Komi Brand Terms

These terms (“Brand Terms”), and the documents we refer to in them, apply to your use of Komi, a company registered in England and Wales ("Service Provider"), and to transactions made with / through Komi(“Komi”).

Please read through our Brand Terms carefully, to understand what we can do for you, how you can use Komi and how transactions through Komi work. When you use Komi you are agreeing to these Brand Terms.

1. About us

Komi App Limited (“we”, “us”) is a company registered in England and Wales, with company number 12268875 and registered address: 21 Bedford Square, London, United Kingdom, WC1B 3HH. Email address: [email protected].

2. About you

You are the client / customer (“You”, “Client”, “Customer”) whose specific details are reflected in the Customer Order Form. Together we will refer to both Komi and The Client as the Parties (“Parties”).

3. Our services

We provide a platform (“Platform”) that enables you to identify and enter into contracts with influencers for the provision of influencer marketing and influencer services (“Services”). While Komi provides the Platform that enables you to connect with Influencers who may provide Services to you, Komi acts as an intermediary only and is not responsible for the provision of any Services provided by the Influencers

4. The Agreement

The term "Agreement" refers collectively to this set of Brand Terms, the Customer Order Form(s), the Data Processing Addendum, and any other agreements, schedules, annexes, or amendments entered into between the Parties from time to time that relate to the provision of services by Komi to the Client. The Agreement constitutes the entire understanding between the Parties regarding the subject matter covered, and any additional agreements or terms signed or accepted by the Parties in relation to the services, including but not limited to subsequent Order Forms or Addendums, will also form part of this Agreement.

5. Payment Terms

5.1: Budget Management: In some cases, it may be necessary for Komi to hold funds on behalf of clients to pay out Influencers for services rendered to Brands.

5.2: Fund Disbursement: The Client agrees to make payments of such amounts and in such manner as are specified in the Order Form

5.3: Invoice payment: Unless otherwise stated in the Order Form, payments are due from the client within 30 days of receiving invoice date and are nonrefundable.

5.4: Late fees: Fees which have not been paid by their due date are subject to an interest rate of 1% per month, or the maximum permitted by law, whichever is lower.

6. Komi and Client Authority and Responsibilities

6.1: Scope of Authority:

1. Information Gathering: Komi will make reasonable efforts to gather information from Influencers needed to organize and run campaigns on behalf of The Client

6.2: Client Responsibilities:

1. Gifting: The Client is responsible for organizing the distribution of gifts to influencers unless otherwise stated in the Order Form
2. Compliance with UK Gambling Act: The Client will ensure that they do not engage with Talent or otherwise use our Platform to promote or engage in any activity that would constitute gaming, betting or lotteries for the purposes of the UK Gambling Act 2005

7. Intellectual Property Rights

7.1: Client Materials: All materials, including data, images, and content provided by the Client to Komi for use in the campaign ("Client Materials"), will remain the exclusive property of the Client. Komi acknowledges that no ownership of Client Materials is transferred by virtue of this Agreement, and any use of Client Materials by Komi will be done only with the Client’s express permission and in accordance with the terms of this Agreement.

7.2: Influencer materials: All materials created by influencers during the campaign will remain the property of the respective influencers. Through individual agreements made with influencers, The Client may be granted a non-exclusive, non-transferable license to use the Influencer Content strictly within the limits of the usage rights agreed upon with each influencer. Any use of Influencer Content beyond the agreed terms may require additional permissions and possibly the payment of additional fees, which the Client acknowledges and agrees to secure at their own expense.

7.3: Our IP: We own, and will continue to own, all intellectual property rights relating to the Platform, API, Templates and Billing, and any new or amended versions we may develop. In addition, we also own all suggestions, ideas, enhancement requests, feedback, recommendations or other information you provide us relating to the Platform.

7.4: Your license: Subject to your compliance with this Agreement, we grant you a limited, non-exclusive, non-transferable, revocable license to use the Platform ​​solely for the purpose of receiving Influencer Services subject to restrictions laid out in clause 14

8. Confidentiality

8.1:  Definition

Confidential Information means all sensitive and proprietary information relating to a party in any media or form, that is marked as confidential or would reasonably be considered as confidential due to the circumstances in which it is shared. This includes information relating to customers and suppliers, employees and officers, products and services, know-how and these Terms.

8.2: Mutual obligations

You and we agree to:

1. maintain the confidentiality of the other party’s Confidential Information using the same degree of care used to protect its own Confidential Information
2. not disclose, copy or modify Confidential Information without the owner’s prior written consent unless it is necessary to fulfill obligations under this Agreement or to comply with applicable laws or regulations, provided that the owner of Confidential Information has been notified before any disclosure has been made (if legally allowed)
3. only disclose the other party’s Confidential Information to employees, affiliates and professional advisers on a ‘need-to-know’ basis who are bound in writing to confidentiality obligations substantially similar to these
4. promptly notify the owner upon becoming aware of any unauthorized use, disclosure, theft or loss of their Confidential Information
5. upon written request from the owner, promptly return or destroy the owner’s Confidential Information and any copies in the receiving party’s possession. This obligation will not apply to Confidential Information a party is required to keep in order to comply with applicable laws and regulations, or to Confidential Information held securely in archival systems

8.3. Exceptions: confidential Information does not include information that:

1. is in the public domain at the time of its disclosure
2. is lawfully received by a third party free of any obligation of confidence at the time of its disclosure
3. is independently developed by a party without access to or use of the other party’s Confidential Information
4. was already in the possession of the receiving party prior to the owner’s disclosure.

8.4: Confidentiality term: the confidentiality obligations of each party will continue for 2 years after the termination of this Agreement.

9. Indemnification​

9.1: Your indemnity: you will defend, indemnify and hold harmless us for all losses and liabilities resulting from:

1. any third party claim that Content infringes that third party’s intellectual property rights,
2. your use of the Platform,
3. your breach of this Agreement and
4. Any breaches made in provisioning the services of influencers of applicable laws, rules and regulations, including but not limited to the UK Non-broadcast Advertising and Direct Promotional Marketing Code (“CAP Code”); Consumer Rights Act 2015; Consumer Protection from Unfair Trading Regulations 2008 (“CPUT Regulations”); Direct Marketing Association code of conduct ; Gambling Act 2005; UK GDPR and Data Protection Act 2018; Electronic Commerce (EC Directive) Regulations 2002; the EU Digital Services Act; the UK Online Safety Act 2023; the Equality Act 2010, U.S. sweepstakes and lottery laws and the U.S. Federal Trade Commission’s Guides Concerning Use of Endorsements and Testimonials in Advertising.

9.2: Exclusions. Our indemnity above does not apply:

1. to those parts of the Platform which are not supplied by us, made in accordance with your specifications, modified after delivery, or combined with other products, processes or materials and the alleged infringement is related to that combination,
2. where you continue to use the infringing part of the Platform after being informed of the infringement or the modifications to avoid it,
3. where your use of the Platform is not in line with this Agreement.

9.3: Remedies: If we believe the Platform may infringe third party intellectual property rights, we may:

1. replace or modify the Platform so they are no longer infringing, provided that the Platform will still have substantially similar features and functionality
2. obtain a license for you to continue using the Platform
3. terminate this Agreement by giving you written notice and refund you any prepaid, unused fees on a pro rata basis for the remainder of the Service Term

9.4: Sole remedy: This clause will be your sole and exclusive remedy and our entire liability for any third party intellectual property infringement claims under this Agreement.

10. Liability​

10.1: Liability cap: Our total liability to you will not exceed the amount of fees paid by you to us during the 12 months before the date on which the claim arose.

10.2: Indirect losses: We will not be liable for any:

1. To the fullest extent allowed by law, Komi shall not be liable under or in connection with this Agreement, whether in contract, tort (including negligence), breach of statutory duty, strict liability or other legal or equitable theory or otherwise for: (i) loss of revenues, profits, business, business opportunity, goodwill or reputation; (ii) loss of anticipated savings or wasted expenditure or costs of procuring any substitute services, (iii) interruption of use or loss, damage or corruption of data or software; or (iv) any incidental, indirect, special, punitive or consequential damages.
2. Komi shall not be liable if it is unable to perform, or is delayed in performing, any of its obligations (other than payment obligations) under this Agreement due to an event beyond its reasonable control. Komi shall promptly give notice to the Brand of the event and shall use commercially reasonable efforts to promptly resume performance.

11. Third party services​

11.1: Third party services: The Platform may be supported by and operate with application programming interfaces and other third party services. We are not liable for any third party services, or the availability and operation of the Services to the extent they depend on them. You are responsible for obtaining any rights or licenses necessary for your access to third party services and for complying with their terms.

12. Other important terms​

12.1: Publicity: You agree that we may disclose that you are one of our customers in our advertising or promotional material, we may request your participation in a case study about your use of our Platform, which we may use and distribute for our advertising and promotional materials.

12.2: Assignment: We may assign, sub-contract or transfer any of our rights under this Agreement. You may not assign, sub-contract or transfer rights and obligations under this Agreement without our prior written consent.

12.3: Amendments: Any amendments to this Agreement must be in writing and signed by an authorized representative of each party.

12.4: Severance: If any provision of this Agreement is held invalid, illegal or unenforceable, that provision will be deleted without affecting the rest of the Agreement.

12.5: Entire agreement: The Agreement constitutes the entire agreement between the parties and supersedes all prior discussions and agreements relating to the subject matter.

12.6: Notices: Any notice given under this Agreement must be in writing, signed by a party’s authorized representative, delivered by hand or post to the other party’s registered office (or other address specified by the other party for that purpose) and will be considered received:

1. at the time of delivery, if delivered by hand
2. 48 hours after posting if delivered by post​

12.7: No partnership or agency: Nothing in this Agreement is intended to create a partnership or legal relationship of any kind. Each party confirms it is acting on its own behalf and not for the benefit of any other person or entity.

12.8:. Third parties: No one other than a party to this Agreement has the right to enforce any of its terms.

12.9: Accrued rights and liabilities: Termination or expiry of this Agreement will not affect any rights or liabilities that have accrued up to the date of expiry.

12.10: No waiver: If a party fails to enforce a right under this Agreement, that is not a waiver of that right at any time.

12.11: Equitable relief: The parties may seek injunctive relief or specific performance to enforce their rights under this Agreement in addition to other remedies.

13. Warranties

13.1: Your warranties: You represent and warrant that you have all rights, title and interests to all data and information you upload to the Platform (your Content) and which we process in order to provide you with the Platform.

13.2. Our warranties. We will:

1. not knowingly include in the Platform any viruses or other malicious code that would cause intentional harm to a computer network or system, including security or user data (our Security Warranty)
2. use reasonable efforts in line with prevailing industry standards to maintain the Platform in a way that minimizes errors and interruptions
3. carry out any Services in a professional and workmanlike manner.

13.3. Security Warranty.

If we fail to comply with the Security Warranty, you may notify us in writing with details of the breach and, within 30 days of receiving your notification, we will either correct that failure or provide you with a plan for how we intend to correct it. If the breach is not corrected or we do not provide a reasonably acceptable plan to correct it within that period, you may terminate this Agreement as your sole and exclusive remedy for our breach of the Security Warranty.

​13.4. Maintenance.

Platform may be temporarily unavailable for maintenance (either scheduled or in an emergency), but we will use reasonable efforts to give you advance notice of any scheduled disruption.

13.5. Disclaimer of warranties.

Except as expressly set out in this Agreement and to the fullest extent permitted by applicable law, the Platform is provided “as is”. All warranties, conditions, terms or obligations, whether expressed or implied, including any implied terms relating to merchantability, fitness for a particular purpose, ability to achieve a particular result or non-infringement, are excluded to the fullest extent legally permissible

13.6. Compliance with local laws and regulations.

You will ensure that each of your advertisements, campaigns and promotions, comply with all applicable laws and regulations, including without limitation the UK Non-broadcast Advertising and Direct Promotional Marketing Code (“CAP Code”); Consumer Rights Act 2015; Consumer Protection from Unfair Trading Regulations 2008 (“CPUT Regulations”); Direct Marketing Association code of conduct ; Gambling Act 2005; UK GDPR and Data Protection Act 2018; Electronic Commerce (EC Directive) Regulations 2002; the EU Digital Services Act; the UK Online Safety Act 2023; and the Equality Act 2010, and in particular, that the Brand will not engage in or facilitate a commercial practice which is a misleading act or omissions.

14. Duration and Termination

14.1: Term: This Agreement will continue for the Term set out in the Order Form, unless it is terminated earlier in line with this Agreement.

14.2: Termination for cause: Either party may terminate this Agreement immediately by giving written notice to the other if the other party:

1. commits a material breach of this Agreement incapable of remedy, or if it is capable of remedy, fails to remedy it within 30 days of being notified of the breach
2. becomes subject to, or is reasonably likely to become subject to, an insolvency, bankruptcy, administration, receivership or other similar event.

14.3: Survival: Any terms which are intended to survive termination of this Agreement will remain in full force and effect.

15. Restrictions and client responsibilities

15.1: You agree to use the Platform in accordance with this Agreement and any applicable laws. When using our Platform, you must not actually or attempt to:

1. Interfere with or damage any part of the Platform, our equipment, network, software or storage agreements, or introduce malware, viruses, Trojans or other technologically harmful or damaging material,
2. Rent, license or re-sell the Platform or any part of it,
3. Decompile, probe, scan or test the vulnerability of our systems or networks, breach or circumvent any security or authentication measures protecting the Platform, reverse engineer, disassemble, data scrape, script, automate or adapt the Platform or any part of it,
4. Use the Platform for benchmarking purposes or to build a competitive product or service,
5. Use the Platform for any illegal activities or to abuse, harm, harass or exploit other users, access another account without permission or distribute spam,
6. Take, upload, publish or transmit any screenshots, screen captures, reproductions, drawings photos, videos, downloads or data of any part of the Platform unless we have consented to this,
7. Copy, duplicate, modify, create derivative works from or distribute all or any portion of the Platform except to the extent expressly set out in this Agreement,
8. Access the Platform other than as provided under this Agreement,
9. Impersonate or misrepresent yourself or your business, and
10. Encourage or assist any other user or third party to do any of the above.

15.2: You will designate an employee who will be responsible for all matters relating to this Agreement (the point of contact set out in the Order Form) and agree to notify us in writing immediately if this point of contact changes so that we can perform our obligations under the Agreement

15.3 The Client agrees to promptly provide any information, approvals, feedback, decisions, or materials reasonably requested by Komi in order to enable Komi to perform its obligations under this Agreement. The Client shall provide such requested materials or responses within ten (10) business days of receiving the request. If the Client is unable to provide a substantive response within this ten (10) day period, the Client must notify Komi within five (5) business days of receiving the request, explaining the reason for the delay. Komi may, at its sole discretion, grant an extension, which shall not be unreasonably withheld.

Failure by the Client to meet these deadlines may result in delays for which Komi shall not be held liable. Additionally, Komi reserves the right to suspend or terminate its obligations under this Agreement in the event of non-compliance by the Client. The Client shall remain responsible for the full payment of the contract value, regardless of whether Komi completes the project, if the delay or failure to provide requested materials results from the Client’s non-compliance.

15.4: If it is required under any applicable financial regulations, you may be requested to provide information during the registration process such as completing Know Your Customer (KYC) / Know Your Business (KYB) checks, before being given access to the Platform.

16. Force Majeure

Neither party shall be liable for any failure to perform its obligations where such failure is as a result of Acts of God (including fire, flood, earthquake, storm, hurricane, or other natural disasters), war, invasion, act of foreign enemies, hostilities (whether war is declared or not), civil war, rebellion, revolution, insurrection, military or usurped power, or confiscation, terrorist activities, nationalization, government sanction, block, blockage, embargo, labor dispute, strike, lockout, or interruption or failure of electricity or telephone service.

17. Komi’s role

17.1 Relationship Establishment: Komi facilitates the connection between the Client and independent third-party influencers.

17.2 Non-Agency: Komi is not an agent, principal, or partner of any Influencers contracted by The Client. Komi does not have control over the quality, timing, legality, failure to provide, or any other aspect whatsoever of any services provided by Influencers nor of the integrity, responsibility, or any of the actions or omissions whatsoever of any Influencers.

18. Miscellaneous

18.1: Governing Law: Each party irrevocably agrees that the courts of England and Wales shall have exclusive  jurisdiction to settle any dispute or claim (including non-contractual disputes or claims) arising out of or in connection with this Agreement or its subject matter or formation.

18.2: Non-solicitation: During the term of this Agreement and for [12] months thereafter, You shall not directly or indirectly, without Komi’s prior written consent, solicit, induce, recruit, negotiate with, or enter into any agreement with any Influencer on Komi with respect to the provision of any goods or services by the Influencer except via the Platform.

19. Glossary of Terms

1. Material Breach: A significant failure to meet the obligations set forth in this Agreement, which substantially impacts the ability of one party to perform its duties.
2. Influencer: An individual with the capability to affect the purchasing decisions of others because of their authority, knowledge, position, or relationship with their audience.
3. Order form: a signed contract between a Brand and Komi specifying a specific commercial relationship. Collectively, the Order form and these Brand Terms make up “The Contract”

Schedule 1

DATA PROCESSING ADDENDUM

This Data Processing Addendum (including all Schedules attached hereto, the (“DPA”) is incorporated into, and is subject to the terms and conditions of, the Komi Brand Terms (“Agreement”) between Komi App Limited (“Company”) and the entity identified as the Client in the Agreement (“Client”). This DPA applies to the extent Company’s Processing of Fan Personal Data is subject to the Data Protection Laws. This DPA shall be effective for the term of the Agreement.

1. Definitionssome text
   1. “Controller” means the entity which determines the purposes and means of the Processing of Personal Data.
   2. “Fan Personal Data” means the Personal Data described under Schedule 1 to this DPA.
   3. “Data Protection Laws” means all laws and regulations, including laws and regulations of: (i) the European Union, the European Economic Area and their member states, Switzerland and the United Kingdom; (ii) the United States (including, but not limited to the California Consumer Privacy Act as amended by the California Privacy Rights Act (“CCPA”)); and (iii) any other jurisdiction in which the parties operate, all (i)–(iii) applicable to the Processing of Personal Data under the Agreement.
   4. “Data Subjects” means the individuals identified in Schedule 1.
   5. “EU SCCs” means the Standard Contractual Clauses approved with Commission Implementing Decision (EU) 2021/914 of June 4, 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council, as amended, supplemented, updated or replaced from time to time;
   6. “GDPR” means the General Data Protection Regulation (EU) 2016/679 together with any national implementing laws in any member state of the EEA (“EU GDPR”) and the EU GDPR as incorporated into the laws of the United Kingdom (“UK GDPR”);
   7. “Personal Data” and “Processing” will each have the meaning given to them in the Data Protection Laws. The term “Personal Data” includes “personal information,” “personally identifiable information,” and equivalent terms as such terms may be defined by the Data Protection Laws.
   8. “Personal Data Breach” means a material breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to Fan Personal Data.
   9. “Processor” means the entity which Processes Personal Data on behalf of the Controller.
   10. “Sell” has the meaning given in the Data Protection Laws.
   11. “Service” means the services provided by Company to Client pursuant to the Agreement.
   12. “Share” has the meaning given in the CCPA.
   13. “UK Addendum” means the International Data Transfer Addendum to the EU SCCs, issued by the UK Information Commissioner for parties making restricted transfers, which entered into force on 21 March 2022 (collectively, with the EU SCCs, “the SCCs”)

Capitalized terms not otherwise defined herein shall have the meaning given to them in the Agreement.

2. Processing of Fan Personal Datasome text
   1. The details of Company’s Processing of Fan Personal Data are described in Schedule 1.
   2. Company will only Process Fan Personal Data as a Processor on behalf of and in accordance with Client’s prior written instructions, including any instructions provided through Client’s use of the Service. Client hereby instructs Company to Process Fan Personal Data to the extent necessary to provide the Service as set forth in the Agreement and this DPA. Company shall not (1) retain, use, or disclose Fan Personal Data other than as provided for in the Agreement, as needed to provide the Service, or as otherwise permitted by Data Protection Laws; (2) retain, use, or disclose Fan Personal Data outside of the direct business relationship between Client and Company, including by combining Fan Personal Data with Personal Data Company receives from third parties, other than Client, except as permitted by the Data Protection Laws; or (3) Sell or Share Fan Personal Data. Upon notice to Company, Client may take reasonable and appropriate steps to remediate Company’s use of Fan Personal Data in violation of this DPA.
   3. Company will immediately inform Client if, in its opinion, an instruction from Client infringes the Data Protection Laws. If applicable laws preclude Company from complying with Client’s instructions, Company will inform Client of its inability to comply with the instructions, to the extent permitted by law.
   4. Each of Client and Company will comply with their respective obligations under the Data Protection Laws. Company shall notify Client if it determines that it cannot meet its obligations under the Data Protection Laws. Client has the right to take reasonable steps to ensure that Company uses Fan Personal Data in a manner consistent with Client’s obligations under Data Protection Laws by exercising Client’s audit rights in Section 10.
3. Cross-Border Transfers of Personal Datasome text
   1. With respect to Fan Personal Data originating from the European Economic Area (“EEA”) that is transferred from Company to Client in a country outside of the EEA, to the extent required under Data Protection Law, the parties agree to comply with “Module Four” (Processor to Controller) of the EU SCCs, which are incorporated herein by reference, with Company as the “data exporter” and Client as the “data importer.”
   2. For purposes of the EU SCCs the parties agree that:some text
      1. In Clause 7, the optional docking clause will not apply.
      2. In Clause 11, the optional language will not apply.
      3. For the purposes of Clause 15(1)(a), Company shall notify Client and/or Client (only) and not the Data Subject(s) in case of government access requests and Client and/or Client shall be solely responsible for promptly notifying the affected Data Subjects as necessary.
      4. In Clause 17, Option 1 applies and the EU SCCs shall be governed by the courts of United Kingdom.
      5. In Clause 18(b), the parties agree to submit to the jurisdiction of the courts of United Kingdom.
      6. In Annex I, Section A (List of Parties), (i) the Company is the data exporter and Client is the data importer and their identity and contact details and, where applicable, information about their respective data protection officer and/or representative in the EEA are those set forth in the Agreement or as otherwise communicated by each party to the other party; (ii) Client is a Controller, and Company is a Processor; (iii) the activities relevant to the data transferred under the EU SCCs relate to the provision of the Service pursuant to the Agreement; and (iv) entering into this DPA shall be treated as each party’s signature of Annex I, Section A, as of the effective date of this DPA.
      7. In Annex I, Section B (Description of Transfer): (i) Schedule 1 to this DPA describes Company’s Processing of Fan Personal Data; (ii) the frequency of the transfer is continuous (for as long as Client uses the Service); (iii) Fan Personal Data will be retained in accordance with Clause 8.5 of the EU SCCs and this DPA;
      8. In Annex I, Section C (Competent Supervisory Authority), the competent supervisory authority is identified in accordance with Clause 13 of the EU SCCs.
4. Confidentiality and Securitysome text
   1. Company will require Company’s personnel who access Fan Personal Data to commit to protect the confidentiality of Fan Personal Data.
   2. Company will implement commercially reasonable technical and organisational measures that are designed to protect against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Fan Personal Data.
   3. To the extent required by Data Protection Laws, Company will provide Client with reasonable assistance as necessary for the fulfilment of Client’s obligations under Data Protection Laws to maintain the security of Fan Personal Data.
5. Sub-Processingsome text
   1. Client agrees that Company may engage Sub-Processors to Process Fan Personal Data on Client's behalf. Company’s current list of Sub-Processors is available at https://komi.io/privacy-policy.pdf (the “Sub-Processor List”).
   2. Company will impose on its Sub-Processors substantially the same data protection obligations that apply to Company under this DPA. Company will be liable to Client for its Sub-Processors’ acts or omissions as it would be for its own.
   3. The parties agree that the copies of the Sub-Processor agreements that must be provided by Company to Client pursuant to the SCCs, if applicable, may have commercial information or clauses unrelated to the SCCs removed by Company beforehand; and, that such copies will be provided by Company, in a manner to be determined in its discretion, only upon Client’s written request.
6. Data Subject Rights

Client is responsible for responding to any Data Subject requests relating to Fan Personal Data (“Requests”). If Company receives any Requests during the term, Company will advise the Data Subject to submit the request directly to Client. Company will provide Client with self-service functionality or other reasonable assistance to permit Client to respond to Requests.

7. Personal Data Breaches

Upon becoming aware of a Personal Data Breach affecting Fan Personal Data, Company will (i) promptly take measures designed to remediate the Personal Data Breach and (ii) notify Client without undue delay. Client is solely responsible for complying with Personal Data Breach notification requirements applicable to Client. Client may request that Company reasonably assist Client’s efforts to notify Personal Data Breaches to the competent data protection authorities and/or affected Data Subjects, if Client is required to do so under the Data Protection Laws. Company’s notice of or response to a Personal Data Breach under this Section 7 will not be an acknowledgement or admission by Company of any fault or liability with respect to the Personal Data Breach.

8. Data Protection Impact Assessment; Prior Consultation

Client may request reasonable assistance from Company in connection with conducting data protection impact assessments and consultation with data protection authorities if Client is required to engage in such activities under applicable Data Protection Laws and the data protection impact assessment or consultation relate to the Processing by Company of Fan Personal Data.

9. Deletion of Fan Personal Data

Client instructs Company to delete Fan Personal Data within 90 days of the termination of the Agreement and delete existing copies unless applicable law requires otherwise. The parties agree that the certification of deletion described in the SCCs, if applicable, shall be provided only upon Client’s written request. Notwithstanding the foregoing, Company may retain Fan Personal Data to the extent and for the period required by applicable laws provided that Company maintains the confidentiality of all such Fan Personal Data and Processes such Fan Personal Data only as necessary for the purpose(s) specified in the applicable laws requiring its storage.

10. Audits some text
    1. Client may audit Company’s compliance with its obligations under this DPA up to once per year. In addition, Client may perform more frequent audits (including inspections) in the event: (1) Company suffers a Personal Data Breach affecting Fan Personal Data; (2) Client has genuine, documented concerns regarding Company’s compliance with this DPA or the Data Protection Laws; or (3) where required by the Data Protection Laws, including where mandated by regulatory or governmental authorities with jurisdiction over Fan Personal Data. Company will contribute to such audits by providing Client or Client’s regulatory or governmental authority with the information and assistance reasonably necessary to conduct the audit, including any relevant records of Processing activities applicable to the Service, as described below.
    2. To request an audit, Client must submit a detailed proposed audit plan to [email protected] at least one month in advance of the proposed audit start date. The proposed audit plan must describe the proposed scope, duration, start date of the audit, and the identity of any third party Client intends to appoint to perform the audit. Company will review the proposed audit plan and provide Client with any concerns or questions (for example, Company may object to the third party auditor as described in Section 10.3, provide an Audit Report as described in Section 10.4, or identify any requests for information that could compromise Company confidentiality obligations or security, privacy, employment or other relevant policies). The parties will negotiate in good faith to agree on a final audit plan at least two weeks in advance of the proposed audit start date.  Nothing in this Section 10 shall require Company to breach any duties of confidentiality.
    3. Company may object to third party auditors that are, in Company’s reasonable opinion, not suitably qualified or independent, a competitor of Company, or otherwise manifestly unsuitable. Client will appoint another auditor or conduct the audit itself if the parties cannot resolve Company’s auditor objection after negotiating in good faith.
    4. If the requested audit scope is addressed in an SSAE 18/ISAE 3402 Type 2, ISO, NIST or similar audit report performed by a qualified third party auditor on Company’s systems that Process Fan Personal Data (“Audit Reports”) within twelve (12) months of Client’s audit request and Company confirms there are no known material changes in the controls audited, Client agrees to accept the Audit Report in lieu of requesting an audit of the controls covered by the Audit Report.
    5. The audit must be conducted at a mutually agreeable time during regular business hours at the applicable facility, subject to the agreed final audit plan and Company’s health and safety or other relevant policies. The audit may not unreasonably interfere with Company business activities.
    6. Any audits are at Client’s expense and Client will promptly disclose to Company any perceived non-compliance or security concerns discovered during the audit, together with all relevant details.
    7. The parties agree that the audits described in the SCCs, if applicable, shall be performed in accordance with this Section 10.
11. Liabilitysome text
    1. Each party’s liability towards the other party under or in connection with this DPA will be limited in accordance with the provisions of the Agreement.
    2. Client acknowledges that Company is reliant on Client for direction as to the extent to which Company is entitled to Process Fan Personal Data on behalf of Client in performance of the Service. Consequently, Company will not be liable under the Agreement for any claim brought by a Data Subject arising from (a) any action or omission by Company in compliance with Client’s instructions or (b) from Client’s failure to comply with its obligations under the Data Protection Laws.
12. General Provisions

With regard to the subject matter of this DPA, in the event of inconsistencies between the provisions of this DPA and the Agreement, the provisions of this DPA shall prevail. In the event of inconsistencies between the DPA and the SCCs, the SCCs will prevail.

SCHEDULE 2

Details of Processing

1. Categories of Data Subjects. end users of the Komi Platform or “Fans”
2. Types of Personal Data. names, email addresses, phone numbers and marketing preferences
3. Subject-Matter and Nature of the Processing. Fan Personal Data will be subject to the Processing activities that Company needs to perform in order to provide the Service pursuant to the Agreement.
4. Purpose of the Processing. Company will Process Fan Personal Data for purposes of providing the Service as set out in the Agreement.
5. Duration of the Processing. Fan Personal Data will be Processed for the duration of the Agreement.