Version: April 9, 2018
EACH AND ANY USE OF THE SERVICES IS SUBJECT TO, AND CONDITIONED UPON, ASSENT TO AND COMPLIANCE WITH THIS AGREEMENT (AS SHALL BE AMENDED FROM TIME TO TIME BY POSTING AN AMENDED AGREEMENT ON THE SITE). BY USING THE SERVICES AND/OR COMPLETING THE REGISTRATION PROCESS, YOU SIGNIFY YOUR CONSENT TO BE BOUND BY THE AGREEMENT AND THAT YOU ARE OF LEGAL AGE TO FORM A BINDING CONTRACT. THE AGREEMENT IS BETWEEN US AND YOU, AN INDIVIDUAL OR AN INDIVIDUAL ACTING ON BEHALF OF A LEGAL ENTITY THAT WILL BE USING THE SERVICES. IF YOU DO NOT AGREE TO THE AGREEMENT YOU MUST NOT USE THE SITE OR THE SERVICES.
The term of this Agreement commences on the earlier of (i) the date you start using the Services; or, (ii) the date you complete the registration process, and continues as long as you are using the Services and until your subscriptions expires or either party terminates this Agreement earlier in accordance with this Section. Either party may terminate this Agreement if the other party materially breaches this Agreement and does not cure such breach within 14 days of a written notice.
Without derogating from the generality of the foregoing, we may terminate this Agreement or suspend your account in any of the following events: (i) you or your affiliates have breached this Agreement or any other agreement with Redis Labs; (ii) we have a reasonable basis to believe that you, your account, or any activity through use of your Personal Data is fraudulent; (iii) you and/or any communications and other activities through use of your Personal Data may expose us, our partners or any third party to liability; (iv) you have made an assignment for the benefit of creditors, you become a subject to liquidation, bankruptcy or any other similar procedure.
UPON TERMINATION FOR ANY REASON OR NO REASON, YOU CONTINUE TO BE BOUND BY THIS AGREEMENT, WHILE ALL YOUR RIGHTS UNDER THIS AGREEMENT IMMEDIATELY
2. The Services
We provide online Services that host in-memory NoSQL data (“ NoSQL Data ”) on public cloud servers managed by us, commercially known as Redis Cloud Enterprise (previously known as Redis Cloud, Redis
Cloud or RC), Redis Enterprise VPC (previously known as Redis Cloud Private, Redis Cloud Private or RCP) and Memcached Cloud. You may access and use the Services, including any content made available through the Services (“ Content ”), solely for your personal use or your internal business purposes, and only as long as you are in compliance with all of the provisions of this Agreement.
When using the Services, you will provide us with your NoSQL Data. You retain full ownership to your NoSQL Data. We don’t claim any ownership to any of it. This Agreement does not grant us any rights to
your NoSQL Data or intellectual property except for the limited rights that are needed to run the Services, as explained herein. We may need to make design choices to technically administer the Services, for example, how to replicate, store, scale, cluster, compress, decompress or backup your NoSQL Data. You hereby give us full permissions to make any such design choice.
The Services are accessible only to registered members of the Site, and we are under no obligation to accept any person as a registered member. Minimum hardware and software requirements for use of the Services may be posted on the Site from time to time. However, we do not guarantee the access to or performance of the Services, even if you meet such minimum requirements. Occasionally, you may experience interrupted Services, delays or errors in the Services. This may be due to a number of reasons including, maintenance that we perform on the Site as well as reasons beyond our control. We will attempt to provide you with prior notice of any interruptions, delays or errors, but we cannot guarantee that such notice will be provided. You acknowledge that we may, in our sole discretion and at any time(s), change or discontinue providing any part of the Services without prior notice, and establish or change limits concerning use of the Services without prior notice, including without limitation (i) the number of users that can access the Services or use the Services at any one time, (ii) the number of projects managed by the Services, and (iii) the number of times (and the maximum duration for which) you may access the Services in a given period of time. You may reject changes by discontinuing use of the Services. Your continued use of the Services will constitute your acceptance of and agreement to such changes.
We may, in our sole discretion and without notice or liability to you or any third party: (i) immediately suspend or terminate your account (if any) and block any and all current or future access to and use of the Site and the Services (or any portion thereof) without derogating from any other right or remedy that we may have by law, equity or otherwise; (ii) delete your usage history and your backup data files older than 12 months or, delete your entire usage history, data files and backup data files 3 months after you terminate using the Services, whichever is sooner.
3. Redis Enterprise VPC
Additional provisions applicable to the Redis Enterprise VPC Service, are detailed in Appendix A hereto.
Certain parts of the Services are subject to your purchase and payment of applicable fees (“ Chargeable Services ”).
The pricing for Chargeable Services through the Site can be found at redislabs.com . The pricing for Chargeable Services through third-party providers offering the Services (“ Partners ”) can be found at each such Partner’s website. We may modify the price, content, or nature of the Chargeable Services at any time. We may provide notice of any such changes by email, notice to you upon log-in, or by publishing them on the Site. We may change the fees and charges in effect or add new fees and charges from time to time, but we will give you advance notice of these changes by email.
By providing a credit card or other payment method accepted by us (“ Payment Method ”) for the Chargeable Services, you are expressly agreeing that we are authorized to charge you the applicable fee at the then current rate, and any other charges you may incur in connection with your use of the Chargeable Services to your elected Payment Method.
For all purchased Chargeable Services, your Payment Method will be charged on a monthly basis or at the interval indicated in our fees and payment policies, if different.
If we do not receive payment from you through the Payment Method, you agree to pay all amounts due upon demand. If we have a reasonable basis to believe we won’t receive payment from you on the payment due date, you hereby give us an irrevocable permission to charge you earlier than that date. We reserve the right to take all steps necessary to collect amounts due from you, including but not limited to legal action and/or using third party collection agencies. Without derogating from the aforesaid, we reserve the right to discontinue the provision of the Services to you for any late payments.
To the fullest extent permitted by law, refunds (if any) are at our sole discretion. Refunds shall be awarded only in the form of credit for future Services. No cash refunds will be awarded. Nothing in these Terms obligates us to extend credit to any party.
Charges are exclusive of taxes, including without limitation, value added and other similar taxes, which shall be added to each payment at the appropriate rate. Charges are solely based on our measurements of your use of the Chargeable Services. Overdue payments shall be subject to a late charge of 1.5% per month You may use the Services for no charge (“ Free Services ”), provided that such usage is limited per each user (an individual or a company) to one (1) Redis Enterprise Cloud subscription, one (1) Redis Enterprise VPC subscription and one (1) Memcached Cloud subscription, each up to the capacity or time limits designated at https://live-redislabs.pantheonsite.io/pricing. We reserve the right to discontinue the provision of the Free Services at any given time, without providing a prior notice to that effect.
5. Personal Data
Some functions of the Services may require you to provide certain personal information, including among others, name, company name, email address and telephone number (“ Personal Data ”). You agree to:
- Provide true, accurate, current and complete Personal Data as prompted by the Services.
- Maintain and promptly update the Personal Data to keep it accurate, current and complete.
- Maintain the security and confidentiality of any usernames and passwords, and any other security or access information used by you to access the Site or Services.
- Refrain from impersonating any person or entity or misrepresent your identity or affiliation with any person or entity, including using another person’s Personal Data.
- Refrain from using the Services to store any protected health information.
- Immediately notify us in writing if you become aware of any loss, theft or use by any other person or entity of any of your Personal Data in connection with the Site or the Services or any other breach of security that you become aware of involving or relating to the Site and Services.
- Log out of any accounts you have created on the Site or with the Services at the end of each session. You represent and warrant that your use in our Services comply with any applicable laws, including without limitation any applicable privacy protection laws.
To the extent that your Personal Data relates to individuals who are in the European Union, our form of “Data Processing Addendum”, which is attached hereto as Appendix B , applies and serves as an integral part of this Agreement.
We assume, and you represent and warrant to us, that any communications and other activities through use of your Personal Data were sent or authorized by you, and you are fully responsible for all activities that occur under your Personal Data. We will not be liable for your losses caused by any unauthorized use of your Personal Data. We further do not assume any responsibility for any communications sent by you.
Without derogating from the foregoing, we reserve the right to reset any usernames and passwords if there has been any unauthorized access to, or use of, the Services using your Personal Data.
You declare that by providing Personal Data to us, you hereby consent to, us sending, and you receiving, by means of telephone, facsimile, SMS or e-mail, communications containing content of a commercial nature relating to the Site and Services. You acknowledge that we do not have to obtain your prior consent (whether written or oral) before sending such communications to you, provided that we shall immediately cease to send any such further communications should you notify us in writing that you do not wish to receive such commercial content anymore.
6. User Conduct
In connection with your use of the Services (including without limitation any information, data, images, feedback, material or ideas that you provide to us through the Services or the Site (each, a “ Submission ”), you agree (i) to abide by all applicable local, state, federal, national and international laws and regulations, and (ii) not, nor allow or facilitate a third party, to violate or infringe any rights (including without limitation copyrights, rights of publicity or privacy and trademarks) of others or our policies or the operational or security mechanisms of the Services. Without limiting the foregoing, you may:
- Not use the Site, the Services or any of its Content (including without limitation any programming, images, photographs, graphics), to promote, conduct, or contribute to fraudulent, obscene, pornographic, inappropriate or illegal activities, including without limitation deceptive impersonation, in connection with contests, pyramid schemes, surveys, chain letters, junk e-mail, spamming or any duplicative or unsolicited messages (commercial or otherwise).
- Not interfere with the access, use or enjoyment of the Services by others (including without limitation causing greater demand on the Services than is deemed by us reasonable); harass or defame others; or promote hatred towards any group of people.
- Not alter, modify, delete, forge, frame, copy, publicly display, publicly perform, rent, sell, hyper-link, create derivative works or otherwise interfere with or in any manner disrupt, circumvent, or compromise, any part of the Site, the Services, any Content (including without limitation trademarks, Services marks and logos contained in the Site but excluding Content provide entirely by you). However, you may copy Content that is reasonably required for the intended purposes of the Site and the Services.
- Not access or attempt to access any of our systems, programs or data that are not made available for public use, or attempt to bypass any registration processes to the Services, security and traffic management devices, software or routines.
- Not decompile, disassemble, reverse engineer or otherwise attempt to discover any source code or underlying ideas or algorithms of the Site or the Services except if and to the extent permitted by applicable law.
- Not use any robot, spider, other automated device or any tool-bar, web-bar, other web-client, device, software, routine or manual process, to access the Services, make Submissions, monitor or scrap information from the Services, or bypass any of our robot exclusion request (either on headers or anywhere else on the Services), if any.
- Not use any meta tags or any other “hidden text” utilizing any trademarks or intellectual property owned or licensed by us.
7. Your Submissions
We may, in our sole discretion, use any feedback, material or ideas that you provide to us or post on or through the Services or the Site to enhance and better customize the Site and the Services. You further grant us and our successors a perpetual, worldwide, non-exclusive, transferable, non-revocable, sub-licensable, royalty-free license to unrestrictedly use, modify, create derivative works from, distribute and display any feedback you provide to us with respect to the Site or the Services, without compensation, liability or notice to you, in any promotions or redistribution of part or all of the Site or any other sites that were created (as private labels for others or otherwise), are operated or are wholly or partially owned by us, in any media formats and through any media channels including without limitations in future modifications of the Site. You are entirely responsible for all your Submissions and the consequences of posting or publishing them on the Site.
9. Copyright and Trademarks
All of the Content and all of the copyright, database rights, trademark rights and other intellectual property rights in and to the Content (including without limitation all design, text, graphics, audio, video or image files and software) is protected by copyrights, trademarks, service marks, patents or other proprietary rights, both with respect to individual content and as a collective work or compilation, pursuant to laws and international conventions. Any rights to the Site, Services and its Content not expressly granted in the Agreement and excluding users’ Submissions, are reserved by us and our licensors. All trademarks, service marks, trade names, and trade dress are proprietary to us or our licensors. No ownership of any Content or trademarks, service marks, trade names, trade dress or other proprietary rights in the Site and related goodwill, is transferred to you. You undertake not to do any act or thing which is inconsistent with or which is likely in any way to prejudice such title. You hereby represent and warrant to us that you and/or your representatives have all rights in your data which is required in order to use the Services, and that your use of your data through your Personal Data doesn’t violates any third party’s rights, including without limitation any third party’s intellectual property rights.
10. Links to and from other Websites; Third Party’s Services
The Site, the Services and any Content is provided on an “as is” and “as available” basis. WE EXPRESSLY DISCLAIM ALL WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. WITHOUT LIMITING THE FOREGOING, WE MAKE NO WARRANTY THAT THIS SITE OR THE SERVICES WILL MEET YOUR REQUIREMENTS, OR WILL BE UNINTERRUPTED, TIMELY, SECURE, OR ERROR, BUG OR VIRUS FREE; NOR DO WE WARRANT OR MAKE ANY REPRESENTATIONS REGARDING THE USE OR THE RESULTS OF THIS SITE, THE SERVICES OR THE CONTENT IN TERMS OF ITS CORRECTNESS, COMPLETENESS, AVAILABILITY, ACCURACY, RELIABILITY OR OTHERWISE.YOUR USE OF THIS SITE AND CONTENT IS AT YOUR OWN DISCRETION AND RISK, AND YOU ARE SOLELY RESPONSIBLE FOR ANY RESULTING CONSEQUENCES.
12. No Liability
UNDER NO CIRCUMSTANCES WE SHALL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (I) ARISING OUT OF THE USE OR THE INABILITY TO USE THIS SITE, SERVICES OR CONTENT, (II) FOR COST OF PROCUREMENT OF SUBSTITUTE GOODS AND SERVICES, OR (III) RESULTING FROM ANY INACCURACIES OR ERRORS OF INFORMATION RECEIVED AS A RESULT OF USING THIS SITE OR SERVICES; IN EACH CASE, INCLUDING BUT NOT LIMITED TO, DAMAGES FOR LOSS OF PROFITS, REPUTATION, GOODWILL, USE, DATA OR OTHER INTANGIBLE, EVEN IF WE HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, WHETHER BASED ON CONTRACT, TORT, NEGLIGENCE, STRICT LIABILITY OR OTHERWISE. WITHOUT DEROGATING FROM ANY OF THE FOREGOING, OUR TOTAL AGGREGATE LIABILITY IN CONNECTION WITH THE SITE, CONTENT, SERVICES OR THE AGREEMENT WILL BE LIMITED TO THE AMOUNT OF FEES ACTUALLY PAID BY YOU TO US DURING THE PRECEDING ONE MONTH, IF ANY. THE FOREGOING LIMITATIONS SHALL APPLY NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY AND ARE FUNDAMENTAL ELEMENTS OF THE BARGAIN BETWEEN US AND YOU.
YOU RELEASE, AND AGREE, AT YOUR OWN EXPENSE, TO INDEMNIFY, DEFEND AND HOLD HARMLESS, OUR OFFICERS, DIRECTORS, EMPLOYEES, AGENTS AND AFFILIATES, FROM ALL LIABILITIES, CLAIMS, ALLEGED CLAIMS, LOSS AND DAMAGES (OF EVERY KIND, WHETHER KNOWN OR UNKNOWN AND SUSPECTED OR UNSUSPECTED), AND INCLUDING REASONABLE ATTORNEY’S FEES RELATED IN ANY WAY TO: (I) YOUR BREACH OF ANY TERM OR CONDITION OF THIS AGREEMENT; (II) YOUR USE OF, RELIANCE ON OR ACCESS TO THIS SITE, THE SERVICES OR THE CONTENT; (III) ANY USE, MISUSE, OR UNAUTHORIZED USE OF THE SITE OR THE SERVICES THROUGH YOUR PERSONAL DATA; (IV) ANY USE, MISUSE, OR UNAUTHORIZED USE THROUGH YOUR PERSONAL DATA WITH RESPECT TO VIOLATION OF THIRD PARTY RIGHTS; AND (V) YOUR SUBMISSIONS. WE WILL PROVIDE YOU WITH WRITTEN NOTICE OF SUCH CLAIM, SUIT OR ACTION. YOU SHALL COOPERATE FULLY IN THE DEFENSE OF ANY CLAIM. WE RESERVE THE RIGHT, AT OUR OWN EXPENSE, TO ASSUME THE EXCLUSIVE DEFENSE AND CONTROL OF ANY MATTER SUBJECT TO INDEMNIFICATION BY YOU.
14. Infringement Notices and Takedown
If you believe that any material contained on Services infringes your copyright, you should notify us at
Your notice should be in English and contain the following information: (a) a physical or electronic signature of a person authorized to act on behalf of the owner of the copyright interest that is allegedly infringed; (b) a description of such copyrighted work(s) and an identification of what material in such work(s) is claimed to be infringed; (c) a description of the exact name of the infringing work and the location of the infringing work on the Site; (d) information sufficient to permit us to contact you, such as your physical address, telephone number and e-mail address; (e) a statement by you that you have a good faith belief that the use of the material identified in the manner complained of is not authorized by the copyright owner, its agent, or the law; (f) a statement by you that the information in the notification is accurate and, under penalty of perjury that you are authorized to act on the copyright owner’s behalf. We will only respond to any claims involving alleged copyright infringement. Notwithstanding this section, we reserve the right at any time and in our sole discretion, to remove content which in our sole judgment appears to infringe the intellectual property rights of another person.
15. Fair Usage
You may use the Services only for the purpose and the authorized usage set forth herein and only for as long as you are in compliance with all of the terms and conditions herein. Unfair usage and illegitimate use are expressly prohibited.
The following is a non-exhaustive list of practices that would be considered illegitimate use or unfair usage:
- use the Services in a manner that may be or become jeopardizing, malicious, misleading, inappropriate, improper or otherwise harmful;
- use any part of the Services for any illegal or unethical purposes;
- interfere with the ordinary use of the Services; and/or
- breach or otherwise circumvent any security or authentication measures; We, at our option, may terminate our relationship with you, or may suspend the Services immediately if we determine, at our sole discretion, you are using the Services for unfair usage or illegitimate use. Where reasonable, we will provide you with notice of improper usage before suspension or termination of the Services.
16. Governing Law and Jurisdiction
This Agreement shall be governed by and construed in accordance with the State of Delaware laws, without giving effect to its conflict of law principles. Disputes arising in connection with this Agreement shall be subject to the exclusive jurisdiction of the applicable United States federal and state courts of the State of Delaware.
17. Limitation of Claims
You agree that regardless of any statute or law to the contrary, any claim or cause of action arising out of or related to use of the Agreement must be filed within one (1) year after such claim or cause of action arose or be forever barred.
If any part of the Agreement is found to be invalid, unlawful or unenforceable, the offending part shall be amended or extracted from the remaining terms all of which shall remain in full force as permitted by law. The Agreement, and any rights and licenses granted hereunder, may not be transferred or assigned by you, but may be assigned by us without restriction. This Agreement and our rules and policies in this Site comprise the entire agreement between you and us, states our and our suppliers’ entire liability and your exclusive remedy with respect to the Site and the Services, and supersede all prior agreements pertaining to this Agreement and such rules’ and policies’ subject matter. Any failure to exercise or enforce any right or provision of this Agreement shall not constitute a waiver of such right or provision. The section titles in this Agreement are solely used for the convenience and have no legal or contractual significance. No waiver of any term of the Agreement shall be deemed a further or continuing waiver of such term or any other term, and any failure to assert any right or provision under the Agreement shall not constitute a waiver of such term. No provision of the Agreement shall be construed against the owners of this site but rather shall be construed in a neutral and fair manner as terms entered into by a fully-informed party on a voluntary basis. The terms of the Agreement, which by their nature should survive the termination of the Agreement, shall survive such termination.
Appendix A – Redis Enterprise VPC Additional Provisions
1. The Services
In our Redis Enterprise VPC (“ RV”) Service, the NoSQL Data is hosted and run on virtual machines (“ Instances ”) and persistent storage devices (“ Persistent Storage ”) (Instances and Persistent Storage are jointly referred to as “ Resources ”) in your private deployment environment (also known as virtual private cloud or VPC) on the cloud (“ Environment ”). In addition to the Services described under the Agreement, we may:
- From time to time, launch Resources in the Environment and provision them with the software required for providing the RV Service (”Software”).
- From time to time, shutdown provisioned Resources.
- Operate the Software on the Resources on an ongoing basis to support your database needs.
- Monitor performance and health of the Resources and Software.
2. Your Obligations
- You will set your account with the cloud provider, such that we can self-provision Resources in the Environment.
- You will configure your account with the cloud provider, such that we shall receive immediate response to any reasonable provisioning request in the Environment.
- You will grant us at least one pre-defined access permission (“Permission”) to the Environment, in order to enable us to provide the Services. The Permission level shall be equal to the highest level of user permissions available in your Environment.
- You shall not terminate or cease the Permission, or otherwise prevent us access in any other way to any of the Resources provisioned by us in the Environment.
- You shall not maintain any SSH access to the Resources provisioned by us in the Environment.
- You hereby agree and acknowledge that we will launch in the Environment as many Resources as we see fit in order to provide the Services.
- We shall not be responsible for any damage, loss of data or information or any other loss that may occur as a result or in relation to you terminating Resources provisioned by us in the Environment.
- Without derogating from any other term of this Agreement, we shall not in any manner be liable or responsible for any Service failure resulting or in relation to (a) your failure to fulfill your obligations under this Appendix, (b) Environment technical failures, (c) Environment terms or policy changes by the cloud provider.
- Without derogating from any other term of this Agreement, you shall not (a) allow any third-party to access and/or attempt to access the Software code or images, and/or to decompile, disassemble, translate, reverse engineer or otherwise attempt to derive source code from any encrypted or encoded portion of the Software, (b) sell, sublicense, rent, lease, distribute, market, or commercialize the Software or your subscription, (c) directly or indirectly circumvent or violate the technical restrictions of the Software, (d) remove any identification, proprietary, copyright or other notices in the Software or documentation, (e) modify or create a derivative work of any portion of the Software. Notwithstanding anything to the contrary under the Agreement, you shall be directly responsible to any damages, loses, expense, or any indirect, consequential, or other damages incurred or suffered by us, arising from attempt to act as specified under subsections (a)-(e) without a specific written consent by us.
Appendix B – Redis Labs Data Processing Addendum
This Data Processing Addendum (“ DPA ”) forms part of the subscription agreement (the “ Agreement “) by and between Redis Labs Ltd., Redis Labs UK Ltd., Redis Labs Inc. (as applicable) and their Affiliates (“ Redis Labs ”) and the customer whose details were provided in the “sign up” process (“ Customer ”), to reflect the parties’ agreement on the Processing of Personal Information.
All capitalized terms not defined herein will have the meaning set forth in the Agreement. All terms under the Agreement apply to this DPA, except that the terms of this DPA will supersede any conflicting terms under the Agreement.
In the course of providing the service to Customer pursuant to the Agreement (the “ Service “), Redis Labs may Process Personal Information on behalf of Customer. The parties agree to comply with the following provisions under this DPA with respect to Customer’s Personal Information processed by Redis Labs on behalf of Customer as part of the Services.
1.1. “ Affiliate ” means any legal entity directly or indirectly controlling, controlled by or under common control with a party to the Agreement, where “control” means the ownership of a majority share of the voting stock, equity, or voting interests of such entity.
1.2. “ Redis Labs Information Security Documentation ” means the information security documentation applicable to the specific Service purchased by Customer, as updated from time to time, and as made available by Redis Labs upon request.
1.3. “ Individual ” means a natural person to whom Personal Information relates, also referred to as “Data Subject” pursuant to EU data protection laws and regulations.
1.4. “ Personal Information ” means information about an identified or identifiable Individual, also referred to as “Personal Data ” pursuant to EU data protection laws and regulations, which Redis Labs Processes under the terms of the Agreement.
1.5. “ Personnel ” means the employees, agents, consultants, and contractors of Customer and Customer’s Affiliates.
1.6. “ Privacy Laws and Regulations ” means all US federal and state privacy laws and regulations and the provisions under Regulation (EU) 2016/679 (GDPR), when it takes effect, applicable to the Processing of Personal Information under the Agreement.
1.7. “ Privacy Shield ” means the EU-US Privacy Shield Framework, as administered by the U.S. Department of Commerce and approved by the European Commission pursuant to Decision C(2016)4176 of July 12, 2016.
1.8. “ Privacy Shield Principles ” mean the Privacy Shield Principles, as supplemented by the Supplemental Principles and contained in Annex II to the European Commission Decision C(2016)4176 of July 12, 2016, as may be amended, superseded or replaced.
1.9. “ Process ” or “ Processing ” means any operation or set of operations which is performed upon Personal Information, whether or not by automatic means, such as collection, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, blocking, erasure or destruction.
1.10. “ Standard Contractual Clauses” mean the annex to the EU Commission Decision of 5 February 2010 on standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC of the European Parliament and of the Council.
2. DATA PROCESSING
2.1. Scope and Roles. This DPA applies when Personal Information is Processed by Redis Labs as part of Redis Labs’ provision of the Service, as further specified in the Agreement and the applicable order form. In this context, to the extent that provisions under the GDPR apply to Personal Information that Redis Labs processes for Customer under the Agreement, Customer is the Data Controller and Redis Labs and applicable Affiliates are the Data Processor under such laws and regulations.
2.2. Instructions for Redis Labs’ Processing of Personal Information. Redis Labs will only Process Personal Information on behalf of and in accordance with Customer’s instructions. Customer instructs Redis Labs to Process Personal Information for the following purposes:
(i) Processing in accordance with the Agreement and applicable order forms, including, without limitation to provide the Service, and for support, back-up and disaster recovery, cyber security, service operations and control, fraud and service misuse prevention and legal and administrative proceedings; and (ii) Processing to comply with other reasonable instructions provided by Customer where such instructions are consistent with the terms of the Agreement and comply with applicable Privacy Laws and Regulations. Processing outside the scope of this DPA (if any) will require prior written agreement between Redis Labs and Customer on additional instructions for processing, including agreement on any additional fees Customer will pay to Redis Labs for carrying out such instructions.
3. NOTICE AND CONSENT
3.1. Customer undertakes to provide all necessary notices to Individuals and receive all necessary permissions and consents, as necessary for Redis Labs to process Personal Information on Customer’s behalf under the terms of the Agreement and this DPA, pursuant to the applicable Privacy Laws and Regulations.
3.2. To the extent required under the applicable Privacy Laws and Regulations, Customer will appropriately document the Individuals’ notices and consents.
4. RIGHTS OF INDIVIDUALS
4.1. Requests. Redis Labs will, to the extent legally permitted, promptly notify Customer if Redis Labs receives a request from an Individual, who’s Personal Information is included in Customer’s Personal Information , or a request by the Individual’s legal guardians, to exercise the right to access, correct, amend, or delete Personal Information related to the Individual, or to exercise such other personal right that the Individual is entitled to pursuant the applicable Privacy Laws and Regulations.
4.2. Assistance. Taking into account the nature of Processing by Redis Labs and insofar that this is possible, Redis Labs will provide Customer with cooperation and assistance in relation to handling Individuals’ requests pursuant to applicable Privacy Laws and Regulations, by providing Customer with access to Customer’s Data for the purpose of exercising the applicable individuals’ rights. Except if not permitted under the applicable Privacy Laws and Regulations, Customer will reimburse Redis Labs with any costs and expenses related to Redis Labs’ provision of such assistance, except for negligible costs.
5. ASSISTANCE IN COMPLIANCE
At Customer’s written request, Redis Labs will assist Customer in complying with Customer’s obligations pursuant to Articles 32 to 36 to the GDPR, in relation to the Processing of Customer’s Personal Information by Redis Labs, taking into account the nature of processing and the information available to Redis Labs.
6. Redis Labs PERSONNEL
6.1. Limitation of Access. Redis Labs will ensure that Redis Labs’ access to Personal Information is limited to those personnel who require such access to perform the Agreement.
6.2. Confidentiality. Redis Labs will impose appropriate contractual obligations upon its Personnel engaged in the Processing of Personal Information, including relevant obligations regarding confidentiality, data protection, and data security. Redis Labs will ensure that its Personnel engaged in the Processing of Personal Information are informed of the confidential nature of the Personal Information, have received appropriate training in their responsibilities, and have executed written confidentiality agreements. Redis Labs will ensure that such confidentiality agreements survive the termination of the employment or engagement of its Personnel.
7. AFFILIATES AND THIRD-PARTY SERVICE PROVIDERS
7.1. Affiliates. Some or all of Redis Labs’ obligations under the Agreement may be performed by Redis Labs Affiliates.
7.2. Agents. Customer acknowledges and agrees that Redis Labs and Redis Labs’ Affiliates respectively may engage third-party service providers in the performance of the Service on Customer’s behalf. All Affiliates and agents (also referred to as ‘other processors’ under the GDPR) to whom Redis Labs transfers Personal Information to provide the Service on behalf of Customer have entered into written agreements with Redis Labs or such other binding instruments that bind them by substantially the same material obligations under this DPA.
7.3. Liability. Redis Labs will be liable for the acts and omissions of its Affiliates and agents to the same extent that Redis Labs would be liable if performing the Service of each Affiliate or agent directly, under the terms of Agreement.
7.4. Objection. To ensure compliance with applicable Privacy Laws and Regulations, Customer may object to any engagement by Redis Labs with a new agent to Process Customer Personal Information on Customer’s behalf, within five (5) business days following Redis Labs’ notice to Customer of its engagement with the new agent, and for a reasonable and detailed reason. If Customer sends Redis Labs a written objection to the new agent, Redis Labs will make commercially reasonable efforts to provide Customer the same level of Service without the using the new agent to Process Customer Personal Information. Nothing in this section prejudices the parties’ rights and obligations under the Agreement.
8. ONWARD AND TRANS-BORDER TRANSFER
8.1. Transfer of Personal Information related to Individuals within the EU to Redis Labs’ data hosting services in the US is made in accordance with such hosting services’ self-certification with the Privacy Shield. Transfer of Personal Information related to Individuals within the EU to Israel, to the extent applicable, is made in accordance the EU Commission decision 2011/61/EU of January 31, 2011, on the adequate protection of Personal Information by the State of Israel regarding automated processing of Personal Information.
8.2. All Redis Labs’ third-party service providers to whom Redis Labs transfers Personal Data to provide the Service (i) are certified to the Privacy Shield; or (ii) undertook to provide at least the same level of protection for the Personal Data as is required by the Privacy Shield Principles; or (iii) have executed the Standard Contractual Clauses; or (iv) have executed or undertook to comply with such other binding instruments, certifications or self-certifications for the lawful transfer of Customer’s Personal Data related to Data Subjects within the EU to other territories, as required and available under the GDPR; or (v) are established in a country that was acknowledged by the EU Commission as providing adequate protection to Personal Data.
9. INFORMATION SECURITY
9.1. Controls. Redis Labs will maintain administrative, physical and technical safeguards for the protection of the security, confidentiality and integrity of Customer’s Personal Information pursuant to the Redis Labs Information Security Documentation. Redis Labs regularly monitors compliance with these safeguards. Redis Labs will not materially decrease the overall security of the Service during the term of the Agreement.
9.2. Policies and Audits. Redis Labs uses external auditors to verify the adequacy of its security measures. The internal controls of the Service are subject to periodic testing by such auditors. Upon Customer’s written request at reasonable intervals and subject to confidentiality limitations, Redis Labs will make available to Customer (or to a third-party auditor on Customer’s behalf, that is not a Redis Labs competitor and subject to the auditor’s execution of Redis Labs’ non-disclosure agreement), the then most recent version of Redis Labs’ information security Documentation summaries of third-party audit or certification reports commonly made available to Redis Labs. Customer may conduct an on-premise audit of Redis Labs’ compliance with its obligations under this Data Processing Addendum up to once per year (“Data Protection and Security Audit”), provided, however, that any Data Protection and Security Audit is subject to the following cumulative conditions: (i) The Data Protection and Security Audit will be pre-scheduled in writing with Redis Labs, at least 60 days in advance; (ii) All Customer personnel who perform the Data Protection and Security Audit, whether employed or contracted by Customer, will execute Redis Labs’ standard non-disclosure agreement prior to the initiation of the Data Protection and Security Audit, and a third party auditor will also execute a non-competition undertaking; (iii) Customer will take all necessary measures and verify that the auditors do not access, disclose or compromise the confidentiality and security of non-Customer data on Redis Labs’ information and network systems; (iv) Customer will take all measures to prevent any damage or interference with Redis Labs and its Affiliates’ information and network systems; (v) Customer will bear all costs and assume responsibility and liability for the Data Protection and Security Audit and for any failures or damage caused as a result thereof; (vi) Customer will keep the Data Protection and Security Audit results in strict confidentiality, will use them solely for the specific purposes of the Data Protection and Security Audit under this section, will not use the results for any other purpose, or share them with any third party, without Redis Labs’ prior explicit written confirmation; and (vii) If Customer is required to disclose the Data Protection and Security Audit results to a competent authority, Customer will first provide Redis Labs with a prior written notice, explaining the details and necessity of the disclosure, and will provide Redis Labs with all necessary assistance to prevent the disclosure thereof.
10. SECURITY BREACH MANAGEMENT AND NOTIFICATION
10.1. Breach prevention and management. Redis Labs will maintain security incident management policies and procedures and will, to the extent required by law, promptly notify Customer of any unauthorized access to, acquisition of, or disclosure of Customer Personal Information, by Redis Labs or its Affiliates or agents of which Redis Labs becomes aware of (a “Security Incident”).
10.2. Remediation. Redis Labs will promptly make reasonable efforts to identify and remediate the cause of such a Security Incident.
11. DELETION AND RETENTION OF PERSONAL INFORMATION
11.1. Data Deletion. Redis Labs will provide Customer with the ability to remove Customer’s Personal Information, on or after the termination of the Agreement (or at Customer’s discretion – during the term of the Agreement) and by providing such ability, Customer acknowledges that Redis Labs fulfills the data deletion requirement under applicable Privacy Laws and Regulations.
11.2. Data Retention. Notwithstanding, Customer acknowledges and agrees that Redis Labs may retain copies of certain records, log files and transactional details, as necessary in connection with its routine backup and archiving procedures and to ensure compliance with its legal obligations and its continuing obligations under the applicable law, including to retain data pursuant to legal requirements and to use such data to protect Redis Labs, its Affiliates, agents, and any person on their behalf in court and administrative proceedings.
12. DISCLOSURE TO COMPETENT AUTHORITIES
Redis Labs may disclose Personal Information (a) if required by a subpoena or other judicial or administrative order, or if otherwise required by law; or (b) if Redis Labs deems the disclosure necessary to protect the safety and rights of any person, or the general public.
This DPA will commence on the same date that the Agreement are effective and will continue until the Agreement are expired or terminated, pursuant to the terms therein.
14.1. Redis Labs’ compliance team is responsible to make sure that all relevant Redis Labs’ personnel adhere to this DPA.
14.2. Redis Labs’ compliance team can be reached at: privacy@Redis Labs.com
15. DISPUTE RESOLUTION
Each Party will create an escalation process and provide a written copy to the other Party within five (5) business days of any dispute arising out of or relating to this DPA. The escalation process will be used to address disputed issues related to the performance of this DPA, including but not limited to technical problems. The Parties agree to communicate regularly about any open issues or process problems that require prompt and accurate resolution as set forth in their respective escalation process documentation. The Parties will attempt in good faith to resolve any dispute arising out of or relating to this DPA, before and as a prior condition for commencing legal proceedings of any kind, first as set forth above in the escalation process and next by negotiation between executives who have authority to settle the controversy and who at a higher level of management than the persons with direct responsibility for administration of this DPA. Any Party may give the other Party written notice of any dispute not resolved in the normal course of business. Within two (2) business days after delivery of the notice, the receiving Party shall submit to the other a written response. The notice and the response will include (a) a statement of each Party’s position and a summary of arguments supporting that position and (b) the name and title of the executive who will represent that Party and of any other person who will accompany the executive. Within five (5) business days after delivery of the disputing Party’s notice, the executives of both Parties shall meet at a mutually acceptable time and place, including telephonically, and thereafter as often as they reasonably deem necessary, to attempt to resolve the dispute. All reasonable requests for information made by one Party to the other will be honored. All negotiations pursuant to this clause are confidential and will be treated as compromise and settlement negotiations for purposes of applicable rules of evidence.
Invalidation of one or more of the provisions under this DPA will not affect the remaining provisions. Invalid provisions will be replaced to the extent possible by those valid provisions which achieve essentially the same objectives.