Master Services Agreement
Last Updates: 5th September, 2024
This CRED Master Services Agreement (“Agreement”) is made between CRED Investments Inc, a company incorporated and registered in the United States whose registered office is at 651 N Broad St Suite 206 Middletown Delaware, 19709, United States (“CRED”), and Customer and governs the Customer’s use of the Service (each as defined below).
“Customer” means an entity or person that accepts and agrees to the terms of this Agreement as of the earlier date on which such entity or person executed an agreement with CRED making reference to their acceptance and agreement of adhering to the terms of this Agreement or by using the Services (“Effective Date”).
CRED retains the right to amend or revise this Agreement at its sole discretion. The effective date of any such changes will be the earlier of: (i) 30 days from the date of the amendment or revision; or (ii) the Customer’s continued use of the Service.
IF YOU DO NOT AGREE TO THIS AGREEMENT, YOU ARE NOT PERMITTED TO ACCESS OR USE THE SERVICE. THE SERVICE IS EXCLUSIVELY FOR THE CUSTOMER AND ITS AUTHORIZED USERS. IF AN INDIVIDUAL ENTERS INTO THIS AGREEMENT ON BEHALF OF A LEGAL ENTITY, THAT PERSON REPRESENTS AND WARRANTS THAT THEY HAVE THE LEGAL AUTHORITY TO BIND THE LEGAL ENTITY TO THIS AGREEMENT, WHICH THEN APPLIES TO THAT ENTITY AS THE CUSTOMER.
If Customer and CRED have entered into a written agreement governing Customer’s access to and use of the Service, the terms of that signed agreement will prevail and supersede this Agreement.
Customer and CRED are hereinafter collectively referred to as “Parties”, or each of them individually as a “Party” r and CRE
CRED RESPONSIBILITIES
1.1 Provision of CRED Services
Subject to the terms set forth in this Master Service Agreement ("MSA") CRED will provide Customer the Services (defined below) for the fees listed herein ("Fees"). "CRED Services" means the software-as-a-service product(s) and its associated deliverables specified, but for clarity excludes Third-Party Products. "Third-Party Products" means a non-CRED product or Web-based, mobile, offline or other software application or service that Customer chooses to integrate with or use in connection with the CRED Services. "Agreement" means, collective on the CRED website or within the MSA, DPA (defined below), Order Form and/or SOW and amendments to any of the foregoing. "Services" mean, collectively, the CRED Services and Professional Services (defined below). The license granted hereunder to the CRED Services is non-exclusive, non-transferable, non-sublicensable, revocable, and limited to the Customer's internal business purposes. "CRED Plan" shall mean the features, credits, and any add-ons detailed in any Order Form and/or SOW executed between the Customer and CRED which pertain to Customer's user allowances and restrictions when using the CRED Services. CRED reserves the right to make changes to the CRED Services from time to time provided that these changes will not materially decrease or change the utility of the CRED Services, or the delivery of the functionality of the CRED Services expressed in the Order Form and/or SOW. Only Upgrades (not downgrades) of the Customer's CRED Plan are allowed during the Service Term. "Upgrades" shall mean moving to a higher CRED Plan, by adding credits, adding add-Ons, or extending the Service Term. Credits are the unit of value for accessing CRED Services features and services. Credits may be purchased upfront, through monthly top-ups, or on an ad-hoc basis. Credits are deducted incrementally based on feature usage (credit consumption terms are available on CRED’s website: www.credplatform.com). CRED reserves the right to modify these terms without prior notice, and continued use of the CRED Services constitutes acceptance of such changes. Customers purchasing additional seats in bulk may be eligible for extra Credits, and bonus Credits may be awarded based on agreed spending commitments. Bonus Credits and additional Credits provided through bulk purchases will follow the same terms regarding Credit usage and expiration unless otherwise specified. Credits are non-transferable, non-refundable, and hold no cash value, unless otherwise agreed in writing.
1.2 Customer Affiliates
The rights granted under this MSA apply only to the Customer entity that enters into this Agreement. Except as set forth herein, Customer may not extend its rights to any Customer Affiliate (defined below). However, Customer Affiliates shall be entitled to enter into an agreement with CRED pursuant to this MSA and, in such circumstances, all references in this MSA to Customer shall be deemed to be applicable to the Customer Affiliate, unless otherwise set forth in writing. With respect to any such agreement Customer Affiliate becomes a party to this MSA and references to Customer in this MSA are deemed to be references to such Customer Affiliate. Each such agreement is a separate obligation of the Customer entity that enters into such agreement, and the rights granted in connection with such agreement are solely for the benefit of such Customer entity, and no other Customer entity has any liability, obligation or rights under such an agreement. "Customer Affiliate" shall mean any entity controlling, controlled by or under common control with Customer, where control (including "controlled by" and "under common control with") means the possession, directly or indirectly, of the power to direct or cause the direction of the management and policies of such person or entity, whether through the ownership of voting securities or other ownership interests, by contract or otherwise. Credits purchased by the Customer may be shared with Customer Affiliates as per written agreement, but all usage of Credits remains governed by the same non-transferable, non-refundable, and non-cash value rules unless otherwise specified in writing.
1.3 Support
During the term of the applicable Agreement, CRED will make available to Customer as part of the CRED Services, all updates and provide Customer with product support, as follows:
Contact Persons:
Name: Anthony Meir Name: Emily Perretti
Role: Commercial Lead Role: Operations
Email: anthony.meir@credinvestments.com Email: emily@credinvestments.com
CRED standard support hours are 09:00 to 17:00 GMT Monday through Friday for technical information, technical advice and technical consultation regarding Customer' use of the CRED Services. CRED will use commercially reasonable efforts to respond to all enquiries within one (1) business day.
1.4 Data Privacy and Protection of Customer Data
The CRED Data Protection Agreement ("DPA") is incorporated by reference into this MSA. The parties agree that the provisions contained in the DPA govern the processing of personal data in connection with this MSA. CRED will maintain appropriate administrative, physical, and technical safeguards for protection of the security, confidentiality, and integrity of Customer Data (defined below) and the Services, including measures designed to prevent unauthorized access to or use or disclosure of Customer Data. CRED will, on at least an annual basis, have an audit conducted by a reputable and experienced third party and have such third party issue a SOC 2 report (or substantially similar report) (“Audit Report”). CRED will develop and implement a remedial action plan to address and resolve any deficiencies identified in the Audit Report, or that CRED otherwise becomes aware of, within a commercially reasonable time.
"Customer Data" means data and other content submitted by or for Customer to the CRED Services, including Customer' end user data. For the avoidance of doubt, Customer Data does not include System Data (defined below) or any dashboards, report templates or any other technology or components of the CRED Services created, developed, used or provided by CRED.
1.5 Professional Services
CRED will perform the Professional Services (see Order Form and/or SOW) in a professional and workmanlike manner in accordance with this MSA. In addition to Services detailed in an Order Form or SOW, CRED may, upon request from Customer, provide Ad-Hoc Services. "Ad-Hoc Services" refers to services that fall outside the scope of the Order Form or SOW, which may be confirmed verbally or via email. Such confirmation will be treated as a binding agreement. Ad-Hoc Services will be billed in Credits, and the required number of Credits for Ad-Hoc services will be provided to the Customer in advance of service execution. Credits for Ad-Hoc services will be deducted from the available balance and billed monthly based on the completion of tasks or services. No changes to the Professional Services will be effective without the written agreement of each party. CRED may share documentation and training materials (collectively, the "CRED Professional Services Materials") with Customer. If CRED Professional Services Materials are provided to Customer in connection with the Professional Services, CRED grants Customer and its affiliates, during the term of this MSA, a non-exclusive, non-transferable, non-sublicensable right and license to use the CRED Professional Services Materials internally in connection with the Professional Services and to support Customer' permitted use of the CRED Services. Notwithstanding anything to the contrary in the Agreement, CRED Professional Services Materials are the sole and exclusive property of CRED.
1.6 Beta Services
From time to time, CRED may provide Customer with access to "alpha," "beta" or other "early-stage" CRED services, products, integrations, functionality or features (collectively, "Beta Services"), which are optional for Customer to use. These Beta Services are not generally available and may contain bugs, errors, defects or harmful components. CRED does not provide any indemnities, security commitments, service level commitments or warranties, express or implied, including warranties of merchantability, title, non-infringement, and fitness for a particular purpose, in relation to the Beta Services. If Credits are used for accessing Beta Services, the Customer acknowledges that Credits spent on Beta Services are non-refundable and subject to the terms governing the Beta program. CRED shall have no liability for any harm or damage arising out of or in connection with the Beta Services. Beta Services may be subject to additional terms which may supplement, but not supersede, the terms in the MSA. Customer or CRED may terminate Customer' access to Beta Services at any time. The Beta Services, including without limitation Customer' assessment or Feedback (defined below) of any Beta Services, are the Confidential Information of CRED.
PROPRIETARY RIGHTS
2.3 Customer Data License
Customer shall own all rights, title and interest in and to Customer Data and all derivatives thereof. Customer hereby grants CRED, for the term set forth in the applicable Order Form/SOW, a non-exclusive, non-transferable, non-sublicensable, worldwide, royalty-free license to host, copy, use, transfer and process the Customer Data as necessary in order for CRED to provide the CRED Services to Customer and to support Customer under the terms of the Agreement.
2.4 Feedback
Customer may from time to time provide CRED suggestions or comments for enhancements or improvements, new features or functionality or other feedback (collectively, "Feedback") with respect to the Services and/or Beta Services. CRED will have full discretion to determine whether or not to proceed with the development of any requested enhancements, new features or functionality. Customer hereby grants CRED an unlimited, irrevocable, perpetual, sublicensable, royalty-free license, without any obligation to compensate or reimburse Customer, to use, incorporate and otherwise fully exercise and exploit any such Feedback without restriction.
2.2 CRED Data
As part of Services, CRED may supply Customer with certain data (“CRED Data”) that Customer can use for its internal purposes and as otherwise set forth in the applicable Order Form/SOW. CRED represents and warrants that it has all necessary rights and consents to supply such CRED Data to Customer and for Customer to use such CRED Data as contemplated herein and in the applicable Order Form/SOW.
Customer RESTRICTIONS AND RESPONSIBILITIES
CONFIDENTIALITY
5. PAYMENT AND FEES
5.1 Fees
Customer will pay CRED the Fees for the Services as listed on the applicable Order Form and/or SOW. In addition to the Services outlined in the Order Form and/or SOW, CRED may provide Ad-Hoc Services as defined in Section 1.5, which will be confirmed verbally or via email. Fees for such Ad-Hoc Services will be invoiced separately, and payable as per the terms herein. Fees are based on a Credit system where Credits represent the unit of value to access features and services within the CRED Services. Customer may purchase Credits upfront, through monthly top-ups, or as-needed on an ad-hoc basis. The credits required per action are standardized for all users and across all workspaces, regardless of the Customer's specific workspace structure. Any adjustments to credit rates will be applied equally across all users, and continued use of the platform will signify acceptance of any such changes. The Fees for each renewal term shall be the then-current Fees for the Services in effect at the time of the renewal; unless the applicable Order Form and/or SOW provides otherwise, provided, however, that if the Fees are set to increase in a renewal term, CRED must provide Customer with prior written notice of such increase at least sixty (60) days before the start of the next renewal term. All payment obligations are non-cancelable and, unless otherwise provided in the Agreement, all Credits and Fees paid under the Agreement are non-refundable. Credits do not roll over and shall be applied as per the applicable Order Form and/or SOW during the Service Term, or as otherwise stated herein. Credits do not have a cash value, are non-transferable, and are not redeemable for cash unless otherwise specified in writing. Customer agrees to pay all Fees in the determined currency as described in the Order Form and/or SOW, or as otherwise confirmed and/or invoiced as applicable for Ad-Hoc Services, unless the applicable Order Form and/or SOW provides otherwise. All payment obligations are non-cancelable and, unless otherwise provided in the Agreement, all Fees paid under the Agreement are non-refundable. Credits do not roll over and shall be applied as per the applicable Order Form and/or SOW during the Service Term. Fees related to credits are non-refundable and are not subject to dispute. Credits do not have a cash value and as such are non-redeemable. CRED may pass on any third-party costs incurred while delivering services or providing access to the CRED Services, including fees for software, data providers, or cloud services. If such costs change, CRED reserves the right to adjust pricing accordingly. Continued use of the CRED Services after the effective date of these changes implies acceptance of the new fees.
5.2 Invoicing and Payment
Unless otherwise agreed, payment for all invoices is due within thirty (30) days of receipt of the invoice, or the Services may be suspended or terminated. Unpaid invoices that are not in dispute are subject to a finance charge of 1.5% per month on any outstanding balance, or the maximum permitted by law, whichever is lower, plus all expenses of collection ("Interest Charge") and may result in immediate termination of the Subscription. In addition, if Customer fails to remit payment of a non-disputed invoice by the due date, all outstanding Fees due will become due and payable immediately without further action or notice. If Credits are fully consumed before the end of the Term, additional Credits must be purchased to continue accessing the CRED Services and its features. The purchase of additional Credits will be billed at the rates listed on the CRED website, within the CRED Services, or agreed in the applicable Order Form or SOW. Failure to purchase additional Credits may result in suspension of service. Subject to the terms of this Agreement, CRED may choose to bill either through the issuance of an invoice or the initiation of a direct debit or credit card payment. CRED reserves the right to suspend the Customer's access to the CRED Services in the event that the Customer fails to make timely payment of Fees, or any other due charges later than five (5) days following its due date, or (ii) if CRED reasonably believes that the Customer has otherwise violated or breached any of its terms as stated herein, for which CRED will not be liable to the Customer for any period of suspension which occurs as a consequence. In instances where CRED elects to process payments via direct debit or credit card, the Customer hereby irrevocably authorizes CRED to initiate charges against the Customer's specified bank account or credit card for any and all Fees, or other applicable due payments accruable immediately when due in accordance with this Agreement. It is incumbent upon the Customer to ensure the availability of adequate funds in the stipulated account to facilitate the seamless processing of due Fees, or other applicable due payments and to proactively communicate any alterations pertaining to their bank account or credit card details to CRED in a timely fashion. The Customer acknowledges and agrees that the Interest Charge is non-refundable and is intended to compensate CRED for the administrative costs and financial impact resulting from late payments. In addition to the remedies outlined above for failure to pay any amount owed to CRED, the Customer acknowledges and agrees that non-payment of both any outstanding charges and Interest Charge may result in further actions by CRED, including but not limited to pursuing legal action to recover the outstanding amount and interest, and reporting the non-payment to credit agencies, potentially affecting the Customer's credit rating.
5.3 Payment Disputes
If Customer believes that CRED has billed Customer incorrectly, Customer must contact CRED no later than thirty (30) days after receipt of the invoice. All inquiries should be directed to CRED’s accounting department at accounting@CRED.com. CRED shall respond to Customer promptly after receiving such inquiries.
5.4 Taxes
Customer shall be responsible for all taxes, duties and other governmental charges associated with the Services other than taxes based on CRED’s net income. If Customer is required by law to withhold any taxes, Customer must provide CRED with an official tax receipt or other appropriate documentation, and all Fees are payable hereunder without any deduction for such withheld taxes or otherwise. If CRED has the legal obligation to pay or collect taxes for which Customer is responsible under the terms of the Agreement, the appropriate amount shall be invoiced to and paid by Customer, unless Customer provides CRED with a valid tax exemption certificate authorized by the appropriate taxing authority.
5.5 Purchase Order
If Customer requires the use of a purchase order, Customer is responsible for providing the applicable purchase order at the time of purchase. The Customer acknowledges and agrees to the extent of any inconsistency between the Agreement and any terms and conditions attached to the Customer' purchase order, the terms of the Agreement will prevail. The parties acknowledge and agree that any pre-printed standard terms and conditions attached to or on the back of any purchase order will not apply to the Agreement.
6. TERMINATION
6.1 Term and Auto-Renewal
The term of this MSA will commence on the Effective Date and continue until terminated as set forth below. Subject to earlier termination as provided below, the Service Term is as specified in the Order Form and/or SOW, and shall be automatically renewed for additional periods of the same duration as the Service Term, unless either party requests termination at least thirty (30) days prior to the end of the then-current term by providing CRED with written notice.
6.2 Termination
In addition to any other remedies it may have, either party may also terminate the Agreement upon written notice if (a) the other party breaches a material term or condition of the Agreement, and fails to promptly remedy that breach within thirty (30) calendar days of notice; or (b) subject to applicable law, upon the other party’s liquidation, commencement of dissolution proceedings or assignment of substantially all of its assets for the benefit of creditors, or if the other party becomes the subject of bankruptcy or similar proceeding that is not dismissed within sixty (60) days. Upon termination of the Agreement, all unused Credits are forfeited unless otherwise agreed in writing. Credits are non-refundable and hold no residual cash value. Bonus Credits or discounts awarded for bulk purchases or committed spending may be subject to different expiry terms as agreed in writing between the Customer and CRED. All such terms will be specified in the Order Form or SOW, or otherwise at the time of purchase, and bonus credits will be governed by those terms. If the Agreement is terminated as a result of a material breach by Customer, then Customer shall pay in full all remaining Fees payable through the remainder of the Agreement; or if Customer has prepaid any Fees, then those Fees are nonrefundable. If the Agreement is terminated by Customer due to a material breach by CRED, then CRED shall refund Customer on a pro-rata basis any prepaid Fees covering the remainder of each outstanding period after the effective date of termination.
6.3 Survival
Upon expiration or termination of the Agreement, all rights and obligations will immediately terminate except that any accrued payment obligations and other terms or conditions that by their nature should survive such termination will survive, including the License Restrictions and terms and conditions relating to confidentiality, disclaimers, indemnification, limitations of liability, termination and the general provisions below.
6.4 Return and Destruction of Customer Data
CRED shall make available to Customer any Customer Data stored within the CRED Services for thirty (30) days after the expiration or termination ("Data Retrievability Period"), but thereafter CRED may, but is not obligated to, delete stored Customer Data unless otherwise required by Data Protection Laws. During the Data Retrievability Period, any and all Customer Data-related provisions of the Agreement will remain in full force and effect.
7. MUTUAL INDEMNIFICATION
7.1 Indemnification by CRED
CRED will defend and hold Customer Entities, its directors, officers, employees, agents, and contractors harmless against any claim, demand, suit, or proceeding ("Claim") made or brought against Customer Entities by a third party alleging that the use of the CRED Services or CRED Data, as permitted hereunder, infringes any patent, trademark or copyright or otherwise infringes applicable law, including a third party’s privacy rights, and will indemnify Customer for any damages finally awarded against Customer (or any settlement approved in writing by CRED) in connection with any such Claim. The foregoing obligations do not apply to the extent that the alleged Claim arises from (a) Customer Data, Third-Party Products, or any other portions or components of the CRED Services not supplied by CRED; (b) any modification, combination, or development of the CRED Services or portions or components thereof that is (i) made in whole or in part in accordance with Customer specifications; or (ii) not performed by CRED; (c) Customer' negligence, misconduct, or breach of the Agreement; (d) the use of any version of the CRED Services other than the most current release made available by CRED, or (e) portions or components of the CRED Platform: (i) that are modified after delivery by CRED; (ii) combined with other products, processes, or materials where the alleged infringement relates to such combination; (iii) where Customer continues allegedly infringing activity after being notified thereof or after being informed of modifications that would have avoided the alleged infringement; or (iv) where Customer’s use of the CRED Platform is not strictly in accordance with this Agreement or the Terms of Service (collectively, the "Excluded Claims").
If the use of the CRED Services by Customer has become, or in CRED’s opinion is likely to become, the subject of any claim of infringement, CRED may at its option and expense (A) procure for Customer the right to continue using and receiving the CRED Services as set forth hereunder; (B) replace or modify the CRED Services to make it non-infringing (with comparable functionality); or (C) if the options in clauses (A) or (B) are not reasonably practicable, terminate the Agreement and refund Customer on a pro-rata basis any prepaid Fees covering the remainder of the term of this Agreement after the effective date of termination. CRED shall not be responsible for any settlement it does not approve in writing. This Section states CRED’s entire liability and Customer' exclusive remedy for infringement or misappropriation of intellectual property of a third party.
7.2 Indemnification by Customer
Customer will defend and hold CRED, its directors, officers, employees, agents, and contractors harmless against any Claim made or brought against CRED by a third party arising out of the Customer’s use of the CRED Services, any violation of this Agreement, and/or allegations that Customer Data or CRED’s processing of Customer Data pursuant to Customer' instructions violates or infringes applicable law, causes harm to a third party, including but not limited to a third party’s privacy right, violations of intellectual property and their rights, or Data Protection Laws, and Customer will indemnify CRED for any damages finally awarded against CRED (or any settlement approved in writing by Customer) in connection with any such Claim.
7.3 Indemnification Procedure
Each party’s indemnification obligations are conditioned upon the indemnified party (a) promptly notifying the indemnifying party of any Claim in writing; and (b) cooperating with the indemnifying party in the defense of any Claim. The indemnified party shall have the right to participate in the defense of any Claim with counsel selected by it subject to the indemnifying party’s right to control the defense thereof. The fees and disbursements of such counsel shall be at the expense of the indemnified party. Notwithstanding any other provision of the Agreement, the indemnifying party shall not enter into settlement of any Claim that requires the indemnified party to admit fault or pay amounts that the indemnifying party must pay under this Section, without the prior written consent of the indemnified party, which shall not be unreasonably withheld or delayed.
8. WARRANTY AND DISCLAIMER
8.1 Mutual Representations
Each party represents to the other that (a) it is duly organized and a validly existing entity, in good standing under the laws of the jurisdiction in which it was formed, and that it has the right and capacity to enter into the Agreement; (b) it has full power and authority to grant the rights granted by it under the Agreement and that there are no outstanding obligations or agreements that conflict with the Agreement; and (c) the Agreement, when signed by its duly authorized representative, constitutes a valid and legally binding obligation on that party that is enforceable in accordance with the terms of the Agreement.
8.2 CRED Warranties
CRED warrants that (a) it will use commercially reasonable efforts to prevent the introduction of viruses, Trojan horses or similar harmful materials into the CRED Services (but CRED is not responsible for harmful materials submitted by Customer or its Users); (b) the CRED Services will perform materially in accordance with the applicable documentation (collectively, the "Performance Warranty"); (c) it will provide all Services in compliance with all applicable laws, rules and regulations; and (d) It has and will maintain a reasonable disaster recovery and business continuity plan for the CRED Services that will enable continuity of CRED Services in the event of any reasonably foreseeable disruption. In the event of a breach of the Performance Warranty, CRED will use commercially reasonable efforts to correct any non-conformity. In the event CRED determines corrections to be impracticable, CRED or Customer may terminate the Agreement and receive a prorated refund. In the event the Agreement is terminated as provided herein, CRED will refund to Customer any prepaid Fees for use of the CRED Services for the terminated portion of the applicable subscription term. The Performance Warranty will not apply (i) unless Customer makes a claim within thirty (30) days of the date on which Customer noticed the non-conformity, (ii) if the non-conformity is caused by Customer misuse, unauthorized modifications, Third-Party Products, or other services, software or equipment, or (iii) Beta Services. CRED’s sole liability and Customer' sole exclusive remedy, for any breach of the Performance Warranty are set forth in this Section 8.2.
8.3 Customer Warranties
Customer warrants that (a) Customer' use of the CRED Services or execution of the Agreement does not and will not conflict with Customer' obligations to any third parties; and (b) Customer has obtained all legally required consents and permissions from its end users for the submission and processing of personal data through the CRED Services.
8.4 Disclaimers
CRED DOES NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED OR ERROR FREE OR MEET Customer' REQUIREMENTS; NOR DOES IT MAKE ANY WARRANTY AS TO THE RESULTS THAT MAY BE OBTAINED FROM USE OF THE SERVICES. EXCEPT AS EXPRESSLY SET FORTH IN THE AGREEMENT, THE SERVICES ARE PROVIDED "AS IS" AND CRED EXPRESSLY DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, QUALITY AND ACCURACY. CRED DOES NOT WARRANT AGAINST INTERFERENCE WITH THE ENJOYMENT OF THE SERVICES OR THAT ANY INFORMATION PROVIDED THROUGH THE SERVICES IS ACCURATE OR COMPLETE OR WILL ALWAYS BE AVAILABLE.
IN ADDITION, Customer ACKNOWLEDGES THAT CRED DOES NOT CONTROL THE TRANSFER OF DATA OVER COMMUNICATIONS FACILITIES, INCLUDING THE INTERNET, AND THAT THE SERVICES MAY BE SUBJECT TO LIMITATIONS, DELAYS, AND OTHER PROBLEMS INHERENT IN THE USE OF SUCH COMMUNICATIONS FACILITIES. CRED IS NOT RESPONSIBLE FOR ANY DELAYS, DELIVERY FAILURES, OR OTHER DAMAGE RESULTING FROM SUCH PROBLEMS. CRED IS NOT RESPONSIBLE OR LIABLE FOR ANY THIRD PARTY PRODUCTS, DOES NOT GUARANTEE THE CONTINUED AVAILABILITY THEREOF OR ANY INTEGRATION THEREWITH, AND MAY CEASE MAKING ANY SUCH INTEGRATION AVAILABLE IN ITS DISCRETION.
9. LIMITATION OF LIABILITY
9.1 Limitation of Liability
9.1.1 Consequential Damages Waiver
9.1.2 Damages Cap
9.2 Basis of the Bargain
10. GENERAL PROVISIONS
10.1 Entire Agreement; Conflicts
Both parties agree that the Agreement, including all exhibits, is the complete and exclusive statement of the mutual understanding of the parties and supersede and cancel all previous written and oral agreements, communications and other understandings relating to the subject matter of the Agreement (including, with respect to the subject matter hereof, any non-disclosure or confidentiality agreement previously entered into between the parties and any online terms of service or click-through agreements within the CRED Services).
10.2 Severability
In the event that any part or provision of the Agreement is declared fully or partially invalid, unlawful or unenforceable by a court of competent jurisdiction, the remainder of the part or provision and the Agreement will remain in full force and effect, if the essential terms and conditions of the Agreement for each party remain valid, binding and enforceable.
10.3 Assignment
Neither party may assign the Agreement without the other party’s prior written consent, except that a party may assign the Agreement upon written notice without such consent to an entity in connection with a reorganization, merger, consolidation, acquisition, or other restructuring involving all or substantially all of the assigning party’s voting securities or assets. Non-permitted assignments are void. The Agreement is binding upon, and inures to the benefit of, the parties and their respective successors and assigns.
10.4 Independent Contractors
The parties to the Agreement are independent contractors and the Agreement does not create an agency, partnership, joint venture, employment, franchise, or agency relationship. Neither party has the power to bind the other or incur obligations on the other party’s behalf without the other party’s prior written consent.
10.5 Notices
Any notice under the Agreement must be given in writing. CRED may provide notice to Customer through the Customer account or in-product notifications. Customer agrees that any electronic communication will satisfy any applicable legal communication requirements, including that such communications be in writing. All notices under the Agreement will be deemed to have been duly given when received, if personally delivered; when receipt is electronically confirmed, if transmitted by email; the day after it is sent, if sent for next day delivery by a recognized overnight delivery service; and upon receipt. Notices to Customer must be sent to the email or other address as set forth in Customer' Account information. Notices to CRED must be sent to the following address: CRED Investments Inc at 651 N Broad St Suite 206 Middletown Delaware, 19709, United States, Attn: Legal or legal@credinvestments.com.
10.6 Governing Law and Arbitration
The Agreement shall be governed by the laws of New York State without regard to its conflict of laws provisions. To address disputes or claims related to the terms of these Terms of Service, the CRED Platform Subscription Order Form, any subsequent order form or purchase order, or the use of the CRED Platform, both parties commit to first attempt resolution through informal discussions and good faith negotiations, a prerequisite before pursuing any legal action. If no resolution is achieved within thirty (30) days after starting informal dispute resolution, either party may then proceed to binding arbitration as the exclusive method for resolving such claims. The Customer and CRED hereby agree to resolve any disputes, claims, or disagreements arising from or related to the terms of these Terms of Service, the CRED Platform Subscription Order Form, any subsequent order form or purchase order, or the use of the CRED Platform, exclusively through binding arbitration, foregoing traditional court proceedings. This arbitration obligation is subject to the Federal Arbitration Act, which oversees its interpretation and enforcement. The arbitration shall be administered by the American Arbitration Association ("AAA") in accordance with its rules and procedures, detailed at www.adr.org ("Procedures"). A single arbitrator, appointed according to the Procedures, will oversee the arbitration, whose decision shall be conclusive and enforceable in any court with appropriate jurisdiction. Both parties will bear their respective arbitration fees and costs. The arbitration process will occur in New York, New York. For claims seeking less than US $10,000, the method of arbitration—based on documentary evidence and, or via telephone—will be at the choosing of either party, unless the arbitrator deems an in-person meeting necessary. Both parties agree to undertake arbitration only on an individual basis, explicitly renouncing any right to initiate or participate in any form of class action, representative action, or similar collective legal proceedings. All disputes shall be arbitrated or litigated, as applicable, solely on an individual basis, and not as part of any class, collective, or representative action. The Customer shall not seek to have any dispute arbitrated or litigated, as applicable, as a class action, representative action, collective action, or in any other capacity involving joint or consolidated claims. Notwithstanding Customer's and CRED’s agreement to mandatory arbitration, either party may pursue interim or preliminary injunctive relief from a court of competent jurisdiction in New York, New York as required to protect and enforce its rights pending the outcome of arbitration. The parties submit to the exclusive jurisdiction of any state or federal court of competent jurisdiction located in New York, New York.
10.7 Export Restrictions
Customer must not access or use the CRED Services in violation of any export embargo, prohibition or restriction. In addition, Customer must comply with all applicable laws and regulations governing the export, re-export and transfer of the CRED Services and Customer is responsible for obtaining any required export or import authorizations.
10.8 Force Majeure
Neither party will be liable to the other for any delay or failure to perform any obligation under the Agreement (except for a failure to pay Fees) if the delay or failure is due to events which are beyond the reasonable control of such party, such as a strike, blockade, war, act of terrorism, pandemic, riot, natural disaster, failure or diminishment of power or telecommunications or data networks or services, or refusal of a license by a government agency.
10.9 Counterparts
This Agreement or any Order Form or SOW may be executed in counterparts, each of which shall be deemed an original and enforceable against the parties actually executing such counterparts, and all of which together shall constitute one and the same instrument. Signatures by facsimile or signatures which have been scanned and transmitted by electronic mail shall be deemed valid and binding for all purposes.
DATA PROCESSING AGREEMENT (DPA)
In these circumstances you/ your organization/ company is considered to be acting on its own behalf as the “Controller”, and CRED will be acting on its own behalf as the "Processor", each being a “Party” and together the “Parties”.
The terms used in this DPA shall have the meanings set forth in this DPA.
This DPA applies if there is no Controller submitted DPA signed by the Parties.
The Controller commits to having a valid legal basis under Applicable Laws, for Processing the Personal Data that will be input into CRED Platform.
1. Definitions
1.1 In this DPA, the following terms shall have the meanings set out below and cognate terms shall be construed accordingly:
1.1.1 "Applicable Laws" means (a) the UK and European Union or Member State laws with respect to any Personal Data in respect of which any entity which Processes Personal Data is subject to such legislation; and (b) any other applicable law with respect to the protection of Personal Data and those natural persons to whom it pertains to from around the Globe, as applicable to the Processing under the Credinvestments Platform Service;
Where local legislation is less protective of the rights and freedoms of those natural persons whose Personal Data is under Processing, the EU GDPR ruling shall prevail.
1.1.2 "Controller Personal Data" Personal Data pertaining to prospective customers of the Corporate Client by Credinvestments or on CRED Platform ;
1.1.3 "EEA" means the European Economic Area;
1.1.4 "EU Data Protection Laws" means EU Directive 95/46/EC, as transposed into domestic legislation of each Member State and as amended, replaced or superseded from time to time, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, (General Data Protection Regulation) and laws implementing or supplementing the GDPR and (ii) any data privacy legislation including the E-privacy Directive and as amended, replaced or superseded from time to time;
1.1.5 "GDPR" means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
1.1.6 “Personal Data” means any of the following (i) Personal Data as defined in EU Directive 95/46/EC and transposed with Domestic legislation of each member state and as amended, replaced or superseded from time to time (ii) Personal Data as defined in the GDPR as amended, replaced or superseded from time to time; and (iii) personal data as defined in the local data protection or data privacy legislation or laws of another country (including Switzerland) if applicable.
1.1.7 "International Transfer" in the context defined by the EU and the UK does not apply because all such Personal Data is publicly accessible; nevertheless, all Personal Data is hosted in the EU
1.1.8 "Services" means the services and other activities to be supplied to or carried out from the CRED Platform , by or on behalf of Processor for a Controller via the Controller or directly by Controller users, pursuant to the Terms and Conditions;
1.1.9 "Subprocessor" means any 3rd party (including any Processor Affiliate, but excluding an employee of Processor or any of its sub-contractors) appointed by or on behalf of Processor or any Processor Affiliate to Process Personal Data on behalf of the Controller, the Controller in connection with the Terms and Conditions; and
1.1.10 "Processor Affiliate" means an entity that owns or controls, is owned or controlled by or is or under common control or ownership with Processor, where control is defined as the possession, directly or indirectly, of the power to direct or cause the direction of the management and policies of an entity, whether through ownership of voting securities, by contract or otherwise.
1.2 The terms, "Commission", "Controller", "Data Subject", "Member State", "Personal Data Breach", "Processing", “International Transfer” and "Supervisory Authority" shall have the same meaning as in the GDPR, and their cognate terms shall be construed accordingly.
1.3 The word "include" shall be construed to mean include without limitation, and cognate terms shall be construed accordingly.
2. Authority
2.1 Processor warrants and represents that, prior to having any Subprocessor Processing any Controller Personal Data, the Processor shall have entered into a DPA with that Subprocessor which bears at least the same amount of commitment towards the observance of Applicable Law and the protection of the Rights and Freedoms of those natural persons whose Personal Data is under Processing.
3. Processing of Controller Personal Data
3.1 Processor and each Processor Affiliate shall:
3.1.1 comply with all Applicable Laws in the Processing of Controller Personal Data; and
3.1.2 not process Controller Personal Data other than on the relevant Controller`s or Controller`s documented instructions unless Processing is required by Applicable Laws to which the relevant Subprocessor is subject, in which case Processor or the relevant Processor Affiliate shall to the extent permitted by Applicable Laws inform the Controller of that legal requirement before the relevant Processing of that Personal Data
3.2 The Controller shall ensure that:
3.2.1 instructs Processor and each Processor Affiliate (and authorises Processor and each Processor Affiliate to instruct each Subprocessor) to:
3.2.1.1 Process Controller Personal Data; and
3.2.1.2 in particular, transfer Controller Personal Data to any country or territory, as reasonably necessary for the provision of the Services and consistent with the Terms and Conditions.
3.3 Annex 1 to this DPA sets out certain information regarding the Processors' Processing of the Controller Personal Data as required by Article 28(3) of the GDPR (and, possibly, equivalent requirements of other Applicable Laws). Controller may make reasonable amendments to Annex 1 by written notice to Processor from time to time as Controller reasonably considers necessary to meet those requirements. Nothing in Annex 1 (including as amended pursuant to this section 3.3) confers any right or imposes any obligation on any party to this DPA.
3.4 Immediately and within less than 1 month from receiving Personal Data from the Processor, while fulfilling the requirements under article 14 of the EU GDPR, Controller is required to have the Data Subject informed and aware of which Personal Data is under Processing and its origin and purpose.
4. Processor and Processor Affiliate Personnel
Processor and each Processor Affiliate shall take reasonable steps to ensure the reliability of any employee, agent or contractor of any Subprocessor who may have access to the Controller Personal Data, ensuring in each case that access is strictly limited to those individuals who need to know / access the relevant Controller Personal Data, as strictly necessary for the purposes of the Terms and Conditions , and to comply with Applicable Laws in the context of that individual's duties to the Processor, ensuring that all such individuals are subject to confidentiality undertakings or professional or statutory obligations of confidentiality.
5. Security
5.1 Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Processor and each Processor Affiliate shall in relation to the Controller Personal Data implement appropriate technical and organizational measures to ensure a level of security appropriate to that risk, including, as appropriate, the measures referred to in Article 32(1) of the GDPR.
5.2 In assessing the appropriate level of security, Processor and each Processor Affiliate shall take account in particular of the risks that are presented by Processing, in particular from a Personal Data Breach.
5.3 The technical and organizational implemented measures by the Processor and each Processor Affiliate are listed on Annex 2.
6. Subprocessing
6.1 The Controller authorises Processor and each Processor Affiliate to appoint (and permit each Subprocessor appointed in accordance with this section 6 to appoint) Subprocessors in accordance with this section 6 and any restrictions in the Terms and Conditions.
6.2 Processor and each Processor Affiliate may continue to use those Subprocessors already engaged by Processor or any Processor Affiliate as at the date of this DPA, subject to Processor and each Processor Affiliate in each case as soon as practicable meeting the obligations set out in section 6.4.
6.3 Controller authorises the Processor to subcontract subprocessors which the Processor considers necessary for the correct service provision of the services agreed in the main contract. Upon Controller´s request, the Processor will provide an updated list of all categories of subcontractors involved in the service provision contracted by the former.
The subprocessor shall also be regarded as processor in the same terms as the Processor in this agreement. In this sense, the Processor agrees to sign a data processing agreement with the third-party subprocessor through which the Subprocessor agrees to comply with the obligations established in this agreement, as a Subprocessor.
In any case, the same data protection obligations will be imposed on the subcontractor in such a way that the processing complies with the provisions of GDPR (being at present date the most comprehensive piece of Personal Data Protection legislation being enforced).
6.4 With respect to each Subprocessor, Processor or the relevant Processor Affiliate shall:
6.4.1 before the Subprocessor first processes Controller Personal Data (or, where relevant, in accordance with section 6.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Controller Personal Data required by the Terms and Conditions ;
6.4.2 ensure that the arrangement between on the one hand (a) Processor, or (b) the relevant Processor Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand, the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Controller Personal Data as those set out in this DPA and meet the requirements of Article 28(3) of the GDPR;
7. Data Subject Rights
7.1 Taking into account the nature of the Processing, Processor and each Processor Affiliate shall implement appropriate technical and organizational measures, insofar as this is possible, for the fulfillment of its legal obligations, to respond to the exercise of Data Subject rights under the Applicable Laws.
7.2 Processor shall:
7.2.1 promptly notify Controller if the Processor or any Subprocessor receives a request from a Data Subject under any Applicable Law in respect of Controller Personal Data; and
7.2.2 ensure it shall not neither its Subprocessor respond to that request except on the documented instructions of Controller or as required by Applicable Laws to which the Processor or the Subprocessor is subject, in which case Processor shall to the extent permitted by Applicable Laws inform Controller of that legal requirement prior to having the Subprocessor responding to the request.
7.2.3 Given the fact that the Processor shall be Processing the Personal Data while not having it shared with the Controller for certain periods, if a Data Subject exercises his/ her Rights during such a time frame the Processor will fulfill such requests without informing or asking the Controller for instructions.
8. Personal Data Breach
8.1 Processor shall notify Controller without undue delay upon Processor or any Subprocessor becoming aware of a Personal Data Breach on their side, affecting Controller Personal Data, providing Controller with sufficient information to allow the Controller to meet any obligations to report or inform Data Subjects or Supervisory Authorities of the Personal Data Breach under the Applicable Laws. "Such notification shall as a minimum contain the following information:
8.1.1 describe the nature of the Personal Data Breach, the categories and numbers of Data Subjects concerned, and the categories and numbers of Personal Data records concerned;
8.1.2 communicate the name and contact details of Processor's data protection officer or other relevant contact from whom more information may be obtained;
8.1.3 describe the likely consequences of the Personal Data Breach; and
8.1.4 describe the measures taken or proposed to be taken to address the Personal Data Breach.
8.2 Processor shall co-operate with the Controller and take such reasonable commercial steps as are directed by the Controller to assist in the investigation, mitigation and remediation of each such Personal Data Breach.
9. Data Protection Impact Assessment and Prior Consultation
Processor and each Processor Affiliate shall provide reasonable assistance to the Controller with any data protection impact assessments, and prior consultations with Supervising Authorities or other competent data privacy authorities, as defined under Article 35 or 36 of the GDPR or equivalent provisions of any other Data Protection Law, in each case solely in relation to Processing of Controller Personal Data by, and taking into account the nature of the Processing and information available to, the Subprocessors.
10. Deletion or return of Controller Personal Data
10.1 Subject to section 10.2, Controller may in its absolute discretion by written notice to Processor request that within thirty (30) days of the Cessation Date require Processor and each Processor Affiliate to (a) return a complete copy of all Controller Personal Data to Controller by secure file transfer in such format as is reasonably notified by Controller to Processor; and (b) delete and procure the deletion of all other copies of Controller Personal Data processed by any Subprocessor. Processor and each Processor Affiliate shall comply with any such written request within 30 days of the Cessation Date.
10.2 Each Subprocessor may retain Controller Personal Data to the extent required by Applicable Laws and only to the extent and for such period as required by Applicable Laws and always provided that Processor and each Processor Affiliate shall ensure the confidentiality of all such Controller Personal Data and shall ensure that such Controller Personal Data is only processed as necessary for the purpose(s) specified in the Applicable Laws requiring its storage and for no other purpose.
10.3 Processor shall provide written confirmation document to Controller certifying that the Processor and its Subprocessors have fully complied with this section 10 within 30 days of the Cessation Date.
10.4 For the purposes of this clause, “delete” means to remove or obliterate Personal Data that it should not be recovered or reconstructed”, “Cessation Date” means the date of cessation of any services involving the processing of Controller Personal Data.
11. Audit rights
11.1 Processor and each Processor Affiliate shall make available to the Controller on request all information necessary to demonstrate compliance with this DPA
12. General Terms
Governing law and jurisdiction
12.1 Without prejudice to clauses 7 (Mediation and Jurisdiction):
12.1.1 the Parties to this DPA hereby submit to the choice of jurisdiction stipulated in the Terms and Conditions with respect to any disputes or claims howsoever arising under this DPA, including disputes regarding its existence, validity or termination or the consequences of its nullity; and
12.1.2 the Parties to this DPA hereby submit to the choice of jurisdiction stipulated in the Terms and Conditions with respect to any disputes or claims howsoever arising under this DPA, including disputes regarding its existence, validity or termination or the consequences of its nullity; and
Order of precedence
12.2 Nothing in this DPA reduces Processor's or any Processor Affiliate’s obligations under the Terms and Conditions in relation to the protection of Personal Data or permits Processor or any Processor Affiliate to process (or permit the Processing of) Personal Data in a manner which is prohibited by the Terms and Conditions.
12.3 Subject to section 12.2, with regard to the subject matter of this DPA, in the event of inconsistencies between the provisions of this DPA and any other agreements between the Parties, including the Terms and Conditions and including (except where explicitly agreed otherwise in writing, signed on behalf of the Parties) agreements entered into or purported to be entered into after the date of this DPA, the provisions of this DPA shall prevail.
Changes in Applicable Laws, etc.
12.4 Controller may:
12.4.1 by written notice to Processor propose any other variations to this DPA which Controller reasonably considers to be necessary to address the requirements of any Data Protection Law.
12.5 If Controller gives notice under section 12.4.1:
12.5.1 Processor and each Processor Affiliate shall promptly co-operate (and ensure that any affected Subprocessors promptly co-operate) to ensure that equivalent variations are made to any agreement put in place under section 6.4.3; and
12.5.2 Controller shall not unreasonably withhold or delay agreement to any consequential variations to this DPA proposed by Processor to protect the Subprocessors against additional risks associated with the variations made under section 12.4.1 and/or 12.5.1.
12.6 If Controller gives notice under section 12.4.1, the Parties shall promptly discuss the proposed variations and negotiate in good faith with a view to agreeing and implementing those or alternative variations designed to address the requirements identified in Controller's notice as soon as is reasonably practicable.
12.7 Neither Controller nor Processor shall require the consent or approval of any Controller Affiliate or Processor Affiliate to amend this DPA pursuant to this section 12.5 or otherwise.
Severance
12.8 Should any provision of this DPA be invalid or unenforceable, then the remainder of this DPA shall remain valid and in force. The invalid or unenforceable provision shall be either (i) amended as necessary to ensure its validity and enforceability, while preserving the Parties’ intentions as closely as possible or, if this is not possible, (ii) construed in a manner as if the invalid or unenforceable part had never been contained therein.
12.9 Contact information of the Parties.
Each Party is hereby informed that the contact information of their representatives and employees will be processed by the other Party for the purpose of executing, developing, complying and controlling the provision of the agreed services, considering the compliance of the contractual obligations as the legal grounds for the data processing. Personal data will be retained during the term of the commercial agreement and for statutory limitation periods upon termination of the agreement in order to comply with any potential liabilities arising thereof. In addition, each of the Parties shall comply with its obligation of information to their respective representatives and employees.
The data of the Parties may be transferred to banks and financial entities for payment management and collection, to the Tax Authorities and other Public Administrations for the purpose of carrying out the corresponding tax declarations and complying with their respective legal obligations, in accordance with applicable regulations, and to the Public Administrations in the event of statutory requirements.
The Parties may request access to the personal data which is referred to in this clause, its rectification, erasure, portability, and restriction of its processing, as well as objection of said processing, at the address of the Parties as specified in Annex 3.
12.10 Liability
The Processor shall be responsible for all penalties and fines arising from the failure to comply with the obligations set under this agreement.
This Annex includes certain details of the Processing of Personal Data as required by Article 28(3) GDPR.
Subject matter and duration of the Processing of Personal Data
The subject matter and duration of the Processing of Personal Data are set out in the Terms and Conditions and the Privacy Policy.
The nature and purpose of the Processing of Personal Data
The nature and purpose of the Processing of Personal Data are set out in the Terms and Conditions and the Privacy Policy.
The categories of Data Subject to whom Personal Data relates
The Data Subjects whose Personal Data will be under Processing by the Processor consist of Controller’ prospective customers (natural persons).
The types of Personal Data to be processed
First Name
Last Name
Phone (Company)
Corporate email
Company
Company Address
Role/ Job Title/Department
Company Size
Location/ City
Employment history
Education Background
Social Media Profiles
TimeZone
PhotoURL (meaning weblink to a Data Subject photo)
Date of death
Customer of (companies)
Volunteering Member
Member of Groups
Interests
Followed persons in Social Media
Followed companies in Social Media
Is an investor (Y/N)
Continent; Country; City of residence
Bio
Birthdate
Education
Professional Data
Gender
Estimated professional experience - statistical
Estimated salary range - statistical
Estimated interests based on Social Media - statistical
Estimated pet owner - statistical
Social Media and followers
Languages
Other persons with similar interests and walks of life
The obligations and rights of Processor and Processor Affiliates
The Processor has the obligation to meet and observe Applicable Laws’ requirements mainly and specifically the EU Regulation 2016/ 679 (the General Data Protection Legislation – GDPR) which under European Union law takes precedence over each member state local transposition legislation.
