DATA PROCESSING ADDENDUM FOR BANUBA FACE AR SDK AND VIDEO EDITOR SDK

1. Scope

_______________________________________________________________________________​

Banuba Limited (hereinafter – “Recipent”) is hereby engaged to provide Software under the Agreement, what determines the Recipient’s access to certain data about the Customer’s activity in relation to the Software installed in the Product and Data subjects.

Terms defined in the Agreement shall have the same meaning when used in this Addendum, unless defined below. In addition, the definitions below apply in this Agreement. 

2. Data processed

________________________________________________________________________________

2.1 The categories of data to be processed by the Recipient are agreed herein (Data):

Data iOS Android Desktop
Data subject ID An alphanumeric string that uniquely identifies a device where Product is installed A unique identifier to each combination of app-signing key, Data subject and device

MAC address XOR

machine name XOR
CPU Info


In any case Banuba reserves its right to process any non-personal data of Data subjects which are related to the performance and functionality of SDK (e.g. the time needed to activate SDK and etc.). These data will not allow us to identify any of SDK Data subjects and will be used for SDK's technical improvement.

3. Purpose of processing
__________________________________________________________________________________________

3.1 The following personal data of Data subjects become available to the Recipient: Data subject ID. Category of personal data:

  • Tracking data.

  • Lawfullness of the processing:

(a) For the purposes of the legitimate interests pursued by the Recipient:

Software enhancement and Intellectual Property rights protection.

3.2 The Recipient uses Data subject ID for the following purposes:

  • Improvement of Software performance and bugs troubleshooting based on the data generated by Data subjects’ devices;
  • Prevention of Intellectual Property rights infringement by analysing whether the Software was not sublicensed to anyone except the Customer.

3.3 The Recipient shall not process any other data of Data subjects, except for those mentioned in this section.

4. Duration of processing

__________________________________________________________________________________________

4.1 The Recipient shall process Data for no longer than required for the performance of this Agreement and shall immediately destroy them once they are no more needed for the performance of the Agreement.

5. Obligations of the Recipient

_________________________________________________________________________________________

The Recipient warrants and undertakes that:

5.1 It will have in place appropriate technical and organisational measures to protect the Data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, and which provide a level of security appropriate to the risk represented by the processing and the nature of the Data to be protected.

5.2 It neither authorise any third parties to process the data nor will it transfer the Data to any third parties without obtaining a prior written consent of the Customer. If the Customer consents Data subprocessing or transfer the Recipient shall have in place procedures so that any third party it authorises to have access to the personal data, including processors, will respect and maintain the confidentiality and security of the Data.

5.3 Where the Recipient engages a sub-processor for carrying out specific processing activities, it (1) bears full responsibility for the actions of such sub-processor with regard to such Data and (2) warrants and represents that the same data protection obligations as set out in this Data Processing Addendum shall be imposed on that sub-processor by way of a contract. In particular, the Recipient is obliged to ensure that its sub-processors: 


  • are informed on the confidential character of the Data provided to them;

  • at the time of disclosure are bound via contract to keep the Data confidential substantially in accordance with the terms of this Addendum applicable to the Recipient;

  • give access to the Data to a limited number of employees who need to know the Data for the purpose they were received for;

  • do not disclose the Data to any other third person; 

  • use the Data purely for purposes for which it was provided; 

  • comply with confidential undertakings established by this Addendum for the Recipient, as if they were the Recipient;

  • return or destroy the Data once they are no more needed for the Purpose.

This provision does not apply to persons authorised or required by law or regulation to have access to the personal data.

5.4 It has no reason to believe, at the time of entering into these clauses, in the existence of any local laws that would have a substantial adverse effect on the guarantees provided for under these clauses.

5.5 It will process the personal data solely for the Purpose.

5.6 It will respond to enquiries from the Data subjects and the authority concerning processing of the personal data by the Recipient. Responses will be made within a reasonable time (not later than 30 days upon the request). The Customer is obliged to notify the Recipient of those requests upon its availability.

5.7 It will process the Data in accordance with the relevant provisions of the General Data Protection Regulation ((EU) 2016/679).

5.8 It will ensure that its employees, directors and other officers having access to the Data (also after termination of their employment, contractual and other relations with the Recipient) are bound, whether via contract or statutory obligation to keep the Data confidential in accordance with the terms of this Addendum applicable to the Recipient; give access to the Data to a limited number of employees, directors and other officers, who need to know the Data for the Purpose.

5.9 It will notify the Customer immediately if it becomes aware of any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Data and provide such further information as the Discloser may reasonably require.

6. Liability
__________________________________________________________________________________________

6.1 Each party shall be liable to the other parties for damages it causes by any breach of these clauses. Liability as between the parties is limited to actual damage suffered. Punitive damages (i.e. damages intended to punish a party for its outrageous conduct) are specifically excluded. Each party shall be liable to the Data subjects under its extent of guilt for damages it causes by any breach of third party rights under these clauses.

7. Law applicable to the clauses
__________________________________________________________________________________________

7.1 These clauses shall be governed by the Governing law established in the Agreement.

8. Resolution of disputes with data subjects or the authority
__________________________________________________________________________________________

8.1 In the event of a dispute or claim brought by a Data subject or the authority concerning the processing of the Data against either or both of the parties, the parties will inform each other about any such disputes or claims, and will cooperate with a view to settling them amicably in a timely fashion.

8.2 The parties agree to respond to any generally available non-binding mediation procedure initiated by a Data subject or by the authority. If they do participate in the proceedings, the parties may elect to do so remotely (such as by telephone or other electronic means). The parties also agree to consider participating in any other arbitration, mediation or other dispute resolution proceedings developed for data protection disputes.

8.3 Each party shall abide by a decision of a competent court or of the authority which is final and against which no further appeal is possible.

9. Termination
__________________________________________________________________________________________

9.1 In the event that:
- the transfer of the Data to the Recipient has been declined by the Customer;
- compliance by the Recipient with these clauses would put it in breach of its legal or regulatory obligations in the country of import;
- the Recipient is in substantial or persistent breach of any warranties or undertakings given by it under these clauses;
- a final decision against which no further appeal is possible of a competent court or of the authority rules that there has been a breach of the clauses by the Recipient or the Customer; 
- a petition is presented for the administration or winding up of either party, whether in its personal or business capacity, which petition is not dismissed within the applicable period for such dismissal under applicable law; a winding up order is made;
-a receiver is appointed over any of its assets; a company voluntary arrangement is commenced by it; or any equivalent event in any jurisdiction occurs then either party, without prejudice to any other rights which it may have against another party, shall be entitled to terminate these clauses, in which case the authority shall be informed where required.

9.2 Either party may terminate these clauses for convenience by giving two-month prior notification. The parties agree that the termination of these clauses at any time, in any circumstances and for whatever reason does not exempt them from the obligations and/or conditions under the clauses as regards the processing of the personal data transferred.

10. Order of Precedence
__________________________________________________________________________________________

10.1 This Data Processing Addendum is an integral part of the Agreement. Provisions of this Addendum prevail over other provisions of the Agreement in case of their contradiction.

 

DATA PROCESSING ADDENDUM FOR AI VIDEO EDITOR SDK 


1. Scope
_______________________________________________________________________________​


Banuba (Cyprus) Limited (hereinafter – “Recipent”) is hereby engaged to provide Software under the Agreement, what determines the Recipient’s access to certain data about the Customer’s activity in relation to the Software installed in the Product and Data subjects.

Terms defined in the Agreement shall have the same meaning when used in this Addendum, unless defined below. In addition, the definitions below apply in this Agreement. 

2. Data processed
________________________________________________________________________________

2.1 The categories of data to be processed by the Recipient are agreed herein (“Data”):

Data iOS Android
Data subject ID An alphanumeric string that uniquely identifies a device where Product is installed A unique identifier to each combination of app-signing key, Data subject and device
Device IP address IP address of the device, on which SDK is launched


In any case Recipient reserves its right to process any non-personal data of Data subjects which are related to the performance and functionality of SDK (e.g. the time needed to activate SDK and etc.). These data will not allow the Recipient to identify any of SDK Data subjects and will be used for SDK's technical improvement. The precise list of non-personal data collected by the Recipient is available at: https://www.banuba.com/ve-sdk-collected-data.

3. Purpose of processing
__________________________________________________________________________________________

3.1 The following personal data of Data subjects become available to the Recipient: Data subject ID. Category of personal data:

  • Tracking data.

  • Lawfullness of the processing:

(a) For the purposes of the legitimate interests pursued by the Recipient:

Software enhancement and Intellectual Property rights protection.

3.2 The Recipient uses Data subject ID for the following purposes:

  • Improvement of Software performance and bugs troubleshooting based on the data generated by Data subjects’ devices;
  • Prevention of Intellectual Property rights infringement by analysing whether the Software was not sublicensed to anyone except the Customer.

3.3 The Recipient shall not process any other data of Data subjects, except for those mentioned in this section.

4. Duration of processing
__________________________________________________________________________________________

4.1 The Recipient shall process the Data for no longer than required for the performance of this Agreement and shall immediately destroy them once they are no more needed for the performance of the Agreement.  

5. Obligations of the Recipient
_________________________________________________________________________________________

The Recipient warrants and undertakes that:
5.1 It will have in place appropriate technical and organisational measures to protect the Data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, and which provide a level of security appropriate to the risk represented by the processing and the nature of the Data to be protected.

5.2 It neither authorise any third parties to process the Data nor will it transfer the Data to any third parties without obtaining a prior written consent of the Customer. If the Customer consents Data subprocessing or transfer the Recipient shall have in place procedures so that any third party it authorises to have access to the personal data, including processors, will respect and maintain the confidentiality and security of the Data.

5.3 Where the Recipient engages a sub-processor for carrying out specific processing activities, it (1) bears full responsibility for the actions of such sub-processor with regard to such Data and (2) warrants and represents that the same data protection obligations as set out in this Data Processing Addendum shall be imposed on that sub-processor by way of a contract. In particular, the Recipient is obliged to ensure that its sub-processors: 

  • are informed on the confidential character of the Data provided to them;

  • at the time of disclosure are bound via contract to keep the Data confidential substantially in accordance with the terms of this Addendum applicable to the Recipient;

  • give access to the Data to a limited number of employees who need to know the Data for the purpose they were received for;

  • do not disclose the Data to any other third person; 

  • use the Data purely for purposes for which it was provided; 

  • comply with confidential undertakings established by this Addendum for the Recipient, as if they were the Recipient;

  • return or destroy the Data once they are no more needed for the Purpose.

This provision does not apply to persons authorised or required by law or regulation to have access to the personal data.

5.4 It has no reason to believe, at the time of entering into these clauses, in the existence of any local laws that would have a substantial adverse effect on the guarantees provided for under these clauses.

5.5 It will process the personal data solely for the Purpose.

5.6 It will respond to enquiries from the Data subjects and the authority concerning processing of the personal data by the Recipient. Responses will be made within a reasonable time (not later than 30 days upon the request). The Customer is obliged to notify the Recipient of those requests upon its availability.

5.7 It will process the Data in accordance with the relevant provisions of the General Data Protection Regulation ((EU) 2016/679).

5.8 It will ensure that its employees, directors and other officers having access to the Data (also after termination of their employment, contractual and other relations with the Recipient) are bound, whether via contract or statutory obligation to keep the Data confidential in accordance with the terms of this Addendum applicable to the Recipient; give access to the Data to a limited number of employees, directors and other officers, who need to know the Data for the Purpose;

5.9 It will notify the Customer immediately if it becomes aware of any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to the Data and provide such further information as the Discloser may reasonably require.

6. Liability

__________________________________________________________________________________________

6.1 Each party shall be liable to the other parties for damages it causes by any breach of these clauses. Liability as between the parties is limited to actual damage suffered. Punitive damages (i.e. damages intended to punish a party for its outrageous conduct) are specifically excluded. Each party shall be liable to the Data subjects under its extent of guilt for damages it causes by any breach of third party rights under these clauses.

7. Law applicable to the clauses

__________________________________________________________________________________________

7.1 These clauses shall be governed by the Governing law established in the Agreement.

8. Resolution of disputes with data subjects or the authority

__________________________________________________________________________________________

8.1 In the event of a dispute or claim brought by a Data subject or the authority concerning the processing of the Data against either or both of the parties, the parties will inform each other about any such disputes or claims, and will cooperate with a view to settling them amicably in a timely fashion.

8.2 The parties agree to respond to any generally available non-binding mediation procedure initiated by a Data subject or by the authority. If they do participate in the proceedings, the parties may elect to do so remotely (such as by telephone or other electronic means). The parties also agree to consider participating in any other arbitration, mediation or other dispute resolution proceedings developed for data protection disputes.

8.3 Each party shall abide by a decision of a competent court or of the authority which is final and against which no further appeal is possible.

9. Termination

__________________________________________________________________________________________

9.1 In the event that:

- the transfer of the Data to the Recipient has been declined by the Customer;

- compliance by the Recipient with these clauses would put it in breach of its legal or regulatory obligations in the country of import;

- the Recipient is in substantial or persistent breach of any warranties or undertakings given by it under these clauses;

- a final decision against which no further appeal is possible of a competent court or of the authority rules that there has been a breach of the clauses by the Recipient or the Customer;

- a petition is presented for the administration or winding up of either party, whether in its personal or business capacity, which petition is not dismissed within the applicable period for such dismissal under applicable law; a winding up order is made; a receiver is appointed over any of its assets; a company voluntary arrangement is commenced by it; or any equivalent event in any jurisdiction occurs then either party, without prejudice to any other rights which it may have against another party, shall be entitled to terminate these clauses, in which case the authority shall be informed where required.

9.2 Either party may terminate these clauses for convenience by giving two-month prior notification. The parties agree that the termination of these clauses at any time, in any circumstances and for whatever reason does not exempt them from the obligations and/or conditions under the clauses as regards the processing of the personal data transferred.

10. Order of Precedence

__________________________________________________________________________________________

10.1 This Data Processing Addendum is an integral part of the Agreement. Provisions of this Addendum prevail over other provisions of the Agreement in case of their contradiction.