Chartbeat Terms of Use

Effective July 9, 2018

The Terms of Service below set forth the rights and obligations of the parties associated with the implementation of Chartbeat’s Service (defined below) on your website. Your use of chartbeat.com and each website (each a "Site") owned and operated by Chartbeat Inc. ("Chartbeat", "We" or "Us") is governed by these Terms of Service. Before you can use any part of the Service, you must read and affirmatively indicate your acceptance of the following Terms of Service, any applicable Work Order (as defined below) and the Privacy Policy (individually or collectively the "Agreement"). By visiting the Site or implementing or using the Service you agree that you are authorized to accept these terms and conditions on behalf of yourself and/or your company (collectively, "you"), and that you are bound by the terms of this Agreement for the Service. This Agreement is made and entered into by and between you and Chartbeat. Chartbeat allows you to obtain real-time statistics based on website visitors, using certain Chartbeat proprietary software (the “Software”, the Sites and Software shall be collectively known as the "Service"), subject to these Terms of Service. For the sake of clarity, the “Service” includes any or all of the following service packages provided by Chartbeat: the Chartbeat For Everyone Service, Chartbeat Publishing Service, and Chartbeat Video, each as defined below. Each time you visit or use the Site or Service, the current version of the Agreement will apply for your use of the Service from the date of your first access. Accordingly, when you use the Site or Service, you should check the date of the Agreement and review any changes since the last version. If you do not agree with the Agreement at any time, please cease use of this Site and the Service. You agree to accept notices sent electronically, including but not limited to, email messages sent to the current email address of your account and notices posted on the Site.

  1. DESCRIPTION OF THE SERVICE

    Chartbeat For Everyone Service.The Chartbeat For Everyone Service provides real-time Traffic Data (as defined in Section 2) for the top twenty pages of your website. Chartbeat is no longer accepting new customer registrations for the Chartbeat For Everyone Service, but existing customers may contact support@chartbeat.com for assistance. You must provide certain limited information about yourself as prompted to do so by the Service. We reserve the right to refuse access to the Chartbeat Service to any user. For registration for the Chartbeat For Everyone Service, Chartbeat requires either a valid credit card or specific information for invoices to be e-mailed and paid via ACH or check.

    Chartbeat Publishing Service. Chartbeat Publishing Service is an analytics suite that provides a basic service including real-time and historical traffic data for all pages of your major media website, and it may also include additional premium features and services. Chartbeat Publishing Service rates vary depending on the needs of your organization. To learn more about the Chartbeat Publishing Service, please contact us at hello@chartbeat.com. In the event you wish to purchase the Chartbeat Publishing Service, no binding agreement regarding the Chartbeat Publishing Service will exist between you and Chartbeat unless and until you and Chartbeat execute a Work Order or other agreement governing the provision of the Chartbeat Publishing Service (“Work Order”). In the event of any conflict between these Terms of Service and the applicable Work Order or other agreement, the terms of the Work Order or other agreement shall govern.

    Chartbeat Video. The Chartbeat Video Service shows online video in context so publishers know exactly how their video engagement relates to their written content. The Chartbeat Video Service is available only to Chartbeat Publishing customers.

  2. LICENSE; OWNERSHIP

    You allow the Service to be placed on your website(s) and you hereby grant us a nonexclusive, irrevocable during the term of this Agreement, royalty-free, no-cost license to perform, or have performed, the activities relating to provision of the Service. You agree to configure the Software on your website(s) in accordance with Chartbeat’s requirements, including by ensuring that URLs containing Personal Data (as defined in the Data Processing Addendum attached hereto as Appendix A) of end users are not captured by the Service. By loading the Chartbeat JavaScript on your website, you will be placing certain cookies (described in the Chartbeat Privacy Policy) on your user’s web browsers when those users visit your website. You agree that you are responsible for such placement and for complying with any applicable laws associated therewith. Chartbeat is not obligated to provide customer support for, and shall not be responsible or liable for, any malfunction or failure of the Service or any damages resulting from your failure to implement the Software on your website(s) in accordance with Chartbeat’s requirements. In order to improve our algorithms and the Service, for statistical and analytical reporting and for research purposes, Chartbeat may aggregate and/or anonymize the data resulting from use of the Service, and provide anonymized data, which may be aggregated with data of other customers, to third parties. Chartbeat will not use or disclose anonymized data in a manner that reveals your identity, the identity of your website, or your identifiable Traffic Data without your express prior consent. Chartbeat shall exclusively own its customers’ aggregated and/or anonymized Traffic Data.

    You shall own all rights in and to all Traffic Data, subject to the rights and licenses granted herein. “Traffic Data” means all data and information created, received, processed or provided by Chartbeat in performing the Service, or that results from performance of the Service for you. You hereby grant Chartbeat all necessary rights to access and track Traffic Data concerning your website, solely in connection with providing the Service during the term of this Agreement.

    Subject to the terms and conditions of this Agreement, Chartbeat grants to you (and you agree to comply with) a non-sublicensable, non-transferable, non-exclusive, revocable, limited license to use: (i) the Software and (ii) certain proprietary documentation in the form generally made available by Chartbeat to you on the Site for use with the Software (the "Documentation") solely to receive the Chartbeat Service.
Your use of the Service shall be restricted pursuant to the terms and conditions of this Agreement. You agree that you are responsible, and Chartbeat bears no liability, for the use of your account by any third party, or for your use of the Service through a third party’s account, and the acts and/or omissions of such third party . Chartbeat also grants you a nonexclusive, nontransferable, revocable, limited license to access and use the Chartbeat API solely in connection with its use of the Service. Other than as expressly granted above, no other rights are granted, including without limitation any and all Chartbeat patents, copyrights, moral rights, trade secrets, trademarks, service marks, publicity rights, and other proprietary rights (whether or not perfected or perfectable) ("Intellectual Property Rights"). Nothing in this Agreement grants to you any rights whatsoever in or relating to the source code of the Software, other than the limited right to place the Chartbeat JavaScripts on your website(s). All ownership rights, title, and Intellectual Property Rights in and to the Service shall remain in Chartbeat and/or its licensors. You agree that Chartbeat has the right to change, modify, add to or discontinue or retire any aspect or feature of the Chartbeat Service at any time without any obligation to give you notice of any changes. From time to time, Chartbeat may, but is under no obligation to, release upgrades, fixes or new versions of the Service, although these upgrades may not be consistent across all platforms and devices.

    Chartbeat collects, stores and handles Traffic Data (defined below) and other information in accordance with its privacy policy located at www.chartbeat.com/privacy (as amended from time to time). To the extent that Chartbeat collects and processes Personal Data (as defined in the Data Processing Addendum), it shall do so as a Data Processor (except in relation to Chartbeat Customer Personal Data consisting of Customer employee contact details of which Chartbeat is also a Data Controller) and shall only process such information, including Traffic Data, in order to provide the Service. Personal Data processed in connection with this Agreement includes internet protocol address information, which is required for maintenance of the Chartbeat Service, and for which the last octet is removed upon receipt for purposes of anonymity. Additionally, Chartbeat code, by default, sets and reads a cookie on the customer's domain containing a randomly-generated user ID for purposes of determining unique visitor counts and visitors' loyalty to a site. If you have website visitors located in the European Union, in order for both you and Chartbeat to achieve adequate legal disclosures under Data Protection Laws (as defined in the Data Processing Addendum) and associated regulatory guidance and industry best practice in relation to the underlying technology used in provision of the Service and the intended use by either party of information collected, stored and handled pursuant to this Agreement, you shall: (a) make appropriate disclosures on Chartbeat's behalf using your privacy policy or via specific statements on the your website(s); and (b) obtain end users' consent to the use of Chartbeat cookies, as applicable law and legal guidance may require. You shall maintain and make available on each of your website(s) a privacy policy that includes any and all disclosures and election procedures that may be required under applicable laws and regulatory guidance based on your own services and data handling practices and additionally the Services contemplated by these Terms of Use and provided by Chartbeat from time to time including, without limitation, a privacy policy that fully and completely discloses to users of your website(s) the practices of you, Chartbeat or other third parties with respect to the collection, use and disclosure of Personal Data and other information (including any data or other information that: (i) is collected on an anonymous basis, (ii) is not connected with a living individual; or (iii) is aggregated, or constitutes cookies, web beacons or similar devices and matters. You agree to include in your privacy policy and/or publish elsewhere on your website(s) at least the level of detail set out in Chartbeat's privacy policy. You shall at all times comply with your published privacy policy and all laws and regulatory guidance to the extent applicable to you. .Throughout the term of this Agreement, you and Chartbeat shall co-operate in respect of any other best practice or legally necessary privacy or metrics and analytics related disclosures which may now or in the future be required on your website(s) in relation to the Services and your use or deployment of the Services.

  3. RESTRICTIONS


    You agree not to, or to allow others to: (i) adapt, alter, modify, decompile, translate, make derivative works, disassemble, or reverse engineer the Service, including without limitation, the source code and any other underlying ideas or algorithms of the Software (except to the extent applicable laws specifically prohibit such restriction or where in accordance with the API terms of service); (ii) copy the Software (except as required to place the Chartbeat JavaScripts on your website); (iii) transfer, sublicense, loan, sell, lease, use for timesharing or service bureau purposes, or otherwise commercially use or exploit the Service, unless explicitly authorized by Chartbeat; or (iv) use the Service in violation of any applicable regulation or law; or (v) ship, divert, trans-ship, transfer, export or re- export the Service or any component thereof into any country or use it in any manner prohibited by any export control laws, restrictions, or regulations administered by the U.S. Commerce Department's Bureau of Export Administration, the U.S. Department of Treasury's Office of Foreign Assets Control or any other applicable government agency.
You agree to:

    • Use the Service for lawful purposes only and in compliance with any policies posted to the Site or conveyed by electronic notice;
    • Not use the Service in a way that prevents or inhibits another user from enjoying the Service;
    • Not obtain the communications protocol for accessing the Service;
    • Not remove, obscure or alter any notices or indications of any Intellectual Property Rights, any trade names, trademarks, service marks, logos, trade dress, and any other distinctive or proprietary symbols, labels, designs or designations ("Branding"), or any electronic notices;
    • Not interfere with, attempt to interfere with, compromise the system integrity or security, or decipher any transmissions to or from the Service servers;
    • Not to take any action that imposes an unreasonable or disproportionately large load on our infrastructure;
    • Not to challenge or assist others to challenge Branding, Intellectual Property Rights or registration or applications thereof;
    • Use the Chartbeat API solely in accordance with the API Terms of Use available at https://chartbeat.com/apiterms/.
    • Not publish content that advocates violence, harassment, threats or intimidation against individuals or groups, including but not limited to such content that is based on ethnic origin, race, religion, gender, nationality, disability, age, sexual orientation or gender identity.

  4. FEES AND PAYMENT

    Except with regard to any Free Trial Period, Chartbeat bills its customers in advance on an annual basis. All amounts due shall be paid in US dollars. Service fees are exclusive of all banking fees and all taxes, levies, or duties imposed by taxing authorities, and you are responsible for payment of all such fees, taxes, levies, or duties, excluding only United States income (federal or state) taxes imposed on Chartbeat. In the event you are required to withhold any portion of service fees due to payments to banks or taxing authorities, (i) you agree to do so and to indemnify Chartbeat for any liability resulting from your failure to make such withholdings, and (ii) Chartbeat reserves the right to adjust the pricing of the Service so that you are responsible for payment to Chartbeat of the full amount for the Service, net of any such withholdings. When required by law, you will be responsible for all applicable sales, use, transfer, excise, value-added or similar taxes, and your payment obligation to Chartbeat hereunder shall include the amount of such tax.

    Payments for Chartbeat For Everyone Service. If you register for the Chartbeat For Everyone Service and your account is not canceled during the Free Trial Period, your credit card will be charged or invoices will be issued to you on a recurring monthly basis starting on the 31st day after your account was initially created. Chartbeat will not issue refunds for fees paid for a Chartbeat For Everyone Service account, even for periods of inactivity. Chartbeat may change the price of the Chartbeat For Everyone Service upon thirty (30) days notice to you. Such notice may be provided at any time by posting the changes to the Site. Chartbeat will not be liable to you or to any third party for any modifications, price changes, or suspension or discontinuation of the Chartbeat For Everyone Service.

    Payment for Other Services. If you register for the Chartbeat Publishing or Video Service, you will be charged according to the terms of your Work Order.

  5. WARRANTY DISCLAIMER


    CHARTBEAT MAKES NO WARRANTY OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, INCLUDING WITHOUT LIMITATION, MERCHANTABILITY, FITNESS FOR A PARTICULAR USE AND NONINFRINGEMENT. THE SERVICE IS PROVIDED BY CHARTBEAT AND ITS LICENSORS "AS IS" AND "AS AVAILABLE." YOU ASSUME ALL RISK FOR YOUR USE OF THE SERVICE, INCLUDING WITHOUT LIMITATION ANY HARM CAUSED BY VIRUSES, WORKS, OR OTHER DAMAGING MATERIALS. IN NO EVENT DOES CHARTBEAT GUARANTEE ANY RESULTS, INCREASED TRAFFIC OR USER ENGAGEMENT FOR YOU. CHARTBEAT DOES NOT WARRANT THAT THE SERVICE OR ANY PORTION THEREOF, ARE ACCURATE, ERROR OR BUG FREE, THAT YOUR USE OF THE SERVICE WILL BE UNINTERRUPTED, OR THAT THE SERVICE'S OPERATION WILL NOT NEGATIVELY AFFECT OTHER SOFTWARE OR HARDWARE. THIS SECTION 5 APPLIES TO THE MAXIMUM EXTENT ALLOWED BY APPLICABLE LAW. THE SERVICE IS OFFERED BY CHARTBEAT FROM ITS FACILITIES IN THE UNITED STATES OF AMERICA. CHARTBEAT MAKES NO REPRESENTATIONS THAT THE SERVICE IS APPROPRIATE OR AVAILABLE FOR USE IN OTHER COUNTRIES. THOSE WHO ACCESS OR USE THE SERVICE FROM OTHER JURISDICTIONS DO SO AT THEIR OWN RISK AND ARE RESPONSIBLE FOR COMPLIANCE WITH ALL APPLICABLE LAWS, INCLUDING BUT NOT LIMITED LAWS RELATED TO THE COLLECTION OF DATA FROM YOUR WEBSITE’S END USERS.

  6. LIMITATION OF LIABILITY


    IN NO EVENT WILL CHARTBEAT AND/OR ITS OFFICERS, DIRECTORS, EMPLOYEES, AGENTS OR REPRESENTATIVES BE LIABLE (i) FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, EXEMPLARY OR PUNITIVE DAMAGES RELATED TO OR ARISING FROM YOUR USE, MISUSE, OR INABILITY TO USE THE SERVICE, INCLUDING BUT NOT LIMITED TO, DAMAGES FOR LOST DATA, LOST PROFITS, OR COSTS OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, PERSONAL INJURY OR PROPERTY DAMAGE OF ANY NATURE RESULTING FROM YOUR USE OF THE SERVICE, ADVERTISEMENTS, UNAUTHORIZED ACCESS TO OUR SERVERS, SERVER UNAVAILABILITY, AND ANY PERSONAL INFORMATION STORED THEREIN, HOWEVER CAUSED UNDER ANY THEORY OF LIABILITY, INCLUDING BUT NOT LIMITED, TO CONTRACT OR TORT AND WHETHER OR NOT CHARTBEAT WAS OR SHOULD HAVE BEEN AWARE OR ADVISED OF THE POSSIBILITY OF SUCH DAMAGE; OR (ii) FOR ANY CLAIM ATTRIBUTABLE TO ERRORS, OMISSIONS, OR OTHER INACCURACIES IN THE SERVICE OR DESTRUCTIVE PROPERTIES OF THE SERVICE. IN NO EVENT SHALL CHARTBEAT’S AGGREGATE LIABILITY UNDER THIS AGREEMENT EXCEED THE TOTAL SUM OF MONIES PAID FROM YOU TO US AS CONSIDERATION FOR USE OF THE SERVICE DURING THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO SUCH LIABILITY.

  7. INDEMNIFICATION

    
YOU HEREBY AGREE, AT YOUR EXPENSE, TO INDEMNIFY, DEFEND AND HOLD HARMLESS CHARTBEAT, ITS LICENSORS, AND THEIR RESPECTIVE DIRECTORS, OFFICERS, EMPLOYEES AND AGENTS FROM AND AGAINST ALL DEMANDS, LIABILITIES, LOSSES, CLAIMS AND EXPENSES, INCLUDING ATTORNEY'S FEES, ARISING OUT OF (i) YOUR USE OF THE SERVICE, (ii) THIRD PARTY CLAIMS, ACTIONS OR ALLEGATIONS OF INFRINGEMENT BASED ON INFORMATION, DATA OR CONTENT YOU SUBMITTED IN CONNECTION WITH THE SERVICE, (iii) ANY FRAUD OR MANIPULATION, OR OTHER BREACH OF THIS AGREEMENT, BY YOU, OR (iv) THIRD PARTY CLAIMS, ACTIONS OR ALLEGATIONS BROUGHT AGAINST US ARISING OUT OF YOUR USE OF THE SERVICE OR THE SITE. CHARTBEAT RESERVES THE RIGHT, AT ITS OWN EXPENSE AND IN ITS SOLE DISCRETION, TO ASSUME THE EXCLUSIVE DEFENSE AND CONTROL OF ANY MATTER OTHERWISE SUBJECT TO INDEMNIFICATION BY YOU.

  8. TERM AND TERMINATION


    Unless otherwise specified in an applicable Work Order, the term of the license granted herein for the Service shall commence upon the earlier of (i) your implementation or (ii) your agreement to these Terms of Service, and may be terminated as set forth herein. Upon termination of this Agreement, all licenses, and any other rights and services provided by Chartbeat to you in this Agreement, shall cease immediately, and, unless otherwise specified in an applicable Work Order, Chartbeat will have no obligation to store, retain or provide any Traffic Data (historical or otherwise) to you. We also may permanently or temporarily terminate, suspend, or otherwise refuse to permit your use of the Service upon reasonable prior notice without incurring liability as a result thereof, if in our sole determination, you violate, or are reasonably likely to violate, this Agreement, including without limitation, by your nonpayment of fees. Termination of this Agreement, any license granted hereunder, or your access to the Site, shall not limit us from pursuing other remedies available to us, including but not limited to injunctive relief.

    Termination of Chartbeat For Everyone Service. If you are a Chartbeat For Everyone Service customer, you or we may terminate this Agreement at any time, in whole or in part, for any reason, provided that if you terminate, you shall be obligated to pay any fees accrued prior to the date of termination. You may terminate this Agreement by clicking ,e-mailing Chartbeat at support@chartbeat.com, or accessing Account Settings --> Billing Information from your dashboard. You must remove all Chartbeat scripts and materials from your website(s) within ninety (90) days after termination.

    Termination of Chartbeat Publishing and Video Services. If you are a Chartbeat Publishing or Video Service customer, you or Chartbeat may terminate this Agreement only (i) if the other party materially breaches this Agreement and fails to cure such breach within thirty (30) days after receiving written notice of such breach from the non-breaching party or (ii) as otherwise set forth in your Work Order, provided that you shall remain obligated to pay any fees accrued prior to the date of termination. To terminate this Agreement in accordance with this section, e-mail support@chartbeat.com. You must remove all Chartbeat scripts and materials from your website within ninety (90) days after termination.

  9. GENERAL


    1. Headings. Headings are for organizational purposes only and shall in no way affect the interpretation of this Agreement.

    2. Assignment. You may not assign or otherwise transfer your rights or delegate your obligations under this Agreement, in whole or in part, and any attempted assignment by you shall be null and void.

    3. Third Party Service Providers. Chartbeat may provide the Service directly or indirectly using contractors or other third party vendors or service providers. Chartbeat will not be responsible or liable for any failure in the Service or any damages resulting from or attributable to failures of networks, telecommunications or equipment or other failures of third party suppliers or vendors.

    4. Publicity.You hereby consent to inclusion of your name and trademarks or service marks in customer lists that may be published as part of Chartbeat's marketing and promotional efforts.

    5. Survival. Upon any expiration or termination of this Agreement, the following Sections of this Agreement shall survive: the first two paragraphs of Section 2, and Sections 3 through 9.

    6. Governing Law. This Agreement shall be governed by and construed in accordance with the laws of the State of New York and the federal U.S. laws applicable therein, excluding its choice of law provisions, and the parties agree to submit to the personal and exclusive jurisdiction of such courts.

    7. Severability. If any provision of this Agreement shall be adjudged by any court of competent jurisdiction to be unenforceable or invalid, that provision shall be limited or eliminated to the minimum extent necessary so that this Agreement shall otherwise remain in full force and effect and enforceable between the parties. No waiver. Failure of either party to act in the event of a breach of this Agreement by the other shall not be deemed a waiver of such breach or a waiver of future breaches.

    8. Notices. Any notice given under this Agreement shall be in writing and in the English language and shall be emailed, if to Chartbeat - legal@chartbeat.com, or if to you, to the email or physical address associated with your account. You hereby consent to receiving any notices relevant to the Services or this Agreement by e-mail without requiring a handwritten signature for such notice to be effective.

    9. Force Majeure. Neither party shall be liable for failing or delaying performance of its obligations (except for the payment of money) resulting from any condition beyond its reasonable control, including but not limited to, governmental action, acts of terrorism, natural disasters, earthquake, fire, flood or other acts of God, labor conditions, power failures, and Internet disturbances.

    10. The Agreement. This Agreement, our Privacy Policy located at www.chartbeat.com/privacy and the terms, policies or other provisions located on the Site (which are all incorporated herein by reference), constitute a complete, absolute integration and the entire agreement between the parties hereto relating to the subject matters of this Agreement. This Agreement may be revised from time to time at our sole discretion by posting the revised Agreement on the Website or otherwise providing the revised Agreement to you. The revised Agreement shall become effective upon your use of the Service after its publication or provision. Your acceptance of any revised Agreement is your continued use of the Service

APPENDIX A

DATA PROCESSING ADDENDUM

  1. Definitions and interpretation

    1. In this Appendix, unless the context otherwise requires:

      "Customer Personal Data" means all Personal Data processed by Chartbeat on your behalf under or in connection with the agreement to which this appendix is attached (the “Agreement”)

      "Data Protection Laws" means any laws and regulations relating to privacy or the use or processing of data relating to natural persons, including: (a) EU Directives 95/46/EC and 2002/58/EC (as amended by 2009/136/EC) and any legislation implementing or made pursuant to such directives, including (in the UK) the Data Protection Act 1998 (the "DPA") and the Privacy and Electronic Communications (EC Directive) Regulations 2003; and (b) from 25 May 2018 , EU Regulation 2016/679 ("GDPR"); and (c) any laws or regulations ratifying, implementing, adopting, supplementing or replacing GDPR; and (d) any guidance or codes of practice issued by a governmental or regulatory body or authority in relation to compliance with the foregoing; in each case, to the extent in force, and as such are updated, amended or replaced from time to time.

      "Data Controller" and "Data Processor" have the meanings set out in the DPA until 25 May 2018, and thereafter the meaning given to the term "controller" and "processor" (respectively) in Article 4 of GDPR.

      "DP Regulator" means any governmental or regulatory body or authority with responsibility for monitoring or enforcing compliance with the Data Protection Laws.

      "Data Subject Request" means a request from a Data Subject to exercise its rights under the Data Protection Laws in respect of that Data Subject's Personal Data.

      "Permitted Region" means the United Kingdom and the European Economic Area.

      "Security Breach" means any actual loss, unauthorised or unlawful processing, destruction, damage, or alteration, or unauthorised disclosure of, or access to the Customer Personal Data.

      "Sub-Processor" means a subcontractor (including any affiliates of Chartbeat) appointed by Chartbeat to process Customer Personal Data.

    2. In this Schedule, the terms "Data Subject", "Personal Data", "process", "processing", "transfer" (in the context of transfers of Personal Data) and "technical and organisational measures" shall have the meanings and otherwise be interpreted in accordance with the DPA until 25 May 2018, and thereafter the GDPR.

  2. Compliance with Data Protection Laws

    1. Chartbeat shall comply with its obligations under the Data Protection Laws as they apply to it as a Data Processor of the Customer Personal Data.

    2. You shall comply with your obligations under the Data Protection Laws as they apply to you as a Data Controller of the Customer Personal Data in order for Chartbeat to process the Personal Data as otherwise contemplated by this Agreement and you in particular shall: (a) ensure that any instructions that you issue to Chartbeat shall comply with the Data Protection Laws;(b) have sole responsibility for the accuracy, quality and legality of the Customer Personal Data; (c) have established the legal basis for processing under the Data Protection Laws; and (d) provide all notices and obtain all consents as may be required under the Data Protection Laws.

    3. Each party shall maintain records of all processing operations under its responsibility that contain at least the minimum information required by the Data Protection Laws, and shall make such information available to any DP Regulator on request.

  3. Processing and security

    1. In performing its obligations under this Agreement, Chartbeat shall only process the types of Personal Data, and only in respect of the categories of Data Subjects, and only for the nature and purposes of processing and duration, as is set out below:

      Subject matter of processing

      Chartbeat processes information about visitors to your website in connection with the Service it provides to you and also processes your employee/user information in connection with their use of the Service.

      Nature and purpose of processing

      Chartbeat is processing data in order to help you understand what is happening on your website at any given moment.

      Categories of Personal Data

      Site visitor IP addresses and randomly-generated user IDs stored in first party cookies on your domain. Your employees' user contact information.

      Categories of data subjects

      Visitors to your website. Employees/users of the Service.

      Duration

      For the duration of the Agreement and for 90 days after termination of performance of the Services under the Agreement.

    2. In processing the Customer Personal Data as a Data Processor, Chartbeat shall:

      (a)

      process Customer Personal Data only in accordance with your written instructions from time to time provided such instructions are lawful (including those set out in this Agreement) unless it is otherwise required by applicable law (in which case, unless such law prohibits such notification on important grounds of public interest, Chartbeat shall notify you of the relevant legal requirement before processing the Customer Personal Data);

      (b)

      notify you as soon as reasonably practicable if it receives a Data Subject Request in respect of Customer Personal Data;

      (c)

      provide you with its full co-operation and assistance in relation to any Data Subject Request in respect of Customer Personal Data;

      (d)

      not disclose any Customer Personal Data to any Data Subject which has requested the same (except in relation to Chartbeat Customer Personal Data of which Chartbeat is also a Data Controller) or to a third party following such a request (including any subcontractor or affiliate) other than at your written request or as expressly provided for in this Agreement;

      (e)

      taking into account:

      (i) the state of the art;
      (ii) the nature, scope, context and purposes of the processing; and
      (iii) the risk and severity of potential harm,
      protect the Customer Personal Data by ensuring that it has in place appropriate technical and organisational measures, including measures to protect the Customer Personal Data against the risks of a Security Breach; and

      (f)

      take commercially reasonable steps to ensure that only persons authorized by Chartbeat process Customer Personal Data and that such persons are

      (i) subject to binding obligations to maintain the confidentiality of the Customer Personal Data; and
      (ii) trained on both (1) the requirements of the Data Protection Laws, and (2) their obligations in respect of Customer Personal Data under this Agreement.

    3. Chartbeat shall, without undue delay after discovering any Security Breach or any failure or defect in security which leads, or might reasonably be expected to lead, to a Security Breach (together a "Security Issue") notify you of the same.

    4. Where a Security Issue arises, Chartbeat shall:

      (a)

      as soon as reasonably practicable, provide you with full details of the Security Issue, the actual or expected consequences of it, and the measures taken or proposed to be taken to address or mitigate it;

      (b)

      co-operate with you, and provide you with all reasonable assistance in relation to the Security Issue; and

      (c)

      unless required by applicable law not make any notifications to a DP Regulator or any Data Subjects about the Security Issue without your prior written consent (not to be unreasonably withheld or delayed).

  4. Return or destruction of Personal Data

    1. Subject to paragraph 4.2, Chartbeat shall (at your option) (except in relation to Customer Personal Data of which Chartbeat is also a Data Controller and except as required by law or in order to defend any actual or possible legal claims), as you so direct, take reasonable steps to return or irretrievably delete all Customer Personal Data in its control or possession when it no longer requires such Customer Personal Data to exercise or perform its rights or obligations under this Agreement, and in any event on expiry or termination of this Agreement.

    2. To the extent that Chartbeat is required by applicable law to retain all or part of the Customer Personal Data (the "Retained Data"), Chartbeat shall:

      (a)

      cease all processing of the Retained Data other than as required by the applicable law;

      (b)

      keep confidential all such Retained Data in accordance with Section 4 (Confidentiality); and

      (c)

      continue to comply with the provisions of this Appendix in respect of such Retained Data.

  5. Audit

    1. Chartbeat shall permit you or your representatives to access any relevant premises, personnel or records of Chartbeat on reasonable notice to audit and otherwise verify compliance with this Appendix, subject to the following requirements:

      (a)

      you may perform such audits no more than once per year or more frequently if required by Data Protection Laws;

      (b)

      you shall use a third party to perform the audit on your behalf, and such third party shall be professionally qualified and shall have executed a confidentiality agreement acceptable to Chartbeat before the audit;

      (c)

      audits must be conducted during regular business hours, subject to Chartbeat’s policies, and may not unreasonably interfere with Chartbeat’s business activities and must be limited to Chartbeat’s systems that contain Customer Personal Data;

      (d)

      you must provide Chartbeat with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. You may use the audit reports only for the purposes of meeting its audit requirements under Data Protection Laws and/or confirming compliance with the requirements of this Appendix as they apply to Chartbeat’s processing of Customer Personal Data;

      (e)

      the audit reports shall be confidential;

      (f)

      to request an audit, you must first submit a detailed audit plan to Chartbeat at least 6 (six) weeks in advance of the proposed audit date. The audit plan must describe the proposed scope, duration and start date of the audit. Chartbeat will review the audit plan and inform you of any concerns or questions (for example, any request for information that could compromise Chartbeat’s confidentiality obligations or its security, privacy, employment or other relevant policies). Chartbeat will work cooperatively with you to agree a final audit plan;

      (g)

      nothing in this paragraph 5 shall require Chartbeat to breach any duties of confidentiality owed to any of its clients, employees or Third Party Providers; and

      (h)

      all audits are at your sole cost and expense.

  6. Co-operation and assistance

    1. Chartbeat shall promptly co-operate with you, and provide such information and assistance as you may reasonably require, to enable you to:

      (a)

      comply with your obligations under the Data Protection Laws (including Articles 32-36 of GDPR in respect of Customer Personal Data; and

      (b)

      deal with and respond to all investigations and requests for information relating to the Customer Personal Data from any DP Regulator.

    2. If Chartbeat receives any complaint, notice or communication from a DP Regulator or other third party (excluding a Data Subject Request) which relates directly or indirectly to Customer Personal Data or to either party's compliance with the Data Protection Laws, it shall notify you as soon as reasonably practicable.

  7. Sub-Processors

    1. You generally agree that Chartbeat may engage Third Party Providers including any advisers, contractors, or auditors to Process Personal Data ("Sub-Processors").

    2. If Chartbeat engages a new Sub-Processor ("New Sub-Processor"), Chartbeat shall inform you of the engagement by sending an email notification to you and you may object to the engagement of such New Sub-Processor by notifying Chartbeat within 5 Business Days of Chartbeat's email, provided that such objection must be on reasonable, substantial grounds, directly related to such New Sub-Processor's ability to comply with substantially similar obligations to those set out in this Appendix. If you do not so object, the engagement of the New Sub-Processor shall be deemed accepted by you.

    3. Chartbeat shall ensure that its contract with each New Sub-Processor shall impose obligations on the New Sub-Processor that are materially equivalent to the obligations to which Chartbeat is subject to under in this Data Processing Addendum.

    4. Any sub-contracting or transfer of Personal Data pursuant to this paragraph 7 shall not relieve Chartbeat of any of its liabilities, responsibilities and obligations to you under this Agreement and Chartbeat shall remain liable for the acts and omissions of its Sub-Processor.

  8. Transfer of Personal Data

    Unless the transfer is based on an "adequacy decision", is otherwise "subject to appropriate safeguards" or if a "derogation for specific situations" applies, each within the meanings given to them in Articles 45, 46 and 49 of the GDPR respectively, Chartbeat shall not transfer, access or process such Personal Data outside the Permitted Region.