Terms of Use
The INSCOR Data Processing Addendum is now part of our Terms of Use. The INSCOR DPA also includes EU Standard Contractual Clauses (Annex 1), to ensure that transfer of personal data from the European Economic Area (EEA) to other countries happens with the same high level of protection as in the EEA.

This means all INSCOR customers globally can rely on the terms of the INSCOR DPA and the SCC which will apply automatically when they accept the Terms of Use.


Last Updated: June 1, 2022

Terms of Use

Thanks for using INSCOR products! These terms of service govern your access to and use of INSCOR' websites and services, so please read everything carefully. This page explains the terms by which you may use our website, https://inscor.com.ua/ and any of our other mobile or web services or applications that we make generally available to our customers (collectively with the INSCOR Site, "INSCOR"), and that you have read, understood, and agree to be bound by these Terms of Service and the associated Privacy Policy (collectively the "Terms" or the "Agreement").

Terms

These Terms of Service are a contract between you and INSCOR Limited Liability Company, a company duly organized and existing under the laws of Ukraine ("INSCOR"), having its principle place of business at Kyiv, Ukraine. INSCOR operates https://inscor.com.ua/("INSCOR Site"). By accessing this web site, you are agreeing to be bound by these Terms and Conditions of Use, all applicable laws and regulations, and agree that you are responsible for compliance with any applicable local laws. If you do not agree with any of these terms, you are prohibited from using are accessing this site. The materials contained in this web site are protected by applicable copyright and trade mark law.

Use License

INSCOR hereby grants you a non-exclusive, non-transferable, worldwide right to access and use INSCOR site, solely with supported browsers through the Internet for your own internal purposes, subject to the Terms of Service. You may not permit INSCOR to be used by or for the benefit of unauthorized third parties. Nothing in the Terms of Service shall be construed to grant you any right to transfer or assign rights to access or use INSCOR. All rights not expressly granted to you are reserved by INSCOR and its licensors. You shall not (i) modify or make derivative works based upon INSCOR; (ii) reverse engineer or access INSCOR in order to (a) build a competitive product or service, (b) build a product using similar features, functions, or graphics of INSCOR, or © copy any features, functions, or graphics of INSCOR. You further acknowledge and agree that, as between the parties, INSCOR owns all right, title, and interest in and to INSCOR, including all intellectual property rights therein.
Disclaimer

The materials on INSCOR' web site are provided "as is". INSCOR makes no warranties, expressed or implied, and hereby disclaims and negates all other warranties, including without limitation, implied warranties or conditions of merchantability, fitness for a particular purpose, or non-infringement of intellectual property or other violation of rights. Further, INSCOR does not warrant or make any representations concerning the accuracy, likely results, or reliability of the user of the materials on its Internet web site or otherwise relating to such materials or on any sites linked to this site.
Limitations

In no event shall INSCOR or its suppliers be liable for any damages (including, without limitation, damages for loss of data or profit, or due to business interruption,) arising out of the use or inability to use the materials on INSCOR' Internet site, even if INSCOR or a INSCOR authorized representative has been notified orally or in writing of the possibility of such damage. Because some jurisdictions do not allow limitations on implied warranties, or limitations of liability for consequential or incidental damages, these limitations may not apply to you.
Revisions and errata

The materials that appear on INSCOR' website could include technical, typographical, or photographic errors. INSCOR does not warrant that any of the materials on its website are accurate, complete, or current. INSCOR may make changes to the materials contained on its website at any time without notice. INSCOR does not, however, make any commitment to update the materials.
Indemnity

You agree to defend, hold harmless and indemnify INSCOR from and against any and all losses, costs, expenses, damages or other liabilities incurred by INSCOR arising from or related to any cause of action, claim, suit, proceeding, demand or action brought by a third party against INSCOR: (a) in connection with your use of INSCOR including any payment obligations incurred through use of INSCOR; or (b) resulting from: (i) your use of INSCOR; (ii) your decision to supply profile or payment information via INSCOR; (iii) any breach of contract or other claims made by RP with which you conducted business through INSCOR; (v) your breach of any provision of this terms; (vi) any liability arising from the tax treatment of payments or any portion thereof; (vii) any negligent or intentional wrongdoing by any Member with which you conducted business through INSCOR; (viii) any act or omission of yours with respect to the payment of fees to any INSCOR; (ix) your dispute of or failure to pay any invoice or any other payment; or (x) your obligations to a INSCOR. Any such indemnification shall be conditioned on our: (a) notifying you in writing of any such claim, demand, action, cost, liability, loss or threat of any thereof; (b) cooperating with you in the defense or settlement thereof; and © allowing you to control such defense or settlement. We shall be entitled to participate in such defense through our own counsel at our own cost and expense. We reserve the right to report any wrongdoing of which we become aware to the applicable government agencies or otherwise.
Terms of Use Modifications

INSCOR may revise these Terms and Conditions of Use at any time without notice; provided that, if we make any material changes to these Terms and Conditions of Use, we will use commercially reasonable efforts to notify you. By continuing to use INSCOR, you are agreeing to be bound by the then current version of these Terms and Conditions of Use.
Governing Law

Any claim relating to INSCOR' web site shall be governed by the laws of Ukraine without regard to its conflict of law provisions.
Any claim relating to INSCOR' services shall be governed by the legislation as stated in the contract with the service provider.
API Terms

Any use of the API (Application Program Interface), including use of the API through a third-party product that accesses INSCOR, is bound by these Terms of Service plus the following specific terms:

· You expressly understand and agree that INSCOR shall not be liable for any direct, indirect, incidental, special, consequential or exemplary damages, including but not limited to, damages for loss of profits, goodwill, use, data or other intangible losses (even if INSCOR has been advised of the possibility of such damages), resulting from your use of the API or third-party products that access data via the API.

· Abuse or excessively frequent requests to INSCOR via the API may result in the temporary or permanent suspension of your account's access to the API. INSCOR, in its sole discretion, will determine abuse or excessive usage of the API. INSCOR will make a reasonable attempt via email to warn the account owner prior to suspension.

· INSCOR reserves the right at any time to modify or discontinue, temporarily or permanently, your access to the API (or any part thereof) with or without notice.
Fraudulent Activity

Use of INSCOR, including but not limited to any applications that use INSCOR or APIs, prohibits using INSCOR for fraudulent account creation or other malicious purposes, including but not limited to creating and distributing spam emails, spam tweets, or other "spammy" electronic communication. INSCOR reserves the right to filter and or block such activity, and if necessary, to remove any account that has engaged in these and similarly malicious activities. Individuals wishing to work within INSCOR are authorized to create one account on INSCOR.
Work Product and Customer Materials

Work produced by INSCOR on behalf of clients is carried out as work-for-hire on behalf of these clients and ownership over the work product remains with the client. Unless requested otherwise, you, as a customer, grant INSCOR an unlimited license to use the work product for internal worker training and education, internal product evaluation, testing and any other purposes. You may provide to INSCOR pursuant to this Agreement certain proprietary materials and information (as you determine in your discretion) for use in connection with the development of the work product (collectively, "Customer Materials"). Subject to the terms hereof, you hereby grants to INSCOR: (a) a royalty-free, fully paid-up, worldwide, non-transferable (except as set forth below), nonexclusive license during the term to use the Customer Materials in order to provide INSCOR and provide the work product; and (b) a royalty-free, fully paid-up, worldwide, non-transferable (except as set forth below), perpetual, irrevocable, nonexclusive license to use the Customer Materials in order to operate, analyze, and improve INSCOR, including the creation of anonymized and/or aggregated data derived from such Customer Materials. If INSCOR shares or publicly discloses information (e.g., in marketing materials or in application development) that is derived from Customer Materials, such data will be aggregated or anonymized to reasonably avoid identification of you. By way of example and without limitation, INSCOR may: (a) track the number of users and uses of INSCOR on an anonymized aggregate basis as part of INSCOR' marketing efforts to publicize the total usage of INSCOR; (b) analyze usage patterns for product development efforts; and © use anonymized and/or aggregated data derived from Customer Materials to develop further analytic frameworks and application tools. you further agree that INSCOR will have the right, both during and after the term, to use, store, transmit, distribute, modify, copy, display, sublicense, and create derivative works of the anonymized and/or aggregated data. Customer expressly retains all right, title and interest in and to the Customer Materials, including all intellectual property rights therein.
Publicity

By using INSCOR or any portion thereof, including but not limited to our API, you hereby grant us a fully paid-up, royalty-free, nonexclusive, worldwide right and license to use your trademarks, logos, and trade names for the sole purpose of referring to you as a customer and/or user of INSCOR on the INSCOR Site and our other marketing and promotional materials, or as otherwise mutually agreed between you and INSCOR.
Data Protection Addendum

This Data Processing Addendum ("DPA") is an addition to the INSCOR LLC Terms of Use ("ToU"). This DPA is concluded by and between INSCOR LLC, 12 Parkovo-Syrets'ka str, office 2, Kyiv 0411, Ukraine ("INSCOR " or "Processor") and you or the entity you represent ("Controller", "you") when you accept the ToU.
1. General

1.1. Object of the DPA: INSCOR shall provide the Controller with the service as described in the ToU ("Service") and shall process personal data as part of the performance of Services on behalf of the Controller.

1.2. Nature, purpose and duration of processing: The data processing shall serve the purpose of providing a software solution for performing tasks of the insurance companies, such as scoring, notification about the accidents, avoiding fraud, accident reconstructions, provision of insurance portfolio, as described in the ToU being an integral part of the Service. The duration of the processing shall be in line with the duration of the provision of the Service.

1.3. Group of data subjects: drivers who have a contract with the Controller and employees of the Controller.

1.4. Type of personal data processed: INSCOR processes the following types of personal data on behalf of the Controller according to the purposes of processes:

Individual driving style analysis to improve insurance service: driving style data, such as driving logic, location, speed, driving patterns; driver identification data, such as contract number; country; name, surname, gender; driving license; phone number; e-mail; vehicle data: name, registration number, date of issue, trade mark, vehicle model, category, body type, car color, VIN, year of issue, engine mileage (km), fuel type.

Accident communication: data subject's contact data; crash data recorded from the telematics device, such as degree of damage, impact strength, log data on the driver's behavior during the crash, e.g. per second speed indicator; driving style.

Reports generation to improve insurance service: crash data recorded from the telematics device, such as degree of damage, impact strength, log data on the driver's behavior during the crash, e.g. second speed, driving style.

Device testing for service advertising: driving style data, such as driving logic, location, speed, driving patterns; driver identification data, such as contract number, country, name, surname, gender; driving license; phone number; e-mail; vehicle data, such as brand name, registration number, date of issue, trade mark, vehicle model, category, body type, car color, VIN, year of issue, engine mileage (km), fuel type.

Eco index determination: vehicle data, such as brand name, registration number, date of issue, trade mark, vehicle model, category, body type, VIN, year of issue, engine mileage (km), fuel type.

1.5. Processor: With respect to the processing of personal data as part of this DPA, INSCOR is the Processor in the meaning of Art. 4 (8) GDPR.

1.6. Place of Processing: INSCOR generally performs the contractually agreed processing of personal data on servers in Ukraine and on the servers of subcontractors stated in Article 6 of Data Protection Addendum. INSCOR shall ensure that the transfer of personal data outside of the EU and/or EEA is admissible pursuant to Art. 44 et seqq. GDPR by complying with the Standard Contractual Clauses set out in Annex 1.

1.7. Instructions by the Controller: INSCOR will process personal data as the Processor as specified in the ToU and the DPA. The ToU and the DPA contain all instructions by the Controller on data processing. Accordingly, INSCOR will process the data:

● Insofar as required with respect to the scope and type for the purpose of providing the Service and for meeting the obligations from the ToU and this DPA;

● insofar as INSCOR is obliged to do so pursuant to the law of the European Union of the law of the Member States to which INSCOR A is subject (in such a case, INSCOR shall notify the Controller of that legal requirement before processing, unless that law prohibits such notification on important grounds of public interest).

The Controller shall retain the right to issue instructions regarding the data processing according to the provision of the ToU and this DPA. Instructions by the Controller shall be agreed with INSCOR and documented. Any expenses incurred by INSCOR for this purpose shall be reimbursed by the Controller.
2. Controller's rights and obligations

2.1. Data responsibility: The Controller shall be responsible for the permissibility of the processing of personal data as well as the protection of the rights of the data subjects.

2.2. Control rights: INSCOR is obliged to provide the Controller with all information required to demonstrate compliance with Wire's obligations pursuant to this DPA, in particular, the technical and organizational measures pursuant to §4 of this DPA, before commencement of the data processing and regularly during the data processing. The Controller shall be entitled to inspect compliance with INSCOR obligations under this DPA to an appropriate extent, either personally or by a third party, in particular, by obtaining information on the technical and organizational measures and, in case this information is not sufficient, by on-site inspections ("Inspections"). The Inspections at the Processor shall be carried out without avoidable disruption of the business of the Processor and without violation of the protection of personal data. As a rule, Inspections shall be carried out upon reasonable notice, in urgent cases also without notice, and during the business hours of the Processor, however, as a rule, but no more frequently than every 12 months.
3. Processor's rights and obligations

3.1. Rights of the data subject. The Processor shall assist the Controller, if possible, by appropriate technical or organizational measures to help the Controller comply with any data subject rights laid down in Chapter III of the GDPR. The Processor shall answer data subject requests only if the Controller instructs the Processor to do so or if the Processor is obliged to do so by law. The assistance by the Processor to the Controller in the context of data subjects' rights may be subject to a charge.

3.2. Data confidentiality: The Processor shall ensure that all employees who have access to personal data are informed of the confidential nature of the personal data and of any special data protection requirements arising from this commission, in particular, the limitation of data processing to specific purposes as instructed by the Controller and that all such employees have entered into confidentiality agreements with the Processor.

3.3. Further assistance of the Controller, inter alia, with regard to technical and organizational measures. The Processor shall assist the Controller in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR taking into account the nature of processing and the information available to the Processor. 3.4. Information about concerns: The Processor shall inform the Controller without undue delay if the Processor is of the opinion that an instruction of the Controller infringes the GDPR or other data protection provisions of the Union or the Member States. The Processor shall be entitled to suspend the execution of the relevant instruction until the Controller confirms or changes it.
4. Technical and organizational measures

4.1. Technical and organizational measures: The Processor will implement all technical and organizational measures which are necessary pursuant to Art. 32 GDPR and other data protection requirements to ensure a level of security appropriate to the risk associated with its processing activities.
5. Security incidents

5.1. Security incident notification: In case of security incidents, the Processor is obliged to apply all necessary measures to ensure the integrity and confidentiality of personal data without undue delay. Furthermore, in case of a data breach, the Processor shall notify the Controller without undue delay after becoming aware of such breach. In this case INSCOR will provide the Controller with all required information enabling the Controller to comply with its statutory obligations.
6. Subcontractors

6.1. Authorized subcontractors: The Processor may contract subcontractors. A subcontractor involvement requires that the Processor (a) ensures that the subcontractor fulfils Processor's duties according to this DPA and (b) assumes liability towards the data subject for actions of the subcontractor concerned, as if these actions were taken by the Processor itself. At the time of the conclusion of this DPA, INSCOR engages the following subcontractors for the provision of the server infrastructure:

Amazon Web Services, Inc.
410 Terry Avenue North,
Seattle, WA 98109-5210 U.S.A.

Amazon Web Services South Africa Proprietary Limited
Wembley Square 2, 134 Solan Road, Gardens, Cape Town, 8001, South Africa

Amazon Web Services EMEA SARL
38 Avenue John F. Kennedy, L-1855, Luxembourg

INSCOR shall inform the Controller about the involvement of any further or replacement of any subcontractor. The Controller shall have the opportunity to object to the involvement within one month after having been informed. In the event of Controller's objection, INSCOR shall be entitled to an extraordinary termination right.
7. Deletion / return of personal data

7.1. Deletion: Upon termination of the DPA or when requested by the Controller, the Processor, at the choice of the Controller, shall return to the Controller all personal data available at the Processor and shall delete copies, if any, provided that no legal obligation to keep the personal data exists pursuant to the law of the Union or the Member States to which INSCOR is subject.
Annex 1 to the Data Protection Addendum

STANDARD CONTRACTUAL CLAUSES (PROCESSORS)

For the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection



The entity identified as "Controller" in the DPA

(the data exporter)

and

INSCOR LLC (or INSCOR)

12 Parkovo-Syrets'ka str., office 2, Kyiv, 04112, Ukraine

office@inscor.com.ua

(the data importer)


each a 'party'; together 'the parties',

HAVE AGREED on the following Contractual Clauses (the Clauses) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Appendix 1.
Clause 1
Definitions


For the purposes of the Clauses:

(a) 'personal data', 'special categories of data', 'process/processing', 'controller', 'processor', 'data subject' and 'supervisory authority' shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data;

(b) 'the data exporter' means the controller who transfers the personal data;

(c) 'the data importer' means the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country's system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC;

(d) 'the sub-processor' means any processor engaged by the data importer or by any other sub-processor of the data importer who agrees to receive from the data importer or from any other sub-processor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract;

(e) 'the applicable data protection law' means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established;

(f) 'technical and organisational security measures' means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.
Clause 2
Details of the transfer


The details of the transfer and in particular the special categories of personal data where applicable are specified in Appendix 1 which forms an integral part of the Clauses.
Clause 3
Third-party beneficiary clause


1. The data subject can enforce against the data exporter this Clause, Clause 4(b) to (i), Clause 5(a) to (e), and (g) to (j), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third-party beneficiary.

2. The data subject can enforce against the data importer this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.

3. The data subject can enforce against the sub-processor this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the sub-processor shall be limited to its own processing operations under the Clauses.

4. The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law.
Clause 4
Obligations of the data exporter


The data exporter agrees and warrants:

(a) that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;

(b) that it has instructed and throughout the duration of the personal data-processing services will instruct the data importer to process the personal data transferred only on the data exporter's behalf and in accordance with the applicable data protection law and the Clauses;

(c) that the data importer will provide sufficient guarantees in respect of the technical and organisational security measures specified in Appendix 2 to this contract;

(d) that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;

(e) that it will ensure compliance with the security measures;

(f) that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;

(g) to forward any notification received from the data importer or any sub-processor pursuant to Clause 5(b) and Clause 8(3) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;

(h) to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for sub-processing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;

(i) that, in the event of sub-processing, the processing activity is carried out in accordance with Clause 11 by a sub-processor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and

(j) that it will ensure compliance with Clause 4(a) to (i).
Clause 5
Obligations of the data importer


The data importer agrees and warrants:

(a) to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;

(b) that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;

(c) that it has implemented the technical and organisational security measures specified in Appendix 2 before processing the personal data transferred;

(d) that it will promptly notify the data exporter about:

(i) any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation;

(ii) any accidental or unauthorised access; and

(iii) any request received directly from the data subjects without responding to that request, unless it has been otherwise authorised to do so;


(e) to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;

(f) at the request of the data exporter to submit its data-processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority;

(g) to make available to the data subject upon request a copy of the Clauses, or any existing contract for sub-processing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;

(h) that, in the event of sub-processing, it has previously informed the data exporter and obtained its prior written consent;

(i) that the processing services by the sub-processor will be carried out in accordance with Clause 11;

(j) to send promptly a copy of any sub-processor agreement it concludes under the Clauses to the data exporter.
Clause 6
Liability


1. The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or sub-processor is entitled to receive compensation from the data exporter for the damage suffered.

2. If a data subject is not able to bring a claim for compensation in accordance with paragraph 1 against the data exporter, arising out of a breach by the data importer or his sub-processor of any of their obligations referred to in Clause 3 or in Clause 11, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract of by operation of law, in which case the data subject can enforce its rights against such entity.
The data importer may not rely on a breach by a sub-processor of its obligations in order to avoid its own liabilities.

3. If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs 1 and 2, arising out of a breach by the sub-processor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the sub-processor agrees that the data subject may issue a claim against the data sub-processor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the sub-processor shall be limited to its own processing operations under the Clauses.
Clause 7
Mediation and jurisdiction


1. The data importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject:

(a) to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority;

(b) to refer the dispute to the courts in the Member State in which the data exporter is established.


2. The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.
Clause 8
Cooperation with supervisory authorities


1. The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.

2. The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any sub-processor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law.

3. The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any sub-processor preventing the conduct of an audit of the data importer, or any sub-processor, pursuant to paragraph 2. In such a case the data exporter shall be entitled to take the measures foreseen in Clause 5(b).
Clause 9
Governing law


The Clauses shall be governed by the law of the Member State in which the data exporter is established.
Clause 10
Variation of the contract


The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause.
Clause 11
Sub-processing


1. The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the sub-processor which imposes the same obligations on the sub-processor as are imposed on the data importer under the Clauses. Where the sub-processor fails to fulfil its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the sub-processor's obligations under such agreement.

2. The prior written contract between the data importer and the sub-processor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the sub-processor shall be limited to its own processing operations under the Clauses.

3. The provisions relating to data protection aspects for sub-processing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the data exporter is established.

4. The data exporter shall keep a list of sub-processing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5(j), which shall be updated at least once a year. The list shall be available to the data exporter's data protection supervisory authority.
Clause 12
Obligation after the termination of personal data-processing services


1. The parties agree that on the termination of the provision of data-processing services, the data importer and the sub-processor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.

2. The data importer and the sub-processor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data-processing facilities for an audit of the measures referred to in paragraph 1.
Appendix 1
to the Standard Contractual Clauses


This Appendix forms part of the Clauses and must be completed and signed by the parties

The Member States may complete or specify, according to their national procedures, any additional necessary information to be contained in this Appendix

Data exporter

The entity identified as "Controller" in the DPA.

Data importer

The data importer is (please specify briefly activities relevant to the transfer):

INSCOR LLC offers a telematics solution for insurance and fleet management.

Data subjects

The personal data transferred concern the following categories of data subjects (please specify):

Drivers who have a contract with the company exporter

Employees of an exporter company.



Categories of data

The personal data transferred concern the following categories of data (please specify):

● Driving style data, such as driving logic, location, speed, driving patterns; driver identification data, such as contract number; country; name, surname, gender; driving license; phone number; e-mail; vehicle data: name, registration number, date of issue, trade mark, vehicle model, category, body type, car color, VIN, year of issue, engine mileage (km), fuel type.

● Data subject's contact data; crash data recorded from the telematics device, such as degree of damage, impact strength, log data on the driver's behavior during the crash, e.g. per second speed indicator; driving style.

● Crash data recorded from the telematics device, such as degree of damage, impact strength, log data on the driver's behavior during the crash, e.g. second speed, driving style.

● Driving style data for a test, such as driving logic, location, speed, driving patterns; driver identification data, such as contract number, country, name, surname, gender; driving license; phone number; e-mail; vehicle data, such as brand name, registration number, date of issue, trade mark, vehicle model, category, body type, car color, VIN, year of issue, engine mileage (km), fuel type.

● Eco index data, such as the fuel economy of the vehicle, the distance driven. vehicle data, such as brand name, registration number, date of issue, trade mark, vehicle model, category, body type, VIN, year of issue, engine mileage (km), fuel type.

Special categories of data (if appropriate)

The personal data transferred concern the following special categories of data (please specify): none

Processing operations

The personal data transferred will be subject to the following basic processing activities (please specify):

The data processing shall serve the purpose of providing a software solution for performing tasks of the insurance companies, such as scoring, notification about the accidents, avoiding fraud, accident reconstructions, provision of insurance portfolio, as described in the ToU being an integral part of the Service. The duration of the processing shall be in line with the duration of the provision of the Service.
Appendix 2
to the Standard Contractual Clauses


This Appendix forms part of the Clauses and must be completed and signed by the parties.
Description of the technical and organisational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c) (or document/legislation attached):
To ensure the security of the processing of personal data, INSCOR shall take the necessary legal, organizational and technical measures.
The measures to ensure the security of personal data are based on the following principles:
centralisation - the databases containing the personal data, as well as data protection means shall be centrally managed;
timeliness - personal data security measures applied within INSCOR shall be timely;
targeted - personal data security measures applied within INSCOR A should have clear objectives to which they are directed;
comprehensiveness - INSCOR 's information security system should include a set of measures aimed at ensuring the security of personal data that are complementary and mutually supportive;
preventative measures - personal data security measures implemented within INSCOR should be preventive in nature;
reliability - measures to protect personal data must provide sufficient assurance to INSCOR that the processed personal data are properly protected.
For the purpose of internal control of compliance of the database processing with the established requirements, INSCOR has organized periodic inspections of the database conditions.
INSCOR A ensures that Information relating to personal data that is processed by us is confidential and protected by law.
INSCOR employees and other persons who have gained access to the personal data processed have signed an obligation of non-disclosure of confidential information, and have been warned of possible disciplinary, administrative, civil and criminal liability in case of violation of the norms and requirements of the current legislation in the field of personal data processing.
INSCOR 's contracts with the counterparties contain conditions of confidentiality of personal data transmitted and received, including contracts with the persons involved in the personal data processing.
Made on
Tilda