BACKGROUND
1) Definitions and Interpretation
The following definitions and rules of interpretation apply in this Agreement.
1.1) Definitions:
Authorised Persons: the persons or categories of persons that the Customer authorises to give the Provider written personal data processing instructions as identified in Annex A and from whom the Provider agrees to accept such instructions.
Business Purposes: the services to be provided by the Provider to the Customer as described in the Master Agreement and any other purpose specifically identified in this Agreement.
Commissioner: the Information Commissioner as defined in Article 4(A3) UK GDPR, section 114 DPA 2018 and/or the Data Protection Legislation (as applicable).
Controller: has the meaning given to it in section 6, DPA 2018.
Data Protection Legislation: all applicable data protection and privacy legislation in force from time to time in the UK including without limitation the UK GDPR; the Data Protection Act 2018 (and regulations made thereunder) (DPA 2018); the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426) as amended.
Data Subject: the identified or identifiable living individual to whom the Personal Data relates.
EEA: the European Economic Area.
Personal Data: means any information relating to an identified or identifiable living individual that is processed by the Provider on behalf of the Customer as a result of, or in connection with, the provision of the services under the Master Agreement; an identifiable living individual is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the individual.
Personal Data Breach: a breach of security leading to the accidental, unauthorised or unlawful destruction, loss, alteration, disclosure of, or access to, the Personal Data.
Processing, processes, processed, process: any activity that involves the use of the Personal Data. It includes, but is not limited to, any operation or set of operations which is performed on the Personal Data or on sets of the Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. Processing also includes transferring the Personal Data to third-parties.
Processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller.
Records: has the meaning given to it in Clause 12.
Term: this Agreement's term as defined in Clause 10.
UK GDPR: has the meaning given to it in section 3(10) (as supplemented by section 205) of the DPA 2018.
1.2) This Agreement is subject to the terms of the Master Agreement and is incorporated into the Master Agreement. Interpretations and defined terms set forth in the Master Agreement apply to the interpretation of this Agreement.
1.3) The Annexes form part of this Agreement and will have effect as if set out in full in the body of this Agreement. Any reference to this Agreement includes the Annexes.
1.4) A reference to writing or written includes faxes and email.
1.5) In the case of conflict or ambiguity between:
a) any provision contained in the body of this Agreement and any provision contained in the Annexes, the provision in the body of this Agreement will prevail;
b) the terms of any accompanying invoice or other documents annexed to this Agreement and any provision contained in the Annexes, the provision contained in the Annexes will prevail; and
c) any of the provisions of this Agreement and the provisions of the Master Agreement, the provisions of this Agreement will prevail.
2) Personal data types and processing purposes
2.1) The Customer and the Provider agree and acknowledge that for the purpose of the Data Protection Legislation:
a) The Customer is the Controller and the Provider is the Processor.
b) The Customer retains control of the Personal Data and remains responsible for its compliance obligations under the Data Protection Legislation, including but not limited to, providing any required notices and obtaining any required consents, and for the processing instructions (in any form, written or otherwise) it gives to the Provider.
c) Annex A describes the subject matter, duration, nature and purpose of the processing and the Personal Data categories and Data Subject types in respect of which the Provider may process the Personal Data to fulfil the Business Purposes.
d) where Personal Data is transferred to the EEA and/or the UK, the Provider is not obliged to agree to the standard contractual clauses as set out in Annex B and Annex C as the European Commission has announced on 28.06.21 that the UK offers an adequate level of protection of personal data and any transfers of personal data from the EEA to the UK can be made without any further specific authorisation. The Provider therefore need not strictly comply with the standard contractual clauses as set out in Annex B and Annex C where Personal Data is transferred to the EEA and/or the UK.
e) the standard contractual clauses as agreed and set out in Annex B and Annex C shall not apply to any Personal Data that does not originate in the UK or the EEA (as applicable).
3) Provider's obligations
3.1) The Provider will process the Personal Data to the extent, and in such a manner, as is necessary for the Business Purposes. The Provider will not process the Personal Data for any other purpose or in a way that does not comply with this Agreement or the Data Protection Legislation. The Provider may notify the Customer if, in its opinion, the Customer's instructions do not comply with the Data Protection Legislation.
3.2) The Provider will use its reasonable endeavours to consider any Customer written instructions reasonably requiring the Provider to amend, transfer, delete or otherwise process the Personal Data. The Provider will comply with such written instructions so far as it is able to without substantial expense or difficulty.
3.3) The Provider will maintain the confidentiality of the Personal Data and will not disclose the Personal Data to third-parties unless the Customer or this Agreement specifically authorises the disclosure, or as required by any law, court or regulator (including the Commissioner). If a a law, court or regulator (including the Commissioner) requires the Provider to process or disclose the Personal Data to a third-party, the Provider must first inform the Customer of such legal or regulatory requirement and give the Customer an opportunity to object or challenge the requirement, unless the law prohibits the giving of such notice
3.4) The Provider will reasonably assist the Customer, charged on a time and materials basis, with meeting the Customer's compliance obligations under the Data Protection Legislation, taking into account the nature of the Provider's processing and the information available to the Provider, including in relation to Data Subject rights, data protection impact assessments and reporting to and consulting with the Commissioner under the Data Protection Legislation.
3.5) The Provider will use its reasonable endeavours to notify the Customer of any changes to the Data Protection Legislation that may reasonably be interpreted as adversely affecting the Provider's performance of the Master Agreement or this Agreement.
4) Provider's employees
The Provider will ensure that its employees with access to the Personal Data:
a) are informed of the confidential nature of the Personal Data and are bound by written confidentiality obligations and use restrictions in respect of the Personal Data;
b) have undertaken training on the Data Protection Legislation and how it relates to their handling of the Personal Data and how it applies to their particular duties; and
c) are aware of their personal duties and obligations under the Data Protection Legislation and this Agreement.
5) Security
5.1) The Provider will at all times implement appropriate technical and organisational measures against accidental, unauthorised or unlawful processing, access, copying, modification, reproduction, display or distribution of the Personal Data, and against accidental or unlawful loss, destruction, alteration, disclosure or damage of Personal Data.
5.2) The Provider will implement such measures to ensure a level of security appropriate to the risk involved, including as appropriate:
a) the pseudonymisation and encryption of personal data;
b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
c) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; and
d) a process for regularly testing, assessing and evaluating the effectiveness of the security measures.
6) Personal data breach
6.1) The Provider will, as soon as reasonably practicable, notify the Customer in writing if it becomes aware of:
a) the loss, unintended destruction or damage, corruption, or unusability of part or all of the Personal Data;
b) any accidental, unauthorised or unlawful processing of the Personal Data; or
c) any Personal Data Breach.
6.2) Where the Provider becomes aware of (a), (b) and/or (c) above, it will also provide the Customer with the following written information:
a) description of the nature of (a), (b) and/or (c), including the categories of in-scope Personal Data and approximate number of both Data Subjects and the Personal Data records concerned;
b) the likely consequences; and
c) a description of the measures taken or proposed to be taken to address (a), (b) and/or (c), including measures to mitigate its possible adverse effects.
6.3) Immediately following any accidental, unauthorised or unlawful Personal Data processing or Personal Data Breach, the parties will coordinate with each other to reasonably investigate the matter.
6.4) The Provider will not inform any third-party of any accidental, unauthorised or unlawful processing of all or part of the Personal Data and/or a Personal Data Breach without first obtaining the Customer's written consent, except when required to do so by domestic law.
7) Cross-border transfers of personal data from the UK and/or the EEA to third countries
7.1) The Provider (and any subcontractor/sub-processor) will not transfer or otherwise process the Personal Data outside the UK and/or the EEA to third countries other than in accordance with this Agreement, without obtaining the Customer's prior consent, save where the Provider is processing the Personal Data per the Customer’s request(s) or instruction(s).
7.2) Where such consent is granted, the Provider may process, or permit the processing, of the The Provider may authorise third-parties (subcontractors/sub-processors) to process the Personal Data if:
a) the Provider notifies (by any means, directly/indirectly) the Customer of the appointment of subcontractors/sub-processors; and
b) the Provider enters into contracts with subcontractors/sub-processors that contain terms similar to those set out in this Agreement, and, upon the Customer's written request, provides the Customer with copies of the relevant excerpts from such contracts.
7.3) Those subcontractors/sub-processors who may process the Personal Data as at the commencement of this Agreement and from time to time are as set out or referred to in Annex A.
8) Complaints, data subject requests and third-party rights
8.1) The Provider will, charged on a time and materials basis, take such technical and organisational measures as may be appropriate, and provide such information to the Customer as the Customer may reasonably require, to enable the Customer to comply with:
a) the rights of Data Subjects under the Data Protection Legislation, including, but not limited to, subject access rights, the rights to rectify, port and erase personal data, object to the processing and automated processing of personal data, and restrict the processing of personal data; and
b) information or assessment notices served on the Customer by the Commissioner under the Data Protection Legislation.
8.2) The Provider will notify the Customer in writing if it receives any complaint, notice or communication that relates directly or indirectly to the processing of the Personal Data or to either party's compliance with the Data Protection Legislation.
8.3) The Provider will notify the Customer if it receives a request from a Data Subject for access to their Personal Data or to exercise any of their other rights under the Data Protection Legislation.
8.4) On the Customer’s written request, the Provider will give the Customer, charged on a time and materials basis, its cooperation and assistance in responding to any specific complaint, notice, communication or Data Subject request.
8.5) The Provider will not disclose the Personal Data to any Data Subject or to a third-party other than in accordance with the Customer's written instructions, or as required by law.
9) Term and termination
9.1) This Agreement will remain in full force and effect so long as:
a) the Master Agreement remains in effect; or
b) the Provider retains any of the Personal Data related to the Master Agreement in its possession or control (Term).
9.2) Any provision of this Agreement that expressly or by implication should come into or continue in force on or after termination of the Master Agreement in order to protect the Personal Data will remain in full force and effect.
9.3) If a change in any Data Protection Legislation prevents either party from fulfilling all or part of its Master Agreement obligations, the parties may agree to suspend the processing of the Personal Data until that processing complies with the new requirements. If the parties are unable to bring the Personal Data processing into compliance with the Data Protection Legislation 30 days, either party may terminate the Master Agreement on not less than 30 working days on written notice to the other party.
10) Data return and destruction
10.1) At the Customer's request, the Provider will give the Customer, or a third-party nominated in writing by the Customer, a copy of or access to all or part of the Personal Data in its possession or control in a reasonable format.
10.2) Subject to clause 10.4, on termination of the Master Agreement for any reason or expiry of its term, the Provider will securely delete or destroy within 60 days or, if directed in writing by the Customer before the termination or expiry of the Master Agreement, return and not retain, all or any of the Personal Data related to this Agreement in its possession or control.
10.3) Notwithstanding clause 10.2, the Provider will retain all or any of the Personal Data related to this Agreement in its possession or control where the Customer wishes to or continues to receive the Provider’s free services after the termination or expiry of the Master Agreement.
10.4) If any law, regulation, or government or regulatory body requires the Provider to retain any documents, materials or Personal Data that the Provider would otherwise be required to return or destroy, it will notify the Customer in writing of that retention requirement, giving details of the documents, materials or Personal Data that it must retain and the legal basis for such retention.
10.5) On the Customer’s written request, the Provider will certify in writing to the Customer that it has deleted or destroyed the Personal Data after it completes the deletion or destruction.
11) Records
11.1) The Provider will keep detailed, accurate and up-to-date written records regarding any processing of the Personal Data, including but not limited to, the access, control and security of the Personal Data, the processing purposes, categories of processing, and a general description of the technical and organisational security measures referred to in se 5.1 (Records).
11.2) The Customer and the Provider will, together, review the information listed in the Annexes to this Agreement about one a year to confirm its current accuracy and update it when required to reflect current practices.
12) Audit
At the Customer's written request, at the Customer’s expense, the Provider will:
a) conduct an information security audit before it first begins processing any of the Personal Data;
b) produce a written report that includes detailed plans to remedy any security deficiencies identified by the audit;
c) provide the Customer with a copy of the written audit report; and
d) remedy any deficiencies identified by the audit.
13) Notice
13.1) Any notice given to a party under or in connection with this Agreement must be in writing and delivered to:
For the Customer: Any email address which the Provider was supplied to contact the Customer for any purpose.
For the Provider: The email address for the Provider as stated in the Master Agreement’s order form and/or any other email addresses which the Provider supplies for the receipt of notices under or in connection with this Agreement.
13.2) 14.1 does not apply to the service of any proceedings or other documents in any legal action or, where applicable, any arbitration or other method of dispute resolution.
This Agreement has been entered into on the date on which the Master Agreement is entered into.
ANNEX A Personal Data processing purposes and details
Subject matter of processing: The Provider’s provision of its services under the Master Agreement to the Customer as specified and pursuant to the Master Agreement.
Duration of Processing: For the term of the Master Agreement and this Agreement plus the period from expiry of the term of the Master Agreement and this Agreement until the anonymization, return, or deletion of data in accordance with this Agreement. Data shall also be processed for a further period in which the data exporter wishes to or continues to receive the Provider’s free services after the termination or expiry of the Master Agreement.
Nature of Processing: The Provider will process Personal Data for the purpose of providing the Customer its services in accordance with and as described in the Master Agreement, and as instructed by the data exporter from time to time. For the avoidance of doubt, the Provider will process Personal Data for data analytics purposes (amongst other purposes) which shall form part of the Business Purposes.
Personal Data Categories: Any Personal Data provided to the Provider, by or at the direction of the Customer.
Data Subject Types: Data subjects include the Customer’s users, employees and third parties with whom it has, or may develop, a commercial relationship.
Authorised Persons: All personnel of the Customer giving the Provider instructions from an email address which the Customer used previously to contact the Provider or an email address with any domain name which the Customer uses in the course of their business.
Subcontractors/sub-processors: The subcontractors/sub-processors which we use from time to time are listed at https://www.veed.io/data-subprocessors. The Provider may update this list of subcontractors/sub-processors from time to time.
ANNEX B: UK standard contractual clauses (Controller-Processor)
STANDARD CONTRACTUAL CLAUSES (CONTROLLER-PROCESSOR)
For the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection Customer (the data exporter) and VEED (the data importer) each a ‘party’; together ‘the parties’, have agreed on the following Contractual Clauses (the Clauses) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Appendix 1 to a third country.
Clause 1
Definitions
For the purposes of the Clauses:
Clause 2
Details of the transfer
The details of the transfer and in particular the special categories of personal data where applicable are specified in Appendix 1 which forms an integral part of the Clauses.
Clause 3
Third-party beneficiary clause
Clause 4
Obligations of the data exporter
The data exporter agrees and warrants:
Clause 5
Obligations of the data importer
The data importer agrees and warrants:
Clause 6
Liability
Clause 7
Mediation and jurisdiction
Clause 8
Cooperation with supervisory authorities
Clause 9
Governing law
The Clauses shall be governed by the law of which the data importer is established, namely the laws of England and Wales.
Clause 10
Variation of the contract
The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause.
Clause 11
Sub-processing
Clause 12
Obligation after the termination of personal data-processing services
Appendix 1 to the Standard Contractual Clauses
This Appendix forms part of the Clauses.
Data exporter
The data exporter is as defined in these Standard Contractual Clauses and is defined as the Customer in the data processing agreement signed between the parties.
Data importer
The data importer is Veed Limited and is defined as the Provider in the data processing agreement signed between the parties.
Data subjects
Data subjects include the data exporter’s users, employees and third parties with whom it has, or may develop, a commercial relationship.
Categories of data
Any personal data provided to the data importer, by or at the direction of the data exporter.
Special categories of data (if appropriate)
Special categories of data may be transferred by the data exporter to the data importer through the uploading of video or audio files or other data on to the data importer’s website. Where the data exporter transfers any special categories of personal data to the data importer, the data exporter shall have obtained explicit consent from the data subjects of the special categories of data to process such data about them and for the data importer to process that data in the UK and/or in third countries. Data subject’s explicit written consent which the data exporter obtain must be supplied to the data importer on the data importer’s request. If a data subject does not give explicit written consent to the processing their special categories of personal data, then their special categories of personal data must not be supplied to the data importer.
Any special categories of data transferred by the data exporter to the data importer shall be processed only for the performance of the terms of sale for business clients for paid services entered into between the data exporter and Veed Limited.
Processing operations
The personal data transferred will be subject to the following basic processing activities (as applicable):
List of sub-processors
The data exporter agrees to the data importer’s use/engagement of sub-processors. The subcontractors/sub-processors which the data importer use from time to time are listed at https://www.veed.io/data-subprocessors. The data exporter agrees to the data importer’s updating of this list of subcontractors/sub-processors from time to time.
ANNEX C: EU standard contractual clauses (Controller-Processor)
STANDARD CONTRACTUAL CLAUSES (CONTROLLER-PROCESSOR)
For the compliance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) for the transfer of personal data to a third country
Clause 1
Purpose and scope
The purpose of these standard contractual clauses is to ensure compliance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) for the transfer of personal data to a third country;
The Parties:
have agreed to these standard contractual clauses (hereinafter: ‘Clauses’).
Clause 2
Effect and invariability of the Clauses
Clause 3
Third-party beneficiaries
Clause 4
Interpretation
Clause 5
Hierarchy
In the event of a contradiction between these Clauses and the provisions of related agreements between the Parties, existing at the time these Clauses are agreed or entered into thereafter, these Clauses shall prevail.
Clause 6
Description of the transfer(s)
The details of the transfer(s), and in particular the categories of personal data that are transferred and the purpose(s) for which they are transferred, are specified in Annex F.
Clause 7
Docking clause
Clause 8
Data protection safeguards
The data exporter warrants that it has used reasonable efforts to determine that the data importer is able, through the implementation of appropriate technical and organisational measures, to satisfy its obligations under these Clauses.
8.1 Instructions
8.2 Purpose limitation
The data importer shall process the personal data only for the specific purpose(s) of the transfer, as set out in Annex F, unless on further instructions from the data exporter.
8.3 Transparency
On request, the data exporter shall make a copy of these Clauses, including the Appendix as completed by the Parties, available to the data subject free of charge. To the extent necessary to protect business secrets or other confidential information, including the measures described in Annex D and personal data, the data exporter may redact part of the text of the Appendix to these Clauses prior to sharing a copy, but shall provide a meaningful summary where the data subject would otherwise not be able to understand the its content or exercise his/her rights. On request, the Parties shall provide the data subject with the reasons for the redactions, to the extent possible without revealing the redacted information. This Clause is without prejudice to the obligations of the data exporter under Articles 13 and 14 of Regulation (EU) 2016/679.
8.4 Accuracy
If the data importer becomes aware that the personal data it has received is inaccurate, or has become outdated, it shall inform the data exporter without undue delay. In this case, the data importer shall cooperate with the data exporter to erase or rectify the data.
8.5 Duration of processing and erasure or return of data
Processing by the data importer shall only take place for the duration specified in Annex F. After the end of the provision of the processing services, the data importer shall, at the choice of the data exporter, delete all personal data processed on behalf of the data exporter and certify to the data exporter that it has done so, or return to the data exporter all personal data processed on its behalf and delete existing copies. Until the data is deleted or returned, the data importer shall continue to ensure compliance with these Clauses. In case of local laws applicable to the data importer that prohibit return or deletion of the personal data, the data importer warrants that it will continue to ensure compliance with these Clauses and will only process it to the extent and for as long as required under that local law. This is without prejudice to Clause 14, in particular the requirement for the data importer under Clause 14(e) to notify the data exporter throughout the duration of the contract if it has reason to believe that it is or has become subject to laws or practices not in line with the requirements under Clause 14(a).
8.6 Security of processing
8.7 Sensitive data
Where the transfer involves personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, or biometric data for the purpose of uniquely identifying a natural person, data concerning health or a person’s sex life or sexual orientation, or data relating to criminal convictions and offences (hereinafter ‘sensitive data’), the data importer shall apply the specific restrictions and/or additional safeguards described in Annex F.
8.8 Onward transfers
The data importer shall only disclose the personal data to a third party on documented instructions from the data exporter. In addition, the data may only be disclosed to a third party located outside the European Union (in the same country as the data importer or in another third country, hereinafter ‘onward transfer’) if the third party is or agrees to be bound by these Clauses, under the appropriate Module, or if:
Any onward transfer is subject to compliance by the data importer with all the other safeguards under these Clauses, in particular purpose limitation.
8.9 Documentation and compliance
Clause 9
Use of sub-processors
Clause 10
Data subject rights
Clause 11
Redress
Clause 12
Liability
Clause 13
Supervision
Where the data exporter is established in an EU Member State: The supervisory authority with responsibility for ensuring compliance by the data exporter with Regulation (EU) 2016/679 as regards the data transfer, as indicated in Annex G, shall act as competent supervisory authority.
Where the data exporter is not established in an EU Member State, but falls within the territorial scope of application of Regulation (EU) 2016/679 in accordance with its Article 3(2) and has appointed a representative pursuant to Article 27(1) of Regulation (EU) 2016/679: The supervisory authority of the Member State in which the representative within the meaning of Article 27(1) of Regulation (EU) 2016/679 is established and/or the , as indicated in Annex G, shall act as competent supervisory authority.
Where the data exporter is not established in an EU Member State, but falls within the territorial scope of application of Regulation (EU) 2016/679 in accordance with its Article 3(2) without however having to appoint a representative pursuant to Article 27(2) of Regulation (EU) 2016/679: The supervisory authority of one of the Member States in which the data subjects whose personal data is transferred under these Clauses in relation to the offering of goods or services to them, or whose behaviour is monitored, are located, as indicated in Annex G, shall act as competent supervisory authority.
(b)The data importer agrees to submit itself to the jurisdiction of and cooperate with the competent supervisory authority in any procedures aimed at ensuring compliance with these Clauses. In particular, the data importer agrees to respond to enquiries, submit to audits and comply with the measures adopted by the supervisory authority, including remedial and compensatory measures. It shall provide the supervisory authority with written confirmation that the necessary actions have been taken.
Clause 14
Local laws and practices affecting compliance with the Clauses
Clause 15
Obligations of the data importer in case of access by public authorities
15.1 Notification
15.2 Review of legality and data minimisation
Clause 16
Non-compliance with the Clauses and termination
In these cases, it shall inform the competent supervisory authority of such non-compliance. Where the contract involves more than two Parties, the data exporter may exercise this right to termination only with respect to the relevant Party, unless the Parties have agreed otherwise.
Clause 17
Governing law
The Parties agree that these Clauses shall be governed by the laws of England & Wales.
Clause 18
Choice of forum and jurisdiction
ANNEX D: Technical and organisational measures to ensure the security of the data
Access controls
Data storage, transfer and logging
Availability controls
ANNEX F: Description of transfer
Categories of data subjects whose personal data is transferred
Data subjects include the data exporter’s users, employees and third parties with whom it has, or may develop, a commercial relationship.
Categories of personal data transferred
Any personal data provided to the data importer, by or at the direction of the data exporter.
Sensitive data transferred
Special categories of data may be transferred by the data exporter to the data importer through the uploading of video or audio files or other data on to the data importer’s website. Where the data exporter transfers any special categories of personal data to the data importer, the data exporter shall have obtained explicit consent from the data subjects of the special categories of data to process such data about them and for the data importer to process that data in the EU and/or in third countries. Data subject’s explicit written consent which the data exporter obtain must be supplied to the data importer on the data importer’s request. If a data subject does not give explicit written consent to the processing of their special categories of personal data, then their special categories of personal data must not be supplied to the data importer.
Any special categories of data transferred by the data exporter to the data importer shall be processed only for the performance of the terms of sale for business clients for paid services entered into between the data exporter and Veed Limited.
The frequency of the transfer
Personal data is transferred on a continuous ongoing basis.
Nature of the processing
The data importer will process personal data for the purpose of providing the data exporter its services in accordance with and as described in the Master Agreement, and as instructed by the data exporter from time to time. For the avoidance of doubt, the data importer will process personal data for data analytics purposes amongst other purposes.
Purpose of the data transfer and further processing
Processing by the data importer as necessary to provide its services pursuant to the Master Agreement (as defined under the data processing agreement signed between the Parties).
The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period
The personal data will be retained for the term of the Master Agreement and the data processing agreement signed between the Parties, plus the period from expiry of the term of the Master Agreement and the data processing agreement until the anonymization, return, or deletion of data in accordance with the data processing agreement, and any further period in which the data exporter wishes to or continues to receive the Provider’s free services after the termination or expiry of the Master Agreement.
For transfers to (sub-) processors, also specify subject matter, nature and duration of the processing
The data importer may engage sub-processors, to process data transferred by the data exporter to the data importer, as necessary to provide its services pursuant to the Master Agreement (as defined under the data processing agreement signed between the Parties) for the period of the Master Agreement and any further period in which the data exporter wishes to or continues to receive the Provider’s free services after the termination or expiry of the Master Agreement.
ANNEX G: Competent Supervisory Authority
The competent supervisory authority in accordance with Clause 13 shall be the UK Information Commissioner’s Office.
Marketing
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising.
Promotional offers from us
We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which services and offers may be relevant for you (we call this marketing).
You will receive marketing communications from us if you have requested information from us or purchased from us and you have not opted out of receiving that marketing.
Third-party marketing
We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.
Opting out
You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you (where such links are available) or by contacting us at any time.
Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a service purchase, service experience or other transactions.
Cookies
You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of the Applications may become inaccessible or not function properly. For more information about the cookies we use, please see https://veed.webflow.io/cookie-policy.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Automated decision-making
Automated decisions are made by technological means, mostly based on algorithms subject to predefined criteria. Such automated decision-making, taken solely by technological means without any human intervention, may have legal effects or similarly significant effects on you.
By using the Applications and/or our services, you are giving us your explicit consent to make automated decisions. If you do not consent to our making automated decisions, you must not use our Applications or services.
The Applications may use your personal data decisions entirely or partially based on automated processes according to the purposes outlined in this privacy policy. The Applications adopt automated decision-making processes as far as necessary to enter into or perform a contract between you and us, or on the basis of your consent where consent is required by the law.
The rationale behind the automated decision-making is:
Your rights as a result of automated decision-making
Where you are subject to automated decision-making processes, you are entitled to exercise specific rights aimed at preventing or otherwise limiting the potential effects of the automated decisions taken.
In particular, you would have the right to:
Please contact us if you want to find out more about the purposes, the third-party services we use which makes automated decisions (if any), and any specific rationale for automated decisions used within the Applications.
Push notifications and email notifications
The Applications may send you push notifications and we may send you email notifications to achieve the purposes outlined in this privacy policy.
You may, in most cases, opt-out of receiving push notifications by visiting your device settings (such as the notification settings for mobile phones and then change those settings for the Applications).
Note that disabling push notifications may negatively affect your use of the Applications.
You may also, in most cases (except where we send you email notifications for the purposes set out in the table in section 4 above), opt-out of the email notifications we send by contacting us, clicking the “Unsubscribe” button at the end of our emails or by managing your communication preferences on the Applications.
We may share your personal data with the parties set out below for the purposes set out in the table under the “purposes for which we will use your personal data” section above.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Many of our external third parties are based outside the UK and/or the European Economic Area (“EEA”) so their processing of your personal data will involve a transfer of data outside the UK and/or the EEA.
Whenever we transfer your personal data out of the UK and/or the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK or the EEA.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
How long will you use my personal data for?
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
You can request details of our retention periods for different aspects of your personal data by contacting us.
In some circumstances you can ask us to delete your data; see “your legal rights” section below for further information.
Where we use universally unique identifiers (“UUID”) for analytics purposes or for storing your preferences, a UUID is generated upon your installation of our programme(s). The UUID persists between our programme’s launches and updates, but it is lost when you delete our programme. A new UUID will be generated when you reinstall our programme.
In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
Under certain circumstances, you have rights under data protection laws in relation to your personal data.
Broadly, you have the right to:
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.
INFORMATION ABOUT US AND HOW TO CONTACT US
IMPORTANT INFORMATION ABOUT THESE TERMS
On our website (Veed.io), related subdomains, and software applications (together the “Applications”), we have set out information and details relating to:
The Services available to you as a registered user on the Applications will vary depending on your choice of plan among the different options of plans available to you.
We hope to accommodate as many user requests as possible but we are typically unable to accept change requests to individual subscriptions. We appreciate this may cause you to become dissatisfied with our Services. If this situation does unfortunately arise then you may want to cancel your subscription (see clause 7 below).
Suspension of the supply of Services: We may suspend the supply of the Services temporarily:
We aim to contact you as soon as practicable to tell you why we are suspending the supply of the Services and explain when and/or how such suspension will cease.
Subject to clauses 4, 8 and 10, we may write to you to let you know that we are going to stop providing the Services and/or terminate the Contract. We will let you know at least 24 (twenty-four) hours in advance of our stopping the supply of the Services and/or terminating the Contract and will refund, pro-rata (where applicable), any sums you have paid in advance for the Services in respect of the period after we end the contract.
What happens if you use the Services in a way that is prohibited: Notwithstanding any other clauses in these Terms, failure by you to comply with our [Terms of Use], constitutes a material breach of these Terms and may result in the immediate, temporary, or permanent suspension of the Services or termination of Contract. In the event of such suspension or termination, no refund will be available to you and we will not be liable to you for any fees paid by you in respect of Services paid for but not received.
you must stop all activities authorised by these Terms, including your use of the free (if available) and/or paid Services accessed via the Applications unless we tell you otherwise;
we may disable your registration account with us and we shall have no liability to you in relation to any content stored or accessed by you via your account (as applicable);
This section of the Terms is important. Please take your time and read it carefully before you agree to these Terms.
SCHEDULE 1
MODEL CANCELLATION FORM
You will have to complete and return this form to us by email (to hello@veed.io) if you wish to cancel your subscription.
To: Veed Limited
Email: hello@veed.io
I hereby give notice that I cancel my contract of sale of the following services:
[INSERT THE SUBSCRIPTIONS THAT YOU WOULD NOW LIKE TO CANCEL]
The subscriptions above were subscribed on [INSERT DATE] by:
[INSERT YOUR NAME]
[INSERT YOUR ADDRESS]
[SIGN OFF WITH YOUR NAME]
[INSERT DATE OF YOUR SENDING THIS FORM TO US]
TERMS LAST UPDATED ON: 02/11/2021
This document informs Users about the technologies that help this Application to achieve the purposes described below. Such technologies allow the Owner to access and store information (for example by using a Cookie) or use resources (for example by running a script) on a User’s device as they interact with this Application.
For simplicity, all such technologies are defined as "Trackers" within this document – unless there is a reason to differentiate.
For example, while Cookies can be used on both web and mobile browsers, it would be inaccurate to talk about Cookies in the context of mobile apps as they are a browser-based Tracker. For this reason, within this document, the term Cookies is only used where it is specifically meant to indicate that particular type of Tracker.
Some of the purposes for which Trackers are used may also require the User's consent. Whenever consent is given, it can be freely withdrawn at any time following the instructions provided in this document.
This Application uses Trackers managed directly by the Owner (so-called “first-party” Trackers) and Trackers that enable services provided by a third-party (so-called “third-party” Trackers). Unless otherwise specified within this document, third-party providers may access the Trackers managed by them.
The validity and expiration periods of Cookies and other similar Trackers may vary depending on the lifetime set by the Owner or the relevant provider. Some of them expire upon termination of the User’s browsing session.
In addition to what’s specified in the descriptions within each of the categories below, Users may find more precise and updated information regarding lifetime specification as well as any other relevant information – such as the presence of other Trackers - in the linked privacy policies of the respective third-party providers or by contacting the Owner.
This Application uses so-called “technical” Cookies and other similar Trackers to carry out activities that are strictly necessary for the operation or delivery of the Service.
This Application uses Trackers to enable basic interactions and functionalities, allowing Users to access selected features of the Service and facilitating the User's communication with the Owner.
This type of service allows Users to interact with third-party live chat platforms directly from the pages of this Application, for contacting and being contacted by this Application support service.
If one of these services is installed, it may collect browsing and Usage Data in the pages where it is installed, even if the Users do not actively use the service. Moreover, live chat conversations may be logged.
The Drift Widget is a service for interacting with the Drift live chat platform provided by Drift.com, Inc.
Personal Data processed: Cookies, Data communicated while using the service, Usage Data and various types of Data as specified in the privacy policy of the service.
Place of processing: United States – Privacy Policy.
This Application uses Trackers to provide a personalized user experience by improving the quality of preference management options, and by enabling interaction with external networks and platforms.
This type of service allows interaction with social networks or other external platforms directly from the pages of this Application.
The interaction and information obtained through this Application are always subject to the User’s privacy settings for each social network.
This type of service might still collect traffic data for the pages where the service is installed, even when Users do not use it.
It is recommended to log out from the respective services in order to make sure that the processed data on this Application isn’t being connected back to the User’s profile.
The Twitter Tweet button and social widgets are services allowing interaction with the Twitter social network provided by Twitter, Inc.
Personal Data processed: Cookies and Usage Data.
Place of processing: United States – Privacy Policy.
This Application uses Trackers to measure traffic and analyze User behavior with the goal of improving the Service.
The services contained in this section enable the Owner to monitor and analyze web traffic and can be used to keep track of User behavior.
Google Analytics is a web analysis service provided by Google LLC or by Google Ireland Limited, depending on the location this Application is accessed from, (“Google”). Google utilizes the Data collected to track and examine the use of this Application, to prepare reports on its activities and share them with other Google services.
Google may use the Data collected to contextualize and personalize the ads of its own advertising network.
Personal Data processed: Cookies and Usage Data.
Place of processing: United States – Privacy Policy – Opt Out; Ireland – Privacy Policy – Opt Out.
Google Analytics Demographics and Interests reports is a Google Advertising Reporting feature that makes available demographic and interests Data inside Google Analytics for this Application (demographics means age and gender Data).
Users can opt out of Google's use of cookies by visiting Google's Ads Settings.
Personal Data processed: Cookies and unique device identifiers for advertising (Google Advertiser ID or IDFA, for example).
Place of processing: United States – Privacy Policy – Opt Out; Ireland – Privacy Policy – Opt Out.
MixPanel is an analytics service provided by Mixpanel Inc.
Personal Data processed: Cookies and Usage Data.
Place of processing: United States – Privacy Policy – Opt Out.
The services contained in this section allow the Owner to collect and manage analytics through the use of first-party Trackers.
This Application uses an internal analytics system that does not involve third parties.
Personal Data processed: Cookies and Usage Data.
The services contained in this section allow the Owner, through the use of third-party Trackers, to collect and manage analytics in an anonymized form.
Google Analytics is a web analysis service provided by Google LLC or by Google Ireland Limited, depending on the location this Application is accessed from, (“Google”). Google utilizes the Data collected to track and examine the use of this Application, to prepare reports on its activities and share them with other Google services.
Google may use the Data collected to contextualize and personalize the ads of its own advertising network.
This integration of Google Analytics anonymizes your IP address. It works by shortening Users' IP addresses within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the complete IP address be sent to a Google server and shortened within the US.
Personal Data processed: Cookies and Usage Data.
Place of processing: United States – Privacy Policy – Opt Out; Ireland – Privacy Policy – Opt Out.
There are various ways to manage Tracker related preferences and to provide and withdraw consent, where relevant:
Users can manage preferences related to Trackers from directly within their own device settings, for example, by preventing the use or storage of Trackers.
Additionally, whenever the use of Trackers is based on consent, Users can provide or withdraw such consent by setting their preferences within the cookie notice or by updating such preferences accordingly via the relevant consent-preferences widget, if available.
It is also possible, via relevant browser or device features, to delete previously stored Trackers, including those used to remember the User’s initial consent.
Other Trackers in the browser’s local memory may be cleared by deleting the browsing history.
With regard to any third-party Trackers, Users can manage their preferences and withdraw their consent via the related opt-out link (where provided), by using the means indicated in the third party's privacy policy, or by contacting the third party.
Users can, for example, find information about how to manage Cookies in the most commonly used browsers at the following addresses:
Users may also manage certain categories of Trackers used on mobile apps by opting out through relevant device settings such as the device advertising settings for mobile devices, or tracking settings in general (Users may open the device settings and look for the relevant setting).
Timur Mamedov
VEED LIMITED, 136 High Holborn, Holborn, London WC1V 6PX
Owner contact email: t@veed.io
Since the use of third-party Trackers through this Application cannot be fully controlled by the Owner, any specific references to third-party Trackers are to be considered indicative. In order to obtain complete information, Users are kindly requested to consult the privacy policies of the respective third-party services listed in this document.
Given the objective complexity surrounding tracking technologies, Users are encouraged to contact the Owner should they wish to receive any further information on the use of such technologies by this Application.
Any information that directly, indirectly, or in connection with other information — including a personal identification number — allows for the identification or identifiability of a natural person.
Information collected automatically through this Application (or third-party services employed in this Application), which can include: the IP addresses or domain names of the computers utilized by the Users who use this Application, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server's answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the User, the various time details per visit (e.g., the time spent on each page within the Application) and the details about the path followed within the Application with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User's IT environment.
The individual using this Application who, unless otherwise specified, coincides with the Data Subject.
The natural person to whom the Personal Data refers.
The natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller, as described in this privacy policy.
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data, including the security measures concerning the operation and use of this Application. The Data Controller, unless otherwise specified, is the Owner of this Application.
The means by which the Personal Data of the User is collected and processed.
The service provided by this Application as described in the relative terms (if available) and on this site/application.
Unless otherwise specified, all references made within this document to the European Union include all current member states to the European Union and the European Economic Area.
Cookies are Trackers consisting of small sets of data stored in the User's browser.
Tracker indicates any technology - e.g Cookies, unique identifiers, web beacons, embedded scripts, e-tags and fingerprinting - that enables the tracking of Users, for example by accessing or storing information on the User’s device.
This privacy statement has been prepared based on provisions of multiple legislations, including Art. 13/14 of Regulation (EU) 2016/679 (General Data Protection Regulation).
This privacy policy relates solely to this Application, if not stated otherwise within this document.
VEED uses subcontractors to provide infrastructure and services to support our apps. As such certain information is processed by the subcontractors. In order to meet our data security and privacy policy standards we require all subcontractors to meet the same or similar standards where possible. By using our apps you agree to the use of subcontractors and their sub-processing of data. The subcontractors/sub-processors which the data importer uses from time to time are listed below. This list will be updated from time to time as the needs of the business change but we will always endeavour to maintain the same or higher security and privacy standards.
We also engage professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services. And we are regulated by various authorities and public entities that require reporting of processing activities in certain circumstances.
HM Revenue & Customs, regulators and other authorities who require reporting of processing activities in certain circumstances.
TERMS LAST UPDATED ON: 25th JANUARY, 2022
PLEASE READ THESE TERMS AND CONDITIONS CAREFULLY BEFORE USING OUR APPLICATIONS (INCLUDING OUR WEBSITE).
BRIEF SUMMARY OF THESE TERMS
This quick summary is supplied for your convenience. It is not intended to replace the main terms below. So please refer to the main terms for full details.
You should ensure that you comply with the Terms of Use when you use and upload content to our Applications.
You retain any ownership rights that you may have in the content you upload to our Applications. We own or have license to use all intellectual property rights in all original work relating to our Applications. You therefore must not use any content on our Applications (other than any content that you have uploaded, created or edited on our Applications) for commercial purposes without obtaining a licence to do so from us or our licensors.
We have the right to disclose your identity to any third party who is claiming that any content posted/uploaded by you to our Applications constitutes a violation of their intellectual property rights or right to privacy.
We have the right to remove any posting, content or upload you make on our Applications for any reason.
We are not liable for any loss or damage that you may suffer (save for any liability that we may not exclude or limit under the laws of England and Wales).
Finally, you may contact us at hello@veed.io if needed.
CONTENTS
1. TERMS OF USE
2. OTHER APPLICABLE TERMS
3. WHO WE ARE & HOW TO CONTACT US
4. CHANGES TO THESE TERMS
5. CHANGES TO OUR APPLICATIONS
6. ACCESSING OUR APPLICATIONS
7. YOUR ACCOUNT
8. INTELLECTUAL PROPERTY RIGHTS
9. NO RELIANCE ON INFORMATION
10. LIMITATION OF LIABILITY
11. UPLOADING CONTENT TO OUR APPLICATIONS
12. USER-GENERATED CONTENT ON OUR APPLICATIONS
13. MALICIOUS USE OR DIGITAL ATTACKS
14. LINKING TO OUR APPLICATIONS
15. OUR RIGHTS & OBLIGATIONS
16. APPLICABLE LAW
These terms of use (together with the documents referred to in it) tell you the rules for using our websites (including subdomains eg: https://veed.io and https://veed.com), applications for mobile, tablet, desktop, browsers and other smart device systems through which we make our video tools and services available (“our Applications”), whether as a guest or a registered user. Use of our Applications includes (but is not limited to) accessing, browsing, or registering to use our Applications.
Please read these terms carefully before you start using our Applications. By using our Applications, you confirm that you accept these terms and that you agree to comply with them. If you do not agree to these terms, you must not use our Applications.
These terms refer to the following additional terms, which also apply to your use of our Applications:
Veed Limited ("we", "us" or "our" in these terms) is a limited company registered in England and Wales under company number 11264311 and have a registered office at Unit 12, 2-20 Scrutton Street, London, EC2A 4QE. Our VAT number is GB354412222.
We are the registered owner of the Veed.io domain and several other software applications related to the production, editing and distribution of video.
If you have questions for us, you may be able to find an answer on our website (Veed.io), via our chat features in our Applications, or via one of our many how-to videos. We can also be contacted at hello@veed.io. When sending us an email, we would appreciate your providing us with:
We aim to respond to you within 28 days of receiving your email.
We may amend these terms from time to time by amending this page. We will endeavour to notify you or any changes in advance via email (assuming you have provided us with your email address).
Every time you wish to use our Applications, please check these terms to ensure you understand the terms that apply at that time.
The date on which these terms were most recently updated is stated at the beginning of this document.
We may update our Applications from time to time, and may change their content at any time, including (but not limited) to reflect changes to our products/services, our users’ needs and our business priorities.
However, please note that we are under no obligation to update any content on our Applications which may be out of date at any given time.
We do not guarantee that our Applications, or any content on them, will always be available or be uninterrupted. We may suspend, withdraw, discontinue, or restrict the availability of all or any part of our Applications without notice but we will try to give you reasonable notice of any suspension or withdrawal.
You are responsible for making all arrangements necessary for you to have access to our Applications and to backup any content that you have uploaded onto our Applications.
You are also responsible for ensuring that all persons who access our Applications through your internet connection are aware of these terms and other applicable terms and conditions, and that they comply with them.
To use our services, we may require you to create a user account. You shall provide us with the information we require in a complete and truthful manner.
If you choose, or you are provided with, a user identification code or similar as part of our registration and security procedures, you must treat such information as confidential. You are responsible for keeping your log-in details (including any log in and security tokens, URLs, password reset URLs, or any other piece of information) confidential and safe. You must not disclose this information to any third party.
By registering an account, you acknowledge and accept that an account registered by a bot or any other automated method is not permitted, that you are only allowed to register one account and that your account cannot be shared with any other person.
We have the right to suspend and/or terminate your access to your account and/or disable any user identification code, whether chosen by you or allocated by us, at any time, if:
You shall not be entitled to claim damages, reimbursement or similar for our suspension or termination of your account.
If you know, or suspect that anyone other than you knows, your user identification code, you must promptly change your login credentials and notify us at hello@veed.io.
You can delete your account or stop using the services at any time. You can do this by contacting us directly. If the services you are using have been paid for where you are using our services as an individual consumer, you may also want to cancel your subscription with us. Any cancellation is governed by the terms and conditions you agreed to when you purchased your subscription from us or as amended from time to time.
If you connect VEED account to your YouTube account you are bound by YouTube Terms of Service. For more information about the terms of service of YouTube please visit YouTube Terms of Service page.
We are the owner or the licensee of all intellectual property rights in original work on our Applications, and in the material published on it. These works are protected by copyright laws and treaties around the world. All such rights are reserved.
You shall not access, use or disclose our original source code, technique, algorithms and procedures of or contained in or relating to our Applications.
You may download extracts from our Applications for your personal use and you may draw the attention of others to content posted on our Applications. However, you must not modify the copies of any materials you have in any way, and you must not use any illustrations, photographs, video or audio sequences or any graphics separately from any accompanying text.
Our status (and that of any identified contributors) as the authors of content on our Applications must always be acknowledged.
You must not use any part of the content on our Applications (other than any content that you have uploaded, created or edited on our Applications) for commercial purposes without obtaining a licence to do so from us or our licensors.
Subject to your compliance with these terms, we grant you a revocable, non-exclusive, non-sublicensable and non-transferable license to use our Applications within the scope and purposes of our Applications.
If you breach these terms, your right to use our Applications will cease immediately and you must, at our option, return or destroy any copies of the materials you have made.
The content which we own on our Applications (our “Content”) is provided for general information only. It is not intended to amount to advice on which you should rely. You must obtain professional or specialist advice before taking, or refraining from, any action on the basis of our Content.
Although we make reasonable efforts to update our Content, we make no representations, warranties or guarantees, whether express or implied, that our Content is accurate, complete or up-to-date.
Where our Applications contain links to other sites and resources provided by third parties, these links are provided for your information only. Such links should not be interpreted as approval by us of those linked websites or information you may obtain from them. We have no control over the contents of those sites or resources.
Similarly, where our Applications contain content uploaded by our users, such content is provided for your information only. Such content should not be interpreted as approval by us of any information you may obtain from them. We assume no liability over the content uploaded by our users.
Nothing in these terms excludes or limits our liability for death or personal injury arising from our negligence, or our fraud or fraudulent misrepresentation, or any other liability that cannot be excluded or limited by the laws of England and Wales.
To the extent permitted by law, we exclude all conditions, warranties, representations, or other terms which may apply to our Applications or any content on it, whether express or implied.
We shall not be liable to any user for any loss or damage, whether in contract, tort (including negligence), breach of statutory duty, or otherwise, even if foreseeable, arising under or in connection with:
Please note that we shall not be liable for indirect loss or damage including:
We shall not be liable for any loss or damage caused by a virus, distributed denial-of-service attack, or other technologically harmful material that may infect your computer equipment, computer programs, data, or other proprietary material due to your use of our Applications or to your downloading of any content on them, or on any website linked to them.
We assume no responsibility for the content of websites linked on our Applications. Such links should not be interpreted as endorsement by us of those linked websites. We shall not be liable for any loss or damage that may arise from your use of them.
Whenever you make use of a feature that allows you to upload content to our Applications, or to make contact with other users of our Applications, you must comply with these terms.
Any content you upload to our Applications and make publicly available shall be considered non-confidential.
You retain any ownership rights that you may have in the content you upload to our Applications and in any content that you generate as a result of using our tools.
When you upload or post content to our Applications we need to be able to use and share that content to enable certain features in the application. As such, you grant us the following rights to use that content:
When you upload or post content to our Applications, you confirm that you:
You warrant that any such contribution by you (by uploading your content to our Applications) complies with these terms, and you will be liable to us and indemnify us for any breach of this warranty. This means you will be responsible for any loss or damage we suffer as a result of your breach of warranty.
We also have the right to disclose your identity to any third party who is claiming that any content posted or uploaded by you to our Applications constitutes a violation of their intellectual property rights, or of their right to privacy.
We have the right to remove any posting you make on our Applications for any reason, including if your post does not comply with these terms.
While we intend to prevent the loss of any content you upload to or create with our apps, ultimately you are solely responsible for securing and backing up your content.
When you upload or post content to our Applications, you have the options to make your content either publicly available or private and you agree that we shall have access to your content whichever option you take. Our access and use of your content (along with that of any sub-processors) is subject to our Privacy Policy.
If you choose to make your content publicly available within our Applications, your personal data and identifier (including user ID, uploaded content, profile image, avatar or nickname) may be made available to the general public.
Our Applications may include information and materials uploaded by other users of our Applications. These information and materials (if any) have not been verified or approved by us. The views expressed by users on our Applications do not represent our views or values.
If you wish to complain about content uploaded by any user, please contact us at hello@veed.io with the following information:
How to file a takedown notice (called a “DMCA notice”)
If copyright holders or their agents believe that any content on this Application infringes upon their copyrights, they may submit a notification pursuant to the Digital Millennium Copyright Act ("DMCA") by providing the Owner’s Copyright Agent with the following information in writing (see 17 U.S.C 512(c)(3) for further detail):
Failure to comply with all of the requirements outlined above may result in invalidity of the DMCA notice.
Copyright infringement notifications may be submitted to the Owner’s Copyright Agent at the following address: hello@veed.io.
You must not misuse our Applications by knowingly introducing viruses, trojans, worms, logic bombs or other material that is malicious or technologically harmful. You must not attempt to gain unauthorised access to our Applications, the server on which our Applications is stored or any server, computer or database connected to our Applications. You must not attack our Applications via a denial-of-service attack or a distributed denial-of service attack. By breaching this provision, you would commit a criminal offence under the Computer Misuse Act 1990. We will report any such breach to the relevant law enforcement authorities and we will cooperate with those authorities by disclosing your identity to them. In the event of such a breach, your right to use our Applications will cease immediately.
We do not guarantee that our Applications will be secure or free from bugs or viruses. You are responsible for configuring your information technology, computer programmes and platform to access our Applications. You should use your own virus protection software and take security precautions where possible.
You may link to our website home page, provided you do so in a way that is fair and legal and does not damage our reputation or take advantage of it.
You must not establish a link in such a way as to suggest any form of association, approval, or endorsement on our part where none exists.
We reserve the right to withdraw linking permission without notice.
We may transfer our rights and obligations under these terms to another organisation. We aim to inform you in writing if this happens.
These terms, its subject matter, and its formation, are governed by the laws of England and Wales and the Courts of England and Wales shall have exclusive jurisdiction.
Veed Limited (“Veed”) respects your privacy and is committed to protecting your personal data. This privacy policy will inform you as to how we look after your personal data when you visit our website(s) (including subdomains of our website(s) and websites through which we make our services available) and/or our applications for mobile, tablet, desktop, browser and other smart device systems (“Applications”) (regardless of where you visit it from) and use our services, and tell you about your privacy rights and how the law protects you.
By using the Applications or our services, you agree to be bound by this privacy policy and that we proceed to the processing of personal data on the terms outlined below.
The Privacy Policy last updated on: 02/11/2021
Please use the Glossary to understand the meaning of some of the terms used in this privacy policy.
Purpose of this privacy policy
This privacy policy aims to give you information on how Veed collects and processes your personal data through your use of the Applications and our services, including any data you may provide through the Applications (for example, when you chat with us on our “support chat” function available through our website (www.veed.io)), create an account with us, purchase a service or upload and edit audio or video files.
The Applications are not intended for children and we do not knowingly collect data relating to children.
It is important that you read this privacy policy together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy policy supplements other notices and privacy policies and is not intended to override them.
Controller
Veed Limited (collectively referred to as “Veed”, "we", "us" or "our" in this privacy policy) is the controller and responsible for your personal data, except where we process your personal data because you use our services as a result of your relationship with a customer who we supply our services to (for example, if you use our services as a result of your being our customer’s employee or client).
We have appointed a data privacy manager who is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact the data privacy manager using the details set out below.
Where we process your personal data because you use our services as a result of your relationship with a customer who we supply our services to, we are not the data controller as we would be processing personal data on behalf of our customer as a data processor.
Where we are processing your personal data on behalf of our customer, the privacy policy that you should be referring to would be our customer’s privacy policy. Our customer’s privacy policy should inform you as to how your personal data will be processed.
Contact details
If you have any questions about this privacy policy or our privacy practices, please contact our data privacy manager in the following ways:
Full name of legal entity: Veed Limited
Email address: hello@veed.io
Postal address: 320d High Road, Benfleet, Essex, England, SS7 5HB
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Changes to the privacy policy and your duty to inform us of changes
We keep our privacy policy under regular review. Historic versions (if any) can be obtained by contacting us.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Third-party links
The Applications may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave the Applications, we encourage you to read the privacy policy of every website you visit.
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.
We do not ask you for any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we ask you for any information about criminal convictions and offences.
You may choose to provide us with Special Categories of Personal Data through your uploading of video or audio files or other data on to the Applications. Where you provide us with such Special Categories of Personal Data, you are giving us your explicit consent to process such data about you to the extent permitted by the UK and/or EU data protection regime (as applicable). Where you provide us with such Special Categories of Personal Data about persons other than yourself, you must obtain each of their explicit written consent for us to process their Special Categories of Personal Data to the extent permitted by the UK and/or EU data protection regime (as applicable) and in accordance with this privacy policy. Their explicit written consent which you obtain must be supplied to us on our request. If a person does not give explicit written consent to our processing their Special Categories of Personal Data, then their Special Categories of Personal Data must not be supplied to us. That is to say, you must not upload video or audio files containing Special Categories of Personal Data of anyone who you have not obtained explicit written consent from.
Special Categories of Personal Data are subject to special protections under the UK and/or the EU data protection regime (as applicable).
If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with services). In this case, we may have to cancel a service you have with us but we will notify you if this is the case at the time.
We use different methods to collect data from and about you including through:
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
The types of lawful bases that we will rely on to process your personal data is set out in the Glossary.
Generally, we do not rely on consent as a legal basis for processing your personal data, save for the processing of Special Categories of Personal Data (where applicable) and our making automated decisions (where applicable), although we will get your consent before sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.
Purposes for which we will use your personal data
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.