Terms of Service

Subscription Agreement 

(A) Mindpool provides online systems via mindpool.com (the “System”) that is further described in the user documentation (such as user guides or help articles) made available through the System (the “Documentation”). Mindpool has been acquired by Wazoku Limited, and Mindpool is part of Wazoku Limited. Any reference to Mindpool under these terms and conditions shall also be reference to Wazoku Limited as legal entity.  

(B) The parties are entering into this agreement (which includes the data processing agreement in Annex A (“Data Processing Agreement”) and, where applicable, the professional services terms in Annex B) and one or more order forms (the “Order Forms”). The Order Forms will form part of this agreement and specify: (1) the product plan applying to Customer’s use of the System, which will determine (as described further in the Documentation): (a) the functionality that will be made available to Customer by the System, and (b) the System support services to be performed by Mindpool (the “Support Services”), (2) any professional services to be performed by Mindpool (the “Professional Services” and together with the System and the Support Services, the “Services”), and (3) the maximum number of users of Customer and any Customer Affiliates that may be designated by Customer to access the System (“Authorised Users”). “Affiliate” means any company that directly or indirectly controls, is controlled by, or is under common control of a party. An entity shall be regarded as in control of another company or entity if it owns or directly or indirectly controls more than 50% of the voting rights of that company or entity. 


1. Provision Of System And Services 

1.1 Subject to payment by Customer of the Charges (as defined below in section 4.1), Mindpool shall, during the subscription term specified in the Order Form (as may be extended in accordance with this agreement) (the “Subscription Term”), and in accordance with this agreement: (a) provide Customer with a non-exclusive, non-transferable, non-sublicensable, revocable, royalty-free licence to permit the Authorised Users to access and use the System during the Subscription Term in accordance with the terms of this agreement and solely for Customer’s internal business operations, (b) perform the Support Services for Customer during the support hours and to the service availability levels specified in the Order Form, and (c) perform the Professional Services in accordance with the Order Form and the Professional Services Annex B. Customer shall only use the Services and the Documentation for its internal business operations and in accordance with this agreement and shall use the System in accordance with the Documentation. 


1.2 Customer shall designate the Authorised Users, who will only be employees and contractors of Customer and Customer Affiliates, up to the maximum number specified in the Order Form, and shall procure that only one individual uses each Authorised User account and accounts are not shared. If Customer wishes to procure additional Authorised User accounts above such maximum it shall execute an additional Order Form. The additional Authorised Users shall be coterminous with the pre-existing Subscription Term and Customer shall pay additional subscription fees, as specified in the Order Form, for the new Authorised Users at the rate specified in the Order Form, pro-rated from the date of activation to the end of the then-current Subscription Term. Mindpool shall invoice the additional subscription fees at the end of the quarter in which activation occurred. Customer shall procure that Customer Affiliates and the Authorised Users comply with this agreement. 


1.4 Mindpool shall, to the extent required for the provision of Services under this agreement: (a) perform the Services substantially in accordance with this agreement and with reasonable skill and care, (b) comply with applicable laws, and (c) maintain any licences and consents that are needed to provide the Services and the System. 


1.5 Mindpool shall use reasonable efforts to correct promptly any material non-conformance of the System as detailed in the Documentation. However, Mindpool will not be liable for: (a) the System or Services to the extent damage is caused by these being used contrary to Mindpool’s instructions or this agreement or modified other than by, or on behalf, of Mindpool, or (b) Customer’s connection to the System over the internet or integration to the System. Customer is responsible for ensuring that the System and Services meet its requirements and are fit for purpose. If Customer does not perform its obligations in a timely manner, then Mindpool may reasonably adjust the delivery plan for the Services. 


1.6 Mindpool may modify the Documentation and System if it does not materially reduce the functionality of the System (and may provide alternative features that have materially the same benefits as the previous feature). 


1.7 Mindpool may use the name and logo of Customer for promotional and marketing purposes. 


2. Customer Data 

2.1 Customer shall own any data or information uploaded by Customer and/or its Authorised Users into the System or provided by Customer to Mindpool in connection with the Services (“Customer Data”). Customer shall be responsible for the content of Customer Data. 


2.2 Mindpool shall back-up Customer Data as set out in its then-current published security policy (the “Security Overview”). If there is any loss or damage to Customer Data due to a System error, then Mindpool shall use reasonable efforts to restore the lost or damaged Customer Data from the latest back-up as its sole liability. Mindpool shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any party other than Mindpool or its subcontractors. 


3. Customer’s Obligations 

3.1 Customer shall: (a) co-operate with Mindpool and provide any necessary information, as required to provide the Services, (b) comply with laws applicable to this agreement and maintain any necessary licences and consents to allow the use of Customer Data in accordance with this agreement, (c) procure that the Authorised Users keep their System passwords confidential, and (d) use reasonable efforts to prevent unauthorised access or use of the System and the Documentation (and if Customer is aware of unauthorised access or use, promptly notify Mindpool). 


3.2 Customer shall not (and Mindpool may suspend Customer’s access to the System if any of the following occur, or Mindpool reasonably believes any of the following has occurred): (a) access, store, distribute or transmit any viruses or any material that is unlawful, harmful, threatening, defamatory, obscene, infringing, harassing, discriminatory or offensive, (b) except as expressly permitted under this agreement or allowed by any applicable law that is incapable of exclusion: (i) copy, modify, duplicate, create derivative works from, frame, mirror, republish, download, display, transmit, or distribute any portion of the System or Documentation, or (ii) de-compile, reverse compile, disassemble, reverse engineer or otherwise reduce to human-perceivable form any part of the System, (c) use the System, Services or Documentation to provide services to third parties or build a product or service which competes with the System or Services, (d) subvert any security restrictions imposed by Mindpool, including attempting to obtain, or assist others in obtaining, access to the System, other than as permitted under this agreement, (e) use the System in a way that adversely affects the System or other users use of the System, (f) make the Services, System or Documentation available to any third party or assist third parties in obtaining access, or (g) engage in any excessive or abusive use of the optional modules and/or features of the System as may be provided by the sub-processors referred to in section 3 of Annex A from time to time, which is usage significantly in excess of average usage patterns that adversely affects the availability, functionality, speed, responsiveness and/or stability of the Services for any other customer(s) and/or any Authorised User(s) (“Excessive Usage”). Should Mindpool determine that any Excessive Usage has occurred, Customer shall account to Mindpool for any charges incurred by Mindpool as a result of such usage. 


4. Charges And Payment 

4.1 Customer shall pay Mindpool the subscription fees and charges specified in the Order Form for Customer’s use of the System and the Services (the “Charges”). The Charges are non-cancellable and non-refundable (except if this agreement is terminated by Customer for Mindpool’s material breach, in which case Mindpool will refund any prepaid fees covering the remainder of the then-current Subscription Term). Customer shall pay the Charges within 30 days of receiving Mindpool’s invoice. 


4.2 Subscription fees shall be invoiced on or around the “Effective Date” for the initial Subscription Term (each as specified in the Order Form) and on or around the beginning of each subsequent minimum renewal period of 12 months (“Renewal Periods”) in advance thereafter (or in accordance with section 1.2). Professional Services fees shall be invoiced in accordance with the Order Form. Customer shall reimburse Mindpool for any transaction fees that may be incurred by Mindpool in connection with payments of the Charges if any are due from Customer’s bank. 


4.3 The Charges are exclusive of value added, sales, use or withholding, or equivalent taxes in any jurisdiction (together, the “Taxes”), which if payable, will be additionally payable by Customer at the appropriate rate. Customer shall be responsible for, and will not withhold or deduct, any applicable Taxes on the Charges. 


4.4 If Mindpool has not received payment within 30 days of receipt of an invoice and has contacted (or attempted to contact) Customer both by email and by telephone referring to its rights of suspension, then: (a) Mindpool may disable Customer’s access to the System and suspend the Services, and (b) interest shall accrue on a daily basis at an annual rate equal to 3% over the then-current base lending rate of Mindpool’s bankers in DK. If a Charge is 30 days or more overdue, then Customer shall reimburse Mindpool for Mindpool’s reasonable costs incurred in the collection of the overdue amount from Customer. 


4.5 Mindpool may increase the Charges at the start of each Renewal Period by giving not less than 60 days’ prior written notice to Customer. 


5. Proprietary Rights 

5.1 Mindpool shall have a non-exclusive, royalty-free, worldwide, transferable, sub-licensable, irrevocable, perpetual licence to use or incorporate into the System and Services any suggestions, enhancement requests, recommendations or other feedback provided by Customer or its Authorised Users relating to the operation of the System and Services. 


5.2 Nothing in this agreement will be deemed to transfer any intellectual property rights between the parties. Customer may use the System by viewing it in a browser or printing out copies for Customer’s use, but Mindpool reserves all other rights. 


5.3 Customer grants Mindpool a non-exclusive licence to use Customer Data for the purposes of providing the System and Services in accordance with the agreement. 


6. Confidentiality 

The parties shall each: (a) keep confidential, (b) only use for the purposes of this agreement, and (c) only disclose in confidence to the recipient’s employees, contractors and advisors who need to know, the confidential information of the other party received in connection with this agreement, unless the confidential information (i) has become public knowledge otherwise than through a breach of this section, (ii) can reasonably be shown to have been known by the recipient before being received from the discloser, (iii) was obtained by a third party that had not breached a duty of confidentiality, or (iv) is required to be disclosed by law or a party’s regulatory body. Upon termination of this agreement each party shall on request promptly return or take reasonable steps to delete the confidential information of the other party. 


7. Indemnity 


7.1 Mindpool shall defend and indemnify Customer and Customer Affiliates, from and against: 

7.1.1 any claim brought by a third party that the Services, Documentation or System infringes any patent effective as of the Effective Date, copyright, trade mark, database right or right of confidentiality, and shall indemnify Customer and Customer Affiliates for any amounts awarded against Customer or Customer Affiliates in judgment or settlement of any such infringement claims, and 

7.1.2 any third party or regulatory claims, actions, proceedings, or fines, and for any related losses, damages, expenses and costs, to the extent arising out of or in connection with any material breach by Mindpool of the Data Processing Agreement. 


7.2 Customer shall defend and indemnify Mindpool and the Mindpool Affiliates, from and against: 

7.2.1 any claims, actions, proceedings, losses, damages, expenses and costs arising in connection with the misuse or otherwise improper use of the System and/or Documentation in breach of this agreement by Customer or by any person under the control of Customer or any Customer Affiliate; and 

7.2.2 any third party or regulatory claims, actions, proceedings, or fines, and for any related losses, damages, expenses and costs, to the extent arising out of or in connection with any material breach by Customer of the Data Processing Agreement. 


7.3 Section 7.1 and 7.2 are subject to: 

7.3.1 the indemnifying party being given prompt notice of any matter for which indemnified party wishes to be indemnified; 

7.3.2 the indemnified party providing reasonable co-operation in the defence and settlement of the relevant claim, at the indemnifying party’s expense; and 

7.3.3 the indemnifying party being given sole authority to defend or settle the relevant claim, provided that no settlement shall be made which prejudices the indemnified party’s rights or imposes any obligations on it without its prior written approval (such approval not to be unreasonably withheld or delayed). 


7.4 In the defence or settlement of any third party claim, Mindpool may procure the right for Customer to continue using the System, replace or modify the System so that it becomes non-infringing or, if such remedies are not reasonably available, terminate this agreement on two business days’ notice to Customer without any additional liability. 


7.5 Mindpool will not be liable to Customer to the extent that an alleged infringement is based on: 

7.5.1 a modification of the Services or Documentation by anyone other than Mindpool or its subcontractors; 

7.5.2 Customer’s use of the Services or Documentation in a manner contrary to the instructions given by Mindpool; or 

7.5.3 Customer’s use of the Services or Documentation after notice of the alleged infringement. 


7.6 The foregoing states Customer’s sole and exclusive rights and remedies, and Mindpool’s entire obligations and liability, for infringement of any intellectual property right. 


7.7 Each party shall make reasonable efforts to mitigate any loss, damage or liability it may suffer or incur as a result of a breach by the other party of this agreement or in respect of which it seeks indemnification from the other party under this agreement. 


8. Limitation Of Liability 


8.1 Except as expressly and specifically provided in this agreement and to the fullest extent permitted by applicable law: 

8.1.1 Customer assumes sole responsibility for all information, notifications, results, data or disclosures (collectively “Results”) obtained or delivered in the course of the use of the Services and the Documentation, and Mindpool expressly disclaims any and all responsibility and liability in respect of such Results; 

8.1.2 Mindpool shall have no liability for any damage caused by errors or omissions in any information, instructions or scripts provided to Mindpool by Customer in connection with the Services, or any actions taken by Mindpool at Customer’s direction; 

8.1.3 all terms implied by law are excluded from this agreement; and 

8.1.4 the Services and the Documentation are provided to Customer on an “as is” basis. 


8.2 Nothing in this agreement excludes or restricts liability for death or personal injury caused by negligence, fraud or fraudulent misrepresentation, or otherwise to the extent such exclusion or limitation is not otherwise permitted by law. 


8.3 Subject to section 8.2: 

8.3.1 neither party shall be liable to the other party, whether in contract, tort (including for negligence), breach of statutory duty or otherwise for (a) any loss of profits, loss of business, depletion of goodwill or similar losses or loss or corruption of data or information, or pure economic loss, or (b) for any indirect or consequential loss; however arising under or in connection with this agreement, provided that this section shall not apply to limit or exclude any obligation to pay the Charges or any charges that may be owed by Customer in respect of any Excessive Usage; and 

8.3.2 the total and aggregate liability of (a) Mindpool and the Mindpool Affiliates and (b) Customer and Customer Affiliates, in each case whether in contract, tort (including for negligence), breach of statutory duty or otherwise, arising under or in connection with this agreement shall be limited to 125% of the total subscription fees paid or payable for the Authorised Users during the 12 months immediately preceding the date on which the claim arose. 


9. Term And Termination 


9.1 This agreement shall commence on the Effective Date and continue for the initial Subscription Term and for successive Renewal Periods thereafter, unless (a) either party notifies the other of its intention to terminate, giving at least 30 days’ written notice, to take effect at the expiry of the initial Subscription Term or then-current Renewal Period, or (b) otherwise terminates in accordance with this section. 


9.2 Either party may terminate this agreement with immediate effect by giving written notice to the other party if the other party: 

9.2.1 fails to pay any amount due under this agreement and remains in default not less than 30 days after being notified in writing to make such payment; 

9.2.2 commits a material breach of any other term of this agreement which breach is irremediable or (if remediable) fails to remedy that breach within a period of 30 days after being notified in writing to do so; or 

9.2.3 the other party is subject to any of the following events (or any event analogous to any of the following in a jurisdiction other than England and Wales) in relation to the relevant entity: becomes insolvent, enters into liquidation, whether voluntary or compulsory (other than for reasons of bona fide amalgamation or reconstruction), passes a resolution for its winding-up, has a receiver or administrator manager, trustee, liquidator or similar officer appointed over the whole or any part of its assets, makes any composition or arrangement with its creditors or takes or suffers any similar action in consequence of its debt, or becomes unable to pay its debts or suspends or ceases, or threatens to suspend or cease, all or a substantial part of its business. 


9.3 On termination of this agreement for any reason: (a) Customer shall cease using the System and the Documentation, (b) each party shall return and make no further use of any equipment, property, Documentation and other items (and all copies of them) belonging to the other party, (c) without prejudice to Mindpool’s rights in respect of Anonymised Data as set out in the Data Processing Agreement, Mindpool shall delete Customer Data within 90 days of the termination of this agreement (unless otherwise requested by Customer to delete sooner), provided that Customer Data contained on backup copies of Mindpool’s databases shall not be deleted for up to 180 days from the date of termination, upon expiry of the then-current backup, and Customer shall be entitled to export aggregated Customer Data via the data export functionality within the System, and (d) any rights, remedies, obligations or liabilities of the parties that have accrued up to the date of termination shall not be affected. 


9.4 Any provision of this agreement that expressly or by implication is intended to operate after expiration or termination of this agreement shall remain in full force and effect. 


10. General 


10.1 Except in relation to Customer’s obligation to pay the Charges, neither party shall have any liability for non or delayed performance by events beyond its reasonable control, provided that the other party is notified of such event and its expected duration and such affected party uses reasonable endeavours to mitigate its effect. If a party is prevented due to any such events from substantially performing its obligations under this agreement for a period in excess of 30 consecutive days, then the other party may terminate this agreement on 30 days’ written notice. 


10.2 No variation of this agreement shall be effective unless it is in writing and signed by the parties’ authorised representatives. 


10.3 No failure or delay by a party to exercise any right or remedy shall constitute a waiver of that or any other right or remedy. No single or partial exercise of such right or remedy shall prevent or restrict the further exercise of that or any other right or remedy. 


10.4 Except as expressly provided in this agreement, the rights and remedies provided under this agreement are in addition to any rights or remedies provided by law. 


10.5 If any provision of this agreement is found to be invalid, unenforceable or illegal, the other provisions shall remain in force. If any provision would be valid, enforceable or legal if some part of it were deleted, the provision shall apply with whatever modification is necessary to give effect to the commercial intention of the parties. 


10.6 This agreement constitutes the entire agreement between the parties and supersedes all previous agreements (written or oral) relating to its subject matter. 


10.7 Each party acknowledges that it does not rely on, and shall have no remedies in respect of, any statement not set out in this agreement. Each party agrees that it shall have no claim for innocent or negligent misrepresentation or negligent misstatement based on any statement in this agreement. 


10.8 This agreement may not be assigned or transferred by either party without the prior written approval of the other, but may be assigned or transferred by either party without the other’s consent to: (a) a parent or subsidiary, (b) an acquirer of all or substantially all of its assets, or (c) a successor by merger. 


10.9 Nothing in this agreement shall create a partnership between the parties or authorise either party to act as agent on behalf of the other. 

10.10 This agreement does not confer any rights on any third person or third party. 


10.11 Any notice under this agreement shall be in writing and shall be delivered by hand or sent by pre-paid first-class post or recorded delivery post to the other party at its address set out in this agreement, or such other address as may have been notified by that party for such purposes, or sent by email to the other party’s email address as set out in this agreement. A notice delivered by hand shall be deemed received when delivered (or if delivery is not in business hours, at 9 am on the first business day following delivery). A correctly addressed notice sent by pre-paid first-class post or recorded delivery post shall be deemed received at the time at which it would have been delivered in the normal course of post. A notice sent by email shall be deemed received at the time of transmission. 


10.12 This agreement and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with the laws of the England and Wales and subject to the exclusive jurisdiction of the English and Welsh courts. 



This is the data processing agreement (the “Agreement”) between the Customer and Mindpool (together with the Customer, the “Parties” and separately a “Party”). This Agreement is generic for all Customers, if you wish to receive a signed copy of the Agreement, please make a request to privacy@wazoku.com


1                   Scope of the Agreement 

1.1                This Agreement reflects the Parties’ agreement with regard to the processing of personal data. 

1.2         The Processor acts as a data processor for the Controller, as the Processor processes personal data for the Controller as set out in Annex 1. 

1.3                The personal data to be processed by the Processor concerns the categories of data, the categories of data subjects and the purposes of the processing set out in Annex 1. 

1.4                ”Personal data” means any information relating to an identified or identifiable natural person, see article 4(1) of Regulation (EU) 2016/679 of 27 April 2016 (the General Data Protection Regulation “GDPR”). If other confidential information than personal data is processed for the purpose of fulfilling the Agreement, e.g. information considered confidential according to the Financial Business Act, any reference to “personal data” shall include the other confidential information. Sensitive Data and Special Category Data will not be processed pursuant to this DPA and the Controller warrants and represents that the Controller will not be sharing, disclosing or otherwise transferring such data to the Processor. 


2                   Processing of Personal Data 

2.1                Instructions: The Processor is instructed to process the personal data only for the purposes of providing the data processing services set out in Annex 1. The Processor may not process or use the Controller’s personal data for any other purpose than provided in the instructions, including the transfer of personal data to any third country or an international organisation, unless the Processor is required to do so according to Union or member state law. In that case, the Processor shall inform the Controller in writing of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest. 

2.2                If the Controller in the instructions in Annex 1 or otherwise has given permission to a transfer of personal data to a third country or to international organisations, the Processor must ensure that there is a legal basis for the transfer, e.g. the EU Commission’s Standard Contractual Clauses for the transfer of personal data to third countries or based on an adopted adequacy decision implemented by the European Commision. 

2.3                If the Processor considers an instruction from the Controller to be in violation of the GDPR, or other Union or member state data protection provisions, the Processor shall immediately inform the Controller in writing about this. 

2.4                If the Processor is subject to legislation of a third country, the Processor declares not to be aware of the mentioned legislation preventing the Processor from fulfilling the Agreement. The Processor will notify the Controller in writing without undue delay, if the Processor becomes aware of such hindrance. 


3                   Processor’s general obligations 

3.1                The Processor must ensure that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality. 

3.2                The Processor shall implement appropriate technical and organisational measures to prevent that the personal data processed is 

(i)           accidentally or unlawfully destroyed, lost or altered, 

(ii)          disclosed or made available without authorisation, or 

(iii)         otherwise processed in violation of applicable laws, including the GDPR. 

3.3               The Processor must also comply with any special data security requirements that apply to the Controller, e.g as potentially outlined in Annex 1 or as otherwise required by the Controller, and with any other applicable data security requirements that are directly incumbent on the Processor; including the data security requirements in the country of establishment of the Processor or in the country where the data processing will be performed. 

3.4                The appropriate technical and organisational security measures must be determined with due regard for 

(i)           the current state of the art, 

(ii)          the cost of their implementation, and 

(iii)         the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons. 

3.5                The Processor shall upon request provide the Controller with sufficient information to enable the Controller to ensure that the Processor complies with its obligations under the Agreement, including ensuring that the appropriate technical and organisational security measures have been implemented. 

3.6              The Processor must give authorities who by Union or member state law have a right to enter the Controller’s or the Controller’s supplier’s facilities, or representatives of the authorities, access to the Processor’s physical facilities against proper proof of identity. 

3.7                The Processor must without undue delay after becoming aware of the facts in writing notify the Controller about: 

(i)           any request for disclosure of personal data processed under the Agreement by authorities, unless expressly prohibited under Union or member state law, 

(ii)          any suspicion or finding of (a) breach of security that results in accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed by the Processor under the Agreement, or (b) 

other material failure to comply with the Processor’s obligations under Clause 3.2 and 3.3 in this Agreement. 

3.8              The Processor must promptly assist the Controller with the handling of any requests from data subjects under Chapter III of the GDPR, including requests for access, rectification, restriction or deletion. The Processor must also assist the Controller by implementing appropriate technical and organisational measures, for the fulfilment of the Controller’s obligation to respond to such requests. 

3.9            The Processor must assist the Controller with meeting the other obligations that may be incumbent on the Controller according to Union or member state data protection law where the assistance of the Processor is implied, and where the assistance of the Processor is necessary for the Controller to comply with its obligations. This includes, but is not limited to, at request to provide the Controller with all necessary information about an incident under Clause 3.7 (ii), and all necessary information for an impact assessment in accordance with article 35 and 36 of the GDPR. 

3.10             In Annex 1, the Processor has included information about the location of processing, security and sub-data processors The Processor undertakes to keep the information about the location updated by providing a prior written notice of 30 days to the Controller. This does not require a formal amendment of Annex 1, but the Processor must give prior written notice by mail or email. 


4                   Sub-data processors 

4.1                The Processor may engage a sub-data processor. At the time of the Agreement, the Processor uses the sub-data processors set out in Annex 2. The Processor undertakes to inform the Controller of any intended changes concerning the addition or replacement of a sub-data processor by providing 30 days prior written notice to the Controller. 

The Controller may object to the use of a sub-data processor if such objection is relevant and reasoned in regards to data protection issues. If the objection is relevant and reasoned, the Processor may suggest a new sub-data processor in order for the Controller to accept that one or give the Controller the right to cancel the Agreement (at the Processor’s sole discretion). 

4.2                Prior to the engagement of a sub-data processor, the Processor shall conclude a written agreement with the sub-data processor, in which at least the same data protection obligations as set out in the Agreement shall be imposed on the sub-data processor, including an obligation to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the GDPR. 

4.3                The Controller has the right to receive a copy of the Processor’s agreement with the sub-data processor as regards the provisions related to data protection obligations. The Processor shall remain fully liable to the Controller for the performance of the sub-data processor’s obligations. 


5                   Confidentiality 

5.1                The Processor shall keep the Controller’s personal data confidential. 

5.2         The Processor is not entitled to disclose the Controller’s personal data to third parties or take copies of the Controller personal data unless strictly necessary for the performance of the obligations as a data processor towards the Controller according to the Agreement, and on condition that whoever the Controller personal data is disclosed to is familiar with the confidential nature of the data and has accepted to keep the Controller personal data confidential in accordance with the Agreement. 


6                   Amendments and Assignments 

6.1                The Parties may at any time agree to amend this Agreement. Amendments must be in writing and the Controller accepts that notifications about such amendments can be made via email. 


6.2                Neither party may assign this Agreement without the prior written consent of the other party. Notwithstanding the foregoing, both parties may assign their rights and obligations under this Agreement in connection with a consolidation, merger, acquisition or sale of substantially all of its assets, shares or activities without the prior written consent of the other party. 


7                   Term and termination of the Agreement 

7.1                The Agreement enters into force on the Effective Date and remains in force until terminated by one of the Parties. 

7.2                Each party may terminate the Agreement upon 14 days written notice. 

7.3                Regardless of the term of the Agreement, the Agreement shall be in force as long as the Processor processes the personal data, for which the Controller is the data controller. 

7.4                On termination of the Agreement the Processor shall on the Controller’s request immediately delete all personal data, which the Processor is processing for the Controller. 


8                   Priority 

8.1               If any of the provisions of the Agreement conflicts with the provisions of any other written or oral agreement concluded between the Parties, then the provisions of the Agreement shall prevail. However, the requirements in Clause 3 do not apply to the extent that the Parties in another agreement have set out stricter obligations for the Processor. Furthermore, the Agreement shall not apply if and to the extent the EU Commission’s Standard Contractual Clauses for the transfer of personal data to third countries are concluded and such clauses set out stricter obligations for the Processor and/or for sup-suppliers. 

8.2        This Agreement does not determine the Customer’s remuneration of Mindpool for Mindpool’s services according to the service subscription agreement. 

ANNEX 1 – Processing activities 

This Annex constitutes the Controller’s instruction to the Processor in connection with the Processor’s data processing for the Controller, and is an integrated part of the Agreement. 

The processing of personal data 

Personal data 
Type Purpose Category Subjects Location of processing 
Ordinary Mindpool provides a platform that supports organizations to tap into actionable business insights shared by employees from across the organization. Name, e-mail address, department name, tenure, gender, IP address (stored in logs, only for the purpose of debugging). 

Employees of the company that is using our product and services 




ANNEX 2 – List of sub-data processors 

List of sub-data processors, with the location of the sub-data processor and a description of the processing: 

Full Company Name Address (street, no., city, country Name of service / tool Description of service Purpose Location of processing 
Amazon Web Services (AWS) EMEA SARL 38 avenue John F. Kennedy, Luxembourg Amazon Web Services Cloud Hosting Service 

As a data center to store data 


Google, LLC 600 Amphitheatre Parkway Mountain View, CA 94043, USA Google Analytics 

Google Analytics lets you measure your advertising ROI as well as track your Flash, video, and social networking sites and applications 


To view analytics about users time of visit, pages visited, and time spent on each page of the webpages US 
Google, LLC 600 Amphitheatre Parkway Mountain View, CA 94043, USA Google Data Studio An online tool for converting data into customizable informative reports and dashboards. To analyze and convert data into customizable informative reports and dashboards US 
Functional Software, Inc. dba Sentry 45 Fremont Street, 8th Floor, San Francisco, CA 94105. Sentry Open-source error tracking with full stacktraces & asynchronous context To monitor and track technical errors US 


ANNEX 3 – Security setup 

A link or description of the security setup for the Processor when handling the Controller’s personal data: 

We maintain Customer Data in an encrypted format at rest using Advanced Encryption Standard and in transit using TLS. We have a risk-based assessment security program. The framework for our security program includes administrative, organizational, technical, and physical safeguards reasonably designed to protect the Services and confidentiality, integrity, and availability of Customer Data. The security program is intended to be appropriate to the nature of the Services and the size and complexity of our business operations. 

ANNEX 4 – Audits 

The Processor accepts and agrees to the Controller being able to conduct audits in the manner chosen by the Controller. The audits may be conducted as written audits or as inspections at the Processor’s location. The Controller must give the Processor 30 days prior written notice of inspections at the Processor’s location. 

The Controller is entitled at its own cost to appoint an independent expert who shall have access to the Processor’s location and receive the necessary information in order to be able to audit whether the Processor complies with its obligations under the Agreement, including ensuring that the appropriate technical and organisational security measures have been implemented. The expert shall upon the Processor’s request sign a customary non-disclosure agreement, and treat all information obtained or received from the Processor confidentially, and may only share the information with the Controller and the Processor. 

The Processor shall cooperate with the Controller without undue delay and provide the Controller with requested signed declarations, statements and similar to verify the compliance with this DPA and GDPR.  

ANNEX 5 – International transfers 

Where a transfer of personal data occurs between Mindpool and a sub-data processor located outside of the EEA, the transfer of personal data will include one of the following appropriate safeguards, as applicable: 

(i) The adoption by the parties of the EU model clauses resulting from the EU Commission implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of Personal Data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council. 

(ii) Any other appropriate safeguards recognized by the European Data Protection Regulation 2016/679 such as an adequacy decision, an approved code of conduct or an appropriate certification mechanism 



This Annex will also apply to any services to be provided under an Order Form that are described as “Professional Services” and will form part of the agreement entered into by the parties. Professional Services will be deemed to be Services. 



1.1 Mindpool shall provide the Professional Services to Customer as set out in the Order Form and according to any specifications provided by Mindpool, subject to Customer’s payment of the applicable Charges. Any changes to the Professional Services will be subject to a change order being signed by the parties before the change is implemented. Mindpool shall use reasonable efforts to deliver the Professional Services by any specified delivery dates but such dates are estimates. 

1.2 The use of the System shall be governed by the agreement and not this Annex and Customer’s right to use the System will be subject to an applicable Order Form. The purchase of Professional Services is not dependent on the delivery of any future functionality or features in the System. 

1.3 Customer shall reasonably co-operate and assist Mindpool in relation to the Professional Services, including: (a) allocating sufficient resources and promptly performing any tasks reasonably necessary to enable Mindpool to perform the Professional Services, (b) promptly providing any necessary information, documentation, equipment or other materials, and (c) informing Mindpool in advance of any applicable security or health and safety rules that apply to any site visits. Mindpool shall not be liable for any delay or failure in performing the Professional Services as a result of Customer failing to provide such cooperation and assistance and may charge Customer for additional resulting costs that it incurs in performing the Professional Services. 

1.4 Customer shall notify Mindpool of any failure of the Professional Services to comply with this agreement within 30 days of completion. Mindpool shall either reperform or otherwise remedy the Professional Services or refund the Charges for the deficient part of the Professional Services. 



2.1 Subject to payment of the Charges, Mindpool hereby grants Customer a non-exclusive, perpetual, sub-licensable right to use the deliverables (if applicable) for Customer’s internal business purposes. 



3.1 Customer shall pay the Charges specified in the Order Form, or if no rate is specified, Mindpool’s standard rates in effect at the time the Order Form is executed. If the total Charges are stated to be an estimate then the actual Charges will only exceed the estimate with Customer’s prior written approval or Mindpool will cease the Professional Services when the estimate is reached. 

3.2 With Customer’s prior written approval, Mindpool may charge for its travel and related out-of-pocket expenses reasonably incurred by the individuals performing the Professional Services. 

3.3 The Charges for Professional Services shall be invoiced on or around the Effective Date as specified on the Order Form by Mindpool. 

3.4 If this agreement terminates before completion of the Professional Services then Customer shall pay any unpaid Charges incurred before the termination date (pro-rated for fixed fees on a percent-completed basis). Pre-paid fees will be reimbursed to the extent they relate to after the termination date where Customer terminates for cause, but not otherwise. Unless otherwise specified in the Order Form, in the event that Customer has pre-purchased a block of Professional Services time, any unused time shall expire at the later of: (a) twelve months from the start date of purchase of such time; or (b) the end date of the applicable Subscription Term. 

3.5 All sums payable to Mindpool shall become due immediately upon termination of this Annex.