Contact
Log In
API Terms of Use and License Agreement

API Terms of Use and License Agreement

DIDIMO, INC.

API TERMS OF USE AND LICENSE AGREEMENT

PLEASE READ THESE TERMS CAREFULLY

These terms of use and licence agreement (“Agreement”) constitute a legal agreement between you (“Customer”) and Didimo, Inc., a Delaware corporation (“Didimo”).

1. Didimo API. Didimo provides a software solution, which is accessed by Customer through an application program interface (the “Didimo API”), that is able to turn an image of a person’s head (an “Initial Image”) into a 3-D animation file in an .fbx or other format (an “Animation File”). Didimo hereby agrees to make the Didimo API available to Customer on a non-exclusive, non-transferable basis for internal use by Customer for the period and subject to the restrictions set forth on one or more Order Forms entered into between the parties (each an “Order Form”). Customer agrees that it shall use the Didimo API solely to make Animation Files on behalf of Customer’s Users (as hereinafter defined), and that it shall use the Didimo API in compliance with this Agreement, any limitations in the Order Form and all applicable laws. “Users” means third parties who use one or more of the online platforms offered by Customer and listed in the Order Form (the “Customer Online Platform”). Customer shall not attempt to gain unauthorized access to the Didimo API, nor, to the maximum extent legally enforceable, disassemble, decompile, reverse engineer or otherwise attempt to derive source code or other trade secrets from the Didimo API or any Animation Files. Customer shall not sell, resell, rent or lease the use of the Didimo API or reproduce all or any portion of the Didimo API.

2. License to Use Animation Files. All Animation Files shall remain the property of Didimo and may only be used as set forth in this Agreement. Didimo hereby grants Customer a fully-paid, non-transferable (except as provided in Section 13), non-sublicensable right and license during the term of this Agreement to (a) store the Animation Files on its own servers and (b) to use the Animation Files in connection with any Customer Online Platform. Customer shall not make the Animation Files available for download by Users and shall ensure that its Users do not use the Animation Files for any purpose other than in connection with the Customer Online Platform. Should Customer wish to license and/or exploit the Animation Files for any other purpose or beyond the term of this Agreement, Customer shall submit a written request to Didimo providing enough details describing such proposed use to Didimo’s satisfaction. Thereafter, the parties will negotiate in good faith the terms of the proposed use, provided that Customer shall not license and/or exploit the Animation Files for any reason whatsoever beyond sharing on Users’ personal social media profiles (i.e., Facebook, Twitter, Instagram) without Didimo’s approval, which it may withhold at its sole discretion. Customer shall ensure its Users do not, to the maximum extent legally enforceable, disassemble, decompile, reverse engineer or otherwise attempt to derive source code or other trade secrets from the Animation Files. Customer shall use Animation Files in accordance with all applicable laws (including privacy laws) and any third party rights.

3. Fees. Customer shall pay to Didimo the fees specified in each Order Form at the times specified in each such Order Form. Unless otherwise set forth in an Order Form, all invoices are due and payable in full within thirty (30) days after the date of invoice. Late payments will be subject to late fees at the rate of one and one-half percent (1.5%) per month or, if lower, the maximum rate allowed by law. Any additional or different terms appearing in any purchase order or other document from Customer that are inconsistent with this Agreement shall be void and have no force or effect. Unless otherwise set forth in an Order Form, Customer shall be responsible for all sales taxes, use taxes, withholding taxes and any other similar taxes and charges of any kind imposed by any national, federal, state or local governmental entity on the transactions contemplated by this Agreement, excluding only taxes based solely upon Didimo’s income. Customer agrees to reimburse Didimo for all reasonable costs (including attorney’s fees) incurred in collecting past due fees owed by Customer.

4. Personal Data.

4.1 Applicable Privacy Laws.Applicable Privacy Laws” shall mean all applicable data protection and privacy legislation in force from time to time in the UK and European Union, including the General Data Protection Regulation ((EU) 2016/679) (“GDPR”); the Privacy and Electronic Communications Directive 2002/58/EC (as updated by Directive 2009/136/EC) and the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426) as amended, as well as any applicable privacy legislation to which a party is subject.

4.2 Data Sharing. Customer shall submit an Initial Image to the Didimo API. Each Initial Image submitted by Customer to the Didimo API and the Animation File derived therefrom shall be assigned a unique identifier. Didimo acknowledges that Initial Image and Animation File, and certain other information provided by Customer, may be personal data in certain jurisdictions and may be subject to Applicable Privacy Laws.

4.3 Parties Obligations. Both parties will comply with all applicable requirements of the Applicable Privacy Laws. For the purposes of the GDPR, Didimo is acting as a data processor and Customer is acting as a data controller. Accordingly, to comply with Article 28(3) of the GDPR, the parties accept the terms of the data processing schedule attached hereto. This Section 4 and the data processing schedule is in addition to, and does not relieve, remove or replace, a party’s obligations or rights under the Applicable Privacy Laws.

4.4 Didimo’s Obligations. In relation to any personal data processed in the European Union and/or in respect of European data subjects in connection with the performance by Didimo of its obligations under this Agreement, Didimo shall: (a) process personal data in accordance with the Didimo privacy policy, available via this link https://privacy.didimo.co/privacy-policy/ and as updated or amended from time to time; (b) ensure that it has in place appropriate technical and organisational measures to protect against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting personal data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to personal data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it); (c) ensure that all personnel who have access to and/or process personal data are obliged to keep the personal data confidential; and (d) only transfer personal data outside of the European Economic Area provided that the safeguards set out in the Didimo privacy policy are implemented. Didimo agrees not to use any Initial Image or Animation File or any other personal data, except as required to provide services under this Agreement or to improve or enhance our offering. Where possible, Didimo shall use anonymous and aggregated personal data for this purpose. Upon a written request from Customer (which may be by email), or upon termination of this Agreement, Didimo shall destroy and/or return any Initial Image, Animation File or other personal related to a specified individual in its possession to Customer, unless prohibited from doing so due to Applicable Privacy Laws and/or where Didimo is authorised by its privacy policy to retain such personal data, including for the purposes of machine learning for scientific research.

4.5 Customer’s Obligations. Without prejudice to the generality of section 4.3, Customer represents and warrants that: (i) it has obtained prior, explicit consent from the User or any other third parties; (ii) it has all necessary notices in place; (iii) it has provided full information to any User or third party data subject whose personal data may be processed Agreement (including provision of Didimo’s privacy policy), as required under all applicable laws for the lawful transfer, use and processing of Initial Images and Animation Files as contemplated by this Agreement. This includes giving notice that, on the termination of this Agreement, personal data relating to Users or any third-party data subject may be retained by Didimo in accordance with Didimo’s privacy policy including for the purposes of machine learning for scientific research, for which no consent is required. Customer shall notify Didimo forthwith in the event that any User or other third party data subject revokes consent where this is relied upon for processing personal data, or where such consent has become invalid or where a request to delete personal data has been received by Customer from a User.

4.6 Privacy Indemnity. Each party shall indemnify the other against all liabilities, costs, expenses, damages and losses (including but not limited to any direct, indirect or consequential losses, loss of profit, loss of reputation and all interest, penalties and legal costs (calculated on a full indemnity basis) and all other reasonable professional costs and expenses) suffered or incurred by the indemnified party arising out of or in connection with the breach of the Applicable Privacy Laws, this section 4 and/or the data processing schedule (and in the case of Customer, due to breach of its consent collection and notice obligations under section 4.5) by the indemnifying party, its employees or agents, provided that the indemnified party gives to the indemnifier prompt notice of such claim, full information about the circumstances giving rise to it, reasonable assistance in dealing with the claim and sole authority to manage, defend and/or settle it. The liability of Didimo under this section 4 and in particular, this section 4.6 and the data processing schedule shall be subject to the limits set out in section 8 of this Agreement.

5. Didimo Obligations.

5.1 Warranty. Didimo shall use commercially reasonable efforts to enable availability of the Didimo API 24 hours a day, 7 days a week, except for planned maintenance downtime (which Didimo shall use commercially reasonable efforts to schedule outside of business hours for a majority of its customers). Didimo warrants to Customer that the Didimo API and the Animation Files will operate in accordance with any written documentation published from time to time by Didimo (the “Documentation”). For any breach of any of the foregoing warranties, Customer’s exclusive remedy shall be termination of this Agreement as provided in Section 9 below and a refund of any prepaid fees on a prorated basis.

5.2. DISCLAIMER OF OTHER WARRANTIES. OTHER THAN THE EXPRESS WARRANTIES PROVIDED IN THE PRECEDING PROVISION, DIDIMO DISCLAIMS ALL WARRANTIES, REPRESENTATIONS AND CONDITIONS, EXPRESS OR IMPLIED, INCLUDING IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, IN RELATION TO OR ARISING OUT OF THIS AGREEMENT, THE DIDIMO API, ANY ANIMATION FILE OR ANY OTHER SERVICES PROVIDED BY DIDIMO, OR THE USE OR PROVISION OF THE DIDIMO API OR ANY ANIMATION FILE.

5.3. No Liability for Security Breaches. Didimo agrees to use reasonable measures to protect any personally identifiable or confidential information held by Didimo or transmitted to it. The parties agree that notwithstanding such efforts or the features of the Didimo API, no product, hardware, software or service can completely secure access to electronic data and that there are persons and entities, including enterprises, governments and quasi-governmental actors, that will attempt to breach any electronic security measure. In addition to any other limitations set forth in this Agreement, to the maximum extent enforceable in accordance with applicable law, under no circumstances will Didimo be liable to Customer, its Users or any person or entity, for any claim, loss, liability or other expense arising out of or related to any security breach.

6. Ownership. Didimo shall own all intellectual property rights in and to the Didimo API and all Animation Files, and except as set forth herein, nothing in this Agreement shall be deemed to confer any rights to any such intellectual property. As between Didimo and Customer, all rights in any Initial Image shall belong to Customer and Didimo shall have no rights to such Initial Image. Customer hereby grants to Didimo a non-exclusive license during the term of this Agreement to use and store the Initial Image to produce an Animation File, and Customer represents that it has the right to grant such license. Didimo will be free to use any feedback, suggestions, evaluations or improvements that Customer gives to Didimo regarding or relating to the Didimo API, the development or marketing thereof, the product roadmap or otherwise without any restriction or obligation to Customer.

7. Confidentiality. Each party acknowledges that as a result of performing under this Agreement it may have access to data or information, oral or written, related to the other party’s past, present or future research, development or business activities that the other party reasonably considers to be confidential or proprietary, including any such information received by a party from a third-party (“Confidential Information”). Confidential Information does not include (a) any information that is or becomes generally available to the public without breach by the receiving party; (b) any information properly obtained before or after the date of this Agreement from a third party without an obligation of confidentiality; (c) any information independently developed by the receiving party without reference to Confidential Information; or (d) any information to the extent that may be necessary to establish or assert rights hereunder, in a court of law or as may be required by law or governmental regulations or authority (including court order or subpoena); provided, however, that prior to disclosing any Confidential Information as required by law or the government, the receiving party shall promptly notify the disclosing party. During the term of this Agreement, each party agrees that it will not disclose Confidential Information of the other party or use Confidential Information of the other party other than as necessary to perform its obligations and exercise rights under this Agreement.

8. LIMITATIONS OF LIABILITY. To the maximum extent not prohibited under applicable law, in no event shall either party’s aggregate liability under or relating to this Agreement, the Didimo API, any Animation File or any other services provided by Didimo or the use or provision of the Didimo API or any Animation File, whether based in contract, tort or otherwise, exceed the total amount of fees paid by Customer to Didimo hereunder in the twelve months prior to the date on which the claim arose plus, in the case of liability of Customer, all amounts payable for such period. NEITHER PARTY SHALL BE LIABLE TO THE OTHER PARTY FOR ANY SPECIAL, INCIDENTAL, INDIRECT OR CONSEQUENTIAL DAMAGES, INCLUDING, BUT NOT LIMITED TO, LOST PROFITS OR DATA, ARISING OUT OF THIS AGREEMENT, THE DIDIMO API, ANY ANIMATION FILE OR ANY OTHER SERVICES PROVIDED BY DIDIMO OR THE USE OR PROVISION OF THE DIDIMO API OR ANY ANIMATION FILE, WHETHER BASED IN CONTRACT, TORT OR ANY OTHER LEGAL THEORY, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

9. Term and Termination. This Agreement shall continue in full force so long as the term under any Order Form is effective. Notwithstanding the foregoing, either party shall be entitled to terminate this Agreement or any Order Form immediately upon written notice to the other party in the event that (i) the other party declares bankruptcy, or (ii) breaches any material term set forth herein and fails to cure such breach within 30 days from the date of receipt of written notice thereof. Notwithstanding the foregoing, (a) to the extent any Order Form remains in effect beyond the scheduled expiration or termination of this Agreement, this Agreement shall be deemed to remain in effect until such time as such Order Form has expired or been terminated in accordance with the terms set forth therein and, (b) in the event Didimo terminates provision of the Didimo API, Didimo shall provide at least 30 days’ notice of such termination and thereafter this Agreement and any Order Forms shall automatically terminate (and Didimo shall refund any fees for unused services). The last two sentences of Section 1 and Sections 2 and 4 through 13 of this Agreement shall survive any termination of this Agreement.

10. Indemnification. Didimo shall defend and indemnify Customer from and against any claim, demand, suit or proceeding (a “Claim”) made or brought against Customer by a third party alleging that the use of the Didimo API or any Animation File (other than any portion of the Animation File derived from or related to the Initial Image) in accordance with this Agreement and the Documentation infringes or misappropriates the intellectual property rights of a third party. Customer shall defend and indemnify Didimo and its licensors from and against any Claim made or brought against Didimo or any of its licensors by a third party related to the use by Customer or any User of the Didimo API or any Animation File. As a condition to the indemnification obligations under this Section 10, the indemnified party shall (a) promptly give the indemnifying party written notice of the Claim, (b) give the indemnifying party sole control of the defense and settlement of the Claim (provided that the indemnifying party may not settle any Claim that imposes any obligation or liability on the indemnified party without the consent of the indemnifying party, such consent not to be unreasonably withheld), and (c) provide to the indemnifying party all reasonable assistance in the defense of the Claim, at the indemnifying party’s expense. If the indemnifying party assumes defense of the Claim as provided for herein, the indemnified party may only retain its own counsel at its own expense.

11. Governing Law; Arbitration. The internal laws of the State of Delaware, regardless of any choice of law principles, shall govern the validity of this Agreement, the construction of its terms and the interpretation and enforcement of the rights and duties of the parties. All disputes, controversies or differences which may arise between the parties hereto, out of or in relation to or in connection with this Agreement, the Hosted Services or any of the other Services, the use or provision of the Hosted Services or any other Services and/or the relationship between the parties hereunder, shall be finally settled by arbitration in San Francisco, CA in accordance with the International Arbitration Rules of the American Arbitration Association. The award rendered by the arbitrator shall be final and binding upon the parties hereto, and any judgment upon such award may be entered in any court having jurisdiction thereof. Arbitration proceedings shall be conducted in the English language. Any and all costs and fees related to any arbitration proceedings hereunder shall be paid solely by the party hereto which does not prevail and against whom the arbitration award is rendered, as determined by the arbitrator. Notwithstanding the foregoing, either party hereto shall, at any time, have the right to seek preliminary equitable or injunctive relief in any court of competent jurisdiction, including without limitation in order to enjoin the infringement of such party’s intellectual property rights.

12. Publicity. Customer grants Didimo the permission to use Customer’s name, logos, and marks to identify Customer as a customer of Didimo in publicly available marketing materials and on Didimo’s website and agrees to serve as a reference for Didimo and its services upon request

13. Miscellaneous. This Agreement, together with any Order Form, supersedes all proposals, oral or written, all negotiations, conversations or discussions between or among the parties relating to the subject matter of this Agreement and all past dealing or industry customs (including any contradictory or additional language in any purchase order). No amendment, waiver or modification of any provision of this Agreement shall be effective unless in writing and signed by both parties. The relationship between the parties under this Agreement is that of independent contractors and neither shall be, nor represent itself to be, the joint venture, franchiser, franchisee, partner, agent or representative of the other party for any purpose whatsoever. This Agreement may be executed in counterparts and by facsimile or scanned pdf, each of which shall constitute originals and all of which, when taken together, shall constitute the same original. This Agreement may not be assigned by either party without the consent of the other party, whether by operation of law, merger or otherwise; except that either party may assign this Agreement to an entity acquiring substantially all of such party’s business related to this Agreement and assuming all of such party’s obligations and liabilities hereunder. This Agreement shall inure to the benefit of and be binding upon the parties hereto and their respective successors and permitted assigns. Any notice pursuant this Agreement shall be deemed effective when delivered in person, upon receipt of a facsimile to the respective fax numbers listed on the signature page of this Agreement (or to such different facsimile number as either party may designate in writing to the other pursuant to this paragraph from time to time) or one day after sending such notice to the address listed below by reputable overnight courier with confirmation of next-day receipt. If any provision of this Agreement is held to be unenforceable or invalid for any reason, or if any governmental agency rules that any portion of this Agreement is illegal or contrary to public policy, the remaining provisions, to the extent feasible, will continue in full force and effect with such unenforceable or invalid provision to be changed and interpreted to best accomplish its original intent and objectives. Excluding payment obligations hereunder, neither party shall be liable to the other party for failure or delay in performing its obligations hereunder if such failure or delay is due to circumstances beyond its reasonable control including, without limitation, acts of any governmental body, war, insurrection, sabotage, embargo, fire, flood, strike or other labor disturbance, interruption of or delay in transportation, unavailability of or interruption or delay in telecommunications or third party services, failure of third party software or inability to obtain raw materials, supplies or power.

BY CLICKING ON THE “ACCEPT” BUTTON BELOW YOU AGREE YOU HAVE READ THE API TERMS OF USE AND LICENSE AGREEMENT, AND YOU AGREE TO ACCEPT THESE TERMS, WHICH WILL BIND YOU.

IF YOU DO NOT AGREE TO THESE API TERMS OF USE AND LICENSE AGREEMENT, YOU WILL NOT BE ABLE TO SUBSCRIBE TO THESE TERMS OR USE OUR SERVICES.

DATA PROCESSING SCHEDULE

  1. Definitions For the purposes of this Schedule, the following terms: “Controller”, “Data Subject”, “International Organisation”, “Personal Data”, “Personal Data Breach”, “processing” and “Processor”, shall have the meanings given to them at Article 4 of the GDPR. The following terms shall have the meanings:
Protected Data means Personal Data received from or on behalf of Customer in connection with the performance of Didimo’s obligations under the Agreement; and
Sub-Processor means any agent, subcontractor or other third party (excluding its employees) engaged by Didimo for carrying out any processing activities on behalf of Customer in respect of the Protected Data.

Any other capitalised terms in this Schedule shall have the meanings set out in the Didimo, Inc., API Terms of Use and License Agreement (the “Agreement”). The provisions of this Schedule are in addition to the terms of Section 4 of the Agreement.

  1. Compliance with Applicable Privacy Laws. The parties agree that Customer is a Controller and that Didimo is a Processor for the purposes of processing Protected Data pursuant to the Agreement. Customer shall at all times comply with all Applicable Privacy Laws in connection with the processing of Protected Data. Customer shall ensure all instructions given by it to Didimo in respect of Protected Data (including the terms of this Schedule) shall at all times be in accordance with Applicable Privacy Laws. Nothing in this Schedule relieves either party of any responsibilities or liabilities under the Applicable Privacy Laws.

  2. Didimo’s compliance with Applicable Privacy Laws. Didimo shall process Protected Data in compliance with the obligations placed on it under Applicable Privacy Laws and the terms of this Schedule.

  3. Instructions. Didimo shall only process (and shall ensure that it’s personnel and Sub-Processors only process) the Protected Data in accordance with Customer’s instructions set out at Part A of this Schedule and the terms of this Schedule, except to the extent: (i) that alternative processing instructions are agreed between the parties in writing; or (ii) otherwise required by applicable law (and shall inform Customer of that legal requirement before processing, unless applicable law prevents it doing so on important grounds of public interest). If Didimo believes that any instruction received by it from Customer is likely to infringe the Applicable Privacy Laws it shall be entitled to cease to provide the relevant services under the Agreement until the parties have agreed appropriate amended instructions which are not infringing.

  4. Security. To protect the Protected Data against accidental, unauthorised or unlawful destruction, loss, alteration, disclosure or access, Didimo shall implement and maintain the technical and organisational measures in accordance with Didimo’s security commitment set out in Part B of this Schedule.

  5. Sub-processing. Customer authorises the appointment of the Sub-Processors listed at https://privacy.didimo.co/subprocessor-list/, which may be updated by Didimo in its discretion from time to time. Prior to the relevant Sub-Processor carrying out any processing activities in respect of the Protected Data, Didimo shall ensure that each Sub-Processor is bound by a written contract containing materially the same obligations as under this Schedule that is enforceable by Didimo and ensure each such Sub-Processor complies with all such obligations. Didimo shall: (i) remain fully liable to Customer under this Schedule for all the acts and omissions of each Sub-Processor as if they were its own (but not to a greater extent than that); and (ii) ensure that all persons authorised by Didimo (including Didimo’s personnel) or any Sub-Processor to process Protected Data are subject to a binding written contractual obligation to keep the Protected Data confidential.

  6. Assistance. Didimo shall (at Customer’s cost) assist Customer in ensuring compliance with Customer’s obligations pursuant to Articles 32 to 36 of the GDPR (and any similar obligations under the Applicable Privacy Laws) taking into account the nature of the processing and the information available to Didimo. Didimo shall (at Customer’s cost) taking into account the nature of the processing, assist Customer (by appropriate technical and organisational measures), insofar as this is possible, for the fulfilment of Customer’s obligations to respond to requests for exercising the Data Subjects’ rights under Chapter III of the GDPR (and any similar obligations under Applicable Privacy Laws) in respect of any Protected Data.

  7. International transfers. Didimo shall not process and/or transfer, or otherwise directly or indirectly disclose, any Protected Data in or to countries outside of the UK or the EEA or to any International Organisation without the prior written authorisation of Customer, unless Didimo has implemented one of the safeguards set out in Chapter V (Articles 44-50) of the GDPR (including use of the Standard Contractual Clauses) prior to such processing/transfer.

  8. Audits and processing. Didimo shall, in accordance with Applicable Privacy Laws, make available to Customer such information that is in its possession or control as is necessary to demonstrate Didimo’s compliance with the obligations placed on it under this Schedule and to demonstrate compliance with the obligations on each party imposed by Article 28 of the GDPR (and under any equivalent Applicable Privacy Laws equivalent to that Article 28), and allow for and contribute to audits, including inspections, by Customer (or another auditor mandated by Customer) for this purpose (subject to a maximum of one audit request in any 12 month period, and provided that such audit is conducted on reasonable notice, during normal business hours in the UK and results in minimal disruption to Didimo’s business).

  9. Personal Data Breach. Didimo shall notify Customer without undue delay and in writing on becoming aware of any Personal Data Breach in respect of any Protected Data.

  10. Deletion/Return. Upon termination of provision of the services under the Agreement relating to the processing of Protected Data, at Customer’s cost and Customer’s option, Didimo shall either return all of the Protected Data to Customer or securely dispose of the Protected Data (and thereafter promptly delete all existing copies of it) except to the extent that any applicable law requires Didimo to store such Protected Data.

 

Part A: Processing Activities

Processing of the Protected Data by Didimo under this Schedule and the Agreement, shall be for the subject-matter, duration, nature and purposes and involve the types of Personal Data and categories of Data Subjects set out in this Part A.

Subject-matter of processing:

To enable Didimo to provide the services and perform its obligations under the Agreement.

Duration of the processing:

(i) For the duration of the Agreement, and as long as Didimo has Protected Data in its possession, and (ii) pursuant to the Didimo Privacy Policy available via this link https://privacy.didimo.co/privacy-policy/.

Nature and purpose of the processing:

To enable Didimo to provide the services to Customer pursuant to the terms of the Agreement.

Type of Personal Data:

As set out in the Didimo Privacy Policy available via this link https://privacy.didimo.co/privacy-policy/.

Categories of Data Subjects:

Ordinary Data Subjects (the services provided by Didimo are not intended for vulnerable adults or children), including Customer’s Data Subjects and any User.

Part B: Minimum technical and organisational security measures

In accordance with Applicable Privacy Laws, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing of the Protected Data to be carried out under or in connection with this Agreement, as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons and the risks that are presented by the processing, especially from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to the Protected Data transmitted, stored or otherwise processed, Didimo shall implement appropriate technical and organisational security measures appropriate to the risk, including, as appropriate, those matters mentioned in Articles 32(1)(a) to 32(1)(d) (inclusive) of the GDPR.