Komi Brand Terms

These terms (“Brand Terms”), and the documents we refer to in them, apply to The Client’s use of Komi, a company registered in England and Wales (“Service Provider”), and to transactions made with / through Komi (“Komi”).

Please read through our Brand Terms carefully, to understand what we can do for The Client, how The Client can use Komi and how transactions through Komi work. When The Client uses Komi The Client agrees to these Brand Terms.

1. About Us

Komi App Limited (“we”, “us”) is a company registered in England and Wales, with company number 12268875 and registered address: 21 Bedford Square, London, United Kingdom, WC1B 3HH. Email address: [email protected].

2. About The Client

The Client is the client / customer (“The Client”) whose specific details are reflected in the Customer Order Form. Together we will refer to both Komi and The Client as the Parties (“Parties”).

3. Glossary of Terms

  1. Brand-Influencer Contract: A direct, bilateral contract between the Client and an Influencer formed through or facilitated by the Platform, as described in clause 6.; 
  2. Consumer Personal Data: The categories of personal data described in Schedule 2 to the Data Processing Addendum, being personal data relating to individuals who are members of the audience targeted or reached through influencer campaigns facilitated by the Platform.; 
  3. Influencer: An individual with the capability to affect the purchasing decisions of others because of their authority, knowledge, position, or relationship with their audience.; 
  4. Influencer Services: The influencer marketing and promotional services provided by an Influencer to the Client pursuant to a Brand-Influencer Contract.; 
  5. Material Breach: A significant failure to meet the obligations set forth in this Agreement, which substantially impacts the ability of one party to perform its duties.; 
  6. Order Form: A signed contract between the Client and Komi specifying a specific commercial relationship. Collectively, the Order Form and these Brand Terms make up “The Contract”.; 
  7. Platform: The technology platform operated by Komi through which the Client identifies Influencers, enters into Brand-Influencer Contracts, and manages influencer campaigns.; 
  8. Platform Services: The technology, tools, and services provided by Komi to the Client through the Platform, as described in these Brand Terms and the relevant Order Form.

4. The Agreement

The term “Agreement” refers collectively to this set of Brand Terms, the Customer Order Form(s), the Data Processing Addendum, and any other agreements, schedules, annexes, or amendments entered into between the Parties from time to time that relate to the provision of services by Komi to the Client. The Agreement constitutes the entire understanding between the Parties regarding the subject matter covered, and any additional agreements or terms signed or accepted by the Parties in relation to the services, including but not limited to subsequent Order Forms or Addendums, will also form part of this Agreement.

5. Our Services

We provide a technology platform (“Platform”) that enables the Client to identify influencers and to enter into direct contracts with those influencers for the provision of influencer marketing services (“Influencer Services”). Komi is a technology platform provider only. Komi is not a party to any contract between the Client and any Influencer, does not guarantee or warrant the performance of any Influencer, and has no obligation or liability in respect of the Influencer Services provided by any Influencer.

6. Brand-Influencer Contracts

6.1 When the Client uses the Platform to engage with Influencers, each such engagement constitutes a separate, direct, bilateral contract between the Client and the relevant Influencer (each, a “Brand-Influencer Contract”). Komi is not a party to any Brand-Influencer Contract and has no obligations or liabilities under or in connection with it, whether as to performance, quality, legality, or otherwise.

6.2 Komi’s role is limited to providing the Platform technology through which Brand-Influencer Contracts are initiated, managed, and administered. Komi’s facilitation of a Brand-Influencer Contract does not constitute Komi as an agent, broker, guarantor, franchisor, joint venturer, or co-contractor in respect of any Influencer’s obligations to the Client or the Client’s obligations to any Influencer.

6.3 The Client is solely responsible for reviewing, negotiating, approving, and enforcing its Brand-Influencer Contracts. The Client acknowledges that Komi does not verify, warrant, or guarantee the legal enforceability of any Brand-Influencer Contract or the performance of any Influencer under it. The Client should seek its own legal advice where required in respect of the terms of any Brand-Influencer Contract.

6.4 In the event of any dispute between the Client and an Influencer arising out of or in connection with a Brand-Influencer Contract, that dispute is solely between the Client and the Influencer. Komi shall have no liability in respect of such a dispute. The Client shall not join, imply, or assert Komi as a party to any proceedings or claims arising out of any Brand-Influencer Contract.

7. Komi’s Role

7.1 Relationship Establishment: Komi facilitates the connection between the Client and independent third-party Influencers by providing the Platform. Komi does not introduce, recommend, or warrant any particular Influencer’s suitability for any campaign, and the Client’s decision to engage any Influencer is made at the Client’s own discretion and risk.

7.2 Non-Agency: Komi is not an agent, principal, partner, franchisor, or co-contractor of any Influencer contracted by The Client. Komi does not have control over the quality, timing, legality, failure to provide, or any other aspect whatsoever of any Influencer Services provided by Influencers, nor of the integrity, responsibility, or any actions or omissions whatsoever of any Influencers.

8. Payment Terms

Fees Payable to Creators

8.1 The Client shall pre-fund all fees payable to creators through the KOMI Influencer Marketing Platform prior to confirmation of any influencer engagement. No influencer shall be confirmed or activated until such funds have been received in full by KOMI.

8.2 Fees will be held by Komi on behalf of the Client until disbursement. Fees shall be disbursed to the relevant Influencer following the Client’s confirmation of the Influencer’s deliverables through the Platform. If the Client does not raise an objection within a reasonable time, the Influencer shall be deemed confirmed and fees will be disbursed accordingly.

Platform Fees and Commission on Influencer Spend

8.3 In addition to influencer fees, the Client shall pay platform and service fees as detailed in the Order Form.

8.4 Invoice Payment: Unless otherwise stated in the Order Form, all platform and service fee invoices are due within 30 days of the invoice date and are non-refundable.

8.5 Late Fees: Fees which have not been paid by their due date are subject to interest at a rate of 4% per annum above the Bank of England base rate, accruing on a daily basis from the due date until the date of actual payment (whether before or after judgment). Komi also reserves the right to suspend access to the Platform until all overdue amounts (including accrued interest) have been paid in full, and to recover from the Client any reasonable costs incurred in recovering overdue amounts.

9. Client Responsibilities and Restrictions

9.1 The Client agrees to use the Platform in accordance with this Agreement and any applicable laws. When using the Platform, The Client must not actually or attempt to:

  1. Interfere with or damage any part of the Platform, our equipment, network, software or storage agreements, or introduce malware, viruses, Trojans or other technologically harmful or damaging material; 
  2. Rent, licence or re-sell the Platform or any part of it; 
  3. Decompile, probe, scan or test the vulnerability of our systems or networks, breach or circumvent any security or authentication measures protecting the Platform, reverse engineer, disassemble, data scrape, script, automate or adapt the Platform or any part of it; 
  4. Use the Platform for benchmarking purposes or to build a competitive product or service; 
  5. Use the Platform for any illegal activities or to abuse, harm, harass or exploit other users, access another account without permission or distribute spam; 
  6. Take, upload, publish or transmit any screenshots, screen captures, reproductions, drawings, photos, videos, downloads or data of any part of the Platform unless we have consented to this; 
  7. Copy, duplicate, modify, create derivative works from or distribute all or any portion of the Platform except to the extent expressly set out in this Agreement; 
  8. Access the Platform other than as provided under this Agreement; 
  9. Impersonate or misrepresent itself or The Client’s business; or; 
  10. Encourage or assist any other user or third party to do any of the above.

9.2 The Client will designate an employee who will be responsible for all matters relating to this Agreement (the point of contact set out in the Order Form) and agree to notify us in writing immediately if this point of contact changes so that we can perform our obligations under the Agreement.

9.3 The Client is responsible for organising the distribution of gifts or product samples to Influencers unless otherwise stated in the Order Form.

9.4 The Client will ensure that it does not engage any Influencer or otherwise use the Platform to promote or engage in any activity that would constitute gaming, betting or lotteries for the purposes of the UK Gambling Act 2005.

9.5 The Client agrees to promptly provide any information, approvals, feedback, decisions, or materials reasonably requested by Komi in order to enable Komi to perform its obligations under this Agreement. The Client shall provide such requested materials or responses within five (5) business days of receiving the request. If The Client is unable to provide a substantive response within this period, The Client must notify Komi within two (2) business days of receiving the request, explaining the reason for the delay. Komi may, at its sole discretion, grant an extension, which shall not be unreasonably withheld.

Failure to meet these deadlines may result in delays for which Komi shall not be held liable. Komi reserves the right to suspend or terminate its obligations under this Agreement in the event of continued non-compliance. The Client shall remain responsible for the full payment of any fees committed under this Agreement regardless of whether Komi is able to complete the relevant services if the delay or failure is due to The Client’s non-compliance with this clause.

9.6 If required under any applicable financial regulations, The Client may be requested to provide information such as completing Know Your Customer (KYC) or Know Your Business (KYB) checks during the registration process, before being given access to the Platform.

10. Intellectual Property Rights

10.1 Client Materials: All materials, including data, images, and content provided by the Client to Komi for use in the campaign (“Client Materials”), will remain the exclusive property of the Client. Komi acknowledges that no ownership of Client Materials is transferred by virtue of this Agreement, and any use of Client Materials by Komi will be done only with the Client’s express permission and in accordance with the terms of this Agreement.

10.2 Influencer Materials: All materials created by Influencers during the campaign will remain the property of the respective Influencers. Through individual Brand-Influencer Contracts made directly with Influencers, The Client may be granted a non-exclusive, non-transferable licence to use the Influencer Content strictly within the limits of the usage rights agreed upon with each Influencer. Any use of Influencer Content beyond the agreed terms may require additional permissions and possibly the payment of additional fees, which the Client acknowledges and agrees to secure at their own expense.

10.3 Our IP: We own, and will continue to own, all intellectual property rights relating to the Platform, API, Templates and Billing, and any new or amended versions we may develop. In addition, we also own all suggestions, ideas, enhancement requests, feedback, recommendations or other information The Client provide us relating to the Platform.

10.4 The Client’s Licence: Subject to The Client’s compliance with this Agreement, we grant The Client a limited, non-exclusive, non-transferable, revocable licence to use the Platform solely for the purpose of facilitating Influencer Services pursuant to Brand-Influencer Contracts entered into under clause 6, subject to the restrictions laid out in clause 14.

11. Confidentiality

11.1 Definition: Confidential Information means all sensitive and proprietary information relating to a party in any media or form, that is marked as confidential or would reasonably be considered as confidential due to the circumstances in which it is shared. This includes information relating to customers and suppliers, employees and officers, products and services, know-how and these Terms.

11.2 Mutual Obligations: The Client and Komi agree to:

  1. maintain the confidentiality of the other party’s Confidential Information using the same degree of care used to protect its own Confidential Information; 
  2. not disclose, copy or modify Confidential Information without the owner’s prior written consent unless it is necessary to fulfil obligations under this Agreement or to comply with applicable laws or regulations, provided that the owner of Confidential Information has been notified before any disclosure has been made (if legally allowed); 
  3. only disclose the other party’s Confidential Information to employees, affiliates and professional advisers on a ‘need-to-know’ basis who are bound in writing to confidentiality obligations substantially similar to these; 
  4. promptly notify the owner upon becoming aware of any unauthorised use, disclosure, theft or loss of their Confidential Information; and; 
  5. upon written request from the owner, promptly return or destroy the owner’s Confidential Information and any copies in the receiving party’s possession. This obligation will not apply to Confidential Information a party is required to keep in order to comply with applicable laws and regulations, or to Confidential Information held securely in archival systems.

11.3 Exceptions: Confidential Information does not include information that:

  1. is in the public domain at the time of its disclosure; 
  2. is lawfully received by a third party free of any obligation of confidence at the time of its disclosure; 
  3. is independently developed by a party without access to or use of the other party’s Confidential Information; or; 
  4. was already in the possession of the receiving party prior to the owner’s disclosure.

11.4 Confidentiality Term: The confidentiality obligations of each party will continue for 2 years after the termination of this Agreement.

12. Anti-Bribery, Anti-Corruption, Modern Slavery, and Sanctions

12.1 Anti-Bribery and Anti-Corruption: Each party represents, warrants, and undertakes that it:

  1. complies, and shall continue to comply throughout the term of this Agreement, with all applicable anti-bribery and anti-corruption laws and regulations, including the UK Bribery Act 2010 and any equivalent applicable laws in other jurisdictions in which it operates; (2) has in place, and shall maintain, adequate procedures designed to prevent persons associated with it from engaging in any conduct that would constitute an offence under applicable anti-bribery laws; and; (3) has not made, offered, authorised, or accepted, and will not make, offer, authorise, or accept, any payment, gift, or other benefit to or from any government official, public body, or private individual in connection with this Agreement that would constitute bribery under applicable law.

Each party shall promptly notify the other upon becoming aware of any actual or suspected breach of this clause 19.1.

12.2 Modern Slavery: Each party represents, warrants, and undertakes that it:

  1. complies with the Modern Slavery Act 2015 and all other applicable laws relating to forced labour, compulsory labour, human trafficking, and child labour in the jurisdictions in which it operates; 
  2. does not knowingly use, and shall take reasonable steps to ensure that its supply chain does not use, forced, compulsory, trafficked, or child labour in connection with the performance of this Agreement; and; 
  3. shall notify the other party as soon as reasonably practicable upon becoming aware of any actual or suspected instance of modern slavery or human trafficking in connection with this Agreement or its supply chain.

12.3 Sanctions: Each party represents, warrants, and undertakes that it:

  1. is not, and is not directly or indirectly owned or controlled by, a person or entity that is the subject of sanctions administered by the United Kingdom (including the Office of Financial Sanctions Implementation (“OFSI”)), the European Union, the United States (including the Office of Foreign Assets Control (“OFAC”)), or any other applicable sanctions authority; 
  2. is not incorporated in, resident in, or operating from a country or territory that is subject to comprehensive sanctions administered by any applicable sanctions authority; 
  3. will not use, or permit the use of, the Platform in connection with any sanctioned person, entity, country, or territory, or in any manner that would cause either party to violate applicable sanctions laws; and; 
  4. shall notify the other party immediately upon becoming aware that it is, or may become, subject to sanctions, or if it has reason to believe that any transaction contemplated by this Agreement may involve a sanctioned person or entity.

Either party may immediately terminate this Agreement without liability to the other if the other party becomes a sanctioned person or entity, or if continuation of the Agreement would cause either party to violate applicable sanctions laws.

13. Warranties

13.1 The Client’s Warranties: The Client represents and warrants that The Client has all rights, title and interests to all data and information The Client upload to the Platform (The Client’s Content) and which we process in order to provide The Client with the Platform.

13.2 Our Warranties: We expressly warrant that we will:

  1. not knowingly include in the Platform any viruses or other malicious code that would cause intentional harm to a computer network or system, including security or user data (our “Security Warranty”); 
  2. use reasonable efforts in line with prevailing industry standards to maintain the Platform in a way that minimises errors and interruptions; and; 
  3. carry out any Platform services in a professional and workmanlike manner.

13.3 Security Warranty Remedy: If we fail to comply with the Security Warranty, The Client may notify us in writing with details of the breach and, within 30 days of receiving The Client’s notification, we will either correct that failure or provide The Client with a plan for how we intend to correct it. If the breach is not corrected or we do not provide a reasonably acceptable plan to correct it within that period, The Client may terminate this Agreement as The Client’s sole and exclusive remedy for our breach of the Security Warranty. For the avoidance of doubt, the liability cap in clause 9.1 shall not apply to claims brought solely under this clause 13.3 for breach of the Security Warranty, and the Client’s remedy is limited to termination as set out in this clause.

13.4 Maintenance: The Platform may be temporarily unavailable for maintenance (either scheduled or in an emergency), but we will use reasonable efforts to give The Client advance notice of any scheduled disruption.

13.5 Disclaimer of Warranties: The warranties set out in clause 13.2 are express warranties given by Komi and are not disclaimed by this clause 13.5. Except for those express warranties, and to the fullest extent permitted by applicable law, the Platform is provided “as is”. All implied warranties, conditions, terms or obligations, including any implied terms relating to merchantability, fitness for a particular purpose, ability to achieve a particular result or non-infringement, are excluded to the fullest extent legally permissible. Where Komi is found liable for breach of any of the express warranties in clause 13.2 (other than pursuant to the Security Warranty remedy in clause 13.3), such liability shall be subject to the cap in clause 9.1.

13.6 Compliance with Local Laws and Regulations: The Client will ensure that each of The Client’s advertisements, campaigns and promotions, and all Brand-Influencer Contracts, comply with all applicable laws and regulations, including without limitation the UK Non-broadcast Advertising and Direct Promotional Marketing Code (“CAP Code”); Consumer Rights Act 2015; Consumer Protection from Unfair Trading Regulations 2008 (“CPUT Regulations”); Direct Marketing Association code of conduct; Gambling Act 2005; UK GDPR and Data Protection Act 2018; Electronic Commerce (EC Directive) Regulations 2002; the EU Digital Services Act; the UK Online Safety Act 2023; and the Equality Act 2010, and in particular, that the Brand will not engage in or facilitate a commercial practice which is a misleading act or omission.

14. Indemnification and IP Infringement

14.1 The Client’s Indemnity: The Client will defend, indemnify and hold harmless us for all losses and liabilities resulting from:

  1. any third party claim that Content infringes that third party’s intellectual property rights; 
  2. The Client’s use of the Platform; 
  3. The Client’s breach of this Agreement; and; 
  4. any breaches made in connection with any Brand-Influencer Contract or the provisioning of Influencer Services of applicable laws, rules and regulations, including but not limited to the UK Non-broadcast Advertising and Direct Promotional Marketing Code (“CAP Code”); Consumer Rights Act 2015; Consumer Protection from Unfair Trading Regulations 2008 (“CPUT Regulations”); Direct Marketing Association code of conduct; Gambling Act 2005; UK GDPR and Data Protection Act 2018; Electronic Commerce (EC Directive) Regulations 2002; the EU Digital Services Act; the UK Online Safety Act 2023; the Equality Act 2010; U.S. sweepstakes and lottery laws; and the U.S. Federal Trade Commission’s Guides Concerning Use of Endorsements and Testimonials in Advertising.

14.2 Platform IP Infringement Remedies: Komi does not provide an indemnity to the Client in respect of third party intellectual property infringement claims. If we believe or are notified that the Platform, as supplied by us and used in accordance with this Agreement, may infringe a third party’s intellectual property rights, we may at our discretion:

  1. replace or modify the Platform so it is no longer infringing, provided that the Platform will still have substantially similar features and functionality; 
  2. obtain a licence for The Client to continue using the Platform; or; 
  3. terminate this Agreement by giving The Client written notice and refund The Client any prepaid, unused fees on a pro rata basis for the remainder of the applicable Service Term.

The remedies in this clause 14.2 are available only where the alleged infringement arises solely from the Platform as supplied by us, and do not apply where the alleged infringement relates to: 

(a) parts of the Platform made to The Client’s specifications or modified by The Client after delivery; 

(b) The Client’s combination of the Platform with other products, processes, or materials not supplied by us, where the infringement arises from that combination; or (c) The Client’s continued use of the Platform after we have notified The Client of the infringement and the steps required to avoid it.

14.3 Sole Remedy: The remedies in clause 14.2 represent The Client’s sole and exclusive recourse against Komi in respect of any claim that the Platform infringes a third party’s intellectual property rights. Komi’s total liability for any such claim remains subject to the liability cap in clause 15.1.

15. Liability

15.1 Liability Cap: Our total liability to The Client for direct losses under or in connection with this Agreement, whether in contract, tort (including negligence), breach of statutory duty, or otherwise, will not exceed the total amount of fees paid by The Client to us during the 12 months immediately preceding the date on which the claim arose.

15.2 Excluded Losses: Subject to clause 9.1, neither party shall be liable to the other under or in connection with this Agreement, whether in contract, tort (including negligence), breach of statutory duty, or any other legal or equitable theory, for any of the following categories of loss, to the extent that such loss is indirect or consequential:

  1. loss of revenues, profits, business, business opportunity, goodwill, or reputation, in each case to the extent that such loss is indirect or consequential; 
  2. loss of anticipated savings; or; 
  3. any punitive or exemplary damages.

For the avoidance of doubt, direct losses (including, where applicable, wasted expenditure and the reasonable cost of procuring substitute platform services) are not excluded by this clause 9.2 and shall be subject to the cap in clause 9.1.

15.3 Force Majeure: Komi shall not be liable if it is unable to perform, or is delayed in performing, any of its obligations (other than payment obligations) under this Agreement due to an event beyond its reasonable control. Komi shall promptly give notice to the Client of the event and shall use commercially reasonable efforts to promptly resume performance. See also clause 16.

16. Third Party Services

16.1 Third Party Services: The Platform may be supported by and operate with application programming interfaces and other third party services. We are not liable for any third party services, or the availability and operation of the Services to the extent they depend on them. The Client is responsible for obtaining any rights or licences necessary for The Client’s access to third party services and for complying with their terms.

17. Force Majeure

Neither party shall be liable for any failure to perform its obligations (other than payment obligations) where such failure is as a result of Acts of God (including fire, flood, earthquake, storm, hurricane, or other natural disasters), war, invasion, act of foreign enemies, hostilities (whether war is declared or not), civil war, rebellion, revolution, insurrection, military or usurped power, or confiscation, terrorist activities, nationalisation, government sanction, block, blockage, embargo, labour dispute, strike, lockout, or interruption or failure of electricity or telephone service. Payment obligations of either party are not excused by a force majeure event.

18. Duration and Termination

18.1 Term: This Agreement will continue for the Term set out in the Order Form, unless it is terminated earlier in line with this Agreement.

18.2 Termination for Cause: Either party may terminate this Agreement immediately by giving written notice to the other if the other party:

  1. commits a material breach of this Agreement incapable of remedy, or if it is capable of remedy, fails to remedy it within 30 days of being notified of the breach; or; 
  2. becomes subject to, or is reasonably likely to become subject to, an insolvency, bankruptcy, administration, receivership or other similar event.

18.3 Survival: Any terms which are intended to survive termination of this Agreement will remain in full force and effect.

19. General Terms

19.1 Publicity: The Client agrees that we may disclose that The Client is one of our customers in our advertising or promotional material. We may request The Client’s participation in a case study about The Client’s use of our Platform, which we may use and distribute for our advertising and promotional materials.

19.2 Assignment: We may assign, sub-contract or transfer any of our rights under this Agreement without The Client’s consent. The Client may not assign, sub-contract or transfer any rights or obligations under this Agreement without our prior written consent.

19.3 Amendments: Any amendments to this Agreement must be in writing and signed by an authorised representative of each party.

19.4 Severance: If any provision of this Agreement is held invalid, illegal or unenforceable, that provision will be deleted without affecting the rest of the Agreement.

19.5 Entire Agreement: The Agreement constitutes the entire agreement between the parties and supersedes all prior discussions and agreements relating to the subject matter.

19.6 Notices: Any notice given under this Agreement must be in writing, signed by a party’s authorised representative, delivered by hand or post to the other party’s registered office (or other address specified by the other party for that purpose) and will be considered received:

  1. at the time of delivery, if delivered by hand; or; 
  2. 48 hours after posting, if delivered by post.

19.7 No Partnership or Agency: Nothing in this Agreement is intended to create a partnership or legal relationship of any kind. Each party confirms it is acting on its own behalf and not for the benefit of any other person or entity.

19.8 Third Parties: No one other than a party to this Agreement has the right to enforce any of its terms.

19.9 Accrued Rights and Liabilities: Termination or expiry of this Agreement will not affect any rights or liabilities that have accrued up to the date of expiry.

19.10 No Waiver: If a party fails to enforce a right under this Agreement, that is not a waiver of that right at any time.

19.11 Equitable Relief: The parties may seek injunctive relief or specific performance to enforce their rights under this Agreement in addition to other remedies.

19.12 Governing Law: Each party irrevocably agrees that the courts of England and Wales shall have exclusive jurisdiction to settle any dispute or claim (including non-contractual disputes or claims) arising out of or in connection with this Agreement or its subject matter or formation.

19.13 Non-Solicitation: During the term of this Agreement and for 12 months thereafter, The Client shall not directly or indirectly, without Komi’s prior written consent, solicit, induce, recruit, negotiate with, or enter into any agreement with any Influencer on Komi with respect to the provision of any goods or services by the Influencer except via the Platform.

Schedule 1: Data Processing Addendum

This Data Processing Addendum (including all Schedules attached hereto, the “DPA”) is incorporated into, and is subject to the terms and conditions of, the Komi Brand Terms (“Agreement”) between Komi App Limited (“Company”) and the entity identified as the Client in the Agreement (“Client”). This DPA applies to the extent Company’s Processing of Consumer Personal Data is subject to the Data Protection Laws. This DPA shall be effective for the term of the Agreement.

1. Definitions

  1. “Controller” means the entity which determines the purposes and means of the Processing of Personal Data.; 
  2. “Consumer Personal Data” means the Personal Data described under Schedule 2 to this DPA, being personal data relating to individuals who are members of the audience targeted or reached through influencer campaigns facilitated through the Platform.; 
  3. “Data Protection Laws” means all laws and regulations, including laws and regulations of: (i) the European Union, the European Economic Area and their member states, Switzerland and the United Kingdom; (ii) the United States (including, but not limited to the California Consumer Privacy Act as amended by the California Privacy Rights Act (“CCPA”)); and (iii) any other jurisdiction in which the parties operate, all of (i)–(iii) applicable to the Processing of Personal Data under the Agreement.; 
  4. “Data Subjects” means the individuals identified in Schedule 2.; 
  5. “EU SCCs” means the Standard Contractual Clauses approved with Commission Implementing Decision (EU) 2021/914 of June 4, 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council, as amended, supplemented, updated or replaced from time to time.; 
  6. “GDPR” means the General Data Protection Regulation (EU) 2016/679 together with any national implementing laws in any member state of the EEA (“EU GDPR”) and the EU GDPR as incorporated into the laws of the United Kingdom (“UK GDPR”).; 
  7. “Personal Data” and “Processing” will each have the meaning given to them in the Data Protection Laws. The term “Personal Data” includes “personal information”, “personally identifiable information”, and equivalent terms as such terms may be defined by the Data Protection Laws.; 
  8. “Personal Data Breach” means a material breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to Consumer Personal Data.; 
  9. “Processor” means the entity which Processes Personal Data on behalf of the Controller.; 
  10. “Sell” has the meaning given in the Data Protection Laws.; 
  11. “Service” means the Platform Services provided by Company to Client pursuant to the Agreement.; 
  12. “Share” has the meaning given in the CCPA.; 
  13. “UK Addendum” means the International Data Transfer Addendum to the EU SCCs, issued by the UK Information Commissioner for parties making restricted transfers, which entered into force on 21 March 2022.

Capitalised terms not otherwise defined herein shall have the meaning given to them in the Agreement.

2. Processing of Consumer Personal Data

  1. The details of Company’s Processing of Consumer Personal Data are described in Schedule 2.; 
  2. Company will only Process Consumer Personal Data as a Processor on behalf of and in accordance with Client’s prior written instructions, including any instructions provided through Client’s use of the Service. Client hereby instructs Company to Process Consumer Personal Data to the extent necessary to provide the Service as set forth in the Agreement and this DPA. Company shall not (1) retain, use, or disclose Consumer Personal Data other than as provided for in the Agreement, as needed to provide the Service, or as otherwise permitted by Data Protection Laws; (2) retain, use, or disclose Consumer Personal Data outside of the direct business relationship between Client and Company, including by combining Consumer Personal Data with Personal Data Company receives from third parties, other than Client, except as permitted by the Data Protection Laws; or (3) Sell or Share Consumer Personal Data. Upon notice to Company, Client may take reasonable and appropriate steps to remediate Company’s use of Consumer Personal Data in violation of this DPA.; 
  3. Company will immediately inform Client if, in its opinion, an instruction from Client infringes the Data Protection Laws. If applicable laws preclude Company from complying with Client’s instructions, Company will inform Client of its inability to comply with the instructions, to the extent permitted by law.; 
  4. Each of Client and Company will comply with their respective obligations under the Data Protection Laws. Company shall notify Client if it determines that it cannot meet its obligations under the Data Protection Laws. Client has the right to take reasonable steps to ensure that Company uses Consumer Personal Data in a manner consistent with Client’s obligations under Data Protection Laws by exercising Client’s audit rights in Section 10.

3. Cross-Border Transfers of Personal Data

  1. EEA transfers: With respect to Consumer Personal Data originating from the European Economic Area (“EEA”) that is transferred from Company to Client in a country outside of the EEA, to the extent required under Data Protection Law, the parties agree to comply with “Module Four” (Processor to Controller) of the EU SCCs, which are incorporated herein by reference, with Company as the “data exporter” and Client as the “data importer.” For purposes of the EU SCCs, the parties agree that Clause 17 (Option 1) applies and the EU SCCs shall be governed by the law of Ireland. In Clause 18(b), the parties agree to submit to the jurisdiction of the courts of Ireland.
  2. UK transfers: With respect to Consumer Personal Data originating from the United Kingdom, the parties agree to comply with the UK Addendum to the EU SCCs in addition to the EU SCCs. The UK Addendum is incorporated herein by reference, with Company as the “data exporter” and Client as the “data importer.” In the event of any conflict between the UK Addendum and the EU SCCs, the UK Addendum shall prevail in respect of UK transfers.
  3. For purposes of the EU SCCs and UK Addendum the parties further agree that:
  1. In Clause 7, the optional docking clause will not apply.
  2. In Clause 11, the optional language will not apply.
  3. For the purposes of Clause 15(1)(a), Company shall notify Client and/or Client (only) and not the Data Subject(s) in case of government access requests and Client and/or Client shall be solely responsible for promptly notifying the affected Data Subjects as necessary.
  4. In Annex I, Section A (List of Parties): (i) the Company is the data exporter and Client is the data importer; (ii) Client is a Controller, and Company is a Processor; (iii) the activities relevant to the data transferred under the EU SCCs relate to the provision of the Platform Services pursuant to the Agreement; and (iv) entering into this DPA shall be treated as each party’s signature of Annex I, Section A, as of the effective date of this DPA.
  5. In Annex I, Section B (Description of Transfer): (i) Schedule 2 to this DPA describes Company’s Processing of Consumer Personal Data; (ii) the frequency of the transfer is continuous (for as long as Client uses the Service); (iii) Consumer Personal Data will be retained in accordance with Clause 8.5 of the EU SCCs and this DPA.
  6. In Annex I, Section C (Competent Supervisory Authority), the competent supervisory authority is identified in accordance with Clause 13 of the EU SCCs.

4. Confidentiality and Security

  1. Company will require Company’s personnel who access Consumer Personal Data to commit to protect the confidentiality of Consumer Personal Data.; 
  2. Company will implement commercially reasonable technical and organisational measures that are designed to protect against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Consumer Personal Data.; 
  3. To the extent required by Data Protection Laws, Company will provide Client with reasonable assistance as necessary for the fulfilment of Client’s obligations under Data Protection Laws to maintain the security of Consumer Personal Data.

5. Sub-Processing

  1. Client agrees that Company may engage Sub-Processors to Process Consumer Personal Data on Client’s behalf. Company’s current list of Sub-Processors is available at https://komi.io/privacy-policy.pdf (the “Sub-Processor List”).; 
  2. Company will impose on its Sub-Processors substantially the same data protection obligations that apply to Company under this DPA. Company will be liable to Client for its Sub-Processors’ acts or omissions as it would be for its own.; 
  3. The parties agree that the copies of the Sub-Processor agreements that must be provided by Company to Client pursuant to the SCCs, if applicable, may have commercial information or clauses unrelated to the SCCs removed by Company beforehand; and that such copies will be provided by Company, in a manner to be determined in its discretion, only upon Client’s written request.

6. Data Subject Rights

Client is responsible for responding to any Data Subject requests relating to Consumer Personal Data (“Requests”). If Company receives any Requests during the term, Company will advise the Data Subject to submit the request directly to Client. Company will provide Client with self-service functionality or other reasonable assistance to permit Client to respond to Requests.

7. Personal Data Breaches

Upon becoming aware of a Personal Data Breach affecting Consumer Personal Data, Company will (i) promptly take measures designed to remediate the Personal Data Breach and (ii) notify Client without undue delay. Client is solely responsible for complying with Personal Data Breach notification requirements applicable to Client. Client may request that Company reasonably assist Client’s efforts to notify Personal Data Breaches to the competent data protection authorities and/or affected Data Subjects, if Client is required to do so under the Data Protection Laws. Company’s notice of or response to a Personal Data Breach under this Section 7 will not be an acknowledgement or admission by Company of any fault or liability with respect to the Personal Data Breach.

8. Data Protection Impact Assessment; Prior Consultation

Client may request reasonable assistance from Company in connection with conducting data protection impact assessments and consultation with data protection authorities if Client is required to engage in such activities under applicable Data Protection Laws and the data protection impact assessment or consultation relates to the Processing by Company of Consumer Personal Data.

9. Deletion of Consumer Personal Data

Client instructs Company to delete Consumer Personal Data within 90 days of the termination of the Agreement and delete existing copies unless applicable law requires otherwise. The parties agree that the certification of deletion described in the SCCs, if applicable, shall be provided only upon Client’s written request. Notwithstanding the foregoing, Company may retain Consumer Personal Data to the extent and for the period required by applicable laws, provided that Company maintains the confidentiality of all such Consumer Personal Data and Processes such Consumer Personal Data only as necessary for the purpose(s) specified in the applicable laws requiring its storage.

10. Audits

  1. Client may audit Company’s compliance with its obligations under this DPA up to once per year. In addition, Client may perform more frequent audits (including inspections) in the event: (1) Company suffers a Personal Data Breach affecting Consumer Personal Data; (2) Client has genuine, documented concerns regarding Company’s compliance with this DPA or the Data Protection Laws; or (3) where required by the Data Protection Laws, including where mandated by regulatory or governmental authorities with jurisdiction over Consumer Personal Data. Company will contribute to such audits by providing Client or Client’s regulatory or governmental authority with the information and assistance reasonably necessary to conduct the audit, including any relevant records of Processing activities applicable to the Service.; 
  2. To request an audit, Client must submit a detailed proposed audit plan to [email protected] at least one month in advance of the proposed audit start date. The proposed audit plan must describe the proposed scope, duration, start date of the audit, and the identity of any third party Client intends to appoint to perform the audit. Company will review the proposed audit plan and provide Client with any concerns or questions. The parties will negotiate in good faith to agree on a final audit plan at least two weeks in advance of the proposed audit start date. Nothing in this Section 10 shall require Company to breach any duties of confidentiality.; 
  3. Company may object to third party auditors that are, in Company’s reasonable opinion, not suitably qualified or independent, a competitor of Company, or otherwise manifestly unsuitable. Client will appoint another auditor or conduct the audit itself if the parties cannot resolve Company’s auditor objection after negotiating in good faith.; 
  4. If the requested audit scope is addressed in an SSAE 18/ISAE 3402 Type 2, ISO, NIST or similar audit report performed by a qualified third party auditor on Company’s systems that Process Consumer Personal Data (“Audit Reports”) within twelve (12) months of Client’s audit request and Company confirms there are no known material changes in the controls audited, Client agrees to accept the Audit Report in lieu of requesting an audit of the controls covered by the Audit Report.; 
  5. The audit must be conducted at a mutually agreeable time during regular business hours at the applicable facility, subject to the agreed final audit plan and Company’s health and safety or other relevant policies. The audit may not unreasonably interfere with Company business activities.; 
  6. Any audits are at Client’s expense and Client will promptly disclose to Company any perceived non-compliance or security concerns discovered during the audit, together with all relevant details.; 
  7. The parties agree that the audits described in the SCCs, if applicable, shall be performed in accordance with this Section 10.

11. Liability

  1. Each party’s liability towards the other party under or in connection with this DPA will be limited in accordance with the provisions of the Agreement.; 
  2. Client acknowledges that Company is reliant on Client for direction as to the extent to which Company is entitled to Process Consumer Personal Data on behalf of Client in performance of the Service. Consequently, Company will not be liable under the Agreement for any claim brought by a Data Subject arising from (a) any action or omission by Company in compliance with Client’s instructions or (b) from Client’s failure to comply with its obligations under the Data Protection Laws.

12. General Provisions

With regard to the subject matter of this DPA, in the event of inconsistencies between the provisions of this DPA and the Agreement, the provisions of this DPA shall prevail. In the event of inconsistencies between the DPA and the SCCs or UK Addendum, the SCCs or UK Addendum (as applicable) will prevail.

Schedule 2: Details of Processing

  1. Categories of Data Subjects. Individuals who are members of the audience targeted, reached, or engaged through influencer campaigns facilitated by the Platform (“Consumers”), including individuals who interact with influencer content distributed via the Platform.
  2. Types of Personal Data. The following categories of personal data, to the extent provided to or collected by Company in connection with the provision of the Platform Services:

Contact and identity data: names, email addresses, phone numbers, and postal addresses; Online identifiers: IP addresses, cookie identifiers, device identifiers, and social media handles or profile identifiers; Demographic data: age range, gender, and general location data (at country or region level); Engagement and behavioural data: interactions with influencer content, campaign engagement metrics (including clicks, views, and conversions), and audience reach data; Marketing and consent data: marketing preferences, communication opt-in or opt-out records, and consent records; such other personal data as Consumers provide, or as is reasonably necessary, in connection with influencer campaigns facilitated through the Platform.

  1. Subject-Matter and Nature of the Processing. Consumer Personal Data will be subject to Processing activities including collection, storage, organisation, analysis, and reporting, as Company reasonably requires in order to provide the Platform Services pursuant to the Agreement. This includes the generation of campaign performance analytics and audience reporting made available to Client through the Platform.
  2. Purpose of the Processing. Company will Process Consumer Personal Data for the purpose of providing the Platform Services as set out in the Agreement, including facilitating influencer campaigns, generating campaign analytics and reporting, and enabling Client to measure the performance of Influencer Services.
  3. Duration of the Processing. Consumer Personal Data will be Processed for the duration of the Agreement and, following termination or expiry, for the period specified in clause 9 of this DPA (deletion within 90 days of termination), or for such further period as may be required by applicable law.

These Brand Terms were last updated in March 2026.