Sprii, General Terms and Conditions

1. Change Log

Summary of Updates to Sprii Terms:

We have reorganized and clarified our Terms to make them easier to understand, including:

1. improved structure and clearer definitions
2. updated SLA and liability wording
3. strengthened Data Processing Agreement based on EU standards
4. clearer explanations of fees, renewal, and usage rules
5. updated termination and indemnification sections for transparency

No changes have been made that reduce your rights or materially affect your subscription.

2. Introduction

These General Terms and Conditions (the “Terms”) govern your access to and use of Sprii’s websites, applications, and related services (collectively referred to as the “Service” or “Sprii”).

By accessing, creating an account, or otherwise using any part of the Service, you acknowledge that you have read, understood, and agree to be bound by these Terms.

If you or your organization have entered a separate written Contract with Sprii, that Contract shall prevail in the event of any conflict with these Terms.

These Terms apply to all Users of the Service, including individuals and organizations using Sprii for business or commercial purposes.

In the event of discrepancies between translated versions of these Terms, the English version shall prevail.

3. Sprii Services

For the purposes of these Terms, the “Service” or “Sprii Services” includes the following primary components:

1. Shop.Sprii.io (“Hosted Checkout”) – Sprii’s hosted checkout solution enabling Users to process online transactions without operating their own webshop.
2. Sprii.io (“Website”) – Sprii’s main corporate and informational website.
3. App.Sprii.io (“Web Application”) – Sprii’s central platform where Users manage subscriptions, campaigns, analytics, and integrations.
4. Sprii Onsite (“Embeddable Player”) – A video player with built-in checkout functionality that can be embedded directly on a User’s website for live shopping experiences.
5. Sprii HOST App (“Mobile Streaming App”) – A mobile application allowing Users to broadcast live shopping events from their mobile devices.
6. Marketplace.Sprii.io (“Live Shopping Marketplace”) – Sprii’s centralized marketplace where brands and creators can host live shopping events and reach audiences beyond their own channels. This feature is currently offered in beta and is available only to Users located in Denmark unless otherwise agreed in writing with Sprii.

Sprii may expand, modify, or discontinue elements of the Service at any time in accordance with these Terms. Use of any new or modified feature constitutes acceptance of the updated Service.

4. Definitions

In these Terms, the following expressions have the meanings set out below:

• “User”, “Customer”, or “You” means the individual or legal entity that registers for, subscribes to, or uses the Service.
• “Sprii”, “we”, “our”, or “us” means Sprii ApS, Business Registration No. 42084476, Sommervej 31E, 8210 Aarhus V, Denmark.
• “Service” or “Sprii Services” means the Sprii platform, websites, applications, and related offerings provided by Sprii under these Terms or an applicable Contract.
• “Contract” means a separate written agreement entered between Sprii and a User governing specific commercial or technical terms for the use of the Service. In case of any conflict between a Contract and these Terms, the Contract shall prevail.
• “End Consumer” means the purchaser, viewer, or recipient of goods or services from a User through the Service.
• “Content” means any data, text, images, videos, or other material uploaded, submitted, or otherwise made available through the Service by a User.

Subscription and Renewal Terms:

• “Subscription Start Date” means the calendar day on which the User’s subscription begins.
• “POC Term” (Proof-of-Concept) means a trial period before the start of the subscription during which the subscription can be terminated early without the full Initial Term applying.
• “POC End Date” means the final day of the Proof-of-Concept period. Unless cancelled before the POC Cancellation Deadline, the subscription automatically renews into the Initial Term.
• “POC Cancellation Deadline” means the last date on which the User may cancel to prevent renewal beyond the Proof-of-Concept period.
• “POC Cancellation Term” means the minimum notice period used to define the POC Cancellation Deadline with reference to the POC End Date.
• “Initial Term” means the period between the Subscription Start Date and the first Renewal Date. After this period, the subscription automatically renews for the Renewal Term unless cancelled before the Subscription Cancellation Deadline.
• “Renewal Term” means the period between renewal dates. Each Renewal Term automatically renews for the same length unless cancelled before the Cancellation Deadline.
• “Subscription Renewal Date” means the date on which a Renewal Term begins, unless the subscription is cancelled before the Cancellation Deadline.
• “Subscription End Date” means the last day of the subscription. The subscription does not automatically renew beyond this date.
• “Subscription Cancellation Deadline” means the final date on which the User may cancel to prevent renewal into a new Renewal Term.
• “Subscription Cancellation Term” means the minimum notice period used to define the Subscription Cancellation Deadline with reference to the Subscription Renewal Date.
• “Commitment Period” means the initial minimum period during which the User’s subscription remains binding under a Contract or these Terms.
• “Billing Cycle” means the interval at which charges are issued (e.g., monthly), regardless of the overall subscription term length.
• “Payment Term” means the number of days between the invoice date and the payment due date.

5. General information

Company Details

Sprii ApS

Sommervej 31E, 8210 Aarhus V, Denmark

Business Registration No. 42084476

Phone: +45 3515 4033

Email: hey@sprii.io

Legal Status

Sprii ApS is a private limited company incorporated under Danish law.

Governing Law and Venue

These Terms, and any Contract between Sprii and the User, are governed by and construed in accordance with the laws of Denmark.

The exclusive venue for any dispute arising out of or in connection with these Terms or a Contract shall be the courts of Aarhus, Denmark.

6. Confidentiality

6.1. Definition

“Confidential Information” means any non-public information disclosed by one party (“Disclosing Party”) to the other (“Receiving Party”) in connection with the Service or a Contract, whether in written, oral, electronic, or other form, and whether marked as confidential or not, that a reasonable person would understand to be confidential.

6.2. Obligations

Each party shall:

1. Keep all Confidential Information strictly confidential and use it solely for the purpose of performing under these Terms or a Contract.
2. Not disclose Confidential Information to any third party without the prior written consent of the Disclosing Party, except to its employees, contractors, or professional advisers who need to know it for the permitted purpose and who are bound by equivalent confidentiality obligations.
3. Take all reasonable measures to protect Confidential Information from unauthorized access, loss, or disclosure.

6.3. Exceptions

Confidential Information does not include information that:

1. Is or becomes public other than through a breach of these Terms;
2. Was lawfully known to the Receiving Party before disclosure;
3. Is independently developed without use of or reference to the Confidential Information; or
4. Is required to be disclosed by law, regulation, or court order, provided that the Receiving Party (where legally permissible) gives prompt written notice to the Disclosing Party before such disclosure.

6.4. Duration

The confidentiality obligations set out in this Section shall survive termination of these Terms or any Contract for a period of five (5) years, or longer where required by applicable law or where the information concerns trade secrets.

6.5. Anonymized and Aggregated Data

Nothing in this Section shall prevent Sprii from collecting, using, or sharing aggregated or anonymized data derived from the Service, provided such data does not identify any individual or disclose any User Confidential Information.

7. Processing of personal data 

7.1. Compliance with Data Protection Laws

Sprii and the User shall comply with all applicable data protection laws, including the EU General Data Protection Regulation (GDPR) and equivalent local legislation, in connection with their use of the Service.

7.2. Data Processing Agreement (DPA)

Where Sprii processes personal data on behalf of the User as a data processor, such processing shall be governed by Sprii’s Data Processing Agreement (DPA), which forms an integral part of these Terms and is included as an Annex.

By accepting these Terms or entering a Contract with Sprii, the User acknowledges and accepts the DPA.

7.3. User Responsibility

The User is responsible for ensuring that any personal data shared with Sprii or processed through the Service is collected and processed lawfully and in compliance with applicable data protection requirements, including providing necessary notices to and obtaining valid consents from data subjects where required.

7.4. Independent Controllers

If and to the extent that Sprii and the User each determine the purposes and means of processing personal data independently, they act as separate data controllers, each responsible for its own compliance with applicable data protection obligations.

8. Fees and Services

8.1. Subscription Fees

The User shall pay the subscription fees applicable to the selected Subscription Plan. Subscription fees may include a monthly base fee and any add-ons, modules, or feature packages selected by the User. Subscription fees apply throughout the Commitment Period, Initial Term, and any Renewal Term.

Subscription fees are non-refundable, except where required by applicable law.

8.2. Transaction-Based Fees

Certain Sprii Services include transaction-based pricing. Transaction fees apply to transactions, checkout events, gamification events, reservations, lead events, or other measurable interactions as specified in the User’s Subscription Plan or Contract.

The calculation of transaction fees is governed by Annex 1: “Billing Rules and Fee Calculation”, which forms an integral part of these Terms.

8.3. Usage-Based Limits and Overage Fees

Some features of the Service include usage-based limits, such as streaming hours, viewing hours, SMS usage, campaign sendouts, or other measurable consumption.

If the User exceeds the limits included in the Subscription Plan, Sprii may charge overage fees in accordance with Annex 1: “Billing Rules and Fee Calculation.”

8.4. Sprii Host App

The Sprii Host App is provided free of charge as part of the Subscription and is available only to Apple Devices.

Streaming time through the Host App is subject to the same usage limits described under the Sprii Streaming Service above, including recorded streaming hour limits and any overage rules in accordance with Annex 1: “Billing Rules and Fee Calculation.”

8.5. Additional Services

Fees for onboarding, setup, training, development work, integrations, consultancy, workshops, or other Additional Services will be charged as specified in the applicable Contract, order confirmation, or statement of work.

Unless otherwise agreed, Additional Services are billed as one-time fees or on a time-and-materials basis at Sprii’s current rates.

8.6. Currency and Taxes

All fees are exclusive of VAT or other applicable taxes unless otherwise stated. Fees are payable in the currency specified in the Subscription Plan, Contract, or invoice.

The User is responsible for all taxes associated with their purchase and use of the Service, except for taxes imposed on Sprii’s net income.

8.7. Price Adjustments

8.7.1. Subscription Fees

Sprii may adjust the Subscription Fees, including the Fixed Monthly Cost and any recurring base charges, once per calendar year. Any adjustment will take effect from the first day of the next Renewal Term and will not exceed five percent (5%) of the previous fee, unless justified by significant increases in Sprii’s cost of delivery.

8.7.2. Transaction and Usage Fees

Sprii may adjust Transaction Fees and Usage Fees if changes occur in third-party costs or infrastructure costs that affect Sprii’s ability to provide the Service, including but not limited to changes in SMS provider pricing, streaming or platform API costs, payment service provider fees, or other external cost drivers. Sprii will notify the User in advance of any such adjustments.

8.7.3. Notice Requirement

Sprii shall provide the User with at least 90 days’ written notice of any intended price adjustment.

8.7.4 Right to Terminate

If the User does not accept a price adjustment, the User may terminate the subscription before the effective date of the adjustment.

8.7.5 Methods of Payment

The User must keep payment information accurate and up to date. Sprii accepts payment through the methods communicated to the User.

8.7.6. Failure to Pay

If the User fails to pay any amount when due, Sprii may charge default interest in accordance with applicable law, suspend access to the Service upon prior notice, and revoke discounts or promotional pricing.

Suspension does not relieve the User of any outstanding payment obligations.‍

9. Additional services

9.1. Scope of Additional Services

Sprii may provide Additional Services outside the standard functionality of the Platform, including but not limited to onboarding, training, workshops, consultancy, custom development, integrations, creative services, and technical assistance.

9.2. Ordering Additional Services

Additional Services must be agreed through a Contract, order confirmation, or written agreement between the parties. Sprii is not obligated to provide Additional Services unless such agreement is in place.

9.3. Fees for Additional Services

Unless otherwise agreed in a Contract, additional Services are billed as one-time fees or on a time-and-materials basis, at Sprii’s then-current rates, and Sprii may invoice separately for third-party costs such as travel, materials, software tools, or license fees required for the delivery of the service.

9.4. Delivery Timeline

Sprii will make reasonable efforts to deliver Additional Services within agreed timelines. Any time estimates provided are indicative only and not binding unless explicitly stated as binding in a Contract.

9.5. Light Integrations

Sprii may, at the User’s request, perform small-scale integrations between the Sprii Platform and the User’s webshop or related systems (“Light Integrations”).

Light Integrations are delivered at an agreed price and considered complete once the agreed functionality has been tested and confirmed operational.

The User acknowledges that subsequent changes to the User’s webshop, system configuration, third-party plugins, themes, API behaviour, or hosting environment may affect the functionality of the integration.

Any adjustments, fixes, or modifications required due to such changes will be treated as new work and billed separately at Sprii’s applicable rates.

Sprii does not guarantee that Light Integrations will remain functional if the third-party system introduces breaking changes, updates, or policy limitations.

9.6. Pricing for Additional Services and Light Integrations

Fees for Additional Services, including but not limited to development work, project management, workshops, onboarding, and Light Integrations, are charged according to the rates specified in the User’s Contract or the applicable Sprii Rate Card.

Such fees must be agreed in writing before Sprii commences the work.

9.7. Intellectual Property Rights

Unless otherwise agreed in writing, all deliverables, materials, custom developments, configurations, or integrations created by Sprii in connection with Additional Services remain the exclusive property of Sprii.

The User receives a non-exclusive, non-transferable right to use such deliverables as part of the Sprii Service.

9.8. Dependencies and Cooperation

The User shall provide Sprii with timely access, information, and cooperation necessary for the delivery of Additional Services. Delays caused by the User may result in rescheduling, additional fees, or extended timelines.

9.9. No Guarantee of Results

Sprii makes no guarantee that Additional Services will produce a specific commercial outcome, performance increase, or revenue result. Additional Services are provided on a reasonable-effort basis.

10. Invoicing and payment

10.1. Invoicing

Sprii will invoice the User according to the billing frequency set out in the User’s Subscription Plan or Contract.

All invoices are sent by email to the billing email address provided in the Sprii Platform.

For convenience, copies of previously issued invoices may also be available for download inside the Sprii Platform.

Email delivery constitutes the official issuance and delivery of the invoice.

Subscription fees are invoiced in advance, unless otherwise specified.

Usage-based or transaction-based fees are invoiced in arrears.

10.2. Payment Terms

The due date for each invoice depends on the selected payment method:

10.2.1. Credit Card

When the User pays by credit card, the invoice is due on the invoice date.

10.2.2. Bank Transfer

When the User pays by bank transfer, the invoice is due 8 days after the invoice date, unless a different due date is stated on the invoice.

The User is responsible for ensuring that Sprii has a valid and up-to-date billing email address and that payments are made on time regardless of the payment method chosen.

10.3. Accepted Payment Methods

Sprii accepts payment via:

1. credit card, processed through Sprii’s automated billing system, and
2. bank transfer, where available and agreed with Sprii.

When the User pays by credit card, Sprii may store and process the User’s payment details through a secure, PCI-compliant third-party payment processor for the purpose of recurring billing.

The User is responsible for ensuring that valid payment details are maintained at all times when card payment is used.

10.4. Late Payments

If an invoice is not paid on time:

1. Sprii may charge late interest at the maximum rate permitted by law;
2. Sprii may apply reasonable administrative fees for reminders or collection activities;
3. Sprii may suspend or limit access to the Service until all overdue amounts are settled.

Suspension does not relieve the User of the obligation to pay Subscription Fees for the applicable period.

10.5. Disputed Amounts

If the User disputes an invoice, they must notify Sprii in writing within 30 days of receiving the invoice, specifying the grounds for the dispute.

Undisputed portions of invoices must still be paid on time.

The parties will work in good faith to resolve any disputes.

10.6. Taxes

All fees are exclusive of VAT and other applicable taxes unless expressly stated otherwise.

The User is responsible for all taxes related to the use of the Service, except taxes based on Sprii’s net income.

10.7. Reconciliation and Overage Fees

Sprii may reconcile actual usage, including streaming hours, viewing hours, SMS usage, gamification events, and other measurable units, against the limits included in the Subscription Plan.

Any overage fees will be invoiced in arrears, as described in Annex 1: Billing Rules and Fee Calculation.

10.8. Non-Refundability

All Subscription fees, usage-based fees, transaction fees, and one-time fees are non-refundable, including in cases of non-use, early cancellation, or end-customer returns, unless required by mandatory law.

10.9. Administration Fees

Sprii may charge administration fees when the User requests invoicing or payment handling that differs from Sprii’s standard processes.

No administration fee applies when:

1. invoices are delivered by email, or
2. payment is made by credit or debit card.

Administration fees apply in the following cases:

3. Invoice via EAN or paper mail: EUR 18 (excl. VAT) per invoice
4. Payment via Betalingsservice (DK): EUR 15 (excl. VAT) per payment
5. Payment via bank transfer: EUR 6 (excl. VAT) per invoice

‍

11. Renewal Terms

11.1. Initial Term and Renewal

The Subscription begins on the Subscription Start Date and continues for the Initial Term specified in the User’s Subscription Plan or Contract.

Unless the User cancels the Subscription before the applicable Subscription Cancellation Deadline, the Subscription will automatically renew for consecutive Renewal Terms of the same length as the previous term.

Each Renewal Term begins on the Subscription Renewal Date.

11.2. Cancellation Before Renewal

To prevent renewal, the User must submit written cancellation before the relevant Subscription Cancellation Deadline.

• For subscriptions entered into on or after 1 January 2025, the Cancellation Deadline is 30 calendar days prior to the Subscription Renewal Date, unless otherwise agreed in writing.
• For subscriptions entered into before 1 January 2025, the Cancellation Deadline is five (5) working days prior to the Subscription Renewal Date, unless otherwise agreed in writing. For most Legacy Subscriptions, the Subscription Renewal Date is the first (1st) day of each calendar month.

Cancellations submitted after the Cancellation Deadline take effect at the end of the next Renewal Term.

11.3. Proof of Concept (POC) Period

If a POC Term has been agreed, the subscription will automatically begin unless cancelled in writing on or before the POC Cancellation Deadline.

The POC Cancelation Deadline is 30 calendar days prior to POC End Date.

After the POC Period, standard renewal and cancellation rules apply.

11.4. Renewal Pricing

Fees for renewed Subscription Terms will be based on:

1. the User’s active Subscription Plan, and
2. Sprii’s pricing applicable at the Renewal Date,

subject to any price adjustment rules set out in these Terms.

If pricing is changed, Sprii will notify the User in accordance with the notice periods described in section 9.7 “Price Adjustments”.

11.5. No Cancellation During Active Term

Once the Subscription has entered the POC Term (if applicable), the Initial Term, or any Renewal Term, the User may not terminate early except as permitted under the “Termination” section.

The User remains responsible for all fees for the entire committed term.

11.6. Changes to Subscription Plan

Upgrades to a higher-tier Subscription Plan may take effect immediately or on the next Renewal Date, as agreed with Sprii.

Downgrades only take effect on the next Renewal Date, provided notice is given before the Subscription Cancellation Deadline.

12. Termination

12.1. Termination for Convenience

The User may terminate the Subscription only by submitting written cancellation before the applicable POC Cancellation Deadline or Subscription Cancellation Deadline, as described in Section 12 “Renewal Terms”.

Cancellations submitted after the relevant deadline take effect at the end of the next Renewal Term.

The User cannot terminate the Subscription early during an active POC Term, Initial Term, or Renewal Term.

12.2. Termination for Breach

Either party may terminate the Contract with immediate effect if the other party commits a material breach of these Terms and fails to remedy the breach within 30 days of receiving written notice specifying the breach.

Examples of material breach include, but are not limited to:

1. failure to pay fees when due,
2. unauthorised use of the Service,
3. violation of applicable laws when using the Service,
4. repeated or serious violation of the DPA.

Sprii may suspend the User’s access to the Service during the notice period if the breach concerns non-payment, misuse, security risk, or unlawful activity.

12.3. Termination for Insolvency

Either party may terminate the Contract with immediate effect if the other party becomes insolvent, enters bankruptcy, liquidation, debt restructuring, or is otherwise unable to meet its financial obligations.

12.4. Effect of Termination

Upon termination:

1. all outstanding fees become immediately due and payable,
2. the User remains liable for all fees due for the full contractual term (unless termination is due to Sprii’s material breach),
3. access to the Service will be disabled, and
4. Sprii will delete or return Customer Data in accordance with the DPA.

No fees are refundable upon termination unless required by mandatory law or explicitly agreed.

12.5. Continuing Obligations

Sections relating to confidentiality, intellectual property, liability, data protection, and any other provisions which by their nature should survive termination, shall remain in force.

13. User Responsibilities

13.1. Compliance with Laws and Policies

The User must use the Service in compliance with:

1. all applicable laws and regulations,
2. third-party platform rules (including Meta, Instagram, Facebook, TikTok, YouTube, and any other integrated platforms),
3. these Terms, and
4. the DPA.

Sprii is not responsible for any consequences arising from the User’s breach of applicable laws or third-party platform policies.

13.2. Account Security

The User is responsible for:

1. maintaining the confidentiality of login credentials,
2. restricting access to authorised personnel only,
3. ensuring that only authorised Users access the Sprii Platform, and
4. immediately notifying Sprii of any suspected unauthorised access or security incident.

Sprii is not liable for any loss or damage arising from unauthorised access caused by the User’s actions or omissions.

13.3. Accuracy of Information

The User is responsible for ensuring that all information they provide to Sprii, including product data, pricing, campaign settings, legal terms, and contact information, is accurate, complete, and up to date.

Sprii has no responsibility for errors, mispricing, or incorrect content resulting from inaccurate or incomplete information supplied by the User.

13.4. Content Responsibility

The User is solely responsible for:

1. all content published, streamed, or communicated through the Service,
2. including text, audio, video, images, campaign content, offers, competitions, and interactions with end customers.

The User must ensure that such content:

3. is lawful,
4. does not infringe third-party rights (including copyright and trademarks),
5. complies with consumer protection rules,
6. includes legally required information, and
7. adheres to platform terms and advertising guidelines.

Sprii is not responsible for reviewing or approving User content.

13.5. Proper Use of the Service

The User may not:

1. use the Service in a manner that may harm or impair Sprii’s systems,
2. misuse data, APIs, or integrations,
3. attempt to bypass usage limits or fees,
4. run automated scripts, scrapers, crawlers, or bots without written permission,
5. interfere with the security, functionality, or stability of the Service, or
6. use the Service to send spam, unsolicited messages, or unlawful communications.

Sprii may suspend access to the Service if misuse is detected.

13.6. Cooperation and Configuration

The User must cooperate with Sprii as reasonably required to deliver the Service, including:

1. providing access to systems where integrations are needed,
2. ensuring that relevant settings, permissions, and access tokens are correctly configured,
3. maintaining valid admin access rights for connected social media or webshop accounts,
4. ensuring stable internet connectivity for live streaming and platform use.

Sprii is not responsible for failures caused by missing permissions, misconfiguration, or third-party platform restrictions.

13.7. End-Customer Interactions

The User is solely responsible for:

1. communication with end-customers,
2. fulfilment of orders,
3. payment collection (unless Sprii Hosted Checkout is used),
4. delivery, returns, refunds, and customer service,
5. compliance with consumer protection rules,
6. any competition, giveaway, or gamification rules required by law.

Sprii does not act as a merchant of record, seller, or agent unless explicitly stated in a Contract.

13.8. Prohibited Uses

The User must not use the Service to:

1. violate privacy or data protection laws,
2. impersonate another person or entity,
3. run fraudulent activities or misleading campaigns,
4. stream or publish harmful, illegal, or offensive content,
5. engage in harassment, discrimination, or abuse,
6. distribute malware, viruses, or harmful code.

Sprii may suspend or terminate accounts engaged in prohibited activities.

14. Intellectual property

13.1. Ownership of the Service

All rights, title, and interest in and to the Sprii Platform, including:

1. software, source code, backend systems, algorithms,
2. features, functionality, user interfaces,
3. documentation, training material,
4. designs, graphics, trademarks, and branding,
5. APIs, integrations, data models, and databases,
6. updates, enhancements, modifications, and derivative works,
7. any tools, modules, or components created by Sprii,

are and remain the exclusive property of Sprii or its licensors.

No intellectual property rights are transferred to the User under these Terms.

14.1. Licence to Use the Service

Sprii grants the User a limited, non-exclusive, non-transferable, non-sublicensable licence to access and use the Service for the duration of the Subscription and solely for the User’s internal business purposes.

The User may not:

1. copy, modify, reverse engineer, decompile, or attempt to extract source code,
2. create derivative works from the Service,
3. circumvent technical protections, usage limits, or billing structures,
4. resell, lease, sublicense, or provide the Service to third parties,
5. use the Service to build a competing product.

Any unauthorised use automatically terminates the licence.

14.2. User Content

The User retains all rights to materials they upload or provide to the Service (“User Content”), including product data, images, videos, campaign material, trademarks, and other assets.

The User grants Sprii a non-exclusive, royalty-free licence to:

1. store, process, display, transmit, and use User Content
2. as needed to operate the Service, perform integrations, and deliver support.

Sprii does not claim ownership of User Content.

14.2.1. Licence for Service Delivery

The User grants Sprii a limited, non-exclusive, royalty-free, worldwide licence to use the User’s trademarks, logos, trade names, and User Content solely for the following purposes:

1. providing, operating, and improving the Service, including displaying campaigns, processing transactions, generating product feeds, and enabling all related functionalities;
2. performing support, maintenance, testing, analytics, and integrations required to deliver the Service;
3. generating anonymised and aggregated usage statistics for Sprii’s internal business purposes, provided that such data cannot be used to identify the User.

This licence is strictly limited to what is necessary to operate the Service and does not permit Sprii to use the User’s branding for public marketing or advertising without separate written permission.

14.3. Feedback and Suggestions

If the User provides feedback, ideas, or suggestions relating to the Service (“Feedback”), Sprii may freely:

1. use, modify, implement, and incorporate the Feedback,
2. without restriction, attribution, or compensation to the User.

The User waives any claim to rights in improvements resulting from such Feedback.

14.4. Third-Party Access

Sprii may permit its sub processors, hosting providers, technical partners, and other service providers to access and use the User’s intellectual property solely as necessary for Sprii to operate, maintain, support, and improve the Platform on Sprii’s behalf.

Sprii will ensure that such third parties are bound by confidentiality and contractual obligations consistent with Sprii’s own obligations under these Terms.

Sprii will not otherwise sell, share, sublicense, disclose, or make the User’s intellectual property available to any third party without the User’s prior written consent, unless required by law.

14.5. Third-Party Rights

The User is responsible for ensuring they have all necessary rights, permissions, and licences for any content, data, materials, or trademarks they upload or use within the Service.

Sprii is not responsible for any infringement resulting from User Content or User-provided integrations.

14.6. Protection of Sprii’s IP

The User must not:

1. remove or obscure proprietary notices,
2. use Sprii’s trademarks or branding without prior written approval,
3. claim any rights to Sprii’s intellectual property,
4. register or attempt to register any marks or domains similar to Sprii’s.

Sprii may take legal action to enforce its intellectual property rights if necessary.

14.7. Survival

The intellectual property provisions in this section survive termination of the Subscription.

14.8. Marketing and References

The User grants Sprii a non-exclusive, royalty-free, worldwide licence to use the User’s name, trademarks, and logos solely for the purpose of identifying the User as a customer of Sprii, including in:

1. reference lists,
2. case studies,
3. sales presentations,
4. investor materials,
5. website customer listings,
6. pitch decks,
7. and other similar corporate or promotional contexts.

Any use beyond simple customer identification, including public testimonials, quotes, co-marketing activities, or detailed case studies, requires the User’s prior written consent.

The User may withdraw the reference permission at any time by providing written notice to Sprii, after which Sprii will cease using the User’s marks in future materials (but may continue using already-printed or published materials where removal is impractical).

14.9. Restrictions on Use

Sprii will not sell, license, distribute, or otherwise commercially exploit the User’s intellectual property for any purpose other than:

1. providing and operating the Sprii Platform as described in these Terms, and
2. the limited marketing and reference use permitted under Clause “14.8 Marketing and References”.

All licences granted by the User under this Section are revocable and will automatically terminate when the User’s Subscription ends, except to the extent that continued use is:

3. required for Sprii to comply with legal obligations,
4. necessary to resolve disputes or enforce agreements, or
5. related to the retention and use of anonymised or aggregated data that cannot identify the User.

Sprii will not use or retain the User’s trademarks, logos, or non-anonymised content for any commercial purpose after termination.

15. Sprii Rights 

15.1. Right to Update and Improve the Service

Sprii may update, modify, enhance, or otherwise change the Service at any time, including adding, removing, or altering features, interfaces, integrations, technical components, or performance elements.

Sprii will ensure that such changes do not materially reduce the core functionality of the Service.

Where a change materially affects the User’s use of the Service, Sprii will provide reasonable advance notice.

15.2. Right to Suspend Access

Sprii may temporarily suspend or restrict access to the Service, in whole or in part, without liability, if:

1. the User breaches these Terms, the DPA, or any applicable law;
2. unauthorised access, security issues, or suspected fraud is detected;
3. the User’s actions threaten system stability or other customers’ use of the Service;
4. required by a third-party platform (e.g., Meta, Instagram, TikTok), hosting provider, or regulatory body;
5. invoices remain unpaid after the due date, in accordance with Section 11.

Sprii will restore access once the underlying issue is resolved.

15.3. Right to Remove or Disable Content

Sprii may remove, disable, or restrict access to User Content if:

1. it violates these Terms, applicable law, or third-party platform rules;
2. it infringes intellectual property or privacy rights;
3. it disrupts the operation of the Service or other users’ experience;
4. Sprii receives a legally valid takedown request.

Sprii is not obligated to review or monitor User Content but may act where necessary.

15.4. Right to Manage System Integrity

Sprii may take any measures reasonably necessary to:

1. maintain security and system integrity,
2. prevent abuse, fraud, or unauthorised access,
3. protect other users and the Service,
4. ensure compliance with third-party technical requirements,
5. maintain platform stability and performance.

This includes throttling excessive usage, rate-limiting requests, or blocking harmful activity.

15.5. Right to Introduce New Features or Paid Add-Ons

Sprii may introduce new features, modules, or services that:

1. are included as part of the existing Subscription, or
2. require a separate fee or upgrade, provided the User is informed in advance.

The User has no obligation to purchase optional add-ons.

15.6. Right to Discontinue Legacy Features

To ensure platform stability, Sprii may discontinue outdated or legacy features, provided that:

1. such discontinuation does not materially impair the core service, and
2. reasonable notice is given when feasible.

15.7. Right to Use Anonymised Data

Sprii may collect and use anonymised or aggregated data derived from the User’s use of the Service for:

1. Platform performance analysis,
2. service improvement,
3. analytics,
4. troubleshooting,
5. benchmarking, and
6. product development.

This data will not identify the User or their end customers.

15.8. Reservation of Rights

Except for the limited rights expressly granted to the User under these Terms, Sprii reserves all rights, title, and interest in and to the Service and all related intellectual property.

16. Your Right to Terminate in Case of Material Adverse Change

16.1. Right to Terminate for Material Adverse Change

Sprii may update, modify, enhance, or discontinue parts of the Service, including features, integrations, or technical components.

However, if Sprii makes a change that results in a Material Adverse Change, the User has the right to terminate the Subscription without penalty.

A Material Adverse Change means a modification that:

1. materially reduces the core functionality of the Service, or
2. significantly limits the User’s ability to use the Service for its intended purpose, or
3. materially reduces the overall value of the Service to the User.

16.2. How to Exercise the Right

To exercise this right, the User must notify Sprii in writing within 30 days of receiving notice of the Material Adverse Change.

Upon valid termination under this clause, Sprii will refund the User on a pro rata basis for any prepaid Service fees covering the period after termination takes effect.

16.3. Changes That Are Not Material Adverse Changes

The following changes do not constitute a Material Adverse Change:

1. modifications to beta, experimental, or test features the User has chosen to access,
2. updates or changes required to comply with third-party platform rules (e.g., Meta, Instagram, TikTok) or legal requirements,
3. minor functional adjustments or interface changes that do not materially affect use of the core Service,
4. removal of legacy or deprecated functionality where Sprii provides reasonable notice.

156.4. Notice Requirement

Sprii will provide at least 30 days’ advance written notice of any Material Adverse Change, unless urgent legal, regulatory, or operational reasons prevent this.

Notice will be provided via:

1. the User’s registered email address, or
2. notification inside the Sprii Platform.

17. Mutual Indemnification

17.1 Indemnification by Each Party

Each party (the “Indemnifying Party”) shall indemnify, defend, and hold harmless the other party (the “Indemnified Party”), including its affiliates, officers, directors, employees, agents, and licensors, from and against any third-party claims, liabilities, damages, losses, costs, or expenses (including reasonable attorneys’ fees) to the extent arising from:

1. a breach by the Indemnifying Party of these Terms or applicable law;
2. negligence or wilful misconduct of the Indemnifying Party;
3. infringement of intellectual property rights caused by the Indemnifying Party’s content, data, materials, or actions.

17.2. Exclusions from Indemnity

The Indemnifying Party shall have no obligation to indemnify the Indemnified Party for any claim to the extent such claim arises from:

1. the Indemnified Party’s own breach of these Terms,
2. modifications to the Service not made or authorised by Sprii,
3. combination of the Service with third-party products or services not provided or approved by Sprii,
4. use of the Service in violation of the Terms, the DPA, or applicable law.
5. The indemnity also does not apply to:
6. indirect, incidental, special, punitive, or consequential damages,
7. loss of profits, revenue, goodwill, or business opportunities,
8. force majeure events or circumstances beyond reasonable control.

17.3. Indemnification Procedure

To receive indemnification, the Indemnified Party must:

1. promptly notify the Indemnifying Party of the claim,
2. provide reasonable cooperation in the defence,
3. allow the Indemnifying Party to control the defence and settlement of the claim,
4. not settle any claim without the Indemnifying Party’s written consent (not to be unreasonably withheld).

The Indemnifying Party may not settle a claim in a manner that imposes liability or obligations on the Indemnified Party without its prior written approval.

17.4. Liability Cap for Indemnification

Except where prohibited by law, the Indemnifying Party’s total aggregate liability under this Section shall not exceed the greater of:

1. the total Subscription Fees and Transaction Fees paid by the Indemnified Party to the Indemnifying Party during the twelve (12) months preceding the event giving rise to the claim; or
2. EUR 20000.

17.5. Exceptions to Liability Cap

The liability cap in Section 18.4 does not apply to:

1. liability arising from wilful misconduct or gross negligence,
2. breach of confidentiality obligations,
3. infringement of intellectual property rights caused by the Indemnifying Party.

18. Warranty Disclaimer and Service Levels

18.1. Service Provided “As Is”

The Service is provided “as is” and “as available”, without warranties of any kind, whether express, implied, statutory, or otherwise.

Sprii expressly disclaims all implied warranties, including:

1. merchantability,
2. fitness for a particular purpose,
3. non-infringement,
4. accuracy,
5. reliability,
6. availability.

Sprii does not warrant that:

7. the Service will be uninterrupted, error-free, or secure;
8. defects will be corrected;
9. the Service will be free of viruses or harmful components;
10. the Service will meet the User’s expectations or performance requirements.

Use of the Service is at the User’s own risk.

18.2. Supported Browsers

The Sprii Platform is designed for modern browsers, including:

1. Google Chrome
2. Safari
3. Microsoft Edge
4. Mozilla Firefox

Sprii uses commercially reasonable efforts to support the current release and at least one prior major version of these browsers.

Sprii does not guarantee correct functionality on:

1. outdated versions,
2. unsupported browsers,
3. modified or non-standard browser environments.

The User is responsible for keeping their browser reasonably up to date.

18.3. Service Availability Targets (Non-Binding)

Sprii aims to provide a high level of availability and performance.

Sprii’s non-binding, commercially reasonable target is 99.5% uptime per calendar month, excluding:

1. planned maintenance,
2. emergency maintenance,
3. force majeure events,
4. outages caused by third-party platforms or providers,
5. downtime related to the User’s systems, devices, or connectivity.

These availability levels are targets only, not guarantees.

18.4. Maintenance Windows

Planned maintenance may occur from time to time. Sprii will use reasonable efforts to schedule maintenance outside peak hours (00:00–06:00 CET) and provide 5 day advance notice when practicable.

Emergency maintenance may be carried out without notice if required to maintain service integrity or security.

18.5. Support Requests

Users may submit support requests via the support channels described on Sprii’s website or within the Platform.

Sprii will use commercially reasonable efforts to review and respond to support requests but does not guarantee response or resolution times unless explicitly agreed in writing.

18.6. SLA Exclusions

The service levels and availability targets in this section do not apply to issues caused by:

1. third-party services, systems, APIs, or platforms outside Sprii’s control,
2. the User’s internet connection, hardware, or software,
3. unauthorized modifications or misuse of the Service,
4. beta features, trial features, or test environments,
5. events described in the Force Majeure section.

18.7. No Service Credits or Remedies

This section describes targets, not a guaranteed Service Level Agreement (SLA).

No credits, refunds, damages, or other remedies are due for failure to meet the availability or support targets described here.

19. Limitation of Liability

19.1. No Liability for Third-Party Services

The Service may integrate with third-party platforms, systems, and services, including social media platforms (e.g., Meta, Instagram, Facebook, TikTok), webshops, payment providers, shipping providers, and other external tools.

Sprii does not control these third-party services and is not responsible for:

1. their availability, performance, or functionality;
2. changes to APIs or platform rules;
3. third-party data processing practices;
4. downtime, interruptions, or errors caused by such services.

The User’s use of third-party services is governed by those providers’ own terms.

19.2.Availability, Security, and Integrations

Sprii uses commercially reasonable measures to maintain service availability and security, but does not guarantee uninterrupted operation or absolute security.

Sprii is not liable for:

1. service interruptions, delays, or data loss;
2. unauthorized access, breaches, or security incidents;
3. issues caused by the User’s systems, configuration, or connectivity.

For integrations:

4. Sprii-controlled integrations: Sprii is responsible for ensuring compatibility with the Service.
5. External third-party integrations: Sprii is not responsible for changes, failures, or limitations caused by external systems or providers.

Data security obligations are further described in the DPA, which prevails for Personal Data.

19.3. Exclusion of Indirect and Consequential Damages

To the fullest extent permitted by law, Sprii shall not be liable for any indirect, incidental, punitive, special, or consequential damages, including but not limited to:

1. loss of profits,
2. loss of revenue,
3. loss of business opportunities,
4. loss of data,
5. business interruption,
6. reputational harm,

whether based on contract, tort, or any other legal theory, even if Sprii has been advised of the possibility of such damages.

19.4. Limitation of Direct Liability

Except where liability cannot be limited under applicable law, Sprii’s total aggregate liability arising out of or relating to these Terms shall not exceed the greater of:

1. the total Subscription Fees and Transaction Fees paid by the User in the twelve (12) months preceding the event giving rise to the claim; or
2. EUR 20,000.

This limitation applies to all claims, whether in contract, tort, indemnity, negligence, strict liability, or otherwise.

19.5. Exceptions to the Liability Cap

The liability cap in Section 18.4 does not apply to:

1. wilful misconduct or gross negligence,
2. liability that cannot legally be limited,
3. the parties’ obligations under Section 18 (Mutual Indemnification),
4. breach of confidentiality.

20. Miscellaneous

20.1. Force Majeure

Neither party shall be liable for any failure or delay in performing its obligations under these Terms to the extent caused by circumstances beyond its reasonable control, including but not limited to acts of God, natural disasters, epidemics, war, terrorism, governmental actions, labour disputes, power outages, failures of internet or telecommunications networks, or interruptions of hosting or cloud service providers.

20.2. Assignment

The User may not assign or transfer any rights or obligations under these Terms without Sprii’s prior written consent, and any attempted assignment without such consent is void.

Sprii may assign or transfer its rights and obligations under these Terms, in whole or in part, to an affiliate or a third party, provided that the User is notified.

20.3. Independent Contractors

Sprii and the User are independent contractors. Nothing in these Terms shall be construed to create a partnership, joint venture, employment, or agency relationship between the parties.

20.4. Successors and Assigns

These Terms shall be binding upon and inure to the benefit of the parties and their respective permitted successors and assigns.

21. Complaints

If the User wishes to submit a complaint regarding the Service, billing, or any other matter under these Terms, the User may do so by contacting Sprii at support@sprii.io. Sprii will review the complaint and respond within a reasonable time.

22. Severability

If any provision of these Terms is held to be invalid, illegal, or unenforceable, that provision shall be enforced to the maximum extent permitted by law, and the remaining provisions shall remain in full force and effect.

Where necessary, the invalid or unenforceable provision shall be deemed modified so as to best reflect the original intent of the parties while remaining enforceable.

23. Changes to These Terms

Sprii may update or amend these Terms from time to time to reflect changes in the Service, legal requirements, or business practices. Updated Terms will be published on our website and, where the changes are material, Sprii will provide at least 30 days’ prior notice by email or within the Sprii Platform.

Continued use of the Service after the updated Terms take effect constitutes acceptance of the revised Terms.

If you do not agree to the updated Terms, you must stop using the Service before the changes become effective.

If an update constitutes a Material Adverse Change, you may exercise your right to terminate the Subscription without penalty in accordance with the section 18 “Your Right to Terminate in Case of Material Adverse Change” 

24. Governing Law and Jurisdiction

These Terms shall be governed by and interpreted in accordance with the laws of Denmark, without regard to its conflict-of-law principles.

Any dispute arising out of or in connection with these Terms, the Service, or the parties’ relationship shall be submitted to the exclusive jurisdiction of the courts of Denmark.

If required by mandatory consumer protection rules (where applicable), the User may have the right to bring claims in their local jurisdiction.

25. Notices

All notices under these Terms must be provided in writing.

25.1. Notices from Sprii to the User

Sprii may deliver notices to the User by:

1. email to the primary email address registered in the User’s Sprii account, or
2. in-product notifications or alerts inside the Sprii Platform.

Notices sent by email shall be deemed received when transmitted, unless Sprii receives a delivery failure notification.

25.2. Notices from the User to Sprii

The User must send all notices regarding these Terms, including termination notices, disputes, or legal communications, to:

support@sprii.io

Notices are deemed received when acknowledged by Sprii or, if no acknowledgement is provided, within two (2) business days of transmissio

Annex 1 - Billing Rules and Fee Calculation

This Annex forms an integral part of the Sprii General Terms and Conditions. It describes how fees are calculated for transaction-based and usage-based pricing models.

1. Revenue Calculation for Transaction Fees

1.1. General Rule -  Revenue Includes VAT

For the purposes of calculating transaction fees, Revenue is always based on the full price paid or reserved by the end customer, including VAT and any applicable taxes, unless explicitly stated otherwise by Contract.

1.2. Sprii Hosted Checkout with Payment Integration

Revenue equals the actual paid amount received from the customer.

1.3. Sprii Checkout Without Payment Integration

If Sprii checkout is used without a payment integration, Revenue is based on the value of the basket (including VAT) at the point where the customer reaches the final payment window, meaning the customer has:

1. viewed the basket,
2. entered personal details,
3. accepted the terms of trade.

1.4. Webshop Integration Using Webshop Checkout

Transaction fees are based on the actual paid amount including VAT, but never more than the amount originally reserved through Sprii.

If additional products are added during webshop checkout, no fee is charged on the additional amount beyond the original reservation.

If products are removed and replaced with other products during checkout, Sprii may apply transaction fees to the new products, as the sale was initiated via Sprii. However, the total transaction fee will never be calculated on an amount exceeding the value originally reserved through Sprii.

1.5. Webshop Integrations Without Payment Confirmation Support

If a webshop integration does not support confirming the final paid amount to Sprii, Revenue will be estimated.

Revenue is estimated by reducing total reserved basket value (including VAT) by 25% for all consumers who:

1. received a checkout link, and
2. clicked the link.

Transaction fees are calculated based on this estimated Revenue.

1.6. Returns

Transaction fees are non-refundable, including cases where:

1. the end customer cancels,
2. fails to pay, or
3. returns goods.

Transaction fees apply to the initial sale event only.

1.7. Shipping

Shipping costs may be included in the Revenue basis for transaction fee calculation in the following cases:

1. Sprii Hosted Checkout is used, or
2. the webshop integration does not transmit product-level completion data, resulting in checkout values lower than the Sprii reservation.

2. Lead Fees

Lead fees apply when the Subscription Plan includes lead-based pricing. A lead is generated when an End Consumer submits a comment or interaction that triggers a product reservation or request, and Sprii responds through an automated or manual message flow. Lead fees are calculated per unique consumer who triggers such a reservation request and receives one or more messages, notifications, or links from the Sprii Platform. The applicable unit prices for lead fees are stated in the User’s Subscription overview within the Platform or in the Contract, as applicable.

3. Mixed Campaigns (Checkout + Lead Products)

The following rules apply to campaigns containing both checkout and lead products:

1. Orders containing only checkout products will trigger a fee as described in section 1 .
2. Orders with only lead products will trigger a fee as described in section 2.
3. Mixed orders:
   
   1. If order is completed, then only checkout fees apply as described in section 1.
   2. If order is not completed, then then only lead fees apply as described I section 2

4. Gamification Transaction Fees

Gamification transaction fees apply when the Subscription Plan includes gamification-based pricing and apply when an End Consumer participates in a gamification event offered through the Sprii Platform.

Fees are charged per participating consumer per gamification event.

The applicable prices are shown in the User’s Subscription overview or in the Contract, as applicable.

5. Usage-Based Fees

Usage fees apply where the Subscription Plan includes limits on:

5.1. Streaming Hours

Usage is measured as the total number of recorded streaming hours used per month.

If the included hours are exceeded, overage fees apply according to the User’s Subscription Plan or Contract.

5.2. Viewing Hours (Onsite Video Player)

“Viewing Hours” means the total consumption of video content delivered through the Sprii Onsite video player and is calculated as:

number of viewers × total viewing time

If the User exceeds the Viewing Hour limits included in their Subscription Plan, Sprii may apply overage fees at the rates specified in the Subscription Plan or Contract.

‍

Annex 2 - Data Processing Agreement 

A efectos del artículo 28, apartado 3, del Reglamento 2016/679 (el RGPD) 

‍

entre

‍

User of Sprii Aps Services

(the Data Controller)

‍

y

‍

Sprii ApS

Tax ID: DK42084476

Sommervej 31E, 8210 Aarhus V

Dinamarca

(the Data Processor)

‍

cada una "parte"; conjuntamente "las partes".

‍

HAVE AGREED on the following Contractual Clauses (the Clauses) in order to meet the requirements of the GDPR and to ensure the protection of the rights of the Data Subject.

1. Content

2. Preámbulo

3. Derechos y obligaciones del responsable del tratamiento

4. El procesador de datos actúa según instrucciones

5. Confidencialidad

6. Seguridad del tratamiento

7. Utilización de subencargados del tratamiento

8. Transferencia de datos a terceros países u organizaciones internacionales

9. Asistencia al responsable del tratamiento

10. Notificación de violación de datos personales

11. Borrado y devolución de datos

12. Auditoría e inspección

13. El acuerdo de las partes sobre otros términos

14. Inicio y terminación

15. Contactos/puntos de contacto del responsable y del encargado del tratamiento 1

Apéndice A Información sobre el tratamiento

Apéndice B Subtransformadores autorizados

Apéndice C Instrucciones relativas a la utilización de datos personales

Apéndice D Apéndice del Reino Unido  

2. Preámbulo

1. Las presentes Cláusulas Contractuales (las Cláusulas) establecen los derechos y obligaciones del responsable del tratamiento y del encargado del tratamiento, cuando tratan datos personales por cuenta del responsable del tratamiento.

2. Las Cláusulas han sido diseñadas para garantizar el cumplimiento por las partes del artículo 28, apartado 3, del Reglamento 2016/679 del Parlamento Europeo y del Consejo, de 27 de abril de 2016, relativo a la protección de las personas físicas en lo que respecta al tratamiento de datos personales y a la libre circulación de estos datos y por el que se deroga la Directiva 95/46/CE (Reglamento general de protección de datos).

3. En el contexto de la prestación de Sprii, el encargado del tratamiento tratará los datos personales por cuenta del responsable del tratamiento de conformidad con las Cláusulas.

4. The Clauses shall take priority over any similar provisions contained in other Agreements between the parties.

5. Cuatro apéndices se adjuntan a las Cláusulas y forman parte integrante de las mismas.

6. El Apéndice A contiene detalles sobre el tratamiento de datos personales, incluida la finalidad y la naturaleza del tratamiento, el tipo de datos personales, las categorías de interesados y la duración del tratamiento.

7. El apéndice B contiene las condiciones del responsable del tratamiento para el uso de subencargados del tratamiento y una lista de los subencargados del tratamiento autorizados por el responsable del tratamiento.

8. El apéndice C contiene las instrucciones del responsable del tratamiento en relación con el tratamiento de datos personales, las medidas de seguridad mínimas que debe aplicar el encargado del tratamiento y la forma en que deben realizarse las auditorías del encargado y de los subencargados del tratamiento.

9. Ambas partes conservarán por escrito, incluso electrónicamente, las Cláusulas junto con los apéndices.

10. Las Cláusulas no eximirán al encargado del tratamiento de las obligaciones a las que esté sujeto en virtud del Reglamento General de Protección de Datos (el RGPD) u otra legislación.

3. Derechos y obligaciones del responsable del tratamiento

1. El responsable del tratamiento es responsable de garantizar que el tratamiento de los datos personales se realice de conformidad con el RGPD (véase el artículo 24 del RGPD), las disposiciones aplicables de la UE o de los Estados miembros en materia de protección de datos y las Cláusulas.

2. El responsable del tratamiento tiene el derecho y la obligación de tomar decisiones sobre los fines y medios del tratamiento de datos personales.

3. El responsable del tratamiento será responsable, entre otras cosas, de garantizar que el tratamiento de datos personales que se encargue al encargado del tratamiento tenga una base jurídica. 

4. El procesador de datos actúa según instrucciones

1. El encargado del tratamiento tratará los datos personales únicamente siguiendo instrucciones documentadas del responsable del tratamiento, a menos que así lo exija el Derecho de la Unión o de los Estados miembros al que esté sujeto el encargado. Dichas instrucciones se especificarán en los apéndices A y C. El responsable del tratamiento también podrá dar instrucciones ulteriores mientras dure el tratamiento de los datos personales, pero dichas instrucciones se documentarán y conservarán siempre por escrito, incluso electrónicamente, en relación con las Cláusulas. 

2. El encargado del tratamiento informará inmediatamente al responsable del tratamiento si las instrucciones dadas por el responsable del tratamiento, en opinión del encargado del tratamiento, contravienen el RGPD o las disposiciones aplicables de la UE o de los Estados miembros en materia de protección de datos.

5. Confidencialidad

1. El encargado del tratamiento sólo concederá acceso a los datos personales tratados por cuenta del responsable del tratamiento a las personas bajo su autoridad que se hayan comprometido a mantener la confidencialidad o estén sujetas a una obligación legal adecuada de confidencialidad, y únicamente en la medida en que sea necesario. La lista de personas a las que se ha concedido acceso se revisará periódicamente. Sobre la base de esta revisión, dicho acceso a los datos personales podrá retirarse, si ya no es necesario, y, en consecuencia, dichas personas dejarán de tener acceso a los datos personales.

2. El encargado del tratamiento demostrará, a petición del responsable del tratamiento, que las personas afectadas bajo su autoridad están sujetas a la confidencialidad antes mencionada.

6. Seguridad del tratamiento 

1. El artículo 32 del RGPD establece que, teniendo en cuenta el estado de la técnica, los costes de aplicación y la naturaleza, el alcance, el contexto y los fines del tratamiento, así como el riesgo de probabilidad y gravedad variables para los derechos y libertades de las personas físicas, el responsable y el encargado del tratamiento aplicarán las medidas técnicas y organizativas apropiadas para garantizar un nivel de seguridad adecuado al riesgo.

El responsable del tratamiento evaluará los riesgos para los derechos y libertades de las personas físicas inherentes al tratamiento y aplicará medidas para mitigar dichos riesgos. En función de su pertinencia, las medidas podrán incluir lo siguiente:

a. Pseudonimización y cifrado de datos personales;

b. la capacidad de garantizar la confidencialidad, integridad, disponibilidad y resistencia permanentes de los sistemas y servicios de procesamiento;

c. la capacidad de restablecer oportunamente la disponibilidad y el acceso a los datos personales en caso de incidente físico o técnico;

d. un proceso para comprobar, evaluar y valorar periódicamente la eficacia de las medidas técnicas y organizativas para garantizar la seguridad del tratamiento.

2. De conformidad con el artículo 32 del RGPD, el encargado del tratamiento evaluará también -independientemente del responsable del tratamiento- los riesgos para los derechos y libertades de las personas físicas inherentes al tratamiento y aplicará medidas para mitigar dichos riesgos. A tal efecto, el responsable del tratamiento facilitará al encargado del tratamiento toda la información necesaria para identificar y evaluar dichos riesgos.

3. Además, el procesador de datos ayudará al responsable del tratamiento a garantizar el cumplimiento de las obligaciones del responsable del tratamiento de datos de conformidad con el artículo 32 del GDPR, entre otras cosas, proporcionando al responsable del tratamiento de datos información sobre las medidas técnicas y organizativas ya implementadas por el responsable del tratamiento de datos de conformidad con el artículo 32 del GDPR, junto con toda la demás información necesaria para que el responsable del tratamiento de datos cumpla con la obligación del responsable del tratamiento de datos en virtud del artículo 32 del GDPR.

Si posteriormente -en la evaluación del responsable del tratamiento- la mitigación de los riesgos identificados requiere que el responsable del tratamiento aplique medidas adicionales a las ya aplicadas por el responsable del tratamiento de conformidad con el artículo 32 del RGPD, el responsable del tratamiento especificará estas medidas adicionales que deben aplicarse en el apéndice C.

7. Utilización de subencargados del tratamiento

1. El encargado del tratamiento de datos deberá cumplir los requisitos especificados en el artículo 28, apartados 2 y 4, del RGPD para poder contratar a otro encargado (un subencargado del tratamiento).

2. Por consiguiente, el encargado del tratamiento no contratará a otro encargado (subencargado del tratamiento) para el cumplimiento de las cláusulas sin la autorización general previa por escrito del responsable del tratamiento.

3. El encargado del tratamiento cuenta con la autorización general del responsable del tratamiento para la contratación de subencargados del tratamiento. El encargado del tratamiento informará por escrito al responsable del tratamiento de cualquier cambio previsto en relación con la adición o sustitución de subencargados del tratamiento con al menos 1 mes de antelación, dando así al responsable del tratamiento la oportunidad de oponerse a dichos cambios antes de la contratación del subencargado o subencargados en cuestión. En el apéndice B pueden establecerse plazos de preaviso más largos para determinados servicios de subtratamiento. La lista de subencargados del tratamiento ya autorizados por el responsable del tratamiento figura en el apéndice B.

4. Cuando el encargado del tratamiento contrate a un subencargado para llevar a cabo actividades de tratamiento específicas por cuenta del responsable del tratamiento, se impondrán a dicho subencargado las mismas obligaciones de protección de datos que se establecen en las Cláusulas mediante un contrato u otro acto jurídico con arreglo al Derecho de la UE o de los Estados miembros, en particular, ofrecer garantías suficientes para aplicar las medidas técnicas y organizativas adecuadas de manera que el tratamiento cumpla los requisitos de las Cláusulas y del RGPD.

Por lo tanto, el encargado del tratamiento será responsable de exigir que el subencargado del tratamiento cumpla, como mínimo, las obligaciones a las que está sujeto en virtud de las Cláusulas y del GDPR.

5. A copy of such a Sub-processor Agreement and subsequent amendments shall – at the data controller’s request – be submitted to the data controller, thereby giving the data controller the opportunity to ensure that the same data protection obligations as set out in the Clauses are imposed on the sub-processor. Clauses on business related issues that do not affect the legal data protection content of the Sub-processor Agreement, shall not require submission to the data controller.  

6. El encargado del tratamiento acordará con el subencargado del tratamiento una cláusula de tercero beneficiario en virtud de la cual -en caso de quiebra del encargado del tratamiento- el responsable del tratamiento será un tercero beneficiario del acuerdo de subencargo y tendrá derecho a hacer cumplir el acuerdo al subencargado contratado por el encargado del tratamiento, por ejemplo, permitiendo al responsable del tratamiento ordenar al subencargado que suprima o devuelva los datos personales.

7. Si el subencargado del tratamiento no cumple sus obligaciones en materia de protección de datos, el responsable del tratamiento seguirá siendo plenamente responsable ante el responsable del tratamiento en lo que respecta al cumplimiento de las obligaciones del subencargado. Esto no afecta a los derechos de los interesados en virtud del RGPD -en particular los previstos en los artículos 79 y 82 del RGPD- frente al responsable del tratamiento y al encargado del tratamiento, incluido el subencargado del tratamiento.

8. Transferencia de datos a terceros países u organizaciones internacionales

1. Cualquier transferencia de datos personales a terceros países u organizaciones internacionales por parte del encargado del tratamiento solo se producirá sobre la base de instrucciones documentadas del responsable del tratamiento y siempre de conformidad con el capítulo V del RGPD. 

2. En caso de que las transferencias a terceros países u organizaciones internacionales, que el responsable del tratamiento no haya encargado realizar al encargado del tratamiento, sean exigidas por la legislación de la UE o de los Estados miembros a la que esté sujeto el encargado del tratamiento, éste informará al responsable del tratamiento de dicho requisito legal antes del tratamiento, a menos que dicha legislación prohíba dicha información por motivos importantes de interés público.

3. Por lo tanto, sin instrucciones documentadas del responsable del tratamiento, el encargado del tratamiento no puede en el marco de las Cláusulas:

a. transferir datos personales a un responsable o encargado del tratamiento en un tercer país o en una organización internacional

b. transferir el tratamiento de datos personales a un subencargado del tratamiento en un tercer país 

c. hacer que el encargado del tratamiento trate los datos personales en un tercer país

4. Las instrucciones del responsable del tratamiento relativas a la transferencia de datos personales a un tercer país, incluido, si procede, el instrumento de transferencia con arreglo al capítulo V del RGPD en el que se basan, se expondrán en el apéndice C.6.

5. Las Cláusulas no se confundirán con las cláusulas tipo de protección de datos en el sentido del artículo 46, apartado 2, letras c) y d) del RGPD, y las partes no podrán invocar las Cláusulas como instrumento de transferencia con arreglo al capítulo V del RGPD.

9. Asistencia al responsable del tratamiento

1. Teniendo en cuenta la naturaleza del tratamiento, el encargado del tratamiento asistirá al responsable del tratamiento mediante medidas técnicas y organizativas apropiadas, en la medida en que ello sea posible, en el cumplimiento de las obligaciones del responsable del tratamiento de responder a las solicitudes de ejercicio de los derechos del interesado establecidas en el capítulo III del RGPD.

Esto implica que el encargado del tratamiento deberá, en la medida de lo posible, asistir al responsable del tratamiento en el cumplimiento por parte de éste:

a. derecho a ser informado cuando se recojan datos personales del interesado

b. derecho a ser informado cuando no se hayan obtenido datos personales del interesado

c. derecho de acceso del interesado

d. derecho de rectificación

e. derecho de supresión ("derecho al olvido")

f. derecho a la limitación del tratamiento

g. obligación de notificación relativa a la rectificación o supresión de datos personales o a la limitación de su tratamiento

h. derecho a la portabilidad de los datos

i. derecho de oposición 

j. derecho a no ser objeto de una decisión basada únicamente en un tratamiento automatizado, incluida la elaboración de perfiles

2. Además de la obligación del encargado del tratamiento de asistir al responsable del tratamiento con arreglo a la cláusula 6.3., el encargado del tratamiento deberá además, teniendo en cuenta la naturaleza del tratamiento y la información de que disponga, asistir al responsable del tratamiento para garantizar el cumplimiento de:

a. La obligación del responsable del tratamiento de notificar sin dilación indebida y, cuando sea factible, a más tardar 72 horas después de haber tenido conocimiento de ella, la violación de los datos personales a la autoridad de control competente, salvo que sea improbable que la violación de los datos personales entrañe un riesgo para los derechos y libertades de las personas físicas;

b. la obligación del responsable del tratamiento de comunicar sin dilación indebida la violación de los datos personales al interesado, cuando sea probable que la violación de los datos personales entrañe un alto riesgo para los derechos y libertades de las personas físicas;

c. la obligación del responsable del tratamiento de llevar a cabo una evaluación del impacto de las operaciones de tratamiento previstas sobre la protección de datos personales (una evaluación de impacto sobre la protección de datos);

d. la obligación del responsable del tratamiento de consultar a la autoridad de control competente antes del tratamiento cuando una evaluación de impacto de la protección de datos indique que el tratamiento entrañaría un alto riesgo en ausencia de medidas adoptadas por el responsable del tratamiento para mitigarlo.

3. Las partes definirán en el apéndice C las medidas técnicas y organizativas apropiadas mediante las cuales el encargado del tratamiento deberá asistir al responsable del tratamiento, así como el ámbito y el alcance de la asistencia requerida. Esto se aplica a las obligaciones previstas en las cláusulas 9.1. y 9.2.

10. Notificación de violación de datos personales

1. En caso de violación de los datos personales, el encargado del tratamiento notificará sin dilación indebida al responsable del tratamiento la violación de los datos personales.

2. La notificación del encargado del tratamiento al responsable del tratamiento tendrá lugar, a ser posible, en las 24 horas siguientes a la fecha en que el encargado del tratamiento haya tenido conocimiento de la violación de los datos personales, a fin de que el responsable del tratamiento pueda cumplir con la obligación del responsable del tratamiento de notificar la violación de los datos personales a la autoridad de control competente, véase el artículo 33 del RGPD.

3. De conformidad con la cláusula 9, apartado 2, letra a), el encargado del tratamiento de datos ayudará al responsable del tratamiento a notificar la violación de los datos personales a la autoridad de control competente, lo que significa que el encargado del tratamiento de datos deberá ayudar a obtener la información que se enumera a continuación y que, de conformidad con el artículo 33, apartado 3, del RGPD, deberá figurar en la notificación del responsable del tratamiento de datos a la autoridad de control competente:  

a. La naturaleza de los datos personales, incluidas, cuando sea posible, las categorías y el número aproximado de interesados afectados y las categorías y el número aproximado de registros de datos personales afectados; 

b. las consecuencias probables de la violación de los datos personales;

c. las medidas adoptadas o que se propone adoptar el responsable del tratamiento para hacer frente a la violación de los datos personales, incluidas, en su caso, las medidas para mitigar sus posibles efectos adversos. 

4. Las partes definirán en el apéndice C todos los elementos que deberá facilitar el encargado del tratamiento cuando asista al responsable del tratamiento en la notificación de una violación de datos personales a la autoridad de control competente.

11. Borrado y devolución de datos

1. El encargado del tratamiento suprimirá, previa solicitud o en relación con la finalización del servicio, todos los datos personales tratados en nombre del responsable del tratamiento, tal como se especifica en el apéndice C.4

12. Auditoría e inspección

1. El encargado del tratamiento pondrá a disposición del responsable del tratamiento toda la información necesaria para demostrar el cumplimiento de las obligaciones establecidas en el artículo 28 y en las Cláusulas, y permitirá y contribuirá a las auditorías, incluidas las inspecciones, realizadas por el responsable del tratamiento o por otro auditor encargado por el responsable del tratamiento.

2. Los procedimientos aplicables a las auditorías del responsable del tratamiento, incluidas las inspecciones, del encargado del tratamiento y de los subencargados del tratamiento se especifican en los apéndices C.7. y C.8.    

3. El encargado del tratamiento estará obligado a facilitar a las autoridades de control que, con arreglo a la legislación aplicable, tengan acceso a las instalaciones del responsable y del encargado del tratamiento, o a los representantes que actúen en nombre de dichas autoridades de control, el acceso a las instalaciones físicas del encargado del tratamiento, previa presentación de la identificación adecuada. 

13. El acuerdo de las partes sobre otros términos 

1. Las partes podrán acordar otras cláusulas relativas a la prestación del servicio de tratamiento de datos personales en las que se especifique, por ejemplo, la responsabilidad, siempre que no contradigan directa o indirectamente las Cláusulas ni perjudiquen los derechos o libertades fundamentales del interesado y la protección que ofrece el GDPR.

14. Inicio y terminación

1. Las Cláusulas entrarán en vigor en la fecha de su firma por ambas partes.

2. Ambas partes tendrán derecho a exigir la renegociación de las Cláusulas si los cambios en la legislación o la falta de conveniencia de las Cláusulas dieran lugar a dicha renegociación. 

3. Las Cláusulas se aplicarán mientras dure la prestación de servicios de tratamiento de datos personales. Durante la duración de la prestación de servicios de tratamiento de datos personales, las Cláusulas no podrán rescindirse a menos que las partes hayan acordado otras Cláusulas que regulen la prestación de servicios de tratamiento de datos personales.

4. Si se pone fin a la prestación de servicios de tratamiento de datos personales, y los datos personales se suprimen o devuelven al responsable del tratamiento de conformidad con la cláusula 11.1. y el apéndice C.4., cualquiera de las partes podrá rescindir las cláusulas mediante notificación por escrito.

Apéndice A - Información sobre el tratamiento 

A.1. La finalidad del tratamiento de datos personales por parte del encargado del tratamiento por cuenta del responsable del tratamiento es:

Los datos se tratan con las siguientes finalidades:

a) Poder mediar en las ventas entre los usuarios de Sprii (responsable del tratamiento) y el cliente final

A.2. El tratamiento de datos personales por parte del encargado del tratamiento por cuenta del responsable del tratamiento se referirá principalmente a (la naturaleza del tratamiento):

The data processor processes personal data solely for the purpose of enabling consumer interactions initiated through channels connected to the Sprii Platform, including:

• Interactions from Meta platforms (e.g. Facebook or Instagram) where consumers comment, message, click links, or subscribe to updates.
• Interactions from the Sprii-embedded player integrated on the controller’s website, where consumers may voluntarily enter chat usernames or messages.

In all cases, processing is limited to facilitating the controller’s communication with consumers and fulfilling user-initiated requests.

The collection, handling, and revocation of consent, as well as technical data-flow descriptions, are detailed in Appendix C (Instruction pertaining to the use of personal data).

Sprii does not independently collect, enrich, or use personal data for unrelated marketing, profiling, or analytics purposes.

When Sprii Hosted Checkout is used, additional personal data such as order and contact details are processed as described in Appendix C.1.

The processing of personal data is carried out in accordance with the controller’s documented instructions, as set out in Appendix C, and subject to the security, storage, and deletion provisions specified therein.

A.3. El tratamiento incluye los siguientes tipos de datos personales:

Datos personales generales que se tratan:

• Platform Profile Name (i.e. Facebook, Instagram)

• Chat Name (Embedded player)

Si se utiliza Sprii Hosted Checkout:

• Name
• Email address
• Número de teléfono
• Address

Todos los datos personales se tratan confidencialmente.

A.4. El tratamiento incluye las siguientes categorías de interesados:

Se procesa información sobre las siguientes categorías de interesados:

a) Usuarios finales que estén interactuando en actividades asistidas por Sprii por parte del Responsable del Tratamiento. 

A.5. El tratamiento de datos personales por parte del encargado del tratamiento por cuenta del responsable del tratamiento podrá realizarse cuando comiencen las Cláusulas. El tratamiento tiene la siguiente duración:

This Agreement applies as long as Sprii ApS processes personal data for the data controller in accordance with the parties' separate agreement on system, services, payment, etc. Upon termination of the services relating to the processing of personal data, Sprii will, at the request of the data controller, anonymize all personal data that has been processed on behalf of the data controller and confirm to the data controller that the information has been anonymized, unless the EU law or the national law of the Member States prescribes storage of the personal data. 

Apéndice B - Subtransformadores autorizados

B.1. Subtransformadores autorizados

A partir de la entrada en vigor de las Cláusulas, el responsable del tratamiento autoriza la contratación de los siguientes subencargados del tratamiento:

‍

B.1.1 Google Firebase, Alphabeat Inc.

Dirección: Sede central: 1600 Amphitheatre Parkway Mountain View, CA 94043 (Sede central)

Servidores utilizados por Sprii: St. Ghislain, Bélgica.

Descripción del tratamiento:

Firebase is a mobile and web application development platform.

Sprii's software and database are hosted by Google Firebase.

The processing includes processing of purchase data, products, and comment data from platforms.

Las condiciones de seguridad y tratamiento de datos de Firebase pueden consultarse aquí:

https://firebase.google.com/terms/data-processing-terms

‍

B.1.2 Elasticsearch

Address: Headquarters: 8000 West El Camino Real, Suite 350, Mountain View, CA United States (Headquarter)

Servidores utilizados por Sprii: Frankfurt, Alemania.

Descripción del tratamiento:

Elasticsearch es un motor de búsqueda que permite realizar búsquedas eficaces en grandes cantidades de datos. Se utiliza, por ejemplo, para encontrar todos los pedidos relativos a un cliente concreto. ElasticSearch tiene servidores en Fráncfort (Alemania), que Sprii utiliza.

El tratamiento incluye la tramitación de pedidos de clientes y productos.

https://www.elastic.co/legal/product-privacy-statement

‍

El responsable del tratamiento autorizará, a partir de la entrada en vigor de las Cláusulas, el recurso a los subencargados antes mencionados para el tratamiento descrito para esa parte. El encargado del tratamiento no tendrá derecho -sin la autorización explícita por escrito del responsable del tratamiento- a contratar a un subencargado para un tratamiento "distinto" del acordado ni a encargar a otro subencargado la realización del tratamiento descrito.

B.2. Changes to use of sub-processors

The Data Processor must notify the Data Controller of any planned changes concerning the addition or replacement of subcontracted data processors and thereby give the Data Controller the opportunity to object to such changes. Such notification must reach the Data Controller at least 3 months before the application or change is to take effect. If the Data Controller objects to the changes, the Data Controller must notify the Data Processor within 1 month of receipt of the notification. The Data Controller may only object if the Data Controller has reasonable, concrete reasons for doing so.

Apéndice C - Instrucción relativa al uso de datos personales 

C.1. Objeto/instrucción del tratamiento

El tratamiento de datos personales por parte del encargado del tratamiento por cuenta del responsable del tratamiento se llevará a cabo de la siguiente manera:

Uso general:

El procesador de datos recopila el nombre de usuario de la plataforma sobre el usuario final, así como los productos que el cliente final ha solicitado/pedido/comprado.

Si se utiliza Sprii Hosted Checkout:

El procesador de datos recopila datos personales generales (nombre, dirección, correo electrónico y número de teléfono) sobre el usuario final, así como los productos que el cliente final ha solicitado/pedido/comprado.

The data processor processes data received from:

• Meta platforms (Facebook, Instagram) via official APIs, only after a user-initiated action such as a comment, click, message, or subscription.
• The Sprii-embedded video player on the controller’s website, when consumers voluntarily provide information (e.g. a username or message).

The data processor receives only limited data (e.g. platform username, message text, timestamps, campaign reference) transmitted securely via these integrations. No data are collected without a clear user action.

C.1a. Consent Handling and Revocation

Consent is obtained directly within Meta’s platforms or via mechanisms provided by the controller on its website.

• User actions (comment, click, message, subscription) constitute explicit and informed consent within Meta’s controlled environment.
• The controller is responsible for obtaining consent for interactions through the embedded player.
• Users can revoke consent at any time through Meta privacy settings, “unsubscribe” commands, or by blocking the page; Sprii automatically excludes those users from further processing once access is revoked.
• If a user requests deletion of their interaction through the controller’s channels, Sprii will anonymize or delete the corresponding data in accordance with the controller’s instructions.

C.2. Seguridad del tratamiento

Debe establecerse un nivel de seguridad razonable y adecuado.

El encargado del tratamiento está entonces facultado y obligado a tomar decisiones sobre las medidas de seguridad técnicas y organizativas que deben utilizarse para crear el nivel necesario de seguridad en torno a la información.

El tratamiento incluye datos personales, por lo que el responsable del tratamiento debe aplicar las siguientes medidas:

Medidas técnicas:

- Existe y se utiliza la protección antivirus pertinente.

- Validación de dos factores para iniciar sesión en los sistemas siempre que sea posible.

- Copia de seguridad de los sistemas que tratan datos personales

‍

Medidas organizativas:

- Todos los empleados reciben formación sobre la protección de datos personales

- Las instrucciones para los empleados se actualizan y revisan al menos una vez al año.

- Las instrucciones para los empleados se revisan siempre con los nuevos empleados en relación con el empleo

- Todos los empleados están obligados a mantener la confidencialidad durante y después del empleo

- El acceso y la conexión se basan en funciones o personas, y el personal y los sistemas no tienen acceso a más de lo necesario para desempeñar sus funciones.

Medidas físicas:

- Las instalaciones de trabajo y las oficinas están protegidas por controles de acceso adecuados para garantizar que sólo tiene acceso el personal autorizado.

- Todos los soportes físicos (papel, unidad USB, etc.) se destruyen de forma responsable si se han utilizado para almacenar datos personales.

El encargado del tratamiento tiene derecho a tomar otras decisiones sobre las medidas de seguridad técnicas y organizativas necesarias que deben aplicarse para garantizar un nivel adecuado de seguridad de los datos personales.

Sprii ApS y su tratamiento de datos personales puede llevarse a cabo en su totalidad o en parte mediante el uso de centros de trabajo a domicilio, todos los cuales cumplen los requisitos de seguridad contemplados en el presente acuerdo de tratamiento de datos.

C.3. Asistencia al responsable del tratamiento

El encargado del tratamiento deberá, en la medida de lo posible y dentro de un ámbito y alcance razonables, asistir al responsable del tratamiento de datos de conformidad con las disposiciones 9.1 y 9.2 mediante la aplicación de las medidas técnicas y organizativas enumeradas en el punto C.2.

El encargado del tratamiento, teniendo en cuenta la naturaleza del tratamiento, asistirá al responsable del tratamiento en la medida de lo posible, mediante las medidas técnicas y organizativas apropiadas mencionadas, en el cumplimiento de la obligación del responsable del tratamiento de responder a las solicitudes de ejercicio de los derechos de los interesados.

C.4. Período de almacenamiento/procedimientos de verificación 

La información personal es almacenada por el procesador de datos en los siguientes periodos de tiempo:

• Interacciones de campaña - Los datos personales se anonimizan 2 años después de la última interacción.
• Listas de suscripción - Los datos personales se anonimizan 2 años después de la fecha de baja.
• El contenido de los comentarios en general se almacena durante 30 días y se elimina a los³⁰ días.

Al finalizar los servicios relacionados con el tratamiento de datos personales, el encargado del tratamiento, a petición del responsable del tratamiento, anonimizará o suprimirá todos los datos personales que hayan sido tratados por cuenta del responsable del tratamiento y confirmará al responsable del tratamiento que la información ha sido anonimizada o suprimida, a menos que la legislación de la UE o la legislación nacional de los Estados miembros prescriba el almacenamiento de los datos personales. 

Si el responsable del tratamiento no solicita nada, los datos personales se anonimizarán al cabo de 2 años.

‍

C.5. Lugar de procesamiento

El tratamiento de los datos personales contemplados en el Reglamento no podrá efectuarse sin la autorización previa por escrito del responsable del tratamiento en lugares distintos de los que se indican a continuación:

- Sprii ApS (CVR 42084476), Søvej 46, 2791 Dragør, Dinamarca

- Sprii ApS (CVR 42084476), Sommervej 31E, 8210 Aarhus V, Dinamarca

- los lugares de trabajo de los empleados en sus domicilios, todos los cuales cumplen los requisitos de seguridad contemplados en el presente acuerdo de tratamiento de datos

La ubicación de los subprocesadores de datos puede verse en el punto B.1.

C.6. Instrucciones sobre la transferencia de datos personales a terceros países 

Si el responsable del tratamiento no da en este Reglamento o posteriormente una instrucción documentada sobre la transferencia de datos personales a un tercer país, el encargado del tratamiento no estará autorizado a realizar dichas transferencias en el marco de este Reglamento.

C.7. Procedimientos para las auditorías del responsable del tratamiento, incluidas las inspecciones, del tratamiento de datos personales que realiza el encargado del tratamiento.

El encargado del tratamiento deberá obtener, a petición del responsable del tratamiento y a expensas de éste, una declaración de auditoría o un informe de inspección de un tercero independiente sobre el cumplimiento por parte del encargado del tratamiento del Reglamento de protección de datos, de las normas de protección de datos de otra legislación de la UE o de la legislación nacional de los Estados miembros y del presente Reglamento.

El informe de auditoría/inspección se remitirá sin demora indebida al responsable del tratamiento para su información. El responsable del tratamiento puede impugnar el marco y/o el método de la declaración de auditoría/informe de inspección y, en tal caso, puede solicitar una nueva declaración de auditoría/informe de inspección con un marco diferente y/o utilizando un método diferente.

Basándose en los resultados, el responsable del tratamiento tiene derecho a solicitar la aplicación de medidas adicionales para garantizar el cumplimiento del Reglamento de protección de datos, de las disposiciones de protección de datos de otras leyes de la UE o de la legislación nacional de los Estados miembros y del presente Reglamento.

El responsable del tratamiento o un representante del responsable del tratamiento también tiene acceso a realizar inspecciones, incluidas inspecciones físicas, de los lugares desde los que el encargado del tratamiento trata datos personales, incluidos los lugares físicos y los sistemas utilizados para el tratamiento o en relación con él. Dichas inspecciones podrán llevarse a cabo cuando el responsable del tratamiento lo considere necesario. La evaluación debe basarse en hechos y no en sensaciones. La inspección física requiere un acuerdo previo con el encargado del tratamiento y un preaviso de 4 semanas, de modo que el encargado del tratamiento esté preparado para poder dedicarle los recursos necesarios.

Los posibles gastos del responsable del tratamiento en relación con una inspección física corren a cargo del propio responsable del tratamiento. No obstante, el encargado del tratamiento está obligado a asignar los recursos (principalmente el tiempo) necesarios para que el responsable del tratamiento lleve a cabo su inspección.

El encargado del tratamiento se compromete a participar en la auditoría escrita anual del responsable del tratamiento.

Written Confirmation upon Request

Upon the Data Controller’s request, the Data Processor shall provide a written confirmation that Sprii ApS complies with its obligations under this Data Processing Agreement and the General Data Protection Regulation (GDPR).

‍

Such written confirmation may, where relevant, include an internal audit report, a compliance declaration signed by Sprii’s Data Protection Manager, or documentation describing the technical and organisational security measures implemented and maintained by the Data Processor.

‍

This written confirmation may be used by the Data Controller as part of its audit and inspection rights under Clause 12 of this Agreement, unless there are reasonable and specific grounds for conducting a more extensive audit or physical inspection.

C.8. Procedimientos de auditoría, incluidas inspecciones, del tratamiento de datos personales realizado por subencargados del tratamiento.

Como encargados del tratamiento de datos, nos ponemos al día en las políticas de seguridad de nuestros subencargados del tratamiento de datos para asegurarnos de que éstos cumplen en todo momento las medidas de seguridad necesarias. Esto significa que recogemos anualmente información sobre las medidas de seguridad organizativas y técnicas de nuestros subencargados del tratamiento. Los subencargados del tratamiento de datos se mencionan en el punto B.1.

Todos los gastos en que incurran el encargado del tratamiento y el subencargado del tratamiento en relación con una auditoría de los locales del subencargado del tratamiento correrán a cargo del responsable del tratamiento.

Apéndice D Apéndice del Reino Unido

Esta Adenda específica del Reino Unido ("Adenda del Reino Unido") es suscrita por las Partes y forma parte del Acuerdo de Procesamiento de Datos ("DPA") entre el Controlador de Datos con sede en el Reino Unido y Sprii ApS. Esta Adenda del Reino Unido garantiza el cumplimiento del Reglamento General de Protección de Datos del Reino Unido ("GDPR del Reino Unido") y la Ley de Protección de Datos de 2018 ("DPA 2018").

D.1. Scope and Application
This Addendum applies where the Data Processor processes personal data subject to the UK GDPR and DPA 2018, in addition to the EU GDPR.

‍D.2. Supervisory AuthorityFor UK-based data subjects, the relevant Supervisory Authority is the UK Information Commissioner’s Office (ICO).

‍D.3. UK Data Transfers
- Any transfer of personal data from the UK to a third country must comply with Chapter V of the UK GDPR.- If Standard Contractual Clauses (SCCs) under the EU GDPR are used, the **UK International Data Transfer Addendum** must be incorporated.- Transfers from the UK to the EU are currently deemed adequate under UK law, unless regulatory changes occur.

‍D.4. Data Breach Notification
- If a data breach involves UK data subjects, the Data Processor shall notify the Data Controller in compliance with UK GDPR.- The Data Controller must assess whether to notify the UK Information Commissioner's Office (ICO).

‍D.5. Sub-Processing in the UK- Where the Data Processor engages a sub-processor for UK-based personal data processing, the sub-processor must adhere to UK GDPR standards.- Sub-processors located outside the UK must apply the UK International Data Transfer Addendum, where required.

‍D.6. Governing Law - This UK Addendum shall be governed by and construed in accordance with the laws of **England and Wales