Skip to main content

SaaS Terms & Conditions US

Please note that these Terms & Conditions will take effect on 9th of June 2026.

These Terms and Conditions of Use (hereinafter: Terms of Use) apply to the use of chargeable software applications on the basis of Software as a Service (SaaS) provided by IQSIGHT, LLC (hereinafter: "Provider"), subject to the activation by a valid License Code available from Provider’s Resellers by way of a separate Purchase Contract. All Services are intended for professional use only and Provider does not accept consumers (e.g. non-commercial and/or private use of the Services) as Subscribers to such Services.

1. Definitions

  1. "Account” means the authorization to access controlled-access Services of the Provider.

  2. “Affiliate” as used in these Terms of Use means any legal entity which is controlled by a Party or which controls a Party or which is under common control with a Party. Control exists if, during the term of this Agreement, at least 50% (fifty percent) of the equity interests or voting shares are held in a business organization or in the event of the management and policies of a business organization being controlled directly or indirectly through equity ownership, purchase or other means.

  3. “Service” means the Video Surveillance as a Service provided by the Provider to Subscriber subject to the activation of a valid License Code available from Provider’s Resellers by way of a separate Purchase Contract.

  4. "Keenfinity ID” means the user ID of the single sign-on authentication service provided by Keenfinity GmbH, which enables the use of various independent digital service offerings of the Keenfinity Group, for which a Subscriber's e-mail address is required.

  5. “Purchase Contract” means a separate contract entered into between the Subscriber and the Reseller for the purchase of a License Code necessary for the activation and use of the Service, e.g., by way of an offer, an order form or an online order. The Purchase Contract regulates the remuneration to be paid by Subscriber to Reseller for the License Code and the use of the Service, the End-User Subscription Term as well as any warranty rights and service level claims the Subscriber may be entitled to against the Reseller, if any. Provider is not a party to or under any obligation resulting from such Purchase Contract.

  6. “Subscriber” means the legal entity (excluding any Affiliates) accepting these Terms of Use in order to activate and use the Service within the scope of its commercial activity. consumers.

  7. “Subscriber Data” means all data, information, content or material submitted by Subscriber or on behalf of Subscriber in connection with the use of the Service, storage space and/or an Account or manually generated by the Subscriber through use of the Service. Subscriber Data also includes access and registration data, and “personal data” or “personally identifiable information” as those terms may be defined by applicable law, including data protection law and regulations (“applicable law”).

  8. “License Code” means an individual code or password, obtained by the Subscriber under the Purchase Contract, which is required to activate the Service and grants the Subscriber access and use rights for the Service from the date of activation and for the End-User Subscription Term agreed in the Purchase Contract and specified with the License Code.

  9. “Party” or “Parties” hereinafter individually and jointly refers to the Subscriber and/or the Provider.

  10. “Reseller” means an independent third party vendor, authorized by Provider to resell the Service and distribute License Codes to Subscribers.

  11. “Service Description” means the description of the technical functionalities of the respective Service in terms of specifications, quantity, performance data, performance period, quality etc. and including details regarding applicable system requirements, technical and organizational data protection measures and subcontractors used by Provider or its Affiliates available at Service Descriptions.

  12. “End-User Subscription Term” means the duration of Subscriber’s right to use the Service beginning of the earliest date agreed in the Purchase Contract, specified within the License Code or measured starting from the activation of the License Code.

  13. “Usage Data” means all automatically transmitted machine data (sensor or other machine data) or automatically generated system data (e.g. log files, information on utilization or availability of the Service).

2. Scope of Service

  1. Provider provides the Service solely on the basis of these Terms of Use and the applicable attachments as referenced herein.

  2. Terms and conditions of Subscriber or of third parties will not apply even if Provider does not specifically object to such terms and conditions. Even where Provider refers to a letter containing or referring to Subscriber’s or a third party’s business terms and conditions, this does not constitute agreement to such business terms and conditions.

  3. Individual agreements executed in writing between the Parties on a case-by-case basis (including ancillary agreements, supplements and amendments) will, in any event, take precedence over these Terms of Use.

3. Subject Matter

  1. The subject matter of these Terms of Use is the provision of the Service via remote access for use by or on behalf of Subscriber, including the necessary cloud storage space. The Service is described in more detail in the Service Description.

  2. The implementation of an interface integration with Subscriber’s existing system landscape is outside the scope of these Terms of Use and requires a separate written agreement between the Parties.

  3. Provider, at its sole discretion, has the right to have the Service performed by third parties on its behalf (including, without limitation, Affiliates of Provider).

4. Provision of Service

  1. Provider shall make available the then current version of the Service for use in accordance with the provisions of these Terms of Use on a server infrastructure instance provided by Provider or its subcontractors (hereinafter referred to as an "Instance") during the End-User Subscription Term.

  2. Access to the Service by Subscriber shall be browser-based via the Internet or, by choice of Provider, via a Service interface or dedicated Subscriber portal (e.g. Remote Portal) made available by Provider.

  3. Provider shall provide Subscriber the necessary access credentials required for use of the Service, unless the registration of a SingleKey ID is required. Registration for a Keenfinity ID is the sole responsibility of Subscriber.

  4. If an Account is required to obtain access to and to use the Service, the Provider shall make this Account available to Subscriber after Subscriber agrees to these Terms of Use. The Account and the access credentials are not transferable. Subscriber is liable for all actions performed under Subscriber’s Account.

  5. Subscriber shall change all passwords into passwords known only to them without undue delay and shall keep them confidential. Provider is not responsible for the consequences of misuse of Subscriber’s passwords.

  6. Provider shall make storage space available for Subscriber and Usage Data on Provider’s Instance to the extent that this is required for the intended use of the Service. Further details on the scope of services involving storage space and on the storage of Subscriber Data can be found in the Service Description.

  7. Subscriber Data shall be stored and be regularly backed-up by Provider throughout the End-User Subscription Term. Subscriber shall be solely responsible for compliance with retention periods required of Subscriber under commercial and tax law.

5. Technical Availability of the Service and the Subscriber Data, Support

The technical availability of the Service, as well as service and support levels, if any, are solely governed by the Purchase Contract.

6. Service Usage Rights

  1. Subject to the activation of a valid License Code, the Subscriber obtains a limited, non-exclusive, non-sublicensable and non-transferable right to utilize the Service and any intellectual property rights contained therein, in the context of the functionalities and the intended use of the Service in accordance with the Service Description during the End-User Subscription Term and within the region agreed in the Purchase Contract. Within this framework, Subscriber is entitled

    1. to make the Account and the Service available to third parties acting as system integrators exclusively using the Service on behalf of and for the Subscriber;

    2. to store and print documentation that may be provided with the Service, whilst maintaining the existing copyright notices.

  2. The open source software components used in the Service shall be illustrated in the Service Description or in the Service itself to the extent a legal obligation exists based on the conditions of the applicable open source software license.

  3. Provider makes the Service available as Software as a Service (SaaS) per remote access. It shall not be made available to Subscriber for Subscriber’s own permanent storage nor does Subscriber have the right to make it available to third parties or to use it in a data center environment.

  4. If, during the End-User Subscription Term or between the purchase of the License Code and its activation, Provider makes new versions, updates, upgrades, modifications or extensions of the Service available or carries out other changes with respect to the Service, the provisions of this Section 6 shall also apply thereto, even if the modifications or extensions were ordered by Subscriber and paid for separately.

  5. Subscriber shall not have any rights not explicitly granted to Subscriber under these Terms of Use. In particular, Subscriber has no right to:

    1. use the Service and/or the Account beyond the scope of use agreed in these Terms of Use or to permit third parties to use it;

    2. subject to Section 6.1(a), make the Service and/or the Account available to third parties; or

    3. duplicate the Service and/or the Account or to provide it for use for a limited period of time, in particular not to lease it or loan it.

  6. Subscriber is obliged to ensure that the provisions of these Terms of Use are complied with by any party or individual using the Services on Subscriber’s behalf.

  7. If Subscriber breaches the provisions of Section 6, Provider may, after giving Subscriber advance notification in writing, block Subscriber’s access to the Service if the violation can be rectified by such blocking. The block shall be removed as soon as the reason for the blocking ceases to exist. If Subscriber continues to violate the provisions of Section 6 or does so repeatedly despite a respective warning in writing from Provider, Provider is entitled to terminate the contractual relationship for cause without notice unless Subscriber was not responsible for such breach. Provider’s right to claim damages shall remain unaffected.

  8. The Provider is the sole owner of the Usage Data and may use and exploit it in anonymous form for any purpose in accordance with the applicable statutory provisions. The Subscriber warrants that he has not made any agreements with third parties that prevents its use.

7. Intellectual Property

Except for Subscriber Data, all right, title and interest to the content related to the Service, including without limitation all copyright, patent, trademark, trade secret or other proprietary rights in any text, graphics, logos, button icons, images and audio clips, is the property of Provider or its licensors. The license grant set forth in these Terms of Use is the complete grant of rights and no further rights shall be granted by implication, estoppel, equity or otherwise.

8. Subscriber Data

  1. Subscriber hereby grants to Provider the right to use, for the purpose of providing the Service, the Subscriber Data filed in the cloud storage space for use of the Service, in particular the right to reproduce such Subscriber Data for this purpose (e.g. for data back-up), to modify it and to provide such Subscriber Data for the purpose of accessing it.

  2. Subscriber warrants that

    1. Subscriber and/or its licensors hold all rights to the Subscriber Data required for the granting of rights under these Terms of Use; and

    2. the Subscriber Data does not violate these Terms of Use or applicable laws and does not infringe the intellectual property rights of a third party.

  3. The Subscriber is responsible for the security of Subscriber Data. Subscriber is obligated to regularly back up his Subscriber Data. Each data back-up by Subscriber shall be performed so that the recovery of the Subscriber Data is possible at all times.

  4. Provider is entitled to immediately block Subscriber’s use of the Service and the cloud storage space if there is justified suspicion that the stored Subscriber Data is unlawful and/or infringes third-party rights. There is a justified suspicion of unlawfulness and/or of an infringement of rights in particular when courts, authorities and/or other third parties notify Provider thereof. Provider shall then notify Subscriber of the block, stating the reason
    for the block. The block shall be removed as soon as the suspicion has been refuted.

9. Defect Claims

Any obligations, rights and remedies with regard to defects of the Service are the sole responsibility of the Reseller and are governed by the Purchase Contract.

10. Duties and Obligations of Subscriber

  1. Subscriber shall perform all cooperation duties required from Subscriber for the proper performance of the Service by Provider. In particular, Subscriber is obliged to:

    1. change all passwords allocated by Provider into passwords known only to Subscriber, to keep usage and access authorizations assigned to Subscriber secret, to protect them against access by third parties and not to disclose them to unauthorized users. These data shall be protected by suitable and effective measures. Subscriber shall notify Provider without undue delay in case of any suspicion that unauthorized persons might have obtained knowledge of access data and/or passwords;

    2. set up the system requirements necessary on Subscriber’s end as described in the Service Description;

    3. access and use the Service in strict compliance with all applicable laws and regulations including, without limitation, intellectual property laws, antitrust and competition laws, export control laws, and the use shall not conflict with any agreement that Subscriber has signed with any third party;

    4. comply with the restrictions/obligations with regard to the rights of use under Section 6 and to prosecute any violations of these obligations effectively and with the objective of preventing future violations;

    5. obtain the necessary consent from affected persons to the extent “personal data” or “personally identifiable information” are collected, processed or used within the Service and no statutory or other permission applies;

    6. respond to any data subject access requests pertaining to any “personal data” or “personally identifiable information” collected and processed within the scope of the Services in accordance with applicable law; and

    7. check data and information for viruses and other malware prior to sending data and information to Provider and to implement anti-virus programs in accordance with the state of the art.

  2. Subscriber is not authorized:

    1. to obtain access to non-public areas of the Service or to the technical systems on which the Service is based;

    2. to utilize robots, spiders, scrapers or other similar data collection or extraction tools, to utilize programs, algorithms or methods to search, access, acquire, copy, or monitor the Service outside of the documented API endpoints;

    3. to knowingly send Subscriber Data with viruses, worms, Trojans or other infected or harmful components, or to otherwise interfere in the proper functioning of the Service;

    4. to decrypt, decompile, disassemble, reconstruct or to otherwise attempt to discover the source code of the Service, any software or proprietary algorithms used, except as permitted under mandatory applicable laws;

    5. to test, scan, or examine the vulnerability of the Service, or

    6. to intentionally utilize devices, software or routines which have a disruptive effect on the Services, functions or usability of the Service or willfully destroy other data, systems or communications, generate excessive load, or harmfully interfere, fraudulently intercept or capture.

    7. To disguise or falsify its IP address or geo location from which the Service is used e.g. by utilizing VPN or similar methods.

11. Data Privacy

  1. The Parties shall comply with all applicable laws and regulations, including but not limited to data protection laws and commit their employees engaged in connection with the performance of the Service to data protection and the
    applicable Data Protection Addendum (attached as Exhibit A), except to the extent that they are already under a general obligation to act accordingly.

  2. If Subscriber processes “personal data” or “personally identifiable information” as defined by law, Subscriber warrants authorization under applicable law and the Data Protection Addendum (Exhibit A). Subscriber shall defend and indemnify Provider against any claims arising from alleged infringeaw and the applicable Data Protection Addendum (attached as Exhibit A), and in the event of any alleged infringement, Subscriber shall defend and indemnify Provider from and against any and all claims that may arise from any alleged infringement, including third-party claims.

  3. Provider shall only process Subscriber Data to the extent required to provide the Service. Subscriber consents to the processing of such data to this extent.

  4. To the extent the Subscriber Data to be processed by Provider is qualified as “personal data” or “personally identifiable information”, such processing by Provider constitutes commissioned data processing. Provider shall comply with the statutory requirements of commissioned data processing and with the instructions of Subscriber (e.g. to comply with obligations to delete and block). In the event of commissioned data processing, the Parties will enter into a data protection addendum in order to govern the details of data processing.

  5. The obligations pursuant to this Section 11 shall continue to exist as long as Subscriber Data is in the area of influence of Provider, also after the termination date of the Purchase Contract.

12. Confidentiality

  1. The Parties shall observe the confidentiality of all information which is to be treated as confidential and obtained in the context of this contractual relationship, or shall, respectively, only use it in relation to third parties, for whatever purpose, subject to the prior written agreement of the other Party. Information to be treated as confidential includes information explicitly marked as confidential by the Party communicating the information and information where the confidentiality thereof derives from the circumstances of its provision.

  2. Affiliates and subcontractors of Provider are not to be considered third parties with regards to the obligation of Section 12.1 above.

  3. Notwithstanding the above, Provider shall be free to exchange confidential information required for the provision and technical set up or maintenance of the Service for Subscriber with the Reseller or such third parties that, based on a separate agreement with Subscriber, are responsible for the technical installation and set up or maintenance of the Service for the Subscriber. Such exchange of confidential information, however, is limited to information needed for the contractual responsibility of such third party towards the Subscriber and subject to an equivalent confidentiality obligations between Provider and such third party.

  4. The obligations under Section 12.1 shall not apply to such information or parts thereof for which the receiving Party proves that it

    1. was known to the receiving Party or generally accessible prior to the date of receipt or became known from a third party after the date of receipt in a lawful manner and without any confidentiality obligation; or

    2. was already known to the general public or was generally accessible prior to the date of receipt; or

    3. became known to the general public or became generally accessible after the date of receipt without the receiving Party being responsible for this; or

    4. has waived its right to confidentiality in respect of which the notifying Party has waived its right to confidentiality by means of a written declaration to the receiving Party.

  5. The obligations under Section 12.1 shall survive termination of these Terms of Use for an indefinite period, as long as a criterion for an exception pursuant to Section 12.2 has not been evidenced.

13. Liability

  1. Any liability claims by Subscriber based on defects or malperformance of the Service must be made against Reseller under the Purchase Contract. Subject only to Section 13.2 any claims against Provider based on defects or malperformance of the Service are excluded.

  2. IN ANY EVENT PROVIDER SHALL NOT BE LIABLE FOR ANY DIRECT, INDIRECT, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES, WHETHER BASED ON CONTRACT, TORT OR ANY OTHER LEGAL THEORY (INCLUDING,
    WITHOUT LIMITATION, DAMAGES FOR LOSS OF DATA OR ANY OTHER CONTENT, LOST PROFITS, BUSINESS INTERRUPTION, OR ANY OTHER LOSSES), ARISING OUT OF ANY USE OF THE SERVICES OR ANY PERFORMANCE OF THE PURCHASE CONTRACT (INCLUDING, WITHOUT LIMITATION, USE, INABILITY TO USE, OR THE RESULTS OF USE OF THE SERVICES, INTELLECTUAL PROPERTY INFRINGEMENT OR MISAPPROPRIATION OR SECURITY BREACHES RELATED TO THE SERVICES.

  3. PROVIDER’S AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THE SERVICES WILL NOT EXCEED THE AMOUNT PAID BY SUBSCRIBER HEREUNDER IN THE TWELVE (12) MONTHS PRECEDING A CLAIM. THE ABOVE LIMITATION WILL APPLY WHETHER AN ACTION IS IN CONTRACT OR TORT AND REGARDLESS OF THE THEORY OF LIABILITY.

14. Term, Termination

  1. Except as otherwise agreed, the stipulations set forth herein shall enter into force upon acceptance of these Terms of Use and shall remain valid for the time the Subscriber has access to the Service.

  2. Unless specifically agreed otherwise between Reseller and Subscriber in the Purchase Contract, the use rights granted herein based on a valid License Code, shall be limited for a period of one (1) calendar year from the date of activation.

  3. The Parties’ statutory right to terminate for cause without notice shall remain unaffected.

15. Obligations upon and after Termination

The Provider shall delete Subscriber Data from all Provider systems one month after the end of the End-User Subscription Term, unless the Subscriber obtains a new License Code to continue using the Service or if there are legal retention periods to the contrary. The Subscriber is obliged to export and save the Subscriber Data on his own responsibility in good time before expiry of the End-User Subscription Term.

16. Export Control

  1. Subscriber is aware that the use of the Service may be subject to import/export restrictions. In particular there may be national or other foreign country’s approval requirements, or use of the Service and related technologies may be subject to such relevant country’s restrictions/limitations.

  2. Subscriber shall comply with respectively applicable national and international import/export control regulations, and with all other relevant regulations.

  3. Provider’s provision of Services is subject to such fulfillment not being opposed by impediments due to national or international import/export regulations or by any other statutory provisions.

  4. Delays due to export examinations or approval procedures render deadlines and delivery dates inapplicable. If necessary approvals are not granted or if the delivery of the Service is not capable of being approved, Provider shall be relieved from providing the Service.

  5. The Provider has the right to terminate the provision of the Service without notice if such termination is necessary for the Provider in order to comply with national or international legal provisions. In the event of termination, the Subscriber is excluded from raising a claim for any damage or other rights on account of the termination.

  6. The Service shall not be utilized for military purposes or for nuclear technology purposes.

17. Miscellaneous

  1. These Terms of Use and all disputes between the Parties arising out of or related thereto shall be governed by the laws of the State of Michigan except for its choice of law rules; the United Nations Convention on the International Sale of Goods shall not apply. Provider and Subscriber acknowledge that these Terms of Use evidence a transaction involving interstate commerce. Provider and Subscriber shall first endeavor to resolve through good faith negotiations any dispute arising under or related to the Terms of use or with respect to the Services. If a dispute cannot be resolved through good faith negotiations within a reasonable time, either Party may request non-binding mediation by a mediator approved by both Parties. If mediation fails to resolve the dispute within thirty (30) days after the first mediation session, then, upon notice by either Party to the other, any and all disputes, controversies, differences, or claims arising out of or relating to the Terms of Use (including the formation, existence, validity, interpretation (including of this Arbitration clause), breach or termination thereof) or the Services shall be resolved exclusively through binding arbitration, except that either Party shall have the right, at its option, to seek injunctive relief, under seal to maintain confidentiality to the extent permitted by law, (i) in either the
    Michigan Circuit Court for the County of Oakland or the United States Court for the Eastern District of Michigan, or (ii) pursuant to the American Arbitration Association Optional Rules for Emergency Measures of Protection. A request by a Party to a court of competent jurisdiction for such interim measures shall not be deemed incompatible with, or a waiver of, this agreement to arbitrate. The Parties agree that any ruling by the arbitration tribunal on interim measures shall be deemed to be a final award for purposes of enforcement. The arbitration proceedings shall be conducted in accordance with the Commercial Arbitration Rules of the AAA including application of the Optional Rules for Emergency Measures of Protection as amended from time to time, except as modified by this clause or by mutual agreement of the Parties, and shall be governed by the United States Federal Arbitration Act. Within 14 days after the commencement of arbitration, each party shall select one person to act as arbitrator and the two selected shall select a third arbitrator within 10 days of their appointment. If the arbitrators selected by the Parties are unable or fail to agree upon the third arbitrator, the third arbitrator shall be selected by the AAA. The arbitration shall be conducted in Detroit, Michigan, and the language of the arbitration shall be English. The arbitrators’ award shall be final and binding. The arbitrators shall issue a written opinion setting forth the basis for the arbitrators’ decision. The written opinion may be issued separately from the award by the arbitrators where necessary to preserve confidentiality, in the arbitrators’ discretion. Each Party shall bear its own fees and costs, and each Party shall bear one half the cost of the arbitration hearing fees, and the cost of the arbitrator, unless the arbitrators find the claims to have been frivolous or harassing, which may include an award of legal fees and costs. Either Party may apply to have the arbitration award confirmed and a court judgment entered upon it. Venue for confirmation of or any challenge to the Arbitration Award shall be in either the Michigan Circuit Court for the County of Oakland or the United States Court for the Eastern District of Michigan and shall be done under seal to maintain confidentiality to the maximum extent permitted by law. The arbitrators shall have no authority to award punitive damages or any other damages excluded herein, to the maximum extent permitted by law. Except as may be required by law, neither a Party, its counsel, nor an arbitrator may disclose the existence, content, or results of any arbitration hereunder without the prior written consent of both Parties.

  2. Legally relevant statements and notices to be delivered to Provider by Subscriber after acceptance of these Terms of Use (e.g. setting of time limits, notification of defects, and declaration of rescission or price reduction) must be made in text form in order to be effective.

  3. Should any provision of these Terms of Use be or become invalid or unenforceable, this shall, however, not affect the remaining provisions.

EXHIBIT A

Data Protection Addendum

This Data Protection Addendum, including its Annexes (“Addendum”) is entered into as of date of acceptance of the Terms of Use, by and between IQSIGHT, LLC (“Provider”) and Subscriber (“Subscriber” or “Customer”). Provider and Customer may hereinafter be referred to individually as a “Party”, and collectively, as the “Parties”. This Addendum applies to all Processing activities carried out by the Provider in connection with the SaaS Terms and Conditions of Use between the Parties (“Agreement”). In the event of any conflict between the terms of the Agreement and the terms of this Addendum, the terms of this Addendum shall prevail.

WHEREAS, Customer is a “business” subject to the “Data Protection Requirements” as they may be amended or superseded, which shall be defined as including but not limited to the California Consumer Privacy Act of 2018 and the California Privacy Rights Act of 2020 ("CCPA"), Virginia Consumer Data Protection Act (“VCDPA”), Colorado Privacy Act (“CPA”),Connecticut Data Privacy Act (“CTDPA”), Utah Consumer Privacy Act (“UCPA”); and Provider (i) is Customer’s “service provider” or the “processor” under the Data Protection Requirements who is providing services to Customer as a “controller” or “business” pursuant to the Agreement, and (ii) Processes (as defined below), on behalf of Customer, Personal Data (as defined below) that is necessary to perform the services under the Agreement. For the avoidance of doubt, Provider shall act as a “processor” as defined by Data Protection Requirements, and Customer shall act as a “controller” as defined by Data Protection Requirements.

WHEREAS, the Parties wish to set forth the additional terms, requirements and conditions on which the Provider will obtain, handle, process, disclose, transfer, or store such information.
NOW THEREFORE, in consideration of the mutual covenants set forth herein, the receipt and sufficiency of which are hereby acknowledged, the Parties hereby agree as follows:

Definitions:

“Aggregate Data” and “Anonymized Data” shall have the meanings given to those terms under applicable “Data Protection Requirements”.

“Customer Data” means all data, information, or other content and materials that is (a) transmitted or provided to Provider by Customer or a third party on behalf of Customer, or (b) uploaded by or for Customer via the product or deliverable provided by Provider under the Agreement and processed by or for Customer using the Services.

“Data Protection Requirements” collectively refers to the US Data Protection Laws, and other applicable data protection requirements.

“Personal Data” means information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household received or collected by Provider pursuant to the Agreement or any information that is defined as “personal data” or “personal information” or equivalent concept by applicable Data Protection Requirements.

“Process” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, access, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

“Privacy Commissioner” means the applicable governmental authority with jurisdiction to enforce Data Protection Requirements.

“Security Incident” means (1) any actual accidental loss or unauthorized destruction; disclosure of, access to, acquisition of, or use; theft, misplacement or unauthorized copying; unauthorized use, access, communication or processing, or unauthorized damage, alteration or modification of Customer Data and/or Personal Data that is held or stored by Provider or its subprocessors; or (2) any event that indicates that the security of an information system, service, or network may have been breached or compromised.

“US Data Protection Requirements” means any present or future data protection requirement or regulation that relates to data privacy, data security, or the use or other Processing of Personal Data within the United States of America, including without limitation: (a) the California Consumer Privacy Act of 2018 and the California Privacy Rights Act of 2020 (together with any related regulations, the "CCPA"); (b) the Virginia Consumer Data Protection Act (together with any related regulations, the “VCDPA”); (c) the Colorado Privacy Act (together with any related regulations, the “CPA”); (d) the Connecticut Data Privacy Act (together with any related regulations, the “CTDPA”); (e) the Utah Consumer
Privacy Act (together with any related regulations, the “UCPA”); (f) any Federal Trade Commission rules, guidelines and staff reports; Data Protection Requirements and regulations which the Customer is obliged to impose on Provider; (g) any Data Protection Requirements, regulations, or decisions that ratify, implement, adopt, supplement or replace any of the foregoing; (h) and any amendments to any of the foregoing.

1. Compliance with Requirements. Each Party warrants that it will comply with, all applicable Data Protection Requirements and security guidance promulgated by a governmental authority whether in effect at the time of execution of this Addendum or coming into effect thereafter. Provider agrees to provide the same level of protections to Personal Data as required of Customer by the Data Protection Requirements.

2. Ownership and Use of Customer Data and Personal Data.

  1. In connection with the Agreement, Provider has received, may receive, and/or may have access to Customer Data, including but not limited to Personal Data, which information may be subject to Data Protection Requirements. Customer makes information available to the Provider for processing to enable the Provider to provide assistance with the preparation of affirmative action plans and related compliance support. Customer is disclosing information to the Provider solely for such business purpose, as described in detail in the Agreement. Customer Data and Personal Data is and at all times shall remain the sole property of Customer. Customer warrants that it has obtained the Personal Data in compliance with all applicable Data Protection Requirements. Provider shall not possess or assert any lien or other right against or to the Customer Data or Personal Data. Provider agrees to restrict its personnel (including any subcontractor personnel) and subprocessors (subject to Section 5) from accessing or using any Customer Data and Personal Data except in furtherance of its obligations under the Agreement and this Addendum as specifically permitted as noted under Annex 1, Details of Processing. Provider shall put in place measures to ensure that access to Personal Data is limited to employees who have a need to access the Personal Data to comply with the Addendum and Agreement. Any employees who have access to Personal Data must: (i) not process the data except on instructions from Customer, unless required to do so by law; (ii) be subject to confidentiality undertakings or professional or statutory obligations of confidentiality; (iii) comply with applicable Data Protection Requirements in the context of that individual’s duties to Customer; and (iv) undergo privacy and security training at least annually at Provider’s expense. Provider shall use and Process the Customer Data and Personal Data only in accordance with the written instructions of the Customer and not for any purpose other than for providing services to Customer in connection with the Agreement unless otherwise required by law.

  2. Provider shall not: (i) sell, assign, lease, or share Personal Data it collects pursuant to the Agreement with any third party ; (ii) retain, use or disclose the Personal Data for any purpose other than the purposes specified in the Agreement, including retaining, using or disclosing the Personal Data for any commercial purpose other than to provide Provider’s services to Customer; (iii) retain, use or disclose the Personal Data outside of Provider’s direct business relationship with Customer; (iv) combine the Personal Data with information received from or on behalf of another person or entity, or the Personal Data that Provider collects from its own interactions with Data Subjects; or (viii) attempt to re-identify de-identified data. Provider must only use de-identified data in de-identified form and must take reasonable measures to ensure that a person cannot associate the de-identified data with an individual.

  3. Customer warrants that it has obtained all consents, permissions and rights necessary for Customer, and its affiliates and sub-processors, to lawfully process Personal Information for the purposes contemplated by the Agreement.

  4. Customer acknowledges and agrees that Provider (excluding any other Provider agents or representatives) may, in addition to the processing activities under this Addendum, use the Customer Data in anonymized form to analyze, improve and operate the services or deliverables provided by Customer under the Agreement, and otherwise for any business purpose, during and after the term of the Agreement. Aggregate and anonymized data shall only include data or information which is NOT specifically identifiable to a data subject.

  5. To the extent that a Data Protection Impact Assessment or Privacy Impact Assessment is required under Data Protection Requirements, Provider will provide Customer with reasonable assistance (at Customer’s cost) with conducting the Assessments and consultation with Privacy Commissioners (if any) or any other government entity or supervisory authority as required by Data Protection Requirements.

  6. The Provider shall process Personal Data only in accordance with terms of this Addendum and/or any written instructions provided by Customer as provided in the Agreement or Annex 1.

  7. The Provider shall assist the Customer in dealing with data subject requests related to Personal Data that will be processed under the Agreement. In the event that Provider receives a request, Provider shall, to the extent not prohibited by applicable Data Protection Requirements or any regulatory authority, civil action or internal discovery, notify Customer in writing of the request within three (3) calendar days and must forward the request directly to the Customer. Customer is responsible for communicating directly to data subjects on such requests. Both parties agree to make information necessary to comply with a request available to the other party.

  8. If Provider or any of its subprocessors are requested pursuant to, or become compelled by, applicable law, regulatory request, legal process, warrant, subpoena or court order to disclose Customer Data or Personal Data belonging to the Customer, Provider will provide the Customer with advance notice of such intended disclosure so that the Customer may seek a protective order, confidentiality order or other appropriate remedy. Provider will furnish only that portion of the Customer Data or Personal Data, which is legally required, and Provider will cooperate with the Customer’s efforts to obtain reliable assurance that confidential treatment will be accorded to such data.

  9. Provider shall not retain Customer Data or Personal Data, or any portion thereof, in any manner whatsoever, beyond 30 days following the expiration or termination of the Agreement, except as required by the Agreement, by Data Protection Requirements, or as otherwise agreed to between the parties in writing. Upon termination or expiration of the Agreement, Customer Data (including notes on and copies thereof) shall be promptly returned to Customer in any reasonable manner mutually agreed to by the Customer and Provider or, if Customer so elects or return is not feasible, shall be destroyed by Provider. If Customer instructs Provider to destroy Customer Data, then at Customer’s request Provider shall provide written certification of destruction.

  10. Provider shall immediately inform Customer in writing if one of its instructions or assertion of rights under this Addendum infringe applicable Data Protection Requirements or Provider makes a determination that it can no longer meet its obligations under Data Protection Requirements.

  11. Provider shall not do, or cause or permit to be done, anything in relation to the Customer Data and/or Personal Data provided to or processed by Provider which may result in a breach by Customer of any applicable laws, regulations, regulatory requirements, or Data Protection Requirements. Provider shall not send any commercial electronic messages on behalf of Customer. Further, Provider shall comply with all reasonable requests or directions by Customer to enable it to verify and/or procure that Provider is in full compliance with its obligations under this Addendum.

3. Subprocessors (additional Service Providers)

  1. The Customer agrees to the Provider’s involvement of the subprocessor(s) listed within Annex 1. Provider shall inform Customer in writing no less than four weeks prior to involving or replacing any subprocessor. The Customer may object to such a change. Any objection must be communicated within 14 calendar days, and all reasons must be specified explicitly. If no objection is made within this time frame, Customer shall have deemed to have accepted subprocessor. If Customer objects, the Parties shall work together in good faith to agree on a reasonable solution, which may include termination of this Addendum or the Agreement without penalty. A method for delivery shall be established between the Parties. For any subprocessor engaged by Provider, Provider is responsible and liable for any such subprocessor’s compliance with the obligations under this Addendum, including liability for acts or omissions of subprocessors.

  2. In addition to the processing activities set forth in the Agreement, upon Customer request, the Provider shall provide any additional information regarding the processing activities of its subprocessors, including but not limited to any contract or legal instrument.

  3. The Provider shall impose the same obligations as set forth in this Addendum on any subprocessor engaged by Provider in connection with this Addendum and shall do so via written agreement. The Provider shall carefully select the subprocessor under consideration of the appropriateness of the technical and organizational security measures taken by the subprocessor.

4. Data Security Breach Notification. In the event of a Security Incident, Provider shall: (a) promptly notify Customer by a method to be established by the Parties, no
later than 72 hours of the Security Incident providing sufficient available detail for Customer to determine the date and scope of the Security Incident and identity of those affected by the Security Incident; (b) reasonably assist in investigating, remedying or taking other necessary action; (c) implement a plan to mitigate the effects of the Security Incident, (d) identify Personal Data affected by the Security Incident and take sufficient steps to prevent the continuation and recurrence of the Security Incident; (e) provide information and assistance needed to enable Customer to evaluate the Security Incident and, as applicable, to comply with any obligations to provide timely notice and information about the Security Incident to affected individuals or relevant regulators; and (f) cover the reasonable costs associated with any notification and investigation obligations of Customer related to a Security Incident and provide additional details as they become available at the request of Customer.

5. Security. Provider shall maintain and comply with a comprehensive cybersecurity and privacy program, which shall include reasonable, appropriate, and adequate technical, organizational, physical, administrative and security measures that are designed to prevent the unauthorized use, disclosure or access of Customer Data (the “Data Security Program”). The Provider implements security measures informed by recognized industry-standard frameworks, including ISO 27001 and the NIST Cybersecurity Framework, which serve solely as guiding references within its risk-based security program. Any such references describe general orientation only and shall not be interpreted as a warranty, representation, or contractual commitment to meet, achieve, or maintain any specific standard or certification. The Provider may update or adjust its security measures in accordance with its risk-management procedures and operational requirements.

6. Audits and Inspection.

  1. Provider shall perform self-audits as required by Data Protection Requirements that verify its information security practices and implementations as they relate to Provider’s obligation under the Agreement including this Addendum.

  2. Customer shall have the right to conduct a reasonable security assessment audit annually, or with reasonable notice when based upon a reasonable belief that Provider has failed to comply with the terms of this Addendum or applicable Data Protection Requirements (remote, onsite or both), in connection with the services provided under the Agreement. Provider shall fully cooperate with Customer in connection with such audit including without limitation with inspections for data privacy and security compliance, and with self-assessment security compliance reviews. Onsite inspections will be done by Customer authorized representatives upon reasonable advance notice during regular business hours and subject to compliance with Provider’s onsite safety and security policies and Processes. Provider agrees to allow Customer to monitor Customer Data in any reasonable manner determined by Customer to detect the improper, unlawful or unauthorized access to, use of or disclosure of Customer Data as long as the method of monitoring the Customer Data will not cause Provider to be in breach of applicable Data Protection Requirements.

  3. Customer shall have the right to take reasonable and appropriate steps to stop and remediate any unauthorized use of Personal Information by the Provider. Provider shall remedy any non-compliance identified hereunder in a timely manner.

7. Indemnification. In addition to its other indemnification obligations, including in the Provider Agreement(s), Provider shall indemnify, defend and hold harmless the Customer, its affiliates, and their respective officers, directors, employees, and agents from and against any and all claims, losses, damages, and liabilities (including reasonable attorney fees), arising out of or relating to Provider’s breach of this Addendum. Customer shall have the right, at its cost, to participate in the defense of any claims concerning matters that relate to Customer. Provider may not enter into any settlement of such claims without Customer’s express written consent (which shall not be unreasonably withheld), unless such settlement (i) releases Customer in full for all claims, (ii) does not impose any obligation on Customer, other than amounts to be paid directly by Provider (and not Customer), and (iii) includes no admission of any kind by or on behalf of Customer.

8. Limitation of Liability. Each Party’s liability, taken together in the aggregate, arising out of or related to this Addendum, whether in contract, tort or under any other theory of liability, is subject to the ‘Limitation of Liability’ section of the Agreement, and any reference in such section to the liability of a Party means the aggregate liability of that Party under the Agreement and this Addendum.

9. Survival. Notwithstanding anything herein or in the Agreement to the contrary, each Party’s obligations under this Addendum shall survive termination or expiration of the Agreement for so long as Provider maintains any Customer Data in its possession.

10. Integration/Conflict. This Addendum is hereby made an integral part of the Agreement and shall remain in effect for so long as the Agreement remains in effect. The Agreement, including this Addendum, constitutes the entire agreement between the Parties regarding the subject matter hereof and thereof, and supersedes any prior agreement, whether written or oral. In the event of a conflict between the terms of this Addendum and the terms of the Agreement, the terms of this Addendum shall take precedence.

11. Notices. All notices and communications given under this DPA must be in writing and will be delivered personally, sent by post or sent by email as set forth below:
- For Provider: Dataprotection.Keenfinity@keenfinity-group.com

12. Certification. By accepting this Agreement, IQSIGHT, LLC certifies that it understands the restrictions set forth and will comply with them.

Annex 1: Subprocessor of the Data Processor

Company name, direction of the subprocessor and contact partner for data protection questions

Content of assignment (Scope of the commission by the Data processor)

Place of data processing and/or storage

Transmission of/access to personal data of the Data controller (category of data and data subjects)

1

Amazon Web Services (AWS)

Infrastructure/Hosting Provider (as outlined in security concept)

AWS Infrastructure Regions: USA-EAST (USA), ASIA-PACIFIC (Singapore) and EUROPE (Germany)

All categories and data subjects listed in the specific service description

2

Thales EMS

License management system

Tour Carpe Diem 31, Place des Corolles - Quartier La Defense, COURBEVOIE EUROPE (France)

Minimal information to identify a customer or Remote Portal company

3

Keenfinity GmbH
https://id.keenfinity.tech/pages/en-us/corporate-information.html

Keenfinity user hub

EUROPE (Germany)

Identity of the Remote Portal user account and associated attributes

4

Google Analytics

web analytics tools

EUROPE

Usage data of Remote Portal

5

Google Maps

Maps api

EUROPE

Device location & site information

6

Google Gemini

Gemini api

EUROPE

Prompt & video frames

7*

VXG https://www.videoexpertsgroup.com/

Cloud video storage

USA-EAST (USA) and EUROPE (Germany)

Video footage

8

Cloud.IAM

Keycloak

EUROPE (Germany)

Basic user profile data, such as the user email, first name, and last name.
Device information collected for audit and security purposes, such as the IP address, operating system
name, and the browser name.

9

Microsoft Azure

Infrastructure/Hosting Provider (as outlined in security concept)

NORTH AMERICA (USA)

All categories and data subjects listed in the specific service description

10

L1 tec support (Timisoara) technicalsupport.emea@keenfinity-goup.com

Restricted group of Technical Support

EUROPE (Romania)

Contact name and description of system setup

11

L1 tec support (Heredia)
technical.support@iqsight.com

Restricted group of Technical Support

NORTH AMERICA (Costa Rica)

Contact name and description of system setup

*Only applicable for Alarm Management and VideoView+ for cameras service

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close