Terms & Conditions

INTERACTA_Terms of Service Agreement

Version 7.0, 01 August 2024

Terms & Conditions

Interacta

This Interacta Agreement (the ‘Agreement’) is entered into by and between Dinova S.r.l., with offices at Via dei Lapidari 12, 40129 Bologna, Italy and the entity agreeing to these terms (‘the Customer’) for use of the Interacta software solutions Services (“the Services”). This Agreement is effective as of the date that the Customer subscribes an offline commercial proposal provided by Dinova or an Authorized Reseller, or provides an equivalent offline purchase order.

Services..

1. Provision of the Services.

1.1 Services use. During the Term, Dinova will provide the Services in accordance with the Agreement. Customer may use the Services ordered in the applicable Order Form or Reseller Order in accordance with this Agreement.

2. Modifications.

(a) (a) To the Services. Dinova may make commercially reasonable changes to the Services from time to time. Dinova will inform Customer if Dinova makes a material change to the Services that has a material impact on Customer’s use of the Services.

(b) To the Agreement. Dinova may make commercially reasonable changes to this Agreement from time to time. If Dinova makes a material change to the Agreement, Dinova will inform the Customer by either sending an email to the Notification Email Address or alerting the Customer through the Admin Console. Material changes to the Agreement will become effective thirty days after the notice is given, except if the changes apply to new functionality in which case the changes will be effective immediately. If the change has a material adverse impact on the Customer, and the change is not a result of Dinova complying with a court order or applicable law, the Customer may notify Dinova within thirty days after being informed of the change that the Customer does not agree with the change. If the Customer notifies Dinova as required, then the Customer will remain governed by the terms in effect immediately prior to the change until the earlier of: (i) the end of the then-current Agreement or (ii) 12 months after Dinova informs the Customer of the change, unless the modification to the Agreement is in response to a court order or to comply with applicable law. If the Agreement renews, it will do so under the updated Agreement.

(c) Discontinuation of Services. Dinova can discontinue any Services or any portion or feature for any reason at any time without liability to the Customer.

(d) Deprecation Policy. Dinova will notify the Customer if it intends to make a Significant Deprecation in the Services. Dinova will use commercially reasonable efforts to continue to provide the Services without a Significant Deprecation for at least one year after that notification, unless (as Dinova determines in its reasonable good faith judgement): (i) otherwise required by law or by contract (including if there is a change in applicable law or contract), or (ii) doing so could create a security risk or a substantial economic or technical burden. This policy is the ‘Deprecation Policy’.

3Customer Obligations.

3.1 Compliance. The Customer must ensure that all use of the Services by the Customer and its End Users complies with this Agreement.

3.2 Privacy. Customer is responsible for any consents and notices required to permit (a) Customer’s use and receipt of the Services, and (b) Dinova’s accessing, storing, and processing of data provided by Customer (including Customer Data) under the Agreement.

3.3 Customer Administration of the Services. Customer may specify one or more Administrators through the Admin Console who will have the rights to access Admin Account(s) and to administer the End-User Accounts. The Customer is responsible for: (a) maintaining the confidentiality of the password and Admin Account(s); (b) designating those individuals who are authorised to access the Admin Account(s); and (c) ensuring that all activities that occur in connection with the Admin Account(s) comply with the Agreement. The Customer agrees that Dinova’s responsibilities do not extend to the internal management or administration of the Services for the Customer and that Dinova is merely a data processor.

3.4 Administrator Access; End-User Consent.

(a) (a) Administrator Access. Administrators will have the ability to access all the Customer’s End-User Accounts, including the ability to access, monitor, use, modify, withhold or disclose any data available to End Users associated with their End-User Accounts.

(b) End-User Consent. the Customer will obtain and maintain all required consents from End Users to allow: (i) Administrators to have the access described in this Agreement; and (ii) Dinova’s provision of the Services to Administrators and End Users.

3.5 Unauthorised Use. the Customer will use commercially reasonable efforts to prevent unauthorised use of the Services and to terminate any unauthorised use. The Customer will promptly notify Dinova of any unauthorised use of, or access to, the Services of which it becomes aware.

3.6 Restrictions. Customer will not, and will not allow End Users to, (a) copy, modify, or create a derivative work of the Services; (b) reverse engineer, decompile, translate, disassemble, or otherwise attempt to extract any or all of the source code of, the Services (except to the extent such restriction is expressly prohibited by applicable law); (c) sell, resell, sublicense, transfer, or distribute any or all of the Services; or (d) access or use the Services (i) for High Risk Activities; (ii) in violation of the AUP; (iii) to place or receive emergency service calls

3.7 Support. The Customer will, at its own expense, respond to questions and complaints from End Users or third parties relating to the Customer’s or End Users’ use of the Services. The Customer will use commercially reasonable efforts to resolve support issues before escalating them to Dinova.

4. Suspension.

4.1 Of End User Accounts by Dinova. If Dinova becomes aware of an End User’s violation of the Agreement, then Dinova may specifically request that Customer Suspend the applicable End User Account. If Customer fails to comply with Dinova’s request to Suspend an End-User Account, then Dinova may do so. The duration of any Suspension by Dinova will be until the applicable End User has cured the breach which caused the Suspension.

4.2 Emergency Security Issues. Notwithstanding the foregoing, if there is an Emergency Security Issue, then Dinova may automatically Suspend the offending use. Suspension will be to the minimum extent and of the minimum duration required to prevent or terminate the Emergency Security Issue. If Dinova Suspends an End-User Account for any reason without prior notice to Customer, at Customer’s request, Dinova will provide Customer with the reason for the Suspension as soon as is reasonably possible.

4.3 Suspension to Comply with Laws. Dinova may at its sole discretion Suspend the provision of any Services at any time if required to comply with any applicable law.

5. Intellectual Property Rights..

5.1 5.1 Intellectual Property Rights. Except as expressly set forth herein, this Agreement does not grant either party any rights, implied or otherwise, to the other’s content or any of the other’s intellectual property. Dinova owns all Intellectual Property Rights in the Services and Software.

5.2 Protection of Customer Data. Dinova will only access, use, or otherwise process Customer Data in accordance with the Data Processing Addendum and will not access, use, or process Customer Data for any other purpose. Dinova has implemented and will maintain technical, organizational, and physical safeguards to protect Customer Data, as further described in the Data Processing Addendum.

6. Confidential Information.

6.1 6.1 Obligations. The recipient will only use the disclosing party’s Confidential Information to exercise the recipient’s rights and fulfill its obligations under the Agreement, and will use reasonable care to protect against the disclosure of the disclosing party’s Confidential Information. The recipient may disclose Confidential Information only to its Affiliates, employees, agents, or professional advisors (“Delegates”) who need to know it and who have agreed in writing (or in the case of professional advisors are otherwise bound) to keep it confidential. The recipient will ensure that its Delegates use the received Confidential Information only to exercise rights and fulfill obligations under this Agreement.

6.2 Required Disclosure. Notwithstanding any provision to the contrary in this Agreement, the recipient or its Affiliate may also disclose Confidential Information to the extent required by applicable Legal Process; provided that the recipient or its Affiliate uses commercially reasonable efforts to (a) promptly notify the other party before any such disclosure of its Confidential Information, and (b) comply with the other party’s reasonable requests regarding its efforts to oppose the disclosure. Notwithstanding the foregoing, subsections (a) and (b) above will not apply if the recipient determines that complying with (a) and (b) could (i) result in a violation of Legal Process; (ii) obstruct a governmental investigation; or (iii) lead to death or serious physical harm to an individual.

7. Term and Termination.

7.1 Agreement Term. The term of this Agreement (the “Term”) is defined in the Order Form or similar document subscribed by Dinova, or an Authorized Reseller, and the Customer.

7.2 Termination for Breach. To the extent permitted by applicable law, either party may terminate this Agreement immediately on written notice if (a) the other party is in material breach of the Agreement and fails to cure that breach within 30 days after receipt of written notice of the breach, or (b) the other party ceases its business operations or becomes subject to insolvency proceedings and the proceedings are not dismissed within 90 days.

7.3 Termination for Convenience. Customer may stop using the Services at any time. Subject to Customer fulfilling all its financial commitments under the applicable Order Form or otherwise under this Agreement (including payment of all Fees for the Order Term), Customer may also terminate this Agreement for its convenience at any time on prior 30 days written notice.

7.4 Termination Due to Applicable Law; Violation of Laws. Dinova may terminate this Agreement and/or any applicable Order Form immediately on written notice if Dinova reasonably believes thatcontinued provision of any Service used by Customer would violate applicable law(s).

7.5 Effect of Termination or Non-Renewal. If the Agreement is terminated or not renewed, then (a) all rights and access to the Services will cease (including access to Customer Data), unless otherwise described in this Agreement, and (b) all Fees owed by Customer to Dinova are immediately due upon Customer’s receipt of the final electronic bill or as stated in the final invoice.

7.6 No Refunds. Unless expressly stated otherwise in this Agreement, termination or non renewal under any section of this Agreement will not oblige Dinova to refund any Fees.

8. 8. Representations and Warranties..

Each party represents and warrants that (a) it has full power and authority to enter into the Agreement, and (b) it will comply with all laws applicable to its provision, receipt, or use of the Services, as applicable.

9. Disclaimer.

Except as expressly provided for in the Agreement, Dinova does not make and expressly disclaims to the fullest extent permitted by applicable law (a) any warranties of any kind, whether express, implied, statutory, or otherwise, including warranties of merchantability, fitness for a particular use, title, non-infringement, or error-free or uninterrupted use of the Services and (b) any representations about content or information accessible through the Services.

10. Limitation of Liability..

10.1 Limitation on Indirect Liability. To the extent permitted by applicable law and subject to Section 10.3 (Unlimited Liabilities), neither party will have any Liability arising out of or relating to the Agreement for any (a) indirect, consequential, special, incidental, or punitive damages or (b) lost revenues, profits, savings, or goodwill.

10.2 Limitation on Amount of Liability. Each party’s total aggregate Liability for damages arising out of or relating to the Agreement is limited to the Fees Customer paid during the 12 month period before the event giving rise to Liability

10.3 Unlimited Liabilities. Nothing in the Agreement excludes or limits either party’s Liability for:
(a) its fraud or fraudulent misrepresentation;
(b) its infringement of the other party’s Intellectual Property Rights;
(c) its payment obligations under the Agreement; or
(d) matters for which liability cannot be excluded or limited under applicable law.

11. Miscellaneous.

11.1 Notices. Dinova may provide any notice to the Customer under this Agreement by: (a) sending an email to the Notification Email Address or by (b) posting a notice in the Admin Console. The Customer may provide notice to Dinova under this Agreement by sending an email to Dinova’s legal department at legal@dinova.one. Customer is responsible for keeping its Notification Email Address current throughout the Term.

11.2 Assignment. Neither party may assign or transfer any part of this Agreement without the written consent of the other party, except to an Affiliate, but only if: (a) the assignee agrees in writing to be bound by the terms of this Agreement; and (b) the assigning party remains liable for obligations incurred under the Agreement prior to the assignment. Any other attempt to transfer or assign is void.

11.3 Change of Control. Upon a change of control (for example, through a stock purchase or sale, merger, or other form of corporate transaction): (a) the party experiencing the change of control will provide written notice to the other party within thirty days after the change of control; and (b) the other party may immediately terminate this Agreement any time between the change of control and thirty days after it receives the written notice in subsection (a).

11.4 Force Majeure. Neither party will be liable for inadequate performance to the extent caused by a condition (for example, natural disaster, act of war or terrorism, riot, labour condition, governmental action and Internet disturbance) that was beyond the party’s reasonable control.

11.5 Severability. If any provision of this Agreement is found unenforceable, the balance of the Agreement will remain in full force and effect.

11.6 Governing Law. This Agreement is governed by Italy law. For any dispute arising out of or relating to this agreement, the parties consent to personal jurisdiction in, and the exclusive venue of, the courts in Bologna, Italy.

11.7 Amendments. Any amendment must be in writing and expressly state that it is amending this Agreement.

11.8 Survival. The following Sections will survive expiration or termination of this Agreement: Section 5 (Intellectual Property Rights), Section 6 (Confidential Information), Section 7.5 (Effect of Termination or Non-Renewal), Section 9 (Disclaimer), Section 10 (Limitation of Liability), and Section 11 (Miscellaneous).11.9 Entire Agreement. This Agreement sets out all terms agreed between the parties and terminates and supersedes any and all other agreements between the parties relating to its subject matter, including any prior versions of this Agreement. In entering into this Agreement, neither party has relied on, and neither party will have any right or remedy based on, any statement, representation, or warranty (whether made negligently or innocently), except those expressly stated in this Agreement. The URL Terms are incorporated by reference into the Agreement. Dinova may provide an updated URL in place of any URL in this Agreement.

11.10 Conflicting Terms. If there is a conflict between the documents that make up this Agreement, the documents will control in the following order (of decreasing precedence): the Order Form or similar document subscribed by Dinova and the Customer, and the URL Terms.

11.11 Conflicting Languages. If this Agreement is translated into any language other than English, and there is a discrepancy between the English text and the translated text, the English text will govern unless expressly stated otherwise in the translation.

12. Definitions.

  • “Admin Account(s)” means the administrative account(s) provided to Customer by Dinova for the purpose of administering the Services. The use of the Admin Account(s) requires a password, which Dinova will provide to Customer.

  • “Admin Console” means the online tool provided by Dinova to Customer for use in reporting and certain other administration functions.

  • ‘Administrators’ mean the Customer-designated technical personnel who administer the Services to End Users on the Customer’s behalf.

  • “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with a party.

  • “Customer Data” means data, including email, provided, generated, transmitted or displayed via the Services by Customer or End Users.

  • ‘Emergency Security Issue’ means either: (a) the Customer’s or End Users’ use of the Services in violation of the Acceptable Use Policy, in a way that disrupts: (i) the Services; (ii) other the Customers’ use of the Services; or (iii) to prevent unauthorised third-party access to the Services or data within the Services.

  • “End Users” means the individuals Customer permits to use the Services.

  • “End User Account” means a Interacta account established by Customer through the Services for an End User.

  • “High Risk Activities” means uses such as the operation of nuclear facilities, air traffic control or life-support systems, where the use or failure of the Services could lead to death, personal injury or environmental damage.

  • ‘Services’ means the applicable Services provided by Dinova and used by the Customer under this Agreement.

  • ‘Significant Deprecation’ means to discontinue or to make backwards-incompatible changes to the Services that results in Dinova no longer providing to its customer base the substantial ability to carry out activities and workflows with the Services.

  • “Suspend” means the immediate disabling of access to the Services, or components of the Services, as applicable, to prevent further use of the Services.

INTERACTA _ Acceptable Use Policy

Use of the Services is subject to this acceptable use policy (“AUP”).

If not defined here, capitalized terms have the meaning stated in the applicable contract (“Agreement”) between customer or other authorized user (“You”) and Dinova S.r.l..

You agree not to, and not to allow third parties or Your End Users, to use the Services:

  1. to violate, or encourage the violation of, the legal rights of others;
  2. for any illegal, unlawful, invasive, infringing, defamatory, or fraudulent purpose;
  3. to intentionally distribute viruses, worms, Trojan horses, corrupted files, or other items of a destructive or deceptive nature;
  4. to use hate speech, a content that promotes or condones violence against or has the primary purpose of inciting hatred against an individual or group on the basis of their race or ethnic origin, religion, disability, age, nationality, sexual orientation, gender or any other characteristic that is associated with systemic discrimination or marginalization;
  5. to engage in harassing, bullying, or threatening behavior, and do not incite others to engage in these activities.
  6. to distribute people’s personal and confidential information, such as credit card numbers, confidential national ID numbers, or account passwords, without their explicit permission.
  7. to upload or share content that exploits or abuses children.
  8. to distribute sexually explicit or pornographic material, violent content, terrorism that’s primarily intended to be shocking, sensational, or gratuitous.
  9. to spam including by sending unwanted promotional or commercial content, or unwanted or mass solicitation.
  10. to alter, disable, interfere with or circumvent any aspect of the Services;
  11. to test or reverse-engineer the Services in order to find limitations, vulnerabilities or evade filtering capabilities;
  12. to grant multiple individuals access to an individual End User Account;
  13. to record audio or video communications without consent if such consent is required by applicable laws and regulations (You are solely responsible for ensuring compliance with all applicable laws and regulations in the relevant jurisdiction(s)).

Your failure to comply with the AUP may result in:

  • removal of objectionable contents; and/or

  • suspension or termination, or both, of the Services pursuant to the Agreement.

To report any potential policy violation to Dinova please contact legal@dinova.one
After Dinova is notified of a potential policy violation, Dinova may review the content and take action, including restricting access to the content, removing the content, and limiting or terminating a user’s access to Interacta.

INTERACTA _ Data Processing Addendum

The customer agreeing to these terms (“Customer”), and Dinova S.r.l., have entered into one Interacta Agreement (as defined below).

1. Definitions

1.1 Capitalized terms defined in the applicable Agreement apply to this Data Processing Amendment. In addition, in this Data Processing Addendum:

  • “Customer Data” means data submitted, stored, sent or received via the Services by Customer or End Users.

  • “Dati personali del cliente” indica i dati personali contenuti nei Dati del cliente.

  • “Data Incident” means a breach of Dinova’s security leading to the

    accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Data on systems managed by or otherwise controlled by Dinova.

  • “EEA” means the European Economic Area.

  • “EU GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the

    Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

  • “European Data Protection Law” means the GDPR.

  • “European or Italian Law” means EU or Italian State law

  • “Interacta Agreement” means an Interacta Agreement under which Dinova agrees to provide Interacta services to Customer.

  • “Notification Email Address” means the email address(es) designated by Customer in the Admin Console, or in Ordering Documents or communicated to Dinova (as applicable), to receive certain notifications from Dinova. Customer is responsible for using to ensure that its Notification Email Address remains current and valid.

  • “Subprocessor” means a third party authorized as another processor under this Data Processing Amendment to have logical access to and process Customer Data in order to provide parts of the Services.

  • “Supervisory Authority” means a “supervisory authority” as defined in the EU GDPR.

  • “Term” means the period from the Addendum Effective Date until the end of Dinova’s provision of the Services under the applicable Agreement, including, if applicable, any period during which provision of the Services may be suspended and any post-termination period during which Dinova may continue providing the Services for transitional purposes.

1.2. The terms “personal data”, “data subject”, “processing”, “controller” and “processor” as used in this Data Processing Addendum have the meanings given in the GDPR.

2. 2. Duration.

This Data Processing Addendum will, notwithstanding expiry of the Term, remain in effect until, and automatically expire upon, deletion of all Customer Data by Dinova as described in this Data Processing Addendum.

3. Scope of Data Protection Law

3.1 Application of European Law. The parties acknowledge that European and Italian Data Protection Law will apply to the processing of Customer Personal Data.

4. Processing of Data

4.1 Roles and Regulatory Compliance; Authorization.

4.1.1. Processor and Controller Responsibilities:

  1. The applicable Term plus the period from the expiry of such Term until deletion of all Customer Data by Dinova in accordance with the Data Processing Addendum.

  2. Nature and Purpose of the Processing: Dinova will process Customer Personal Data for the purposes of providing the Services to Customer in accordance with the Data Processing Addendum.

  3. Categories of Data: Data relating to individuals provided to Dinova via the Services, by (or at the direction of) Customer or End Users.

  4. Data Subjects: Data subjects include the individuals about whom data is provided to Dinova via the Services by (or at the direction of) Customer or End Users.

  5. Dinova is a processor of that Customer Personal Data under European and Italian Data Protection Law;

  6. Customer is a controller or processor, as applicable, of that Customer Personal Data under European and Italian Data Protection Law;

  7. each party will comply with the obligations applicable to it under European Data Protection Law with respect to the processing of that Customer Personal Data.

4.1.2. Authorization by Third Party Controller. Customer warrants that its instructions and actions with respect to that Customer Personal Data, including its appointment of Dinova as another processor, have been authorized by the relevant controller.

4.2 Scope of Processing.

4.2.1 Customer’s Instructions. Customer instructs Dinova to process Customer Personal Data only in accordance with applicable law: (a) to provide the Services; (b) as further specified via Customer’s and End Users’ use of the Services (including the Admin Console and other functionality of the Services); (c) as documented in the form of the applicable Agreement, including this Data Processing Addendum; and (d) as further documented in any other written instructions given by Customer and acknowledged by Dinova as constituting instructions for purposes of this Data Processing Amendment.

4.2.2 Dinova’s Compliance with Instructions. Dinova will comply with the instructions described in Section 4.2.1 (Customer’s Instructions) (including with regard to data transfers) unless European or Italian Law to which Dinova is subject requires other processing of Customer Personal Data by Dinova, in which case Dinova will notify Customer (unless that law prohibits Dinova from doing so on important grounds of public interest) before such other processing.

5. Data Deletion

5.1 Deletion During Term. Dinova will enable Customer and End Users to delete Customer Data during the applicable Term in a manner consistent with the functionality of the Services. If Customer or an End User uses the Services to delete any Customer Data during the applicable Term and that Customer Data cannot be recovered by Customer or an End User, this use will constitute an instruction to Dinova to delete the relevant Customer Data from Dinova’s systems in accordance with applicable law. Dinova will comply with this instruction as soon as reasonably practicable and within a maximum period of 180 days, unless European or Italian Law requires storage.

5.2 Deletion on Term Expiry. Subject to Section 5.3 (Deferred Deletion Instruction), on expiry of the applicable Term, Customer instructs Dinova to delete all Customer Data (including existing copies) from Dinova’s systems in accordance with applicable law. Dinova will comply with this instruction as soon as reasonably practicable and within a maximum period of 180 days, unless European or Italian Law requires storage. Customer is responsible for exporting, before the applicable Term expires, any Customer Data it wishes to retain.

5.3 Deferred Deletion Instruction. To the extent any Customer Data covered by the deletion instruction described in Section 5.2 (Deletion on Term Expiry) is also processed, when the applicable Term under Section 5.2 expires, in relation to an Agreement with a continuing Term, such deletion instruction will only take effect with respect to such Customer Data when the continuing Term expires. For clarity, this Data Processing Amendment will continue to apply to such Customer Data until its deletion by Dinova.

6. Data Security

6.1 Dinova’’s Security Measures, Controls and Assistance.

6.1.1 Dinova’s Security Measures. Dinova will implement and maintain reasonable technical and organizational measures to protect Customer Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access (the “Security Measures”). Since Interacta is built on and delivered through Google Cloud Platform (GCP), GCP’s security measures are also applicable.

6.1.2 Security Compliance. Dinova will: (a) take appropriate steps to ensure compliance with the Security Measures by its employees, contractors and Subprocessors to the extent applicable to their scope of performance, and (b) ensure that all persons authorized to process Customer Personal Data are under an obligation of confidentiality.

6.1.3 Dinova’s Security Assistance. Dinova will assist Customer in ensuring compliance with its obligations pursuant to Articles 32 to 34 of the GDPR, by:

  • a. implementing and maintaining the Security Measures in accordance with Section 6.1.1 (Dinova’s Security Measures);

  • b. complying with the terms of Section 6.2 (Data Incidents);

  • c. if subsections (a)-(b) above are insufficient for Customer

to comply with such obligations, upon Customer’s request, providing additional reasonable assistance.

6.2 Data Incidents.

6.2.1 Incident Notification. Dinova will notify Customer promptly and without undue delay after becoming aware of a Data Incident, and promptly take reasonable steps to minimize harm and secure Customer Data

6.2.2 Details of Data Incident. Dinova’s notification of a Data Incident will describe, to the extent possible, the nature of the Data Incident, the measures taken to mitigate the potential risks and the measures Dinova recommends Customer take to address the Data Incident.

6.2.3 Delivery of Notification. Notification(s) of any Data Incident(s) will be delivered to the Notification Email Address or, at Dinova’s discretion, by direct communication (for example, phone call or an in-person meeting).

6.2.4 No Assessment of Customer Data by Dinova. Dinova has no obligation to assess Customer Data in order to identify information subject to any specific legal requirements.

6.2.5 No Acknowledgement of Fault by Dinova. Dinova’s notification of or response to a Data Incident under this Section 6.2 (Data Incidents) will not be construed as an acknowledgement by Dinova of any fault or liability with respect to the Data Incident.

6.3. Customer’s Security Responsibilities and Assessment.

6.3.1 Customer’s Security Responsibilities. Without prejudice to Dinova’s obligations under Sections 6.1 (Dinova’s Security Measures, Controls and Assistance) and 6.2 (Data Incidents), and elsewhere in the applicable Agreement, Customer is responsible for its use of the Services and its storage of any copies of Customer Data outside Dinova’s or Dinova’s Subprocessors’ systems, including:

  • a. using the Services and Additional Security Controls to ensure a level of security appropriate to the risk in respect of the Customer Data;

  • b. securing the account authentication credentials, systems and devices Customer uses to access the Services; and

  • c. retaining copies of its Customer Data as appropriate.

6.3.2 Customer’s Security Assessment. Customer agrees, based on its current and intended use of the Services, that the Services, Security Measures, and Dinova’s commitments under this Section 7 (Data Security): (a) meet Customer’s needs, including with respect to any security obligations of Customer under European and Italian Data Protection Law, and (b) provide a level of security appropriate to the risk in respect of the Customer Data.

6.4 Cloud Infrastructure compliance Certifications and SOC Reports. Interacta is built on and delivered through Google Cloud Platform (GCP) as technical cloud infrastructure. Dinova guarantees that Interacta will be delivered on a cloud platform (such as GCP) that maintains at least the following for the Audited Services in order to evaluate the continued effectiveness of the Security Measures:

a. certificates for ISO 27001, ISO 27017 and ISO 27018, and 

b. SOC 2 and SOC 3 (or equivalent) reports produced by cloud provider’s Third Party Auditor and updated annually based on an audit performed at least once every 12 months (the “SOC Reports”). cloud provider e aggiornati annualmente sulla base di un audit eseguito almeno una volta ogni 12 mesi (i “Rapporti SOC”). 

 

7. Access; Data Subject Rights; Data Export..

7.1 Access; Rectification; Restricted Processing; Portability. During the applicable Term, Dinova will enable Customer, in a manner consistent with the functionality of the Services, to access, rectify and restrict processing of Customer Data, including via the deletion functionality provided by Dinova as described in Section 5.1 (Deletion During Term), and to export Customer Data.

7.2 Data Subject Requests.

7.2.1 Customer’s Responsibility for Requests. During the applicable Term, if Dinova’s Data Protection Team receives a request from a data subject in relation to Customer Personal Data, and the request identifies Customer, Dinova will advise the data subject to submit their request to Customer. Customer will be responsible for responding to any such request including, where necessary, by using the functionality of the Services.

7.2.2. Dinova’s Data Subject Request Assistance. Dinova will (taking into account the nature of the processing of Customer Personal Data) assist Customer in fulfilling its obligations under Chapter III of the GDPR to respond to requests for exercising the data subject’s rights.

8. Data Storage and processing

8.1 Data Storage and Processing Facilities. Dinova will store Customer Data inside of EEA.

8.3 Data Center Information. Information about the locations of Google Cloud Platform data centers is available at: https://www.google.com/about/datacenters/inside/locations/index.html (as may be updated by Google from time to time).

9. Subprocessors

9.1 Consent to Subprocessor Engagement. Customer specifically authorizes the engagement as Subprocessors of those entities listed as of the Appendix 1 (Information about Subprocessors). In addition, without prejudice to Section 9.3 (Opportunity to Object to Subprocessor Changes), Customer generally authorizes the engagement as Subprocessors of any other third parties (“New Third Party Subprocessors”).
9.2 Requirements for Subprocessor Engagement. When engaging any Subprocessor, Dinova will:

  1. ensure via a written contract that the Subprocessor only accesses and uses Customer Data to the extent required to perform the obligations subcontracted to it, and does so in accordance with the Agreement (including this Data Processing Addendum); and

  2. remain fully liable for all obligations subcontracted to, and all acts and omissions of, the Subprocessor.

9.3 Opportunity to Object to Subprocessors.

a. When Dinova engages any New Subprocessor during the Term, Dinova will, at least 30 days before the New Subprocessor starts processing any Customer Data, publish the engagement (including the name, location and activities of the New Subprocessor) in Appendix 1 (Information about Subprocessors).

b. Customer may, within 90 days after publishing, object by immediately terminating the applicable Agreement for convenience, in accordance with that Agreement’s termination for convenience provision.

Dinova’s Data Protection Team. Dinova’s Data Protection Team can be contacted by Customer’s Administrators at legal@dinova.one.

INTERACTA _ Generative AI services - Addendum

The following terms apply only to Interacta AI and generative AI services.

1. Disclaimer

Interacta AI and generative AI services (i) use emerging technology, (ii) may provide inaccurate or offensive generated output, and (iii) may provide content that does not represent the views of Dinova. Generated output is not designed for or intended to meet Customer’s regulatory, legal, or other obligations, or to be used, or relied upon, as a substitute for medical, legal, financial, or other professional advice.

2. Prohibited Use Policy

For the purposes of Interacta AI and generative AI services, the Prohibited Use Policy as follows and as may be updated from time to time, is incorporated into the AUP.
Generative AI models can help users explore new topics, inspire creativity, and learn new things. However, it’s expected End Users to to use and engage with them in a responsible, legal manner. To this end, End Users must not use the Interacta AI and generative AI services services that reference this policy to:

  1. Perform or facilitate dangerous, illegal, or malicious activities, including facilitation or promotion of any illegal activities or violations of law, including promoting or generating violent extremism or terrorist content; abuse, harm, interference, or disruption of services (or enable others to do the same) and IT services; attempts to override or circumvent safety filters or intentionally drive the model to act in a manner that contravenes our policies; generation of content that may harm or promote the harm of individuals or a group.
  2. Generate and distribute content intended to misinform, misrepresent or mislead, including misrepresentation of the provenance of generated content by claiming content was created by a human, or represent generated content as original works, in order to deceive; making automated decisions in domains that affect material or individual rights or well-being (e.g., finance, legal, employment, healthcare, housing, insurance, and social welfare).

3. Use and availability of the Services

Customer acknowledges and agrees that (i) the use of Interacta generative AI services is exclusively permitted to humans as End Users; for clarity, services are not available for automated usage (e.g. RPAs, Bots, other). (ii) it will not use, and will not permit End Users to use, the Interacta Generative AI Services in a manner that exceeds the limits specified by Interacta, and (iii) that use of the Generative AI Services generative of Interacta is subject to the availability of the Services, as described in Interacta solution documentation.

4. Health Care Restrictions

Customer will not use, and will not allow End Users to use, Interacta Generative AI Services for clinical purposes (for clarity, non-clinical research, planning or other administrative activities are not limited), to provide medical advice, medical treatment or diagnosis; or in any way that is supervised by, or requires authorization or approval by, any clinical, medical or health authority or other regulatory authority.

5. Suspected violations

Dinova may immediately suspend or terminate Customer's use of the Interacta Generative AI Services based on any suspected violation of paragraphs (2) to (4) above.

6. Training Restriction

Dinova will not use Customer Data to train or fine-tune any of generative artificial intelligence models supporting the Interacta AI and Generative AI Services without Customer's prior permission or instruction.

7. Third party services

Interacta AI and generative AI services may use some external services as, at the moment:

  • Google Cloud Platform’s Vertex AI

List will be updated every time needed.

8. Additional Definitions

“Generated Output” refers to data or content generated or received by Customers or their End Users via the Interacta Generative AI Services within the Customer's Interacta account, as required by the data or content they provide sent via said services. Customer Data is generated Output. As between the Customer and Dinova, Dinova does not claim any ownership rights to any new intellectual property created in the Generated Output.
“Interacta Generative AI Services” refers to any generative AI features or elements in Interacta.

Appendix 1: Information about Subprocessor

Dinova engages the third-party entities in the table below to perform limited activities in connection with the Interacta Services. The table shows what activity each entity performs and indicates if an entity is only relevant to a specific Service. This explains the limited processing of Customer Data the entity is authorized to perform.

 

Entity name

Service location (country where processing is performed)

Registered address

Country of registration

Company numberTask performed
Google Italy SrlItaly, UEVia Confalonieri Federico 4, 20124 Milano, ItalyItaly03660670963Provisioning of cloud infrastructure Google Cloud Platform
Mailjet SASFrance, EU

4 rue Jules Lefebvre

75009 Paris

FranceFR67 524536992Automated email notifications
Twilio Sendgrid Inc.Colorado, US

1801 California Street, Suite 500
US

US27-0554600Automated email notifications

3.2 Privacy. Customer is responsible for any consents and notices required to permit (a) Customer’s use and receipt of the Services, and (b) Dinova’s accessing, storing, and processing of data provided by Customer (including Customer Data) under the Agreement.3.3 Customer Administration of the Services. Customer may specify one or more Administrators through the Admin Console who will have the rights to access Admin Account(s) and to administer the End-User Accounts. The Customer is responsible for: (a) maintaining the confidentiality of the password and Admin Account(s); (b) designating those individuals who are authorised to access the Admin Account(s); and (c) ensuring that all activities that occur in connection with the Admin Account(s) comply with the Agreement. The Customer agrees that Dinova’s responsibilities do not extend to the internal management or administration of the Services for the Customer and that Dinova is merely a data processor.

Versione

Appendix 2: Technology platform, security and compliance

Dinova provides the following specifications in relation to the technology platform adopted for Interacta Services and operational informations.

  1. Cloud services platform

Interacta is implemented and delivered in SAAS mode through Google Cloud Platform by Google, which Dinova is a certified Premier Partner and reseller.

Google Cloud Platform has been selected based on the availability of the best available state-of-the-art security and compliance features, technologies and guarantees:

  1. Security and reliability overview https://cloud.google.com/security
  2. “Secure by design” infrastructure: https://cloud.google.com/security/infrastructure
  3. Security whitepaper: https://cloud.google.com/docs/security/overview/whitepaper
  4. Compliance and certifications (most relevant: ISO 27001, ISO 27017, ISO 27701, SOC 1, SOC 2, SOC 3, PCI DSS, CSA STAR): https://cloud.google.com/security/compliance
  5. Google Cloud Platform Data Processing and Security Terms: https://cloud.google.com/terms/data-processing-addendum
 
  1. Operational security 


2.1
Vulnerability management. Dinova has implemented policies and procedures designed to ensure that customers data are secure and availability guaranteed. Interacta’s team conducts continuous assessment of security threats and implements up-to-date countermeasures in order to prevent unauthorized access and service unavailability, taking advantage of Google Cloud Platform solutions for specific monitoring of vulnerabilities including also viruses, malware, other, identification, mitigation and removal. In the event of security incidents, including data breaches, Interacta’s technical team has a dedicated business operating procedure for management, which identifies actions, flows, roles and responsibilities. Interacta’s technical team is trained and periodically updated with specific reference to incident management. Access to Interacta production instances is allowed only to authorized members of Dinova’s Interacta technical team.

2.2 Access security. Authentication of users to the application is verified on server-side. If requested by the customer, authentication is delegated via OAuth 2.0 protocol to Google or Microsoft 365 identity credentials without having to provide Interacta with a username and password. The mobile application uses the same authentication system as the web application and the same RESTfull API and services environment exposed by the backend instance with encrypted calls via HTTPS protocol.

2.3 Perimeter security. Interacta implements a Web Application Firewall (WAF) belonging to Google Cloud Platform services that is responsible for protecting the customer’s production application instances and monitoring HTTP traffic. The managed rules – reclassified as follows – reflect the standards proposed by the OWASP publications Top 10 web application security risks. Expression: Network Scanning, SQL injection, Remote File Inclusion, Local File Inclusion, Protocol Attack, CVE Exploit (es. Log4j).

2.4 Subprocessors security. Before proceeding to adopt subcontractors for the implementation, delivery, or management of the Interacta solution, Dinova performs an assessment of the security and privacy conditions proposed and operated by the subcontractors, verifying that they are strictly aligned with the security and privacy standards provided for Interacta.

  1. Data management


3.1
Backup policies. Interacta operaties with a specific, dedicated instance per customer, with automatic data backup policies implemented.

  1. The backup starts during the backup window when the instance has less activity. 
  2. Binary and incremental backups. 
  3. Backups performed in “multi regional” mode, guaranteeing the location of data on different Google Cloud Platform data centers
  4. RPO: 24 hours. RTO: next business day.
  5. Retention of backups: 14 days.
  6. Any restore operations overwrite all data on the target instance. The target instance is not available for connections (users, third-party systems) during the restore operation. 

3.2 Data encryption. Data are divided into subfile blocks for storage, and each individual block is encrypted at the storage level with an individual encryption key. All calls are encrypted using HTTPS protocol.

  1. Data encryption at-rest (default mode), Google Cloud Platform standard: https://cloud.google.com/docs/security/encryption/default-encryption
  2. In-transit data encryption (default mode), Google Cloud Platform standard: https://cloud.google.com/docs/security/encryption-in-transit

3.3 Data location. By default, Interacta instances (application and data) are created and operated on Google Cloud Platform services located in SEE area.

3.4 Data integrity. An internal operational procedure helps to protect the integrity of customer data by taking the following measures: data access to only specifically authorized users; validation of data at two levels (frontend and backend) to ensure that it is correct during both collection and use; data backup procedures; management of application logs to keep track of any additions, changes or deletions; management of regular internal audits; use of dedicated error detection software.

  1. Data access and restrictions


4.1
Administration access (Dinova). To keep data private and secure, Dinova isolates each customer’s data, which is still only accessed by a select group of Dinova employees. For Dinova employees, data access rights and levels are based on function and job role, using the concepts of “minor privilege” and “need-to-know” to match access privileges to defined responsibilities. Support services are provided only to authorized client administrators whose identity has been verified.

4.2 Administration access (Customer). Within customer organizations, Interacta’s administrative roles and privileges are configured and controlled by the customer. This means that individual customer users can manage certain services or perform specific administrative functions without access to all settings and data.

4.3 User access. Within customer organizations, Interacta’s users roles and privileges are configured and controlled by the customer. This means that individual customer users can manage certain services or perform specific operational functions without access to all settings and data.

4.4 Data request for legal motivations. The customer, being the owner of the data, is primarily responsible for responding to any data requests from authorities and government agencies. However, like other technology and communications companies, Dinova may receive direct requests from governments and courts about how a person has used the Dinova’s solutions. Dinova takes measures to protect customer privacy and limit such requests while complying with legal obligations. In the event of receiving this type of request, Dinova reviews it to ensure that it meets Dinova’s legal requirements and policies. It is Dinova’s policy to notify customers of data requests unless it is expressly prohibited by regulations or court orders.

Appendix 3: Support

Dinova has a Support service for Interacta dedicated to customers. Through the Support service, customer can forward us reports of anomalies and proposals for improvements.

All reports and proposals will be assigned a ticket prioritized according to severity (for anomalies) and relevance (for improvements), with the understanding that the possible inclusion of improvements in the product roadmap will remain at the sole discretion of Dinova.

Dinova is constantly working to release the product patches necessary to resolution of verified anomalies, so as to keep the application operational over time for the contractually considered functionality and utilities.

In summary, the Support service will deal with:

  • Receiving reports: the Support team is responsible for collecting reports and requests.
  • Taking charge: the Support team verifies the severity of the reported anomalies. 
  • First resolution: the Support team provides workarounds to people’s operations in the time of release of a possible product patch.

In order for Support to properly verify the severity of the anomaly, it is required that the following information be provided in the report:

  • user(s) who encountered the reported anomaly:
  • mode of use of the solution (web or mobile) and information about the device and Operating System (Android or Apple) used;
  • time at which the anomaly occurred;
  • actions performed at the time the anomaly occurred;
  • screenshots of the solution at the time the anomaly occurred;
  • version of the platform on which they encountered the anomaly (identifiable at the bottom left column of the navigation menu in the “About” section).

Support service available channels are::

  • Email to the address support@interacta.space, which will be followed by the insertion automatic of the ticket in a web portal dedicated to support for the tracking of the intake. 
  • Insert a ticket in a web portal dedicated to support.
  • Customer can request credentials for read-only access to support web portal for viewing the progress of tickets, through the procedure.

Support service operates on weekdays, Monday through Friday from 9 a.m. to 6 p.m., hours of Rome (Italy), excluding national holidays;

Support service is delivered in Italian and English language.

Service level objective

Timing of service implementation is defined on the basis of informations received at the reporting stage and level of severity verified by Support team.

Following service level objective (SLO) is applied:

Severity

Description

Taking charge

S1: Critical

Daily operational functions are completely unavailable for at least one area or function business.

No available workarounds to preserve substantial operability of the solution.

2 working hours

S2: High

Specific product features are blocked. No available workarounds to preserve substantial operability of the solution.

4 working hours

S3: Medium

Anomalies in the solution create issues to normal operations, without compromising substantial operability of the solution.

8 working hours

S4: Low

Minor anomalies in the solution are identified about specific functionalities and only affecting some users. Workarounds to preserve substantial operability of the solution are available.

16 working hours

[16.10]Vuoi fare parte
del cambiamento?

[16.10] Prendi parte al cambiamento

L’evento dedicato alla felicità come motore della produttività e del business.

Come creare un ambiente lavorativo in cui le persone si sentano supportate e valorizzate, promuovendo un miglioramento della produttività e della retention?

Unisciti a noi per: