“Data Controller” as defined in Data Protection Legislation
“Data Processor” as defined in Data Protection Legislation
“Data Protection Legislation” means the Irish Data Protection Acts 1988 to 2018, any other applicable law or regulation relating to the processing of personal data and to privacy (including the E-Privacy Directive and the European Communities (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011 (“E-Privacy Regulations”), as such legislation shall be supplemented, amended, revised or replaced from time to time, including by operation of the General Data Protection Regulation (EU) 2016/679 (“GDPR”) (and laws implementing or supplementing the GDPR, and laws amending or supplementing the E-Privacy Regulations).
“Personal Data” as defined in Data Protection Legislation
“Users” all travellers participating in trips booked through the Platform.
Travaplan may revise this legal notice at any time by updating this posting. You should check the Platform terms from time to time to review the then current legal notice, because it is binding on you. Certain provisions of this legal notice may be superseded by expressly designated legal notices or terms located on particular pages on the Platform/website.
Information about us.
This site is operated by Travaplan Ltd registered in Ireland under company number 583599 with our registered office at 43 Dundela Park, Sandycove, Co Dublin, Ireland. Our VAT number is IE3422821BH. You can contact us by email at admin@Travaplan.com
Travaplan facilitates bookings for a variety of travel related services. Travaplan provides introductory services and does not own or operate any of the travel related companies. Your contract for services will be between you and the relevant service provider(s). The terms and conditions of the contract between you and the relevant service provider(s) are available to you once you click through (leave the Travaplan application to go to the booking sites website(s)) to make a booking. Travaplan makes no warranty or representation in relation to any services purchased from third party service providers via the introduction process.
Fees and Charges
Use of the Platform is provided free of charge to the following:
- Trip organisers/planners who are not charging for their services and who are Data Controllers for the purposes of Data Protection Legislation
- All Users
If you are intending to use this Platform for uses other than those listed above you must contact Travaplan before starting to invite others to join and use the Platform.
Where Users/trip organisers use Stripe or any similar trip booking/payment facility accessed through the Travaplan website to process payments connected with any trip booked through the Travaplan site, Travaplan may charge a non-refundable administration fee of up to 2% as a percentage of such payments. It is the responsibility of the service provider to process your reservation/booking correctly. We will notify you if there are any other fees, charges or commissions payable to Travaplan at a future date in connection with the use of the Platform (including any introductory service fees) and we reserve the right to apply such fees, charges and/or commissions in the future.
“Malicious Code” includes but not restricted to code, files, scripts, agents or programs intended to do harm or any unlawful activities, including, for example, viruses, worms, time bombs and Trojan horses.
In the event of a dispute between Travaplan and you, our liability to you, if any, is limited to the amount of the fees (if any) set out under the heading Fees and Charges above and paid by you when making the booking.
Travaplan hereby excludes to the fullest extent permitted by law any warranties (whether express or implied), as to the quality, completeness, performance or fitness for a particular purpose of (i) any service ordered using this Platform and (ii) this Platform and any of its contents, including, but not limited to, any information relating to the service to be provided contained within this Platform and the technology supporting and provided on this Platform. Travaplan reserves the right to make alterations to the Platform at any time. The information on this Platform is updated from time to time. By using this Platform you acknowledge that the details and all other information including, but not limited to, information relating to travel, holidays, accommodation, car rental and other related services published on this Platform may include inaccuracies or typographical errors.
We will not be liable for any loss or damage caused by a virus, distributed denial-of-service attack, or other technologically harmful material that may infect your computer or mobile equipment, computer programs, data or other proprietary material due to your use of the Platform or to your downloading of any content on it, or on any website linked to it.
The Platform contains hyperlinks or references to third party service providers’ websites. Such hyperlinks or references are provided for your convenience only and we have no control over third party websites and accept no legal responsibility for any content, material or information contained in them. The display of any hyperlink and reference to any third party service provider’s website does not mean that we endorse that third party’s website, products or services. The Platform can forward information from third party services or provide links to such services. Any booking you make for travel related services on this Platform is made with a service provider and not Travaplan. Travaplan and this Platform only facilitate the making of reservations with the service provider and we are not liable or responsible for the fulfilment of any booking, for the performance of any service or for the acts or omissions of any third party service providers introduced through the Platform. Travaplan is not a party to the contract between you and the service provider and has no responsibility or liability (direct or indirect) to any party in respect of the terms of your contract with the service provider or any problems arising with the services provided pursuant to that contract or any other problems between you and the service provider. On making a booking for a service on the service provider’s platform you are bound by and deemed to have accepted the terms and conditions of the service provider.
EXCEPT TO THE EXTENT CONTRARY TO LAW NEITHER TRAVAPLAN NOR ANY OF OUR DIRECTORS, OWNERS, EMPLOYEES, AFFILIATES, TRAVEL PARTNERS OR OTHER REPRESENTATIVES WILL BE LIABLE FOR ANY DIRECT OR INDIRECT LOSS OR DAMAGES ARISING OUT OF, OR IN CONNECTION WITH YOUR USE OF ANY INFORMATION, PRODUCTS, SERVICES AND/OR THE MATERIALS OFFERED THROUGH THIS PLATFORM, INCLUDING BUT NOT LIMITED TO LOSS OF DATA, INCOME, PROFIT OR OPPORTUNITY, LOSS OF OR DAMAGE TO PROPERTY AND/OR CLAIMS OF THIRD PARTIES, OR ANY INDIRECT OR CONSEQUENTIAL LOSS OR DAMAGES HOWSOEVER ARISING, EVEN IF TRAVAPLAN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGE OR SUCH LOSS OR DAMAGES WERE REASONABLY FORESEEABLE.
The listing of any travel information or services or link in this Platform is not and should not be taken as a recommendation from Travaplan or a warranty or representation that the travel information or services will be of a certain standard or suitable for your purpose. Travaplan shall in no way be liable to you in the event that the travel information or services are not suitable for your purpose. You should use your own discretion when utilising this information.
While Travaplan endeavours to ensure that the Platform is accurate, up-to-date, free from bugs and normally available 24 hours a day, we cannot guarantee, nor do we promise the uninterrupted use by you of the Platform Travaplan shall not be liable if for any reason the Platform is unavailable at any time or for any period. Access to the Platform may be suspended temporarily and without notice in the case of system failure, maintenance or repair or for other reasons beyond Travaplan’s control. Furthermore, we cannot promise that the Platform will be fit or suitable for any purpose. Any reliance that you may place on the information on the Platform is at your own risk. Any content in the Platform is provided for your general information purposes only and to inform you about us and our services and other websites that may be of interest.
Beta Testing Phase
To open an account for usage of the Platform, you or the User must provide true and accurate information as required to complete the Registration Form available on our website and shall regularly update such information to keep it true and accurate by contacting us to notify us of any changes to such information at email@example.com
You or the User shall provide a valid email address and/or mobile phone number belonging to them and choose a password, and keep these details up to date, so that both Travaplan and the other members of your travelling group can communicate with you effectively.
We reserve the right to remove or change your or any User profile at any time if we deem it to be in breach of terms and conditions or of an inappropriate nature.
You are entirely responsible for the privacy, confidentiality and storage of email addresses and/or mobile phone number, and password used to access the system. All website activities that can be traced to the email address and password of you or any User are deemed as having been performed by you or the relevant User as the case may be. Travaplan does not assume any liability for content of messages sent and is exempt from any claim that may arise from third parties as a result of messages sent. Travaplan may temporarily disable access to Your or any User’s Account if You report unauthorized use.
You agree to notify Travaplan immediately of any unauthorized use of your or any Users account reported to you, to firstname.lastname@example.org
Right to Unsubscribe
You can unsubscribe from the Platform at any time without incurring any fee, by contacting email@example.com. The cancellation of your membership with Travaplan will not affect or absolve you of any liability to third party service providers to make any payment and/or fulfil any contract to which you have agreed to be bound through the Platform or otherwise.
Intellectual Property Rights and Limited License
The Platform and all intellectual property rights in it, including but not exclusive to, content, text, graphics, images, trade names, domain names, design rights, database rights, patents, structure, photographs, buttons, artwork and computer code and all other intellectual property rights of any kind whether or not they are registered or unregistered (anywhere in the world) is owned by Travaplan and is only available to you for personal purposes. Nothing in these terms and conditions grants you any legal rights in the Platform other than are as necessary to enable you to access the Platform. Unless you have received written consent from Travaplan to the contrary, you may only use the Platform and its content for personal, noncommercial purposes. You do not have permission to modify copy, distribute, collate, transfer, reproduce or display any of the above for personal or business use. In particular, by proceeding to access this Platform, you agree:
- Not to use the Platform to make any speculative or false reservation;
- Not to use the Platform to research suppliers or suppliers pricing;
- Not to use the name “Travaplan” or any Travaplan branding for commercial or any other purposes without obtaining prior written permission from Travaplan;
- Not to reproduce material from this Platform (Website’s) for commercial or any other purposes.
This Platform is made available to You and Users as it is and Travaplan makes no warranties or representations that (i) this Platform or the technology (servers etc.) making it available and supporting it will be without fault or defects or (ii) the information posted on this Platform is free from infection by viruses or anything else with contaminating or destructive properties. Travaplan accepts no liability for any infection or effects from harmful applications such as, but not limited to, viruses, Trojans, tampering, fraud or theft, error, technical failure, omissions, delay, unauthorised access or any event which corrupts the acceptable administration, communication and integrity of this Platform.
The service provider may from time to time change its terms and conditions (which are available on their websites) upon which the service provider makes the reserved service available to you. Travaplan is not responsible and shall have no liability if the service provider’s terms and conditions available on this Platform have been or are changed by the service provider.
General Terms and Conditions.
You agree to refrain from using the Platform:
- in excess of, or beyond, the agreed purpose;
- to distribute, sell, license, provide or otherwise make our services available to third parties without our consent;
- to store or transmit material or information that is infringing, libelous, defamatory, obscene, fraudulent, false or contrary to the ownership or intellectual property rights of any other person or otherwise harmful, unlawful or tortious, or in violation of any third party privacy or other rights;
- in any way that is in violation of any applicable law, rule or regulation;
- to transmit viruses, malware, or other malicious code in the Platform;
It is prohibited to modify, reverse-engineer, or otherwise manipulate, interfere with or disrupt our services. In order to ensure the integrity of our services, we reserve the right at any time in our sole discretion to block You or Users from certain IP addresses from accessing the Platform.
By email to firstname.lastname@example.org or
By post to, 43 Dundela Park Sandymount, Co Dublin. Ireland
We will endeavour to deal with any questions or complaints raised within 10 working days.
Waiver and Severability
DATA PROTECTION APPENDIX
TO GOVERN RELATIONSHIP BETWEEN TRAVAPLAN AS DATA PROCESOR AND YOU AS DATA CONTROLLER
- 1.1The following definitions and rules of interpretation apply in this Clause.
Appropriate Technical and Organisational Measures: has the meaning given to such term in Data Protection Legislation (including, as appropriate, the measures referred to in Article 32(1) of the GDPR).
Authorised Person: the personnel authorised on Your behalf to provide instructions to Us in relation to the Processing provisions in this Clause.
Business Day: a day other than a Saturday, Sunday or public holiday in India when banks are open for business.
Data: any data or information, in whatever form, including but not limited to images, still and moving, and sound recordings.
Data Controller: has the meaning given to such term in Data Protection Legislation.
Data Processor: has the meaning given to such term in Data Protection Legislation.
Data Protection Legislation: means the Data Protection Acts 1988 to 2018 and any other applicable law or regulation relating to the processing of personal data and to privacy (including the E-Privacy Directive and the European Communities (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011 (“E-Privacy Regulations”), as such legislation shall be supplemented, amended, revised or replaced from time to time, including by operation of the General Data Protection Regulation (EU) 2016/679 (“GDPR”) (and laws implementing or supplementing the GDPR, and laws amending or supplementing the E-Privacy Regulations).
Data Protection Officer: a data protection officer appointed pursuant to Data Protection Legislation.
Data Subject: an individual who is the subject of Personal Data (including any User).
Delete: to remove or obliterate Personal Data such that it cannot be recovered or reconstructed.
EEA: European Economic Area.
GDPR: General Data Protection Regulation (EU) 2016/679.
Normal Business Hours: 9.00am to 5.00 pm in Mumbai, India.
ODPC: Office of the Data Protection Commissioner, Canal House, Station Road, Portarlington, Co. Laois, R32 AP23, Ireland.
Our System: any information technology system or systems owned or operated by Us to which User Uploaded Data is delivered or on which our services are performed.
Personal Data: has the meaning set out in Data Protection Legislation and relates only to personal data, or any part of such personal data, in respect of which You are the Data Controller, and in respect of which We are the Data Processor.
Personal Data Breach: means any “personal data breach” as defined in the GDPR in respect of the Personal Data which is caused by Us.
Processed Data: any of User Uploaded Data that has been Processed by Us.
Processing: has the meaning given to such term in Data Protection Legislation, and Processed and Process shall be interpreted accordingly.
Representatives: a Party’s employees, officers, representatives, advisers or subcontractors involved in the provision or receipt of our services.
Restricted Transfer: any transfer of Personal Data to countries outside of the EEA which are not subject to an adequacy decision by the European Commission, where such transfer would be prohibited by Data Protection Legislation.
Security Features: any security feature, including any encryption, pseudonymisation, key, PIN, password, token or smartcard.
Specific Instructions: instructions meeting the criteria set out in Clause 2.1 of this Section.
Standard Contractual Clauses: the contractual clauses dealing with the transfer of Personal Data outside the EEA, which have been approved by (i) the European Commission under Data Protection Legislation, or (ii) by the ODPC or an equivalent competent authority under Data Protection Legislation.
Sub-processor: has the meaning given to such term in Clause 12.1 of this Section.
Term: the duration of the provision of our services
User Uploaded Data: the User Uploaded Data (NPD) and User Uploaded Data (PD).
User Uploaded Data (NPD): all Data uploaded during the Term by You or any User from time to time in respect of use of the services other than User Uploaded Data (PD).
User Uploaded Data (PD): the Personal Data uploaded during the Term by You or any User from time to time in respect of use of the services, and any other Personal Data Processed by Us on behalf of You or any User.
- 2.1 We shall not act on any specific instructions given by You from time to time during the Term in respect of Processing unless they are:
- 2.2.1 in writing (including by electronic means); and
- 2.2.2 by an Authorised Person.
- 2.3 We shall Process User Uploaded Data (PD) for the Business Purpose only and in compliance with Your instructions from time to time, which may be:
- 2.3.1 Specific Instructions; or
- Parties’ obligations
- 3.1 We shall:
- 3.1.1 only make copies of User Uploaded Data to the extent reasonably necessary for the Business Purpose (which, for clarity, may include for generating logs in relation to your use of the services, back-up, mirroring (and similar availability enhancement techniques), security, disaster recovery and testing the services); and
- 3.1.2 not extract, reverse-engineer, re-utilise, use, exploit, redistribute, re-disseminate, copy or store User Uploaded Data other than for the Business Purpose.
- 3.3 In general, User Uploaded Data and any logs created by us relating to User Uploaded Data will be kept and stored for 60 days from the date of upload/creation, after which point it will then be automatically deleted by Us. Notwithstanding this, we shall, at Your cost and taking into account the nature of Our Processing of Personal Data, promptly comply with any written request from You requiring Us to amend, transfer or Delete any of User Uploaded Data in advance of the expiration of this 60 day period.
- 3.4 At Your request and cost, We shall provide to You a copy of all User Uploaded Data held by Us in a commonly used format.
- 3.5 At Your request and cost, taking into account the nature of Our Processing of the Personal Data and the information available, We shall provide to You such information and such assistance as You may reasonably require, and within the timescales reasonably specified by You, to allow You to comply with Your obligations under Data Protection Legislation, including but not limited to assisting You to:
- 3.5.1 comply with Your own security obligations with respect to the Personal Data;
- 3.5.2 discharge Your obligations to respond to requests for exercising Data Subjects’ rights with respect to the Personal Data;
- 3.5.3 comply with Your obligations to inform Data Subjects about serious Personal Data Breaches;
- 3.5.4 carry out data protection impact assessments and audit data protection impact assessment compliance with respect to the Personal Data; and
- 3.5.5 the consultation with the ODPC following a data protection impact assessment, where a data protection impact assessment indicates that the Processing of the Personal Data would result in a high risk to Data Subjects.
- 3.7 You acknowledge that We are under no duty to investigate the completeness, accuracy or sufficiency of (i) any instructions received from You, or (ii) any User Uploaded Data.
- 3.8 You shall:
- 3.8.2 ensure that the relevant Data Subjects have been informed of, and have given their consent to, such use, processing, and transfer as required by Data Protection Legislation;
- (a) obtained lawfully, fairly and in a transparent manner in relation to the Data Subject (including in respect of how consent is obtained);
- (b) collected and processed for specified, explicit and legitimate purposes, and not further processed in a manner incompatible with those purposes;
- (c) adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed;
- (d) accurate, and where necessary kept up to date;
- (e) erased or rectified without delay where it is inaccurate, having regard to the purposes for which they are processed;
- (f) kept in a form which permits identification of Data Subjects for no longer than is necessary for the purposes for which the Personal Data are processed (subject to circumstances where Personal Data may be stored for longer periods insofar as it will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, and subject to the implementation of Appropriate Technical and Organisational Measures);
- (g) processed in a manner that ensures appropriate security of the Personal Data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using Appropriate Technical and Organisational Measures; and
- 3.8.5 provide such information and such assistance to Us as We may reasonably require, and within the timescales reasonably specified by Us, to allow Us to comply with Our obligations under Data Protection Legislation.
- 3.9 User Uploaded Data (PD) passed to Us for Processing shall not be kept by You for a period that is longer than necessary.
- Our employees
- 4.1 We shall take reasonable steps to ensure the reliability of all Our employees who have access to User Uploaded Data (PD), and to ensure that such employees have committed themselves to a binding duty of confidentiality in respect of User Uploaded Data (PD).
- 5.1 We shall keep at Our normal place of business records (including in electronic form) relating to all categories of Processing activities carried out on behalf of You, containing:
- 5.1.1 the general description of the security measures taken in respect of the Personal Data, including details of any Security Features and the Appropriate Technical and Organisational Measures;
- 5.1.2 the name and contact details of Us; any sub-supplier; and where applicable Our representatives; and where applicable any Data Protection Officer appointed by Us;
- 5.1.3 the categories of Processing by Us on behalf of You; and
- 5.1.4 details of any non-EEA Personal Data transfers, and the safeguards in place in respect of such transfers.
- 6.3 The scope of any examination and review by You of the use by Us of the Personal Data shall be agreed in writing prior to the commencement of any such examination and review.
- 6.4 In the event that the audit process determines that We are materially non-compliant with our obligations under this Section, You may, by notice in writing, deny further access to User Uploaded Data.
- 6.5 To the extent permitted under Data Protection Legislation, We may demonstrate Our and, if applicable Our Sub-processors’, compliance with Our obligations under this Section through Our compliance with a certification scheme or code of conduct approved under Data Protection Legislation.
- Data Subject Requests
- 7.1 Taking into account the nature of Our Processing of the Personal Data and at Your cost, We shall assist You by employing Appropriate Technical and Organisational Measures, insofar as this is possible, in respect of the fulfilment of Your obligations to respond to requests from a Data Subject exercising his/her rights under Data Protection Legislation.
- 7.2 We shall, at Your cost, notify You as soon as reasonably practicable if We receive:
- 7.2.1 a request from a Data Subject for access to that person’s Personal Data (relating to the services);
- 7.2.2 any communication from a Data Subject (relating to the services) seeking to exercise rights conferred on the Data Subject by Data Protection Legislation in respect of Personal Data; or
- 7.2.3 any complaint or any claim for compensation arising from or relating to the Processing of such Personal Data.
- 7.4 We shall not respond to any request from a Data Subject except on the documented instructions of You or an Authorised Person or as required by law, in which case We shall to the extent permitted by law inform You of that legal requirement before We respond to the request.
- Data Protection Officer
- 8.1 We shall appoint a Data Protection Officer, if required to do so pursuant to Data Protection Legislation, and provide You with the contact details of such Data Protection Officer.
- 8.2 You shall appoint a Data Protection Officer, if required to do so pursuant to Data Protection Legislation, and provide Us with the contact details of such Data Protection Officer.
- 9.1 We shall, in accordance with Our requirements under Data Protection Legislation, implement Appropriate Technical and Organisational Measures to safeguard the User Uploaded Data (PD) from unauthorised or unlawful Processing or accidental loss, alteration, disclosure, destruction or damage, and that, having regard to the state of technological development and the cost of implementing any measures (and the nature, scope, context and purposes of Processing, as well as the risk to Data Subjects), such measures shall be proportionate and reasonable to ensure a level of security appropriate to the harm that might result from unauthorised or unlawful Processing or accidental loss, alteration, disclosure, destruction or damage and to the nature of the Personal Data to be protected.
- 9.2 We shall ensure that User Uploaded Data provided by You can only be accessed by persons and systems that are authorised by Us and necessary to meet the Business Purpose, and that all equipment used by Us for the Processing of User Uploaded Data shall be maintained by Us in a physically secure environment.
- 9.3 You shall make a back-up copy of User Uploaded Data as often as is reasonably necessary and record the copy on media from which User Uploaded Data can be reloaded in the event of any corruption or loss of User Uploaded Data.
- Breach reporting
- 10.1 We shall promptly inform You if any of User Uploaded Data is lost or destroyed or becomes damaged, corrupted, or unusable, or if there is any accidental, unauthorised or unlawful disclosure of or access to any of User Uploaded Data. In such case, We will use Our reasonable endeavours to restore User Uploaded Data at Your expense (save where the incident was caused by Our negligent act or omission, in which case it will be at Our expense), and will comply with all of Our obligations under Data Protection Legislation in this regard.
- 10.2 We must inform You of any Personal Data Breaches, or any complaint, notice or communication in relation to a Personal Data Breach, without undue delay. Taking into account the nature of Our Processing of the Personal Data and the information available to Us and at Your cost We will provide sufficient information and assist You in ensuring compliance with Your obligations in relation to notification of Personal Data Breaches (including the obligation to notify Personal Data Breaches to the ODPC within seventy two (72) hours), and communication of Personal Data Breaches to Data Subjects where the breach is likely to result in a high risk to the rights of such Data Subjects. Taking into account the nature of Our Processing of the Personal Data and the information available to Us and at Your cost, We shall co-operate with You and take such reasonable commercial steps as are directed by You to assist in the investigation, mitigation and remediation of each such Personal Data Breach.
- Restricted transfers
- 11.1 A Restricted Transfer may not be made by Us (other than transfers to our Affiliates and by any agents and contractors for the purposes of performing the services, and You shall endeavour to obtain explicit consent from relevant Data Subjects in respect of such potential transfers) without the prior written consent of You (such consent not to be unreasonably withheld, delayed or conditioned), and if such consent has been obtained (or is unnecessary), such Restricted Transfer may only be made where there are Appropriate Technical and Organisational Measures in place with regard to the rights of Data Subjects (including but not limited to the Standard Contractual Clauses, Privacy Shield, binding corporate rules, or any other model clauses approved by the ODPC).
- 11.2 Subject to Clause 11.3, in the event of any Restricted Transfer by Us to a contracted Sub- processor, to any Affiliate of You or otherwise (“Data Importer“) for which your consent has been obtained (or is unnecessary), We and You shall procure that (i) You (where the Restricted Transfer is being made at the request of You) or Us acting as agent for and on behalf of You (where the Restricted Transfer is being made at the request of Us), and (ii) the Data Importer, shall enter into the Standard Contractual Clauses in respect of such Restricted Transfer.
- 11.3 Clauses 11.1 or 11.2 shall not apply to a Restricted Transfer if other compliance steps (which may include, but shall not be limited to, obtaining explicit consents from Data Subjects) have been taken to allow the relevant Restricted Transfer to take place without breach of applicable Data Protection Legislation.
- 12.1 You agree and acknowledge that We may have User Uploaded Data Processed by any of Our Affiliates and by any agents and contractors for the purpose of providing the Service (a “Sub-processor”). A list of the categories of Sub-processors used by Us is available on request from email@example.com. If you object to such sub-processing arrangements, then You should confirm this to Us and, if you do so confirm, You acknowledge that You may no longer be able to avail of some or all of Our services.
- 12.4 We will remain fully liable to You in respect of any failure by the Sub-processor to fulfil its data protection obligations in this regard.
- 13.1 We warrant and undertake to You that:
- 13.1.1 We will Process User Uploaded Data in compliance with our obligations under Data Protection Legislation;
- 13.1.2 We will maintain Appropriate Technical and Organisational Measures against the unauthorised or unlawful Processing of User Uploaded Data (PD) and against the accidental loss or destruction of, or damage to, User Uploaded Data (PD); and
- 13.1.3 We will discharge Our obligations under this Section with all due skill, care and diligence.
- 13.2 You hereby warrant and undertake that:
- 13.2.1 You have complied with and shall comply with Your obligations under Data Protection Legislation;
- 13.2.5 Your instructions that are set out in this Section accurately reflect the instructions of the Data Controller to the extent that We are a Data Processor on behalf of the Data Controller;
- 13.2.7 You shall not, by act or omission, cause Us to violate any Data Protection Legislation, notices provided to, or consents obtained from, Data Subjects as a result of Us or Our Sub-processors Processing the Personal Data; and
- 14.1 You (the “Indemnifying Party”) agree to indemnify and keep indemnified and defend at Your own expense Us (the “Indemnified Party”) against all costs, claims, damages or expenses incurred by the Indemnified Party or for which the Indemnified Party may become liable due to any failure by the Indemnifying Party or its employees or agents to comply with any of its obligations under this Section and/or under Data Protection Legislation.
- 14.2 If any third party makes a claim against the Indemnified Party, or notifies an intention to make a claim against the Indemnified Party, the Indemnified Party shall: (i) give written notice of the claim against the Indemnified Party to the Indemnifying Party as soon as reasonably practicable; (ii) not make any admission of liability in relation to the claim against Indemnified Party without the prior written consent of the Indemnifying Party; (iii) at the Indemnifying Party’s request and expense, allow the Indemnifying Party to conduct the defence of the claim against the Indemnified Party including settlement; and (iv) at the Indemnifying Party’s expense, co-operate and assist to a reasonable extent with the Indemnifying Party’s defence of the claim against the Indemnified Party.
- Limitation of liability
- 15.1 Unless required to do so by the ODPC or any other competent supervisory authority, We shall not make any payment or any offer of payment to any Data Subject in response to any complaint or any claim for compensation arising from or relating to the Processing of User Uploaded Data, without the prior written agreement of You.
- 15.2 You acknowledge and agree that We are reliant on You for direction as to the extent to which We are entitled to use and process User Uploaded Data (PD). Consequently, We will not be liable for any claim brought by a Data Subject arising from any action or omission by Us, to the extent that such action or omission resulted directly from Your instructions and/or the transactions contemplated by this Section.