HomeTerms and Conditions

Avacy Terms and Conditions

Premises

1. Scope of application

This document describes the General Conditions of Use ('CGDU') of the Products and Services made available to the user by Jump Group S.r.l.

Different terms and conditions may be applicable to specific websites and/or platforms of the Owner or to websites and platforms of integrated partners and, in this case, please refer to the CGDU reported therein.

Registration on this website and use of the products and services provided therein implies acceptance of these General Conditions of Use.

These general conditions of use apply both to consumers in compliance with the Consumer Code Legislative Decree.

Pursuant to current legislation (art. 3 of Legislative Decree 206/2005) we remind you that the 'consumer' is the natural person who acts for purposes unrelated to any entrepreneurial, commercial, artisanal or professional activity carried out.

To accept these TOS the user must have the power to enter into binding contracts in accordance with the law.

Compilando il form di registrazione, l’utente dichiara di essere maggiorenne e/o di avere ottenuto il consenso ad agire dal proprio genitore/esercente la responsabilità genitoriale/tutore.

These Conditions may be modified at any time by the Owner.

The applicable Conditions are those in force on the date of transmission of the purchase order or request for supply of a Product and/or Service.

2. Definitions

To allow for complete understanding and acceptance of these conditions, the following terms, singular and plural, will have the meaning indicated below:

Holder: Jump Group Srl, with registered office in 47122 Forlì (FC), Via Asiago n. jumpgroup@pec.it.

Website: avacy.eu.

Services and/or Products: digital services and/or products provided by the Owner via the website.

User: any person who registers on the Website and purchases the products and services provided therein.

Consumer User: the natural person who concludes a contract for purposes unrelated to his/her entrepreneurial, commercial, artisanal or professional activity, if any.

Professional/Enterprise User: the natural person having a professional/entrepreneurial activity in an individual form or a legal person who concludes a contract for the performance or for the needs of his own entrepreneurial, commercial, artisanal or professional activity.

Conditions: this contract which governs the relationships between the Owner and the Users and the sale of the Products and/or Services offered by the Owner through the Website.

Regulation or GDPR: General Regulation on the Protection of Personal Data EU n.

User Activities: website, application, mobile app and any other online portal owned by the User, related to the use of the Owner's services and/or products.

Contents: any document and/or information and/or text of legal value generated by the Website and/or independently by the User.

3. Object of the service

The Service offered by the Owner allows the User to:

compose legal documents required pursuant to the European Regulation on the protection of personal data (GDPR) and legislation on online privacy, such as, for example, privacy policy and cookie policy, valid for websites, applications, mobile apps, etc. , through the insertion of information, answers, and contents indicated by the User himself and the use of a series of technological tools.
take advantage of digital tools for scanning and recording cookies, recording consent and selection and preferences on cookies provided for by the ePrivacy directive, such as, for example, cookie banner and consent solutions.

In detail, the Website allows Users to generate legal documents by combining different predefined clauses.

The user will also be able to partially or completely replace the documents generated by inserting content produced independently.

The generated documents can be stored on the Owner's server and incorporated into a site or app using a series of integration/embedding tools.

Generated documents can only be embedded using integration/embedding code.

Terms of Use

1. Registration

To use the Products and Services of the Website, Users must register by creating an account and providing, truthfully and completely, all the data requested in the relevant registration form, fully accepting these general conditions, as well as any additional clauses expressly approved pursuant to art.

The User is responsible for safeguarding their access credentials which must be used exclusively by the User and cannot be transferred to third parties.

To accept these TOS the user must have the power to enter into binding contracts in accordance with the law.

The User guarantees that the personal information provided during the registration procedure is complete and truthful and undertakes to hold the Owner harmless and harmless from any damage, compensation obligation and/or sanction deriving from and/or in any way connected to the violation by part of the User's rules on registering on the Website or storing registration credentials.

By creating an account, the User agrees to be fully responsible for any activity carried out with his access credentials.

2. Free trial period / free version

The User can take advantage of a free version with reduced functionality of the Products/Services of the Website. This free subscription version is to be considered renewable at a cost of €0.00 per month, according to the same logic set out in the following point (3) of the “Terms and conditions of sale” and therefore the relevant invoice for the provision of the service will not be issued.

3. Closure, suspension and cancellation of the Account

The User is free to close his account and cease using the Service at any time through the account closure tools available on the Website or by contacting the Owner at the email address support@avacysolution.com.

In the event of violation by the User of these Terms and Conditions or of the applicable legal provisions, the Owner reserves the right to suspend or cancel the User's account at any time at its discretion and without notice.

The suspension or cancellation of the account does not give the User any right to compensation, reimbursement or compensation.

4. Intellectual property

Unless otherwise specified or clearly recognisable, all content available on this Website is owned or provided by the Owner or its licensors.

The Owner expressly holds and reserves all intellectual property rights on the aforementioned contents.

Users are not authorized to use the contents in any way that is not necessary or implicit in the correct use of the Service.

The User is authorized to use the documents limited to the period of subscription to the Product/Service.

Limited to particular cases envisaged by the Product/Service purchased, the Owner allows Users to upload, share or offer their contents on this Website.

When providing content to this Website, the User declares to be legally authorized to do so and confirms that said content does not violate laws and/or third party rights.

5. Rules of conduct

The User may use the services and products of the Website by adhering to these rules of conduct and avoiding engaging in behavior contrary to the law.

pretend to meet any requirement for accessing this Website or using the Service, such as being of age or qualifying as a Consumer;
hide your identity, use the identity of others or pretend to act in the name of a third party, unless authorized by that third party;
defame, threaten, abuse, use intimidating practices, threaten or violate the rights of others in any other way;
copy and paste the documents or integrate them in any way other than using the appropriate integration/embedding code.
copy, download, use and manipulate in any way the code of the Avacy software and all its functions even after the cancellation of the service.

6. Content rules

With reference to contents independently created and published through one's own activity, through the Tools, Products and Services provided by the Owner, the User is expressly prohibited from:

disseminate or publish unlawful, obscene, illegitimate, defamatory or inappropriate content;
post content that directly or indirectly promotes hatred, racism, discrimination, pornography or violence;
disseminate or publish content that is false or that may cause unjustified alarm;
use this Website to publish, disseminate or otherwise offer content protected by intellectual property law, including, but not limited to, patents, trademarks and copyright, without the authorization of the rights owner;
use this Website to post, disseminate or otherwise offer content that violates the rights of third parties, including, but not limited to, military, commercial, professional or state secrets and personal data;
publish content or carry out activities that disrupt, interrupt, damage or otherwise violate the integrity of this Website or the devices of other Users.

7. API Terms of Use

Users can access their data relating to this Website through the Application Program Interface (API).

Terms and conditions of sale

1. Description of Paid Products and Services

Some of the Products offered on this Website as part of the service are subject to charges. link as well as in the respective sections of this Website. To purchase the Products/Services, the User is required to register or log in to this Website.

All the Products and/or Services offered through the Website are described in detail on the relevant product/service pages (quality, characteristics, availability, price, supply times, additional charges, etc.).

2. Purchase procedure

The purchase procedure includes the following steps:

Following Registration on the Website, the User will be able to select, within the appropriate section, the desired Product and/or Service to make it appear in the purchase selection, indicating, where possible, specific quantities and characteristics;
Users can control their choice, edit, add or remove items;
The User will be asked to specify their billing address, contact details and a payment method of their choice among those made available by the Website;
During the purchase procedure, the User can, at any time, modify, correct or replace the information provided or cancel the purchase procedure altogether without any prejudice;
After completing all the required information, the User is required to carefully check the order and the information entered before proceeding with the purchase order confirmation;
For the purposes of correct forwarding of the purchase order, the User must accept these Terms and Conditions by checking the appropriate flag on this Website and, in the case of a minor User, declare that they have received prior authorization to purchase by the parent/operator with parental/guardian responsibility, thus paying the agreed price according to the payment methods indicated in the appropriate section of the purchase procedure.
The Owner will accept the User's contractual proposal by sending the order confirmation to the email address indicated by the User, which will contain the date of the order, the User's data, the billing data, the characteristics of the Product, the price, any additional charges and taxes, the methods for exercising the right of withdrawal or its possible exclusion and the guarantee.

The contract for the sale of the Products is not considered effective between the parties in the absence of what is indicated in this purchase procedure.

The User undertakes to verify the correctness of the data reported in the order confirmation and to immediately communicate any errors to the Owner and will keep a copy of their order, the relevant confirmation and the Conditions.

3. Products and/or Services in Subscription and automatic renewal

The Website offers Products and/or Services on a fixed-term subscription basis, which vary based on prices and functionality. link.

To sign up for the subscription, the User must follow the procedure indicated in the previous point (See “Purchase Procedure”).

Fixed-term subscriptions start from the date on which the Owner receives the payment and remain active for the subscription duration chosen by the User or otherwise indicated during the purchase procedure.

The subscription lasts 30 days and is automatically renewable by charging the payment method chosen by the User at the time of purchase.

The User can deactivate the renewal at any time through the Website, without the possibility of reimbursement of the amount relating to the currently valid monthly payment.

4. Exceeding the Product/Service usage thresholds

The Owner reserves the right to suspend the provision of the Product/Service if the User exceeds the usage thresholds envisaged by the subscribed monthly plan (e.g. increase in the pages relating to the User's website).

5. Upgrade your current subscription

The Website provides the User with the right to modify the Product/Service purchased during the validity of the subscription.

In this case, the User will have to select and purchase the new subscription Product/Service, according to the "Upgrade" procedure present on the specific section of the Website, being able to immediately use the functions relating to the new subscription Product/Service purchased.

The new subscription purchased will last 30 days, automatically renewable, starting from the date of modification of the subscription.

Once the subscription subscription has been updated, the amount relating to the unused period of the previous valid subscription (calculated with reference to the cost of the Product/service on a daily basis), paid in advance by the User, will be available as a “Bonus on credit” to pay for the updated subscription.

Example: Purchase of the subscription to Product/Service “X” at a monthly cost of €15.00 – duration 30 days from the subscription date.

After 15 days from the subscription date, the User decides to replace the subscription to Product/Service "X" with the subscription to Product/Service "Y", at a monthly cost of €30.00.

In this case, the User will not enjoy Product/Service “X” for the remaining period of 15 days, accruing a “Credit Bonus” worth €7.50, calculated on a daily basis: (€15.00 / 30 days = €0.50 / day - €0.50 x 15 days = €7.50).

The new subscription to Product/Service “Y” will last 30 days, starting from the date of new subscription and the User, during the purchase phase, will have to pay the Owner a sum equal to the cost of Product/Service “Y” (€ 30.00) reduced by the value corresponding to the unused period of the subscription to Product/Service “X” (€7.50), for a total of €22.50.

6. Prices and variations

The Website presents the different prices and functions of each Product and/or Subscription Service provided by the Owner. link.

During the purchase procedure and before placing the order, the User is in any case duly informed of all the commissions, taxes and costs that will be charged to him.

The Owner reserves the right to unilaterally modify, at any time, the price of the Products and/or Services and any additional costs.

These changes are also intended to be applicable to any automatic renewals of subscriptions to Products and/or Services subscribed prior to the intervention of the unilateral change in price by the Owner, without further charges for the User, in relation to the current contractual period. validity.

In this case, the Owner will proceed to modify the price list of Subscription Products and/or Services in thespecific section of the Website , by sending a communication, containing the price change, to all Users who have subscribed to a valid subscription, who will be able to deactivate the service without further charges, should they not wish to accept the price change unilaterally applied by the Owner, during the renewal.

It is understood that, even in the event of deactivation prior to renewal, the subscription Product and/or Service will remain active until the expiration date, as indicated in the previous point 3 "Subscription Products and/or Services and automatic renewal".

7. Payment methods

The Website uses third-party tools for payment processing, the details relating to the accepted payment methods are highlighted during the purchase procedure.

Some payment methods are linked to additional conditions and/or involve additional costs.

The Website processes payments through the use of services provided by third parties.

If these third-party tools deny payment authorization, the Owner will not be able to provide the Products and/or Services and cannot be held responsible in any way.

8. Billing

For the issuance of the invoice, the information provided by the User will be considered as valid, which he declares and guarantees to be truthful, granting the Owner any indemnity in this regard.

9. Exclusion of the right of withdrawal of Professional Users

The Professional User/Business is not granted the right to withdraw from the contract for the sale or supply of the Products/Services.

10. Right of withdrawal of Consumer Users from the purchase of Products and/or Services

The Consumer User has the right to withdraw without any penalty and without specifying the reason within 14 days starting from the date of conclusion of the contract, by sending a written communication to the e-mail address support@avacysolution.com, using the optional withdrawal form referred to in the following article or any other written declaration.

In case of withdrawal exercised correctly, the Owner will refund the User the payments received, in the same payment methods used by the User for the initial transaction, without undue delay and in any case within 14 days from the date on which the User communicated the withdrawal. from the contract.

11. Optional form to exercise the right of withdrawal

The User can withdraw using the following form which must be completed in its entirety and sent to the email address support@avacysolution.com before the withdrawal period expires:

I hereby communicate my withdrawal from the sales or supply contract relating to the following product

Plan: __________

Order number:_______

Ordered on: _______

Name and surname: _______

Address: ______

Email associated with the account from which the order was placed: ____________________

Domain for which withdrawal is requested:_________________________

Date: __________

12. Guarantee of conformity of Products and/or Services for Consumer Users

Consumer Users are granted the guarantee of conformity, provided for by the articles.

The Owner is responsible for defects in conformity that appear within two years from the date of supply.

If the Consumer User intends to take advantage of the remedies provided by the guarantee of conformity, he must send a written communication to the email address support@avacy.eu.

13. Industrial and Intellectual Property Rights

All contents of the Website, including texts, documents, trademarks, logos, images, graphics, their arrangement and their adaptations are protected by copyright law and trademark protection legislation.

14. Exclusion of guarantees

The products and/or Services are provided "as is" and "as available" and the Owner does not provide any express or implicit guarantee in relation to the Website, nor does it provide any guarantee that the Website will be able to satisfy the needs of the Users or which will never be uninterrupted or error-free or free from viruses or bugs.

The Owner will endeavor to ensure that it is available uninterruptedly 24 hours a day, but cannot in any way be held responsible if, for any reason, the Website is not accessible and/or operational at any time or for any period.

15. Limitation of Liability and Indemnification

The Owner undertakes to complete the work agreed with the Customer by assuming exclusively the obligation of means.

The Service provided by the Owner is provided 'as is', without warranties of any kind, express or implied, including but not limited to warranties of merchantability or fitness for a particular purpose.

In no event shall the Owner be held liable for any direct, indirect, incidental, special, typical or consequential damage (including, but not limited to, loss of data, use or profit; or business interruption) howsoever caused and on any hypothesis of liability, whether in contract, strict liability or tort (including negligence or otherwise) arising in any way from the Product and/or Service provided or from the use of the Website.

The User renounces any claim for compensation against the Owner.

The User assumes all civil and criminal liability deriving from the use of the contents of the Website.

The User is solely responsible for the contents of which he/she comes into possession following the signing of this contract.

The User assumes all civil and criminal liability for any falseness or incorrectness of the information and Data communicated to the Owner.

The Owner cannot be held responsible towards the User, except in the case of willful misconduct or gross negligence, for disservices or malfunctions also connected to the use of the internet outside of its control or that of its vendors.

Furthermore, the Owner will not be responsible for damages, losses and costs suffered by the User (such as, by way of example but not limited to, commercial losses, loss of revenues, profits or estimated savings, loss of contractual/commercial relationships, loss goodwill, reputational damage, financial penalties imposed by public authorities including the European Privacy Authority etc.) following failure to execute the contract for reasons not attributable to him, the User having the right only to any full refund of the price paid and any additional charges incurred.

The Dataholder assumes no responsibility for any fraudulent or illicit use that may be made by third parties of credit cards and other means of payment, as it does not come into contact in any way with the payment data used (number of credit cards, owner's name, password, etc.).

The User expressly indemnifies the Owner from and against any claim or demand of third parties, without limitation, originating from malicious or grossly negligent conduct of the User, from the use of the Service by the User, as well as from any possible violation by the User of these terms and conditions, of the rights of third parties (by way of example, rights related to privacy or intellectual property), of laws, rules, regulations or any current and applicable legal provision.

16. Force majeure

The Dataholder cannot be held responsible for failure or delayed fulfillment of its obligations, for circumstances beyond the reasonable control of the Dataholder due to events of force majeure or, in any case, to unforeseen and unforeseeable events and, in any case, independent of its will. .

The fulfillment of the obligations by the Owner will be considered suspended for the period in which force majeure events occur.

The Dataholder will carry out any action in its power in order to identify solutions that allow the correct fulfillment of its obligations despite the persistence of force majeure events.

17. Links to third party sites

The Website may contain links to third-party sites/applications.

The Owner will not be in any way responsible in the event that the application is used illegally or is linked to sites prohibited by law or is made the subject of crimes of any nature.

Some of these links may refer to third-party sites/applications that provide services through the Website. In these cases, the general conditions for the use of the site and for the use of the service prepared by the third parties will apply to the individual services, with respect to the which the Owner assumes no responsibility.

For the provision of the Product and/or Service, in some cases, the Owner may have to interact with third-party systems or software or manage accounts on external services on behalf of the User (e.g.: publication of Apps on the Apple Store etc. ).

18. Privacy

For the purposes of managing the contractual relationship and the correct provision of the requested Products and/or Services, the Dataholder will process the personal data relating to the User and/or third parties, in compliance with the provisions of EU Regulation no.

With reference to the processing of the User's personal data, necessary for the management of the contractual, economic, fiscal and marketing relationship, Jump Group assumes, towards the User, the role of Dataholder.

For further information about the processing of personal data carried out as Dataholder, the User can consult the privacy policy of the Website at the following link: https://api.avacy.eu/jumpgroup/privacypolicy/14/it

With reference to the processing of personal data of third parties, necessary for the provision of the contractual services requested by the User, Jump Group assumes, towards the User, the role of Data Processor, upon signing of the contract of appointment as Dataholder, pursuant to art.

19. Applicable law and competent court

The Conditions are subject to Italian law.

For Professional users, for any dispute relating to the Application, execution and interpretation of these Conditions, the court of the place where the Owner is based is competent.

For Consumer Users, any dispute relating to the application, execution and interpretation of these Conditions will be referred to the court of the place where the Consumer User resides or has elected domicile, if located in the territory of the Italian State, without prejudice to the right of the User Consumer to appeal to a judge other than that of the "consumer forum" pursuant to art.

This is without prejudice to the application to Consumer Users who do not have their habitual residence in Italy of any more favorable and mandatory provisions provided for by the law of the country in which they have their habitual residence, in particular in relation to the deadline for exercising the right of withdrawal, the deadline for returning the Products, in case of exercise of this right, the methods and formalities of communicating the same and the legal guarantee of conformity.

20. Online Dispute Resolution for Consumer Users

The Consumer User resident in Europe must be aware of the fact that the European Commission has established an online platform that provides an alternative dispute resolution tool.

Pursuant to and for the purposes of the articles.

CONDITIONS OF USE: 3 (Closing, suspension and cancellation of the Account); 4 (Intellectual property); 5 (API Terms of Use)

TERMS AND CONDITIONS OF SALE: 2 (Purchasing procedure); 3 (Products and/or Services in Subscription and automatic renewal); 4 (Exceeding the Product/Service usage thresholds); 5 (Upgrade of valid subscription); 6 (Prices and variations); 7 (Terms of payment); 8 (Billing); 9 (Exclusion of the right of withdrawal of Professional Users); 13 (Industrial and Intellectual Property Rights); 14 (Exclusion of warranty); 15 (Limitation of Liability and Indemnification); 16 (Major force); 17 (Link to third party sites); 19 (Applicable law and competent court)

DPA (Data Processing Agreement) - General Conditions - Avacy Consent Solution

Appointment contract as Dataholder pursuant to art. amministrazione@jumpgroup.it (Dataholder, hereinafter referred to as: Responsible), and the Customer as defined in the above registry (Dataholder, hereinafter referred to as: Holder).

Premise

the Manager carries out the services and activities detailed in the main contract on behalf of the Owner, or in the document attached to this DPA, to which reference should be made in full.

The provision of the services and activities referred to in the Contract and in the document attached to this DPA entail, by the Dataholder, the processing of Personal Data relating to natural persons ("Data Subjects") on behalf of the Dataholder.

The Manager confirms direct and in-depth knowledge of the relevant legislation (EU Reg. no. 16/679 or GDPR), as well as of the obligations assumed under this agreement, and undertakes to proceed with the processing of the aforementioned Personal Data, complying to the instructions identified by this agreement and the related annexes, formally assuming the role of Dataholder, in full compliance with the provisions of the art.

1. Object

This agreement has as its object the appointment of the Manager and the provision of instructions relating to the processing of Personal Data.

2. Duration

The duration of this appointment is equal to the duration of the main contract.

3. Categories of Personal Data

The categories of Personal Data processed by the Manager are described in the document attached to this DPA.

4. Categories of Interested Parties

The categories of interested parties to which the Personal Data processed by the Manager refer are described in the document attached to this DPA.

5. Source of origin of the Personal Data

The source of origin of the Personal Data processed by the Manager is described in the document attached to this DPA.

6. Transfer of Personal Data outside the EU/EEA

On the date of signing this agreement, the Dataholder acknowledges that he has been informed that the processing activities, carried out by the Processor on his behalf, will take place at the headquarters of the Processor and/or, also through the intervention of any Sub-Processors of the processing , in the countries indicated in the dedicated section (“SUB-DATA PROCESSORS”) of the document attached to this DPA.

In the event of transfer of Personal Data to a third country (outside the EU/EEA), guarantee measures will be adopted for the transfer which, depending on the case, may be: verification of the existence of adequacy decisions by the European Commission, signing of contractual clauses standards and/or binding corporate rules, verification of the adoption of any additional measures to implement recommendation 01/2020 EDPB.

7. Technical and organizational measures

Pursuant to the articles.

Pursuant to art.

The technical and organizational measures are subject to technical and technological evolution and progress, therefore, the Manager may adopt appropriate alternative measures suited to the changed technological context.

The Manager periodically checks the internal processes and the technical and organizational measures to ensure that the processing in his area of competence complies with the requirements of the legislation on the protection of Personal Data and the rights of the interested parties.

If, through inspection or revision, the Owner finds the need to modify them, the modifications will be made on the basis of an agreement between the parties.

8. Lawfulness of the processing

The Dataholder guarantees that the Personal Data subject to the contractual operations entrusted to the Manager have been acquired and processed lawfully, in compliance with the criteria identified pursuant to art.

9. Rights of interested parties

The Manager undertakes to cooperate with the Owner and to provide the widest possible assistance, to the extent that this is reasonable or possible, in order to facilitate the Owner in responding to the requests of the interested parties for the exercise of their rights.

communicate immediately, and in any case within 5 days of receipt, to the Dataholder each request received from the interested parties regarding the exercise of their rights and, if feasible or appropriate, to
assist the Dataholder in designing and implementing all the technical and organizational measures necessary to respond to such requests.

Without prejudice to the fact that the responsibility for verifying and satisfying the requests of the interested parties lies exclusively with the Dataholder, the Data Processor may be appointed to process some specific requests, provided that this does not require disproportionate efforts and on specific instructions provided in writing by the Dataholder.

10. Other obligations of the Manager

In addition to the provisions of this contract, the Manager is required to comply with all legal requirements set out in the articles.

In particular, the Manager:

processes the Owner's Personal Data only for what is strictly necessary for the provision of the service referred to in the main contract, in accordance with this agreement and related annexes and in compliance with any other instructions given in writing by the Owner;
warns the Dataholder if it believes that the instructions given in writing are in violation of the applicable legal provisions regarding the protection of Personal Data;
promptly informs the Dataholder, without undue delay, of any contact or communication received from a Supervisory Authority in relation to the processing of the Dataholder's Personal Data;
ensures that it has implemented adequate operational, technical and organizational measures to protect the Dataholder's Personal Data;
when communicating the Dataholder's Personal Data to its staff, directly and exclusively responsible for providing the service covered by the main contract, the Manager ensures that said staff: 1) is committed to maintaining confidentiality or is subject to a legal obligation of confidentiality and;
undertakes to allow the execution of audits and inspections on the systems and places used for the processing of the Personal Data covered by this agreement, by the Dataholder or by third-party auditors sent by the Dataholder, and to provide its collaboration.

The Manager has also appointed the DPO (Data Protection Officer) pursuant to art. dpo.jump@pec.it

10-bis. Collaborazione con le autorità di controllo

The Owner and the Manager cooperate, upon request, with the supervisory authority.

11. Sub-Responsabili del trattamento

The Dataholder authorizes and accepts that, exclusively to proceed with the provision of the service covered by the main contract and in compliance with the provisions of this agreement, the Personal Data owned by it may be processed by Sub-Processors.

the Processor informs in advance - by updating and subsequently sending to the Dataholder the "SUB-PROCESSING PROCESSORS" section referred to in the document attached to this DPA - the Dataholder of the identity of the Sub-Processors involved in the delegated Personal Data processing operations by virtue of this agreement, of the relevant offices, purposes of the processing and DPO if appointed, and notify the Dataholder of any updates to the aforementioned information in order to allow the Dataholder to oppose the use of said Sub-Processors;
stipulates agreements with the Sub-Processors that contain the same obligations provided for in this agreement regarding the processing of Personal Data owned by the Dataholder;
exercises adequate controls in selecting the Sub-Processors and remains responsible for the fulfillment of the obligations contained in this agreement by the Sub-Processors involved;
upon request of the Dataholder, the Processor provides the Dataholder with adequate information regarding the actions and measures that the Processor and his Sub-Processors have undertaken to ensure compliance with the provisions of this agreement.

On the date of signing this agreement, the parties mutually acknowledge that the Processor makes use of Sub-Processors indicated in the "SUB-PROCESSOR OF PROCESSING" section of the document attached to this DPA, with whom he undertakes to conclude compliant contractual agreements to the dictates of the art.

12. Assistance to the Owner

The Manager assists the Dataholder in fulfilling obligations relating to the security of Personal Data, in reporting violations of Personal Data, in impact assessments on the protection of Personal Data and in preventive consultations referred to in articles 32 to 36 GDPR, including the other:

guaranteeing adequate standards of protection through technical and organizational measures, taking into account the nature, circumstances and purposes of the processing, the probability of violations of Personal Data and the severity of the risk for natural persons that may arise therefrom;
assisting the Dataholder in processing the requests of the interested parties to exercise their rights (as provided for in point 9 above).

In the event that the Manager becomes aware of a breach of Personal Data, he must:

take appropriate measures to contain and mitigate such violation, including notifying the Owner as soon as possible and in any case no later than 48 hours from becoming aware of the violation, in order to allow the Owner to quickly implement the necessary countermeasures;
collaborate with the Dataholder to investigate the nature, categories and approximate number of interested parties involved, the categories and approximate number of Personal Data involved and the probable consequences of such violation in ways commensurate with the seriousness and its overall impact on the Dataholder and on the provision of the service provided for by this agreement;

where the applicable legal provisions regarding the protection of Personal Data require notification to the competent Supervisory Authorities and the Interested Parties of the violation of Personal Data, and if it refers to the Dataholder's Personal Data, the Dataholder is the only one to have the right to determine the measures that must be taken to comply with applicable legal provisions relating to the protection of Personal Data or to remedy any risk, including but not limited to: i) determining whether notice must be provided to any individual, regulatory authority, judicial authority, consumer protection bodies or others as required by applicable legal provisions regarding the protection of Personal Data, or requested at the discretion of the Owner;

The Processor may request from the Owner a reasonable compensation for support services that are not included in the description of the services and which are not due to errors, violations or conduct attributable to the Processor.

13. Management powers of the Dataholder

The Manager does not process any personal data unless on the Controller's documented instructions through this appointment and the related attached documents, unless obliged to do so by Union or Member State law.

In the event that the Dataholder requests a change in the processing of Personal Data envisaged by the documented instructions, the Manager immediately informs the Dataholder if he/she believes that such change may lead to violations of the provisions regarding the protection of Personal Data.

14. Responsibility

Each party to this agreement agrees to indemnify the other party for damages or expenses arising from its failure to comply with this agreement, including any negligent default committed by its legal representative, subcontractors, employees or other agents.

Furthermore, each party undertakes to indemnify the other party from any claims asserted by third parties due to or in connection with any negligent infringement committed by the other party.

15. Destruction and return of Personal Data

The Manager does not create copies or duplicates of the Personal Data without a written request from the Owner, with the exception of security copies, to the extent that they are necessary to guarantee the correct processing of the Personal Data, as well as for Personal Data whose conservation is required by the main contract and/or by law.

Unless there are specific conservation obligations provided for by law, including, but not limited to, those coming from the Supervisory Authority, such as to prevent the Manager from fulfilling them, at the conclusion of the provision of the service referred to in the main contract or its early termination , at the choice of the Dataholder, without placing additional costs on the Dataholder and within 30 days of the request, the Processor deletes in a manner compliant with the protection of Personal Data or returns to the Dataholder all Personal Data collected and processed pursuant to this appointment, to unless the main contract referred to in the premises, or the applicable legal provisions, require further storage of Personal Data.

In any case, the Manager may retain all the information useful to demonstrate the correct and compliant execution of the processing activities even beyond the termination of the contract;

16. Indemnity clause

The Service provided by the Manager is functional to the correct safeguarding and historicization of the preferences and consents expressed by users on the website or application of the customer, Dataholder.

Through the API service provided by the Manager, the Dataholder will be able to implement, at its discretion, the categories of information (consents and preferences), object of collection and historicization, within its website/application.

the Dataholder cannot, however, guarantee consistency between the information (consent/preference) released by the user while browsing the Dataholder's website/application and the category, nomenclature or description that the Dataholder independently decides to associate with such information.

In detail, the Manager cannot be held responsible for any mismatch between the type of information (preference, consent) released by the user when browsing the Owner's website/application and the categorization of this information through the frontend implementation or backend created by the Owner or by third parties.

The truthfulness and consistency of any data transmitted in writing via HTTP API is to be understood as the exclusive responsibility of the Dataholder, who undertakes to indemnify and hold the Manager harmless from any liability connected to the violation of the applicable law, in relation to such hypotheses, expressly indemnifying it from any request for compensation for damage, fine or claim, including from third parties (including the Guarantor Authority for the Protection of Personal Data).

DPA (Data Processing Agreement) - General Conditions - Avacy Consent Solution

Terms and definitions

Platform: Website dedicated to the provision of the service: https://avacy.eu
Dataholder (or Dataholder): Contractor of the service provided through the Platform
Dataholder (or Manager): The company Jump group S.r.l.
Sub-Processors (or Sub-Processors): vendors of the Dataholder involved in the Personal Data processing operations carried out on behalf of the Dataholder.
Interested in the processing (or interested parties): natural persons to whom the Personal Data processed by the Manager on behalf of the Owner refers.

Product description

The Consent Solution is a platform that provides APIs (Application Programming Interface) useful for managing the collection and historicization of privacy preferences and consents given by users on the Owner's websites and applications.

The APIs allow you to interact with the system for operations related to the management of user consent, such as, for example, adding user consents or obtaining their history.

The consents collected are configurable (JSON format), by entering a free number of keys and a user identifier in string format.

The implementation communicates with the platform via HTTP calls with REST API format, as described in the documentation provided during activation.

The avacy.eu website is also allowed to view the saved consents on the web, in a manner equivalent to the list of registered consents reachable via API calls.

Disclaimer

The Manager cannot, however, guarantee consistency between the information (consent/preference) released by the user while browsing the Owner's website/application and the category, nomenclature or description that the Owner decides, independently, to associate to this information.

In detail, the Manager cannot be held responsible for any mismatch between the type of information (preference, consent) released by the user when browsing the Owner's website/application and the categorization of this information through the implementation of the frontend created by the Owner or by third parties.

The truthfulness and consistency of any data transmitted in writing via HTTP API is to be understood as the exclusive responsibility of the Dataholder, who undertakes to indemnify and hold the Manager harmless from any liability connected to the violation of the applicable law, in relation to such hypotheses, expressly indemnifying from any request for compensation for damage, fines or claims, including from third parties (including the Guarantor Authority for the Protection of Personal Data).

Categories of personal data - Categories of interested parties - Source of origin of the personal data

References: articles.

The table below indicates the categories of Personal Data processed by the Processor on behalf of the Dataholder (art. 3 DPA), the categories of Data Subjects to the processing to which the Personal Data processed by the Processor on behalf of the Dataholder refers (art. 4 DPA) , as well as the Sources of origin of the Personal Data processed by the Manager on behalf of the Owner (art. 5 DPA).

Treatment operations

Provision of the consent solution service;
Debugging and maintenance of the product/service.

Categories of Personal Data (art. 3 DPA)

Timestamp of the release of consent;
Type of consent activated;
IP address;
User identifier (any personal data associated by the Dataholder with the user);
Any personal data including any particular categories of personal data pursuant to art.

Categories of interested parties (art. 4 DPA)

Users/Visitors of the website or app of the Dataholder where the Consent solution service provided by the Manager is implemented

Source of origin of Personal Data (art. 5 DPA)

By giving their consent to processing on the Dataholder's website or app, the interested party voluntarily communicates the Personal Data functional to the historicization of the consent given;
The Personal Data related to the logging of the consent given by the interested party is collected by the Manager through the consent solution tool.

Sub-processors

References: art.

The table below identifies the Sub-Processors who can access the personal data processed by the Processor on behalf of the Dataholder:

Business name	Service provided	Place of treatment	Adequate guarantees for the transfer of personal data to a third country (art. 46 GDPR)	Categories of data processed	Contact details of the privacy contact/DPO
Amazon Web Services, Inc	CDN, SMTP, VPS, Serverless Functions, Database, Storage, Backup, Logs, DNS	EU/EEA	Privacy Notice	All Personal Data processed pursuant to the DPA and this Annex.	eu-privacy@amazon.it

In the event of changes to the above list, the Dataholder will be informed through a new Attachment so that he can oppose the use of new Sub-Processors.

The new Attachment will be implicitly accepted by the Owner if he does not object within 10 days of receiving it.