Terms of Third-Party Integration
Loyverse has no control on the Third-Party actions or omissions in regards to the processing of personal data.
You adhere to these Terms of Third-Party Integration by integrating with a Third Party and connecting your Loyverse account and thus you accept any risk and responsibility that connections may cause to you.
(A) The Customer and the Service Provider have engaged into collaboration, according to the Principal Agreement, which involves and/or will involve processing of Personal Data of Data Subjects subject to EU Data Protection Laws in the context of the Services provided under the Principal Agreement.
(B) The Parties have entered into a data processing agreement (the “DPA”) which governs the processing of Personal Data of Data Subjects subject to EU Data Protection Laws in the context of the Services provided under the Principal Agreement.
(C) The Customer wishes to use an integration party as a separate controller (“Third Party” or “Integration Party”) that might involve processing of personal data.
(D) The Parties wish to establish the rules which shall govern each Party’s Liability in the event the Customer incorporates a Third Party with its Loyverse account.
(E) "GDPR” means Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
(F) The terms "Controller", "Processor", "Personal Data", "processing", and "Data Subject" have the meanings given to them in the GDPR.
(G) All capitalized terms not defined in this Agreement shall have the meanings set forth in the Principal Agreement.
NOW, THEREFORE, the Parties agree as follows:
This agreement will apply onwards to the extent that the Customer grants access to its Loyverse account to a Third Party and in doing so the Third Party processes Personal Data, falling within the scope of the GDPR, on behalf and in accordance to Customer’s instructions, through the Service Provider’s platform.
2.1 This Agreement regulates and governs each Party’s Liability in the event the Customer incorporates a Third Party with its Loyverse account.
2.2 This Agreement is supplemental to and becomes a binding part of the Principal Agreement effective immediately with the acceptance of the Principal Agreement,
2.3 The Parties agree that in the event of conflict of any of the provisions as set out below with Liability in relation to personal data provisions contained in the Principal Agreement and/or in the DPA any relevant confidentiality agreement or other agreement entered and/or to be entered into between the Parties, pertaining to the processing of Personal Data subject to EU Data Protection Laws, and in regards to Third Party’s actions, omissions or misconduct the provisions of this Agreement as set out below shall prevail.
3.4 Except as modified by this Agreement, the provisions of the Principal Agreement and the provisions of the DPA remain or shall remain in full force and effect.
3. ROLES OF THE PARTIES
3.1 The Parties acknowledge that for the purposes of the EU Data Protection Laws, the Customer is the Personal Data Controller and the Service Provider and the Third Party are considered as Separate Personal Data Processors.
3.2 Customer and Service Provider warrant that both comply with all applicable requirements of the EU Data Protection Laws, as they are contractually obliged under the DPA. Additionally, the Customer shall take all necessary endeavors, including signing a DPA with the Third Party, securing that the latest complies with the provision for the protection of personal data, as ascribed in the GDPR. This Agreement is in addition to, and does not relieve, remove or replace, a Party’s obligations under the EU Data Protection Laws.
4. OBLIGATIONS OF THE CUSTOMER
4.1 By integrating with a Third Party the Customer acknowledges that the Service Provider shall bear no responsibility for any actions, omissions or misconduct the Third Party may cause due to the integration with its Loyverse account and, as a result, with the processing of the personal data retained in its account.
4.2 Before allowing any Third Party or Integration Party to process any Personal Data related to this Agreement, the Customer:
4.2.1 must inform the Data Subject’s that their personal data will be subject to processing by a Third Party;
4.2.2 is solely responsible for the manner and means by which personal data are obtained and illustrate the relevant valid lawful basis is in place for the purpose for which is used;
4.2.3 must restrict Third Party’s access to the data that contains personal data only to what is necessary to maintain the Services or for the provision of Services and Customer will prohibit any Third Party from accessing Customer Data for any other purpose;
4.2.4 will enter into a written agreement with the Third Party and will safeguard the protection of personal data in use by imposing on the Third Party the same contractual obligations that Service Provider has under the DPA, pursuant to Article 28 of EU;
4.2.5 will remain responsible for the Third Party’s compliance with the obligations of the DPA to be signed, as per point 5.2.4. and for any acts or omissions of the Third Party.
4.3 Third Party or Integration Party shall only process personal data in accordance and as authorized by the Customer. It is mutually accepted that such instruction may not be determined by the Service Provider and in any means the Service Provider shall have no involvement in that process.
4.4 The Customer shall notify the Service Provider immediately if it has been informed by the Third Party of any data infringements of the EU Data Protection Laws.
4.5 For any liability the Service Provider is found to be responsible, and such liability would have not arisen if not for the actions, omissions or misconduct of the Third Party then the Service Provider shall bear no responsibility and any amount the Service provider is forced to pay shall be reimbursed by the Customer.
4.6 In case the Integration Party processes personal data in a third country as defined by EU GDPR, the Customer, as a Data Controller, must ensure that the Integration Party provides appropriate safeguards and enforces data subject rights and effective legal remedies for data subjects, pursuant to Articles 46 - 49 of EU GDPR.
5. APPLICABLE LAW AND JURISDICTION
This Agreement and the rights and obligations of the Рarties hereto are be governed and construed in accordance with the laws of the Republic of Cyprus. Jurisdiction and venue for any claim or cause of action arising under or relating to this Agreement shall be exclusively in the Courts of the Republic of Cyprus unless otherwise expressly provided by EU GDPR. The parties hereto hereby irrevocably submit to the jurisdiction of the Courts of the Republic of Cyprus.
6. MODIFICATION OF THIS AGREEMENT
The Service Provider reserves the right to update and change this Agreement by posting updates and changes to the website https://loyverse.com. You are advised to check the Agreement from time to time for any updates or changes that may impact you and if you do not accept such amendments, you must cease using the Services.
7. INVALIDITY AND SEVERABILITY
If any provision of this Agreement is found by any court or administrative body of competent jurisdiction to the invalid or unenforceable, the invalidity or unenforceability of such provision shall not affect any other provision of this Agreement and all provisions not affected by such invalidity or unenforceability will remain in full force and effect.