Allgemeine Geschäftsbedingungen
November 7th 2024
Neople Labs B.V.These Terms of Services form an integral part of the Agreement between Customer and Neople for the provision of the Services.
Background and Purpose
Neople are digital coworkers designed to enhance the capabilities of any support team. Acting as a productivity partner and support specialist, Neople offers seamless support that keeps pace with the increasing demands of customer service. Organizations choose Neople when they seek to improve support quality, manage high volumes of customer inquiries more effectively, and strengthen customer loyalty through exceptional service experiences.
The purpose of this Agreement is to define the terms and conditions under which Neople labs B.V., registered office in Walpoort 10, 5211 DK, listed with the Commercial Register of the Chamber of Commerce under file reference number 88917274, hereinafter referred to as “Neople”, shall provide the Service(s) and potential Professional Services to the Customer (hereafter referred to as “Customer”) in exchange for payment for the services. All agreements between Neople and the Customer are subject to these terms and conditions (hereinafter referred to as “Agreement”).
Article 1. Definitions and interpretation
1.1 Definitions. Unless elsewhere defined in these Terms and Conditions, the capitalized terms as defined below shall have the following meanings:
Agreement the agreement between the Parties pursuant to which Customer and its Users are entitled to use the Services, which consist of the Quote that is confirmed by Customer in writing, these Terms and Conditions (including its annexes).
Confidential Information the Agreement, Data and any information that is clearly identified in writing at the time of disclosure as confidential or that should be reasonably understood to be confidential by the receiving Party given the nature of the information and the circumstances of its disclosure.
Customer the entity that entered into the Agreement with Neople set out in the Agreement.
Data is all data, content and information (i) uploaded, entered, or processed by or on behalf of Customer or Users on or through the Services; and (ii) provided by Customer to Neople, explicitly including: (a) Existing Data which Customer has Migrated; (b) other data entered on or through the Services by Users or provided by Customer to Neople; and (c) all data generated through the use of the Services, including but not limited to documents, company policies, contracts, information concerning Users, information concerning Customer’s clients, and any similar data.
Data Processing Agreement the data processing agreement that is applicable to the Services, attached hereto as an annex.
Downtime means the period of time during which the Services are wholly unavailable to Customer, including maintenance for which less than 24 (twenty-four) hours’ notice was provided to affected Users. However, Downtime shall in any case not include (i) scheduled maintenance; (ii) degraded performance; (iii) factors outside of Neople’s control, including any event of Force Majeure; (iv) failures, acts or omissions of Neople’s suppliers; (v) failures of the internet; (vi) acts or omissions of Customer/Users; and (vii) enforcement of government regulations.
Effective Date the effective date or starting date of the Agreement as set out in the Agreement.
Existing Data any existing data of Customer that Customer wants Neople to Migrate into the Services.
Fair Use Policy the fair use policy for the use of the Services, attached hereto as an annex.
Force Majeure any event or condition beyond the reasonable control of either Party which prevents, in whole or in material part, the performance by one of the Parties of its obligations under the Agreement or which renders the performance of such obligations so difficult or costly as to make such performance commercially unreasonable. Without limiting the foregoing, the following shall constitute events or conditions of force majeure: acts of governmental action, riots, disturbance, war, strikes, lockouts, slowdowns, prolonged shortage of energy or other supplies, epidemics, pandemics, fire, flood, hurricane, typhoon, earthquake, lightning and explosion, or any refusal or failure of any governmental authority to grant any export license legally required.
Intellectual Property Rights all copyrights, neighboring rights, database rights, patent rights, trademark rights, trade name rights, design rights, portrait rights, trade secret rights, rights in domain names, rights in Confidential Information (including know-how and trade secrets) and any other intellectual property rights, in each case whether registered or unregistered and including all applications for, and renewals or extensions of, such rights, related dependent or ancillary rights and priority or goodwill rights and all similar or equivalent rights or forms of protection in any part of the world
Interaction an interaction between a User and the Services. There can be 2 (two) types of Interaction: (1) each request by a client of the Customer in Customer’s contact center for which a User makes use of the Services in order to form a response to the client’s request. For clarity, 1 (one) such Interaction may consists of multiple messages between the User and the Services as long as the messages are in regards to one and the same client request and as long as no response has been send to the client. Any follow-up by a User on the response sent out to the client of the Customer making use of the Services constitutes another Interaction; and (2) when the Services are used outside the Customer’s contact center, for example, but not limited to, via Microsoft Teams or e-mail: each message sent by the User to the Services and the Services response to the message. Migration Services data migration services to migrate Existing Data from
Customer’s existing files into the Services as further described in Article 5. “Migration” and to “Migrate” have corresponding meanings.Party or Parties Customer or Neople individually or Customer and Neople together.
Privacy Policy the privacy policy of Neople, which can be read and downloaded here ( https://neople.io/privacy-policy).
Services the online software as a service solution developed, operated and maintained by Neople (and its third party service providers) pursuant to the Agreement, which is accessible for Users.
Subscription Plan the specific subscription plan Customer is entitled to, as set out in the Agreement or otherwise agreed in writing between the Parties. A Subscription Plan consists of a specific amount of credits that entitles a Customer to use the Services. Each credit under the Subscription Plan is equivalent to one (1) Interaction.
Uptime percentage of hours in a month that are not Downtime.
User an employee of Customer or any other person authorized by Customer to access and use the Services on behalf of Customer.
1.2 Written.
In these Terms and Conditions the term ‘in writing’ includes by post, e-mail or any other electronic communication device customary in the market.
Article 2. Applicability, priority of documents
2.1 Applicability.
These Terms and Conditions apply to the Agreement and the use of the Services.
2.2 Rejection purchase conditions.
Any general (purchase) conditions of Customer, are hereby expressly rejected.
2.3 Priority of documents.
In the event of inconsistencies between the content of these Terms and Conditions and a quotation that is confirmed by both Parties in writing, the provisions of the confirmed quotation shall prevail.
2.4 Derivation of rights.
Customer cannot derive any rights from oral commitments of Neople, unless and to the extent those are confirmed in writing by Neople.
Article 3. Quotations, Agreements and notifications
3.1 Validity of quotations.
All quotations are non-binding and, unless otherwise declared by Neople, valid for a period of 30 (thirty) days after the date thereof.
3.2 Establishment of agreement.
The Agreement is established at the moment Customer confirms the quotation in writing. Neople reserves the right to withdraw or modify its quotations without any liability to Customer as long as Customer has not confirmed the Quote in writing.
3.3 Notifications.
All notifications relating to the Agreement shall be made in writing.
Article 4. Right of use and limitations
4.1 Right of use.
Subject to Customer’s compliance with the terms of the Agreement, Neople grants Customer the non-transferable, non-exclusive right to permit Users to access and use the Services in accordance with the terms and conditions of the Agreement. The number of Users who can be authorized by Customer are included in the Agreement.
4.2 Limitations.
The right of use as set out in Article 4.1 is granted to Customer provided that (i) unless otherwise agreed between the Parties in writing, the use of the Services by Customer does not include use by third parties other than Users; (ii) Customer may not license, sell, rent, lease, transfer, assign, distribute, display, host, outsource or otherwise commercially exploit or make the Services available to any third party, except as expressly agreed in writing between the Parties.
4.3 Compliance with Fair Use Policy.
Customer must comply with, and ensure and warrant that all Users shall comply with the Fair Use Policy.
4.4 Reverse engineering.
Customer and the Users may not reverse engineer, decompile, modify, disassemble or otherwise attempt to discover or make derivative works of the source code, underlying ideas, underlying user interface techniques or algorithms of the Services by any means whatsoever, directly or indirectly, or disclose any of the foregoing. Any information supplied by or obtained by Customer may not be disclosed to any third party or used to create any software which is substantially similar to the Services.
4.5 Restrictions of Subscription Plan.
Customer’s use of the Services shall conform with the restrictions as set forth in the Agreement (including but not limited to the Subscription Plan and its corresponding amount of credits for Interactions). Neople may monitor Customer's compliance with these limits and, if Neople detects overuse, require Customer to pay the applicable feed set out in the Agreement. For exceeding the limit of credits for Interactions, the fees mentioned under Article 6.3 second sentence applies.
4.6 Ownership of Existing Data and license to use Data.
Existing Data is and shall remain Customer’s property (including any Intellectual Property Rights associated thereto). To enable Neople to provide Customer with the Services, and subject to the terms and conditions of the Agreement, Customer hereby grants to Neople a non-exclusive right to use, copy, and distribute Data in connection with Neople’s operation of the Services on Customer’s behalf. Furthermore, Customer hereby grants to Neople a non-exclusive worldwide right to use, copy and distribute the Data solely in an anonymized form for further product development.
4.7 Compliance with laws.
Customer, not Neople, shall have sole responsibility for the accuracy, integrity, and reliability of such Existing Data. Transmission or storage of any Existing Data in violation of any Dutch or local laws is strictly prohibited. Neople reserves the right but not the obligation to monitor and edit all Existing Data.
4.8 Obligation to cooperate.
Parties acknowledge that the functioning of Services depends on proper and timely cooperation between the Parties. Customer will always provide any cooperation reasonably required by Neople in a timely manner, including (support for) setting up integrations with Customer’s own or third party systems required to provide Existing Data to the Services.
Article 5. Data Migration
5.1 Existing Data.
For the provision of Migration Services, Customer will provide Neople with its Existing Data after which Neople will carry out an assessment, produce a migration plan if Neople considers one is required, and informs Customer of the timetable as a result of the assessment.
Article 6. Subscription fees, Interactions, prepaid and payment
6.1 Applicable fees.
For the use of the Services, Customer shall pay to Neople the fee(s) as set out in the Agreement.6.2 Indexation. Neople reserves the right at its own discretion to index any fee annually as of January 1st by 5% plus the basis of the CBS Consumer Price Index (CBS Consumentenprijsindex) as published Centraal Bureau voor de Statistiek (CBS Statline).
6.3 Additional charges.
If Customer’s use of the Services exceeds the applicable Subscription Plan and its amount of credits for Interactions or otherwise requires the payment of additional fees (per the terms of the Agreement and/or the then current fees as set out on Neople’s website), Customer shall be billed for such usage and Customer agrees to pay the additional fees in the manner provided therein.
Notwithstanding the foregoing, in the event Customer exceeds the applicable Subscription Plan and its corresponding amount of credits for Interactions, Customer shall be billed for such usage against 125% (one hundred twenty five percent) of the then current fees as set out on Neople’s website.
6.4 Purchase of additional credits for Interactions.
The Customer is entitled to purchase additional credits for Interactions under its Subscription Plan against 125% (one hundred twenty five percent) of the then current fees as set out on Neople’s website.
6.5 Notice of Interactions.
When the Customer has used 75% (seventy-five percent) of its credits for Interactions under its Subscription Plan, Neople shall notify Customer quarterly of the amount of credits of Interactions the Customer still has left under its Subscription Plan.
6.6 Expiration of unused credits for Interactions.
Any unused credits for Interactions under the Subscription Plan shall expire at the end of every 1 (one) year period, without any refund of payment or any other compensation being due.
6.7 Change of fees.
Neople reserves the right to change its fees or applicable charges and to institute new charges and fees at the end of the Initial Term of the Agreement or the then current Renewal Term, upon 30 (thirty) days prior written notice to Customer.
6.8 Discounts.
Any and all discounts provided by Neople under the Agreement are strictly applicable to the Initial Term and are not applicable for any Renewal Term, unless explicitly agreed between the Parties in writing.
6.9 Non-refundable.
Any fees are irrevocable and non- refundable, except as set forth in the Agreement.
6.10 Invoicing.
Neople will invoice Customer on a monthly basis in advance of the relevant billing period, and all such amounts invoiced will be due within 14 (fourteen) days of the invoice date.
6.11 Late payment.
Unpaid amounts are subject to an interest charge of 1.5% (one point five percent) per month on any outstanding balance, or the maximum permitted by law, whichever is lower, plus all expenses of collection.6.12 Taxes. All amounts stated in or in relation to the Agreement are, unless the context requires otherwise, stated exclusive of any applicable value added taxes, which will be added to those amounts and payable by Customer to Neople.
6.13 Suspension rights.
Neople reserves the right, in its discretion, to suspend Customer’s access to the Services if any payment is due but unpaid and Customer has been requested but failed to cure such payment failure. Customer agrees that Neople shall not be liable to Customer nor to any third party for any suspension of Customer’s access to the Services resulting from Customer’s non-payment of Subscription Fees.
Article 7. Intellectual property rights
7.1 Intellectual property rights Neople.
Neople shall retain all right, title and interest (including all Intellectual Property Rights) in and to the Services (including application development, business and technical methodologies, and implementation and business processes, used by Neople to develop or provide the use of the Services), and any and all updates, upgrades, enhancements, customizations, revisions, modifications, future releases and any other changes relating to any of the foregoing. Except for the limited access and use rights granted pursuant to the Agreement, Customer does not acquire any interest in the Services. Customer agrees that any suggestions, enhancement requests, feedback, recommendations or other information provided by Customer or any Users relating to the Services may be used by Neople without restriction or obligation to Customer or any Users. Customer, nor its Users, shall challenge Neople’s right, title and interest (including all Intellectual Property Rights) in and to the Services, nor assist any third party in doing so.
7.2 Infringements.
Customer, nor its Users, shall use the Services (including all Intellectual Property Rights) in any manner that may infringe upon the rights of Neople or any third party.
7.3 Intellectual Property Rights Customer. Customer shall retain any and all of its Intellectual Property Rights to any Existing Data and is responsible for protecting those rights. Neople takes no responsibility and assumes no liability for Existing Data that is uploaded or entered on the Services by Customer or its Users.
7.4 Use of Customer’s name and logo.
Unless otherwise agreed in writing, Neople is granted the non-exclusive right to use the name and logo of Customer for the purposes of marketing and promoting the Services. This right includes, but is not limited to, displaying the Customer’s name and logo on Neople’ s website, promotional materials, and other marketing material. Customer acknowledges that Neople may make reasonable use of the name and logo for the duration of the agreement and any renewal periods, solely for the purpose of promoting the business relationship between the Parties. Neople agrees not to use the name and logo of Customer in any manner that could be deemed derogatory or damaging to Customer's reputation.
Article 8. Uptime and compensation
8.1 Uptime and warranty.
Neople will use its best endeavors in accordance with applicable industry standards to provide and maintain the Services in a manner that minimizes errors and interruptions. Within that context, Neople guarantees 99.5% Uptime each year. Given the innovative nature of the Services, to the extent permitted by law, Neople further disclaims any warranty that (a) the Services will always meet the requirements of Customer; (b) the results to be obtained from the use of the Services will always be effective, accurate or reliable; and/or (c) any errors or defects in the Services will always be corrected.
8.2 Customer’s warranty.
Customer warrants that Customer’s business shall, at all times, comply with, and shall remain solely responsible for compliance with, all applicable laws and regulations, as well as the Fair Use Policy attached hereto as an Annex, in connection with the use of the Services by Customer and its Users. Furthermore, Customer agrees to indemnify and hold Neople and its subsidiaries, affiliates, officers, directors, shareholders, agents, licensors, licensees, suppliers, other partners, employees and representatives harmless from and against any claim, demand, loss, or damages, including any third party or government claims, and any related costs and expenses (including reasonable attorneys’ fees), arising out of or related to Data, Customer’s or its Users use of the Services, or Customer’s violation of the Agreement.
8.3 Right to modification and Downtime.
Neople reserves the right to modify, suspend, or interrupt the operation of the Services at any time, for any reason, and without notice.
8.4 Correction of faults.
Neople will endeavor to correct critical faults in the Services within a reasonable period of time provided that Customer has provided Neople with a detailed written description of the faults in question.
8.5 Updates and upgrades.
Neople will only make updates and/or upgrades available to Customer that Neople also makes available to other customers, at no cost. If Customer desires specific changes to the Services, Neople may implement such changes for an additional fee, but Neople is not obliged to do so.
Article 9. Confidentiality
9.1 Confidential information.
Each Party agrees: (a) to receive and maintain in confidence all Confidential Information disclosed to it by (or on behalf of) the other Party; (b) not to use the Confidential Information of the other Party except to the extent necessary to perform its obligations or exercise rights under the Agreement; (c) to limit the internal dissemination of Confidential Information to those employees and contractors of the recipient who have a need to know and an obligation to protect it; and (d) to protect the confidentiality of Confidential Information in the same manner as it protects the confidentiality of similar information and data of its own (at all times exercising at least a reasonable degree of care in the protection of such Confidential Information).9.2Disclosure on need-to-know basis. Neople may disclose Confidential Information on a need-to-know basis to its contractors who have executed written agreements requiring them to maintain such information in strict confidence and use it only to facilitate the performance of their services for Neople in connection with the performance of the Agreement.9.3 Exclusions. Confidential Information shall not include information that: (i) is known publicly; (ii) is generally known in the industry before disclosure; (iii) has become known publicly, without fault of the receiving Party, subsequent to disclosure by the disclosing Party; or (iv) the receiving Party becomes aware of from a third party not bound by non-disclosure obligations to the disclosing Party and with the lawful right to disclose such information to the receiving Party. If disclosure of Confidential Information is required by law or order of a court or other governmental authority, the Parties agree to give the other Party prompt notice of the receipt of any request for such disclosure.
Article 10. Force majeure
10.1 Force Majeure.
Except for Customer’s obligation to pay Neople, neither Party shall be liable for any failure to perform its obligations under the Agreement if prevented from doing so by an event of Force Majeure.
Article 11. Personal data and security measures
11.1 Privacy laws.
The Parties will at all times comply with their legal obligations with respect to the protection of (personal)data.
11.2 Data Processing Agreement.
Processing of personal data by or on behalf of Neople within the framework of the Agreement takes place in accordance with the Privacy Policy and the data processing agreement, attached hereto as an annex.
11.3 Data minimization.
Customer warrants that its Users shall provide no more personal data than necessary while using the Services, in the context of the data minimization principle of the GDPR.
Article 12. Disclaimer, liability and indemnification
12.1 Neople’s liability
Neople’s total aggregate liability to Customer from all causes of action and under all theories of liability related to the Service will be limited to the compensation as set out in Article 8.3. To the extent permitted by applicable law, in no event shall Neople be liable for personal injury or any incidental, special, indirect, or consequential damages whatsoever, including, without limitation, damages for loss of profits, loss of data (including Data), business interruption, or any other commercial damages or losses, arising out of or related to Customer’s or its Users use or inability to use the Services however caused. Customer may use the Services in conformity with the Agreement at its own discretion and risk. Customer is solely responsible for any damage to or loss of Customer’s computer(s) or Data that directly results from the use of the Services by Customer or its Users. In no event shall Neople be liable for any loss or damage, including loss or damage of Data, of Customer arising from any modification, interruption, corrective or adaptive maintenance or any other servicing by Neople or third party provider.
12.2 Disclaimer.
The Services are AI-powered. Despite the fact that Neople makes every effort to achieve accurate results, Neople does not guarantee that the results are accurate and we cannot guarantee the complete absence of errors or inaccuracies. Therefore, Neople disclaims any liability for any damages or losses incurred as a result of using or relying on AI-powered content.
12.3 No limitation applicable.
The limitations of liability set out in this Article 12 shall not apply if and to the extent that the mandatory law provides that liability cannot be excluded or limited or if the damage is caused due to willfulness or gross intent of a Party.
Article 13. Term and termination
13.1 Effective Date and Renewal.
The Agreement shall come into force upon the Effective Date and shall continue in effect for a period of 12 (twelve) months (the Initial Term). Upon expiration of the Initial Term, the Agreement shall automatically renew with successive renewal terms of 12 (twelve) months (each a Renewal Term).
13.2 Termination for breach.
Notwithstanding Article 13.1, either Party may terminate the Agreement as a result of a material breach of conditions of the Agreement by the other Party, if (a) such Party provides written notification to the other Party of the material breach; and (b) such material breach is not resolved within 30 (thirty) days of notification, or, in the case of a failure to pay Subscription Fees in a timely manner by Customer, after a 10 (ten) day late payment period.
13.3 Termination for convenience.
Customer has the right to terminate the Agreement at any time during the Initial Term or a Renewal Term, but latest 60 (sixty) days before the end of the Initial Term or Renewal Term. The termination will be effective at the end of the Initial Term or Renewal Term as they case may be.
13.4 Effect of termination.
In the event of termination of the Agreement for any reason, Customer’s access and use of the Services shall cease immediately.
13.5 Survival.
All sections of the Agreement which by their nature should survive termination will survive termination, including, without limitation, accrued rights to payment, confidentiality obligations, warranty disclaimers, and limitations of liability. Each Party’s termination rights are in addition to any suspension rights it may have under the Agreement.
Article 14. General provisions
14.1 Entire agreement.
Customer agrees that the Agreement is the complete and exclusive statement of the agreement between Neople and Customer which supersedes any proposal or prior agreement relating to the subject matter of the Agreement.
14.2 Waiver.
The failure by either Party to enforce any rights granted hereunder or to take action against the other Party in the event of any breach of the Agreement will not be deemed a waiver by that Party as to the subsequent enforcement of rights or subsequent actions in the event of future breaches.
14.3 Invalid provisions.
If, for any reason, any provision of the Agreement is held invalid or otherwise unenforceable, such invalidity or unenforceability shall not affect the remainder of the Agreement, and the Agreement shall continue in full force and effect to the fullest extent allowed by law. Both Parties knowingly and expressly consent to the foregoing terms and conditions.
14.4 Dispute resolution.
In case of any disputes arising out of or relating to the Agreement, Neople and Customer shall endeavour to settle such disputes amicably. If Neople and Customer are unable to, the dispute shall be exclusively submitted to the jurisdiction of the competent courts of Rechtbank Oost-Brabant, location ’s-Hertogenbosch, the Netherlands, provided always that, in case Neople is the plaintiff, Neople may at its sole discretion submit any such dispute to the competent courts in the venue of Customer’s registered office or address.
ANNEX: Fair Use PolicyThis Fair Use Policy sets out the rules governing the use of the Services, and the transmission, storage and processing of Data by any Users using the Services.
General usages rules and etiquette
1. Customer’s use of the Services must not cause undue strain or stress on Neople’s network through excessive calls to the Service or other non-standard and/or excessive use.
2. Customer is and Users are expressly prohibited from using the Services for any purpose outside of the intended design and implementation of Customer’s authorized use of the Services. Any replication or use of any aspect of the Services, for any purpose designed or intended to compete with Neople’s solutions is strictly prohibited.
3. Content must be appropriate, civil and tasteful, and accord with generally accepted standards of etiquette and behaviour on the internet.
4. Content must not be offensive, deceptive, threatening, abusive, harassing, menacing, hateful, discriminatory or inflammatory.
5. User must not use the Services to send any hostile communication or any communication intended to insult, including such communications directed at a particular person or group of people.
6. User must not use the Services for the purpose of deliberately upsetting or offending others.
Prohibited activities
1. Transmission or storage of any Data in violation of any Dutch or local laws is strictly prohibited. Neople reserves the right but not the obligation to monitor and edit all Data provided by Users.
2. Customer shall not use the Services (i) for any illegal, malicious, or harmful purpose including but not limited to: using the system to engage in spamming, phishing, scamming, or other fraudulent activities; (ii) to transmit any viruses or other malicious software, or to engage in any activities that could damage, disable, or overburden the Services or any other servers or networks that support it; and/or (iii) to engage in any activities that violate the rights of others (including, but not limited to, infringements of Intellectual Property Rights or privacy rights) or in any activities that are defamatory, abusive, or harassing towards any individual or group.
3. Neople reserves the right to investigate and take appropriate legal action against anyone who violates this article, including but not limited to reporting such activity to law enforcement authorities. Neople also reserves the right to terminate or restrict Customer’s access to the Services at any time, without notice, for any reason, including, but not limited to suspected violations of this article.
Monitoring
1. Neople may actively monitor the Data and the use of the Services, but it is not obliged to do so.Annex: Data processing agreement (DPA)In the context of the execution of the Agreement, Neople also processes personal data on behalf of Customer. Parties are legally required to make and record agreements regarding the processing of personal data by Neople. Customer is considered as Data Controller (or “Controller”) within the meaning of the GDPR. Neople is Data Processor (or “Processor”) within the meaning of the GDPR.
1. Processing of personal data
1.1 Controller shall process personal data in accordance with applicable laws and regulations and has included the categories of data subjects, the type of personal data, and the nature and purpose for which personal data are processed in Annex 1. Processor shall not use personal data for purposes or in ways other than for the purpose for which the personal data has been provided or has become known.1.2 Processor shall process personal data solely on the basis of the written instructions of Controller in the context of the performance of the Agreement and the Services provided, or in connection with a legal obligation.
1.3 Processor shall not provide personal data to a third party unless this exchange takes place at the request of Controller in the context of the performance of the Agreement or when necessary to comply with a legal obligation.
1.4 Processor shall try to minimize the processing of personal data outside the EEA. Upon signing this DPA, the Controller has granted consent for the processing of personal data in the countries listed in Annex 1.
2. Confidentiality
2.1 Processor shall keep personal data that it processes in the context of the Agreement confidential and shall take all necessary measures to ensure the confidentiality of personal data. Processor shall also impose the obligation of confidentiality on its personnel and all others persons engaged with the processing.
2.2 This confidentiality obligation does not apply if Controller has expressly given written consent to provide personal data to a third party, or if there is a legal obligation to provide personal data to a third party.
3. Security of personal data
3.1 The Controller shall ensure the security of personal data in accordance with applicable legal rules and shall take appropriate technical and organizational measures accordingly.
3.2 The Processor shall take, maintain, and, if necessary, adjust technical and organizational measures in accordance with applicable legal rules to ensure a level of security appropriate to the risk. Controller provide the necessary information in a timely manner in the event of changes in the processing of personal data.3.3 When determining security measures, Processor shall take into account the state of the art, the cost of implementation, as well as the nature, scope, context, and processing purposes and the varying likelihood and severity of risks to the rights and freedoms of individuals.
3.4 If Controller wishes to do an assessment (e.g. DPIA) of a proposed processing activity in the context of the Agreement, Processor shall provide all reasonable assistance to carry out this assessment in accordance with applicable laws and regulations. Processor shall also provide all reasonable assistance if prior consultation with the Dutch Data Protection Authority (“AP”) is required under applicable privacy legislation. Controller shall reimburse Processor for the reasonable costs incurred in this context.
3.5 Annex 2 sets out specific technical and organizational security measures implemented by Processor upon signing this DPA. These measures will be periodically evaluated and adjusted by Processor as necessary.
4. Audits
4.1 Controller has the right to carry out an audit to ensure compliance with this DPA, once per year, at its own expense, performed by independent experts. Processor will provide all reasonable cooperation in an audit, including granting access to buildings and databases and making all relevant information available.
4.2 Processor will, in consultation with Controller, implement the recommendations made by the independent experts within a reasonable timeframe, depending on the severity of the findings. If the adjustments are the result of changed insights or legislation, Controller will reimburse the reasonable costs for these adjustments. If the adjustments are the result of a failure to comply with the security requirements of this DPA, Processor will bear these costs.
4.3 In the event of an investigation by the AP or another qualified authority, Processor will provide all reasonable cooperation and inform Controller as soon as possible. The parties will consult with each other on the manner of action and the distribution of costs.
5. Data breaches
5.1 Processor will inform Controller without undue delay, but no later than 24 hours after Processor becomes aware of a data breach concerning the processing of personal data.
5.2 In the event of a data breach, Processor will take all measures to limit the consequences of the incident and prevent a new incident. Processor will provide all cooperation to Controller to assess the data breach and comply with any legal reporting obligations and any obligation to inform data subjects.
5.3 Parties have defined the procedure on the exchange of information relating to incidents in the "Data Breach Notification Procedure" in Annex 3.
6. Data subject requests
6.1 If Processor receives a request or objection from a data subject, such as a request for information, access, rectification, erasure of data, processing restriction, or personal data transfer, Processor will immediately forward the request to Controller.
6.2 Processor will provide Controller with all reasonable cooperation to ensure that Controller can comply with its obligations under the applicable laws and regulations within the legal deadlines. Controller will reimburse Processor for the reasonable costs of this cooperation.
7. Subprocessors
7.1 Processor will engage subprocessors for the processing of personal data with the written consent of Controller. By signing this DPA, Controller grants consent for the subprocessors listed in Annex 1.
7.2 Processor will inform Controller by email about intended additions to the list of subprocessors. The addition of the subprocessor will become final 14 days after notification. Controller may object to the addition of a subprocessor on reasonable grounds within 14 days of notification, after which the parties will consult on the addition of the subprocessor.
7.3 Processor will enter into an agreement with subprocessors that complies with the relevant laws and regulations and this DPA. Processor will, at a minimum, contractually require each subprocessor to comply with confidentiality obligations, notification obligations, and security measures concerning the processing of personal data.
8. Access to personal data
8.1 The control over personal data remains entirely with Controller. Upon request of Controller and for the reimbursement of reasonable costs, Processor will make all or part of personal data available to Controller in a common format.
8.2 Processor will ensure that Controller has access to personal data at all times and will not block this access in case of a dispute between the Parties. Processor will take measures to ensure that Controller continues to have access to personal data in the event of Processor's bankruptcy or suspension of payments.
9. Liability and indemnification
9.1 If a Party fails to comply with this DPA, it is liable for the damages and costs suffered or incurred by the other Party.
9.2 Parties agree to indemnify each other for fines and/or penalties imposed by or on behalf of the AP and/or other qualified authorities, where it has been established that these are attributable to violations of the applicable privacy legislation by the indemnifying party. In order to invoke this indemnification, the indemnified party is required to: (i) immediately inform - the indemnifying party of any investigation or other cause that could lead to an intention of a supervisory authority to impose a fine or penalty; (ii) act and communicate with the supervisory authority in consultation with the indemnifying party, and (iii) object and/or appeal against imposed fines if there is reasonable cause to do so.
10. Duration and termination
10.1 This DPA enters into force on the date of signing and ends automatically upon termination of the Agreement. Obligations with a lasting character remain in force between the parties, such as the confidentiality obligation from article 4 of the DPA.
10.2 Upon termination of the Agreement, at the request of Controller and for the reimbursement of reasonable costs, Processor will make personal data available to Controller in a common format.
10.3 Upon termination of the Agreement, Processor will chose, at its own discretion, to destroy any remaining personal data within 30 days, unless a longer storage period is required by law, or to store the data in an anonymized form that does not allow the identification of individuals. Processor will also ensure the destruction of personal data at subprocessors, unless the data is stored in an anonymized form.
11. Miscellaneous
11.1 In the event of changes in the Services, regulations, or other relevant circumstances affecting the processing of personal data, Parties will consult on any necessary amendment to the DPA. Changes to the text of this DPA can only be agreed upon in writing by the Parties.11.2 Any disputes shall be handled in accordance with the process described in the Terms and Conditions.
DPA - ANNEX
1A. Categories of data subjects
The individuals to whom the personal data pertains are:
- Employees of Controller
- Customers of Controller
B. Types of personal data
Personal data that may be processed by Processor includes:- Name and address data
- Phone number
- Email address
- Messaging IDs of internal communication tools
- IP address
- Personal data provided in questions/requests to a Neople
- Personal data provided in knowledge documents for training a Neople
- Personal data retrieved from integrated systems (e.g. CRM or ERP system)
C. Nature and purpose of processing
Automated answering of questions, requests and general conversation, written in natural language by employees or customers of Controller, related to the services, internal processes, and internal systems of Controller. In some cases, personal data is necessary to provide a correct answer. In some cases, personal data is not strictly necessary to answer the question or request, but is provided by the user anyway. In addition thereto; providing insights obtained from data in Controller’s systems and/or internal and external interactions with customers or employees of Controller, by analyzing (historical) data present in integrated systems.D. Countries where processing takes place
- Netherlands (for processing by Neople, TransIP)
- Countries in the European Union (for processing by Microsoft)
- United States (for processing by OpenAI)
E. Subprocessors
Processor uses the following subprocessors:
- Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855, Luxembourg
- TransIP B.V., Vondellaan 47, 2332 AA Leiden, Netherlands
- Microsoft Corporation, One Microsoft Way, Redmond WA 98052-6399, United States
- OpenAI OpCo LLC, 3180 18th St., San Francisco CA 94110, United States.
- Google Cloud EMEA Limited, 70 Sir John Rogerson's Quay, Dublin 2, Ireland
- Cohere Inc., 171 John Street, Suite 200, Toronto ON M5T 1X3, Canada
- Anthropic PBC, 548 Market St, PMB 90375, San Fransisco CA 94104, United StatesF. Contact information
Contact information for questions or comments about the DPA and Annexes:
- For Processor: Joep Sloot, Privacy & security officer, privacy@neople.io
- For Controller: contact person during negotiation of the Agreement, unless confirmed otherwise by Controller in writing.
DPA - ANNEX 2
The technical and organizational security measures of Processor include, among others:Technical measures
- Role-based access control on all resources.
- Logging of user actions and actions with administrator privileges.
- Mandatory use of TLS 1.2 or higher.
- Logical separation of data at the customer level and individual user level.
- Regular checks for vulnerabilities in the development process.
- Access based on least privilege at the application and network level.
- Encrypted storage is required on employee workstations.
Organizational measures
- Use of unique individual accounts is mandatory where possible.
- Non-personal accounts are secured with a strong unique password of at least 16 characters or a private key.
- Use of password managers is encouraged.
- Training and provision of information on privacy and operational security among employees.
- Use of portable or removable data carriers is not allowed.
- Access pass is strictly personal, and the employee must carry it at all times.
DPA - ANNEX 3
Data Breach Notification Procedure
The following agreements have been made between the Parties with respect to the data breach notification obligation:
- Processor records all data breaches.
- In case of a data breach, Processor informs Controller promptly, but no later than within 24 hours, and will report the relevant information about the incident using a questionnaire similar to the questionnaire of the Dutch Data Protection Authority (AP).
- Controller will assess whether a notification should be made to the Dutch Data Protection Authority. Controller will consult with Processor in this regard.
- Before Controller makes the notification to the Dutch Data Protection Authority, Controller will discuss the content of the notification with Processor.
- If Controller determines that the affected data subjects also need to be informed, Controller will discuss the content of this information with Processor. Processor will provide a list of data subjects affected by the data breach. Controller will inform data subjects as necessary.
Upgrade your e-commerce support by hiring a Neople
Increase customer satisfaction and make your support team’s jobs more fun. Meet Bob, Emily, or Max and find out how they can help you scale support.