This document forms part of the Terms of Service that govern your use of the SERVICE (as defined below) and demonstrates its compliance to EU’s General Data Protection Regulation (GDPR). Please read this document carefully and treat it as valuable property.

PART I - THIS DOCUMENT

This Data Protection Policy ("Policy") forms part of the Terms of Service between Cobisi Research ("Cobisi") and You ("Client"), each being a "Party" and together the "Parties". It is effective as of the later of the date You register for an account at the Verifalia website (“Service”) and May 25, 2018.

DEFINITIONS

In this Policy, the following terms shall have the meanings set out below and cognate terms shall be construed accordingly:

1. "Affiliate" means an entity that owns or controls, is owned or controlled by or is or under common control or ownership with either Client or Cobisi (as the context allows), where control is defined as the possession, directly or indirectly, of the power to direct or cause the direction of the management and policies of an entity, whether through ownership of voting securities, by contract or otherwise;
2. "Client Personal Data" means any Personal Data Processed by Cobisi on behalf of Client (including for the sake of clarity, any Client Affiliate), or otherwise Processed by Cobisi, in each case pursuant to or in connection with instructions given by Client in writing, consistent with the Terms of Service;
3. "Data Protection Laws" means (i) Directive 95/46/EC and, from May 25, 2018, Regulation (EU) 2016/679 ("GDPR") together with applicable legislation implementing or supplementing the same or otherwise relating to the processing of Personal Data of natural persons, and (ii) to the extent not included in sub-clause (i), the Data Protection Act 1998 of the United Kingdom, as amended from time to time, and including any substantially similar legislation that replaces the DPA 1998;
4. "Data Controller" or "User" or "Client" or "Verifalia User": the company or individual that controls the personal data processed using Verifalia's Services. Data Controller becomes a Verifalia User once they register for a Verifalia account.
5. "Data Processor": with respect to the Data Protection Laws, Verifalia is the Data Processor that processes data on behalf of the Data Controller.

INTERPRETATION OF THIS DOCUMENT

If for any reason a court of competent jurisdiction finds any provision of this DOCUMENT, or any portion thereof, to be unenforceable, that provision of this DOCUMENT will be enforced to the maximum extent permissible so as to effect the intent of the parties, and the remainder of this DOCUMENT will continue in full force and effect. Formatives of defined terms shall have the same meaning of the defined term. Failure by either party to enforce any provision of this DOCUMENT will not be deemed a waiver of future enforcement of that or any other provision. Except as otherwise required or superseded by law, this DOCUMENT is governed by the laws of Italy, without regard to its conflict of laws principles. In respect of any dispute which may arise concerning this DOCUMENT, the case will fall within the jurisdiction of the courts of Padova, Italy (European Union).

PART II - DESCRIPTION OF PERSONAL DATA PROCESSING

This section includes certain details of the processing of Client Personal Data as required by Article 28(3) GDPR.

TYPES OF CLIENT PERSONAL DATA TO BE PROCESSED

Email

SPECIAL CATEGORIES OF DATA

None

THE OBLIGATIONS AND RIGHTS OF CLIENT

The obligations and rights of Client are set out in this Data Protection Policy and in our Terms of Service.

DATA EXPORTER (AS APPLICABLE)

The data exporter is: Verifalia user that submits data to Verifalia

DATA IMPORTER (AS APPLICABLE)

The data importer is: Cobisi Research, a company that provides email verification services to the client through its Verifalia website, which requires receiving the Client's query data.

PROCESSING OPERATIONS (AS APPLICABLE)

The personal data transferred will be subject to the following basic processing activities: The provision of Verifalia Services to Client.

In order to provide email verification results, Cobisi receives identifying Personal Data (email addresses) to permit Verifalia to validate, query, cleanse, de-duplicate, aggregate, standardize and to store the query information and its processing results.

PART III - DATA PROCESSING TERMS

• Client shall comply with all applicable Data Protection Laws in connection with the performance of this Data Protection Policy. As between the Parties, Client shall be solely responsible for compliance with applicable Data Protection Laws regarding the collection of and transfer to Service of Client Personal Data. Client agrees not to provide Service with any data concerning a natural person’s health, religion or any special categories of data as defined in Article 9 of the GDPR.
• Cobisi shall comply with all applicable Data Protection Laws in the Processing of Client Personal Data and process the Client Personal Data relating to the categories of Data Subjects for the purposes of the Terms of Service and for the specific purposes in each case as set out in this Data Protection Policy and otherwise solely on the documented instructions of Client, for the purposes of providing the Services and as otherwise necessary to perform its obligations under the Terms;
• Cobisi shall ensure that persons authorized to process the Client Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
• Cobisi shall implement and maintain the technical and organizational measures set out in the Terms of Service and, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, implement any further appropriate technical and organizational measures necessary to ensure a level of security appropriate to the risk of the Processing of Client Personal Data in accordance with Article 32 of the GDPR;
• upon Cobisi’s becoming aware of a Personal Data Breach involving Client Personal Data, Cobisi shall notify Client without undue delay, of any Personal Data Breach involving Client Personal Data, such notice to include all information reasonably required by Client (or the relevant Controller) to comply with its obligations under the applicable Data Protection Laws;
• to the extent required by the applicable Data Protection Laws, Cobisi shall provide reasonable assistance to Client, Client’s Affiliates’ or the relevant Controller(s)’ with its obligations pursuant to Articles 32 to 36 of the GDPR taking into account the nature of the Processing and information available to Cobisi; Client agrees to pay Cobisi for time and for out of pocket expenses incurred by Cobisi in connection with any assistance provided in connection with Articles 35 and 36 of the GDPR;
• Cobisi shall make available to Client all information necessary to demonstrate compliance with this Data Protection Policy and allow for and contribute to audits, including inspections, by Client, or an auditor mandated by Client. For the purposes of demonstrating compliance with this Data Protection Policy under this section III.7, the Parties agree that once per year, Cobisi will provide to Client, on reasonable notice, responses to cybersecurity and other assessments. Client agrees to pay Cobisi for time and for out of pocket expenses incurred by Cobisi in connection with assistance provided in connection with such audits, responses to cybersecurity and other assessments.

DATA PROTECTION

Cobisi Research, the company which owns and manages the Verifalia service, is registered in Italy (European Union), at the Chamber of Commerce of Padova with the Economic and Administrative Register (REA) number PD-424940 and VAT ID IT04391160282; all data is stored in secure ISO-27001 facilities in the cities of Nuremberg, Falkenstein and Frankfurt, in Germany (European Union), with video-monitored high-security perimeter fencing around the entire data center parks, entry via electronic access control terminals with a transponder key or admission card and ultra-modern surveillance cameras for 24/7 monitoring of access routes, entrances, security door interlocking systems and server rooms. Verifalia does not store data outside of the European Union.

DATA PROTECTION OFFICER

Verifalia's founding member and CTO Efran Cobisi acts as Data Protection Officer for Verifalia and is responsible for the implementation of the data protection and security policies mentioned in this Data Protection Policy document.

PART III – AUTHORIZED OTHER PROCESSORS

Client (on behalf of the relevant Controller(s), as applicable), hereby expressly and specifically authorizes Cobisi to engage another Processor to Process the Client Personal Data ("Other Processors"), and specifically the Other Processors listed in the table hereafter:

Cobisi shall notify Clients of any intended changes to its use of Other Processors by emailing notice of the intended change to Client; furthermore, Cobisi shall include data protection obligations in its contract with each Other Processor that are materially the same as those set out in this Data Protection Policy.

In relation to any notice received under this section, the Client shall have a period of 30 (thirty) days from the date of the notice to inform Cobisi in writing of any reasonable objection to the use of that Other Processor. The parties will then, for a period of no more than 30 (thirty) days from the date of the Client's objection, work together in good faith to attempt to find a commercially reasonable solution for the Client which avoids the use of the objected-to Other Processor. Where no such solution can be found, either Party may (notwithstanding anything to the contrary in the Terms) terminate the relevant Services immediately on written notice to the other Party, without damages, penalty or indemnification whatsoever.