for whether the user has already accepted the Privacy and policy agreement
• Retention period: 7 days


WeAproove Plus service

Functional cookies

Cookie: wm_load_test_XXXXXXX
• Description: functional cookie
• Website on which the cookie is dropped: https://app.aproove.com.
• Purpose: used to remind server affinity for speed
• Retention period: 0 days