Terms Of Use
These terms of use (the “TOU”) contains the TOU upon which Qualifire Ltd., and its affiliates (“Qualifire”), grants to you (the “Subscriber”) (each, a “Party”, and together, the “Parties”) the limited right to use Qualifire’s Product and Services (as defined below). Please read these TOU carefully before accepting it (including by clicking “I Agree”).IT IS HEREBY CLARIFIED, THAT TO THE EXTENT YOU AND THE QUALIFIRE HAVE ENTERED INTO A DESIGNATED AGREEMENT WITH RESPECT TO THE USE OF THE PRODUCT, THESE TOU ARE SUBJECT TO THE TERMS OF SUCH DESIGNATED AGREEMENT.
1.1 Qualifire hereby grants Subscriber during the Term, a limited, revocable, non-exclusive, non-sublicensable, non-transferable right for Subscriber and its employees who are permitted access to the Services by Qualifire (“Authorized Users”) to access and use Qualifire proprietary software as a service product (“Product”) in accordance with Qualifire’s instructions and technical documentation ("Documentation"), solely for Subscriber’s internal business purposes, and under the terms set forth in the subscription plan selected by the Subscriber through Qualifire’s website or application (the “Subscription”). By completing the Subscription process, Subscriber confirms its acceptance of these TOU, which shall apply to each monthly subscription purchased through the website or application. The access and use of the Product shall be also referred to as the “Services”.
1.2 Product Evolution and Suspension. Qualifire may, in its sole discretion, modify, enhance, update, reduce, replace, discontinue or otherwise change any feature of the Product, and may limit, suspend or block access where necessary to preserve security, comply with law, or prevent material abuse, provided Qualifire uses commercially-reasonable efforts to avoid an overall material degradation of core functionality during the Term.
1.3 Qualifire shall provide technical support, on a basis of reasonable effort, all in accordance with the terms set forth in the SLA attached herein as Annex A.
1.4 Restrictions on Use. Subscriber shall not use the Services in any manner or for any purpose other than as expressly permitted in the TOU. Subscriber may not, directly or indirectly, and may not authorize any third party to attempt to: (i) copy, modify, alter, tamper with, repair, or otherwise create derivative works of or distribute any part of the Product or Services; (ii) sell, license (or sub-license), lease, assign, transfer, pledge, or share Subscriber's rights under these TOU, with any third party; (iii) reverse engineer, disassemble, or decompile the Product or the Services, or attempt to discover the Product's source code or underlying algorithms; (iv) use, remove or alter any Qualifire 's or any third party's logos, trademarks or any other or other proprietary rights affixed to or provided as part of the Product or the Services; (v) disturb or disrupt the Product or the Services, directly or indirectly, or transmit or activate viruses or any other unlawful material in connection with the Product or the Services; or (vii) use the Product or the Services in a manner that would violate applicable laws, or is outside the scope of the rights granted in these TOU. Subscriber must promptly notify Qualifire in writing if it becomes aware of, or has reason to believe, that any of the prohibitions listed in this Section has been breached by Subscriber or any Authorized User.
2.1 Rights in Product. All title, ownership rights, and intellectual property rights (including all copyrights, patents, trade secret rights and trademarks) evidenced by or embodied in, attached, extracted from, connected, and/or related to the Product, Services, Documentation and the various practices, materials, methodologies, tools, and templates used with respect thereto (and all improvements enhancements, corrections, modifications, alterations, revisions, extensions and updates and derivative works thereof) are and shall remain solely in Qualifire , and/or its licensors, if any (“Qualifire IP”). Qualifire expressly reserves all rights to the foregoing, and except for the limited grant of rights expressly set forth herein, Qualifire does not grant the Subscriber any right, title, or interest in any intellectual property owned or licensed by Qualifire. If Subscriber provides any feedback (such as suggested improvements or a like regarding the Services) (collectively, “Feedback”) Subscriber hereby grants to Qualifire a non-exclusive, perpetual, irrevocable, transferable, royalty-free and worldwide right, with the right to grant and authorize sublicenses, to use and benefit from such Feedback to provide and improve the Product and/ or the Services and Qualifire’s business without any compensation or credit due to Subscriber .
2.2 Rights in Output.“Output” means any data, reports, analyses, insights, scores, flags, or other results automatically generated by the Product, including any detection of anomalies, hallucinations, or inconsistencies in AI-generated content, based on the Subscriber’s use of the Product and any Subscriber Data provided or processed through it. As between the Parties, the Subscriber shall own all right, title, and interest in and to the Output, excluding any Qualifire IP embedded therein. To the extent the Output contains any Qualifire IP, Qualifire hereby grants the Subscriber a perpetual, worldwide, non-exclusive, royalty-free, non-transferable license to use such Qualifire IP solely as incorporated in the Output and solely for the Subscriber’s internal business purposes, subject to the confidentiality obligations set forth herein.
3.1 Subscriber warrants that as between the Parties, Subscriber solely owns and retains all rights, title and interest in and to Subscriber Data including all Intellectual Property Rights embodied in Subscriber Data. " Subscriber Data" means any data or information associated with the Subscriber that the Product automatically accesses, collects, processes and/or hosts when Subscriber uploads to the Product or that is transmitted from Subscriber’s use of the Product. Subscriber hereby grants to Qualifire, during the Term, a non-exclusive, worldwide royalty-free right store, use and otherwise process the Subscriber Data solely to the extent necessary to provide the Services under these TOU. Subscriber represents and warrants that Subscriber Data will not infringe the intellectual-property rights, privacy rights, or any other rights of any third party, and do not violate any applicable law. In providing the Services, Qualifire will (i) store, process and access Subscriber Data only to the extent reasonably necessary to provide Subscriber the Services; and (ii) implement and maintain commercially reasonable technical, physical and organizational measures to protect the security, confidentiality and integrity of Subscriber Data hosted by Qualifire or Qualifire’s authorized sub-processors, from unauthorized access, use, alteration or disclosure. Qualifire shall have no liability for any security incident or data breach to the extent arising from Subscriber’s negligence, misuse, or breach of these TOU.
3.2 Qualifire does not require the submission of personally identifiable information, as defined under applicable law (“PII”) to provide the Services, and by default, the Product is not intended to process such data. If Subscriber submits PII as defined under applicable data protection law, such data will be processed in accordance with the data processing addendum (“DPA”) attached hereto as Annex B and applicable law.
3.3 Subscriber grants Qualifire a worldwide, royalty-free, perpetual right to use Subscriber Data, solely in aggregated and irreversibly anonymized form, for the purpose of improving the functionality, performance, and quality of the Product and Services.
4.1 Each party (the “Receiving Party”) may have access to certain non-public and/or proprietary information of the other party (the “Disclosing Party”), in any form or media, including confidential trade secrets and other information related to the products, software, technology, data, know-how, or business of the Disclosing Party, whether written or oral, and any such other information that, regardless of the manner in which it is furnished and given the totality of the circumstances, a reasonable person or entity should have reason to believe is proprietary, confidential, or competitively sensitive (the “Confidential Information”). The Receiving Party shall take reasonable measures, at least as protective as those taken to protect its own confidential information, but in no event less than reasonable care, to protect the Disclosing Party's Confidential Information from disclosure to a third party. The Receiving Party shall not use or disclose the Confidential Information of the Disclosing Party except as expressly permitted under these TOU. All right, title and interest in and to Confidential Information are and shall remain the sole and exclusive property of the Disclosing Party.
4.2 Notwithstanding the foregoing, the parties agree that Confidential Information will not include any information that the Receiving Party has documentation to demonstrate such information: (i) is or becomes publicly known or is or becomes part of the public domain through no fault of the Disclosing Party; (ii) the Disclosing Party authorizes in writing to be disclosed; (iii) is rightfully received by the Receiving Party from a third party without restriction on disclosure and without breach of these TOU; (iv) is previously known to the Receiving Party from the date of acceptance to these TOU from a source other than the Disclosing Party, and not subject to a confidentiality obligation. Notwithstanding anything to the contrary in these TOU, if vulnerabilities are detected in Subscriber systems by Qualifire in its performance of the Services, Qualifire may use such information solely for its own internal purposes, including the development the Product or any other products and services, and to inform the performance of services for other Subscribers, provided that such information is only utilized and disclosed once it is irreversibly aggregated and anonymized in a manner such that it cannot be used to identify or re-identify Subscriber.
5.1 Fees. The Services are conditioned on Subscriber's payment in full and in advance of the applicable fees set forth in the subscription plan selected by the Subscriber through Qualifire’s website or application (the “Subscription Fees”).
5.2 All Subscription Fees are non-refundable and exclusive of tax. Fees shall be payable within thirty (30) days of the date of the invoice issued by Qualifire. Payment of Fees shall be made in one of the methods available through the Subscription purchase process on Qualifire’s website or application. All Subscription Fees displayed on Qualifire’s website or application are exclusive of all sales, use, value-added, withholding, and other direct or indirect taxes, charges, levies and duties. Subscriber shall bear all value added, state, local, withholding, and other taxes or other charges applicable to the Services. In the event that Subscriber is required by law to deduct and/or withhold any amounts from any payments due hereunder, it shall gross-up and increase the amounts to be paid to Qualifire so that the actual net amount to be paid to Qualifire shall equal the fees that would have been due to Qualifire without such deduction or withholding.
5.3 The Company may change, update or modify the Subscription Fees and plans' scope at any time by posting the updated terms and by providing a notice. Updated Subscription Fees, if any, will take effect from the beginning of the next Billing Cycle following the date of such notice. If you do not agree with any of the updated terms or fees, you must stop using the Services. Continued use of the Services following notice of any modifications indicates that you acknowledge and agree to be bound by the modifications. Unless otherwise required by law, the updated terms are effective as of the day of posting.
6.1 Term. These TOU shall remain in effect as long the Subscriber maintains an active Subscription, unless terminated earlier in accordance with the terms hereof (the "Term"). The Subscription is provided on a month-to-month basis and shall automatically renew at the beginning of each billing cycle (the “Billing Cycle”), until terminated by either party by providing the other party with prior written notice at least 15 days before the end of the then current Billing Cycle.
6.2 Termination for Cause
6.2.1 Material Breach. Either party may terminate these TOU with immediate effect upon written notice to the other party if the other party materially breaches these TOU and such breach remains uncured (to the extent that the breach can be cured) thirty (30) days after having received written notice thereof.
6.2.2 Distress Event. In the event that either party becomes liquidated, dissolved, bankrupt or insolvent, whether voluntarily or involuntarily, or shall take any action to be so declared, the other party shall have the right to immediately terminate the Subscription.
7.1 General. Upon termination of these TOU, (1) Subscriber shall immediately discontinue all access and use of the Product and Services and shall promptly delete all copies of the Documentation in Subscriber’s or any of its representatives’ possession or control; (2) Qualifire will delete Subscriber Data and Authorized Users access. Qualifire shall have no obligation to retain or make available any Subscriber Data following termination, unless otherwise required by law or mutually agreed in writing.
7.2 Survival. This Section 7 and Sections 1.6 (Restrictions on Use), 22 (Rights and Title),4 (Confidential Information) 5 (Consideration), 8 (Warranty Disclaimer), 9 (Limitation of Liability), 10 (Indemnification), and 12 (Miscellaneous) shall survive termination of these TOU.
8.1 Each Party represents and warrants that it is duly organized, validly existing and in good standing under the laws of its jurisdiction of incorporation or organization; and that the acceptance and performance of these TOU will not conflict with other agreements to which it is bound or violate applicable law.
8.2 Qualifire represents and warrants that (1) it and its personnel shall have, and shall maintain throughout the Term, the capability, skills, experience, licenses, and means required (in accordance with applicable law) to perform the Services; (2) Qualifire will perform the Services in accordance with the cloud resilience professional standards, know-how, processes, procedures and work methods of Qualifire , as maybe updated by Qualifire from time to time.
8.3 Qualifire is not responsible for detecting, identifying, correcting, or addressing any errors, inaccuracies, or defects in Subscriber Data, regardless of whether such issues result from imprecise, ambiguous, or incorrect data entry, storage, interpretation, processing, or reporting. Qualifire shall have no liability for any issues or defects arising from the processing of Subscriber Data in any system, whether operated by Subscriber, a third party, or otherwise. Qualifire does not undertake, and shall not be responsible for, any review, investigation, or detection of fraud, illegal acts, or other irregularities as part of the Services. The Services provided by Qualifire are strictly advisory in nature and do not constitute legal advice, legal opinions, or assurances of compliance with any laws, regulations or policies. To the extent Qualifire provides recommendations, findings, or analyses in connection with the Services, Subscriber retains full and sole responsibility for evaluating, approving, and implementing such recommendations. Subscriber shall make all final decisions related to the use of the Services and is solely responsible for any outcomes resulting from its reliance upon or implementation of any deliverables, reports, or other output.
8.4 To the fullest extent permitted by applicable law, and except as expressly set forth in these TOU, the Services and all related materials, including any Output, are provided “as is” and “as available,” without warranty of any kind. Each Party hereby disclaims all warranties, whether express, implied, statutory, or otherwise, including without limitation any warranties of merchantability, fitness for a particular purpose, title, accuracy, non-infringement, non-interference, or that the Services or Output will be error-free or operate without interruption, or that any data or information will be secure, complete, or reliable. Without limiting the foregoing, Qualifire does not warrant that: (a) the use of the Services will be uninterrupted, timely, secure, or error-free; (b) the Services will detect, prevent, mitigate, or protect against all possible hallucinations, anomalies, errors, or threats (whether known, unknown, expected, or unforeseen); or (c) any Output will be accurate, reliable, complete, or suitable for any particular use case or decision-making purpose. The Output is generated by automated systems based on probabilistic models and Machine Learning techniques and may contain inaccuracies, including false positives and false negatives, especially with respect to the identification, detection, or classification of hallucinated content. The Output is intended for informational purposes only and does not constitute advice, certification, assurance, or any representation of factual accuracy. Qualifire disclaims all liability arising from or relating to Subscriber’s reliance on the Output, and Subscriber acknowledges that it assumes full responsibility for verifying and validating any Output prior to use.
8.5 Subscriber acknowledges and agrees that the Services may incorporate and rely on Artificial Intelligence (“AI”) and Machine Learning algorithms (“Machine Learning”), which are inherently probabilistic and continuously evolving. Qualifire makes no warranties or representations regarding the accuracy, effectiveness, reliability, or performance of any AI or Machine Learning functionality, and expressly disclaims any liability for errors, inaccuracies, or omissions resulting from their use. No specific outcome or result is guaranteed, and Subscriber uses such functionality at its own risk.
9.1 NEITHER PARTY SHALL BE LIABLE, IN CONTRACT OR TORT, UNDER STATUTE OR OTHERWISE, ANY CONSEQUENTIAL, INCIDENTAL, INDIRECT, PUNITIVE OR SPECIAL DAMAGES IN CONNECTION WITH CLAIMS ARISING OUT OF THESE TOU OR SUBSCRIBER’S SUBSCRIPTION, OR OTHERWISE RELATING TO THE SERVICES, INCLUDING ANY AMOUNT FOR LOSS OF PROFIT, DATA OR GOODWILL, WHETHER OR NOT THE LIKELIHOOD OF SUCH LOSS OR DAMAGE WAS CONTEMPLATED. IN NO EVENT SHALL EITHER PARTY BE LIABLE TO THE OTHER PARTY OR TO ANY THIRD PARTY FOR AGGREGATED DAMAGES IN EXCESS OF THE FEES ACTUALLY PAID OR PAYABLE TO QUALIFIRE BY SUBSCRIBER IN THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO LIABILITY.
9.2 NOTWITHSTANDING THE FOREGOING, NOTHING HEREIN SHALL LIMIT THE LIABILITY OF EITHER PARTY IN ANYWAY FOR LIABILITY OR DAMAGES ARISING FROM (A) INTENTIONAL MISCONDUCT, (B) FRAUD OR FRAUDULENT MISREPRESENTATION. NO CLAIM RELATING TO THE SERVICES OR OTHERWISE UNDER THESE TOU SHALL BE MADE AFTER THE LAPSE OF 12 MONTHS FOLLOWING THE COMPLETION OF A PARTICULAR SERVICE.
10.1 Qualifire shall defend, indemnify and hold harmless Subscriber, from and against any claims, damages, costs, liabilities and expenses (including reasonable attorneys’ fees) arising out of or related to any claim that the Product, Services and/or Documentation infringes any third-party intellectual property right. Indemnification hereunder shall be conditioned upon: (a) Subscriber notifying Qualifire of the claim immediately upon becoming aware thereof, (b) Subscriber allowing Qualifire to assume full control of the defense and settlement of such claim, and (c) Subscriber reasonably cooperating with Qualifire in defense and settlement of the claim. The foregoing defense and indemnity shall not apply to the extent that the underlying claim or loss (a) results from or is based on any Subscriber Data (including any Sensitive Data, or (b) is caused by Subscriber’s breach of these TOU or of applicable Law; (c) arises from Subscriber’s use of the Product not in accordance with the Documentation; (d) results from the combination of the Product with any third-party products, services, or systems not provided or approved by Qualifire; or (e) results from modifications or alterations to the Product not made by or on behalf of Qualifire.
These TOU shall constitute the full Agreement between the Parties with respect to its subject matter and shall supersede any and all prior agreements and understandings relating thereto. No change, modification, alteration or addition of or to any provision of these TOU shall be binding unless in writing and executed by or on behalf of both Parties by a duly authorized representative. These TOU and any rights or obligations hereunder may not be transferred or assigned by either party without the prior written consent of the other party, except that either party may assign these TOU as a whole to a successor to all or substantially all of its assets or business related to these TOU, without such consent. Subject to the foregoing, these TOU shall be binding upon and inure to the benefit of the parties and their successors and assigns. Subscriber acknowledges that Qualifire reserves the right to use Subscriber's trademarks, logo, and name for any marketing purposes, including press release, newsletter and social media, however, without compromising any confidential information of Subscriber. Subscriber may opt out of such use at any time upon written notice to Qualifire. If any of the terms contained in these TOU shall, for any reason, be held to be void or unenforceable, it shall not affect the validity or enforceability of any other term in these TOU. These TOU does not, and shall not be construed to create any relationship, partnership, joint venture, employer-employee, agency, or franchisor-franchisee relationship between the Parties. Qualifire will not be liable for any delay or failure to provide the Services resulting from circumstances or causes beyond the reasonable control of Qualifire including, but not limited to on account of strikes, shortages, riots, insurrection, fires, flood, storms, explosions, acts of God, war, government or quasi-governmental authorities actions, acts of terrorism, earthquakes, power outages, pandemic or epidemic (or similar regional health crisis), or any other cause that is beyond the reasonable control of Qualifire. These TOU shall be governed by and construed under the laws of the State of Israel without reference to principles and laws relating to the conflict of laws. The competent courts of Tel-Aviv shall have the exclusive jurisdiction with respect to any dispute and action arising under or in relation to these TOU. All notices relating to these TOU shall be in writing, signed by the party giving or making such notice or communication, and shall be delivered by: (a) personal delivery; or (b) electronic transmission; or (c) certified or registered mail, return receipt requested by electronic mail; or (d) recognized overnight courier service. Notices shall be sent to the email address provided by the Subscriber during the Subscription process, and notices to Qualifire shall be sent to contact@qualifire.ai. Such notices shall be deemed given upon personal delivery, three (3) business days after deposit in the mail, one (1) business day if delivered by overnight courier, or upon acknowledgment of electronic transmission.
A. Qualifire will provide Subscriber with remedial and preventive maintenance and support services to the Product, as provided in and subject to the terms set forth in Qualifire's SLA (the “SLA”) as detailed herein (“Maintenance Services”) to keep the Product in good operating condition, and subject to the terms of Qualifire’s TOU (the "TOU").
B. Qualifire’s obligation to provide Maintenance Services is dependent upon: (i) the TOU being in effect; and (ii) the performance by Subscriber of all of its obligations set forth in the TOU and the obligations set forth herein.
C. Without derogating from the provisions of the SLA, Qualifire shall not be obligated to provide Maintenance Services pursuant to this SLA, that are required as a result of any of the following: (i) abuse, misuse, accident or neglect; (ii) repairs, alterations, customization and/or modifications; or (iii) use of materials composed by the Subscriber which may not comply with Qualifire’s requirements; (iv) use of the Product for other than the intended purpose for which it was licensed; (v) alternations, modifications or integration of the Product with third party software (for the avoidance of doubt Qualifire shall provide Maintenance Services in its 'out of the box' configuration); or (vi) inadequate backups of the Product by the Subscriber that prevent Qualifire from reinstalling the Product before or after the reported problem was solved.
A. Qualifire will support the Subscriber with problems generated directly by and as part of the Product, as defined in this SLA, including support for technical or installation problems, implementation and documentation errors. For the purpose of this SLA, the terms technical problems or installation problems shall be defined herein as defects (“Defect(s)”).Initiating Support Requests.
B. Support calls shall be initiated by a designated individual nominated by Subscriber (the “Representative”) by filing of a Support Request through a designated form in the Product's help section, or by an email to support@qualifie.ai
C. Handling of Support Requests.
(i) The Qualifire Support Team ("QST") shall recreate the Defect reported in Qualifire's labs using the relevant 'out of the box' version of the Product.
(ii) Qualifire may request the Representatives:
1. To provide additional information (e.g. screen shots, log information etc).
2. To perform troubleshooting activities to enable identification of the source of the reported problem.
3. To install patches or files that are sent by Qualifire to be executed accurately in accordance with Qualifire's instructions and the results of such installation will be reported back to the QST.
4. In any case where the Defect was successfully recreated by QST, Qualifire shall send an appropriate fix in accordance with the timetables set forth herein below.
5. Qualifire will not support or provide solutions to problems (i) that were not generated directly by or on the Product, including but not limited to, problems generated by Subscriber’s database, network components, operating systems, applications or integration with other systems; or (ii) in the Product that has be customized or otherwise modified; or (iii) If the Subscriber did not implement any preventive maintenance steps and procedures that will be directed by Qualifire.
D. Priority Levels of Defects.Initial response for Defects will be provided based on the severity of the Defect as follows:Subscriber Support for the Product covers (i) development and production issues for the Product and its components, (ii) Informational and implementation questions about the Product and features; and (iii) troubleshooting operational problems with the Product.
E. Response Times and AvailabilityQST will attempt to respond to cases within these internal time frames. These are targets only, and are not guaranteed. QST does not guarantee resolution times or delivery dates. These times are subject to change depending on the nature of a case and complexity of the reported case.
| Category | Criteria | Initial Response Time | Status Update |
| Level 1/Priority 1 Critical/Urgent | Critical technical issue resulting in a total loss of core functionality in the Product. No workaround is available. | Within 2 Business Hours | 4 Business Hours |
| Level 2/Priority 2 High | Major technical issue resulting in severe performance problems in the Product. No workaround is available. | Within 6 Business Hours | 1 Business Day |
| Level 3/Priority 3 Normal/Medium/Low | A minor technical issue where the Subscriber can use the Product with only slight inconvenience. | 1 Business Day | 1 Business Week |
(i) Not all Level 3 problems will require a workaround. Qualifire may, in its reasonable discretion, respond to a Level 3 problem by making correction of the error a feature request.
(ii) For Level 1 and Level 2 incidents, Subscriber shall initiate contact with QST via email and indicate the probable category of the incident. Email Support shall be standard business hours.
(iii) QST’s Business Days and standard Business Hours are Monday to Friday 8:00 a.m. to 5:00 p.m. EST.
(iv) Response time is defined as the time between the creation of the case and the first attempt of a Qualifire support engineer from QST to contact the Subscriber who initiated a case.
(v) Above severities apply to systems in production, errors in non-production systems (test, development, sandbox) will be automatically downgraded one level.
(vi) Problems with the installation of the Product have Priority/Severity “High” at a maximum.
(vii) When a Subscriber initiates a case outside standard business hours, then the case will be handled as if it was initiated at 8 a.m. the next business day.
(viii) A Qualifire installation in an environment which is not in compliance with Qualifire's sizing and technical recommendations will be automatically downgraded by one level.
(ix) Above response times apply only if e-mail communication is provided via support@Qualifire.security
(X )If QST determines that an issue is fixed in a released patch, QST may require the Subscriber to apply this patch before commencing troubleshooting.
F. Resolved Queries.
An issue is considered resolved when (i) the issue is solved; (ii) the source of the issue is determined to lie with a third party; or (iii) Subscriber does not respond to a request from Qualifire within seven (7) consecutive days after Qualifire’s request.Solution to Defects may include workaround, Product patch or new Product version.
G. Amendments
Qualifire may modify this SLA at any time by posting the revised version at the location where the SLA is maintained or by otherwise notifying Subscriber.
This Data Processing Addendum (“DPA”) shall apply to the services agreement (“Services Agreement”) by and between Qualifire Ltd. and its affiliates (“Qualifire”) and you (“Subscriber”) to the extent that Qualifire processes Personal Data (as defined below).
2.1 Terms used in this DPA but not defined herein (whether or not capitalized) shall have the meanings assigned to such terms in the Applicable Data Protection Laws.
2.2 ”Applicable Data Protection Laws“ shall mean, to the extent applicable to Qualifire 's processing of Personal Data hereunder (with respect to each data subject): (i) General Data Protection Regulations (European Parliament and Council of European Union (2016) Regulation (EU) 2016/679) (EU GDPR); (ii) EU GDPR as it forms part of the law of England and Wales by virtue of section 3 of the European Union (Withdrawal) Act 2018 and UK Data Protection Act 2018 (UK GDPR) ; (iii) California Consumer Privacy Act of 2018 (CCPA) and the California Privacy Rights Act of 2020 (CPRA); (iv) Protection of Privacy Law (Israel); (vi) any similar laws to any of the foregoing in any jurisdiction that may be enacted from time to time; and (vii) any rules or regulations that amend and/or replace any of the aforementioned Data Protection Laws.
2.3 “Personal Data” refers to the definition of that term or any other similar term defined under the Applicable Data Protection Laws.
2.4 “Standard Contractual Clauses or SCCs” shall mean: where the EU GDPR applies, the standard contractual clauses pursuant to the EU Commission's Implementing Decision 2021/914 of 4 June 2021 currently set out at: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj (“EU SCCs”); (ii) where the UK GDPR applies, the EU SCCs together with the UK Information Commissioner’s Office addendum, under S119A(1) of the Data Protection Act 2018 (“UK Addendum”); or any other Standard Contractual Clauses which amended and/or replace such Standard Contractual Clauses in accordance with Applicable Data Protection Law.
3.1 Qualifire acts as a processor/service provider for Subscriber, and performs processing operations on behalf of Subscriber and upon the instructions of Subscriber as a controller/business, as set forth herein, in the Services Agreement, and any additional agreement entered into between Subscriber and Qualifire (collectively, the ”Terms“), pursuant to which Subscriber may provide Personal Data to Qualifire (“Contracted Business Purpose”).
3.2 Sensitive Data. The Parties agree that the provision of the services under the Agreement is not intended for the processing of Sensitive Data. For the avoidance of doubt, this DPA will not apply to Sensitive Data and Qualifire shall have no liability whatsoever for Sensitive Data, whether in connection with a Personal Data Breach or otherwise.
Subscriber sets forth the details, including the purpose, the means and the ways in which Qualifire shall process Personal Data, as required by Applicable Data Protection Laws in Appendix A (Details of Processing of Processed Personal Data), attached hereto, and Subscriber represents and warrants that:
4.1 It complies with personal data security and other obligations prescribed by Applicable Data Protection Laws for controller/business, and that the provision of Personal Data to Qualifire is in strict compliance with Applicable Data Protection Laws;
4.2 It only processes Personal Data that has been collected in accordance with the Applicable Data Protection Laws;
4.3 It has in place procedures in case an individual whose Personal Data is collected, wishes to exercise the individual’s rights in accordance with the Applicable Data Protection Laws;
4.4 It provides Personal Data to Qualifire for the Contracted Business Purpose in accordance with the representations Subscriber makes to individuals in Subscriber's privacy policy, and Subscriber does not sell Personal Data to Qualifire;
4.5 It shall have the sole responsibility for the accuracy, quality, and legality of such Subscriber’s Personal Data;
4.6 It shall provide Qualifire as a processor/service provider, or otherwise have Qualifire (or anyone on its behalf) process such Personal Data which is explicitly permitted under Applicable Data Protection Laws (“Permitted Personal Data”). Solely Subscriber shall be liable for any data which is made available to Qualifire in excess of the Permitted Personal Data (“Non-Permitted Data”). Qualifire's obligations under the Terms shall not apply to any such Non-Permitted Data and Subscriber shall be fully responsible and liable for any damages, claims, or losses arising from or relating to the submission or use of Non-Permitted Data.
4.7 It is and will remain duly and effectively authorized to give the instruction set out herein and any additional instructions as provided pursuant to the Terms, at all relevant times and at least for as long as the Terms are in effect and for any additional period during which Qualifire is lawfully processing Personal Data.
5.1 Qualifire carries out the processing of Personal Data on Subscriber's behalf.
5.2 Pursuant to the provisions of Article 28 of the GDPR, to the extent applicable with respect to each data subject, Qualifire agrees that it will:
5.2.1 process Personal Data solely on Subscriber's behalf and in compliance with Subscriber's instructions, including instructions in this DPA and all Terms, unless required to do so by EU or applicable Member State law;
5.2.2 implement appropriate technical and organizational measures to provide an appropriate level of security, including, as appropriate and applicable, the measures referred to in Article 32(1) of the GDPR;
5.2.3 take reasonable steps to ensure that access to the processed Personal Data is limited on a need to know/access basis, and that all Qualifire personnel receiving such access are subject to confidentiality undertakings or professional or statutory obligations of confidentiality in connection with their access/use of Personal Data;
5.2.4 it shall provide reasonable assistance to Subscriber with any data protection impact assessments or prior consultations with supervising authorities in relation to processing of Personal Data by the processor/service provider, as required under any Applicable Data Protection Laws, at the written request of the Subscriber, and at Subscriber's sole expense; and
5.3 Pursuant to the CCPA, to the extent applicable with respect to each data subject, Qualifire agrees that:
5.3.1 Qualifire is acting solely as a service provider with respect to Personal Data;
5.3.2 Qualifire shall not retain, use or disclose Personal Data for any purpose other than for the Contracted Business Purpose;
5.3.3 Qualifire may de-identify or aggregate Personal Data as part of performing the services specified in the Terms; and
5.3.4 Qualifire will limit personal information collection, use, retention, and disclosure to activities reasonably necessary and proportionate to achieve the Contracted Business Purposes or another compatible operational purpose.
6.1 Subscriber authorizes Qualifire to appoint sub-processors in accordance with the provision of the Terms. Any sub-processor used must qualify as a service provider under the Applicable Data Protection Laws and Qualifire cannot make any disclosures to a subcontractor that the CCPA would treat as a sale.
6.2 Qualifire may continue to use those sub-processors already engaged by Qualifire as of the date of this DPA. Subscriber acknowledges and agrees that as of the date of this DPA Qualifire uses certain sub-processors; a list of such sub-processors is attached hereto in Appendix A.
6.3 Qualifire may appoint new sub-processors and shall give reasonable notice of the appointment of any new sub-processor. Subscriber's continued use of the applicable services after such notification constitutes Subscriber's acceptance of the new sub-processor.
7.1 Subscriber shall be solely responsible for compliance with any statutory obligations concerning requests to exercise data subject rights under Applicable Data Protection Laws (e.g., for access, rectification, deletion of processed Personal Data, etc.). Qualifire shall reasonably endeavor to assist Subscriber insofar as feasible, to fulfil Subscriber's said obligations with respect to such data subject requests, as applicable, at Subscriber's sole expense.
7.2 Qualifire shall (i) without undue delay notify Subscriber if it receives a request from a data subject under any Applicable Data Protection Laws in respect of processed personal data; and (ii) not respond to that request, except on the written instructions of Subscriber or as required by Applicable Data Protection Laws, in which case Qualifire shall, to the extent permitted by Applicable Data Protection Laws, inform Subscriber of that legal requirement before it responds to the request.
8.1 Qualifire shall notify Subscriber without undue delay upon Qualifire becoming aware of any personal data breach within the meaning of Applicable Data Protection Laws relating to Personal Data of the Subscriber which may require a notification to be made to a supervisory authority or data subject under Applicable Data Protection Laws “Personal Data Breach”).
8.2 At the written request of the Subscriber and at Subscriber's sole expense, Qualifire shall provide reasonable co-operation and assistance to Subscriber in respect of Subscriber's obligations regarding the investigation of any Personal Data Breach and the notification to the supervisory authority and data subjects in respect of such a Personal Data Breach.
9.1 Subject to the terms hereof, Qualifire shall promptly and in any event within up to sixty (60) days (unless a sooner time period is required by Applicable Data Protection Laws) return and then destroy the Personal Data, except such copies as authorized including under this DPA or required to be retained in accordance with Applicable Data Protection Laws.
9.2 Qualifire may retain Personal Data to the extent authorized or required by Applicable Data Protection Laws, provided that Qualifire shall ensure the confidentiality of such Personal Data and shall ensure that it is only processed for such legal purpose(s).
9.3 Upon Subscriber's prior written request, Qualifire shall provide written certification to Subscriber that it has complied with this Section 9.
10.1 Not more than once a year, at the cost of Subscriber, upon reasonable prior notice and mutual coordination, Qualifire shall allow for audits by a reputable auditor mandated by the Subscriber in relation to the processing of the Personal Data by Qualifire , provided that such third-party auditor shall be subject to confidentiality obligations in favor of Qualifire . In such an audit Qualifire shall make available relevant information reasonably necessary to demonstrate compliance with this DPA.
10.2 Subscriber shall use (and ensure that its mandated auditor uses) its best efforts to avoid causing any damage, injury or disruption in the course of such an audit.
11.1 To the extent that Qualifire transfers Personal Data to countries outside of the European Economic Area and/or outside of the United Kingdom (UK), which do not provide an adequate level of data protection, as determined by the European Commission pursuant to Article 45 of GDPR, and by the Secretary of State, pursuant to Section 17A of the United Kingdom Data Protection Act 2018, respectively, or other adequate authority as determined by the EU and the UK (“Adequacy Decisions”), and to the extent applicable with respect to each data subject, such transfer of Subscriber’s Personal Data to other countries, where the application of the SCCs is required under Applicable Data Protection Laws shall be subject to:
(i) Adequacy Decisions; (ii) exemptions under Article 49 of the GDPR; or (iii) the Standard Contractual Clauses are incorporated into this DPA by reference, which shall be implemented as follows:
11.1.1 In the case of transfer of Personal Data between Subscriber to Qualifire , the parties shall implement Module II - “Controller to Processor”, of the Standard Contractual Clauses, with modifications detailed under this Section 11.1.1, in which case Qualifire shall be deemed as a "Data Importer" and Subscriber shall be deemed as a "Data Exporter". The parties are deemed to have accepted and executed the SCCs, including the associated annexes. The contents of Annex I of the SCCs are included within Appendix A to this DPA. The contents of Annex II of the SCCs are included within Appendix B to this DPA. The parties further agree to the following implementation choices under the SCCs:
11.1.1.1 The Parties agree that for the purpose of transfer of Personal Data between Qualifire (Data Importer) and the Subscriber (Data Exporter), the following shall apply:
11.1.1.2 Clause 7: shall not be applicable.
11.1.1.3 Clause 9(a): The parties choose Option 2, “General Written Authorization” and specify a time period of thirty (30) days. Appendix A shall be updated accordingly.
11.1.1.4 Clause 11: The parties choose not to include the optional language relating to the use of an independent dispute resolution body.
11.1.1.5 Clause 17: The parties select Option 1 and specify the law of Ireland.
11.1.1.6 Clause 18(b): The parties specify the courts of Ireland.
11.1.2 In the case of transfer of Personal Data between Qualifire and its Sub-Processors for the purposes of carrying out specific Processing activities (on behalf of Subscriber) the Partis will enter into Module III (“Processor-to-Processor”) of the Standard Contractual Clauses. For the purpose of such engagement, Qualifire shall be deemed as the Data Exporter and the Sub-Processor shall be deemed as the Data Importer; all other Modules are not applicable.
11.1.3 If the applicable Data Exporter, under Section 11.1.1 or 11.1.2, is transferring Personal Data governed by the UK GDPR, the parties agree to implement the applicable SCCs, as modified by the UK Addendum. The information required by Table 1 of the UK Transfer Addendum appears within Appendix A to this DPA. In addition, the parties adopt the SCCs, as modified by the UK Transfer Addendum, as to applicable international transfers of UK Personal Data in exactly the same manner set forth in Section 11.1 above, subject to the following:
11.1.3.1Clause 13: The UK Information Commissioner’s Office (“ICO") shall be the competent supervisory authority.
11.1.3.2 Clause 17: The SCCs, as modified by the UK Transfer Addendum, shall be governed by the laws of England and Wales.
11.1.3.3 Clause 18: The parties agree that any dispute arising from the SCCs, as modified by the UK Transfer Addendum, shall be resolved by the courts of England and Wales. A UK Data Subject may also bring legal proceedings against the Data Exporter and/or Data Importer before the courts of any country in the UK. The parties agree to submit themselves to the jurisdiction of such courts.
11.2 Appendixes A, B, and C attached to this DPA shall also apply in connection with the processing of Personal Data, subject to Applicable Data Protection Law.
11.3 Qualifire reserves the right to adopt an alternative compliance standard to the SCCs for the lawful transfer of Personal Data, provided it is recognized under Data Protection Law. Qualifire will provide 30 days’ advance notice of its adoption of an alternative compliance standard.
12.1 Governing Law and Jurisdiction. All disputes with respect to this DPA shall be determined in accordance with the governing law provisions set forth in the Services Agreement.
12.2 Conflict. In the event of any conflict or inconsistency between this DPA and any other agreements between the parties, including agreements entered into after the date of this DPA, the provisions of this DPA shall prevail.
12.3 Changes in Applicable Data Protection Laws. Subscriber may by at least forty-five (45) calendar days' prior written notice to processor/service provider, request in writing any changes to this DPA, if they are required, as a result of any change in any Applicable Data Protection Law, regarding the lawfulness of the processing of Personal Data. If Subscriber provides its modification request, Qualifire shall make commercially reasonable efforts to accommodate such modification request, and Subscriber shall not unreasonably withhold or delay agreement to any consequential changes to this DPA to protect the Qualifire against any additional risks, and/or to indemnify and compensate Qualifire for any further costs associated with the changes made hereunder.
12.4 Severance. Should any provision of this DPA be invalid or unenforceable, then the remainder of this DPA shall remain valid and in force. The invalid or unenforceable provision shall either be (i) amended as necessary to ensure its validity and enforceability, while preserving the parties’ intentions as closely as possible or, if this is not possible, (ii) construed in a manner as if the invalid or unenforceable part had never been contained therein.
A. Identification of Parties
"Data Exporter": Subscriber.
"Data Importer": Qualifire.
B. Description of Transfer
| Categories of Personal Data | Name, Email Address, IP Address . Other Personal Data which is not required by Qualifire and may be included in Subscriber Data disclosed or otherwise made available by Subscriber to Qualifire in the context using of the Services |
| Categories of data subjects: | Subscriber Employees. Other data subjects which may be included in Subscriber Data disclosed or otherwise made available by Subscriber to Qualifire in the context of using the Services. |
| Special Categories of Data/Sensitive Personal Information | The Parties do not intend for Sensitive Data to be transferred. |
| Nature of Processing | Nature of Processing Providing the services to Subscriber under the Agreement; Acting upon Subscriber’s written instructions in accordance with the Agreement and the DPA; Complying with applicable laws and regulations. |
| Frequency of Transfer | Continuous Basis |
| Purpose of the transfer and further processing | As described in the Agreement |
| Retention period | Personal Data will be retained for the term of the Agreement. |
C. Sub-Processors:
| Sub-Processor Name | Purpose of Processing | Location | Type of Personal Data Processed |
| Google Cloud Platform (GCP) | Cloud hosting and storage | United States | All categories stored in infrastructure |
| Hubspot | CRM | United States | First name, last name, email address, phone number, company name, and any other information collected during the registration to Qualifire’s platform. |
| Level 3/Priority 3 Normal/Medium/Low | Cloud hosting and storage | United States | All categories stored in infrastructure |
%202.svg){kind=logo}