Master Services Agreement

Last Updates: 5th September, 2024

This CRED Master Services Agreement (“Agreement”) is made between CRED Investments Inc, a company incorporated and registered in the United States whose registered office is at 651 N Broad St Suite 206 Middletown Delaware, 19709, United States (“CRED”), and Customer and governs the Customer’s use of the Service (each as defined below).

“Customer” means an entity or person that accepts and agrees to the terms of this Agreement as of the earlier date on which such entity or person executed an agreement with CRED making reference to their acceptance and agreement of adhering to the terms of this Agreement or by using the Services (“Effective Date”).

CRED retains the right to amend or revise this Agreement at its sole discretion. The effective date of any such changes will be the earlier of: (i) 30 days from the date of the amendment or revision; or (ii) the Customer’s continued use of the Service.

IF YOU DO NOT AGREE TO THIS AGREEMENT, YOU ARE NOT PERMITTED TO ACCESS OR USE THE SERVICE. THE SERVICE IS EXCLUSIVELY FOR THE CUSTOMER AND ITS AUTHORIZED USERS. IF AN INDIVIDUAL ENTERS INTO THIS AGREEMENT ON BEHALF OF A LEGAL ENTITY, THAT PERSON REPRESENTS AND WARRANTS THAT THEY HAVE THE LEGAL AUTHORITY TO BIND THE LEGAL ENTITY TO THIS AGREEMENT, WHICH THEN APPLIES TO THAT ENTITY AS THE CUSTOMER.

If Customer and CRED have entered into a written agreement governing Customer’s access to and use of the Service, the terms of that signed agreement will prevail and supersede this Agreement.

Customer and CRED are hereinafter collectively referred to as “Parties”, or each of them individually as a “Partyr and CRE

  1. CRED RESPONSIBILITIES

1.1 Provision of CRED Services

Subject to the terms set forth in this Master Service Agreement ("MSA") CRED will provide Customer the Services (defined below) for the fees listed herein ("Fees"). "CRED Services" means the software-as-a-service product(s) and its associated deliverables specified, but for clarity excludes Third-Party Products. "Third-Party Products" means a non-CRED product or Web-based, mobile, offline or other software application or service that Customer chooses to integrate with or use in connection with the CRED Services. "Agreement" means, collective on the CRED website or within the MSA, DPA (defined below), Order Form and/or SOW and amendments to any of the foregoing. "Services" mean, collectively, the CRED Services and Professional Services (defined below). The license granted hereunder to the CRED Services is non-exclusive, non-transferable, non-sublicensable, revocable, and limited to the Customer's internal business purposes. "CRED Plan" shall mean the features, credits, and any add-ons detailed in any Order Form and/or SOW executed between the Customer and CRED which pertain to Customer's user allowances and restrictions when using the CRED Services. CRED reserves the right to make changes to the CRED Services from time to time provided that these changes will not materially decrease or change the utility of the CRED Services, or the delivery of the functionality of the CRED Services expressed in the Order Form and/or SOW. Only Upgrades (not downgrades) of the Customer's CRED Plan are allowed during the Service Term. "Upgrades" shall mean moving to a higher CRED Plan, by adding credits, adding add-Ons, or extending the Service Term. Credits are the unit of value for accessing CRED Services features and services. Credits may be purchased upfront, through monthly top-ups, or on an ad-hoc basis. Credits are deducted incrementally based on feature usage (credit consumption terms are available on CRED’s website: www.credplatform.com). CRED reserves the right to modify these terms without prior notice, and continued use of the CRED Services constitutes acceptance of such changes. Customers purchasing additional seats in bulk may be eligible for extra Credits, and bonus Credits may be awarded based on agreed spending commitments. Bonus Credits and additional Credits provided through bulk purchases will follow the same terms regarding Credit usage and expiration unless otherwise specified. Credits are non-transferable, non-refundable, and hold no cash value, unless otherwise agreed in writing.

1.2 Customer Affiliates

The rights granted under this MSA apply only to the Customer entity that enters into this Agreement. Except as set forth herein, Customer may not extend its rights to any Customer Affiliate (defined below).  However, Customer Affiliates shall be entitled to enter into an agreement with CRED pursuant to this MSA and, in such circumstances, all references in this MSA to Customer shall be deemed to be applicable to the Customer Affiliate, unless otherwise set forth in writing. With respect to any such agreement Customer Affiliate becomes a party to this MSA and references to Customer in this MSA are deemed to be references to such Customer Affiliate.  Each such agreement is a separate obligation of the Customer entity that enters into such agreement, and the rights granted in connection with such agreement are solely for the benefit of such Customer entity, and no other Customer entity has any liability, obligation or rights under such an agreement.  "Customer Affiliate" shall mean any entity controlling, controlled by or under common control with Customer, where control (including "controlled by" and "under common control with") means the possession, directly or indirectly, of the power to direct or cause the direction of the management and policies of such person or entity, whether through the ownership of voting securities or other ownership interests, by contract or otherwise. Credits purchased by the Customer may be shared with Customer Affiliates as per written agreement, but all usage of Credits remains governed by the same non-transferable, non-refundable, and non-cash value rules unless otherwise specified in writing.

1.3 Support

During the term of the applicable Agreement, CRED will make available to Customer as part of the CRED Services, all updates and provide Customer with product support, as follows:

Contact Persons:

Name: Anthony Meir Name: Emily Perretti

Role: Commercial Lead Role: Operations

Email: anthony.meir@credinvestments.com Email: emily@credinvestments.com

CRED standard support hours are 09:00 to 17:00 GMT Monday through Friday for technical information, technical advice and technical consultation regarding Customer' use of the CRED Services. CRED will use commercially reasonable efforts to respond to all enquiries within one (1) business day.

1.4 Data Privacy and Protection of Customer Data

The CRED Data Protection Agreement ("DPA") is incorporated by reference into this MSA. The parties agree that the provisions contained in the DPA govern the processing of personal data in connection with this MSA.  CRED will maintain appropriate administrative, physical, and technical safeguards for protection of the security, confidentiality, and integrity of Customer Data (defined below) and the Services, including measures designed to prevent unauthorized access to or use or disclosure of Customer Data.  CRED will, on at least an annual basis, have an audit conducted by a reputable and experienced third party and have such third party issue a SOC 2 report (or substantially similar report) (“Audit Report”).  CRED will develop and implement a remedial action plan to address and resolve any deficiencies identified in the Audit Report, or that CRED otherwise becomes aware of, within a commercially reasonable time. 

"Customer Data" means data and other content submitted by or for Customer to the CRED Services, including Customer' end user data. For the avoidance of doubt, Customer Data does not include System Data (defined below) or any dashboards, report templates or any other technology or components of the CRED Services created, developed, used or provided by CRED.

1.5 Professional Services

CRED will perform the Professional Services (see Order Form and/or SOW) in a professional and workmanlike manner in accordance with this MSA. In addition to Services detailed in an Order Form or SOW, CRED may, upon request from Customer, provide Ad-Hoc Services. "Ad-Hoc Services" refers to services that fall outside the scope of the Order Form or SOW, which may be confirmed verbally or via email. Such confirmation will be treated as a binding agreement. Ad-Hoc Services will be billed in Credits, and the required number of Credits for Ad-Hoc services will be provided to the Customer in advance of service execution. Credits for Ad-Hoc services will be deducted from the available balance and billed monthly based on the completion of tasks or services. No changes to the Professional Services will be effective without the written agreement of each party. CRED may share documentation and training materials (collectively, the "CRED Professional Services Materials") with Customer. If CRED Professional Services Materials are provided to Customer in connection with the Professional Services, CRED grants Customer and its affiliates, during the term of this MSA, a non-exclusive, non-transferable, non-sublicensable right and license to use the CRED Professional Services Materials internally in connection with the Professional Services and to support Customer' permitted use of the CRED Services. Notwithstanding anything to the contrary in the Agreement, CRED Professional Services Materials are the sole and exclusive property of CRED.

1.6 Beta Services

From time to time, CRED may provide Customer with access  to "alpha," "beta" or other "early-stage" CRED services, products, integrations, functionality or features (collectively, "Beta Services"), which are optional for Customer to use. These Beta Services are not generally available and may contain bugs, errors, defects or harmful components. CRED does not provide any indemnities, security commitments, service level commitments or warranties, express or implied, including warranties of merchantability, title, non-infringement, and fitness for a particular purpose, in relation to the Beta Services. If Credits are used for accessing Beta Services, the Customer acknowledges that Credits spent on Beta Services are non-refundable and subject to the terms governing the Beta program. CRED shall have no liability for any harm or damage arising out of or in connection with the Beta Services.  Beta Services may be subject to additional terms which may supplement, but not supersede, the terms in the MSA. Customer or CRED may terminate Customer' access to Beta Services at any time.  The Beta Services, including without limitation Customer' assessment or Feedback (defined below) of any Beta Services, are the Confidential Information of CRED.

  1. PROPRIETARY RIGHTS

2.1 Access to CRED Services

2.1 Access to CRED Services

Subject to the terms of the Agreement, CRED hereby grants to Customer and its affiliates, for the term set forth in this MSA, a non-exclusive, non-sublicensable, non-transferable, non-assignable right to access and use the CRED Services for Customer' internal business purposes only.

Subject to the terms of the Agreement, CRED hereby grants to Customer and its affiliates, for the term set forth in this MSA, a non-exclusive, non-sublicensable, non-transferable, non-assignable right to access and use the CRED Services for Customer' internal business purposes only.

2.2 Preservation of Rights

2.2 Preservation of Rights

CRED retains all right, title, and interest (including, but not limited, to intellectual property rights) in and to the CRED Professional Services Materials, Beta Services, and CRED Services, and all improvements, enhancements or modifications to the foregoing, and anything developed and delivered under the Agreement, including System Data.  "System Data”  means data and information collected, derived, or otherwise generated by the CRED Services that has been anonymized, de-identified, and/or aggregated so as not to identify or permit identification of an individual.  For the avoidance of doubt, CRED may use, modify, and display System Data, provided, however, CRED will not publicly disclose or distribute System Data unless it is aggregated in a manner that does not permit the identification of Customer.  No rights are granted to Customer hereunder except as expressly set forth in the Agreement.  For the sake of clarity and notwithstanding anything herein to the contrary, System Data shall not include any Customer Data. CRED reserves the rights to use, host, store, copy, adapt, modify, or create derivative works from the Customer's use of the CRED Services that uses, or is generated by machine learning algorithms, including but not limited to generated written material ("AI-Outputs") for the purposes of improving and training CRED’s machine learning algorithmic models, subject to protecting Customer's identity and rights to privacy.

CRED retains all right, title, and interest (including, but not limited, to intellectual property rights) in and to the CRED Professional Services Materials, Beta Services, and CRED Services, and all improvements, enhancements or modifications to the foregoing, and anything developed and delivered under the Agreement, including System Data.  "System Data”  means data and information collected, derived, or otherwise generated by the CRED Services that has been anonymized, de-identified, and/or aggregated so as not to identify or permit identification of an individual.  For the avoidance of doubt, CRED may use, modify, and display System Data, provided, however, CRED will not publicly disclose or distribute System Data unless it is aggregated in a manner that does not permit the identification of Customer.  No rights are granted to Customer hereunder except as expressly set forth in the Agreement.  For the sake of clarity and notwithstanding anything herein to the contrary, System Data shall not include any Customer Data. CRED reserves the rights to use, host, store, copy, adapt, modify, or create derivative works from the Customer's use of the CRED Services that uses, or is generated by machine learning algorithms, including but not limited to generated written material ("AI-Outputs") for the purposes of improving and training CRED’s machine learning algorithmic models, subject to protecting Customer's identity and rights to privacy.

2.3 Customer Data License

2.3 Customer Data License

Customer shall own all rights, title and interest in and to Customer Data and all derivatives thereof.  Customer hereby grants CRED, for the term set forth in the applicable Order Form/SOW, a non-exclusive, non-transferable, non-sublicensable, worldwide, royalty-free license to host, copy, use, transfer and process the Customer Data as necessary in order for CRED to provide the CRED Services to Customer and to support Customer under the terms of the Agreement.

Customer shall own all rights, title and interest in and to Customer Data and all derivatives thereof.  Customer hereby grants CRED, for the term set forth in the applicable Order Form/SOW, a non-exclusive, non-transferable, non-sublicensable, worldwide, royalty-free license to host, copy, use, transfer and process the Customer Data as necessary in order for CRED to provide the CRED Services to Customer and to support Customer under the terms of the Agreement.

2.4 Feedback

2.4 Feedback

Customer may from time to time provide CRED suggestions or comments for enhancements or improvements, new features or functionality or other feedback (collectively, "Feedback") with respect to the Services and/or Beta Services.  CRED will have full discretion to determine whether or not to proceed with the development of any requested enhancements, new features or functionality. Customer hereby grants CRED an unlimited, irrevocable, perpetual, sublicensable, royalty-free license, without any obligation to compensate or reimburse Customer, to use, incorporate and otherwise fully exercise and exploit any such Feedback without restriction.

Customer may from time to time provide CRED suggestions or comments for enhancements or improvements, new features or functionality or other feedback (collectively, "Feedback") with respect to the Services and/or Beta Services.  CRED will have full discretion to determine whether or not to proceed with the development of any requested enhancements, new features or functionality. Customer hereby grants CRED an unlimited, irrevocable, perpetual, sublicensable, royalty-free license, without any obligation to compensate or reimburse Customer, to use, incorporate and otherwise fully exercise and exploit any such Feedback without restriction.

2.2 CRED Data

2.2 CRED Data

As part of Services, CRED may supply Customer with certain data (“CRED Data”) that Customer can use for its internal purposes and as otherwise set forth in the applicable Order Form/SOW.  CRED represents and warrants that it has all necessary rights and consents to supply such CRED Data to Customer and for Customer to use such CRED Data as contemplated herein and in the applicable Order Form/SOW.

As part of Services, CRED may supply Customer with certain data (“CRED Data”) that Customer can use for its internal purposes and as otherwise set forth in the applicable Order Form/SOW.  CRED represents and warrants that it has all necessary rights and consents to supply such CRED Data to Customer and for Customer to use such CRED Data as contemplated herein and in the applicable Order Form/SOW.

  1. Customer RESTRICTIONS AND RESPONSIBILITIES

3.1 Administration of Customer' Account

Under certain circumstances, you have the following rights under data protection laws in relation to your personal data:

  • Access to your information

  • Request correction of your personal data

  • Request deletion of your personal data

  • Object to processing of your personal data

  • Request restriction of processing your personal data

  • Request transfer of your personal data

  • Right to withdraw consent

  • Right to review by an independent authority

If you wish to exercise any of the rights set out above, please contact us at privacy@credinvestments.com. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). 

CRED may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. CRED may also contact you to ask you for further information in relation to your request to speed up our response.

CRED will endeavor  to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

As part of the registration process, Customer will as required and applicable identify an administrative username and password ("Administrator Credentials"). Customer may use the Administrative Credentials to create standard Users (each with their own separate usernames and passwords) ("User(s)"), in accordance with the provisions of this Agreement. Customer is responsible for maintaining the security of the Administrator Credentials and the usernames and passwords for all of its Users. Customer may permit its Users to use the CRED Services, provided their use is for Customer' benefit only and they remain in compliance with the Agreement.  Customer shall be responsible for all acts or omissions it takes under the Administrator Credentials and under the usernames and passwords of all Users.  "User" means an individual Customer invites to use the CRED Services pursuant to the Agreement, including employees, contractors, agents and consultants of Customer. CRED reserves the right to refuse registration of or cancel passwords it deems inappropriate. The administrator will be responsible for managing and allocating Credits amount Users and will have access to real-time Credit balances and consumption data. Unused Credits expire at the end of the Term unless specified otherwise in any order form or as agreed in writing.

Under certain circumstances, you have the following rights under data protection laws in relation to your personal data:

  • Access to your information

  • Request correction of your personal data

  • Request deletion of your personal data

  • Object to processing of your personal data

  • Request restriction of processing your personal data

  • Request transfer of your personal data

  • Right to withdraw consent

  • Right to review by an independent authority

If you wish to exercise any of the rights set out above, please contact us at privacy@credinvestments.com. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). 

CRED may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. CRED may also contact you to ask you for further information in relation to your request to speed up our response.

CRED will endeavor  to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

3.2 License Restrictions

Under certain circumstances, you have the following rights under data protection laws in relation to your personal data:

  • Access to your information

  • Request correction of your personal data

  • Request deletion of your personal data

  • Object to processing of your personal data

  • Request restriction of processing your personal data

  • Request transfer of your personal data

  • Right to withdraw consent

  • Right to review by an independent authority

If you wish to exercise any of the rights set out above, please contact us at privacy@credinvestments.com. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). 

CRED may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. CRED may also contact you to ask you for further information in relation to your request to speed up our response.

CRED will endeavor  to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Customer will not (and will not allow any User or third party to) directly or indirectly: (a) reverse engineer, decompile, disassemble or otherwise attempt to discover the source code, object code or underlying structure, ideas or algorithms of the CRED Services (or any underlying software, documentation or data related to the CRED Services); (b) modify, translate, or create derivative works based on the CRED Services or any underlying software; (c) copy, rent, lease, distribute, pledge, assign, or otherwise transfer or encumber rights to the CRED Services or any underlying software; (d) use the CRED Services or any underlying software for the benefit of a third party, in violation of any applicable laws or regulations or outside the scope expressly permitted hereunder (including in violation of the usage restrictions set forth in this Agreement); (e) collect, process, store or transmit any Customer Data in violation of any applicable laws, regulations, privacy policies, agreements, or other obligations Customer may maintain or enter into with its end users; (f) collect, transmit or provide to the CRED Services hereunder financial information of any nature; medical information of any nature, including without limitation biometric or genetic data; social security numbers; driver’s license numbers; birth dates; passwords; personal bank account numbers; passport, government-issued ID or visa numbers; and credit card numbers or any other sensitive personal data; (g) attempt to probe, scan or test the vulnerability of the CRED Services, breach the security or authentication measures of the CRED Services without proper authorization or willfully render any part of the CRED Services unusable; (h) use or access the CRED Services to develop a product or service that is competitive with the CRED Services or engage in competitive analysis or benchmarking; (i) incorporate the CRED Services into a product or service Customer provides to a third party or publicly disseminate information regarding the performance of the CRED Services; (j) remove any proprietary notices or labels; or (k) store or transmit malicious code through the CRED Services (all of the foregoing, collectively, the "License Restrictions"). The Customer acknowledges and agrees that the total number of Seats provided by CRED is strictly defined and limited under this Agreement and in accordance with any limitations otherwise set in any Order Form and/or SOW, and that this limit shall not be exceeded at any given time. The Customer shall not engage in any activities that circumvent or abuse the Seat limitations imposed by CRED. This includes but is not limited to (i) sharing login credentials or access information with unauthorized individuals, (ii) using IP address manipulation or other methods to artificially increase concurrent usage beyond the allowed seat count, and (iii) employing any techniques that disrupt, evade, or undermine the tracking mechanisms implemented by CRED to monitor concurrent usage. The Customer agrees that CRED may implement measures, including but not limited to IP address restriction, usage tracking, and two-factor authentication, to monitor and enforce compliance with the Seat limitations. Customer shall not attempt to bypass or interfere with these measures. Customer acknowledges that a violation of the Seat limitations and usage restrictions set forth in this clause constitutes a material breach of this Agreement. In the event that the Customer exceeds the Seats limitation without prior written approval from CRED, the Customer shall be responsible for additional Seat usage charges as specified, or as otherwise consistent with the Order Form and/or SOW, or as detailed in this Agreement. The Customer acknowledges and agrees that the additional Seat usage charges shall be calculated based on the excess number of Seats used over and above the authorized Seat count during the relevant billing period. CRED reserves the right to bill the Customer for the additional Seat usage charges on a monthly basis. Upon receipt of notification from CRED regarding additional Seat usage and the corresponding charges, the Customer shall remit payment for said charges no later than five (5) business days subsequent to the date of such notification.

Under certain circumstances, you have the following rights under data protection laws in relation to your personal data:

  • Access to your information

  • Request correction of your personal data

  • Request deletion of your personal data

  • Object to processing of your personal data

  • Request restriction of processing your personal data

  • Request transfer of your personal data

  • Right to withdraw consent

  • Right to review by an independent authority

If you wish to exercise any of the rights set out above, please contact us at privacy@credinvestments.com. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). 

CRED may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. CRED may also contact you to ask you for further information in relation to your request to speed up our response.

CRED will endeavor  to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

3.3 Customer Responsibilities

Under certain circumstances, you have the following rights under data protection laws in relation to your personal data:

  • Access to your information

  • Request correction of your personal data

  • Request deletion of your personal data

  • Object to processing of your personal data

  • Request restriction of processing your personal data

  • Request transfer of your personal data

  • Right to withdraw consent

  • Right to review by an independent authority

If you wish to exercise any of the rights set out above, please contact us at privacy@credinvestments.com. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). 

CRED may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. CRED may also contact you to ask you for further information in relation to your request to speed up our response.

CRED will endeavor  to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Customer shall be responsible for: (a) its Users’ compliance with the Agreement; (b) compliance with any and all applicable third-party terms of service, privacy policies and similar documents for platforms, networks and/or websites that Customer uses in connection with the CRED Services; (c) the legality, accuracy and quality of Customer Data, including ensuring that Customer' use of the CRED Services to collect, process, store and transmit Customer Data is compliant with all applicable laws and regulations as well as any and all privacy policies, agreements or other obligations Customer may maintain or enter into with its end users such as all legally required consents and permissions; and (d) use commercially reasonable efforts to prevent the unauthorized access to or use of the CRED Services. In addition, the Customer shall be responsible for obtaining and maintaining any equipment and ancillary services needed to connect to, access, or otherwise use the CRED Services, including, without limitation, modems, hardware, servers, software, operating systems, networking, web servers, and the like ("Equipment"). The Customer shall also be responsible for maintaining the security of the Equipment, Customer account, passwords (including but not limited to administrative and user passwords), and files, and for all uses of Customer accounts or the Equipment with or without Customer’s knowledge or consent. Non-compliance with any of the aforementioned responsibilities in this clause may result in CRED terminating or otherwise suspending Customer access to the CRED Services, as this would be considered a material breach, as well as retaining the right to seek damages or injunctive relief as per applicable law. As per the terms of the Order Form and/or SOW, certain usage limits apply, specifically in the form of credits or as otherwise stated in the Order Form and/or SOW. CRED reserves the right to suspend Authorized User access in the instance that usage limits are exceeded for the applicable period as per the Customer's CRED Plan, or until an Upgrade for additional usage has been added. To facilitate efficient and accurate management of credits, CRED reserves the right to monitor Customer’s credit usage through its internal monitoring system. The Customer may monitor their credit balances available through the CRED Services.

Under certain circumstances, you have the following rights under data protection laws in relation to your personal data:

  • Access to your information

  • Request correction of your personal data

  • Request deletion of your personal data

  • Object to processing of your personal data

  • Request restriction of processing your personal data

  • Request transfer of your personal data

  • Right to withdraw consent

  • Right to review by an independent authority

If you wish to exercise any of the rights set out above, please contact us at privacy@credinvestments.com. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). 

CRED may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. CRED may also contact you to ask you for further information in relation to your request to speed up our response.

CRED will endeavor  to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

3.4 Fair Use Policy

Under certain circumstances, you have the following rights under data protection laws in relation to your personal data:

  • Access to your information

  • Request correction of your personal data

  • Request deletion of your personal data

  • Object to processing of your personal data

  • Request restriction of processing your personal data

  • Request transfer of your personal data

  • Right to withdraw consent

  • Right to review by an independent authority

If you wish to exercise any of the rights set out above, please contact us at privacy@credinvestments.com. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). 

CRED may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. CRED may also contact you to ask you for further information in relation to your request to speed up our response.

CRED will endeavor  to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

CRED is committed to ensuring a high-quality, stable service for all customers through adherence to fair use standards. These standards apply to various aspects of CRED Services, including but not limited to API requests, storage, bandwidth, and processing power. Excessive or abnormal usage that exceeds reasonable operational limits may affect platform performance and result in resource adjustments. CRED regularly monitors user activity to identify such excessive usage, which is defined as activity that disproportionately consumes system resources compared to the average user within the same subscription tier or that impacts the platform’s stability for other users. If excessive usage is identified, CRED reserves the right to take corrective action, such as throttling or limiting service performance, restricting access to certain features, or requiring the user to upgrade their plan or purchase additional resources. In severe cases, CRED may suspend or terminate service access. CRED may also update its fair use standards as necessary, and continued use of the platform implies acceptance of such changes. Users are encouraged to review their usage patterns to ensure compliance. If a user believes their usage has been incorrectly flagged, they may contact CRED support for review and resolution

Under certain circumstances, you have the following rights under data protection laws in relation to your personal data:

  • Access to your information

  • Request correction of your personal data

  • Request deletion of your personal data

  • Object to processing of your personal data

  • Request restriction of processing your personal data

  • Request transfer of your personal data

  • Right to withdraw consent

  • Right to review by an independent authority

If you wish to exercise any of the rights set out above, please contact us at privacy@credinvestments.com. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). 

CRED may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. CRED may also contact you to ask you for further information in relation to your request to speed up our response.

CRED will endeavor  to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

3.5 Third Party Products

Under certain circumstances, you have the following rights under data protection laws in relation to your personal data:

  • Access to your information

  • Request correction of your personal data

  • Request deletion of your personal data

  • Object to processing of your personal data

  • Request restriction of processing your personal data

  • Request transfer of your personal data

  • Right to withdraw consent

  • Right to review by an independent authority

If you wish to exercise any of the rights set out above, please contact us at privacy@credinvestments.com. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). 

CRED may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. CRED may also contact you to ask you for further information in relation to your request to speed up our response.

CRED will endeavor  to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Customer may choose to use or procure Third-Party Products in connection with the CRED Services. Any acquisition and use by Customer of such Third-Party Product is solely the responsibility of Customer and the applicable third-party provider and may be subject to additional terms of use from or agreement with such third parties. If Customer enables or uses Third-Party Products with the CRED Services, Customer acknowledges the interoperation of the Third-Party Products and CRED Services may require the exchange of Customer Data as required for the interoperation of the Third-Party Product and the CRED Services and Customer hereby grants CRED permission to allow the Third Party Product and its provider to access Customer Data in connection with such integration. This may include transmitting, transferring, modifying or deleting Customer Data. CRED shall not be responsible for any use, disclosure, modification, or deletion of such Customer Data or for any act or omission on the part of the third-party provider or its Third-Party Products. CRED cannot guarantee the continued availability of integrations of Third-Party Products with the CRED Services, and may cease providing them without entitling Customer to any refund, credit, or other compensation, if, for example and without limitation, the provider of a Third-Party Product ceases to make the Third Party Product available for interoperation with the corresponding CRED Services in a manner acceptable to CRED.

Under certain circumstances, you have the following rights under data protection laws in relation to your personal data:

  • Access to your information

  • Request correction of your personal data

  • Request deletion of your personal data

  • Object to processing of your personal data

  • Request restriction of processing your personal data

  • Request transfer of your personal data

  • Right to withdraw consent

  • Right to review by an independent authority

If you wish to exercise any of the rights set out above, please contact us at privacy@credinvestments.com. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). 

CRED may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. CRED may also contact you to ask you for further information in relation to your request to speed up our response.

CRED will endeavor  to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

  1. CONFIDENTIALITY

4.1 Definition of Confidential Information

Under certain circumstances, you have the following rights under data protection laws in relation to your personal data:

  • Access to your information

  • Request correction of your personal data

  • Request deletion of your personal data

  • Object to processing of your personal data

  • Request restriction of processing your personal data

  • Request transfer of your personal data

  • Right to withdraw consent

  • Right to review by an independent authority

If you wish to exercise any of the rights set out above, please contact us at privacy@credinvestments.com. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). 

CRED may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. CRED may also contact you to ask you for further information in relation to your request to speed up our response.

CRED will endeavor  to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

"Confidential Information" means any information or data in any form or medium (whether oral, written, electronic, or otherwise) disclosed by either party that is marked or otherwise designated as confidential or proprietary at the time of disclosure or that should otherwise be reasonably understood to be confidential in light of the nature of the information and the circumstances surrounding its disclosure.  Customer’s “Confidential Information” shall include all Customer Data.  However, Confidential Information will not include any information which (a) is in the public domain through no fault of the receiving party; (b) was properly known to the receiving party, without restriction, prior to disclosure by the disclosing party; (c) was properly disclosed to the receiving party, without restriction, by another person with the legal authority to do so; or (d) is independently developed by the receiving party without use of or reference to the disclosing party’s Confidential Information.

Under certain circumstances, you have the following rights under data protection laws in relation to your personal data:

  • Access to your information

  • Request correction of your personal data

  • Request deletion of your personal data

  • Object to processing of your personal data

  • Request restriction of processing your personal data

  • Request transfer of your personal data

  • Right to withdraw consent

  • Right to review by an independent authority

If you wish to exercise any of the rights set out above, please contact us at privacy@credinvestments.com. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). 

CRED may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. CRED may also contact you to ask you for further information in relation to your request to speed up our response.

CRED will endeavor  to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

4.2 Protection of Confidential Information

Under certain circumstances, you have the following rights under data protection laws in relation to your personal data:

  • Access to your information

  • Request correction of your personal data

  • Request deletion of your personal data

  • Object to processing of your personal data

  • Request restriction of processing your personal data

  • Request transfer of your personal data

  • Right to withdraw consent

  • Right to review by an independent authority

If you wish to exercise any of the rights set out above, please contact us at privacy@credinvestments.com. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). 

CRED may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. CRED may also contact you to ask you for further information in relation to your request to speed up our response.

CRED will endeavor  to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Each party agrees that it will use the Confidential Information of the other party solely in accordance with the terms of the Agreement and it will not disclose, or permit to be disclosed, the same, directly or indirectly, to any third party without the other party’s prior written consent, except as otherwise permitted hereunder. Both parties shall comply with all Data Protection Laws. This clause is in addition to, and does not relieve, remove or replace, a party’s obligation under the Data Protection Laws. Where CRED provides the Customer with any personal data (as defined in Data Protection Laws), CRED shall act as a data Processor (as defined in Data Protection Laws) and Customer shall act as a data Controller in relation to any personal data acquired through the CRED Platform (as defined in Data Protection Laws). Each party shall indemnify, defend and hold the other harmless, during and after the Service Term, on demand, from and against any and all actions, causes of action, claims, damages, liabilities, losses, costs and/or penalties of whatever nature or kind which arise out of, or are in connection with: (a) failing to comply with its obligations under the Data Protection Laws; and/or (b) any breach of this clause. Notwithstanding any other term of these Terms of Service, CRED acknowledges that the Customer shall not be obliged to provide CRED or any third party with any personal data (as defined in Data Protection Laws). For the purposes of these Terms of Service, “Data Protection Laws” means: (a) the Privacy and Electronic Communications Directive 2002/58/EC; (b) the General Data Protection Regulation 2026/679 (the EU GDPR); (c) the UK General Data Protection Regulation (the UK GDPR); (d) the Data Protection Act 2018 and all other national legislation implementing, supplementing or replacing any of the foregoing from time to time; and (e) all associated codes of practice and other binding guidance issued by any applicable regulator, all as amended, re-enacted and/or replaced and in force from time to time.  However, either party may disclose Confidential Information (a) to its employees, officers, directors, attorneys, auditors, financial advisors and other representatives who have a need to know and are legally bound to keep such information confidential by confidentiality obligations consistent with those of the Agreement; and (b) as required by law (in which case the receiving party will, to the extent legally permitted, notify the disclosing party within a reasonable time prior to such access or disclosure so as to  provide the disclosing party with the opportunity to contest such disclosure or otherwise seek appropriate protective measures, and will use its reasonable efforts to minimize such disclosure to the extent permitted by applicable law).  If the receiving party is compelled by law to access or disclose the disclosing party’s Confidential Information as part of a civil proceeding to which the disclosing party is a party, the disclosing party will reimburse the receiving party for the reasonable costs of compiling and providing secure access to such Confidential Information. Neither party will disclose the terms of the Agreement to any third party, except that either party may confidentially disclose such terms to actual or potential parties to a bona fide fundraising, acquisition, or similar transaction solely for the purposes of the proposed transaction, provided that any such party is subject to written non-disclosure obligations and limitations on use no less protective than those set forth herein.   Each party agrees to safeguard the Confidential Information from unauthorized use, access, or disclosure using at least the degree of care it uses to protect its similarly sensitive information and in no event less than a reasonable degree of care.  In the event of actual or threatened breach of the provisions of this Section or the License Restrictions, the non-breaching party will be entitled to seek immediate injunctive and other equitable relief, without waiving any other rights or remedies available to it.  Each party will promptly notify the other in writing if it becomes aware of any violations of the confidentiality obligations set forth in the Agreement.

Under certain circumstances, you have the following rights under data protection laws in relation to your personal data:

  • Access to your information

  • Request correction of your personal data

  • Request deletion of your personal data

  • Object to processing of your personal data

  • Request restriction of processing your personal data

  • Request transfer of your personal data

  • Right to withdraw consent

  • Right to review by an independent authority

If you wish to exercise any of the rights set out above, please contact us at privacy@credinvestments.com. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). 

CRED may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. CRED may also contact you to ask you for further information in relation to your request to speed up our response.

CRED will endeavor  to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

4.3 Breach Notification

Under certain circumstances, you have the following rights under data protection laws in relation to your personal data:

  • Access to your information

  • Request correction of your personal data

  • Request deletion of your personal data

  • Object to processing of your personal data

  • Request restriction of processing your personal data

  • Request transfer of your personal data

  • Right to withdraw consent

  • Right to review by an independent authority

If you wish to exercise any of the rights set out above, please contact us at privacy@credinvestments.com. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). 

CRED may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. CRED may also contact you to ask you for further information in relation to your request to speed up our response.

CRED will endeavor  to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

CRED shall promptly notify Customer in the event that any of Customer Data in CRED's possession or control is lost or stolen or otherwise accessed by an unauthorized third party (a "Security Incident"). In the event of a Security Incident, CRED shall (i) reimburse Customer for its out-of-pocket costs and expenses arising out of the Security Incident, including costs related to (a) preparing and delivering any breach notification to the affected individuals, state Attorneys General, other required governmental or other agencies and/or entities, and credit bureaus, and any attorneys’ fees associated with the preparation of such notices; (b) the provision of credit monitoring and/or identity protection services from a nationally recognized supplier of such services, to be chosen by Customer, in its sole discretion, and (c) notwithstanding anything to the contrary herein, defend, indemnify and hold Customer, its parent, subsidiary and affiliated companies and their respective dealer associations, dealers, officers, directors, employees, agents, representatives, contractors, successors and assigns, (collectively, the “Customer Entities”) harmless from and against any and all costs, liabilities, demands, claims, suits, actions, damages, losses, injuries, restitution or other remedies at law or in equity, lawsuits, arbitrations, administrative proceedings, regulatory proceedings, other adversarial proceedings, judgments and expenses, including, but not limited to, attorneys’ fees, arising out of or related directly to a Security Incident.  This obligation shall be a continuing obligation and extend beyond the termination or expiration of this Agreement.

Under certain circumstances, you have the following rights under data protection laws in relation to your personal data:

  • Access to your information

  • Request correction of your personal data

  • Request deletion of your personal data

  • Object to processing of your personal data

  • Request restriction of processing your personal data

  • Request transfer of your personal data

  • Right to withdraw consent

  • Right to review by an independent authority

If you wish to exercise any of the rights set out above, please contact us at privacy@credinvestments.com. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). 

CRED may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. CRED may also contact you to ask you for further information in relation to your request to speed up our response.

CRED will endeavor  to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

5. PAYMENT AND FEES

5.1 Fees

5.1 Fees

Customer will pay CRED the Fees for the Services as listed on the applicable Order Form and/or SOW. In addition to the Services outlined in the Order Form and/or SOW, CRED may provide Ad-Hoc Services as defined in Section 1.5, which will be confirmed verbally or via email. Fees for such Ad-Hoc Services will be invoiced separately, and payable as per the terms herein. Fees are based on a Credit system where Credits represent the unit of value to access features and services within the CRED Services. Customer may purchase Credits upfront, through monthly top-ups, or as-needed on an ad-hoc basis. The credits required per action are standardized for all users and across all workspaces, regardless of the Customer's specific workspace structure. Any adjustments to credit rates will be applied equally across all users, and continued use of the platform will signify acceptance of any such changes. The Fees for each renewal term shall be the then-current Fees for the Services in effect at the time of the renewal; unless the applicable Order Form and/or SOW provides otherwise, provided, however, that if the Fees are set to increase in a renewal term, CRED must provide Customer with prior written notice of such increase at least sixty (60) days before the start of the next renewal term.  All payment obligations are non-cancelable and, unless otherwise provided in the Agreement, all Credits and Fees paid under the Agreement are non-refundable. Credits do not roll over and shall be applied as per the applicable Order Form and/or SOW during the Service Term, or as otherwise stated herein. Credits do not have a cash value, are non-transferable, and are not redeemable for cash unless otherwise specified in writing. Customer agrees to pay all Fees in the determined currency as described in the Order Form and/or SOW, or as otherwise confirmed and/or invoiced as applicable for Ad-Hoc Services, unless the applicable Order Form and/or SOW provides otherwise. All payment obligations are non-cancelable and, unless otherwise provided in the Agreement, all Fees paid under the Agreement are non-refundable. Credits do not roll over and shall be applied as per the applicable Order Form and/or SOW during the Service Term. Fees related to credits are non-refundable and are not subject to dispute. Credits do not have a cash value and as such are non-redeemable. CRED may pass on any third-party costs incurred while delivering services or providing access to the CRED Services, including fees for software, data providers, or cloud services. If such costs change, CRED reserves the right to adjust pricing accordingly. Continued use of the CRED Services after the effective date of these changes implies acceptance of the new fees.

Customer will pay CRED the Fees for the Services as listed on the applicable Order Form and/or SOW. In addition to the Services outlined in the Order Form and/or SOW, CRED may provide Ad-Hoc Services as defined in Section 1.5, which will be confirmed verbally or via email. Fees for such Ad-Hoc Services will be invoiced separately, and payable as per the terms herein. Fees are based on a Credit system where Credits represent the unit of value to access features and services within the CRED Services. Customer may purchase Credits upfront, through monthly top-ups, or as-needed on an ad-hoc basis. The credits required per action are standardized for all users and across all workspaces, regardless of the Customer's specific workspace structure. Any adjustments to credit rates will be applied equally across all users, and continued use of the platform will signify acceptance of any such changes. The Fees for each renewal term shall be the then-current Fees for the Services in effect at the time of the renewal; unless the applicable Order Form and/or SOW provides otherwise, provided, however, that if the Fees are set to increase in a renewal term, CRED must provide Customer with prior written notice of such increase at least sixty (60) days before the start of the next renewal term.  All payment obligations are non-cancelable and, unless otherwise provided in the Agreement, all Credits and Fees paid under the Agreement are non-refundable. Credits do not roll over and shall be applied as per the applicable Order Form and/or SOW during the Service Term, or as otherwise stated herein. Credits do not have a cash value, are non-transferable, and are not redeemable for cash unless otherwise specified in writing. Customer agrees to pay all Fees in the determined currency as described in the Order Form and/or SOW, or as otherwise confirmed and/or invoiced as applicable for Ad-Hoc Services, unless the applicable Order Form and/or SOW provides otherwise. All payment obligations are non-cancelable and, unless otherwise provided in the Agreement, all Fees paid under the Agreement are non-refundable. Credits do not roll over and shall be applied as per the applicable Order Form and/or SOW during the Service Term. Fees related to credits are non-refundable and are not subject to dispute. Credits do not have a cash value and as such are non-redeemable. CRED may pass on any third-party costs incurred while delivering services or providing access to the CRED Services, including fees for software, data providers, or cloud services. If such costs change, CRED reserves the right to adjust pricing accordingly. Continued use of the CRED Services after the effective date of these changes implies acceptance of the new fees.

5.2 Invoicing and Payment

5.2 Invoicing and Payment

Unless otherwise agreed, payment for all invoices is due within thirty (30) days of receipt of the invoice, or the Services may be suspended or terminated. Unpaid invoices that are not in dispute are subject to a finance charge of 1.5% per month on any outstanding balance, or the maximum permitted by law, whichever is lower, plus all expenses of collection  ("Interest Charge") and may result in immediate termination of the Subscription.  In addition, if Customer fails to remit payment of a non-disputed invoice by the due date, all outstanding Fees due will become due and payable immediately without further action or notice. If Credits are fully consumed before the end of the Term, additional Credits must be purchased to continue accessing the CRED Services and its features. The purchase of additional Credits will be billed at the rates listed on the CRED website, within the CRED Services, or agreed in the applicable Order Form or SOW. Failure to purchase additional Credits may result in suspension of service. Subject to the terms of this Agreement, CRED may choose to bill either through the issuance of an invoice or the initiation of a direct debit or credit card payment. CRED reserves the right to suspend the Customer's access to the CRED Services in the event that the Customer fails to make timely payment of Fees, or any other due charges later than five (5) days following its due date, or (ii) if CRED reasonably believes that the Customer has otherwise violated or breached any of its terms as stated herein, for which CRED will not be liable to the Customer for any period of suspension which occurs as a consequence. In instances where CRED elects to process payments via direct debit or credit card, the Customer hereby irrevocably authorizes CRED to initiate charges against the Customer's specified bank account or credit card for any and all Fees, or other applicable due payments accruable immediately when due in accordance with this Agreement. It is incumbent upon the Customer to ensure the availability of adequate funds in the stipulated account to facilitate the seamless processing of due Fees, or other applicable due payments and to proactively communicate any alterations pertaining to their bank account or credit card details to CRED in a timely fashion. The Customer acknowledges and agrees that the Interest Charge is non-refundable and is intended to compensate CRED for the administrative costs and financial impact resulting from late payments. In addition to the remedies outlined above for failure to pay any amount owed to CRED, the Customer acknowledges and agrees that non-payment of both any outstanding charges and Interest Charge may result in further actions by CRED, including but not limited to pursuing legal action to recover the outstanding amount and interest, and reporting the non-payment to credit agencies, potentially affecting the Customer's credit rating.

Unless otherwise agreed, payment for all invoices is due within thirty (30) days of receipt of the invoice, or the Services may be suspended or terminated. Unpaid invoices that are not in dispute are subject to a finance charge of 1.5% per month on any outstanding balance, or the maximum permitted by law, whichever is lower, plus all expenses of collection  ("Interest Charge") and may result in immediate termination of the Subscription.  In addition, if Customer fails to remit payment of a non-disputed invoice by the due date, all outstanding Fees due will become due and payable immediately without further action or notice. If Credits are fully consumed before the end of the Term, additional Credits must be purchased to continue accessing the CRED Services and its features. The purchase of additional Credits will be billed at the rates listed on the CRED website, within the CRED Services, or agreed in the applicable Order Form or SOW. Failure to purchase additional Credits may result in suspension of service. Subject to the terms of this Agreement, CRED may choose to bill either through the issuance of an invoice or the initiation of a direct debit or credit card payment. CRED reserves the right to suspend the Customer's access to the CRED Services in the event that the Customer fails to make timely payment of Fees, or any other due charges later than five (5) days following its due date, or (ii) if CRED reasonably believes that the Customer has otherwise violated or breached any of its terms as stated herein, for which CRED will not be liable to the Customer for any period of suspension which occurs as a consequence. In instances where CRED elects to process payments via direct debit or credit card, the Customer hereby irrevocably authorizes CRED to initiate charges against the Customer's specified bank account or credit card for any and all Fees, or other applicable due payments accruable immediately when due in accordance with this Agreement. It is incumbent upon the Customer to ensure the availability of adequate funds in the stipulated account to facilitate the seamless processing of due Fees, or other applicable due payments and to proactively communicate any alterations pertaining to their bank account or credit card details to CRED in a timely fashion. The Customer acknowledges and agrees that the Interest Charge is non-refundable and is intended to compensate CRED for the administrative costs and financial impact resulting from late payments. In addition to the remedies outlined above for failure to pay any amount owed to CRED, the Customer acknowledges and agrees that non-payment of both any outstanding charges and Interest Charge may result in further actions by CRED, including but not limited to pursuing legal action to recover the outstanding amount and interest, and reporting the non-payment to credit agencies, potentially affecting the Customer's credit rating.

5.3 Payment Disputes

5.3 Payment Disputes

If Customer believes that CRED has billed Customer incorrectly, Customer must contact CRED no later than thirty (30) days after receipt of the invoice.  All inquiries should be directed to CRED’s accounting department at accounting@CRED.com. CRED shall respond to Customer promptly after receiving such inquiries.

If Customer believes that CRED has billed Customer incorrectly, Customer must contact CRED no later than thirty (30) days after receipt of the invoice.  All inquiries should be directed to CRED’s accounting department at accounting@CRED.com. CRED shall respond to Customer promptly after receiving such inquiries.

5.4 Taxes

5.4 Taxes

Customer shall be responsible for all taxes, duties and other governmental charges associated with the Services other than taxes based on CRED’s net income.  If Customer is required by law to withhold any taxes, Customer must provide CRED with an official tax receipt or other appropriate documentation, and all Fees are payable hereunder without any deduction for such withheld taxes or otherwise. If CRED has the legal obligation to pay or collect taxes for which Customer is responsible under the terms of the Agreement, the appropriate amount shall be invoiced to and paid by Customer, unless Customer provides CRED with a valid tax exemption certificate authorized by the appropriate taxing authority.

Customer shall be responsible for all taxes, duties and other governmental charges associated with the Services other than taxes based on CRED’s net income.  If Customer is required by law to withhold any taxes, Customer must provide CRED with an official tax receipt or other appropriate documentation, and all Fees are payable hereunder without any deduction for such withheld taxes or otherwise. If CRED has the legal obligation to pay or collect taxes for which Customer is responsible under the terms of the Agreement, the appropriate amount shall be invoiced to and paid by Customer, unless Customer provides CRED with a valid tax exemption certificate authorized by the appropriate taxing authority.

5.5 Purchase Order

5.5 Purchase Order

If Customer requires the use of a purchase order, Customer is responsible for providing the applicable purchase order at the time of purchase. The Customer acknowledges and agrees to the extent of any inconsistency between the Agreement and any terms and conditions attached to the Customer' purchase order, the terms of the Agreement will prevail. The parties acknowledge and agree that any pre-printed standard terms and conditions attached to or on the back of any purchase order will not apply to the Agreement.

If Customer requires the use of a purchase order, Customer is responsible for providing the applicable purchase order at the time of purchase. The Customer acknowledges and agrees to the extent of any inconsistency between the Agreement and any terms and conditions attached to the Customer' purchase order, the terms of the Agreement will prevail. The parties acknowledge and agree that any pre-printed standard terms and conditions attached to or on the back of any purchase order will not apply to the Agreement.

6. TERMINATION

6.1 Term and Auto-Renewal

6.1 Term and Auto-Renewal

The term of this MSA will commence on the Effective Date and continue until terminated as set forth below.  Subject to earlier termination as provided below, the Service Term is as specified in the Order Form and/or SOW, and shall be automatically renewed for additional periods of the same duration as the Service Term, unless either party requests termination at least thirty (30) days prior to the end of the then-current term by providing CRED with written notice.

The term of this MSA will commence on the Effective Date and continue until terminated as set forth below.  Subject to earlier termination as provided below, the Service Term is as specified in the Order Form and/or SOW, and shall be automatically renewed for additional periods of the same duration as the Service Term, unless either party requests termination at least thirty (30) days prior to the end of the then-current term by providing CRED with written notice.

6.2 Termination

6.2 Termination

In addition to any other remedies it may have, either party may also terminate the Agreement upon written notice if (a) the other party breaches a  material term or condition of the Agreement, and fails to promptly remedy that breach within thirty (30) calendar days of notice; or (b) subject to applicable law, upon the other party’s liquidation, commencement of dissolution proceedings or assignment of substantially all of its assets for the benefit of creditors, or if the other party becomes the subject of bankruptcy or similar proceeding that is not dismissed within sixty (60) days. Upon termination of the Agreement, all unused Credits are forfeited unless otherwise agreed in writing. Credits are non-refundable and hold no residual cash value. Bonus Credits or discounts awarded for bulk purchases or committed spending may be subject to different expiry terms as agreed in writing between the Customer and CRED. All such terms will be specified in the Order Form or SOW, or otherwise at the time of purchase, and bonus credits will be governed by those terms. If the Agreement is terminated as a result of a material breach by Customer, then Customer shall pay in full all remaining Fees payable through the remainder of the Agreement; or if Customer has prepaid any Fees, then those Fees are nonrefundable. If the Agreement is terminated by Customer due to a material breach by CRED, then CRED shall refund Customer on a pro-rata basis any prepaid Fees covering the remainder of each outstanding period after the effective date of termination.

In addition to any other remedies it may have, either party may also terminate the Agreement upon written notice if (a) the other party breaches a  material term or condition of the Agreement, and fails to promptly remedy that breach within thirty (30) calendar days of notice; or (b) subject to applicable law, upon the other party’s liquidation, commencement of dissolution proceedings or assignment of substantially all of its assets for the benefit of creditors, or if the other party becomes the subject of bankruptcy or similar proceeding that is not dismissed within sixty (60) days. Upon termination of the Agreement, all unused Credits are forfeited unless otherwise agreed in writing. Credits are non-refundable and hold no residual cash value. Bonus Credits or discounts awarded for bulk purchases or committed spending may be subject to different expiry terms as agreed in writing between the Customer and CRED. All such terms will be specified in the Order Form or SOW, or otherwise at the time of purchase, and bonus credits will be governed by those terms. If the Agreement is terminated as a result of a material breach by Customer, then Customer shall pay in full all remaining Fees payable through the remainder of the Agreement; or if Customer has prepaid any Fees, then those Fees are nonrefundable. If the Agreement is terminated by Customer due to a material breach by CRED, then CRED shall refund Customer on a pro-rata basis any prepaid Fees covering the remainder of each outstanding period after the effective date of termination.

6.3 Survival

6.3 Survival

Upon expiration or termination of the Agreement, all rights and obligations will immediately terminate except that any accrued payment obligations and other terms or conditions that by their nature should survive such termination will survive, including the License Restrictions and terms and conditions relating to confidentiality, disclaimers, indemnification, limitations of liability, termination and the general provisions below.

Upon expiration or termination of the Agreement, all rights and obligations will immediately terminate except that any accrued payment obligations and other terms or conditions that by their nature should survive such termination will survive, including the License Restrictions and terms and conditions relating to confidentiality, disclaimers, indemnification, limitations of liability, termination and the general provisions below.

6.4 Return and Destruction of Customer Data

6.4 Return and Destruction of Customer Data

CRED shall make available to Customer any Customer Data stored within the CRED Services for thirty (30) days after the expiration or termination ("Data Retrievability Period"), but thereafter CRED may, but is not obligated to, delete stored Customer Data unless otherwise required by Data Protection Laws.  During the Data Retrievability Period, any and all Customer Data-related provisions of the Agreement will remain in full force and effect.

CRED shall make available to Customer any Customer Data stored within the CRED Services for thirty (30) days after the expiration or termination ("Data Retrievability Period"), but thereafter CRED may, but is not obligated to, delete stored Customer Data unless otherwise required by Data Protection Laws.  During the Data Retrievability Period, any and all Customer Data-related provisions of the Agreement will remain in full force and effect.

7. MUTUAL INDEMNIFICATION

7.1 Indemnification by CRED

7.1 Indemnification by CRED

CRED will defend and hold Customer Entities, its directors, officers, employees, agents, and contractors harmless against any claim, demand, suit, or proceeding ("Claim") made or brought against Customer Entities by a third party alleging that the use of the CRED Services or CRED Data, as permitted hereunder, infringes any patent, trademark or copyright or otherwise infringes applicable law, including a third party’s privacy rights, and will indemnify Customer for any damages finally awarded against Customer (or any settlement approved in writing by CRED) in connection with any such Claim. The foregoing obligations do not apply to the extent that the alleged Claim arises from (a) Customer Data, Third-Party Products, or any other portions or components of the CRED Services not supplied by CRED; (b) any modification, combination, or development of the CRED Services or portions or components thereof that is (i) made in whole or in part in accordance with Customer specifications; or (ii) not performed by CRED; (c) Customer' negligence, misconduct, or breach of the Agreement; (d) the use of any version of the CRED Services other than the most current release made available by CRED, or (e) portions or components of the CRED Platform: (i) that are modified after delivery by CRED; (ii) combined with other products, processes, or materials where the alleged infringement relates to such combination; (iii) where Customer continues allegedly infringing activity after being notified thereof or after being informed of modifications that would have avoided the alleged infringement; or (iv) where Customer’s use of the CRED Platform is not strictly in accordance with this Agreement or the Terms of Service (collectively, the "Excluded Claims").

CRED will defend and hold Customer Entities, its directors, officers, employees, agents, and contractors harmless against any claim, demand, suit, or proceeding ("Claim") made or brought against Customer Entities by a third party alleging that the use of the CRED Services or CRED Data, as permitted hereunder, infringes any patent, trademark or copyright or otherwise infringes applicable law, including a third party’s privacy rights, and will indemnify Customer for any damages finally awarded against Customer (or any settlement approved in writing by CRED) in connection with any such Claim. The foregoing obligations do not apply to the extent that the alleged Claim arises from (a) Customer Data, Third-Party Products, or any other portions or components of the CRED Services not supplied by CRED; (b) any modification, combination, or development of the CRED Services or portions or components thereof that is (i) made in whole or in part in accordance with Customer specifications; or (ii) not performed by CRED; (c) Customer' negligence, misconduct, or breach of the Agreement; (d) the use of any version of the CRED Services other than the most current release made available by CRED, or (e) portions or components of the CRED Platform: (i) that are modified after delivery by CRED; (ii) combined with other products, processes, or materials where the alleged infringement relates to such combination; (iii) where Customer continues allegedly infringing activity after being notified thereof or after being informed of modifications that would have avoided the alleged infringement; or (iv) where Customer’s use of the CRED Platform is not strictly in accordance with this Agreement or the Terms of Service (collectively, the "Excluded Claims").

If the use of the CRED Services by Customer has become, or in CRED’s opinion is likely to become, the subject of any claim of infringement, CRED may at its option and expense (A) procure for Customer the right to continue using and receiving the CRED Services as set forth hereunder; (B) replace or modify the CRED Services to make it non-infringing (with comparable functionality); or (C) if the options in clauses (A) or (B) are not reasonably practicable, terminate the Agreement and refund Customer on a pro-rata basis any prepaid Fees covering the remainder of the term of this Agreement after the effective date of termination. CRED shall not be responsible for any settlement it does not approve in writing. This Section states CRED’s entire liability and Customer' exclusive remedy for infringement or misappropriation of intellectual property of a third party.

If the use of the CRED Services by Customer has become, or in CRED’s opinion is likely to become, the subject of any claim of infringement, CRED may at its option and expense (A) procure for Customer the right to continue using and receiving the CRED Services as set forth hereunder; (B) replace or modify the CRED Services to make it non-infringing (with comparable functionality); or (C) if the options in clauses (A) or (B) are not reasonably practicable, terminate the Agreement and refund Customer on a pro-rata basis any prepaid Fees covering the remainder of the term of this Agreement after the effective date of termination. CRED shall not be responsible for any settlement it does not approve in writing. This Section states CRED’s entire liability and Customer' exclusive remedy for infringement or misappropriation of intellectual property of a third party.

7.2  Indemnification by Customer

7.2  Indemnification by Customer

Customer will defend and hold CRED,  its directors, officers, employees, agents, and contractors harmless against any Claim made or brought against CRED by a third party arising out of the Customer’s use of the CRED Services, any violation of this Agreement, and/or allegations that Customer Data or CRED’s processing of Customer Data pursuant to Customer' instructions violates or infringes applicable law, causes harm to a third party,  including but not limited to a third party’s privacy right, violations of intellectual property and their rights, or Data Protection Laws, and Customer will indemnify CRED for any damages finally awarded against CRED (or any settlement approved in writing by Customer) in connection with any such Claim.

Customer will defend and hold CRED,  its directors, officers, employees, agents, and contractors harmless against any Claim made or brought against CRED by a third party arising out of the Customer’s use of the CRED Services, any violation of this Agreement, and/or allegations that Customer Data or CRED’s processing of Customer Data pursuant to Customer' instructions violates or infringes applicable law, causes harm to a third party,  including but not limited to a third party’s privacy right, violations of intellectual property and their rights, or Data Protection Laws, and Customer will indemnify CRED for any damages finally awarded against CRED (or any settlement approved in writing by Customer) in connection with any such Claim.

7.3  Indemnification Procedure

7.3  Indemnification Procedure

Each party’s indemnification obligations are conditioned upon the indemnified party (a) promptly notifying the indemnifying party of any Claim in writing; and (b) cooperating with the indemnifying party in the defense of any Claim.  The indemnified party shall have the right to participate in the defense of any Claim with counsel selected by it subject to the indemnifying party’s right to control the defense thereof. The fees and disbursements of such counsel shall be at the expense of the indemnified party. Notwithstanding any other provision of the Agreement, the indemnifying party shall not enter into settlement of any Claim that requires the indemnified party to admit fault or pay amounts that the indemnifying party must pay under this Section, without the prior written consent of the indemnified party, which shall not be unreasonably withheld or delayed.

Each party’s indemnification obligations are conditioned upon the indemnified party (a) promptly notifying the indemnifying party of any Claim in writing; and (b) cooperating with the indemnifying party in the defense of any Claim.  The indemnified party shall have the right to participate in the defense of any Claim with counsel selected by it subject to the indemnifying party’s right to control the defense thereof. The fees and disbursements of such counsel shall be at the expense of the indemnified party. Notwithstanding any other provision of the Agreement, the indemnifying party shall not enter into settlement of any Claim that requires the indemnified party to admit fault or pay amounts that the indemnifying party must pay under this Section, without the prior written consent of the indemnified party, which shall not be unreasonably withheld or delayed.

8. WARRANTY AND DISCLAIMER

8.1 Mutual Representations

8.1 Mutual Representations

Each party represents to the other that (a) it is duly organized and a validly existing entity, in good standing under the laws of the jurisdiction in which it was formed, and that it has the right and capacity to enter into the Agreement; (b) it has full power and authority to grant the rights granted by it under the Agreement and that there are no outstanding obligations or agreements that conflict with the Agreement; and (c) the Agreement, when signed by its duly authorized representative, constitutes a valid and legally binding obligation on that party that is enforceable in accordance with the terms of the Agreement.

Each party represents to the other that (a) it is duly organized and a validly existing entity, in good standing under the laws of the jurisdiction in which it was formed, and that it has the right and capacity to enter into the Agreement; (b) it has full power and authority to grant the rights granted by it under the Agreement and that there are no outstanding obligations or agreements that conflict with the Agreement; and (c) the Agreement, when signed by its duly authorized representative, constitutes a valid and legally binding obligation on that party that is enforceable in accordance with the terms of the Agreement.

8.2 CRED Warranties

8.2 CRED Warranties

CRED warrants that (a) it will use commercially reasonable efforts to prevent the introduction of viruses, Trojan horses or similar harmful materials into the CRED Services (but CRED is not responsible for harmful materials submitted by Customer or its Users); (b) the CRED Services will perform materially in accordance with the applicable documentation (collectively, the "Performance Warranty"); (c) it will provide all Services in compliance with all applicable laws, rules and regulations; and (d) It has and will maintain a reasonable disaster recovery and business continuity plan for the CRED Services that will enable continuity of CRED Services in the event of any reasonably foreseeable disruption. In the event of a breach of the Performance Warranty, CRED will use commercially reasonable efforts to correct any non-conformity. In the event CRED determines corrections to be impracticable, CRED or Customer may terminate the Agreement and receive a prorated refund. In the event the Agreement is terminated as provided herein, CRED will refund to Customer any prepaid Fees for use of the CRED Services for the terminated portion of the applicable subscription term. The Performance Warranty will not apply (i) unless Customer makes a claim within thirty (30) days of the date on which Customer noticed the non-conformity, (ii) if the non-conformity is caused by Customer misuse, unauthorized modifications, Third-Party Products, or other services, software or equipment, or (iii) Beta Services. CRED’s sole liability and Customer' sole exclusive remedy, for any breach of the Performance Warranty are set forth in this Section 8.2.

CRED warrants that (a) it will use commercially reasonable efforts to prevent the introduction of viruses, Trojan horses or similar harmful materials into the CRED Services (but CRED is not responsible for harmful materials submitted by Customer or its Users); (b) the CRED Services will perform materially in accordance with the applicable documentation (collectively, the "Performance Warranty"); (c) it will provide all Services in compliance with all applicable laws, rules and regulations; and (d) It has and will maintain a reasonable disaster recovery and business continuity plan for the CRED Services that will enable continuity of CRED Services in the event of any reasonably foreseeable disruption. In the event of a breach of the Performance Warranty, CRED will use commercially reasonable efforts to correct any non-conformity. In the event CRED determines corrections to be impracticable, CRED or Customer may terminate the Agreement and receive a prorated refund. In the event the Agreement is terminated as provided herein, CRED will refund to Customer any prepaid Fees for use of the CRED Services for the terminated portion of the applicable subscription term. The Performance Warranty will not apply (i) unless Customer makes a claim within thirty (30) days of the date on which Customer noticed the non-conformity, (ii) if the non-conformity is caused by Customer misuse, unauthorized modifications, Third-Party Products, or other services, software or equipment, or (iii) Beta Services. CRED’s sole liability and Customer' sole exclusive remedy, for any breach of the Performance Warranty are set forth in this Section 8.2.

8.3 Customer Warranties

8.3 Customer Warranties

Customer warrants that (a) Customer' use of the CRED Services or execution of the Agreement does not and will not conflict with Customer' obligations to any third parties; and (b) Customer has obtained all legally required consents and permissions from its end users for the submission and processing of personal data through the CRED Services.

Customer warrants that (a) Customer' use of the CRED Services or execution of the Agreement does not and will not conflict with Customer' obligations to any third parties; and (b) Customer has obtained all legally required consents and permissions from its end users for the submission and processing of personal data through the CRED Services.

8.4 Disclaimers

8.4 Disclaimers

CRED DOES NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED OR ERROR FREE OR MEET Customer' REQUIREMENTS; NOR DOES IT MAKE ANY WARRANTY AS TO THE RESULTS THAT MAY BE OBTAINED FROM USE OF THE SERVICES. EXCEPT AS EXPRESSLY SET FORTH IN THE AGREEMENT, THE SERVICES ARE PROVIDED "AS IS" AND CRED EXPRESSLY DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, QUALITY AND ACCURACY.  CRED DOES NOT WARRANT AGAINST INTERFERENCE WITH THE ENJOYMENT OF THE SERVICES OR THAT ANY INFORMATION PROVIDED THROUGH THE SERVICES IS ACCURATE OR COMPLETE OR WILL ALWAYS BE AVAILABLE.


IN ADDITION, Customer ACKNOWLEDGES THAT CRED DOES NOT CONTROL THE TRANSFER OF DATA OVER COMMUNICATIONS FACILITIES, INCLUDING THE INTERNET, AND THAT THE SERVICES MAY BE SUBJECT TO LIMITATIONS, DELAYS, AND OTHER PROBLEMS INHERENT IN THE USE OF SUCH COMMUNICATIONS FACILITIES. CRED IS NOT RESPONSIBLE FOR ANY DELAYS, DELIVERY FAILURES, OR OTHER DAMAGE RESULTING FROM SUCH PROBLEMS. CRED IS NOT RESPONSIBLE OR LIABLE FOR ANY THIRD PARTY PRODUCTS, DOES NOT GUARANTEE THE CONTINUED AVAILABILITY THEREOF OR ANY INTEGRATION THEREWITH, AND MAY CEASE MAKING ANY SUCH INTEGRATION AVAILABLE IN ITS DISCRETION.

CRED DOES NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED OR ERROR FREE OR MEET Customer' REQUIREMENTS; NOR DOES IT MAKE ANY WARRANTY AS TO THE RESULTS THAT MAY BE OBTAINED FROM USE OF THE SERVICES. EXCEPT AS EXPRESSLY SET FORTH IN THE AGREEMENT, THE SERVICES ARE PROVIDED "AS IS" AND CRED EXPRESSLY DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, QUALITY AND ACCURACY.  CRED DOES NOT WARRANT AGAINST INTERFERENCE WITH THE ENJOYMENT OF THE SERVICES OR THAT ANY INFORMATION PROVIDED THROUGH THE SERVICES IS ACCURATE OR COMPLETE OR WILL ALWAYS BE AVAILABLE.


IN ADDITION, Customer ACKNOWLEDGES THAT CRED DOES NOT CONTROL THE TRANSFER OF DATA OVER COMMUNICATIONS FACILITIES, INCLUDING THE INTERNET, AND THAT THE SERVICES MAY BE SUBJECT TO LIMITATIONS, DELAYS, AND OTHER PROBLEMS INHERENT IN THE USE OF SUCH COMMUNICATIONS FACILITIES. CRED IS NOT RESPONSIBLE FOR ANY DELAYS, DELIVERY FAILURES, OR OTHER DAMAGE RESULTING FROM SUCH PROBLEMS. CRED IS NOT RESPONSIBLE OR LIABLE FOR ANY THIRD PARTY PRODUCTS, DOES NOT GUARANTEE THE CONTINUED AVAILABILITY THEREOF OR ANY INTEGRATION THEREWITH, AND MAY CEASE MAKING ANY SUCH INTEGRATION AVAILABLE IN ITS DISCRETION.

9. LIMITATION OF LIABILITY

9.1 Limitation of Liability

9.1 Limitation of Liability

9.1.1 Consequential Damages Waiver

9.1.1 Consequential Damages Waiver

EXCLUDING A PARTY’S INDEMNIFICATION OBLIGATIONS HEREUNDER, IN NO EVENT SHALL EITHER PARTY BE RESPONSIBLE OR LIABLE TO THE OTHER PARTY FOR ANY INDIRECT, EXEMPLARY, INCIDENTAL, PUNITIVE, SPECIAL, OR CONSEQUENTIAL DAMAGES OF ANY KIND (INCLUDING WITHOUT LIMITATION, LOST PROFITS OR REVENUE, LOST OR INACCURATE DATA, INTERRUPTION OF BUSINESS, COSTS OF DELAY, REPUTATIONAL HARM, OR THE COST OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES), REGARDLESS OF THE FORM OF ACTION, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, OR OTHERWISE, EVEN IF INFORMED OF SUCH DAMAGES IN ADVANCE.

You have the right to stop us processing your personal data for direct marketing purposes. CRED will always inform you if we intend to use your personal data for such purposes, or if CRED intends to disclose your information to any third party for such purposes. You can usually exercise your right to prevent such marketing by checking certain boxes on the forms used to collect your data, or as otherwise stated in the relevant contract detailing our engagement with you. You can also exercise the right at any time by contacting us at privacy@credinvestments.com.


You may also object to us processing your personal data where CRED are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. In some cases, CRED may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

9.1.2 Damages Cap

9.1.2 Damages Cap

EXCLUDING CUSTOMER’S PAYMENT OBLIGATIONS AND A PARTY’S INDEMNIFICATION OBLIGATIONS HEREUNDER, EACH PARTY’S MAXIMUM AGGREGATE LIABILITY FOR ANY AND ALL CLAIMS AND DAMAGES ARISING OUT OF OR RELATED TO THE AGREEMENT, WHETHER ARISING IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, STATUTE OR OTHERWISE, SHALL NOT EXCEED THE AMOUNT ACTUALLY PAID OR PAYABLE BY Customer TO CRED FOR THE APPLICABLE SERVICES IN THE TWELVE (12) MONTHS PRIOR TO THE ACT THAT GAVE RISE TO THE LIABILITY, EVEN IF THE PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF ANY OF THE FOREGOING TYPES OF LOSSES OR DAMAGES. THE ABOVE LIMITS OF LIABILITY ARE EXCLUSIVE AS TO ALL REMEDIES AND THE LIABILITY CAP SHALL NOT BE COMBINED WITH ANY OTHER LIMITS OF LIABILITY SO AS TO INCREASE THE CAP VALUE IN ANY INSTANCE OR SERIES OF INSTANCES. IF APPLICABLE LAW LIMITS THE APPLICATION OF THE PROVISIONS OF THIS SECTION, A PARTY’S LIABILITY WILL BE LIMITED TO THE MAXIMUM EXTENT PERMISSIBLE.

You have the right to stop us processing your personal data for direct marketing purposes. CRED will always inform you if we intend to use your personal data for such purposes, or if CRED intends to disclose your information to any third party for such purposes. You can usually exercise your right to prevent such marketing by checking certain boxes on the forms used to collect your data, or as otherwise stated in the relevant contract detailing our engagement with you. You can also exercise the right at any time by contacting us at privacy@credinvestments.com.


You may also object to us processing your personal data where CRED are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. In some cases, CRED may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

9.2 Basis of the Bargain

9.2 Basis of the Bargain

The parties agree that the limitations and exclusions set out in this Section 9 will survive and apply even if any limited remedy specified in the Agreement is found to have failed in its essential purpose. The terms in this Section 9 are a fundamental basis of the bargain and reasonable, having regard to all the relevant circumstances and the levels of risk associated with each party’s obligations under the Agreement.

You have the right to stop us processing your personal data for direct marketing purposes. CRED will always inform you if we intend to use your personal data for such purposes, or if CRED intends to disclose your information to any third party for such purposes. You can usually exercise your right to prevent such marketing by checking certain boxes on the forms used to collect your data, or as otherwise stated in the relevant contract detailing our engagement with you. You can also exercise the right at any time by contacting us at privacy@credinvestments.com.


You may also object to us processing your personal data where CRED are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. In some cases, CRED may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

10. GENERAL PROVISIONS

10.1 Entire Agreement; Conflicts

10.1 Entire Agreement; Conflicts

Both parties agree that the Agreement, including all exhibits, is the complete and exclusive statement of the mutual understanding of the parties and supersede and cancel all previous written and oral agreements, communications and other understandings relating to the subject matter of the Agreement (including, with respect to the subject matter hereof, any non-disclosure or confidentiality agreement previously entered into between the parties and any online terms of service or click-through agreements within the CRED Services). 

Both parties agree that the Agreement, including all exhibits, is the complete and exclusive statement of the mutual understanding of the parties and supersede and cancel all previous written and oral agreements, communications and other understandings relating to the subject matter of the Agreement (including, with respect to the subject matter hereof, any non-disclosure or confidentiality agreement previously entered into between the parties and any online terms of service or click-through agreements within the CRED Services). 

10.2 Severability

10.2 Severability

In the event that any part or provision of the Agreement is declared fully or partially invalid, unlawful or unenforceable by a court of competent jurisdiction, the remainder of the part or provision and the Agreement will remain in full force and effect, if the essential terms and conditions of the Agreement for each party remain valid, binding and enforceable.

In the event that any part or provision of the Agreement is declared fully or partially invalid, unlawful or unenforceable by a court of competent jurisdiction, the remainder of the part or provision and the Agreement will remain in full force and effect, if the essential terms and conditions of the Agreement for each party remain valid, binding and enforceable.

10.3 Assignment

10.3 Assignment

Neither party may assign the Agreement without the other party’s prior written consent, except that a party may assign the Agreement upon written notice without such consent to an entity in connection with a reorganization, merger, consolidation, acquisition, or other restructuring involving all or substantially all of the assigning party’s voting securities or assets.  Non-permitted assignments are void.  The Agreement is binding upon, and inures to the benefit of, the parties and their respective successors and assigns.

Neither party may assign the Agreement without the other party’s prior written consent, except that a party may assign the Agreement upon written notice without such consent to an entity in connection with a reorganization, merger, consolidation, acquisition, or other restructuring involving all or substantially all of the assigning party’s voting securities or assets.  Non-permitted assignments are void.  The Agreement is binding upon, and inures to the benefit of, the parties and their respective successors and assigns.

10.4 Independent Contractors

10.4 Independent Contractors

The parties to the Agreement are independent contractors and the Agreement does not create an agency, partnership, joint venture, employment, franchise, or agency relationship. Neither party has the power to bind the other or incur obligations on the other party’s behalf without the other party’s prior written consent.

The parties to the Agreement are independent contractors and the Agreement does not create an agency, partnership, joint venture, employment, franchise, or agency relationship. Neither party has the power to bind the other or incur obligations on the other party’s behalf without the other party’s prior written consent.

10.5 Notices

10.5 Notices

Any notice under the Agreement must be given in writing. CRED may provide notice to Customer through the Customer account or in-product notifications. Customer agrees that any electronic communication will satisfy any applicable legal communication requirements, including that such communications be in writing. All notices under the Agreement will be deemed to have been duly given when received, if personally delivered; when receipt is electronically confirmed, if transmitted by email; the day after it is sent, if sent for next day delivery by a recognized overnight delivery service; and upon receipt. Notices to Customer must be sent to the email or other address as set forth in Customer' Account information.  Notices to CRED must be sent to the following address: CRED Investments Inc at 651 N Broad St Suite 206 Middletown Delaware, 19709, United States, Attn: Legal or legal@credinvestments.com.

Any notice under the Agreement must be given in writing. CRED may provide notice to Customer through the Customer account or in-product notifications. Customer agrees that any electronic communication will satisfy any applicable legal communication requirements, including that such communications be in writing. All notices under the Agreement will be deemed to have been duly given when received, if personally delivered; when receipt is electronically confirmed, if transmitted by email; the day after it is sent, if sent for next day delivery by a recognized overnight delivery service; and upon receipt. Notices to Customer must be sent to the email or other address as set forth in Customer' Account information.  Notices to CRED must be sent to the following address: CRED Investments Inc at 651 N Broad St Suite 206 Middletown Delaware, 19709, United States, Attn: Legal or legal@credinvestments.com.

10.6 Governing Law and Arbitration

10.6 Governing Law and Arbitration

The Agreement shall be governed by the laws of New York State without regard to its conflict of laws provisions. To address disputes or claims related to the terms of these Terms of Service, the CRED Platform Subscription Order Form, any subsequent order form or purchase order, or the use of the CRED Platform, both parties commit to first attempt resolution through informal discussions and good faith negotiations, a prerequisite before pursuing any legal action. If no resolution is achieved within thirty (30) days after starting informal dispute resolution, either party may then proceed to binding arbitration as the exclusive method for resolving such claims. The Customer and CRED hereby agree to resolve any disputes, claims, or disagreements arising from or related to the terms of these Terms of Service, the CRED Platform Subscription Order Form, any subsequent order form or purchase order, or the use of the CRED Platform, exclusively through binding arbitration, foregoing traditional court proceedings. This arbitration obligation is subject to the Federal Arbitration Act, which oversees its interpretation and enforcement. The arbitration shall be administered by the American Arbitration Association ("AAA") in accordance with its rules and procedures, detailed at www.adr.org ("Procedures"). A single arbitrator, appointed according to the Procedures, will oversee the arbitration, whose decision shall be conclusive and enforceable in any court with appropriate jurisdiction. Both parties will bear their respective arbitration fees and costs. The arbitration process will occur in New York, New York. For claims seeking less than US $10,000, the method of arbitration—based on documentary evidence and, or via telephone—will be at the choosing of either party, unless the arbitrator deems an in-person meeting necessary. Both parties agree to undertake arbitration only on an individual basis, explicitly renouncing any right to initiate or participate in any form of class action, representative action, or similar collective legal proceedings. All disputes shall be arbitrated or litigated, as applicable, solely on an individual basis, and not as part of any class, collective, or representative action. The Customer shall not seek to have any dispute arbitrated or litigated, as applicable, as a class action, representative action, collective action, or in any other capacity involving joint or consolidated claims. Notwithstanding Customer's and CRED’s agreement to mandatory arbitration, either party may pursue interim or preliminary injunctive relief from a court of competent jurisdiction in New York, New York as required to protect and enforce its rights pending the outcome of arbitration. The parties submit to the exclusive jurisdiction of any state or federal court of competent jurisdiction located in New York, New York.

The Agreement shall be governed by the laws of New York State without regard to its conflict of laws provisions. To address disputes or claims related to the terms of these Terms of Service, the CRED Platform Subscription Order Form, any subsequent order form or purchase order, or the use of the CRED Platform, both parties commit to first attempt resolution through informal discussions and good faith negotiations, a prerequisite before pursuing any legal action. If no resolution is achieved within thirty (30) days after starting informal dispute resolution, either party may then proceed to binding arbitration as the exclusive method for resolving such claims. The Customer and CRED hereby agree to resolve any disputes, claims, or disagreements arising from or related to the terms of these Terms of Service, the CRED Platform Subscription Order Form, any subsequent order form or purchase order, or the use of the CRED Platform, exclusively through binding arbitration, foregoing traditional court proceedings. This arbitration obligation is subject to the Federal Arbitration Act, which oversees its interpretation and enforcement. The arbitration shall be administered by the American Arbitration Association ("AAA") in accordance with its rules and procedures, detailed at www.adr.org ("Procedures"). A single arbitrator, appointed according to the Procedures, will oversee the arbitration, whose decision shall be conclusive and enforceable in any court with appropriate jurisdiction. Both parties will bear their respective arbitration fees and costs. The arbitration process will occur in New York, New York. For claims seeking less than US $10,000, the method of arbitration—based on documentary evidence and, or via telephone—will be at the choosing of either party, unless the arbitrator deems an in-person meeting necessary. Both parties agree to undertake arbitration only on an individual basis, explicitly renouncing any right to initiate or participate in any form of class action, representative action, or similar collective legal proceedings. All disputes shall be arbitrated or litigated, as applicable, solely on an individual basis, and not as part of any class, collective, or representative action. The Customer shall not seek to have any dispute arbitrated or litigated, as applicable, as a class action, representative action, collective action, or in any other capacity involving joint or consolidated claims. Notwithstanding Customer's and CRED’s agreement to mandatory arbitration, either party may pursue interim or preliminary injunctive relief from a court of competent jurisdiction in New York, New York as required to protect and enforce its rights pending the outcome of arbitration. The parties submit to the exclusive jurisdiction of any state or federal court of competent jurisdiction located in New York, New York.

10.7 Export Restrictions

10.7 Export Restrictions

Customer must not access or use the CRED Services in violation of any export embargo, prohibition or restriction. In addition, Customer must comply with all applicable laws and regulations governing the export, re-export and transfer of the CRED Services and Customer is responsible for obtaining any required export or import authorizations.

Customer must not access or use the CRED Services in violation of any export embargo, prohibition or restriction. In addition, Customer must comply with all applicable laws and regulations governing the export, re-export and transfer of the CRED Services and Customer is responsible for obtaining any required export or import authorizations.

10.8 Force Majeure

10.8 Force Majeure

Neither party will be liable to the other for any delay or failure to perform any obligation under the Agreement (except for a failure to pay Fees) if the delay or failure is due to events which are beyond the reasonable control of such party, such as a strike, blockade, war, act of terrorism, pandemic, riot, natural disaster, failure or diminishment of power or telecommunications or data networks or services, or refusal of a license by a government agency.

Neither party will be liable to the other for any delay or failure to perform any obligation under the Agreement (except for a failure to pay Fees) if the delay or failure is due to events which are beyond the reasonable control of such party, such as a strike, blockade, war, act of terrorism, pandemic, riot, natural disaster, failure or diminishment of power or telecommunications or data networks or services, or refusal of a license by a government agency.

10.9 Counterparts

10.9 Counterparts

This Agreement or any Order Form or SOW may be executed in counterparts, each of which shall be deemed an original and enforceable against the parties actually executing such counterparts, and all of which together shall constitute one and the same instrument. Signatures by facsimile or signatures which have been scanned and transmitted by electronic mail shall be deemed valid and binding for all purposes.

This Agreement or any Order Form or SOW may be executed in counterparts, each of which shall be deemed an original and enforceable against the parties actually executing such counterparts, and all of which together shall constitute one and the same instrument. Signatures by facsimile or signatures which have been scanned and transmitted by electronic mail shall be deemed valid and binding for all purposes.

DATA PROCESSING AGREEMENT (DPA)

In these circumstances you/ your organization/ company is considered to be acting on its own behalf as the “Controller”, and CRED will be acting on its own behalf as the "Processor", each being a “Party” and together the “Parties”.


The terms used in this DPA shall have the meanings set forth in this DPA.


This DPA applies if there is no Controller submitted DPA signed by the Parties.


The Controller commits to having a valid legal basis under Applicable Laws, for Processing the Personal Data that will be input into CRED Platform.

In these circumstances you/ your organization/ company is considered to be acting on its own behalf as the “Controller”, and CRED will be acting on its own behalf as the "Processor", each being a “Party” and together the “Parties”.


The terms used in this DPA shall have the meanings set forth in this DPA.


This DPA applies if there is no Controller submitted DPA signed by the Parties.


The Controller commits to having a valid legal basis under Applicable Laws, for Processing the Personal Data that will be input into CRED Platform.

1. Definitions

1.1 In this DPA, the following terms shall have the meanings set out below and cognate terms shall be construed accordingly:

1.1 In this DPA, the following terms shall have the meanings set out below and cognate terms shall be construed accordingly:

1.1.1 "Applicable Laws" means (a) the UK and European Union or Member State laws with respect to any Personal Data in respect of which any entity which Processes Personal Data is subject to such legislation; and (b) any other applicable law with respect to the protection of Personal Data and those natural persons to whom it pertains to from around the Globe, as applicable to the Processing under the Credinvestments Platform Service;


Where local legislation is less protective of the rights and freedoms of those natural persons whose Personal Data is under Processing, the EU GDPR ruling shall prevail.

1.1.1 "Applicable Laws" means (a) the UK and European Union or Member State laws with respect to any Personal Data in respect of which any entity which Processes Personal Data is subject to such legislation; and (b) any other applicable law with respect to the protection of Personal Data and those natural persons to whom it pertains to from around the Globe, as applicable to the Processing under the Credinvestments Platform Service;


Where local legislation is less protective of the rights and freedoms of those natural persons whose Personal Data is under Processing, the EU GDPR ruling shall prevail.

1.1.2 "Controller Personal Data" Personal Data pertaining to prospective customers of the Corporate Client by Credinvestments or on CRED Platform ;

1.1.2 "Controller Personal Data" Personal Data pertaining to prospective customers of the Corporate Client by Credinvestments or on CRED Platform ;

1.1.3 "EEA" means the European Economic Area;

1.1.3 "EEA" means the European Economic Area;

1.1.4 "EU Data Protection Laws" means EU Directive 95/46/EC, as transposed into domestic legislation of each Member State and as amended, replaced or superseded from time to time, including  Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, (General Data Protection Regulation) and laws implementing or supplementing the GDPR and (ii) any data privacy legislation including the E-privacy Directive and as amended, replaced or superseded from time to time;

1.1.4 "EU Data Protection Laws" means EU Directive 95/46/EC, as transposed into domestic legislation of each Member State and as amended, replaced or superseded from time to time, including  Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, (General Data Protection Regulation) and laws implementing or supplementing the GDPR and (ii) any data privacy legislation including the E-privacy Directive and as amended, replaced or superseded from time to time;

1.1.5 "GDPR" means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) 

1.1.5 "GDPR" means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) 

1.1.6 “Personal Data” means any of the following (i) Personal Data as defined in EU Directive 95/46/EC and transposed with Domestic legislation of each member state and as amended, replaced or superseded from time to time (ii) Personal Data as defined in the GDPR as amended, replaced or superseded from time to time; and (iii) personal data as defined in the local data protection or data privacy legislation or laws of another country (including Switzerland) if applicable.

1.1.6 “Personal Data” means any of the following (i) Personal Data as defined in EU Directive 95/46/EC and transposed with Domestic legislation of each member state and as amended, replaced or superseded from time to time (ii) Personal Data as defined in the GDPR as amended, replaced or superseded from time to time; and (iii) personal data as defined in the local data protection or data privacy legislation or laws of another country (including Switzerland) if applicable.

1.1.7 "International Transfer" in the context defined by the EU and the UK does not apply because all such Personal Data is publicly accessible; nevertheless, all Personal Data is hosted in the EU

1.1.7 "International Transfer" in the context defined by the EU and the UK does not apply because all such Personal Data is publicly accessible; nevertheless, all Personal Data is hosted in the EU

1.1.8 "Services" means the services and other activities to be supplied to or carried out from the CRED Platform , by or on behalf of Processor for a Controller via the Controller or directly by Controller users, pursuant to the Terms and Conditions;

1.1.8 "Services" means the services and other activities to be supplied to or carried out from the CRED Platform , by or on behalf of Processor for a Controller via the Controller or directly by Controller users, pursuant to the Terms and Conditions;

1.1.9 "Subprocessor" means any 3rd party (including any Processor Affiliate, but excluding an employee of Processor or any of its sub-contractors) appointed by or on behalf of Processor or any Processor Affiliate to Process Personal Data on behalf of the Controller, the Controller in connection with the Terms and Conditions; and

1.1.9 "Subprocessor" means any 3rd party (including any Processor Affiliate, but excluding an employee of Processor or any of its sub-contractors) appointed by or on behalf of Processor or any Processor Affiliate to Process Personal Data on behalf of the Controller, the Controller in connection with the Terms and Conditions; and

1.1.10 "Processor Affiliate" means an entity that owns or controls, is owned or controlled by or is or under common control or ownership with Processor, where control is defined as the possession, directly or indirectly, of the power to direct or cause the direction of the management and policies of an entity, whether through ownership of voting securities, by contract or otherwise.

1.1.10 "Processor Affiliate" means an entity that owns or controls, is owned or controlled by or is or under common control or ownership with Processor, where control is defined as the possession, directly or indirectly, of the power to direct or cause the direction of the management and policies of an entity, whether through ownership of voting securities, by contract or otherwise.

1.2 The terms, "Commission", "Controller", "Data Subject", "Member State", "Personal Data Breach", "Processing", “International Transfer” and "Supervisory Authority" shall have the same meaning as in the GDPR, and their cognate terms shall be construed accordingly.

1.2 The terms, "Commission", "Controller", "Data Subject", "Member State", "Personal Data Breach", "Processing", “International Transfer” and "Supervisory Authority" shall have the same meaning as in the GDPR, and their cognate terms shall be construed accordingly.

1.3 The word "include" shall be construed to mean include without limitation, and cognate terms shall be construed accordingly.

1.3 The word "include" shall be construed to mean include without limitation, and cognate terms shall be construed accordingly.

2. Authority

2.1 Processor warrants and represents that, prior to having any Subprocessor Processing any Controller Personal Data, the Processor shall have entered into a DPA with that Subprocessor which bears at least the same amount of commitment towards the observance of Applicable Law and the protection of the Rights and Freedoms of those natural persons whose Personal Data is under Processing.

2.1 Processor warrants and represents that, prior to having any Subprocessor Processing any Controller Personal Data, the Processor shall have entered into a DPA with that Subprocessor which bears at least the same amount of commitment towards the observance of Applicable Law and the protection of the Rights and Freedoms of those natural persons whose Personal Data is under Processing.

3. Processing of Controller Personal Data

3.1 Processor and each Processor Affiliate shall:

3.1 Processor and each Processor Affiliate shall:

3.1.1 comply with all Applicable Laws in the Processing of Controller Personal Data; and

3.1.1 comply with all Applicable Laws in the Processing of Controller Personal Data; and

3.1.2 not process Controller Personal Data other than on the relevant Controller`s or Controller`s documented instructions unless Processing is required by Applicable Laws to which the relevant Subprocessor is subject, in which case Processor or the relevant Processor Affiliate shall to the extent permitted by Applicable Laws inform the Controller of that legal requirement before the relevant Processing of that Personal Data

3.1.2 not process Controller Personal Data other than on the relevant Controller`s or Controller`s documented instructions unless Processing is required by Applicable Laws to which the relevant Subprocessor is subject, in which case Processor or the relevant Processor Affiliate shall to the extent permitted by Applicable Laws inform the Controller of that legal requirement before the relevant Processing of that Personal Data

3.2 The Controller shall ensure that:

3.2 The Controller shall ensure that:

3.2.1 instructs Processor and each Processor Affiliate (and authorises Processor and each Processor Affiliate to instruct each Subprocessor) to: 

3.2.1 instructs Processor and each Processor Affiliate (and authorises Processor and each Processor Affiliate to instruct each Subprocessor) to: 

3.2.1.1 Process Controller Personal Data; and

3.2.1.1 Process Controller Personal Data; and

3.2.1.2 in particular, transfer Controller Personal Data to any country or territory, as reasonably necessary for the provision of the Services and consistent with the Terms and Conditions.

3.2.1.2 in particular, transfer Controller Personal Data to any country or territory, as reasonably necessary for the provision of the Services and consistent with the Terms and Conditions.

3.3 Annex 1 to this DPA sets out certain information regarding the Processors' Processing of the Controller Personal Data as required by Article 28(3) of the GDPR (and, possibly, equivalent requirements of other Applicable Laws). Controller may make reasonable amendments to Annex 1 by written notice to Processor from time to time as Controller reasonably considers necessary to meet those requirements. Nothing in Annex 1 (including as amended pursuant to this section 3.3) confers any right or imposes any obligation on any party to this DPA.

3.3 Annex 1 to this DPA sets out certain information regarding the Processors' Processing of the Controller Personal Data as required by Article 28(3) of the GDPR (and, possibly, equivalent requirements of other Applicable Laws). Controller may make reasonable amendments to Annex 1 by written notice to Processor from time to time as Controller reasonably considers necessary to meet those requirements. Nothing in Annex 1 (including as amended pursuant to this section 3.3) confers any right or imposes any obligation on any party to this DPA.

3.4 Immediately and within less than 1 month from receiving Personal Data from the Processor, while fulfilling the requirements under article 14 of the EU GDPR, Controller is required to have the Data Subject informed and aware of which Personal Data is under Processing and its origin and purpose.

3.4 Immediately and within less than 1 month from receiving Personal Data from the Processor, while fulfilling the requirements under article 14 of the EU GDPR, Controller is required to have the Data Subject informed and aware of which Personal Data is under Processing and its origin and purpose.

4. Processor and Processor Affiliate Personnel

Processor and each Processor Affiliate shall take reasonable steps to ensure the reliability of any employee, agent or contractor of any Subprocessor who may have access to the Controller Personal Data, ensuring in each case that access is strictly limited to those individuals who need to know / access the relevant Controller Personal Data, as strictly necessary for the purposes of the Terms and Conditions , and to comply with Applicable Laws in the context of that individual's duties to the Processor, ensuring that all such individuals are subject to confidentiality undertakings or professional or statutory obligations of confidentiality.

Processor and each Processor Affiliate shall take reasonable steps to ensure the reliability of any employee, agent or contractor of any Subprocessor who may have access to the Controller Personal Data, ensuring in each case that access is strictly limited to those individuals who need to know / access the relevant Controller Personal Data, as strictly necessary for the purposes of the Terms and Conditions , and to comply with Applicable Laws in the context of that individual's duties to the Processor, ensuring that all such individuals are subject to confidentiality undertakings or professional or statutory obligations of confidentiality.

5. Security

5.1 Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Processor and each Processor Affiliate shall in relation to the Controller Personal Data implement appropriate technical and organizational measures to ensure a level of security appropriate to that risk, including, as appropriate, the measures referred to in Article 32(1) of the GDPR.

5.1 Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Processor and each Processor Affiliate shall in relation to the Controller Personal Data implement appropriate technical and organizational measures to ensure a level of security appropriate to that risk, including, as appropriate, the measures referred to in Article 32(1) of the GDPR.

5.2 In assessing the appropriate level of security, Processor and each Processor Affiliate shall take account in particular of the risks that are presented by Processing, in particular from a Personal Data Breach.

5.2 In assessing the appropriate level of security, Processor and each Processor Affiliate shall take account in particular of the risks that are presented by Processing, in particular from a Personal Data Breach.

5.3 The technical and organizational implemented measures by the Processor and each Processor Affiliate are listed on Annex 2.

5.3 The technical and organizational implemented measures by the Processor and each Processor Affiliate are listed on Annex 2.

6. Subprocessing

6.1 The Controller authorises Processor and each Processor Affiliate to appoint (and permit each Subprocessor appointed in accordance with this section 6 to appoint) Subprocessors in accordance with this section 6 and any restrictions in the Terms and Conditions.

6.1 The Controller authorises Processor and each Processor Affiliate to appoint (and permit each Subprocessor appointed in accordance with this section 6 to appoint) Subprocessors in accordance with this section 6 and any restrictions in the Terms and Conditions.

6.2 Processor and each Processor Affiliate may continue to use those Subprocessors already engaged by Processor or any Processor Affiliate as at the date of this DPA, subject to Processor and each Processor Affiliate in each case as soon as practicable meeting the obligations set out in section 6.4.

6.2 Processor and each Processor Affiliate may continue to use those Subprocessors already engaged by Processor or any Processor Affiliate as at the date of this DPA, subject to Processor and each Processor Affiliate in each case as soon as practicable meeting the obligations set out in section 6.4.

6.3 Controller authorises the Processor to subcontract subprocessors which the Processor considers necessary for the correct service provision of the services agreed in the main contract. Upon Controller´s request, the Processor will provide an updated list of all categories of subcontractors involved in the service provision contracted by the former.


The subprocessor shall also be regarded as processor in the same terms as the Processor in this agreement. In this sense, the Processor agrees to sign a data processing agreement with the third-party subprocessor through which the Subprocessor agrees to comply with the obligations established in this agreement, as a Subprocessor.


In any case, the same data protection obligations will be imposed on the subcontractor in such a way that the processing complies with the provisions of GDPR (being at present date the most comprehensive piece of Personal Data Protection legislation being enforced).

6.3 Controller authorises the Processor to subcontract subprocessors which the Processor considers necessary for the correct service provision of the services agreed in the main contract. Upon Controller´s request, the Processor will provide an updated list of all categories of subcontractors involved in the service provision contracted by the former.


The subprocessor shall also be regarded as processor in the same terms as the Processor in this agreement. In this sense, the Processor agrees to sign a data processing agreement with the third-party subprocessor through which the Subprocessor agrees to comply with the obligations established in this agreement, as a Subprocessor.


In any case, the same data protection obligations will be imposed on the subcontractor in such a way that the processing complies with the provisions of GDPR (being at present date the most comprehensive piece of Personal Data Protection legislation being enforced).

6.4 With respect to each Subprocessor, Processor or the relevant Processor Affiliate shall:

6.4 With respect to each Subprocessor, Processor or the relevant Processor Affiliate shall:

6.4.1 before the Subprocessor first processes Controller Personal Data (or, where relevant, in accordance with section 6.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Controller Personal Data required by the Terms and Conditions ;

6.4.1 before the Subprocessor first processes Controller Personal Data (or, where relevant, in accordance with section 6.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Controller Personal Data required by the Terms and Conditions ;

6.4.2 ensure that the arrangement between on the one hand (a) Processor, or (b) the relevant Processor Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand, the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Controller Personal Data as those set out in this DPA and meet the requirements of Article 28(3) of the GDPR;

6.4.2 ensure that the arrangement between on the one hand (a) Processor, or (b) the relevant Processor Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand, the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Controller Personal Data as those set out in this DPA and meet the requirements of Article 28(3) of the GDPR;

6.5 Processor and each Processor Affiliate shall ensure that each Subprocessor performs the obligations under sections 3.1, 4, 5, 7.1, 8.2, 9 and 11.1, as they apply to Processing of Controller Personal Data carried out by that Subprocessor, as if it were party to this DPA in place of Processor.

6.5 Processor and each Processor Affiliate shall ensure that each Subprocessor performs the obligations under sections 3.1, 4, 5, 7.1, 8.2, 9 and 11.1, as they apply to Processing of Controller Personal Data carried out by that Subprocessor, as if it were party to this DPA in place of Processor.

7. Data Subject Rights

7.1 Taking into account the nature of the Processing, Processor and each Processor Affiliate shall implement appropriate technical and organizational measures, insofar as this is possible, for the fulfillment of its legal obligations, to respond to the exercise of Data Subject rights under the Applicable Laws.

7.1 Taking into account the nature of the Processing, Processor and each Processor Affiliate shall implement appropriate technical and organizational measures, insofar as this is possible, for the fulfillment of its legal obligations, to respond to the exercise of Data Subject rights under the Applicable Laws.

7.2 Processor shall:

7.2 Processor shall:

7.2.1 promptly notify Controller if the Processor or any Subprocessor receives a request from a Data Subject under any Applicable Law in respect of Controller Personal Data; and

7.2.1 promptly notify Controller if the Processor or any Subprocessor receives a request from a Data Subject under any Applicable Law in respect of Controller Personal Data; and

7.2.2 ensure it shall not neither its Subprocessor respond to that request except on the documented instructions of Controller or as required by Applicable Laws to which the Processor or the Subprocessor is subject, in which case Processor shall to the extent permitted by Applicable Laws inform Controller of that legal requirement prior to having the Subprocessor responding to the request.

7.2.2 ensure it shall not neither its Subprocessor respond to that request except on the documented instructions of Controller or as required by Applicable Laws to which the Processor or the Subprocessor is subject, in which case Processor shall to the extent permitted by Applicable Laws inform Controller of that legal requirement prior to having the Subprocessor responding to the request.

7.2.3 Given the fact that the Processor shall be Processing the Personal Data while not having it shared with the Controller for certain periods, if a Data Subject exercises his/ her Rights during such a time frame the Processor will fulfill such requests without informing or asking the Controller for instructions.

7.2.3 Given the fact that the Processor shall be Processing the Personal Data while not having it shared with the Controller for certain periods, if a Data Subject exercises his/ her Rights during such a time frame the Processor will fulfill such requests without informing or asking the Controller for instructions.

8. Personal Data Breach

8.1 Processor shall notify Controller without undue delay upon Processor or any Subprocessor becoming aware of a Personal Data Breach on their side, affecting Controller Personal Data, providing Controller with sufficient information to allow the Controller to meet any obligations to report or inform Data Subjects or Supervisory Authorities of the Personal Data Breach under the Applicable Laws. "Such notification shall as a minimum contain the following information:

8.1 Processor shall notify Controller without undue delay upon Processor or any Subprocessor becoming aware of a Personal Data Breach on their side, affecting Controller Personal Data, providing Controller with sufficient information to allow the Controller to meet any obligations to report or inform Data Subjects or Supervisory Authorities of the Personal Data Breach under the Applicable Laws. "Such notification shall as a minimum contain the following information:

8.1.1 describe the nature of the Personal Data Breach, the categories and numbers of Data Subjects concerned, and the categories and numbers of Personal Data records concerned;

8.1.1 describe the nature of the Personal Data Breach, the categories and numbers of Data Subjects concerned, and the categories and numbers of Personal Data records concerned;

8.1.2 communicate the name and contact details of Processor's data protection officer or other relevant contact from whom more information may be obtained;

8.1.2 communicate the name and contact details of Processor's data protection officer or other relevant contact from whom more information may be obtained;

8.1.3 describe the likely consequences of the Personal Data Breach; and

8.1.3 describe the likely consequences of the Personal Data Breach; and

8.1.4 describe the measures taken or proposed to be taken to address the Personal Data Breach.

8.1.4 describe the measures taken or proposed to be taken to address the Personal Data Breach.

8.2 Processor shall co-operate with the Controller and take such reasonable commercial steps as are directed by the Controller to assist in the investigation, mitigation and remediation of each such Personal Data Breach.

8.2 Processor shall co-operate with the Controller and take such reasonable commercial steps as are directed by the Controller to assist in the investigation, mitigation and remediation of each such Personal Data Breach.

9. Data Protection Impact Assessment and Prior Consultation

Processor and each Processor Affiliate shall provide reasonable assistance to the Controller with any data protection impact assessments, and prior consultations with Supervising Authorities or other competent data privacy authorities, as defined under Article 35 or 36 of the GDPR or equivalent provisions of any other Data Protection Law, in each case solely in relation to Processing of Controller Personal Data by, and taking into account the nature of the Processing and information available to, the Subprocessors.

Processor and each Processor Affiliate shall provide reasonable assistance to the Controller with any data protection impact assessments, and prior consultations with Supervising Authorities or other competent data privacy authorities, as defined under Article 35 or 36 of the GDPR or equivalent provisions of any other Data Protection Law, in each case solely in relation to Processing of Controller Personal Data by, and taking into account the nature of the Processing and information available to, the Subprocessors.

10. Deletion or return of Controller Personal Data

10.1 Subject to section 10.2, Controller may in its absolute discretion by written notice to Processor  request that within thirty (30) days of the Cessation Date require Processor and each Processor Affiliate to (a) return a complete copy of all Controller Personal Data to Controller by secure file transfer in such format as is reasonably notified by Controller to Processor; and (b) delete and procure the deletion of all other copies of Controller Personal Data processed by any Subprocessor. Processor and each Processor Affiliate shall comply with any such written request within 30 days of the Cessation Date.

10.1 Subject to section 10.2, Controller may in its absolute discretion by written notice to Processor  request that within thirty (30) days of the Cessation Date require Processor and each Processor Affiliate to (a) return a complete copy of all Controller Personal Data to Controller by secure file transfer in such format as is reasonably notified by Controller to Processor; and (b) delete and procure the deletion of all other copies of Controller Personal Data processed by any Subprocessor. Processor and each Processor Affiliate shall comply with any such written request within 30 days of the Cessation Date.

10.2 Each Subprocessor may retain Controller Personal Data to the extent required by Applicable Laws and only to the extent and for such period as required by Applicable Laws and always provided that Processor and each Processor Affiliate shall ensure the confidentiality of all such Controller Personal Data and shall ensure that such Controller Personal Data is only processed as necessary for the purpose(s) specified in the Applicable Laws requiring its storage and for no other purpose. 

10.2 Each Subprocessor may retain Controller Personal Data to the extent required by Applicable Laws and only to the extent and for such period as required by Applicable Laws and always provided that Processor and each Processor Affiliate shall ensure the confidentiality of all such Controller Personal Data and shall ensure that such Controller Personal Data is only processed as necessary for the purpose(s) specified in the Applicable Laws requiring its storage and for no other purpose. 

10.3 Processor shall provide written confirmation document to Controller certifying that the Processor and its Subprocessors have fully complied with this section 10 within 30 days of the Cessation Date.

10.3 Processor shall provide written confirmation document to Controller certifying that the Processor and its Subprocessors have fully complied with this section 10 within 30 days of the Cessation Date.

10.4 For the purposes of this clause, “delete” means to remove or obliterate Personal Data that it should not be recovered or reconstructed”, “Cessation Date” means the date of cessation of any services involving the processing of Controller Personal Data.

10.4 For the purposes of this clause, “delete” means to remove or obliterate Personal Data that it should not be recovered or reconstructed”, “Cessation Date” means the date of cessation of any services involving the processing of Controller Personal Data.

11. Audit rights

11.1 Processor and each Processor Affiliate shall make available to the Controller on request all information necessary to demonstrate compliance with this DPA

11.1 Processor and each Processor Affiliate shall make available to the Controller on request all information necessary to demonstrate compliance with this DPA

12. General Terms

Governing law and jurisdiction

Governing law and jurisdiction

12.1 Without prejudice to clauses 7 (Mediation and Jurisdiction):

12.1 Without prejudice to clauses 7 (Mediation and Jurisdiction):

12.1.1 the Parties to this DPA hereby submit to the choice of jurisdiction stipulated in the Terms and Conditions with respect to any disputes or claims howsoever arising under this DPA, including disputes regarding its existence, validity or termination or the consequences of its nullity; and

12.1.1 the Parties to this DPA hereby submit to the choice of jurisdiction stipulated in the Terms and Conditions with respect to any disputes or claims howsoever arising under this DPA, including disputes regarding its existence, validity or termination or the consequences of its nullity; and

12.1.2 the Parties to this DPA hereby submit to the choice of jurisdiction stipulated in the Terms and Conditions with respect to any disputes or claims howsoever arising under this DPA, including disputes regarding its existence, validity or termination or the consequences of its nullity; and

12.1.2 the Parties to this DPA hereby submit to the choice of jurisdiction stipulated in the Terms and Conditions with respect to any disputes or claims howsoever arising under this DPA, including disputes regarding its existence, validity or termination or the consequences of its nullity; and

Order of precedence

Order of precedence

12.2 Nothing in this DPA reduces Processor's or any Processor Affiliate’s obligations under the Terms and Conditions in relation to the protection of Personal Data or permits Processor or any Processor Affiliate to process (or permit the Processing of) Personal Data in a manner which is prohibited by the Terms and Conditions.

12.2 Nothing in this DPA reduces Processor's or any Processor Affiliate’s obligations under the Terms and Conditions in relation to the protection of Personal Data or permits Processor or any Processor Affiliate to process (or permit the Processing of) Personal Data in a manner which is prohibited by the Terms and Conditions.

12.3 Subject to section 12.2, with regard to the subject matter of this DPA, in the event of inconsistencies between the provisions of this DPA and any other agreements between the Parties, including the Terms and Conditions  and including (except where explicitly agreed otherwise in writing, signed on behalf of the Parties) agreements entered into or purported to be entered into after the date of this DPA, the provisions of this DPA shall prevail.

12.3 Subject to section 12.2, with regard to the subject matter of this DPA, in the event of inconsistencies between the provisions of this DPA and any other agreements between the Parties, including the Terms and Conditions  and including (except where explicitly agreed otherwise in writing, signed on behalf of the Parties) agreements entered into or purported to be entered into after the date of this DPA, the provisions of this DPA shall prevail.

Changes in Applicable Laws, etc.

Changes in Applicable Laws, etc.

12.4 Controller may:

12.4 Controller may:

12.4.1 by written notice to Processor propose any other variations to this DPA which Controller reasonably considers to be necessary to address the requirements of any Data Protection Law.

12.4.1 by written notice to Processor propose any other variations to this DPA which Controller reasonably considers to be necessary to address the requirements of any Data Protection Law.

12.5 If Controller gives notice under section 12.4.1:

12.5 If Controller gives notice under section 12.4.1:

12.5.1 Processor and each Processor Affiliate shall promptly co-operate (and ensure that any affected Subprocessors promptly co-operate) to ensure that equivalent variations are made to any agreement put in place under section 6.4.3; and

12.5.1 Processor and each Processor Affiliate shall promptly co-operate (and ensure that any affected Subprocessors promptly co-operate) to ensure that equivalent variations are made to any agreement put in place under section 6.4.3; and

12.5.2 Controller shall not unreasonably withhold or delay agreement to any consequential variations to this DPA proposed by Processor to protect the Subprocessors against additional risks associated with the variations made under section 12.4.1 and/or 12.5.1.

12.5.2 Controller shall not unreasonably withhold or delay agreement to any consequential variations to this DPA proposed by Processor to protect the Subprocessors against additional risks associated with the variations made under section 12.4.1 and/or 12.5.1.

12.6 If Controller gives notice under section 12.4.1, the Parties shall promptly discuss the proposed variations and negotiate in good faith with a view to agreeing and implementing those or alternative variations designed to address the requirements identified in Controller's notice as soon as is reasonably practicable.

12.6 If Controller gives notice under section 12.4.1, the Parties shall promptly discuss the proposed variations and negotiate in good faith with a view to agreeing and implementing those or alternative variations designed to address the requirements identified in Controller's notice as soon as is reasonably practicable.

12.7 Neither Controller nor Processor shall require the consent or approval of any Controller Affiliate or Processor Affiliate to amend this DPA pursuant to this section 12.5 or otherwise. 


Severance

12.7 Neither Controller nor Processor shall require the consent or approval of any Controller Affiliate or Processor Affiliate to amend this DPA pursuant to this section 12.5 or otherwise. 


Severance

12.8 Should any provision of this DPA be invalid or unenforceable, then the remainder of this DPA shall remain valid and in force. The invalid or unenforceable provision shall be either (i) amended as necessary to ensure its validity and enforceability, while preserving the Parties’ intentions as closely as possible or, if this is not possible, (ii) construed in a manner as if the invalid or unenforceable part had never been contained therein.

12.8 Should any provision of this DPA be invalid or unenforceable, then the remainder of this DPA shall remain valid and in force. The invalid or unenforceable provision shall be either (i) amended as necessary to ensure its validity and enforceability, while preserving the Parties’ intentions as closely as possible or, if this is not possible, (ii) construed in a manner as if the invalid or unenforceable part had never been contained therein.

12.9 Contact information of the Parties.


Each Party is hereby informed that the contact information of their representatives and employees will be processed by the other Party for the purpose of executing, developing, complying and controlling the provision of the agreed services, considering the compliance of the contractual obligations as the legal grounds for the data processing. Personal data will be retained during the term of the commercial agreement and for statutory limitation periods upon termination of the agreement in order to comply with any potential liabilities arising thereof. In addition, each of the Parties shall comply with its obligation of information to their respective representatives and employees.


The data of the Parties may be transferred to banks and financial entities for payment management and collection, to the Tax Authorities and other Public Administrations for the purpose of carrying out the corresponding tax declarations and complying with their respective legal obligations, in accordance with applicable regulations, and to the Public Administrations in the event of statutory requirements. 


The Parties may request access to the personal data which is referred to in this clause, its rectification, erasure, portability, and restriction of its processing, as well as objection of said processing, at the address of the Parties as specified in Annex 3.

12.9 Contact information of the Parties.


Each Party is hereby informed that the contact information of their representatives and employees will be processed by the other Party for the purpose of executing, developing, complying and controlling the provision of the agreed services, considering the compliance of the contractual obligations as the legal grounds for the data processing. Personal data will be retained during the term of the commercial agreement and for statutory limitation periods upon termination of the agreement in order to comply with any potential liabilities arising thereof. In addition, each of the Parties shall comply with its obligation of information to their respective representatives and employees.


The data of the Parties may be transferred to banks and financial entities for payment management and collection, to the Tax Authorities and other Public Administrations for the purpose of carrying out the corresponding tax declarations and complying with their respective legal obligations, in accordance with applicable regulations, and to the Public Administrations in the event of statutory requirements. 


The Parties may request access to the personal data which is referred to in this clause, its rectification, erasure, portability, and restriction of its processing, as well as objection of said processing, at the address of the Parties as specified in Annex 3.

12.10 Liability


The Processor shall be responsible for all penalties and fines arising from the failure to comply with the obligations set under this agreement.

12.10 Liability


The Processor shall be responsible for all penalties and fines arising from the failure to comply with the obligations set under this agreement.

Annex 1: Description of Processing of Personal Data

Annex 1: Description of Processing of Personal Data

This Annex includes certain details of the Processing of Personal Data as required by Article 28(3) GDPR.


Subject matter and duration of the Processing of Personal Data

The subject matter and duration of the Processing of Personal Data are set out in the Terms and Conditions and the Privacy Policy.


The nature and purpose of the Processing of Personal Data

The nature and purpose of the Processing of Personal Data are set out in the Terms and Conditions and the Privacy Policy.


The categories of Data Subject to whom Personal Data relates

The Data Subjects whose Personal Data will be under Processing by the Processor consist of Controller’ prospective customers (natural persons).


The types of Personal Data to be processed

This Annex includes certain details of the Processing of Personal Data as required by Article 28(3) GDPR.


Subject matter and duration of the Processing of Personal Data

The subject matter and duration of the Processing of Personal Data are set out in the Terms and Conditions and the Privacy Policy.


The nature and purpose of the Processing of Personal Data

The nature and purpose of the Processing of Personal Data are set out in the Terms and Conditions and the Privacy Policy.


The categories of Data Subject to whom Personal Data relates

The Data Subjects whose Personal Data will be under Processing by the Processor consist of Controller’ prospective customers (natural persons).


The types of Personal Data to be processed

First Name

Last Name

Phone (Company)

Corporate email

Company

Company Address

Role/ Job Title/Department

Company Size

Location/ City

Employment history

Education Background

Social Media Profiles

TimeZone

PhotoURL (meaning weblink to a Data Subject photo)

Date of death

Customer of (companies)

Volunteering Member

Member of Groups

Interests

Followed persons in Social Media

Followed companies in Social Media

Is an investor (Y/N)

Continent; Country; City of residence

Bio

Birthdate

Education

Professional Data

Email

Gender

Estimated professional experience - statistical

Estimated salary range - statistical

Estimated interests based on Social Media - statistical

Estimated pet owner - statistical

Social Media and followers

Languages

Other persons with similar interests and walks of life

First Name

Last Name

Phone (Company)

Corporate email

Company

Company Address

Role/ Job Title/Department

Company Size

Location/ City

Employment history

Education Background

Social Media Profiles

TimeZone

PhotoURL (meaning weblink to a Data Subject photo)

Date of death

Customer of (companies)

Volunteering Member

Member of Groups

Interests

Followed persons in Social Media

Followed companies in Social Media

Is an investor (Y/N)

Continent; Country; City of residence

Bio

Birthdate

Education

Professional Data

Email

Gender

Estimated professional experience - statistical

Estimated salary range - statistical

Estimated interests based on Social Media - statistical

Estimated pet owner - statistical

Social Media and followers

Languages

Other persons with similar interests and walks of life

The obligations and rights of Processor and Processor Affiliates


The Processor has the obligation to meet and observe Applicable Laws’ requirements mainly and specifically the EU Regulation 2016/ 679 (the General Data Protection Legislation – GDPR) which under European Union law takes precedence over each member state local transposition legislation.

The obligations and rights of Processor and Processor Affiliates


The Processor has the obligation to meet and observe Applicable Laws’ requirements mainly and specifically the EU Regulation 2016/ 679 (the General Data Protection Legislation – GDPR) which under European Union law takes precedence over each member state local transposition legislation.

At CRED, we are committed to the highest standards of data security and privacy. To affirm our dedication, we are fully SOC 2 and GDPR compliant, having undergone rigorous third-party audits to verify our data handling practices meet all criteria for security, availability, processing integrity, confidentiality, and privacy.

At CRED, we are committed to the highest standards of data security and privacy. To affirm our dedication, we are fully SOC 2 and GDPR compliant, having undergone rigorous third-party audits to verify our data handling practices meet all criteria for security, availability, processing integrity, confidentiality, and privacy.

Go To Top

© 2024 CRED. All rights reserved.

At CRED, we are committed to the highest standards of data security and privacy. To affirm our dedication, we are fully SOC 2 and GDPR compliant, having undergone rigorous third-party audits to verify our data handling practices meet all criteria for security, availability, processing integrity, confidentiality, and privacy.