Legal

Clone this page to use for the legal notices and disclaimer

INNERCROWD

Last updated 11-12-2024

  1. APPLICABILITY OF TERMS AND CONDITIONS
    1. These general terms and conditions ("general terms") fully apply to all offers, proposals, discussions, quotes, agreements, order confirmations, and other legal actions made by or between Innercrowd and the Client, regardless of their name or format. This includes all services provided by Innercrowd through the Platform, WhatsApp Shops, and other tools.
    2. The applicability of any terms and conditions of the Client is expressly excluded, unless specifically agreed upon in writing by both parties. Any written agreement must clearly reference the date and content of the Client's alternative terms to be considered valid.
    3. These general terms also extend to all persons employed by Innercrowd, anyone contracted by Innercrowd to perform tasks, and anyone for whom Innercrowd may be held liable, regardless of their formal relationship to Innercrowd.
    4. If any provision of these general terms is found to be null, void, or otherwise unenforceable under applicable law, this does not affect the enforceability of the remaining provisions. In such instances, Innercrowd and the Client shall consult to agree on a replacement provision that aligns as closely as possible with the original intent and purpose of the voided term.
    5. Innercrowd reserves the right to unilaterally modify these general terms to reflect changes in applicable law, new services, or international expansion requirements. Clients will be notified in writing of any changes. The modified terms will automatically apply to all services provided after notification, unless the Client expressly objects in writing within 14 days of receipt. If the Client objects, the previous terms will continue to govern the services provided until the parties reach a new agreement.
    6. The Client acknowledges that Innercrowd’s services may involve cross-border data flows and the use of third-party integrations, including TSPs (TSPs) and messaging services such as WhatsApp. The Client agrees to comply with applicable laws and regulations, including those governing data protection, communication consent (e.g., GDPR and TCPA), and ambassador compensation, in all jurisdictions where the Client operates.
  1. DEFINITIONS
    1. The following definitions shall apply in these general terms and conditions and shall have the meanings set forth below
      1. Innercrowd: A private company with limited liability, incorporated under the laws of the Netherlands, with its registered office and principal place of business located at Nobelstraat 21, 212513 BC, Den Haag, The Netherlands. Innercrowd is registered with the Dutch Chamber of Commerce under number 92627536. Innercrowd is the provider of the Platform and related services.
      2. Client: A professional entity, such as an event organizer, that is legally responsible for organizing, promoting, and selling tickets for events using the Platform.
      3. Ambassador Management Platform ("The Platform"): A software tool provided by Innercrowd that enables Clients to sell tickets through their Ambassadors, manage promotional activities, and monitor ticket sales. The Platform includes various components such as the dashboard, Ambassador app, website, software systems, and integration with third-party services.
      4. TSPs(s) ("TSPs"): A system, software tool, or platform developed either by the Client or a third-party vendor, used for selling tickets to events. TSPs may include companies such as Eventix, See Tickets/Eventim, Universe/Ticketmaster, Your Ticket Provider/CM, or other similar service providers. The TSP handles payment processing and ticket distribution, while Innercrowd facilitates integration and tracking via the Platform.
      5. Ambassadors: Natural persons who promote, market, and sell tickets on behalf of the Client through the Platform. Ambassadors are not considered employees, agents, or representatives of Innercrowd, and their role should be defined as non-employee to avoid misclassification under applicable labor laws.
      6. Ticket Buyers: Natural persons who purchase tickets via the links, coupon codes, or other promotional means facilitated by Ambassadors using the Platform.
      7. Quotation: An offer made by Innercrowd for the provision of services, valid for a period of 30 days unless otherwise specified in writing. The Quotation may outline pricing, service tiers (Self-Service or Full-Service), and other terms applicable to the Client's use of Innercrowd’s services.
      8. Agreement: The contractual relationship between Innercrowd and the Client, comprising the signed agreement, these general terms, and any other terms agreed to in writing between Parties. The Agreement governs the Client's use of the Platform and participation in campaigns managed through the Platform, including compliance with legal requirements for communication consent (GDPR, TCPA) and ambassador reward distribution.
  1. CLIENT OBLIGATIONS
    1. The Client is responsible for ensuring compliance with all applicable local, national, and international laws and regulations when using the Platform. This includes, but is not limited to, to data protection, ticket sales, and promotional activities and obtaining all necessary permits, licenses, and approvals for marketing, promotions, and event management activities. The Client shall also ensure compliance with applicable privacy laws and advertising standards, and will indemnify Innercrowd against any claims arising from non-compliance. 
    2. The Client and Innercrowd shall comply with all applicable export control laws, economic sanctions, and trade regulations, including those of the European Union and the United States. The Client agrees not to use the Platform in any manner that would cause either party to violate such laws or regulations. If services involve cross-border transactions, the Client shall ensure that all transactions are permitted under applicable sanctions and export control rules.
  2. PRE-CONTRACTUAL STAGE
    1. All quotations or offers issued by Innercrowd shall remain valid for a maximum of 30 days from the date of issuance. After this period, the Client can no longer accept or rely on the quotation or offer. Additionally, if it is apparent, or should reasonably have been apparent, to the Client that the quotation or offer contains a clear mistake or error, whether in part or in whole, Innercrowd shall not be bound by its terms.
  3. THE PLATFORM
    1. The Platform tracks the completion of promotional activities and rewards claimed by Ambassadors, providing Clients with real-time data on the performance of their campaigns.
    2. The Client may use the Platform to create tasks ("Quests") and set Rewards. For each Quest, the Client determines the number of Reward Points an Ambassador can earn. Similarly, the Client decides how many Reward Points are required to claim each Reward.
    3. Innercrowd provides the Platform as a subscription-based software service. The Client is not permitted to allow third parties to access or use the Platform without Innercrowd’s prior written consent.
    4. Innercrowd is responsible for the maintenance and management of the Platform, including updates and repairs, which will be carried out in accordance with industry standards and best practices.
    5. New features added to the Platform that are not covered under the existing Agreement may be subject to additional pricing and terms, which will need to be agreed upon in writing by both parties.
  4. SELLING TICKETS
    1. The Client may use the Platform to sell tickets through their Ambassadors, provided that they are connected to a TSPs (TSP). Innercrowd shall not be held liable for any services provided by the TSPs, including but not limited to ticket fulfilment, payment processing, and scanning.
    2. To ensure proper functioning of the Platform (i.e., tracking of ticket sales by Ambassadors), a functioning integration with the TSPs is essential. Innercrowd will not be responsible for any errors, data loss, or failures that occur within the TSPs application or integration.
    3. The Platform may only be utilized to sell tickets via TSPs with an active integration, and through the associated Ticket Quests created within the Platform. The Client is prohibited from sharing links to other ticket sales platforms or instructing Ambassadors to sell tickets outside the scope of the Platform.
  5. REWARDS AND FULFILLMENT
    1. The Client is responsible for developing, creating, fulfilling, and communicating the Rewards that Ambassadors can redeem with their Reward Points.
    2. The Client must comply with the rules and regulations of the applicable jurisdiction when creating and fulfilling Rewards. This includes adherence to any relevant legal considerations, particularly in light of the international expansion of Innercrowd's services.
  6. AMBASSADORS
    1. The Client acknowledges and agrees that the Ambassadors engaged through the Platform are independent contractors and not employees of Innercrowd or the Client. This relationship shall not be construed to create any employer-employee relationship between Innercrowd, the Client, and the Ambassadors.
    2. As independent contractors, the Ambassadors are solely responsible for their own tax obligations, including income tax, social security contributions, and any other applicable taxes arising from their engagement. Neither Innercrowd nor the Client shall withhold or pay any taxes on behalf of the Ambassadors. The Client shall not treat or classify the Ambassadors as employees for any tax or legal purposes.
    3. Ambassadors shall not be entitled to any employee benefits, including but not limited to health insurance, retirement plans, or any other benefits typically afforded to employees. The engagement of Ambassadors through the Platform is strictly on a commission basis for services rendered, with compensation being based on performance and results.
    4. The Client agrees to comply with all applicable laws and regulations regarding the classification of independent contractors and shall not take any action that may result in the Ambassadors being classified as employees under any relevant legislation, including tax law.
  7. RATES AND PAYMENTS
    1. Innercrowd charges the Client for its services as follows:
      1. A fixed service cost as agreed upon in the Agreement.
      2. Variable service costs as detailed in the Agreement, based on the usage of the Platform.
      3. Third-party messaging fees, as specified in the Agreement.
      4. Costs for any additional services requested by the Client
    2. All rates are exclusive of any applicable VAT and payment for the fixed service costs by the Client is due within 30 days of signing the Agreement. If not specified differently or agreed to otherwise in writing, the standard payment term of all invoices sent by Innercrowd is 30 days from the invoice date.
    3. On the first working day of each month, Innercrowd will calculate the variable fees and other applicable costs from the previous month and issue an invoice accordingly. Innercrowd will calculate the variable service costs based on data provided by the TSPs.
    4. The Client is required to provide an automated billing method for Innercrowd payments using one of the following payment methods: SEPA, MasterCard, Visa, or PayPal.
    5. If any payment of the rates specified above is unsuccessful, Innercrowd will notify the Client. The Client is then obligated to promptly settle the outstanding amount.
    6. Innercrowd reserves the right to adjust the rates during the term of the Agreement if justified. The Client pre-agrees to any reasonable adjustments that may occur.
    7. Innercrowd may implement an integration for payment processing with the TSPs in the future. This integration would allow for automatic payments to Innercrowd from ticketing revenues collected by these Providers. The Client grants prior permission for such integration and payment methods should they be established.
    8. Costs incurred due to events affecting the relationship between the Ticket Buyers and the Client, or between the Ambassadors and the Client, cannot be passed on to Innercrowd.
    9. Charges for services are explicitly due even if the Client, for any reason, decides to fully or partially refund the costs of tickets or products sold to Ticket Buyers.
  1. REPORTING & CONFIDENTIALITY
    1. Innercrowd is obligated to provide the Client with insights into the performance of their campaigns conducted through the Platform.
    2. Upon request, Innercrowd will deliver a comprehensive overview of all tracked transactions within the Platform.
    3. Both parties agree to keep the terms and conditions of the Agreement and these general terms confidential and shall not disclose any details of the partnership to third parties without the prior written consent of the other party. This confidentiality obligation does not apply where disclosure is agreed to in the Agreement or these general terms, required by law, regulation, or a competent regulatory authority, in which case the disclosing party shall inform the other party in advance of such disclosure, if legally permissible.
  2. INTELLECTUAL PROPERTY RIGHTS
    1. The Client grants Innercrowd permission to use their (i.e. Clients’) name, brand, and visual identity exclusively for the purpose of delivering the services. In addition, the Client grants Innercrowd the right to use the Client's name, logo, and trademarks, as well as details of events or projects promoted using the Platform, for marketing and promotional purposes.
    2. The Client represents and warrants that:
      1. They possess the full authority to exploit and grant intellectual and industrial property rights, and that these rights are free from assignment, encumbrance, or any claim by third parties;
      2. They have not created any content that infringes upon the rights of third parties; and
      3. No litigation or legal proceedings are currently pending or anticipated that may relate to intellectual property rights.
    3. The Client shall indemnify, defend, and hold Innercrowd harmless against any and all claims, demands, liabilities, damages, penalties, and expenses (including reasonable legal fees) arising from or related to any third-party claims resulting from the Client’s breach of any warranties or representations made in this article. The Client agrees to promptly notify Innercrowd’s in writing of any such claims and shall cooperate with Innercrowd in the defence of such claims.
    4. All (current and future) programmes, services, processes, designs, software, technology, trademarks, trade names, and inventions associated with the Platform are the exclusive property of Innercrowd, its licensors, or technical partners. The intellectual property related to (including further development of) the Platform and all associated services provided by Innercrowd will remain exclusively owned by Innercrowd and will continue to vest solely in Innercrowd, irrespective of any modifications or uses by the Client. 
    5. The Client is granted a limited, non-exclusive, non-sublicensable, personal and revocable license to use the Platform and/or the intellectual property solely for the purpose of utilizing the services provided under this Agreement. The Client agrees not to reverse engineer, decompile, or disassemble any software or technology provided by Innercrowd. The Client shall notify Innercrowd promptly of any third-party claims regarding the use of the intellectual property. In the event of any infringement of Innercrowd’s IP rights, Innercrowd reserves the right to pursue all available remedies, in addition to being able to immediately terminate the Agreement by written notice without being liable towards Client in any way. Upon termination of this Agreement, any rights granted to the Client under this clause and article will cease immediately.
    6. The Client acknowledges that any feedback, suggestions, or recommendations they provide to Innercrowd regarding the Platform or related services may be used by Innercrowd for product improvements, enhancements, or other development purposes. Innercrowd shall have the right to use, disclose, and commercialize such feedback without any obligation to the Client, financial or otherwise, and without any restriction or limitation.
  1. PLATFORM DATA
    1. All data generated, processed, or stored on the Platform specifically regarding and/or relating to Client, including but not limited to transaction data, performance metrics, user interactions, and any analytics derived from the use of the Platform (collectively referred to as "Platform Data"), shall be the exclusive property of the Client. 
    2. The Client grants Innercrowd an irrevocable, non-exclusive, royalty-free, worldwide right to use, aggregate, analyse and derive insights from the Platform Data for the purposes of rendering and enhancing its services for Client, improving Platform functionality and developing new features.
    3. Nothing in this Agreement shall be construed as transferring any rights, title, or interest in the Platform Data from the Client to Innercrowd or any third party. 
    4. Innercrowd shall take reasonable measures to ensure the security and integrity of the Platform Data. The Client acknowledges that Innercrowd will comply with applicable data protection laws in the handling and processing of Platform Data.
  2. PROTECTION OF PERSONAL DATA OF THIRD PARTIES
    1. For the purpose of providing the Services, Innercrowd will have access to information contained in the Ambassador Database, including ambassadors personal data and the content of Quests, Rewards, communications.
    2. As the creator of the Ambassador Database, Quests, and Rewards, the Client assumes full responsibility for controlling personal data in compliance with applicable regulations. For Clients domiciled in the European Union, or if the Ambassador Database contains data on EU citizens, the Client guarantees adherence to the provisions of Regulation (EU) 2016/679 (the “GDPR”). Specifically, the Client ensures: 
      1. that the personal data transmitted has been collected and processed in compliance with applicable regulations;
      2. that the data subjects have been informed in accordance with the applicable rules;
      3. that, where required, collection and processing have been consented to by the data subjects;
      4. that data subjects are afforded the opportunity to exercise their rights in accordance with applicable rules;
      5. that any inaccurate, incomplete, ambiguous, or outdated data will be rectified, completed, clarified, updated, or deleted, or that the data subject can prohibit its collection, use, communication, or storage.
    3. The Client is solely responsible for managing the retention periods of personal data uploaded onto the Innercrowd platform and must delete data as its retention period expires. 
    4. Innercrowd acts as a data processor on behalf of the Client and/or the Ambassadors and commits to respecting the obligations outlined in Sections 13.1 and 13.2. 
    5. The Client can retrieve their Ambassador Database at any time by clicking the “export button” within their Innercrowd account.
    6. Personal data within the Ambassador Database may only be disclosed to third parties in the following circumstances:
      1. With the Client's and/or the Ambassador’s authorization, certifying that the data subjects have consented to this disclosure;
      2. At the request of competent legal authorities, through judicial requisition, or in the context of a legal dispute.
      3. The Client consents to the tracking of Ambassador behaviour and communication processed by Innercrowd (including open rates, click rates, bounce rates, views, etc.) to enhance the effectiveness of Ambassador campaigns.
  1. LIABILITY
    1. Innercrowd will not be liable for damage and/or loss arising for the Client because the Client has not provided Innercrowd with any, the relevant and/or the requested information or with incorrect or incomplete documents and/or information, or because the Client did not deliver the information and/or these documents in time. Notably, Innercrowd shall not be liable for inaccuracies regarding tickets, pricing, discounts, rewards, or availability; it is the sole responsibility of the Client to verify all information prior to publication on the Platform. Innercrowd will also not be liable for any mistakes and/or errors caused by the AI-verification tool. The aforementioned thus remains Client’s full and exclusive responsibility.
    2. Innercrowd can only be held liable to the Client if the Client can demonstrate that they suffered damage due to a preventable and attributable error by Innercrowd. Liability is strictly confined to immediate and direct damages resulting from such a preventable and attributable error. Innercrowd is thus not liable for any indirect damages, including but not limited to lost profits, goodwill, business relationships, delays, data loss, missed savings, or disruptions in business, nor for damages arising from the intentional misconduct or gross negligence of support staff, irrespective of the type of damage or the claimant.
    3. If Innercrowd is found liable for damages to the Client, despite the provisions of this article, Innercrowd's total liability due to attributable shortcomings in the performance of the Agreement and other resulting or related agreements or on any legal basis whatsoever, including any shortcoming in the performance of agreed warranty or indemnification obligations, shall in all cases be limited to the lesser of (i) the amount covered by Innercrowd’s insurance for the incident, or (ii) if uninsured, the amount that would typically be covered by standard insurance in Innercrowd's industry, assuming such insurance is standard in Innercrowd's industry or could have been reasonably obtained. In any event, Innercrowd’s liability shall be capped at the total amount received by Innercrowd from the Client for the specific service in question, up to a maximum of €10.000 (in words: ten thousand euros).
    4. Innercrowd is not liable for defects arising from processes, constructions, manufacturing, suppliers, consultants, subcontractors, or assistants selected by the Client, or from any intentional or grossly negligent acts by the Client or any users of the Services and Platform. Innercrowd reserves the right to deduct any damage payments from the Client's outstanding invoices, along with any related interest and costs.
    5. The Client shall indemnify and hold Innercrowd harmless from all third-party claims, damages, losses, liabilities, and expenses (including legal fees and costs) arising from or related to the execution of the Agreement between Innercrowd and the Client, including but not limited to claims arising from the Client's negligence, wilful misconduct, or breach of any applicable laws or regulations. The Client shall promptly notify Innercrowd in writing of any such claims and shall cooperate fully in the defence of any such claims. Innercrowd reserves the right to control the defence and settlement of any such claims, and the Client shall not settle any claim without Innercrowd’s prior written consent.
    6. The limitations of liability set forth in this section extend to Innercrowd’s employees and any third parties engaged to perform tasks related to the Agreement.
    7. Any claims for compensation against Innercrowd shall expire one year after the Client becomes aware of the damage and the potential liability of Innercrowd.
    8. A connected series of attributable failures and/or errors will count as one (1) attributable failure and/or error.
    9. The limitations of Innercrowd's liability set out in this article shall apply in full in the event of liability to multiple Clients.
    10. The limitations of liability included in this article will not apply if and in so far as there has been intent or wilful recklessness on the part of Innercrowd or its executive management.
    11. The Client must take measures to limit the damage and/or loss. Innercrowd has the right to undo or limit the damage by repairing or improving the services performed.
  2. SUSPENSION OF SERVICES AND/OR TERMINATION
    1. Unless agreed to otherwise in the Agreement, the Client does not have the right to terminate the Agreement in the interim.
    2. Innercrowd reserves the right to suspend the provision of its services under the Agreement in the event the Client:
      1. fails to make timely payments as stipulated in the Agreement;
      2. breaches any material term of the Agreement, including but not limited to the obligations regarding data protection, intellectual property, or compliance with applicable laws;
      3. engages in conduct that jeopardizes Innercrowd’s reputation or business operations; and/or
      4. becomes insolvent, files for bankruptcy, or is subject to any form of legal incapacity.
    3. In the event of a suspension of services as outlined in the previous clause, Innercrowd may terminate the Agreement if:
      1. the Client fails to remedy the breach or situation giving rise to the suspension within a period of 10 days after receiving written notice from Innercrowd;
      2. the Client continues to breach the terms of the Agreement, despite the suspension;
      3. the circumstances warrant immediate termination in accordance with applicable laws and regulations
    4. The rights of Innercrowd to suspend services or terminate the Agreement shall be exercised without prejudice to any other rights or remedies available to Innercrowd under applicable law or equity, including any rights to claim damages arising from the Client’s breach of the Agreement.
    5. Upon termination of the Agreement, the Client shall cease all use of Innercrowd’s services, and all fees and charges incurred up to the date of termination shall remain payable by the Client.
    6. In the event of suspension or termination of services as outlined in this article, Innercrowd shall not be liable for any claims, damages, or compensation arising from such suspension or termination, including but not limited to any indirect, incidental, or consequential damages incurred by the Client. Innercrowd will only assist the Client with migrating data or other termination services if these are paid for up front by Client.
  1. FORCE MAJEUR
    1. Innercrowd shall not be liable to the Client, nor deemed to be in default or violation of any provision under the Agreement or these general terms and conditions, for any failure or delay in fulfilling or executing any obligation under the Agreement if such failure or delay is caused by circumstances that are unforeseeable and beyond Innercrowd’s reasonable control (hereinafter referred to as "Force Majeure"). Force Majeure encompasses all events that hinder Innercrowd from executing the Agreement, whether in whole or in part, or render such execution impossible or unreasonably burdensome. This includes, but is not limited to: disruptions to internet services, hacks, fire, power outages, floods, strikes, workplace disturbances, illness of staff, war (declared or undeclared), terrorism, embargoes, blockades, legal restrictions, riots, government actions affecting the delivery of services and/or the Platform, cybercrime, and delays in the delivery of products, data, or services by suppliers or agents. Upon the occurrence of Force Majeure, Innercrowd shall promptly notify the Client, detailing the nature of the Force Majeure, the date on which it commenced, and, where possible, an estimate of its expected duration.
    2. Should Force Majeure persist for longer than 30 days, Innercrowd reserves the right to terminate the Agreement with immediate effect through written notification to the Client. This termination shall only be valid if the circumstances of non-performance justify immediate termination. In the event of such termination due to Force Majeure, the Client shall not be entitled to any form of compensation or damages following the termination.
  2. NON-SOLICITATION
    1. During the term of the Agreement and for a period of twelve (12) months following its termination or expiration, the Client agrees not to directly or indirectly solicit, hire, or attempt to hire any Innercrowd employees, contractors, or consultants who were involved in providing services under this Agreement, without Innercrowd's prior written consent. This provision does not apply to general employment advertisements that are not specifically directed toward Innercrowd personnel.
  3. MISSCELANEOUS
    1. Innercrowd reserves the right to use subcontractors or third-party service providers to deliver the services specified in the Agreement. Innercrowd shall remain responsible for the actions and compliance of any subcontractors with the terms of this Agreement and shall ensure that they meet all obligations to the same extent as Innercrowd itself.
    2. Failure to directly enforce any right or power shall not affect or limit the parties their rights and powers under the Agreement. Waiver of right of any term or condition in the Agreement shall be effective only if expressly made in writing.
    3. The provisions of the Agreement as well as these general terms, which are expressly or tacitly intended to remain in force after termination of the Agreement, shall remain in force thereafter and continue to bind both parties.
    4. If these general terms and conditions and the Agreement contain mutually conflicting terms, the terms contained in the Agreement shall prevail. In principle, only the Agreement may deviate from these general terms and conditions.
    5. Should any provision of these general terms and conditions or of the Agreement be wholly or partially null and void and/or invalid and/or unenforceable pursuant to any statutory provision, court judgment or otherwise, this will have no consequence whatsoever for the validity of all other provisions of these general terms and conditions or the Agreement.
    6. Should any provision be wholly or partially null and void and/or invalid and/or unenforceable pursuant to the previous clause of this article, instead of the wholly or partially null and void and/or nullified provision, a provision with the same purpose will be read that is valid and that approaches the wholly or partially null and void or nullified provision as closely as possible. The preceding sentence does not affect the fact that the parties can consult with each other in order to replace the wholly or partially null and void or nullified provision by a provision that approaches the wholly or partially null and void or nullified provision as closely as possible.
  4. CHOICE OF LAW AND JURISDICTION
    1. The legal relationship between the Client and Innercrowd shall be governed exclusively by Dutch law, without regard to its conflict of law principles.
    2. The parties shall make reasonable efforts to resolve any disputes amicably through negotiation before resorting to legal proceedings. If an amicable resolution cannot be achieved within 30 days from the date of the dispute notification, the The Hague District Court shall have exclusive jurisdiction to adjudicate any remaining disputes between the Client and Innercrowd.

*** 

MODULE PROCESSING AGREEMENT

The terms: Data Subject, Processor, Controller, Processing, Personal Data, Personal Data Breach (“Breach”), have the same meanings given to them in Article 4 of the General Data Protection Regulation (Regulation (EU) 2016/679 and any Dutch implementation legislation, hereinafter jointly: ‘GDPR”). 

This Module Processing Agreement (“Module”) forms part of the Agreement between Innercrowd (as the Processor or joint Controller) and the Client or Ambassador (as (joint) Controller). The (performance of the) Agreement necessarily entails the Processing of Personal Data.

  1. PURPOSE OF THE PROCESSING OF PERSONAL DATA
    1. The Processor will process Personal Data on behalf of the Controller in the context of the Agreement. The Processor will process Personal Data exclusively on the written instructions of, in accordance with the processing purposes (to render the services) and with the means as determined by or in cooperation with the Controller, unless the Processor must act differently pursuant to applicable laws and regulations.
    2. The Controller warrants the (monitoring of) correctness, completeness and lawfulness of the acquisition and processing of the Personal Data. Controller shall only provide Processor with the Personal Data required for the performance of the Agreement.
  2. OBLIGATIONS OF THE PROCESSOR
    1. The Processor must observe the conditions observe the conditions set on the basis of the GDPR on its role and the Processing of Personal Data. The Controller will enable the Processor to comply with the GDPR - in particular Article 28 GDPR.
  3. PROCESSING AND TRANSMISSION OF PERSONAL DATA
    1. The Processor will Process the Personal Data in countries within the European Economic Area or in case of transmission: in accordance with Chapter V GDPR, whereby account will be taken of an adequate level of protection.
    2. In the event of services provided in the United States of America and parties specifically agreed to host the data on servers in the United States of America, the following is applicable in addition to the previous clause:
      1. The Client acknowledges and agrees that data generated, processed, or stored on the Platform is usually hosted on servers within the European Union. Upon the Client's request, Innercrowd can also host data on servers located in the United States. When data is hosted in the United States, additional data protection and privacy requirements will apply.
      2. As an entity located in the European Union, Innercrowd is subject to EU laws and regulations, including the General Data Protection Regulation (GDPR). Innercrowd will take all reasonable steps to ensure that data handling complies with the GDPR and other relevant laws, regardless of the server location. If data is hosted in the United States, Innercrowd will also adopt measures to ensure that international data transfers comply with GDPR standards for data protection.
      3. The Client acknowledges that when data is transferred to and hosted on servers in the United States, it may be subject to different data protection standards than those within the European Union. The Client consents to such transfers and understands the implications of storing and processing data in jurisdictions with different privacy laws.
      4. Innercrowd will implement appropriate technical and organizational measures to protect data stored on its servers, whether in the European Union or the United States, against unauthorized access, loss, or damage. These measures will comply with GDPR requirements and industry best practices for data security. The Client is responsible for ensuring that any personal data provided to Innercrowd complies with applicable data protection laws, including obtaining any necessary consents from data subjects for data transfer and processing outside the European Union. The Client must notify Innercrowd of any specific regulatory requirements or implications that may affect data handling when servers are located in the United States, and shall assist Innercrowd in ensuring compliance with such requirements.
  1. USE OF SUB-PROCESSORS
    1. After prior permission from the Controller, the Processor may use a third party (Sub-processor) for the Processing of Personal Data. Prior permission from the Controller will be deemed to have been given if no essential change occurs in the manner of, and guarantees for, the Processing of Personal Data. This applies, for example to the Sub-processors who were already being used by the Processor on conclusion of the Agreement. In case of an essential change, the Processor will inform the Controller of the intended (change of) Sub-processor, to which the Controller can lodge objection, with reasons and on reasonable grounds, as soon as possible, but within 7 days after having been informed to that effect.
    2. The agreement with the Sub-processor will be governed by Article 28(4) GDPR.
  2. SECURITY
    1. Notwithstanding the Controller’s obligations under Articles 32-36 GDPR, the Processor, as it sees fit and in accordance with Article 32 GDPR, will take appropriate technical and organisational measures for the Processing of Personal Data, in order to guarantee a level of security appropriate to the risk, taking account of the risks presented by processing.
    2. The Controller will inform the Processor immediately of each change to the risks and risk categories of the Personal Data to be processed.
  3. RECORD OF PROCESSING ACTIVITIES
    1. If Article 30 GDPR so requires, in accordance with Article 30(2), the processor will keep a written record of processing activities as specified therein.
  4. AUDIT
    1. On request, the Processor will give the Controller the opportunity once a year to have an audit conducted of compliance with the Processor’s obligations under this Processing Agreement and/or Article 28 GDPR (Audit). All costs of the Audit will be borne by the Controller, unless the audit shows that the Processor has failed attributably to comply with its obligations under this Module.
    2. The Audit by the Controller – if desired assisted by a certified auditor, subject to the obligation of confidentiality – will take place on an agreed date and at an agreed time and in such a way that the Processor will experience as little nuisance as possible from it. The Processor will receive a copy (unrestricted) of the Audit report. The Audit report is strictly confidential and may be disclosed only after prior explicit permission from the Processor. The Processor and Controller will assess in consultation whether the Processor must make changes in order to comply with the mandatory legislation applicable at the time to the protection of Personal Data and who will bear the costs involved, unless the audit shows that the Processor has failed attributably to comply with its obligations under this Module.
  5. OBLIGATION TO NOTIFY PERSONAL DATA BREACHES
    1. If the Processor is aware that a Data Breach has occurred or is occurring at the Processor or a Sub- Processor, it must notify the Controller of the Data Breach without delay, but in any case within 48 hours after the first discovery of it, stating (i) the nature of the Data Breach, where possible mentioning categories and numbers of Data Subjects (ii) the likely consequences of the Data Breach and (iii) the measures the Controller or third parties can take to limit or end the present and future adverse consequences of the Data Breach.
    2. Reports of Data Breaches are made to the known contact persons in the context of the Agreement; communication to the Processor must in any case take place by using the e-mail address: benjamin@innercrowd.io.
  6. ASSISTING THE CONTROLLER
    1. If the Controller needs assistance from the Processor in relation to:
      1. the exercise of rights of a Data Subject in accordance with Chapter III GDPR; and/or
      2. compliance with the Controller’s obligations under Articles 32-36 GDPR, the Processor will then provide this assistance, in so far as reasonably possible, under the conditions as laid down in the GDPR. If the request for assistance as referred to in Article 9 of this Module entails such high costs and/or workforce that the Processor cannot reasonably be required to bear the costs of this itself, the Controller will then reimburse these costs.
  1. DUTY OF CONFIDENTIALITY
    1. The Processor must observe the confidentiality towards third parties of the Personal Data in its possession in the context of this Module, unless an applicable statutory provision, code of conduct or professional code or court order requires it to disclose them, or if this necessarily ensues from the Agreement.
    2. The Processor will require its staff members and Sub-processors, if any, to observe confidentiality in accordance with this article of this Module.
  2. TERM AND TERMINATION
    1. This Module will also remain in force after the end of the Agreement, if and for as long as the Controller provides Personal Data. Articles 29-32 of this Module will remain fully applicable after termination of the Agreement. After the Agreement ends, at the Controller’s discretion, the Processor will: (i) copy, (ii) erase, (iii) return (whether or not by way of a back-up file) the Personal Data and files received, unless retention or storage is necessary for the Processor pursuant to a statutory obligation (for a specific time).
  3. LIABILITY
    1. The liability regime as agreed by the Parties in the Agreement and/or in the general terms does not apply to this Module.
    2. In the context of this Module, any liability of the Processor to the Controller shall be limited at all times to one time the amount of the fee invoiced by the Processor during the last calendar year pursuant to the Agreement, subject to a maximum of €10.000, except in so far as there has been (i) an intentional act or omission or gross negligence on the part of the Processor, (ii) violation proved to the Controller of an obligation to which the Processor is specifically subject under the GDPR, and (iii) actions by the Processor in conflict with the lawful instructions of the Controller. Liability of the Processor for any indirect and/or consequential loss, including (but not limited to) lost profits, missed income and reputational damage, shall always be excluded. The total amount for which the Processor can be liable to the Controller under this Module and the Agreement together shall also be limited to, and not exceed, the amount paid by the Processor’s insurance.
    3. In case a third party (including: a Data Subject) submits a claim (for compensation) to the Controller in connection with the Processing of Personal Data under this Module (“Third-party Claim”), the Controller must inform the Processor of this immediately and allow full inspection of the facts and documents known to it.
    4. In its defence against the Third-party Claim, the Controller must always consider the reasonable and legitimate interests of the Processor, and inform the Processor of each procedural action and consult with it about the strategy to be followed. The Controller may only agree to an arrangement, settlement, judgment or other measure relating to a Third-party Claim after prior written permission from the Processor; the Processor will not withhold such permission on unreasonable grounds.
    5. In case a third party (including: a Data Subject) submits a claim (for compensation) to the Processor in connection with the Processing of Personal Data under this Module, when asked, the Controller must cooperate in providing relevant data regarding the Processing or otherwise in order to enable the Processor to defend itself adequately against claims (for compensation) of Data Subjects and/or third parties.
  4. OTHER PROVISIONS
    1. If the legislation relating to the protection of Personal Data is amended, this Module will be adjusted. This Module is higher in rank than other agreements concluded between the Parties.

***

Platform
Our product
Our company
Legal
© 2023 Innercrowd. All rights reserved.