Policy

This is a legal agreement between the person or organization ("Customer" or "you") agreeing to these Terms of Service ("Terms") and the applicable contracting entities at st. Zdolbunivska, 7-D., Building "Z", office №207, Kyiv, 0208, Ukraine ( "Binotel" "us," or "we"). By accepting these Terms, or using the Services, you represent that you are of legal age and have the authority to bind the Customer to the Order, these Terms, and the applicable "Service Descriptions" available at https://wire.binotel.com/en/wire_app (collectively the "Agreement").

ACCESS AND USE OF THE SERVICES

1.1. Right to Use Services. You agree to use the Services in accordance with the use levels by which we measure, price and offer our Services as posted on our websites, or the Service Descriptions. You may use our Services only as permitted in these Terms. We process your data in accordance with our Privacy Policy at https://wire.binotel.com/privacy_policy, which is incorporated by reference. We grant you a limited right to use our Services only for business and professional purposes. Technical support for the Services is described in the Service Descriptions. If your affiliates use our Services, you warrant that you have the authority to bind those affiliates and you will be liable if your affiliates do not comply with the Agreement. "Service(s)" means our call recordings and call history management software. More information about the Services is included on our website call recordings and call history management software. More information about the Services is included on our website.

1.2. Limitations on Use. By using our Services, you agree on behalf of yourself or your users, not to modify, prepare derivative works of, or reverse engineer, our Services; knowingly or negligently use our Services in a way that abuses or disrupts our networks, user accounts, or the Services; transmit through the Services any harassing, indecent, obscene, fraudulent, or unlawful material; market, or resell the Services to any third party; use the Services in violation of applicable laws, or regulations; use the Services to send unauthorized advertising, or spam; harvest, collect, or gather user data without their consent; or transmit through the Services any material that may infringe the intellectual property, privacy, or other rights of third parties.

1.3. Changes to Services. We reserve the right to enhance, upgrade, improve, or modify features of our Services as we deem appropriate and in our discretion. We will not materially reduce the core functionality (as set forth in the Service Descriptions) or discontinue any Services unless we provide you with prior written notice. We may offer additional functionality to our standard Services or premium feature improvements for an additional cost.

1.4. Proprietary Rights and Binotel Wire Marks. You acknowledge that we or our licensors retain all proprietary right, title and interest in the Services, our name, logo or other marks (together, the "Binotel Wire"), and any related intellectual property rights, including, without limitation, all modifications, enhancements, derivative works, and upgrades thereto. You agree that you will not use or register any trademark, service mark, business name, domain name or social media account name or handle which incorporates in whole or in part the Binotel Wire Marks or is similar to any of these. You agree to comply with our Branding Guide, wich including Wire APP and Wire Website.

SUBSCRIPTION, FEES, AND PAYMENT

2.1. Orders. You may order Services using our then-current ordering processes ("Subscription"). All Orders are effective the date on the signature block of the Subscription ("Effective Date"). Acceptance of your Subscription may be subject to our verification and approval process. Each Subscription shall be treated as a separate and independent Subscription.

2.2. Fees and Payment. You agree to pay all applicable, undisputed fees for the Services on the terms set forth in the invoice. Except as set forth in Section 3.3 below or in the Service Descriptions, any and all payments you make to us for access to the Services are final and non-refundable. You are responsible for all fees and charges imposed by your voice and data transmission providers related to your access and use of the Services. You are responsible for providing accurate and current billing, contact and payment information to us or any reseller. You agree that we may take steps to verify whether your payment method is valid, charge your payment card or bill you for all amounts due for your use of the Services, and automatically update your payment card information using software designed to do so in the event your payment card on file is no longer valid. You agree that your credit card information and related personal data may be provided to third parties for payment processing and fraud prevention purposes. We may suspend or terminate your Services if at any time we determine that your payment information is inaccurate or not current, and you are responsible for fees and overdraft charges that we may incur when we charge your card for payment. We reserve the right to update the price for Services at any time after your Initial Term, and price changes will be effective as of your next billing cycle. We will notify you of any price changes by publishing on our website, emailing, quoting or invoicing you.

2.3. Sales, Promotional Offers, Coupons and Pricing. Sales, promotions and other special discounted pricing offers are temporary and, upon the renewal of your subscription, any such discounted pricing offers may expire. We reserve the right to discontinue or modify any coupons, credits, sales and special promotional offers in our sole discretion.

2.4. Delayed payments. If you are unable to pay the subscription fees please contact us. We may delay your payments for 15 days, while you retain access to your account. If you are unable to pay over the delayed payment period, we may suspend or delete your account.

3. TERM AND TERMINATION

3.1. Term. The initial term of the obligation to acquire the Services will be as specified in the Subscription ("Inital Term") and begins on the 15th day from the start of using the Service (after a 14-day trial period for which payment is not charged). After the Initial Term of the Service, unless otherwise specified in the Service Descriptions of the Service for a particular Service, it is automatically extended for an additional 12-month period ("Renewal Terms"), unless one of the parties provides notice of non-renewal at least 15 days before. The current term expires. You can provide a notice of non-renewal of each Service that you do not want to renew at wire@binotel.com. If we allow you to restore the Services at any time after the termination, you agree that you will be bound by the current Terms and the renewal date that was valid on the effective date of the termination.

3.3. The effect of the termination. In the event of termination of the Agreement or any Services, your account may be converted into a "free" or "basic" version of the Service, if any, at our discretion. Otherwise, you immediately stop any use of the terminated Services, except that upon request we will provide you with limited access to the Services for a period not exceeding 30 days, solely so that you can receive your content from the Services (as defined in Section 4 below). We are not required to maintain your Content after this period. None of the parties will be liable for any damage resulting from termination of the Agreement, and termination will not affect any claims arising prior to the date of entry into force. If we terminate the Services or significantly reduce the main functions we may provide you with a proportional refund of any prepaid, unused fees. You agree to pay for any use of the Services after the expiration or termination date that has not been converted to a free version of the Service.

3.4. Survival. The provisions of Sections 2 (Orders, Fees and Payment), 3.3 (Termination Effect), 4 (Your Content and Accounts), 7 (Indemnification), 8 (Limitation of Liability), 9.6 (No class action), 9.11 (Notifications) and 9.14 (Contracting Party, choice of law and place of resolution of disputes) shall remain in force after the termination of the Agreement.

4. YOUR CONTENT AND ACCOUNTS

4.1. Your Content. You retain all rights to your Content (defined below) and we do not own or license your Content. We may use, modify, interact with Content in order to provide and operate the Services. You warrant that you have the right to upload or otherwise share Content with us, and your uploading or processing of your Content in the context of our Services does not infringe on any rights of any third party. Each party agrees to apply reasonable technical, organizational and administrative security measures to keep Content protected in accordance with industry standards. We will not view, access or process any of your Content, except as authorized or instructed by you or your users in this Agreement or in any other agreement between the parties, or as required to comply with our policies, applicable law, or governmental request. You agree to comply with all legal duties applicable to you as a data controller by virtue of the submission of your Content within the Services. If your Content, including any personal data (as defined under applicable law, which includes, but is not limited to, the General Data Protection Regulation EU 2016/679 or "GDPR" and data protection laws of the European Union, European Economic Area, Switzerland (collectively, the "EEA+"), and the United Kingdom) and is processed by us as a data processor acting on your behalf (in your capacity as data controller), we will use and process your Content in order to provide the Services and fulfill our obligations under the Agreement, and in accordance with your instructions as represented in this Agreement. Notwithstanding anything to the contrary, this Section 4.1 expresses the entirety of our obligations with respect to your Content. "Content" means any files, documents, recordings, chat logs, transcripts, and similar data that we maintain on your or your users' behalf, as well as any other information you or your users may upload to your Service account in connection with the Services.

4.2. Your Accounts. You are solely responsible for all use of the Services by you and your users, maintaining the lawful basis for the collection, use, processing and transfer of Content, and providing notices or obtaining consent as legally required in connection with the Services. We do not send emails asking for your usernames or passwords, and to keep your accounts secure, you should keep all usernames and passwords confidential. We are not liable for any loss that you may incur if a third party uses your password or account. We may suspend the Services or terminate the Agreement if you or your users are using the Services in a manner that is likely to cause harm to us. You agree to notify us immediately and terminate any unauthorized access to the Services or other security breaches.

5. COMPLIANCE WITH LAWS

In connection with the performance, access and use of the Services under the Agreement, each party agrees to comply with all applicable laws, rules and regulations including, but not limited to export, privacy, and data protection laws and regulations. Notwithstanding any other provision in these Terms, we may immediately terminate the Agreement for noncompliance with applicable laws. Additionally, if you are a legal entity and you are required to comply with the General Data Protection Regulation, you are bound to the terms of our Data Processing Agreement that regulates the processing of personal information by you within our Services.

6. WARRANTIES

We warrant that the services will conform to the service descriptions under normal use. we do not represent or warrant that the use of our services will be timely, uninterrupted or error-free, or operate in combination with any specific hardware, software, system or data, our services will meet your requirements, or all errors or defects will be corrected. Use of the Services is at your sole risk. our entire liability and your exclusive remedy under this warranty will be, at our sole option and subject to applicable law, to provide conforming services, or to terminate the non-conforming services or the applicable order, and provide a pro-rated refund of any prepaid fees from the date you notify us of the non-conformance through the end of the remaining term. to the extent permitted by applicable law, we disclaim all other warranties and conditions, whether express, implied, statutory or otherwise, including any express or implied warranties of merchantability, satisfactory quality, title, fitness for a particular purpose and non-infringement. some jurisdictions do not allow the exclusion of certain warranties and conditions, therefore some of the above exclusions may not apply to customers located in those jurisdictions.

7. INDEMNIFICATION

You will indemnify and defend us against any third party claim resulting from a breach of Section 1.2 or 4, or alleging that any of your Content infringes upon any patent or copyright, or violates a trade secret of any party, and you agree to pay reasonable attorney's fees, court costs, damages finally awarded, or reasonable settlement costs with respect to any such claim. We will promptly notify you of any claim and cooperate with you in defending the claim. You will reimburse us for the reasonable expenses incurred in providing any cooperation or assistance. You will have full control and authority over the defense and settlement of any claim, except that: any settlement requiring us to admit liability requires prior written consent, not to be unreasonably withheld or delayed, and we may join in the defense with our own counsel at our own expense.

8. LIMITATION ON LIABILITY

8.1. Limitation on indirect liability. Neither party will be liable to the other party or to any other person for any indirect, special, consequential or incidental loss, exemplary or other such damages, including, without limitation, damages arising out of or relating to: (i) loss of data, (ii) loss of income, (iii) loss of opportunity, (iv) lost profits, or (v) costs of recovery, however, caused and based on any theory of liability, including, but not limited to, breach of contract, tort (including negligence), or violation of statute, whether or not such party has been advised of the possibility of such damages. Some jurisdictions do not allow limitation or exclusion of liability for incidental or consequential damages, so some of the above limitations may not apply. 8.2. Limitation on amount of liability. Except for your breach of sections 1.2 or 4 and your indemnification obligations, and to the extent permitted by applicable law, the total cumulative liability of either party and their respective licensors and suppliers arising out of this Terms is limited to the sum of the amounts paid for the applicable service during the 12 months immediately preceding the incident giving rise to the liability. The foregoing does not limit your obligations to pay any undisputed fees and other amounts due under any order.

9. ADDITIONAL TERMS

9.1. Free Services and Trials. Your right to access and use any free Services is not guaranteed for any period of time and we reserve the right, in our sole discretion, to limit or terminate your use of any free versions of any Services by any individual or entity. If you are using the Services on a trial or promotional basis ("Trial Period"), your Trial Period and access to the Services will terminate at the end of the Trial Period stated in your Order, or if no date is specified, 14 days after your initial access to the Services, or upon your conversion to a subscription. During the Trial Period, to the extent permitted by law, we provide the Services "AS IS" and without warranty or indemnity, and all other terms otherwise apply. We may modify or discontinue any trials or promotions at any time without notice.

9.2. Third-Party Features. Services may provide the capability for you to link to or integrate with third-party sites or applications ("Third Party Services"). We are not responsible for and do not endorse Third Party Services. You have sole discretion whether to purchase or connect to any Third Party Services and your use is governed solely by the terms for those Third Party Services.

9.3. Beta Services. We may offer you access to beta services that are being provided prior to general release, but we do not make any guarantees that these services will be made generally available ("Beta Services"). You understand and agree that the Beta Services may contain bugs, errors and other defects, and the use of the Beta Services is at your sole risk. You acknowledge that your use of Beta Services is on a voluntary and optional basis, and we have no obligation to provide technical support and may discontinue the provision of Beta Services at any time in our sole discretion and without prior notice to you. These Beta Services are offered "AS-IS", and to the extent permitted by applicable law, we disclaim any liability, warranties, indemnities, and conditions, whether express, implied, statutory or otherwise. If you are using Beta Services, you agree to receive related correspondence and updates from us and acknowledge that opting out may result in the cancellation of your access to the Beta Services. If you provide feedback ("Feedback") about the Beta Service, you agree that we own any Feedback that you share with us. For the Beta Services only, these Terms supersede any conflicting terms and conditions in the Agreement, but only to the extent necessary to resolve conflict.

9.4. No Class Actions. You may only resolve disputes with us on an individual basis and you agree not to bring or participate in any class, consolidated, or representative action against us or any of our employees or affiliates.

9.5. Security Emergencies. If we reasonably determine that the security of our Services or infrastructure may be compromised due to hacking attempts, denial of service attacks, or other malicious activities, we may temporarily suspend the Services and we will take action to promptly resolve any security issues. We will notify you of any suspension or other action taken for security reasons.

9.6. Recording. Certain Services provide functionality that allows you to record audio and data shared during sessions. You are solely responsible for complying with all applicable laws in the relevant jurisdictions while using recording functionality. We disclaim all liability for your recording of audio or shared data, and you agree to hold us harmless from damages or liabilities related to the recording of any audio or data.

9.7. Assignment. Neither party may assign its rights or delegate its duties under the Agreement either in whole or in part without the other party's prior written consent, which shall not be unreasonably withheld, except that either party may assign the Agreement to any affiliated entity, or as part of a corporate reorganization, consolidation, merger, acquisition, or sale of all or substantially all of its business or assets to which this Agreement relates. Any attempted assignment without consent will be void. The Agreement will bind and inure to the benefit of each party's successors or assigns.

9.8. Notices. Notices may be sent by personal delivery, through our web-form, e-mail (wire@binotel.com), overnight courier or registered or certified mail. We may also provide notice to the email last designated on your account, electronically via postings on our website, in-product notices, or our self-service portal or administrative center. Unless specified elsewhere in this Agreement, notices should be sent to us at the address for your applicable contracting entity, with a copy to our Legal Department, Zdolbunivska, 7-D., Building "Z", office №207, Kyiv, 0208, Ukraine, and we will send notices to the address last designated on your account. Notice is given upon personal delivery; for an overnight courier, on the second business day after the notice is sent, for registered or certified mail, on the fifth business day after the notice is sent, for email, when the email is sent, or if posted electronically, upon posting.

9.9. Entire Agreement. Order of Precedence. The Agreement sets forth the entire agreement between us relating to the Services and supersedes all prior and contemporaneous oral and written agreements, except as otherwise permitted. If there is a conflict between an executed Order, these Terms, and the Service Descriptions, the conflict will be resolved in that order, but only for the specific Services described in the applicable Order. Nothing contained in any document submitted by you will add to or otherwise modify the Agreement. We may update the Terms from time to time, which will be identified by the last updated date, and may be reviewed at https://wire.binotel.com/en/wire_app. Your continued access to and use of the Service constitutes your acceptance of the then-current Terms.

9.10. General Terms. If any term of this Agreement is not enforceable, this will not affect any other terms. Both parties are independent contractors and nothing in this Agreement creates a partnership, agency, fiduciary or employment relationship between the parties. No person or entity not a party to the Agreement will be a third party beneficiary. Our authorized distributors do not have the right to modify the Agreement or to make commitments binding on us. Failure to enforce any right under the Agreement will not waive that right. Unless otherwise specified, remedies are cumulative. The Agreement may be agreed to online, or executed by electronic signature and in one or more counterparts. No party will be responsible for any delay or failure to perform under the Agreement due to force majeure events (e.g. natural disasters; terrorist activities, activities of third-party service providers, labor disputes; and acts of government) and acts beyond a party's reasonable control, but only for so long as those conditions persist.

9.11. Contracting Party, Choice of Law and Location for Resolving Disputes. All disputes arising out of or in connection with this Agreement will be resolved by the Amsterdam District Court following proceedings in English before the Chamber for International Commercial Matters ("Netherlands Commercial Court" or "NCC District Court"), to the exclusion of the jurisdiction of any other courts. An action for interim measures, including protective measures, available under Dutch law may be brought in the NCC's Court in Summary Proceedings (CSP) in proceedings in English. Any appeals against NCC or CSP judgments will be submitted to the Amsterdam Court of Appeal's Chamber for International Commercial Matters ("Netherlands Commercial Court of Appeal" or "NCCA").

Effective as of 1.10.2019

Last editing: 04.28.2021

Introduction and Scope

Binotel LLC ("Binotel", "we", "us", "our") understands that your privacy is important. This Privacy Policy ("Policy") is designed to explain how we collect, use, process and store your personally identifiable information ("Personal Data") in connection with your use of our mobile application WIRE ("App").

This Policy explains the collection and use of Personal Data about our users as well as any individual whose Personal Data was supplied to the App by such users.

Controllership

In limited cases where Binotel acts as a data controller (i.e. it decides on the purposes of the processing), it may use certain minimum Personal Data for the following purposes:

account registration and administration; and
troubleshooting and improving our App.

Most of the processing activities occur through our clients' use of the WIRE App. In the context of such activities, we act as a data processor for your Personal Data and we do not have much control over how your Personal Data is used by our clients.

Categories of Personal Data

We may collect the following categories of Personal Data:

biographical information such as your name, email address, phone number;
information related to calls: subscriber's name and/or telephone number, subscriber's name and/or number, waiting time, call duration, call time and its recording;
any personal information that can be included in call recordings;
background location data, if turned on.

How We Receive Personal Data

We may receive your Personal Data:

when you provide it directly to our App (e.g., when registering in our system);
through the use of our App by its users.

Basis of Processing

In the context of our data processing activities as a data controller, we may rely on one or more of the following legal grounds for processing your Personal Data:

the need to perform our obligations under our terms and conditions (i.e., providing you with our services);
the need to pursue our legitimate interests, such as to improve our software and its functionality;
any other ground, as required or permitted by law in the specific respective context.

In the context of our activities as a data processor, we process your Personal Data on behalf of our clients who rely on various legal grounds to process and share your Personal Data with us.

Purposes of Processing

We process your Personal Data for the purposes of:

providing the services to you and our clients;
user account registration and administration;
managing the relationship with our clients;
recording and storing calls in the background;
producing analytics of calls;
resolving technical issues, detecting and fixing bugs in our App;
complying with applicable laws;
preventing or detecting fraud, security breaches or illegal activities.

Where we act as a data processor, our use of your Personal Data is quite limited and the purposes of the processing are decided by the respective client (the data controller).

Background location data processing

Some of our clients may need background location turned on for remote employees.

Such data is generally considered sensitive and requires prominent disclosure and explicit consent for use. We provide settings to allow or turn-off background location tracking. If such a setting is turned on, we then provide a notification and request to end users to allow or block location tracking.

Sharing Personal Data with Third Parties

We may share your Personal Data with certain third-party providers for the purposes of facilitating the provision of our services and proper functioning of the App. We will require that all these third-party vendors maintain at least the same level of data protection that we maintain for such Personal Data.

Such third-party vendors may provide:

helpdesk software services; and
cloud storage services.

Other Disclosure of Your Personal Data

We may disclose your Personal Data:

to the extent required by law or if we have a good-faith belief that such disclosure is necessary in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, or private parties, including but not limited to: in response to subpoenas, search warrants, or court orders;
in connection with a merger, division, restructuring, or other association change; or
to our subsidiaries or affiliates only if necessary for operational purposes.

If we must disclose your Personal Data in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, we may not be able to ensure that such recipients of your Personal Data will maintain the privacy or security of your Personal Data.

Data Integrity & Security

Binotel takes information security very seriously. We work hard to protect the Personal Data you give us from loss, misuse, or unauthorized access. We utilize a variety of safeguards such as encryption, digital and physical access controls, non-disclosure agreements, and other technical and organizational measures to protect the Personal Data submitted to us, both during transmission and once it is received.

Please note that no electronic transmission, storage, or processing of Personal Data can be entirely secure. We cannot guarantee that the security measures we have in place to safeguard Personal Data will never be defeated or fail, or that those measures will always be sufficient or effective. Therefore, although we are committed to protecting your privacy, we do not promise, and you should not expect that your Personal Data will always remain private or secure.

Data Retention Period

We will retain your Personal Data only for as long as is necessary for the purposes set out in this Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your Personal Data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

Some data you can delete whenever you like, some data is deleted automatically, and some data we retain for longer periods of time when necessary. When you delete data, we follow a deletion policy to make sure that your data is safely and completely removed from our servers or retained only in anonymized form.

Sometimes business and legal requirements oblige us to retain certain information, for specific purposes, for an extended period of time. For example, when we process a payment for you, or when you make a payment to us, we'll retain this data for longer periods of time as required for tax or accounting purposes. Reasons we might retain some data for longer periods of time include:

Security, fraud & abuse prevention.
Financial record-keeping.
Complying with legal or regulatory requirements.
Ensuring the continuity of our services.
Direct communications.

Access, Review, Objection to Processing & Portability

As a European resident, the GDPR grants you a number of rights concerning the use, storage, and processing of your Personal Data. In situations when we act as a data processor and our client is a data controller who holds your Personal Data, you must contact this client if you wish to exercise any of the privacy rights mentioned below.

Understand certain circumstances, you may exercise the following privacy rights:

right of access – you may ask us whether we are processing your Personal Data and you have the right to request a copy of the information we hold about you.
right of rectification – you have the right to correct inaccurate or incomplete Personal Data about you and you the ability to do so yourself in the settings of your Profile.
right to be forgotten – you can ask for the information that we hold about you to be erased from our system and we will comply with this request unless we will have a legitimate reason not to do so.
right to restriction of processing – where certain conditions apply, you can ask us to 'block' the processing of your Personal Data.
right to data portability – you have the right to have the data we hold about you transferred to another organization and to receive Personal Data in a structured, commonly used format.
Right to object to automated processing (including profiling) – this right provides you with the ability to object to a decision based on purely automated processing. We are not currently processing your Personal Data for such type of automated decision-making, including profiling, but if we elect to do so in the future we will provide you with notice and choice, in accordance with EU data protection law;

If you wish to learn more about the GDPR and your rights, the Information Commissioner's Office website is a reliable source.

Privacy of Children

Our App is not directed to collect Personal Data from people under the age of 18. We do not knowingly allow anyone under 18 to submit any Personal Data to our Website. If you believe your child may have provided us with their Personal Data, you can contact us using the information in the Contact Us section of this Policy and we will delete the Personal Data.

Changes to this Policy

If we make any material change to this Policy, we will post the revised Policy to this web page and update the "Effective on" date above to reflect the date on which the new Policy became effective. We will also notify you about these changes via email.

Contact Us

If you have any questions about this Policy or the processing of your Personal Data, please contact us at privacy@binotel.com or st. Zdolbunivska, 7-D., Building "Z", office №207, Ukraine, Kyiv, 02081. Binotel has appointed a representative in the European Union for data protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union. You may contact our representative at privacy@binotel.com.
Alternatively, the representative in the Union can be contacted at:

Marcin Wrzesiński
Mozartlaan 542
2625CV Delft
The Netherlands

Supervisory Authority Oversight

If you are a data subject whose Personal Data we process, you may also have the right to lodge a complaint with a data protection regulator in one or more of the European Union member states. Here you can find a list of data protection authorities in Europe.

Effective as of 1.10.2019
Last editing: 04.28.2021

This a short guide to help you navigate through a complex field of data protection laws. It is not by any means legal advice, we just wanted to give you a few hints on where to start looking.

The GDPR is an important European Union legislation that deals with data protection and applies to all businesses that deal with personal information of European citizens. It is mainly concerned with strengthening the respect for an individual's rights when processing their personal data. It is rooted in human rights and is probably the most well-known European Union legislation.

Under the GDPR, the definition of personal data is quite broad and may include any information identifying the individual in one way or another including name, email address, phone number, place of residence, gender, date of birth, occupation, nationality, the information contained in a resume, etc..

The GDPR places more emphasis on accountability and organizations must be able to demonstrate that they comply with the legislation.

What happens in case of non-compliance?

The fines for non-compliance with the GDPR can be a very costly mistake for a giant multinational enterprise and can surely kill many small to medium businesses. The fines can amount to €20 million or 4% of the firm's worldwide turnover. Non-compliance with the GDPR also creates another risk, which is more difficult to estimate, but equally severe for a business - bad reputation.

Reputational damage will be a core consequence of any GDPR-related fine or penalty, similar to the aftermath of privacy or cyber-related security incidents, which are usually covered by media and inevitably lead to the loss of customers and trust.

Disclaimer

Personal data protection laws such as the GDPR are complex. It is impossible to cover all the important details in one short guide. It is not intended as legal advice, but merely as a reference point for your data protection compliance efforts.

Intended use and your role

All our Services, including the functions of registration, statistics and recording of conversations, determining the location of a call/employee, are intended solely for business purposes. They are not intended for personal use.

Under various laws, such as the General Data Protection Regulation (GDPR) you are most likely to be classified as a controller for the personal data of your employees using the app as well as customers, who are contacting them.

Being a controller means you have a responsibility to safeguard personal data.

Consider user rights
The GDPR as a specific example of privacy regulation is largely concerned with granting people certain rights. One of the most crucial aspects of GDPR compliance is enabling the exercise of data subject rights. Below you can find a list of the rights with explanations and tips on how to implement it.

Right to be informed

The right to be informed is a user's right to know how you process their personal data by implementing a privacy policy. It aims at building trust between the consumers and your service. It needs to be written in a clear, concise way, using transparent language. You need to explain why and how you process their data. Most importantly, the person from whom you are collecting data must be informed about it at the time of collecting the data.

Right of access
The right of access creates a right under which a person can find out if his personal data is being processed and if so, request a copy of all the data you hold about him or her.

After the request, you must first check whether the organization processes one's personal data and give an answer. If the answer is yes, you must provide the requester with the data and following information which will be usually included in your privacy policy:

processing purposes;
categories of data processed;
recipients of personal data;
the planned duration of storage;
information about the rights of the requester;
information on the possibility of lodging a complaint with a supervisory authority;
origin of data (if it comes from a third party);
information about profiling (if applicable);
safeguards are taken in case of data transfer to a third country.

Finally, you should provide the data subject with a copy of all his or her data you have in a structured format (e.g., CSV).

Right to portability

According to this right, the data subject (user):

Can receive the personal data relating to them in a clear, commonly used format; and
Request you to transfer the data to another party (from one data controller to another).

While the first part is quite similar to the right of access, the second may seem troublesome. It is unlikely that someone will try to exercise this right to transfer the data to another controller, but we still recommend at least storing data in a way that would allow transferring in a structured, commonly used and machine-readable format.

Structured – A structured data allows for an easy transfer and ease of use, it is a data where the structural relation between elements is explicit in the way the data is stored on a computer disk. The software must be able to extract specific elements of the data. An example of a structured format is a spreadsheet – the data is organized (structured) into rows and columns;
Commonly used – Simply put, the format you choose must be widely-used and well-established. However, it must be structured and machine-readable as well;
Machine-readable – data in a format that can be automatically read and processed by a computer. It is a format from which software applications can identify, recognize and extract specific data.

The most commonly used formats that fulfill the above-mentioned requirements are CSV, XML, and JSON.

Similarly to the right of access, you should provide the requester with a copy of his/her data within one month, which can be extended to two months.

Right to withdraw consent

This right is relevant for you when you collect consent, which is typically required when you send marketing emails to users or use third-party cookies (such as analytics or retargeting). The GDPR sets clear requirements for obtaining consent – it must be clear, specific, freely given, unambiguous, etc. The Regulation also provides that an individual can withdraw his/her consent at any time, without the need to explain their decision.

Right to rectification

When personal data that you hold is outdated or incorrect, the data subject has the right to update it. The main goal here is to ensure the accuracy of the person's data in your system.

The easiest and most straightforward solution for implementing this right is to enable users to change their data real-time on the website. Users should also be able to exercise this right through post/phone/email. It's a good idea to include this possibility in the Privacy Policy

In case of an individual exercising this right through post/phone/email, you must fulfill the request within one month, or two months if you have a legitimate justification for the delay.

Right to restrict processing

The Right to restrict processing creates a right under which an individual can limit the way you use their data. This can be compared to freezing or blocking the data. However, data subjects need a valid reason to exercise this right. Such a reason may be, for example, information held is inaccurate, information is being/was illegally processed, data subject might have issues with how you process the data, etc.

You need to ensure that you have processes in place that enable you to restrict personal data. Those may be: temporarily moving the data to another system, temporarily removing the data from the website/database, etc.. Next, it needs to be assured that any further processing of the data will not take place. That is because the data cannot be changed while the restriction is in place. It is also important to prevent accidental processing of restricted data – the restricted data should be appropriately marked in the system.

Like with most of the other rights, you must comply with the request within 1 month from the receipt.

Right to erasure

Also known as the "right to be forgotten". The user can request you, the controller, to erase their data if it is no longer needed for the purpose it was originally collected. In the past, the EU has paid a lot of attention to this right and will not tolerate companies that do not satisfy valid requests for the erasure of their data.

When it comes to enabling the exercise of this right, you need to ensure that you are able to delete one's information from all your systems. You should comply with the request within one month, or within two months in limited cases.

How you should get prepared:

Limit access to the data

Make sure personal data is only accessed when it is necessary. Employ technical and measures to limit access for employees and contractors unless it is necessary for their functions.

Usually, you can do it by selecting an appropriate setting in your CRM of choice and via your network and account setting in your system.

Review your service providers

WIRE can integrate with your chosen CRM service provider. Under various data protection laws, WIRE and such provider would most likely be considered processors. This means that you, as controller, have a duty to make sure that they are processing the data only based on your instructions and that the data is properly secured.

Here are some of the actions that you might take:

sign a Data Processing agreement
send out a data protection questionnaire
review their certifications and compliance standards, etc.
review security measures provided by the service provider.

Delete unnecessary data

Sometimes users will call you with irrelevant questions. Sometimes, they might give out more information than was necessary. At some point, information gets too old and essentially becomes useless.

Consider creating a process to securely remove such unnecessary data from your systems.

Secure data properly

Make sure you follow best practices in regard to the security of personal data.

There are numerous measures you can use to achieve that — create internal policies, use encryption where possible, create access controls, use anonymization and pseudonymization, backups, cloud security, etc.

Security measures are too numerous to list, so it is best you consult your security service provider.

Be transparent with your end-users

When your users call your employees, they should be aware, you are recording them and about their rights regarding personal data.

There are many ways you can achieve clarity and transparency with your users, such as notifying them during the call, providing a privacy policy or short privacy notices explaining your reasons to track and record the call.

You must consider, whether it is appropriate to ask for user consent for call recording and how you can manage it.

Be very transparent about location tracking

Wire plus allows you to enable location tracking when the app is used.

This setting is turned off by default.

If you would like to use location tracking you must make such use transparent to your employees and make sure that they are able to give explicit consent for such processing. Wire plus will give every employee a right to accept or reject location tracking personally on their device. However, you must ensure that when the employee provides consent, they do it voluntarily and without pressure. If you are using a different lawful basis for processing you must consider what such lawful basis entails and provide appropriate safeguards.

Be transparent with your employees

Personal data of your employees it just as important as the personal data of your users.

When you integrate Wire Plus into your business processes, make sure your employees understand, that their calls are being recorded and know their rights regarding such recording.

Create an employee data protection policy

It is often a good idea to review your internal data collection practices, relevant local and international data protection laws and create an internal policy that would describe your approach to employee data protection and people responsible for it.

Check local laws and court cases

There may be many peculiarities and complexities surrounding local data protection laws and court cases that interpret them especially regarding the data, that might be considered sensitive, such as banking or medical information, political affiliations, etc.

You should consult local lawyers if you engage in such processing.

Valid from 01.10.2019
Last editing: 04.28.2021

This Data Processing Agreement for the Data Protection (the "Agreement") is entered between Binotel LLC, a Ukrainian corporation whose principal place of residence is at st. Zdolbunivska, 7-D., Building "Z", office №207, Kyiv, 0208, Ukraine (the "Binotel") and you (together with subsidiary(ies) and affiliated entities, collectively, the "Company").

Hereinafter individually referred to as a "Party" and jointly as the "Parties".

The Parties have entered into a services agreement, the "Terms of Use" (hereinafter "Main Agreement") Due to the Main Agreement, Binotel will process Personal Data for the Company, for the purposes of providing the mobile application for recording employee calls and call history, recording analytical data (start and end time) of a call, transferring data to My Business's Binotel personal analytical account.

Under EU Regulation 2016/679 "GDPR", depending on the role of the Company, Binotel will act accordingly:

When the Company is the Data Controller, Binotel will be the Data Processor of the Company.
The Company is the Data Controller that controls Personal Data, collecting consent, managing consent-revoking, enabling the right to access Data Subjects.
Binotel is the Data Processor, that processes Personal Data on behalf of and under the instruction of the Company (Data Controller) and Binotel transfers Personal Data to a Sub-Processor for the purpose of provision of the Services as set forth in the Main Agreement.
When the Company is the Data Processor or the Data Sub-Processor, Binotel will be the Data SubProcessor of the Company.

Definitions
1. Words and phrases used in this Agreement have the following meanings:
2. Agreement: The present Data Processing Agreement and all Annexes hereto.
3. GDPR: EU General Data Protection Regulation (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
4. Data Controller: The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data; where the purposes and means of such processing are determined by Union or Member State law, the Data Controller or the specific criteria for its nomination may be provided for by Union or Member State law. Furthermore, Data Controller controls Personal Data, collecting consent, managing consent-revoking, enabling the right access to Data Subjects.
5. Data Processor: The natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Data Controller. Furthermore, Data Processor processes Personal Data on behalf of and under the instruction of the Data Controller.
6. Data Sub-Processor: A Processor engaged by the Data Processor, for the purpose of carrying out specific processing activities on behalf of the Data Controller.
7. Data Protection Law(s): the local and international data regulation(s) and legislation(s) that are in force in any part of the world.
8. Data Subject(s): An identifiable natural person, one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
9. EEA: The European Economic Area.
10. Personal Data Breach: A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.
11. Personal Data: Any information relating to a Data Subject.
12. Data Processing: Any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
13. Processing Instructions: The instruction(s) as set forth by the Data Controller to the Data Processor, for Data Processing of Personal Data of Data Subjects, for the purpose of Data Processor, provisioning Services to the Data Controller.
14. Data Provider: The Company, a controller (or, where permitted, a processor) that transfers personal data to Binotel for the provisioning of Services to the Company.
15. Standard Contract Clauses:
Subject
1. This Agreement forms part of the Main Agreement between Binotel and Company for the purpose of Binotel provisioning Services to the Company to reflect the Parties' agreement with regard to the Data Processing of Personal Data.
2. By signing the Agreement, Company enters into this Agreement on behalf of itself and, to the extent required under applicable Data Protection Laws and GDPR, if and to the extent Binotel processes Personal Data that the Company provides and therefore qualifies as a Data Provider (Data Controller, Data Processor or Data Sub-Processor).
3. In the course of providing the Services to the Company pursuant to the Agreement, Binotel may Process Personal Data on behalf of the Company and the Parties agree to comply with the following provisions with respect to any Personal Data, each acting reasonably and in good faith.
Personal Data Processing
1. Binotel shall process Personal Data provided by the Company on behalf and in accordance with the written instructions of the Company unless required otherwise by applicable Laws.
2. Company shall, in its use of the Services provisioned by Binotel, Process Personal Data in accordance with the requirements of Data Protection Laws and GDPR. For the avoidance of doubt, the Company's instructions for the Processing of Personal Data shall comply with Data Protection Laws and GDPR. Company shall have sole responsibility for the accuracy, quality, legitimacy, and legality of Personal Data Processing and the means by which Company acquired Personal Data.
3. The subject-matter of Personal Data Processing by Binotel is the provision and performance of the Services pursuant to the Agreement and Main Agreement. The purpose of the Processing, the types of Personal Data and categories of Data Subjects Processed under this Agreement are further specified in Annex 1 of this Agreement.
4. The Company hereby instructs Binotel to carry out part of the Processing.
5. In the event that Binotel believes that the Company's instructions conflict with Data Protection Laws and GDPR, Binotel will inform the Company and the Company will amend the instructions accordingly. Binotel will not carry any processing instructions that conflict with GDPR and any Data Protection Laws.
Personnel
1. Binotel shall ensure that its personnel engaged in the Processing of Personal Data are informed of the confidential nature of the Personal Data, have received appropriate training on their responsibilities and have executed written confidentiality agreements. Binotel shall ensure that such confidentiality obligations survive the termination of the personnel engagement and the Agreement.
2. Binotel shall take commercially reasonable steps to ensure the reliability of any Binotel personnel engaged in the Processing of Personal Data.
3. Binotel shall ensure that Binotel's access to Personal Data is limited to those personnel who require such access to perform the Agreement.
Obligations
1. Binotel shall assist the Company in providing retrieval access, correction, delete and block to Personal Data processed to Data Subjects and Authorities, allowing Data Subjects to exercise their rights under GDPR and Data Protection Laws.
2. Binotel shall assist the Company in meeting its GDPR obligations in relation to the security of Processing, the notification of Personal Data Breaches and data protection impact assessments.
3. Binotel shall inform the Company immediately upon becoming aware of requests received directly by Data Subjects and Authorities.
4. Binotel shall provide information and data to the Company, to assist the Company in meeting its GDPR obligations.
5. Binotel shall delete or return all Personal Data to the Company as requested at the end of the Agreement unless required for the performance of Services or required by applicable Laws and Regulations.
6. Binotel shall process Personal Data only to provide Company with the Services as described in the Main Agreement.
7. Binotel shall provide at all times sufficient guarantees for its compliance with the requirements of the GDPR.
8. Binotel shall treat the Personal Data as strictly confidential, ensuring personnel authorized to access and secure processing.
9. Binotel shall ensure data availability and restoration functionality to the Company.
Audit and Compliance
1. Binotel has the right not to comply with requests for the removal of individual audio recordings if required by applicable law or at the request of a court order/request/ruling/ court order or at the request of authorized public authority. In doing so, Binotel must provide the Client with written notice of such request, if such notification does not contradict the legal requirement, not later than three working days from the moment of its receipt.
2. Binotel has the right not to comply with requests for the removal of individual audio recordings if required by applicable law or at the request of a court order/request/ruling/ court order or at the request of authorized public authority. In doing so, Binotel must provide the Client with written notice of such request, if such notification does not contradict the legal requirement, not later than three working days from the moment of its receipt.
3. Binotel shall allow for and shall contribute to audits and inspections conducted by a Company appointed an auditor. Audits may not be requested more than 2 times per year. Subject to reasonable prior notice from Company to Binotel, the appointed auditor may enter the rooms or locations where the personal data is processed by Binotel and inspect, audit any relevant records, processes, and systems, and copy any relevant Personal Data records to verify compliance with GDPR and Data Protection Laws.
4. Company agrees to pay any and all costs of the full audit processes that are initiated by the Company and audit processes initiated by Authorities due to services provisioned by Binotel to the Company, including costs of involved third-parties (auditors, data centres, etc.) and Binotel (personnel compensation, traveling expenses, etc.).
5. Company agrees that Binotel shall combine several audits in one single audit, in order to limit any impact on Binotel and third-parties' operations.
6. Binotel shall fully cooperate and make available to Company on its demand all information that is necessary to demonstrate compliance with the GDPR obligations and obligations under this Agreement.
Security and Data Protection
1. Binotel shall take appropriate organizational and technical measures and policies to ensure the security of Personal Data Processing and meet sufficient guarantees of protection and security standards, including measures aimed at protecting Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the Processing involves the transmission of Personal Data over a network, and against all unlawful forms of Processing.
Personal Data Breach
1. Binotel maintains security incident management policies and procedures and shall notify Company without undue delay after becoming aware of the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data, transmitted, stored or otherwise Processed by Binotel or its Sub-Processors of which Binotel becomes aware. Binotel shall make reasonable endeavor to identify the cause of such Personal Data Breach Incident and take those steps as Binotel deems necessary and reasonable in order to remediate the cause of such an Incident to the extent the remediation is within Binotel's reasonable control. The obligations herein shall not apply to incidents that are caused by Company, Company's systems (Software and Hardware) or Company's personnel.
Sub-Processors
1. Company agrees that Binotel shall use Sub-Processors for the provision and performance of the Services pursuant to the Agreement and Main Agreement. Binotel shall ensure that Sub-Processors involved in the Processing of Personal Data shall be capable of providing necessary operational and technical level to comply with the requirements of GDPR and Data Protection Laws.
2. Binotel shall inform the Company of any intended changes concerning the addition or replacement of other Sub-Processors, thereby giving the Company the opportunity to consent or object to such changes through written material or electronic form. Binotel shall not execute changes without the written consent of the Company.
3. The Company will fully indemnify and hold Binotel harmless against all direct and indirect losses, claims, damages, fees and expenses incurred as a result of delays in Company's consent to Sub-Processor changes proposed by Binotel.
Liability and Indemnity
1. The Company shall indemnify and hold Binotel harmless against claims by Data Controllers, Data Processors, Data Sub-Processors, Data Subjects and/or penalties or fines imposed by an authority for which Binotel might become liable, due to an attributable failure by the Company to comply with the obligations under this Agreement and/or applicable Data Protection Laws.
2. Binotel shall indemnify and hold the Company harmless against claims by Data Controllers, Data Processors, Data Sub-Processors, Data Subjects and/or penalties or fines imposed by an authority for which the Company may become liable, due to an attributable failure by Binotel to comply with the obligations under this Agreement and/or applicable Data Protection Laws.
3. Company agrees to be held liable against all expenses, losses, costs and damages arising due to an attributable failure by the Company to comply with the obligations under this Agreement and/or applicable Data Protection Laws.
4. The Company shall have full and sole liability for all damages resulting from a failure on its part to comply with the Agreement, GDPR, and Data Protection Laws. Company shall indemnify and hold Binotel harmless against all expenses, losses, costs, and damages arising therefrom. Should any person to whom personal data relates lodge a claim for compensation against Binotel and such claim is due to the Company's failure to comply with the provisions of this Agreement, GDPR or Data Protection Laws, the Company agrees to assist and intervene in Binotel's defense upon Binotel's request and shall indemnify and hold Binotel harmless from and against all expenses, losses, costs, and damages.
5. Any limitations of liability agreed elsewhere shall not apply to this Agreement.
International Transfers
1. The Company acknowledges and agrees that Processor is located in Ukraine and that Company's provision of Personal Data to Processor for processing is a transfer of Personal Data to Ukraine.
2. All transfers of Company's Personal Data out of the European Economic Area, Switzerland and the United Kingdom to countries that do not ensure an adequate level of data protection within the meaning of applicable data protection laws shall be governed by the Standard Contractual Clauses. The Standard Contractual Clauses, and Appendices 1 and 2 to the Standard Contractual Clauses set out in Annex 2 to this Agreement, are incorporated in this DPA by this reference solely as required with respect to Personal Data. Execution of this DPA by both parties includes execution of the Standard Contractual Clauses with respect to the processing of Personal Data.
Applicable Law and Jurisdiction
1. All disputes arising out of or in connection with this Agreement will be resolved by the Amsterdam District Court following proceedings in English before the Chamber for International Commercial Matters ("Netherlands Commercial Court" or "NCC District Court"), to the exclusion of the jurisdiction of any other courts. An action for interim measures, including protective measures, available under Dutch law may be brought in the NCC's Court in Summary Proceedings (CSP) in proceedings in English. Any appeals against NCC or CSP judgments will be submitted to the Amsterdam Court of Appeal's Chamber for International Commercial Matters ("Netherlands Commercial Court of Appeal" or "NCCA"). This Agreement shall be governed by the laws of the Netherlands.
Duration
1. This Agreement will enter into effect on the Effective Date and will remain effective regardless of termination of the Agreement. Upon the Company's request, Binotel shall return or destroy the Personal Data, unless required for the performance of Services or required by applicable Laws and Regulations. If Binotel is required to retain Personal Data, Binotel shall inform the company and both Parties agree to cooperate towards the best possible solution for both Parties. If the Main agreement is terminated, this Data Processing Agreement will expire automatically.
After Data Processing Termination
1. Binotel shall guarantee the confidentiality of the Personal Data transferred at the direction of the Company, delete or return all the Personal Data to the Company after the end of the provision of services relating to processing, and delete existing copies unless any applicable law requires storage of the Personal Data; provided, however, that Binotel may retain Personal Data for the length of any applicable statutes of limitations for the purposes of bringing or defending claims.
2. Binotel agrees to allow and to contribute to audits and inspections, subject to Article 6 of this Agreement.
Order of Precedence
1. In the event of a conflict between the provisions of this Agreement and those of the Main Agreement in respect of the Processing and Protection of Data, the provisions of this Agreement will prevail. Except as expressly modified herein, all terms and conditions of the Agreement shall remain in full force and effect.

ANNEX 1

DETAILS OF PROCESSING OF COMPANY PERSONAL DATA

This Annex 1 includes certain details of the Processing of Company Personal Data as required by Article 28(3) GDPR.

Subject and Duration

The subject matter and duration of the Processing of the Company Personal Data are set out in the Main Agreement and this Agreement.

The Nature and the Purpose of the Processing

The purpose of зrocessing of Personal Data pertains to the provision of the Services, as requested by the Company. The nature of such processing is related to these purposes and is elaborated on in this Annex and the Main Agreement.
Categories of Data to Be Processed

The types of Company's Personal data to be Processed will typically include:

biographical information such as first and last name;
contact information such as phone number email address;
metadata about call such as the called and callee names, delay time, the time and data of the call, etc;
any personal information that can be included in call recordings;
background location data, if turned on.

Categories of Data to Be Processed

The types of Company's Personal Data to be Processed will typically include:

biographical information such as first and last name;
contact information such as phone number and email address;
metadata about calls such as the caller and callee names, delay time, the time and date of the call, etc.;
any personal information that can be included in call recordings.

Categories of Data Subjects

The Personal Data transferred will be subject to the processing activities for the purposes of providing the Services to the Company.

ANNEX 2

Commission Decision C(2010)593Standard Contractual Clauses (processors)

For the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection, the Company, as defined in the Agreement (as "data exporter"), and Binotel, as defined in the Addendum (as "data importer") each a "party"; together "the parties",

HAVE AGREED on the following Contractual Clauses (the Clauses) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Appendix 1.

Clause 1

Definitions

For the purposes of the Clauses:

(a)'personal data', 'special categories of data', 'process/processing', 'controller', 'processor', 'data subject' and 'supervisory authority' shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data;

(b) 'the data exporter' means the controller who transfers the personal data;

(c)'the data importer' means the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country's system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC;

(d)'the subprocessor' means any processor engaged by the data importer or by any other subprocessor of the data importer who agrees to receive from the data importer or from any other subprocessor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract;

(e) 'the applicable data protection law' means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established;

(f)'technical and organisational security measures' means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.

Clause 2

Details of the transfer

The details of the transfer and in particular the special categories of personal data where applicable are specified in Appendix 1 which forms an integral part of the Clauses.

Clause 3

Third-party beneficiary clause

1. The data subject can enforce against the data exporter this Clause, Clause 4(b) to (i), Clause 5(a) to (e), and (g) to (j), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third-party beneficiary.

2. The data subject can enforce against the data importer this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.

3. The data subject can enforce against the subprocessor this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.

4. The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law.

Clause 4

Obligations of the data exporter

The data exporter agrees and warrants:

(a) that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;

(b) that it has instructed and throughout the duration of the personal data processing services will instruct the data importer to process the personal data transferred only on the data exporter's behalf and in accordance with the applicable data protection law and the Clauses;

(c) that the data importer will provide sufficient guarantees in respect of the technical and organisational security measures specified in Appendix 2 to this contract;

(d) that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;

(e) that it will ensure compliance with the security measures;

(f) that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;

(g) to forward any notification received from the data importer or any subprocessor pursuant to Clause 5(b) and Clause 8(3) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;

(h) to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for subprocessing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;

(i) that, in the event of subprocessing, the processing activity is carried out in accordance with Clause 11 by a subprocessor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and

(j) that it will ensure compliance with Clause 4(a) to (i).

Clause 5

Obligations of the data importer

The data importer agrees and warrants:

(a) to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;

(b) that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;

(c) that it has implemented the technical and organisational security measures specified in Appendix 2 before processing the personal data transferred;

(d) that it will promptly notify the data exporter about:

(i) any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation,

(ii) any accidental or unauthorised access, and

(iii) any request received directly from the data subjects without responding to that request, unless it has been otherwise authorised to do so;

(e) to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;

(f) at the request of the data exporter to submit its data processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority;

(g) to make available to the data subject upon request a copy of the Clauses, or any existing contract for subprocessing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;

(h) that, in the event of subprocessing, it has previously informed the data exporter and obtained its prior written consent;

(i) that the processing services by the subprocessor will be carried out in accordance with Clause 11;

(j) to send promptly a copy of any subprocessor agreement it concludes under the Clauses to the data exporter.

Clause 6

Liability

1. The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or subprocessor is entitled to receive compensation from the data exporter for the damage suffered.

2. If a data subject is not able to bring a claim for compensation in accordance with paragraph 1 against the data exporter, arising out of a breach by the data importer or his subprocessor of any of their obligations referred to in Clause 3 or in Clause 11, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract of by operation of law, in which case the data subject can enforce its rights against such entity.

The data importer may not rely on a breach by a subprocessor of its obligations in order to avoid its own liabilities.

3. If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs 1 and 2, arising out of a breach by the subprocessor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the subprocessor agrees that the data subject may issue a claim against the data subprocessor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the subprocessor shall be limited to its own processing operations under the Clauses.

Clause 7

Mediation and jurisdiction

1. The data importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject:

(a) to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority;

(b) to refer the dispute to the courts in the Member State in which the data exporter is established.

2. The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.

Clause 8

Cooperation with supervisory authorities

1. The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.

2. The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any subprocessor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law.

3. The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any subprocessor preventing the conduct of an audit of the data importer, or any subprocessor, pursuant to paragraph 2. In such a case the data exporter shall be entitled to take the measures foreseen in Clause 5 (b).

Clause 9

Governing Law

The Clauses shall be governed by the law of the Member State in which the data exporter is established.

Clause 10

Variation of the contract

The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause.

Clause 11

Subprocessing

1. The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the subprocessor which imposes the same obligations on the subprocessor as are imposed on the data importer under the Clauses. Where the subprocessor fails to fulfil its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the subprocessor's obligations under such agreement.

2. The prior written contract between the data importer and the subprocessor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.

3. The provisions relating to data protection aspects for subprocessing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the data exporter is established.

4. The data exporter shall keep a list of subprocessing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5 (j), which shall be updated at least once a year. The list shall be available to the data exporter's data protection supervisory authority.

Clause 12

Obligation after the termination of personal data processing services

1. The parties agree that on the termination of the provision of data processing services, the data importer and the subprocessor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.

2. The data importer and the subprocessor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data processing facilities for an audit of the measures referred to in paragraph 1.

APPENDIX 1 TO THE STANDARD CONTRACTUAL CLAUSES

By entering into the Standard Contractual Clauses, pursuant to Section 12.1 of the Agreement, the parties are deemed to have signed this Appendix 1.

Data exporter

The data exporter is the Company, as defined in the Agreement.

Data importer

The data importer is Binotel, as defined in the Agreement .

Data subjects

The categories of Data Subjects to whom the Company's Personal Data relates include the Company's employees and clients.

Categories of data

The types of Company's Personal Data to be Processed will typically include:

biographical information such as first and last name;
contact information such as phone number and email address;
metadata about calls;
any personal information that can be included in call recordings.

Processing operations

The Personal Data transferred will be subject to the processing activities for the purposes of providing the Services to the Company.

APPENDIX 2 TO THE STANDARD CONTRACTUAL CLAUSES

By entering into the Standard Contractual Clauses, pursuant to Section 12.1 of the Addendum, the parties are deemed to have signed this Appendix 2.

Description of the technical and organisational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c) (or document/legislation attached):

Data importer has implemented and will maintain the technical and organizational security measures to ensure a level of security appropriate to the risk, including, as appropriate, the measures referred to in Article 32(1) of the GDPR.

Binotel's organizational safeguards define how its employees perform their duties. From a preventative viewpoint, Binotel maintains a version controlled information security plan which is used as part of its employees' security training. Binotel practices 'separation of duties' amongst its employees to help ensure that each employee only has the necessary privileges required to perform their job. Binotelt's detection organizational safeguards include performing risk management assessments to verify each safeguards' efficacy. In addition, background investigations of prospective employees and the implementation of a detailed employee termination process ensure that risk exposure through the hiring and termination practices are well controlled.

Regarding technical guarantees, Binotel uses several technologies to reduce vulnerability. Binotel uses secure systems, in particular Linux. Finally, Binotel uses both login authentication and user access control to ensure that the appropriate level of access is approved by the management and made available to the appropriate staff.

Valid from 01.10.2019

Last revised: 04.28.2021

On our Website in the Binotel Wire Service we use cookie files, which are small text files that contain information about your navigation on the Website/in the Service. The main purpose of cookie files is to ensure easy navigation on the Website/in the Service.

What is a cookie file?

Cookies are small text files stored on your computer that allow websites to "recognize" you and remember your preferences.

When you visit the website for the first time, you usually provide certain information, such as your name and your preferred language. This information is entered into the cookie file and sent to your web browser. The next time you visit the same website, your browser uses this information in order to customize the website to fit your individual preferences.

What are the cookie files used for?
In our Service, we use cookie files for a variety of purposes in order to:

remember the language you speak and the country you reside in;
help you log in again when you visit the Service again;
help our engineers improve the Service based on an understanding of how people find us, and what devices they use;
evaluate the effectiveness of Binotel Wire, based on an understanding of whether you continued to use the Service after placing an order.

What cookie files can be used and what are they used for?

We can use the following cookie files:
Technical cookies: cookie files that allow you to use our Service and its functions. Without these files, our website and Service will not be able to operate as efficiently as you would like, and we may not be able to provide certain basic functions and capabilities of our Website. They also allow us to distribute the load to servers, collect information about user preferences regarding the use of cookie files, etc.

Preference cookies: Preference cookie files collect information about your preferences and allow us to remember the language and other local settings, as well as customize your use of the Website and your likes according to your individual features.

Third-party cookies: These cookie files are used to collect information about how you use our websites, what keywords or web pages have navigated you to visit them and what sites you visit. We use this information to generate reports, improve our websites and optimize product and service offerings. These cookie files can be set by both our websites and third-party domains.

Third-party integration cookies: These cookie files are used to embed third-party elements into our Website, such as a video from the YouTube™ resource, feedback forms or social network buttons that allow sharing website contents. This category of cookies may be transmitted by third parties and includes, without limitation, cookies sent by domains, including but not limited to YouTube.com, Facebook.com.

How to manage cookies?

You can disable cookie files - essential, preference files and social media files - through the settings in your browser. In order to delete cookies set by our and other sites, you can follow the instructions on the help page of your browser or website. You can also block the installation of cookies in the future by our and other websites. Information on the most frequently used browsers can be found here: http://www.allaboutcookies.org/browsers/index.html. As mentioned above, if you decide to disable cookies, you should know that this may result in the whole sections of our Website not able to function.

Policy updates and our contact details
This is a brief description of how we are currently using cookies. When we change our cookies, we can also change this Policy as regards cookie files. We look forward to receiving any of your questions, issues, and feedback on this Policy. If you have any suggestions for us, please report them by contacting the Customer Service or write to us at the following address:

Contact Us

For any queries in relation to this Cookies Policy please contact us at privacy@binotel.com, or you can also contact us in writing at LLC "Binotel", st. Zdolbunivska, 7-D., Building "Z", office №207, Kyiv, 0208, Ukraine.

In the event you read this policy in any language other than English, you agree that in the event of any discrepancies, the English version shall prevail.

Effective as of 1.10.2019

Last editing: 04.28.2021