Legal
Preamble
These the Odyssey Standard Terms of Service (‘Agreement’), constitute a legal agreement between Odyssey B.V. (‘Odyssey’) and the entity executing this Agreement (“You”). This Agreement governs your use of the Software and Cloud Service (as defined below). By clicking the “Sign Up Free” button, completing the registration process, or using the service, you agree to all terms and conditions of this Agreement. If you are entering into this Agreement on behalf of a company or other organization, you hereby warrant and represent that you are authorized to enter into this Agreement on behalf of such company or other organization. In consideration of the foregoing, the parties agree as follows: (collectively the "Parties" and individually the "Party").
Article 1. DEFINITIONS
The following definitions are applicable to the Agreement, including all its associated
Annexes:
Agreement/ Standard Terms of Service: the present Agreement/Standard Terms of Service, clauses 1-17 and Annexes 1-2, together with the Commercial Terms, any applicable Statements of Work, the Data Processing Agreement, and any other attachments hereto, all of which are incorporated by reference, and as may be modified, amended, or supplemented from time to time. In case of discrepancies between the provisions of this Agreement and any attachment(s), the stipulations of this Agreement prevail.
Application/Odyssey: The software module made available by Odyssey via the internet in the form of various cloud services that calculates what the Incrementality could be You may attribute to the traffic sources that send visitors to Your website, as can be seen on https://odysseyattribution.co/. In order to do so, website traffic from the past is considered, and website visits from customers journeys are measured. Through the application of Key Performance Indicators and a formula, Odyssey calculates an ‘Incrementality index’ for all traffic sources.
Unique to Odyssey is that it considers the website visits throughout the customer journey, in combination with the use of certain Key Performance Indicators (customer journey length, density & position) and a formula (algorithms). This allows Odyssey to determine for the website visits in the customer journey to what extent they have contributed to a sale. By doing this, Odyssey provides You with better insights in the Incremental value of Your traffic sources.
Cloud Service: the rendering and keeping available of Odyssey by Odyssey B.V., against payment, for You, on an external Server from Amazon. The Agreement with Amazon is attached to the present agreement in Annex 2. Parties acknowledge that by inserting the Amazon agreement, Odysseys obligations towards You with regard to the server can never exceed Amazon’s obligations towards Odyssey.
Data/Information: means the Data inputted into Odyssey by You, Your authorised users or Odyssey on behalf of You for the purpose of using Odyssey. The Data will be inputted using Your Google Analytics account.
Documentation: means any accompanying documentation made available to You by Odyssey for use with the Application and software, including any documentation available online.
Incrementality: reflects the percentage of the customer journey that should be attributed to a certain channel based on Odyssey’s 3 KPIs (length, density, position). This represents the amount of incremental value of a traffic source in percentages (the higher the percentage, the greater the incremental value). The decision regarding what amount of budget will be allocated to the traffic sources, is left to Your discretion, on which occasion human judgment will be decisive and emphatically not the Incrementality calculated by Odyssey. No rights or claims can be derived from the Incrementality calculated by Odyssey.
Interface: a Tool, being a communication link between Odyssey and systems within the domain of You and those of Odyssey.
Means of Access: by way of a combination of a user name and a password, access to Odyssey can be obtained.
Odyssey Tracking Code (OTC): software which is installed on a Property for the purpose of collecting Data, together with any fixes, updates and upgrades provided to You. OTC collects on a daily bases the strictly necessary Data, uploads this Data into Google Analytics and uploads this Data from Google Analytics into the Application/Odyssey on an external server. Odyssey is not responsible nor liable for Google Analytics. Parties acknowledge that Odyssey’s obligations towards You with regard to Google Analytics can never exceed Google’s obligations towards Odyssey or You.
Personal Data: any information controlled by You or any of Your affiliated companies which relates to an identified or identifiable natural person ('data subject'); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to their physical, physiological, mental, economic, cultural or social identity.
Portal: the internet site where You can use Odyssey.
Property means any website, app, or other property under Your control that sends data to OTC. Each Property includes a default Profile that measures all pages within the Property.
Tools: the means that must be installed by You on your computers to be able to make use of Odyssey.
User: a natural person who has been authorised by You to use Odyssey.
Article 2. ASSIGNMENT
2.1. You confer Odyssey the assignment to provide Cloud services. These Cloud services consist of:
a. Making available to You for the duration of this Agreement Odyssey and its range of functionalities as well as the scope of storage capacity and other services as mentioned in Definitions;
b. The conferral of the non-exclusive right to You to use Odyssey for the Data collected with OTC, through the Portal, pursuant to the provisions of the present Agreement.
c. The conferral to You of a user’s right for the Interface;
d. The provision of technical assistance to the Users, as further described in the articles below; and
e. The provision of additional services to You by Odyssey on request, such as, though not limited to: consultancy, the training of staff, development of an interface, or a modification to it. Parties will adopt a separate assignment agreement for these additional services.
2.2. Point of delivery for Odyssey and the generated user data shall be the router exit of Odysseys data centre. Odyssey shall not be responsible for the telecommunication connection between You and the point of delivery.
2.3. Odyssey is not obliged to dispose of a back-up centre or other back-up facilities for the implementation of Odyssey.
2.4. Odyssey is not obliged to create reserve copies (back-ups) of the information stored by You on using Odyssey.
2.5. Odyssey warrants that it has and will maintain all necessary licences, consents and permissions necessary for the performance of its obligations under this Agreement.
Article 3. NON EXCLUSIVE LICENSE
3.1. Subject to the terms and conditions of this Agreement, (a) Odyssey grants You a limited, revocable, non-exclusive, non-sublicensable license to install and use the OTC software solely as necessary for You to use the Service on Your Properties or Third Party's Properties; and (b) You may remotely access, view and download Your Reports stored at app.odysseyattribution.co. You will not (and You will not allow any third party to) (i) copy, modify, adapt, translate or otherwise create derivative works of the OTC software or the Documentation; (ii) reverse engineer, decompile, disassemble or otherwise attempt to discover the source code of the OTC software, (iii) rent, lease, sell, assign or otherwise transfer rights in or to the OTC software, the Documentation or the Service; (iv) remove any proprietary notices or labels on the OTC software or placed by the Application/Service; (v) use, post, transmit or introduce any device, software or routine which interferes or attempts to interfere with the operation of the Application/Service or the OTC software; or (vi) use data labelled as belonging to a third party in the Application/Service for purposes other than generating, viewing, and downloading Reports. You will comply with all applicable laws and regulations in Your use of and access to the Documentation, OTC software, Service and Reports.
Article 4. AVAILABILITY
4.1. Odyssey shall monitor the functionalities, availability and performance of Odyssey on a daily basis. Odyssey will administer reasonable skill and care to keep Odyssey functioning properly, in accordance with up to date recognized industry standards, and aims for an elevated availability, quality, and security of Odyssey. Odyssey does not guarantee, however, that Odyssey will always function without any errors, Defects, Failures, or Outage.
4.2. Odyssey may provide updates and upgrades to intermediately modify the technical and functional characteristics of Odyssey with the purpose of improving the functionality, and of complying with the applicable legislation and regulations.
4.3. In case You have reason to believe that Odyssey suffers an error, Defect, Failure or Outage, You shall notify Odyssey as soon as reasonably possible. You are not entitled to fix an Error, Defect, Failure or Outage. Odyssey will exert itself to identify and resolve any possible errors in Odyssey as soon as reasonably possible in accordance with the technical possibilities. Odyssey cannot guarantee, however, that all errors will be resolved.
4.4. Odyssey reserves itself the right to temporarily deactivate Odyssey for the purpose of, for example, maintenance, modification or improvement of the computer systems of Odyssey. Odyssey will let such decommissioning transpire as much as possible outside office hours, and will timely inform You in advance of the planned decommissioning. Such a pre-announced decommissioning of Odyssey can in no event be considered a shortcoming on the part of Odyssey regarding the fulfilment of its commitments towards You.
Article 5. TOOLS
5.1. You are responsible for having at Your disposal and for the functioning of the Tools which are necessary for the use of Odyssey, including the (ancillary) devices and software, supporting applications, configuration, and internet connection which are compliant with the technical and functional specifications as mentioned by Odyssey.
5.2. You are responsible for maintaining a connection to the power grid and other connections which are necessary for the access to and use of Odyssey.
5.3. Additional (licensing) conditions (of third parties) may apply to the use of the supporting applications. Odyssey does not guarantee the full functionality of the supporting applications used by You.
Article 6. ACCESS TO THE SERVICE
6.1. You are responsible for any use, with or without its approval, of Odyssey, and for the Means of Access made available to You. Odyssey is not liable for damage to You and/or third parties that has occurred as a result of the unauthorised use of the Means of Access.
6.2. The Means of Access provided are not transferable, strictly personal, and exclusively intended for use within Your organisation. You will observe the required care with regard to the use of the Means of Access, and will keep them secret from third parties.
6.3. You will inform Odyssey forthwith in the event the Means of Access are being used without authorisation, or in case You have a reasonable suspicion of this being the case.
6.4. You can request Odyssey to block the Means of Access. Odyssey also has the right at all times to block the Means of Access on their own initiative if Odyssey is aware of unauthorised use of the Means of Access. In such case Odyssey is not liable for damage to You and/or third parties that has occurred due to the blocking of the Means of Access.
Article 7. USE OF ODYSSEY
7.1. On using Odyssey, You will at least guarantee that You and the User(s), to the extent relevant, will observe the following rules:
a. You agree not to store any illegal content or content which violates applicable law, or material rights of third parties within the provided storage space.
b. You are obliged to prevent unauthorized access of third parties to Odyssey and to use the Services with reasonable precautions.
c. You will take care of the protection of your (ancillary) devices, software, infrastructure, and the internet connection against viruses, cybercrime, and (other) illegitimate use by User(s) or third parties;
d. when using Odyssey, You and/or User will not spread any (computer) viruses or other files which may harm (the proper functioning of) Odyssey. You are obliged to scan its Data and the content for viruses and other harmful components before storing them on the server and to use appropriate virus protection programs;
e. You and/or User will not engage (nor cause engagement) in any action that may cause disturbances of Odyssey, (computer) networks, or infrastructures (of other users), or with regard to which disturbances, limited use, or unforeseen use (for other users) may be caused;
f. You and/or User will not send big quantities of unsolicited messages with the same, or comparable, content (“spam”);
g. You and/or User will not abuse any Means of Access, nor breach the security of Odyssey neither/nor try to breach it;
h. You and/or User will not carry out, nor refrain from carrying out, any actions that it knows, or should reasonably have known, that may lead to use of Odyssey which is punishable or illegitimate towards Odyssey and/or third parties;
i. You and/or User will not enter the computer system or a part of it intentionally and without permission, against the will of the owner or administrator (“hacking”);
j. You and/or User will in no way violate the intellectual property rights of Odyssey and/or third parties; and
k. You and/or User will not disclose information and data which Odyssey provides within the framework of Odyssey without the explicit written consent of Odyssey, nor multiply or use it in any other way than in the context of the internal business operations of You.
7.2. In case You and/or User(s) act in violation of one or more of the aforementioned rules, You are obligated to follow the reasonable instructions given by Odyssey with regard to it, and to have them followed by the User(s).
7.3. If Data that are stored, edited, processed, or otherwise entered with the aid of Odyssey, are illegitimate towards third parties, Odyssey has the right to remove (or have removed) these data immediately, without prior notice, from the Server, and to destroy them (or have them destroyed). Odyssey will in no event be liable for any damage resulting from these actions.
7.4. Odyssey can impede Access to Odyssey by decommissioning the Means of Access, or by suspending the provision of services, if it has a serious suspicion that it is being used in violation of what is stipulated in the present Agreement. The obligation to pay will continue to be effective during such a decommissioning.
Article 8. APPLICATIONS OF THIRD PARTIES
If and to the extent Odyssey, on implementing Odyssey, makes available Applications or other software of third parties to You, with regard to those Applications and/or other software, the conditions of those third parties are applicable, side-tracking the provisions between Odyssey and You. You accept the conditions of third parties intended, for example though not limited to the conditions used by Google Analytics and Amazon.
Article 9. INTELLECTUAL PROPERTY RIGHTS
9.1. All rights of intellectual property to all Applications, Interfaces, OTC software, source code, other software, documents, and other material that may be subject to any type of intellectual property rights, that were developed or made available in the context of Odyssey, lie exclusively with Odyssey or its licensors.
9.2. You only obtains the non-exclusive user’s rights and authorisations as described in this Agreement or as have been explicitly attributed in writing otherwise. It is not permitted to You to decompile, to multiply the code, to translate, or to otherwise subject to reverse engineering the Applications, Interfaces, source code, other software, documentation, and other material that were developed or made available in the context of Odyssey. It is not permitted to You to remove or change any indication regarding copyright, branding, trade names, or other rights of intellectual property from the Applications, Interfaces, source code, other software, documentation, and other material that were developed or made available in the context of Odyssey, including indications regarding the confidential nature and non-disclosure of the material.
9.3. After taking cognizance of the logic behind the Application (Odyssey) as well as of the established Key Performance Indicators (customer journey length, density & position), You may be capable of building the Application (Odyssey) (and/or an attribution system) in the same, or modified, form. This is why You commit yourself to refrain from operating or applying the aforementioned data in whatever way, except for with the purpose described above, without the prior written consent of Odyssey.
9.4. In case the use of those data by You results in intellectual property rights or similar claims, You will transfer these rights and/or claims at the first request by Odyssey to Odyssey.
9.5. You will not apply for patents, nor lay any other type of claim, anywhere in the world, with regard to the information provided to it, and it will not enable anyone to do so, without the prior written consent of Odyssey.
9.6. Any use, multiplication or rendering public which falls outside the scope of the Agreement or of the user’s rights granted, comprises a violation of the intellectual property of Odyssey. Notwithstanding Article 13 of the Agreement, You shall indemnify Odyssey for any damages incurred by Odyssey as a direct result of Your breach of the intellectual property rights of Odyssey.
9.7. Any use, multiplication or rendering public which falls outside the scope of the Agreement or of the user’s rights granted, comprises a violation of the intellectual property of Odyssey. You will settle an immediately payable fine of € 250,000 (in words: two hundred and fifty thousand euros) per action constituting a violation to Odyssey, and the same amount for every day such violation persists, without prejudice to the other rights of Odyssey, including the rights to compensation of damages and to compliance.
Article 10. CONFIDENTIALITY
10.1. You and Odyssey will make sure that all information received from the other Party of which they know, or should reasonably understand, that they are of a confidential character, will remain secret. The Party receiving confidential information will only use it for the purpose it was provided for. Information will in any case be considered confidential if one of the Parties has indicated it as such.
10.2. The obligation of confidentiality referred to above does not apply in case the confidential information:
i. is generally known, without this being caused through the violation of the present confidentiality obligation;
ii. was independently developed by the other party without making use of this information;
iii. was legally obtained by the other party from a third party which is not bound by a similar confidentiality obligation; or
iv. must be rendered public on the grounds of legislation or regulations, e court ruling, or the ruling of a regulatory body.
10.3. Parties commit themselves to use the information intended in paragraph 10.1 exclusively for the purpose of executing the present Agreement.
10.4. Parties commit themselves to impose the same obligations as are listed above on persons engaged by them for the execution of this Agreement.
10.5. The aforementioned confidentiality obligations will remain in force during the effective time of the Agreement and up to two years after its conclusion.
10.6. On every infringement on the confidentiality obligation inserted in this article, the violating Party will be liable for direct damages suffered by the other Party.
10.7. On every infringement on the confidentiality obligation inserted in this article, the violating Party will forfeit an immediately payable fine of € 10,000 (in words: ten thousand euros) per action constituting an infringement, without prejudice to the right of the other Party to seek compensation of damages suffered or to any other right the Party disposes of on account of the infringement.
Article 11. INFORMATION AND IT-SECURITY
11.1. You shall own all right, title and interest in and to all of Your Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of Your Data entered with the aid of Odyssey and the OTC.
11.2. You and Your Users decide themselves what information will be stored, edited, processed, or otherwise entered with the aid of Odyssey and the OTC. You will remain responsible yourself, therefore, for the information entered by yourself. Odyssey is therefore not liable for any damage resulting from information entered by You.
11.3. Odyssey is not obliged to control the accuracy and completeness of the information submitted, and is, therefore, not liable for the consequences of the use of the inaccurate and/or incomplete information provided by You.
11.4. Subject to the type and scope of services provided and the corresponding level of appropriate IT security, Odyssey shall comply with the following IT-Security & Compliance Requirements when providing the agreed services.
a. Appropriate technical and organizational measures. Odyssey shall implement the necessary technical and organizational measures to ensure and maintain the level of IT security adequate for the type and scope of the services provided.
b. The level of adequate Security is subject to the current technological standards taking into account industry best practises and further development.
c. Systems connected to Your infrastructure. When Odyssey uses its own systems directly or indirectly connected to Your infrastructure, You shall not be responsible for the provision of any protective measures for Odyssey’s systems (e.g. PCs, laptops, tablets).
Article 12. TREATMENT OF PERSONAL INFORMATION
12.1. Odyssey uses an anonymised customer ID generated by Your Google Analytics account and transaction revenue information.
12.2. Parties have agreed a Data Processing Agreement, which is attached to this Agreement as Annex 1, under the suspensive condition that a governing body or a competent court decides that the "Applicable Data Protection Law", Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR) is indeed applicable to this Agreement.
Article 13. LIABILITY
13.1. In No event will Odyssey be liable to You or any third party (including, but not limited to, any customer) for any lost profits or lost revenue, diminished goodwill, damage due to operational stagnation, or for any indirect, incidental special, punitive, exemplary or consequential damages arising out or in connection with Odyssey, the OTC, software, the service or otherwise with respect to this Agreement.
13.2. The total liability of Odyssey on account of an imputable shortcoming in the fulfilment of the present Agreement or on any other account, is limited, for the duration of this Agreement/per event, to compensation of the direct damage, indirect damage is excluded, only to a maximum of the total amount of the remunerations paid by You during the six months period immediately preceding such claim, or one thousand Euro (€ 1.000,-,) whichever is less.
13.3. You acknowledge that Odyssey would not enter into this Agreement without these limitations on its liability.
13.3. The decision regarding what amount of marketing budget will be allocated to the traffic sources is subject to the discretion of You, for which a human judgment will be decisive, and emphatically not the suggested media spend calculated by Odyssey. No rights or claims can be derived from the suggested media spend calculated by Odyssey.
Article 14. FORCE MAJEURE
14.1. Force Majeure shall mean any occurrence which (i) hinders, delays or prevents a Party in performing any of its obligations, and (ii) is beyond the control of, and without the fault or negligence of, such Party and (iii) by the exercise of reasonable diligence such Party is unable to prevent or provide against such as acts of God, civil commotion, strikes, terrorism or governmental demands or restrictions. For the avoidance of doubt: Any occurrence that should be contemplated by any business continuity management system meeting the requirements of Good Industry Practice shall not be a Force Majeure event, unless the remedial measures provided in such business continuity management system are not able to remedy the occurrence as a result of the occurrence of another event that can be qualified as a Force Majeure event.
14.2. In the event of a Force Majeure, the Party whose performance of any of its obligations is affected shall notify the other Party as soon as is reasonably practicable giving the full relevant particulars and shall use its reasonable efforts to remedy the situation immediately.
14.3. Neither Party shall be responsible for any failure to fulfil any of its obligations under this Agreement to the extent that fulfilment has been hindered or delayed or prevented by a Force Majeure which has been notified in accordance with this clause and the time for performance of the obligation(s) affected shall be adjusted by a reasonable amount.
Article 15. COCLUSION OF THE CONTRACT
15.1. Odysseys offers on https://odysseyattribution.co/pricing/ are subject to change. Odyssey reserves the right to make changes within reason.
15.2. When ordering You enter your personal and company details, You accept the Agreement and You are bound to the tentative offer. By ordering You accept the Agreement. Odyssey will confirm receipt of Your order. The confirmation is not contractually binding. The confirmation and acceptance of the contract may be incorporated together. Odyssey is also entitled to reject the order.
15.3. When or after accepting the offer, Odyssey will send you instructions on how to connect Your Google Analytics account and install an Odyssey script (software code) in order to start using Odyssey.
Article 16. TERMS OF PAYMENT
16.1. The current offers, prices and various modules are valid and accessible at any time at https://odysseyattribution.co/pricing/
16.2. Odyssey offers various modules based on the number of analysed sales. The monthly fee varies between the modules and is determined by the number of analysed sales. The number of analysed sales is cumulative and not per month.
When the maximum number of analysed sales belonging to a module is surpassed, the more expensive module with a higher maximum number of analysed sales is without warning immediately applicable.
16.3. If You surpass the maximum number of analysed sales for the free of charge module, You will be given the opportunity to enter Your credit card details and issue a debit authorization for the module corresponding with Your number of analysed sales.
If You choose not to use this opportunity Your Odyssey account will be blocked. The only way to unblock Your account is by entering Your credit card details and issue a debit authorization for the module corresponding with Your number of analysed sales.
16.4. If You surpass the maximum number of analysed sales for any module other than the free of charge module, You will be given the opportunity to agree to the new module, the corresponding monthly fee and issue a debit authorization for the module corresponding with Your number of analysed sales.
If You choose not to use this opportunity Your Odyssey account will stay limited to the maximum number of analysed sales corresponding to the previously agreed module. This will be realised by blocking Your access to Your oldest analysed sales.
16.5. When using the Big module you will have the opportunity to downgrade Your module to Small. Your previously analysed sales will be blocked.
16.6. An automatic monthly charge will be made. Besides the Free module You can only use Odyssey after issuing a debit authorization.
16.7. Odyssey is entitled, in case of default payments, without warning and immediately, to block the use of Odyssey.
16.8. Invoices are sent by e-mail as attachments.
Article 17. DURATION AND TERMINATION
17.1. If not otherwise contractually agreed Parties Agree on a contract for an indefinite period of time.
17.2. Each Party has the right to terminate the Agreement without giving reasons at any time taking into account a one month notice period. A Termination can be done in writing by registered letter or email or via the secure online administrations interface, provided this option is available.
17.3. Each Party has the right to rescind the Agreement on account of an imputable shortcoming in the fulfilment of the Agreement, in case the other Party falls imputably short in the fulfilment of substantial obligations from the Agreement. Rescission is only possible after sending a full and detailed default letter which sets a reasonable term for the other party to repair the shortcoming, which it subsequently fails or omits to do. Any obligation to pay on the part of You or of a third party to be engaged by You always counts as substantial obligations from the present Agreement.
17.4. Each of the Parties can terminate the Agreement with immediate effect without a written default notice, either entirely or partially, in the event suspension of payment – whether or not temporarily – is granted to the other Party, if bankruptcy is filed for with regard to the other Party, or if the business of the other Party is liquidated or terminated in a sense other than that of restructuring businesses. On account of such a termination, Odyssey is not obligated to refund sums it has already received, nor to pay damages. In the event of bankruptcy of You, the right to use Odyssey and the Interface will lapse.
17.5. In the event of termination of the Agreement, Parties will always collaborate in good faith towards the remigration of the information entered during the use of Odyssey which may be desired by You, as well as towards the transfer of it to You or to a third party indicated by You during this “remigration period”. The continuity in the availability of the information and services will be the main concern here. Parties will consult with each other regarding the extent of the effort which Odyssey should realise. Odyssey will be able to charge the expenses it incurs in the context of the remigration of the provision of services to You on the basis of a retrospective calculation.
Article 18. DISPUTES AND APPLICABLE LEGISLATION
18.1. The laws of The Netherlands are applicable to the Agreement.
18.2. Any possible disputes between Parties will be submitted to the competent court in Amsterdam The Netherlands. Parties can choose jointly to resolve a dispute by way of arbitrage or mediation.
Article 19. FINAL PROVISIONS
19.1. All notification or other announcements pursuant to the present Agreement take place in writing and can be delivered to, or sent by registered mail or e-mail to the addresses below, or to those addresses as one Party has indicated to the other Party.
Odyssey B.V., to the att. of Odyssey legal,
Gedempt Hamerkanaal 173 (1021 KP) Amsterdam, The Netherlands
E-mail: legal@Odysseyattribution.co
19.2 All Annexes form an integral part of the present Agreement.
19.3. The present Agreement contains the entire agreement adopted between Parties regarding the object it is concerned with, and it substitutes all previously adopted agreements between Parties on this matter.
19.4. If, on the grounds of a request or a legitimately issued order by a governing body, or in connection with a legal obligation, Odyssey must carry out activities with regard to information of You, Your collaborators, or Your Users, all expenses related to them will be charged to You, unless this investigation finds its origins with Odyssey. Odyssey will inform You of this as much as possible in advance.
19.5. Except for when, and to the extent, explicitly established otherwise in the present Agreement, each of the Parties will bear its own costs related to the adoption and implementation of the present Agreement.
19.6. The rights and obligations flowing from the present Agreement cannot be transferred by You to third parties without the previous written consent of Odyssey.
19.7. The version of any communication received or stored by Odyssey will be considered as authentic (including log files), barring proof to the contrary that is to be provided by You
19.8. Parties will always inform each other in writing within a reasonable term about any change in name, mail address, e-mail address, phone number, and if required bank account number and credit card information.
19.9. Each of the Parties hereby waives – to the extent this is legally permitted – any possible right to strive for – total or partial – rescission or annulment of the present agreement.
19.10. In case the present agreement becomes partially invalid or non-binding, the parties will continue to be bound by the remaining part. Parties will substitute the invalid or non-binding part by clauses that are valid and binding, and of which the legal consequences, considering the content and substance of this agreement, will correspond as much as possible to the invalid or non-binding part.
Annex 1: DATA PROCESSING AGREEMENT
Between
YOU
and
Odyssey B.V.
DATA PROCESSING AGREEMENT
1.0 Parties
YOU
(the ”Data Controller”)
and
Odyssey B.V.
(the ”Data Processor”)
(collectively the "Parties" and individually the "Party")
have concluded this Data Processing Agreement (the "Agreement") on the Data Processor's processing of personal data on behalf of the Data Controller.
2.0 Background
2.1 This Agreement has been entered into in connection with the Parties execution of the “Plug and Play” Software as a Service Agreement and Standard Terms and Conditions, (“Master Agreement”).
2.2. Odyssey uses an anonymised customer ID generated by Your Google Analytics account and transaction revenue information.
2.3. Parties have agreed this Data Processing Agreement under the suspensive condition that a governing body or a competent court decides that the "Applicable Data Protection Law", Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR) is indeed applicable to the Master Agreement, the Data Processor agrees that:
3.0 Scope and purpose
3.1 The Data Processor shall only process personal data for purposes which are necessary in order to perform the services stipulated in the Master Agreement (“the Services”) and as further specified:
The processing of personal data
I. Purpose and nature of the processing operations:
Based on the customer journey, the Data Processor will help the Data Controller measure the effect of digital marketing channels, to help improve the effectiveness of the Data Controller’s digital marketing activities. In that connection, the Data Processor may have access to the personal data of the Data Controller’s customers.
II. Categories of data subjects:
• Customers
• Users of the Data Controller’s website
III. Categories of personal data:
• Order information
• IP address
IV. Sensitive personal data
• Not relevant.
V. Location(s), including name of country/countries of processing:
Gedempt Hamerkanaal 173, 1021 KP Amsterdam, The Netherlands
3.2. The Agreement constitutes the Data Controller’s instructions to the Data Processor.
3.3. The personal data to be processed by the Data Processor concerns the categories of data and the categories of data subjects Article 3.1.
4.0 Obligations of the Data Processor
4.1. The Data Processor warrants to the Data Controller that it complies and will comply with its obligations as a data processor under the applicable data protection regulation, including all regulation concerning security measures.
4.2. All processing by the Data Processor of the personal data provided by the Data Controller shall only be carried out on documented instructions from the Data Controller for the provision of the Services, including with regard to transfers of personal data to a third country or an international organization, unless the Data Processor is required to do so by applicable Union or Member State Law. In such case, the Data Processor shall immediately inform the Controller of that legal requirement before processing the personal data, unless applicable legislation prohibits such information on important grounds of public interest.
4.3. The Data Processor shall inform the Data Controller immediately if, in his opinion, an instruction infringes any applicable data protection regulation.
4.4. The Data Processor shall implement and follow all appropriate and necessary technical and organizational security measures, including any additional measures, required to ensure a level of security appropriate to the harm that might result from unauthorized or unlawful access, processing or accidental loss, destruction or damage to the personal data, and shall ensure that the data is not accidentally or unlawfully destroyed, lost or impaired or brought to the knowledge of unauthorized third parties, abused or otherwise processed in a manner which is contrary to any applicable data protection regulation that may be in force from time to time. In any case and unless otherwise directed in writing by the Data Controller, the Data Processor must, among other things:
• introduce login and password procedures and set up and maintain a firewall and antivirus software;
• ensure the ongoing confidentiality, integrity, availability and resilience of systems and services processing personal data;
• ensure that it has the ability to restore the availability and access to the personal data in a timely manner in the event of a physical or technical incident;
• implement a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing;
• ensure the pseudonymization and encryption of personal data when appropriate;
• ensure that only employees with a work related purpose have access to the personal data, and ensure that all employees with access to the data shall not process the data except on instructions from the Data Controller, unless he or she is required to do so by Union or Member State Law;
• store data storage media securely so that it is not accessible to third parties;
• ensure that buildings and systems used for data processing are secure and that only high-quality hardware and software, which is regularly updated is used;
• ensure that tests and waste material are destroyed in accordance with data protection requirements on the specific written instruction of the Data Controller. In particular cases, to be determined by the Data Controller, such tests and waste material must be stored or returned.
4.5. The personal data is confidential in nature and shall be kept confidential. The Data Processor shall ensure that all employees engaged in processing the personal data have received proper training, adequate instructions and guidelines on the processing of the personal data, and have committed themselves to confidentiality. In addition, the Data Processor must ensure that the employees involved with the processing of the personal data are familiar with the applicable and implemented security requirements and will keep the personal data confidential.
4.6. The Data Processor must notify the Data Controller immediately where data protection regulation has been breached or other irregularities in connection with the processing of the personal data occur. In any case, the Data Processor shall promptly notify the Data Controller of any security incident that leads or may lead to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored or otherwise processed by the Data Processor in connection with the Services ("Security Breach"). The notification to the Data Controller shall in any case include: (a) the nature of the Security Breach; (b) the recommended measures to minimize the negative effects of the Security Breach; (c) the identified and probable consequences of the Security Breach on the processing of personal data by the Data Processor in connection with the Services; and (d) the (proposed) actions (to be) taken to remedy the consequences for the protection of personal data processed by the Data Processor in connection with the Services. The Data Controller’s point of contact is as stated in the Master Agreement.
4.7. The Data Processor shall provide full cooperation to the Data Controller with respect to data protection impact assessments and any Security Breach. With respect to Security Breach such cooperation should include – but not be limited to - providing adequate information and support relating to (a) the recovery of the Security Breach and the prevention of future Security Breaches; (b) the limitation of the impact of the Security Breach on the privacy of the data subjects involved and (c) the communication of a Security Breach to the data subject.
4.8. Upon the request of the Data Controller, the Data Processor shall provide the Data Controller with all information necessary to demonstrate that the Data Processor has taken the necessary technical and organizational security measures, and to demonstrate compliance with any and all applicable data protection regulations.
4.9. The Data Processor shall assist the Data Controller by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of the Data Controller’s obligation to respond to requests for exercising the data subject’s rights laid down in in the applicable data protection regulation. If the Data Processor, or another sub-processor which has received personal data, receives a request with respect to the personal data from a data subject, the Data Processor must as soon as reasonably possible send such request to the Data Controller, for the Data Controller’s further processing thereof, unless the Data Processor or another sub-processor has been explicitly authorized by the Data Controller to handle such request itself.
4.10. The Data Processor shall promptly notify the Data Controller about any legally binding request for disclosure of the personal data by law enforcement or other applicable authority unless otherwise prohibited by applicable law.
4.11. Upon request of the Data Controller, the Data Processor shall assist the Data Controller in taking any actions deemed necessary or appropriate to deal with complaints or allegations of or in connection with a failure to comply with the applicable data protection regulation.
5.0 Use of sub-processors
5.1. The Data Processor may engage another processor (sub-processor) for the fulfilment of this Agreement without the prior specific or general written consent of the Data Controller.
5.2. The Data Processor has the Data Controller’s general consent for the engagement of sub-processors.
5.3. The Data Controller shall on commencement of this Agreement approve the engagement of Amazon.
5.4. If the Data Processor engages a sub-processor that processes personal data in a third country not recognized by the EU Commission as providing adequate protection of personal data, the Data Processor must ensure that there is a legal basis for the transfer, e.g. the EU Commission’s Standard Contractual Clauses for the transfer of personal data to third country. The Data Controller hereby provides a mandate to the Data Processor to enter into the EU Commission’s Standard Contractual Clauses with a sub-processor (where applicable) on behalf of and in the name of the Data Controller.
5.6. A copy of the Sub-Processor-Agreement and subsequent amendments shall – at the Data Controllers request – be submitted to the Data Controller.
6.0 Amendments
6.1. In the event of amendments to the applicable data protection regulation, the Data Controller is entitled to amend the instructions set out in this Agreement on the giving of 2 (two) weeks' written notice when forwarding the new written instructions to the Data Processor. The Data Processor must however, at all times, comply with the applicable regulation on the protection of personal data.
7.0 Breach
7.1. Article 13 of the Master Agreement is applicable to this Data Processing Agreement. The Data Processor shall not be liable for any fine or claim against the Data Controller as a result of the Data Controller not fulfilling its obligations as Data Controller.
7.2. Liability of either Party for any indirect or consequential damage is excluded under all circumstances or events, including though not limited to loss of profit, savings missed out on, diminished goodwill and damage due to operational stagnation. The exceptions and limitations of the liability of either Party mentioned are not applicable in the event the damage was caused by intent or gross negligence of the management of either Party.
8.0 Effective date, duration of processing and termination
8.1 This Agreement becomes effective on the date the Master Agreement commences.
8.2 Termination of the Master Agreement will result in the termination of this Agreement. However, the Data Processor remains subject to the obligations stipulated in this Agreement, as long as the Data Processor processes personal data on behalf of the Data Controller, i.e. until the personal data have been deleted or destroyed as described in section 8.3.
8.3 In the event of the termination of the Agreement, the Data Processor shall delete or destroy the personal data. There is no obligation for the Data Processor to return Data to Data Controller.
9.0 Governing law and jurisdiction
9.1 The choice of law and venue stipulated in Article 16 of the Master Agreement shall also apply to this Agreement.
Annex 2: Amazon
Name of external server company: Amazon server
Contact Detail: http://aws.amazon.com
Area of Operation: Odyssey is hosting all your data on Amazon servers under the following terms and conditions: https://aws.amazon.com/s3/sla/ https://aws.amazon.com/ec2/sla/ https://aws.amazon.com/rds/sla/ https://aws.amazon.com/service-terms/ https://aws.amazon.com/agreement/