ECoding Controller-Controller Data Protection Terms

ECoding and the other party agreeing to these terms (“Partner”) have entered into an agreement for the provision of the Controller Services (as amended from time to time, the “Agreement”).

These ECoding Controller-Controller Data Protection Terms (including the appendix, “Controller Terms”) are entered into by ECoding and Partner and supplement the Agreement. These Controller Terms will be effective, and replace any previously applicable terms relating to their subject matter, from the Terms Effective Date.

If you are accepting these Controller Terms on behalf of Partner, you warrant that: (a) you have full legal authority to bind Partner to these Controller Terms; (b) you have read and understand these Controller Terms; and (c) you agree, on behalf of Partner, to these Controller Terms. If you do not have the legal authority to bind Partner, please do not accept these Controller Terms.

1. Introduction

These Controller Terms reflect the parties’ agreement on the processing of Controller Personal Data.

2. Definitions and Interpretation

2.1 In these Controller Terms:

“Additional Terms” means the additional terms referred to in Appendix 1, which reflect the parties’ agreement on the terms governing the processing of Controller Personal Data in connection with certain Applicable Data Protection Legislation.
“Affiliate” means an entity that directly or indirectly controls, is controlled by, or is under common control with, a party.
“Applicable Data Protection Legislation” means, as applicable to the processing of Controller Personal Data, any national, federal, EU, state, provincial or other privacy, data security or data protection law or regulation, including European Data Protection Legislation, the LGPD and US State Privacy Laws.
“Controller Data Subject” means a data subject to whom Controller Personal Data relates.
“Controller Personal Data” means personal data that is processed by a party under the Agreement in connection with its provision or use (as applicable) of the Controller Services.
“Controller Services” means the ECoding products or services that incorporate these Controller Terms by reference in their terms of service or other agreements, including the “Controller Services”.
“End Controller” means, for each party, the ultimate controller of Controller Personal Data.
“EU GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
“European Data Protection Legislation” means, as applicable: (a) the GDPR; and/or (b) the Swiss FDPA.
“GDPR” means, as applicable: (a) the EU GDPR; and/or (b) the UK GDPR.
“ECoding” means the ECoding Entity that is party to the Agreement.
“ECoding Entity” means ECoding slovakia s. r. o., other Affiliate of ECoding slovakia s. r. o.
“LGPD” means the Brazilian General Data Protection Law (Lei Geral de Proteção de Dados Pessoais).
“Swiss FDPA” means, as applicable, the Federal Data Protection Act of 19 June 1992 (Switzerland) (with the Ordinance to the Federal Data Protection Act of 14 June 1993), or the revised Federal Data Protection Act of 25 September 2020 (with the Ordinance to the Federal Data Protection Act of 31 August 2022).
“Terms Effective Date” means the date on which Partner clicked to accept or the parties otherwise agreed to these Controller Terms.
“UK GDPR” means the EU GDPR as amended and incorporated into UK law under the UK European Union (Withdrawal) Act 2018, and applicable secondary legislation made under that Act.
“US State Privacy Laws” means US privacy, data security, and data protection laws and regulations applicable to the personal information processed by a party under the Agreement, including without limitation (i) the California Consumer Privacy Act of 2018 (including as amended by the California Privacy Rights Act of 2020) together with all implementing regulations (“CCPA") (ii) Virginia’s Consumer Data Protection Act, Va. Code Ann. § 59.1-575 et seq.; and (iii) the Colorado Privacy Act, Colo. Rev. Stat. § 6-1-1301 et seq. together with all implementing regulations; (iv) Connecticut’s Act Concerning Data Privacy and Online Monitoring, Pub. Act No. 22015; and (v) the Utah Consumer Privacy Act, Utah Code Ann. § 13-61-101 et seq.

2.3 The words “include” and “including” mean “including but not limited to”. Any examples in these Controller Terms are illustrative and not the sole examples of a particular concept.

2.4 Any reference to a legal framework, statute or other legislative enactment is a reference to it as amended or re-enacted from time to time.

2.5 To the extent any translated version of these Controller Terms is inconsistent with the English version, the English version will govern.

3. Application of these Controller Terms

3.1 General

These Controller Terms will only apply to the Controller Services for which the parties agreed to these Controller Terms, for example: (a) the Controller Services for which Partner clicked to accept these Controller Terms; or (b) if the Agreement incorporates these Controller Terms by reference, the Controller Services that are the subject of the Agreement.

3.2 Incorporation of Additional Terms

The Additional Terms supplement these Controller Terms.

Roles and Restrictions on Processing

4.1 Independent Controllers.

Subject to Section 4.3 (End Controllers), each party: a) is an independent controller of Controller Personal Data; b) will individually determine the purposes and means of its processing of Controller Personal Data; and c) will comply with the obligations applicable to it under the Applicable Data Protection Legislation regarding the processing of Controller Personal Data.

4.2 Restrictions on Processing

Section 4.1 (Independent Controllers) will not affect any restrictions on either party’s rights to use or otherwise process Controller Personal Data under the Agreement.

4.3 End Controllers

Without reducing either party’s obligations under these Controller Terms, each party acknowledges that: (a) the other party’s Affiliates or clients may be End Controllers; and (b) the other party may act as a processor on behalf of its End Controllers. Each party will ensure that its End Controllers comply with the Controller Terms.

5. Liability

If the Agreement is governed by the laws of: a) a state of the United States of America, then, regardless of anything else in the Agreement, the total liability of either party towards the other party under or in connection with these Controller Terms will be limited to the maximum monetary or payment-based amount at which that party’s liability is capped under the Agreement (and therefore, any exclusion of indemnification claims from the Agreement’s limitation of liability will not apply to indemnification claims under the Agreement relating to the Applicable Data Protection Legislation); or b) a jurisdiction that is not a state of the United States of America, then the liability of the parties under or in connection with these Controller Terms will be subject to the exclusions and limitations of liability in the Agreement.

6. Effect of Controller Terms

6.1 Order of Precedence

If there is any conflict or inconsistency between the Additional Terms, the remainder of these Controller Terms and/or the remainder of the Agreement then, subject to Sections 4.2 (Restrictions on Processing) and 6.2 (No Effect on Processor Terms), the following order of precedence will apply: a) the Additional Terms (if applicable); b) the remainder of these Controller Terms; and c) the remainder of the Agreement.

6.2 No Effect on Processor Terms

These Controller Terms will not affect any separate terms between ECoding and Partner reflecting a controller-processor, processor-processor or processor-controller relationship for a service other than the Controller Services.

7. Data Processing and Storage

7.1 Data Storage and Processing

Our services utilize Amazon Web Services (AWS) and Google Cloud Platform (GCP) within the EU, ensuring GDPR compliance. We do not store personal data permanently on the hard drives of these servers; data is only processed in memory. Data is stored temporarily and only if explicit permission is provided by the user. Once processing is complete, data is promptly deleted unless further retention is authorized. This approach ensures that your personal information is handled securely and in accordance with GDPR requirements.

8. Changes to these Controller Terms

8.1 Changes to URLs.

From time to time, ECoding may change any URL referenced in these Controller Terms and the content at any such URL, except that ECoding may only change the list of potential Controller Services at api.simplap.com/business-services: a) to reflect a change to the name of a service; b) to add a new service; or c) to remove a service (or a feature of a service) where either: (i) all contracts for the provision of that service are terminated; (ii) ECoding has Partner’s consent; or (iii) the service, or a certain feature of the service, has been recategorised as a processor service.

8.2 Changes to Controller Terms

ECoding may change these Controller Terms if the change: a) is as described in Section 8.1 (Changes to URLs); b) reflects a change in the name or form of a legal entity; c) is required to comply with applicable law, applicable regulation, a court order or guidance issued by a governmental regulator or agency; or d) does not otherwise: (i) seek to alter the categorisation of the parties as controllers of Controller Personal Data under Applicable Data Protection Legislation; (ii) expand the scope of, or remove any restrictions on, either party’s rights to use or otherwise process (x) in the case of the Additional Terms, the data in scope of the Additional Terms or (y) in the case of the remainder of these Controller Terms, Controller Personal Data; or (iii) have a material adverse impact on Partner, as reasonably determined by ECoding.

8.3 Notification of Changes

If ECoding intends to change these Controller Terms under Section 8.2(c) and such change will have a material adverse impact on Partner, as reasonably determined by ECoding, then ECoding will use commercially reasonable efforts to inform Partner at least 30 days (or such shorter period as may be required to comply with applicable law, applicable regulation, a court order or guidance issued by a governmental regulator or agency) before the change will take effect. If Partner objects to any such change, Partner may terminate the Agreement by giving written notice to ECoding within 90 days of being informed by ECoding of the change.