Terms of Service
These Terms of Service last updated as of February 1, 2021.
CoderPad, Inc. encourages you to carefully read these Terms of Service (the “Terms”) before using coderpad.io (“the Website” or “the Service”) operated by CoderPad, Inc. (referred to as “CoderPad”, “us”, “we”, or “our”). This Agreement sets forth the legally binding terms and conditions for your use of, or subscription to, CoderPad.io.
These Terms are made by and between the party on whose behalf they are accepted (the “Subscriber”, “you” or “your”) and CoderPad, Inc. If you are entering into or accepting these Terms on behalf of a legal entity, you represent and warrant that you have the right, authority and capacity to bind such entity to these Terms, in which case the term “Subscriber” or “you” shall refer to such entity. If you do not have such authority, or do not agree to be bound by all of the provisions of these Terms, do not access or use CoderPad’s services.
This Website is only intended for individuals who are at least 16 years of age. We do not knowingly encourage or solicit visitors to this Website who are under the age of 16 or knowingly collect personal data from anyone under the age of 16 without parental fiduciary consent.
License and Access
Subject to your compliance with these Terms, and your payment of any applicable fees, CoderPad grants you a limited, non-exclusive, non-transferable, non-sublicensable, personal license to access and make use of the Service. All rights not expressly granted to you in these Terms are reserved. You may not misuse the Service. You may use the Service only as permitted by law. The licenses granted by CoderPad will terminate automatically and without further notice if you do not comply with these Terms.
Account Types and Terms
Free Accounts and Trial Accounts: You may register for a free account on the Website. A free account does not provide you with access to all functionalities of the Service. Free accounts have a term that runs until you close the account or CoderPad terminates the account (which CoderPad may do at any time at its sole discretion and without notice for any reason).
You may request a free trial of the Service, which CoderPad may agree to provide at its sole discretion. You may not have more than one trial account at a time, and you may not serially sign up for trial accounts to avoid paying for the Service. A trial account is valid for seven (7) days unless otherwise agreed by CoderPad; however, CoderPad may at its sole discretion terminate any trial account immediately and without notice for any reason. After the seven (7) day trial period, if you do not sign up for a paid account, your trial account will become a free account with more limited functionality than trial accounts and paid accounts.
CoderPad provides free accounts and trial accounts for use on an “as is” basis, without any warranties of any kind, express or implied, and to the fullest extent permitted under applicable law, CoderPad disclaims all liability with respect to your access of the Website and use of the Service pursuant to a free account or a trial account.
Paid Accounts: Paid accounts for the Service are a month-by-month subscription, and automatically renew until 1) you stop paying the fees for the paid account or 2) the paid account is terminated in accordance with these Terms. There are different tiers of paid accounts available from CoderPad. More information regarding the account tiers and their pricing is available at https://coderpad.io/pricing. Subscribers may not have more than one paid account at a single company (including such company’s affiliates). If you stop paying the fees for a paid account, the account will become a free account and will have more limited functionality than the paid account.
The Service is billed in advance on a recurring monthly basis and payments are non-refundable. All fees will be paid in US dollars. There will be no refunds for cancellation of partial months of service. However, in the case of upgrades and downgrades of the Service tier which Subscriber is purchasing, Subscriber will be credited pro-rata for remaining unused time on the original plan. Downgrading your Service tier may cause the loss of certain features or capacity of the account; CoderPad does not accept any liability for such loss. For any billing questions or disputes, please reach out to us directly at firstname.lastname@example.org to work out resolution.
All paid plans require a valid credit card or advance arrangement of a custom billing plan unless otherwise agreed by CoderPad.
If any subscription paid by credit card is 21 or more days overdue, we may, without limiting any rights and remedies, cease the provision of Service to Subscriber until the overdue amount is paid in full.
Subscriber shall be responsible for all taxes associated with Services other than U.S. taxes based on Company’s net income.
Prior to gaining access to certain functionalities of the Service, we may require you to set up a username and password (“Passwords”) as set forth in the account registration procedures provided to you or posted on the Website. You agree to comply with any procedures specified by CoderPad from time to time regarding obtaining and updating Passwords for the Website and the Service. You agree to assume sole responsibility for the security of Passwords used by you. Accounts are subject to cancellation or suspension by CoderPad at any time, including upon the misuse of the account or breach of these Terms. You agree that you will use your best efforts to prevent any third party from obtaining your Password, and you shall inform CoderPad immediately of any actual or potential unauthorized access to a Password or to the Website and/or the Service.
Subscriber’s Obligations & Responsibilities
Subscriber is solely responsible for ensuring that it has all rights, licenses and permissions in and to information, data, software code and other materials (collectively, “Subscriber Data”) that it inputs to, transmits through and/or stores on the Service and the Website. Subscriber represents and warrants that it has all rights, licenses and permissions necessary to authorize CoderPad to receive, store and display such Subscriber Data for the purpose of providing the Service. Without limitation, Subscriber Data may include (i) contact data such as names, email addresses and other personally identifiable information, (ii) interview questions and coding examples used in the process of conducting interviews via the Service, and (iii) interview notes created by Subscriber or its personnel in the course of conducting such interviews.
Subscriber is also solely responsible for ensuring that each candidate whom Subscriber is interviewing via use of the Services is aware of and consents to these Terms with respect to the conduct of such interview and the candidate’s use of the Website and the Service for the purpose of participating in such interview. This includes making the candidate aware that his/her coding efforts as demonstrated in the course of the interview will be stored by CoderPad and will be accessible by Subscriber after the conclusion of the interview.
In addition, Subscriber shall:
1. use the Service in accordance with the Agreement;
2. safeguard user emails and Passwords used to access the Service and prevent unauthorized access to or use of the Service;
3. promptly notify CoderPad of any unauthorized access, access attempts, or use of the Service;
4. not use the Service to store, transmit or display Subscriber Data for fraudulent purposes or in violation of applicable laws and governmental regulations;
5. not conduct interviews via the Service or otherwise use the Service in a manner that violates applicable laws, including laws that prohibit discrimination in hiring and employment on the basis of race, color, national origin, religion, age, sex (gender), sexual orientation, or physical or mental disability;
6. not make the Service available to, or use the Service for the benefit of, anyone other than Subscriber’s own personnel or end users;
7. not use the Service to store, transmit or display code, files, scripts, agents, or programs intended to do harm, including viruses, worms, Trojan horses, spyware, ransomware or code that damages or destroys data or networks on which data is stored (“Malicious Code”);
8. not interfere with or disrupt the integrity or performance of the Service or any third-party technology contained therein;
9. not attempt to gain unauthorized access to any of CoderPad’s data centers, systems or networks;
10. not permit direct or indirect access to or use the Service in a way that circumvents a usage or capacity limit of the Service;
11. not sell, resell, license, sublicense, distribute, redistribute, rent, or lease the Service;
12. not copy, modify or create a derivative work of the Service or any part thereof;
13. not access the Service or use the documentation to develop a competing product or service;
14. not reverse engineer, decompile, translate, disassemble or otherwise attempt to extract any or all of the source code of the Service, except as permitted by applicable laws or governmental regulations;
15. not alter, remove or obscure any copyright, trademark or other proprietary notices on the Service;
16. not extract, mine or ‘scrape’ data or content from the Service, whether manually or via automated means;
17. not use the Service or underlying infrastructure for cryptocurrency mining purposes or any other purpose that is not the authorized intent of CoderPad;
18. not use any meta tags or any other “hidden text” utilizing CoderPad’s name or trademarks without the express written consent of CoderPad;
19. obtain and maintain appropriate equipment and ancillary services needed to connect to, access or otherwise use the Service, including hardware, servers, software, operating systems, VPNs and internet access;
20. obtain and maintain any required consents necessary to permit the processing of Subscriber Data by CoderPad under these Terms; and
21. obtain and maintain any consents necessary to permit the processing by CoderPad of the personal information of Subscriber’s personnel who serve as Subscriber’s designated agents for purposes of the Service and these Terms.
We may terminate access to the Service:
a) immediately and without notice, in the event CoderPad determines that Subscriber’s use of the Service violates these Terms or CoderPad’s intellectual property rights, or poses a threat to the functionality of the Service or to the security of data contained on or transmitted through the Service;
b) immediately and without notice, with respect to any trial accounts; or
c) without cause, with respect to any paid accounts, by giving notice that access will terminate at the end of the then-current month of paid-for Service.
If you no longer wish to use the Service, Subscriber is solely responsible for properly terminating its subscription. To terminate a subscription, the Subscriber is to select “Cancel Paid Plan” in the Billing subsection of the Website.
All items owned by Subscriber as specified in the “Subscriber Ownership and Content” section of these Terms shall remain available to Subscriber in CoderPad for a period of up to ninety (90) days after termination for any reason, but all other features of the Service may be unavailable or greatly curtailed. After such ninety (90) day period, CoderPad is not obligated to retain any or all copies of your Subscriber Data or other content that you or candidates that you interviewed via the Service may have provided to CoderPad.
CoderPad Intellectual Property
The Service, the software that CoderPad uses to operate the Service, and all intellectual property rights in and to the foregoing are and shall at all times remain the exclusive property of CoderPad and its licensors, and are protected by United States and international copyright and other intellectual property laws. All rights therein are expressly reserved by CoderPad, and no rights are granted to you other than that limited right to access and use the Service on the terms set forth in these Terms.
You may not modify, publish, transmit, participate in the transfer or sale, create derivative works, or in any way exploit, any CoderPad materials or intellectual property, in whole or in part.
If you provide us with any suggestions, comments or other feedback relating to the Service (whether existing, suggested or contemplated), which is or may be subject to any intellectual property rights (“Feedback”), such Feedback shall be exclusively owned by CoderPad. By providing such Feedback to CoderPad, you acknowledge and agree that it may be used by CoderPad in order to: (i) further develop, customize and improve of the Service, (ii) provide ongoing assistance and technical support, (iii) create aggregated statistical data and other aggregated and/or inferred information, which CoderPad may use to provide and improve its services, (iv) to enhance CoderPad data security and fraud prevention capabilities, and (v) to comply with any applicable laws and regulations.
In addition, you (1) represent and warrant that such Feedback does not infringe on any third party rights; (2) irrevocably assign to CoderPad any right, title and interest you may have in such Feedback; and (3) explicitly and irrevocably waive any and all claims relating to any past, present or future moral rights, artists’ rights, or any other similar rights worldwide in or to such Feedback.
Subscriber Ownership and Content
Subscriber retains all rights, title and interest in the Subscriber Data, including all related intellectual property rights, input into, transmitted through, or stored by Subscriber within CoderPad.
We reserve the right to monitor Subscriber Data and to remove or disable content that we, in our sole discretion, determine to be illegal, harmful, offensive, creating liability for CoderPad or its service providers, or otherwise in violation of these Terms or CoderPad operating policies. Without limiting the foregoing, CoderPad does not assume any obligation to perform such monitoring, and CoderPad does not make any representations or guarantees regarding content provided by other users of the Service.
We, at our expense, shall defend you and your officers, directors and employees (“Subscriber Indemnified Parties”) against any claim made or brought against any Subscriber Indemnified Party by a third party alleging that the Service as provided to you for use in accordance with these Terms infringes the intellectual property rights of a third party, and shall pay any damages finally awarded by a court or agreed to by you (with CoderPad’s consent) in a settlement with respect to such claim. The foregoing indemnity applies only if you have paid for a CoderPad account; it does not apply to Subscribers who have a free account or a trial account.
You, at your expense, shall indemnify, hold harmless and (if so requested by CoderPad) defend us and our directors, officers, employees, affiliates, partners, suppliers, agents, contractors and licensors, and each of their respective officers, directors, agents and employees (the “CoderPad Indemnified Parties”) from and against any claim, proceeding, loss, damage, fine, penalty, interest and expense (including, without limitation, fees for attorneys and other professional advisors) arising out of or in connection with the following: (1) your access of use of the Website or the Service; (2) your breach of these Terms; (3) any Subscriber Data or other content you provide to CoderPad or transmit through or store on the Website or the Service; (4) any activity in which you engage on or through the Website or the Service; or (5) your violation of any law or the rights of a third party, including (a) use of the Service to conduct interviews in a discriminatory or otherwise illegal manner, or (b) the infringement by you of any intellectual property or misappropriation of any proprietary right or trade secret of any person or entity. These obligations will survive any termination of these Terms.
Each party agrees to use reasonable efforts to maintain the secrecy and confidentiality of Confidential Information of the other party and to only use such Confidential Information as anticipated under these Terms. Confidential Information shall include the following: (i) any information clearly marked as confidential at the time of disclosure, and (ii) any intellectual property provided by CoderPad in the performance of the Service. The provisions of this section shall not apply to information that: (i) is disclosed or available to the public; (ii) is otherwise in the public domain at the time of disclosure or subsequently becomes part of the public domain through no fault of the receiving party; (iii) is already known to the receiving party without an obligation of confidentiality; (iv) is approved for release in writing by the disclosing party; or (v) the receiving party is compelled to disclose or deliver in response to a law, regulation, or governmental or court order (to the least extent necessary to comply with such order), provided that receiving party notifies the disclosing party promptly (if permitted under the order) upon receiving such order to give the disclosing party the opportunity to contest such order and cooperates in the contest action (at the disclosing party’s expense) if requested and permitted under the order.
Disclaimers; Limitation of Liability
Each party hereby represents and warrants to the other that it has the necessary authority to enter into and perform its obligations under these Terms, and without the consent of any third party or breach of any contract or agreement with a third party, that they have the necessary authority to enter these Terms, and that they shall comply with all laws applicable to the performance, use and receipt of the Service.
You agree and understand that the Service is only a tool that assists you in conducting interviews. CoderPad does not independently confirm the identity of any individual whom a Subscriber interviews through use of the Service. CoderPad does not evaluate any candidates interviewed by Subscribers using the Service, nor does CoderPad provide any guidance on the suitability of such candidates for employment or other engagement by Subscribers or any third party.
You agree and understand that the Service and all information, content, materials, products (including software) and other services included on or otherwise made available to you through the Service are provided by CoderPad on an “as is” and “as available” basis, unless otherwise agreed upon in writing by CoderPad. CoderPad makes no representations or warranties of any kind, express or implied, as to the operation of the Service, or the information, content, materials, products (including software) or other services included on or otherwise made available to you through the Service, unless otherwise agreed upon in writing by CoderPad. CoderPad, its affiliates, their respective employees, members, shareholders, agents, third party content providers and licensors, do not warrant that the Service will be uninterrupted or error free; nor does CoderPad make any warranty as to the results that may be obtained from use of the service, or as to the accuracy, reliability or content of any information provided through the Service.
In addition, CoderPad makes no representation nor does it warrant, endorse, guarantee, or assume responsibility for any third party applications (or the content thereof), user content, devices or any other product or service advertised, promoted or offered by a third party on or through the Service or any hyperlinked website and CoderPad is not responsible or liable for any transaction between you and third party providers of the foregoing. You expressly agree that your use of the Service is at your sole risk.
You agree that your sole and exclusive remedy for any problems or dissatisfaction with the Service is to stop using the Service. You agree that CoderPad has no obligation or liability arising from or related to third party content and services made available through or in connection with the Service, and while your relationship with such third party content and services may be governed by separate agreements with such third parties, your sole and exclusive remedy, as with respect to CoderPad, for any problems or dissatisfaction with third party content and services, is to stop using any such third party content and services.
To the fullest extent permissible by law, CoderPad disclaims all warranties, express or implied, including, but not limited to, implied warranties of merchantability, non-infringement and fitness for a particular purpose. CoderPad does not warrant that the Service, information, content, materials, products (including software) or other services included on or otherwise made available to you through the Service, CoderPad’s servers or electronic communications sent from CoderPad are free of viruses or other harmful components.
IN NO EVENT WILL (A) CODERPAD OR ITS AFFILIATES BE LIABLE FOR ANY INDIRECT, CONSEQUENTIAL, INCIDENTAL, SPECIAL OR PUNITIVE DAMAGES UNDER OR IN CONNECTION WITH THESE TERMS OR SUBSCRIBER’S ACCESS AND USE OF THE WEBSITE AND THE SERVICE, OR (B) CODERPAD’S AGGREGATE LIABILITY (TOGETHER WITH ALL OF ITS AFFILIATES) ARISING OUT OF OR RELATED TO THESE TERMS OR SUBSCRIBER’S ACCESS AND USE OF THE WEBSITE AND THE SERVICE (REGARDLESS OF THE NUMBER OF INDIVIDUAL INCIDENTS GIVING RISE TO LIABILITY) EXCEED THE TOTAL AMOUNT ACTUALLY PAID BY SUBSCRIBER HEREUNDER FOR THE SERVICES IN THE TWELVE (12) MONTHS PRECEDING THE FIRST INCIDENT OUT OF WHICH THE LIABILITY AROSE. THE ABOVE LIMITATIONS WILL APPLY TO THE FULLEST EXTENT PERMISSIBLE UNDER APPLICABLE LAW, WHETHER AN ACTION IS IN CONTRACT OR TORT AND REGARDLESS OF THE THEORY OF LIABILITY, AND REGARDLESS OF WHETHER REMAINING REMEDIES ARE DEEMED TO FAIL OF THEIR ESSENTIAL PURPOSE.
YOUR SOLE AND ALTERNATIVE REMEDY IF THE ABOVE STATED LIMITATIONS ARE FOUND TO FAIL OF THEIR ESSENTIAL PURPOSE SHALL BE PROVEN DIRECT DAMAGES IN AN AMOUNT NOT TO EXCEED $100. BECAUSE SOME STATES OR JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR THE LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, IN SUCH STATES OR JURISDICTIONS, CODERPAD’S LIABILITY SHALL BE LIMITED TO THE EXTENT PERMITTED BY LAW. THE FOREGOING SHALL NOT LIMIT CODERPAD’S LIABILITY FOR INTENTIONAL MISCONDUCT OR GROSS NEGLIGENCE.
Links To Other Sites
This Agreement (and any further rules, policies, or guidelines incorporated by reference) shall be governed and construed in accordance with the laws of the State of California, United States, without giving effect to any principles of conflicts of law.
California Consumer Privacy Act
Consumers, as defined under the California Consumer Privacy Act (CCPA) may have rights regarding their personal information, which meets the definition of “Personal Information” under the CCPA. You are responsible for any Personal Information you collect under the CCPA (“Business PI”). The parties agree that CoderPad acts as a “Service Provider” and you are a “Business” (as such terms are defined under the CCPA). CoderPad and you each shall comply with our and your respective obligations under the CCPA. For example, CoderPad shall not sell your Service Provider PI or otherwise disclose your Service Provider PI for a commercial purpose. Notwithstanding the foregoing, you agree that in accordance with the CCPA, CoderPad may use, in aggregate, Personal Information of the end users or your Business or any other Businesses for which CoderPad is a Service Provider for the purposes of detecting data security incidents or protecting against fraudulent or illegal activity. This aggregated Personal Information may include IP addresses, preferences, web pages visited prior to coming to your or another Business’ website, information about browser, network or device (such as browser type and version, operating system, internet service provider, preference settings, unique device IDs and language and other regional settings), and information about how end users interact with your or another Business’ website (such as timestamps, clicks, scrolling, browsing times and load times).
Residents of the European Economic Area
If Subscriber or your end users reside in the European Economic Area or if any transfer of information between Customer and the Services is governed by the European Union General Data Protection Directive (GDPR) or national laws implementing the GDPR, then Customer expressly consents to the transfer of such information outside of the European Union to the United States as may be contemplated by the features and activities of the Services under this Agreement. You agree to be bound by (and CoderPad agrees to be bound by) the Standard Contractual Clauses (“SCCs”) attached to these Terms of Service as Appendix A.
Changes To This Agreement
We reserve the right, at our sole discretion, to modify or replace these Terms by posting the updated Terms on the Website. Your continued use of the Website after any such changes constitutes your acceptance of the updated Terms.
Please review this Agreement periodically for changes. If you do not agree to any of this Agreement or any changes to this Agreement, do not use, access or continue to access the Website and discontinue any use of the Website immediately.
No Waiver. The failure of CoderPad to exercise or enforce any right or provision of these Terms shall not constitute a waiver of said right or provision.
Enforceability. If any portion of these Terms is found to be void, invalid or otherwise unenforceable, then that portion shall be deemed to be superseded by a valid, enforceable provision that matches the intent of the original provision as closely as possible. The remainder of these Terms shall continue to be enforceable and valid according to terms contained herein.
Export Control. You may not use or otherwise export or re-export the Service except as authorized by United States law and the laws of the jurisdiction(s) in which the Service was obtained. You represent and warrant that (i) you are not located in a country that is subject to a U.S. Government embargo, or that has been designated by the U.S. Government as a “terrorist supporting” country; and (ii) you are not listed on any U.S. Government list of prohibited or restricted parties.
Survival. The provisions of these Terms which by their express language or by their context are intended to survive the termination of these Terms shall survive such termination. Without limiting the generality of the foregoing, the disclaimers of warranty, intellectual property ownership, confidentiality, indemnity and limitations of liability shall survive any termination or expiration of this agreement.
Headings & Construction. The section titles in the Terms are for your convenience only and carry no contractual or legal effect whatsoever. The language in these Terms shall be interpreted in accordance with its fair meaning and shall not be strictly interpreted for or against either party.
Force Majeure. Neither party hereto shall be deemed to be in default of any provision of the Terms or for failure in performance, other than the obligation to pay amounts due hereunder when due, resulting from acts or events beyond the reasonable control of such party and arising without its fault or negligence, including, but not be limited to, acts of God, civil or military authority, interruption of electric or telecommunication services, civil disturbances, acts of war or terrorists, strikes, fires, floods or other catastrophes. Each Party shall use reasonable efforts to mitigate the effect of a force majeure event.
Contact. For purposes of providing notice contact us at: CoderPad, Inc., 44 Montgomery Street, Floor 3, San Francisco CA 94104.
EU Standard Contractual Clauses (Processors)
For the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection,
the non-CoderPad, Inc. legal entity accepting the Clauses (the “data exporter”)
CoderPad, Inc. (the “data importer”)
44 Montgomery St 3rd floor San Francisco, CA 94104,
each a “party” and together “the parties,”
HAVE AGREED on the following Contractual Clauses (the “Clauses”) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Annex A.
If you are accepting on behalf of the data exporter, you represent and warrant that: (i) you have full legal authority to bind your employer, or the applicable entity, to these terms and conditions; (ii) you have read and understand the Clauses; and (iii) you agree, on behalf of the party that you represent, to the Clauses. If you do not have the legal authority to bind the data exporter, please do not click the “I Accept” button below. The Clauses shall automatically expire on the termination or expiry of the Terms of Service. The parties agree that where data exporter has been presented with these Clauses and clicked to accept these terms electronically, such acceptance shall constitute execution of the entirety of the Clauses by both parties, subject to the effective date described above.
For the purposes of the Clauses:
- (a) personal data, special categories of data, process/processing, controller, processor, data subject and supervisory authority shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (1);
- (b) the data exporter means the controller who transfers the personal data;
- (c ) the data importer means the processor who agrees to receive from the data exporter personal data intended for processing on its behalf after the transfer in accordance with its instructions and the terms of the Clauses and who is not subject to a third country’s system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC;
- (d) the sub-processor means any processor engaged by the data importer or by any other sub-processor of the data importer who agrees to receive from the data importer or from any other sub-processor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with its instructions, the terms of the Clauses and the terms of the written subcontract;
- (e) the applicable data protection law means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established;
- (f) technical and organisational security measures means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.
2. Details of the transfer
The details of the transfer and in particular the special categories of personal data where applicable are specified in Annex A which forms an integral part of the Clauses.
3. Third-party beneficiary clause
The data subject can enforce against the data exporter this 3, clause 4(b) to clause 4(i), clause 5(a) to clause 5(e) and clause 5(g) to clause 5(j), 6.1 and 6.2, 7, 8.2 and 9 to 12 as third-party beneficiary.
The data subject can enforce against the data importer this clause, clause 5(a) to clause 5(e) and clause 5(g), 6, 7, 8.2 and 9 to 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.
The data subject can enforce against the sub-processor this 3.1, clause 5(a) to clause 5(e) and clause 5(g), 6, 7, 8.2, and 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the sub-processor shall be limited to its own processing operations under the Clauses.
The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law.
4. Obligations of the data exporter
The data exporter agrees and warrants:
- (a) that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;
- (b) that it has instructed and throughout the duration of the personal data-processing services will instruct the data importer to process the personal data transferred only on the data exporter’s behalf and in accordance with the applicable data protection law and the Clauses;
- © that the data importer will provide sufficient guarantees in respect of the technical and organisational security measures specified in Annex B to this contract;
- (d) that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;
- (e) that it will ensure compliance with the security measures;
- (f) that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;
- (g) to forward any notification received from the data importer or any sub-processor pursuant to clause 5(b) and 8.3 to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;
- (h) to make available to the data subjects upon request a copy of the Clauses, with the exception of B and a summary description of the security measures, as well as a copy of any contract for sub-processing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;
- (i) that, in the event of sub-processing, the processing activity is carried out in accordance with 11 by a sub-processor providing at least the same level of protection for the personal data and the rights of data subjects as the data importer under the Clauses; and
- (j) that it will ensure compliance with clause 4(a) to clause 4(i).
5. Obligations of the data importer
The data importer agrees and warrants:
- (a) to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
- (b) that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
- © that it has implemented the technical and organisational security measures specified in Annex B before processing the personal data transferred;
- (d) that it will promptly notify the data exporter about:
- (i) any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation;
- (ii) any accidental or unauthorised access; and
- (iii) any request received directly from the data subjects without responding to that request, unless it has been otherwise authorised to do so;
- (e) to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;
- (f) at the request of the data exporter to submit its data processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority;
- (g) to make available to the data subject upon request a copy of the Clauses, or any existing contract for sub-processing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Annex B which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;
- (h) that, in the event of sub-processing, it has previously informed the data exporter and obtained its prior written consent;
- (i) that the processing services by the sub-processor will be carried out in accordance with 11; and
- (j) to send promptly a copy of any sub-processor agreement it concludes under the Clauses to the data exporter.
6.1 The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred to in 3 or in 11 by any party or sub-processor is entitled to receive compensation from the data exporter for the damage suffered.
6.2 If a data subject is not able to bring a claim for compensation in accordance with paragraph 1 against the data exporter, arising out of a breach by the data importer or its sub-processor of any of their obligations referred to in 3 or in 11 because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, in which case the data subject can enforce its rights against such entity.
The data importer may not rely on a breach by a sub-processor of its obligations in order to avoid its own liabilities.
6.3 If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs 1 and 2, arising out of a breach by the sub-processor of any of their obligations referred to in 3 or in 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the sub-processor agrees that the data subject may issue a claim against the data sub-processor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the sub-processor shall be limited to its own processing operations under the Clauses.
7. Mediation and jurisdiction
7.1 The data importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject: – (a) to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority; – (b) to refer the dispute to the courts in the Member State in which the data exporter is established.
7.2 The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.
8. Cooperation with supervisory authorities
8.1 The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.
8.2 The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any sub-processor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law.
8.3 The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any sub-processor preventing the conduct of an audit of the data importer, or any sub-processor, pursuant to paragraph 2. In such a case the data exporter shall be entitled to take the measures foreseen in clause 5(b).
9. Governing Law
The Clauses shall be governed by the law of the Member State in which the data exporter is established.
10. Variation of the contract
The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clauses.
11.1 The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the sub-processor which imposes the same obligations on the sub-processor as are imposed on the data importer under the Clauses. Where the sub-processor fails to fulfil its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the sub-processor’s obligations under such agreement.
11.2 The prior written contract between the data importer and the sub-processor shall also provide for a third-party beneficiary clause as laid down in 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the sub-processor shall be limited to its own processing operations under the Clauses.
11.3 The provisions relating to data protection aspects for sub-processing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the data exporter is established.
11.4 The data exporter shall keep a list of sub-processing agreements concluded under the Clauses and notified by the data importer pursuant to clause 5(j), which shall be updated at least once a year. The list shall be available to the data exporter’s data protection supervisory authority.
12. Obligation after the termination of personal data processing services
12.1 The parties agree that on the termination of the provision of data-processing services, the data importer and the sub-processor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.
12.2 The data importer and the sub-processor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data-processing facilities for an audit of the measures referred to in paragraph 1.
ANNEX A – To the Standard Contractual Clauses
This Annex forms part of the Clauses.
The Member States may complete or specify, according to their national procedures, any additional necessary information to be contained in this A.
The data exporter is the non-CoderPad, inc. legal entity that is a party to the Clauses.
The data importer is CoderPad, Inc. (“CoderPad”), a provider of global cloud technology services for businesses (“Services”).
The personal data transferred concern the following categories of data subjects: Data subjects include the individuals about whom data is provided to CoderPad via the Services (as defined in the Terms of Service) by (or at the direction of) data exporter.
Categories of data
The personal data transferred concern the following categories of data: Data relating to individuals provided to CoderPad via the Services by (or at the direction of) data exporter.
Special categories of data
The personal data transferred does not include special categories of data.
The personal data transferred will be subject to the following basic processing activities:
- Scope of Processing. The Clauses reflect the parties’ agreement with respect to the processing and transfer of personal data specified in this Appendix pursuant to the provision of the Services. Personal data may be processed only to comply with providing the Services (as defined in the Terms of Service). The data exporter instructs the data importer to process personal data in countries in which the data importer or its subprocessors maintain facilities.
- Term of Data Processing. Data processing will be for the period specified in the Terms of Service and any related order. Such period will automatically terminate upon the deletion by the data importer of all data as described in the Terms of Service and related order.
- Data Deletion. During the term of the Terms of Service, the data importer will provide the data exporter with the ability to delete the data exporter’s personal data from the Services in accordance with the Terms of Service. After termination or expiry of the Terms of Service, the data importer will delete the data exporter’s personal data upon request, in accordance with the Terms of Service.
- Access to Data. During the term of the Terms of Service, the data importer will provide the data exporter with access to, and the ability to rectify, restrict processing of and export the data exporter’s personal data from the Services in accordance with the Terms of Service.
- Subprocessors. The data importer may engage subprocessors to provide parts of the Services (as defined in the Terms of Service). The data importer will ensure subprocessors only access and use the data exporter’s personal data to provide the Services and not for any other purpose.
ANNEX B – To the Standard Contractual Clauses
This B forms part of the Clauses and must be completed and signed by the parties.
Description of the technical and organisational security measures implemented by the data importer in accordance with clause 4(d) and clause 5©:
Data importer shall maintain and enforce reasonable technical and organizational safeguards against accidental or unlawful destruction, loss, alteration or unauthorized disclosure or access of personal data that are at least equal to industry standards for applications similar to the services provided by data importer, in accordance with data importer’s internal Information Security Management System (ISMS).
The CoderPad cloud infrastructure and systems are hosted at secure CoderPad Cloud Platform (GCP) and Amazon Web Services (AWS) facilities. Physical assets such as laptops, which may temporarily contain customer data, are protected by auto-locking the workstation if left unattended. CoderPad has defined an Information Security Policy and an Incident Response Policy. All staff are required to report any suspicious activity or possible breach of information security. Development security experts assess each report and identify any security incidents.
Internal system access is offered on an as-needed basis, as defined by the CoderPad Network Security Policy. All system and software logs are stored in read-only access for a minimum of 14 days. Administrative functions are only available to privileged users, using the SSL / HTTPS protocol for publicly available interfaces with non-auto signed SSL certificates. Passwords are stored using a hashed, salted encryption. AWS WAF (Web Application Firewall) scan the data against malicious instances.
Customer environments are stored on a multi-layer infrastructure – GCP and AWS physical storage, GCP and AWS volumes, Docker volumes and application servers/databases. Encryption is on at least one of these layers. All HTTP communication going through a public network uses HTTPS with TLS V1.2 or V1.3 with a third-party approved SSL certificate (selfsigned is prohibited). All customer-defined passwords are encrypted at rest.
However, because the success of this process depends on equipment, software, and services over which data importer has limited control, data exporter agrees that data importer has no responsibility or liability for the deletion or failure to store any personal data or communications maintained or transmitted by the data importer’s services. Data exporter shall be responsible for backing up its own personal data.