• CONTACT US
  • LOGIN
  • The Platform
        • The RIWI PlatformThe integrated conscious and non-conscious research platform – for researchers looking to mix methodologies.
          • Sampling Technology
          • RIWI Respondent Marketplace
          • RIWI Communities
        • Subscription ProductsSyndicated data streams on industry and macro trends.
          • Compass Series Indexes
          • Voices of Ukraine Monitor
          • Canadian Consumer Confidence Index
          • RIWI China Data Feeds
          • China High Frequency Macro Datafeed
          • Patient Sentiment on Perioperative Care
        • Data SolutionsBuilt to help answer your most critical questions.
          • RIWI Sample Recruitment
          • RIWI Track
          • RIWI Test
          • RIWI Audience
          • RIWI Rapid Response
          • RIWI Omni
  • INDUSTRIES
        • Government and Public SectorTrack real-time behaviors and opinions globally in response to events or policy change.
          • RIWI Elections Tracking

        • Healthcare and Life SciencesOptimize healthcare system access, delivery, pharma products and digital therapeutics.
          • Clinical Trial Recruitment
        • International DevelopmentMonitor attitudes and behaviors in low and middle-income countries and fragile and conflict-affected states.
          • Misinformation and Disinformation
          • Digital Audience Engagement

        • Financial Services and EconomicsBetter anticipate inflection points with high frequency economic and geopolitical risk data.
        • Consumer ServicesTest concepts, products, and markets with real-time insights on global consumers.

        • Academic Institutions and Independent ResearchersListen to the silent voices of the un-polled masses that are typically not captured by traditional survey technology.
  • RESOURCES

        • Resources

          Learn from our Research, engage with us on our Insights blog, listen to experts on our podcast and read about RIWI in the news.

        • Data Management Strategies: A View Towards 2024 – 2026
        • The 2024 PIM Report
        • Research

        • Data collected and analyzed by RIWI to provide key learnings and insights on important topics that we care about.

        • Insights

        • This is our blog, announcements, insights, podcast, and musings.

        • Webinars

        • Tune into the Art of Insights Webinars to hear from industry experts on the trends and issues shaping research and the world.

        • Customer Stories

        • We are proud to help tackle issues that improve prosperity and security and help our clients build their business across sectors and geographies.

        • Research Opportunities
  • ABOUT US

        • About Us

          We break through the noise to find the truth about what people really think, want for themselves, and observe in the world around them.

        • About Us
          • Leadership
          • Board of Directors
          • Join Our Team
          • News and Media
          • Partners
  • Investors
    • Financial Reports
    • News Releases
    • Annual Shareholder Meetings
    • Corporate Governance
    • Investor FAQs

General Terms and Conditions for RIWI Services (“GTC”)

General Terms and Conditions for RIWI Services (“GTC”)

  • 1. Definitions.
    • a. “Affiliate” of a party refers to any legal entity in which that party holds, directly or indirectly, over 50% of the entity’s shares or voting rights, provided that interest is sustained.
    • b. “Agreement” encompasses an Order Form and any documents incorporated into it, including this GTC.
    • c. “Authorized User” denotes any individual authorized by the Customer to utilize the Cloud Service, including employees, agents, contractors, or representatives of the Customer or its Affiliates.
    • d. “Cloud Service” indicates any distinct, subscription-based, hosted, supported, and on-demand solution provided by RIWI under an Order Form.
    • e. “Cloud Materials” include any materials provided or developed by RIWI (either independently or in collaboration with the Customer) during the performance under the Agreement, comprising Analyses and materials delivered as part of support or Professional Services to the Customer. Cloud Materials exclude Customer Data, Customer Confidential Information, or the Cloud Service itself
    • f.“Confidential Information” encompasses all information that the disclosing party safeguards against unrestricted disclosure, either designated as confidential, internal, or proprietary at the time of disclosure or reasonably understood to be confidential given the nature of the information and the circumstances surrounding its disclosure.
    • g. “Customer” refers to the customer specified in the Order Form.
    • h. “Customer Data” comprises any content, materials, data, and information entered or collected by Authorized Users into the production system of the Cloud Service, or derived from Customer’s use of and stored within the Cloud Service (e.g., Customer-specific reports). Customer Data and its derivatives exclude RIWI’s Confidential Information.
    • i. “Documentation” includes RIWI’s current technical and functional documentation, including any descriptions of roles and responsibilities related to the Cloud Services, made available to the Customer under the Agreement.
    • j. “Export Laws” incorporates all import, export control, and sanctions laws of Canada.
    • k. “Feedback” refers to input, comments, or suggestions regarding RIWI’s business and technology direction, and the potential creation, modification, correction, improvement, or enhancement of the Cloud Service or Cloud Materials.
    • l. “Order Form” signifies the agreement mechanism for the Customer’s purchase of the Cloud Service or Professional Service, which may include an ordering document referencing the GTC.
    • m. “Product Terms” are the terms related to the Customer’s use of the Cloud Service as detailed in an Order Form.
    • n. “Professional Services” represent implementation services, consulting services, or other related services provided under an Order Form.
    • o. “RIWI” refers to RIWI Corp., or the relevant affiliate specified in the Order Form.
    • p. “Subscription Term” indicates the duration of the Cloud Service subscription specified in the relevant Order Form, encompassing all renewals.
    • q. “Taxes” cover all transactional taxes, levies, and similar charges (along with any related interest and penalties), such as federal, state, or local sales tax; value-added tax; goods and services tax; use tax; excise tax; service tax; or similar taxes.
    • r. “Usage Metric” denotes the standard of measurement used to determine permitted usage and calculate the fees applicable for the Cloud Service as outlined in an Order Form.
  •  2. Usage Rights and Restrictions.
    • a. Grant of Rights. As delineated in the Order Form, RIWI extends to Customer a non-transferable and non-exclusive license to utilize the Cloud Service, Cloud Materials, and Documentation solely for the internal business operations of Customer and its Affiliates, including the collection of information from third parties for such internal purposes. Customer may employ the Cloud Service globally, excluding jurisdictions where such use is prohibited by Export Laws or as specified in the Order Form. The permissible uses and limitations of the Cloud Service also extend to Cloud Materials and Documentation.
    • b. Authorized Users. Customer may authorize Authorized Users to access and utilize the Cloud Service within the parameters of the specified Usage Metrics and volumes outlined in the Order Form. Customer must ensure that an Authorized User’s access credentials are not shared among multiple individuals, except in cases where transfer is necessitated due to the original user’s discontinuation of Cloud Service usage. Customer bears responsibility for any breaches of the Agreement attributable to Authorized Users.
    • c. Acceptable Use Policy. Customer agrees not to:
      • i. Duplicate, translate, disassemble, decompile, create derivative works from, or reverse engineer the Cloud Service or Cloud Materials, or attempt any such actions;
      • ii. Input, store, gather, or transmit any content or data through the Cloud Service that is unlawful or infringes upon any intellectual property, privacy, publicity, or other rights;
      • iii. Employ the Cloud Service in a manner that circumvents Usage Metrics or Product Terms;
      • iv. Gain access to the Cloud Service through unauthorized means, such as scraping, crawling, or penetration testing;
      • v. Engage in activities that circumvent or compromise the operation or security of the Cloud Service; or
      • vi. Remove copyright or authorship notices from the Cloud Service or Cloud Materials issued by RIWI.
    •  d. Verification of Use. RIWI reserves the right to monitor usage to the extent necessary to verify compliance with Usage Metrics, volume restrictions, and the terms of the Agreement.
    • e. Suspension of Cloud Service. RIWI may suspend or restrict the use of the Cloud Service if continued usage violates Section 2(c) or poses a significant risk of harm to the Cloud Service or its users. RIWI will promptly notify Customer of any suspension or restriction, and will endeavor to limit the duration and scope of such actions as reasonably practicable under the circumstances.
    • f. Third-Party Web Services. Through the Cloud Service, Customer may access integrations with web services provided by third parties, subject to the terms and conditions of those third-party services. These third-party web services are not considered part of the Cloud Service, and the terms of the Agreement do not extend to them.
  •  3. RIWI Responsibilities.
    • a. Provisioning. RIWI facilitates access to the Cloud Service in accordance with the terms outlined in the Agreement.
    • b. Support. RIWI provides support for the Cloud Service as specified in the Order Form or Documentation.
    • c. Security. RIWI undertakes to implement and maintain technical and organizational measures to safeguard the personal data processed as part of the Cloud Service, as described in the Data Processing Agreement attached as Exhibit A (“DPA”).
    • d. Modifications.
      • i. RIWI may make modifications to the Cloud Service provided such changes do not significantly degrade its functionality. RIWI will notify Customer of any modifications via email, the support portal, Documentation, or within the Cloud Service interface. These modifications may include optional new features, which Customer may utilize subject to the prevailing Documentation.
      • ii. In the event that a modification significantly degrades the Cloud Service, Customer may terminate its subscription to the affected Cloud Service by providing written notice to RIWI within 30 days of receiving notification of the modification. Customer will then be entitled to a refund as stipulated in Section 6(c).
    •  e. Analyses.
      • i. RIWI or its Affiliates may generate analyses utilizing, in part, Customer Data and insights gleaned from Customer’s utilization of the Cloud Service and Professional Services, as detailed below (“Analyses”). RIWI will anonymize and aggregate the information contained in Analyses, ensuring they do not contain any personally identifiable information.
      • ii. The purposes for which Analyses may be employed include:
        • 1. Enhancing product features and functionality, workflows, and user interfaces, as well as developing new RIWI products and services,
        • 2. Optimizing resource allocation and support,
        • 3. Facilitating internal demand planning,
        • 4. Training and refining machine learning algorithms,
        • 5. Improving product performance, and
        • 6. Identifying industry trends and developments, as well as creating indices and anonymized benchmarking data.
  • 4. Customer and Personal Data.
    • a. Customer Data. Customer bears responsibility for the content and accuracy of the Customer Data and for inputting it into the Cloud Service.
    • b. Personal Data. Customer commits to collecting and managing all personal data within the Customer Data in compliance with relevant data privacy and protection regulations. Processing of any personal data within the Cloud Service will be governed by the Data Processing Agreement (DPA).
    • c. Security. Customer will uphold reasonable security measures for the usage of the Cloud Service by its Authorized Users. Customer will not conduct or authorize penetration tests on the Cloud Service without prior written consent from RIWI.
    • d. Access to Customer Data.
      • i. Throughout the Subscription Term, Customer may access Customer Data at any time and export it in a standard format. In the event Customer encounters difficulties in retrieving Customer Data, upon request, RIWI and Customer will collaborate to find an alternative method, potentially including RIWI delivering an export to Customer.
      • ii. Upon termination of the Agreement, RIWI will delete all remaining Customer Data on the servers hosting the Cloud Service, unless retention is mandated by applicable law. Retained data will be subject to the confidentiality provisions of the Agreement.
      • iii. Should Customer require RIWI’s assistance regarding third-party legal proceedings concerning Customer Data, RIWI will cooperate with Customer and adhere to applicable legal requirements, at Customer’s expense, in managing the Customer Data.
  • 5. Fees and Taxes.
    • a. Fees and Payment. Customer agrees to remit fees as specified in the Order Form. Failure to adhere to the payment terms outlined in the Agreement may result, after prior written notice, in the suspension of Customer’s access to the relevant Cloud Service until payment is received. Unpaid fees will accrue interest at the maximum legal rate. Any good faith disputes concerning fees will be promptly addressed through commercially reasonable efforts by both parties. Customer is prohibited from withholding, reducing, or offsetting owed fees, or adjusting Usage Metrics during the Subscription Term. All Order Forms are non-cancellable, and fees are non-refundable unless otherwise stipulated in the Agreement.
    • b. Taxes.
      • i. Charges and fees specified under an Order Form will exclude any applicable Taxes. Customer assumes responsibility for all Taxes. Prior to executing an Order Form, Customer will furnish RIWI with any necessary direct pay permits or valid tax-exempt certificates. Should RIWI be obligated to remit Taxes, Customer will reimburse RIWI for the amounts and associated costs paid or payable by RIWI attributable to said Taxes.
      • ii. If Customer is mandated by law to withhold income or corporate taxes or similar levies from any gross payment to RIWI under this Agreement, Customer may withhold or deduct such taxes (at the lowest rate permitted by applicable law) from the gross amount payable to RIWI, provided Customer furnishes RIWI with a valid withholding tax certificate as stipulated by applicable law. Failure to provide this certificate within a reasonable timeframe will necessitate Customer reimbursing RIWI for the deducted amount.
  • 6. Term and Termination.
    • a. Term. The duration of the Subscription Term is as specified in the Order Form.
    • b. Termination. Either party reserves the right to terminate the Agreement:
      • i. upon providing 30 days’ prior written notice in the event of a material breach by the other party, unless the breach is rectified within the stipulated 30-day period,
      • ii. as permissible under any other provision stated in the order form (with termination becoming effective 30 days after receipt of notice in each such case, unless a different period is specified), or
      • iii. immediately if the other party files for bankruptcy, becomes insolvent, makes an assignment for the benefit of creditors, or materially breaches Sections 11 or 12(f).
    •  c. Refund and Payments. In the event of termination by Customer or an 8.1(c) termination by RIWI, Customer shall be entitled to:
      • i. a pro-rata refund equivalent to the unused portion of prepaid fees for the terminated subscription, calculated as of the effective date of termination, and
      • ii. a waiver of the obligation to remit fees due for periods subsequent to the effective date of termination.
    •  d. Effect of Expiration or Termination. Upon the effective date of expiration or termination of the Agreement:
      • i. Customer’s entitlement to utilize the Cloud Service and all RIWI Confidential Information will cease, and
      • ii. Confidential Information of the disclosing party will be preserved, returned, or disposed of as mandated by the Agreement or applicable legislation.
    •  e. Survival. Sections 1, 5, 6(c), 6(d), 6(e), 8, 9, 10, 11, and 12 shall persist following the expiration or termination of the Agreement.
  • 7. Warranties.
    • a. Compliance with Law. Each party warrants its ongoing adherence to all pertinent laws and regulations in connection with:
      • i. RIWI’s operation of its business pertaining to the Cloud Service, and
      • ii. Customer’s handling of Customer Data and utilization of the Cloud Service.
    • b. Good Industry Practices. RIWI assures that it will furnish the Cloud Service:
      • i. substantially in accordance with the Documentation, and
      • ii. with the level of skill and care reasonably anticipated from a proficient and experienced global service provider, substantially consistent with the nature and complexity of the Cloud Service.
    • c. System Availability.
      • i. RIWI warrants to maintain an average monthly system availability for the production system of the Cloud Service as defined in the applicable service level agreement (“SLA”).
      • ii. Customer’s exclusive remedies for any breach of the SLA by RIWI are (1) the issuance of a credit as outlined in the SLA and (2) the termination and refund rights delineated below. Customer may apply the credit towards a future invoice for the Cloud Service or, in the absence of a pending invoice, may request, and RIWI will remit, a refund equivalent to the credit amount.
      • iii. If RIWI fails to meet the SLA under the following conditions:
        • 1. for four consecutive months,
        • 2. for five or more months within any twelve-month period, or
        • 3. at a system availability level of less than 95% for one calendar month, Customer may, by providing written notice to RIWI within 30 days following the failure, terminate its subscription to the affected Cloud Service and receive a refund as outlined in Section 6(c).
    • d. Warranty Exclusions. The warranties in Sections 7(b) and 7(c) will not be applicable if:
      • i. The Cloud Service is utilized in a manner inconsistent with the Agreement or Documentation,
      • ii. Any non-conformity is attributable to Customer or any product or service not supplied by RIWI, or
      • iii. The Cloud Service was provided free of charge.
    •  e. Disclaimer. Except as explicitly stated in the Agreement, RIWI does not make any express or implied representations or warranties, whether statutory or otherwise, regarding any matter, including non-infringement or merchantability, suitability, originality, or fitness for a particular use or purpose. Customer acknowledges that its decision to subscribe to any Cloud Service is not based on expectations of future functionality, public statements, RIWI’s advertising, or product roadmaps.
  • 8. Third-Party Claims.
    • a. Claims Brought Against Customer.
      • i. RIWI will undertake the defense and indemnification (as delineated below) of Customer against claims brought by any third party alleging that Customer’s or its Affiliates’ utilization of the Cloud Service infringes upon or misappropriates a patent, copyright, or trade secret. RIWI will indemnify Customer against all damages and expenses awarded against Customer and its Affiliates (or the amount of any settlement reached by RIWI) concerning such claims.
      • ii. RIWI’s obligations under Section 8.1 will not apply if the claim arises from:
        • 1. Unauthorized use of the Cloud Service as per the Agreement,
        • 2. Use of the Cloud Service in conjunction with products or services not provided by RIWI, or
        • 3. use of the Cloud Service provided free of charge.
      •  iii) In the event of a third-party claim or if RIWI reasonably anticipates such a claim, RIWI may, at its own expense, (1) secure for Customer the right to continue using the Cloud Service in accordance with the terms of the Agreement, or (2) substitute or modify the Cloud Service to be non-infringing without a significant reduction in functionality. If these options are not reasonably feasible, RIWI or Customer may terminate Customer’s subscription to the affected Cloud Service upon written notification to the other party, in which case Customer may receive a refund as specified in Section 6(c).
    •  b. Claims Brought Against RIWI. Customer will defend and indemnify RIWI against claims brought against RIWI, its Affiliates, and subcontractors by any third party related to Customer Data. Customer will indemnify RIWI against all damages and expenses awarded against RIWI, its Affiliates, and subcontractors (or the amount of any settlement reached by Customer) concerning such claims.
    • c. Third-Party Claim Procedure. All third-party claims under Section 8 will adhere to the following procedures:
      • i. The Indemnified Party will promptly notify the Indemnifying Party in writing of any third-party claim and will cooperate reasonably in its defense.
      • ii. The Indemnifying Party will have the right to control the defense entirely.
      • iii. Subject to Section 8(c)(ii), the Indemnified Party may, at its own expense, engage counsel acceptable to the Indemnifying Party.
      • iv. Any settlement will not impose financial or performance obligations on, or admit liability by, the Indemnified Party.
      • v. The obligations of the Indemnifying Party will not apply if the failure of the Indemnified Party to promptly notify the Indemnifying Party in writing of any such claim prejudices the Indemnifying Party.
    •  d. Exclusive Remedy. The provisions set forth in Section 8 represent the sole, exclusive, and complete liability of the parties, including their Affiliates and subcontractors, towards each other, and constitute the sole recourse of the other party concerning covered third-party claims and infringement or misappropriation of third-party intellectual property and rights.
  • 9. Limitation of Liability.
    • a. Unlimited Liability. Neither party’s liability is restricted regarding:
      • i. the parties’ obligations under Section 8(a)(i) and 8(b),
      • ii. death or bodily injury resulting from either party’s gross negligence or willful misconduct, or
      • iii. Customer’s failure to settle any fees due under the Agreement.
    • b. Liability Cap. Subject to Section 9(a) the maximum cumulative liability of either party (or its respective Affiliates or RIWI’s subcontractors) to the other party or any other individual or entity for all incidents (or related incidents) arising within any 12-month period will not exceed the annual fees paid for the relevant Cloud Service or Professional Service associated with the damages for that 12-month period. Each “12-month period” begins on the start date of the Subscription Term or any annual anniversary thereof.
    • c. Exclusion of Damages. Except as provided in Section 9(a), under no circumstances will either party (or its respective Affiliates or RIWI’s subcontractors) be liable to the other party for any special, incidental, consequential, or indirect damages, loss of goodwill or business profits, work stoppage, or for exemplary or punitive damages.
  • 10. Intellectual Property Rights.
    • a. RIWI Ownership. Except for any explicitly granted rights to Customer under the Agreement, RIWI or RIWI’s Affiliates or licensors hold all intellectual property rights in and related to the Cloud Service, Cloud Materials, Documentation, Professional Services, design contributions, related knowledge or processes, and any derivative works thereof.
    • b. Customer Ownership. Customer retains all rights in and related to the Customer Data.
  • 11. Confidentiality.
    • a. Use of Confidential Information.
      • i. The receiving party will:
        • 1. maintain all Confidential Information of the disclosing party in strict confidence, taking measures to safeguard the disclosing party’s Confidential Information substantially similar to those it applies to its own Confidential Information, which shall not be less than a reasonable standard of care;
        • 2. not disclose any Confidential Information of the disclosing party to any individual other than its Affiliates, employees, contractors, agents, legal representatives, accountants, or other professional advisors, whose access is necessary to enable them to exercise their rights or perform their obligations under the Agreement and who are bound by confidentiality obligations no less stringent than those in this Section;
        • 3. not use or reproduce any Confidential Information of the disclosing party for any purpose beyond the scope of the Agreement; and
        • 4. maintain any confidential, internal, or proprietary notices or legends that appear on the original and any reproductions.
      •  ii. Confidential Information of either party disclosed prior to the execution of the Agreement shall be subject to this Section.
      • iii. The receiving party may disclose the disclosing party’s Confidential Information to the extent required by law, regulation, court order, or regulatory agency, provided that the receiving party makes reasonable efforts to give the disclosing party reasonable prior notice of such required disclosure (to the extent legally permitted) and offers reasonable assistance in contesting the required disclosure, at the request and expense of the disclosing party. The receiving party shall use commercially reasonable efforts to disclose only the portion of the Confidential Information legally required to be disclosed and shall request confidential treatment for all disclosed Confidential Information.
    • b. Exceptions. The limitations on the use or disclosure of Confidential Information will not be applicable to any Confidential Information that:
      • i. is independently developed by the receiving party without reliance on the disclosing party’s Confidential Information,
      • ii. has become generally known or publicly available through no action or omission by the receiving party,
      • iii. was already known to the receiving party, free of confidentiality restrictions, at the time of disclosure,
      • iv. is lawfully obtained without restrictions by the receiving party from a third party authorized to provide such Confidential Information, or
      • v. is explicitly designated by the disclosing party as free from confidentiality restrictions in writing.
    • c. Destruction of Confidential Information. Upon the request of the disclosing party, the receiving party will promptly destroy or return all Confidential Information of the disclosing party, including any copies or reproductions thereof. However, the obligation to destroy or return Confidential Information will not apply:
      • i. to Confidential Information that the receiving party is legally obligated to retain, such as when legal proceedings related to the Confidential Information prevent its return or destruction, until the conclusion of the proceedings or a final judgment is issued;
      • ii. to Confidential Information held in archival or backup systems pursuant to general system archiving or backup policies.
  • 12. Miscellaneous.
    • a. Severability. If any provision of the Agreement is deemed wholly or partially invalid or unenforceable, the invalidity or unenforceability of that provision will not affect the validity or enforceability of the remaining provisions of the Agreement.
    • b. No Waiver; Amendment. A waiver of any breach of the Agreement shall not be construed as a waiver of any other breach. The Agreement may only be modified in writing signed by both parties, except as otherwise provided in the Agreement.
    • c. Counterparts. The Agreement may be executed in counterparts, each of which shall be deemed an original, and together shall constitute one Agreement. Electronic signatures complying with applicable law shall be considered original signatures.
    • d. Trade Compliance.
      RIWI and Customer will comply with Export Laws in performing the Agreement, with Customer being responsible for obtaining any necessary export authorizations for sharing Customer Data.
      Customer shall not (and shall not permit any third party to) use the Cloud Service in connection with any individual or entity that:
      is located, organized, or resident in a country or region subject to comprehensive economic sanctions (currently Cuba, Iran, North Korea, Syria, the Crimea region of Ukraine, and the Donetsk People’s Republic (DNR) and Luhansk People’s Republic (LNR) regions of Ukraine), or
      is designated, denied, or otherwise restricted under Export Laws.
    • e. Notices. All notices shall be in writing and deemed effective upon delivery,
      for RIWI, to notice@riwi.com with a physical copy to RIWI, Attn: Legal, 33 Bloor Street East, 5th Floor, Toronto, Ontario, Canada M4W 3H1, or
      for Customer, to the email or physical address specified in an Order Form or Agreement, or by electronic notice to Customer’s authorized representative or administrator.
    • f. Assignment. Customer shall not assign, delegate, or transfer the Agreement (or any rights or obligations thereunder) to any third party without RIWI’s prior written consent. RIWI may assign the Agreement to its Affiliates.
    • g. Subcontracting. RIWI may engage third parties to perform parts of the Cloud Service or Professional Services. RIWI shall be responsible for its subcontractors’ performance under the Agreement to the same extent as its own performance.
    • h. Relationship of the Parties. The parties are independent contractors, and nothing in the Agreement shall create any partnership, franchise, joint venture, agency, fiduciary, or employment relationship between the parties.
    • i. Force Majeure. Any delay in performance (other than payment obligations) due to circumstances beyond the reasonable control of the performing party shall not constitute a breach of the Agreement. In such a case, the time for performance shall be extended for a period equal to the duration of the conditions preventing performance.
    • j. Governing Law and Disputes. The Agreement, and any disputes arising from or related to it, shall be governed by and construed in accordance with the laws of the Province of Ontario, without regard to its conflicts of law principles. The parties submit to the exclusive jurisdiction of, and venue for any disputes shall be in, the courts located in Toronto, Ontario. Each party waives any objections to the venue or jurisdiction specified herein and any right to a jury trial for any claim or cause of action related to the Agreement. The United Nations Convention on Contracts for the International Sale of Goods and the Uniform Computer Information Transactions Act (where applicable) shall not apply to the Agreement. Each party waives any claims related to the Agreement that are not initiated within one year from the date the party knew or should have known, after reasonable investigation, of the facts giving rise to the claim.
    • k. Entire Agreement. The Agreement constitutes the complete and exclusive agreement between RIWI and Customer regarding the subject matter thereof, superseding all prior representations, discussions, and agreements (including any confidentiality agreements). Terms and conditions of any purchase order issued by Customer shall be null and void.
    • l. Feedback. Customer may, at its discretion, provide RIWI with Feedback. In such a case, RIWI and its Affiliates may use and retain such Feedback freely, without restriction, compensation, or attribution to the source of the Feedback. Customer shall not be responsible for RIWI’s use of any Feedback.

Exhibit A
Data Processing Agreement (“DPA”) Personal Data Processing Agreement for RIWI Services

  • 1. Definitions.
    • a. “Controller” refers to the natural or legal person, public authority, agency, or other entity that, either alone or jointly with others, determines the purposes and means of processing Personal Data. For the purposes outlined in this DPA, if Customer acts as a processor for another controller, Customer will, in relation to RIWI, be considered an additional and independent Controller, possessing controller rights and obligations as specified in this DPA.
    • b. “Customer Instructions” pertains to Customer’s documented processing instructions:
      as stipulated in the Agreement (inclusive of the relevant Order Form and this DPA);
      as evident from Customer’s utilization of the Cloud Service; and
      as otherwise reasonably communicated to RIWI.
    • c. “Data Protection Law” encompasses the applicable legislation safeguarding the fundamental rights and freedoms of natural persons, as well as their right to privacy concerning the processing of Personal Data pursuant to the Agreement.
    • d. “Data Subject” signifies an identified or identifiable natural person as defined by Data Protection Law.
    • e. “Permitted Controllers” denotes any other Controller authorized by Customer to utilize the Cloud Service in accordance with the Agreement.
    • f. “Personal Data” includes any information concerning a Data Subject that enjoys protection under Data Protection Law. For the purposes of this DPA, it encompasses personal data that is:
      inputted by Customer or its Authorized Users into or derived from their usage of the Cloud Service; or
      provided to or accessed by RIWI or its Subprocessors to deliver support under the Agreement. Personal Data represents a subset of Customer Data (as defined in the Agreement).
    • g. “Personal Data Breach” signifies a security breach resulting in the confirmed accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized third-party access to Personal Data, as described under Data Protection Law, mandating Controllers to notify competent data protection authorities or Data Subjects.
    • h. “Processor” denotes a natural or legal person, public authority, agency, or other body processing personal data on behalf of the controller.
    • i. “Subprocessor” or “sub-processor” refers to any third party authorized by RIWI to process Personal Data in accordance with this DPA.
    • j. “Technical and Organizational Measures” represent the technical and organizational measures outlined in Schedule 2 for the Cloud Service.
  • 2. Background.
    • a. Purpose and Application.
      • i. This DPA is integrated into the Agreement and constitutes a component of a written (including electronic) contract between RIWI and Customer.
      • ii. This DPA pertains to Personal Data processed by RIWI and its Subprocessors in connection with the provision of the Cloud Service.
      • iii. This DPA does not extend to non-production environments of the Cloud Service, if provided by RIWI.
      • iv. The processing of Personal Data is outlined in Schedule 1, including its subject matter and pertinent details.
    • b. Governance.
      • i. RIWI serves as a Processor, while Customer and Permitted Controllers assume the role of Controllers under this DPA.
      • ii. Customer will ensure the establishment of all requisite lawful bases under Data Protection Laws to enable RIWI to legally process Personal Data for the purposes envisaged by the Agreement (including this DPA). This includes, where applicable, acquiring all necessary consents from Data Subjects and issuing all requisite notices. Customer acts as a singular point of contact for Permitted Controllers in adherence to this DPA. Any authorizations, consents, instructions, or permissions provided by Customer are extended on behalf of any Permitted Controllers. If RIWI informs or gives notice to Customer, such information or notice is deemed received by Permitted Controllers, and Customer will forward such information and notices to the relevant Permitted Controllers.
  • 3. Security of Processing.
    • a. Applicability of the Technical and Organizational Measures. RIWI has implemented and will apply the Technical and Organizational Measures. Customer has reviewed such measures and acknowledges that, as to the Cloud Service selected by Customer in the Order Form, the measures are appropriate taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of the processing of Personal Data.
    • b. Changes. RIWI may change the Technical and Organizational Measures at any time without notice so long as it maintains a comparable or better level of security.
  • 4. RIWI Obligations.
    • a. Instructions from Customer. RIWI will process Personal Data only in accordance with (a) Customer Instructions or (b) Section 4.2. For any Customer Instructions not made in the Agreement (including this DPA) or through Customer’s use of the Cloud Service, RIWI will use reasonable efforts to follow such instructions to the extent they are required by Data Protection Law, technically feasible, and do not require changes to the Cloud Service. If RIWI cannot comply with an instruction or is of the opinion that an instruction infringes Data Protection Law, RIWI will immediately notify Customer (email permitted).
    • b. Processing on Legal Requirement. RIWI may also process Personal Data if required to do so by applicable law, in which case RIWI will notify Customer of that legal requirement before processing unless that law prohibits such notification.
    • c. Personnel. To process Personal Data, RIWI and its Subprocessors will only grant access to authorized personnel who have committed themselves to confidentiality. RIWI and its Subprocessors will regularly train personnel having access to Personal Data in applicable data security and data privacy measures.
    • d. Cooperation.
      • i. Except to the extent required by applicable law, at Customer’s request, RIWI will reasonably cooperate with Customer and Permitted Controllers in dealing with requests from Data Subjects or regulatory authorities regarding RIWI’ processing of Personal Data or any Personal Data Breach.
      • ii. If RIWI receives a request from a Data Subject in relation to Personal Data, RIWI will promptly notify Customer (if the Data Subject has provided information to identify Customer and if such notification is permitted by applicable law) by email and will not respond to such request itself but instead ask the Data Subject to redirect its request to Customer.
      • iii. In the event of a dispute with a Data Subject as it relates to RIWI’ processing of Personal Data, the parties will keep each other informed and, if appropriate, reasonably cooperate with the aim of resolving the dispute amicably with the Data Subject, to the extent permitted by applicable law.
      • iv. RIWI will provide functionality that supports Customer’s ability to correct, delete, or anonymize Personal Data within a Cloud Service, or to restrict its processing in line with Data Protection Law. If such functionality is not provided, RIWI will assist Customer to correct, delete, or anonymize any Personal Data, or restrict its processing, in accordance with the Customer’s instruction and Data Protection Law.
    • e. Personal Data Breach Notification. RIWI will notify Customer without undue delay after becoming aware of any Personal Data Breach and provide reasonable information in its possession to assist Customer to meet Customer’s obligations to report a Personal Data Breach as required under Data Protection Law. RIWI may provide such information in phases as it becomes available. Such notification will not be interpreted or construed as an admission of fault or liability by RIWI. Except to the extent required by applicable law, neither party will notify any third party or make any public announcement regarding an incident involving Personal Data or any Personal Data Breach in a manner that would identify the other party without the other party’s written consent (not to be unreasonably withheld).
    • f. Data Protection Impact Assessment. If Data Protection Law mandates Customer or Permitted Controllers to conduct a data protection impact assessment or seek prior consultation with a regulator, then, upon Customer’s request, RIWI will provide available documents related to the Cloud Service (such as this DPA, the Agreement, and audit reports and certifications). The parties will collaborate reasonably and in good faith to determine any additional assistance required.
  • 5. Data Export and Deletion.
    • a. Export and Retrieval by Customer. Throughout the Subscription Term and subject to the Agreement, Customer has the right to access Personal Data at any time and may export and retrieve it in a standard format (constituting a “return” of Personal Data). In case Customer encounters difficulties retrieving Personal Data, upon request, RIWI and Customer will devise a reasonable method to facilitate access, which may involve RIWI delivering an export to Customer.
    • b. Deletion. Upon the expiration of the Subscription Term, Customer instructs RIWI to delete all remaining Personal Data on servers hosting the Cloud Service within a reasonable timeframe aligned with Data Protection Law (not exceeding six months) unless retention is mandated by applicable law.
  • 6. Certifications and Audits.
    • a. Permitted Controller Audit. Any Permitted Controller may assume Customer’s auditing rights under Section 6(a) if directly applicable to them and conducted with Customer’s permission and coordination. Customer will make reasonable efforts to consolidate audits of all Permitted Controllers to prevent redundant audits unless required by Data Protection Law for the Permitted Controller to conduct its own audit.
    • b. Audit Scope. Customer will provide at least 60 days’ advance notice of any audit unless Data Protection Law or a competent data protection authority mandates shorter notice. The parties will reasonably agree on the frequency and scope of audits. Customer audits will be limited to a maximum of three business days. Additionally, the parties will leverage existing certifications or audit reports to minimize repetitive audits. Customer will share audit findings with RIWI and treat them as RIWI’s Confidential Information to the extent allowed by applicable law.
    • c. Audit Costs. Customer will cover audit expenses unless the audit uncovers a material breach by RIWI of this DPA, in which case RIWI will bear its own costs. In case of a breach, RIWI will promptly rectify it at its own expense as determined by the audit.
  • 7. Subprocessors.
    • a. Permitted Use.
      • i. RIWI is authorized to subcontract the processing of Personal Data to Subprocessors.
      • ii. RIWI or its affiliates, acting on its behalf, will engage Subprocessors under a written agreement consistent with the terms of this DPA regarding the Subprocessor’s processing of Personal Data. RIWI is accountable for the Subprocessor’s performance under the Agreement to the same extent as its own performance.
      • iii. RIWI will assess the security, privacy, and confidentiality practices of a Subprocessor before selection to ensure it can maintain the required level of protection of Personal Data as stipulated in this DPA.
    •  b. New Subprocessors; Objections.
      • i. RIWI will notify Customer in advance (via email, the support portal, Documentation, or the Cloud Service) of any intended additions or replacements to the list of Subprocessors, including details about the new Subprocessor’s name, address, and role.
      • ii. If Customer raises reasonable data protection concerns and objects to the new Subprocessor’s processing of Personal Data, Customer may terminate the Agreement (pertaining only to the Cloud Service for which the new Subprocessor is intended) by written notice to RIWI. This termination will take effect at Customer’s discretion but no later than 30 days after RIWI’s notice to Customer regarding the new Subprocessor. Failure to terminate within this period constitutes acceptance of the new Subprocessor by Customer.
      • iii. Within the 30-day period following RIWI’s notice of the new Subprocessor, Customer may request both parties to engage in good faith discussions to address the objection. These discussions will not extend the termination period and do not affect RIWI’s right to use the new Subprocessor after this period.
      • iv. Any termination under this Section will be deemed faultless by either party and will adhere to the Agreement’s terms.
    • c. Emergency Replacement. RIWI may substitute a Subprocessor without prior notice if the reason for the change is beyond RIWI’s reasonable control and prompt replacement is necessary for security or other urgent reasons. RIWI will promptly notify Customer of the replacement Subprocessor once appointed, and the objection and termination rights mentioned above apply accordingly.
  • 8. Documentation; Records of Processing. If mandated by Data Protection Law, each party must fulfill its obligation to maintain records of processing. Each party will reasonably support the other party in these requirements by providing necessary information in a format reasonably requested by the other party (such as using an electronic system) to enable compliance with such obligations.

Schedule 1
Subject Matter and Details of Processing

Customer / ‘Data Exporter’ Details

Name: Customer

Contact details for data protection: RIWI will contact the contact person named in the applicable Order Form

Main address: Customer address listed in the applicable Order Form

Customer activities: Purchasing a license for Cloud Services as described in the applicable Order Form

Role: Controller

Provider/’Data Importer’ Details

Name: RIWI

Contact details for data protection: Data Protection Officer, notice@riwi.com

Main address: 33 Bloor Street East, 5th Floor, Toronto, Ontario, Canada M4W 3H1

Provider activities: Delivery of Cloud Services and associated services (if applicable) as described in the applicable Order Form

Role: Processor

Details of Processing

Categories of Data Subjects: Determined by Customer or Permitted Controllers. Unless otherwise indicated by Customer or Permitted Controller, transferred Personal Data relates to the Data Subjects having Personal Data stored in the Cloud Service, transmitted to, made available to, accessed by, or otherwise processed by the data importer.

Categories of Data Subjects: Determined by Customer or Permitted Controllers. Customer or Permitted Controllers may configure the data fields during implementation of the Cloud Service or as otherwise provided by the Cloud Service. The transferred Personal Data typically relates to the following categories of data: name, phone numbers, email address, address data, system access / usage / authorization data, company name, contract data, invoice data, and any application-specific data that Authorized Users transfer or enter into the Cloud Service.

Special Categories of Personal Data and additional associated restrictions/ safeguards: Determined by Customer or Permitted Controllers. If Customer or a Permitted Controller intends to collect Special Categories of Personal Data, it will be specified in the applicable Order Form. For purposes hereof, “Special Categories of Personal Data” means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health, or data concerning a natural person’s sex life or sexual orientation.

RIWI has taken Technical and Organizational Measures as set out in Schedule 2 to ensure a level of security appropriate to protect also Special Categories of Personal Data. The transfer of Special Categories of Personal Data may trigger the application of the following additional restrictions or safeguards if necessary, to take into consideration the nature of the data and the risk of varying likelihood and severity for the rights and freedoms of natural persons (if applicable): 1. training of personnel; 2. encryption of data in transit and at rest; 3. system access logging and general data access logging. In addition, the Cloud Service may provide measures for handling Special Categories of Personal Data as described in the Documentation.

Frequency of transfer: Personal Data will be transferred on an ongoing basis for the duration of the Agreement.

Nature of the Processing: The transferred Personal Data is subject to the following basic processing activities:

  1. use of Personal Data to set up, operate, monitor, and provide the Cloud Service (including operational and technical support);
  2. provision of professional services;
  3. communication to Authorized Users;
  4. storage of Personal Data in dedicated data centers (multi-tenant architecture);
  5. release, development, and upload of any fixes or upgrades to the Cloud Service;
  6. back up and restoration of Personal Data stored in the Cloud Service;
  7. computer processing of Personal Data, including data transmission, data retrieval, and data access;
  8. network access to allow Personal Data transfer;
  9. monitoring, troubleshooting, and administering the underlying Cloud Service infrastructure and database;
  10. security monitoring, network-based intrusion detection support, and penetration testing; and
  11. execution of instructions of Customer in accordance with the Agreement.

Purpose of the Processing: The purpose of the transfer is to provide and support the Cloud Service and any associated services. RIWI and its Subprocessors may support the Cloud Service data centers remotely.

Duration of Processing / retention period: Personal Data will be retained for the duration of the Agreement and subject to Section 5 of the DPA.

Transfers to Subprocessors: Transfers to Subprocessors will be on the same basis as set out in the DPA.

Schedule 2
Technical and Organizational Measures

This Schedule 2 describes the applicable technical and organizational measures for the purposes of the EU Standard Contractual Clauses and applicable Data Protection Law.

RIWI will apply and maintain the Technical and Organizational Measures.

To the extent that the provisioning of the Cloud Service involves Restricted Transfers, the Technical and Organizational Measures set forth in Schedule 2 describe the measures and safeguards that have been taken to fully take into consideration the nature of the personal data and the risks involved.

  • 1. TECHNICAL AND ORGANIZATIONAL MEASURES
    • a. Physical Access Control. Unauthorized persons are prevented from gaining physical access to premises, buildings, or rooms where data processing systems that process or use Personal Data are located.
      • i. Measures:
        • 1. RIWI protects its assets and facilities using the appropriate means based on the RIWI security policy.
        • 2. In general, buildings are secured through access control systems (e.g., smart card access system).
        • 3. As a minimum requirement, the outermost entrance points of the building must be fitted with a certified key system including modern, active key management.
        • 4. Depending on the security classification, buildings, individual areas, and surrounding premises may be further protected by additional measures. These include specific access profiles, video surveillance, intruder alarm systems, and biometric access control systems.
        • 5. Access rights are granted to authorized persons on an individual basis according to the System and Data Access Control measures (see Section 1(b) and 1(c) below). This also applies to visitor access. Guests and visitors to RIWI buildings must register their names at reception and must be accompanied by authorized RIWI personnel.
        • 6. RIWI employees and external personnel must wear their ID cards at all RIWI locations.
        • 7. Additional measures for Data Centers:
          • a. All data centers adhere to strict security procedures enforced by guards, surveillance cameras, motion detectors, access control mechanisms, and other measures to prevent equipment and data center facilities from being compromised. Only authorized representatives have access to systems and infrastructure within the data center facilities. To protect proper functionality, physical security equipment (e.g., motion sensors, cameras, etc.) undergo maintenance on a regular basis.
          • b. RIWI and all third-party data center providers log the names and times of authorized personnel entering RIWI’ private areas within the data centers.
    • b. System Access Control. Data processing systems used to provide the Cloud Service must be prevented from being used without authorization.
      • i. Measures:
        • 1. Multiple authorization levels are used when granting access to sensitive systems, including those storing and processing Personal Data. Authorizations are managed through defined processes according to the RIWI security policy.
        • 2. All personnel access RIWI’ systems with a unique identifier (user ID).
        • 3. RIWI has procedures in place so that requested authorization changes are implemented only in accordance with the RIWI security policy (for example, no rights are granted without authorization). In case personnel leave the company, their access rights are revoked.
        • 4. RIWI has established a password policy that prohibits the sharing of passwords, governs responses to password disclosure, and requires passwords to be changed on a regular basis and default passwords to be altered. Personalized user IDs are assigned for authentication. All passwords must fulfill defined minimum requirements and are stored in encrypted form. For domain passwords, the system forces a password change every six months in compliance with the requirements for complex passwords. Each computer has a password-protected screensaver.
        • 5. The company network is protected from the public network by firewalls.
        • 6. RIWI uses up–to-date antivirus software at access points to the company network (for email accounts), as well as on all file servers and all workstations.
        • 7. Security patch management is implemented to provide regular and periodic deployment of relevant security updates. Full remote access to RIWI’ corporate network and critical infrastructure is protected by strong authentication.
    •  c. Data Access Control. Persons entitled to use data processing systems gain access only to Personal Data that they have a right to access, and Personal Data must not be read, copied, modified, or removed without authorization in the course of processing, use, and storage.
      • i. Measures:
        • 1. As part of the RIWI security policy, Personal Data requires at least the same protection level as “confidential” information according to the RIWI information classification standard.
        • 2. Access to Personal Data is granted on a need-to-know basis. Personnel have access to the information that they require to fulfill their duty. RIWI uses authorization concepts that document grant processes and assigned roles per account (user ID). All Customer Data is protected in accordance with the RIWI security policy.
        • 3. All production servers are operated in the data centers or in secure server rooms. Security measures that protect applications processing Personal Data are regularly checked. To this end, RIWI conducts internal and external security checks and penetration tests on its IT systems.
        • 4. A RIWI security standard governs how data and data carriers are deleted or destroyed once they are no longer required.
    • d. 1.4 Data Transmission Control. Except as necessary for the provision of the Cloud Services in accordance with the Agreement, Personal Data must not be read, copied, modified, or removed without authorization during transfer. If data carriers are physically transported, adequate measures are implemented at RIWI to provide the agreed-upon service levels (for example, encryption and leadlined containers).
      • i. Measures:
        • 1. Personal Data in transfer over RIWI internal networks is protected according to the RIWI security policy.
        • 2. When data is transferred between RIWI and its customers, the protection measures for the transferred Personal Data are mutually agreed upon and made part of the relevant agreement. This applies to both physical and network-based data transfer. In any case, Customer assumes responsibility for any data transfer once it is outside of RIWI-controlled systems (e.g., data being transmitted outside the firewall of the RIWI data center).
    • e. Data Input Control. It will be possible to retrospectively examine and establish whether and by whom Personal Data have been entered, modified, or removed from RIWI’ data processing systems.
      • i. Measures:
        • 1. RIWI only allows authorized personnel to access Personal Data as required in the course of their duty.
        • 2. RIWI has implemented a logging system for input, modification and deletion, or blocking of Personal Data by RIWI or its subprocessors within the Cloud Service to the extent technically possible.
    • f. Job Control. Personal Data being processed on commission (i.e., Personal Data processed on a customer’s behalf) is processed solely in accordance with the Agreement and related instructions of the customer.
      • i. Measures:
        • 1. RIWI uses controls and processes to monitor compliance with contracts between RIWI and its customers, subprocessors, or other service providers.
        • 2. As part of the RIWI security policy, Personal Data requires at least the same protection level as “confidential” information according to the RIWI Information Classification standard.
        • 3. All RIWI employees and contractual subprocessors or other service providers are contractually bound to respect the confidentiality of all sensitive information including trade secrets of RIWI’ customers and partners.
    • g. Availability Control. Personal Data will be protected against accidental or unauthorized destruction or loss.
      • i. Measures:
        • 1. RIWI employs regular backup processes to provide restoration of business-critical systems as and when necessary.
        • 2. RIWI uses uninterrupted power supplies (e.g., UPS, batteries, generators, etc.) to protect power availability to the data centers.
        • 3. RIWI has defined business contingency plans for business-critical processes and may offer disaster recovery strategies for business-critical services as further set forth in the Documentation or incorporated into the Order Form for the relevant Cloud Service.
          Emergency processes and systems are regularly tested.
    • h. Data Separation Control.
      • i. Measures:
        • 1. RIWI uses the technical capabilities of the deployed software (e.g., multi- tenancy, system landscapes) to achieve data separation among Personal Data originating from multiple customers.
        • 2. Customer (including Permitted Controllers) has access only to its own data.
    • i. Data Integrity Control. Personal Data will remain intact, complete, and current during processing activities.
      • Measures:
        • 1. RIWI has implemented a multi-layered defense strategy as a protection against unauthorized modifications. In particular, RIWI uses the following to implement the control and measure sections described above:
          • a. Firewalls;
          • b. Security Monitoring Center;
          • c. Antivirus software;
          • d. Backup and recovery;
          • e. External and internal penetration testing;
          • f. Regular external audits to prove security measures.

Schedule 3
Restricted Transfers

  • 1. Definitions
    • a. “EU Standard Contractual Clauses” refers to the standard contractual clauses published by the European Commission, reference 2021/914, or any subsequent final version adopted by RIWI. If the EU Standard Contractual Clauses are applicable, Modules 2 and 3 will be implemented as outlined in Schedule 3.
    • b. “FADP” stands for the Swiss Federal Act on Data Protection.
    • c. “GDPR” stands for the General Data Protection Regulation 2016/679.
    • d. “Restricted Transfer” denotes a transfer (or onward transfer) of Personal Data to any country, organization, or territory not recognized by the European Union under Article 45 of the GDPR as a safe country with an adequate level of data protection. This includes transfers that require an adequacy mechanism pursuant to the GDPR or other Data Protection Law, which may be fulfilled by entering into the EU Standard Contractual Clauses.
    • e. “Schedule,” as used in the DPA and herein, refers to the numbered Annex associated with the EU Standard Contractual Clauses.
    • f. “Third Country” signifies any country, organization, or territory not acknowledged by the European Union under Article 45 of the GDPR as a safe country with an adequate level of data protection.
    • g. “UK GDPR” represents the GDPR as it is incorporated into the law of England and Wales under section 3 of the European Union (Withdrawal) Act 2018.
  • 2. Transfers
    • a. EU Transfers. If Personal Data protected by the GDPR is subject to a Restricted Transfer, the following provisions apply:
      • i. The EU Standard Contractual Clauses are hereby referenced as follows:
        • 1. If RIWI is located in a Third Country:
          • a. Customer acts as the “data exporter” and RIWI as the “data importer”;
          • b. Module 2 (Controller to Processor) applies if Customer acts as a controller of Personal Data and RIWI as a processor of Personal Data;
          • c. Module 3 (Processor to Processor) applies if Customer acts as a processor of Personal Data (on behalf of a third-party controller) and RIWI as a processor of Personal Data;
          • d. Both parties are considered signatories to the EU Standard Contractual Clauses (including their Annexes) as of the DPA’s effective date by entering into this DPA, and Customer enters into the EU Standard Contractual Clauses on behalf of itself and any Permitted Controllers.
        • 2. For any Restricted Transfer from RIWI to its Subprocessors, RIWI and its Subprocessors have executed the EU Standard Contractual Clauses.
      • ii. For each applicable Module:
        • 1. The optional docking clause in Clause 7 is inapplicable;
        • 2. In Clause 9, Option 2 will be applied, the minimum notice period for Subprocessor changes will be as specified in the DPA, and RIWI will fulfill its notification obligations by informing Customer of any Subprocessor changes in accordance with the DPA;
        • 3. The optional language in Clause 11 is excluded;
        • 4. The second two paragraphs in Clause 13(a) do not apply;
        • 5. Option 1 will be applied in Clause 17, and the EU Standard Contractual Clauses will be governed by the laws of Ireland;
        • 6. Disputes will be resolved before the courts of Ireland in accordance with Clause 18(b);
        • 7. Schedule 1 (Subject Matter and Details of Processing) of the DPA includes the information required in Annex 1 of the EU Standard Contractual Clauses;
        • 8. Schedule 2 (Technical and Organizational Measures) of the DPA contains the information specified in Annex 2 of the EU Standard Contractual Clauses.
      • iii. If context warrants and necessitates, any mention of the EU Standard Contractual Clauses in the DPA will be interpreted as referring to the EU Standard Contractual Clauses as adjusted in the manner described in this section.
      • iv. RIWI enters into the EU Standard Contractual Clauses on behalf of itself and any Permitted Controllers.
      • v. If RIWI is situated in a Third Country and is acting as a data importer under Module 2 or Module 3 of the EU Standard Contractual Clauses, and Customer is acting as RIWI’s data exporter, the relevant data exporter will have the following third-party beneficiary right: If Customer has indeed disappeared, ceased to exist legally, or has become insolvent (in all cases without a successor entity that has taken over Customer’s legal obligations through contract or operation of law), the relevant data exporter may terminate the affected Cloud Service solely to the extent that the data exporter’s Personal Data is processed, in which case the relevant data exporter also instructs RIWI to erase or return the Personal Data in line with the DPA.
      • vi. Nothing in the Agreement will take precedence over any conflicting clause of the EU Standard Contractual Clauses. To clarify, the audit and subprocessor regulations in the DPA also apply concerning the EU Standard Contractual Clauses.
    • b. Swiss Transfers. If Personal Data is safeguarded by the FADP and is subject to a Restricted Transfer, the EU Standard Contractual Clauses apply as outlined in Section 2(a) (EU Transfers) of this Schedule 3 with the following adjustments:
      • i. In Clause 13, the competent supervisory authority will be the Swiss Federal Data Protection and Information Commissioner, or if both the FADP and the GDPR apply to such transfer, one of the competent data protection authorities under the EU Standard Contractual Clauses.
      • ii. In Clause 17 (Option 1), the EU Standard Contractual Clauses will be governed by the laws of Switzerland.
      • iii. In Clause 18(b), disputes will be resolved before the courts of Switzerland. (d) The terms defined in the FADP used in the EU Standard Contractual Clauses will be interpreted to have the meanings specified in the FADP.
      • iv. The terms used in the EU Standard Contractual Clauses that are defined in the FADP will be construed to have the meaning set forth in the FADP;
      • v. The term “Member State” must not be construed in a manner that excludes Data Subjects in Switzerland from asserting their rights in their habitual residence according to Clause 18(c).
      • vi. If the FADP protects legal entities as data subjects, the EU Standard Contractual Clauses will apply to data relating to identified or identifiable legal entities.
      • vii. References to the law of the European Union or of a Member State in the EU Standard Contractual Clauses will be considered as references to the FADP.
      • viii. References to a “Member State” in the EU Standard Contractual Clauses will include Switzerland.
    • c. UK Transfers. If Personal Data is protected by the UK GDPR and is subject to a Restricted Transfer, the EU Standard Contractual Clauses apply as outlined in Section 2(a) (EU Transfers) of this Schedule 3 with the following modifications:
      • i. Each party will be deemed to have agreed to the “UK Addendum to the EU Standard Contractual Clauses” (“UK Addendum”) issued by the Information Commissioner’s Office under section 119(A) of the Data Protection Act 2018.
      • ii. the EU Standard Contractual Clauses will be considered modified as outlined by the UK Addendum concerning the transfer of Personal Data;
      • iii. in Table 1 of the UK Addendum, the essential contact details of the parties are found in Schedule 1 (Subject Matter and Details of Processing) to the DPA;
      • iv. in Table 2 of the UK Addendum, details regarding the version of the EU Standard Contractual Clauses, modules, and specific clauses selected for this UK Addendum are provided above in this Schedule 3;
      • v. in Table 3 of the UK Addendum:
        the parties’ list is located in Schedule 1 (Subject Matter and Details of Processing) to the DPA;
        the description of the transfer can be found in Schedule 1 (Subject Matter and Details of Processing) to the DPA;
        Annex II is situated in Schedule 2 (Technical and Organizational Measures) to the DPA; and
        the list of Subprocessors is available in the DPA.
      • vi. In Table 4 of the UK Addendum, the Importer may terminate the UK Addendum according to its terms (and the relevant checkbox is deemed selected); and
      • vii. In Part 2: Part 2 – Mandatory Clauses of the Approved Addendum, which is the template Addendum B.1.0 issued by the ICO and presented to Parliament in line with section 119 (A) of the Data Protection Act 2018 on 2 February 2022, as amended under section 18 of those Mandatory Clauses, will be considered applicable.

We break through the noise to find the truth

 

  • ABOUT US
  • Leadership
  • Board of Directors
  • News and Media
  • Join Our Team
  • INVESTORS
  • Financial Reports
  • News Releases
  • Annual Shareholder Meetings
  • Corporate Governance
  • Investor FAQs

Join our community for news, research, updates, and insights.

ask@riwi.com | +1 833 FOR RIWI (367 7494)

© 2025 RIWI Corp. All rights reserved.  Privacy Statement | Cookie Policy | Disclaimer | Accessibility
  
Manage Cookie Consent
We use cookies to optimize our website and our service.
Necessary Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
Privacy settings
{title} {title} {title}
Manage Cookie Consent
We use cookies to optimize our website and our service.
Necessary Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
Privacy settings
{title} {title} {title}

TheoremReach, a RIWI company

 

RIWI is pleased to announce that it has acquired TheoremReach – a leading survey monetization platform! Learn more here.

    SUBSCRIBE TO THE COMPASS SERIES



    Cold War II IndexMilitary Conflict IndexPolarization Risk IndexAll Indexes

    I agree to receive communications from RIWI.*

    This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

    Stay in Touch

    Join our community for news, research, updates and insights.