Bounce Insights

 

Bounce Insights

Standard Terms and Conditions for Users

Version 4

Updated: 10/06/2022

 

INTRODUCTION 

ACKNOWLEDGEMENT AND ACCEPTANCE

  • By ticking ‘I agree’ during the process to register your membership (a “Member“) and/or by participating in the Bounce Activities, you agree to be bound by these Terms. Should you not wish to accept these Terms, you must exit the Website and/or Application immediately and/or or cease participation in the Bounce Activities.


  • Bounce reserves the right from time to time, to modify or amend these Terms or any part of them. You will be informed in advance of any changes in reasonable time before they become effective and such changes will never vary your entitlement to rewards for tasks you have already completed prior to the effective date of the changes. Your continued use of the Website and/or Application or continued participation in the Bounce Activities once the changes take effect shall constitute an affirmative acknowledgement of any amendment and your continued agreement to be bound by the modified Terms.


TERMS OF PARTICIPATION

Bounce Registration Process for Bounce Members

  • To become a Member and to use the Website and/or Application and participate in the Bounce Activities, you need to register with Bounce and create a membership profile following the registration process set out below (the “Bounce Registration Process“). 


  • Prospective members must complete a Bounce Member registration form available as follows: on the Bounce Website, Application and/or Platform.


  • Prospective members must be 16 years or older to join Bounce.

Information you provide to us

  • In return for Bounce granting you access to the Website and Application and the ability to participate in any Bounce Activities, you agree to:


  • Provide true, accurate, current, and complete information about yourself as prompted by the Bounce Registration Process.


  • Maintain and promptly update your personal membership details including the Membership Profile (defined below) so as to keep it true, accurate, current and complete; and


  • Provide true, accurate, current, and complete information about yourself, and where you state an opinion, it must be genuinely held; as prompted by Bounce whilst participating in any Bounce Activities.


  • You must comply with these standards, which apply to any information you provide to us, in whole or in part. If, in Bounce’s reasonable judgement, you provide any information that is untrue, inaccurate, not current, incomplete, or inconsistent with prior answers to identical questions, or Bounce has reasonable grounds to suspect that such information is untrue, inaccurate, not current, or incomplete, Bounce has the right to suspend or terminate your current access to, use of the Website and/or Application and/or participation in the Bounce Activities. This is subject to your right to refuse to participate in any Bounce Activities at any time.


Your Membership Profile and Bounce Account

  • Once you have completed the Bounce Registration Process, Members will be provided with a profile (“Membership Profile“) and an account (“Bounce Account“) for the Website, Application, and those Bounce Activities for which rewards (as defined below) are offered.


  • Only one Membership Profile is permitted per Member and any Member found to have multiple Membership Profiles and/or Bounce Accounts may have their primary and any secondary Membership Profiles and/or any Bounce Accounts deleted. Bounce may demand proof of identity from a Member and rewards held in secondary Bounce Accounts may not be transferred and may be forfeited.


  • A unique email address must be used by each Member. 


  • Each Membership Profile and Bounce Account must only be accessed by that individual Member and may not be accessed by any other individual without the express permission and authorisation of Bounce. You agree to notify Bounce immediately if you become aware of, or suspect any unauthorised use of your login information, Membership Profile and/or Bounce Account, or any other breach of security.


  • Members may be awarded rewards at the discretion of Bounce, into their Bounce Account (“Rewards“) through the Website and/or Application for participating in certain Bounce Activities. The amount of Rewards that may be awarded for participation in Bounce Activities may vary from time to time.


  • Rewards will only be awarded to Members who follow all instructions regarding the participation to qualify for any Reward. A Member’s failure to correctly follow any such instructions or procedures may result in no Rewards being awarded.


  • Rewards awarded will be recorded in your Bounce Account, however Rewards are not available for redemption until a member has (subject to paragraph 3.3.9 below) reached the specified fulfilment level in their Bounce Account.


  • If Bounce has suspended or terminated your Bounce Account for any of the reasons outlined in these Terms any Rewards you have been awarded cannot be redeemed and may be forfeited. Bounce reserves the right to reclaim any rewards held in the Bounce Account or paid to the Member following breach of these Terms.


  • Bounce reserves the right to change the Bounce Activities, the Website and/or Application or other ways which Members may be eligible for Rewards and to vary the frequency of invitation to such activities. Bounce also reserves the right to alter the specified fulfilment level before Rewards may be redeemed.


  • Rewards have no monetary or other value until redemption. Rewards may not be transferred to other Bounce Accounts nor pooled together in any manner and the sale or barter of Rewards is strictly prohibited.


  • Bounce may, in its reasonable judgement, adjust the Rewards in a Member’s Bounce Account upwards or downwards in response to errors (which Members acknowledge may arise) or if Bounce suspects fraud.


  •  Bounce may terminate any Bounce Account that, in Bounce’s reasonable judgement, has been dormant for a period of 6 months or more and any unused Rewards will be forfeited. By ‘dormant’ we mean, where the Member has not accessed their Bounce Account within the preceding 6-month period. Bounce may contact the Member via their nominated email address if their Bounce Account is at risk of termination through inactivity, however, has no obligation to do so.


Invitations

You acknowledge that:

  • If you register as a Member, it is integral to your participation that we are able to send you emails and notifications inviting you to participate in Bounce Activities, whether through the Website, Application or in person; and


  • If you wish to stop receiving such emails and notifications, you may terminate your membership in accordance with paragraph 6.1 of these Terms.


PRIZE POLLS

  • Bounce may ask you to participate in activities which will offer you an opportunity to enter a prize draw. Such draws will be governed by the respective terms and conditions specified and displayed for each prize draw.


USER CONTENT

  • Use of the Website and Application and participation in Bounce Activities may involve you submitting responses and other content to us (“User Content“) which may be visible to other users of the Website and/or Members.


  • You acknowledge that User Content provided by you is your sole responsibility. This means that you, and not Bounce, are entirely responsible for all User Content you upload, post, link to, email or otherwise transmit via your use of the Website and Application or your participation in any of the Bounce Activities.


  • You acknowledge that User Content does not represent the opinion of Bounce and Bounce does not control, pre-screen or monitor the User Content posted on the Website and Application nor do we guarantee the accuracy, integrity or quality of such User Content. Bounce may review certain User Content to determine whether it is illegal or whether it violates these Terms (such as when unlawful content is reported to us) and we may also modify, prevent access to, delete, or refuse to display content that we believe violates the law or these Terms. Bounce assumes no liability in respect of the User Content.


  • You understand that by using the Website and Application, you may be exposed to User Content, and you agree that you must evaluate, and bear, all risks associated with the use of any User Content, including any reliance on its accuracy, completeness, or usefulness. Notwithstanding the foregoing Bounce shall have the right in their sole discretion to refuse, edit, move or remove any such User Content, whether or not that content violates these Terms.


  • With respect to all User Content you elect to transmit to us (including User Content you post on the Website or Application), you grant Bounce a royalty-free, perpetual, irrevocable, non-exclusive licence (with the right to sublicense) to use, reproduce, modify, adapt, edit, publish, translate, create derivative works from, exploit, perform and display such User Content (in whole or part) throughout the world and/or to incorporate it in other works in any form, media or technology now known or later developed, for any purposes.


  • You may only use the Website and Application for lawful purposes and not in any way that breaches any applicable local, national or international laws or regulations. In the course of using the Website, Application and/or participating in Bounce Activities you agree, without limitation, not to; 


  • Upload, post, link to, email or otherwise transmit any information that is unlawful or fraudulent, or for unlawful or fraudulent purposes, in the reasonable opinion of Bounce or the country in which you reside;


  • Upload, post, link to, email or otherwise transmit any information that is abusive, defamatory, threatening, harassing, obscene, discriminatory, likely to cause distress, intended to incite hatred or is otherwise objectionable as determined by us in our sole discretion;


  • Impersonate any person (whether living or dead) or entity;


  • Forge headers or otherwise manipulate identities in order to disguise the origin of any content transmitted through the Website, Application or provided through participation in Bounce Activities;


  • Upload, post, link to, or otherwise transmit any information that you do not have a right to transmit; 


  • Attempt to submit more than one response per survey or otherwise take part in any single and specific Bounce Activity multiple times or do any other act that may affect the validity of any result obtained by Bounce.


TERMINATING YOUR MEMBERSHIP

  1. If you no longer wish to participate in Bounce Activities, you can unsubscribe via your Account page or by emailing support@bounceinsights.com. You will cease to receive emails and notifications from Bounce, you will forfeit any Rewards you have been awarded and be unable to participate in any Bounce Activities unless and until you log in to your account and re-subscribe.

 

  • You may request that your account be deleted by emailing support@bounceinsights.com. To delete your account, we erase all data which directly identifies you. Your right to erasure of the personal data we hold about you is explained in our privacy and cookies notice. 


  • You agree that Bounce, in its sole discretion, may suspend your Membership, participation in any Bounce Activities or access to the Website and/or Application, or remove or discard any User Content, for any reason, including, without limitation, for lack of use, or if Bounce, in its reasonable judgement, believes that you have violated or acted inconsistently with the letter or spirit of these Terms.


  • Bounce shall not be liable to you or any third-party for any termination or suspension of your Bounce Account or your access to the Bounce Activities, the Website and/or Application nor for any associated loss of forfeiture of any Rewards you may have accrued.


  • Bounce may cease the Bounce Activities or remove access to any Website and/or Application at any time. In such a case and unless specified otherwise, Rewards under threshold will not be redeemable Members.


YOUR OBLIGATION TO REIMBURSE US

  • You hereby agree to fully reimburse Bounce and its directors, officers, employees and agents from and against any and all liability, damages, losses, claims (including reasonable legal fees) each of them suffers or incurs resulting in any way from (i) your use of the Website or Application, (ii) your provision of User Content, (iii) your participation in the Bounce Activities or (iv) resulting from any breach of these Terms whether such breach is carried out by you or by any other person through your Membership Profile or Bounce Account.

 

 

THIRD-PARTY WEBSITES

  • Links may be included within the Website and/or Application. By clicking on such links, you may leave the Website and/or App and be directed to a third-party site (“Linked Site(s)“). The Linked Sites are not under the control of Bounce and Bounce is not responsible and nor shall it be liable for the content of any Linked Sites, any links contained in a linked site or any changes or updates to such sites. Bounce is not responsible for webcasting, or any other form of transmission received from any Linked Site. Bounce is only providing these links to you for information and convenience, and the inclusion of any Linked Site does not imply endorsement by Bounce of the site or any association with their operators.


INTELLECTUAL PROPERTY

  • The Bounce Content, Website, Application and all pages and content therein, including, but not limited to, text, graphics, audio, video, photographs, software, inventions, surveys, logos or other materials (“Materials”) are the intellectual property of, or are authorised for use by, Bounce and its licensors, business partners and affiliates, including all trademarks, service marks, copyrights, patents, database rights and trade secrets contained therein. The compilation, organisation and display of the content as well as all software and inventions used on and in connection with the Website are the exclusive property of Bounce. Except as expressly permitted in these Terms, you may not modify, copy, reproduce, create derivative works, republish, display, upload, post, transmit, distribute or use in any way content available on the Website or Application without the prior written consent of Bounce.


THE SECURITY OF YOUR ACCOUNT

  • In order to protect you, Bounce and other users of the Bounce platform if Bounce suspects, or the Bounce platform detects, an attempt to access your Bounce Account by someone else other than you, your Bounce Account will be suspended immediately. In such circumstances, Bounce reserves the right to determine, at its sole discretion and without liability, whether to:
  • Reinstate your Bounce Account; or
  • Permanently disable your Bounce Account and terminate these Terms immediately on written notice to you.
  • You must notify Bounce immediately by email to support@bounceinsights.com if you become aware of any unauthorised access to the Bounce Content or your Bounce Account.
  • In order to ensure the integrity of the Bounce Content we reserve the right, at our sole discretion, and without liability, to:
  • Temporarily prevent access to your Bounce Account;
  • Permanently disable your Bounce Account and terminate these Terms immediately on written notice;
  • Take measures to prevent the further use of the Bounce platform by you, including blocking your IP address; and/or
  • Terminate these Terms,

and to do so without any further liability to you or providing you with a refund of any fees paid by you in accordance with these Terms, if you are found to be in breach of any of these Terms.

 

WARRANTIES

  • You warrant to Bounce that you have the authority, capacity and ability to enter into these Terms, and to perform your obligations under these Terms.
  • You warrant that:
  • You own or have permissions to use all Intellectual Property Rights in the Bounce Content; and
  • The possession and use by Bounce of the Bounce Content for the purpose of providing the Bounce Content will not infringe the Intellectual Property Rights of any third party or contravene applicable law.

 

INDEMNITY 

  • You will indemnify and undertake to keep Bounce, its officers, servants and agents indemnified against any costs or expenses (including reasonable legal costs and the cost of any settlement) arising out of any claim, action, proceeding or demand that may be brought, made or prosecuted against Bounce arising out of or as a consequence of a breach of these Terms by you, or an unlawful or negligent act or omission by you, or an infringement of any third party rights (including, without limitation, Intellectual Property Rights) which arise out of or are connected in any way with these Terms.

 

LIMITATION OF LIABILITY

  • You acknowledge that the Bounce Content has not been developed to meet your individual requirements. Bounce gives no condition, warranty, undertaking or representation to you, whether express or implied, in respect of the suitability, or fitness for purpose, of the Bounce Content. This does not affect any statutory or other rights available to you.
  • Nothing in this Agreement excludes or limits the liability of Bounce for death or personal injury caused by Bounce’s negligence or for fraudulent misrepresentation other liability that cannot be excluded or limited by applicable law.
  • Bounce’s total liability to you in contract, tort, (including negligence or breach of statutory duty), misrepresentation or otherwise, arising in connection with the performance or contemplated performance of Bounce’s obligations under these Terms shall be limited to the aggregate of your total amount paid to Bounce during the 1 month prior to the event giving rise to the liability.
  • Bounce shall not be liable for defects resulting from the improper use of the Bounce Service by you or by any other third party.
  • Bounce shall not be liable to you whether arising under these Terms or in tort (including negligence or breach of statutory duty), misrepresentation or however arising, for any Consequential Loss. “Consequential Loss” shall for these purposes mean: pure economic loss; loss of profits (whether categorised as direct or indirect, actual or anticipated); losses arising from business interruption; loss of business revenue, loss of income, loss of goodwill or reputation, anticipated savings; losses whether or not occurring in the normal course of business, wasted management or staff time; and loss or corruption of data.
  • These Terms, together with the Privacy Policy, set out the full extent of our obligations and liabilities in respect of your access to the Bounce Service. Except as expressly stated in these Terms, there are no conditions, warranties, representations, or other terms, express or implied, that are binding on us. Any condition, warranty, representation, or other term concerning the supply of the Bounce Service which might otherwise be implied into, or incorporated in, these Terms whether by statute, common law or otherwise, is excluded to the fullest extent permitted by applicable law.

 

ACTS BEYOND OUR CONTROL: FORCE MAJEURE

  • Sometimes the Bounce Service may be impacted by events beyond our reasonable control, known as “Force Majeure ”, events. “Force Majeure” means anything outside of our reasonable control, including, but not limited to, acts of God, fire, storm, flood, earthquake, explosion, accident, acts of the public enemy, war, rebellion, sabotage, pandemic, epidemic, labour dispute, power shortage, network failure, server crashes, deletion, corruption, loss or removal of data, including, without limitation, where you cease to be entitled to access the Internet or cease to have access to the Internet, for whatever reason, any act or omission (including laws, regulations, disapprovals or failures to approve) of any government or government agency.
  • If Bounce is wholly or partially precluded from complying with its obligations under these Terms by Force Majeure, then Bounce’s obligation to perform in accordance with these Terms will be suspended for the duration of the period of Force Majeure.

 

TAX

  • You should be aware that various tax regimes may apply to your Rewards pending on your personal tax status and the rules and regulations in force from time to time. You have the sole responsibility of determining the relevant tax impact to your Rewards and you should consult an appropriate professional advisor if you have any questions or doubts in this regard. Bounce does not provide tax advice.

MISCELLANEOUS

  • Notices relating to these Terms. All notices given by Bounce to Members will be sent to their designated email address provided by them during the Bounce Registration Process.


  • Reliance on these Terms. We intend to rely on these written Terms and any document expressly referred to in them in relation to the subject matter of any agreement between us. We and you will be legally bound by these Terms.


  • References to ‘including’ and other similar expressions. In these Terms, words that appear after the expression ‘include’, ‘including’, ‘other’, ‘for example’, ‘such as’ or ‘in particular’ (or any similar expression) will not limit the meaning of the words appearing before such expression.


  • We may transfer this Agreement to someone else. We may transfer our rights and obligations under these Terms to another organisation. We will contact you to let you know if we plan to do this. If you are unhappy with the transfer, you may contact us to end your membership within 14 days of us telling you about the transfer.


  • You require our consent to transfer your rights to someone else. You may only transfer your rights or your obligations under these terms to another person if we agree to this in writing.
  1. These Terms will be governed by and construed in accordance with the laws of Ireland, and you hereby submit to the exclusive jurisdiction of the Irish Courts. If any provision of these Terms are found to be invalid or unenforceable by a court of law, such invalidity or unenforceability will not affect the remainder of the Terms which will continue in full force and effect.

DATA PROCESSING ADDENDUM

This Data Processing Addendum forms part of these Terms between Bounce and Bounce Members.  By ticking ‘I agree’ during the process to register your membership and/or by participating in the Bounce Activities, you agree to be bound by this Addendum. 

 

Terms of Addendum

This Addendum supplements the Terms and makes legally binding provisions for compliance with the Data Protection Laws as set forth in this Addendum. As per the requirements of relevant data protection law, all processing of personal data by a processor on behalf of a controller, shall be governed by a contract. The terms, obligations and rights set forth in this Addendum relate directly to the data processing activities and conditions laid out in Appendix A.

The terms used in this Addendum have the meanings as set out in the ‘definitions’ part of the document.

 

Definitions

In this Addendum, unless the text specifically notes otherwise, the below words shall have the following meanings: – 

“Business Purpose” means the services to be provided by the Processor to the Bounce Members as described in the Terms.

Bounce Insights Platform” means the web based application available through www.bounceinsighs.com website, Bounce Insight’s mobile application and any other form, media channel, mobile website or mobile application related, linked or otherwise, connected thereto. 

“Consent” of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies Addendum to the processing of personal data relating to him or her.

“Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data. 

Data Subject” means the identified or identifiable living individual to whom the Personal Data relates.

“Data Protection Laws” means all applicable Data Protection Laws, including the General Data Protection Regulation (EU 2016/679) (“GDPR”), the Irish Data Protection Act 2018 and, to the extent applicable, the data protection or privacy laws of any other country.

“EEA” means the European Economic Area, which consists of the Member States of the European Union, as well as Norway, Iceland, and Lichtenstein.

“Effective Date” means the earlier of (i) the date that the Terms comes into force or (ii) the date of this Addendum.

“Personal Data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

“Recipient” means a natural or legal person, public authority, agency, or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall comply with the applicable data protection rules according to the purposes of the processing.

“Sub Processor” means any person or entity appointed by or on behalf of the Processor to process personal data on behalf of the Bounce Members.

“Supervisory Authority” means an independent public authority which is established by a Member State pursuant to Article 51 of the GDPR. For the purposes of this Addendum, it shall mean the Irish Data Protection Commission. 

“Third-party” means a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

Words or expressions not defined in this Addendum shall have the meaning given to them under the GDPR and/or the Terms. 

  • This Addendum is subject to the terms of the Terms and is incorporated into the Terms. Interpretations and defined terms set forth in the Terms apply to the interpretation of this Addendum.
  • The Appendices form part of this Addendum and will have effect as if set out in full in the body of this Addendum. Any reference to this Addendum includes the Appendices.
  • A reference to writing or written includes email.
  • In the case of conflict or ambiguity between:
  • any provision contained in the body of this Addendum and any provision contained in the Annexes, the provision in the body of this Addendum will prevail;
  • the terms of any accompanying invoice or other documents annexed to this Addendum and any provision contained in the Appendices, the provision contained in the Appendices will prevail; and
  • any of the provisions of this Addendum and the provisions of the Terms, the provisions of this Addendum will prevail.

Personal data types and processing Purposes 

  • The Bounce Members and the Processor agree and acknowledge that for the purpose of the Data Protection Laws:
  • the Bounce Members are the Controller and Bounce Insights is the Processor.
  • the Bounce Members retains control of the Personal Data and remains responsible for its compliance obligations under the Data Protection Laws, including but not limited to, providing any required notices and obtaining any required consents, and for the written processing instructions it gives to the Processor.
  • Appendix A describes the subject matter, duration, nature and purpose of the processing and the Personal Data categories and Data Subject types in respect of which the Processor may process the Personal Data to fulfil the Business Purpose.

Obligations and Rights of the Processor

  • The Processor shall comply with the relevant Data Protection Laws and must: –
  • only process the Personal Data to the extent, and in such a manner, as is necessary for the Business Purpose in accordance and on the written instructions of the Controller;
  • ensure that people processing the data are subject to a duty of confidence;
  • safeguard and protect all personal data from unauthorised or unlawful processing, including (but not limited to) accidental loss, destruction or damage and will ensure the security of processing through the demonstration and implementation of appropriate technical and organisational measures as specified in Appendix A of this Addendum;
  • ensure that all processing meets the requirements of relevant Data Protection Laws;
  • ensure that where a Sub-Processor is used, they: –
  • inform the Bounce Members of any intended changes concerning the addition or replacement of Sub-Processors;
  • have in place a written contract with the Sub-Processor containing the same data protection obligations as set out in this Addendum, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the Data Protection Laws; and
  • understand that where any Sub-Processor is used on their behalf, that any failure on the part of the sub-processor to comply with the Data Protection Laws or the relevant Data Processing Addendum, the initial processor remains fully liable to the Bounce Members for the performance of the Sub-Processor’s obligations;
  • assist the Bounce Members in meeting its data protection obligations in relation to: –
  • the security of processing under Article 32 of the GDPR;
  • data protection impact assessments; 
  • consultations with any Supervisory Authority; and
  • the investigation and notification of a Data Breach to the Supervisory Authority and to data subjects where required under the Data Protection Laws; 
  • delete or return all personal data to the Bounce Members as requested at the end of the contract unless EU or Member State law requires the storage of the personal data, in which case the Processor shall continue to ensure compliance with this Addendum and will only process the personal data to the extent and for as long as required under that law;
  • make available to the Bounce Members all information necessary to demonstrate compliance with the obligations laid down in Article 28 of the GDPR and allow for, and contribute to audits, including inspections, conducted by the Bounce Members or another auditor mandated by the Bounce Members;
  • inform the Bounce Members immediately if, in the Processor’s opinion, an instruction infringes the GDPR or other data protection laws of the EU or a Member State;
  • co-operate with Supervisory Authorities on request in accordance with Article 31 of the GDPR;
  • where applicable, employ a Data Protection Officer; and
  • where applicable, appoint (in writing) a representative within the EU if required in accordance with Article 27 of the GDPR.
  • Nothing within this Addendum relieves the Processor of their own direct responsibilities, obligations, and liabilities under Data Protection Laws.
  • The Processor is responsible for ensuring that all its employees, agents, subcontractors or vendors are made aware of its obligations regarding the security and protection of personal data and the terms set out in this Addendum. 
  • Any transfer of personal data to a third country or an international organisation shall only be carried out on documented instructions from the Bounce Members, unless required to do so by Union or Member State law. Personal data shall not be transferred to a third country unless the Processor has taken such measures as are necessary to ensure the transfer is in compliance with the Data Protection Laws.
  • The Processor shall maintain a record of all categories of processing activities carried out on behalf of the Bounce Members, containing: –
  • the name and contact details of the Processor(s) and, where applicable, the data protection officer;
  • the categories of processing carried out on behalf of the Bounce Members;
  • transfers of personal data to a third country or an international organisation, including the identification of that third country or international organisation and, the documentation of suitable safeguards; and
  • a general description of the technical and organisational security measures referred to in Article 32(1) of the GDPR.
  • The Processor shall maintain records of processing activities in writing, including in electronic form and shall make the record available to the Supervisory Authority on request.
  • When assessing the appropriate level of security and the subsequent technical and operational measures, the Processor shall consider the risks presented by any processing activities, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed.

Processor’s Employees  

  • The Processor is responsible for ensuring that each of its employees, agents, subcontractors, or vendors are made aware of its obligations regarding the security and protection of the personal data and the terms set out in this Addendum.

Obligations and Rights of the Controller (the Bounce Members)

  • The Controller will comply with the Data Protection Laws in respect of the processing of Personal Data under this Addendum. 
  • The Controller is responsible for determining the purposes and means of processing under this Addendum. 
  • The Controller is responsible for identifying the legal basis for processing special category data. Where special category data is collected, the onus is on the Controller to ensure that sufficient privacy information is provided to Data Subjects in accordance with Article 13 GDPR, including but not limited to, why that information is being collected and under what legal basis.
  • The Controller is responsible for ensuring all data is adequate, relevant, and adheres to data minimisation principles. 
  • The Controller must make available to the Processor all data that the Processor has agreed to process on behalf of the Controller in a timely fashion and in the agreed format. 
  • The Controller is responsible for the quality and accuracy of the data. 
  • The Controller is responsible for verifying the validity and suitability of the Processor before entering into a business relationship.
  • The Controller shall carry out adequate and appropriate onboarding and due diligence checks for all Processors, with a full assessment of the mandatory data protection law requirements.
  • The Controller shall verify that the Processor has adequate and documented processes for data breaches, data retention and data transfers in place.
  • Where the Controller has authorised the use of any Sub-Processor by the initial Processor, the Controller must verify that similar Data Processing Addendums are in place between the initial Processor and Sub-Processor.
  • The Controller has authorised the use of the Sub-Processors detailed in Appendix B of this Addendum.

Security 

  • The Processor will implement appropriate technical and organisational measures against accidental, unauthorised or unlawful processing, access, copying, modification, reproduction, display or distribution of the Personal Data, and against accidental or unlawful loss, destruction, alteration, disclosure or damage of Personal Data 
  • The Processor will implement such measures to ensure a level of security appropriate to the risk involved, as described in Appendix A.

Personal Data Breach 

  • The Processor must notify the Bounce Members of any Data Breach within 48 hours of having become aware of the following; 
  • the loss, unintended destruction or damage, or corruption of part or all the Personal Data. 
  • any accidental, unauthorised, or unlawful processing of the Personal Data; or
  • any incident regarding personal data that could be classified as a Data Breach.
  • Where the Processor becomes aware of (a), (b) and/or (c) above, it will, without undue delay, also provide the Bounce Members with the following written information:
  • description of the nature of (a), (b) and/or (c), including the categories of in-scope Personal Data and approximate number of both Data Subjects and the Personal Data records concerned;
  • the likely consequences; and
  • a description of the measures taken or proposed to be taken to address (a), (b) and/or (c), including measures to mitigate its possible adverse effects.
  • Immediately following any accidental, unauthorised or unlawful Personal Data processing or  Data Breach, the parties will co-ordinate with each other to investigate the matter. Further, the Processor will reasonably co-operate with the Bounce Members in the Bounce Members ‘s handling of the matter, including but not limited to:
  • assisting with any investigation; and 
  • taking reasonable and prompt steps to mitigate the effects and to minimise any damage resulting from the Data Breach or accidental, unauthorised or unlawful Personal Data processing.
  • The Processor will not inform any third-party of any accidental, unauthorised or unlawful processing of all or part of the Personal Data and/or a Data Breach without first obtaining the Bounce Members ‘s written consent, except when required to do so by domestic or EU law.

Complaints, data subject access requests and third-party rights

  • The Processor will, take such technical and organisational measures as may be appropriate, and promptly provide such information to the Bounce Members as the Bounce Members may reasonably require, to enable the Bounce Members to comply with:
  • the rights of Data Subjects under the Data Protection Laws, including, but not limited to, subject access rights, the rights to rectify, port and erase personal data, object to the processing and automated processing of personal data, and restrict the processing of personal data; and
  • information or assessment notices served on the Bounce Members by the Data Protection Commissioner or other relevant regulator under the Data Protection Laws.
  • The Processor will notify the Bounce Members immediately in writing if it receives any complaint, notice or communication that relates directly or indirectly to the processing of the Personal Data or to either party’s compliance with the Data Protection Laws.
  • The Processor will notify the Bounce Members within 14 days if it receives a request from a Data Subject for access to their Personal Data or to exercise any of their other rights under the Data Protection Laws.
  • The Processor will give the Bounce Members, its full co-operation and assistance in responding to any complaint, notice, communication or Data Subject request.
  • The Processor will not disclose the Personal Data to any Data Subject or to a third-party other than in accordance with the Bounce Members’ written instructions, or as required by domestic or EU law.

Term and Termination

  • This Addendum will remain in full force and effect so long as:
  • the Terms remains in effect; or
  • the Processor retains any of the Personal Data related to the Terms in its possession or control (Term).
  • Any provision of this Addendum that expressly or by implication should come into or continue in force on or after termination of the Terms in order to protect the Personal Data will remain in full force and effect.
  • If a change in any Data Protection Laws prevents either Party from fulfilling all or part of its Terms obligations, the Parties may agree to suspend the processing of the Personal Data until that processing complies with the new requirements. If the Parties are unable to bring the Personal Data processing into compliance with the Data Protection Laws either party may terminate the Terms with immediate effect on written notice to the other party.

Penalties 

  • By signing this Addendum, the Parties confirm that they understand the legal and enforcement actions that they may be subject to should they fail to uphold the Addendum terms or breach the Data Protection Laws. If the either Party fails to meet their obligations, they may be subject to: –
  • investigative and corrective powers of Supervisory Authorities under Article 58 of the GDPR;
  • an administrative fine under Article 83 of the GDPR;
  • a penalty under Article 84 of the GDPR; or
  • pay compensation under Article 82 of the GDPR.

Warranties 

  • The Processor and Bounce Members warrants and represents that:
  • it has no reason to believe that the Data Protection Laws prevents it from providing any of the Terms’ contracted services; and
  • considering the current technology environment and implementation costs, it will take appropriate technical and organisational measures to prevent the accidental, unauthorised or unlawful processing of Personal Data and the loss or damage to, the Personal Data, and ensure a level of security appropriate to:
  1. the harm that might result from such accidental, unauthorised or unlawful processing and loss or damage;
  2. the nature of the Personal Data protected; and
  3. comply with all applicable Data Protection Laws and its information and security policies, including the security measures required in 6.1.
  • The Bounce Members warrants and represents that the Processor’s expected use of the Personal Data for the Business Purpose and as specifically instructed by the Bounce Members will comply with the Data Protection Laws.


Notice

  • Any notice or other communication given to a party under or in connection with this Addendum must be in writing and delivered to:

For the Processor: Data Protection Officer, dataprotection@bounceinsights.com

  • 12.1 does not apply to the service of any proceedings or other documents in any legal action or, where applicable, any arbitration or other method of dispute resolution.

APPENDIX A

Processing Details

  • The Controller named in this Addendum has appointed the Processor regarding specific processing activity requirements. 
  • These requirements relate to the submission of surveys to the Processor including specification of the target criteria to each survey to specific audience segments. The Processor will distribute the survey based on the targeting criteria specified by the Bounce Members, collect the survey responses from the Processor’s app-users who have agreed to take the Processor’s surveys (the “Survey Respondents”) and provide the Bounce Members with reports (the “Reporting Deliverables”). 
  • The processing activities relate to delivering surveys to target users i.e., the Data Subject, such surveys will be used in order to gather demographic profiling information on the Data Subject and are for the purpose of utilising the Personal Data to conduct market research and will not unduly infringe the Data Subjects’ fundamental rights, freedoms and interests.
  • The requirement for the named Processor to act on behalf of the Controller is regarding the below type(s) of personal data and categories of data subjects: –
  • The survey questions and the responses to such questions (the “Researcher Survey Data”);
  • certain anonymous statistical and socio-demographic data pertaining to the statistical and socio-demographic profile of anonymous Survey Respondents who have participated successfully in the survey process; 
  • The Processor’s app-users. 
    • The Processor can demonstrate and provide sufficient guarantees as to the implementation of appropriate technical and organisational measures taken to ensure data security and protection: –

Technical Measures

  • Security Classification: Bounce Insights platform data is segregated into various collections on our backend services. The reason for this is to allow certain access control restrictions to be implemented on these collections and subdocuments in order to restrict access to only those with the adequate privileges.
  • Access to information: Bounce Members on the Bounce Insights dashboard have fine grained access controls applied to them to restrict the survey results and user information available to them. Bounce Members will only be shown the aggregate results to surveys that they have published for research conducted through the Bounce Insights platform. Bounce Members of the licensing platform will only be shown user information for users who have registered onto the white labelled Mobile App for their panel. Bounce Members also can add team members to their account who then have the same level of access as the parent Bounce Members. This access can be revoked at any time of the parent Bounce Members choosing. 
  • Data encryption: All data transmitted / used across the Bounce Insights platform is encrypted both at rest and whilst in transit.
  • Data storage: No data is stored on the Bounce Insights platform and any data sent to backend services is encrypted in transit using HTTPS & SSL.
  • Penetration testing: Penetration testing is performed on the Bounce Insights platform annually by an external provider. This is performed with the aim of highlighting and exposing flaws / exploits in the system that could be exploited by a malicious actor. Dependency bots are used to discover vulnerabilities in all dependencies used by the Bounce Insights platform and update these to versions in which the dependency has been patched / fixed.
  • Data backups: Backups of Bounce Insights platform data are performed on a frequent basis and retained for a period of 30 days. This ensures that in the event of a catastrophic incident minimal platform data is lost as these backups can be restored. These backups are encrypted at rest and can only be accessed by senior members of Bounce Insights.

Organisational Measures

  • Access to information: Staff at Bounce Insights will only be granted access to the information that they need to fulfil their role within the organisation. Staff who have been granted access must not pass on information to others unless they have also been granted access through appropriate authorisation. 
  • Training: Staff at Bounce Insights must conduct annual mandatory data protection training.
  • Policies: Staff at Bounce Insights must adhere to robust data security policies including the Data Protection Policy, Information Security Policy, Clear Desk Policy, Data Protection Impact Assessment Policy, and Data Breach Notification Policy and Procedures.

Appendix  B

  • Authorised Sub-Processors

SUB-PROCESSOR NAME

PURPOSE OF PROCESSING

TYPE OF DATA PROCESSED

Google Firebase

Database & authentication

Bounce Insights Platform users’ account details. The Bounce Members’ contact information and account details.

Mixpanel

Platform analytics

Bounce Insights Platform users’ account details and location data.

Stripe

Payments processor

Financial information 

Elastic 

Platform monitoring and to facilitate debugging 

Bounce Insights Platform users’ account details and location data.

Revolut

App user rewards provider

Bounce Insights Platform users’ email address, mobile phone number and name.

PayPal

App user rewards provider

Bounce Insights Platform users’ email address, mobile phone number and name.

Tango Rewards

App user rewards provider

Bounce Insights Platform users’ email address, mobile phone number and name.

Slack

Platform alerts (webhooks)

Bounce Insights Platform users’ account details.