Terms that are especially important at Miradore. To make it easy to find the information you’re looking for, we’ve assembled them all here under one roof.
Updated March 1st, 2021.
C/O Westmusa, Inc
235 West 48th St, Suite 42B
New York, NY 10036, USA
(Hereafter “Miradore” or “We”)
2. Contact person
Attn: Privacy Officer
C/O Westmusa, Inc
235 West 48th St, Suite 42B
New York, NY 10036, USA
3. Name of Register
Customer and Marketing Register.
4. Legal Bases for Processing and How We Use the Information We Collect
Our legal bases for processing personal data are our legitimate interest, the performance of a contract and in certain cases your consent.
We process your personal data for the following purposes:
- Delivery of products and services
We use your personal data to operate, maintain, enhance and provide all features of the Service; to provide the services and information that you request; to respond to comments and questions; and to provide support to users of the Service.
- Customer relationship management
We may use your email address or other information to contact you for administrative purposes, such as customer service and to address intellectual property infringement, right of privacy violations or defamation issues related to the personal data posted on the Service.
- Development of products and services
We use your personal data to understand and analyze the usage trends and preferences of our customers and website visitors; to improve the Service; and to develop new products, services, features, and functionality. We may contact you to complete surveys that we use for quality assurance purposes.
- Marketing purposes
We may use your contact details in order to provide you with updates on promotions and events, relating to products and services offered by us and by third parties with whom we work. You can stop receiving our promotional emails by following the unsubscribe instructions included in every email.
We use automated decision-making (incl. profiling) to identify personal profiles, online behavior, age, and consumer habits. We use this information to target advertising in our and others’ online services and to develop our services.
5. What Information Do We Process and Where Do We Receive it From?
a) Information Provided by You
When you sign up for and use the Service, consult with our customer support team, send us an email, post on our community, or communicate with us in any way, you are voluntarily giving us information that we collect. That information may include your name, email address, phone number, and credit card or other billing information.
b) Information Collected Automatically
Information Collected from your use of the Service
We may receive information about how and when you use the Service, store it in log files or other types of files associated with your account, and link it to other information we collect about you. This information may include, for example, your IP address, time, date, browser used, and actions you have taken within the application. This type of information helps us to improve our Service for both you and for all of our users.
Cookies and tracking
We may use Google Analytics or other website analytics providers to measure and evaluate access to and traffic on our website and create user navigation reports for our Site administrators.
6. How We Disclose Information
We are committed to your privacy and we do not sell any personal data.
We may disclose your information, including personal data, as described to you at the time of collection or disclosure or as follows:
a) Subcontractors. We may disclose your information, including Personal Data, to our vendors, service providers, agents, or others who perform functions on our behalf as subcontractors. For example, we may disclose your information to third-party service providers to process payments on our behalf.
b) Business Transfers. We may disclose your information, including Personal Data, to another entity in connection to negotiations of an acquisition or merger, sale or transfer of a business unit or assets, bankruptcy proceeding, or as part of any other similar business transfer.
d) Legal Compliance. We may disclose your information, including Personal Data, to comply with applicable legal or regulatory obligations, including as part of a judicial proceeding. We may also disclose your information and Personal Data in response to a subpoena, warrant, court order, or other legal process or as part of an investigation or request, whether formal or informal, from law enforcement or a government official.
e) Aggregate or Anonymous Information. We may disclose aggregate, anonymous information about you for marketing, advertising, research, compliance, or other purposes.
7. Transfers outside the EU/EEA
Our servers are located in the European Union. We use our subcontractors (see full list) to process some of your personal data (e.g. contact details in customer relationship management applications or customer support information in ticketing systems) in other locations than the EU. These cases are considered as data transfers outside the EU/EEA. Therefore, we shall ensure that there is (i) an adequacy decision from the EU Commission (ii) binding corporate rules (iii) an approved certification authorizing the transfer (iv) an approved code of conduct authorizing the transfer or (v) EU Commission standard contractual clauses with appropriate technical safeguards.
8. Data Retention
We only retain the Personal Data collected from a User for as long as the User’s account is active or otherwise for a limited period of time as long as we need it to fulfill the purposes for which we have initially collected it, unless otherwise required by law. We will retain and use information as necessary to comply with our legal obligations, resolve disputes, and enforce our Terms of Service, and comply with technical and legal requirements and constraints related to the security, integrity and operation of the Services.
We take reasonable measures that ensure no incompatible, outdated or inaccurate personal data is stored in the register taking into account the purpose of the processing. We correct or erase such data without delay.
9. Data Security
Miradore follows generally accepted industry standards to protect the information and personal data submitted to us, both during the transmission and once we receive it. Miradore ensures that its employees and other persons authorized to process the personal data have committed to confidentiality. We maintain appropriate administrative, technical and physical safeguards to protect personal data against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse, and any other unlawful form of processing of the personal data in our possession. This includes, for example, firewalls, password protection and other access and authentication controls. We use TLS technology to encrypt data during transmission through the public Internet, and we also employ application-layer security features to further anonymize personal data.
If you believe your personal data has been compromised, please contact us as set forth in the “How to Contact Us” section.
10. Your Rights as a Data Subject
a) Data Requests, Correction and Removal. As a data subject you have the right to receive a copy, access or correct any Personal Data we hold about you, or to request that we delete any information about you, by contacting us as set forth in the “How to Contact Us” section.
b) Right to Object and Complain. As a data subject, you have a right, according to the EU’s General Data Protection Regulation, to object to or request the restriction of the processing and lodge a complaint with a supervisory authority responsible for processing personal data. On grounds relating to your particular situation you also have the right to object other processing activities when the legal basis of processing is our legitimate interest. In connection with your request, you shall identify the specific situation, based on which you object to the processing. We can refuse the request of objection only on legal grounds.
c) Right to withdraw consent. Insofar as the processing is based on consent, you also have the right to withdraw or change your consent. Withdrawing your consent does not affect the lawfulness of processing before the withdrawal of the consent.
d) Opting out from Commercial Communications. If you receive commercial emails from us, you may unsubscribe at any time by following the instructions contained within the email or by sending an email to the address provided in the “How to Contact Us” section.
11. Third-Party Services
The Service may contain features or links to websites and services provided by third parties. Any information you provide on third-party sites or services is provided directly to the operators of such services and is subject to those operators’ policies, if any, governing privacy and security, even if accessed through the Service. We are not responsible for the content or privacy and security practices and policies of third-party sites or services to which links or access are provided through the Service. We encourage you to learn about third parties’ privacy and security policies before providing them with information.
Terms of Service
Updated June 3rd, 2019.
This is a legal agreement between Miradore Inc (C/O Westmusa, Inc 235 West 48th St, Suite 42B New York, NY 10036, USA), and/or one of its affiliates, (each, “Miradore”) and you or the legal entity you represent as a user of the Services (“Customer” or “You”) and sets forth your rights and responsibilities that you have with respect to the Service. If you sign up for Miradore on behalf of a company or other entity, you represent and warrant that you have the right, capacity and authority to accept this Agreement on your own behalf or their behalf and to abide by the terms of the Agreement, and that you have fully read and understood the Agreement. Moreover, if you are a corporation, you represent and warrant that you are duly incorporated and validly existing under the laws of your jurisdiction of incorporation and you have the corporate power and authority to agree to this Agreement and to perform your obligations hereunder.
Any terms or conditions appearing on the face or reverse side of any purchase order, purchase order acknowledgment or other order document that are different from, or in addition to, these Terms will not be binding on the Company, even if payment is accepted.
If you have any questions about our Terms, please contact us.
BY CREATING A MIRADORE ACCOUNT, ACCESSING OR USING THE SERVICES, YOU AGREE TO BE BOUND BY THIS AGREEMENT.
This Agreement shall enter into force when you register as a user of the Service and shall continue as long as you use the Service (“Term”).
The Term shall terminate pursuant to below Section 16.
3. Modifications to Agreement
Miradore is entitled, at its sole discretion, to amend this Agreement at any time. Miradore will notify You of any changes Miradore considers material through the Service or by e-mail. Other changes will take effect immediately. You agree to be bound by any of the changes made in the Terms, including changes to any and all documents and policies incorporated thereto. Your continued use of the Service after such notice shall be deemed an acceptance of any changes. If you do not agree with the amended Terms, then you must avoid any further use of the Company Service.
4. Provision of the Service
a) Use of the Service. Subject to Your acceptance of and compliance with this Agreement, Miradore grants You a personal, limited, non-exclusive, non-transferable, non-sub-licensable and revocable right to use the Service solely for Your internal use within Your organization as intended by Miradore.
b) Modifications to Service. Miradore reserves the right to modify the Service or any part or element thereof from time to time without prior notice. As applicable, Customer may be notified of such modifications when logging in to the Service. If Customer does not accept the modification, Customer shall notify Miradore before the effective date of the modification, and this Agreement will terminate on the effective date of the modification. Otherwise, the modifications shall be deemed accepted by Customer´s continued use of the Service, or any part or element thereof after effective date of modifications. Customer is responsible at its own cost to carry out any changes to its own software or devices which are necessary for the proper use of the modified Service. After modification, you may no longer use the older version of the Service unless agreed to otherwise in writing between you and the Company.
c) Availability of Service. Miradore will use commercially reasonable efforts to make the Service available 24 hours a day, 7 days a week, except for: (i) planned downtime (of which Miradore shall give advance electronic notice), and (ii) any unavailability caused by circumstances beyond Miradore’s reasonable control, including, for example, changes in the regulatory environment or act of government, fire, earthquake, act of terror, strike or other labor problem, disturbances to public communications networks, power outages, Internet service provider failure or delay, or denial of service attack.
Miradore has the right to suspend or terminate the Service, parts of the Service or certain features of the Service at its sole discretion. Miradore aims to notify You a reasonable time in advance about any suspensions or termination of the Service. You agree that Miradore may discontinue the Service or change the content of the Service at any time, for any reason, with or without notice to you, without liability, unless otherwise expressly provided herein.
d) Technical Support. Miradore shall provide reasonable technical support to Customer and its authorized users as defined from time to time at www.miradore.com.
5. Using the Service
a) Eligibility. In order to use the Service, you must:
- Complete the registration process.
- Be at least eighteen (18) years old and able to enter into contracts.
- Provide true, complete, and up to date contact information.
By using the Service, you represent and warrant that you meet all the requirements listed above, and that you will not use the Service in a way that violates any laws or regulations. The Service is not intended for consumer use.
b) Login name and password. The use of the Service requires a login name (which must be a valid email address) and a password. You are responsible for keeping your login name and password confidential. You are also responsible for any login names that you have access to, whether or not you authorized the use. You will immediately notify us of any unauthorized use of your login names. We are not responsible for any losses due to stolen or hacked passwords. We do not have access to your current password.
c) Fees. The Service is subject to fees in accordance with the prevailing pricing plan available at www.miradore.com. The applicable fee is charged in advance in monthly or annual payment intervals, unless agreed otherwise between Miradore and the Customer. All fees are non-refundable, i.e. there are no refunds or credits for periods where the Customer did not use the Service, used it only partially, or deactivated the Service or terminated this Agreement before the end of an ongoing payment interval.
Miradore shall be entitled to amend the pricing, by giving prior written notice at least 60 days before the effective date of the change.
The Service fee does not include any deductions or withholding on account of any taxes, levies, fees or other charges. Value added tax shall be added to the prices in accordance with the then current regulations.
d) Payment. You are responsible for paying all fees and applicable taxes associated with the Service in a timely manner with a valid payment method. You authorize Miradore to charge through your selected payment method (credit card, PayPal, or bank account, “Payment Method”) all charges to your Service accounts. When you provide such a Payment Method to Miradore, you confirm that you are permitted to use that Payment Method. You also authorize Miradore’s payment processor to collect and store information on the Payment Method, along with other related transaction information, and provide Miradore with information on your payment.
Your payment to Miradore will automatically renew at the end of the subscription period, unless You cancel Your subscription by notifying Miradore thereof in writing before the end of the current subscription period. Unless otherwise agreed, the subscription period is one month and the cancellation of the paid subscription shall take effect the day after the last day of the current subscription period.
Credit card payment: When paying by credit card, you shall provide us with valid credit card information and authorize us to deduct the monthly charges from that credit card. You will replace the information for any credit card that expires with information for a valid one. Anyone using a credit card represents and warrants that they are authorized to use that credit card, and that any and all charges may be billed to that credit card and will not be rejected. If we are unable to process your credit card order, we will try to contact you by email and suspend the Service until your payment can be processed.
If your payment fails or your account is past due, you agree to pay all amounts due on your account upon demand and reimburse Miradore for any costs and expenses related to the overdue payment. Miradore may also collect fees owed using other collection mechanisms. In case of payment failure, Miradore may at any time without notice suspend, terminate or delete your upgraded Service or your account.
You agree to submit any disputes regarding any charge to your account in writing to Miradore within thirty (30) days of such charge. Otherwise, such dispute will be waived and such charge will be final and not subject to challenge.
e) Restrictions. You agree not to use the Service in a manner or otherwise submit any material, that (a) violate any Intellectual Property Rights, privacy, publicity or any other rights of others; or (b) would be obscene, indecent, discriminatory, abusive, defamatory or illegal, or violate good manner. You are solely responsible for any material You submit to the Service and the consequences of its transmission.
You may not use inappropriate language or offensive expressions while using the Service. You shall also use the Service in a manner that does not cause harm to Miradore, other users or third parties. If Miradore receives a notice claiming that You have submitted preceding type of material, Miradore is entitled to remove such material or prevent its use without notice.
Except as specifically allowed in this Agreement, You are not entitled to use, copy, reproduce, republish, store, modify, transfer, display, encode, transmit, distribute, lease, license, sell, rent, lend, convey, upload or otherwise transfer, assign or make publicly available your account, the Service, a part thereof or the material contained therein in any way. You are not entitled to adapt, translate, reverse engineer, decompile, disassemble or attempt to discover the source code, underlying ideas, algorithms, methods, techniques, file formats or programming interfaces of, or create derivative works from the Service or any part thereof, except to the extent expressly permitted herein or under applicable law. You are not entitled to remove, modify, hide, obscure, disable or modify any copyright, trademark or other proprietary rights notices, marks, labels or any other branding elements contained on or within the Services, falsify or delete any author attributions, legal notices or other labels of the origin or source of the material, or misrepresent the source of ownership of the Services.
No devices or connections necessary for the use of the Service are provided subject to this Agreement. You are responsible for purchasing, maintaining and updating such devices and connections (including data security) and for any costs related thereto. You acknowledge that the use of the Service used in connection with any other device or connectioned product or service does not violate obligations of such device or connectioned product.
6. Processing of Personal Data
Miradore does not own, control or direct the use of any of the Customer Data stored or processed by a Customer or User via the Service. Only the Customer or User is entitled to access, retrieve and direct the use of such Customer Data.
Because Miradore does not collect or define the use of any Personal Data contained in the Customer Data, and because it does not define the purposes for which such Personal Data is collected, the means of collecting such Personal Data, or the uses of such Personal Data, Miradore is not acting in the capacity of data controller in terms of the European Union’s General Data Protection Regulation (EU Regulation 2016/679, hereinafter “GDPR”) and does not have the associated responsibilities under the GDPR. Miradore shall therefore be considered as a processor on behalf of its Customer or User as to any Customer Data containing Personal Data that is subject to the requirements of the GDPR. Miradore’s processing of the Customer’s personal data shall be subject to the terms of the Data Processing Agreement, which forms an integral part of this Agreement.
8. Intellectual Property Rights
a) Proprietary Rights Owned by Miradore. Miradore or its licensors shall own all rights, title and interest in and to the Service as well as any material in or provided through the Service, including any copyright, patent, trademark, design right, trade secret and any other intellectual property rights (hereinafter referred to as “Intellectual Property Rights”). You shall not receive any ownership rights by using the Service or for example by downloading material from or submitting material to the Service. Unless expressly authorized by mandatory legislation, the Services may not be copied, reproduced or distributed in any manner or medium, in whole or in part, without prior written consent from Miradore. All rights not expressly granted to you herein are reserved by Miradore.
Proprietary Rights Owned by You. You warrant that You have necessary and sufficient use rights to any and all content and material that You submit to the Service. You agree not to use or otherwise exploit such content and material on end users, whose devices are managed using the Service, for any purpose without the express consent of the person who owns the right to such content
and material. By using this Service, You represent that You have the right to gather and store this information and material in the Service and that you will process the personal data included in such material in accordance with applicable data privacy legislation.
Customer shall defend, indemnify and hold harmless the Company from and against any and all third party claims, actions, liabilities, losses, damages and expenses which arise directly or indirectly out of or in connection with Customer’s data and/or device management activities under or in connection with these Terms, including without limitation those arising out of any third party demand, claim or action, or any breach of contract, negligence, fraud, willful misconduct, breach of statutory duty or non-compliance with any part of applicable data protection and/or privacy laws.
9. Third-party Sites, Products and Services
The Service may contain applications and links to sites, which are owned or operated by third parties. Miradore shall not be responsible for the content or for products or services offered by third parties. You are also aware that the individual applications or other material contained in the Service may include supplementary terms and conditions.
10. No warranty and Limitations of Liability
THE SERVICE IS OFFERED ON AN AS-IS BASIS. THE COMPANY MAKES NO WARRANTY OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, AND SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, PERFORMANCE, OR SUITABILITY; ANY WARRANTY RELATING TO ANY THIRD-PARTY PRODUCTS OR THIRD-PARTY SERVICES; ANY WARRANTY WITH RESPECT TO THE PERFORMANCE OF ANY HARDWARE OR SOFTWARE USED IN CONDUCTING THE COMPANY SERVICE; OR ANY WARRANTY CONCERNING THE RESULTS TO BE OBTAINED FROM THE SERVICE OR THE RESULTS OF ANY RECOMMENDATION WE MAY MAKE. THE COMPANY DOES NOT WARRANT THAT THE SERVICE MEETS CUSTOMER’S REQUIREMENTS OR THAT THE OPERATION OF THE SERVICE WILL BE UNINTERRUPTED OR ERROR-FREE. CUSTOMER AGREES THAT THE COMPANY WILL HAVE NO RESPONSIBILITY (OR RELATED LIABILITY) FOR BACKING UP CUSTOMER DATA OR ANY INFORMATION THAT CUSTOMER PROVIDES TO THE COMPANY.
You acknowledge and agree that the use of the Service including any and all decisions made by You based on such use is at your own risk.
You agree that, to the extent permitted by applicable law, Your sole and exclusive remedy for any problems or dissatisfaction with the Service, or any related third party application or content, is to stop using the Service or any related third party application or content.
TO THE FULLEST EXTENT PERMITTED BY LAW, IN NO EVENT WILL MIRADORE, ITS OFFICERS, SHAREHOLDERS, EMPLOYEES, AGENTS, DIRECTORS, SUBSIDIARIES, AFFILIATES, SUCCESSORS, SUPPLIERS OR LICENSORS BE LIABLE FOR:
i. ANY DIRECT, INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE, EXEMPLARY, CONSEQUENTIAL OR ANY OTHER DAMAGE AND LOSS (INCLUDING WITHOUT LIMITATION LOSS OF USE, LOSS OF DATA, LOSS OF BUSINESS, LOSS OF CONFIDENTIAL OR OTHER INFORMATION, BUSINESS INTERRUPTION, LOSS OF PRIVACY, FAILURE TO MEET DUTY, INCLUDING WITHOUT LIMITATION OF GOOD FAITH OR REASONABLE CARE, PERSONAL INJURY OR WORK STOPPAGE, OR LOSS OF PROFITS), COSTS, EXPENSES, AND PAYMENTS, THAT MAY RESULT FROM, IN CONNECTION WITH OR ARISING OUT OF A BREACH OF THIS AGREEMENT, THE USE OR INABILITY TO USE THE SERVICE, THIRD PARTY APPLICATIONS OR THIRD PARTY CONTENT, OR FROM ANY FAILURE, ERROR, OR DOWNTIME IN THE COMPANY POSITIONING SERVICE, OR FROM ANY FAULT OR ERROR MADE BY THE COMPANY’S STAFF, OR FOR ANY OTHER PECUNIARY OR OTHER LOSS WHATSOEVER, REGARDLESS OF LEGAL THEORY OR OF THE ALLEGED LIABILITY OR FORM OF ACTION, WHETHER IN CONTRACT, TORT OR OTHERWISE, INCLUDING NEGLIGENCE, INTELLECTUAL PROPERTY INFRINGEMENT, PRODUCT LIABILITY AND STRICT LIABILITY, WITHOUT REGARD TO WHETHER MIRADORE HAS BEEN WARNED OF THE POSSIBILITY OF THOSE DAMAGES;
ii. IN NO EVENT SHALL THE AGGREGATE LIABILITY FOR ALL CLAIMS RELATING TO THIS AGREEMENT, THE SERVICE, THIRD PARTY APPLICATIONS OR THIRD PARTY CONTENT BE MORE THAN LOWEST OF (A) THE ACTUAL PRICE PAID BY YOU TO MIRADORE FOR THE USE OF THE SERVICE DURING THE THREE (3) MONTH PERIOD PRECEDING THE CAUSE OF THE CLAIM, (B) USD 50, OR (C) THE LOWEST AMOUNT PERMITTED BY APPLICABLE LAW.
THE FOREGOING LIMITATIONS, EXCLUSIONS AND DISCLAIMERS SHALL APPLY TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, EVEN IF ANY REMEDY FAILS ITS ESSENTIAL PURPOSE.
You shall be liable and agree to indemnify and hold Miradore and its subsidiaries, affiliates, officers, agents, and employees harmless from and against all damages, costs, expenses and liabilities which are caused by, arising from and/or related to You or your unlawful behavior or infringement of this Agreement or Your violation of any rights of a third party through use of the Service or content related thereto.
11. Applicable law and settlement of disputes
This Agreement and the contractual relation related thereto shall be governed by the State of Delaware, excluding its choice of law provisions. Disputes arising out of this Agreement or the contractual relation related thereto will be attempted to be settled amicably. If no agreement is attained, the dispute shall be finally settled by arbitration in accordance with the Rules of Arbitration of the International Chamber of Commerce. The number of arbitrators shall be one. The place of arbitration shall be New York, New York. The Emergency Arbitrator provisions shall not apply.
CUSTOMER KNOWINGLY, VOLUNTARILY, AND INTENTIONALLY WAIVE (TO THE EXTENT PERMITTED BY APPLICABLE LAW) ANY RIGHT YOU MAY HAVE TO A TRIAL BY JURY, TO PARTICIPATE IN A CLASS ACTION OR A DIFFERENT VENUE OR JURISDICTION OF ANY DISPUTE ARISING UNDER OR RELATING TO THIS AGREEMENT.
12. Export Control
Miradore’s products may be subject to export and re-export control laws and regulations. You agree to comply with all applicable export and re-export control laws and regulations. You represent that You are not named on any government list of persons or entities prohibited from receiving export and that You shall not access or use the Service in violation of any export embargo, prohibition or restriction. In particular, Customer represents and warrants that Customer will not use or otherwise transport, export or re-export the Service to a country that is subject to a U.S. Government embargo or to anyone on the U.S. Treasury Department’s list of Specially Designated Nationals or the U.S. Department of Commerce Denied Person’s List or Entity List. Customer also represents and warrants that Customer is not located in any such country or on any such list.
Miradore may assign this agreement in whole or in part to its parent, affiliate or subsidiary company or in connection with a merger, business acquisition, corporate reorganization, or sale of all or substantially all of its assets or change of control or ownership. Customer may not assign or transfer its rights or obligations under these Terms without the prior written consent of the Company.
14. Notice of Breach of Security
You or Miradore may terminate this Agreement at any time and for any reason or no reason by giving Notice to the other party. We may suspend our Service to you at any time, with or without cause. If we terminate your account without cause, we will refund a prorated portion of your monthly prepayment. We will not refund or reimburse you if there is cause, like a violation of this Agreement. Your rights under these Terms will terminate immediately and automatically without notice from the Company if you fail to comply with any of the terms and conditions of these Terms.
If you do not log in to your account for 3 or more months, we may treat your account as “inactive” and the Agreement as expired.
Once the Agreement has been terminated or expired we may permanently delete the account and all the data associated with it if not otherwise agreed by the Parties.
If You or Miradore terminate this Agreement, or if Miradore suspends Your access to the Service, You agree that Miradore shall have no liability or responsibility to You to the fullest extent permitted under applicable law.
Upon any termination of the Service or your account this Agreement will also terminate, but Section 5c (Fees), Section 5d (Payment), Section 8 (Intellectual Property Rights), Section 10 (Liabilities and limitations of liability), Section 11 (Applicable law and settlement of disputes), Section 15 (Termination), Section 17 (Confidentiality) and Section 18 (Miscellaneous) shall continue to be effective after this Agreement has terminated.
16. Notices and Contacts
Except as otherwise specified in this Agreement, all notices related to this Agreement will be in writing and will be effective upon (a) personal delivery, (b) the second business day after mailing address below, or (c), except for notices of termination or an indemnifiable claim (“Legal Notices”), which shall clearly be identifiable as Legal Notices, the day of sending by email. Billing-related notices to you will be addressed to the relevant billing contact designated by you. All other notices to you will be addressed to the relevant Services administrator designated by you.
Attn: Legal Notices
C/O Westmusa, Inc
235 West 48th St, Suite 42B
New York, NY 10036, USA
You and Miradore shall keep in confidence all Confidential Information and shall not disclose the Confidential Information to any third party or use the Confidential Information for any purpose other than for the purpose of this Agreement. “Confidential Information” for the purposes of these Terms shall mean all information and/or business or trade secrets given by a party to the other party, including all documents, information and other material irrespective of the manner or form in which the information is disclosed or how the party receiving the information otherwise learns it or whether the information can be or has been protected as an intellectual property right by the disclosing party.
A receiving party shall have the right to:
- copy Confidential Information only to the extent necessary for the purpose of these Terms;
- disclose Confidential Information only to those of its employees who need to know Confidential Information for the purpose of these Terms; and
- disclose Confidential Information to its own advisors and possible subcontractors provided that such advisors are bound by confidentiality provisions at least as restrictive as contained in this Section 18.
Notwithstanding the foregoing the confidentiality obligation shall not be applied to any material or information:
- which is generally available or otherwise public other than by a breach of these Terms on the part of the receiving party; or
- which the party has received from a third party without any obligation of confidentiality; or
- which was in the possession of the receiving party prior to receipt of the same from the other party without any obligation of confidentiality related thereto; or
- which a party has developed independently without using material or information received from the other party.
Notwithstanding the foregoing either party shall be entitled to disclose Confidential Information, where such disclosure is required pursuant to law, decree or order issued by competent authorities, or juridical order.
Each party shall cease using Confidential Information received from the other party promptly upon termination of these Terms or when the Party no longer needs the Confidential Information in question for the purpose of these Terms and, unless the parties separately agree on the destruction of such material, return the material in question and all copies thereof. Each party shall, however, be entitled to retain copies required by law or regulations.
In particular, Customer acknowledges that the Service and any related documentation contains valuable proprietary information and trade secrets and that unauthorized or improper use of the Service and/or the documentation will result in irreparable harm to the Company for which monetary damages would be inadequate and for which the Company will be entitled to immediate injunctive relief.
The rights and obligations under this Section 17 shall survive the termination or expiration of these Terms and shall remain in force for a period of five years from the date of disclosure of the respective piece of Confidential Information
18.1. U.S. Government End-Users
This section 18.1. only applies to the U.S. Government or if you are or are acting on behalf of an agency or instrumentality of the U.S. Government. The Company Software is “commercial computer software” developed exclusively at private expense. Pursuant to FAR 12.212 or DFARS 227 7202 and their successors, as applicable, use, reproduction and disclosure of the Company Software is governed by the terms of these Terms.
The headings in these Terms are for convenience of reference only and shall not in any way limit or affect the meaning or interpretation of the provisions of these Terms.
18.3. No Waiver
No failure to exercise or delay in exercising any right, power or privilege vested in any party under the Agreement shall operate as a waiver of that party’s right to do so.
In the event that any provision of these Terms is found to be unenforceable or illegal the remaining provisions shall continue to be in full force and effect and the unenforceable provisions shall be deemed to be amended to such extent as is necessary to make them binding and enforceable on the parties.
18.5. Entire Agreement
These Terms constitute the entire agreement among the parties with respect to the subject matter hereof and shall supersede all prior agreements, understandings and negotiations, both written and oral, between the Parties with respect to the subject matter hereof. These Terms are not intended to confer upon any person other than the parties hereto any rights or remedies hereunder.
18.6. Reference Right
The Company may advertise or publicly announce and otherwise publicly indicate that the Company provides or has provided the Service to Customer.
Customer acknowledges and agrees that the Company may use subcontractors in the performance of its obligations hereunder.
Personal Data Processing Agreement
Updated March 19th, 2021.
This Personal Data Processing agreement (”Annex”) is an inseparable part of the agreement between Miradore Oy (”Provider”) and the Customer to whom Miradore provides the Service (”Customer”) (”Agreement”).
The purpose of this Annex is to agree on the privacy and data protection of the Personal Data of the Controller in the services of the Provider. This Annex constitutes a written agreement in accordance with the EU General Data Protection Regulation (679/2016) (“Regulation”) concerning the processing of personal data.
If the terms concerning the Processing of Personal Data of the Annex and the Agreement are in conflict, the parties shall primarily apply the terms of this Annex.
In accordance with the EU General Data Protection Regulation, the terms below are defined as follows:
“Controller” shall mean the Customer or the Customer’s client, who shall define the purposes and methods of Personal Data Processing.
“Processor” shall mean the Provider, who shall Process Personal Data on behalf of the Controller based on the Agreement.
“Processing” or “Processing Activities” shall mean any operation or set of operation which is performed on Personal Data or sets of Personal Data using automated means or manually, such as data collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Personal Data” shall mean any information relating to an identified or identifiable natural person, hereafter ”Data Subject”; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Personal Data Breach” shall mean a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise Processed.
3. Data Protection and Processing Personal Data
3.1. Obligations of the Provider and the Customer
The Provider shall process the Personal Data of the Controller on behalf of, and commissioned by the Customer, on the grounds of the Agreement. The Personal Data that the Provider Processes may relate to, e.g. employees or customers. The Customer or the Customer’s client shall be the Controller and the Provider shall be the Processor of the Personal Data Processed in the service. The parties undertake to abide by the legislation, decrees and authority orders and guidelines concerning Processing of Personal Data in force from time to time both in Finland and EU.
The Controller is entitled and obligated to define the purpose and methods of the Processing of Personal Data. The subject, character and purpose of Processing is defined in more detail in the Agreement. The types of Personal Data and sets of data subjects Processed in the services have been defined in the Annex 1.
The Provider is entitled to Process the Personal Data and other data of the Controller only on the grounds of the Agreement, this Annex and according to the written guidelines of the Customer and only to the extent and in such a manner that is necessary in order to provide services. The Provider shall notify the Customer if any conflict with the data protection legislation of EU or Finland is detected in the guidelines and in such a case, the Provider may immediately decline and stop the application of the guidelines of the Customer.
The Provider shall maintain the service description or other record of the Processing Activities of the service in cases where it is required to do so by the EU General Data Protection Regulation. The Provider is entitled to collect anonymous and statistic data of the use of the services pursuant to the Agreement, that does not specify the Customer nor data subjects and use it for analyzing and developing its services.
3.2. Deletion or Returning of Data
After the expiry of the Agreement, the Provider shall return or delete, according to the guidelines of the Customer, all the personal data of the Controller and delete all duplicates, unless applicable legislation requires the retention of the Personal Data.
The Provider may use subcontractors for Processing the Controller’s Personal Data. The Provider is responsible for its subcontractor’s actions as for its own and shall draft written agreements with the subcontractors concerning the Processing of Personal Data. A list of sub-processors is listed in Annex 1 (link) and shall be updated from time to time.
3.4. Provider’s Obligation to Provide Assistance
The Provider shall immediately forward all requests to inspect, rectify, erase or object to the Processing of Personal Data or other requests received from the Data Subjects, to the Customer. If requested by the Customer, the Provider shall support the Customer in fulfilling the requests of the Data Subjects.
The Provider is obligated, taking into account the nature of the Processing of Personal Data and the data available, to assist the Customer in ensuring that the Customer complies with its legal obligations. These obligations may include requirements related to data security, notifying of data breaches, data protection impact assessments as well as obligations regarding prior consultations. The Provider is obligated to assist the Customer only to the extent that applicable legislation obligates the Processor of Personal Data. Unless otherwise agreed, the Provider is entitled to invoice reasonable expenses incurred from action pursuant to this section 3.4.
The Provider shall forward all inquiries made by data protection authorities directly to the Customer and shall await further guidance from the Customer. Unless otherwise agreed, the Provider is not authorized to represent the Customer or act on behalf of the Customer in relation to the authorities supervising the Customer.
4. Processing Taking Place Outside EU/EEA
The Provider and its subcontractors may process personal data outside the EU/EEA.
Prior to the transfer of data outside the EU/EEA, the Provider shall verify whether there is (i) an adequacy decision from the EU Commission or (ii) binding corporate rules (iii) an approved certification authorizing the transfer or (iv) an approved code of conduct authorizing the transfer. Where the aforementioned safeguards do not apply, the Provider as the data exporter shall use the EU Commission standard contractual clauses and an analysis of the security of the planned data transfer or other appropriate safety measures as they are described in Article 46 of the Regulation.
Where the above-mentioned prerequisites are met, the Client by signing this Annex grants a power of attorney to the Provider to represent the Client in signing the EU Commission standard contractual clauses (Exhibit 1) on behalf of and in the name of the Client. Furthermore, the Client explicitly accepts that the Provider may also represent the subcontractor in question in relation to the contractual clauses.
The Customer or an auditor authorized by the Customer (however, not a competitor of the Provider) is entitled to audit the activities pursuant to the Annex. The Parties shall agree on the time of the auditing and other details ahead of time and at latest 30 days before the inspection. The auditing shall be carried out in a way that does not impede the obligations of the Provider or its subcontractors in regard to third parties. The representatives of the Customer and the auditor must sign conventional non-disclosure commitments.
Both parties shall be responsible for the costs that they have themselves incurred in relation to the audit. If the inspection proves that the Provider has breached this Annex in an essential way, the Provider shall compensate the Customer for the costs incurred from the auditing.
6. Data Security
The Provider shall implement the appropriate technical and organizational measures to protect the Personal Data of the Controller, taking into account all the risks of Processing, especially the unintentional or illegal destruction, loss, alteration, unauthorized disclosures or access to Personal Data that has been transferred, saved or otherwise Processed. This includes, for example, firewalls, password protection and other access and authentication controls. The Provider use TLS technology to encrypt data during transmission through the public Internet, and we also employ application-layer security features to further anonymize Personal Data. When organizing the security measures, the technical options and their costs shall be assessed in relation to the special risks of the Processing at hand and the sensitivity of the Personal Data Processed.
The Customer shall be obligated to ensure that the Provider is notified of all the circumstances concerning the Personal Data the Customer has delivered, such as risk assessments and the Processing of special sets of Data Subjects that affect the technical and organizational measures pursuant to this Annex. The Provider shall ensure that the personnel of the Provider or a subcontractor of the Provider shall abide by the appropriate non-disclosure commitments.
7. Data Breaches
The Provider must notify the Customer of all Personal Data Breaches without undue delay after receiving information of the breach or after a subcontractor of the Provider has received information of the breach.
If requested by the Customer, the Provider shall, without undue delay give the Customer all relevant information concerning the data breach. In so far as the information in question is available to the Provider, the Provider shall describe at least the following to the customer:
a) the occurred data breach,
b) if possible, the sets of data subjects and the number thereof, as well as the sets of personal data types and estimated numbers,
c) a description of the likely consequences caused by the data breach, and
d) a description of reparative measures, that the Provider has implemented or shall implement in order to prevent data breaches in the future, and if necessary, the measures to minimize the harmful effects of the data breach.
The Provider shall document and report the results of the inquiry and the implemented measures to the Customer.
The Customer shall be liable for the necessary notifications to the data protection authorities.
If any tangible or intangible damage is caused to a person due to a breach against the EU General Data Protection Regulation or the Annex, the Provider shall be liable for the damage only in so far that it has not explicitly abided by the obligations directed to Personal Data Processors in the EU General Data Protection Regulation or this Annex.
Both parties are obligated to pay only the part of the damages or administrative fine that corresponds to the liability for damage confirmed in the final decision of a data protection authority or a court of law. In all cases the liability of the parties shall be determined pursuant to the Agreement.
9. Other Provisions
The Provider shall notify the Customer in writing of all changes that may affect its ability or chances to abide by this Annex and the written guidance of the Customer. The Parties shall agree on all additions and amendments to this Annex writing.
This Annex shall enter into force when the Customer enters in to the Agreement. The Annex shall remain in force (i) as long as the Agreement is in force or (ii) the parties have obligations concerning personal data processing activities towards one another.
Those obligations that due to their nature are meant to survive the expiry of this Annex shall remain in force after the expiry of the Annex.
- Processing specification form
- Technical and Organizational Measures
- Standard Contractual Clauses (Processors)
PROCESSING SPECIFICATION FORM (ANNEX 1)
This Processing specification form is an inseparable part of the Annex concerning Personal Data Processing. The Processing Specification Form specifies a processing assignment the Processor performs for the benefit of the Controller in the manner provided for in the Agreement and this Annex.
|1. Services||The Processing shall concern the following services:|
Device management service offered through online.miradore.com, gateway.miradore.com and msp.miradore.com. (Miradore Service).
|2. Subcontractors||The following subcontractors are used in the provision of the service:|
Microsoft Azure Germany.
See a list of our subcontractors used in data transfers outside the EU/EEA here.
|3. Geographical Location of Personal Data||The Personal Data is Processed in the EU/EEA or USA areas. In addition, subcontractors Zapier and Zendesk may Process Personal Data in EU/EEA, USA or in other countries.|
|4. Sets of Data Subjects||The Personal Data Processed concerns the following sets of Data Subjects:|
|5. Types of Personal Data||The following types of Personal Data in the service is processed in the EU/EEA:|
The following types of Personal Data in the service may be processed outside the EU/EEA:
Technical and Organizational Measures (Annex 2)
This Technical and Organizational Measures document is part of the Personal Data Processing Agreement, and it provides an overview of the Provider’s technical and organizational controls implemented to protect Personal Data and ensure the confidentiality, integrity and availability of the Provider’s products and services.
Miradore reserves the right to modify or supplement the Technical and Organizational Measures without notice, provided that the security of the products or services are not degraded.
- Confidentiality Obligation
- All company personnel shall have a written confidentiality agreement with the Provider.
- Roles and Responsibilities
- The Provider shall appoint a Data Protection Officer.
- The Provider shall ensure that confidential information and Personal Data can be only accessed by personnel who need to know the information.
- Awareness and Training
- The Provider shall provide a training on data protection and information security to new employees.
- The Provider shall provide a security awareness training to all employees at least once a year.
- The Provider is committed to implement a procedure to maintain and improve the employees’ security awareness through ongoing education and information sharing.
- Information Security Policies
- The Provider shall establish and maintain a company-wide Security Policy, which details the means by which all employees of the Provider are committed to protect the privacy of Personal Data and the confidentiality, integrity and availability of the provided products and services.
- Access Control and Authentication
- Access to IT systems and confidential data shall be always granted on the basis of least privilege, so that the employees of the Provider can perform their job function, but do not have excessive user rights.
- The Provider shall oblige its personnel to protect all information systems with strong passwords and multifactor authentication when possible.
- The Provider shall implement authentication controls that allow managing the authentication strength and password complexity requirements.
- The Provider shall enforce the use of unique user IDs instead of shared user accounts, when possible.
- Change Management Procedures
- All changes to the Provider’s products and services shall be performed in a controlled manner.
- Data Protection
- The Provider shall store confidential data only in an encrypted form.
- The Provider shall use cryptographic protocols in communications.
- The Provider’s employees shall only access the confidential data using a device that fulfils the security requirements specified on the Security Policy. Such requirements include, but are not limited to, the compliance with patch management and antivirus policies.
- The Provider shall ensure that all data storages are backed up on a daily basis and the backups are stored for three months.
- The Provider shall monitor the server hardware and operating systems for deviations in the service operability to avoid any service disruptions or loss of data.
- The Provider shall employ methods of data pseudonymization to reduce the risks to data subjects, when possible.
- Physical Security
- The Provider shall control physical access to the datacentre and office premises in order to deny any unauthorized admittance to the data-processing equipment.
- All visits to the datacentre shall be logged and access granted only for maintenance or upgrade operations.
- Authorized personnel shall always accompany visitors and the visitors shall not be allowed to access any data-processing equipment or network without a written permission and non-disclosure agreement.
- The Provider shall ensure that its employees are required to lock their computers and other data-processing equipment when left unattended.
- Printed documents, portable data storages and media shall be always stored in lockable cabinets. Any confidential information shall not be left on desks or whiteboards.
- Secure Disposal
- The Provider is committed to arrange secure disposal of IT equipment, paper waste, stored records or any other kinds of media that could contain Personal Data or other confidential information.
- Risk Assessment
- The Provider shall perform periodic internal risk assessments to identify and prepare for potential risks.
- Reviews & Audits
- The Provider shall perform regular security audits and inform the Customer in the event of any privacy or security breach.
Standard Contractual Clauses (Processors) (Exhibit 1)
for the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection.
Customer (as defined in the Terms of Service) (the data exporter)
Miradore’s sub-processor(s) as set forth in Section 2 of Annex 1 in the Personal Data Processing Agreement (the data importer)
each a “party”; together “the parties”,
HAVE AGREED on the following Contractual Clauses (the Clauses) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Appendix 1.
For the purposes of the Clauses:
(a) ‘personal data’, ‘special categories of data’, ‘process/processing’, ‘controller’, ‘processor’, ‘data subject’ and ‘supervisory authority’ shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data;
(b) ‘the data exporter’ means the controller who transfers the personal data;
(c) ‘the data importer’ means the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country’s system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC;
(d) ‘the subprocessor’ means any processor engaged by the data importer or by any other subprocessor of the data importer who agrees to receive from the data importer or from any other subprocessor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract;
(e) ‘the applicable data protection law’ means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established;
(f) ‘technical and organisational security measures’ means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.
Details of the transfer
The details of the transfer and in particular the special categories of personal data where applicable are specified in Appendix 1 which forms an integral part of the Clauses.
Third-party beneficiary clause
1. The data subject can enforce against the data exporter this Clause, Clause 4(b) to (i), Clause 5(a) to (e), and (g) to (j), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third-party beneficiary.
2. The data subject can enforce against the data importer this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.
3. The data subject can enforce against the subprocessor this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.
4. The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law.
Obligations of the data exporter
The data exporter agrees and warrants:
(a) that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;
(b) that it has instructed and throughout the duration of the personal data processing services will instruct the data importer to process the personal data transferred only on the data exporter’s behalf and in accordance with the applicable data protection law and the Clauses;
(c) that the data importer will provide sufficient guarantees in respect of the technical and organisational security measures specified in Appendix 2 to this contract;
(d) that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;
(e) that it will ensure compliance with the security measures;
(f) that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;
(g) to forward any notification received from the data importer or any subprocessor pursuant to Clause 5(b) and Clause 8(3) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;
(h) to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for subprocessing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;
(i) that, in the event of subprocessing, the processing activity is carried out in accordance with Clause 11 by a subprocessor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and
(j) that it will ensure compliance with Clause 4(a) to (i).
Obligations of the data importer
The data importer agrees and warrants:
(a) to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
(b) that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
(c) that it has implemented the technical and organisational security measures specified in Appendix 2 before processing the personal data transferred;
(d) that it will promptly notify the data exporter about:
(i) any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation,
(ii) any accidental or unauthorised access, and
(iii) any request received directly from the data subjects without responding to that request, unless it has been otherwise authorised to do so;
(e) to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;
(f) at the request of the data exporter to submit its data processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority;
(g) to make available to the data subject upon request a copy of the Clauses, or any existing contract for subprocessing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;
(h) that, in the event of subprocessing, it has previously informed the data exporter and obtained its prior written consent;
(i) that the processing services by the subprocessor will be carried out in accordance with Clause 11;
(j) to send promptly a copy of any subprocessor agreement it concludes under the Clauses to the data exporter.
1. The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or subprocessor is entitled to receive compensation from the data exporter for the damage suffered.
2. If a data subject is not able to bring a claim for compensation in accordance with paragraph 1 against the data exporter, arising out of a breach by the data importer or his subprocessor of any of their obligations referred to in Clause 3 or in Clause 11, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract of by operation of law, in which case the data subject can enforce its rights against such entity
The data importer may not rely on a breach by a subprocessor of its obligations in order to avoid its own liabilities.
3. If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs 1 and 2, arising out of a breach by the subprocessor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the subprocessor agrees that the data subject may issue a claim against the data subprocessor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the subprocessor shall be limited to its own processing operations under the Clauses.
Mediation and jurisdiction
1. The data importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject:
(a) to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority;
(b) to refer the dispute to the courts in the Member State in which the data exporter is established.
2. The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.
Cooperation with supervisory authorities
1. The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.
2. The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any subprocessor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law.
3. The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any subprocessor preventing the conduct of an audit of the data importer, or any subprocessor, pursuant to paragraph 2. In such a case the data exporter shall be entitled to take the measures foreseen in Clause 5 (b).
The Clauses shall be governed by the law of the Member State in which the data exporter is established.
Variation of the contract
The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause.
1. The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the subprocessor which imposes the same obligations on the subprocessor as are imposed on the data importer under the Clauses. Where the subprocessor fails to fulfil its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the subprocessor’s obligations under such agreement.
2. The prior written contract between the data importer and the subprocessor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.
3. The provisions relating to data protection aspects for subprocessing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the data exporter is established.
4. The data exporter shall keep a list of subprocessing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5 (j), which shall be updated at least once a year. The list shall be available to the data exporter’s data protection supervisory authority.
Obligation after the termination of personal data processing services
1. The parties agree that on the termination of the provision of data processing services, the data importer and the subprocessor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.
2. The data importer and the subprocessor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data processing facilities for an audit of the measures referred to in paragraph 1.
to the Standard Contractual Clauses
This Appendix forms part of the Clauses
The data exporter is: Customer as set forth in the Terms of Service (link)
The data importer is: Miradore’s sub-processor(s) as set forth in Section 2 of Annex 1 to the Personal Data Processing Agreement (link)
The personal data transferred concern the following categories of data subjects: data subjects as set forth in Section 4 of Annex 1 to the Personal Data Processing Agreement.
Categories of data
The personal data transferred concern the following categories of data: As set forth in Section 5 of Annex 1 to the Personal Data Processing Agreement.
Special categories of data (if appropriate)
The personal data transferred concern the following special categories of data: N/A.
The personal data transferred will be subject to the following basic processing activities: Processing to carry out the Services pursuant to the Terms of Service (as defined in the Personal Data Processing Agreement and Annex 1).
to the Standard Contractual Clauses
This Appendix forms part of the Clauses.
Description of the technical and organizational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c):
The data importer shall implement and maintain technical and organizational security measures as set forth in Annex 2.
Updated June 6th, 2021.
What is a cookie?
A cookie is a small text file that is placed on your hard drive by a web page server. Cookies contain information that can later be read by a web server in the domain that issued the cookie to you. Some of the cookies will only be used if you use certain features or select certain preferences, and some cookies will always be used. You can find out more about each cookie by viewing our current cookie list below. We update this list quarterly, so there may be additional cookies that are not yet listed.
When you visit the Websites, we may place a number of cookies in your browser. We use different types of Cookies for different functions.
- Essential cookies. These cookies are essential in order to enable you to move around the website and use its features, such as accessing secure areas of the website. Without these cookies, services you have asked for cannot be provided. These cookies don’t collect information that identifies a visitor.
- Analytics cookies. These cookies collect information about how visitors use a website, for instance which pages visitors go to most often, and if they get error messages from web pages. These cookies don’t collect information that identifies a visitor. All information these cookies collect is aggregated and therefore anonymous. These are being used so that we can make improvements and report our performance.
- Functionality cookies. These cookies allow the website to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personal features.
- Ad targeting cookies. These third party cookies are placed by advertising platforms or networks in order to deliver ads and track ad performance or enable advertising networks to deliver ads that may be relevant to you based upon your activities.
How to disable Cookies?
The following cookies are used on Miradore websites:
|Service Provider||Cookies used||Description|
|Miradore||.ASPXAUTH-mdcp||Authenticates the current user. This is used in Microsoft ASP.Net Forms authentication – includes authentication data to authenticate against Miradore login database|
|Miradore||ASP.NET_SessionId||Identifies the browsing session. Cookie is anonymous.|
|Miradore||__AntiXsrfToken||Security feature to prevent cross-site scripting attacks. Cookie is anonymous.|
|Miradore||pll_language||Used to select site language.|
|Miradore||deviceqty||Used to save user’s chosen device quantity on pricing page.|
|See here.||Google Analytics, 3rd party – collected anonymously.|
|Zopim||__zlcmid||Allows common chat operation between different miradore.com web sites|
|Hotjar||See here.||Hotjar is an analytics and feedback service.|
|HubSpot||See here.||HubSpot provides a marketing automation platform.|
|See here.||Targeting and analytics.|
|Quora||m-b||Targeting and analytics.|
|Bing||See here.||Targeting and analytics.|
How about web beacons and other tracking technologies?
Cookies are not the only way to recognize or track visitors to a website. We and our third party partners may use other, similar technologies from time to time. Web beacons are images embedded in a web page. Web beacons, tags and scripts may be used in the Websites or in emails to help us to deliver cookies, count visits, understand usage and campaign effectiveness and determine whether an email has been opened and acted upon. We may receive reports based on the use of these technologies by our service/analytics providers on an individual and aggregated basis.
How to contact us?
Attn: Privacy Officer
Subcontractors used in data transfer outside the EU/EEA
Updated May 28th, 2021.
We use Zendesk platform to provide customer support through ticketing system and live chat. Data in Zendesk consists of both information given by the user when contacting Miradore or information collected automatically to provide better service.
Google Tag Manager
We use Google Tag Manager to administer different tracking scripts that are carried out in the user browser. Tag Manager itself does not store any user data.
We use Google Analytics to analyze user behavior and provide better service and user experience.
Google Analytics data is used for advertising optimization on Google Ads.
HubSpot is our CRM platform. We use it to analyze our user behavior. HubSpot also provides us tools for marketing communication and lead generation.
HubSpot also saves web analytics data from both Miradore website and service.
We do not use HubSpot’s features that would require us to sync personal data into advertising services such as Facebook, LinkedIn or Google.
We use Mailchimp to send emails from the service.
We use Zapier to sync data between HubSpot, Zendesk and Google Analytics.
Our website is hosted on WP Engine.
We use LinkedIn as an advertising service as well as social media account.
We use Facebook as an advertising service as well as social media account.
We use Capterra for user review and advertising purposes.
We use FinancesOnline for user review and advertising purposes.
Microsoft Advertising (previously known as Bing Ads)
We use Microsoft Advertising for search engine marketing purposes.
We use Quora for advertising purposes.
BCR = Binding corporate rules
SCC = Standard Contractual Clauses
If needed please ask for more details from: email@example.com