Legal agreements

1. Terms and Conditions

IREV 

Terms and Conditions

 

Last Updated:  September, 2024

 

Welcome to IREV!

 

These Terms and Conditions (“Terms” or “Terms and Conditions”) contain the agreement between you and IREV and explain how you may use this website or our Services connected with the same. Please read these Terms carefully. Please also read our Privacy policy.

 

You form a contract with us when you confirm that you accept these Terms or when you otherwise use the IREV.

 

This is a contract between you and IREV. You should read it.

 

WHO WE ARE

The company that you are contracting with is:

 

DA PLATFORM500 SOFTWARE DISTRIBUTION HK LIMITED, a limited liability company incorporated in Hong Kong with company registration number 2943843 and registered address at Office A, 16/F., Heng Shan center, 145 Queen’s Road East, Wan Chai, Hong Kong

 

Hereinafter “IREV”, “we”, “our”, “us” in these Terms, we are referring to that specific company unless we say otherwise.

 

Non-legally-binding-introduction

 

In technical terms, IREV is a SaaS platform that allows brands to create, track and optimize partner programs, manage leads, and increase ad campaigns conversion rates. But behind every technology, there is a group of devoted people. And these people are also IREV.

 

At IREV, we are passionate about building software that solves business problems. We partner with Advertisers, Publishers, and Networks to transform the way they interact, use technology and work with data. Our software is used to increase productivity, optimize processes, and see results in ROI instantly.

 

Our goal is to revolutionize the way advertisers, publishers, and networks interact & give them the ability to reach their desired audience through our powerful technology and service.

 

By getting access to IREV, you get the following extensions:

 

by using our Partner Platform: 

 

  1. Gain secure access to and distribute your insights with our enhanced statistics functionality. 
  2. Utilize our analytics solution, featuring detailed drilldown reports and precise click and conversion metrics, to fully leverage your data. 
  3. Tailor reports to align with your business objectives, ensuring that you focus exclusively on relevant data. 
  4. Our advanced statistics filters enable you to efficiently sift through information, isolating critical insights. 
  5. Optimize operations with comprehensive management control, utilizing bulk actions for efficiency and smart notifications for timely updates. 
  6. Seamlessly manage affiliate and advertiser accounts, ensuring effective collaboration and performance tracking. 
  7. Customize user permissions for enhanced security and operational flexibility.
  8.  Align commissions and payment rules with your business strategy to improve financial management.
  9. and much more!

 

by using our Lead Distribution:

 

  1. Distribute: Master your traffic with the rotation system that handles lead distribution from sources to advertisers.
  2.  Analyze: Prepare drill-down reports, visualize data trends over intervals of time, view and compare data based on a set of popular categories like time interval, start & end date, GEO, CTA, affiliates, etc.
  3. Manage: make it easy to run your business on IREV with a custom domain that’s personalized to your business. Also, make your brand recognizable with custom design that we can implement for you.
  4. Optimize: easily manage multiple language funnels and direct traffic to the relevant language page, monetize non-targeted traffic by re-processing and re-pushing leads to another final advertiser, with or without rotation, run AB tests to compare the performance of different funnels and choose the one that converts better.

 

and other features.

 

– end of the non-legally-binding-introduction –

 

These Terms constitute a legally binding contract between you and IREV. Terms govern your use of IREV. By accessing or using IREV, you agree to be bound by these  Terms. If you do not agree to these Terms, then you may not use IREV.

 

Contents

 

IREV

Terms and Conditions

Contents

  1. Definitions
  2. Acceptable Use Policy
  3. Access to the Service
  4. Use of the IREV
  5. Ownership and Rights
  6. Indemnification
  7. Disclaimer of Warranties
  8. Limitation of Liability
  9. Illegal Activities and Law Enforcement Cooperation
  10. Personal Data and Privacy
  11. Governing Law and Dispute Resolution
  12. Changes to these Terms
  13. Termination
  14. Contact Us


1. Definitions

 

Acceptable use policy” means the policy, which governs your permitted use of the Website and IREV;

 

“Authorized User means Client’s authorized person with a valid IREV ID and password to access the Services. 

 

Client means any person who has expressed an intention to and got an access to the Services available through IREV along with its Authorized Users. Usually the Client means You.

 

Dedicated Domain” means the domain individually assigned by IREV through the Subscription to enable the Client to use the Services.

 

IREV” means SaaS (Software-as-a-service) platform that provide You with the Services through the Subscription or fixed payment. 

 

Services means the provision of the following services, that can be available through the IREV:

 

Subscription” means getting the access to the Lead Distribution and Partner Platform Services by periodically charged payments.

“User” means any person who somehow interacts with IREV.

 

Website” means https://irev.com/ .

 

DISCLAIMER  

 

FOR THE AVOIDANCE OF DOUBT, IREV IS A PROVIDER OF SOFTWARE AND DEDICATED DOMAIN. 

IN ORDER TO GET ALL FEATURES FROM OUR SERVICES, YOU CAN LINK AUTHORIZED ACCOUNT WITH IREV IN THE CASE YOU HAVE A STRICT PERMISSION FROM SUCH USERS. UNDER NO CIRCUMSTANCES, WE ASSURE YOU, THAT WE DO NOT HAVE ACCESS TO SUCH AUTHORIZED USERS. 

YOU REPRESENT AND WARRANT, AND CAN DEMONSTRATE FULL SATISFACTIONS UPON REQUEST TO US THAT YOU (I) OWN OR OTHERWISE CONTROL ALL RIGHTS AND PERMISSIONS TO ENTER INTO THESE TERMS AND TO GRANT ALL THE RIGHTS TO AUTHORIZED USERS FOR THE DEDICATED DOMAIN; (II) YOU HAVE FULL AUTHORITY TO ACT ON BEHALF OF ANY AND ALL OWNERS OF ANY RIGHT, TITLE OR INTEREST IN AND TO ANY CONTENT.

 

2. Acceptable Use Policy

 

You agree that you will not:

  • Use IREV to promote, engage in, or facilitate any illegal activity;
  • Use IREV to upload, post, or otherwise transmit any сontent that is illegal, harmful, threatening, abusive, harassing, defamatory, obscene, or otherwise objectionable; 
  • Use IREV to upload, post, or otherwise transmit any content that infringes or violates any intellectual property, privacy, or publicity rights of any third party;
  • Use IREV to distribute unsolicited or unauthorized advertising, promotional materials, or spam; 
  • Use IREV to distribute viruses, worms, Trojan horses, or other harmful software;
  • Use IREV in any way that could interfere with, disrupt, or negatively affect the IREV or the servers, networks, or other infrastructure underlying IREV;
  • Attempt to gain unauthorized access to any portion or feature of IREV, or any other systems or networks connected to IREV, by hacking, password “mining,” or any other illegitimate means;
  • Use any robot, spider, crawler, scraper, or other automated means or interface not provided by us to access IREV or to extract data;
  • Reverse engineer any aspect of IREV or do anything that might discover source code or bypass or circumvent measures employed to prevent or limit access to any area, content, or code of IREV;
  • Engage in any activity that interferes with or disrupts IREV (or the servers and networks that are connected to IREV), including by transmitting any worms, viruses, spyware, malware, or any other code of a destructive or disruptive nature

We reserve the right to investigate and take appropriate legal action against anyone who, in its sole discretion, violates this Acceptable Use Policy, suspending or terminating the account of such violators, and reporting such violators to law enforcement authorities.

3. Access to the Service

 

3.1 Eligibility and User Permissions

 

IREV is available to entities that can form legally binding contracts under applicable law.

 

3.2 Registration

 

To access and use the IREV, you must register for an account by providing us with current, accurate, and complete information as prompted by the registration process. You are responsible for keeping your account information up-to-date and accurate at all times. We reserve the right to refuse registration of or cancel any account in our sole discretion, including, but not limited to, accounts that violate our Acceptable Use Policy or that may be offensive, illegal, or violate any party’s intellectual property rights.

 

3.3. If you are using or opening an account on behalf of a company, entity, or organization, then you represent and warrant that you: (i) are an authorized representative of that company and any individual represented by such company with the authority to bind such company to these Terms and (ii) agree to be bound by these Terms on behalf of such company.

 

3.4. You agree that you will not sell, trade, or transfer your account or account access to any other party without our prior written consent. If You are an owner of a company and your account is deleted or suspended for any reason.

 

3.5. If You use an account on behalf of a company, you may generate various numbers of roles and provide access to an unlimited number of users in order to manage the account. By doing that You can grant different types of access to IREV. In the case You provide such accesses, you represent and warrant to us that such users correspond and bind with the Terms.

 

3.6 Account Security

 

You are responsible for maintaining the confidentiality of your login credentials and for any activity that occurs under your account. You agree to notify us immediately of any unauthorized access to or use of your account or any other breach of security. We reserve the right to require you to change your password if we believe that your account is no longer secure. You agree that you will not share your login credentials with anyone else or allow anyone else to access your account.

 

3.7 Availability

 

We may update, pause, or discontinue the IREV service when necessary, aiming to notify you in advance whenever possible. While we strive to provide uninterrupted service, there may be occasions where adjustments are required. Please note, we cannot be held responsible for any potential impacts caused by changes, temporary pauses, or the discontinuation of the Service,unless provided in SLA (Service Level Agreement). Additionally, we reserve the right to manage access to the Service as needed.  

4. Use of IREV

 

4.1. License

 

Subject to these Terms, we grant you a limited, non-exclusive, non-transferable, revocable license to use IREV solely for your personal or internal business purposes. Except as expressly authorized by us, you may not modify, reverse engineer, copy, distribute, transmit, display, perform, reproduce, publish, license, create derivative works from, transfer or sell any data or other materials contained in IREV. You also may not access or use IREV for any purpose prohibited by applicable law or these Terms.

 

4.1.1. License Restrictions

 

You may not copy, modify, distribute, sell, or lease any part of IREV or its code without our prior written consent. You may not reverse engineer or attempt to extract the source code of IREV unless it is expressly permitted by applicable law. You may not use any automated tools or scripts to access or use the Service unless it is expressly permitted by us in writing.

 

4.1.2. Content License

 

By submitting data, you grant us a non-exclusive, royalty-free, transferable, sublicensable, worldwide license to use, display, reproduce, distribute, and modify your data in connection with providing IREV to you and other Authorized Users. It means that you provide us with the ability to use, show, copy, share, and make changes to your data as needed for the services and that your data will be accessible to your Authorized Users. The license you grant is non-exclusive (you can still use your data as you wish), royalty-free (you won’t be charged for this usage), transferable and sublicensable (we can allow others, like our service partners, to use it as needed), and applies globally. We ask you about such rights only to make IREV accessible for You and Authorized Users

 

4.1.3. Termination of License

 

We may terminate your license to use IREV under the following circumstances:

 

4.1.3.1. By providing 30 days’ prior notice for any reason.

4.1.3.2. Immediately, if we detect any illegal interference or unauthorized actions that compromise the operation of the services.

4.1.3.3. If we are required to restrict access due to a request from authorized regulatory or governmental bodies.

 

4.2. Disclaimer of Warranties

 

Unless specified in SLA (Service Level Agreement), IREV is provided on an “as is” and “as available” basis, without any warranty of any kind, express or implied, including, but not limited to, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement. We do not warrant that the Services will be uninterrupted or error-free, that defects will be corrected, or that the Services is free of viruses or other harmful components. You assume all responsibility and risk for your use of the Services.

 

4.3. Limitation of Liability

 

In no event will we be liable to you or any third party for any indirect, incidental, special, consequential, or punitive damages arising out of or in connection with your use of the Services or these Terms, even if we have been advised of the possibility of such damages. Our liability to you or any third party in any circumstance is limited to not greater than (i) the amount of fees you have paid to us in the twelve (12) months prior to the action giving rise to liability. We are not responsible for any content provided by Creators, and we disclaim all liability with respect to such content. We do not guarantee the accuracy, completeness, or usefulness of any data on the Services or any portion thereof. We are not responsible for any errors or omissions in any content, or for any loss or damage of any kind incurred as a result of the use of any data, emailed, transmitted, or otherwise made available via the Services.

 

4.5. Entire Agreement

 

These Terms, Payment and Refund Policy, our Privacy Policy constitute the entire agreement between you and IREV with respect to IREV and supersede all prior or contemporaneous communications and proposals (whether oral, written or electronic) between you and us with respect to the Services. If any provision of these Terms is found to be unenforceable or invalid, the remaining provisions will remain in full force and effect and an enforceable term will be substituted reflecting our intent as closely as possible.

5. Ownership and Rights

 

5.1. Ownership

 

As between you and us, You retain all ownership rights in the data you create or post using IREV. You are solely responsible for the information you create or post and the consequences of sharing or publishing it.

 

5.2. Feedback

 

If you provide us with any suggestions, comments, or other feedback relating to IREV (collectively, “Feedback”), you grant us a non-exclusive, perpetual, irrevocable, royalty-free, worldwide right and license to use, reproduce, disclose, sublicense, distribute, modify, and otherwise exploit the Feedback without restriction or compensation to you.

 

5.3. Publicity

 

You agree that we may use your name and logo to identify you as a User of IREV in our promotional materials, including on our Website and in our marketing and advertising campaigns, unless otherwise specified in Non-Disclosure Agreement.

6. Indemnification

 

6.1. You agree to indemnify, defend, and hold harmless IREV, our affiliates, and our respective officers, directors, employees, agents, and representatives from and against any and all claims, damages, obligations, losses, liabilities, costs, and expenses (including reasonable attorneys’ fees) arising out of or in connection with (i) your use of IREV, (ii) your data, (iii) your breach or alleged breach of these Terms, (iv) your violation of any law, regulation, or third-party right, and (v) any dispute between you and any third party.

 

6.2. We reserve the right to assume, at our sole expense, the exclusive defense and control of any matter subject to indemnification by you, in which event you will cooperate with us in asserting any available defenses.

 

6.3. This indemnification provision will survive the termination of these Terms and your use of IREV.

7. Disclaimer of Warranties

 

7.1. No Warranty

 

You acknowledge and agree that IREV is provided on an “as is” and “as available” basis. We do not make any representations or warranties of any kind, express or implied, including, but not limited to, warranties of merchantability, fitness for a particular purpose, non-infringement, or course of performance, except as expressly provided in these Terms.

 

IREV makes any representations about the accuracy, safety, reliability, currency, quality, completeness, usefulness, performance, security, legality, or suitability of the platform or any of the information contained therein.

 

7.2. No Endorsement

 

We do not endorse, warrant, or guarantee any products, services, or Content that may be advertised or promoted on IREV by third parties. We do not make any representations or warranties regarding the quality, reliability, timeliness, or accuracy of any such products, services.

 

7.3. No Liability

 

You acknowledge and agree that we have no liability for any errors or omissions in any use of the Services, or for any loss or damage of any kind incurred as a result of the use of the Services. You further acknowledge and agree that we have no liability for any interruptions or cessation of the Services, whether caused by us or a third party.

 

7.4. No Guarantee

 

You acknowledge and agree that we do not guarantee that IREV will be uninterrupted, error-free, or free of viruses or other harmful components. You are responsible for implementing sufficient procedures and checkpoints to satisfy your particular requirements for anti-virus protection and accuracy of data input and output, and for maintaining a means external to the Services for any reconstruction of any lost data.

 

7.5. Exclusions 

 

Some jurisdictions do not allow the exclusion of certain warranties or the limitation or exclusion of liability for incidental or consequential damages. Accordingly, some of the above limitations may not apply to you. To the extent that we may not, as a matter of applicable law, disclaim any implied warranty or limit its liabilities, the scope and duration of such warranty and the extent of our liability will be the minimum permitted under such applicable law.

8. Limitation of Liability

 

8.1. We will not be liable to you or any third party for any indirect, incidental, special, consequential, or punitive damages arising out of or in connection with your use of the Services or these Terms, even if we have been advised of the possibility of such damages. Our liability to you or any third party in any circumstance is limited to the amount paid by you to us during the six (6) months prior to the action giving rise to liability.

 

8.2. Some jurisdictions do not allow the exclusion or limitation of incidental or consequential damages, so the above limitation or exclusion may not apply to you. In such jurisdictions, our liability will be limited to the maximum extent permitted by law.

 

8.3. We are not liable for any failure or delay in performing our obligations under these Terms where the failure or delay results from any cause beyond our reasonable control, including acts of God, labor disputes or other industrial disturbances, systemic electrical, telecommunications, or other utility failures, earthquake, storms or other elements of nature, blockages, embargoes, riots, acts or orders of government, acts of terrorism, or war.

9. Illegal Activities and Law Enforcement Cooperation

 

9.1. Reporting

 

If you become aware of any illegal or unauthorized use of the Services, please contact us immediately. We reserve the right to investigate any such use and take appropriate action, including but not limited to terminating a User’s account and reporting such use to law enforcement authorities.

 

9.2. No Liability

 

We will not be liable to you or any third party for any damages or losses resulting from our cooperation with law enforcement agencies or any disclosures made in compliance with applicable laws, regulations, legal processes, or government requests.

10. Personal Data and Privacy

 

10.1. Your privacy and personal information are important to us. Any personal information that you provide to us will be dealt with in line with our Privacy policy, which explains what personal information we collect from you, how and why we collect, store, use and share such information, your rights in relation to your personal information and how to contact us and supervisory authorities in the event you have a query or complaint related to the use of your personal information. We do not have control over the personal information that you receive from Autorised Users.

 

10.2. Autorised Users personal data

 

If you represent more than one Autorised User, you guarantee to us that you get full permission to get access to their personal data and will act as a controller of their personal data in relation to us.

 

10.3. Third-Party Providers

 

We use third-party providers to process payments and other financial transactions on the Services. Any such information is subject to our Privacy Policy, the third-party providers’ privacy policies and security protocols.

11. Governing Law and Dispute Resolution

 

11.1. Governing Law

 

These Terms and your use of IREV shall be governed by and construed in accordance with the laws of England and Wales.

 

11.2. Dispute Resolution

 

Any dispute, controversy or claim arising out of or in connection with this contract, or the breach, termination or invalidity thereof, shall be subject to the exclusive jurisdiction of the courts of the Republic of Cyprus.  .

 

11.3. No Class Actions

 

You waive any right to participate in a class action lawsuit or class-wide arbitration against us.

 

11.4. Injunctive Relief

 

Notwithstanding the foregoing, we may seek injunctive or other equitable relief to protect our intellectual property rights and confidential information in any court of competent jurisdiction.

12. Changes to these Terms

 

12.1. Amendments

 

We reserve the right to modify or update these Terms at any time, in our sole discretion. If we make any material changes to these Terms, we will notify you by posting a notice on Website or by sending an email to the address associated with your account. Your continued use of the IREV after the effective date of any such changes constitutes your acceptance of the revised Terms.

 

12.2. Termination

 

We may terminate or suspend your access to the IREV under the following circumstances:

 

12.2.1. By providing 30 days’ prior notice for any reason.

12.2.2. Immediately, if we detect any illegal interference or unauthorized actions that compromise the operation of the services.

12.2.3. If we are required to restrict access due to a request from authorized regulatory or governmental bodies

 

Upon any termination or suspension, your right to use the IREV will immediately cease, and we may, without liability to you or any third party, immediately deactivate or delete your account and all related data.

 

12.3. Survival

 

The following provisions will survive any termination or expiration of these Terms: Ownership and Rights, Indemnification, Disclaimer of Warranties, Limitation of Liability, and Governing Law and Dispute Resolution.

 

12.4. Entire Agreement

 

These Terms, together with any separate agreement between you and us, constitute the entire agreement between you and us regarding IREV and supersede all prior agreements and understandings, whether written or oral, relating to IREV.

 

12.5. Waiver and Severability

 

Our failure to enforce any right or provision of these Terms will not be deemed a waiver of such right or provision. If any provision of these Terms is found to be invalid or unenforceable by a court of competent jurisdiction, such provision will be severed from the remainder of these Terms, which will remain in full force and effect.

13. Termination

 

13.1. By You

 

You may terminate your account at any time by contacting our support team or by following the instructions in your account settings. Upon termination, we will delete your account and all of your content from our servers, except as set forth below.

 

13.2. By Us

 

We may terminate your account at any time, with or without cause, at our sole discretion. In the event of termination by us without cause, we will refund you any unused portion of any fees you have paid to us. In the event of termination by us for cause, we will not refund any fees you have paid to us.

 

13.3. Effect of Termination

 

Upon termination of your account, all licenses granted to you by us will immediately terminate. You will no longer have access to IREV, and any content or other data associated with your account may be deleted.

14. Contact Us

 

If you have any questions or concerns about these Terms or IREV, please don’t hesitate to contact us at [email protected].

 

We appreciate your feedback and welcome any suggestions you may have for improving IREV. We would also like to express our gratitude to you for using our platform and being a valued member of our community.

2. Privacy Policy

IREV Privacy Policy

At IREV, we prioritize your privacy and aim to be transparent about how we collect, use, and protect your personal information. This privacy policy is designed to inform you about the types of information we gather, how we use it, and your rights regarding that information.

 

When forming a business relationship with us, please be informed that the legal entity representing us and acting as the data controller or processor of personal data is

 

DA PLATFORM500 SOFTWARE LIMITED, a limited liability company incorporated in Cyprus with company registration number HE 384297 and registered address at Ioanni Stylianou 6, Floor 2, Flat 202, 2003, Nicosia, Cyprus.

Contents

Privacy Policy

  1. Personal Information We Collect

1) Registration

Personal Information

Account Credentials

2) Billing

Payment Information

Personal Information

3) Third-Party Information

4) Information Collected Automatically

Usage Data

Device Information

Cookies and Tracking Technologies

Log Data

Geolocation Data

  1. How We Collect Personal Information

Directly From You

Automatically

From Subscription Holders

  1. How We Use Your Data

Subscription Processing and Account Management

Communication and Offers

Legal and Compliance Obligations

Security and Fraud Prevention

  1. How Your Data Is Stored
  2. Marketing
  3. Data Processing Clause

Processing on Written Instructions

Confidentiality

Security Measures

Subprocessing

Assistance with Data Subject Rights

Support for GDPR Compliance

Data Deletion or Return

Audit and Compliance

  1. Data Protection Rights

The Rights to Access

The Rights to Rectification

The Rights to Erasure 

The Right to Restrict Processing

The Right to Object to Processing

The Right to Data Portability

  1. Cookies
  2. Privacy Policies of Other Websites
  3. Updates to IREV’s Privacy Policy
  4. How to Contact Us
  5. How to Contact the Appropriate Authority

1. Personal Information We Collect

  1. Registration

To access and utilize our services, you are required to create an account with IREV, either thorough a subscription or demo subscription. During the registration process, we collect from you the following information: 

Personal Information

This includes your name, email address, phone number, and any other information that identifies you. 

Account Credentials

This includes your account name and any passwords or other security-related information. 

 

We take the security of your account information seriously. All account credentials, including your password, are securely protected through encryption and other security measures to ensure your information remains confidential.

Upon successful registration, your account is assigned a unique Account ID number. This ID helps us recognize and authenticate you whenever you sign in, ensuring a seamless and secure experience.

  1. Billing

To process payments for your subscriptions and ensure uninterrupted access to our payable services, we collect the following billing information:

Payment Information

We may collect payment-related details. These details may include billing addresses, account information for alternative payment methods (e.g., bank transfers, digital wallets). This information is collected solely for the purpose of facilitating payments and maintaining transaction records, and it will be handled in accordance with applicable data protection laws. 

This includes you debit card details and any other necessary payment-related information.

Personal Information

This includes your name, date of birth (to provide you with time-to-time gifts), billing address, telephone number, Telegram accounts, and email address.

 

We handle all billing information with the highest level of security and confidentiality, ensuring that your payment details are protected throughout the transaction process on our website.

 

  1. Third-Party Information

Any information related to third parties that is entered into our platform by a subscription holder. This can include personal information of third parties that pertains to their partnership with the subscription holder, as well as details on third-parties business activities.

 

All information, regarding third-parties is handled with the highest degree of security for personal data protection.

  1. Information Collected Automatically

When you use our services, certain information may be collected automatically to help us improve your experience and maintain the security and functionality of our platform. 

This information includes:

Usage Data

Details about how you interact with our platform, such as the features you use, the time and duration of your visits, and your navigation through the different pages of our website. 

Device Information

This includes information about the device you use to access our services on the website, such as, device type, its operational system, your device’s browser type, your device’s IP address, and your device’s unique identifiers.

Cookies and Tracking Technologies

We utilize cookies and other tracking technologies to allow us to remember your preferences, and gather insights into how our services are being used. More information about cookies can be found here.

Log Data

Our services automatically collect and store information about your logins in the log files. This may include your IP address, browser type, referring/exit pages, and timestamps of your interactions with our services.

Geolocation Data

Depending on your device settings, we may collect information about your location to provide location-based services. 

When you provide your billing address as part of your subscription, we utilize that information primarily for payment processing and to ensure compliance with legal regulatory requirements. This ensures that your transactions are secure and align with any relevant financial regulations. 

2. How We Collect Personal Information

Directly From You

Mostly the information we collect is provided directly by you during the registration process, when you provide your account details or update your account details, or when you interact with our customer support team via email. This includes such personal information as email address, phone number, payment details.

Automatically

As it was already mentioned, certain information is collected automatically when you interact with our platform. 

From Subscription Holders

If you are a third party associated with one of our subscription holders, your personal information may be entered into our platform by the subscription holder themselves, particularly in relation to partnerships.

3. How We Use Your Data

IREV collects your personal data for the following purposes:

Subscription Processing and Account Management

We use your personal data to process your subscription, ensuring that you have access to the services you have subscribed to. This includes managing your account details, processing payments, and providing customer support as needed.

Communication and Offers

Your data is also used to communicate with you about your account and our services. We may email you with important updates, information, such as changing your subscription type or cancelling your subscription, updating you on your subscription status, as well as promotional offers on our products that we believe may be of interest to you.

Legal and Compliance Obligations

Your data may be used to fulfill legal and regulatory obligations, such as complying with financial regulations, responding to lawful requests from authorities, and ensuring that our services meet the necessary compliance standards. 

Security and Fraud Prevention

We use your data to protect the security of our platform, including detecting and preventing fraud, unauthorized access, and other malicious activities that could compromise your account or our services.

4. How Your Data Is Stored

Your data is stored securely within our systems using industry-standard encryption and security protocols to safeguard against unauthorized access or breaches. We retain your data for a reasonable time-period, according to our internal policies, after which it is automatically deleted to ensure your privacy. Importantly, we do not store any credit card numbers or sensitive payment information on our servers. All such data is handled by our trusted third-party payment processor, which adheres to the highest standards of security and compliance.

5. Marketing

IREV may send you emails about sales, special offers, updates on our services, and other promotional content. If you have chosen to receive these marketing communications, please know that you can opt out at any time. You have the right to withdraw your consent for IREV to contact you for marketing purposes or to share your information with our partners. 

 

If you decide you no longer want to receive marketing communications from us, simply click here to unsubscribe.

6. Data Processing Clause

In compliance with General Data Protection Regulation Article 28, Section 3, the following provisions outline the commitments between You (as the Data Controller) and IREV (as Data Processors) that obtain personal data from data subjects on behalf of the Data Controller.

These provisions ensure that personal data is handled in compliance with GDPR standards. For a comprehensive overview of these commitments, please refer to our Data Processing Addendum.

7. Data Protection Rights

At IREV we are committed to ensuring that you are fully informed of your data protection rights. As our customer, you are entitled to the following rights under data protection laws: 

The Rights to Access

You have the rights to request copies of your personal data that IREV holds. We may, however, charge a small fee for this service.

The Rights to Rectification

You have the rights to request that any inaccurate or incomplete personal data we hold about you be corrected or updated without undue delay.

The Rights to Erasure

You have the “right to be forgotten,” to request the deletion of your personal data, under certain conditions.

The Right to Restrict Processing

You have the right to request that we limit the processing of your personal data, under certain circumstances, for example, if you contest the accuracy of the data or object to its processing.

The Right to Object to Processing

You have the right to object to the processing of your personal data if the processing is based on our legitimate interests or if the data is being processed for direct marketing purposes.

The Right to Data Portability

You have the right to request that your personal data be transferred to another organization, or directly to you, in a structured, commonly used, and machine-readable format, where technically feasible.

 

If you wish to exercise any of these rights, please contact us via email. We will respond to your request within one month, ensuring that your rights are respected and upheld.

email: [email protected] 

8. Cookies

For a comprehensive understanding of what cookies are and how you can manage them, click here for detailed information.

9. Privacy Policies of Other Websites

IREV’s website may contain links to external websites. Please note that our privacy policy applies solely to our own site. Therefore, if you click on a link to another website, it’s important to review their privacy policy.

 

10. International Data transfers

 

We may store or transfer personal data within and outside the European Economic Area (EEA) for the purposes stated in this policy. If so, we will comply with the applicable laws relating to data transfer outside the EEA. 

Some of our third-service providers are located in the United States, where the level of personal data protection may not be the same as in the EU or the UK. We take all necessary steps towards securing your personal data and its transfer, and our third-service providers utilize different safety mechanisms, like Standard Contractual Clauses approved by the European Commission. 

However, you must understand that some risks to security of the data may exist and you agree to this by agreeing to our Terms of use and this Privacy policy.

 

11. Updates to IREV’s Privacy Policy

We regularly review and update our privacy policy, posting any changes on this webpage. The most recent update was made on -, 2024.

12. How to Contact Us

If you have any questions about our company’s privacy policy, the data we hold about you, or if you wish to exercise your data protection rights, please feel free to reach out to us.

 

You can contact us by writing to our address: [email protected]

13. How to Contact the Appropriate Authority

If you wish to file a complaint or feel that our company has not adequately addressed your concerns, you can contact the Information Commissioner’s Office.

Email: [email protected]

 

3. Cookies Policy

IREV Cookies Policy

Introduction

At IREV, we are committed to respecting your privacy and ensuring that your personal data is protected. This Cookies Policy explains how we use cookies and similar tracking technologies on our website in compliance with the General Data Protection Regulation.

Contents

IREV Cookies Policy

Introduction

What are Cookies?

Types of Cookies We Use

How We Use Cookies

Your Consent and Managing Cookies

Third-Party Cookies

Data Protection and Privacy

Updates to This Cookies Policy

Contact Us

What are Cookies?

Cookies are small text files that are placed on your device when you visit a website. They allow the website to recognize your device and store information about your preferences or actions over time. Cookies can improve your browsing experience by remembering your settings, enabling you to navigate between pages efficiently, and providing you with personalized content.

Types of Cookies We Use

  1. Strictly Necessary Cookies: These cookies are essential for the operation of our website. They enable you to navigate the site and use its features, such as accessing secure areas. Without these cookies, certain services you have requested, such as logging in or making purchases, cannot be provided.
  2. Performance Cookies: These cookies collect information about how visitors use our website, such as which pages are visited most often. This data helps us understand how users interact with our site and improve its performance. All information collected by these cookies is aggregated and therefore anonymous.
  3. Functionality Cookies: These cookies allow our website to remember choices you make, such as your username, language, or region, and provide enhanced, more personalized features. They can also be used to remember changes you have made to text size, fonts, and other customizable parts of the website. The information these cookies collect may be anonymized, and they cannot track your browsing activity on other websites.
  4. Targeting/Advertising Cookies: These cookies are used to deliver content that is more relevant to you and your interests. They may be used to deliver targeted advertisements or to limit the number of times you see an ad. They also help us measure the effectiveness of our advertising campaigns. These cookies remember that you have visited our website and may share this information with third parties, such as advertisers.

 

The table below provides more information about the cookies we and our third-party service providers use and why.

 

Cookie name Cookie type Storage period Description
AMP_ functionality 1 year used to collect data on how users interact with AMP-enabled pages. This information can include metrics such as page views, user engagement, and load times. Analytics data helps website owners and developers understand the performance of their AMP content.
_hjSessionUser_ functionality 365 days used to

  • set when a user first lands on a page;
  • persists the Hotjar User ID which is unique to that site. Hotjar does not track users across different sites;
  • ensures data from subsequent visits to the same site are attributed to the same user ID.
_ga_ performance 1 year and 1 month primary purpose of the _ga cookie is to track unique users across browsing sessions. The randomly generated client identifier allows Google Analytics to recognize users returning to a site and attribute their activities to the same user. Google Analytics uses data collected from the _ga cookie to provide website owners with insights into how users interact with their sites. This includes information such as the number of visitors, the pages they visit, the duration of their visits, and the geographic location of users.
irev-_zldp Necessary 7 days employed to manage user sessions. They help maintain user state and authentication information throughout a user’s visit to a website.
ajs_anonymous_id performance 1 year used for store your last visit
_ym_uid performance 1 year used to store and track a visitor’s identity.
__cfduid functionality 30 days used to provide the identification of trusted web traffic.
__stripe_mid functionality 1 year used to provide fraud prevention.
__cfruid functionality 1 year used for detecting bots on the web
OptanonConsent functionality 1 year used to store cookie consent preferences.

 

How We Use Cookies

We use cookies to:

  1. Ensure our website functions correctly and efficiently.
  2. Enhance your user experience by remembering your preferences.
  3. Collect data on how our website is used to improve its performance and content.
  4. Deliver relevant advertisements and measure the effectiveness of our marketing efforts.

Your Consent and Managing Cookies

In compliance with GDPR, we require your consent to place non-essential cookies on your device. When you first visit our website, you will see a cookie banner that asks for your consent to use cookies. You can manage your cookie preferences at any time through our Cookie Settings, which can be accessed via the link in the footer of our website.

You can also control cookies through your browser settings, where you can block or delete cookies. Please note that disabling certain types of cookies may affect your ability to use some features of our website.

Third-Party Cookies

Some cookies on our website are placed by third parties, such as analytics and advertising partners. These third parties may use cookies to collect information about your online activities across different websites. We do not have control over these cookies, and you should refer to the privacy policies of these third parties for more information.

Data Protection and Privacy

Any personal data collected through cookies will be processed in accordance with our Privacy Policy, which outlines how we collect, use, and protect your information. We only retain the data collected by cookies for as long as necessary to fulfill the purposes outlined in this policy.

 

How to turn off cookies

If you do not want to accept cookies, you can change your browser settings so that cookies are not accepted. If you do this, please be aware that you may lose some of the functionality of this Website.

 

You can choose to opt out of this type of cookies permanently by going to http://www.networkadvertising.org/choices  .

 

Please note, that if you delete your cookies after having opted out, we will no longer know that you have opted out, so the banners from our third party service providers will reappear when you visit other selected websites (see below).

 

We currently do not support any ‘Do Not Track’ browser settings. This is because no common Internet Standard has been developed to specify what ‘Do Not Track’ entails. .

Updates to This Cookies Policy

We may update this Cookies Policy from time to time to reflect changes in technology, legislation, or our business practices. Any updates will be posted on this page, and we encourage you to review this policy periodically.

Contact Us

If you have any questions about our use of cookies or this policy, please contact us at [email protected].

 

4. Data Processing Addendum

IREV Data Processing Addendum

This Data Processing Addendum (“DPA”) is an addendum to the agreement between you, the lead (“Client”), and IREV (the “Service Provider”), and it governs how IREV processes your data in connection with the services provided. This DPA forms part of the agreement available at [IREV Website] or any other agreement in place between Client and IREV regarding the use of our services (collectively, the “Agreement”).

Contents

IREV Data Processing Addendum

  1. Data Processing Scope and Responsibilities

1.1 Scope and Roles

1.2 Client Controls

1.3 Details of Data Processing

1.4 Compliance with Laws

  1. Client Instructions
  2. Data Confidentiality
  3. Confidentiality Obligations of IREV Personnel
  4. Data Security Measures
  5. Use of Sub-processors

6.1 Authorized Sub-processors

6.2 Sub-processor Obligations

  1. Assistance with Data Subject Requests
  2. Optional Security Features
  3. Security Incident Notification

9.1 Incident Reporting

9.2 Client Responsibilities

  1. Audits and Certifications
  2. Client Audits
  3. Data Transfers
  4. Termination and Data Return/Deletion
  5. Legal Notices
  6. Entire Agreement
  7. Definitions

1. Data Processing Scope and Responsibilities

1.1 Scope and Roles 

This DPA applies to any Clients Data processed by IREV as part of the services. IREV acts as the data processor, processing data on behalf of the Client, who may act as a data controller or as a data processor on behalf of another controller.

1.2 Client Controls

The Client can utilize the control features provided by IREV to manage its data processing obligations under applicable data protection laws, including responding to requests from data subjects. IREV will notify the Client without undue delay if it becomes aware that any Client Data is inaccurate or outdated.

1.3 Details of Data Processing

Subject Matter: The processing of Client Data.

Duration: Defined by the Client’s use of the services.

Purpose: To provide the services as specified in the Agreement.

Nature of Processing: Data storage, computation, and other related activities as described in the IREV documentation.

Type of Client Data: Any data uploaded by the Client to IREV’s services.

Categories of Data Subjects: Could include the Client’s clients, employees, suppliers, or end-users.

1.4 Compliance with Laws

Both IREV and the Client will comply with all relevant laws and regulations concerning the processing of data as required by applicable data protection laws.

2. Client Instructions

The DPA and the Agreement serve as the Client’s documented instructions for IREV’s data processing activities. IREV will only process Client Data as instructed through the use of the service tools and features. Any additional instructions outside of the agreed scope will require a written agreement, including any additional costs. The Client can terminate the DPA if IREV declines to follow any new instructions that deviate from those outlined in this DPA.

3. Data Confidentiality

IREV will not access or disclose Client Data to third parties, except where necessary to provide the services, comply with legal obligations, or as required by a valid governmental order. If required to disclose data to a government body, IREV will inform the Client unless legally prohibited from doing so.

4. Confidentiality Obligations of IREV Personnel

IREV ensures that its personnel are only authorized to process Client Data as necessary and imposes confidentiality obligations through contractual agreements.

5. Data Security Measures

IREV implements and maintains technical and organizational security measures to protect Client Data. These include, but are not limited to, physical security controls, access management, and regular testing of the security infrastructure. The Client is responsible for implementing its own measures to ensure data security and integrity, including encryption and access controls.

6. Use of Sub-processors

6.1 Authorized Sub-processors

IREV may engage sub-processors to carry out specific processing activities on Client Data. A list of such sub-processors is available on the IREV website. Clients will be notified at least 30 days in advance of any changes. The Client can object to any new sub-processor by ceasing to use the affected service or terminating the Agreement.

6.2 Sub-processor Obligations

IREV ensures that sub-processors only have access to Client Data necessary for their function and that they are bound by data protection obligations equivalent to those in this DPA.

7. Assistance with Data Subject Requests

IREV will assist the Client in responding to data subject requests using the available service tools.

If a data subject submits a request directly to IREV, it will forward the request to the Client.

8. Optional Security Features

IREV provides various security features that the Client can implement to protect their data, such as encryption and backup tools. It is the Client’s responsibility to configure and use these features to maintain data security.

9. Security Incident Notification

9.1 Incident Reporting

IREV will notify the Client promptly if a security incident occurs that affects Client Data. IREV will also take steps to mitigate the impact of such incidents.

9.2 Client Responsibilities

Upon notification, the Client is responsible for determining any further actions required under applicable data protection laws, including notifying supervisory authorities and data subjects.

10. Audits and Certifications

IREV will provide, upon request, relevant audit reports and certifications that demonstrate compliance with data protection obligations. Clients may request to review these documents under a non-disclosure agreement.

11. Client Audits

The Client has the right to audit IREV’s data processing activities, either by reviewing IREV’s certifications and reports or by conducting its own audit upon reasonable notice.

12. Data Transfers

The Client can choose the data processing location within IREV’s network. IREV will not transfer data outside the chosen region unless required to provide the services or comply with legal obligations.

13. Termination and Data Return/Deletion

This DPA remains in effect until the termination of the Agreement. Upon termination, and for a period of 90 days, the Client can request the return or deletion of its data. After this period, the Client must close all accounts containing their data.

14. Legal Notices

IREV will inform the Client of any legal proceedings that may affect Client Data, such as confiscation during bankruptcy or other legal actions.

15. Entire Agreement

This Data Processing Addendum is an integral part of the Agreement. In the event of any conflict between the terms of the Agreement and this DPA, the terms of the DPA will take precedence. The DPA also includes any Standard Contractual Clauses necessary for international data transfers. For further details, please refer to the Standard Contractual Clauses.

16. Definitions

Definitions. Capitalized terms used in this DPA that are not defined in the Agreement have the meanings below:

 

API: Application program interface.

Applicable Data Protection Law: Laws and regulations applicable to the processing of Client Data, including the GDPR.

Binding Corporate Rules: As defined in the GDPR.

Controller: As defined in the GDPR.

Controller-to-Processor Clauses: Standard contractual clauses between controllers and processors for Data Transfers, approved by the European Commission on June 4, 2021.

Client Data: Personal Data uploaded to the Services under Client’s accounts.

Documentation: Current documentation for the Services.

EEA: European Economic Area.

GDPR: Regulation 2016/679 on the protection of personal data and free movement of such data.

Personal Data: As defined in Applicable Data Protection Law, including personal data, personal information, and personally identifiable information.

Processing: As defined in the GDPR, including “process,” “processes,” and “processed.”

Processor: As defined in the GDPR.

Processor-to-Processor Clauses: Standard contractual clauses between processors for Data Transfers, approved by the European Commission on June 4, 2021.

Region: As defined in Section 12.1 of this DPA.

Security Incident: Breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to Client Data.

Security Standards: Security standards in Annex 1 of this DPA.

Service Controls: Security features and functionalities provided by the Services, as described in the Documentation.

Standard Contractual Clauses: (i) Controller-to-Processor Clauses, or (ii) Processor-to-Processor Clauses, as applicable in Sections 12.2.1 and 12.2.2.

Third Country: A country outside the EEA not recognized by the European Commission as providing adequate personal data protection (as described in the GDPR).

5. Payment and Refund policy

IREV Payment and Refund policy

 

Last Updated: September 2024

 

All terms not defined in this Payment and Refund Policy shall have the same meaning as in our Terms and Conditions.

 

NOTE: We may offer you a free Demo period to evaluate the capabilities of the IREV. You don’t need to link your credit card in this case.

 

Payment Processing

 

We use several electronic payment services. All transactions are processed by third party payment processors. By making a payment, you authorize IREV and its payment processor to charge the full amount of the transaction, including any applicable fees, to your chosen payment method.

 

You may purchase subscriptions using the following payment methods, including Mastercard,Visa, Wire and others …. . 

 

Please note that payment card issuers may charge additional fees for transaction processing or currency conversion.

 

Your credit or debit card will not be charged until you click the “Make a Payment”, “Buy”, “Pay” or “Confirm” button.

 

All credit or debit card payments must be authorized by the card issuer.

 

Subscription 

 

Subscription may be subject to additional terms and conditions that will be disclosed at the time of purchase. To learn more about our subscription plans, please click here.

 

Automatic Renewal

 

If you choose to automatically renew the subscription fee, all subscription plans will automatically renew 72 hours prior to the end of the subscription period, unless you cancel the subscription prior to the renewal date. If you do not cancel, we will automatically renew your subscription and charge your selected payment method at the then-current subscription rate.

 

Refunds

 

We do not offer refunds except as required by applicable law. You will receive access to the IREV immediately upon purchase of the subscription. After that, our delivery of the IREV is considered complete, and your right to cancel or withdraw from the agreement is lost at that point. 

If you believe you are entitled to a refund, please contact us at [email protected]  and we will consider your request, but we do not guarantee that your request will be granted. If your refund request is approved, you will receive your refund in up to 20 business days back to your original payment method.

 

Payment disputes

 

If you dispute a payment made to the IREV, you agree to first contact the IREV to attempt to resolve the dispute. If we are unable to resolve the dispute, you may contact your payment provider or credit card issuer to initiate a chargeback.

 

Changes to Payment and Refund policy

 

IREV reserves the right to change this payment and refund policy at any time without prior notice. Any changes we make will be effective immediately upon posting on our Website. Your continued use of the IREV after we post changes to this policy constitutes your acceptance of those changes. It is your responsibility to periodically review this Payment and Refund зolicy for any updates or changes.

6. Standard Contractual Clauses. Controller-to-Processor Transfers

Standard Contractual Clauses

Controller-to-Processor Transfers

 

Contents

Standard Contractual Clauses

Controller-to-Processor Transfers

SECTION I

Clause 1: Purpose and Scope

Clause 2: Effect and Invariability of the Clauses

Clause 3: Third-Party Beneficiaries

Clause 4: Interpretation

Clause 5: Hierarchy

Clause 6: Description of the Transfer(s)

SECTION II – OBLIGATIONS OF THE PARTIES

Clause 8: Data Protection Safeguards

8.1 Instructions

8.2 Purpose Limitation

8.3 Transparency

8.4 Accuracy

8.5 Duration of Processing and Data Erasure/Return

8.6 Security of Processing

8.7 Sensitive Data

8.8 Onward Transfers

8.9 Documentation and Compliance

Clause 9: Use of Sub-Processors

Clause 11: Redress

Clause 12: Liability

Clause 13: Supervision

SECTION III – LOCAL LAWS AND PUBLIC AUTHORITY ACCESS

Clause 14: Local Laws Impacting Compliance

Clause 15: Data Importer’s Obligations Regarding Public Authority Access

15.1 Notification of Public Authority Requests

15.2 Legal Review and Data Minimization

SECTION IV – FINAL PROVISIONS

Clause 16: Non-Compliance and Termination

Clause 17: Governing Law

Clause 18: Forum and Jurisdiction

APPENDIX

ANNEX I

  1. LIST OF PARTIES

Data exporter(s):

Data importer(s):

  1. DESCRIPTION OF TRANSFER
  2. COMPETENT SUPERVISORY AUTHORITY

ANNEX II

TECHNICAL AND ORGANISATIONAL MEASURES

ANNEX III

ADDITIONAL CLAUSES

SECTION I

Clause 1: Purpose and Scope

(a) The purpose of these standard contractual clauses is to ensure compliance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) for the transfer of personal data to a third country.

(b) The Parties:

(i) The natural or legal person(s), public authority/ies, agency/ies, or other body/ies transferring the personal data, as listed in Annex I.A. (hereinafter “data exporter”), and

(ii) The entity/ies in a third country receiving the personal data from the data exporter, directly or indirectly via another entity also Party to these Clauses, as listed in Annex I.A. (hereinafter “data importer”)

have agreed to these standard contractual clauses (hereinafter: “Clauses”).

(c) These Clauses apply with respect to the transfer of personal data as specified in Annex I.B.

(d) The Appendix to these Clauses containing the Annexes referred to therein forms an integral part of these Clauses.

Clause 2: Effect and Invariability of the Clauses

(a) These Clauses set out appropriate safeguards, including enforceable data subject rights and effective legal remedies, pursuant to Article 46(1) and Article 46(2)(c) of Regulation (EU) 2016/679 and, with respect to data transfers from controllers to processors and/or processors to processors, standard contractual clauses pursuant to Article 28(7) of Regulation (EU) 2016/679, provided they are not modified, except to select the appropriate Module(s) or to add or update information in the Appendix. This does not prevent the Parties from including the standard contractual clauses laid down in these Clauses in a wider contract and/or to add other clauses or additional safeguards, provided that they do not contradict, directly or indirectly, these Clauses or prejudice the fundamental rights or freedoms of data subjects.

(b) These Clauses are without prejudice to obligations to which the data exporter is subject by virtue of Regulation (EU) 2016/679.

Clause 3: Third-Party Beneficiaries

  1. Data subjects may invoke and enforce these Clauses, as third-party beneficiaries, against the data exporter and/or data importer, with the following exceptions:

(i) Clause 1, Clause 2, Clause 3, Clause 6, Clause 7;

(ii) Clause 8.1(b), 8.9(a), (c), (d) and (e);

(iii) Clause 9(a), (c), (d) and (e);

(iv) Clause 12(a), (d) and (f);

(v) Clause 13;

(vi) Clause 15.1(c), (d) and (e);

(vii) Clause 16(e); and

(viii) Clause 18(a) and (b).

  1. Paragraph (a) is without prejudice to rights of data subjects under Regulation (EU) 2016/679.

Clause 4: Interpretation

  1. Where these Clauses use terms that are defined in Regulation (EU) 2016/679, those terms shall have the same meaning as in that Regulation.
  2. These Clauses shall be read and interpreted in the light of the provisions of Regulation (EU) 2016/679.

© These Clauses shall not be interpreted in a way that conflicts with rights and obligations provided for in Regulation (EU) 2016/679.

Clause 5: Hierarchy

In the event of a contradiction between these Clauses and the provisions of related agreements between the Parties, existing at the time these Clauses are agreed or entered into thereafter, these Clauses shall prevail.

Clause 6: Description of the Transfer(s)

  1. The details of the transfer(s), and in particular the categories of personal data that are transferred and the purpose(s) for which they are transferred, are specified in Annex I.B.
  2. It shall ensure that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
  3. In the event of a personal data breach concerning personal data processed by the data importer under these Clauses, the data importer shall take appropriate measures to address the breach, including measures to mitigate its adverse effects. The data importer shall notify the data exporter without undue delay after having become aware of the breach. Such notification shall contain the details of a contact point where more information can be obtained, a description of the nature of the breach (including, where possible, categories and approximate number of data subjects and personal data records concerned), its likely consequences and the measures taken or proposed to address the breach including, where appropriate, measures to mitigate its possible adverse effects. Where, and in so far as, it is not possible to provide all information at the same time, the initial notification shall contain the information then available and further information shall subsequently be provided without undue delay.
  4. The data importer shall cooperate with and assist the data exporter to enable the data exporter to comply with its obligations under Regulation (EU) 2016/679, in particular to notify the competent supervisory authority and the affected data subjects, taking into account the nature of processing and the information available to the data importer.

SECTION II – OBLIGATIONS OF THE PARTIES

Clause 8: Data Protection Safeguards

8.1 Instructions

  1. The data exporter confirms it has ensured the data importer can meet its obligations under these Clauses through appropriate technical and organizational measures.
  2. The data exporter informs the data importer that it processes data as per the controller’s instructions, which will be provided before processing begins.
  3. The data importer must process personal data only as instructed by the controller, as conveyed by the data exporter, without conflicting with the controller’s instructions.
  4. If the data importer cannot comply with these instructions, it must notify the data exporter immediately. The data exporter will then inform the controller.
  5. The data exporter guarantees that it has required the data importer to follow the same data protection obligations as outlined in the contract or legal agreement between the controller and the data exporter.

8.2 Purpose Limitation

The data importer will process personal data only for the specific purposes detailed in Annex I.B., unless further instructions are provided by the controller through the data exporter.

8.3 Transparency

Upon request, the data exporter will provide a copy of these Clauses to the data subject at no cost. If necessary, confidential information may be redacted, but a meaningful summary must be provided. The reasons for redactions should be given upon request, without disclosing the redacted content.

8.4 Accuracy

If the data importer discovers that the personal data it has received is inaccurate or outdated, it must inform the data exporter promptly and cooperate to correct or delete the data.

8.5 Duration of Processing and Data Erasure/Return

The data importer will process personal data only for the period specified in Annex I.B. After the processing services end, the data importer must delete or return all personal data as instructed by the data exporter, and confirm this action. If deletion or return is prohibited by local law, the data importer must continue to protect the data and only process it as required by law. The data importer must also notify the data exporter if it believes it is subject to any conflicting laws or practices.

8.6 Security of Processing

  1. Both the data importer and, during transmission, the data exporter must implement appropriate security measures to protect personal data from breaches, including unauthorized access, loss, or alteration. The level of security should consider current technology, costs, processing nature, scope, and risks to the data subject. Encryption or pseudonymization should be used where appropriate.
  2. The data importer will limit data access to personnel strictly necessary for fulfilling the contract and ensure they are bound by confidentiality.
  3. In the event of a data breach, the data importer must take immediate measures to address the breach and mitigate its effects. The data importer must notify the data exporter and, if feasible, the controller, providing details about the breach, including its nature, potential consequences, and actions taken.
  4. The data importer must assist the data exporter in complying with data breach notification requirements under EU Regulation 2016/679, ensuring the controller and supervisory authority are informed as necessary.

8.7 Sensitive Data

Where the transfer involves personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, or biometric data for the purpose of uniquely identifying a natural person, data concerning health or a person’s sex life or sexual orientation, or data relating to criminal convictions and offences (hereinafter “sensitive data”), the data importer shall apply the specific restrictions and/or additional safeguards described in Annex I.B.

8.8 Onward Transfers

The data importer shall only disclose the personal data to a third party on documented instructions from the data exporter. In addition, the data may only be disclosed to a third party located outside the European Union (in the same country as the data importer or in another third country, hereinafter “onward transfer”) if the third party is or agrees to be bound by these Clauses, or if:

(i) The onward transfer is to a country benefiting from an adequacy decision pursuant to Article 45 of Regulation (EU) 2016/679 that covers the onward transfer;

(ii) The third party otherwise ensures appropriate safeguards pursuant to Articles 46 or 47 of Regulation (EU) 2016/679 with respect to the processing in question;

(iii) The onward transfer is necessary for the establishment, exercise or defense of legal claims in the context of specific administrative, regulatory, or judicial proceedings; or

(iv) The onward transfer is necessary in order to protect the vital interests of the data subject or of another natural person.

Any onward transfer is subject to compliance by the data importer with all other safeguards under these Clauses, in particular purpose limitation.

Sure, here is the continuation with the same approach:

8.9 Documentation and Compliance

  1. The data importer shall promptly and adequately deal with inquiries from the data exporter that relate to the processing under these Clauses.
  2. The Parties shall be able to demonstrate compliance with these Clauses. In particular, the data importer shall keep appropriate documentation of the processing activities carried out under its responsibility.
  3. The data importer shall make available to the data exporter all information necessary to demonstrate compliance with the obligations set out in these Clauses and at the data exporter’s request, allow for and contribute to audits of the processing activities covered by these Clauses, at reasonable intervals or if there are indications of non-compliance. In deciding on a review or audit, the data exporter may take into account relevant certifications held by the data importer.
  4. The data exporter may choose to conduct the audit by itself or mandate an independent auditor. Audits may include inspections at the premises or physical facilities of the data importer and shall, where appropriate, be carried out with reasonable notice.
  5. The Parties shall make the information referred to in this Clause, including the results of any audits, available to the competent supervisory authority on request.

Clause 9: Use of Sub-Processors

  1. The data importer has the data exporter’s general authorization for the engagement of sub-processors from an agreed list. The data importer shall specifically inform the data exporter in writing of any intended changes to that list through the addition or replacement of sub-processors at least 30 days in advance, thereby giving the data exporter sufficient time to object to such changes before the engagement of the concerned sub-processor(s).
  2. Where the data importer engages a sub-processor to carry out specific processing activities (on behalf of the data exporter) that involve the transfer of personal data within the scope of these Clauses, it shall do so by way of a written contract that provides the same level of protection for the personal data as provided under these Clauses, including by ensuring that the data subject can enforce their rights against the data importer. The data importer shall ensure that the sub-processor complies with the obligations to which the data importer is subject pursuant to these Clauses and Regulation (EU) 2016/679.
  3. The data importer shall provide, at the data exporter’s request, a copy of such a sub-processor agreement and any subsequent amendments to the data exporter. To the extent necessary to protect business secrets or other confidential information, including personal data, the data importer may redact the text of the agreement prior to sharing the copy.
  4. The data importer shall remain fully responsible to the data exporter for the performance of the sub-processor’s obligations under its contract with the data importer. The data importer shall notify the data exporter of any breach by the sub-processor of its obligations under that contract.
  5. In fulfilling its obligations under paragraphs (a) and (b), the data importer shall comply with the instructions from the data exporter.

Clause 11: Redress

  1. The data importer shall inform data subjects in a transparent and easily accessible format, through individual notice or on its website, of a contact point authorized to handle complaints. It shall deal promptly with any complaints or requests from data subjects.
  2. In case of a dispute between a data subject and one of the Parties concerning the processing of personal data under these Clauses, the Party shall use its best efforts to resolve the issue amicably in a timely fashion.
  3. The data importer agrees that data subjects may lodge a complaint with an independent dispute resolution body at no cost to the data subject. It shall inform the data subjects about this mechanism and that they can also make a complaint to the competent supervisory authority under Clause 13.
  4. The data importer agrees that data subjects may have the right, under certain conditions, to invoke binding arbitration and that the arbitration decision shall be final and binding on the data importer.

Clause 12: Liability

  1. Each Party shall be liable to the other Party for any damages it causes the other Party by any breach of these Clauses.
  2. The data importer shall be liable to the data subject, and the data subject shall be entitled to receive compensation, for any material or non-material damages the data importer or its sub-processor causes the data subject by breaching the third-party beneficiary rights under these Clauses.
  3. Notwithstanding paragraph (b), the data exporter shall be liable to the data subject if the data importer or its sub-processor fails to fulfil its obligations under these Clauses.
  4. The Parties agree that if one Party is held liable under paragraphs (a) and (c), it shall be entitled to claim back from the other Party that part of the compensation corresponding to its responsibility for the damage.
  5. The data importer may not invoke the conduct of a sub-processor to avoid its own liability.

Clause 13: Supervision

  1. The supervisory authority with responsibility for ensuring compliance by the data exporter with Regulation (EU) 2016/679 as regards the data transfer, as indicated in Annex I.C, shall act as competent supervisory authority.
  2. The data importer agrees to submit itself to the jurisdiction of and cooperate with the competent supervisory authority in any procedures aimed at ensuring compliance with these Clauses. In particular, the data importer agrees to respond to inquiries, submit to audits and comply with the measures adopted by the supervisory authority, including remedial and compensatory measures. It shall provide the supervisory authority with written confirmation that the necessary actions have been taken.

SECTION III – LOCAL LAWS AND PUBLIC AUTHORITY ACCESS

Clause 14: Local Laws Impacting Compliance

  1. The Parties confirm they have no reason to believe that the laws or practices in the destination country prevent the data importer from fulfilling its obligations under these Clauses. This assumption is based on the understanding that laws respecting fundamental rights and freedoms, and that are necessary and proportionate in a democratic society, do not conflict with these Clauses.
  2. The Parties have considered several factors in making this warranty:
  1. Specific circumstances of the data transfer, such as processing chain length, actors involved, data recipient types, processing purposes, data categories, and storage location.
  2. Relevant local laws and practices in the destination country, including those requiring disclosure to public authorities.
  3. Any additional contractual, technical, or organizational safeguards applied to protect the data.

(c) The data importer guarantees that it has provided all relevant information to the data exporter to assist in this assessment and will continue cooperating to ensure compliance. The assessment is documented and can be shared with the supervisory authority upon request.

(d) The data importer must promptly inform the data exporter if it becomes subject to laws or practices that could affect its ability to meet the obligations under these Clauses. The data exporter must then inform the controller.

(e) If such a notification is received or if the data exporter suspects the data importer cannot comply with these Clauses, the data exporter must identify appropriate measures, such as technical or organizational changes, to address the situation. If no adequate safeguards can be ensured, the data exporter may suspend the data transfer or terminate the contract, as applicable.

Clause 15: Data Importer’s Obligations Regarding Public Authority Access

15.1 Notification of Public Authority Requests

  1. The data importer must inform the data exporter and, where possible, the data subject if it receives a legal request from a public authority for the disclosure of personal data or if it becomes aware of any unauthorized access by public authorities.
  2. If the data importer is legally prohibited from notifying the data exporter or data subject, it must make its best efforts to obtain permission to provide as much information as possible, as quickly as possible. These efforts must be documented.
  3. Where allowed, the data importer must regularly inform the data exporter about the number and types of requests received, the authorities making the requests, and the outcomes. This information will be passed on to the controller.
  4. The data importer must preserve all information related to such requests and make it available to the supervisory authority if required.

15.2 Legal Review and Data Minimization

  1. The data importer must review the legality of any disclosure request and challenge it if there are reasonable grounds to believe it is unlawful under local or international law. It must seek interim measures to suspend the effects of the request during the challenge process and refrain from disclosing data until legally obligated to do so.
  2. The data importer must document its legal assessments and any challenges to requests and make these documents available to the data exporter and the supervisory authority, where permissible.
  3. The data importer must disclose only the minimum amount of information required by the request, interpreting it as narrowly as possible.

SECTION IV – FINAL PROVISIONS

Clause 16: Non-Compliance and Termination

  1. The data importer must immediately notify the data exporter if it cannot comply with these Clauses for any reason.
  2. If the data importer breaches or cannot comply with these Clauses, the data exporter must suspend data transfers until compliance is restored or the contract is terminated. This is subject to Clause 14(f).
  3. The data exporter may terminate the contract (regarding personal data processing) if:
  1. The data transfer is suspended due to non-compliance, and compliance is not restored within a reasonable period, not exceeding one month.
  2. The data importer is in significant or repeated breach of these Clauses.
  3. The data importer fails to comply with a binding decision from a court or supervisory authority related to its obligations under these Clauses.

In such cases, the data exporter must inform the controller and relevant supervisory authority. If the contract involves multiple parties, termination applies only to the non-compliant party unless agreed otherwise.

  1. Upon contract termination under Clause 16(c), the data importer must, at the data exporter’s discretion, immediately return or delete all transferred personal data, including any copies. The data importer must certify the deletion. If local laws prevent data return or deletion, the data importer must continue to comply with these Clauses and only process the data as required by law.
  2. Either party can withdraw from these Clauses if the European Commission issues a decision under Article 45(3) of Regulation (EU) 2016/679 covering the data transfer, or if this regulation becomes part of the legal framework in the data importer’s country. This does not affect other applicable obligations under the regulation.

Clause 17: Governing Law

These Clauses are governed by the law of an EU Member State that allows third-party beneficiary rights. The parties agree on the law of the Grand Duchy of Luxembourg.

Clause 18: Forum and Jurisdiction

  1. Any disputes arising from these Clauses will be resolved by the courts of an EU Member State.
  2. The parties agree that the courts of Luxembourg City will have jurisdiction.
  3. Data subjects may also bring claims against the data exporter or importer in the courts of their habitual residence.
  4. The parties agree to submit to the jurisdiction of these courts.

 

APPENDIX

ANNEX I

 

A. LIST OF PARTIES

Data exporter(s):

 

Name: The entity identified as “Client” in the DPA.

Address: The address for Client associated with its IREV account or as otherwise specified in the DPA or the Agreement.

Contact person’s name, position, and contact details: The contact details associated with Clients account, or as otherwise specified in the DPA or the Terms and Conditions.

Activities relevant to the data transferred under these Clauses: The activities specified in Section 1.3 of the DPA.

Signature and date: By using the Services to transfer Client Data to Third Countries, the data exporter will be deemed to have signed this Annex I.

Role (controller/processor): Controller

Data importer(s):

 

Name: “IREV” as identified in the DPA.

Address: The address for IREV specified in the DPA or the Agreement.

Contact person’s name, position, and contact details: The contact details for IREV specified in the DPA or the Terms and Conditions.

Activities relevant to the data transferred under these Clauses: The activities specified in Section 1.3 of the DPA.

Signature and date: By transferring Client Data to Third Countries on Client’s instructions, the data importer will be deemed to have signed this Annex I.

Role (controller/processor): Processor

 

B. DESCRIPTION OF TRANSFER

 

  1. Categories of data subjects whose personal data is transferred: Described in Section 1.3 of the DPA.
  2. Categories of personal data transferred: Described in Section 1.3 of the DPA.
  3. Sensitive data transferred (if applicable): Sensitive personal data might be included as described in Section 1.3 of the DPA.
  4. Frequency of the transfer: Personal data is transferred in accordance with Client’s instructions as described in Section 12 of the DPA.
  5. Nature of the processing: Described in Section 1.3 of the DPA.
  6. Purpose(s) of the data transfer and further processing: To provide the Services.
  7. Retention period: Determined by the data exporter in accordance with the DPA.
  8. For transfers to (sub-) processors: The subject matter, nature, and duration of processing are described in Section 1.3 of the DPA.

 

C. COMPETENT SUPERVISORY AUTHORITY

 

The data exporter’s competent supervisory authority will be determined in accordance with the GDPR.




ANNEX II

 

TECHNICAL AND ORGANISATIONAL MEASURES

 

  1. Description of measures: The technical and organizational measures, including certifications, to ensure security are described in the DPA.
  2. For transfers to (sub-) processors: The specific technical and organizational measures are described in the DPA.

 

ANNEX III

 

ADDITIONAL CLAUSES

 

The Limitations of Liability section of the Agreement (usually Section 11) is an additional clause pursuant to Clause 2 of these Clauses.