Terms and Conditions

The Good Goal Service Contract

​

1. Scope

The following general terms and conditions (hereinafter "contract" or "conditions") of THE GOOD GOAL S.L. (hereinafter "THE GOOD GOAL" or "The Holder"), apply to your order in the version in force at the time of placing the order.

​

The terms and conditions apply exclusively to contracts made through the Internet portal and shall comply with the provisions of current legislation and, in particular, in Law 7/1998 of April 13, 1998, on general conditions of contracting, Law 34/2002 of July 11, 2002, on services of the information society and electronic commerce and other complementary laws.

​

In the event that a contract/agreement has been concluded between THE GOOD GOAL for the same services as the order placed, the contents of such contract/agreement shall prevail over the provisions of these general conditions of contracting.

​

2. Holder identification

The entity with which you are contracting is THE GOOD GOAL, S.L. with registered office at Calle Zabaleta 27 Piso 1 Puerta A, Madrid, Madrid, 28002, SPAIN, and CIF B16713521. THE GOOD GOAL offers its service THE GOOD GOAL SAAS (platform for cultural transformation in terms of sustainability) (hereinafter, the "Service") through its website https://thegoodgoalapp.com/ (hereinafter, the "Website"), as well as through its apps for iOS and Android of which it is the owner (hereinafter, the "Apps") for employing organizations (hereinafter, "CLIENT").

 

The address for the purpose of claims shall correspond to the address indicated as the registered office of the company.

These general conditions of contracting (hereinafter, the "Conditions") regulate the contracting of services that are offered by THE GOOD GOAL, all through its Website, as well as the rights and obligations of the parties, arising from the operations of provision of services agreed between them.

​

THE GOOD GOAL has developed and is the legitimate owner of its software THE GOOD GOAL SAAS, which is offered as a service accessible from the Internet or "Software as a Service (SaaS) for employing entities (hereinafter "CLIENT").

​

That, by accepting these terms and conditions, THE GOOD GOAL grants you a license to access and use THE GOOD GOAL and to the provision of other complementary services, in accordance with the terms and conditions.

​

3. Definitions

In addition to any other term defined in these Terms and Conditions, the following terms shall have the following meaning:

"Databases": integrated set of data owned by the CLIENT included within the SAAS for the duration of the Contract. In case of processing of personal data included as part of the Database, the Data Processor Agreement included herein shall apply to them.

​

"Authorized User(s)": users who maintain a contractual relationship with the CLIENT and use the SAAS. "Documentation": documentation regarding the Services prepared by THE GOOD GOAL and provided to the Client, which may include instruction manuals, technical documentation, etc. in electronic format.

​

"Active Users": are the number of users who are using the platform are NOT blocked and consequently can login to the platform. Each contracted service plan includes a certain number of active users. If it is necessary to increase the number of active users, the client must update the plan.

​

4. Object of the conditionsv

The present general conditions regulate the license of use that THE GOOD GOAL grants to the CLIENT in relation to the SAAS, which is non-sublicensable, non-exclusive, worldwide and with a duration limited to the validity of the conditions, which will be in any case conditioned to the full payment of the price.

​

These terms and conditions also govern the provision of ancillary services consisting of technical support on the terms indicated (hereinafter, the use of THE GOOD GOAL SAAS and the set of ancillary services shall be collectively referred to as the "Services").

 

THE GOOD GOAL reserves the right to modify any term of these conditions, which will be notified to the Customer via email for acceptance. Without prejudice to the updating of the conditions on THE GOOD GOAL website.

 

ECONOMIC CONDITIONS, PLANS AND CONTRACT RENEWAL

Subscription Fee. The price of the Services is fixed in the payment of a monthly subscription fee (the "Fee"), such fee is published on the website. THE GOOD GOAL may update the fees at the time it deems appropriate, not being able to apply to periods already contracted by the CUSTOMER, but to renewals. The CUSTOMER may request cancellation of the service in case of not agreeing with the new fees without penalty.

​

CONDITIONS OF SERVICE THE GOOD GOAL SAAS 

In the event that the CUSTOMER wishes, during the term of the contract, any modification on the contracted plan shall be subject to the terms and conditions that at the time of making the modification are published by THE GOOD GOAL on the web.

​

Updating the Monthly Fee. THE GOOD GOAL may change the fee and / or the conditions of monthly plans freely, notifying the changes to be made with a notice of 60 calendar days to its effective application, giving the customer the right to cancel the service, if not accept the new conditions, provided it is communicated with a minimum notice of 30 days from such notification.

​

In case of not communicating the above cancellation, THE GOOD GOAL will proceed to apply the new conditions, including new rates, 60 days from the notification, if the last day of this period does not coincide with the first calendar day of the month, for the purpose of computing whole months, this period will be extended until the first calendar day of the following month.

​

RENEWAL OF THE CONTRACT. On the expiration date of the monthly plan, that is, after one calendar month from the selection of the plan, the contract will be automatically renewed by monthly payments, being applicable the terms and conditions that at the time of renewal are in force on the website of THE GOOD GOAL, unless the CLIENT expressly communicates its intention not to renew the CONTRACTED PLAN at least thirty (30) days prior to the end date of the initial period or any of its extensions.

​

You may exercise your right of non-renewal by contacting the e-mail address hello@thegoodgoalapp.com indicating your desire to unsubscribe. You must receive confirmation from THE GOOD GOAL to confirm that the cancellation has been processed correctly.

​

Modality changes to a lower version, may cause the loss of content, features and functionality of the CUSTOMER's account. THE GOOD GOAL accepts no responsibility for such loss.

​

Cancellation of the service. The CUSTOMER may within the term of the agreed conditions terminate the contract, but this cancellation of the same shall not entitle any refund of the amounts already paid to THE GOOD GOAL. The CUSTOMER may exercise his right of non-renewal by contacting the email address hello@thegoodgoalapp.com indicating his desire to unsubscribe. The termination of the contract must be notified at least thirty (30) days prior to the end date of the initial period or any of its extensions.

​

5. Terms of use of the service

Rights of Use. THE GOOD GOAL grants to the Customer and Authorized Users the personal, non-exclusive, non-transferable and non-sublicensable right to use the SAAS and the other Services, worldwide, for the duration of these terms and conditions and their renewals exclusively for the purposes of their professional activity, in consideration of the price.

​

Restrictions on Use. Customer shall not: (a) reverse engineer, decompile, disassemble or otherwise attempt to derive or derive the source code, underlying ideas, algorithms, file formats or non-public APIs of the Services, or translate, modify or create derivative works of the SAAS, the Services or any part thereof, except to the extent permitted by applicable law; (b) copy/reproduce, lend, sell, rent, sublicense, broadcast, distribute, edit, transfer to third parties or provide access to the SAAS, as well as adapt the Services or any part thereof in any way; (c) use the Services for the benefit of any third party; (d) use the Service for any commercial purpose or in a product or service that Customer provides to any third party; (e) circumvent, modify, remove, delete, erase, alter or otherwise tamper with any security, encryption or other technology or program that is part of the Services; (f) access or use the SAAS or the Services for the purpose of competitive analysis or to create a similar or competitive product or service; (g) use the SAAS for any purpose that is unlawful or unauthorized by THE GOOD GOAL, including unsolicited advertising and spamming; (h) create, collect, transmit, store, use or process any data through the SAAS that violates any applicable law, or infringes any intellectual property rights or other intellectual property or other rights of THE GOOD GOAL; or use the SAAS for any purpose that is unlawful or unauthorized by THE GOOD GOAL; (i) introduce or disseminate content or software (viruses and malware) that may cause damage to the computer systems of THE GOOD GOAL, its technology service providers or third party users; or (j) encourage, enable or assist any third party to do any of the foregoing.

 

Updates and New Releases. Updates, successive versions of the SAAS provided to Customer during the term of the Terms shall be subject to the same terms.

​

6. Technical support services and availability

Technical Support Services. THE GOOD GOAL will provide Customer with email support during THE GOOD GOAL's business hours to assist Customer in resolving questions, troubleshooting and correcting problems in connection with the SAAS by emailing support@thegoodgoalapp.com. During the provision of the service the Customer authorizes THE GOOD GOAL, through its staff, and upon request of the Customer, to access the accounts of the Authorized User to carry out the appropriate actions to resolve questions or incidents with the SAAS. Response times shall in no case exceed 48 calendar hours. Technical queries via telephone or videoconference may involve a cost to the CUSTOMER. THE GOOD GOAL will inform the CUSTOMER in advance when these consultations may involve a cost, being the CUSTOMER the one who must accept the conditions before receiving the service.

​

Availability. THE GOOD GOAL will use commercially reasonable efforts to make the SAAS 99% available and will use commercially reasonable efforts to give the CUSTOMER at least 48 hours notice of scheduled maintenance within normal business hours.

​

7. Account usage

Account Access. Customer and Authorized Users shall maintain the security of passwords to Authorized User accounts on the SAAS ("Account"). THE GOOD GOAL shall in no event be liable for any loss of information or damage arising from any failure to comply with this security obligation.

​

Account Access. Customer and Authorized Users shall maintain the security of passwords to Authorized User accounts on the SAAS ("Account"). THE GOOD GOAL shall in no event be liable for any loss of data or damage resulting from any failure to comply with this security obligation.

​

Account Management. Customer agrees to immediately block or deactivate an Authorized User's Account in the event that: (i) the working relationship between Customer and the Authorized User is suspended or terminated; or (ii) Customer believes that a User has misused his or her passwords to access the SAAS. If THE GOOD GOAL is aware that an Authorized User is in one of the aforementioned cases, THE GOOD GOAL may suspend access to the offending Account temporarily or indefinitely, THE GOOD GOAL must, in such case, notify the CUSTOMER of the violation detected and the action taken with respect to such Account.

​

8. Intellectual and industrial property

Intellectual Property in relation to the Services. THE GOOD GOAL shall retain its position as the owner of all intellectual and industrial property rights related to all components of the Services, including the SAAS, and any other developments, improvements, updates or works derived from this

 

Agreement. Intellectual property rights shall encompass all data, source and object code, scripts, designs, concepts, applications, text, images, any related documentation, copies, modifications and documents or documentation derived from the foregoing (in whole or in part) and all related copyrights, patents, trademarks, trade secrets and other proprietary rights are and shall remain the exclusive property of THE GOOD GOAL and/or its licensors.

​

Customer Intellectual Property. All right, title and interest in and to Customer's Database, trademarks, trade names, and logos, as well as those that may exist in Customer's own computer system, shall remain the property of Customer.

The Customer expressly authorizes THE GOOD GOAL to make use of its trademark and trade name in order to include it in the web portals that are owned by THE GOOD GOAL for purely advertising purposes.

​

9. Data protection

Data of the contracting parties. The Parties mutually inform each other that the personal data of the signatories, as well as of the persons working for the respective Parties, and the contact data indicated for notification purposes, will be processed by the other Party for the sole purpose of managing and executing the contractual relationship. The data will be kept for as long as the relationship remains in force and, once it has ended, will be kept only for the time necessary to comply with the fiscal, legal and administrative obligations to which the Parties are bound.

ç

The basis that legitimizes this treatment is the need to execute the present contract. The data will not be communicated or transferred to third parties with the exception of those that are essential for the execution of the contract (necessary service providers) and for the fulfillment of legal obligations (Public Administrations, Auditors, financial institutions, insurance companies when appropriate, among others).

​

Duty of Confidentiality. The Parties undertake not to use, disclose, copy, publish, use, exploit, disseminate or distribute the Confidential Information of the other Party, or allow the Confidential Information received to be exploited or distributed by third parties, without the prior written consent of the disclosing Party, except to the extent necessary to perform its obligations or exercise its rights under the contract. The Parties undertake to treat the Confidential Information with the same degree of care that they use to protect their own Confidential Information, and in no event with less than a reasonable degree of care. The obligation of confidentiality shall remain in force indefinitely and extends equally to the employees and representatives of the Parties, as well as to the external advisors that any of the Parties has hired in connection with this contract.

 

In the case of necessary service providers, they may be based outside the EU and an international transfer of data may take place. In such an event, the Parties undertake to ensure that their international suppliers have adequate safeguards in accordance with the applicable regulations.

​

The Parties may request the exercise of their rights of access, rectification, deletion, opposition, limitation and portability at the address designated in this contract or at the e-mail address hello@thegoodgoalapp.com, clearly indicating the right they wish to exercise. Likewise, the Parties are mutually informed that they have the right to file a complaint before the Spanish Data Protection Agency (www.aepd.es). Nevertheless, the Parties will use their best efforts and will try to resolve any issue related to personal data in an amicable manner.

​

Database included by the CLIENT. The processing of personal data contained in the Database to be carried out by THE GOOD GOAL as a result of the provision of the Services shall be governed by the Processing Agreement contained in these conditions.

​

10. Warranties

Warranty of Ownership. THE GOOD GOAL warrants to CUSTOMER that it is the owner or rightful holder of all intellectual property rights necessary to provide the Services and THE SAAS.

​

The CUSTOMER agrees that it is solely responsible for the results obtained from the use of the Services and their functionalities. No claims will be accepted for alleged specifications that, in the opinion of the CUSTOMER, the SAAS or the Services must comply with.

​

11. Responsibilities

Limitation of Liability. Customer agrees to indemnify and hold THE GOOD GOAL harmless from any direct, indirect, incidental or consequential third party claim, action or demand, as well as any expense, liability, damage, settlement or fee arising out of Customer's misuse of the SAAS or Services, or breach of any of the terms of this Agreement. THE GOOD GOAL also assumes no liability for any claims, losses or damages arising from Customer's or any User's use of any third party products, services, software or websites accessed through links from the SAAS or THE GOOD GOAL's website. THE GOOD GOAL is not responsible for claims related to industrial and/or intellectual property of materials and content uploaded by the CUSTOMER to the platform, being the CUSTOMER the only responsible.

​

Indirect Damages. THE GOOD GOAL shall not be liable (except as otherwise provided by law) to Customer for any damages, compensation or indemnity based on indirect damages (including, but limited to consequential damages, loss of use, loss or inaccuracy of data, lost profits, failure of security mechanisms, business interruption, costs of delay) or any special, incidental or consequential damages of any kind, even if advised of the possibility of such damages in advance. Maximum Liability: THE GOOD GOAL's maximum liability for any claim arising out of this contract, whether for breach of contract, breach of warranty, negligence or otherwise, and CUSTOMER's sole remedy, is limited to direct damages in an amount not to exceed the pro rata share of the sum of the amounts and Monthly Fees paid or payable by CUSTOMER to THE GOOD GOAL under this contract in the last twenty-four (24) months preceding the claim.Nothing in this Agreement shall limit or exclude the liability of a Party that cannot be excluded or limited in terms of applicable law.

​

Force Majeure. Neither party shall be liable to the other for failure to perform its obligations under the Terms to the extent that such failure or delay is the result of a cause or circumstance beyond the reasonable control of the affected Party which could not have been avoided or overcome by acting reasonably and prudently (such as, but not limited to, fires, floods, strikes, labor disputes or other industrial disturbances, war - declared or not - embargoes, blockades, legal restrictions, riots, insurrections, governmental regulations).

​

Regulatory compliance. The CUSTOMER shall be solely responsible for full compliance with all laws applicable to its business in its jurisdiction. The mere contracting of the Services does not in any way equate to or guarantee compliance with the regulations applicable to the management of working time. THE GOOD GOAL SAAS is a tool subject to the use of the CUSTOMER, who is responsible for compliance with its obligations.

​

12. Resolution

THE GOOD GOAL reserves the right to terminate the Agreement as of right, without notice or compensation, in the event that the Customer or an Authorized User compromises in any way the integrity of the SAAS, THE GOOD GOAL's intellectual and industrial property rights in the Services or the reputation of THE GOOD GOAL's brands or products or takes any of the actions provided for in the Clause.

​

Effects of termination. Upon expiration of the Agreement or termination for any reason: (i) CUSTOMER shall not be refunded any amounts paid to THE GOOD GOAL under this Agreement and THE GOOD GOAL shall invoice all fees due for the remaining time of the current year; (ii) upon CUSTOMER's request, THE GOOD GOAL agrees to provide CUSTOMER with a copy of the Database in a standard technical format. Said request must be made within one (1) from the termination of the contract; (iii) all the provisions of the contract shall cease to have effect, except for the provisions of this contract that, by their nature, must remain in force, even if the contract is terminated, including the provisions on confidentiality, intellectual property and data protection.

​

13. Miscellaneous

Headings. The headings of the clauses are set forth for illustrative purposes only and shall have no legal effect.

Notices. The Parties designate the designated e-mail addresses, in the case of THE GOOD GOAL the e-mail address provided is hello@thegoodgoalapp.com.

​

Assignment. The CLIENT may not assign or transfer this contract without the prior written consent of THE GOOD GOAL. However, the contract may be assigned or transferred by THE GOOD GOAL without the consent of the CUSTOMER, being sufficient prior written notice of the assignment to the CUSTOMER for such assignment to be effective. Once the assignment is formalized, any reference to the assigning Party contained in this contract shall be understood as a reference to the assignee entity or entities.

​

Waiver. No delay in exercising a right shall be deemed a waiver thereof, nor shall the waiver of a right or remedy in any particular case constitute a waiver of such right or remedy in general.

​

Partial Invalidity. If any provision of this Agreement is determined to be unenforceable or invalid, the remaining provisions of this Agreement shall not be affected and shall remain in full force and effect.

​

Severability. This Agreement is of a commercial nature and in no event shall there be any employment relationship between the Parties, which shall be independent for all purposes.

​

14. Applicable law and jurisdiction

Applicable Law. The terms of this agreement shall be governed by and construed in all respects in accordance with Spanish law.

 

Applicable law. The Parties jointly declare that, to the extent reasonable, any dispute arising in connection with or arising out of this contract shall be resolved by mutual negotiation and consultation. In the event that a satisfactory solution is not reached, such dispute shall be submitted to the courts of the city of Madrid.

​

​

APPENDIX A - PROCESSING ORDER AGREEMENT

This Processing Order Agreement, is part of the general conditions, hereinafter referred to as the "Contract", which THE GOOD GOAL S.L. and the Customer enter into, and which sets out the terms and conditions applicable to the services provided by THE GOOD GOAL S.L. (the "Services"). This DPA and the rest of the clauses of the Contract are indicated as supplementary. However, in case of conflict, the Processing Order Agreement shall prevail.

​

HEREBY DECLARE

​

That the Parties have entered into a license agreement for the use of the SaaS TGG Starter software and services (hereinafter, the "Agreement") under which the Data Processor will provide certain services (hereinafter, the "Services") that will involve access to personal data under the responsibility of the Data Controller.

​

That Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter the "GDPR") imposes the regulation of the obligations relating to data protection assumed by the Parties to the Contract.

​

That, in accordance with the foregoing, the Parties agree to enter into and sign this Processing Assignment Agreement, which shall be governed by the provisions of Article 28 of the GDPR, and by the following:

​

CLAUSES

​

1. Purpose.
In order to execute the services derived from the Contract, and to provide the Services effectively, the Data Processor may have access to personal data under the responsibility of the Data Controller.

​

2. Identification of the information concerned
For the execution of the services derived from the fulfillment of the object of this Agreement of Entrustment of Treatment, the Controller makes available to the Processor, the information described below:

​

Personal information:

​

Name and surname

E-mail address

Profile image

IP address

 

The Controller guarantees that it has complied with the duty to provide all information to data subjects at the time of collection of the data subject to processing, complying with the provisions of art. 12, 13 and 14 of the GDPR, as applicable.

​

The Data Controller guarantees that it has a legitimate basis for the processing of the personal data appropriate to the principles of effectiveness, necessity and proportionality, taking into account the existence of other protection measures that may be less invasive, avoiding discriminatory effects and establishing appropriate safeguards.

 

The Data Processor shall in no case be liable for the lack of compliance or defective compliance with the duty to provide information or for the application of an appropriate basis of legitimacy.

​

3. Obligations of the Data Processor.
The Data Processor declares and guarantees to the Controller the following:

​

• That it will use the personal data undergoing processing, or those it collects for inclusion, only for the purpose of this assignment. Under no circumstances may it use the data for its own purposes;
   

• That it will process and use the personal data to which it has access, only according to the instructions of the Data Controller, and in accordance with the purposes regulated in the Contract.
   

• The instructions regarding the processing of the data and actions entrusted to the Data Processor shall be communicated to the Data Processor in writing.
   

• If the Data Processor considers that compliance with a specific instruction from the Controller could lead to a breach of data protection regulations, he/she shall immediately inform the Controller. The Processor in this communication shall request the Controller to amend, withdraw or confirm the instruction given and may suspend compliance pending a decision by the Controller.

​

• That, if applicable, he/she will keep, in writing, a record of all categories of processing activities carried out on behalf of the controller, containing all the information provided for in art. 30 GDPR.

• 
  That it will maintain confidentiality and secrecy regarding the personal data to which it has access in connection with the provision of the Services.
   

• That it will not communicate to third parties except with the express authorization of the data controller, and in the legally admissible cases.
   

• The Data Processor may communicate the data to other data processors of the same controller, in accordance with the instructions of the latter. In this case, the data controller shall identify, in advance and in writing, the entity to which the data must be communicated, the data to be communicated and the security measures to be applied in order to proceed with the communication.
   

• That it will provide the Data Controller with the necessary information to evidence compliance with the obligations established in the Contract.
   

• That it will provide the assistance required by the Controller for the performance of audits or inspections, carried out by the Data Controller or by another auditor authorized by the Controller. The audits may be carried out periodically, on a planned or "ad hoc" basis, subject to prior notification to the Data Controller with a reasonable period of notice, during the usual working hours of the Data Controller.
   

• To ensure that the persons authorized to process personal data have undertaken, expressly and in writing, to comply with the security measures established, and to respect the confidentiality of the data. Compliance with this obligation must be documented by the Data Processor and made available to the Data Controller.
   

• That he/she has designated a data processor whose contact details are as follows: hello@thegoodgoalapp.com.
   

• That it will collaborate in the fulfillment of the Controller's obligations, and will offer support to the Controller, where appropriate and when requested by the Controller, in the performance of (i) impact assessments relating to the personal data to which it has access; (ii) prior consultations with the supervisory authority.
   

• To ensure that the persons authorized to process personal data have undertaken, expressly and in writing, to comply with the security measures established, and to respect the confidentiality of the data. Compliance with this obligation shall be documented by the Data Processor and made available to the Data Controller.

​

4. Destination of the Data.
Upon completion of the provision of the Services, the Processor shall return the personal data to which it has had access and any existing copies, as instructed by the Controller in accordance with section 13.2 of the Agreement.

​

The Processor may keep a copy with the data duly blocked, as long as liabilities may arise from the performance of the provision of the Services.

​

5. Notification of Data Security Breaches.
The Processor shall notify the Controller, without undue delay, and in any event no later than 24 hours, of any suspected or confirmed data protection incident within its area of responsibility. Among others, it shall notify the Controller of any processing that may be considered unlawful or unauthorized, any loss, destruction or damage to data and any incident considered a breach of data security. The notification shall be accompanied by all relevant information for the documentation and communication of the incident to relevant authorities or affected stakeholders.

The Processor shall, in addition, assist the Controller in relation to the notification obligations under the GDPR (in particular, arts. 33 and 34 of the GDPR) and any other applicable regulation, present or future, that modifies or complements such obligations.

​

6. Exercise of rights by data subjects.
The Data Processor shall provide the information and/or documentation requested by the Controller in order to respond to requests for the exercise of rights that the Controller may receive from the data subjects whose data is processed. The Data Processor shall provide such information within reasonable periods of time and, in any case, sufficiently in advance so that the Controller can comply with the legally applicable deadlines for responding to the exercise of these rights.

​

When the affected persons exercise the rights of access, rectification, erasure and opposition, limitation to the processing, data portability and not to be subject to automated individual decisions, before the Data Controller, they shall communicate it by e-mail to the address hello@thegoodgoalapp.com. The communication must be made immediately in order to be dealt with within the established legal deadlines, and in no case later than two working days after receipt of the request, being submitted to the Data Controller together with any information that may be relevant for its resolution.

​

7. Security.
In relation to technical and organizational security measures, the Data Controller shall implement mechanisms to:

• Guarantee the permanent confidentiality, integrity, availability and resilience of the processing systems and services.

• Restore availability and access to personal data quickly in the event of a physical or technical incident.

• Verify, evaluate and assess, on a regular basis, the effectiveness of the technical and organizational measures implemented to ensure the security of the processing.

• Pseudonymize and encrypt personal data, if necessary.

In particular, the Parties have agreed on a list of measures to be implemented by the Data Controller, indicated in Appendix A to this Processing Assignment Agreement.

​

If the Controller, subsequent to the execution of the Agreement, requires the Processor to adopt or maintain security measures different from those agreed in this Appendix I, or if they are required by any future regulation, and this would significantly affect the costs of providing the Services, the Processor and the Controller shall agree on the appropriate contractual measures to address the effect that such changes may have on the price of the Services.

 

8. Subcontracting
The Controller grants a general authorization for the Processor to subcontract part of the Services to third party entities or subcontractors (the "Subcontractor"). The Processor shall inform the Controller of the processing operations to be subcontracted and clearly and unequivocally identify the subcontracting company and its contact details. The subcontracting may be carried out if the Controller does not express its opposition within 15 days.

​

The Processor shall apply due diligence to choose only those sub-processors that offer sufficient guarantees to implement appropriate technical and organizational measures, so that the subcontracted processing is in compliance with the requirements of the GDPR and the protection of the rights of data subjects subject to processing is ensured.

​

The Sub-processor, who shall also have the status of data processor, shall also be obliged to comply with the obligations imposed on the Data Processor and the instructions issued by the Controller, as set forth in this Data Processor Agreement. It is incumbent upon the Processor to regulate the new relationship in a contract signed by the Processor and the Sub-processor, so that the Sub-processor is subject to the same conditions (instructions, obligations, security measures...) and with the same formal requirements as the initial Processor, as regards the proper processing of personal data and the guarantee of the rights of the data subjects. In the event of non-compliance by the Sub-processor, the Processor shall remain fully liable to the Controller with regard to the fulfillment of the obligations included in this Processing Assignment Agreement.

The list of sub-processors authorized by the Controller is attached to this Entrustment for Processing Agreement as Appendix B.

​

9. International data transfers
The Data Processor shall not carry out international transfers of personal data to which it has access, under the responsibility of the Data Controller, unless it has prior authorization from the Data Controller or they are duly regularized in accordance with the provisions of articles 45, 46 or 47 of the GDPR. Without prejudice to the authorized sub-processors referenced in Appendix B that carry out certain processing operations on behalf of the Data Controller in territories outside the European Economic Area, which have signed with the Data Controller the corresponding standard contractual clauses approved by the European Commission ("STC"), an agreement signed between both entities by which the non-EU company guarantees that it applies the European data protection standards.

​

10. Responsibility
The Data Processor shall be held responsible for the processing in the event that he/she uses the data subject to this Entrustment Agreement for other purposes, communicates them or uses them in breach of the stipulations of this Entrustment Agreement, and shall be liable for any breaches personally incurred.

​

The Controller shall inform the Entrusted Party immediately of the sanctioning procedures initiated against the Data Controller by the AEPD or any other competent authority, for such breaches or defective fulfillments, so that the Entrusted Party may assume the legal defense at its own expense, acting, at all times, in coordination with the Controller and preserving its public image and reputation.

 

Each Party shall hold the other Party harmless against claims, indemnities, actions and expenses arising from claims that the Party is obliged to satisfy by final judgment or award rendered by a competent court, or by virtue of an agreement reached between a Party and third party claimants, which are the consequence of non-compliance or defective compliance with the applicable regulations.

​

APPENDIX B - LEGAL DOCUMENTS

These terms of use, agreements and privacy policy are those of THE GOOD GOAL with respect to its customers. They are NOT documents designed to cover the customer with respect to its own users.

​

THE GOOD GOAL informs the CUSTOMER that it must draft a terms of use/legal notice, a privacy policy and a cookie policy appropriate to the use it intends to give to the platform. These conditions must be posted on a publicly accessible URL.

​

THE GOOD GOAL will not be responsible, in any case, that the customer does not publish such information or publishes it correctly, inaccurately or contrary to law, being the customer solely responsible.

​

APPENDIX C - BACKUPS

THE GOOD GOAL performs daily backups of its systems. The backups are stored in a physically and logically separate facility from the production environments.

 

Backups are stored for disaster recovery purposes. No selective data restores or restores that require forensic work by THE GOOD GOAL team will be performed.

 

Backups may only be restored by THE GOOD GOAL team. THE GOOD GOAL team will inform the customer that a restoration will be performed, if any, as well as the loss of data that may occur, which may not exceed 7 days (in case of restoring the last weekly copy) or 48 hours (in case of restoring any of the daily copies).