about

Terms & Conditions

Master Service Agreement

Last updated March 17, 2022

The Services Agreement (the “Agreement”) is entered into on {Date] (the “Effective Date”) between of (“the Customer”) and Great Question Inc, of 2261 Market Street #4639, San Francisco, California, 94114, USA (the “Vendor” or “Great Question”). 

This Agreement sets forth the terms pursuant to which the Customer will be permitted to use certain of Great Question’s web-based services to the extent identified in an applicable Service Order (the “Services”). If Customer has signed a Master Services Agreement with Great Question that differs from this Agreement, that signed Master Services Agreement will apply in place of this Agreement.

Definitions

In this Agreement, a reference to:

  1. Service Order means an applicable order referencing this Agreement, including without limitation, any order placed through the Great Question website.
  2. Users means any person or entity to whom you provide access to our Services, including any administrators or managers of your account or communication recipients;
  3. Customer Data means any content or data that you or your Users submit or transfer to Great Question using the Services; and
  4. Reports means any reports or analysis generated through the Great Question platform.

As the Customer, you agree to this Agreement by submitting one or more Service Orders. By submitting an applicable Service Order, you represent that you have the authority to bind your organization, if applicable, to the terms of this Agreement. 

1. Services

1.1 GREAT QUESTION SERVICE

During the Term, we will provide you with access to, and use of, the Services ordered by you as described in your Service Order(s). You may order additional services at any time by contacting our Customer Success team or by submitting a subsequent Service Order through our website. We will invoice you for any additional services you order after the start of the Term at the time those additional Services are ordered.

1.2 CHANGES TO SERVICES

We continually change and improve our Services. Great Question may alter the Services at any time without prior notice. We will endeavor to provide you with prior notice if we make a change to the Services resulting in an overall material decrease in functionality of the Services. If we do make a change that results in a material decrease in functionality, you may terminate your Subscription under clause 8.4.

1.3 SUSPENSION OF SERVICES

We may limit or suspend the Services from time to time at our discretion (for example, to perform scheduled maintenance or in the event of a security emergency). If Great Question limits or suspends the Services, we will endeavor to give you reasonable advance notice so that you can plan around it. However, there may be some situations, such as security emergencies, where it may not be practicable for us to give you advance notice. We will use commercially reasonable efforts to narrow the scope and duration of the suspension or limitation as is needed to resolve the issue that prompted such action.

​We may suspend your access to or use of the Services following thirty (30) days’ written notice if Customer is in material breach of this Agreement or any Service Order (including but not limited to Customer’s failure to pay Great Question the fees).

1.4 THIRD PARTY SERVICES

If you use any third party service with the Services (for example, Zoom, Slack or Zapier integrations or a web browser), you acknowledge that third party service may access or use the Customer Data. Great Question will not be responsible for any act or omission of the third party, including such third party’s use of Customer Data. Great Question does not warrant or support any such third party service, and you should contact that third party for any issues arising from your use of the third party service.

1.5 EARLY ACCESS, EVALUATION OR BETA SERVICES

If an applicable Service Order indicates that the Service is provided for evaluation, beta, or early access purposes, or is otherwise provided at no charge to the Customer, those Services are provided on an “AS IS” basis, without indemnification, support, or warranty of any kind, express or implied.

2. Fees and Payments

2.1 FEES FOR SERVICES

Great Question Services are billed on a subscription basis (Subscription) and you will be billed in advance on a recurring, periodic basis (called a Billing Cycle). The Billing Cycle for your Subscription is outlined in the Service Order.

You agree to pay Great Question any fees for each Service you purchase or use, in accordance with the pricing and payment terms presented to you for those Services in the Service Order. Except as indicated in this Agreement or required by law, fees paid by you are not refundable.

2.2 PRICE CHANGES AND USER INCREASES

Great Question may change its fees for Services at any time. Except where you exceed the User limit indicated in a Service Order, any changes to fees will apply from the start of your next Subscription Term.

If your use of the Services during a Billing Cycle exceeds the User limit indicated in the Service Order, we may charge you for the additional Users on a pro rata basis for the remainder of that Billing Cycle.

2.3 PAYMENT METHODS

You authorize us to charge for fees using the payment method indicated in the Service Order. Unless otherwise agreed, payments for invoices are due 30 days after the invoice date. If you elect to pay by credit card, debit card, or any other billing method that supports automatic recurring payments, we will initially attempt to charge you using that billing method when payment is due, and payments will be considered overdue if payment is not received within 30 days of that due date. If Great Question is required to initiate legal action due to non-payment of fees, Customer shall bear all costs resulting from the collection of such fees. You agree to keep your billing and billing contact information current and accurate.

2.4 INTEREST

Overdue payments may incur interest at the rate of 1.5% per month (or the highest rate permitted by law, if less) on the amount overdue, from the date that the relevant payment was due until that payment has been received. You will be responsible for all reasonable expenses (including lawyers’ fees) incurred by Great Question in collecting such overdue amounts, except where:

  1. the overdue amounts are due to Great Question’s billing inaccuracies; or
  2. you have sought to resolve a dispute using the dispute resolution process in clause 13.1 and that process is still active.

2.5 TAXES

Unless stated otherwise in the Service Order, all fees for Services exclude sales tax, GST, VAT, or other similar taxes. Except for any income taxes payable by Great Question, you are responsible for all other taxes or duties payable under applicable law relating to the Services provided under this Agreement, including any penalties or interest. If Great Question is required to collect or pay any taxes on your behalf, we will invoice you for those taxes unless you provide us with valid evidence that no tax should be invoiced.

3 Data Protection

3.1 PRIVACY

In the course of using the Services, you or your Users may transfer to us Customer Data containing personal data. You agree and consent to the use, transfer, processing, and storage of Customer Data in accordance with this Agreement.

If you or your Users are based in the European Union while using our Services, we will process your personal information as a data processor on your behalf. In this case, you will be considered to be the data controller of the personal information as defined in Article 4(7) of the EU General Data Protection Regulation 2016/679 (GDPR) and the EU e-Privacy Directive (Directive 2002/58/EC).

Under no circumstances will any entity in the Great Question group be deemed a data controller with respect to Customer Data under any relevant law or regulation.

3.2 SECURITY

Great Question will store and process Customer Data in a manner consistent with industry security standards. Great Question has implemented technical, organizational, and administrative systems, policies, and procedures to help ensure the security, integrity, and confidentiality of Customer Data and to mitigate the risk of unauthorized access to or use of Customer Data.

3.3 DISASTER RECOVERY

Great Question will retain backup copies of Customer Data made in the ordinary course of business by Great Question, for the purpose of enabling appropriate disaster recovery practices. Despite any other term in this Agreement, Great Question will retain these backups for a period of up to 90 days from the time that each backup copy is generated. Thereafter, Customer agrees and acknowledges that Customer Data will be irretrievably deleted from backups.

4 Confidentiality

4.1 CONFIDENTIAL INFORMATION DEFINITION

In this Agreement, Confidential Information means any information disclosed by a party (the Discloser) to the other party (the Recipient) in connection with the use of the Services that is marked confidential or would reasonably be considered as confidential under the circumstances. Customer Data is the Customer’s Confidential Information. Confidential Information does not include any information that:

  • is or becomes public through no fault of the Recipient;
  • the Recipient already lawfully knew;
  • was rightfully given to the Recipient by a third party free of any confidentiality duties or obligations; or
  • was independently developed by the Recipient without reference to the Discloser’s Confidential Information as demonstrated by documentary evidence.

4.2 CONFIDENTIALITY OBLIGATIONS

The Recipient must:

  1. protect the Discloser’s Confidential Information using commercially reasonable efforts and no less than the same efforts it uses to protect its own Confidential Information;
  2. not disclose the Discloser’s Confidential Information, except to affiliates, employees, directors, contractors, agents, and professional advisors of the Recipient who need to know it and who have agreed in writing to keep it confidential;
  3. only use the Discloser’s Confidential Information to exercise its rights and fulfil its obligations under this Agreement; and
  4. ensure that its affiliates, employees, directors, contractors, agents and professional advisors only use the Discloser’s Confidential Information to exercise its rights and fulfill its obligations under this Agreement.

4.3 COMPELLED DISCLOSURE

The Recipient may disclose the Discloser’s Confidential Information to the extent required by law or legal process, but only after it, if permitted by law:

  1. uses commercially reasonable efforts to notify the Discloser in writing;
  2. gives the Discloser the opportunity to challenge the requirement to disclose; and
  3. cooperates with the Discloser if the Discloser seeks an appropriate protective order.

4.4 NON-DISCLOSURE AGREEMENTS

The provisions of this clause 4 will supersede any non-disclosure agreement between the Parties and such agreement will have no further force or effect.

5 Intellectual Property

5.1 INTELLECTUAL PROPERTY RIGHTS DEFINITION

In this Agreement, Intellectual Property Rights means any and all present and future intellectual and industrial property rights, including any registered or unregistered forms of copyright, designs, patents, trade marks, service marks, domain names, good will and any commercial information. Intellectual Property Rights also include any application or right to apply for registrations of any of these rights, any rights protected or recognized under any laws throughout the world, related to these rights, and anything copied or derived from such property or rights.

5.2 CUSTOMER INTELLECTUAL PROPERTY RIGHTS

You retain all ownership and Intellectual Property Rights to Customer Data. Great Question does not claim ownership over any Customer Data. This Agreement does not grant us any licenses or rights to Customer Data except for the licenses granted in clauses 5.3 and 5.4 below, or as otherwise required for us to provide the Services to you or your Users.

5.3 LICENSE FOR THE SERVICES

For the Term of this Agreement, you grant Great Question a worldwide, royalty free license to use, reproduce, distribute, modify, adapt, create derivative works, or archive Customer Data for the purposes of providing the Services to you as contemplated by this Agreement.

Subject to the receipt of all applicable fees, we grant you a limited, non-exclusive, non-transferable, non-assignable and non-sublicencable license to use any Reports, Great Question Library Content and Customer Library Content which you can (and are authorised to) export or send through the functionality of the Services for your internal purposes (in each case subject to any Confidentiality Notices).

5.4 LICENSE FOR SERVICE IMPROVEMENT

You grant Great Question a worldwide, royalty free license to use, reproduce, distribute, modify, adapt, create derivative works, archive, or otherwise use Customer Data for the purposes of improving Great Question’s products and services, and creating de-identified aggregated data (“Data Sets”). Data Sets may be made publicly available and may be used after termination of this Agreement provided that such Data Sets cannot directly or indirectly identify the Customer or its Users.

5.5 CUSTOMER DATA REVIEW

You acknowledge that, in order to ensure compliance with legal obligations, Great Question may be required to review certain content submitted to the Services to determine whether it is illegal or whether it violates this Agreement (such as when unlawful conduct or content is reported to us). We may also prevent access to or refuse to display content that we reasonably believe violates the law or this Agreement. However, Great Question otherwise has no obligations to monitor or review any content submitted to the Services by you or any other person.

5.6 CUSTOMER FEEDBACK

If you provide us with any feedback associated with the Services, Great Question may use that feedback without any obligation to you.

5.7 CUSTOMER LISTS

Great Question may identify you (by name and logo) as a Great Question customer in promotional materials or during promotional events. If you do not want your name and/or logo to be used in this way, please contact our Customer Success team.

5.8 GREAT QUESTION INTELLECTUAL PROPERTY RIGHTS

Nothing in this Agreement or from your use of the Services grants you:

  • ownership in the Services or the content (including Reports, Great Question Library Content) you access through the Services (other than Customer Data); and
  • any right to use any Great Question trade marks or other Intellectual Property Rights contained in our brand identity.

Great Question will continue to own all right, title, and interest in and to the Services and the systems and networks used to provide such Services, including all system-generated data (e.g. dashboard data, Great Question Library Content or Reports), modifications, improvements, upgrades, derivative works, and all 

intellectual property rights in and to any of the foregoing. Except for the express rights granted herein, we do not grant you any other licenses, express or implied, to any of our intellectual property including software, services, or products.

5.9 PLATFORM SUB-PROCESSORS

You agree that Great Question and the third-party service providers that are utilized by Great Question to assist in providing the Services to you have the right to access your account and to use, modify, reproduce, distribute, display and disclose Customer Data to the extent necessary to provide or improve or deliver the Services, including, without limitation, in response to your or your Users’ support requests.

Any third-party service providers utilized by Great Question will only be given access to your account and Customer Data as is reasonably necessary to provide the Services and will be subject to: (i) confidentiality obligations which are substantially consistent with the standards described in this Agreement; and (ii) their agreement to comply with the data transfer restrictions applicable to personal information as set forth in this Agreement.

6. Account Management

6.1 ACCOUNT SECURITY AND ACCESS

You are responsible for safeguarding any passwords or other credentials used to access your account. Administrator or manager accounts may not be shared and may only be used by one individual per account. You are responsible for any activity occurring in your account (other than activity that Great Question is directly responsible for and is not performed in accordance with your instructions), whether or not you authorized that activity. If you become aware of any unauthorized access to, or use of, your account, you should immediately notify our Customer Success team.

6.2 CUSTOMER SYSTEMS

You are responsible for maintaining and updating your operating systems, Internet browsers, anti-virus software, or other software that you or your Users use to access and use the Services.

7 Customer Obligations

7.1 LEGAL COMPLIANCE

You must use the Services in compliance with, and only as permitted by, your internal company rules and any applicable law. If your use of the Services requires you to comply with industry-specific regulations applicable to such use, you will be solely responsible for such compliance. You must not use the Services in a way that would subject Great Question to any industry-specific regulations (for example, the Children’s Online Privacy Protection Act, the Payment Card Industry Data Security Standard or the Health Insurance Portability and Accountability Act). You acknowledge and agree that we are not responsible for any liabilities arising from your violation of this restriction.

7.2 UNACCEPTABLE USES

You are responsible for your conduct and the conduct of your Users. You must ensure that you and your Users do not:

  1. misuse the Services by interfering with their normal operation, or attempting to access them using a method other than through the interfaces and instructions we provide;
  2. circumvent or attempt to circumvent any limitations that Great Question imposes on your account (such as any User limits in a Service Order);
  3. probe, scan, or test the vulnerability of any Great Question system or network, unless with prior written authorization of Great Question;
  4. decipher, decompile, disassemble, translate, create derivative works, reverse engineer or otherwise attempt to reconstruct, identify or discover any source code, algorithms, underlying ideas or underlying user interface techniques in the Services or any of the software used to provide the Services, or attempt to do so;
  5. directly or indirectly identify a User contrary to the terms of any Confidentiality Notice or other privacy setting, or attempt to do so;
  6. transmit any viruses, malware, or other types of malicious software, or links to such software, through the Services;
  7. engage in abusive or excessive use of the Services, which is usage significantly in excess of average usage patterns that adversely affect the speed, responsiveness, stability, availability, or functionality of the Services for other customers and their users. Great Question will endeavor to notify you of any abusive or excessive usage to provide you with an opportunity to reduce such usage to a level acceptable to Great Question;
  8. use the Services to infringe the Intellectual Property Rights of others, or to commit any unlawful activity;
  9. attempt to circumvent any license, timing or use restrictions that are built into the Services; or
  10. unless authorized in writing by Great Question, lend, resell, lease or sublicense or otherwise use the Services for the benefit of a third party.

7.3 USERS

You must:

  1. ensure that your Users comply with this Agreement, as applicable;
  2. obtain any consents required from each User to allow you and the administrators or managers of your account to engage in the activities contemplated by this Agreement, as required by applicable law;
  3. obtain any consents required from each User to allow Great Question to provide the Services, as required by applicable law;
  4. not provide any person under the age of 16 with access to the Services, unless otherwise permitted by applicable law.

7.4 SUSPENSION OF USERS

If a User breaches this Agreement or uses the Services in a manner that Great Question reasonably believes will cause Great Question liability or disrupt others’ use of the Services, then Great Question may request that you suspend or close the applicable User account until the breach has been cured or the use in such manner has stopped. If you fail to comply with such request, then Great Question may suspend or close the applicable User account.

8 Term and Termination

8.1 TERM

This Agreement begins on the date you sign a Service Order or first use the Services (whichever is earlier), and continues until your relevant Subscription ends or otherwise terminates, or if this Agreement is terminated (the “Term”).  Unless otherwise specified on your Service Order, each Service Order will automatically renew for subsequent subscription terms of equal length to the initial subscription term, unless either party notifies the other party of non-renewal at least thirty (30) days prior to the end of the then-current subscription term.  Fee increases of 5% or less in a given renewal term may be made by Great Question and will be binding on Customer if reflected on Great Question’s invoice or credit card transaction for such renewal term.  Great Question will notifying you of any price increases in excess of 5% at least sixty (60) days prior to the end of the applicable subscription term, and if the increase is not acceptable to you, you may elect not to renew by giving notice of non-renewal as set forth above.

8.2 TERMINATION WITHOUT CAUSE

Great Question may terminate this Agreement for any reason by providing at least 90 days’ written notice to you and will provide a pro rata refund of any fees prepaid by you applicable to the period following the termination of this Agreement.

If your Service Order states that your Subscription will not auto-renew, then your Subscription will terminate at the end of the Subscription Term for that particular Service with no further action required by you.

8.3 TERMINATION FOR CAUSE

Each party may suspend performance or terminate this Agreement if the other party:

  1. is in material breach of this Agreement and fails to cure that breach within 30 days after receipt of written notice; or
  2. ceases its business operations or becomes subject to insolvency proceedings and the proceedings are not dismissed within 90 days. Great Question may terminate this Agreement if any payment owed by you to Great Question is more than 30 days overdue.

8.4 TERMINATION FOR MATERIAL DECREASE IN FUNCTIONALITY

If we make a change to the Services resulting in an overall material decrease in functionality of the Services, you may terminate this Agreement immediately by providing notice to Great Question. Upon receiving notice of termination from you, Great Question will provide you with a pro rata refund of any fees prepaid by you applicable to the period following the termination of this Agreement.

8.5 CONSEQUENCES OF TERMINATION

If this Agreement is terminated:

  1. by you due to breach by Great Question, we will provide you with a pro rata refund for any fees prepaid by you applicable to the period following the termination of this Agreement; or
  2. by Great Question due to breach by you, we will bill you, and you will pay, for any accrued but unbilled fees, and you will remain liable to pay any invoices outstanding on the termination date.

In no event will expiration or termination of this Agreement relieve you of any fees payable for the period prior to the date of termination.

8.6 DATA EXPORTS

We may assist you to export any Customer Data that existed in your account at the time of termination, provided you make such request before the end of your Subscription Term. However, we do not guarantee that all Customer Data will be able to be exported and only Customer Data that is permitted to be transferred to you within the terms of any applicable Confidentiality Notice or other privacy setting will be transferred to you. Upon Customer’s written request, Great Question will delete all Customer Data from its production environments.

9. Warranties

9.1 WARRANTIES

Each party represents and warrants that:

  1. it has full power and authority to enter into this Agreement; and
  2. it will comply with all laws and regulations applicable to its provision or use of the Services.

10. Indemnities

10.1 BY CUSTOMER

You will indemnify, defend, and hold harmless Great Question and its affiliates from and against all liabilities, damages, and costs (including settlement costs and reasonable lawyers’ fees) arising out of a third party claim regarding or in connection with:

  1. Customer Data (including claims of Intellectual Property Rights infringement);
  2. your use of the Services in breach of this Agreement; or
  3. your Users’ use of the Services in breach of this Agreement.

10.2 BY GREAT QUESTION

Great Question will indemnify, defend, and hold you harmless from and against all liabilities, damages, and costs (including settlement costs and reasonable attorneys’ fees) arising out of a third party claim that the technology used to provide the Services to you infringes any Intellectual Property Rights of such third party. However, in no event will Great Question have any obligations or liability under this clause arising from:

  1. use of any Services in a modified form or in combination with materials not furnished or authorized by Great Question;
  2. any content or data provided by you, your Users, or any third parties; or
  3. designs or specifications provided to Great Question by Customer that caused such claim.

10.3 POTENTIAL INFRINGEMENT

If we believe the Services may infringe or may be alleged to infringe a third party’s Intellectual Property Rights, then we may:

  1. obtain the right for you, at our expense, to continue using the Services;
  2. provide a non-infringing functionally equivalent replacement; or
  3. modify the Services so that they no longer infringe.

If we do not believe that the options above are commercially reasonable, then we may suspend or terminate your use of the impacted Services and provide you with a pro rata refund of any fees prepaid by you applicable to the period following the termination of such Services.

10.4 INDEMNITY PROCEDURES

A party seeking indemnification under this Agreement will promptly notify the other party of the claim and cooperate with the other party in defending the claim. If permitted by applicable law, the indemnifying party will have full control and authority over the defence, except that:

  1. any settlement requiring the indemnified party to admit liability or to pay any money will require that party’s prior written consent (such consent not to be unreasonably withheld or delayed); and
  2. the indemnified party may join in the defence with its own counsel at its own expense.

Nothing in this Agreement will restrict or limit a party’s general obligation at law to mitigate a loss it may suffer or incur as a result of an event that may give rise to a claim under Clauses 10.1 and 10.2. The indemnities in this Agreement are a party’s sole and exclusive remedy under this Agreement for violation by the other party of a third party’s Intellectual Property Rights.

11 Disclaimers and Limitations of Liability

11.1 DISCLAIMERS

Except as expressly provided in this Agreement and to the extent permitted by applicable law, neither party makes any warranties of any kind, express, implied, statutory, or otherwise, including those of merchantability, fitness for a particular purpose, and non-infringement. Great Question provides the services on an “as is” basis and, except as expressly provided in this Agreement and to the extent permitted by applicable law, we make no representations regarding the availability, reliability, or accuracy of the Services or any portion thereof, or regarding any Customer Data or other content associated with your account.

11.2 EXCLUSION OF LIABILITY

To the extent permitted by applicable law, neither party will be liable for any lost profits, business interruption, replacement Services or any indirect, consequential, special, incidental, punitive, or exemplary damages arising out of or in connection with this Agreement, even if the party knew or should have known that such damages were possible and even if a remedy fails of its essential purpose, and regardless of the theory of liability.

11.3 LIMITATION OF LIABILITY

To the extent permitted by applicable law, Great Question's aggregate liability arising out of or in connection with this Agreement will not exceed the total amounts paid by you to Great Question under this Agreement during the 12 months prior to the event giving rise to the liability or claim.

11.4 EXCEPTIONS TO LIMITATIONS

The limitations of liability in clauses 11.2 (Exclusion of liability) and 11.3 (Limitation of liability) do not apply to Great Question’s indemnification obligations under this Agreement.

12 Amendments

12.1 AGREEMENT AMENDMENTS

Great Question may amend this Agreement from time to time. If an amendment is material, as determined in Great Question’s reasonable discretion, we will notify the Customer contact by email or when they next log in to your account. Except in the case of an amendment being made to satisfy legal requirements, we will provide you with advance notice of material amendments.

If an amendment has a material adverse impact on the data privacy or security of your Customer Data and you do not agree to the amendment, you may terminate the Agreement by notifying our Customer Success team within 30 days of receiving notice of the amendment or date of publication of the updated version (otherwise, you will have been deemed to have consented to the amendment).

The terms and conditions of the updated version of this Agreement shall apply to all existing Service Orders and new Service Orders following the date of publication of the updated version.

12.2 OTHER AMENDMENTS

Any amendment to this Agreement that is outside the terms outlined in the latest version communicated to you, must be in writing, signed by you and Great Question, and must expressly state that it is amending this Agreement.

13 Dispute Resolution, Governing Law & Jurisdiction

13.1 DISPUTE RESOLUTION

Before commencing any form of litigation, including court proceedings, professional mediation or arbitration, each party agrees to:

  1. give the other party notice of the dispute and its nature;
  2. give the other party the opportunity to remedy any breach of this Agreement within 30 days; and
  3. hold good faith negotiations with the other party to settle the disputed matter.

13.2 GOVERNING LAW

  1. This Agreement is governed by the laws of California, United States of America; and each party submits to the exclusive jurisdiction of the courts of California, in relation to any proceedings connected with this Agreement.

13.3 INJUNCTIONS

Nothing in this Agreement prevents a party from seeking a temporary restraining order, injunction, or other equitable relief in relation to a breach (or attempted breach) of this Agreement by the other party.

14 Other Terms

14.1 ASSIGNMENT

Neither party may assign this Agreement without the other party’s prior written consent (such consent not to be unreasonably withheld). However, both parties may assign this Agreement without notice to an affiliate or to a successor or acquirer, as the case may be, in connection with a merger, acquisition, corporate reorganization or consolidation, or the sale of all or substantially all of the party’s assets or its business to which the subject matter of this Agreement relates. The terms of this Agreement shall be binding upon the parties and their respective successors and permitted assigns. Any other attempt to transfer or assign this Agreement or any rights or obligations under this Agreement are void.

14.2 ENTIRE AGREEMENT

This Agreement (including any documents incorporated by reference to a URL), constitute the entire agreement between you and Great Question and supersedes any other prior or contemporaneous agreements, terms and conditions, written or oral concerning its subject matter. Any terms and conditions appearing on a purchase order or similar document issued by you do not apply to the Services, do not override or form a part of this Agreement, and are void.

14.3 FORCE MAJEURE

Neither party will be liable for inadequate performance to the extent caused by a condition (for example, natural disaster, act of war or terrorism, riot, governmental action, or general internet disturbance) that was beyond the party’s reasonable control (except for payment of any money owed).

14.4 INDEPENDENT CONTRACTORS

The relationship between the parties is that of independent contractors, and not legal partners, employees, or agents of each other.

14.5 INTERPRETATION

The use of the terms includes, including, such as and similar terms, will be deemed not to limit what else might be included.

14.6 NO WAIVER

A party’s failure or delay to enforce a provision under this Agreement is not a waiver of its right to do so later.

14.7 NOTICES

All notices must be in writing and will be deemed given when:

  1. verified by written receipt, if sent by postal mail with verification of receipt service or courier;
  2. received, if sent by mail without verification of receipt; or
  3. when verified by automated receipt or electronic logs if sent by email.

Notices to Great Question must be sent to GREAT QUESTION, INC, 418 45th Street, Oakland, California, 94609, United States of America, and marked to the attention of Edwin Dwyer (CEO), or by email to [email protected] Notices to you may be sent to the email address associated with the Customer contact details in the Service Order and/or the administrator of your account. You must keep the contact details associated with your account current and accurate by notifying Great Question’s Customer Success team when your contact details change. You may grant approvals, permission, extensions, and consents by email.

14.8 PRECEDENCE

To the extent any conflict exists between the documents that constitute this Agreement, the order of precedence will be: Service Order, European Union Standard Contractual Clauses (if executed by you and Great Question) and General Terms.

14.9 SEVERABILITY

If any provision of this Agreement is determined to be unenforceable by a court of competent jurisdiction, that provision will be severed from this Agreement and the remaining terms will remain in full effect.

14.10 THIRD PARTY BENEFICIARIES

There are no third party beneficiaries to this Agreement. Your Users are not third party beneficiaries to your rights under this Agreement.

SCHEDULE B - Great Question Data Processing Addendum

This Data Processing DPA (“DPA”) is entered into by and between Great Question, Inc., 418 45th Street, Oakland, CA USA (“Great Question”), and the Customer executing this DPA with Great Question, on behalf of itself and its Affiliates (“Customer”), and is effective as of the date on which Customer signs this DPA (the “Effective Date”).

1. Background

1.1

Great Question operates a customer-research platform that enables Customer to create, distribute and manage research panels and surveys (the “Platform”).  In operating and providing the Platform, Great Question will provide services to Customer relating to its use of the Platform (the “Services”).  This DPA applies to the Processing of Customer Personal Data pursuant to the Platform and the Services.

1.2

This DPA (a) forms a part of the Great Question Master Services Agreement, and any orders or other written or electronic agreement between Great Question and Customer related to Customer’s purchase of Services and Great Question’s provision of the same, and any amendments thereto (collectively, the “Agreement” which also includes any amendments hereto), and (b) supersedes any prior data processing agreements or similar terms between the Parties.  In the event of any conflict or inconsistencies between the terms of this DPA and any other terms in the Agreement, this DPA will control.

2 Certain Definitions

2.1 In this DPA, the following terms will have the meanings set out below:

  1. Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity.  “Control” for purposes of this definition means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity;
  2. CCPA” means California Consumer Privacy Act of 2018 (California Civil Code §§ 1798.100–1798.199) and its implementing regulations, as amended or superseded from time to time;
  3. Customer Affiliate” means any Affiliate of Customer that is authorized to use the Platform or Services pursuant to the Agreement;
  4. Customer Content” means any materials or data Customer enters into, collects, manages or creates using the Platform, including, but not limited customer lists, surveys, responses and Customer Personal Data;
  5. Customer Personal Data” means any Personal Data Processed by Great Question or a Subprocessor pursuant to the performance of the Services, including (but not limited to) any contact information or other personally identifiable information of contained in the Customer Content;
  6. Data Breach” means accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Personal Data transmitted, stored or otherwise Processed by Great Question or its Subprocessors;
  7. Data Controller” or "Controller"​ means the entity that alone or jointly with others determines the purposes and means of Processing of Personal Data.
  8. “Data Processor,” “Processor” or “Service Provider” means a person or entity to the extent it Processes Personal Data on behalf of or subject to the documented instructions of a Controller and appropriate contractual terms as required by applicable Data Protection Laws.
  9. Data Protection Laws” means any local, national or international laws, rules and regulations related to privacy, security, data protection, and/or the Processing of Personal Data, as amended, replaced or superseded from time to time, including but not limited to the following (to the extent applicable): (i)  the GDPR and laws of EEA Member States implementing or supplementing the GDPR; (ii) any data protection laws of the United Kingdom substantially amending, replacing or superseding the GDPR in whether or not as a result of a Brexit (including the UK Data Protection Act 2018); and the CCPA.
  10. GDPR” means EU General Data Protection Regulation 2016/679;
  11. Personal Data” is any information defined as “personal data”, “personal information”, or other similar terms under applicable Data Protection Laws; the term does not include Anonymous Data;
  12. Process” means any operation or set of operations that is performed upon Customer Personal Data, whether or not by automatic means, such as access, collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, return or destruction, and “processed,” or “processing” will be construed accordingly;
  13. Restricted Transfer” means a transfer of Customer Personal Data to and between Great Question, Great Question Affiliates and/or Subprocessors, in each case, where such transfer would be prohibited by applicable Data Protection Laws in the absence of the relevant Standard Contractual Clauses as set forth in Section 12.2 and Annex 3 hereto;
  14. Standard Contractual Clauses” means (A) the EU standard contractual clauses set out in the Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of Personal Data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council for the transfer of Personal Data to processors established in third countries that do not ensure an adequate level of protection of data subjects, which have been approved by the European Commission as adducing adequate safeguards for Restricted Transfers, or any successor clauses thereto recognized by the European Commission pursuant to Article 46 of the EU General Data Protection Regulation 2016/679 (“New Standard Contractual Clauses”), and (B) the Standard Contractual Clauses (processors) set out in Decision 2010/87/EC (“2010 Standard Contractual Clauses”) as set forth in Section 12.2 and Annex 3 hereto, or any successor clauses approved by the UK Information Commissioner.
  15. Subprocessor” means any person or entity (but excluding an employee of Great Question) appointed by or on behalf of Great Question, that Processed Customer Personal Data; and
  16. Supervisory Authority” means (a) an independent public authority established by a Member State pursuant to Article 51 of the GDPR; and (b) any similar regulatory authority responsible for the enforcement of applicable Data Protection Laws.
  17. “UK Data Protection Laws” means the (UK) Data Protection Act 2018 and other data protection or privacy legislation in force from time to time in the United Kingdom.

2.2

Capitalized terms used but not otherwise defined herein shall have the meaning set forth in the Agreement.

3. Processing of Personal Data

3.1

The parties acknowledge and agree that with regard to the Processing of Customer Personal Data, Customer is the Data Controller, and Great Question is the Data Processor. Each party will comply with the obligations applicable to it under the Data Protection Laws with respect to the Processing of Customer Personal Data.

3.2

Great Question will, and will ensure that Subprocessors will Process Customer Personal Data only on Customer’s documented instructions, or where Processing is required by applicable laws to which Great Question or Subprocessors are subject; in the latter case, Great Question will notify the Customer of the legal requirement before Processing, unless the law prohibits such notification.  Great Question will not sell any Customer Personal Data, and will not use, retain or disclose Customer Personal Data except as set forth in this DPA; Great Question certifies that it understands and will comply with the foregoing restriction.

3.3

Customer on its own behalf and as agent for each relevant Customer Affiliate instructs Great Question (and authorizes Great Question to instruct each Subprocessor) to Process (including disclose) Customer Personal Data in to provide the Service, including to: (a) perform Great Question’s obligations under the Agreement, to carry out related requests by Customer (including regarding Customer’s account settings and actions requested or initiated via the Services), in response to customer service and support requests, to perform any related technical support and as otherwise set forth in the Agreement, this DPA or other documented instructions of Customer; (b) transfer Customer Personal Data to any country or territory provided such complies with Section 12 (Cross-border Transfers) below; and (c) engage any Subprocessors, provided such complies with Section 11 (Subprocessing) below.

3.4

Customer agrees that (a) Customer’s submission and Processing of Customer Personal Data and Customer Content pursuant to the Platform and Services and its instructions for the Processing of Personal Data will comply with Data Protection Laws; (b) Customer is and will at all relevant times remain duly and effectively authorized to give the instruction set out in this Section (Processing of Personal Data) on behalf of each relevant Customer Affiliate (as applicable); and (c) Customer will provide any required notices to and obtain any required consents from Data Subjects related to the Processing of Customer Personal Data as contemplated in this DPA and the Agreement, or as otherwise instructed by Customer.

3.5

Customer agrees that Great Question may de-identify or aggregate Customer Personal Data and other data related to the Services to render it Anonymous Data, which may then be used for the purposes of operating and improving Great Question’s services and operations. Great Question may maintain Anonymous Data as part of its own records and information, and such data shall no longer be subject to the Agreement or this DPA. “Anonymous Data” means data that has been de-identified and/or aggregated with other data to such an extent that Customer and Customer Affiliates are no longer identifiable, and individuals are no longer identified, identifiable, linked or linkable, or otherwise ascertainable by reference to or combination with other datasets.

3.6

Annex 1 to this DPA sets out the subject matter and duration of the Processing, the nature and purpose of the Processing, and the categories of Personal Data and Data Subjects, as required by Article 28(3) of the GDPR.

4. Great Question Personnel

Great Question will take reasonable steps to ensure the reliability of any employee, agent or contractor who may have access to Customer Personal Data, ensuring that such individuals are subject to confidentiality obligations or professional or statutory obligations of confidentiality.

5. Security

Great Question will implement appropriate technical and organizational measures, as set forth in Annex 2 (Technical and Organizational Measures), that are designed to provide a level of security appropriate to the risks presented by the Processing of Customer Personal Data.  In assessing the appropriate level of security, Great Question will take account in particular of the risks that are presented by Processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data transmitted, stored or otherwise Processed.

6. Personal Data Breach

Great Question will notify Customer without undue delay if it discovers a Data Breach involving Customer Personal Data and will provide information (as available) to assist Customer to meet any obligations to report a Data Breach under the Data Protection Laws.  Great Question will co-operate with Customer and take such reasonable steps as are agreed in good faith by the parties to assist in the investigation, mitigation and remediation of each Data Breach.  To the extent that Customer is responsible for a Data Breach Customer will reimburse Great Question for all costs reasonably and properly incurred by Great Question performing its obligations under this Section (including internal costs and third-party costs including legal fees).

7. Data Subject and Consumer Rights

Great Question will promptly notify Customer if it receives a request from a Data Subject or Consumer entitled to exercise a request under applicable law regarding Customer Personal Data as it pertains to that Data Subject or Consumer.  Upon request and taking into account the nature of the Processing, Great Question will provide Customer with reasonable assistance as necessary to enable Customer to fulfil its obligations under applicable Data Protection Laws to respond to such requests; such assistance will include, where practicable, implementation of reasonable and appropriate technical and organizational measures to allow Customer to respond effectively to such requests.

8. Data Protection Impact Assessment and Prior Consultation

Upon request and subject to the nature of the relevant Processing by and information available to Great Question, Great Question will provide reasonable assistance to Customer with any data protection impact assessments and any prior consultations to any Supervisory Authority, which are required under applicable Data Protection Law. Customer will reimburse Great Question in full for all costs reasonably and properly incurred by Great Question in performing its obligations under this Section (including internal costs and third-party costs including legal fees)

9. Law Enforcement Requests

9.1

Great Question shall not disclose Customer Personal Data to any third party (except for duly authorized Subprocessors) without the prior written consent of Customer, unless required by law to do so. Where any disclosure of Customer Personal Data is required by law (a “Third Party Request”), such as in response to a law enforcement request or legal process, Great Question shall, unless expressly prohibited by applicable law from doing so, immediately notify Customer, and shall: (i) attempt to redirect the requesting party to submit its request to Customer; (ii) cooperate with Customer in any reasonable efforts by Customer to intervene, quash, limit or respond to such Third Party Request; and (iii) after consultation with Customer, only disclose the minimum amount of Customer Personal Data necessary to comply with the Third Party Request under applicable law.

9.2

If Great Question is prohibited by applicable law from notifying Customer of a Third Party Request, Great Question will only respond to such request as strictly necessary under applicable laws and and shall only disclose the minimum amount of Customer Personal Data as necessary to comply with Third Party Request under applicable law.  Great Question shall, upon request from Customer, attest to Customer whether it has received any Third Party Request related to Personal Data, except to the extent prohibited by applicable law from doing so.

10. Audit Rights

10.1

Upon Customer’s written request and it the cost and expense of Customer, Great Question will make available to Customer information reasonably necessary to demonstrate Great Question’s compliance with this DPA, and will allow for and contribute to inspections by a qualified, independent third-party auditor appointed by Customer, in relation to the Processing of Customer Personal Data by Great Question or its Subprocessors.

10.2

Customer will give Great Question reasonable notice of any audit or inspection to be conducted under this Section and will (and ensure that each of its mandated auditors will) take all reasonable steps to avoid causing any damage, injury or disruption to the premises, equipment, personnel and business of Great Question or any Subprocessor during the course of such an audit. Any audit or inspection will be conducted within normal business hours, and no more than once in any calendar year, unless otherwise required by applicable law or a relevant Supervisory Authority.  Customer will reimburse Great Question in full for all costs reasonably and properly incurred by Great Question performing its obligations under this Section (including internal costs, third party costs including legal fees, and costs incurred by Great Question with respect to audits of other Subprocessors).  Any information obtained under this Section will be kept confidential and not disclosed to any person without the express consent of Great Question, and Customer will ensure that any auditor, agent, personnel or other person or entity that participates in such audit is subject to appropriate written confidentiality obligations.

11. Subprocessing

11.1

Customer authorizes Great Question to appoint (and permit each Subprocessor appointed in accordance with this Section to appoint) Subprocessors.  Customer expressly agrees that Great Question Affiliates may be engaged as Subprocessors, and that Great Question may continue to use those other Subprocessors already engaged by Great Question as of the date of this DPA.  Great Question will make available a current list of Great Question Subprocessors at http://greatquestion.co/subprocessors and will update the list prior to adding any additional Subprocessors.  Great Question will provide notice of new Subprocessors prior to authorizing new Subprocessors to Process Customer Personal Data in connection with the Services by updating the Subprocessor list and providing email notification to Customer’s who have subscribed to email notifications about new Subprocessors. Customer may object to the appointment of a new Subprocessor by sending written notice to Great Question at [email protected] within ten (10) business days of the notice of new Subprocessors; Customer’s notice of objection should state the basis for Customer’s objection.  Customer agrees that it will not unreasonably object to the use of a Subprocessor.  If Customer does not object to the appointment of the Subprocessor within ten (10) business days, the Customer shall be deemed to have approved and agreed to such appointment.

11.2

If Customer objects to a new Subprocessor, the parties will work in good faith to resolve Customer’s objections.  During this time, there may be an impact to the provision of the Services; Customer agrees that Great Question is not liable for any such impact. If the parties are unable to resolve Customer’s objection within 90 days, Customer may terminate without penalty the portion of the Agreement pertaining to the Services that Great Question states it cannot provide without the use of the objected-to Subprocessor, and Great Question will refund Customer any prepaid but unused amounts for such portion; otherwise the Agreement shall remain in full force and effect.

11.3

With respect to each Subprocessor, Great Question will: (a) exercise commercially reasonable care in the assessment, appointment and oversight of the relevant Processing activities of Subprocessors; (b) include terms in the contract between Great Question and each Subprocessor which offer an equivalent level of protection for Customer Personal Data as those set out in this DPA, taking into account the nature of the services performed by the Subprocessor; (c) if the arrangement involves a Restricted Transfer of Customer Personal Data Great Question will ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between Great Question and the Subprocessor; and (d) remain liable to the Customer for any failure by each Subprocessor to fulfil its obligations in relation to the Processing of Customer Personal Data.

12. Cross-border Transfers

12.1

Customer consents to the Processing and transfer of Customer Personal Data outside the jurisdiction in which it was collected.  Customer acknowledges that Customer Personal Data may be Processed in the United States, the European Economic Area (“EEA”), the United Kingdom, Australia, Singapore, Japan, Canada, New Zealand, Sweden, India, China and other jurisdictions where Great Question, Great Question Affiliates and Subprocessors are located.

12.2

With respect to any Restricted Transfers subject to the Data Protection Laws of the EEA, Switzerland, or the United Kingdom, the Parties agree to apply and comply with the relevant Standard Contractual Clauses as set forth in this Section 12.2, which are hereby incorporated by reference into this DPA.

  1. Subject to Section 1 of Annex 3 hereto, the relevant Standard Contractual Clauses (Module 2) will, apply to and be enforceable by the Parties to the extent of any Restricted Transfers that are subject to the Data Protection Laws of the EEA or Switzerland;
  2. Subject Section 2 of Annex 3 hereto, with respect to any Restricted Transfers subject to UK Data Protection Laws, the relevant Standard Contractual Clauses will apply to and are enforceable by the Parties to the extent of any Restricted Transfers that are subject to UK Data Protection Laws.  Customer acting on its own behalf and as agent for each Customer Affiliate (each as ‘data exporter’) and Great Question acting on its own behalf and as agent for each Affiliate (each as ‘data importer’) hereby enter into the relevant Standard Contractual Clauses, as amended or replaced from time to time by the Information Commissioner’s Office (“Commissioner”) or under UK Data Protection Laws and subject to Annex 3 hereto.

12.3

With respect to any Restricted Transfer of Customer Personal Data subject to Data Protection Laws other than those of the European Economic Area, Switzerland or the United Kingdom, the data importer(s) will comply mutatis mutandis with terms of the relevant Standard Contractual Clauses applicable to the ‘data importer’, the terms ‘Member State’ and ‘State’ are replaced throughout by the word ‘jurisdiction,’ and ‘supervisory authority’ will mean the relevant data protection regulator or other government body with authority to enforce Data Protection Laws.

12.4

Prior to any Restricted Transfer to a Subprocessor, Great Question will ensure that in its written agreement with Subprocessor incorporates the applicable Standard Contractual Clauses in respect of such Restricted Transfers.

13. Deletion or Return of Personal Data

13.1

Upon the termination or expiration of the Agreement (unless continued Processing is subject to a new or amended agreement) and to the extent not prohibited by applicable law, Great Question will within 90 days (the “Cessation Date”) cease Processing and delete or return the Customer Personal Data. 

13.2

If Customer does not inform Great Question of its choice of either return or deletion of such Customer Personal Data at least 30 days prior to the Cessation Date, then Customer will be deemed to have chosen deletion.  The parties agree that Great Question is not required to return or delete any Anonymous Data at the conclusion of the Agreement.

14 General Terms

14.1 No legal advice

Notwithstanding anything to the contrary in this DPA, Great Question will not be required to provide legal advice to Customer and nothing provided by Great Question will be construed by Customer as legal advice.

14.2 limitation of liability

The aggregate liability of Great Question arising out of or related to this DPA, whether in contract, tort or under any other theory of liability, is subject to the limitations on liability in the Agreement.

14.3 Termination

The parties agree that this DPA and the Standard Contractual Clauses will terminate automatically upon: (a) termination of the Agreement; or (b) expiry or termination of all service contracts entered into by Great Question with Customer pursuant to the Agreement; or (iii) termination or completion of statements of work, work orders or similar documents, thereunder, whichever is later.

14.4 Third Party Rights

A person who is not a party to this DPA will have no right to enforce any term of this DPA; the rights to rescind or vary this DPA are not subject to the consent of any other person.

14.5 Changes in Data Protection Laws

If any variation is required to this DPA as a result of a change in Data Protection Law, either party may provide written notice to the other party of that change in law. Without limiting Section 14.6 of this DPA, the parties will discuss and negotiate in good faith any necessary variations to this DPA to address such changes.

14.6 Amendments to Standard Contractual Clauses

Notwithstanding Section 14.5: 

  1. to the extent the Standard Contractual Clauses are superseded by any new or amended standard contractual clauses (“Amended SCCs”), Customer agrees that Great Question may amend the terms of this DPA as necessary in order to incorporate the Amended SCCs, by providing written notice to Customer at least 30 days prior to the effective date of such amendment. The parties agree that any such amendment to the Agreement shall take effect and be binding upon the parties as of the effective date set forth therein, unless Customer notifies Great Question in writing of its objection to such amendment within 15 days of Great Question’s amendment notice;
  2. Notwithstanding Section14.5 (a), if at any time the UK government approves the Amended SCCs for use under the UK Data Protection Laws, then Module 2 of the Amended SCCs, as appropriate, shall apply (and shall replace the 2010 Standard Contractual Clauses) in respect of any such Restricted Transfers, subject to any modifications to the Standard Contractual Clauses required by the UK Data Protection Laws and subject to the governing law of the UK Standard Contractual Clauses being English law and the supervisory authority being the UK Information Commissioner’s Office.

14.7 Severance

Should any provision of this DPA be invalid or unenforceable, then the remainder of this DPA will remain valid and in force.  The invalid or unenforceable provision will be either (a) amended as necessary to ensure its validity and enforceability, while preserving the parties’ intentions as closely as possible or, if this is not possible, (ii) construed in a manner as if the invalid or unenforceable part had never been contained therein.

ANNEX 1 - Details of Processing of Customer Personal Data

This Annex 1 describes details of the Processing of Customer Personal Data and provides information as required pursuant to the appendices of the Standard Contractual Clauses.  The subject matter and duration of the processing are set forth in the Agreement and any order forms and statements of work thereto. The obligations and rights of the Customer are set out in the Agreement and the DPA.

1. List of Parties

List of data exporters & importers included on account by account basis.

2. Description of Transfer

Categories of data subjects whose personal data is transferred

  • The customers, prospects, and end users of Customer;
  • Other data subjects who Customer interacts with through the Platform or whose Personal Data is included in the Customer Content.

Categories of personal data transferred

The types of Personal Data to be Processed may include:

  • Name, email and other contact details;
  • Company, position/title, company contact details, and other business information;
  • Other information Customer chooses to or requests Great Question to collect as part of the Services;
  • Analytics, usage statistics and reports;
  • Other information included in the Customer Personal Data or imported, uploaded or managed by Customer in the Platform.

Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialized training), keeping a record of access to the data, restrictions for onward transfers or additional security measures.

The types of Special Categories of Data to be Processed include:

None.

The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis):

The frequency of the transfer is ongoing.

The nature and purpose of the Processing of Customer Personal Data:

  • Create and manage research panels and customer surveys;
  • Analyze and prepare reports related to customer surveys and research, and other activities engaged in by Customer via the Platform.

Purpose(s) of the data transfer and further processing:

To enable Customer to utilize the Platform, which is hosted and maintained by Great Question form the United States.

The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period

The retention period shall be consistent with the retention period set forth in the Agreement and DPA.

For transfers to (sub-) processors, also specify subject matter, nature and duration of the processing:

The applicable (sub-) processors and their processing activities are identified at: http://greatquestion.co/subprocessors.

3. Competent Supervisory Authority

Identify the competent supervisory authority/ies in accordance with Clause 13 of the Standard Contractual Claues:

The competent supervisory authority is:

ANNEX 2 - Technical and Organizational Measures

1.

Any Processing of Personal Data will take place on data processing systems for which commercially reasonable technical and organizational measures for protecting Personal Data have been implemented.  Great Question will maintain reasonable and appropriate technical, physical, and administrative measures to protect Customer Personal Data under its possession or control against unauthorized or unlawful Processing or accidental loss, destruction or damage, taking into account the harm that might result from unauthorized or unlawful processing or accidental loss, destruction or damage and the sensitivity of the Customer Personal Data.

2.

Security measures will be maintained, which are designed to:

  • deny unauthorized persons access to data-processing equipment used for processing Personal Data (equipment access control);
  • prevent the unauthorized reading, copying, modification or removal of media (data media control);
  • prevent the unauthorized input of Personal Data and the unauthorized inspection, modification or deletion of stored Personal Data (storage control);
  • prevent the use of automated data-processing systems by unauthorized persons using data communication equipment (user control);
  • provide that persons authorized to use an automated data-processing system only have access to the Personal Data covered by their access authorization (data access control);
  • enable Great Question to verify and establish to which individuals Customer Personal Data have been or may be transmitted or made available using data communication equipment (communication control);
  • enable identification of which Customer Personal Data have been put into automated data-processing systems and when and by whom the input was made (input control);
  • prevent the unauthorized reading, copying, modification or deletion of Customer Personal Data during transfers of those data or during transportation of storage media (transport control);
  • include commercially reasonable disaster recovery procedures to provide for the continuation of services under the Agreement and backup of Customer Personal Data; and
  • include appropriate technical security solutions are implemented and managed to protect the confidentiality, integrity and availability of Customer Personal Data.

3.

Where appropriate, data will be encrypted in transmission and at rest, using industry-standard cryptographic techniques and secure management of keys.

4.

Great Question will take reasonable steps to ensure the reliability of its employees and other personnel having access to Customer Personal Data, and will limit access to Customer Personal Data to those Personnel who have a business need to have access to such Customer Personal Data, and have received reasonable training regarding the handling of Personal Data and Data Protection Laws.

ANNEX 3 - Terms Applicable to Restricted Transfers

1. Data Controller-to-Processor transfers subject to Data Protection Laws of the EEA or Switzerland:

1.1

Optional Clause 7 (Docking clause of Module 2) shall apply.

1.2

Clause 9(a) (Use of Subprocessors) Option 2 (General Authorization) shall apply and the specified “time period” shall be ten (10) days in accordance with the Subprocessing section in this DPA.

1.3

Optional Clause 11(a) (Redress) shall not apply.

1.4

Clause 13 shall apply as follows:

  1. Where Customer is established in an EU Member State, the supervisory authority with responsibility for ensuring compliance by Customer with Regulation (EU) 2016/679 as regards the data transfer shall act as competent supervisory authority
  2. Where Customer is not established in an EU Member State, but falls within the territorial scope of application of Regulation (EU) 2016/679 in accordance with its Article 3(2) and has appointed a representative pursuant to Article 27(1) of Regulation (EU) 2016/679, the supervisory authority of the Member State in which the representative within the meaning of Article 27(1) of Regulation (EU) 2016/679 is established shall act as competent supervisory authority. 
  3. Where Customer is not established in an EU Member State, but falls within the territorial scope of application of Regulation (EU) 2016/679 in accordance with its Article 3(2) without however having to appoint a representative pursuant to Article 27(2) of Regulation (EU) 2016/679, the supervisory authority of the Republic of Ireland shall act as competent supervisory authority. 
  4. Where Customer is established in Switzerland or falls within the territorial scope of application of Swiss Data Protection Laws and Regulations, the Swiss Federal Data Protection and Information Commissioner shall act as competent supervisory authority insofar as the relevant data transfer is governed by Swiss Data Protection Laws and Regulations.
  5. Subject to Section 14.6(b) of the DPA, as applicable where Customer is established in the United Kingdom or falls within the territorial scope of application of UK Data Protection Laws, UK the Information Commissioner's Office shall act as competent supervisory authority.

1.5

Clause 17 (Governing Law) Option 1 shall apply, and the specified member state shall be Ireland, except that (i) Switzerland shall apply where the Data Protection Laws of Switzerland apply to the Restricted Transfer; and (ii) pursuant to Section 14.6(b) of the DPA, to the extent the UK approves the Amended SCCs, the United Kingdom shall apply where UK Data Protection Laws apply to the Restricted Transfer.

1.6

Clause 18 (Choice of Forum and Jurisdiction) shall specify Ireland as the choice of forum and jurisdiction, except that (i) Switzerland shall apply where the Data Protection Laws of Switzerland apply to the Restricted Transfer; and (ii) pursuant to Section 14.6(b) of the DPA, to the extent the UK approves the Amended SCCs, the United Kingdom shall apply where UK Data Protection Laws apply to the Restricted Transfer.

1.7

The contents of the Appendix Standard Contractual Clauses shall be completed as follows:

  1. The contents of Section 1 of Annex 1 to the DPA shall form Section A of Annex 1 of the Standard Contractual Clauses; 
  2. The contents of Section 2 of Annex 1 to the DPA shall form Section B of Annex 1 of the Standard Contractual Clauses; 
  3. The contents of Section 3 of Annex 1 to the DPA shall form Section C of Annex 1 of the Standard Contractual Clauses; and 
  4. The contents of Annex 2 to the DPA shall form Annex 2 of the Standard Contractual Clauses.

1.8

The additional and supplementary measures set forth in Section 3 of this Annex 3 shall apply.

2. Restricted Transfers subject to UK Data Protection Laws

2.1

Appendix 1 to the 2010 Standard Contractual Clauses shall be deemed to be pre-populated with the relevant information provided in Annex 1 (Details of Processing of Customer Personal Data).

2.2

Appendix 2 to the UK Standard Contractual Clauses shall refer to the security controls specified in Annex 2 (Technical and Organizational Measures) of the DPA.

2.3

By executing the Agreement, the Parties shall be deemed to have executed the relevant Standard Contractual Clauses.

3. Additional and Supplementary Measures

3.1

The data importer represents that:

  1. It has not created, and will not create, any back doors or similar programming that could be used by public authorities to access the Recipient’s systems and/or Personal Data held in the Recipient’s systems; 
  2. It has not created or changed, and will not create or change, its business processes in a manner that facilitate direct access to Personal Data or the Recipient’s systems by public authorities; and
  3. It shall notify the exporter promptly if it is no longer able to comply with the foregoing representations.

3.2

In addition to the requirements set forth in Clause 15 of the Standard Contractual Clauses, the data importer further agrees that:

  1. It shall not voluntarily cooperate with any public authorities to provide Personal Data to such authorities unless it is legally compelled to do so;
  2. If the data importer receives any request(s) from public authorities for access to Personal Data, it shall: (i) review the legality of any order to disclose Personal Data, including whether the order is within the remit of the powers granted to the requesting authority; (ii) not disclose any Personal Data requested except to the extent required to do so under applicable laws and until such time as required by applicable procedural rules; and (iii) only disclose the minimum Personal Data necessary to respond to the request; and (iv) reasonable cooperate with the data exporter upon request in its efforts to modify, quash or limit such request, if there are reasonable grounds to do so; and
  3. If the data importer is prohibited by law from notifying the data exporter of any request(s) from public authorities for access to Personal Data, the data importer will take reasonable steps to: (i) if, after assessment, the importer concludes that there are grounds under applicable laws to do so, challenge the order and seek interim measures to suspend the effects of the request until the relevant authority has decided on the merits; and (ii) inform the requesting public authority that the order is incompatible with the safeguards contained in the Standard Contractual Clauses and there is therefore a conflict of obligations for the data importer.

3.3

Personal Data shall be: 

  1. data in-transit is secured using TLS 1.2 and at-rest with AES-256, block-level storage encryption; and
  2. retained only in accordance with the retention period and the data exporter’s instructions, as set forth in the Agreement.

Ready to dive in?

See the only all-in-one customer research platform