Imfuna Terms of Use
Imfuna Inc. and Imfuna Limited
13 May 2019



These Terms of Use are entered into between Imfuna Ltd for UK-based individuals of 114a Cromwell Road, 3rd Floor, London, United Kingdom, SW7 4AG, and Imfuna Inc for all other individuals of 2125 Ygnacio Valley Road, Suite 200, Walnut Creek CA 94598 (“Imfuna”) and you, and by [ticking the box at the bottom of these Terms of Use] you are agreeing to the terms and conditions of these Terms of Use, as the same may be updated or changed by us from time to time and published on www.imfuna.com.

We both may also, from time to time, enter into separate arrangements for particular products or services or certain other arrangements, including without limitation in relation to pricing (each a "Separate Agreement"). These Terms of Use, together with any Separate Agreements we enter into, govern your access to, and use of, any current or future Imfuna websites or mobile applications (“Apps”), any information, text, graphics, or other materials created and/or provided by Imfuna and appearing on any of the Apps, files and any services and/or software provided through the Apps or by Imfuna. These Terms of Use limit Imfuna's liability and obligations to you, grant Imfuna certain rights and allow Imfuna to change, suspend or terminate your access to and use of the Apps, Content, Files and Services. In the event of any conflict or inconsistency between these Terms of Use and any Separate Agreement, the Separate Agreement shall prevail.

Your access to and use of the Apps, Content, files and/or services are expressly conditioned on your compliance with these Terms of Use. You may wish to save a copy of these Terms of Use for your records. In any event, be sure to regularly check www.imfuna.com for any updates or other changes, which shall be legally binding upon you when we publish them, whether or not we provide you any other notice of such updates or changes. Your continued use of the Service after any update will be deemed to represent your consent to be bound by, and agreement with, the updated or changed Terms of Use.

If you agree to these Terms of Use on behalf of a business, you represent and warrant that you have the authority to bind that business to these Terms of Use and your agreement to these Terms of Use will be treated as the agreement of the business. In that event, "you" and "your" will refer and apply to that business.



1. SERVICE DESCRIPTION


The Imfuna service consists of products, computer programs, services and websites hosted or made available by Imfuna, which you may use for capturing, organizing, searching, storing, synchronizing, recognizing, reporting, analysing, sharing and transmitting any number of notes, photos, or scanned items collected in any digital manner now known or hereafter developed (collectively, the "Service").



2. USE OF SERVICE


Subject to the terms and conditions of these Terms of Use, Imfuna grants you a limited, non-sublicensable, non-exclusive license to utilize the Service so long as (i) you are of legal age and otherwise have legal capacity to enter into a binding contract and (ii) you are not barred from receiving the Service under the laws of the country and the place where you are ordinarily resident. In order to access and/or use the Service, you may be required to provide current, accurate, identification, contact and other information as part of the registration process and/or continued use of the Service, and you will be responsible for maintaining the accuracy and completeness of such information.

You may also be provided with an account, username, password and/or an email address to access or use the Service, or to enable another to access, use and modify your reports (the "Inspection Information"). You are responsible for maintaining the confidentiality of your Inspection Information and, accordingly, will be fully responsible for all activities that occur under your account, including activities of others to whom you have provided your Inspection Information. You agree to notify Imfuna as soon as reasonably possible of any unauthorized use of your Inspection Information, account or any other breach of security.

You are solely responsible for obtaining the equipment and telecommunication services necessary to access the Service, and all fees associated therewith (such as computing devices and Internet service provider and airtime charges).


3. MEMBER CONDUCT


You acknowledge and agree that all information, data, text, images, software, sounds, graphics, video, messages, tags and other materials, in whatever form and technical structure, whether publicly posted or privately transmitted or stored using the Service ("Content"), are the sole responsibility of the person(s) originating such Content and introducing such Content into the Service. We reserve the right, but shall have no obligation, to pre-screen, reject, review, quarantine, delete or move any Content available with the Service, without obligation to any person.

You agree that you are responsible for your own conduct and all conduct under your account, and all Content that is created, transmitted, stored or displayed by anyone using your Inspection Information with the Service and for any consequences arising as a result thereof. You agree to use the Service only for purposes that are legal, proper and in accordance with these Terms of Use and any Separate Agreements you have with Imfuna, and all applicable laws and regulations in the relevant legal jurisdictions (including, without limitation, laws and regulations relating to the recording of audio, copyright laws, privacy laws and the storage and transmission of data and technology). Without limiting the foregoing, you hereby represent and warrant to Imfuna that you have the unfettered legal rights and authority to permit you to submit your Content to Imfuna in connection with your use of the Service, and such submission and the grant to Imfuna of the rights you grant herein in connection with Imfuna's offering and operation of the Service does not infringe or otherwise misappropriate the rights of any person or third party.

By submitting to Imfuna any ideas, suggestions, documents and/or proposals through the "Contact Us" or "Feedback" interface or otherwise (collectively, "Contributions"), you acknowledge and agree that: (a) your Contributions do not contain confidential or proprietary information; (b) Imfuna is not under any obligation of confidentiality, express or implied, with respect to the Contributions; (c) Imfuna shall be entitled to use or disclose (or choose not to use or disclose) such Contributions for any purpose, in any way, in any media worldwide; (d) Imfuna may have something similar to the Contributions already under consideration or in development; (e) your Contributions automatically become the property of Imfuna without any obligation of Imfuna to you; and (f) you are not entitled to any accounting, compensation or reimbursement of any kind from Imfuna under any circumstances.

You further agree to NOT:
(a) use our products or the Service for unlawful or illegal purposes or for promotion of dangerous or inappropriate activities;
(b) impersonate any person or entity, including, but not limited to, an Imfuna staff member, or falsely state or otherwise misrepresent your affiliation with Imfuna or any other person or entity;
(c) forge headers or otherwise manipulate identifiers in order to disguise the origin of any Content transmitted through the Service;
(d) upload, post or otherwise transmit any Content that you do not have a right to transmit under any law or under contractual or fiduciary relationships (such as inside information, proprietary and confidential information learned or disclosed as part of employment relationships or under nondisclosure agreements);
(e) upload, post or otherwise transmit any Content that infringes any patent, trade mark, trade secret, copyright or other proprietary rights of any party;
(f) upload, post or otherwise transmit any unsolicited or unauthorized advertising, promotional materials, "junk mail," "spam," "chain letters," "pyramid schemes" or any other form of solicitation;
(g) upload, post or otherwise transmit any material that contains software viruses or any other computer code, files or programs designed to interrupt, destroy or limit the functionality of any computer software or hardware or telecommunications equipment;
(h) interfere with or disrupt the Service or servers or networks connected to the Service, or disobey any requirements, procedures, policies or regulations of networks connected or applicable to the Service;
(i) violate any applicable local, state, national or international law, including, but not limited to any rules of any national or other securities exchange, and any regulations having the force of law;
(j) collect or store personal data about other users for commercial purposes;
(k) allow usage by others in such a way as to violate these Terms of Use;
(l) engage in commercial activities within the Service or on behalf of Imfuna without prior approval, including but not limited to the following activities:
(i) displaying a banner that is designed to profit you or any other business or organization; or
(ii) displaying banners for services that provide cash or cash-equivalent prizes to users in exchange for hyperlinks to their web sites;
(m) employ tactics to prevent the full and complete display of advertisements within the Service, including, but not limited to, making style changes, customisations or overrides that effectively block or substantially impair the display of advertisements within the Service;
(n) exceed the scope of the Service that you have signed up for, for example, accessing and using features that you do not have a right to use or deleting, adding to or otherwise changing another person’s entries or other content when you have not been granted the right to do so;
(o) access (or attempt to access) any of the Service by any means other than through the interface that is provided by Imfuna (unless you have been specifically allowed to do so in a Separate Agreement), or access (or attempt to access) any of the Service through any automated means (including use of scripts, web crawlers or the like) or otherwise engage the Service in a manner reasonably likely to be harmful to the systems operating the Service or the access or use of the Service by others; and/or;
(p) reproduce, duplicate, copy, sell, trade, resell or exploit for any commercial purposes, any portion or use of, or access to, the Service (unless you have been specifically allowed to do so in a Separate Agreement).

If you encounter any of these prohibited uses, you may use the contact form at www.imfuna.co.za and follow the instructions to submit the appropriate information to Imfuna.



4. PRIVACY


Our Privacy Policy is published at www.imfuna.com.

When Imfuna processes personal data in your Inspection Information and your Content, the parties shall comply with their obligations, and have their rights, as set out in Schedule 1 (Privacy) to these Terms of Use.



5. PROPRIETARY RIGHTS, LICENSES AND LIMITATIONS


Imfuna Rights

You acknowledge and agree that Imfuna (and any licensors to Imfuna) own(s) all legal right, title and interest in and to the Service, including, without limitation, all software comprising a part of the Service (the "Software"), and all intellectual property rights therein (whether registered or not and wherever existing in the world). You further acknowledge and agree that the rights in the Service, including all intellectual property rights, are protected by one or more of copyright, trade mark, patent, trade secret and other laws, regulations and treaties, in addition to these Terms of Use and any Separate Agreement. Except for the limited license rights specifically granted to you in these Terms of Use (and any rights expressly granted to you in a Separate Agreement), Imfuna and its suppliers own and shall retain all rights, title and interests, including, without limitation, intellectual property rights, in and to the Service and all Software utilized therein (and all copies thereof and related materials that are delivered or made available to you with the Service).

Except for the limited license and other rights granted in these Terms of Use, you retain all of the rights you had in your Content before you submitted it; unless you elect to enable others to view or have access to the Content you submit to the Service, no one else should see your Content without your consent. Of course, if you do elect to publish and share any portion of your Content you are enabling each of those permitted users access to and the ability to comment on your Content.

Imfuna hereby grants you a personal, worldwide, royalty-free, non-assignable, non-sublicensable, and non-exclusive license to use the Software provided to you by Imfuna as part of the Service as provided to you by Imfuna, for the sole purpose of enabling you to use and enjoy the benefit of the Service as permitted by these Terms of Use, until your rights are terminated in accordance with these Terms of Use.



6. SERVICE COMPONENTS


We retain the right to implement reasonable limits to the nature or size of storage available to you, the number of transmissions and email messages, the nature or size of any index or library information, the nature of, or your continued ability to access or distribute, your Content and other data, and impose other limitations at any time, with or without notice. You acknowledge that a variety of Imfuna actions may impair or prevent you from accessing your Content or using the Service at certain times and/or in the same way, for limited periods or permanently, and agree that Imfuna has no responsibility or liability as a result of any such actions or results, including, without limitation, for the deletion of, or failure to make available to you, any Content . Notwithstanding anything herein contained to the contrary Imfuna reserves the right to cease operations at any time with or without prior notice to anyone.

Imfuna may from time to time engage certain affiliates or other third parties to provide all or part of the Service to you, and you hereby acknowledge and agree that such third party involvement is acceptable. Further, you acknowledge that in using the Service to send electronic communications (including but not limited to email and uploading Content, and other Internet activities), you will be causing communications to be sent to computers used by Imfuna and third parties that are located in the European Union, the United States and other countries and that, as a result, your use of the Service will likely result in interstate data transmissions. You understand that Imfuna, in performing the required technical steps to provide the Service to our users, may make such changes to your Content as are necessary to conform and adapt that Content to the technical requirements of connecting networks, devices, services or media.



7. MODIFICATIONS


We reserve the right at any time to modify or discontinue, temporarily or permanently, the Service or any part thereof (including Software), with or without notice, provided that where such action results from wrongful conduct on our part your right to compensation is reserved. You agree that we shall not be liable to you or to any third party for any modification, suspension or discontinuance of any part of the Service.

In connection with any modification of the Service, Imfuna may automatically download and install software updates from time to time with the intention of improving, enhancing, repairing and/or further developing the Service, and you agree to permit Imfuna to deliver these to you (and you to receive them) as part of your use of the Service, except where we do so in contravention of law.



8. TERMINATION


You may discontinue your use of the Service at any time, for any or no reason and with or without notice. Imfuna may also terminate the Service, or your access to or use of the Service or your account, with or without notice. Reasons for Imfuna terminating your account or the Service include, without limitation:
(a) breach or violation of these Terms of Use or any Separate Agreement,
(b) your request or self-effecting account deletion,
(c) an extended period of inactivity (determined in Imfuna's sole discretion),
(d) your non-payment of any fees or other sums due Imfuna or any other party related to your use of the Service,
(e) requests by law enforcement or other government agencies,
(f) the discontinuance or material modification to the Service (or any part thereof), or
(g) unexpected technical or security issues or problems or
(h) for no reason at all.

Except where Imfuna has serious grounds for not doing so, Imfuna shall give you reasonable notice prior to exercising such termination rights. In the event of any termination, we will close your account and, subject to the terms and conditions of the Section 4 (Privacy) in respect of personal data, you will no longer be able to retrieve Content contained in that account or otherwise use the Service.

If you discontinue your use of the Service then, subject to the terms and conditions of Section 4 (Privacy) in respect of personal data, we will retain any Content which is stored in your account for 10 days following the date on which your use of the Service terminates. After expiry of the 10 day period, again subject to the terms and conditions of the Section 4 (Privacy) in respect of personal data, all Content stored in your account may be permanently deleted. Please ensure that you have made copies of any Content which you wish to retain prior to discontinuing your use of the Service as we will not be able to recover any Content which has been deleted after the 10 day period.


9. LINKS


We may include the use of third party resources and/or links to third party websites as part of the Service. We have no control over such sites and resources and, accordingly, you acknowledge and agree that

(a) we are not responsible for the availability of such external sites or resources;
(b) we do not endorse and are not responsible or liable for any content or other materials available from such sites or resources; and
(c) we shall not be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with use of or reliance on any such content or materials available on or through any such site or resource.



10. PRICING TERMS AND CONDITIONS


Any relevant pricing and fees, including payment terms and fee structures, are set out on our website or in direct correspondence.

Imfuna reserves the right to modify its fees and/or fee structure at any time, provided that you will have a right to cancel without penalty in the event of an increase or prejudicial change in pricing. Any change to the fees and/or fee structure will be notified to you via a notice on our Software-as-a-Service platform, and by email.

Subscription Top-Up

A minimum data spend is required for the Subscription Top-up model. Alternatively you can elect Pay-as-you-go (PAYG described below). Pricing is shown on the Imfuna app web pages or in direct correspondence.

Once the subscription is active the data and transcription minutes can be used until depleted, with no time limit. You can either top up manually or set the account to top up automatically at the given amount.

You can choose to make your account top up automatically at the prescribed amount, when there is only 5% left.

If you opt for manual renewal you may delay the upload of inspections or the transcription of dictations if the account is depleted.

You will be charged this amount every top up until you cancel or increase/decrease your subscription requirements.

All inspections incur a minimum data processing fee. Fee varies after minimum according to inspection size. Pricing is shown on the Imfuna app web pages on in direct correspondence.

Note that photos and PDFs added to the inspection after uploaded from mobile will be charged individually and will incur a transaction charge.

If you cancel your subscription you may continue to use your balances until depleted. There are no fee refunds.

To accommodate amends or changes to inspection data, you can edit your inspection data for 45-days after the inspection is created; after 45-days a new report fee is charged.

Pay-As-You-Go (PAYG)

You will be shown the charge for the data and minutes in an inspection and will be able to unlock it on an inspection-by-inspection basis. .

Pricing is shown on the Imfuna app web pages or in direct correspondence. A PAYG charge will be based on 1 Mb of data processing and minutes of transcription, if included.

All inspections incur a minimum data processing fee. Fee varies after minimum according to inspection size.

Note that Imfuna transcription of dictations will only begin when you accept the charge on the uploaded inspection. A Top-Up subscription enables Imfuna transcription services to start as soon as we receive the dictation.

Note that photos and PDFs added to the inspection after uploaded from mobile will be charged individually and will incur a transaction charge.

To accommodate amends or changes to inspection data, you can edit your inspection data for 45-days after the inspection is created; after 45-days a new report fee is charged.

Direct Debit is not available for PAYG.

All sales are final.



11. INDEMNITY


You agree to indemnify and hold Imfuna, its subsidiaries, affiliates, officers, agents, employees, advertisers and partners harmless from and against any and all claims, liabilities, damages (direct and indirect), losses and expenses (including legal and other professional fees) (collectively "Liabilities") arising from or in any way related to any third party claims relating to your use of any of the Service and/or your provision of any Content, or any violation of these Terms of Use by you or any other actions connected with your use of the Service (including all actions taken under your account), except to the extent of any contributory fault on the part of Imfuna, in which case we may be held proportionally liable. In the event of such claim, we will provide notice of the claim to the contact information we have for the account, provided that any failure to deliver such notice to you shall not eliminate or reduce your indemnification obligation hereunder.



12. DISCLAIMER OF WARRANTIES


SUBJECT TO THE TERMS AND CONDITIONS OF SECTION 14 (EXCLUSIONS AND LIMITATIONS), YOU EXPRESSLY UNDERSTAND AND AGREE THAT:

(a) YOUR USE OF THE SERVICE IS AT YOUR SOLE RISK;
(b) IMFUNA DOES NOT WARRANT THAT:
(i) THE SERVICE WILL MEET ALL OF YOUR REQUIREMENTS;
(ii) THE SERVICE WILL BE UNINTERRUPTED, TIMELY, SECURE OR ERROR-FREE; OR
(iii) ERRORS IN THE SOFTWARE WILL BE CORRECTED;
(c) ANY MATERIAL DOWNLOADED OR OTHERWISE OBTAINED THROUGH THE USE OF THE SERVICE IS DONE AT YOUR OWN DISCRETION AND RISK AND THAT YOU WILL BE SOLELY RESPONSIBLE FOR ANY DAMAGE TO YOUR COMPUTER OR OTHER DEVICE OR LOSS OF DATA THAT RESULTS FROM THE DOWNLOAD OF ANY SUCH MATERIAL, EXCEPT WHERE WE HAVE ACTED NEGLIGENTLY OR IN CONTRAVENTION OF APPLICABLE LAW.



13. LIMITATION OF LIABILITY


SUBJECT TO THE TERMS AND CONDITIONS OF SECTION 14 (EXCLUSIONS AND LIMITATIONS), YOU EXPRESSLY UNDERSTAND AND AGREE THAT IMFUNA, ITS SUBSIDIARIES, AFFILIATES AND LICENSORS, AND OUR AND THEIR RESPECTIVE OFFICERS, EMPLOYEES, AGENTS, SHALL NOT BE LIABLE TO YOU FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL OR EXEMPLARY DAMAGES, INCLUDING BUT NOT LIMITED TO DAMAGES FOR LOSS OF DEPOSITS, PROFITS, GOODWILL, USE, DATA, COVER OR OTHER INTANGIBLE LOSSES (EVEN IF IMFUNA HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES) RESULTING FROM:
(i) THE USE OR THE INABILITY TO USE THE SERVICE;
(ii) THE COST OF PROCUREMENT OF SUBSTITUTE GOODS AND SERVICES RESULTING FROM ANY GOODS, DATA, INFORMATION OR SERVICE PURCHASED OR OBTAINED OR MESSAGES RECEIVED OR TRANSACTIONS ENTERED INTO THROUGH OR FROM THE SERVICE;
(iii) UNAUTHORIZED ACCESS TO OR THE LOSS, CORRUPTION OR ALTERATION OF YOUR TRANSMISSIONS, CONTENT OR DATA;
(iv) STATEMENTS OR CONDUCT OF ANY THIRD PARTY ON OR USING THE SERVICE;
(v) IMFUNA'S ACTIONS OR OMISSIONS IN RELIANCE UPON YOUR INSPECTION INFORMATION AND ANY CHANGES THERETO OR NOTICES RECEIVED THEREFROM;
(vi) YOUR FAILURE TO PROTECT THE CONFIDENTIALITY OF ANY PASSWORDS OR ACCESS RIGHTS TO YOUR INSPECTION INFORMATION;
(vii) THE ACTS OR OMISSIONS OF ANY THIRD PARTY USING THE SERVICE;
(viii) ANY ADVERTISING CONTENT OR YOUR PURCHASE OR USE OF ANY ADVERTISED PRODUCT OR SERVICE;
(ix) DELETION OF YOUR CONTENT BY US IN ACCORDANCE WITH THE TERMS OF THESE TERMS OF USE;
(x) THE TERMINATION OF YOUR ACCOUNT IN ACCORDANCE WITH THE TERMS OF THESE TERMS OF USE; OR
(xi) ANY OTHER MATTER RELATING TO THE SERVICE.

NOTWITHSTANDING THE ABOVE, NOTHING IN THESE TERMS OF USE IS INTENDED TO EXCLUDE OUR LIABILITY FOR NEGLIGENCE, A FAILURE TO COMPLY WITH APPLICABLE LAW, OR A FAILURE OR INABILITY TO MATERIALLY PERFORM OUR CONTRACTUAL OBLIGATIONS.



14. EXCLUSIONS AND LIMITATIONS


NOTHING IN THESE TERMS OF USE IS INTENDED TO EXCLUDE OR LIMIT ANY CONDITION, WARRANTY, RIGHT OR LIABILITY WHICH MAY NOT BE LAWFULLY EXCLUDED OR LIMITED. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF CERTAIN WARRANTIES OR CONDITIONS OR THE LIMITATION OR EXCLUSION OF LIABILITY FOR LOSS OR DAMAGE CAUSED BY NEGLIGENCE, BREACH OF CONTRACT OR BREACH OF IMPLIED TERMS, OR INCIDENTAL OR CONSEQUENTIAL DAMAGES. ACCORDINGLY, ONLY THOSE LIMITATIONS IN SECTIONS 12 (DISCLAIMER OF WARRANTIES ) AND 13 (LIMITATION OF LIABILITY ) WHICH ARE LAWFUL IN YOUR JURISDICTION (IF ANY) WILL APPLY TO YOU AND OUR LIABILITY WILL BE LIMITED TO THE MAXIMUM EXTENT PERMITTED BY LAW.

ENGLISH LAW
WITHOUT LIMITING THE FOREGOING, NOTHING IN THESE TERMS OF USE SHALL EXCLUDE OR LIMIT LIABILITY FOR:
(a) DEATH OR PERSONAL INJURY TO THE EXTENT CAUSED BY THE NEGLIGENCE OR WILFUL DEFAULT OF IMFUNA OR ITS EMPLOYEES;
(b) FRAUD OR FRAUDULENT MISREPRESENTATION; OR
(c) ANY BREACH OF ANY OBLIGATIONS IMPLIED BY SECTION 12 OF THE SALE OF GOODS ACT 1979 OR SECTION 2 OF THE SUPPLY OF GOODS AND SERVICES ACT 1982; OR (d) ANY OTHER LIABILITY TO THE EXTENT THE SAME CANNOT BE EXCLUDED OR LIMITED BY LAW.



SCHEDULE 1: PRIVACY



1.1 In this Schedule 1 (Privacy):
Applicable Law” means any applicable:
(a) statute, regulation, regulatory requirement, by law, ordinance, subordinate legislation or other law (regardless of its source) or mandatory guidance or code of practice (including in each case any judicial or administrative interpretation of it), in force from time to time in any applicable jurisdiction; or
(b) judgment of a relevant court of law, or sanction, directive, order or requirement of any regulatory authority;

Controller” (or data controller), “Processor” (or data processor), “Data Subject”, “international organisation”, “Personal Data” and “processing” all have the meanings given to those terms in DP Laws (and related terms such as “process” shall have corresponding meanings);
Customer” means you;
Data Subject Request” means a request made by a Data Subject to exercise any rights of Data Subjects under DP Laws;
DPIA” means a data protection impact assessment, as described in DP Laws;
DP Laws” means:
(a) any laws or regulations implementing Council Directive 2002/58/EC (ePrivacy Directive); and
(b) the GDPR, and/or any corresponding or equivalent national laws or regulations,
in each case, as in force and applicable, and as may be amended, supplemented or replaced from time to time;
GDPR” means Regulation of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation);
Imfuna” has the meaning given to it elsewhere in these Terms of Use;
Imfuna Personnel” means individuals used by or on behalf of Imfuna in performing the Services from time to time, including Sub-Processors’ personnel;
Model Clauses” means the standard contractual clauses for the transfer of personal data from controllers to processors established in third countries which do not ensure an adequate level of data protection, as set out in the annex to European Commission Decision 2010/87/EC of 5 February 2010 which are attached as Annex B (Model Clauses);
Personal Data Breach” means a breach of security or other action or inaction leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Protected Data;
Protected Data” means Personal Data processed by Imfuna under this Agreement as a Processor on behalf of you as a Controller, including Content and Inspection Information;
Service” has the meaning given to it elsewhere in these Terms of Use;
Sub-Processor” means another Processor engaged by Imfuna for carrying out processing activities in respect of the Protected Data on behalf of the Customer; and
Supervisory Authority” means any local, national or multinational agency, department, official, parliament, public or statutory person or any government or professional body, regulatory or supervisory authority, board or other body responsible for administering DP Laws.

Scope of this Schedule, compliance with DP Laws/these Terms of Use
1.2 The Schedule shall only apply where and to the extent that the GDPR applies to the processing of Protected Data by Imfuna on behalf of the Customer.

Each party shall comply with DP Laws and its relevant obligations under these Terms of Use. Imfuna shall procure that any Sub-Processor that has access to or otherwise processes Protected Data shall comply with Imfuna’s obligations under these Terms of Use.

Processing Instructions
1.3 Where Imfuna processes Protected Data on behalf of the Customer, Imfuna shall:
1.3.1 (and shall procure that any person acting under its authority who has access to Protected Data) process the Protected Data only on and in accordance with the Customer’s documented instructions (“Processing Instructions”); and
1.3.2 immediately inform the Customer of any legal requirement under Applicable Law that would require Imfuna to process the Protected Data otherwise than only on the Processing Instructions, or if any Customer instruction infringes DP Laws.
The details of the Protected Data processing carried out by Imfuna are set out in Annex A (Data Processing Details) to this Schedule 1 (Privacy).

Security Measures
1.4 Imfuna shall implement and maintain appropriate technical and organisational measures in relation to the processing of Protected Data by or on behalf of Imfuna:
1.4.1 such that the processing will meet the requirements of DP Laws and ensure the protection of the rights of Data Subjects; and
1.4.2 so as to ensure a level of security in respect of Protected Data processed by it is appropriate to the risks that are presented by the processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Protected Data transmitted, stored or otherwise processed.

Sub-Processors
1.5 Imfuna shall not engage another Processor to perform processing activities in respect of the Protected Data on behalf of the Customer without the Customer's prior written consent and, if the Customer gives it’s consent, Imfuna shall appoint the Sub-Processor under a binding written contract (“Processor Contract”) which imposes the same data protection obligations as are contained in these Terms of Use on the Sub-Processor, in particular under paragraph 1.4 and the conditions in this paragraph 1.5 for engaging another Processor.
1.6 Without prejudice to the generality of paragraph 1.5, the Customer specifically consents to any group company of Imfuna acting as Sub-Processors. The Customer generally consents to other third parties acting as Sub-Processors (“Third Party Sub-Processors”). Imfuna will provide the Customer with information as to Sub-Processors engaged in the provision of the Services upon written request from you.
1.7 In the event that Imfuna intends to engage any new Third Party Sub-Processor, Imfuna shall notify the Customer of such intention no less than one month prior to the intended appointment date and shall include in such notification the date the third party is to be appointed as a Sub-Processor (the “Intended Appointment Date”) and information as to the identity of the intended Third Party Sub-Processor, its location and a summary of the processing to be performed by the intended Third Party Sub-Processor (each an “Appointment Notice”). In the event that the Customer objects to the appointment of the third party as a Sub-Processor, the Customer may notify Imfuna of such objection within one month of receiving the relevant Appointment Notice and such notification shall have the effect of terminating these Terms of Use on the Intended Appointment Date. In the event that these Terms of Use terminate pursuant to this paragraph 1.7, the Customer shall have no claim against Imfuna in relation to such termination or the objection to the third party as a Sub-Processor.
1.8 Imfuna shall:
1.8.1 promptly upon request by the Customer provide the relevant details of any such Processor Contract to the Customer; and
1.8.2 where that Sub-Processor fails to fulfil its data protection obligations in accordance with the Processor Contract, remain fully liable to you for the performance of that Sub-Processor’s obligations.

Imfuna Personnel
1.9 Imfuna shall ensure that Imfuna Personnel processing Protected Data have signed agreements requiring them to keep Protected Data confidential, and take all reasonable steps to ensure the reliability of the Imfuna Personnel processing Protected Data and that the Imfuna Personnel processing Protected Data receive adequate training on compliance with this Schedule 1 (Privacy) and the DP Laws applicable to the processing.

Data Subject Requests
1.10 Imfuna shall implement and maintain appropriate technical and organisational measures to assist the Customer in the fulfilment of the Customer’s obligations to respond to Data Subject Requests relating to Protected Data, including to ensure that all Data Subject Requests it receives are recorded and then referred to the Customer within three days of receipt of the request.

Imfuna Assistance
1.11 Imfuna shall provide reasonable assistance, information and cooperation to the Customer to ensure compliance with the Customer’s obligations under DP Laws with respect to: (i) security of processing; (ii) notification by the Customer of breaches to the Supervisory Authority or Data Subjects; and (iii) DPIAs and prior consultation with a Supervisory Authority regarding high risk processing.

Overseas Transfers
1.12 Imfuna shall not transfer any Protected Data to any country outside the European Economic Area or to any international organisation (an “International Recipient”) without the Customer’s prior written consent and, if the Customer consents to the transfer of Protected Data to an International Recipient, Imfuna shall ensure that such transfer (and any onward transfer): (i) is pursuant to a written contract including provisions relating to security and confidentiality of the Protected Data; (ii) is effected by way of a legally enforceable mechanism for transfers of Personal Data as may be permitted under DP Laws from time to time (the form and content of which shall be subject to the Customer’s written approval); (iii) complies with paragraph 1.4.1; and (iv) otherwise complies with DP Laws.
1.13 Without prejudice to the generality of paragraph 1.12, the Customer consents to Imfuna processing Protected Data in or from the United States, pursuant to the Model Clauses. In the event of any conflict or ambiguity between any provisions contained in these Terms of Use and the Model Clauses (if applicable), the provisions of the Model Clauses shall prevail. The Model Clauses will apply to Protected Data that is transferred outside the European Economic Area, either directly or via onward transfer, to any country not recognised by the European Commission as providing an adequate level of protection for personal data. The Model Clauses will not apply to Protected Data that is not transferred, either directly or via onward transfer, outside the European Economic Area. Notwithstanding the foregoing, the Model Clauses will not apply if the transfer is to an entity in the United States pursuant to the Privacy Shield framework (in which case paragraph 1.14 shall apply).
1.14 Without prejudice to the generality of paragraph 1.12, the Customer consents to Imfuna processing Protected Data in or from the United States pursuant to the Privacy Shield framework, where applicable.
1.15 If the European Commission Decision 2010/87/EC of 5 February 2010 or the Privacy Shield framework (as applicable) is rendered invalid, or the transfer of Protected Data in reliance on the Model Clauses or the Privacy Shield framework becomes otherwise unlawful:
1.15.1 the parties shall consider implementing an alternative safeguard to ensure that any processing of Protected Data by and on behalf of Imfuna outside the EEA (or if applicable outside the UK) is compliant with DP Laws; and
1.15.2 Imfuna shall, upon written notification from the Customer to do so:
(a) immediately cease processing Protected Data in connection with these Terms of Use outside the EEA (or if applicable outside the UK) until such time as the parties have agreed and implemented an alternative safeguard; and
(b) without delay at the request of the Customer either return all Protected Data to the Customer (including any copies) or securely destroy it.
If the parties do agree and implement an alternative safeguard in accordance with this paragraph 1.15, then all references to the Model Clauses or Privacy Shield framework (as applicable) in these Terms of Use shall be read as references to such alternative safeguard.

Records of Processing
1.16 Imfuna shall maintain complete, accurate and up to date written records of all categories of processing activities carried out on behalf of the Customer containing such information as required under DP Laws and any other information the Customer reasonably requires (“Processing Records”), and shall make available to the Customer on request in a timely manner such information (including the Processing Records) as is reasonably required by the Customer to demonstrate compliance by Imfuna with its obligations under DP Laws and these Terms of Use, which the Customer may disclose to the Supervisory Authority or any other relevant regulatory authority.

Audits and Inspections
1.17 Imfuna shall (and shall procure that its Sub-Processors shall) allow for and contribute to audits, including inspections, conducted by the Customer or another auditor mandated by the Customer for the purpose of demonstrating compliance by Imfuna with its obligations under DP Laws and under this Schedule 1 (Privacy), subject to the Customer giving Imfuna reasonable prior notice of such audit and/or inspection, and ensuring that any auditor is subject to binding obligations of confidentiality.

Personal Data Breaches
1.18 In respect of any Personal Data Breach (actual or suspected) related to the Services or these Terms of Use, Imfuna shall notify the Customer of the breach without undue delay and provide the Customer without undue delay (wherever possible, within 24 hours of becoming aware of the breach) with such details relating to the breach as the Customer reasonably requires.

Deletion/Return of Protected Data
1.19 Imfuna shall without delay, at the Customer’s written request, either securely delete or return all the Protected Data to the Customer in hardcopy or electronic form as determined by the Customer after the end of the provision of the relevant Services related to processing or, if earlier, as soon as processing by Imfuna of any Protected Data is no longer required for Imfuna’s performance of its obligations under these Terms of Use, and securely delete existing copies (unless storage of any data is required by Applicable Law, and if so Imfuna shall notify the Customer of this).

Annex A: DATA PROCESSING DETAILS



2.
Description of processing:
The Imfuna solutions consists of 2 components. [1] The Imfuna mobile apps facilitate the capture (documentation) of data using techniques as notes (typed, talk-to-text, dictation), photos (with metadata and photo mark-up), and other techniques to capture condition, identify type, flag for attention, and assign to a party. [2] The Imfuna software-as-a-service (SaaS) subscription systems enables users to verify, preview, and report on the data captured into reports that can be published, shared, and collaborated on.

Length of processing:
For the term of these Terms of Use

Purpose of processing:
For the performance of the obligations of Imfuna as set out in these Terms of Use.

Types of Personal Data being processed:
Such Personal Data as users upload to the Imfuna platform.

Special categories of Personal Data being processed:
Such special categories of Personal Data as users upload to the Imfuna platform.

Types of Data Subjects:
Users of the Imfuna platform
Individuals whose Personal Data is contained in material uploaded to the Imfuna platform by users.

Annex B: MODEL CLAUSES



From SCHEDULE 1: PRIVACY 1.1
Model Clauses” means the standard contractual clauses for the transfer of personal data from controllers to processors established in third countries which do not ensure an adequate level of data protection, as set out in the annex to European Commission Decision 2010/87/EC of 5 February 2010 which are attached as Annex B (Model Clauses);

From SCHEDULE 1: PRIVACY 1.13
Without prejudice to the generality of paragraph 1.12, the Customer consents to Imfuna processing Protected Data in or from the United States, pursuant to the Model Clauses. In the event of any conflict or ambiguity between any provisions contained in these Terms of Use and the Model Clauses (if applicable), the provisions of the Model Clauses shall prevail. The Model Clauses will apply to Protected Data that is transferred outside the European Economic Area, either directly or via onward transfer, to any country not recognised by the European Commission as providing an adequate level of protection for personal data. The Model Clauses will not apply to Protected Data that is not transferred, either directly or via onward transfer, outside the European Economic Area. Notwithstanding the foregoing, the Model Clauses will not apply if the transfer is to an entity in the United States pursuant to the Privacy Shield framework (in which case paragraph 1.14 shall apply).


For the purposes of this Annex B:
"data exporter” means the Customer; and
data importer” means Imfuna Inc.

The data exporter and the data importer, each a "party"; together "parties", for the purposes of article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection, have agreed on the following contractual clauses ("Clauses") in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Appendix 1.

Clause 1

Definitions

For the purposes of the Clauses:
(a) 'personal data', 'special categories of data', 'process/processing', 'controller', 'processor', 'data subject' and 'supervisory authority' shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data;
(b) 'the data exporter' means the controller who transfers the personal data;
(c) 'the data importer' means the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country's system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC;
(d) 'the sub-processor' means any processor engaged by the data importer or by any other sub-processor of the data importer who agrees to receive from the data importer or from any other sub-processor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract;
(e) 'the applicable data protection law' means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established;
(f) 'technical and organisational security measures' means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.

Clause 2

Details of the transfer

The details of the transfer and in particular the special categories of personal data where applicable are specified in Appendix 1 which forms an integral part of the Clauses.

Clause 3

Third-party beneficiary clause

1. The data subject can enforce against the data exporter this Clause, Clause 4(b) to (i), Clause 5(a) to (e), and (g) to (j), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third-party beneficiary.
2. The data subject can enforce against the data importer this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.
3. The data subject can enforce against the sub-processor this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the sub-processor shall be limited to its own processing operations under the Clauses.
4. The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law.

Clause 4

Obligations of the data exporter

The data exporter agrees and warrants:
(a) that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;
(b) that it has instructed and throughout the duration of the personal data processing services will instruct the data importer to process the personal data transferred only on the data exporter's behalf and in accordance with the applicable data protection law and the Clauses;
(c) that the data importer will provide sufficient guarantees in respect of the technical and organisational security measures specified in Appendix 2;
(d) that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;
(e) that it will ensure compliance with the security measures;
(f) that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;
(g) to forward any notification received from the data importer or any sub-processor pursuant to Clause 5(b) and Clause 8(3) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;
(h) to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for sub-processing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;
(i) that, in the event of sub-processing, the processing activity is carried out in accordance with Clause 11 by a sub-processor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and
(j) that it will ensure compliance with Clause 4(a) to (i).

Clause 5

Obligations of the data importer (Footnote 1)

The data importer agrees and warrants:
(a) to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
(b) that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
(c) that it has implemented the technical and organisational security measures specified in Appendix 2Error! Reference source not found. before processing the personal data transferred;
(d) that it will promptly notify the data exporter about:
(i) any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation,
(ii) any accidental or unauthorised access, and
(iii) any request received directly from the data subjects without responding to that request, unless it has been otherwise authorised to do so;
(e) to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;
(f) at the request of the data exporter to submit its data processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority;
(g) to make available to the data subject upon request a copy of the Clauses, or any existing contract for sub-processing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;
(h) that, in the event of sub-processing, it has previously informed the data exporter and obtained its prior written consent;
(i) that the processing services by the sub-processor will be carried out in accordance with Clause 11;
(j) to send promptly a copy of any sub-processor agreement it concludes under this the Clauses to the data exporter.

Footnote (1) Mandatory requirements of the national legislation applicable to the data importer which do not go beyond what is necessary in a democratic society on the basis of one of the interests listed in Article 13(1) of Directive 95/46/EC, that is, if they constitute a necessary measure to safeguard national security, defence, public security, the prevention, investigation, detection and prosecution of criminal offences or of breaches of ethics for the regulated professions, an important economic or financial interest of the State or the protection of the data subject or the rights and freedoms of others, are not in contradiction with the standard contractual clauses. Some examples of such mandatory requirements which do not go beyond what is necessary in a democratic society are, inter alia, internationally recognised sanctions, tax-reporting requirements or anti-money-laundering reporting requirements.

Clause 6

Liability

1. The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or sub-processor is entitled to receive compensation from the data exporter for the damage suffered.
2. If a data subject is not able to bring a claim for compensation in accordance with paragraph 1 against the data exporter, arising out of a breach by the data importer or his sub-processor of any of their obligations referred to in Clause 3 or in Clause 11, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract of by operation of law, in which case the data subject can enforce its rights against such entity.
The data importer may not rely on a breach by a sub-processor of its obligations in order to avoid its own liabilities.
3. If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs 1 and 2, arising out of a breach by the sub-processor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the sub-processor agrees that the data subject may issue a claim against the data sub-processor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the sub-processor shall be limited to its own processing operations under the Clauses.

Clause 7

Mediation and jurisdiction

1. The data importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject:
(a) to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority;
(b) to refer the dispute to the courts in the Member State in which the data exporter is established.
2. The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.

Clause 8

Cooperation with supervisory authorities

1. The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.
2. The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any sub-processor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law.
3. The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any sub-processor preventing the conduct of an audit of the data importer, or any sub-processor, pursuant to paragraph 2. In such a case the data exporter shall be entitled to take the measures foreseen in Clause 5 (b).

Clause 9

Governing Law

The Clauses shall be governed by the law of the Member State in which the data exporter is established.

Clause 10

Variation of the contract

The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clauses.

Clause 11

Sub-processing

1. The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the sub-processor which imposes the same obligations on the sub-processor as are imposed on the data importer under the Clauses . Where the sub-processor fails to fulfil its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the sub-processor's obligations under such agreement.
2. The prior written contract between the data importer and the sub-processor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the sub-processor shall be limited to its own processing operations under the Clauses.
3. The provisions relating to data protection aspects for sub-processing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the data exporter is established.
4. The data exporter shall keep a list of sub-processing agreements concluded under the Clauses notified by the data importer pursuant to Clause 5 (j), which shall be updated at least once a year. The list shall be available to the data exporter's data protection supervisory authority.

Clause 12

Obligation after the termination of personal data processing services

1. The parties agree that on the termination of the provision of data processing services, the data importer and the sub-processor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.
2. The data importer and the sub-processor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data processing facilities for an audit of the measures referred to in paragraph 1.

Appendix 1 to the Standard Contractual Clauses



This Appendix forms part of the Clauses and must be completed and signed by the parties. The Member States may complete or specify, according to their national procedures, any additional necessary information to be contained in this Appendix.

Data exporter
The data exporter is (please specify briefly your activities relevant to the transfer): Imfuna Ltd is a wholly owned subsidiary of Imfuna Inc. Data is accessed (Exported) for business operations and analysis as well as customer inspection processing and support.

Data importer
The data importer is (please specify briefly activities relevant to the transfer): Imfuna Ltd is a wholly owned subsidiary of Imfuna Inc. Data is accessed (Exported) for business operations and analysis as well as customer inspection processing and support.
1. Imfuna Inc personnel may assess (import) the data for aggregated business analysis. (See #1 above)
2. Imfuna Inc personnel may access the data to resolve a user support issue if the primary UK-based support staff are not available. (See #2 and #3 above)

Data subjects
The personal data transferred concern the following categories of data subjects:
Data Subject - a natural person whose personal data is processed by a controller or processor
Direct Imfuna users identifying data

Categories of data
The personal data transferred concern the following categories of data (please specify):

Special categories of data (if appropriate)
The personal data transferred concern the following special categories of data (please specify):
[[from our GDPR assessment and compliance document Section 4.9]]
Imfuna does not collect special data content for our SaaS web platform.

Processing operations
The personal data transferred will be subject to the following basic processing activities (please specify):
1. Information on general user activity is assessed in aggregate for business analysis ..such as number of active users, number of inspections, photos and dictation minutes per inspection, and optional Imfuna transcription minutes and turnaround time.
..No identifiable data exported
2. Information on user activity is assessed individually to resolve user support issues
..such as unsticking inspections, retrieving deleted inspections, and resolving subscription issues
..account email (by identifiable email or generic email)
..other identifiable data may have been entered by user such as phone and address. We can see that information in Admin Support mode but do not access it or use it for any purpose
3. Information on users clients, and the clients clients where applicable, may be included in the inspection
..Our clients (Controllers) may in the course of using our solution may present their firm information, information about their customers, and where applicable tenant/ occupant information may be captured. We can see that information in Admin Support mode but do not access it or use it for any purpose unless instructed by our user. With GDPR in force we have been asked to remove the name of a tenant from and inspection being used during a re-inspect
4. Where the user has selected to publish a report as a PDF all inspection content is sent encrypted to a US-based sub-processor under the Privacy Shield umbrella.
5. User data may be exported to our Support tool to log tickets and track them through resolution.
6. User data is captured in our CRM system under the Privacy Shield umbrella.
7. User email (by identifiable email or generic email) is used in our Bulk Email tool to communicate on system maintenance, software changes, and software enhancements.

Appendix 2 to the Standard Contractual Clauses



This Appendix forms part of the Clauses and must be completed and signed by the parties. Description of the technical and organisational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c) (or document/legislation attached)

This Appendix forms part of the Clauses and must be completed and signed by the parties. Description of the technical and organisational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c) (or document/legislation attached):
Imfuna takes the privacy and security of individuals and their personal information very seriously and take every reasonable measure and precaution to protect and secure the personal data that we process. We have robust information security policies and procedures in place to protect personal information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures, including:
• The SaaS platform uses SSL
• The SaaS platform requires an email and password for access
• We encrypt the SaaS platform password; We cannot supply the password on user request; user reset their passwords
• For transcription services the end user is referred to by a pseudonym
• Only Imfuna personnel with a genuine need to access data for support purposes are allowed to view live data and these users are strictly authenticated
• Passwords are changed on employees leaving the company
• Passwords and keys to third party systems, necessary for access to secure elements such as payment gateways, are not hard coded into the application code but stored in specific files in the appropriate environment, and accessed through the automated deployment process only.
• Access to all pages in the system are authorised as appropriate, requiring a logged in user and the necessary level of access. For example an end user cannot edit the URL to gain access to another user’s information. Regular checks are made of all endpoints to this effect.