Prezi Data Processing Agreement

PREZI / INFOGRAM DATA PROCESSING AGREEMENT (DPA)

THIS Prezi / Infogram DATA PROCESSING AGREEMENT (the "DPA") is entered into by and between [Partner / Customer Name] (“Partner / Customer”) and Prezi Inc. / Infogram located at 101 Broadway, 2 ^nd floor, Oakland, CA 94607 (“Prezi Inc. / Infogram”, or “Prezi / Infogram”). This DPA governs the processing of Personal Data processed by Prezi Inc. / Infogram for or on behalf of Partner / Customer in connection with the services provided by Prezi / Infogram and as detailed in the Prezi / Infogram Business Terms of Use .

Recitals

Partner / Customer has subscribed to the Prezi / Infogram Business Terms of Use for receiving certain services from Prezi Inc. / Infogram as described in Prezi / Infogram’s “Order Form” previously executed or accepted by other means by the Partner / Customer.
To comply with the General Data Protection Regulation (defined below), the Parties are required to enter into this DPA. Accordingly, Partner / Customer's engagement with Prezi Inc. / Infogram is conditioned upon the agreement to this DPA.
In case of conflict or inconsistency the following documents prevail: Standard Contractual Clauses (SCC), this DPA, Prezi / Infogram Order Form, Prezi / Infogram Business Terms of Use.
This DPA shall remain in effect as long as Prezi Inc. / Infogram carries out Personal Data processing operations on behalf of Partner / Customer or until the termination of the Prezi / Infogram Services (and all Personal Data has been returned or deleted in accordance with Section 8).

Agreement

1. Definitions

“Applicable Privacy Law(s)” means the relevant data protection and privacy laws and regulations to which Partner / Customer is subject, including, where applicable, EU Data Protection Law.

“Authorized Persons” means any person who processes Personal Data on Prezi / Infogram’s behalf, including Prezi / Infogram’s employees, officers and contractors who are under a strict duty of confidentiality (whether a contractual or statutory duty) and that they process the Personal Data only for the purposes listed in Section 2.1.

“Authorized Subprocessor” means a third-party subcontractor, agent, reseller, or auditor who has a need to know or otherwise access Personal Data to enable Prezi / Infogram to perform its obligations under this DPA or the Partner / Customer Agreement, and who is either (a) listed on the list available here : https://Prezi / Infogram.zendesk.com/hc/en-us/articles/360009207833 (such URL may be updated by Prezi / Infogram from time to time, subject to Prezi / Infogram’s compliance with Section 3.1) or (ii) otherwise specifically authorized by Partner / Customer to do so under Section 3.1 of this DPA.

“Partner / Customer Agreement” means collectively the Prezi / Infogram Order Form and the Business Terms of Use

“Data Controller”, “Data Exporter” means Partner / Customer.

“Data Processor”, “Data Importer” means Prezi / Infogram.

“EU Data Protection Law” means Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the Processing of Personal Data and on the free movement of such data (General Data Protection Regulation) ("GDPR").

“General Data Protection Regulation” means the European Union Regulation on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

“Standard Contractual Clauses (SCC)” means the agreement executed by and between Data Controller and Data Processor and attached hereto as Annex D pursuant to the Annex to the European Commission’s implementing decision on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council.

“Personal Data” means any information provided or made available to Prezi / Infogram, by or on behalf of Partner / Customer, in connection with the Services and which relates to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to their physical, physiological, genetic, mental, economic, cultural or social identity. For the avoidance of doubt, Personal Data includes personally identifiable information.

“Process” and its cognates mean any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

“Security Breach” means a security incident leading to an accidental, unauthorized or unlawful destruction, loss, alteration, disclosure of, or access to, Personal Data

“Security Measures” means technical and organizational security measures to meet the requirements of EU Data Protection Law, and in particular, to protect against the occurrence of Security Breaches and to preserve the security, integrity and confidentiality of Personal Data.

“Subprocessor” means any entity which provides processing services to Prezi / Infogram in furtherance of Prezi / Infogram’s processing on behalf of Partner / Customer.

“Supervisory Authority” means an independent public authority which is established by a European Union member state pursuant to Article 51 of the General Data Protection Regulation having jurisdiction over the processing of any Personal Data under this DPA.

All terms not defined herein shall have the meaning as ascribed to them in the Prezi / Infogram Business Terms of Use .

2. Nature and Scope of Data Processing

2.1 Prezi Inc. / Infogram (acting as Data Processor on behalf of the Data Controller) shall only process Personal Data for the purpose of providing, supporting and improving Prezi / Infogram’s Services in accordance with the Prezi / Infogram Business Terms of Use .

2.2 Prezi Inc. / Infogram shall ensure that any Authorized Person is subject to a strict duty of confidentiality (whether a contractual or statutory duty) and that they process the Personal Data only for the purposes listed in Section 2.1.

2.3 The categories of Personal Data processed and the categories of data subjects to this DPA are described in Annex A to this DPA.

3. Subprocessing

3.1 Partner / Customer acknowledges and agrees that Prezi / Infogram may (a) engage its affiliates and the Subprocessors listed here (such URL may be updated by Prezi / Infogram from time to time, subject to compliance with the remainder of this Section 3) to access and process Personal Data in connection with the Services; and (b) from time to time engage additional third parties for the purpose of providing the Services, including without limitation the processing of Personal Data, as further set out in this Section 3.

3.2 In the event that Prezi / Infogram wants to contract with another affiliate or Subprocessors not listed in the affiliates and Subprocessors list referenced in Section 3.1 above, Prezi / Infogram will, at least ten (10) days before engaging with the new Subprocessors to access or participate in the processing of Personal Data, add such third party to the List and notify Partner / Customer of that update via email. Partner / Customer may object to such an engagement in writing within ten (10) days of receipt of the notice by Prezi / Infogram.

3.3 If Partner / Customer reasonably objects to an engagement in accordance with Section 3.2, Prezi / Infogram shall provide Partner / Customer with a written description of commercially reasonable alternative(s), if any, to such engagement, including without limitation modification to the Services. If Prezi / Infogram, in its sole discretion, cannot provide any such alternative(s), or if Partner / Customer does not agree to any such alternative(s) if provided, Data Processor may terminate this DPA.

3.4 If Partner / Customer does not object to the engagement of a third party in accordance with Section 3.2 within ten (10) days of notice by Prezi / Infogram, that third party will be deemed an Authorized Subprocessor for the purposes of this DPA.

3.5 Prezi / Infogram shall, by way of contract or other legal act under EU Data Protection Law or European Union member state law on personal data protection (including without limitation approved codes of conduct and standard contractual clauses), ensure that every Authorized Subprocessor is subject to obligations regarding the processing of Personal Data that are no less protective than those to which Prezi / Infogram is subject under this DPA.

3.6 Prezi / Infogram shall be liable to Partner / Customer for the acts and omissions of Authorized Subprocessors to the same extent that Data Processor would itself be liable under this DPA had it conducted such acts or omission.

4. Security Measures and breach notification

4.1 Prezi Inc. / Infogram will implement and maintain appropriate technical and organizational security measures to meet the requirements of EU Data Protection Law, and in particular, to protect against the occurrence of Security Breaches and to preserve the security, integrity and confidentiality of Personal Data ("Security Measures"). Such Security Measures shall take into account industry standards, the costs of implementation, and the nature, scope, context and purposes of the processing, as well as the risk of a Security Breach and potential impact on the rights and freedoms of natural persons. At a minimum, Prezi Inc. / Infogram shall implement the Security Measures identified in Annex B of this DPA.

4.2 In the event of a security breach involving Partner / Customer’s Personal Data, Prezi Inc. / Infogram shall promptly (and in no event later than 48 hours of Prezi Inc. / Infogram becoming aware of such security breach) inform Partner / Customer and provide written notification of the security breach. Such notification shall include a description of the security breach, and a description of the measures taken or proposed to be taken by Prezi Inc. / Infogram to address the security breach, including, where appropriate, measures to mitigate its possible adverse effects.

4.3 Prezi / Infogram shall cooperate with Partner / Customer regarding the investigation of security breaches and the notification to the Supervisory Authority and Partner / Customer's data subjects regarding such security breaches.

4.4 Prezi / Infogram shall provide reasonable help with the preparation of data protection impact assessments of the Services as is reasonable in light of the Personal Data that is being processed, and, where necessary, with carrying out consultations with any Supervisory Authority.

4.5 The content and provision of any notification, public/regulatory communication or press release concerning the security breach (Communication) shall be solely at Partner / Customer’s discretion. If and to the extent Prezi Inc. / Infogram is referenced by name in any such Communication, Prezi / Infogram Inc, shall be provided with an opportunity to review and approve the Communication for accuracy, such approval shall not be unreasonably withheld. Such review shall be honoured to the extent that this process would not prevent Partner / Customer to comply with its notification requirements, in particular taking into account the limited time window during which the Partner / Customer must notify the Supervisory Authority. Delay on the Partner / Customer’s part is not a basis for not providing Prezi / Infogram opportunity to review the Communication.

5. Disclosure of Personal Data

5.1 In the event that Prezi / Infogram receives a subpoena, court order, warrant or other legal demand from a third party (including law enforcement or other public or judicial authorities) seeking the disclosure of Personal Data, Prezi / Infogram shall not, unless otherwise required by applicable law or advised by counsel that it is so required by applicable law, disclose any information. In such event Prezi / Infogram shall immediately notify Partner / Customer in writing of such request, and unless otherwise required by applicable law, reasonably cooperate with Partner / Customer if it wishes to limit, challenge or protect against such disclosure, to the extent permitted by applicable laws.

6. Audits & Certification

6.1 If a Supervisory Authority requires an audit of Prezi Inc. / Infogram regarding the processing of Partner / Customer’s Personal Data in order to ascertain or monitor Partner / Customer's compliance, Prezi Inc. / Infogram will cooperate with such audit of the controls stated in this DPA. Partner / Customer is responsible for all costs and fees related to such audit, including all reasonable costs and fees for any and all time Prezi Inc. / Infogram expends for any such audit, in addition to the rates for services performed by Prezi Inc. / Infogram

6.2 Upon request, Prezi Inc. / Infogram will provide Partner / Customer a summary of audit reports, Prezi / Infogram’s privacy and security policies and/or other documentation reasonably required by Partner / Customer to verify Prezi / Infogram’s compliance with this DPA.

6.3 If a Report does not provide, in Partner / Customer’s reasonable judgment, sufficient information to confirm Prezi / Infogram’s compliance with the terms of this DPA, then Partner / Customer or an accredited third-party audit firm agreed to by both Partner / Customer and Prezi Inc. / Infogram may audit Prezi / Infogram’s compliance with the terms of this DPA during regular business hours, with reasonable advance notice (of at least 15 business days) to Prezi / Infogram and subject to reasonable confidentiality procedures. Partner / Customer is responsible for all costs and fees related to such audit, including all reasonable costs and fees for any and all time Prezi / Infogram expends for any such audit, in addition to the rates for services performed by Prezi / Infogram. Before the commencement of any such audit, Partner / Customer and Prezi / Infogram shall mutually agree upon the scope, timing, and duration of the audit. Partner / Customer shall promptly notify Prezi / Infogram with information regarding any non-compliance discovered during the course of an audit. Partner / Customer may not audit Prezi / Infogram more than once annually, unless otherwise required by a Supervisory Authority or Applicable Privacy Laws.

7. Data Transfers outside the EEA

7.1 Prezi Inc. / Infogram will, at all times, provide an adequate level of protection for the Personal Data, wherever processed, in accordance with the requirements of Applicable Privacy Laws.

7.2 Where Prezi Inc. / Infogram processes Personal Data under this DPA that originates from the EEA and/or Switzerland, Prezi Inc. / Infogram shall comply with (and require any Subcontractor to comply with) the SCCs, which are incorporated by reference and form an integral part of this DPA as Annex D. For the purposes of the descriptions in the SCCs and only as between Prezi / Infogram and Partner / Customer, Prezi Inc. / Infogram agrees that it is a "data importer" and Partner / Customer is the "data exporter" under the SCCs under the conditions outlined in Annex A and Annex B of this DPA.

8. Data return and Deletion

8.1 Prezi / Infogram and Partner / Customer agree that on the termination of the data processing services or upon Partner / Customer’s reasonable request, Prezi / Infogram shall, and shall cause any Subprocessors to, at the choice of Partner / Customer, return all the Partner / Customer Personal Data and copies of such data to Partner / Customer or securely destroy the data.

8.2 Prezi / Infogram will only retain Partner / Customers information to the extent: (a) Prezi / Infogram is required by law to maintain such information; or (b) it is needed for Prezi / Infogram to address any issues or inquiries that Partner / Customer may have. Prezi / Infogram shall dispose such information by destroying it or erasing it.

8.3 Prezi / Infogram will provide reasonable assistance to Partner / Customer regarding any requests from Partner / Customer data subjects in respect of access to or the rectification, erasure, restriction, portability, or deletion of Personal Data that Prezi Inc. / Infogram processes for Partner / Customer. In the event that a data subject sends such a request directly to Prezi / Infogram, it will promptly send such request to Partner / Customer.

9. General Provisions

9.1 Termination. This DPA and the Prezi / Infogram Contract will terminate simultaneously and automatically with the termination of the Partner / Customer Agreement.

9.2 Limitation of Liability. Partner / Customer’s remedies, including those of its affiliates, arising from any breach by Prezi / Infogram of the terms of this DPA will be subject to any aggregate limitation of liability that applies to Partner / Customer under the Partner / Customer Agreement.

9.3 Governing Law and Dispute Resolution. This document shall be compliant with applicable laws and regulation. To the extent required by applicable Privacy Laws, this DPA shall be governed by the law of the applicable jurisdiction. In all other cases, this DPA shall be governed by the law of the same jurisdiction as the Prezi / Infogram contract. Any dispute arising out of or relating to this DPA shall be resolved in accordance with the provisions of the Prezi / Infogram Business Terms of Use , unless mandatory regulations of Applicable Privacy Laws provide otherwise.

9.4 Additional Terms. All issues not provided for by this DPA shall be regulated by the Prezi / Infogram contract and the Prezi / Infogram Business Terms of Use .

IN WITNESS WHEREOF, this DPA (including its Annexes) is entered into and becomes a binding part of the DPA with effect from the later date set out below.

Data Controller: [Partner / Customer Name]

Signature: __________________________

Name: [Partner / Customer Point of Contact Name]

Title: [Partner / Customer Title]

Date: [Date]

Data Processor: Prezi Inc. / Infogram

Signature: __________________________

Name: [Name]

Title: [Title]

Date: [Date]

Attachments:

Annex A: Details of the Processing
Annex B: Security Measures
Annex C: Authorized Subprocessors
Annex D: Standard Contractual Clauses

Annex A: Details of the Processing

Categories of Data Subjects:

Prezi / Infogram users (Natural person, adult)

Purpose of the transfer:

Providing Prezi / Infogram Services outlined in the Prezi / Infogram Business Terms of Use .

Categories of Personal Data:

Account Information
Payment Information
Support Information
Content Information (User content)

Annex B: Security Measures

Description of the technical and organizational security measures implemented by Prezi / Infogram:

1. Physical Access Controls

Prezi / Infogram implements suitable measures in order to prevent unauthorized persons from gaining physical access to systems (namely database and application servers and related hardware) where Data are processed or used. This is accomplished by:

All production infrastructure responsible for processing and storing Partner / Customer data is within a physically secure data center provided by Amazon Web Services (AWS). AWS has strict security measures deployed and described in the their security & compliance white papers which can be found at https://aws.amazon.com/whitepapers/#security . Prezi / Infogram employees does not have physical access to the data center facilities.
The Prezi / Infogram office buildings are protected with security guards during the night, while certain areas are also equipped with closed-circuit cameras.
Employees need to use badges, which are required to access the Prezi / Infogram office area.
Prezi / Infogram guests need to register themselves in the reception area.
Prezi / Infogram has implemented a physical and visitor access policy to protect company assets.

2. Electronic Access Controls

Prezi / Infogram implements suitable measures (including industry standard encryption) to prevent its systems from being used by unauthorized persons. This is accomplished by:

Identification of all authorized user to Prezi / Infogram’s systems.
Access to data processing systems is logged, monitored, and tracked.
Authorized users are required to have a password set up on their laptops and workstations. Password complexity and full disk encryption is enforced. Screen lock after a certain time period is also enforced.
Multi-factor authentication for accessing high risk systems is enforced.
Allowing only key-based authentication for SSH access.
Industry standard TLS encryption between client to server and server to server communication.

3. Data Management controls

Prezi / Infogram ensures that the persons entitled to use its systems are only able to access the data within the scope and to the extent covered by their respective access permission (authorization) and that Personal Data cannot be read, copied or modified or removed without authorization. This is accomplished by:

Employee policies and training in respect of each employee’s access rights and management of Personal Data.
Effective and measured disciplinary action against individuals who access Personal Data without authorization.
Automated monitoring of systems access to Personal Data with automatic thresholds to alert on suspicious access.
Release of data to only authorized persons.

4. Data Transfer Controls

Prezi / Infogram implements suitable measures to prevent Personal Data from being read, copied, altered or deleted by unauthorized parties during the transfer of data. This is accomplished by:

Use of firewall to protect the gateways and pipelines through which the data travels.
Industry standard TLS encryption between client to server and server to server communication.
Avoiding to store personal data on mobile storage media for transportation purposes and on laptops or other mobile devices or only with strong encryption protection.
Employee policies and training in respect of data management and transfer of Personal Data.

5. Data Integrity Controls

Prezi / Infogram implements suitable measures to ensure that it is possible to check and establish whether and by whom Personal Data have been added, modified or deleted in data processing systems. This is accomplished by:

Identification and authentication of Authorized Persons with rights to input, as well as for the reading, alteration and deletion of stored data.
Logging and tracking of authorization by Prezi / Infogram personal in the event of an official request of adding, modifying or deleting data.
Only Authorized Persons are allowed to “impersonate” Partner / Customers upon incidents or in relation to a support request. Impersonation requires providing a business reason. The provided business reasons are reviewed periodically.

6. Control Verification and Auditing

Prezi / Infogram implements suitable measures to ensure that, in the case of commissioned processing of Personal Data, the data are processed strictly in accordance with the instructions of the Partner / Customer. This is accomplished by:

Upon request Prezi / Infogram will provide Partner / Customer a summary of audit Reports, Prezi / Infogram’s privacy and security policies and/or other documentation reasonably required by Partner / Customer to verify Prezi / Infogram’s compliance with this DPA.
In the event the Reports does not provide, in Partner / Customer’s reasonable judgment, sufficient information to confirm Prezi / Infogram’s compliance with the terms of this DPA, then Partner / Customer or an accredited third-party audit firm agreed to by both Partner / Customer and Prezi / Infogram may audit Prezi / Infogram’s compliance with the terms of this DPA during regular business hours, with reasonable advance notice (of at least 15 business days) to Prezi / Infogram and subject to reasonable confidentiality procedures. Partner / Customer is responsible for all costs and fees related to such audit, including all reasonable costs and fees for any and all time Prezi / Infogram expends for any such audit, in addition to the rates for services performed by Prezi / Infogram. Before the commencement of any such audit, Partner / Customer and Prezi / Infogram shall mutually agree upon the scope, timing, and duration of the audit. Partner / Customer shall promptly notify Prezi / Infogram with information regarding any non-compliance discovered during the course of an audit. Partner / Customer may not audit Prezi / Infogram more than once annually.

7. Availability Controls

Prezi / Infogram implements suitable measures to ensure that Personal Data are protected from accidental destruction or loss, and that Prezi / Infogram is able to restore the availability and access to Personal Data in a timely manner in the event of a Security Breach. This is accomplished by:

Services’ architecture upholds industry best practices of infrastructure redundancy, resiliency and rapid recovery.
Services are actively monitored by tracking uptime and overall availability.
Automatic alerts are triggered when service interruption is detected.
Services are deployed in multiple data centers for redundancy.
Backup is stored in another region and available for restore in case of failure.

8. Data Isolation Controls

Prezi / Infogram implements suitable measures to ensure that data collected for different purposes can be processed separately. This is accomplished by:

Access to data is separated through application security for the appropriate users.
Data is stored, where reasonably possible, in separate databases to fulfil the individual purpose of processing and/or function.
Reports and batch processing are designed for only specific purposes and functions, so data collected for specific purposes is processed separately.

9. Quality Controls

Prezi / Infogram regularly tests, assesses and evaluates the effectiveness of the technical and organizational measures it has in place for ensuring the security of its processing of Personal Data.

Annex C: Authorized Subprocessors

This is the current list of Authorized Subprocessors as at the date of this DPA. Prezi / Infogram is not responsible for keeping updated the table below. An updated list will be maintained online under [ Authorized Processors List Page - https://Prezi / Infogram.zendesk.com/hc/en-us/articles/360009207833].

Company	Country	Purpose
Chart.io	United States	Analytics Tooling
Clari	United States	Analytics Tooling
Radius	United States	Analytics Tooling
Conversica	United States	Analytics Tooling
Conversica	United States	Automation Tooling
Zapier.com	United States	Automation Tooling
Discourse.org	United States	Automation Tooling
GoToWebinar	United States	Communication Provider
Groove	United States	Communication Provider
Intercom	United States	Communication Provider
Returnpath	United States	Communication Provider
Selligent	United States	Communication Provider
Sertifi	United States	Communication Provider
Siftrock	United States	Communication Provider
SurveyMonkey	United States	Communication Provider
TalkDesk	United States	Communication Provider
Troops	United States	Communication Provider
YouCanBook.Me	United States	Communication Provider
LinkedIn (Sales Navigator)	United States	Communication Provider
SalesForce	United States	Customer Management
Zendesk	United States	Customer Management
ZoomInfo	United States	Customer Management
Amazon Web Services(AWS)	United States	Hosting Provider
Azure	United States	Hosting Provider
Heroku	United States	Hosting Provider
Google	United States	Hosting Provider
Bluesnap	United States	Hosting Provider and Analytics Tooling
Braintree	United States	Payment Provider
Paypal	United States	Payment Provider
Zuora	United States	Payment Provider

Annex D: Standard Contractual Clauses

EU Standard Contractual Clauses

COMMISSION IMPLEMENTING DECISION (EU) 2021/914

of 4 June 2021

on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council

ANNEX

STANDARD CONTRACTUAL CLAUSES (SCCs)

SECTION I

Clause 1

Purpose and scope

(a) The purpose of these standard contractual clauses is to ensure compliance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) for the transfer of personal data to a third country.
(b) The Parties:
- (i) the natural or legal person(s), public authority/ies, agency/ies or other body/ies (hereinafter ‘entity/ies’) transferring the personal data, as listed in Annex I.A (hereinafter each ‘data exporter’), and
- (ii) the entity/ies in a third country receiving the personal data from the data exporter, directly or indirectly via another entity also Party to these Clauses, as listed in Annex I.A (hereinafter each ‘data importer’)
  
  have agreed to these standard contractual clauses (hereinafter: ‘Clauses’).
(c) These Clauses apply with respect to the transfer of personal data as specified in Annex I.B.
(d) The Appendix to these Clauses containing the Annexes referred to therein forms an integral part of these Clauses.

Clause 2

Effect and invariability of the Clauses

(a) These Clauses set out appropriate safeguards, including enforceable data subject rights and effective legal remedies, pursuant to Article 46(1) and Article 46(2)(c) of Regulation (EU) 2016/679 and, with respect to data transfers from controllers to processors and/or processors to processors, standard contractual clauses pursuant to Article 28(7) of Regulation (EU) 2016/679, provided they are not modified, except to select the appropriate Module(s) or to add or update information in the Appendix. This does not prevent the Parties from including the standard contractual clauses laid down in these Clauses in a wider contract and/or to add other clauses or additional safeguards, provided that they do not contradict, directly or indirectly, these Clauses or prejudice the fundamental rights or freedoms of data subjects.
(b) These Clauses are without prejudice to obligations to which the data exporter is subject by virtue of Regulation (EU) 2016/679.

Clause 3

Third-party beneficiaries

(a) Data subjects may invoke and enforce these Clauses, as third-party beneficiaries, against the data exporter and/or data importer, with the following exceptions:some text
- (i) Clause 1, Clause 2, Clause 3, Clause 6, Clause 7;
- (ii) Clause 8.1(b), 8.9(a), (c), (d) and (e);;
- (iii) Clause 9(a), (c), (d) and (e);;
- (iv) Clause 12(a), (d) and (f);
- (v) Clause 13;
- (vi) Clause 15.1(c), (d) and (e);
- (vii) Clause 16(e);
- (viii) Clause 18(a) and (b).
(b) Paragraph (a) is without prejudice to rights of data subjects under Regulation (EU) 2016/679.

Clause 4

Interpretation

(a) Where these Clauses use terms that are defined in Regulation (EU) 2016/679, those terms shall have the same meaning as in that Regulation.
(b) These Clauses shall be read and interpreted in the light of the provisions of Regulation (EU) 2016/679.
(c) These Clauses shall not be interpreted in a way that conflicts with rights and obligations provided for in Regulation (EU) 2016/679.

Clause 5

Hierarchy

In the event of a contradiction between these Clauses and the provisions of related agreements between the Parties, existing at the time these Clauses are agreed or entered into thereafter, these Clauses shall prevail.

Clause 6

Description of the transfer(s)

The details of the transfer(s), and in particular the categories of personal data that are transferred and the purpose(s) for which they are transferred, are specified in Annex I.B.

Clause 7

Docking clause

(a) An entity that is not a Party to these Clauses may, with the agreement of the Parties, accede to these Clauses at any time, either as a data exporter or as a data importer, by completing the Appendix and signing Annex I.A.
(b) Once it has completed the Appendix and signed Annex I.A, the acceding entity shall become a Party to these Clauses and have the rights and obligations of a data exporter or data importer in accordance with its designation in Annex I.A.
(c) The acceding entity shall have no rights or obligations arising under these Clauses from the period prior to becoming a Party.

SECTION II – OBLIGATIONS OF THE PARTIES

Clause 8

Data protection safeguards

The data exporter warrants that it has used reasonable efforts to determine that the data importer is able, through the implementation of appropriate technical and organisational measures, to satisfy its obligations under these Clauses.

8.1 Instructions

(a) The data importer shall process the personal data only on documented instructions from the data exporter. The data exporter may give such instructions throughout the duration of the contract.
(b) The data importer shall immediately inform the data exporter if it is unable to follow those instructions.

8.2 Purpose limitation

The data importer shall process the personal data only for the specific purpose(s) of the transfer, as set out in Annex I.B, unless on further instructions from the data exporter.

8.3 Transparency

On request, the data exporter shall make a copy of these Clauses, including the Appendix as completed by the Parties, available to the data subject free of charge. To the extent necessary to protect business secrets or other confidential information, including the measures described in Annex II and personal data, the data exporter may redact part of the text of the Appendix to these Clauses prior to sharing a copy, but shall provide a meaningful summary where the data subject would otherwise not be able to understand the its content or exercise his/her rights. On request, the Parties shall provide the data subject with the reasons for the redactions, to the extent possible without revealing the redacted information. This Clause is without prejudice to the obligations of the data exporter under Articles 13 and 14 of Regulation (EU) 2016/679.

8.4 Accuracy

If the data importer becomes aware that the personal data it has received is inaccurate, or has become outdated, it shall inform the data exporter without undue delay. In this case, the data importer shall cooperate with the data exporter to erase or rectify the data.

8.5 Duration of processing and erasure or return of data

Processing by the data importer shall only take place for the duration specified in Annex I.B. After the end of the provision of the processing services, the data importer shall, at the choice of the data exporter, delete all personal data processed on behalf of the data exporter and certify to the data exporter that it has done so, or return to the data exporter all personal data processed on its behalf and delete existing copies. Until the data is deleted or returned, the data importer shall continue to ensure compliance with these Clauses. In case of local laws applicable to the data importer that prohibit return or deletion of the personal data, the data importer warrants that it will continue to ensure compliance with these Clauses and will only process it to the extent and for as long as required under that local law. This is without prejudice to Clause 14, in particular the requirement for the data importer under Clause 14(e) to notify the data exporter throughout the duration of the contract if it has reason to believe that it is or has become subject to laws or practices not in line with the requirements under Clause 14(a).

8.6 Security of processing

(a) The data importer and, during transmission, also the data exporter shall implement appropriate technical and organisational measures to ensure the security of the data, including protection against a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access to that data (hereinafter ‘personal data breach’). In assessing the appropriate level of security, the Parties shall take due account of the state of the art, the costs of implementation, the nature, scope, context and purpose(s) of processing and the risks involved in the processing for the data subjects. The Parties shall in particular consider having recourse to encryption or pseudonymisation, including during transmission, where the purpose of processing can be fulfilled in that manner. In case of pseudonymisation, the additional information for attributing the personal data to a specific data subject shall, where possible, remain under the exclusive control of the data exporter. In complying with its obligations under this paragraph, the data importer shall at least implement the technical and organisational measures specified in Annex II. The data importer shall carry out regular checks to ensure that these measures continue to provide an appropriate level of security.
(b) The data importer shall grant access to the personal data to members of its personnel only to the extent strictly necessary for the implementation, management and monitoring of the contract. It shall ensure that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
(c) In the event of a personal data breach concerning personal data processed by the data importer under these Clauses, the data importer shall take appropriate measures to address the breach, including measures to mitigate its adverse effects. The data importer shall also notify the data exporter without undue delay after having become aware of the breach. Such notification shall contain the details of a contact point where more information can be obtained, a description of the nature of the breach (including, where possible, categories and approximate number of data subjects and personal data records concerned), its likely consequences and the measures taken or proposed to address the breach including, where appropriate, measures to mitigate its possible adverse effects. Where, and in so far as, it is not possible to provide all information at the same time, the initial notification shall contain the information then available and further information shall, as it becomes available, subsequently be provided without undue delay.
(d) The data importer shall cooperate with and assist the data exporter to enable the data exporter to comply with its obligations under Regulation (EU) 2016/679, in particular to notify the competent supervisory authority and the affected data subjects, taking into account the nature of processing and the information available to the data importer.

8.7 Sensitive data

Where the transfer involves personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, or biometric data for the purpose of uniquely identifying a natural person, data concerning health or a person’s sex life or sexual orientation, or data relating to criminal convictions and offences (hereinafter ‘sensitive data’), the data importer shall apply the specific restrictions and/or additional safeguards described in Annex I.B.

8.8 Onward transfers

The data importer shall only disclose the personal data to a third party on documented instructions from the data exporter. In addition, the data may only be disclosed to a third party located outside the European Union (in the same country as the data importer or in another third country, hereinafter ‘onward transfer’) if the third party is or agrees to be bound by these Clauses, under the appropriate Module, or if:

(i) the onward transfer is to a country benefitting from an adequacy decision pursuant to Article 45 of Regulation (EU) 2016/679 that covers the onward transfer;
(ii) the third party otherwise ensures appropriate safeguards pursuant to Articles 46 or 47 Regulation of (EU) 2016/679 with respect to the processing in question;
(iii) the onward transfer is necessary for the establishment, exercise or defence of legal claims in the context of specific administrative, regulatory or judicial proceedings; or
(iv) the onward transfer is necessary in order to protect the vital interests of the data subject or of another natural person.

Any onward transfer is subject to compliance by the data importer with all the other safeguards under these Clauses, in particular purpose limitation.

8.9 Documentation and compliance

(a) The data importer shall promptly and adequately deal with enquiries from the data exporter that relate to the processing under these Clauses.
(b) The Parties shall be able to demonstrate compliance with these Clauses. In particular, the data importer shall keep appropriate documentation on the processing activities carried out on behalf of the data exporter.
(c) The data importer shall make available to the data exporter all information necessary to demonstrate compliance with the obligations set out in these Clauses and at the data exporter’s request, allow for and contribute to audits of the processing activities covered by these Clauses, at reasonable intervals or if there are indications of non-compliance. In deciding on a review or audit, the data exporter may take into account relevant certifications held by the data importer.
(d) The data exporter may choose to conduct the audit by itself or mandate an independent auditor. Audits may include inspections at the premises or physical facilities of the data importer and shall, where appropriate, be carried out with reasonable notice.
(e) The Parties shall make the information referred to in paragraphs (b) and (c), including the results of any audits, available to the competent supervisory authority on request.

Clause 9

Use of sub-processors

(a) SPECIFIC PRIOR AUTHORISATION The data importer shall not sub-contract any of its processing activities performed on behalf of the data exporter under these Clauses to a sub-processor without the data exporter’s prior specific written authorisation. The data importer shall submit the request for specific authorisation at least ten (10) days prior to the engagement of the sub-processor, together with the information necessary to enable the data exporter to decide on the authorisation. The list of sub-processors already authorised by the data exporter can be found in Annex III. The Parties shall keep Annex III up to date.
(b) Where the data importer engages a sub-processor to carry out specific processing activities (on behalf of the data exporter), it shall do so by way of a written contract that provides for, in substance, the same data protection obligations as those binding the data importer under these Clauses, including in terms of third-party beneficiary rights for data subjects. The Parties agree that, by complying with this Clause, the data importer fulfils its obligations under Clause 8.8. The data importer shall ensure that the sub-processor complies with the obligations to which the data importer is subject pursuant to these Clauses.
(c) The data importer shall provide, at the data exporter’s request, a copy of such a sub-processor agreement and any subsequent amendments to the data exporter. To the extent necessary to protect business secrets or other confidential information, including personal data, the data importer may redact the text of the agreement prior to sharing a copy.
(d) The data importer shall remain fully responsible to the data exporter for the performance of the sub-processor’s obligations under its contract with the data importer. The data importer shall notify the data exporter of any failure by the sub-processor to fulfil its obligations under that contract.
(e) The data importer shall agree a third-party beneficiary clause with the sub-processor whereby – in the event the data importer has factually disappeared, ceased to exist in law or has become insolvent – the data exporter shall have the right to terminate the sub-processor contract and to instruct the sub-processor to erase or return the personal data.

Clause 10

Data subject rights

(a) The data importer shall promptly notify the data exporter of any request it has received from a data subject. It shall not respond to that request itself unless it has been authorised to do so by the data exporter.
(b) The data importer shall assist the data exporter in fulfilling its obligations to respond to data subjects’ requests for the exercise of their rights under Regulation (EU) 2016/679. In this regard, the Parties shall set out in Annex II the appropriate technical and organisational measures, taking into account the nature of the processing, by which the assistance shall be provided, as well as the scope and the extent of the assistance required.
(c) In fulfilling its obligations under paragraphs (a) and (b), the data importer shall comply with the instructions from the data exporter.

Clause 11

Redress

(a) The data importer shall inform data subjects in a transparent and easily accessible format, through individual notice or on its website, of a contact point authorised to handle complaints. It shall deal promptly with any complaints it receives from a data subject.
(b) In case of a dispute between a data subject and one of the Parties as regards compliance with these Clauses, that Party shall use its best efforts to resolve the issue amicably in a timely fashion. The Parties shall keep each other informed about such disputes and, where appropriate, cooperate in resolving them.
(c) Where the data subject invokes a third-party beneficiary right pursuant to Clause 3, the data importer shall accept the decision of the data subject to:some text
- (i) lodge a complaint with the supervisory authority in the Member State of his/her habitual residence or place of work, or the competent supervisory authority pursuant to Clause 13;
- (ii) refer the dispute to the competent courts within the meaning of Clause 18.
(d) The Parties accept that the data subject may be represented by a not-for-profit body, organisation or association under the conditions set out in Article 80(1) of Regulation (EU) 2016/679.
(e) The data importer shall abide by a decision that is binding under the applicable EU or Member State law.
(f) The data importer agrees that the choice made by the data subject will not prejudice his/her substantive and procedural rights to seek remedies in accordance with applicable laws.

Clause 12

Liability

(a) Each Party shall be liable to the other Party/ies for any damages it causes the other Party/ies by any breach of these Clauses.
(b) The data importer shall be liable to the data subject, and the data subject shall be entitled to receive compensation, for any material or non-material damages the data importer or its sub-processor causes the data subject by breaching the third-party beneficiary rights under these Clauses.
(c) Notwithstanding paragraph (b), the data exporter shall be liable to the data subject, and the data subject shall be entitled to receive compensation, for any material or non-material damages the data exporter or the data importer (or its sub-processor) causes the data subject by breaching the third-party beneficiary rights under these Clauses. This is without prejudice to the liability of the data exporter and, where the data exporter is a processor acting on behalf of a controller, to the liability of the controller under Regulation (EU) 2016/679 or Regulation (EU) 2018/1725, as applicable.
(d) The Parties agree that if the data exporter is held liable under paragraph (c) for damages caused by the data importer (or its sub-processor), it shall be entitled to claim back from the data importer that part of the compensation corresponding to the data importer’s responsibility for the damage.
(e) Where more than one Party is responsible for any damage caused to the data subject as a result of a breach of these Clauses, all responsible Parties shall be jointly and severally liable and the data subject is entitled to bring an action in court against any of these Parties.
(f) The Parties agree that if one Party is held liable under paragraph (e), it shall be entitled to claim back from the other Party/ies that part of the compensation corresponding to its/their responsibility for the damage.
(g) The data importer may not invoke the conduct of a sub-processor to avoid its own liability.

Clause 13

Supervision

(a) The supervisory authority with responsibility for ensuring compliance by the data exporter with Regulation (EU) 2016/679 as regards the data transfer, as indicated in Annex I.C, shall act as competent supervisory authority.
(b) The data importer agrees to submit itself to the jurisdiction of and cooperate with the competent supervisory authority in any procedures aimed at ensuring compliance with these Clauses. In particular, the data importer agrees to respond to enquiries, submit to audits and comply with the measures adopted by the supervisory authority, including remedial and compensatory measures. It shall provide the supervisory authority with written confirmation that the necessary actions have been taken.

SECTION III – LOCAL LAWS AND OBLIGATIONS IN CASE OF ACCESS BY PUBLIC AUTHORITIES

Clause 14

Local laws and practices affecting compliance with the Clauses

(a) The Parties warrant that they have no reason to believe that the laws and practices in the third country of destination applicable to the processing of the personal data by the data importer, including any requirements to disclose personal data or measures authorising access by public authorities, prevent the data importer from fulfilling its obligations under these Clauses. This is based on the understanding that laws and practices that respect the essence of the fundamental rights and freedoms and do not exceed what is necessary and proportionate in a democratic society to safeguard one of the objectives listed in Article 23(1) of Regulation (EU) 2016/679, are not in contradiction with these Clauses.
(b) The Parties declare that in providing the warranty in paragraph (a), they have taken due account in particular of the following elements:some text
- (i) the specific circumstances of the transfer, including the length of the processing chain, the number of actors involved and the transmission channels used; intended onward transfers; the type of recipient; the purpose of processing; the categories and format of the transferred personal data; the economic sector in which the transfer occurs; the storage location of the data transferred;
- (ii) the laws and practices of the third country of destination– including those requiring the disclosure of data to public authorities or authorising access by such authorities – relevant in light of the specific circumstances of the transfer, and the applicable limitations and safeguards ;
- (iii) any relevant contractual, technical or organisational safeguards put in place to supplement the safeguards under these Clauses, including measures applied during transmission and to the processing of the personal data in the country of destination.
(c) The data importer warrants that, in carrying out the assessment under paragraph (b), it has made its best efforts to provide the data exporter with relevant information and agrees that it will continue to cooperate with the data exporter in ensuring compliance with these Clauses.
(d) The Parties agree to document the assessment under paragraph (b) and make it available to the competent supervisory authority on request.
(e) The data importer agrees to notify the data exporter promptly if, after having agreed to these Clauses and for the duration of the contract, it has reason to believe that it is or has become subject to laws or practices not in line with the requirements under paragraph (a), including following a change in the laws of the third country or a measure (such as a disclosure request) indicating an application of such laws in practice that is not in line with the requirements in paragraph (a).
(f) Following a notification pursuant to paragraph (e), or if the data exporter otherwise has reason to believe that the data importer can no longer fulfil its obligations under these Clauses, the data exporter shall promptly identify appropriate measures (e.g. technical or organisational measures to ensure security and confidentiality) to be adopted by the data exporter and/or data importer to address the situation. The data exporter shall suspend the data transfer if it considers that no appropriate safeguards for such transfer can be ensured, or if instructed by the competent supervisory authority to do so. In this case, the data exporter shall be entitled to terminate the contract, insofar as it concerns the processing of personal data under these Clauses. If the contract involves more than two Parties, the data exporter may exercise this right to termination only with respect to the relevant Party, unless the Parties have agreed otherwise. Where the contract is terminated pursuant to this Clause, Clause 16(d) and (e) shall apply.

Clause 15

Obligations of the data importer in case of access by public authorities

15.1 Notification

(a) The data importer agrees to notify the data exporter and, where possible, the data subject promptly (if necessary with the help of the data exporter) if it:some text
- (i) receives a legally binding request from a public authority, including judicial authorities, under the laws of the country of destination for the disclosure of personal data transferred pursuant to these Clauses; such notification shall include information about the personal data requested, the requesting authority, the legal basis for the request and the response provided; or
- (ii) becomes aware of any direct access by public authorities to personal data transferred pursuant to these Clauses in accordance with the laws of the country of destination; such notification shall include all information available to the importer.
(b) If the data importer is prohibited from notifying the data exporter and/or the data subject under the laws of the country of destination, the data importer agrees to use its best efforts to obtain a waiver of the prohibition, with a view to communicating as much information as possible, as soon as possible. The data importer agrees to document its best efforts in order to be able to demonstrate them on request of the data exporter.
(c) Where permissible under the laws of the country of destination, the data importer agrees to provide the data exporter, at regular intervals for the duration of the contract, with as much relevant information as possible on the requests received (in particular, number of requests, type of data requested, requesting authority/ies, whether requests have been challenged and the outcome of such challenges, etc.).
(d) The data importer agrees to preserve the information pursuant to paragraphs (a) to (c) for the duration of the contract and make it available to the competent supervisory authority on request.
(e) Paragraphs (a) to (c) are without prejudice to the obligation of the data importer pursuant to Clause 14(e) and Clause 16 to inform the data exporter promptly where it is unable to comply with these Clauses.

15.2 Review of legality and data minimisation

(a) The data importer agrees to review the legality of the request for disclosure, in particular whether it remains within the powers granted to the requesting public authority, and to challenge the request if, after careful assessment, it concludes that there are reasonable grounds to consider that the request is unlawful under the laws of the country of destination, applicable obligations under international law and principles of international comity. The data importer shall, under the same conditions, pursue possibilities of appeal. When challenging a request, the data importer shall seek interim measures with a view to suspending the effects of the request until the competent judicial authority has decided on its merits. It shall not disclose the personal data requested until required to do so under the applicable procedural rules. These requirements are without prejudice to the obligations of the data importer under Clause 14(e).
(b) The data importer agrees to document its legal assessment and any challenge to the request for disclosure and, to the extent permissible under the laws of the country of destination, make the documentation available to the data exporter. It shall also make it available to the competent supervisory authority on request.
(c) The data importer agrees to provide the minimum amount of information permissible when responding to a request for disclosure, based on a reasonable interpretation of the request.

SECTION IV – FINAL PROVISIONS

Clause 16

Non-compliance with the Clauses and termination

(a) The data importer shall promptly inform the data exporter if it is unable to comply with these Clauses, for whatever reason.
(b) In the event that the data importer is in breach of these Clauses or unable to comply with these Clauses, the data exporter shall suspend the transfer of personal data to the data importer until compliance is again ensured or the contract is terminated. This is without prejudice to Clause 14(f).
(c) The data exporter shall be entitled to terminate the contract, insofar as it concerns the processing of personal data under these Clauses, where:
(i) the data exporter has suspended the transfer of personal data to the data importer pursuant to paragraph (b) and compliance with these Clauses is not restored within a reasonable time and in any event within one month of suspension;
(ii) the data importer is in substantial or persistent breach of these Clauses; or
(iii) the data importer fails to comply with a binding decision of a competent court or supervisory authority regarding its obligations under these Clauses.
In these cases, it shall inform the competent supervisory authority of such non-compliance. Where the contract involves more than two Parties, the data exporter may exercise this right to termination only with respect to the relevant Party, unless the Parties have agreed otherwise.
(d) Personal data that has been transferred prior to the termination of the contract pursuant to paragraph (c) shall at the choice of the data exporter immediately be returned to the data exporter or deleted in its entirety. The same shall apply to any copies of the data. The data importer shall certify the deletion of the data to the data exporter. Until the data is deleted or returned, the data importer shall continue to ensure compliance with these Clauses. In case of local laws applicable to the data importer that prohibit the return or deletion of the transferred personal data, the data importer warrants that it will continue to ensure compliance with these Clauses and will only process the data to the extent and for as long as required under that local law.
(e) Either Party may revoke its agreement to be bound by these Clauses where (i) the European Commission adopts a decision pursuant to Article 45(3) of Regulation (EU) 2016/679 that covers the transfer of personal data to which these Clauses apply; or (ii) Regulation (EU) 2016/679 becomes part of the legal framework of the country to which the personal data is transferred. This is without prejudice to other obligations applying to the processing in question under Regulation (EU) 2016/679.

Clause 17

Governing law

These Clauses shall be governed by the law of one of the EU Member States, provided such law allows for third-party beneficiary rights. The Parties agree that this shall be the law of Ireland.

Clause 18

Choice of forum and jurisdiction

(a) Any dispute arising from these Clauses shall be resolved by the courts of an EU Member State.
(b) The Parties agree that those shall be the courts of Ireland.
(c) A data subject may also bring legal proceedings against the data exporter and/or data importer before the courts of the Member State in which he/she has his/her habitual residence.
(d) The Parties agree to submit themselves to the jurisdiction of such courts.

APPENDIX

EXPLANATORY NOTE:

It must be possible to clearly distinguish the information applicable to each transfer or category of transfers and, in this regard, to determine the respective role(s) of the Parties as data exporter(s) and/or data importer(s). This does not necessarily require completing and signing separate appendices for each transfer/category of transfers and/or contractual relationship, where this transparency can be achieved through one appendix. However, where necessary to ensure sufficient clarity, separate appendices should be used.

ANNEX I

A. LIST OF PARTIES

Data exporter(s): [ Identity and contact details of the data exporter(s) and, where applicable, of its/their data protection officer and/or representative in the European Union]

Name: [Partner / Customer Name]

Address: [Partner / Customer Address]

Contact person’s name, position and contact details:

[Partner / Customer Point of Contact Name]

[Partner / Customer Point of Contact Email]

[Partner / Customer Point of Contact Phone]

Activities relevant to the data transferred under these Clauses:

As set out in Annex A of the DPA

Signature and date:

Role (controller/processor): Controller

Data importer(s): [Identity and contact details of the data importer(s), including any contact person with responsibility for data protection]

Name: Prezi Inc. / Infogram

Address: 101 Broadway, 2nd floor, Oakland, CA 94607 USA

Contact person’s name, position and contact details:

Compliance Manager, privacy@Prezi / Infogram.com

Activities relevant to the data transferred under these Clauses:

As set out in Annex A of the DPA

Signature and date: [Date]

Role (controller/processor): Processor

B. DESCRIPTION OF TRANSFER

Categories of data subjects whose personal data is transferred

Prezi / Infogram users (Natural person, adult)

Categories of personal data transferred

Contact and Account Information,
Payment Information,
Support Information (if applicable),
Content Information (if applicable).

Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialised training), keeping a record of access to the data, restrictions for onward transfers or additional security measures.

Not Applicable, no sensitive data will be transferred to Prezi / Infogram, Inc.

The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis).

Continuous

Nature of the processing

The nature of the processing may include the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of data.

Purpose(s) of the data transfer and further processing

Operation and Provision of the Prezi / Infogram Services to the relevant Prezi / Infogram Users of the Partner / Customer.

The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period

As set out in Section 8 of the DPA.

Prezi / Infogram, Inc. disposes of Personal Data by

A. destroying it,

B. erasing it, or

C. anonymizing it.

For transfers to (sub-) processors, also specify subject matter, nature and duration of the processing

Prezi / Infogram, Inc. may use others to help providing its Services. This may include application development, hosting, maintenance, backup, storage, virtual infrastructure, payment processing, fraud detection. Third-party service providers may have access to Prezi / Infogram Users‘ personal data as reasonably necessary to perform these tasks on Prezi / Infogram, Inc.‘s behalf and are obligated not to disclose or use it for other purposes. All Prezi / Infogram service providers must meet Prezi / Infogram, Inc.‘s security and privacy standards before they gain access to any of Prezi / Infogram Users‘ information.
Further , the matter, nature and duration of the processing is the same as Prezi / Infogram’s data processing itself.

C. COMPETENT SUPERVISORY AUTHORITY

Identify the competent supervisory authority/ies in accordance with Clause 13

Name: Data Protection Commission

21 Fitzwilliam Square South

Dublin 2 D02 RD28

Country: Ireland

Address: Postfach 3163, 65021 Wiesbaden

ANNEX II

TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA

Description of the technical and organisational measures implemented by the data importer(s) (including any relevant certifications) to ensure an appropriate level of security, taking into account the nature, scope, context and purpose of the processing, and the risks for the rights and freedoms of natural persons.

Measures of encryption of personal data,
Measures for ensuring ongoing confidentiality, integrity, availability and resilience of processing systems and services
Measures for ensuring the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident
Processes for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures in order to ensure the security of the processing
Measures for user identification and authorisation
Measures for the protection of data during transmission (encryption in transit)
Measures for the protection of data during storage (encryption at rest)
Measures for ensuring physical security of locations at which personal data are processed
Measures for ensuring events logging (extended security logging, preserving audit trails)
Measures for ensuring system configuration, including default configuration
Measures for internal IT and IT security governance and management (based on SOC 2/COSO, NIST CSF, and PCI/DSS)
Measures for certification/assurance of processes and products (SOC 2 Type 2)
Measures for ensuring data minimisation
Measures for ensuring data quality
Measures for ensuring limited data retention
Measures for ensuring accountability
Measures for allowing data portability and ensuring erasure
Measures set out in Annex B (Security Measures) of the DPA

For transfers to (sub-) processors, also describe the specific technical and organisational measures to be taken by the (sub-) processor to be able to provide assistance to the controller and, for transfers from a processor to a sub-processor, to the data exporter

Further, measures specific to transfers to Prezi / Infogram, Inc.‘s sub-processors are the same as Prezi Inc. / Infogram‘s own technical and organisational measures.

ANNEX III

LIST OF SUB-PROCESSORS

Please see “Annex C: Authorized Subprocessors“ of this Data Processing Agreement.

Applicable to those with employees or domicile in the United Kingdom only

Standard Data Protection Clauses to be issued by the Commissioner under S119A(1) Data Protection Act 2018

International Data Transfer Addendum to the EU Commission Standard Contractual Clauses
VERSION B1.0, in force 21 March 2022

This Addendum has been issued by the Information Commissioner for Parties making Restricted Transfers. The Information Commissioner considers that it provides Appropriate Safeguards for Restricted Transfers when it is entered into as a legally binding contract.

Part 1: Tables

Table 1: Parties

Start Date
The Parties	Exporter (who sends the Restricted Transfer)	Importer (who receives the Restricted Transfer)
Parties' details	Full legal name: Trading name (if different): Main address (if a company registered address): Official registration number (if any) (company number or similar identifier):	Full legal name: Prezi Inc. Trading name (if different): Main address (if a company registered address): 101 Broadway, 2nd floor, Oakland, CA 94607 US Official registration number (if any) (company number or similar identifier): 42-1768427
Key Contact	Full Name (optional): Job Title: Contact details including email:	Full Name (optional): Job Title: Compliance / DPO Contact details including email:
Signature (if required for the purposes of Section 2)

Table 2: Selected SCCs, Modules and Selected Clauses

Addendum EU SCCs

The version of the Approved EU SCCs which this Addendum is appended to, detailed below, including the Appendix Information:

Date: 4 June 2021 EU approved SCCs

Reference (if any):

Other identifier (if any):

the Approved EU SCCs, including the Appendix Information and with only the following modules, clauses or optional provisions of the Approved EU SCCs brought into effect for the purposes of this Addendum:

Module	Module in operation	Clause 7 (Docking Clause)	Clause 11 (Option)	Clause 9a (Prior Authorisation or General Authorisation)	Clause 9a (Time period)	Is personal data received from the Importer combined with personal data collected by the Exporter?
1
2
3
4

Table 3: Appendix Information

“Appendix Information” means the information which must be provided for the selected modules as set out in the Appendix of the Approved EU SCCs (other than the Parties), and which for this Addendum is set out in:

Annex 1A:	List of Parties:
Annex 1B:	Description of Transfer:
Annex II:	Technical and organisational measures including technical and organisational measures to ensure the security of the data:
Annex III:	List of Sub processors (Modules 2 and 3 only):

Table 4: Ending this Addendum when the Approved Addendum Changes

Ending this Addendum when the Approved Addendum changes

Which Parties may end this Addendum as set out in Section 19:

Importer

Exporter

neither Party

Part 2: Mandatory Clauses

Entering into this Addendum

1. Each Party agrees to be bound by the terms and conditions set out in this Addendum, in exchange for the other Party also agreeing to be bound by this Addendum.

2. Although Annex 1A and Clause 7 of the Approved EU SCCs require signature by the Parties, for the purpose of making Restricted Transfers, the Parties may enter into this Addendum in any way that makes them legally binding on the Parties and allows data subjects to enforce their rights as set out in this Addendum. Entering into this Addendum will have the same effect as signing the Approved EU SCCs and any part of the Approved EU SCCs.

Interpretation of this Addendum

3. Where this Addendum uses terms that are defined in the Approved EU SCCs those terms shall have the same meaning as in the Approved EU SCCs. In addition, the following terms have the following meanings:

Addendum	This International Data Transfer Addendum which is made up of this Addendum incorporating the Addendum EU SCCs.
Addendum EU SCCs	The version(s) of the Approved EU SCCs which this Addendum is appended to, as set out in Table 2, including the Appendix Information.
Appendix Information	As set out in Table 3.
Appropriate Safeguards	The standard of protection over the personal data and of data subjects' rights, which is required by UK Data Protection Laws when you are making a Restricted Transfer relying on standard data protection clauses under Article 46(2)(d) UK GDPR.
Approved Addendum	The template Addendum issued by the ICO and laid before Parliament in accordance with s119A of the Data Protection Act 2018 on 2 February 2022, as it is revised under Section 18.
Approved EU SCCs	The Standard Contractual Clauses set out in the Annex of Commission Implementing Decision (EU) 2021/914 of 4 June 2021.
ICO	The Information Commissioner.
Restricted Transfer	A transfer which is covered by Chapter V of the UK GDPR.
UK	The United Kingdom of Great Britain and Northern Ireland.
UK Data Protection Laws	All laws relating to data protection, the processing of personal data, privacy and/or electronic communications in force from time to time in the UK, including the UK GDPR and the Data Protection Act 2018.
UK GDPR	As defined in section 3 of the Data Protection Act 2018.

4. This Addendum must always be interpreted in a manner that is consistent with UK Data Protection Laws and so that it fulfils the Parties’ obligation to provide the Appropriate Safeguards.

5. If the provisions included in the Addendum EU SCCs amend the Approved SCCs in any way which is not permitted under the Approved EU SCCs or the Approved Addendum, such amendment(s) will not be incorporated in this Addendum and the equivalent provision of the Approved EU SCCs will take their place.

6. If there is any inconsistency or conflict between UK Data Protection Laws and this Addendum, UK Data Protection Laws applies.

7. If the meaning of this Addendum is unclear or there is more than one meaning, the meaning which most closely aligns with UK Data Protection Laws applies.

8. Any references to legislation (or specific provisions of legislation) means that legislation (or specific provision) as it may change over time. This includes where that legislation (or specific provision) has been consolidated, re-enacted and/or replaced after this Addendum has been entered into.

Hierarchy

9. Although Clause 5 of the Approved EU SCCs sets out that the Approved EU SCCs prevail over all related agreements between the parties, the parties agree that, for Restricted Transfers, the hierarchy in Section ‎10 will prevail.

10. Where there is any inconsistency or conflict between the Approved Addendum and the Addendum EU SCCs (as applicable), the Approved Addendum overrides the Addendum EU SCCs, except where (and in so far as) the inconsistent or conflicting terms of the Addendum EU SCCs provides greater protection for data subjects, in which case those terms will override the Approved Addendum.

11. Where this Addendum incorporates Addendum EU SCCs which have been entered into to protect transfers subject to the General Data Protection Regulation (EU) 2016/679 then the Parties acknowledge that nothing in this Addendum impacts those Addendum EU SCCs.

Incorporation of and changes to the EU SCCs

12. This Addendum incorporates the Addendum EU SCCs which are amended to the extent necessary so that:

A. Together they operate for data transfers made by the data exporter to the data importer, to the extent that UK Data Protection Laws apply to the data exporter’s processing when making that data transfer, and they provide Appropriate Safeguards for those data transfers;
B. Sections ‎9 to ‎11 override Clause 5 (Hierarchy) of the Addendum EU SCCs; and
C. This Addendum (including the Addendum EU SCCs incorporated into it) is (1) governed by the laws of England and Wales and (2) any dispute arising from it is resolved by the courts of England and Wales, in each case unless the laws and/or courts of Scotland or Northern Ireland have been expressly selected by the Parties.

13. Unless the Parties have agreed alternative amendments which meet the requirements of Section ‎12, the provisions of Section ‎15 will apply.

14. No amendments to the Approved EU SCCs other than to meet the requirements of Section ‎12 may be made.

15. The following amendments to the Addendum EU SCCs (for the purpose of Section ‎12) are made:

A. References to the “Clauses” means this Addendum, incorporating the Addendum EU SCCs;
B. In Clause 2, delete the words:some text
- “and, with respect to data transfers from controllers to processors and/or processors to processors, standard contractual clauses pursuant to Article 28(7) of Regulation (EU) 2016/679”;
C. Clause 6 (Description of the transfer(s)) is replaced with:some text
- “The details of the transfers(s) and in particular the categories of personal data that are transferred and the purpose(s) for which they are transferred) are those specified in Annex I.B where UK Data Protection Laws apply to the data exporter’s processing when making that transfer.”;
D. Clause 8.7(i) of Module 1 is replaced with:some text
- “it is to a country benefitting from adequacy regulations pursuant to Section 17A of the UK GDPR that covers the onward transfer”;
E. Clause 8.8(i) of Modules 2 and 3 is replaced with:some text
- “the onward transfer is to a country benefitting from adequacy regulations pursuant to Section 17A of the UK GDPR that covers the onward transfer;”
F. References to “Regulation (EU) 2016/679”, “Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation)” and “that Regulation” are all replaced by “UK Data Protection Laws”. References to specific Article(s) of “Regulation (EU) 2016/679” are replaced with the equivalent Article or Section of UK Data Protection Laws;
G. References to Regulation (EU) 2018/1725 are removed;
H. References to the “European Union”, “Union”, “EU”, “EU Member State”, “Member State” and “EU or Member State” are all replaced with the “UK”;
I. The reference to “Clause 12(c)(i)” at Clause 10(b)(i) of Module one, is replaced with “Clause 11(c)(i)”;
J. Clause 13(a) and Part C of Annex I are not used;
K. The “competent supervisory authority” and “supervisory authority” are both replaced with the “Information Commissioner”;
L. In Clause 16(e), subsection (i) is replaced with:some text
- “the Secretary of State makes regulations pursuant to Section 17A of the Data Protection Act 2018 that cover the transfer of personal data to which these clauses apply;”;
M. Clause 17 is replaced with:some text
- “These Clauses are governed by the laws of England and Wales.”;
N. Clause 18 is replaced with:some text
- “Any dispute arising from these Clauses shall be resolved by the courts of England and Wales. A data subject may also bring legal proceedings against the data exporter and/or data importer before the courts of any country in the UK. The Parties agree to submit themselves to the jurisdiction of such courts.”; and
O. The footnotes to the Approved EU SCCs do not form part of the Addendum, except for footnotes 8, 9, 10 and 11.

Amendments to this Addendum

16. The Parties may agree to change Clauses 17 and/or 18 of the Addendum EU SCCs to refer to the laws and/or courts of Scotland or Northern Ireland.

17. If the Parties wish to change the format of the information included in Part 1: Tables of the Approved Addendum, they may do so by agreeing to the change in writing, provided that the change does not reduce the Appropriate Safeguards.

18. From time to time, the ICO may issue a revised Approved Addendum which:

A. makes reasonable and proportionate changes to the Approved Addendum, including correcting errors in the Approved Addendum; and/or
B. reflects changes to UK Data Protection Laws;

The revised Approved Addendum will specify the start date from which the changes to the Approved Addendum are effective and whether the Parties need to review this Addendum including the Appendix Information. This Addendum is automatically amended as set out in the revised Approved Addendum from the start date specified.

19. If the ICO issues a revised Approved Addendum under Section ‎18, if any Party selected in Table 4 “Ending the Addendum when the Approved Addendum changes”, will as a direct result of the changes in the Approved Addendum have a substantial, disproportionate and demonstrable increase in:

A. its direct costs of performing its obligations under the Addendum; and/or
B. its risk under the Addendum,

and in either case it has first taken reasonable steps to reduce those costs or risks so that it is not substantial and disproportionate, then that Party may end this Addendum at the end of a reasonable notice period, by providing written notice for that period to the other Party before the start date of the revised Approved Addendum.

20. The Parties do not need the consent of any third party to make changes to this Addendum, but any changes must be made in accordance with its terms.

Alternative Part 2 Mandatory Clauses:

Mandatory Clauses

Part 2: Mandatory Clauses of the Approved Addendum, being the template Addendum B.1.0 issued by the ICO and laid before Parliament in accordance with s119A of the Data Protection Act 2018 on 2 February 2022, as it is revised under Section 18 of those Mandatory Clauses.

‍

Last updated: November 27th 2024

IMPORTANT NOTICE REGARDING ARBITRATION FOR U.S. CUSTOMERS: WHEN YOU AGREE TO THESE TERMS YOU ARE AGREEING (WITH LIMITED EXCEPTION) TO RESOLVE ANY DISPUTE BETWEEN YOU AND PREZI THROUGH BINDING, INDIVIDUAL ARBITRATION RATHER THAN IN COURT. PLEASE REVIEW THE “DISPUTE RESOLUTION” SECTION BELOW FOR DETAILS REGARDING ARBITRATION.

1. Introduction

This is important, so please read carefully! Thank you.This is a binding legal agreement between the natural person or legal person (“Customer” or “you”) agreeing to these Terms of Service (“Terms”) and Prezi Inc. (“Prezi,” “us,” or “we”). By accepting these Terms, signing an Order, or using the services subject to these Terms of Service (collectively the “Service(s)” or “Prezi Service(s)”), you represent that you have civil and legal capacity, that you are of legal age and have the authority to bind the Customer to the Order, these Terms and the following additional terms and conditions and policies, which are hereby incorporated by reference (collectively, the “Agreement”)

Your use of and access to the Prezi Service, and the licenses granted herein are expressly conditioned upon your compliance with and acceptance of this Agreement.

If you register on behalf of a legal person, you represent to Prezi that you have the authority to bind that legal person and that your acceptance of this Agreement will be treated as acceptance by that legal person. The Prezi Services are not available to persons who are not legally eligible to be bound by this Agreement.

Changes and Modifications. Prezi may change or amend these Terms. If we make material changes, we will notify you, either through this page, the user interface, in an email notification, or through other reasonable means. Your use of the Service after the date such change(s) become effective will constitute consent to the changed terms. If you do not agree to the changes, you must immediately stop using the Service. Otherwise, the new terms will apply to you.

As long as you comply with this Agreement, Prezi grants you a limited, revocable, non-exclusive, non-assignable, non-sublicensable right to access and use the Service as it is intended to be used and in accordance with this Agreement and applicable law. We grant you no other rights, implied or otherwise.

Links to Other Sites. The Service may contain links to or allow you to interact with and make use of other independent third-party websites, products or services (“Third-Party Sites, Products and Services”). Access to Third-Party Sites, Products, and Services are provided solely as a convenience to our Visitors and Customers. Such Third-Party Sites, Products, and Services are not under Prezi’s control and Prezi does not necessarily endorse the content, advertising, products, services or other materials on or available from such Third-Party Sites, Products and Services. Your use of any Third-Party Sites, Products and Services may be subject to the third-party provider’s terms and conditions and privacy policy and may involve the disclosure or transfer of information from or about you to the third-party provider. You will need to make your own independent judgment regarding your use of and interaction with any Third-Party Sites, Products and Services. You acknowledge and agree that Prezi is not responsible for the availability of any Third-Party Sites, Products and Services and that Prezi shall not be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with your use of or interaction with any Third-Party Sites, Products and Services.

2. Description of Service

The Prezi Service is a living presentation, video - and data visualization tool for presenting and storytelling. The Service combines creative thinking and technological expertise to allow you to seamlessly create your own high-quality presentations, videos, webinars or other content, post and stream them to the internet, and share them with friends or colleagues. The Service includes AI-powered products and tools (“AI Products”), which are governed by these Terms in addition to our AI Product Terms of Use .

3. Trials

You are granted a nonexclusive, revocable right during the specified (14 day unless otherwise stated in writing) free trial period (the “Trial Period”) to access the Site and use the Service and Software and to permit your Users to do so, subject to these Terms. At the end of the Trial Period, the use of the Service by you and your Users will either (1) migrate to a standard paid subscription and be bound by the Prezi or Infogram, as applicable, terms and conditions applicable thereto, or (2) terminate. You expressly agree that you waive any and all rights to a refund by engaging to have a Trial Period and attest herein to waive all such rights to a refund.

These Terms also govern any use of the Service by any person who has been supplied a user identification and password for the Service by you, on your behalf or at your request (each a “User”), and you agree to be responsible for any use of the Service by any of your Users. By using the Service or permitting any User to use the Service, you agree to these Terms. If you do not agree to all of the Terms, you do not have the right to access, or permit any User to access, the Site and use the Service and Software. These Terms comprise the entire agreement between you and us, and supersede all prior or contemporaneous negotiations, discussions or agreements, whether written or oral, between you and us, regarding the subject matter contained herein.

You may terminate the Trial Period prior to its scheduled end by issuing a written termination notice to Prezi. Upon Prezi’s receipt of the termination notice, the Trial Period will terminate, your license to use the Deliverables will terminate, you may not make any further use of the content / Deliverables you created. If you do not issue Prezi a written termination notice before the scheduled end of the Trial Period, you will have a worldwide, royalty-free, non-exclusive right and license to use the resulting content / Deliverables solely in connection with your Prezi account until your Prezi account expires or is terminated. The current fee for the account type you have selected will automatically and immediately be charged to your payment instrument or account on the date your free Trial Period expires.

Free trials are limited to one concurrent period of 14 days unless stated of a different length. Users must not fraudulently obtain (or attempt to obtain) additional trial periods beyond the single free trial term.

While you may be able to create Private User Content during the Trial Period, Prezi reserves the right to designate such Private User Content as Public User Content after the conclusion of the Trial Period if you do not convert your free trial into a paid Prezi account.

4. Conditions and Restrictions of Use, User Conduct

As a condition of use, and the licenses granted to you herein, you agree that you will not (and will not attempt to):

Distribute any part of, or parts of the Website or the Service, including but not limited to any content made available on or through the Services (“Content”), in any medium without Prezi's prior written authorization, unless Prezi makes available the means for such distribution through functionality offered by the Service.
Alter or modify any part of the Website or any of the Service.
Access Content through any technology or means other than as Prezi may explicitly designate for this purpose.
Circumvent, disable or otherwise interfere with any security-related features of the Service or features that (i) prevent or restrict use or copying of Content or (ii) enforce limitations on use of the Service or the content accessible via the Service.
Without Prezi’s express written permission, sell access to the Services or sell advertising, sponsorships or promotions placed on or within the Services or any User Content.
Use or launch any automated system (including, without limitation, any robot, spider or offline reader) that accesses the Service.
Collect or harvest any personal data of any user of the Website or any Service (and agree that this shall be deemed to include Prezi account names).
Use the Prezi Services (including the comments and email features) for spamming, advertising, or other solicitation of business in the course of trade or in connection with a commercial enterprise.
Solicit, for commercial purposes, any users of the Prezi Service.
Access the Prezi Services or User Content, other than as intended through and permitted by the normal functionality of the Prezi Services.
Copy, reproduce, distribute, transmit, broadcast, display, sell, license, or otherwise exploit any Prezi Content, User Content, or other content for any purposes not expressly permitted herein, without the prior written consent of Prezi or the respective owners of the content.
Share login credentials or passwords or use of your account with any other person. You are entirely responsible for maintaining the confidentiality of your account information, including your password, and for any and all activity that occurs under your account. You agree to notify Prezi immediately of any unauthorized use of your account or password, or any other breach of security. If your account is a single user account, you must not knowingly allow others to use your account or password.
Use the Service to harass, threaten, impersonate, or intimidate anyone.
Upload, post, email, transmit, or otherwise make available any content that is unlawful, harmful, threatening, violent, sexually explicit, abusive, harassing, tortuous, defamatory, vulgar, obscene, libelous, invasive of another’s privacy, hateful, or racially, ethnically, or otherwise objectionable.
Upload, post, email, transmit, publicly perform, or otherwise make available any content that violates the copyright, trademark, publicity, privacy, or other rights of third parties. You and not Prezi are responsible for assuring that you are not violating the copyright, trademark, publicity, privacy or other rights of third parties. You must comply with all intellectual property and other laws applicable to your use of the Service.
Upload, post, email, transmit, publicly perform, or otherwise make available any content that features a photo or likeness of a person without having obtained documented consent. In the case of anyone under sixteen years of age, such documented consent will have been obtained from a legal guardian.
Upload, post, email, transmit or otherwise make available any unsolicited or unauthorized advertising, promotional materials, “junk mail,” “spam,” “chain letters,” “pyramid schemes,” “affiliate links,” or any other form of solicitation.
Upload, post, email, transmit, or otherwise make available any malware, adware, spyware, viruses or any software of a destructive or malicious nature.
Violate any laws applicable to your use of the Service (including but not limited to intellectual property and data protection laws).
Use the Service for any illegal or unauthorized purpose. You agree to comply with all applicable laws in all applicable jurisdictions (including your own jurisdiction).
Use the Service, or any content produced on or using the Service, to falsely suggest an affiliation, sponsorship, or endorsement on the part of Prezi for the topic and/or creator of the presentation.
Access the Prezi Services if your access has been suspended, revoked or terminated.

You agree that your failure to adhere to any of the above conditions, or any other provision of these Terms of Service, shall constitute a breach of these Terms of Service on your part. In the event of breach or a documented alleged breach Prezi reserves the right to remove the content from being publicly available. The content will be removed permanently from being publicly accessible if a breach is confirmed. It is your responsibility to diligently and responsibly adhere to these Terms.

System requirements. Use of the Prezi Services may require one or more compatible devices, Internet access (fees may apply), and certain software (fees may apply), and may require obtaining updates or upgrades from time to time. Because use of the Services involves hardware, software, and Internet access, your ability to access and use the Services may be affected by the performance of these factors. High-speed Internet access is recommended. You acknowledge and agree that such system requirements, which may be changed from time to time, are your responsibility.

5. Age Restrictions on Use of the Service

You may not use the Service if you are under 13 years of age. You represent that you are 13 or older, and that you will not permit a minor under the age of 13 to use the Service, your Prezi account, or otherwise interact with the Service. Prezi will never knowingly solicit or accept personally identifiable information or other content from a user or visitor who Prezi knows is under 13 years of age. If Prezi discovers that a user under 13 years of age has created an account, or that a user or visitor under 13 years of age has posted personally identifiable information or other content to the Service, Prezi will terminate the account and remove the information or other content.

Users between 13 and 18 (each a “Teen”) may not access or use the Service unless (i) both the Teen and their parent or legal guardian have first agreed to these Terms of Service; and (ii) the Teen uses an account established by their parent or legal guardian, under such parent or guardian’s supervision, and with such parent or guardian’s permission. If you permit a Teen to use the Service, you hereby agree to these Terms of Service on behalf of both yourself and the Teen. You further agree that you are solely responsible for any and all use of the Service by your Teen regardless of whether such use was authorized by you.

6. Account Types

Prezi offers a variety of user accounts. You can find out about all the types of accounts, as well as their features and pricing, here . Services, features, account types and pricing are subject to change.

‍

7. Beta Services

Prezi may, from time to time, offer access to services that are classified as 'Beta version'. Access to and use of Beta versions may be subject to additional terms of service, policies and other agreements. Prezi makes no warranties and representations that a Beta version will ever be made generally available and reserves the right to discontinue or modify a Beta version at any time without notice. Beta versions are provided AS-IS, may contain bugs, errors or other defects, and your use of a Beta version is at your sole risk.

‍

8. User Content & Options

8.1 General

Prezi offers a number of ways to share, or not share, any presentations or other content, such as text, files, documents, graphics, images, audio and video that you create or make available through the Services, but excluding Prezi Content (“User Content”), including presentations, videos, with others.

Prezi Public (free) Accounts. If you have a Prezi Public (free) account, all of the User Content you create, including all of the information within your presentations, your videos, your other content, and your username will be available to anyone who has access to the internet (“Public User Content”). Public account holders with specific licenses may be able to create Private User Content, as defined below, including the option to create unlisted/private videos. Public User Content, including presentations or videos, can be viewed by other Prezi users, will appear in the searchable Prezi database, in publicly available search engines and will be available for others to access and view online.

Re-useable Public User Content. If your content is designated as Public User Content, you may choose to “allow re-use” of that content (in the case of videos that are designated Public User Content, you are required to allow re-use). We may share your reusable Public User Content with our AI third-party partners who may use this content for their own commercial purposes, including without limitation, to train and improve their AI algorithms and models or to conduct AI research and development.

Paid Prezi Accounts. If you have a paid Prezi account, all of your User Content will not be accessible or viewable by other Prezi users or the Public (“Private User Content”) by default unless you elect to designate such User Content as Public User Content. If you have an educational or paid Prezi account, you can choose to designate your content Public User Content or Private User Content. Presentations designated as Private User Content will not be available to the public. You may invite one or more people (a “Viewer”) to view your presentation or video by sending them a “share” or “invite” link. You can learn more about sharing here . You hereby do and shall grant to each Invited Viewer a worldwide, non-exclusive license to access, view, publicly perform, publicly display and communicate to the public your Private User Content. This license ends one year after you delete the Private User Content, including the presentation or video, or your account is closed (either by you or by us), except to the extent that the Private User Content has been shared with others and they have not deleted it.

‍

Prezi reserves the right to remove from display and/or delete any content, data or other material in Prezi’s reasonable business judgment or upon formal notice from the copyright or intellectual property owner, violates any of the above prohibitions or as directed by law enforcement agencies, regulators or legal process.

Sharing with edit rights. Regardless of whether your User Content has been designated as Public User Content or Private User Content, you may choose to share a presentation, video or other User Content in a manner that allows the person you’ve shared such User Content with (a “Co-editor”) to reuse or edit that User Content, or portions thereof as permitted by the Prezi Services. You can learn more about sharing with edit rights here . You hereby do and shall grant to each Co-editor a worldwide, non-exclusive license to use, store, reproduce, modify, create derivative works, communicate to the public, publish, publicly perform, publicly display, distribute and transmit User Content of which they are Co-editors. This license ends one year after you delete such User Content or your account is closed (either by you or by us), except to the extent that the User Content has been shared with the Co-editors and they have not deleted it.

Prezi Videos. You may create, stream, record and share videos using the Prezi Services. These videos may feature, among other things, the image of you, Prezi presentations, and other User Content. Live video feeds (including via Facebook Live and Zoom) are supported as well. As with all online activities, please exercise discretion in deciding what to post.

Integration with Other Services. Prezi supports sharing with other Third-party Services. You hereby grant to Prezi all rights necessary to connect your social media and other third-party accounts, and to effectuate your User Content sharing (including without limitation video streaming) with these platforms. Please be aware that third-party services are governed by their own terms and policies; it is your responsibility to familiarize yourself with them before posting.

Prezi for Teams Accounts. If your account is part of a Prezi for Teams account, your account is subject to the terms and conditions of the agreement between Prezi and the owner of the Prezi for Teams account, i.e. the entity (the “Team Administrator”) that is financially responsible for any fees associated with the Prezi for Teams accounts belonging to that entity and which assigned your Prezi for Teams account to you. Those terms may be in addition to or different from the terms and conditions in this Agreement. Please note that the Team Administrator controls your Prezi for Teams account and may, among other things:

manage your account, including changing the privacy settings;
suspend or cancel your account;
grant, restrict or block access to your account;
view your account’s usage, including how and when your account is used;
view your account’s profile data;
read, copy, modify, export, share, store or delete Content (both Public User Content and Private User Content) in your account;
make Public User Content private;
make Private User Content public.

Please ask your Team Administrator about the specific conditions applicable to your Prezi for Teams account. You hereby do and shall grant to the Team Administrator a worldwide, non-exclusive license to use, store, reproduce, modify, create derivative works, communicate to the public, publish, publicly perform, publicly display, distribute and transmit the Public User Content or Private User Content of your Prezi for Teams account. This license ends one year after you delete the presentation or your Prezi for Teams account is closed (either by you, the Team Administrator or by us), except to the extent that the content has been shared with others and they have not deleted it.

Business Accounts. If you sign up for a Prezi Public Account or a Paid Prezi Account with an e-mail address using a domain owned by an organization (“Organization”) then, depending on your country of habitual residence and the agreement entered into between us and the Organization, your account (a “Business Account”) is subject to the terms and conditions of the agreement between Prezi and the Organization. Those terms may be in addition to or different from the terms and conditions in this Agreement. Please note that the Organization controls your Business Account and may have the same rights with regard to your Business Account that a Team Administrator has with regard to a Prezi for Teams account.

If you convert your account to a Business Account, the Organization may prevent you from subsequently converting your account to another account type. Please ask your Organization about the specific conditions applicable to your Business Account. You hereby do and shall grant to the Organization a worldwide, non-exclusive license to use, store, reproduce, modify, create derivative works, communicate to the public, publish, publicly perform, publicly display, distribute and transmit the Public User Content or Private User Content of your account. This license ends one year after you delete the presentation or your account is closed (either by you or by us), except to the extent that the content has been shared with others and they have not deleted it.

The Organization may request Prezi to block your account until you either convert your account to a Business Account or you associate a personal e-mail address with your account.

Your Accounts. You are solely responsible for (i) all use of the Services by you and your users, (ii) obtaining consent from your users to the collection, use, processing and transfer of User Content, and (iii) providing notices or obtaining consent as legally required in connection with the Prezi Services. We do not send emails asking for your usernames or passwords, and to keep your accounts secure, you should keep all usernames and passwords confidential. We may suspend the Prezi Services or terminate the Agreement if you, your users, or attendees are using the Services in a manner that is likely to cause harm to us or to third parties. You agree to notify us immediately in the event you become aware of a security breach.

Trials and Free Services. Your right to access and use the Prezi Services is not guaranteed for any period of time and we reserve the right, in our sole discretion, to limit or terminate the use of any Prezi Service at any time. If you are using the Services on a trial or promotional basis (“Trial Period”), your Trial Period and access to the Services will terminate (i) at the end of the Trial Period stated in your Order, or (ii) if no date is specified, 14 days after your initial access to the Prezi Services, or (iii) upon your conversion to a subscription. We may modify or discontinue any trials or promotions at any time without notice.

‍

8.2 Licenses you grant to Prezi for use of Public User Content and Private User Content.

With respect to Private User Content, you hereby do and shall grant to Prezi (and its successors, assignees, and third-party service providers) a worldwide, non-exclusive, royalty-free, fully paid, sublicensable, and transferable license to use, host, store, reproduce, modify, create derivative works, communicate to the public, publish, publicly perform, publicly display, distribute and transmit the content for the purpose of providing you, and those with whom you have shared your Private User Content, including but not limited to presentations, videos, with the Service. This license ends one year after you delete your Private User Content or your account is closed (either by you or by us), except (i) to the extent that your Private User Content has been shared with others and they have not deleted it, (ii) that if you are a habitual resident of a Member State of the European Economic Area, we retain a license to maintain a back-up copy of your Private User Content for two years and (iii) that if you are not a habitual resident of a Member State of the European Economic Area, we retain a license to maintain a back-up copy of your Private User Content indefinitely.

With respect to Private User Content, you hereby do and shall grant to Prezi (and its successors, assignees, and third-party service providers) a worldwide, non-exclusive, royalty-free, fully paid, sublicensable, and transferable license to use, host, store, reproduce, modify, create derivative works, communicate to the public, publish, publicly perform, publicly display, distribute and transmit the content for the following purposes:

‍

as required to provide the Services to you or those with whom you have shared your Private User Content or as otherwise necessary for purposes of Prezi’s legitimate interests (including evaluating and responding to security incidents and legal requests), or
as authorized or instructed by you or your users in this Agreement or in any other agreement between the parties, or
as required to comply with our policies, applicable law (including copyright and intellectual property), or governmental request, or
as required to conduct research and development for the further development of our Services in order to provide the Services to you and others (including account, service usage, feature usage, suitability for feature development and survey information).

‍

This license ends one year after you delete your Private User Content or your account is closed (either by you or by us), except (i) to the extent that your Private User Content has been shared with others and they have not deleted it, (ii) that if you are a habitual resident of a Member State of the European Economic Area, we retain a license to maintain a back-up copy of your Private User Content for two years and (iii) that if you are not a habitual resident of a Member State of the European Economic Area, we retain a license to maintain a back-up copy of your Private User Content indefinitely.

With respect to Public User Content, you hereby do and shall grant to Prezi (and its successors, assignees, and third-party service providers) a worldwide, perpetual, non-exclusive, royalty-free, fully paid, sublicensable (through multiple tiers), and transferable license to use, host, store, reproduce, modify, create derivative works, communicate to the public, publish, publicly perform, publicly display, distribute and transmit the Public User Content for any purpose, including without limitation (1) for the purpose of providing you, and those with whom you have shared Public User Content, including but not limited to your presentations, videos (including the public), with the Service; and (2) in connection with promotion and marketing of Prezi products and services, including without limitation allowing third parties to search or index the content, in connection with email promotions, product demonstrations, and the like.

Further you agree that Prezi has the right to use your Public User Content (excluding your username) to train our algorithms, models, and AI products and services, to develop, improve and provide our Services, including Prezi AI.

Prezi makes no claim of ownership to your User Content and obtains no rights to your content other than as provided for herein.

When you upload User Content on or through the Service, you represent and warrant that, with respect to all User Content that you use, upload, transmit, publish and disseminate through the Service, (a) you have all the rights, consents, releases, permissions and licenses necessary to use, upload, transmit, disseminate, reproduce, publish, communicate to the public, publicly display, perform publicly, distribute, or otherwise exploit such User Content in connection with the Service (and to grant to Prezi and/or others the licenses set forth in this Agreement); (b) the User Content will not infringe or otherwise violate any rights, including but not limited to privacy, image, name, honor, dignity, copyright, trademark or any other intellectual property right, right of publicity and/or legal interests of any third party; (c) you have obtained documented consent from the owner or person in the case of an image to use such image in your Content.

‍

8.3 Expiration and revocability of licenses

Prezi makes it easy for users with qualified accounts to change a presentation’s public/private, and “allow reuse” status at any time.

However, uses made of your presentation, video or other User Content, whether by Prezi or its users, are subject to the licenses that were in place at the time such use was originally made by the person or entity who originally made the use. For example, licensed uses of Public User Content, or content that allows reuse, may continue to be made after such content is designated Private User Content, by those users or entities who previously used the content under the prior license.

‍

8.4 Third-party and linked/embedded content

Prezi gives you the option, when creating or editing a presentation, to search for and insert third-party content, including but not limited to images and content from other web-based platforms (such as Infogram), into your User Content (presentations, videos, etc.). Such third-party content is subject to the license terms and contractual provisions that accompany it, and you are solely responsible for compliance with all such terms and provisions. For example, if you use an image that is licensed pursuant to a Creative Commons license that prohibits commercial use, you may not use the image for commercial purposes. Similarly, if you use Infogram charts, custom images, YouTube videos, or other third-party content in your User Content, including presentations, videos, your use must be consistent with the terms of use provided by those third parties, and the licenses applicable to that content. Some license terms and contractual provisions may limit the manner in which you are permitted to use your User Content, such as share it with others, or allow re-use of presentation, video.

‍

8.5 Professional Services

If your Prezi account includes design services, training services or other professional services, (collectively, “Professional Services”), this section applies to your account.

Prezi will perform the Professional Services in a competent and professional manner.
‍
You will provide all assistance and cooperation to Prezi reasonably necessary to permit Prezi to perform the Professional Services. You acknowledge that failure to provide such assistance and cooperation may impair Prezi’s ability to provide the Professional Services and may result in additional charges being invoiced to you as a result of additional time or expenses incurred by Prezi as a result. You will be responsible for making, at your sole expense, any changes or additions to your hardware and software systems that may be required to support Prezi’s performance of the Professional Services or the installation, implementation and/or use of any deliverables specified (each, a “Deliverable” and, collectively, the “Deliverables”). You will assign a project manager to (i) assist and coordinate with Prezi in connection with its performance of the Professional Services, (ii) serve as a principal point of contact with Prezi and (iii) perform the review, analysis, and acceptance of the Deliverables.

Upon payment in full of the fees for your Prezi account which includes Professional Services, or upon payment in full of Prezi’s fees for the Professional Services if such fees are separate from the charges for your Prezi account, you will have a worldwide, royalty-free, non-exclusive right and license to use the resulting Deliverables solely in connection with your Prezi account on a trial basis for sixty (60) days from the date your Prezi account is activated (the “Trial Period”). You may terminate the Trial Period prior to its scheduled end by issuing a written termination notice to Prezi. Upon Prezi’s receipt of the termination notice, the Trial Period will terminate, your license to use the Deliverables will terminate, you may not make any further use of the Deliverables and you will be entitled to a credit for the portion of the fees which you paid which are applicable to the Professional Services which directly relate to the applicable Deliverables. If you do not issue Prezi a written termination notice before the scheduled end of the Trial Period, you will have a worldwide, royalty-free, non-exclusive right and license to use the resulting Deliverables solely in connection with your Prezi account until your Prezi account expires or is terminated.

Prezi reserves all rights to the Deliverables that are not expressly granted in these Terms of Service. Nothing in these Terms of Service will be construed as granting you any property rights in or to the Deliverables or in or to any invention or any patent, copyright, trademark or other intellectual property rights that have been issued, or that may issue, based on the Deliverables. The Deliverables are licensed hereby, not sold.

‍

9. Payment Terms

9.1 Payment for subscription

You agree to pay the then-current fee for your account type. Some Prezi accounts are offered with a free trial period. Such free trials are limited to one-per-user. Users must not fraudulently obtain (or attempt to obtain) additional trial periods beyond the single free trial term.

If your account began with a free trial, the current fee for the account type you have selected will automatically and immediately be charged to your payment instrument or account on the date your free trial expires. If your account did not begin with a free trial, the current fee for the account type you have selected will automatically and immediately be charged to your payment instrument or account on the date you signed up and then every 30 or 365 days after (depending on the billing cycle which applies to your account). Fees charged for one account type may not be credited towards other account types. All currency references are in U.S. dollars.

‍

Stored Credential Consent Agreement. This Stored Credential Consent Agreement (“Agreement”) is between Prezi Inc. and its Affiliates and entities (“Prezi”, “we”) and you, the cardholder (“Cardholder” or “you”).

This Agreement is an integral part of these Terms and applies to Cardholders that request Prezi to make recurring payments and to store profile and transaction information including saving credit card information for future purchase during the checkout or payment flow.

You hereby acknowledge that Prezi or its payment service provider will need to store your credit card information, including but not limited to credit card number, expiration date and associated contact and transaction information, in order to process future payments (“Cardholder Data” or “CHD”) and you are hereby providing consent for that storage.

Your stored CHD will be used only to process future payment(s) through our payment processor(s). The use of other information that may be contained within the CHD such as your name and email address will only be used as specified in our Privacy Policy.

Prezi cancellation and refund policies are detailed herein, the recurring payment can be canceled, in accordance with the provisions in the Terms, through your account detail when logged in or by contacting Prezi Customer Support as stated below.

‍

9.2 Fraud protections

To protect against potential fraud, Prezi may take steps to verify the validity of the credit card information you provide to us. The verification process may include debiting an amount between $0.01 and $0.99 from your credit card account and then immediately crediting the same amount back to your credit card, as well as asking you to verify the amount debited in order to confirm that you are in possession of your credit card. Prezi will only use this process to screen for fraud and will not otherwise debit your credit card account except as part of a transaction conducted through your account for the Service. By providing Prezi with your credit card information, you authorize Prezi to debit and credit your credit card account for an amount less than one dollar for such verification purposes. Prezi may also engage third parties to provide fraud detection services.

9.3 Cancelation of subscription

Payment for subscriptions is non-refundable. If you cancel your recurring payment option, your account will remain active until its next renewal date. If you delete your account before the end of the term for which you paid, your account will be deleted however your account access will remain active until its next renewal date. In either case (cancellation or deletion), you will not be given any refund.

‍

9.4 Termination

If your payment method is invalid or rejected for any reason and a free Prezi Public version of your paid Prezi account type is available, your paid Prezi account will revert to the free Prezi Public account version and will be subject to the limitations of a free Prezi Public account, provided, however, that Prezi reserves the right to cancel your account entirely in such case. You will have the option of deleting any User Content from your account prior to its reversion to a Prezi Public account. In the event your paid Prezi account reverts to a free Prezi Public account, any content you previously created with a paid Prezi account and designated as Private User Content will remain Private User Content, but you will not be able to edit such content. New content you create with such an account will become Public User Content, which means any new content you create from that point forward is going to be public.

If your paid Prezi account began with a free trial and you do not purchase a subscription to the same or an upgraded version of those services before the end of the trial period, your paid Prezi account will automatically terminate at the end of the trial period. If your paid Prezi account is terminated for any reason or expires, any content you entered into the Service, and any customizations made to the Service by or for you, which are associated with your paid Prezi account will become unavailable.

Prezi further reserves the right to cancel, or revert to Prezi Public account status, the account of any user who attempts to fraudulently obtain Prezi educational pricing.

‍

9.5 Other payment provisions

9.5.1 Argentina

You grant Prezi, and any and all payment processors which may process payment transactions on behalf of Prezi, to close the FX contract and to transfer the funds relating to payments executed via RapiPago, Pago Fácil, or credit cards.

Any and all payment processors which may process transactions on behalf of Prezi do not account for collecting taxes, which might originate in relation to this operation.

9.5.2 Brazilia

You grant third parties designated by Prezi with powers to close the FX contract and to remit the funds relating to payments executed via boleto bancario, credit cards or PAYPAL.

The third parties mentioned above act on behalf of you and do not account for collecting taxes, which might originate in relation to this operation.

‍

9.5.3 Colombia

You grant Prezi, and any and all payment processors which may process payment transactions on behalf of Prezi, to close the FX contract and to transfer the funds relating to payments executed via Baloto, Botón PSE, or credit cards.
‍
Any and all payment processors which may process transactions on behalf of Prezi do not account for collecting taxes, which might originate in relation to this operation.

9.5.4 Chile

You grant Prezi, and any and all payment processors which may process payment transactions on behalf of Prezi, to close the FX contract and to transfer the funds relating to payments executed via Baloto, Botón PSE, or credit cards.
‍
Any and all payment processors which may process transactions on behalf of Prezi do not account for collecting taxes, which might originate in relation to this operation.

‍

9.5.5 Mexico

You grant Prezi, and any and all payment processors which may process payment transactions on behalf of Prezi, to close the FX contract and to transfer the funds relating to payments executed via Oxxo, credit cards, debit cards, or PAYPAL.

Any and all payment processors which may process transactions on behalf of Prezi do not account for collecting taxes, which might originate in relation to this operation.

‍

9.5.6 Peru

You grant Prezi, and any and all payment processors which may process payment transactions on behalf of Prezi, to close the FX contract and to transfer the funds relating to payments executed via Pago Efectivo, credit cards, debit cards.

Any and all payment processors which may process transactions on behalf of Prezi do not account for collecting taxes, which might originate in relation to this operation.

‍

10. Abuses

If you believe that Prezi, or any user of the Service, has violated your rights, including privacy, copyright, trademark or other rights, please submit an abuse report using our form . It is Prezi’s policy in appropriate circumstances to take-down any content (and/or terminate account holders) that infringe the rights of copyright holders). You may contact us pursuant to the U.S. Digital Millennium Copyright Act (“DMCA”) or other applicable laws at copyright@prezi.com and review our Intellectual Property Rights Policy for more details. For privacy concerns, you may also contact us at privacy@prezi.com and review our Privacy Policy for more details.

‍

11. Prezi’s Intellectual Property

All intellectual property, e.g. text, fonts, graphics, pictures, icons, user interfaces, visual interfaces, photographs, trademarks, logos, design marks, sounds, music and its accompanying words, artwork, content, computer code, programs, software (collectively, “Prezi Content”), including but not limited to the design, structure, selection, coordination, expression, “look and feel,” and arrangement of such Prezi Content, contained on the Service is owned, disposed, controlled, or licensed by or to Prezi, and is protected by trade dress, industrial design, copyright, patent, and trademark laws, and various other intellectual property rights.

For more on how you can make use of our Prezi Content, in particular, word marks, logos and design marks, please review our Trademark and Brand Usage Policy . For more information on Prezi Desktop software license terms, please review the Prezi Desktop software EULA .

Except as expressly provided in this Agreement, including our Trademark and Brand Usage Policy, or otherwise permitted by law, no Prezi Content may be used, copied, reproduced, communicated to the public, modified, republished, uploaded, posted, publicly displayed, publicly performed, publicly performed by means of a digital audio transmission, encoded, translated, transmitted, or distributed in any way to any other computer, server, website, or any other medium for publication or distribution or for any purpose, without Prezi’s express prior written consent.

If you embed a presentation authored by Prezi within a third-party website or service – including but not limited to embedding a Prezi-authored presentation at your own website – you agree to attribute that presentation to Prezi as follows:

made by [creator]
© Prezi [year]
learn more at prezi.com

‍

12. Termination; Breach of this Agreement

You agree that Prezi may, at its sole discretion and without prior notice, terminate your account, your access to the Service, and/or block your future access to the Service. By way of example, but not by way of limitation, we may terminate your account if we determine that you have violated this Agreement or other agreements or guidelines that may be associated with your use of the Service. Please note that it is Prezi’s policy to terminate the accounts of users who repeatedly violate the intellectual property rights of third parties.

13. Disclaimer of Warranties

While Prezi attempts to make User Content available through the Service, Prezi does not guarantee access to, or hosting of, your User Content. For example, if User Content violates these Terms of Service, access to it may be disabled. Also, if a particular piece of content creates too large a demand on the Service, it may result in access to the content being temporarily or permanently disabled. You agree that Prezi will not be liable to you or to any third party for termination of your access to the Service for any reason.

YOU EXPRESSLY UNDERSTAND AND AGREE THAT YOUR USE OF THE SERVICE IS AT YOUR SOLE RISK. THE SERVICE IS PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS. PREZI AND ITS SUBSIDIARIES, DIRECTORS, OFFICERS, EMPLOYEES, STOCKHOLDERS, AND LICENSORS (THE “PREZI AFFILIATES”) EXPRESSLY DISCLAIM ALL REPRESENTATIONS, WARRANTIES, AND CONDITIONS OF ANY KIND, WHETHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, MERCHANTABLE QUALITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, TITLE OR ANY WARRANTY OR CONDITION ARISING BY USAGE OF TRADE, COURSE OF DEALING OR COURSE OF PERFORMANCE. PREZI AND THE PREZI AFFILIATES MAKE NO WARRANTY THAT (a) THE SERVICE WILL MEET YOUR REQUIREMENTS; (b) THE SERVICE WILL BE UNINTERRUPTED, TIMELY, SECURE, OR ERROR-FREE; (c) USER CONTENT WILL BE HOSTED AND/OR TRANSMITTED WITHOUT INTERRUPTION OR CESSATION; (d) ANY PRODUCTS, SITES, INFORMATION, OR OTHER MATERIAL, WHETHER IN TANGIBLE OR INTANGIBLE FORM, PURCHASED OR OBTAINED BY YOU THROUGH THE SERVICE WILL MEET YOUR EXPECTATIONS OR ANY STANDARD OF QUALITY; AND (e) ANY DEFECTS IN THE OPERATION OR FUNCTIONALITY OF THE SERVICE OR RELATED SOFTWARE WILL BE CORRECTED.

ANY MATERIAL, INFORMATION, OR DATA DOWNLOADED OR OTHERWISE OBTAINED THROUGH THE USE OF THE SERVICE IS ACCESSED AT YOUR OWN DISCRETION AND RISK, AND YOU WILL BE SOLELY RESPONSIBLE FOR ANY DAMAGE TO YOUR COMPUTER SYSTEM AND/OR LOSS OF DATA THAT RESULT FROM THE DOWNLOAD OF SUCH MATERIAL. NO ADVICE, REPRESENTATION OR INFORMATION, WHETHER ORAL OR WRITTEN, OBTAINED BY YOU FROM PREZI, THE PREZI AFFILIATES, OR THROUGH THE SERVICE SHALL CREATE ANY WARRANTY NOT EXPRESSLY STATED IN THE AGREEMENT.

‍

14. Limitation of Liability

YOU EXPRESSLY UNDERSTAND AND AGREE THAT PREZI AND THE PREZI AFFILIATES WILL NOT BE LIABLE TO YOU FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES THAT MAY BE INCURRED BY YOU, HOWEVER, CAUSED. THIS INCLUDES, BUT IS NOT LIMITED TO, ANY LOSS OF PROFITS, GOODWILL, OR BUSINESS REPUTATION; ANY LOSS OF DATA; ANY COST OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; OR ANY OTHER INTANGIBLE LOSSES. THIS ALSO INCLUDES, WITHOUT LIMITATION, ANY LOSS OR DAMAGES THAT MAY BE INCURRED BY YOU AS A RESULT OF (a) ANY CHANGES THAT PREZI MAY MAKE TO THE SERVICE; (b) ANY PERMANENT OR TEMPORARY CESSATION OF THE SERVICE; (c) THE DELETION OR CORRUPTION OF OR FAILURE TO STORE ANY CONTENT OR OTHER PROPERTY MAINTAINED THROUGH THE SERVICE; OR (d) YOUR FAILURE TO KEEP YOUR PASSWORD OR ACCOUNT DETAILS SECURE. THE LIMITATIONS AND EXCLUSIONS OF LIABILITY ABOVE SHALL APPLY IRRESPECTIVE OF THE THEORY OF LIABILITY, INCLUDING CONTRACT (INCLUDING FUNDAMENTAL BREACH), WARRANTY, PRODUCT LIABILITY, STRICT LIABILITY, TORT (INCLUDING NEGLIGENCE), OR OTHER THEORY, EVEN IF WE (OR OUR AFFILIATES) HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

TO THE FULLEST EXTENT PERMITTED BY LAW, THE TOTAL LIABILITY OF PREZI, AND ITS SUPPLIERS AND DISTRIBUTORS, FOR ANY CLAIM UNDER THESE TERMS, INCLUDING FOR ANY IMPLIED WARRANTIES, IS LIMITED TO THE AMOUNT YOU PAID US TO USE THE SERVICES OVER THE PRIOR SIX-MONTH PERIOD OR $100, WHICHEVER IS GREATER.

YOU SPECIFICALLY ACKNOWLEDGE THAT PREZI AND THE PREZI AFFILIATES SHALL NOT BE LIABLE FOR USER CONTENT OR THE DEFAMATORY, OFFENSIVE, OR ILLEGAL CONDUCT OF ANY THIRD PARTY AND THAT THE RISK OF HARM OR DAMAGE FROM THE FOREGOING RESTS ENTIRELY WITH YOU.

‍

15. Exclusions and Limitations

SOME JURISDICTIONS DO NOT PERMIT THE EXCLUSION OF CERTAIN WARRANTIES OR CONDITIONS OR THE LIMITATION OR EXCLUSION OF LIABILITY FOR CERTAIN DAMAGES. ACCORDINGLY, ONLY THE LIMITATIONS THAT ARE LAWFUL IN YOUR JURISDICTION WILL APPLY TO YOU AND, IN SUCH INSTANCES, PREZI AND/OR THE PREZI AFFILIATES’ LIABILITY WILL BE LIMITED TO THE MAXIMUM EXTENT PERMITTED BY LAW.

‍

16. Please Review User Content for Appropriateness Before Use

Prezi has not reviewed the User Content featured on the Service to determine whether they are suitable or appropriate for your intended audience. Before using any of the User Content (including presentations and videos) featured on the Service, please PREVIEW THEM CAREFULLY to ensure that the materials are appropriate for your audience, and for any other uses you intend to make. Prezi is not responsible for any User Content on the Service. If you find any content on the Service that you believe is objectionable, or that violates these Terms of Service or Prezi’s conduct guidelines, please report us an abuse by completing the form or feel free to notify us at abuse@prezi.com. Breach of these Terms will result in Prezi removing the content from public availability. In the event of a documented allegation of such misuse, Prezi has the right to temporarily make such content private pending your resolution of the matter. Prezi is not responsible for investigating or dispositioning allegations of misuse.

‍

17. Indemnification

You agree to indemnify and hold Prezi and/or the Prezi Affiliates harmless from and against any and all liabilities and costs (including reasonable attorney’s fees, subject to Section 19 below) incurred by Prezi and/or the Prezi Affiliates in connection with any claim arising out of your breach of the Agreement. Prezi reserves the right, at its own expense, to assume the exclusive defense and control of any matter otherwise subject to indemnification by you.

‍

18. Governing Law and Forum Choice

These Terms and any action related thereto will be governed by the Federal Arbitration Act, federal arbitration law, and the laws of the State of California, without regard to its conflict of laws provisions. Except as otherwise expressly set forth in Section 19 “Dispute Resolution,” the exclusive jurisdiction for all Disputes (defined below) that you and Prezi are not required to arbitrate will be the state and federal courts located in San Francisco and you and Prezi each waive any objection to jurisdiction and venue in such courts.

‍

19. Dispute Resolution

Please read this section carefully. It affects your rights.

Most disputes can be resolved informally. If you have a concern, please contact us and include your name, a detailed description of the dispute, and the relief you seek. If you reside in the EU, the European Commission provides for an online dispute resolution platform, which you can access here: https://ec.europa.eu/consumers/odr .

In the unlikely event that we are unable to resolve your concern to your satisfaction (or if we haven’t been able to resolve a dispute that Prezi has with you after attempting to do so informally), either of us may bring a formal proceeding.

If you are a U.S. resident, you also agree to the following mandatory arbitration provisions:

Mandatory Arbitration of Disputes. We each agree to resolve any dispute, claim or controversy arising out of or relating to these Terms or the breach, termination, enforcement, interpretation or validity thereof or use of the Services (collectively, “Disputes”) solely through binding, individual arbitration and not in a class, representative or consolidated action or proceeding. You and Prezi agree that the U.S. Federal Arbitration Act governs the interpretation and enforcement of these Terms, and that you and Prezi are each waiving the right to a trial by jury or to participate in a class action. This arbitration provision shall survive termination of these Terms.

‍

Exceptions. As limited exceptions to the “Mandatory Arbitration of Disputes” section above: (i) we both may seek to resolve a Dispute in small claims court if it qualifies; and (ii) we each retain the right to seek injunctive or other equitable relief from a court to prevent (or enjoin) the infringement or misappropriation of our intellectual property rights.

‍

Conducting Arbitration and Arbitration Rules. The arbitration will be conducted by the American Arbitration Association (“AAA”) under its Consumer Arbitration Rules (the “AAA Rules”) then in effect, except as modified by these Terms. The AAA Rules are available at www.adr.org or by calling 1-800-778-7879. A party who wishes to start arbitration must submit a written Demand for Arbitration to AAA and give notice to the other party as specified in the AAA Rules. The AAA provides a form Demand for Arbitration at www.adr.org .

Any arbitration hearings will take place in the county (or parish) where you live, unless we both agree to a different location. The parties agree that the arbitrator shall have exclusive authority to decide all issues relating to the interpretation, applicability, enforceability and scope of this arbitration agreement.

‍

Arbitration Costs. Payment of all filing, administration and arbitrator fees will be governed by the AAA Rules, and we won’t seek to recover the administration and arbitrator fees we are responsible for paying, unless the arbitrator finds your Dispute frivolous. If we prevail in arbitration we’ll pay all of our attorneys’ fees and costs and won’t seek to recover them from you. If you prevail in arbitration you will be entitled to an award of attorneys’ fees and expenses to the extent provided under applicable law.

‍

Injunctive and Declaratory Relief. Except as provided in the “Exceptions” section above, the arbitrator shall determine all issues of liability on the merits of any claim asserted by either party and may award declaratory or injunctive relief only in favor of the individual party seeking relief and only to the extent necessary to provide relief warranted by that party’s individual claim. To the extent that you or we prevail on a claim and seek public injunctive relief (that is, injunctive relief that has the primary purpose and effect of prohibiting unlawful acts that threaten future injury to the public), the entitlement to and extent of such relief must be litigated in a civil court of competent jurisdiction and not in arbitration. The parties agree that litigation of any issues of public injunctive relief shall be stayed pending the outcome of the merits of any individual claims in arbitration.

‍

Class Action Waiver. YOU AND PREZI AGREE THAT EACH MAY BRING CLAIMS AGAINST THE OTHER ONLY IN YOUR OR ITS INDIVIDUAL CAPACITY, AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS OR REPRESENTATIVE PROCEEDING. Further, if the parties’ Dispute is resolved through arbitration, the arbitrator may not consolidate another person’s claims with your claims, and may not otherwise preside over any form of a representative or class proceeding. If this specific provision is found to be unenforceable, then the entirety of this Dispute Resolution section shall be null and void.

‍

Severability. With the exception of any of the provisions in the “Class Action Waiver” section of these Terms, if an arbitrator or court of competent jurisdiction decides that any part of these Terms is invalid or unenforceable, the other parts of these Terms will still apply.

‍

20. General Terms

Entire Agreement. This Agreement is the whole legal agreement between you and Prezi. It governs your use of the Service and completely replaces any prior agreements between you and Prezi with respect to the Service. You may also be subject to additional terms and conditions that may apply when you use or purchase other products or services from Prezi.

Severability of Terms; Non-waiver of Terms. If any portion of the Agreement is held to be invalid or unenforceable, such provision shall be stricken and the remainder of the Agreement enforced as written. If Prezi does not exercise or enforce any legal right or remedy including those contained in the Agreement or arising under applicable law, this will not be taken to be a formal waiver of our rights.

Miscellaneous. Both parties are independent contractors and nothing in this Agreement creates a partnership, agency, fiduciary or employment relationship between the parties. No person or entity not a party to the Agreement will be a third party beneficiary. Our authorized distributors do not have the right to modify these Terms of Service or to make commitments binding on us.

21. Additional Terms

High-Risk Use . Except as otherwise set forth in a Prezi Service Description, you understand that the Prezi Services are not designed or intended for use during high-risk activities.

Recording. Certain Services may provide functionality that allows you to record audio and data shared during presentations, webinars or sessions. You are solely responsible for complying with all applicable laws in the relevant jurisdictions while using any recording functionality.

Assignment. You may not assign your rights or delegate your duties under these Terms of Service either in whole or in part without Prezi’s prior written consent. Any attempted assignment by you without Prezi’s consent will be void. Prezi may assign these Terms of Service or delegate its duties hereunder without restriction and without the requirement of prior notice to you.

‍

22. How to contact us

You may contact us by visiting: https://prezi.com/contact/ .

Prezi’s mailing address is:
‍
Prezi Inc.
2041 East Street, PMB610, Concord, CA 94520 USA

Table of Contents

Prezi Data Processing Agreement

Recitals

Agreement

1. Definitions

2. Nature and Scope of Data Processing

3. Subprocessing

4. Security Measures and breach notification

5. Disclosure of Personal Data

6. Audits & Certification

7. Data Transfers outside the EEA

8. Data return and Deletion

9. General Provisions

Attachments:

Annex A: Details of the Processing

Annex B: Security Measures

1. Physical Access Controls

2. Electronic Access Controls

3. Data Management controls

4. Data Transfer Controls

5. Data Integrity Controls

6. Control Verification and Auditing

7. Availability Controls

8. Data Isolation Controls

9. Quality Controls

Annex C: Authorized Subprocessors

Annex D: Standard Contractual Clauses

ANNEX

SECTION I

SECTION II – OBLIGATIONS OF THE PARTIES

SECTION III – LOCAL LAWS AND OBLIGATIONS IN CASE OF ACCESS BY PUBLIC AUTHORITIES

SECTION IV – FINAL PROVISIONS

APPENDIX

ANNEX I

A. LIST OF PARTIES

B. DESCRIPTION OF TRANSFER

C. COMPETENT SUPERVISORY AUTHORITY

ANNEX II

ANNEX III

Standard Data Protection Clauses to be issued by the Commissioner under S119A(1) Data Protection Act 2018

Part 1: Tables

Table 1: Parties

Table 2: Selected SCCs, Modules and Selected Clauses

Table 3: Appendix Information

Table 4: Ending this Addendum when the Approved Addendum Changes

Part 2: Mandatory Clauses

Entering into this Addendum

Interpretation of this Addendum

Hierarchy

Incorporation of and changes to the EU SCCs

Amendments to this Addendum

Alternative Part 2 Mandatory Clauses:

Table of Contents

1. Introduction

2. Description of Service

3. Trials

4. Conditions and Restrictions of Use, User Conduct

5. Age Restrictions on Use of the Service

6. Account Types

7. Beta Services

8. User Content & Options

8.1 General

8.2 Licenses you grant to Prezi for use of Public User Content and Private User Content.

8.3 Expiration and revocability of licenses

8.4 Third-party and linked/embedded content

8.5 Professional Services

9. Payment Terms

9.1 Payment for subscription

9.2 Fraud protections

9.3 Cancelation of subscription

9.4 Termination

9.5 Other payment provisions

9.5.1 Argentina

9.5.2 Brazilia

9.5.3 Colombia

9.5.4 Chile

9.5.5 Mexico

9.5.6 Peru

10. Abuses

11. Prezi’s Intellectual Property