v1.0 - 2024-03-15
1. GENERAL TERMS
a) This document contains the terms and conditions for using the Tagual Service (hereinafter referred to as "Terms and Conditions"). Tagual Service is software as a service that offers access to a Server side tracking container, as explained in the description available at https://tagual.com.
b) Within the meaning of the present Terms and Conditions:
"Tagual Service" or "Service" hereinafter refers to access to Tagual account and any related services as described on our website.
"Provider" or "Tagual" hereinafter refers to Gremini SRL, fiscal code 48206006, Address: Cluj-Napoca, Str. Macesului nr. 19A, jud Cluj, Romania. You can also email us at hello@tagual.com
"Beneficiary" hereinafter refers to any legal person who creates an account with Tagual Service, installs the Tagual code on its websites and/or uses the Service or wants to use it, in any way.
c) By registration or using the Service, the Beneficiary entirely and unconditionally accepts the provisions of these Terms and Conditions and understands using the Service pursuant thereto, including the use of the Service for a Trial period. Beneficiaries who create an account with Tagual Service understand and accept that using their account, as well as any access or visit of the Service, as well as any component thereof constitutes an acceptance, entirely and unconditionally, of the Terms and Conditions and of any provision thereof; non-acceptance of the Terms and Conditions by Beneficiaries mentioned above draws their obligation to stop accessing the Service.
d) Beneficiaries undertake to provide, when registering with Tagual Service, when accessing and using the Service, as well as in any access and use of the Service, valid, accurate, reliable and correct data and information.
e) Beneficiaries understand and accept that in case of violation in any way and to any extent of the provisions of the Terms and Conditions, the Provider shall be able to choose, at its sole discretion, to fully or partially suspend the access of the Beneficiary to the Service, or to permanently ban the access to one or several features or facilities offered by the Service, or to cancel the account of the Beneficiary on Tagual, without any warnings or notice and without requiring any other formalities in this regard.
f) This Service is dedicated to professional website owners. Due to the inherent nature of these services, these are offered only in a B2B format -- only to businesses or private persons acting in their professional quality.
g) The Beneficiaries' data is stored within the secured Tagual infrastructure. All personal data received from the Beneficiaries while providing the Tagual service will be processed according to chapter 4 of these terms and the Annex 1 - Data Processing Annex. In brief, we don't, under any circumstances, sell your data, contact people, market to people on your data, steal your data, or share your data with any other party, unless it's specifically allowed by you.
2. SPECIFIC TERMS ON USING TAGUAL
a) Beneficiaries may benefit from services offered by the Provider by opening an account and thus becoming a Beneficiary.
b) To use Tagual Service, the Beneficiary must include its codes in the container. Given that the Provider does not alter or modify the Beneficiary's data integrity, the entire liability belongs to the Beneficiary for the content of its provided data, including sending the data to other services that the Beneficiary is using or the way the code is properly installed.
c) The Provider bears no responsibility for the decisions taken based on your interpretation of the data from Tagual. The decisions taken in relation to the data are yours, and the Provider cannot be held liable for any direct or indirect damage caused by using the Service. The entire liability belongs to the Beneficiary.
d) Tagual may publish, in an anonymised form, any data, screenshots or case studies from our Beneficiaries' account without their consent, except if they object to this usage in writing to Tagual.
e) Tagual may use statistical data from the accounts of the Beneficiaries in order to improve its services or to create benchmarks for internal use or for public presentations of relevant aggregated information for the selected areas. These will always be based on aggregated data that would be impossible to link to one or several Beneficiaries.
f) Tagual may also use the logo of the Beneficiary using the Service, their website address and/or name of the company in order to showcase the list of clients, except if the Beneficiary objects in writing.
g) The Beneficiary is responsible for keeping the account names and passwords confidential. This includes the responsibility for any account that you have access to, whether you have authorized its use. The Beneficiary shall immediately notify Tagual of any unauthorized use of its accounts. Tagual is not responsible for any losses due to stolen or hacked passwords. Tagual doesn't have access to your current password for security reasons, thus Tagual may only reset your password in case it is forgotten.
h) The Beneficiary is the only one responsible for providing access and credentials to other companies where the Beneficiary has an account and wants Tagual to send the selected data from the Service account to another account that belongs to another company.
i) Tagual doesn't know the inner workings of the Beneficiary organization or the nature of personal relationships, therefore Tagual doesn't arbitrate disputes over who owns an account. Tagual may decide who owns an account based on the content of the emails in that account, and if multiple people or entities are identified in the content, then Tagual will rely on the contact information listed for that account.
j) The Beneficiary represents and warrants that its use of Tagual Service will comply with all laws and regulations applicable to its activities.
k) The Provider may offer a free trial version for certain periods of time, but not all features of the Service might be available. This offer would be usually valid only for new clients and may be withdrawn for any reason by the Provider. This offer may be presented on a public webpage or be offered in a personalized offer to certain Beneficiaries.
l) The Provider may also provide Demo accounts, available free of charge, for relevant Beneficiaries. All data imported in these accounts is not real and is being presented for information purposes only to understand the benefits of the Service.
m) The prices of Tagual Service may be available on the Service presentation webpage - https://tagual.com/pricing or will be identified in a personalized offer to Beneficiaries and do not include VAT.
n) The Beneficiary will pay in advance for the Service. The lack of confirmed payment to Tagual will lead to the automatic suspension of access to the Service. The access will be restored once the Service has been paid. If the Services is not paid in 30 days from the due date, the Beneficiary reserves the right to unilaterally terminate the contract according to Art. 8.
3. INTELLECTUAL PROPERTY RIGHTS
a) The software, content and any graphical elements of the Service, including but not limited to, belong to the Provider and its partners and represent the content of Tagual.
b) The Beneficiary undertakes to comply with all copyright and any other intellectual property rights which the Provider and its partners hold on/in relation to Tagual, its content, Service, any module or component thereof or in connection with their use. Inter alia this includes all software belonging to other partners or any other third parties (such as for example the Google Tag Manager code) that may be necessary to be used in Tagual.
c) The copy, takeover, reproduction, publication, transmission, sale, partial, full or modified distribution of the content of Tagual Service or any part thereof for purposes other than personal or that expressly indicated by the Provider are prohibited.
d) The Provider reserves the right to sue any person and/or entity that violates in any way the above provisions.
e) Any Beneficiary that sends in any way information or materials to Tagual Service undertakes not to prejudice in any way the copyright, intellectual property rights or any other rights that a third party could invoke in connection to materials and information send in any way to Tagual Service and Beneficiaries that send in any in any way information or materials understand and accept that violation in any way of this obligation cannot engage in any way the liability of the Provider, but only the liability of the respective persons.
f) Notwithstanding the preceding provisions, the Provider or its partners do not own those materials for which another right holder was indicated on Tagual Service, or another holder or another source, information provided by Beneficiaries, or opinions and/or comments of any type expressed by the Beneficiaries of the Site regarding materials of any type posted on Tagual Service or regarding the Site content in general.
g) Any Intellectual property or other copyright-related claim shall be sent by email to hello@tagual.com
4. PERSONAL DATA
4.1 Processing of personal data as a Data Processor
In accordance with the European Union legal framework on data protection (GDPR), the Provider is a Data Processor that processes the personal data of the Beneficiary (which is the Data Controller) while providing the service. A specific data processing contract between the two entities -- based on art 28 of the GDPR is available as Data Processing Annex - Annex 1 for these Terms and Conditions and can also be found in the Beneficiaries account.
4.2. Processing of personal data as a Data Controller
a) According to the provisions of the Romanian applicable legislation on data protection, Tagual has the obligation to manage the personal data in a secure technical environment and only for the notified purposes the personal data of the Beneficiaries, in order to be able to use the services requested by the Beneficiary and provided by the Data Controller.
Please note that our Service and services are exclusively Business to Business (B2B) and, for these services, we do not target any physical persons or individual Beneficiaries for both our services. However, we might collect personal data as contacts of our Beneficiaries.
b) Within the limits mentioned above, Tagual, as a Data Controller, processes the personal data the Beneficiary supplies freely and in an informed manner for the following purposes: contracts and invoicing for business partners and for the administration and support of the service Tagual Service. The data is gathered using automated and non-automated means. More details are available in the Privacy Policy.
c) It is necessary for the Beneficiary to provide us with the personal data of its representatives, as this data is indispensable for the processing. In case you do not agree with the processing, the consequence is that you will not be able to access the Service. For marketing and publicity purposes, Tagual Service may process only the following personal data: IP address, email, address, name and surname and phone number. Tagual may also use cookies in their own service for its marketing purposes, as you are informed on the Tagual website on the first visit.
5. LINKS TO OTHER SERVICES
a) Beneficiaries understand and accept that Tagual Service may contain links or reference to other internet sites, including the sites of product and/or service providers to which the advertising banners posted on Tagual Service or advertising microsites, personal sites (blogs) send, but without limited to, which are considered by the Provider useful in relation to the content of Tagual Service, but which are not under its control or guidance.
b) The Provider is exempt from any liability regarding the content or opinions expressed on all internet sites mentioned above, as well as their correctness and accuracy, and Beneficiaries understand and accept that these internet sites are not monitored, controlled or verified in any way by the Provider. Including a link or reference to other internet sites does not involve their service in any way by the Provider. At the time when Beneficiaries access such internet sites, they do so at their own risk, knowing that the use of services offered by these sites is subject to conditions set by the administrators of these sites.
6. LIMITATION OF LIABILITY
a) Considering that the Provider provides a hosting platform for the Beneficiary's code, the Beneficiary assumes all civil and criminal liability for the content of data submitted and the consequences of using them.
b) Under no circumstance, regardless of circumstances invoked, shall the Provider be held liable before the Beneficiary in relation to Service for any additional amount compared to the amounts actually paid by the Beneficiary to the Provider.
c) By using the services, the Beneficiary declares that it has the right to add or send that data to Tagual and it has complied with all relevant personal data legislation. The Beneficiaries agree that this data would be processed according to the Data Processing Annex.
d) The Provider assumes no obligation and does not guarantee, implicitly or deliberately, for the Services rendered. The Provider shall make all reasonable efforts to ensure the provision of services and try to correct errors and omissions as soon as possible.
e) The Provider does not offer any guarantees and has no responsibility for the result of Service rendered at the request of the Beneficiary, for information made available through Tagual Service by Beneficiaries and in no circumstance can it be held liable for any loss or damage that may result from the use of either section of Tagual Service, of the Service or from the impossibility to use it, regardless of its cause, or from the misinterpretation of any provision of Tagual Service.
f) Beneficiaries understand and accept that the Provider makes available for Beneficiaries a hosting platform, so all services and facilities related to the use of Tagual Service, as well as all data, information contained therein are provided "as is", "as available", and Beneficiaries use them at their own risk. Beneficiaries understand and accept that the Service made available on Tagual Service is provided "as is", "as available" and use it at their own risk. Beneficiaries understand and accept that rendering the Service may be affected by certain objective conditions. Consequently, the Provider cannot be held liable regarding any information and data included in the content of Tagual Service or received from Beneficiaries, including but without limitation to those regarding offers, services, data and information related to the use of the Service, or any other activity regarding the use and access of the Service and/or of Tagual Service, as well as any other legal effect deriving therefrom.
g) Beneficiaries understand and accept that the Provider is exempt from any liability in the event of any stoppage, interruption, hindering, malfunctions or errors in the operation of Tagual Service, in case of technical failures of any kind or any errors in the provision of the Service, and in any situation in which it wouldn't be proven with certainty that any errors or technical problems of the above are due directly and exclusively to the serious fault of the Provider.
h) Expressly, Beneficiaries understand and accept that the Provider is exempt from any liability for any direct or indirect damage, including but not limited to loss of profits, commercial venue or other intangible losses, resulting from the use of the Service or any other aspect in connection with the Service and use of Tagual Service in any way or any legal consequences deriving from it.
i) In cases of force majeure, the Provider and/or operators, directors, employees, branches, subsidiaries and its representatives shall be entirely exempt from liability. Force majeure cases include, but are not limited to, errors in operation of technical equipment of the company, no functioning of the internet connection, denial of service attacks, no functioning of telephone connections, computer viruses, hacking attacks of any type and interference with any malicious software, unauthorized access in the Tagual Service systems, operational errors, strike etc.
j) Beneficiaries agree to protect, insure and fully compensate the Provider and/or its operators, directors, employees, branches, subsidiaries and representatives against any demands, claims, actions, charges, losses, damages, costs (including but not limited to attorney's fees, fees for experts and consultants or executors, legal fees, notary or performance fees), costs, judgments, decisions, fines, regulations or other obligations arising from or related to any other action of the Beneficiary in connection with the use of the Services or any other matter in connection with the Service.
8. DURATION AND TERMINATION
a) These Terms and Conditions will become effective at the date of their acceptance by the Beneficiary, for an indefinite period of time.
b) The contractual relationship between Tagual and the Beneficiary under these Terms and Conditions will be terminated:
by written consent of both Parties;
by termination by either Party, at the expiry of the 30 days term from the notification date (including late payment notification), based upon a written notification sent to the other Parties without any other formality or the intervention of the court of law if either Party breaches any of the obligations stipulated in the Terms and Conditions and does not remedy the breach within the period specified in the notification:
by unilateral termination by either Party, complying with a written notice by email of 60 (sixty) days, case in which the Party cannot request damages, compensations or other financial actions to stop the contractual reports.
by not accessing the Beneficiary account on the Tagual Service or not sending data to Tagual Service in 6 consecutive months.
c) The termination of the contractual relationships, regardless of the way, has no effect on the already outstanding obligations between the Parties.
9 . GOVERNING LAW. DISPUTES
Rights and obligations of Beneficiaries and of the Provider, set forth in the Terms and Conditions, and all legal effects the Terms and Conditions produce shall be construed and governed in accordance with Romanian law in force. The applicable law in relations arising between the Provider and Beneficiary or any other party is the Romanian law. The law applicable to any report or effect arising from providing the Service is the Romanian law. Any dispute or claim arising out of these Terms and Conditions will be resolved by mutual agreement. In the event that it can not be settled by mutual agreement in 30 days from the first notification, the dispute arising out of or in connection with these Terms and Conditions will be settled by an independent arbiter selected by both parties. In case when the parties may not agree in appointing an independent arbiter in 14 days, the dispute will be settled by the competent court from the Provider's headquarters in Cluj-Napoca.
10. AMENDMENT TO TERMS AND CONDITIONS
The Provider is entitled to amend at any time and in any way any of the provisions of the Terms and Conditions or the Terms and Conditions entirely, without any prior notice and without being required to fulfill any other formality before Beneficiaries. Any amendment shall be considered as fully and unconditionally accepted by any Beneficiary by simply using or accessing any facility offered by Tagual Service or by using the services, or accessing Tagual Service, occurred at any moment after the amendment was made, and non-acceptance of any change draws the obligation of the respective Beneficiary to immediately stop accessing Tagual Service and or using in any way the Service.
11. The present Terms and Conditions must be construed and understood in connection with its appendixes:
Annex 1 - Data Processing Annex
Annex 2 -- Privacy Policy Tagual.com available at https://app.tagual.com/privacy-policy
The present Terms and Conditions for Tagual Service -- version 1.0 were published by the Provider on its service on 15.03.2024 and are accessible at the web page https://app.tagual.com/terms-of-service
Data Processing Annex
The present data protection agreement between Tagual and the Beneficiary is an annex to the Terms and Conditions Tagual Service between the two parties and aims to clarify the roles and responsibilities for data protection from both parties, based on obligations imposed by the art 28 from EU Regulation 2016/279 (GDPR). This agreement does not cover the personal data collected by Tagual as a Data controller, as explained in chapter IV of the Terms and Conditions.
In the context of this contract, the Beneficiary is the Data Controller and Tagual is the Data Processor for all the personal data sent by the Beneficiary to the Service as defined in the Terms and Conditions. If the Beneficiary would be considered a Data Processor for his specific clients, then Tagual will be considered a Sub-Processor and all the terms below would be changed accordingly.
If the Beneficiary is located outside the European Economic Area, the EU Standard Contractual Clauses adopted by the European Commission on 4 June 2021 will apply, with Modules 3 or 4 being applicable based on whether the Beneficiary is a Data Controller or a Data Processor. The appendices from the EU Standard Contractual Clauses will correspond to the content of this Data Processing Annex.
"Applicable Law" shall mean (i) any data protection laws or regulations in the jurisdiction in which the Personal Data is hosted; and (ii) Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the Processing of Personal Data and on the free movement of such data (the "GDPR").
In the current agreement all definitions from GDPR Article 4 will apply accordingly.
1. Subject matter and duration
The Subject matter results from the Terms and Conditions between the contracting parties. The duration of this agreement corresponds to the duration of the Terms and Conditions.
The data in the logs will be kept for 3 or 10 days, depending on the specific package and Service acquired.
2. Nature and Purpose of the processing of Data
The processing of personal data by the Data Processor for the Data Controller is made only for the correct provision of the Tagual services, including possible support activities necessary for this service.
The processing includes all operations performed on the collected personal data, only by automated means such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, alignment or combination, restriction, erasure or destruction.
3. Processed data
The data collected and processed for the purposes of this agreement includes all personal data added or imported in the Tagual service or created during the usage of the Tagual services. Thus traffic data in logs may include categories of technical data which may lead to an indirect identification of device or person, and we have to treat all such information as personal data and protect it as such. This may include categories of data such as IP addresses, unique identifiers of devices or email.
If you use a package which includes an option for "cookie keeper" and you actively use this feature, then Tagual will also process the cookies (including its unique identifiers or individual proof of consent) that are being hosted in our service.
4. Categories of data subjects
The categories of data subjects are website visitors of the Data Controller.
5. Specific Instructions
5.1. The Data Controller instructs the Data Processor on processing all personal data specified in article 3 in order to provide the services in the Tagual Terms and Conditions.
5.2. The Data Controller instructs the Data Processor to directly transfer certain data (that might include personal data) to other companies selected by the Data Controller, by providing them with relevant credentials for each of them, be it by entering these credentials within the application, or by explicitly requesting them in writing. For the avoidance of the doubt, these companies are not sub-processors based on this contract.
6. Obligations of the Data Controller
confirms and guarantees that, in relation to the processing of personal data for this contract, it acts as a Data Controller;
complies with Applicable Law when processing personal data, and only gives lawful instructions to Data Processor;
guarantees that data subjects have been informed of the uses of personal data as required by Applicable Law, including sharing their data with the Data Processor, if required;
confirms it relies on a valid legal ground for the processing of personal data under Applicable Law, including, if required, obtaining consent from data subjects;
complies with Data Subject requests to exercise their rights of access, rectification, erasure, data portability, restriction of processing, and objection to the processing;
implements appropriate technical and organizational measures to ensure, and to be able to demonstrate, that the processing of personal data is performed in accordance with Applicable Law, including for securing the transfer of data from its data subjects to the Data Processor;
cooperates with Data Processor to fulfill their respective data protection compliance obligations in accordance with Applicable Law;
by providing a relevant credential for integration or explicitly requesting a point-integration with other companies (as its own direct data processors) according to art. 5.2, it confirms and guarantees its instruction to send the selected data to these companies and that the security of the transfer is being guaranteed by the Data Controller or the other companies/data processors. It also confirms that it has a proper legal basis for transferring the personal data to these companies.
7. Obligations of the Data Processor
The Data Processor only processes personal data on behalf of the Data Controller in accordance with its specific instructions as mentioned in Article 5 and not for any other purposes than those specified in Article 2, the main contract or as otherwise agreed by both parties in writing.
For the avoidance of doubt, the Data Controller authorizes the Data Processor to use statistical data, based on information from the accounts of the Beneficiaries in order to improve its services or to create benchmarks for internal use or for public presentations of relevant aggregated information for the selected domains. These will be always based on aggregated anonymised data that would be impossible to link to one or several Data Controllers or to any personal data proceed based on this agreement.
The Data Processor will promptly inform the Data Controller if, in its opinion, the Data Controller's instructions infringe the Applicable Law, and/or if the Data Processor is unable to comply with the Data Controller' instructions.
The Data Processor will notify the Data Controller without undue delay after becoming aware of a personal data security breach when the data is processed by the Data Processor. The Data Processor will take reasonable steps to mitigate the effects and to minimize any damage resulting from the personal data breach.
The Data Processor will assist the Data Controller in complying with data security, data breach notifications, data protection impact assessments and prior consultations with supervisory authorities requirements under Applicable Law, if necessary, taking into account the nature of the processing and the information available to the Data Processor. The Data Processor, taking into account the nature of the processing, will assist the Data Controller by appropriate technical and organizational measures, as far as this is possible, to fulfill the Data Controller's obligations to respond to data subjects' requests to exercise their rights as provided under Applicable Law. To the extent authorized under Applicable Law, the Data Controller shall be responsible for any costs arising from the Data Processor's provision of such assistance.
When the Terms and Conditions will be terminated, the Data Processor will delete or anonymize all personal data in maximum 30 days from the expiration date, unless the Data Controller will ask them to keep it for longer and will pay for this service or if the Romanian laws prevent it from returning or destroying all or part of the personal data or requires storage of the personal data (in which case the Data Processor must keep them confidential).
8. Sub-processors
8.1. Data controller agrees with the usage of the following specific sub-processors by the Data Processors:
Hetzner (Germany) -- Hosting provider
OVH (France, Germany, Poland) -- Hosting provider
Scaleway (France) -- Hosting provider
8.2. By this article the Data Controller gives a general authorization to the Data Processor to share personal data to future Sub-Processors under the conditions set below:
The Data Processor guarantees the existence of an agreement with its Sub-Processors which imposes on the Sub-Processor the same data protection obligations as provided by the Data Processor under this agreement or by Applicable Law, in particular providing sufficient guarantees to implement appropriate technical and organizational measures to ensure the processing will meet requirements under Applicable Law, to the extent applicable to the nature of the service provided by the Sub-Processors. Where the Sub-Processor fails to fulfill its data protection obligations under such agreement, the Data Processor shall remain fully liable towards the Data Controller for the performance of the Sub-Processor's obligations under such agreement.
The Data Processor guarantees that all the Sub-Processors will process data exclusively within a Member State of the European Union (EU), within a Member State of the European Economic Area (EEA) or in any state with an adequate data protection regime as recognized by the European Commission or have signed adequate SCCs;
The Data Processor shall inform the Data Controller of any addition or replacement of Sub-Processors and allow the Data Controller to reasonably object to such changes by notifying the Data Processor in writing within 5 business days after receipt of the Data Processor's notice of the addition or replacement of a Sub-Processor. The Data Controller's objection should explain the reasonable grounds for the objection.
9. Security of the processing and confidentiality
The Data Processor must implement appropriate technical and organizational measures to ensure standard industry security measures appropriate to the risk, according to art 28 and 82 from GDPR. In assessing the appropriate level of security, the Data Processor must take into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of data subjects and the risks that are presented by the processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored or otherwise processed. The Data Processor shall take steps to ensure that any person acting under its authority who has access to personal data is bound by enforceable contractual or statutory confidentiality obligation.
In the case of transferring data to other companies as requested by the Data Controller according to art 5.2, Data Processor is only responsible for the security of the data only until the data has left its servers.
10. Data Protection Audit
10.1. Upon prior written request by any Data Controller, the Data Processor agrees to cooperate and within reasonable time provide to any Data Controller with:
(a) a summary of the audit reports demonstrating the Data Processor's compliance with its obligations under this Annex, after redacting any confidential and commercially sensitive information; and
(b) confirmation that the audit has not revealed any material vulnerability in the Data Processor's systems, or to the extent that any such vulnerability was detected, that Data Processor has fully remedied such vulnerability.
10.2. If the above measures are not sufficient to confirm compliance with Applicable Law or reveal some material issues, subject to the strictest confidentiality obligations, the Data Processor allows the Data Controller to request an audit of Data Processor's data protection compliance program by external independent auditors, which are jointly selected by the parties. The external independent auditor cannot be a competitor of Data Processor, and the parties will mutually agree upon the scope, timing, and duration of the audit. The audit may not start within less than 30 days from the first request of the Data Controller. The Data Processor will make the result of the audit of its data protection compliance program available to the Data Controller. The Data Controller must fully reimburse the Data Processor for all expenses and costs for such an audit.
11. Liability to data subjects.
11.1. Each party agrees that it will be liable to data subjects for the entire damage resulting from a violation of Applicable Law.
11.2. If one party paid full compensation for the damage suffered, it is entitled to claim back from the other party that part of the compensation corresponding to the other party's part of responsibility for the damage. For that purpose, both parties agree that Data Controller will be liable to data subjects for the entire damage resulting from a violation of the Applicable Law with regard to processing of personal data for which it is a Data Controller, and that Data Processor will only be liable to data subjects for the entire damage resulting from a violation of the obligations of Applicable Law directed to the Data Processor or where it has acted outside of, or contrary to Data Controller's lawful instructions.
11.3. The Data Processor will be exempted from liability if it's proven that it doesn't have any responsibility in the event giving rise to the damage.
12. Enforcing this agreement
12.1 In the event of any conflict or inconsistency between the provisions of the Terms and Conditions and this Annex, the provisions of this agreement shall prevail. Save as specifically modified and amended in this Annex, all the terms, provisions and requirements contained in the Terms and Conditions shall remain in full force and effect and govern the terms of this agreement.
12.2 This current agreement will be in force starting with the date of entry into force of the Terms and Conditions, until it is superseded by a new arrangement.