BY INSTALLING, DOWNLOADING, COPYING OR OTHERWISE USING THE SERVICES AND SOFTWARE (AS BOTH ARE DEFINED BELOW), YOU AGREE TO BE BOUND BY THE TERMS OF THIS EULA. IF YOU DO NOT AGREE TO THE TERMS OF THIS EULA, DO NOT INSTALL, DOWNLOAD, COPY OR USE THE SOFTWARE OR SERVICES. This EULA supersedes all prior oral and written and all contemporaneous oral negotiations, commitments and understandings of the parties. This EULA supersedes all terms and conditions contained in any purchase order, order acknowledgment form, invoice or other business form submitted hereafter by either party to the other.
This End User License Agreement (the “Agreement”) is made between Megaventory Inc., a Delaware corporation (“Megaventory”), and Customer (as defined below).
RECITALS
A. Megaventory has developed certain software applications and platforms that it makes available to subscribers via the Internet, namely Megaventory.com, on a pay-per-use basis.
B. The Customer wishes to use Megaventory’s Services (as defined below).
C. Megaventory has agreed to provide and the Customer has agreed to use Megaventory’s Services subject to the terms and conditions of this Agreement.
DEFINITIONS
A. As used in this Agreement, the following terms shall have the meaning as set forth below:
“Authorized Users” shall mean those employees, agents and independent contractors of the Customer who are authorized by the Customer to use the Services and the Documentation, as further described in Section 2.2(d).
“Business Day” shall mean any day which is not a Saturday, Sunday or a public holiday in the United States of America.
“Change of Control” shall mean the direct or indirect acquisition of either the majority of the voting stock, or of all, or substantially all, of the assets, of a party by another entity in a single transaction or a series of transactions.
“Confidential Information” shall mean information that is proprietary or confidential and is either clearly labeled as such or identified as Confidential Information as detailed in Section 11.5 and 11.6.
“Customer” shall mean the legal entity or individual that enters into this Agreement on the Electronic Registration Form.
“Customer Data” shall mean the data inputted by the Customer, Authorized Users, or Megaventory on the Customer’s behalf for the purpose of using the Services or facilitating the Customer’s use of the Services.
“Documentation” shall mean the information made available to the Customer by Megaventory online via https://www.megaventory.com/Megaventory_Manual.pdf or such other web address that sets out a description of the Services and the user instructions for the Services.
“Effective Date” shall mean the date of this Agreement when signed or executed by Customer.
“Initial Subscription Term” shall mean the initial term of this Agreement which is set to be 15 calendar days. This Term may be extended at the discretion of Megaventory.
“Normal Business Hours” shall mean 8:00am to 6:00pm Greenwich Mean Time (United Kingdom time) time, each Business Day.
“Renewal Period” shall mean the period described in Section 14.1.
“Services” shall mean Megaventory’s online subscription services as described on Megaventory’s websites and provided by Megaventory to the Customer under this Agreement via Megaventory.com, or any other website notified to the Customer by Megaventory from time to time, as more particularly described in the Documentation.
“Software” shall mean the online software applications provided by Megaventory as part of the Services.
“Subscription Fees” shall mean the subscription fees payable by the Customer to Megaventory for the User Subscriptions, as set out in http://www.megaventory.com
“Subscription Term” shall have the meaning given in Section 14.1.
“Support Services Policy” shall mean Megaventory’s policy for providing support in relation to the Services as made available in this Agreement.
“User Subscriptions” shall mean the user subscriptions purchased by the Customer pursuant to Section 9.1 that entitle Authorized Users to access and use the Services and the Documentation in accordance with this Agreement.
“Virus” shall mean any thing or device (including any software, code, file or program) which may: prevent, impair or otherwise adversely affect the operation of any computer software, hardware or network, any telecommunications service, equipment or network or any other service or device; prevent, impair or otherwise adversely affect access to or the operation of any program or data, including the reliability of any program or data (whether by re-arranging, altering or erasing the program or data in whole or part or otherwise); or adversely affect the user experience, including worms, trojan horses, viruses and other similar things or devices.
Technical Support Policy and Terms
1.1 Technical Support Defined
Technical support consists of operational assistance and support provided by Megaventory Inc. in its reasonable judgment, in order that (i) the Service provided under this End User License Agreement (“Agreement”) may operate satisfactorily, and (ii) -if applicable- Customer installed Megaventory client software, necessary for the delivery of such Service, operates according to the related documentation. Technical support will be performed in a timely and professional manner by qualified support engineers in accordance with this Technical Support Policy and Terms (the "Policy").
Megaventory will provide technical support as long as Customer is current in payment of applicable fees according to the Agreement, and is otherwise materially compliant with the terms and conditions of the Agreement for the applicable subscription Term.
Customer may be required to upgrade to third-party-supported applications, and operating systems as instructed by Megaventory qualified support engineers in order to continue receiving technical support services from Megaventory under this Policy.
Customer will utilize telephone, Online Support Forms or other site or notification mechanisms, as Megaventory may designate from time to time, to notify Megaventory of system availability issues, or request other in-scope technical support assistance.
In order to receive technical support, Customer technical support requests must contain all pertinent information, in English, including but not limited to, Customer login URL, problem severity, problem description, screenshots (where applicable) and a technical contact familiar with Customer environment or the problem to be solved. Customer must make best efforts to execute diagnostic routines if provided by Megaventory and inform Megaventory of the results. Customer must make reasonable efforts to communicate with Megaventory in order to verify the existence of the problem and provide information about the conditions under which the problem could be duplicated.
Due to the specific business use case complexities in an implementation, Technical Support does not cover assistance with implementation specific exercises, including but not limited to training, education, specific business use case implementation guidance, best practices and installation/upgrade of any third party application. Such support services may be made available under a separate agreement between the Customer and Megaventory.
1.2 Service Availability Issues
Megaventory will use reasonable efforts to meet the Service Level Objectives (SLO) stated in the table in section Schedule 1.2 Operational Service Support.
1.3 Premium Technical Support Defined
Premium Technical Support covers certain paid services offered by Megaventory. Such services include but are not limited to the following: assistance with system design, general consulting services, correcting or modifying customer operational data due to data entry errors caused by the Customer and support for 3rd party products or 3rd party software.
Payment for Premium Technical Support is in the form of a flat hourly fee of 100 USD/hour.
USER SUBSCRIPTIONS
Subject to the Customer purchasing the User Subscriptions in accordance with Section 3.3 and 9.1, the restrictions set out in this Section and the other terms and conditions of this Agreement, Megaventory hereby grants to the Customer a non-exclusive, non-transferable right to permit the Authorized Users to use the Services and the Documentation during the Subscription Term solely for the Customer’s internal business operations.
2.2 Authorized Users.
In relation to the Authorized Users, the Customer understands and agrees that:
(a) the maximum number of Authorized Users that it authorizes to access and use the Services and the Documentation shall not exceed the number of User Subscriptions it has purchased from time to time;
(b) it shall permit Megaventory to audit the Services in order to establish the name and password of each Authorized User. Such audit may be conducted no more than once per calendar quarter, at Megaventory’s expense, and this right shall be exercised with reasonable prior notice, in such a manner as not to substantially interfere with the Customer’s normal conduct of business;
(c) if any of the audits referred to in Section 2.2(b) reveal that the Customer has underpaid Subscription Fees to Megaventory, the Customer shall pay to Megaventory an amount equal to such underpayment as calculated in accordance with the prices set out in http://www.megaventory.com within 5 Business Days of the date of the relevant audit.
2.3 Prohibited Actions.
The Customer shall not run harmful scripts to access data that are not made available to him under normal operation. If the client comes across any vulnerabilities of the software/application he should report those immediately to Megaventory and not proceed further accessing this vulnerabilities. Moreover, the Customer shall not access, store, distribute or transmit any Viruses, or any material during the course of its use of the Services that:
(a) is unlawful, harmful, threatening, defamatory, obscene, infringing, harassing or racially or ethnically offensive;
(b) facilitates illegal activity;
(c) depicts sexually explicit images;
(d) is discriminatory based on race, gender, color, religious belief, sexual orientation, disability, or any other illegal activity; or
(e) causes damage or injury to any person or property;
Megaventory reserves the right, without liability to the Customer, to disable the Customer’s access to any material that breaches the provisions of this clause.
2.4 Limited Use.
The Customer shall not:
(a) except as may be allowed by any applicable law that is incapable of exclusion by Agreement between the parties:
(i) and except to the extent expressly permitted under this Agreement, attempt to copy, modify, duplicate, create derivative works from, frame, mirror, republish, download, display, transmit, or distribute all or any portion of the Software and/or Documentation (as applicable) in any form or media or by any means; or
(ii) attempt to reverse compile, disassemble, reverse engineer or otherwise reduce to human-perceivable form all or any part of the Software; or
(b) access all or any part of the Services and Documentation in order to build a product or service that competes with the Services and/or the Documentation; or
(c) use the Services and/or Documentation to resell similar services to third parties; or
(d) subject to Section 19.1, license, sell, rent, lease, transfer, assign, distribute, display, disclose, or otherwise commercially exploit, or otherwise make the Services and/or Documentation available to any third party except the Authorized Users, or
(e) attempt to obtain, or assist third parties in obtaining, access to the Services and/or Documentation, other than as provided under this Section; and
2.5 Unauthorized Access.
The Customer shall use all reasonable endeavors to prevent any unauthorized access to, or use of, the Services and/or the Documentation and, in the event of any such unauthorized access or use, promptly notify Megaventory.
2.6 Customer Only.
The rights provided under this Section are granted to the Customer only, and shall not be considered granted to any subsidiary or holding company of the Customer, unless otherwise agreed to in writing.
ADDITIONAL USER SUBSCRIPTIONS
3.1 Additional User Subscriptions Purchases.
Subject to Section 3.2 and 3.3, the Customer may, from time to time during any Subscription Term, purchase additional User Subscriptions in excess of the number set out in http://www.megaventory.com and Megaventory shall grant access to the Services and the Documentation to such additional Authorized Users in accordance with the provisions of this Agreement.
3.2 Notification.
If the Customer wishes to purchase additional User Subscriptions, the Customer shall do this via his account profile from within the Megaventory application. This is an automated process.
3.3 Payment.
Customer shall pay to Megaventory the relevant fees for such additional User Subscriptions as set out in the megaventory website at http://www.megaventory.com and, if such additional User Subscriptions are purchased by the Customer part way through the Initial Subscription Term or any Renewal Period (as applicable), such fees shall be pro-rated for the remainder of the Initial Subscription Term or then current Renewal Period (as applicable). Megaventory shall not be responsible for any delays of payment from third-party intermediaries (i.e. Stripe, PayPal, Bank wires, etc.).
SERVICES
4.1 Provision of Services.
Megaventory shall, during the Subscription Term, provide the Services and make available the Documentation to the Customer on and subject to the terms of this Agreement.
4.2 Service Level Agreement.
Megaventory shall use commercially reasonable endeavors to make the Services available pursuant to the terms of the Service Level Agreement attached hereto as Schedule 1.
4.3 Customer Support.
Megaventory will, as part of the Services and at no additional cost to the Customer, provide the Customer with Megaventory’s standard customer support services during Normal Business Hours in accordance with Megaventory’s Support Services Policy in effect at the time that the Services are provided. Megaventory may log into Customer’s account or any Authorized User’s account for maintenance, troubleshooting, or support purposes. Megaventory may amend the Support Services Policy in its sole and absolute discretion from time to time. The Customer may purchase enhanced support services separately at Megaventory’s then current rates.
CUSTOMER DATA
5.1 Ownership.
The Customer shall own all rights, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data.
5.2 Archiving.
Megaventory shall store Customer Data but shall bear no responsibility for Customer Data loss or damage. In the event of any loss or damage to Customer Data, the Customer’s sole and exclusive remedy shall be for Megaventory to use reasonable commercial endeavors to restore the lost or damaged Customer Data.
THIRD PARTY PROVIDERS
6.1 Third Party Providers.
The Customer acknowledges that the Services may enable or assist it to access the website content of, correspond with, and purchase products and services from, third parties via third-party websites and that it does so solely at its own risk. Megaventory makes no representation or commitment and shall have no liability or obligation whatsoever in relation to the content or use of, or correspondence with, any such third-party website, or any transactions completed, and any contract entered into by the Customer, with any such third party. Any contract entered into and any transaction completed via any third-party website is between the Customer and the relevant third party, and not Megaventory. Megaventory recommends that the Customer refers to the third party’s website terms and conditions and privacy policy prior to using the relevant third-party website. Megaventory does not endorse or approve any third-party website nor the content of any of the third-party website made available via the Services.
6.2 Security
Whenever applicable, Megaventory will comply with the security and integrity best practices for any third-party provider solutions it integrates with. Megaventory, in particular, will set the session timeout threshold to 60 minutes. This is the time after which unsupervised data communication between the servers of Megaventory and the browser of the user will automatically stop. This is to be considered an accepted period by all parties involved.
MEGAVENTORY’S OBLIGATIONS
7.1 Obligations.
Megaventory undertakes that the Services will be performed substantially in accordance with the Documentation and with reasonable skill and care.
7.2 Limitation of Obligations.
The undertaking of Section 7.1 shall not apply to the extent of any non-conformance which is caused by use of the Services contrary to Megaventory’s instructions, or modification or alteration of the Services by any party other than Megaventory or Megaventory’s duly authorized contractors or agents. If the Services do not conform with the foregoing undertaking, Megaventory will, at its expense, use all reasonable commercial endeavors to correct any such non-conformance promptly, or provide the Customer with an alternative means of accomplishing the desired performance. Such correction or substitution constitutes the Customer’s sole and exclusive remedy for any breach of the undertaking set out in Section 7.1. Notwithstanding the foregoing, Megaventory:
(a) does not warrant that the Customer’s use of the Services will be uninterrupted or error-free; nor that the Services, Documentation and/or the information obtained by the Customer through the Services will meet the Customer’s requirements; and
(b) is not responsible for any delays, delivery failures, or any other loss or damage resulting from the transfer of data over communications networks and facilities, including the Internet, and the Customer acknowledges that the Services and Documentation may be subject to limitations, delays and other problems inherent in the use of such communications facilities.
7.3 Non-Exclusivity.
This Agreement shall not prevent Megaventory from entering into similar agreements with third parties, or from independently developing, using, selling or licensing documentation, products and/or services which are similar to those provided under this Agreement.
7.4 Warranties.
Megaventory warrants that it has and will maintain all necessary licenses, consents, and permissions necessary for the performance of its obligations under this Agreement.
CUSTOMER’S OBLIGATIONS
8.1 Obligations.
The Customer shall:
(a) provide Megaventory with (i) all necessary cooperation in relation to this Agreement; and (ii) all necessary access to such information as may be required by Megaventory, in order to render the Services, including but not limited to Customer Data, security access information and configuration services;
(b) comply with all applicable laws and regulations with respect to its activities under this Agreement;
(c) carry out all other Customer responsibilities set out in this agreement in a timely and efficient manner. In the event of any delays in the Customer’s provision of such assistance as agreed by the parties, Megaventory may adjust any agreed timetable or delivery schedule as reasonably necessary;
(d) ensure that the Authorized Users use the Services and the Documentation in accordance with the terms and conditions of this agreement and shall be responsible for any Authorized User’s breach of this Agreement;
(e) obtain and shall maintain all necessary licenses, consents, and permissions necessary for Megaventory, its contractors and agents to perform their obligations under this Agreement, including without limitation the Services;
(f) ensure that its network and systems comply with the relevant specifications provided by Megaventory from time to time; and
(g) be solely responsible for procuring and maintaining its network connections and telecommunications links from its systems to Megaventory’s data centers, and all problems, conditions, delays, delivery failures and all other loss or damage arising from or relating to the Customer’s network connections or telecommunications links or caused by the Internet.
CHARGES AND PAYMENT
9.1 Fees.
(a) Subscription Fees. The Customer shall pay the Subscription Fees to Megaventory for the User Subscriptions in accordance with this Section and http://www.megaventory.com. These fees are refundable according to the conditions under the Refunds section.
(b) Onboarding and Training Fees. The Customer shall pay the Onboarding and Training Fees to Megaventory for the onboarding and training services that Megaventory employees and Megaventory partners shall provide to the Customer in accordance with this Section and http://www.megaventory.com. These fees are non-refundable.
9.2 Payment Information and Authorization.
The Customer shall on the Effective Date provide to Megaventory (via its service provider – Stripe or PayPal) valid, up-to-date and complete credit card details or approved purchase order information acceptable to Megaventory (or Stripe or PayPal) and any other relevant valid, up-to-date and complete contact and billing details and, if the Customer provides:
(a) its credit card details to Megaventory (or the service provider such as Stripe or PayPal – See above), the Customer hereby authorizes Megaventory (or such service provider) to bill such credit card:
(i) on the Effective Date for the Subscription Fees payable in respect of the Initial Subscription Term; and
(ii) subject to Section 14.1, on each anniversary of the Effective Date for the Subscription Fees payable in respect of the next Renewal Period;
(b) its approved purchase order information to Megaventory, where Megaventory shall invoice the Customer:
(i) on the Effective Date for the Subscription Fees payable in respect of the Initial Subscription Term; and
(ii) subject to Section 14.1, at least 30 days prior to each anniversary of the Effective Date for the Subscription Fees payable in respect of the next Renewal Period, and the Customer shall pay each invoice within 30 days after the date of such invoice.
9.3 Non-Payment.
If Megaventory has not received payment within 30 days after the due date, and without prejudice to any other rights and remedies of Megaventory, Megaventory may, without liability to the Customer, disable the Customer’s password, account and access to all or part of the Services, including but not limited to the Customer Data, and Megaventory shall be under no obligation to provide any or all of the Services. A fee of $20.00 USD will be applied if the customer chooses to re-subscribe to Megaventory.
9.4 Currency.
All amounts and fees stated or referred to in this Agreement shall be payable in U.S. Dollars.
9.5 Increases in Fees.
Megaventory shall be entitled to increase the Subscription Fees, the fees payable in respect of the additional User Subscriptions purchased pursuant to Section 3.3 at the start of each Renewal Period upon 30 days’ prior notice to the Customer.
9.6 Cancellation.
If a customer chooses to cancel his subscription to Megaventory, he can do so any time. A fee of $20.00 USD will be applied if the customer chooses to re-subscribe to Megaventory.
9.7 Refunds.
All subscription payments, amounts and fees stated or referred to in this Agreement are non-cancelable and non-refundable unless a refund request is raised no later than 15 days after a payment has been made. In case a refund is granted, a fee of 5% on the refunded amount will be withhold. All onboarding and training payments, amounts and fees are non-refundable.
INTELLECTUAL PROPERTY RIGHTS
10.1 Ownership of Megaventory.
The Customer acknowledges and agrees that Megaventory (or its licensors) owns all intellectual property rights with respect to the Services and the Documentation. Except as expressly stated herein, this Agreement does not grant the Customer any rights to, or in, patents, copyrights, database rights, trade secrets, trade names, trade marks (whether registered or unregistered), or any other rights or licenses with respect to the Services or the Documentation.
CONFIDENTIALITY
11.1 Confidential Information.
Each party may be given access to Confidential Information from the other party in order to perform its obligations under this Agreement. A party’s Confidential Information shall not be deemed to include information that:
(a) is or becomes publicly known other than through any act or omission of the receiving party;
(b) was in the other party’s lawful possession before the disclosure;
(c) is lawfully disclosed to the receiving party by a third party without restriction on disclosure;
(d) is independently developed by the receiving party, which independent development can be shown by written evidence; or
(e) is required to be disclosed by law, by any court of competent jurisdiction or by any regulatory or administrative body.
11.2 Nondisclosure and Nonuse.
Each party shall hold the other’s Confidential Information in confidence and, unless required by law, not make the other’s Confidential Information available to any third party, or use the other’s Confidential Information for any purpose other than the implementation of this Agreement.
(a) The customer expressly gives Megaventory permission to include and publish Customer’s name and logo on lists of Megaventory’s customers for the Products.
(b) The Customer agrees that Megaventory may send promotional emails to the Customer to provide information about goods and services of Megaventory in which the Customer may be interested.
(c) If Customer does not wish to give Megaventory permission under Clause 11.2.a and/or 11.2.b, the Customer must notify Megaventory, specifying which permission is not granted.
11.3 Security.
Each party shall take all reasonable steps to ensure that the other’s Confidential Information to which it has access is not disclosed or distributed by its employees or agents in violation of the terms of this Agreement.
11.4 Security Vulnerability Bounty Program.
If a Customer or other party finds a security issue in the Megaventory Software, this should be reported to Megaventory in a private and responsible way. In order to encourage this, Megaventory supports a reward program which will pay a $40USD bounty for every verifiable security issue that is reported through a private and confidential channel.
(a) Vulnerabilities that qualify for the Bounty: although not an exhaustive list, any issue that potentially affects the confidentiality, availability, or integrity of the Customer's data will be considered for a bounty. Some examples of those types of issues include:
1. Cross-site scripting (XSS)
2. Cross-site request forgery (CSRF)
3. SQL/Code Injection
4. Issues identified with authentication or session management mechanisms
(b) Vulnerabilities that do not qualify for the Bounty: Megaventory will not pay out a bounty in the following cases– as well as any others which include anything that reports an act that is abusive or in bad faith. These cases include:
1. Identifying vulnerabilities via off the shelf vulnerability or security scanners including opensource / free / or commercial tools
2. Using infrastructure attacks, including brute force or denial of service
3. Using tools that generate significant amount of traffic volume or any activity deemed to be disruptive to other users of the Megaventory Software
4. Identifying vulnerabilities that Megaventory has already fixed or that have been previously reported to Megaventory
5. Providing underspecified reports where the information provided is insufficient to reproduce the vulnerability
6. Identifying vulnerability issues or functionality bugs which do not compromise the security of the Customer data or private information
7. Identifying bugs that have been disclosed publicly or to third parties (brokers)
8. Testing a suspected vulnerability in a way that violates any law or compromises data that do not belong to the Customer
9. Performing security audits which harm the day-to-day operations of Megaventory or alter any of the infrastructure and data.
10. Performing audits which overall do not follow the basic rules of ethical penetration testing
(c) Reporting Suspected Vulnerabilities. If a vulnerability is found, it should be reported to technical-notifications@megaventory.com.
(d) Receiving Payment for Reporting Vulnerabilities. In order for the bounty payment to be cleared a WB8EN form will have to be completed including the physical address of the Customer or other party reporting the bug. In addition to this, a valid LinkedIn account with at least 100 connections is necessary for confirmation of the reporting Customer’s or other party’s identification.
11.5 Limitations.
Neither party shall be responsible for any loss, destruction, alteration or disclosure of Confidential Information caused by any third party.
11.6 Megaventory Confidential Information.
The Customer acknowledges that details of the Services, and the results of any performance tests of the Services, constitute Megaventory’s Confidential Information.
11.7 Customer Confidential Information.
Megaventory acknowledges that the Customer Data is the Confidential Information of the Customer.
11.8 Survival.
This Section shall survive termination of this Agreement, however terminated.
INDEMNITY
12.1 Customer Indemnity.
The Customer shall defend, indemnify and hold harmless Megaventory against claims, actions, proceedings, losses, damages, expenses and costs (including without limitation court costs and reasonable legal fees) arising out of or in connection with the Customer’s use of the Services or Documentation.
12.2 Megaventory Indemnity.
Megaventory shall, subject to Section 12.5, defend the Customer, its officers, directors and employees against any claim that the Services or Documentation infringes any patent effective as of the Effective Date, copyright, trade mark, database right or right of confidentiality, and shall indemnify the Customer for any amounts awarded against the Customer in judgment or settlement of such claims.
12.3 Replacement Services.
In the defense or settlement of any claim, Megaventory may procure the right for the Customer to continue using the Services, replace or modify the Services so that they become non-infringing or, if such remedies are not reasonably available, terminate this agreement on 3 Business Days’ notice to the Customer without any additional liability or obligation to pay liquidated damages or other additional costs to the Customer.
12.4 Limitation of Indemnity.
In no event shall Megaventory, its employees, agents and sub-contractors be liable to the Customer to the extent that the alleged infringement is based on:
(a) a modification of the Services or Documentation by anyone other than Megaventory; or
(b) the Customer’s use of the Services or Documentation in a manner contrary to the instructions given to the Customer by Megaventory; or
(c) the Customer’s use of the Services or Documentation after notice of the alleged or actual infringement from Megaventory or any appropriate authority.
12.5 Exclusive Remedy.
The foregoing states the Customer’s sole and exclusive rights and remedies, and Megaventory’s (including Megaventory’s employees’, agents’ and sub-contractors’) entire obligations and liability, for infringement of any patent, copyright, trademark, database right or right of confidentiality.
LIMITATION OF LIABILITY
13.1 Scope.
Subject to the provisions of Section 12.2, this Section sets out the entire financial liability of Megaventory (including any liability for the acts or omissions of its employees, agents and sub-contractors) to the Customer in respect of:
(a) any breach of this Agreement;
(b) any use made by the Customer of the Services and Documentation or any part of them; and
(c) any representation, statement or tortuous act or omission (including negligence) arising under or in connection with this Agreement.
13.2 Limitation of Liability.
Except as expressly and specifically provided in this Agreement:
(a) the Customer assumes sole responsibility for results obtained from the use of the Services and the Documentation by the Customer, and for conclusions drawn from such use. Megaventory shall have no liability for any damage caused by errors or omissions in any information, instructions or scripts provided to Megaventory by the Customer in connection with the Services, or any actions taken by Megaventory at the Customer’s direction;
(b) all warranties, representations, conditions and all other terms of any kind whatsoever implied by statute or common law are, to the fullest extent permitted by applicable law, excluded from this Agreement; and
(c) the Services and the Documentation are provided to the Customer on an “as is” basis.
(d) THE WARRANTIES EXPRESSLY STATED IN THIS AGREEMENT ARE THE SOLE AND EXCLUSIVE WARRANTIES OFFERED BY THE SUPPLIER. THERE ARE NO OTHER WARRANTIES OR REPRESENTATIONS, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION, THOSE OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. EXCEPT AS STATED ABOVE (IF ANY), THE SERVICES AND DOCUMENTATION ARE PROVIDED TO CUSTOMER ON AN “AS IS” AND “AS AVAILABLE” BASIS. CUSTOMER ASSUMES ALL RESPONSIBILITY FOR DETERMINING WHETHER THE SERVICES OR THE DOCUMENTATION IS SUFFICIENT FOR CUSTOMER’S PURPOSES. SUPPLIER DOES NOT WARRANT THAT USE OF THE SERVICES OR THE DOCUMENTAITON WILL BE ERROR-FREE OR UNINTERRUPTED. THE SUPPLIER IS NOT RESPONSIBLE FOR SOFTWARE INSTALLED OR USED BY CUSTOMER OR USERS OR FOR THE OPERATION OR PERFORMANCE OF THE INTERNET.
13.3 Extent of Liability.
Subject to Section 13.2:
(a) Megaventory shall not be liable whether in tort (including for negligence or breach of statutory duty), contract, misrepresentation, restitution or otherwise for any loss of profits, loss of business, depletion of goodwill and/or similar losses or loss or corruption of data or information, or pure economic loss, or for any special, indirect or consequential loss, costs, damages, charges or expenses however arising under this Agreement; and
(b) Megaventory’s total aggregate liability in contract, tort (including negligence or breach of statutory duty), misrepresentation, restitution or otherwise, arising in connection with the performance or contemplated performance of this agreement shall be limited to the total Subscription Fees paid for the User Subscriptions during the 12 months immediately preceding the date on which the claim arose.
TERM AND TERMINATION
14.1 Term.
This Agreement shall, unless otherwise terminated as provided in this Section, commence on the Effective Date and shall continue for the Initial Subscription Term and, thereafter, this Agreement shall be automatically renewed for successive similar periods (each a “Renewal Period”), unless:
(a) either party notifies the other party of termination, in writing, at least 10 days before the end of the Initial Subscription Term or any Renewal Period, in which case this Agreement shall terminate upon the expiry of the applicable Initial Subscription Term or Renewal Period; or
(b) otherwise terminated in accordance with the provisions of this Agreement.
The Initial Subscription Term together with any subsequent Renewal Periods shall constitute the “Subscription Term”.
14.2 Termination.
Without prejudice to any other rights or remedies to which the parties may be entitled, either party may terminate this Agreement without liability to the other if:
(a) the other party commits a material breach of any of the terms of this Agreement and (if such a breach is remediable) fails to remedy that breach within 30 days of that party being notified in writing of the breach;
(b) an order is made or a resolution is passed for the winding up of the other party, or circumstances arise which entitle a court of competent jurisdiction to make a winding-up order in relation to the other party;
(c) an order is made for the appointment of an administrator to manage the affairs, business and property of the other party, or documents are filed with a court of competent jurisdiction for the appointment of an administrator of the other party;
(d) a receiver is appointed of any of the other party’s assets or undertaking, or if circumstances arise which entitle a court of competent jurisdiction or a creditor to appoint a receiver or manager of the other party, or if any other person takes possession of or sells the other party’s assets;
(e) the other party makes any arrangement or composition with its creditors, or makes an application to a court of competent jurisdiction for the protection of its creditors in any way; or
(f) there is a change of control of the other party;
14.3 Post-Termination Actions.
On termination of this Agreement for any reason:
(a) all Services, Documentation, and licenses (if applicable) granted under this Agreement shall immediately terminate;
(b) each party shall return and make no further use of any equipment, property, Documentation and other items (and all copies of them) belonging to the other party;
(c) Megaventory may destroy or otherwise dispose of any of the Customer Data in its possession; and
(d) the accrued rights of the parties as at termination, or the continuation after termination of any provision expressly stated to survive or implicitly surviving termination, shall not be affected or prejudiced.
MISCELLANEOUS
15.1 Force Majeure.
Megaventory shall have no liability to the Customer under this Agreement if it is prevented from or delayed in performing its obligations under this Agreement, or from carrying on its business, by acts, events, omissions or accidents beyond its reasonable control, including, without limitation, strikes, lock-outs or other industrial disputes (whether involving the workforce of Megaventory or any other party), failure of a utility service or transport or telecommunications network, act of God, war, riot, civil commotion, malicious damage, compliance with any law or governmental order, rule, regulation or direction, accident, breakdown of plant or machinery, fire, flood, storm or default of suppliers or sub-contractors, provided that the Customer is notified of such an event and its expected duration.
15.2 Waiver.
A waiver of any right under this Agreement is only effective if it is in writing and it applies only to the party to whom the waiver is addressed and to the circumstances for which it is given. Unless specifically provided otherwise, rights arising under this Agreement are cumulative and do not exclude rights provided by law.
15.3 Severability.
If any provision of this Agreement is found by any court or administrative body of competent jurisdiction to be invalid, unenforceable or illegal, the other provisions shall remain in force. If any invalid, unenforceable or illegal provision would be valid, enforceable or legal if some part of it were deleted, the provision shall apply with whatever modification is necessary to give effect to the commercial intention of the parties.
15.4 Entire Agreement.
This Agreement, and any documents referred to in it, constitute the whole agreement between the parties and supersede any previous arrangement, understanding or agreement between them relating to the subject matter they cover. Each of the parties acknowledges and agrees that in entering into this Agreement it does not rely on any undertaking, promise, assurance, statement, representation, warranty or understanding (whether in writing or not) of any person (whether party to this Agreement or not) relating to the subject matter of this Agreement, other than as expressly set out in this Agreement.
15.5 Assignment.
The Customer shall not, without the prior written consent of Megaventory, assign, transfer, charge, sub-contract or deal in any other manner with all or any of its rights or obligations under this Agreement. Megaventory may at any time assign, transfer, charge, sub-contract or deal in any other manner with all or any of its rights or obligations under this Agreement.
15.6 No Joint Venture.
Nothing in this Agreement is intended to or shall operate to create a joint venture or partnership between the parties, or authorize either party to act as agent for the other, and neither party shall have the authority to act in the name or on behalf of or otherwise to bind the other in any way (including, but not limited to, the making of any representation or warranty, the assumption of any obligation or liability and the exercise of any right or power).
15.7 Third Parties.
This agreement does not confer any rights on any person or party, other than the parties to this Agreement and, where applicable, their successors and permitted assigns.
15.8 Notices.
Unless otherwise provided for via a Megaventory website, any notice required to be given under this Agreement shall be in writing and shall be delivered by hand or sent by pre-paid first-class post or recorded delivery post to the other party at its address set out in this Agreement, or such other address as may have been notified by that party for such purposes, or sent by fax. A notice delivered by hand shall be deemed to have been received when delivered (or if delivery is not in business hours, at 9:00am on the first business day following delivery). A correctly addressed notice sent by pre-paid first-class post or recorded delivery post shall be deemed to have been received at the time at which it would have been delivered in the normal course of post. A notice sent by fax shall be deemed to have been received at the time of transmission (as shown by the timed printout obtained by the sender).
15.9 Governing Law.
This Agreement and performance hereunder shall be governed by the laws of the State of Delaware.
15.10 Headings and Titles.
The headings and titles of this Agreement are not part of this Agreement, but are for convenience only and are not intended to define, limit or construe the contents of the various Sections.
SCHEDULE 1
“SERVICE LEVEL AGREEMENT”
1. Performance Management.
The Services and Documentation shall be available to Authorized Users 365 days a year, 7 days a week, 24 hours a day and shall be available 99.9% of the time (see Section 4 below), excluding planned downtime (the “Availability Commitment”). Megaventory shall have no liability for any failure to meet the service levels set forth herein to the extent such failure would not have occurred but for: acts or omissions of Customer inconsistent with the advice or instructions of Megaventory, acts or failures to act by the Internet, ISPs, or any third party service providers, any failure by Customer to provide detailed information to assist in diagnosing problems with the Services of Documentation, availability of bandwidth to Authorized Users or any other cause beyond the reasonable control of Megaventory and without its fault or negligence; provided, that the foregoing shall not diminish the obligations of Megaventory set forth herein or in the Agreement. Megaventory shall ensure that it will support and scale the Services and Documentation accordingly to support the traffic or other burden encountered by the Services or Documentation as necessary to satisfy the requirements as set forth in this Service Level Agreement.
2. Operational Service Support.
Megaventory will use reasonable efforts to meet the Service Level Objectives (SLO) stated in the table below and will provide continuous efforts to resolve Severity 1 service availability or system outage incidents concerning availability of the Service. For Severity 1 incidents, Megaventory will work until a workaround or resolution can be provided or until the incident can be down-graded to a lower severity. In respect to Severity 1 incidents, Customer contacts must be available at all times to provide Megaventory with relevant and requested information, data gathering and testing necessary to bring the incident to resolution. Severity 2-4 calls can be logged with Megaventory at any given time and will be responded to during published business hours as per the Service Level Objectives table below.
|
Service Level Objectives |
||||
|
Incident Severity |
1 |
2 |
3 |
4 |
|
Initial Response Time |
2 hours |
2 hours* |
4 hours* |
8 hours* |
|
*During business hours (10am-6pm) on UTC time-zone.
|
||||
|
Severity Level Descriptions |
||||
|
Severity 1 |
· Unavailability of service. · Mission critical function not available. · System crashes. · System hangs indefinitely causing unacceptable or indefinite delays for resources or response. In the event that Customer notifies Megaventory that the Service is unavailable, Megaventory will begin to work on a system fix within two (2) hours of notification. |
|||
|
Severity 2 |
· Severe loss of service (operations may continue but are severely restricted). |
|||
|
Severity 3 |
· Minor loss of service, minor error or behavior (service is available but may require a workaround to restore full functionality). |
|||
|
Severity 4 |
· Minor problem or question that does not affect delivery of service. |
|||
During the subscription Term and upon request or upon a predetermined schedule, Megaventory shall at its discretion apply fixes or hotfixes (“Program Updates”). Documentation relevant to these Updates will be made available at regular intervals. Where practicable, Megaventory will schedule such updates during non-business hours and will provide Customer with notice of a minimum of 3 business days for standard maintenance and 2 hours in case of emergency maintenance.
3. Maintenance or Service Outages.
Megaventory will notify Customer via Customer-supplied e-mail address of any operational or functional Services outage exceeding 2 hours. Megaventory will notify Customer by email or via Megaventory’s websites (http://[DOMAIN].megaventory.com/inventory/default.aspx -where [DOMAIN] is the domain name of the customer’s account- or http://megaventory.blogspot.com) no less than 2 Business Days before a scheduled maintenance event (“Scheduled Maintenance”). Scheduled Maintenance shall not be considered an operational or functional Services outage, provided such downtime is reasonable and conducted at customary times and days of the week.
4. Service Level Uptime.
Megaventory guarantees 99.9% web site availability for the Services per calendar month, which allows for 44 minutes of non-consecutive service outage per month. For the purpose of this Service Level Agreement, only outages lasting a minimum of 10 consecutive minutes are considered a service outage for calculating availability and/or uptime. This Service Level Agreement is subject to the following conditions and exclusions below. Should Services availability drop below 99.9%, the Customer will be eligible for the following Services credits (and not any cash refund), provided Customer follows the provisions set forth in Section 5 below, and to be added to the end of the Customer’s term, based on the chart below:
Services Availability Services Credits
98.0% - 99.8% 1 day of Services
97.9% or below 2 days of Services
5. Services Credits.
To receive Services Credit, the Customer must notify Megaventory by email within 10 Business Days that the Customer’s Services was not available. Each request must include the dates and times of the Services unavailability and other required information. The applicable Services Credit adjustment will be made to the Customer's account after confirmation of the Services outage.
DATA PROTECTION ADDENDUM
This section describes how Megaventory collects, uses, and discloses information obtained about users from its websites, services and other software.
1. Data Protection Officer (DPO)
Megaventory has a dedicated data protection officer (“DPO”). The DPO can be contacted at the compliance@megaventory.com email address.
2. Processed Data
2.1. Definitions
Megaventory stores in its databases
· data provided by clients about themselves and also
· data provided by clients about their customers, suppliers and other relevant entities (collectively referred to as client entities).
Client can refer to prospective, current and past clients. In particular,
· a prospective client is a client of Megaventory in non-paying trial status (evaluating the software)
· a current client is a client of Megaventory in paying status (has purchased the software either in subscription or any other mode)
· a past client is a former prospective or a former current client.
Data are recorded either by client submission or by automatic saving performed by Megaventory.
Each data point is allocated a risk level - either Risk or High Risk.
These data may be shared with
· Third party tools employed by Megaventory
· Members of the Megaventory Partner Network. In particular, the Partner associated with a customer may choose to have access to that customer’s data and only that customer’s data.
2.2. The Data Processed by Megaventory
The data recorded which are requested by Megaventory, refer to the clients themselves and are entered by themselves can include:
· Company name [Risk]
· Address details [High Risk]
· Tax identification number [High Risk]
· Phone [High Risk]
· Logo [Risk]
· Signup email (collected at the initial signup form it is the same as the administrator user email) [High Risk]
· Admin Password [High Risk]
· Employee details [High Risk]
o Username [Risk]
o Password [High Risk]
o Company email [High Risk]
The data recorded which are automatically saved by Megaventory and refer to the clients themselves are:
· Employee activity logs [Risk]
o Username [Risk]
o Activity date and time [Risk]
o Activity type (insert data, edit data, delete data, backup data, log in, log out) [Risk]
o Event Type (which data entity edited, user activity, database operation) [Risk]
o Activity origin (Site, API, file upload) [Risk]
The data recorded which are requested by Megaventory, refer to the client’s entities and are entered by the clients can include:
· Customers [High Risk]
o Physical or Company name [High Risk]
o Address details [High Risk]
o Tax identification number [High Risk]
o Phone [High Risk]
o Email [High Risk]
· Suppliers [High Risk]
o Physical or Company name [High Risk]
o Address details [High Risk]
o Tax identification number [High Risk]
o Phone [High Risk]
o Email [High Risk]
· Contacts
o Physical or Company name [High Risk]
o Address details [High Risk]
o Tax identification number [High Risk]
o Phone [High Risk]
o Email [High Risk]
o Supplier or a Client association [Risk]
· Shipping Providers [Risk]
o Name [Risk]
· Purchase Records (Orders and Documents) [Risk]
o Physical or Company name of Supplier [Risk]
o One or more Addresses of Supplier [Risk]
o Contact name of Supplier [Risk]
· Sell Records (Orders and Documents) [Risk]
o Physical or Company name of Customer [Risk]
o One or more Addresses of Customer [Risk]
o Contact name of Customer [Risk]
Note:
· The information stored in cookies by Megaventory itself is anonymous and documents only the session number and certain preferences regarding presentation of filtered results (such as columns displayed, type of sorting enabled, etc).
· No IP address is stored by Megaventory itself.
2.3. The Data Location
The company data are located in dedicated and exclusively owned and used server hardware in Germany at the premises of Hetzner Online GmbH. In particular, Megaventory’s server is in the data center NBG1-DC2 in Nuremberg.
Data accessed by Megaventory employees are saved locally on company employees’ computers upon access in the form of cookies and/or browser cache memory records.
2.4. People with Access to the Data
All employees, in-house freelance contractors and in-house interns of Megaventory have full access to the Processed Data stored by Megaventory only.
Members of the Megaventory Partner Program may choose to have full access to the Processed Data of their clients stored by Megaventory and in agreement with them.
2.5. Legal Basis on which Megaventory holds the Data
The data of prospective Megaventory clients are retained on the basis of the contractual obligation between Megaventory and the client so as to allow such clients to fully evaluate all aspects of the Megaventory software.
The data of current Megaventory clients are retained on the basis of contractual obligation between Megaventory and the client so as to allow such clients to fully access all aspects of the Megaventory software for their everyday use as well as less common scenarios.
The data of former Megaventory clients are deleted three (3) months after the respective account expires. The client can also delete all their data at any point, including just before cancelling their subscription. The data of former Megaventory clients are retained on the basis of contractual obligation between Megaventory and the client so as to allow such clients to resume using their account.
The following data of prospective, current and former Megaventory clients are retained indefinitely by Megaventory:
· the Physical or Company name (if it was disclosed)
· the email they signed up with
· a record of their past invoices of payment to Megaventory (if any were issued)
· their browser referral link (if it was successfully tracked)
These data are retained in case of legal or financial dispute between the Megaventory and the client and with the aim of protecting Megaventory’s legal interests.
2.6. Data Storage Expiry and Deletion
The Processed Data are retained for three (3) months after the expiry of the client account, whether it was a paid or free trial account. During that period of three months the data are available in read-only mode.
The databases of accounts which are expired for more than 3 months are deleted.
The Processed Data can also be removed by the clients themselves at any time whenever they perform a Full Reset on their database.
In both of the above cases following the deletion everything in their database is removed apart from the client data below which are retained by Megaventory
· the Physical or Company name (if it was disclosed)
· the email they signed up with
· a record of their past invoices of payment to Megaventory (if any were issued)
· their browser referral link (if it was successfully tracked)
2.7. Other Data Uses
The Processed Data are also used for the following messaging purposes. In particular they are used to:
· proactively and reactively inform all clients and their employees about new Megaventory features.
· invoice current clients for Megaventory usage
· provide support to prospective and current clients
· educate prospective and current clients about how Megaventory operates
All the above uses are in place out of Megaventory’s contractual obligations with the clients so as to properly offer the Megaventory service to the clients.
Processed Data are also used for analytics purposes to identify patterns which enable the improvement of the software solution provided by Megaventory. All client data are processed within the tools available in Section 5.3.
Such data are typically anonymized before further processing in this context so whenever user information is handled it is in aggregate. As such, these analytics processes pose no threat to the clients’ privacy.
In certain cases, it is necessary for analytics purposes to handle such data from individual accounts - ie not in aggregate form. In such cases, no anonymization is possible but the personal client information is not included in any analysis.
3. Third-Party Data
3.1. Stored Data in Third-Party Apps and their Lifecycle
3.1.1 Third-party Apps
Megaventory uses a number of third party services and products - some are purely web-based while others combine web with offline components.
The ones Megaventory uses and shares client data with are the following:
· Stripe.com
· Intercom.com
· Analytics.google.com
· ScheduleOnce.com
· Inlinemanual.com
· Hetzner.de
· Fastmail.com
· Mailchimp.com
· Facebook.com
3.1.2. Data Lifecycle in Third-Party Apps and Services
The Processed Data are used as follows by the third-party apps below:
1. Stripe.com
Data set:
At a minimum, the data transferred are
· the client's e-mail
· the client's payment amounts for Megaventory service,
· the client's credit card information (name, number, expiry date, CVV number)
For more complete and up-to-date information refer to: https://stripe.com/dpa/legal
Data path:
The transfer takes place whenever a client subscribes to Megaventory. The above information can also be transferred to Stripe whenever edited by the client and irrespective of a payment or subscription taking place.
The data are entered in the Megaventory interface in a form generated and provided by Stripe. Note that the above information is not stored in Megaventory nor is it processed by it other than to pass it to Stripe.
Usage:
The data are required to be transferred to Stripe so that it can process the client’s payment to Megaventory.
Compromise Assessment:
High Risk
Data location:
Personal Data may be stored and processed in any country where Stripe does business or Stripe’s service providers do business.
For reference: https://stripe.com/privacy#international-data-transfers
Contract:
https://stripe.com/dpa/legal
GDPR Compliance:
For reference: https://stripe.com/privacy
Stripe has been certified to the EU-U.S. and Swiss-U.S. Privacy Shield. Please find Stripe’s certification at https://www.privacyshield.gov/participant?id=a2zt0000000TQOUAA4&status=Active.
Data Protection Officer:
For reference: https://support.stripe.com/questions/data-protection-officer
Right to be forgotten:
Users can request their data be removed from Stripe 3 years after last charge. For such requests contact compliance@megaventory.com
2. Intercom.com
Data set:
Client data kept in Intercom may include:
· Conversations Megaventory staff have exchanged in writing with clients
· Contact details such as name, email, phone, Skype id, job title, timezone, social media accounts
· Application access details such as last location, time of first and last seen, of last outbound and inbound contact, of app sign up and number of app sessions
· Browser details such as brand, version, OS, language setting, referral link
· Email notification statuses like unsubscriber, marked as spam, hard bounce etc
· Megaventory billing-related data such as number of users, monthly spend, account expiry date, account email
· Megaventory account data such as number of suppliers, customers, transactions, locations, etc
Data path:
The various types of data are transferred into Intercom as follows:
· Conversations are initiated via a chat application or via email by clients or Megaventory staff. In all cases, a record is kept in Intercom including subsequent replies
· Contact details are either entered by clients themselves, inserted manually by Megaventory staff or automatically populated via Intercom itself
· Application access details are automatically populated via Intercom itself
· Browser details are automatically populated via Intercom itself
· Email notification statuses are automatically populated via Intercom itself
· Megaventory billing-related data are passed by the Megaventory application to Intercom
· Megaventory account data are passed by the Megaventory application to Intercom
Usage:
The various types of data are used as follows:
· Conversations build a historical record of the information passed between the client and Megaventory enabling comprehensive support but also protecting both sides’ interests.
· Contact details allow for seamless communication from Megaventory to the client esp. in cases of critical and/or emergency notifications
· Application access details contribute significantly in Megaventory staff confirming a healthy usage of the application and intervening when that’s not the case to help and correct mistakes.
· Browser details allow for more efficient and faster support in technical issues
· Email notification statuses allow Megaventory staff to ensure only those opting in communication receive non-critical notifications while also making sure critical notifications reach all Megaventory clients.
· Megaventory billing-related data allow for more efficient and faster support in financial disputes and related troubleshooting.
· Megaventory account data allow for more efficient and faster support in business logic questions raised by the customer.
Compromise Assessment:
High Risk
Data location:
All Intercom infrastructure is spread across 3 AWS data centers (availability zones). Amazon does not disclose the location of its data centers. AWS is Privacy Shield certified, so data transfers from the European Economic Area (EEA) are covered by AWS Privacy Shield certifications.
For reference: https://www.intercom.com/legal/security-policy
Contract:
For reference: https://www.intercom.com/legal/service-level-agreement
GDPR Compliance:
Intercom’s privacy policy includes the EU-US and Swiss-US Privacy Shield Policy.
For reference: https://www.intercom.com/legal/privacy
Data Protection Officer:
The Intercom DPO is available at compliance@intercom.com
For reference: https://www.intercom.com/help/en/articles/1689224-how-to-contact-us-with-data-queries
Right to be forgotten:
Users can request their data be removed from Intercom 3 years after their last Megaventory access. For such requests contact compliance@megaventory.com
3. Analytics.google.com
Data set:
Client data passed into Google Analytics directly from Megaventory may include:
· Time of visit
· Pages visited
· Referring site details (such as the URI a user came through to arrive at this site)
· How visitors progress through the site
· How visitors interact with elements on the site (e.g. click, scroll, etc)
· How long visitors spend on the site
· At what stage of a visit users leave the site
· Type of visitor web browser
· Type of visitor operating system
For a more complete list refer to: https://developers.google.com/analytics/resources/concepts/gaConceptsTrackingOverview
Additional Megaventory-specific client data passed into Google Analytics from Megaventory may include:
· Anonymous user-id
· User type (paying vs non-paying user)
· Plan (Megaventory tier if user is paying)
· Monthly spend (if user is paying)
· People (number of users in the account if user is paying)
· Payments (number of users in the account if user is paying)
Data path:
Upon a visitor loading the Megaventory site for the first time, a consent prompt requests permission for the Google Analytics cookie to be saved in the visitor’s browser. If permission is given, the above non-Megaventory-specific data are captured and sent to Google Analytics.
If the visitor proceeds to sign up to start a trial account and / or subscribe to a paying tier, the Megaventory-specific client data is also passed into Google Analytics.
If no consent is provided, no information is captured and sent to Google Analytics.
Usage:
The anonymized data stored are used in aggregate to improve upon how the information is served by the Megaventory website and application to the visitors.
Such optimizations may include
· technical improvements such as reducing loading times
· informational adjustments such as offering content that is most helpful to users and
· commercial such as implementing new application features to enrich the user offering
Compromise Assessment:
Risk
Data location:
There are multiple data centers globally. For more information refer here: https://www.google.com/about/datacenters/locations/
Contract:
For reference: https://marketingplatform.google.com/about/analytics/terms/us/
Data Protection Officer:
Emil Ochotta is the Data Protection Officer of Google LLC and its subsidiaries. For reference: https://cloud.google.com/security/gdpr#tab6
Right to be forgotten:
Users
can request their data be removed from Google Analytics. For such requests
contact compliance@megaventory.com
4. ScheduleOnce.com
Data set:
Client data passed into Schedule Once directly from Megaventory may include:
· Name
· Phone
· Timezone
Data path:
Users enter the above data in the form they use to schedule a call with Megaventory Inc.
Usage:
The information requested is the absolute minimum to schedule a call with existing and potential clients.
Compromise Assessment:
Risk
Data location:
The ScheduleOnce data are hosted on Microsoft Azure and Amazon AWS data centers hosted in the USA. For reference, see here: https://www.oncehub.com/trustcenter/security
Contract:
For reference, see here: https://www.oncehub.com/trustcenter/legal/msa?hsLang=en and here:
https://www.oncehub.com/trustcenter/legal/dpa?hsLang=en
Data Protection Officer:
The appointed person 4may be reached at privacyoffice@oncehub.com
Right to be forgotten:
Users
can request their data be removed from ScheduleOnce. For such requests contact
compliance@megaventory.com
5. Inlinemanual.com
Data set:
Client data passed into InlineManual may include general information such as:
· Cookies
· Usage Data
· Company
· Email address
· Username
Client data may also optionally include Inline Manual Analytics data such as:
· IP address
· Browser headers
· Timestamp
· URL location
· Inline Manual related data:
o Topic start/end
o Step shown
o Search keywords
o Events
Client data may also optionally include Inline Manual Segmentation data such as:
· Roles
· Group
· Plan
· Created
· Updated
· Custom fields/data
For reference see: https://inlinemanual.com/legal/privacy/
Data path:
If a Megaventory visitor proceeds to sign up to start a trial account, the above client data is passed into InlineManual.
No information is transferred to InlineManual for non-logged-in visitors.
Usage:
The data stored are used in aggregate to improve upon how the information is served by the Megaventory website and application to the visitors.
Such optimizations may include
· technical improvements such as reducing loading times
· informational adjustments such as offering content that is most helpful to users and
· commercial such as implementing new application features to enrich the user offering
Compromise Assessment:
Risk
Contract:
For reference see here: https://inlinemanual.com/legal/terms-of-service/ and here: https://inlinemanual.com/legal/privacy/
Data Protection Officer:
For
reference, please contact: support@inlinemanual.com
6. Hetzner.de
Data set:
Hetzner is the hosting company for the physical servers of Megaventory.
Compromise Assessment:
High Risk
Data location:
Germany
Contract:
For reference see here:https://www.hetzner.com/rechtliches/agb/ and here: https://www.hetzner.com/rechtliches/datenschutz/?country=mt
Data Protection Officer:
Margit Müller is the data protection officer, data-protection@hetzner.com.
7. Fastmail.com
Data set:
Fastmail is the webmail host of Megaventory. Client data kept in Fastmail include all the conversations Megaventory staff exchange in writing with clients.
Data path:
Any email sent to Megaventory employee addresses as well as role-based addresses is transferred in full to Fastmail (including header and content of the email exchange).
Usage:
Fastmail is the core method of communication with Megaventory clients.
Compromise Assessment:
High Risk
Data location:
Fastmail servers are located in the USA. For reference check here: https://www.fastmail.help/hc/en-us/articles/1500000280221
Contract:
For reference check here: https://www.fastmail.com/about/privacy/ and here: https://www.fastmail.com/about/dpa/
Data Protection Officer:
The
Data Protection Officer can be contacted at
dataprotection@fastmailteam.com.
8. Mailchimp.com
Data set:
Client data kept in Mailchimp may include:
· Information directly entered by clients such as name, email address, address, or telephone number.
· Information automatically collected by Mailchimp itself such as IP address, operating system, browser ID, and other information about the connection. Also usage data may be collected such as email campaigns accessed, app browsing activity, email deliverability etc.
· Information automatically collected by Mailchimp from other sources such as social media platforms.
For reference: https://mailchimp.com/legal/privacy/#1._The_Basics
Data path:
The client data is manually entered by the clients themselves in the Megaventory homepage only.
Usage:
The email of the visitors is used to communicate new features and other marketing information to those who have expressly given their permission to Megaventory to follow up with them.
Compromise Assessment:
Risk
Data location:
Mailchimp data centers are located around the United States. For reference: https://mailchimp.com/about/security/
Contract:
For reference check here: https://mailchimp.com/legal/ and here: https://mailchimp.com/legal/data-processing-addendum/
GDPR Compliance:
Mailchimp is certified with the EU-U.S./Swiss-U.S. Privacy Shield Frameworks to protect EEA, UK, and Swiss data in compliance with the Privacy Shield Principles. The Privacy Shield certification is available here: https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active
Data Protection Officer:
Please contact dpo@mailchimp.com
Right to be forgotten:
Users
can request their data be removed from Mailchimp. For such requests contact
compliance@megaventory.com
9. Facebook.com
Data set:
Facebook collects a broad range of data. For reference see here: https://www.facebook.com/about/privacy/update
Data path:
Upon a visitor loading the Megaventory site for the first time, a consent prompt requests permission for the Facebook cookie to be saved in the visitor’s browser. If permission is given, the above non-Megaventory-specific data are captured and sent to Facebook.
If no consent is provided, no information is captured and sent to Facebook.
Usage:
Facebook features such as Boosted Posts are used to communicate new features and other marketing information to those who have expressly given their permission to Megaventory to pass their information to Facebook.
Compromise Assessment:
Risk
Data location:
Facebook operates a global infrastructure and processes data in both EU and US-based servers.
Contract:
For reference see here: https://www.facebook.com/business/gdpr
GDPR Compliance:
Facebook, Inc. (“Facebook”) has certified to the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. See more here: https://www.privacyshield.gov/EU-US-Framework
Data Protection Officer:
To submit a request to the Facebook Data Protection Officer (DPO), please complete this form: https://www.facebook.com/help/contact/540977946302970