JOINT CONTROLLERSHIP AGREEMENT

Last updated: May 11, 2021

This Joint Controllership Agreement (the “Agreement”) defines the regulation of the relationship between Snovio Inc. (the “Company”, “Snov.io”, “Snovio”, “we”, “us” or “our”) and Clients of the Company who use the Company’s services (the “Client”, “you” or “your”) regarding the processing of Prospects’ personal data provided by Client subject to reservation specified in section 5 hereunder.

In this Agreement, we did our best to explain in a clear and accessible way what exact Prospects’ personal data provided by the Clients we process, why and how we do that, and what are the consequences of those actions.

ALL CLIENTS OF THE COMPANY ARE REQUIRED TO READ THIS JOINT CONTROLLERSHIP AGREEMENT TO UNDERSTAND HOW COMPANY USES, PROCESSES AND STORES PROSPECTS’ PERSONAL DATA WHILE PROVIDING SERVICES TO THE CLIENTS.

  1. DEFINITIONS
  2. “Joint controller” means the natural or legal person, public authority, agency or other body, which jointly with other controllers determines the purposes and means of the processing of personal data.

    “Personal data” means any information relating to a data subject, namely an identified or identifiable natural personal.

    “Prospect” means a third-party data subject whose personal data you provide to the Company.

    “Services” means corporate email finding and verification services provided by Snovio to Clients.

    “Platform” means collectively the website https://snov.io/, web and mobile application app Snov.io, API methods available by api.snov.io hostname.

    “Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

    “GDPR” means the regulation (EU) 2016/679 of the European Parliament and of the Council of the 27th of April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation);

    “Profiling” means any automated profiling, namely any form of automated processing of personal data intended to evaluate certain personal aspects relating to a natural person, or to analyses or predict that person’s performance at work, economic situation, location, health, personal preferences, reliability, or behavior.

  3. GENERAL PROVISIONS
  4. 2.1. When processing personal data of Prospects, parties shall respect the obligations set forth in this Agreement and in the applicable laws and regulations.

    2.2. Snovio and you are the joint controllers of the following personal data of Prospects:

    first and last name; and
    corporate email address (the “Prospect data”).

    2.3. Snovio and you are the joint controllers of the Prospects’ data regarding the storage of such personal data.

    2.4. Parties jointly determined that purposes of the processing of the Prospects’ data are as follows:

    for Clients, to store the Prospects’ data within the Platform to be able to use the Services;
    for Snovio, to provide Services to you and other Clients and maintain the operation of the Platform.

    2.5. Parties jointly determined that the Prospects’ data hereunder shall be processed by the means specified in Snovio’s Terms and Conditions incorporated by reference hereunder.

    2.6. Snovio processes Prospects’ data on a basis of article 6(1)(f) of the GDPR and pursuant to the respective warranties specified in section 4 hereunder. Legitimate interests of Snovio, clients and Prospects are as follows:

    contribution to business cooperation between Prospects and Clients;
    creation and assistance in discovering of new business-targeted marketing and sales opportunities for Prospects and Clients;
    Clients’ interest in expansion of the database of the potential business partners;
    development and maintenance of the Platform that constitutes a unique online-based platform that simplifies and facilitates professional interaction tween businesses;
    Clients’ interest in the use of the Platform for businesses as it combines sales, CRM, analytics, marketing and email service functionality;
    Prospects’ interest in approaching potential and verified clients or suppliers;
    Prospects’ interest in commercializing the use of his/her publicly posted information related to his/her professional or business interests/occupation.

    2.7. Snovio has completed the balancing test and verified that the fundamental rights and freedoms of the Prospects that require protection of the Prospects ’personal data do not override the legitimate interests of Snovio, Clients and Prospects specified in clause 2.6 herein.

    2.8. Snovio stores Prospects’ personal data for the entire period during which you use the Services and for 3 (three) months after the termination of the Client’s account on the Platform. However, Snovio may store particular Prospects’ data thereafter for the entire period during which other Clients use the Services if you and other Clients have simultaneously provided such Prospects’ data to Snovio, but in any case only as long as necessary to provide Services to you and other Clients hereunder.

    2.9. Snovio and you may have other processing roles and status during other processing operations involving the Prospects’ personal data or other personal data as provided under Snovio’s Privacy Policy and other personal data policies/agreements.

  5. DATA TRANSFER
  6. 3.1. Snovio may transfer Prospects’ personal data to its contractors located in third countries outside the EU, including the onward transfers of the personal data from the third countries to other third countries, inter alia in the USA.

    3.2. Snovio may transfer Prospects’ personal data as specified in clause 3.1 afore to the following contractors:

    NameCountry of locationWebsiteData transfer policy
    Google AnalyticsUSAhttps://www.google.orghttps://policies.google.com/privacy/frameworks?hl=en
    HotjarMaltahttps://www.hotjar.comhttps://www.hotjar.com/legal/policies/privacy/
    Amazon Web ServicesUSAhttps://aws.amazon.com/?nc2=h_lghttps://aws.amazon.com/privacy/?nc1=f_pr
    SendPulseUSAhttps://sendpulse.com/https://sendpulse.com/legal/pp; https://sendpulse.com/legal/processing
    PipedriveRepublic of Estoniahttps://www.pipedrive.com/en/gettingstartedhttps://www.pipedrive.com/en/privacy#data-transfer-37
    ChrispFrancehttps://crisp.chat/en/https://crisp.chat/en/privacy/
    HetznerGermanyhttps://www.hetzner.com/https://www.hetzner.com/rechtliches/datenschutz/
    MongoDBUSAhttps://www.mongodb.comhttps://www.mongodb.com/legal/privacy-policy
    Send GridUSAhttps://sendgrid.com/https://www.twilio.com/legal/data-protection-addendum
    IP Quality ScoreUSAhttps://www.ipqualityscore.com/https://www.ipqualityscore.com/privacy-policy; https://www.ipqualityscore.com/data-processing-agreement
    FastSpringUK, USA and the Netherlandshttps://fastspring.com/https://fastspring.com/privacy/
    2CheckoutUSA and the Netherlandshttps://www.2checkout.com/https://www.2checkout.com/legal/data-privacy-provisions/ and https://www.2checkout.com/legal/privacy
    Snovio’s outsource technical, legal, sales and marketing specialistsUkraine, USA, Brazil, China-Non-disclosure agreements and Data Processing Agreement signed between Snovio and each outsource specialist.

    3.3. If so, Snovio may transfer Prospects’ personal data to its contractors located in third countries outside the EU, including the onward transfers of the personal data from the third countries to another third countries, only on a basis of the appropriate safeguards, namely standard data protection clauses between Snovio and its contractors. Such standard data protection clauses embodied in company’s public documents may be provided either by Snovio or by Snovio’s contractors.

    3.4. Snovio undertakes appropriate technical and organizational measures to secure the transfer Prospects’ personal data to its contractors located in the third countries outside of the EU and onward, namely:

    written information and access security policies and procedures;
    encryption of all transferred data;
    protected server and admin panel access via corporate VPN network only;
    two-factor authentication of Snovio team members who access Prospects’ personal data;
    limitation of access to Prospects’ data based on authority and tasks of the departments;
    security measures implemented by contractors specified in their data transfer policies enlisted in clause 3.2 afore, e.g. key management, threat detection, DoS and DDoS protection, rotate, manage, and retrieve secrets, deployment of public and private SSL/TLS certificates etc.

    3.5. Snovio does not sell or trade personal data to any legal persons or individuals. Snovio DOES NOT use Profiling.

  7. REPRESENTATIONS AND WARRANTIES
  8. 4.1. Each party undertakes to implement appropriate technical and organisational measures that complies with applicable laws and regulations designed to:

    ensure and protect the security, integrity and confidentiality of the Prospects’ data;

    and

    protect the Prospects’ data against any unauthorized processing, loss, use, disclosure or acquisition of or access.

    4.2. Each party ensures that the Prospects’ data is accurate and undertakes to notify the other Party with undue delay if it becomes aware of inaccuracies in the Prospects’ data.

    4.3. You hereby represent and warrant that:

    you collected the Prospects’ data on a lawful basis provided under the GDPR;
    transfer of the Prospects’ data to Snovio and further processing of the Prospects’ data by Snovio do not violate the Prospects’ rights and interests AND rights and interests of any third parties AND complies with the requirements of GDPR and all applicable laws and regulations;
    you will inform all data subjects whose Prospect’s data you provided to Snovio on the processing of such data by Snovio as (i) informing all data subjects whose Prospect’s data Clients provide Snovio with regarding the processing of their data constitutes disproportionate efforts for Snovio and (ii) processing of the Prospect’s data does not always allow Snovio to obtain the correct contact details of the data subject to inform him/her on the fact of data processing;
    you will inform us of any Prospects’ complaints, claims or requests related to the respective Prospects’ data and will not undertake any actions in this regard without the approval of Snovio;
    you will fulfil all data subjects’ requests related to the processing of personal data as specified herein without undue delay and according to your capacity; whether your capacity does not allow to fulfil the particular data subject’s request, you will undertake best possible efforts to facilitate the fulfilment of such request;
    you informed all Prospects whose Prospects’ data you transferred to Snovio of the possible risks of the data transfer specified in section 3 hereof pursuant to the absence of an adequacy decision under the GDPR in this regard and none of the respective Prospects objected to such transfer;
    you will inform us of any complaints, claims or requests from supervisory authority related to the respective Prospects’ data and will not undertake any actions in this regard without the approval of Snovio;
    you will promptly and properly deal with all inquiries from Snovio regarding the processing of the Prospects’ data;
    you will promptly notify Snovio of the commencement of any litigation or proceedings against Snovio or any of its officers/employees/contractors etc. in connection with the processing of the Prospects’ data as specified hereunder;
    you apply the appropriate security measures to protect the Prospects’ data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation.

    4.4. Snovio fully relies on the representations and warranties provided afore during the processing of the Prospects’ data as specified hereunder.

    4.5. You agree to indemnify and hold harmless Snovio and each of its directors, officers, employees, contractors and any person, if any, who controls Snovio against any loss, liability, claim, damages or expense (including the reasonable cost of investigating or defending any alleged loss, liability, claim, damages, or expense and reasonable counsel fees incurred in connection therewith) arising, including without limitation by reason of:

    any actions or omissions committed by you, your directors, officers, employees, contractors or any related person;
    violation of any representations or warranties specified afore;
    filing complaints regarding the processing of the Prospects' data as specified hereunder regardless whether such complaints were filed by the Prospect(s) or not;

    and

    decision of the supervisory authority.
  9. FACEBOOK AS JOINT CONTROLLER
  10. 5.1. Facebook and Snovio act as joint controllers regarding the collection of the personal data specified by the Applicable Product Terms and provision of the Clients’ emails to Facebook to customise the advertising of our services.

    5.2. Facebook and Snovio act as joint controllers pursuant to Facebook joint controllership agreement provided at https://www.facebook.com/­legal/­controller_addendum.

    5.3. You may access more details of how Facebook and Snovio act as joint controllers in the Snovio’s Privacy Policy.

  11. DATA SUBJECTS RIGHTS
  12. 6.1. Data subjects whose personal data are processed as specified hereunder may exercise the following rights:

    right to access, namely to know whether their personal data are being processed and if so, access such data;
    right to rectification, namely to ask the Snovio or you to correct his/her personal data if they are inaccurate;
    right to erasure (“right to be forgotten”), namely to obtain from the Snovio the erasure of his/her personal data without undue delay and the Snovio has to erase such personal data without undue delay;
    right to restriction of processing, namely to limit processing of his/her personal data with several exceptions under the scope of the GDPR;
    right to be informed, namely you are obliged to inform data subjects of what data is being collected, how it’s being used, how long it will be kept and whether it will be shared with any third parties; this information must be communicated concisely and in plain language;
    right to data portability, namely to obtain and reuse his/her personal data for his/her own purposes across different services; this right only applies to personal data that data subject has provided Snovio/you with by way of the consent;
    right to object, namely to object to the processing of personal data that are being processed by the Snovio; Snovio stops processing of personal data unless Snovio can demonstrate the compelling legitimate grounds for the processing that overrides the interests, rights and freedoms of the individual or if the processing is undertaken for the establishment or exercise of defense of legal claims;
    right not to be subject to a decision based solely on automated processing, namely to object to Profiling that is occurring without consent; herewith, data subjects may request their personal data to be processed with the human involvement;
    right to lodge a complaint with the supervisory data protection authority pertaining to the processing of your personal data.

    6.2. Any data subject may exercise any of the rights provided above by sending a request to the e-mail address help@snov.io or by contacting Snovio via the Platform’s chat window available at https://snov.io/. Any request of data subject must include name, contact information of the data subject, right which data subject wants to exercise, personal data processed by the Snovio/Client, details and reason/justification of such request.

    6.3. Periods of fulfillment of data subjects’ requests (taking into account that periods start since the moment Snovio/Client receives the request) are as follows:

    Right to be informed - when data is collected;
    Right to access - 1 month;
    Right to rectification - without undue delay;
    Right to erasure - without undue delay;
    Right to restrict processing - 1 month;
    Right to data portability - 1 month;
    Right to object - on receipt of objection;
    Rights in relation to automated decision making and profiling - 1 month.

    6.4. In some cases, a data subject has the right to lodge a complaint about the use of his/her personal data with a data protection authority. If so, the data subject shall contact his/her national data protection authority. Parties hereby represent and warrant to cooperate with the appropriate governmental authorities to resolve any privacy-related complaints that cannot be amicably resolved between data subject and any of the parties.

  13. DATA BREACHES
  14. 7.1. Parties will notify each other as soon as possible of any potential or actual loss of the Prospects' data and/or any breach of the technical and/or organizational measures taken, but, in any event, within 24 hours after identifying any potential or actual loss and/or breach.

    7.2. Parties will provide each other with reasonable assistance as required to facilitate the handling of any Data Breach.

  15. RESOLUTIONS OF DISPUTES AND CLAIMS RELATED TO PERSONAL DATA
  16. If the Prospect, data protection authority or any other person brings a dispute or claim concerning the processing of the Prospects' data against Snovio or both Parties, Parties will inform each other about such disputes or claims and will cooperate with each other as far as permitted by the applicable laws and regulations.

  17. COMMENCEMENT, DURATION AND SURVIVAL
  18. 9.1. This Agreement shall commence on the date specified in the beginning of the Agreement and shall last for the entire period of provision of Services and processing of the Prospects’ data as specified hereunder.

    9.2. The obligations set forth in this Agreement shall survive the expiration or termination (for whatever reason) of the Parties’ cooperation for as long as the processing of the Prospects’ data as specified hereunder will take place.

  19. NULLITY
  20. If any provision of this Agreement is null and void or cannot be otherwise enforced, the remaining provisions will remain in full force. Parties will then agree on a provision that approximates the scope of the void or unenforceable provision as much as possible.

  21. GOVERNING LAW AND RELATED DOCUMENTS
  22. 11.1. All disputes relating to this Agreement, its execution and interpretation OR any Prospects’ data hereunder will be governed by the substantive law of the State of Delaware, USA.

    11.2. All disputes relating to this Agreement, its execution and interpretation OR any Prospects’ data hereunder will be submitted to the competent courts in the State of Delaware, USA.

    11.3. The following documents and policies constitute an integral part of this Agreement:

    Snovio’s Terms and Conditions available at https://snov.io/t_and_c;
    Snovio’s Privacy Policy available at https://snov.io/privacy-policy.
COMPANY DETAILS:

Snovio Inc., a Delaware company, company number 6896854;

Address: 220 East 23rd Street, 5th Floor, Office 500, New York, 10010 USA.

Data protection officer: snovio_dpo@snov.io.