TelePeças Developer Program

Thank you for your interest in the TelePeças API Program (the “Program”). Through the Program, TelePeças offers various tools, content, and services (the “Developer Tools”), including certain TelePeças Application Programming Interfaces (“APIs”), to manage and facilitate the development of applications that use content from and interact with TelePeças-branded marketplaces around the world.

The Program and access to the Developer Tools are provided solely for the purpose of promoting and facilitating access to and use of TelePeças Services (defined below). If TelePeças believes you or Your Users are using the Developer Tools in any way that undermines TelePeças’s business interests, TelePeças may, at its sole discretion, terminate these Terms, suspend your license to use the APIs, discontinue your participation in the Program, terminate your access to the Developer Tools, and/or reduce your access to all or some APIs. These Terms of Use and API License Agreement (“Terms”) govern your participation in the Program, including your license to use the APIs and take effect as of the earlier of (a) the date you signify your agreement or (b) the date that you first access any Developer Tools or TelePeças Content (defined below) (the “Effective Date”), These Terms and the Developer Tools will change over time, so please check the TelePeças Developers Program site periodically to see the latest updates.

You represent and warrant that you are authorized to act on behalf of, and have the authority to bind, the party being issued an Application Key (defined below) to these Terms. You and the party being issued an Application Key are collectively referred to as “you” or “your” in these Terms.

1. DEFINITIONS

  • “Key(s)” means the confidential security keys TelePeças provides to you for your use of the API, including the developer ID, certificate ID, and application ID.
  • “Application” means the software application, website or other interface that you develop, own or operate to interact with the API.
  • “Authorized Use” has the meaning defined in Section 3.1.
  • TelePeças Content” means all of the information, data, content, images, and other material stored by and retrieved from TelePeças. TelePeças Content does not include information that you obtain independent of TelePeças.
  • TelePeças Logos” has the meaning defined in Section 3.4.
  • TelePeças Services” means TelePeças Sites, including any TelePeças Content therein, and all other services, applications and tools TelePeças offers to TelePeças Users.
  • “TelePeças Site(s)” means any one or all of the following: telepecas.com and all international versions thereof that are owned, operated, and controlled by TelePeças Lda. (for example, telepecas.pt, telepecas.es, telepecas.co.uk, etc.).
  • “TelePeças User” means any person who accesses any TelePeças Service, directly or through the Developer Tools.
  • “TelePeças User Agreement” means the terms and policies on which TelePeças offers TelePeças Services to TelePeças Users, currently available through a link on the homepage of each TelePeças Site (for example, the telepecas.com User Agreement).
  • “Your Users” means end-users of your Application and anyone who sublicenses your Application.
  • “Personal Information” means any information that directly or indirectly identifies an TelePeças User that you obtain through your participation in the Program and your use of the Developer Tools, including information that you collect directly from Your Users in connection with your Application, information that is included in TelePeças Content, or information that you otherwise receive from TelePeças about Your Users or other TelePeças Users and their trading activities.

2. DEVELOPERS PROGRAM CONDITIONS

  • Participation in the Program. You may participate in the Program and use the Developer Tools to create and use Applications that access and/or interact with TelePeças Services consistent with the Authorized Use and these Terms. You agree that you are solely responsible for the Applications that you develop. You agree to provide and maintain accurate contact information and you will inform us promptly of any updates to your contact information.
  • Application Guidelines. Applications that you develop, display or distribute that interact with the API must comply with TelePeças’s Compatible Application Check requirements, incorporated herein by reference.
  • Additional Certifications. Access to certain APIs, TelePeças Content and increased API call limits may require special certifications. You may be responsible for any costs associated with such certifications, as well as any modifications necessary for your Application to meet certification criteria.

3. LICENSE FOR DEVELOPER TOOLS

  • Authorized Use. TelePeças grants you a non-exclusive, non-transferable, and non-sublicensable (except as expressly permitted herein) license to use the Developer Tools solely for the purpose of facilitating your own or Your Users’ use of TelePeças Services, such use limited to the following (the “Authorized Use”):
    • Enabling your Application to interact with TelePeças’s databases (for example, the TelePeças public database and the Sandbox Test Environment);
    • Making limited intermediate copies of TelePeças Content only as necessary to perform an activity permitted under these Terms. All intermediate copies must be deleted when they are no longer required for the purpose for which they were created;
    • Rearranging or reorganizing TelePeças Content within your Application consistent with these Terms;
    • Displaying TelePeças Content consistent with these Terms; and
    • Using, displaying or modifying TelePeças Content as expressly authorized by Your Users and consistent with these Terms.
  • Application Keys. TelePeças will provide you with Application Keys that permit you to access TelePeças’s databases. You may not share or transfer your Application Keys to any third party without TelePeças’s prior written consent. The Application Keys are the property of TelePeças and may be revoked at any time by TelePeças.
  • API Call Limitations. TelePeças reserves the right to limit the number of periodic API calls you are allowed to make. TelePeças may temporarily suspend your access to the API if you exceed API call limits. Attempts to circumvent API call limits may result in termination of these Terms, suspension of your license to use the APIs, discontinuance of your participation in the Program, termination of your access to the Developer Tools, and/or reduction of your access to all or some APIs. Unused API calls will not roll over to the next call limit period.
  • Developers Program Logos. TelePeças grants you a non-exclusive, non-transferable and nonsublicensable license to display certain TelePeças logos as set forth in the API Logo Usage Requirements, incorporated herein by this reference (“TelePeças Logos”). TelePeças may update these requirements from time to time, and you must ensure compliance with current standards.

4. WORKING WITH THIRD PARTIES

  • Service Providers. You may work with service providers as necessary to facilitate your performance under these Terms but only if you require your service providers to comply with all of the conditions and restrictions of these Terms. You acknowledge and agree that any act or omission by your service provider(s) amounting to a breach of these Terms will be deemed a breach by you.
  • Sublicensing. Except as set forth in this Section 4.2, all license rights (under any applicable intellectual property right) granted to you by TelePeças are not sub-licensable, transferable or assignable. You may sublicense your right to display the TelePeças Content and the API Logos to Your Users solely to enable them to display TelePeças Content and the API Logos on their computer screens or websites through your Application; provided that:
    • You will not disclose your Application Keys to Your Users.
    • All API calls initiated by Your Users will be made through your Application Keys.
    • All API calls initiated by Your Users will count towards your maximum permitted API calls.
    • Your Users will have no programmatic control over the API.
    • You will enter into a binding agreement with each of Your Users that includes the following terms: (1) Your Users will be bound by these Terms; (2) TelePeças will be a third-party beneficiary to such agreement; (3) such sublicense is terminable at any time.
  • Breach by Your Users. As a third-party beneficiary to all sublicenses pursuant to these Terms, TelePeças will have the right, in its sole discretion, to directly enforce any term of the sublicense agreement against Your Users, including termination. You acknowledge and agree that any act or omission by Your Users amounting to a breach of these Terms will be deemed a breach by you.

5. OWNERSHIP

As between TelePeças and you, except for the limited licenses granted by these Terms: (i) TelePeças retains all rights, title and interest in and to all intellectual property rights embodied in or associated with the Developer Tools, TelePeças Services, TelePeças Content, TelePeças Logos, and any content created or derived therefrom; and (ii) you retain all rights, title and interest in and to all intellectual property rights embodied in or associated with your Application, excluding the aforementioned rights in Section 5(i) above owned by or licensed to TelePeças. There are no implied licenses under these Terms, and any rights not expressly granted to you hereunder are reserved by TelePeças or its suppliers. You will not take any action inconsistent with TelePeças’s ownership of the Developer Tools, TelePeças Services, TelePeças Content or TelePeças Logos.

6. COMPETITIVE OR SIMILAR MATERIALS

In no event will TelePeças be precluded from discussing, reviewing, developing for itself, having developed, acquiring, licensing or developing for third parties, as well as marketing and distributing, materials which are competitive with your Application or other products or services provided by you, irrespective of their similarity to your current products or products that you may develop.

7. TRADEMARK AND COPYRIGHT LICENSE

TelePeças, in its sole discretion, may use your trade names, trademarks, service marks, logos, and domain names for the purpose of advertising or publicizing your participation in the Program and use of the API. If you submit an Application for inclusion on an TelePeças Site or to be hosted by TelePeças, you direct and authorize TelePeças and its affiliates to host, link to, and otherwise incorporate the Application into TelePeças Services and to carry out any copying, modification, distribution, internal testing, or other processes TelePeças deems necessary.

8. TELEPEÇAS CONTENT

  • Using and Displaying TelePeças Content. You may use and display TelePeças Content only within your Application and in accordance with the following guidelines:
    • Authentication. If your Application will enable Your Users to interact with TelePeças Services in a way that requires sign-in to their TelePeças accounts (for example, bidding, buying, listing or access to My TelePeças), you may provide this access only after “Authentication”. Authentication occurs when an TelePeças User grants your Application access to their TelePeças Content via an TelePeças-controlled sign-in and consent page. An “Authenticated User” is an TelePeças User who has granted such access to your Application. You warrant that Your Users may revoke Authentication at any time for any reason.
    • Public Display. To the extent TelePeças Content is publicly available within an TelePeças Service, you may display such TelePeças Content within your Application to promote TelePeças and enable Your Users to search and browse listings (“Public Display”), subject to the following restrictions: (1) When the TelePeças Content is no longer publicly available, you must delete it from your Application. For example, when an TelePeças User ID is publicly available in connection with a listing on the TelePeças Site, you may display the TelePeças User ID through your Application; but if that TelePeças User ID is no longer viewable in connection with the listing or is otherwise anonymized, you may no longer display the TelePeças User ID in a Public Display. (2) TelePeças Content in a Public Display may not be co-mingled or combined with non-TelePeças Content. For example, all TelePeças Content in a Public Display must be visually isolated from third-party listings or other non-TelePeças information. (3) TelePeças Content that is available only to an TelePeças User after signing in to the TelePeças User’s account may only be displayed to that TelePeças User after Authentication, and such TelePeças Content may not be used for Public Display without the explicit prior consent of that Authenticated User.
    • Age of Displayed TelePeças Content. TelePeças Content displayed within your Application must be kept reasonably up to date. Displayed item listing information may not be more than six (6) hours older than information displayed on the TelePeças Site, and other TelePeças Content must be no more than twenty-four (24) hours older than content displayed on the TelePeças Site. If your displayed item listing is not as current as the listing on the TelePeças Site, you will disclose on your Application how much older your displayed item listing is than the same listing on the TelePeças Site.
    • Prohibited Use and Derivation of Information.
      • You must have TelePeças’s express prior written permission to use, or display TelePeças Content in any way that enables derivation of, any of the following:
        • Any site-wide statistics across TelePeças Sites or within any TelePeças Site;
        • Take-up rates for enhanced listings (for example, gallery, featured, category featured, etc.);
        • Statistics relating to the performance (financial or otherwise) of any TelePeças Service (for example, gross merchandise sales);
        • Average selling price or gross merchandise sold for any TelePeças category.
      • Notwithstanding Your Users’ access to and use of their own information, you must have TelePeças’s express prior written permission to use, or display TelePeças Content in any way that enables derivation of, the following:
        • Aggregated seller or buyer data (for example, Personal Information);
        • Data relating to the performance of sellers, either individually or in aggregate (for example, performance data related to promotional campaigns, ad placements, or promoted listings);
        • Aggregated data relating to transactions conducted through thirdparty affiliates (for example, off-TelePeças purchases on social networks, merchants, or other marketplaces enabled through Buy APIs);
        • Data comparing TelePeças User utilization of TelePeças Services and the services of any third-party;
        • Information relating to specific TelePeças Users or types of TelePeças Users;
        • Conversion, completion or success rates; or
        • Reserve auction information.
    • Displaying Aggregated Content. Unless expressly permitted by TelePeças, you will not display any web page served by TelePeças servers in an aggregated display of different web pages in a browser display area (for example, by framing or mirroring).
  • Protecting User Privacy
    • Collecting and Storing Personal Information.
      • Your participation in the Program and your use of the Developer Tools may allow you to collect Personal Information from and about TelePeças Users.
      • You will delete Personal Information when requested by TelePeças or by the applicable TelePeças User, when it is no longer necessary for your Application or when your participation in the Program is terminated.
      • You will not under any circumstances collect or store any TelePeças User IDs or passwords.
    • Compliance with Privacy Laws. At all times, you will cause your Application and your use of the Developer Tools, TelePeças Content and Personal Information to comply with all applicable laws, rules, regulations and best practices concerning privacy and data protection.
    • Your Privacy Policy. You must make publicly available, and must abide by, an appropriate privacy policy for your application.
    • Using Your Users’ Personal Information. You warrant as follows: (i) your collection and use of Your Users’ Personal Information will be only as authorized by Your Users; (ii) you will comply with your privacy policy; and (iii) your privacy policy and your privacy practices will comply with all applicable laws, rules and regulations. In all cases, your privacy policy must be consistent with the TelePeças Privacy Notice (meaning, at a minimum, that you may not process Personal Information in a manner that TelePeças cannot), which notice is available on each of the TelePeças Sites (for example, the telepecas.com Privacy Notice).
    • Information About Other TelePeças Users. You may receive information about TelePeças Users who may not be Your Users (“Other Users”) that is (i) publicly available from TelePeças; (ii) provided by TelePeças through the API; or (iii) otherwise obtained by you in connection with your participation in the Program and use of the Developer Tools (“Other User Information”). You may use Other User Information only as strictly necessary to perform activities permitted under these Terms and strictly in compliance with your privacy policy and applicable laws, rules and regulations.
    • Using Other User Information. You will not collect, store, use, disclose or otherwise process Other User Information for any purpose other than facilitating the use of TelePeças Services as permitted under these Terms.
    • TelePeças Privacy Notice. Your use of Other User Information will be consistent with the TelePeças Privacy Notice (meaning, at a minimum, that you will not process Other User Information in a manner that TelePeças cannot).
    • Public Display of Other User Information. You may engage in the Public Display of Other User Information (for example, TelePeças listings) only in accordance with Section 8.1(b).
    • Application Testing. The Sandbox Test Environment (the “Sandbox”) is a test environment for testing Applications to ensure error-free operation prior to release. You may use information made available in the Sandbox only to develop and test your Application, and you must delete your Application from the Sandbox immediately after testing is completed.
  • DPRA Requirements. Your continued access to the Developer Tools and TelePeças Content is subject to your compliance with the terms of the TelePeças Data Protection Requirements Addendum attached as Exhibit A and incorporated herein by reference, as the same may be updated from time to time.
  • Communication. You will not use Personal Information to send or enable sending of unsolicited communications of any type to any TelePeças Users. You may only communicate with Your Users, or send communications initiated by and on behalf of Your Users to Other Users, to promote and facilitate access to and use of TelePeças Services.

9. RESTRICTED ACTIVITIES.

Notwithstanding any rights expressly granted under these Terms, you may not use or access (nor facilitate or enable others to use or access) TelePeças Services, including the Developer Tools, in any way which may, directly or indirectly, undermine TelePeças’s business interests without TelePeças’s prior written consent. For example, you will not, and you will not facilitate or enable others to:

  • Distribute, publish, or allow access or linking to TelePeças Services, including the API, from any location or source other than your Application.
  • Enable or permit the disclosure of TelePeças Content other than as authorized under these Terms.
  • Use TelePeças Content to determine or verify TelePeças User identities or user profiles.
  • Use TelePeças Content with the intent to design, build, promote or augment any service competitive to TelePeças Services.
  • Display TelePeças Content relating to the performance of any TelePeças Service relative to the performance of any third-party service (for example, sales volume, velocity, etc.).
  • Use TelePeças Content, either alone or in combination with third-party information, to suggest or model prices for items listed on TelePeças Sites.
  • Use TelePeças Services to promote or engage in seller arbitrage (for example, automatically repricing TelePeças listings in response to price changes on competitor sites, automatically ordering sold items from competitor sites, and posting tracking information to TelePeças when items purchased from competitor sites are shipped).
  • Sell, rent, trade, distribute, lease (or otherwise commercialize), copy, store or modify TelePeças Content, other than for the purposes allowed by these Terms.
  • Enable TelePeças Users to set or change TelePeças User preferences, registration preferences or privacy preferences for the TelePeças Site with your Application, notwithstanding listing preferences, item cross-promotion preferences or preferences that customize end-of-auction emails.
  • Collect, use and/or otherwise process Personal Information of any TelePeças User other than as provided in these Terms.
  • Modify, decompile, reverse engineer or otherwise alter the Developer Tools or TelePeças Content.
  • Knowingly create an Application that may be used to violate these Terms, the TelePeças User Agreement, any other TelePeças policy or applicable laws, rules or regulations.
  • Use the API in a manner that exceeds reasonable request volume, constitutes excessive or abusive usage or otherwise fails to comply or is inconsistent with any part of the TelePeças Developer Documentation, incorporated herein by this reference.
  • Have your Application or your use of TelePeças Services, including your use of the Developer Tools: (i) be false, inaccurate or misleading; (ii) infringe on any third party's copyright, patent, trademark, trade secret or other property rights or rights of publicity or privacy; (iii) violate any law, statute, ordinance, contract, regulation or generally accepted practice in all relevant jurisdictions (including without limitation those governing trade and export, financial services, consumer protection, unfair competition, antidiscrimination or false advertising); (iv) be defamatory, trade libelous, threatening or harassing; (v) contain or distribute any malware or other computer programming routines that may damage, detrimentally interfere with, surreptitiously intercept or expropriate any system or data; or (vi) create liability for TelePeças or cause TelePeças to lose (in whole or in part) the services of TelePeças’s ISPs or other suppliers.
  • Have your Application introduce to TelePeças Services or any third party systems, any information, code or other content that (i) is illegal; (ii) is abusive; (iii) is harmful to or interferes with TelePeças Services or systems of any other entity, or the use thereof; (iii) infringes, misappropriates or otherwise violates the intellectual property, privacy or other proprietary rights of any party, including TelePeças; (v) creates a security risk or vulnerability; or (vi) attempts to do any of the foregoing.
  • Provide any inaccurate data or information to TelePeças, or provide data or information to TelePeças without having all of the rights necessary to provide such data or information to TelePeças and for TelePeças to use it.
  • Misrepresent or mask your identity in providing information as part of the registration process or as part of your continuing use of the APIs or during the application check process.

10. TELEPEÇAS POLICIES.

You and your Application will comply with the TelePeças User Agreement, which is incorporated into these Terms by reference. In the event of a conflict between these Terms and the TelePeças User Agreement regarding your participation in the Program and use of the Developer Tools, these Terms will control.

11. MODIFICATIONS

  • Modification of the Developer Tools, Sites and Services. TelePeças may modify the Developer Tools, API call limits, its databases, any TelePeças Service, or any of the benefits and/or features provided in connection with your use of the Developer Tools at any time with or without notice to you. Modifications may affect your Application and may require you to make changes to your Application at your own cost to continue to be compatible with or interface with the API or other TelePeças Services.
  • Modification of these Terms. TelePeças may amend these Terms at any time by posting the amended Terms to the TelePeças Developers Program site. TelePeças may also send you notice of the amended terms via email. Except where stated otherwise, all amended terms will be effective thirty (30) days after they are posted or emailed to you. IF ANY MODIFICATION IS UNACCEPTABLE TO YOU, YOUR ONLY RECOURSE IS TO TERMINATE THESE TERMS IN ACCORDANCE WITH THESE TERMS, BEFORE THE EFFECTIVE DATE OF THE AMENDMENT(S). YOUR USE OF THE DEVELOPER TOOLS AFTER THE DATE ON WHICH CHANGES TAKE EFFECT WILL CONSTITUTE YOUR ACCEPTANCE OF SUCH CHANGES. These Terms may not otherwise be amended except through mutual written agreement (not including email) by you and an TelePeças representative who intends to amend these Terms and is duly authorized to agree to such an amendment.

12. MONITORING AND ENFORCEMENT

  • Right to Monitor and Audit. You agree that TelePeças may monitor or audit your Application or activities relating to your use of Developer Tools. At TelePeças’s request, you will provide TelePeças free access to use your Application for the purpose of monitoring or auditing your Application. You will not seek to block or otherwise interfere with the monitoring or audit, and TelePeças may use technical means to overcome any methods you may use to block or interfere with such monitoring. Audits may include requests for documents and information and visits to your facilities.
  • Remedy for Breach. If TelePeças, in its sole discretion, believes that you or your service providers have breached these Terms, or that you or your service providers have engaged in fraudulent activity, TelePeças may take any and all steps it deems appropriate, including suspending your license to use the APIs, discontinuing your participation in the Program, terminating your access to the Developer Tools, and/or reducing your access to all or some APIs.
  • Corrective Action. In addition to any other available remedies, TelePeças may, at its sole discretion, seek specific performance, injunctive relief or attorneys' fees. TelePeças reserves the right to take other corrective action as TelePeças sees fit in the event that TelePeças receives complaints from TelePeças Users about your Application or your actions.

13. AVAILABILITY, SECURITY AND STABILITY

  • TelePeças makes no guarantees with respect to the availability or uptime of the Developer Tools or any other TelePeças Services. TelePeças may conduct maintenance on or stop providing any of the Developer Tools or other TelePeças Services at any time, with or without notice to you. TelePeças may change the method of access to the Developer Tools at any time.
  • In the event of degradation or instability of TelePeças’s systems or an emergency, TelePeças may, in its sole discretion, temporarily suspend your access to the Developer Tools or other TelePeças Services.

DISCLAIMER OF WARRANTIES & LIMITATION OF LIABILITY

  • SOME JURISDICTIONS DO NOT ALLOW CERTAIN WARRANTY DISCLAIMERS OR LIMITATIONS ON LIABILITY. ONLY DISCLAIMERS OR LIMITATIONS THAT ARE LAWFUL IN THE APPLICABLE JURISDICTION WILL APPLY TO YOU, AND TELEPEÇAS’S LIABILITY WILL BE LIMITED TO THE MAXIMUM EXTENT PERMITTED BY LAW.
  • EXCEPT AS EXPRESSLY STATED HEREIN, TELEPEÇAS DISCLAIMS ALL WARRANTIES AND CONDITIONS, EXPRESS, IMPLIED OR STATUTORY, INCLUDING WITHOUT LIMITATION THE IMPLIED WARRANTIES OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. ALL TELEPEÇAS SERVICES PROVIDED BY TELEPEÇAS HEREUNDER ARE PROVIDED “AS IS” AND “AS AVAILABLE” AND TELEPEÇAS DOES NOT REPRESENT OR WARRANT THAT ANY TELEPEÇAS SERVICES, INCLUDING THE DEVELOPER TOOLS, WILL OPERATE SECURELY OR WITHOUT INTERRUPTION. YOU ACKNOWLEDGE THAT YOU HAVE NOT ENTERED INTO THESE TERMS IN RELIANCE UPON ANY WARRANTY OR REPRESENTATION EXCEPT THOSE SPECIFICALLY SET FORTH HEREIN.
  • TELEPEÇAS WILL HAVE NO DIRECT, CONSEQUENTIAL, SPECIAL, INDIRECT, EXEMPLARY, PUNITIVE, OR OTHER LIABILITY WHETHER IN CONTRACT, TORT OR ANY OTHER LEGAL THEORY, UNDER THESE TERMS, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH LIABILITY AND NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY.
  • IN THE EVENT THAT THE ABOVE IS NOT ENFORCEABLE, TELEPEÇAS'S AGGREGATE LIABILITY UNDER THESE TERMS IS LIMITED TO AMOUNTS PAID OR PAYABLE TO TELEPEÇAS BY YOU FOR THE DEVELOPER TOOLS IN THE MONTH PRECEDING THE CLAIM. IN THE EVENT THAT THE FORMER LIMITATION OF LIABILITY IS HELD UNENFORCEABLE BY A COMPETENT COURT, TELEPEÇAS’S AGGREGATE LIABILITY IS IN ANY CASE LIMITED TO $25,000.

INDEMNIFICATION.

You will indemnify, defend and hold TelePeças, its employees, agents, consultants, subsidiaries, partners, affiliates, and licensors harmless against any and all claims, costs, losses, damages, liabilities, judgments and expenses (including reasonable fees of attorneys and other professionals) (collectively, “Claims”) that may arise from or are related to (i) use of the Developer Tools; (ii) the development, maintenance, use and contents of your Application, including but not limited to any infringement of any third-party proprietary rights; and (iii) your negligence or willful misconduct. TelePeças will: (i) give you prompt written notice of any Claim; provided, however, that failure to provide such notice shall not relieve you of your liabilities or obligations hereunder, except solely to the extent of any material prejudice as a direct result of such failure; (ii) cooperate with you, at your sole cost and expense, in connection with the defense and settlement of the Claim; and (iii) permit you to select counsel and to control the defense and settlement of the Claim; provided that you may not settle any Claim or take any other action to the extent such settlement or other action would materially adversely impact TelePeças’s rights, obligations or business operations without TelePeças’s prior written consent. TelePeças, at its cost and expense, may participate in the defense of the Claim through counsel of its own choosing. Notwithstanding the foregoing, if you fail to assume the defense of any Claim within thirty (30) calendar days after you receive a request for indemnification under this Section 15, TelePeças shall control its own defense and follow such course of action as it reasonably deems necessary to protect its interests and you shall fully indemnify TelePeças for all costs (including attorneys’ fees and settlement payments) reasonably incurred in such course of action.

TERM AND TERMINATION

  • Termination
    • TELEPEÇAS RESERVES THE RIGHT TO TERMINATE THESE TERMS AND SUSPEND OR DISCONTINUE YOUR PARTICIPATION IN THE PROGRAM AND YOUR ACCESS TO THE DEVELOPER TOOLS, INCLUDING YOUR LICENSE TO USE THE API, OR ANY PORTION OR FEATURE THEREOF, FOR ANY OR NO REASON AND AT ANY TIME WITH OR WITHOUT NOTICE TO YOU AND WITHOUT LIABILITY TO YOU.
    • If you wish to terminate these Terms, you must email a termination notice to helpdesk@telepecas.com. Any other methods used by you to terminate these Terms will be void and will not result in a termination. Your termination notice will be effective when it is received by TelePeças.
  • Effect of Termination. Upon the termination of these Terms, you will immediately stop using the APIs. Your Application Keys will be revoked and all licenses granted hereunder will terminate. You will destroy all intermediate copies of TelePeças Content and Personal Information in your possession within ten (10) days after termination and you will provide written proof of destruction to TelePeças upon TelePeças’s request.
  • Survival. The following Sections will survive any termination of these Terms: [1] Definitions, [5] Ownership, [6] Competitive or Similar Materials, [7] Trademark and Copyright License, [8] TelePeças Content, [9] Restricted Activities, [10] TelePeças Policies, [14] Disclaimer of Warranties & Limitation of Liability, [15] Indemnification, [16.2] Effect of Termination, [17] Confidentiality, [18] Publicity, and [20] Miscellaneous.

CONFIDENTIALITY.

“Confidential Information” includes all information TelePeças provides to you under these Terms, including without limitation, Developer Tools, TelePeças Content, Personal Information and Application Keys. You will not use or disclose Confidential Information other than as required to perform under and as permitted by these Terms. Your confidentiality obligations will survive the termination of these Terms. You acknowledge that monetary damages may not be a sufficient remedy for unauthorized use or disclosure of Confidential Information and that TelePeças will be entitled (without waiving any other rights or remedies) to such injunctive or equitable relief as may be deemed proper by a court of competent jurisdiction, without obligation to post any bond. Any information you provide to TelePeças hereunder is considered by TelePeças to be non-confidential. You acknowledge and agree that you have no expectation that such information will be held confidential by TelePeças, and that TelePeças has no duty, express or implied, to pay any compensation for the disclosure or use of any such information.

PUBLICITY.

Absent the prior written approval of TelePeças, you will not directly or indirectly issue or permit the issuance of any public statement concerning any aspect of the TelePeças Developers Program. You permit TelePeças to make public statements about your use of the Developer Tools and/or participation in the TelePeças Developers Program.

LAW AND VENUE.

The rights and obligations of you and TelePeças shall be governed by, and these Terms shall be construed and enforced in accordance with, the Laws of the State of California, excluding its conflict of laws rules to the extent such rules would apply the Law of another jurisdiction. The Parties consent to the jurisdiction of all federal and state courts in California, and agree that venue shall lie exclusively in Santa Clara County, California.

MISCELLANEOUS.

You acknowledge and agree that these Terms constitute the entire agreement between you and TelePeças (the “parties”) and supersede all prior understandings and agreements of the parties. Any notices to TelePeças must be sent to our corporate headquarters address as set forth in the TelePeças User Agreement via first class or air mail or overnight courier, and is deemed given upon receipt. A waiver of any default is not a waiver of any subsequent default. Unenforceable provisions will be modified to reflect the parties' intention, and remaining provisions of these Terms will remain in full effect. Neither party may assign these Terms without the prior express written permission of the other party. Notwithstanding the foregoing, your consent shall not be required for TelePeças’s assignment or transfer (1) due to operation of law; or (2) to an entity that acquires substantially all of TelePeças’s stock, assets or business; or (3) to a related entity (e.g., parent or subsidiary of parent). You and TelePeças are independent contractors and nothing in these Terms creates a partnership, agency, joint venture, or employer-employee relationship between TelePeças and you. There are no third-party beneficiaries to these Terms.

TelePeças Data Protection Requirements Addendum

1. Purpose and Scope

This Data Protection Requirements Addendum (the “DPRA”) reflects your commitment to abide by Applicable Law concerning the Processing of the TelePeças Data (defined below) contained within TelePeças Content and Personal Information. This DPRA prescribes the minimum data protection and information security standards that you, your agents and assigns must meet and maintain in order to protect TelePeças Data from unauthorized use, access, disclosure, theft, manipulation, reproduction, a Security Breach or otherwise during the term of the TelePeças Developers Program Terms of Use and API License Agreement (“Terms”) and for any period thereafter during which you, your agents or assigns has possession of or access to any TelePeças Content or Personal Information, is incorporated into the Terms by this reference, and is effective as of the Effective Date of the Terms. Your ongoing adherence to a Security Program (defined in Section 3.1 below) based on an Industry Recognized Framework is a condition to you doing business with TelePeças.

Capitalized terms used but not defined herein shall have the meaning set forth in the Terms.

2. Definitions

  • “Applicable Law” means any applicable data protection, privacy, or information security laws, codes, and regulations or other binding restrictions governing Processing of TelePeças Data.
  • “Cardholder Information” means credit or debit card information regulated by the Payment Card Industry Security Council.
  • “Data Centers” means locations at which you provide data Processing or transmission functions in support of your Application. Data Centers can be owned by you or by a third party.
  • “Data Controller” means the party that determines the purposes of the Processing of Personal Data.
  • “Data Processor” means the party that Processes Personal Data on behalf of, and under the instruction of, the Data Controller.
  • “Data Subject” means the identified or identifiable person who is the subject of Personal Data.
  • “TelePeças Data” means data or information (regardless of form, e.g., electronic, paper copy, etc.) transmitted through the TelePeças API(s) or otherwise provided by or on behalf of TelePeças to you. TelePeças Data may be classified as:
    • “Confidential Data”: Information that is intended only for a limited audience within TelePeças or whose release would likely have an adverse financial or reputational effect on TelePeças, TelePeças customers, or TelePeças clients. Examples include, but are not limited to: customer or client customer individual names, email addresses, physical addresses and any other information that correlates to a person, software source code, customer personal contact information, customer email addresses, etc.; or
    • “Personal Data”: data or information that makes a natural person identified or identifiable or is a numerical, physical, physiological, cultural, economic, mental or other factor of identity relating to an identified or identifiable person.
    • TelePeças Data specifically excludes data classified by TelePeças as “Restricted Data,” which includes highly sensitive or regulated information that is intended only for a limited audience within TelePeças or whose release would likely have a material adverse financial or reputational effect on TelePeças or any Data Subject. Examples include but are not limited to: (i) Government issued identification numbers for specific countries (e.g., USA Social Security number; Germany Shufa ID, Canada Social Insurance number, driver’s license number; state identification number); (ii) Bank account numbers and related bank wire transfer financial information; and (iii) customer date of birth.
    • You agree that you will not attempt to access, receive, transmit, Process or store any “Restricted Data” with the exception of Payment Card Industry (PCI) regulated data pursuant to Section 11 if authorized by the cardholder.
  • “Incident” means any impairment to the security of TelePeças Data, including, but not limited to: any (i) alleged or confirmed misuse of TelePeças Data; or (ii) unauthorized access to or attempt to access TelePeças Data.
  • “Industry Standard Encryption Algorithms and Key Strengths” means encryption should at least meet the following standard encryption algorithm (note: The algorithm and key strengths may change depending upon the new and most up-to-date industry standard encryption practice):
    • Symmetric encryption: AES (≥ 128-bit);
    • Asymmetric encryption: RSA (≥ 2048-bit);
    • Hashing: SHA-2 (≥ 224-bit) with “salt” shall be added to the input string prior to encoding to ensure that the same password text chosen by different users will yield different encodings.
  • “Industry Recognized Framework” means a global industry recognized information security management system (“ISMS”), such as ISMS standard ISO/IEC 27001:2013 and ISO/IEC 27002:2013 – Information technology – Security techniques – Information security management systems – Requirements, as published by the International Organization for Standardization and the International Electrotechnical Commission (“ISO 27001”) or equivalent information security standard as mutually agreed upon by TelePeças and you.
  • “Processing” or “Processes” means any operation or set of operations which is performed upon TelePeças Personal Data, whether by automatic means or not, including but not limited to collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  • “Security Breach” means a compromise of the systems in which TelePeças Data has been accessed or acquired by one or more unauthorized parties, or you or TelePeças reasonably suspects that such a breach of security may have occurred, or any act that violates any Applicable Law. For the avoidance of doubt, “a compromise of the systems” includes, but is not limited to: misuse, loss, destruction, unauthorized access, collection, retention, storage, or transfer.
  • “Sub-Processor” means any of your Affiliates, agents or assigns that Processes TelePeças Personal Data subject to the Terms, and any unaffiliated Data Processor engaged by you or by your Affiliates.

Security Management:

  • Scope and Contents. You will develop, implement, maintain and enforce a written information privacy and security program (“Security Program”) that (i) aligns with an Industry Recognized Framework; (ii) includes administrative, technical and physical safeguards reasonably designed to protect the confidentiality, integrity and availability of TelePeças Data; (iii) is appropriate to the nature, size and complexity of your business operations; and (iv) complies with any Applicable Laws that are applicable for the geographic region in which you do business.
    • Security Program Changes. You will provide details of any major changes to your Security Program that may adversely affect the security of any TelePeças Data. Such details must be communicated in writing to the TelePeças Security Operations Center (as provided in Section 8 below) within ten (10) business days prior to the effectiveness of any changes.
    • Security Officer. You will designate a senior employee to be responsible for overseeing and carrying out your Security Program and for communicating with TelePeças on information security matters (the “Security Officer”). Upon TelePeças’s request, the Security Officer will provide TelePeças with the contact information of one or more your representatives who will be available to discuss any security concerns (e.g., discovered vulnerability, exposed risk, reported concern) with TelePeças and to communicate the level of risk associated with such concerns and any remediation thereof. Your representative must be available during normal business hours. Any changes to the contact information of the Security Officer or designated representatives must be communicated to the TelePeças Security Operations Center (as provided in Section 8 below) within twenty-four (24) hours via e-mail or telephone.
    • Training. You certify that your personnel will be provided with a clear understanding of procedures and controls reasonably necessary to comply with this DPRA prior to their being granted access to TelePeças Data. Your personnel will, upon hiring, and at least annually thereafter, participate in security awareness training. This training will cover, at a minimum, your security policies, including acceptable use, password protection, data classification, incident reporting, the repercussions of violations, and brief overviews of Applicable Law. You will also provide training regarding data privacy and protection if you or your personnel accesses TelePeças Personal Data.
    • Due Diligence over Subcontractors. You will maintain a security process to conduct appropriate due diligence prior to utilizing subcontractors, including Sub-Processors, to provide any services under the Terms. You will assess the security capabilities of any such subcontractors on an annual basis to ensure subcontractor’s ability to comply with this DPRA and the Terms. The due diligence process will provide for the identification and resolution of significant security issues prior to engaging a subcontractor, written information security requirements that oblige subcontractor to adhere to your key information security policies and standards within all contracts, and for the identification and resolution of any security issues. You will maintain subcontractor audit reports, subcontractor information security controls, and/or any assessment work for a minimum of three (3) years from the date of the assessment.

Logical Security:

  • General. The logical security processes in this Section 4 apply to all of your systems or your agents’ or your assigns’ systems and supporting networks used to provide services under the Terms and on which TelePeças Data is accessed, Processed, stored, transferred or maintained.
  • Systems Access Control and Network Access Control.
    • Access Controls. You certify that you employ access control mechanisms that
      • prevent unauthorized access to TelePeças Data;
      • limit access to your personnel with a business need to know;
      • follow the principle of least privilege allowing access to only the information and resources that are necessary under the terms of the Terms; and
      • have the capability of detecting, logging, and reporting access to the system or network or attempts to breach security of the system or network.
      • You will revoke your personnel’s access to physical locations, systems, and applications that contain or Process TelePeças Data within twenty-four (24) hours of the cessation of such personnel’s need to access the system(s) or application(s);
      • All personnel must have an individual account that authenticates that individual’s access to TelePeças Data. You will not allow sharing of accounts; and
      • Access controls and passwords must be configured in accordance with industry standards and best practices. Passwords will be hashed with industry standard algorithms per Section 9 below.
    • Regular Review of Access Controls. You will maintain a process to review access controls on a minimum annual basis for all of your systems that contain TelePeças Data, including any system that, via any form of communication interface, can connect to the system on which TelePeças Data is stored. These access processes and the process to establish and delete individual accounts will be documented in, and will be in compliance with your security policies and standards referenced in Section 3.1 above. You will maintain the same processes of review and validation for any third party hosted systems you use that contain TelePeças Data
    • Remote Access Authentication. You will configure remote access to all networks storing, transmitting, or containing TelePeças Data to require two-factor authentication for such access by your Personnel.
  • Telecommunication and Network Security
    • Firewalls. You will deploy reasonably appropriate firewall technology in the operation of your sites. Traffic between TelePeças and you will be protected and authenticated by industry standard cryptographic technologies.
    • Firewall Maintenance. At a minimum, you will review firewall rule sets annually to ensure that legacy rules are removed and active rules are configured correctly.
    • Intrusion Detection and Prevention. You will deploy intrusion detection or preferably prevention systems (NIDS/NIPS) in order to generate, monitor, and respond to alerts which could indicate potential compromise of the network and/or host.
    • Log Management. You shall deploy a log management solution and retain logs produced by firewalls and intrusion detection systems for a minimum period of one (1) year.
    • Network Segmentation. You shall establish and maintain appropriate network segmentation, including the use of virtual local area networks (VLANS) where appropriate, to restrict network access to systems storing TelePeças Data. You will proxy all connections from public networks into the your internal network using DMZ or equivalent. You will not allow direct connections from public networks into any network segment storing TelePeças Data.
    • Wireless Security. If you deploy a wireless network, you will configure and maintain the use, configuration and management of wireless networks to meet the following:
      • Physical Access – All wireless devices shall be protected using appropriate physical controls to minimize the risk of theft, unauthorized use, or damage;
      • Network Access – Network access to wireless networks should be restricted only to those authorized;
      • Access points shall be segmented from an internal, wired LAN using a gateway device;
      • The service set identifier (SSID), administrator user ID, password and encryption keys shall be changed from the default value;
      • Encryption of all wireless connections will be enabled using Industry Standard Encryption Algorithms (i.e. WPA2/WPA with 802.1X authentication and AES encryption). WEP should never be used;
      • If supported, auditing features on wireless devices shall be enabled and resulting logs shall be reviewed periodically by designated staff or a wireless intrusion prevention system. Logs should be retained for ninety (90) days or longer; and
      • SNMP shall be disabled if not required for network management purposes. If SNMP is required for network management purposes, SNMP will be read-only with appropriate access controls that prohibit wireless devices from requesting and retrieving information and all default community strings will be changed.
      • You will maintain a program to detect rogue access points at least quarterly to ensure that only authorized wireless access points are in place. If you have not deployed a wireless solution, you are still required to conduct this quarterly audit to ensure that user-deployed wireless access points are not in use.
  • Malicious Code Protection. All workstations and servers will run the current version of industry standard anti-virus software with the most recent updates available on each workstation or server. Virus definitions must be updated within twenty-four (24) hours of release by the anti-virus software vendor. You will configure this equipment and have supporting policies to prohibit users from disabling anti-virus software, altering security configurations, or disabling other protective measures put in place to ensure the safety of TelePeças’s or your computing environment.

Systems Development and Maintenance:

  • Documentation and Training. You must maintain documentation on overall system, network, and application architecture, data flows, process flows, and security functionality for all applications that process or store any TelePeças Data. You must employ documented secure programming guidelines, standards, and protocols in the development of applications that process or store any TelePeças Data. You shall be responsible for verifying that all development staff have been successfully trained in secure programming techniques. You should be trained on all current application vulnerabilities, including, but not limited to OWASP Top 10, WASC TCv2, and the CWE-25. You should know how to recognize these issues and how to remediate them.
  • Change Management. You will employ an effective, documented change management program with respect to services provided under the Terms as an integral part of your security profile. This includes logically or physically separate environments from production for all development and testing. No TelePeças Data will be transmitted, stored or Processed in a non-production environment. 5.3 Vulnerability Management and Application Security Assessments. You must run internal and external network vulnerability scans at least quarterly and after any material change in the network configuration (e.g., new system component installations, changes in network topology, firewall rule modifications, or product upgrades). Vulnerabilities identified and rated as high risk by you will be remediated within ninety (90) days of discovery.
    • For all Internet-facing applications that collect, transmit or display TelePeças Data, you agree to conduct an application security assessment review to identify common security vulnerabilities as identified by industry-recognized organizations (e.g., OWASP Top 10 Vulnerabilities; CWE/SANS Top 25 vulnerabilities) annually or for all major releases, whichever occurs first. The scope of the security assessment will primarily focus on application security, including, but not limited to, a penetration test of the application, as well as a code review. At a minimum, it will cover the OWASP Top 10 vulnerabilities (https://www.owasp.org).
    • For all mobile applications (i.e. running on Android, Blackberry, iOS, Windows Phone) that collect, transmit or display TelePeças Data, you agree to conduct an application security assessment review to identify and remediate industry-recognized vulnerabilities specific to mobile applications.
    • You should utilize a qualified third party to conduct the application security assessments. You may conduct the security assessment review yourself, provided that your personnel performing the review are sufficiently trained, follow industry standard best practices, and the assessment process is reviewed and approved by TelePeças. Vulnerabilities identified and rated as high risk by you will be remediated within ninety (90) days of discovery.
  • Patch Management. You will patch all workstations and servers with all current operating system, database and application patches deployed in your computing environment according to a schedule predicated on the criticality of the patch. You must perform appropriate steps to help ensure patches do not compromise the security of the information resources being patched. All emergency or critical rated patches must be applied as soon as possible but at no time will exceed thirty (30) days from the date of release.

Email Security:

If you are sending emails to TelePeças customers, appropriate email identity solutions, including but not limited to DKIM, SPF, and DMARC, will be utilized. If you utilize TelePeças-owned domain names to send emails, you will adhere to the TelePeças Email Security requirements, provided upon request.

TelePeças Security Assessments and Audits:

  • You shall, upon reasonable notice, allow your data Processing facilities, procedures and documentation to be inspected by TelePeças (or its designee) in order to ascertain compliance with Applicable Law, this DPRA, or any agreements between you and TelePeças.
  • You shall fully cooperate with audit requests by providing TelePeças access to relevant knowledgeable personnel, physical premises, documentation, infrastructure, and application software.

Incident Response and Notification Procedures:

  • You will maintain an Incident response function capable of identifying, mitigating the effects of, and preventing the recurrence of Incidents. Upon discovering or otherwise becoming aware of an Incident that may put TelePeças Data at risk (“Security Breach”), you shall take all reasonable measures to mitigate the harmful effects of the Incident. You shall also notify TelePeças of the Security Breach as soon as practicable, but in no event later than 24 hours after the Security Breach. Notice to TelePeças shall be written to helpdesk@telepecas.com and shall include: (i) the identification of the TelePeças Data which has been, or is reasonably believed to have been, used, accessed, acquired or disclosed during the incident; (ii) a description of what happened, including the date of the incident and the date of discovery of the incident, if known; (iii) the scope of the incident, including a description of the type of TelePeças Data involved in the incident; (iv) a description of your response to the incident, including steps you have taken to mitigate the harm caused by the incident; and (v) other information as TelePeças may reasonably request. You must ensure that affected third parties are notified of the Security Breach, at TelePeças’s sole discretion, either by notifying such third parties after TelePeças has reviewed and approved the language and method of notice, or by enabling TelePeças to notify such third parties itself. You agree to cover the costs of any such notification, including reimbursing TelePeças for any reasonable costs such as to provide credit monitoring to affected Data Subjects.
  • You will retain all data related to known and reported Incidents or investigations indefinitely or until TelePeças notifies you that the image is no longer needed. Upon TelePeças’s request, you will permit TelePeças or its third party auditor to review and verify relevant video surveillance records, access logs and data pertaining to any Incident investigation. Upon conclusion of investigative, corrective, and remedial actions with respect to an Incident, you will prepare and deliver to TelePeças a final report that describes in detail: (i) the extent of the Incident; (ii) the TelePeças Data disclosed, destroyed, or otherwise compromised or altered; (iii) all supporting evidence, including, but not limited to, system, network, and application logs; (iv) all corrective and remedial actions completed; and (v) all efforts taken to mitigate the risks of further Incidents.

Storage, Handling, and Disposal:

  • Data Segregation. You will physically or logically separate and segregate TelePeças Data from your other clients’ data.
  • Electronic Form Data. You will utilize Industry Standard Encryption Algorithms and Key Strengths (as defined in the “Definitions” section of this DPRA) to encrypt the following:
    • All TelePeças Data that is in electronic form while in transit over all public wired networks (e.g., Internet) and all wireless networks.
    • Passwords will be hashed with irreversible industry standard algorithms with randomly generated “salt” added to the input string prior to encoding to ensure that the same password text chosen by different users will yield different encodings. The randomly generated salt should be at least as long as the output of the hash function.
    • Any mobile devices used outside of a Data Center (e.g., laptop, desktop tablet) to perform any services under the Terms.
  • Data Centers. To the extent you are operating a Data Center or utilizing a Third Party Data Center, you will comply with physical security controls outlined in one or more of the following industry standards: ISO 27001, SSAE 16 or ISAE 3402, or PCI-DSS.
  • Data Retention. Except where prohibited by law, upon the earliest to occur of: (i) the termination of the Terms; (ii) such time when TelePeças Data is no longer required for the purposes of the Terms; (iii) upon written request from TelePeças or an applicable data subject, or (iv) such time that your data retention period has exceeded industry best practices for the time/duration/age of the TelePeças Data:
    • You will promptly remove the TelePeças Data from your environment and destroy it within a reasonable timeframe, but in no case longer than thirty (30) days thereafter,
    • All media used to store TelePeças Data will be sanitized or destroyed as required in the “Destruction of Data” Section 9.5, and
    • You will provide TelePeças with a written certification regarding such removal, destruction, and/or cleaning upon request.
  • Destruction of Data. You will dispose of TelePeças Data at such time as outlined in the “Data Retention” Section 9.4. TelePeças Data should be disposed of in a method that prevents any recovery of the data in accordance with industry best practices for shredding of physical documents and wiping of electronic media (e.g. current version of NIST SP 800-88). You will destroy any equipment containing TelePeças Data that is damaged or non-functional. All TelePeças Data must be rendered unreadable and unrecoverable regardless of the form (physical or electronic).

Ownership; Use: You acknowledge and agree that you have no ownership of, or right to use, TelePeças Data other than as expressly permitted under the Terms or as authorized by TelePeças in writing. For the avoidance of doubt, you have no right to copy, use, reproduce, display, perform, modify or transfer TelePeças Data or any derivative works thereof, except as expressly provided in the Terms or as expressly authorized by TelePeças in writing. You acknowledge and agree that you will not use (or permit any third party to use) the TelePeças Data for any use other than as expressly provided in the Terms.

Payment Card Industry (“PCI”) Compliance:

  • Section 11 applies whenever you are “PCI Relevant.” “PCI Relevant” means you will be transmitting, Processing, handling, accessing, maintaining, or storing credit or debit card information regulated by the Payment Card Industry Security Council (“Cardholder Information”) in the course of providing Services under the Terms.
  • You will validate your compliance with the Payment Card Industry Data Security Standard (“PCI-DSS”) according to the standards set forth by the PCI Security Standards Council, including completion of any required assessments. If you will be transferring, Processing and/or storing credit card account information, you must provide audit evidence that they comply with the PCI-DSS prior to accessing relevant TelePeças API(s).
  • You will maintain such compliance at all times during the term of the Terms. This requirement will survive the duration of the Terms until you return, destroy, or cause the destruction of any and all Cardholder Information in your possession, custody, or control.
  • You will provide TelePeças with evidence of full compliance with the PCI-DSS upon request.

Survival: Your obligations and TelePeças’s rights under this DPRA shall become effective on the Effective Date of the Terms and will continue in effect so long as you possess TelePeças Data.

Conflict: If and to the extent language in this DPRA conflicts with the Terms, this DPRA shall control.

Processing of Personal Data:

The following additional terms shall apply to the Processing of Personal Data by you:

  • Processing Instructions: You shall Process Personal Data only to deliver services in accordance with the Terms and/or TelePeças’s written instructions. For the avoidance of doubt, TelePeças’s written instructions for the Processing of Personal Data shall comply with Applicable Law. In the event you reasonably believe there is a conflict amongst Applicable Law or that TelePeças’s instructions conflict with any Applicable Law, you will inform TelePeças immediately and shall cooperate in good faith to resolve the conflict and achieve the goals of such instruction.
  • Use of Sub-Processors:
    • Contractual Privity. Your obligations under this DPRA shall apply to Sub-Processors. You are authorized to use Sub-Processors, provided that you represent and warrant that any approved SubProcessor is contractually bound to meet all data protection obligations required by the Terms, TelePeças’s Processing instructions, and by Applicable Law. Proof of these contractual obligations, in which commercially sensitive terms may be redacted, shall be provided to TelePeças promptly upon request. In the event that TelePeças reasonably believes a Sub-Processor Processes TelePeças Personal Data without having entered into a contractual agreement with you containing data protection obligations required by the Terms, TelePeças’s Processing instructions or by Applicable Law, TelePeças will promptly inform you and you shall cooperate in good faith to resolve the conflict and achieve the goals of such instruction.
    • List Maintenance. You shall maintain a list of all Sub-Processors you have engaged to Process TelePeças Personal Data. Where required by law, you shall (i) inform TelePeças of any intended changes concerning the addition or replacement of Sub-Processors with access to TelePeças Personal Data and give TelePeças the opportunity to object to such changes, and (ii) obtain the prior written consent of TelePeças before entering into any such agreement (unless expressly waived in a written agreement).
    • Organizational, Technical, and Physical Safeguards. You must restrict through organizational, technical, and physical safeguards the Sub-Processor’s access to TelePeças Personal Data to that which is only strictly necessary to perform its subcontracted Processing services to you (which shall be consistent with the Processing Instructions issued to you by TelePeças). Additionally, you will prohibit through organizational, technical and physical safeguards the Sub-Processor from Processing TelePeças Personal Data for any other purpose. Sub-Processors must similarly implement appropriate organizational, technical and physical measures to ensure that the Processing of TelePeças Data occurs in strict accordance with the Terms, TelePeças’s Processing instructions and Applicable Law and Regulations.
    • Sub-Processor Liability. You shall remain liable for any act or omission of a Sub-Processor that does not comply with the Terms, any Processing instructions or the requirements of Applicable Law.
  • Transfer of Personal Data: You shall not cause or permit any Personal Data to be transferred across borders in breach of Applicable Law. Cross-border transfers of Personal Data subject to legal restrictions by Applicable Law shall require TelePeças’s prior written consent. For the avoidance of doubt, this transfer restriction does not pertain to TelePeças personnel access to Personal Data.
  • Limitation on Disclosure of Personal Data: To the extent legally permitted, you shall immediately notify TelePeças in writing upon receipt of an order, demand, or document purporting to request, demand or compel the production of Personal Data to any third party. You shall not disclose Personal Data to the third party without providing TelePeças at least forty-eight (48) hours’ notice, so that TelePeças may, at its own expense, exercise such rights as it may have under Applicable Law to prevent or limit such disclosure. Notwithstanding the foregoing, you will exercise commercially reasonable efforts to prevent and limit any such disclosure and to otherwise preserve the confidentiality of Personal Data; additionally, you will cooperate with TelePeças with respect to any action taken pursuant to such order, demand, or other document request, including to obtain an appropriate protective order or other reliable assurance that confidential treatment will be accorded to Personal Data.
  • Compliance with Applicable Law: You shall Process Personal Data in accordance with Applicable Law. You represent and warrant that you will maintain privacy policies sufficient to protect the Personal Data and compliant with the Applicable Law.
  • Liability and Indemnification: You shall be liable for any of your acts and/or omissions relating to the obligations in this DPRA that result in a Security Breach of TelePeças’s Personal Data. You shall indemnify, defend and hold TelePeças harmless from and against all liabilities, costs, damages, claims and expenses relating to Security Breaches that araise from or in connection with your breach of your obligations stated in this DPRA.
  • Personal Data transmitted to TelePeças: Prior to sharing any Personal Data with TelePeças, you shall ensure that Data Subjects are appropriately notified of and have consented to TelePeças’s privacy practices. You warrant that you have a legitimate basis and adequate title to collect and share Personal Data with TelePeças.