GENERAL TERMS OF USE OF THE “WCS” SYSTEM

1.    Definitions 

1.1.    WCS is the acronym for the Web Communication Suite solution, created by EKRA, on which numerous solutions have been developed, such as, by way of non-exhaustive example:

• Drive App
• Dealer Mate
• Auto mate
• Etc.

For these solutions, the provisions of these General Conditions apply.

1.2.    S.a.a.S. Software as a Service is a software application distribution model, where a software manufacturer develops, operates (directly or through third parties) and manages a web application, which is made available to its customers via the Internet. 

1.3.    EKRA (hereinafter also referred to as Supplier) is the company that has developed and makes the WCS platform available in S.a.a.S. mode. 

1.4.    Module is a set of tools and functionalities, homogeneous for the purpose of use. Therefore, for example, in the Website module, it is possible to find tools to create and manage a website, in the Registry module, it is possible to find tools to create and manage contact, company registries, etc.. 
Examples of modules are the following:
-    Website
-    User Registries
-    Human Resource
-    Digital Asset Manager
-    Orders
-    System Log

1.5.    Client is the organization that, in agreement with EKRA, uses the WCS solution, or part of it (i.e., only some of the modules contained in the WCS system). 

1.6.    Release (or also version) of the WCS platform corresponds to a specific organization and a particular set of tools and functionalities of the system, updated to the last modification, in chronological order, made to the system itself.
The releases of WCS are indicated with a triplet of numbers.

1.7.    Economic Conditions, or also Estimate, or still Economic Offer is the title of the document - attached to these General Conditions, - in which the economic terms (consideration, billing, payment plan and methods), duration, conditions and methods of withdrawal and any penalties are defined.

2.    Subject of the contract

2.1.    This contract establishes the conditions of use of the platform called WCS by EKRA, and defines the services reserved for Clients.

3.    License to use WCS S.a.a.S. services 

3.1.    WCS services, in S.a.a.S. technology, are granted to the Client under a license to use. 
The Client may use only the modules indicated in the Economic Conditions, signed with EKRA and for a duration agreed with the supplier. 

3.2.    By accepting the conditions, the Client does not in any way own the WCS platform and any part of it except for the data and files, entered by the Client himself or by personnel appointed by him. 

3.3.    WCS is subject to improvements and evolutions (also resulting from legal regulations). 
EKRA reserves the right to make any changes and/or improvements to the licensed services offered, which it considers appropriate and necessary. 

3.4.    The S.a.a.S. Service of WCS includes, in case the Client has subscribed to the related functionalities,
-    Max disk space: 5 GB for a WCS environment with an institutional site and 20 GB for a WCS environment with e-commerce
-    Max monthly traffic: 10 GB
-    Max Peak: 5.0 Mbps
-    Max Number 50 SMS/month
-    Max Number of concurrent processes: 10
-    Max Number of emails (cumulative of massive and transactional) sendable per month: 10,000 

4.    Activation and provision of the service 

4.1.    The services are activated and distributed online, according to the procedures indicated and with the authentication credentials provided by EKRA. 

4.2.    From the date of delivery of the system, or the release of a modification/expansion, the Client will have 14 days to perform the necessary checks and/or tests to the system configuration, after which no discrepancies and/or other can be advanced. 

5.    Client's Obligations 

5.1.    The Client is solely responsible for the use of the service, as well as any detrimental consequences that may fall on EKRA and third parties. The Client undertakes to immediately communicate to EKRA any possible unauthorized use of WCS by third parties, as soon as it becomes aware of it, committing anyway to indemnify and hold EKRA harmless from any request, including damage compensation, proposed and/or arising, directly or indirectly, from the above mentioned use or abuse of the service. 

5.2.    It is forbidden to make copies, or distribute, for profit, free of charge or otherwise, all or part of the software and the code and services contained therein, as it is absolutely forbidden to disassemble, alter or modify the source code of the WCS platform, through procedures not contemplated by the platform itself. 

5.3.    The Client undertakes to: a) Not interfere with or disrupt the service; b) Not use the service for illegal purposes or against public order, good customs and morality or for illicit purposes, or the use of programs that may cause damage to the internet network (viruses, hacking, spam, etc.); c) Not use or disseminate the content of the service in ways that involve the violation of patents, trademarks, secrets, copyright or other industrial and/or intellectual property rights of EKRA or third parties. In addition, the Client undertakes to promptly report (and in any case within 3 days from when it becomes aware of it) the behaviors of its customers, which are not in line with the points a), b) and c) described in the current article. 

6.    Suspension of the service 

6.1.    Should EKRA become aware or determine, at its sole discretion, that the Client has violated or is violating the prescriptions, referred to in the previous article, as well as the applicable regulations including the laws and regulations relating to Privacy, EKRA itself will ask for clarifications by email or by PEC and the Client will have 3 days, to be understood as mandatory, to provide such clarifications in writing (always by email or PEC). If the Client's response does not arrive within the agreed 3 days, or if EKRA is not satisfied with the response received, EKRA itself may suspend and/or interrupt the provision of the service or disconnect (temporarily or permanently) the Client's account, and this without recognition of any refund, compensation and/or compensation, with subsequent cancellation of the account.

6.2.    EKRA also reserves the right to suspend the provision of the service should it become aware or deem, at its discretion, that one of the following circumstances has occurred or is occurring: a) a use of the service that determines situations of danger or instability of the server farms such as to cause damage to EKRA or to third parties; b) an abnormal traffic or such as to prevent the normal provision of the service; c) should the public authority or other third parties communicate to EKRA an illicit, improper use or not in accordance with the rules of the service by the client; d) suspend the Services in case of non-payment, inaccurate and/or delayed payment of the consideration provided in the commercial proposal. 

6.3.    In any case, EKRA reserves every action of recourse and/or compensation or otherwise provided by law on the responsible for these violations, or the faculty to exercise the express termination clause referred to in art. 16 of this contract. 

7.    Suspension, modification and temporary interruption of services 

7.1.    EKRA assumes the burden of maintaining the Services in full efficiency, notwithstanding what is specified in the following paragraphs.

7.2.    EKRA reserves the right to: - interrupt the Services, for a time not exceeding 1.5% of the annual hours provided by this contract, to update and/or modify them, with prior notification by email; - modify the functionalities and/or structures of its system, when this is made necessary by technical-operational reasons, also in order to ensure its customers a high standard of security of computer systems. 

8.    Industrial and intellectual property 

8.1.    The contents and algorithms of the S.a.a.S. WCS platform are subject to intellectual and industrial property rights belonging to EKRA and are protected by the laws in force on intellectual property, civil and criminal. 

8.2.    The Client will refrain from any use of the contents and algorithms in competition with the rights of economic use belonging to EKRA. 

8.3.    The Client is not authorized to modify, translate, adapt, reprocess or decompile the contents and/or algorithms or create derivative applications. The user manuals, videos, presentations and any accessory printed material produced by EKRA, are covered by copyright and cannot be reproduced by the Client, except for corporate use. 

8.4.    The WCS software is the exclusive property of EKRA and the license to use granted does not constitute a transfer or sale, total or partial, of the original property rights relating to the platform itself, the individual parts of it and any course contents. 

8.5.    The client assumes exclusive responsibility regarding the use of the services and recognizes, in favor of EKRA, the full and total exclusivity of copyright and any and every other right connected to the S.a.a.S. services granted under license. 

8.6.    EKRA is the exclusive owner of the EKRA and WCS trademarks and the domain name www.ekra.it

9.    Guarantees on services, liability, exclusions 

9.1.    EKRA provides the possibility to use the WCS platform in S.a.a.S. mode in the state of fact and law. EKRA does not guarantee that the functionalities contained meet the needs of the Client, are continuous or error-free. 

9.2.    The Client acknowledges that in no case will EKRA be liable for consequential, indirect, incidental damages also in relation to the suspension of the service for failures, updates, lack of Internet connectivity, general problems on EKRA's servers, ordinary and extraordinary maintenance activities. To this end, the Client acknowledges not to demand from EKRA, under any title, refunds, discounts, and in any case any type of compensation or compensation even in case of early termination of the contract by the Client himself. 

9.3.    EKRA does not provide any guarantee in relation to the contents and algorithms, which are in continuous evolution and modification, nor to the materials provided, nor to the information contained in WCS. In this regard, EKRA, within the limits of art. 1229 c.c., does not provide any guarantee and expressly declines any responsibility arising from the use of the platform and the information contained therein, to their adequacy and accuracy. 

9.4.    EKRA does not manage nor control the correctness of the information on the contents entered by the Client, nor does it undertake to guarantee the correctness and quality of the contents entered by third parties on behalf of the Client outside the direct control of EKRA. EKRA does not recognize guarantees, nor does it make statements regarding the use or the outcome resulting from the use of the service provided, regarding their correctness, accuracy, timeliness, reliability or otherwise. 

9.5.    The service in question must not be used in high-risk activities, which in case of error may cause damage or accidents to people, property, the environment, the financial or economic situation of the customer. The Customer expressly assumes all risks for such use. 

9.6.    The Customer releases EKRA from any liability on the published data (with data meaning: including but not limited to, photographs, logos, images, texts, videos, audio files, etc.), whether they are sensitive. EKRA, therefore, while striving to prevent this, cannot be held responsible in any case for the use of data, managed by the Customer, that were, unbeknownst to EKRA, covered by copyright. 

9.7.    The Customer uses the services at their own risk: EKRA is not liable to any party for legal/civil or administrative disputes, indirect, specific, incidental, punitive, exemplary or consequential damages (including but not limited to: damages in case of inability to use or access the services, loss or corruption of data, profits, clientele, business interruptions or similar), caused by the use or inability to use the services and based on any theory of liability including breach of contract, negligence, or other. 

9.8.    EKRA commits to protecting the solution, subject of this contract and provided in S.a.a.S mode, with an Antivirus system and a Firewall device. In any case, EKRA is not responsible for malfunctions of the services, data loss, accidental dissemination of sensitive data, and any other type of damage occurred as a result of attacks by hackers, thieves, crackers, viruses, etc. 

9.9.    EKRA is not responsible for the malfunctioning of the services due to non-compliance and/or obsolescence of the devices which the Customer or third parties are equipped with. 

9.10.    EKRA cannot guarantee the Customer secure revenues derived from the exploitation of the services. 

9.11.    The Customer acknowledges that the services provided are subject to interruption for reasons beyond the will of EKRA. The Customer also agrees that EKRA's liability for its own negligence cannot in any case exceed the amount paid by the Customer for the service during the period in which the damage occurred. 

10.    Compensation and payment methods 
The compensation and payment methods, for the use of the WCS system (or part of it) after the trial period, are defined in the document Economic Conditions or more economic agreements (more documents of Economic Conditions) between EKRA and the Customer.
In such Economic Conditions the modules, which the Customer can use and the corresponding annual fee, the duration and other possible elements and characteristics of the service are specified.

11.    Billing and payment plan
The billing and payment plan, for the use of the WCS system, are defined in the document Economic Conditions referred to in the previous article.

12.    Duration – Withdrawal – Penalty 
The parties agree that in the document Economic Conditions the duration of the contract and the day of the start of the Service provision will be indicated.
The parties agree that the contract is deemed tacitly renewed for the same period, unless a motivated cancellation is sent, by one party to the other, by registered mail A/R or Certified Electronic Mail (PEC) within 90 days from the expiration. 
In the case of early withdrawal exercised by the Customer, they are required to refrain from using the authentication credentials for accessing the services that are owned by EKRA, which reserves the right to cancel them from the day of withdrawal. 
Furthermore, in case of early withdrawal the Customer will be obliged to pay EKRA in a single solution as a penalty the entire amount of the annual fee agreed upon until the expiration.

13.     Customer Declaration 
The Customer acknowledges and is aware that EKRA may interrupt the service in order to maintain, update and modify the same or enable new services by notifying the customer via email. 
The Customer acknowledges that the above circumstances of suspensions or disconnections are necessary due to the type of service provided and therefore EKRA cannot be held in any way responsible for the temporary disablement of the service. 

14.    Force Majeure 
EKRA cannot in any case be considered responsible towards the customer or third parties for the delay or non-performance of its obligations due to force majeure such as, by way of example and not limited to, actions of public authorities, floods, fires, thefts, epidemics, explosions, accidents, strikes, and lockouts even non-company ones, acts of war, embargo, impossibility of transport, suspensions or problems of telecommunication, lightning, failures of plants not attributable to EKRA, interruptions or overload of energy flows, failures, or interruption of telephone lines attributable to the activity of the operator (or concessionaire) of the same lines, as well as interruptions or suspensions not attributable or otherwise independent from the will of EKRA or arising from third parties. 

15.     Limitation of Warranty 
EKRA cannot in any way be responsible for the non-use of the service or the non-functioning and/or poor functioning of the customer's property material. 
EKRA does not provide any type of warranty, expressed or implied, of merchantability, compatibility or fitness for a particular purpose of the user or third parties and also does not guarantee that the service meets the requirements and needs of the Customer himself. 
The examples, materials, and information contained in WCS are provided strictly and exclusively for the purpose of example, not constituting in any way professional advice. 

16.    Express Termination Clause 
The contract will be terminated by law under art. 1456 c.c., should one of the parties declare to avail itself of this clause by registered letter A.R. or PEC in the event of one of the following breaches of obligations: 
a) violation of the obligations under art. 5; 
b) violation of the obligations under art. 6;
c) violation of the obligations under art. 8;
d) violation of the obligations under art. 10. 

17.    Exclusions of Liability
Any liability of EKRA for the suspension and/or interruption of access to the S.a.a.S platform connected and/or dependent on maintenance and updating operations is excluded. 
No liability of any kind or nature is assumed by EKRA as to the completeness, accuracy and/or adequacy of the data entered by the Customer and the configurations made by them. The Customer, therefore, is required to evaluate and verify the contents and configurations in every part being themselves solely responsible for the accuracy of the processed data and the results obtained from their use. EKRA therefore assumes no responsibility for the content and/or correctness and/or completeness of the information provided through the S.a.a.S platform, nor on the configurations made by the Customer.
Decisions and/or evaluations resulting from consulting the platform are made by the Customer and/or their successors in complete autonomy and under their direct and sole responsibility. 
In no case can EKRA be held responsible even in part for any difficulty, defect, anomaly, discontinuity, impossibility of access and/or use of the Databases derived and/or otherwise connected to the hardware and software equipment of the customer or to the connection through the provider chosen by the customer themselves, to the incorrect functioning of the telephone network or the devices that constitute the Internet network. 

18.    Privacy 
Pursuant to and for the effects of the laws and regulations on Privacy, EKRA informs the customer that the personal data of the Customer, provided by the Customer to EKRA itself, within the scope of pre-contractual checks and activities, at the time of signing or during the execution of this contract, are processed exclusively for the purpose of carrying out the aforementioned pre-contractual activities, fulfilling the obligations and exercising the rights arising from the contract. Such data – as well as those of EKRA's duly appointed collaborators – may be communicated to third parties whose services EKRA uses to perform or carry out operations connected or consequent to the relationship in question, to pre-contractual checks, such as merely by way of example and not exhaustively, dealers, subcontractors, credit institutions, insurance companies, carriers, legal, tax, IT, administrative consultants etc..
The service data reside on servers physically located on Italian territory. EKRA reserves the right to change the physical location of the data prior notice and acceptance of the new location by the Customer. 
Each Party recognizes the other the possibility of using its name for commercial references, in addition to the publication of the so-called credits on the Web.

19.    Communications
Every communication related and/or connected to this contract will be valid and effective towards the other party if made in writing – electronically – and sent to the following email address: 
-    if to EKRA, via email to amministrazione@ekra.it
Every communication related and/or connected to the use of the WCS system, or a part of it, concerning what is contemplated in these General Conditions must be sent to the following address: servizio.wcs@ekra.it .

20.     Competent Court 
The Contract is subject to Italian Law. For any disputes arising from the application of this contract the Parties establish the exclusive jurisdiction of the Court of Mantua, excluding any other Court. 

21.    General Clause 
EKRA reserves the right to modify this contract at any time, notifying Users on its website, published at https://www.ekra.it/it/documenti-ufficiali . In such case the changes will be effective by law, without the need for specific and further approval and in any case after 10 days from their publication.
The conditions, provided in this document, are not valid if there is another written agreement between the Customer and EKRA, for the parts regulated in the possible, said written agreement.
The possible tolerance of behaviors carried out by the Customer, in violation of the provisions contained in these conditions, does not constitute a waiver of the rights arising from the violated provisions, nor the right to demand the exact fulfillment of the obligations and respect of all the terms and conditions provided in the contract itself, within the limits of the terms of prescription.
The possible nullity of one or more clauses of this agreement, does not entail the nullity of the entire contract; the Parties undertake to replace the null clauses with permissible clauses suitable for achieving the purpose intended in the Contract itself.
For all matters not expressly regulated in the Contract, the Parties expressly refer to the general rules on contracts of the Civil Code and to the current special laws.

OPPRESSIVE CLAUSES
The Customer declares to have read and approved the above clauses and pursuant to and for the effects of artt. 1341 c.c. and expressly approves the following clauses which constitute an essential and integral part of this contract, rejecting from now on any mutual exception, Articles: 3, 4, 5, 6, 7, 8, 9, 12, 13, 15, 16, 21.

1. Introduction and Purpose of the Agreement

This Data Processing Agreement (DPA) is entered into between:

EKRA S.r.l. (hereinafter EKRA or Provider), with registered office in Mantova, via Filippo Corridoni, 45, 46100, Tax Code and VAT number 02483290207 and registration number in the Mantova Companies Register, n. MN-256645, represented by Paolo Arisi

and

The Client, which coincides with the organization currently using one or more services of EKRA, which involve, by EKRA itself, the collection, storage, and possibly processing of personal data.

This agreement provides that EKRA, in compliance with EU Regulation 2016/679 (GDPR), acts as the External Data Processor for the Client's data. It is understood, however, that the Client retains the role, with respect to such data, of Autonomous Data Controller, assuming all obligations and responsibilities connected thereto, indemnifying EKRA from any dispute and from any claim that may arise from third parties in relation to such processing.

2. Preambles and Preconditions
    
   1. The Client has entered into one or more commercial agreements with EKRA (hereinafter the Contract), whether written, verbal, or otherwise inferable from conclusive facts;
   2. The Data Controller (i.e., the Client) and the Data Processor (i.e., the provider) have entered into this Data Processing Agreement (DPA) in order to fulfill the obligation to sign a written agreement, as required by current and applicable data protection legislation. In addition to any provisions set forth in the contract, the provisions set forth below regarding the processing of personal data by the Data Processor on behalf of the Data Controller shall apply;
   3. This Agreement does not include the use of solutions and the performance of activities considered additional, thus not present, compared to the Contract entered into between the parties. Additional activities, to be performed by EKRA at the request of the Client, will require a prior valuation not included in the rates established by the Contract;
   4. Each Party undertakes to comply, in the processing of Personal Data, with their respective obligations arising from the applicable Personal Data Protection legislation;
   5. By this Agreement, the Client fully accepts all the conditions set forth in this document.

3. Processing of Personal Data
    
   1. The Data Processor undertakes to process personal data exclusively in accordance with the documented instructions communicated from time to time by the Data Controller. The initial instructions of the Data Controller to the Data Processor regarding the subject and duration, the nature and purposes of the processing, the type of personal data, and the categories of data subjects are specified in this DPA;
   2. In the event of any changes to the Services that may involve new or different processing of personal data and/or in case of changes or updates to the instructions made by the Data Controller, the Parties will proceed to update the processing of personal data;
   3. In performing the processing of Personal Data for the purpose of providing the Services, the Provider undertakes to carry out the processing of Personal Data only to the extent and in the manner necessary to deliver the Services or to properly fulfill its obligations, as provided by the Contract and this Agreement, or imposed by law or by a competent supervisory or control authority;
   4. EKRA undertakes to comply with the Instructions, provided that, should the Client request changes to those initial ones, the Provider will assess the feasibility aspects and will agree with the Client the aforementioned changes and the associated costs;
   5. The EKRA Personnel who access, or otherwise process the Personal Data, are appointed to process such data based on suitable authorizations and have received the necessary training also regarding the processing of personal data. Such personnel are bound by confidentiality obligations and by the corporate Code of Ethics and must adhere to the confidentiality and personal data protection policies adopted by the Provider;
   6. The Data Processor will assist the Data Controller in fulfilling the Data Controller's obligation to respond to requests made by data subjects for the exercise of their rights to information regarding the processing of personal data. The Provider will assess the feasibility aspects and will agree with the Client the activities and the associated costs;
   7. Should data subjects, competent authorities, or third parties request information from the Data Processor regarding the processing of personal data referred to in this DPA, the latter will communicate such request to the Data Controller. EKRA will not act on behalf of or as a representative of the Data Controller and will not transfer or otherwise disclose to third parties personal data or any other information relating to the processing of personal data without having obtained prior instructions from the Data Controller. In the event that the Data Processor is required to disclose, in compliance with applicable laws and regulations, personal data that it processes on behalf of the Data Controller, the latter undertakes to immediately notify the Data Controller. EKRA reserves the right to assess the feasibility aspects and will agree with the Client the activities and the associated costs.

4. Engagement of Third Parties
    
   1. In relation to the engagement of Further Data Processors for the processing operations of Personal Data, the Parties agree as follows:
      the Data Processor will make use of its sub-suppliers, for the purposes specified therein. The Data Controller recognizes and accepts that this may involve the processing of data by the same;

5. Transfer to Third Countries
    
   1. The Data Processor may not transfer personal data or otherwise disclose them directly or indirectly outside the European Economic Area without having obtained specific written approval from the Data Controller (which may be refused or granted based on the conditions that the Data Controller deems necessary to impose).

6. Security Provisions
    
   1. In performing the processing of Personal Data for the purpose of providing the Services, EKRA undertakes to adopt technical-organizational measures to prevent unlawful or unauthorized processing, accidental or unlawful destruction, damage, accidental loss, alteration, and unauthorized disclosure of, or access to, Personal Data.
   2. The Provider may update and modify over time the Security Measures adopted, provided that such updates and changes will not result in a reduction in the overall level of security of the Services. Notification of such updates and changes will be provided to the Client by sending a communication to the Notification Email;
   3. Should the Client request to adopt additional security measures compared to the Security Measures indicated by the Provider, the latter reserves the right to assess their feasibility and may apply additional costs to the Client for such implementation;
   4. Should the product allow integration with third-party applications, the Provider will not be responsible for the application of the Security Measures related to the third-party components or the operating methods of the product resulting from the integration carried out by third parties.
   5. The Client acknowledges and accepts that, in the use of the Services, it remains the exclusive responsibility of the Client to adopt adequate security measures, in relation to the use of the Services by its personnel and those who are authorized to access said Services.

7. Measures in Case of Security Breaches

Should the Provider become aware of a Security Breach of Personal Data, it will:

• inform the Client by communication sent to the Notification Email;
• adopt the measures agreed upon in the contract to limit possible damages and the security of Personal Data;
• provide the Client, as far as possible, with a description of the Personal Data Security Breach including the measures taken.

In the event of a Security Breach of Data, it is the exclusive responsibility of the Client to comply, in the cases provided by the Legislation on the Processing of Personal Data, with the obligations to notify the Security Breach to third parties (to the End User for whom the Client is the Data Controller) and to the supervisory authority and the data subjects.```html

1. It is understood that the notification of a Security Breach or the adoption of measures to manage a Security Breach does not constitute an acknowledgment of breach or liability by the Supplier in relation to said Security Breach;
2. The Customer must promptly communicate (within 48 hours from the Breach) to the Supplier any improper uses of accounts or authentication credentials or any Security Breaches concerning the Services that they become aware of.

7. Audit and Verification Rights
    
   1. EKRA acknowledges the right of the Customer, in the manner and within the limits indicated below, to conduct independent audits to verify the Supplier's compliance with the obligations set forth in this Agreement and the respective DPAs, and as provided by the law. The Customer may use its specialized personnel or external auditors, provided that such subjects are previously bound by suitable confidentiality commitments;
   2. The Supplier may oppose in writing the appointment by the Customer of any external auditors who are, at the Supplier's sole discretion, not adequately qualified or independent, are competitors of the Supplier, or are evidently unsuitable. In such circumstances, the Customer will be required to appoint other auditors or to conduct the audits internally.
   3. The Customer undertakes to pay the Supplier any costs calculated by the Supplier and communicated to the Customer in the phase referred to in the previous point 8.2, in the manner and within the times agreed therein. The costs of the verification activities commissioned by the Customer to third parties remain exclusively at the Customer's expense;

9. Customer Obligations and Limitations

The Customer is the sole Data Controller of the data entered and processed through the Services provided by EKRA. The Customer assumes all obligations and responsibilities related to this role, indemnifying EKRA from any dispute, claim, or request made by third parties in relation to such processing. In relation to the obligations derived from this role:

• The Data Controller guarantees to have previously provided all necessary information and adequate notices to the data subjects whose data are processed, as per art. 13 of Legislative Decree 196/2003 and the European Regulation 679/2016, and to have obtained their consent to the processing;
• If the release of the notice and the obtaining of consent must occur through the product subject to the Contract, the Customer declares to have evaluated the product and that it meets the Customer's needs. It also remains the Customer's responsibility to assess whether any forms made available by the Supplier to facilitate the fulfillment of the obligations of notice and consent (e.g., privacy policy model or notices), when available, are compliant with the Legislation on Personal Data Protection and to adapt them as deemed appropriate;
• The Data Controller acknowledges that, in the event that the data subjects, competent authorities, or third parties request information from the Data Processor regarding the processing of personal data referred to in this DPA, the latter will communicate such request to the Data Controller, as per article 3.7;
• The Data Controller commits to providing the Data Processor with a complete list of the processing activities carried out and the related risk analysis.

10. Validity Period

The provisions of this DPA shall apply as long as EKRA processes personal data for which the Customer is the Data Controller.

This DPA and its clauses have a duration equal to that of the Contract entered into between EKRA and the Customer in relation to the chosen Service. In the absence of a predetermined duration, the duration will be equal to that deducible from the practices and conclusive behaviors between the parties.

11. Measures upon Termination of Personal Data Processing

Upon termination of the Service, the Supplier will:

• delete the Personal Data (including any copies) from its systems or those over which it has control, within the term specified in the Contract, except where the retention of data by the Supplier is necessary or permitted in order to comply with an Italian or European legal provision;
• keep the Personal Data available to the Customer for extraction for the period provided by the Contract

The Customer acknowledges:

• to be able to extract the Personal Data, upon termination of the Service, in the ways agreed in the Contract and agrees that it is their responsibility to provide for the total or partial extraction of only the Personal Data they deem useful to retain and that such extraction must be carried out before the expiration of the term set by the Contract or at the end of the service provision relationship;
• that after the aforementioned term, the Personal Data may no longer be accessible.

12. Limitations of EKRA's Liability
     

1. The Customer acknowledges that in the event that the performance carried out by the Data Controller requires the processing of special data, i.e., according to the GDPR (art. 9), personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, data concerning health and sex life or sexual orientation of the person, the Data Controller must previously provide specific information and request the appropriate consent to the processing from the data subject;
2. The Customer acknowledges that EKRA does not sell, nor rent, nor lend to third parties, its user lists and the related data;
3. The Customer acknowledges that EKRA does not perform any specific backup of the data and/or information and/or content processed by the Customer through the Service offered. EKRA in any case does not offer any guarantee regarding the use of the Service as far as the protection and conservation of the aforementioned data and/or information and/or content are concerned, except for the activation by the Customer of a specific ancillary service;
4. Even in the case where the Customer has purchased the Backup Service, although the aforementioned service reduces the risk of data loss and makes it easier for the Customer to have a copy of the same available, it is not excluded that such a backup copy, also for technical reasons, may not be available at the time the Customer intends to use it;
5. The Customer acknowledges that the various activities carried out by EKRA that allow the confidentiality, integrity, and restoration of information are performed depending on the service that the Data Controller purchases from EKRA, and therefore are commensurate with the value invested in such activities by the Data Controller;
6. The Customer acknowledges that the various activities carried out by EKRA to preserve data from cyber attacks or anomalous events, such as failures that prevent access to the service, and the drafting of an emergency plan are performed depending on the service that the Data Controller purchases from EKRA, and therefore are commensurate with the value invested in such activities by the Data Controller;
7. The Customer acknowledges that the activities resulting from a Data Breach and carried out by EKRA, such as event investigation, impact assessment assistance, data loss management assistance, consultation with the Control Authority, have a value that must be economically recognized to allow these activities to be carried out. EKRA will evaluate the feasibility aspects and will agree with the Customer the activities and the related costs;
8. The Customer acknowledges that the various activities carried out by EKRA to provide information (or information integrations), perform processing checks, allow access to the database, comply with any measures possibly adopted by the Control Authority, have a value that must be economically recognized to allow these activities to be carried out. EKRA will evaluate the feasibility aspects and will agree with the Customer the activities and the related costs.

13. Miscellaneous Provisions

1. This Agreement replaces any other agreement, contract, or understanding between the Parties with reference to its subject, as well as any instruction provided in any form by the Customer to the Supplier prior to the date of this Agreement regarding the Personal Data processed in the execution of the Contract;
2. In case of conflict between the provisions of this Agreement and those provided in the Contract for the provision of Services, or in documents of the Customer not expressly accepted by the Supplier in derogation of this Agreement, the provisions of this Agreement shall prevail.