Symbo - Sales Engagement Essentials

Terms and Conditions

Last updated 5/7/2024

AGREEMENT TO TERMS

These Terms of Use constitute a legally binding agreement made between you, whether personally or on behalf of an entity ("you") and Symbo LLC ("Company", "we", "us", or "our"), concerning your access to and use of the https://symbo.ai website as well as any other media form, media channel, mobile website or mobile application related, linked, or otherwise connected thereto (collectively, the "Site"). We are registered in Utah, United States and have our registered office at 2940 W Maple Loop Dr, Suite 303, Lehi, UT 84043. You agree that by accessing the Site, you have read, understood, and agree to be bound by all of these Terms of Use. IF YOU DO NOT AGREE WITH ALL OF THESE TERMS OF USE, THEN YOU ARE EXPRESSLY PROHIBITED FROM USING THE SITE AND YOU MUST DISCONTINUE USE IMMEDIATELY.

Supplemental terms and conditions or documents that may be posted on the Site from time to time are hereby expressly incorporated herein by reference. We reserve the right, in our sole discretion, to make changes or modifications to these Terms of Use at any time and for any reason. We will alert you about any changes by updating the "Last updated" date of these Terms of Use, and you waive any right to receive specific notice of each such change. Please ensure that you check the applicable Terms every time you use our Site so that you understand which Terms apply. You will be subject to, and will be deemed to have been made aware of and to have accepted, the changes in any revised Terms of Use by your continued use of the Site after the date such revised Terms of Use are posted.

The information provided on the Site is not intended for distribution to or use by any person or entity in any jurisdiction or country where such distribution or use would be contrary to law or regulation or which would subject us to any registration requirement within such jurisdiction or country. Accordingly, those persons who choose to access the Site from other locations do so on their own initiative and are solely responsible for compliance with local laws, if and to the extent local laws are applicable

The Site is not tailored to comply with industry-specific regulations (Health Insurance Portability and Accountability Act (HIPAA), Federal Information Security Management Act (FISMA), etc.), so if your interactions would be subjected to such laws, you may not use this Site. You may not use the Site in a way that would violate the Gramm-Leach-Bliley Act (GLBA).

The Site is intended for users who are at least 18 years old. Persons under the age of 18 are not permitted to use or register for the Site.

INTELLECTUAL PROPERTY RIGHTS

Unless otherwise indicated, the Site is our proprietary property and all source code, databases, functionality, software, website designs, audio, video, text, photographs, and graphics on the Site (collectively, the "Content") and the trademarks, service marks, and logos contained therein (the "Marks") are owned or controlled by us or licensed to us, and are protected by copyright and trademark laws and various other intellectual property rights and unfair competition laws of the United States, international copyright laws, and international conventions. The Content and the Marks are provided on the Site "AS IS" for your information and personal use only. Except as expressly provided in these Terms of Use, no part of the Site and no Content or Marks may be copied, reproduced, aggregated, republished, uploaded, posted, publicly displayed, encoded, translated, transmitted, distributed, sold, licensed, or otherwise exploited for any commercial purpose whatsoever, without our express prior written permission.

Provided that you are eligible to use the Site, you are granted a limited license to access and use the Site and to download or print a copy of any portion of the Content to which you have properly gained access solely for your personal, non-commercial use. We reserve all rights not expressly granted to you in and to the Site, the Content and the Marks.

USER REPRESENTATIONS

By using the Site, you represent and warrant that: (1) all registration information you submit will be true, accurate, current, and complete; (2) you will maintain the accuracy of such information and promptly update such registration information as necessary; (3) you have the legal capacity and you agree to comply with these Terms of Use; (4) you are not a minor in the jurisdiction in which you reside; (5) you will not access the Site through automated or non-human means, whether through a bot, script or otherwise; (6) you will not use the Site for any illegal or unauthorized purpose; and (7) your use of the Site will not violate any applicable law or regulation.

If you provide any information that is untrue, inaccurate, not current, or incomplete, we have the right to suspend or terminate your account and refuse any and all current or future use of the Site (or any portion thereof).

USER REGISTRATION

You may be required to register with the Site. You agree to keep your password confidential and will be responsible for all use of your account and password. We reserve the right to remove, reclaim, or change a username you select if we determine, in our sole discretion, that such username is inappropriate, obscene, or otherwise objectionable.

FEES AND PAYMENTS

We accept the following forms of payment:

ACH
Visa
Mastercard
American Express
Discover

You may be required to purchase or pay a fee to access some of our services. You agree to provide current, complete, and accurate purchase and account information for all purchases made via the Site. You further agree to promptly update account and payment information, including email address, payment method, and payment card expiration date, so that we can complete your transactions and contact you as needed. We bill you through an online billing account for purchases made via the Site. Sales tax will be added to the price of purchases as deemed required by us. We may change prices at any time at our sole discretion. All payments shall be in U.S. dollars.

You agree to pay all charges or fees at the prices then in effect for your purchases, and you authorize us to charge your chosen payment provider for any such amounts upon making your purchase. If your purchase is subject to recurring charges, then you consent to our charging your payment method on a recurring basis without requiring your prior approval for each recurring charge, until you notify us of your cancellation. See the Cancellation section for information about cancelling your service.

You agree to be responsible for any collection and attorney fees incurred as a result of non-payment. In the event of non-payment, you agree that all disputes will be resolved in accordance with the laws of the State of Utah and that any legal proceedings will be held in the courts located in Utah.

We reserve the right to correct any errors or mistakes in pricing, even if we have already requested or received payment. We also reserve the right to refuse any order placed through the Site.

CANCELLATION

All purchases are non-refundable. You may cancel your service at any time, unless otherwise agreed upon, by logging into your account billing management portal or contacting us using the contact information provided below. Your cancellation will take effect at the end of the current paid term. Customers under contracted service, may choose to cancel their contract during their License Period to end service; however, the remaining total contract value remains the customer's responsibility and will become due immediately upon cancellation.
‍
If you are unsatisfied with our services, please email us at legal@symbo.ai.

SOFTWARE

We may include software for use in connection with our services. If such software is accompanied by an end user license agreement ("EULA"), the terms of the EULA will govern your use of the software. If such software is not accompanied by a EULA, then we grant to you a non-exclusive, revocable, personal, and non-transferable license to use such software solely in connection with our services and in accordance with these Terms of Use. Any Software and any related documentation is provided "as is" without warranty of any kind, either express or implied, including, without limitation, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement. You accept any and all risk arising out of use or performance of any Software. You may not reproduce or redistribute any software except in accordance with the EULA or these Terms of Use.

PROHIBITED ACTIVITIES

You may not access or use the Site for any purpose other than that for which we make the Site available. The Site may not be used in connection with any commercial endeavors except those that are specifically endorsed or approved by us.

Systematically retrieve data or other content from the Site to create or compile, directly or indirectly, a collection, compilation, database, or directory without written permission from us.
Trick, defraud, or mislead us and other users, especially in any attempt to learn sensitive account information such as user passwords.
Circumvent, disable, or otherwise interfere with security-related features of the Site, including features that prevent or restrict the use or copying of any Content or enforce limitations on the use of the Site and/or the Content contained therein.
Disparage, tarnish, or otherwise harm, in our opinion, us and/or the Site.
Use any information obtained from the Site in order to harass, abuse, or harm another person.
Make improper use of our support services or submit false reports of abuse or misconduct.
Use the Site in a manner inconsistent with any applicable laws or regulations.
Engage in unauthorized framing of or linking to the Site.
Upload or transmit (or attempt to upload or to transmit) viruses, Trojan horses, or other material, including excessive use of capital letters and spamming (continuous posting of repetitive text), that interferes with any party's uninterrupted use and enjoyment of the Site or modifies, impairs, disrupts, alters, or interferes with the use, features, functions, operation, or maintenance of the Site.
Engage in any automated use of the system, such as using scripts to send comments or messages, or using any data mining, robots, or similar data gathering and extraction tools.
Delete the copyright or other proprietary rights notice from any Content.
Attempt to impersonate another user or person or use the username of another user.
Upload or transmit (or attempt to upload or to transmit) any material that acts as a passive or active information collection or transmission mechanism, including without limitation, clear graphics interchange formats ("gifs"), 1—1 pixels, web bugs, cookies, or other similar devices (sometimes referred to as "spyware" or "passive collection mechanisms" or "pcms").
Interfere with, disrupt, or create an undue burden on the Site or the networks or services connected to the Site.
Harass, annoy, intimidate, or threaten any of our employees or agents engaged in providing any portion of the Site to you.
Attempt to bypass any measures of the Site designed to prevent or restrict access to the Site, or any portion of the Site.
Copy or adapt the Site's software, including but not limited to Flash, PHP, HTML, JavaScript, or other code.
Except as permitted by applicable law, decipher, decompile, disassemble, or reverse engineer any of the software comprising or in any way making up a part of the Site.
Except as may be the result of standard search engine or Internet browser usage, use, launch, develop, or distribute any automated system, including without limitation, any spider, robot, cheat utility, scraper, or offline reader that accesses the Site, or using or launching any unauthorized script or other software.
Use a buying agent or purchasing agent to make purchases on the Site.
Make any unauthorized use of the Site, including collecting usernames and/or email addresses of users by electronic or other means for the purpose of sending unsolicited email, or creating user accounts by automated means or under false pretenses.
Use the Site as part of any effort to compete with us or otherwise use the Site and/or the Content for any revenue-generating endeavor or commercial enterprise.

USER GENERATED CONTRIBUTIONS

The Site may invite you to chat, contribute to, or participate in blogs, message boards, online forums, and other functionality, and may provide you with the opportunity to create, submit, post, display, transmit, perform, publish, distribute, or broadcast content and materials to us or on the Site, including but not limited to text, writings, video, audio, photographs, graphics, comments, suggestions, or personal information or other material (collectively, "Contributions"). Contributions may be viewable by other users of the Site and through third-party websites. As such, any Contributions you transmit may be treated as non-confidential and non-proprietary. When you create or make available any Contributions, you thereby represent and warrant that:

The creation, distribution, transmission, public display, or performance, and the accessing, downloading, or copying of your Contributions do not and will not infringe the proprietary rights, including but not limited to the copyright, patent, trademark, trade secret, or moral rights of any third party.
You are the creator and owner of or have the necessary licenses, rights, consents, releases, and permissions to use and to authorize us, the Site, and other users of the Site to use your Contributions in any manner contemplated by the Site and these Terms of Use.
You have the written consent, release, and/or permission of each and every identifiable individual person in your Contributions to use the name or likeness of each and every such identifiable individual person to enable inclusion and use of your Contributions in any manner contemplated by the Site and these Terms of Use.
Your Contributions are not false, inaccurate, or misleading.
Your Contributions are not unsolicited or unauthorized advertising, promotional materials, pyramid schemes, chain letters, spam, mass mailings, or other forms of solicitation.
Your Contributions are not obscene, lewd, lascivious, filthy, violent, harassing, libelous, slanderous, or otherwise objectionable (as determined by us).
Your Contributions do not ridicule, mock, disparage, intimidate, or abuse anyone.
Your Contributions are not used to harass or threaten (in the legal sense of those terms) any other person and to promote violence against a specific person or class of people.
Your Contributions do not violate any applicable law, regulation, or rule.
Your Contributions do not violate the privacy or publicity rights of any third party.
Your Contributions do not violate any applicable law concerning or otherwise intended to protect the health or well-being of minors.
Your Contributions do not include any offensive comments that are connected to race, national origin, gender, sexual preference, or physical handicap.
Your Contributions do not otherwise violate, or link to material that violates, any provision of these Terms of Use, or any applicable law or regulation.

Any use of the Site in violation of the foregoing violates these Terms of Use and may result in, among other things, termination or suspension of your rights to use the Site.

USER GENERATED CONTRIBUTIONS

By posting your Contributions to any part of the Site or making Contributions accessible to the Site by linking your account from the Site to any of your social networking accounts, you automatically grant, and you represent and warrant that you have the right to grant, to us an unrestricted, unlimited, irrevocable, perpetual, non-exclusive, transferable, royalty-free, fully-paid, worldwide right, and license to host, use, copy, reproduce, disclose, sell, resell, publish, broadcast, retitle, archive, store, cache, publicly perform, publicly display, reformat, translate, transmit, excerpt (in whole or in part), and distribute such Contributions (including, without limitation, your image and voice) for any purpose, commercial, advertising, or otherwise, and to prepare derivative works of, or incorporate into other works, such Contributions, and grant and authorize sublicenses of the foregoing. The use and distribution may occur in any media formats and through any media channels.

This license will apply to any form, media, or technology now known or hereafter developed, and includes our use of your name, company name, and franchise name, as applicable, and any of the trademarks, service marks, trade names, logos, and personal and commercial images you provide. You waive all moral rights in your Contributions, and you warrant that moral rights have not otherwise been asserted in your Contributions.

We do not assert any ownership over your Contributions. You retain full ownership of all of your Contributions and any intellectual property rights or other proprietary rights associated with your Contributions. We are not liable for any statements or representations in your Contributions provided by you in any area on the Site. You are solely responsible for your Contributions to the Site and you expressly agree to exonerate us from any and all responsibility and to refrain from any legal action against us regarding your Contributions.

We have the right, in our sole and absolute discretion, (1) to edit, redact, or otherwise change any Contributions; (2) to re-categorize any Contributions to place them in more appropriate locations on the Site; and (3) to pre-screen or delete any Contributions at any time and for any reason, without notice. We have no obligation to monitor your Contributions

SOCIAL MEDIA

As part of the functionality of the Site, you may link your account with online accounts you have with third-party service providers (each such account, a "Third-Party Account") by either: (1) providing your Third-Party Account login information through the Site; or (2) allowing us to access your Third-Party Account, as is permitted under the applicable terms and conditions that govern your use of each Third-Party Account. You represent and warrant that you are entitled to disclose your Third-Party Account login information to us and/or grant us access to your Third-Party Account, without breach by you of any of the terms and conditions that govern your use of the applicable Third-Party Account, and without obligating us to pay any fees or making us subject to any usage limitations imposed by the third-party service provider of the Third-Party Account. By granting us access to any Third-Party Accounts, you understand that (1) we may access, make available, and store (if applicable) any content that you have provided to and stored in your Third-Party Account (the "Social Network Content") so that it is available on and through the Site via your account, including without limitation any friend lists and (2) we may submit to and receive from your Third-Party Account additional information to the extent you are notified when you link your account with the Third-Party Account. Depending on the Third-Party Accounts you choose and subject to the privacy settings that you have set in such Third-Party Accounts, personally identifiable information that you post to your Third-Party Accounts may be available on and through your account on the Site. Please note that if a Third-Party Account or associated service becomes unavailable or our access to such Third-Party Account is terminated by the third-party service provider, then Social Network Content may no longer be available on and through the Site. You will have the ability to disable the connection between your account on the Site and your Third-Party Accounts at any time. PLEASE NOTE THAT YOUR RELATIONSHIP WITH THE THIRD-PARTY SERVICE PROVIDERS ASSOCIATED WITH YOUR THIRD-PARTY ACCOUNTS IS GOVERNED SOLELY BY YOUR AGREEMENT(S) WITH SUCH THIRD-PARTY SERVICE PROVIDERS. We make no effort to review any Social Network Content for any purpose, including but not limited to, for accuracy, legality, or non-infringement, and we are not responsible for any Social Network Content. You acknowledge and agree that we may access your email address book associated with a Third-Party Account and your contacts list stored on your mobile device or tablet computer solely for purposes of identifying and informing you of those contacts who have also registered to use the Site. You can deactivate the connection between the Site and your Third-Party Account by contacting us using the contact information below or through your account settings (if applicable). We will attempt to delete any information stored on our servers that was obtained through such Third-Party Account, except the username and profile picture that become associated with your account.

SUBMISSIONS

You acknowledge and agree that any questions, comments, suggestions, ideas, feedback, or other information regarding the Site ("Submissions") provided by you to us are non-confidential and shall become our sole property. We shall own exclusive rights, including all intellectual property rights, and shall be entitled to the unrestricted use and dissemination of these Submissions for any lawful purpose, commercial or otherwise, without acknowledgment or compensation to you. You hereby waive all moral rights to any such Submissions, and you hereby warrant that any such Submissions are original with you or that you have the right to submit such Submissions. You agree there shall be no recourse against us for any alleged or actual infringement or misappropriation of any proprietary right in your Submissions.

THIRD-PARTY WEBSITES AND CONTENT

The Site may contain (or you may be sent via the Site) links to other websites ("Third-Party Websites") as well as articles, photographs, text, graphics, pictures, designs, music, sound, video, information, applications, software, and other content or items belonging to or originating from third parties ("Third-Party Content"). Such Third-Party Websites and Third-Party Content are not investigated, monitored, or checked for accuracy, appropriateness, or completeness by us, and we are not responsible for any Third-Party Websites accessed through the Site or any Third-Party Content posted on, available through, or installed from the Site, including the content, accuracy, offensiveness, opinions, reliability, privacy practices, or other policies of or contained in the Third-Party Websites or the Third-Party Content. Inclusion of, linking to, or permitting the use or installation of any Third-Party Websites or any Third-Party Content does not imply approval or endorsement thereof by us. If you decide to leave the Site and access the Third-Party Websites or to use or install any Third-Party Content, you do so at your own risk, and you should be aware these Terms of Use no longer govern. You should review the applicable terms and policies, including privacy and data gathering practices, of any website to which you navigate from the Site or relating to any applications you use or install from the Site. Any purchases you make through Third-Party Websites will be through other websites and from other companies, and we take no responsibility whatsoever in relation to such purchases which are exclusively between you and the applicable third party. You agree and acknowledge that we do not endorse the products or services offered on Third-Party Websites and you shall hold us harmless from any harm caused by your purchase of such products or services. Additionally, you shall hold us harmless from any losses sustained by you or harm caused to you relating to or resulting in any way from any Third-Party Content or any contact with Third-Party Websites.

U.S. GOVERNMENT RIGHTS

Our services are "commercial items" as defined in Federal Acquisition Regulation ("FAR") 2.101. If our services are acquired by or on behalf of any agency not within the Department of Defense ("DOD"), our services are subject to the terms of these Terms of Use in accordance with FAR 12.212 (for computer software) and FAR 12.211 (for technical data). If our services are acquired by or on behalf of any agency within the Department of Defense, our services are subject to the terms of these Terms of Use in accordance with Defense Federal Acquisition Regulation ("DFARS") 227.7202"‘3. In addition, DFARS 252.227"‘7015 applies to technical data acquired by the DOD. This U.S. Government Rights clause is in lieu of, and supersedes, any other FAR, DFARS, or other clause or provision that addresses government rights in computer software or technical data under these Terms of Use.

SITE MANAGEMENT

We reserve the right, but not the obligation, to: (1) monitor the Site for violations of these Terms of Use; (2) take appropriate legal action against anyone who, in our sole discretion, violates the law or these Terms of Use, including without limitation, reporting such user to law enforcement authorities; (3) in our sole discretion and without limitation, refuse, restrict access to, limit the availability of, or disable (to the extent technologically feasible) any of your Contributions or any portion thereof; (4) in our sole discretion and without limitation, notice, or liability, to remove from the Site or otherwise disable all files and content that are excessive in size or are in any way burdensome to our systems; and (5) otherwise manage the Site in a manner designed to protect our rights and property and to facilitate the proper functioning of the Site.

PRIVACY POLICY

We care about data privacy and security. Please review our Privacy Policy: https://symbo.ai/privacy. By using the Site, you agree to be bound by our Privacy Policy, which is incorporated into these Terms of Use. Please be advised the Site is hosted in the United States. If you access the Site from any other region of the world with laws or other requirements governing personal data collection, use, or disclosure that differ from applicable laws in the United States, then through your continued use of the Site, you are transferring your data to the United States, and you agree to have your data transferred to and processed in the United States.

TERM AND TERMINATION

These Terms of Use shall remain in full force and effect while you use the Site. WITHOUT LIMITING ANY OTHER PROVISION OF THESE TERMS OF USE, WE RESERVE THE RIGHT TO, IN OUR SOLE DISCRETION AND WITHOUT NOTICE OR LIABILITY, DENY ACCESS TO AND USE OF THE SITE (INCLUDING BLOCKING CERTAIN IP ADDRESSES), TO ANY PERSON FOR ANY REASON OR FOR NO REASON, INCLUDING WITHOUT LIMITATION FOR BREACH OF ANY REPRESENTATION, WARRANTY, OR COVENANT CONTAINED IN THESE TERMS OF USE OR OF ANY APPLICABLE LAW OR REGULATION. WE MAY TERMINATE YOUR USE OR PARTICIPATION IN THE SITE OR DELETE YOUR ACCOUNT AND ANY CONTENT OR INFORMATION THAT YOU POSTED AT ANY TIME, WITHOUT WARNING, IN OUR SOLE DISCRETION.

If we terminate or suspend your account for any reason, you are prohibited from registering and creating a new account under your name, a fake or borrowed name, or the name of any third party, even if you may be acting on behalf of the third party. In addition to terminating or suspending your account, we reserve the right to take appropriate legal action, including without limitation pursuing civil, criminal, and injunctive redress.

MODIFICATIONS AND INTERRUPTIONS

We reserve the right to change, modify, or remove the contents of the Site at any time or for any reason at our sole discretion without notice. However, we have no obligation to update any information on our Site. We also reserve the right to modify or discontinue all or part of the Site without notice at any time. We will not be liable to you or any third party for any modification, price change, suspension, or discontinuance of the Site

We cannot guarantee the Site will be available at all times. We may experience hardware, software, or other problems or need to perform maintenance related to the Site, resulting in interruptions, delays, or errors. We reserve the right to change, revise, update, suspend, discontinue, or otherwise modify the Site at any time or for any reason without notice to you. You agree that we have no liability whatsoever for any loss, damage, or inconvenience caused by your inability to access or use the Site during any downtime or discontinuance of the Site. Nothing in these Terms of Use will be construed to obligate us to maintain and support the Site or to supply any corrections, updates, or releases in connection therewith.

GOVERNING LAW

These Terms of Use and your use of the Site are governed by and construed in accordance with the laws of the State of Utah applicable to agreements made and to be entirely performed within the State of Utah, without regard to its conflict of law principles.

DISPUTE RESOLUTION & BINDING ARBITRATION

If the Parties are unable to resolve a Dispute through informal negotiations, the Dispute (except those Disputes expressly excluded below) will be finally and exclusively resolved by binding arbitration. YOU UNDERSTAND THAT WITHOUT THIS PROVISION, YOU WOULD HAVE THE RIGHT TO SUE IN COURT AND HAVE A JURY TRIAL. The arbitration shall be commenced and conducted under the Commercial Arbitration Rules of the American Arbitration Association ("AAA") and, where appropriate, the AAA"™s Supplementary Procedures for Consumer Related Disputes ("AAA Consumer Rules"), both of which are available at the AAA website www.adr.org. Your arbitration fees and your share of arbitrator compensation shall be governed by the AAA Consumer Rules and, where appropriate, limited by the AAA Consumer Rules. The arbitration may be conducted in person, through the submission of documents, by phone, or online. The arbitrator will make a decision in writing, but need not provide a statement of reasons unless requested by either Party. The arbitrator must follow applicable law, and any award may be challenged if the arbitrator fails to do so. Except where otherwise required by the applicable AAA rules or applicable law, the arbitration will take place in Salt Lake County, Utah. Except as otherwise provided herein, the Parties may litigate in court to compel arbitration, stay proceedings pending arbitration, or to confirm, modify, vacate, or enter judgment on the award entered by the arbitrator.

If for any reason, a Dispute proceeds in court rather than arbitration, the Dispute shall be commenced or prosecuted in the state and federal courts located in Salt Lake County, Utah, and the Parties hereby consent to, and waive all defenses of lack of personal jurisdiction, and forum non conveniens with respect to venue and jurisdiction in such state and federal courts. Application of the United Nations Convention on Contracts for the International Sale of Goods and the Uniform Computer Information Transaction Act (UCITA) are excluded from these Terms of Use.

In no event shall any Dispute brought by either Party related in any way to the Site be commenced more than one (1) years after the cause of action arose. If this provision is found to be illegal or unenforceable, then neither Party will elect to arbitrate any Dispute falling within that portion of this provision found to be illegal or unenforceable and such Dispute shall be decided by a court of competent jurisdiction within the courts listed for jurisdiction above, and the Parties agree to submit to the personal jurisdiction of that court.

RESTRICTIONS

The Parties agree that any arbitration shall be limited to the Dispute between the Parties individually. To the full extent permitted by law, (a) no arbitration shall be joined with any other proceeding; (b) there is no right or authority for any Dispute to be arbitrated on a class-action basis or to utilize class action procedures; and (c) there is no right or authority for any Dispute to be brought in a purported representative capacity on behalf of the general public or any other persons.

EXCEPTIONS TO ARBITRATION

The Parties agree that the following Disputes are not subject to the above provisions concerning binding arbitration: (a) any Disputes seeking to enforce or protect, or concerning the validity of, any of the intellectual property rights of a Party; (b) any Dispute related to, or arising from, allegations of theft, piracy, invasion of privacy, or unauthorized use; (c) any claim for injunctive relief; (d) disputes arising from non-payment of services rendered or agreed upon by contract. If this provision is found to be illegal or unenforceable, then neither Party will elect to arbitrate any Dispute falling within that portion of this provision found to be illegal or unenforceable and such Dispute shall be decided by a court of competent jurisdiction within the courts listed for jurisdiction above, and the Parties agree to submit to the personal jurisdiction of that court.

CORRECTIONS

There may be information on the Site that contains typographical errors, inaccuracies, or omissions, including descriptions, pricing, availability, and various other information. We reserve the right to correct any errors, inaccuracies, or omissions and to change or update the information on the Site at any time, without prior notice.

DISCLAIMER

THE SITE IS PROVIDED ON AN AS-IS AND AS-AVAILABLE BASIS. YOU AGREE THAT YOUR USE OF THE SITE AND OUR SERVICES WILL BE AT YOUR SOLE RISK. TO THE FULLEST EXTENT PERMITTED BY LAW, WE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, IN CONNECTION WITH THE SITE AND YOUR USE THEREOF, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. WE MAKE NO WARRANTIES OR REPRESENTATIONS ABOUT THE ACCURACY OR COMPLETENESS OF THE SITE"™S CONTENT OR THE CONTENT OF ANY WEBSITES LINKED TO THE SITE AND WE WILL ASSUME NO LIABILITY OR RESPONSIBILITY FOR ANY (1) ERRORS, MISTAKES, OR INACCURACIES OF CONTENT AND MATERIALS, (2) PERSONAL INJURY OR PROPERTY DAMAGE, OF ANY NATURE WHATSOEVER, RESULTING FROM YOUR ACCESS TO AND USE OF THE SITE, (3) ANY UNAUTHORIZED ACCESS TO OR USE OF OUR SECURE SERVERS AND/OR ANY AND ALL PERSONAL INFORMATION AND/OR FINANCIAL INFORMATION STORED THEREIN, (4) ANY INTERRUPTION OR CESSATION OF TRANSMISSION TO OR FROM THE SITE, (5) ANY BUGS, VIRUSES, TROJAN HORSES, OR THE LIKE WHICH MAY BE TRANSMITTED TO OR THROUGH THE SITE BY ANY THIRD PARTY, AND/OR (6) ANY ERRORS OR OMISSIONS IN ANY CONTENT AND MATERIALS OR FOR ANY LOSS OR DAMAGE OF ANY KIND INCURRED AS A RESULT OF THE USE OF ANY CONTENT POSTED, TRANSMITTED, OR OTHERWISE MADE AVAILABLE VIA THE SITE. WE DO NOT WARRANT, ENDORSE, GUARANTEE, OR ASSUME RESPONSIBILITY FOR ANY PRODUCT OR SERVICE ADVERTISED OR OFFERED BY A THIRD PARTY THROUGH THE SITE, ANY HYPERLINKED WEBSITE, OR ANY WEBSITE OR MOBILE APPLICATION FEATURED IN ANY BANNER OR OTHER ADVERTISING, AND WE WILL NOT BE A PARTY TO OR IN ANY WAY BE RESPONSIBLE FOR MONITORING ANY TRANSACTION BETWEEN YOU AND ANY THIRD-PARTY PROVIDERS OF PRODUCTS OR SERVICES. AS WITH THE PURCHASE OF A PRODUCT OR SERVICE THROUGH ANY MEDIUM OR IN ANY ENVIRONMENT, YOU SHOULD USE YOUR BEST JUDGMENT AND EXERCISE CAUTION WHERE APPROPRIATE.

LIMITATIONS OF LIABILITY

IN NO EVENT WILL WE OR OUR DIRECTORS, EMPLOYEES, OR AGENTS BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, EXEMPLARY, INCIDENTAL, SPECIAL, OR PUNITIVE DAMAGES, INCLUDING LOST PROFIT, LOST REVENUE, LOSS OF DATA, OR OTHER DAMAGES ARISING FROM YOUR USE OF THE SITE, EVEN IF WE HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. NOTWITHSTANDING ANYTHING TO THE CONTRARY CONTAINED HEREIN, OUR LIABILITY TO YOU FOR ANY CAUSE WHATSOEVER AND REGARDLESS OF THE FORM OF THE ACTION, WILL AT ALL TIMES BE LIMITED TO THE AMOUNT PAID, IF ANY, BY YOU TO US DURING THE SIX (6) MONTH PERIOD PRIOR TO ANY CAUSE OF ACTION ARISING. CERTAIN US STATE LAWS AND INTERNATIONAL LAWS DO NOT ALLOW LIMITATIONS ON IMPLIED WARRANTIES OR THE EXCLUSION OR LIMITATION OF CERTAIN DAMAGES. IF THESE LAWS APPLY TO YOU, SOME OR ALL OF THE ABOVE DISCLAIMERS OR LIMITATIONS MAY NOT APPLY TO YOU, AND YOU MAY HAVE ADDITIONAL RIGHTS.

INDEMNIFICATION

You agree to defend, indemnify, and hold us harmless, including our subsidiaries, affiliates, and all of our respective officers, agents, partners, and employees, from and against any loss, damage, liability, claim, or demand, including reasonable attorneys"™ fees and expenses, made by any third party due to or arising out of: (1) your Contributions; (2) use of the Site; (3) breach of these Terms of Use; (4) any breach of your representations and warranties set forth in these Terms of Use; (5) your violation of the rights of a third party, including but not limited to intellectual property rights; or (6) any overt harmful act toward any other user of the Site with whom you connected via the Site. Notwithstanding the foregoing, we reserve the right, at your expense, to assume the exclusive defense and control of any matter for which you are required to indemnify us, and you agree to cooperate, at your expense, with our defense of such claims. We will use reasonable efforts to notify you of any such claim, action, or proceeding which is subject to this indemnification upon becoming aware of it.

USER DATA

We will maintain certain data that you transmit to the Site for the purpose of managing the performance of the Site, as well as data relating to your use of the Site. Although we perform regular routine backups of data, you are solely responsible for all data that you transmit or that relates to any activity you have undertaken using the Site. You agree that we shall have no liability to you for any loss or corruption of any such data, and you hereby waive any right of action against us arising from any such loss or corruption of such data.

ELECTRONIC COMMUNICATIONS, TRANSACTIONS, AND SIGNATURES

Visiting the Site, sending us emails, and completing online forms constitute electronic communications. You consent to receive electronic communications, and you agree that all agreements, notices, disclosures, and other communications we provide to you electronically, via email and on the Site, satisfy any legal requirement that such communication be in writing. YOU HEREBY AGREE TO THE USE OF ELECTRONIC SIGNATURES, CONTRACTS, ORDERS, AND OTHER RECORDS, AND TO ELECTRONIC DELIVERY OF NOTICES, POLICIES, AND RECORDS OF TRANSACTIONS INITIATED OR COMPLETED BY US OR VIA THE SITE. You hereby waive any rights or requirements under any statutes, regulations, rules, ordinances, or other laws in any jurisdiction which require an original signature or delivery or retention of non-electronic records, or to payments or the granting of credits by any means other than electronic means.

CALIFORNIA USERS AND RESIDENTS

If any complaint with us is not satisfactorily resolved, you can contact the Complaint Assistance Unit of the Division of Consumer Services of the California Department of Consumer Affairs in writing at 1625 North Market Blvd., Suite N 112, Sacramento, California 95834 or by telephone at (800) 952-5210 or (916) 445-1254.

MISCELLANEOUS

These Terms of Use and any policies or operating rules posted by us on the Site or in respect to the Site constitute the entire agreement and understanding between you and us. Our failure to exercise or enforce any right or provision of these Terms of Use shall not operate as a waiver of such right or provision. These Terms of Use operate to the fullest extent permissible by law. We may assign any or all of our rights and obligations to others at any time. We shall not be responsible or liable for any loss, damage, delay, or failure to act caused by any cause beyond our reasonable control. If any provision or part of a provision of these Terms of Use is determined to be unlawful, void, or unenforceable, that provision or part of the provision is deemed severable from these Terms of Use and does not affect the validity and enforceability of any remaining provisions. There is no joint venture, partnership, employment or agency relationship created between you and us as a result of these Terms of Use or use of the Site. You agree that these Terms of Use will not be construed against us by virtue of having drafted them. You hereby waive any and all defenses you may have based on the electronic form of these Terms of Use and the lack of signing by the parties hereto to execute these Terms of Use.

CALLING PACKAGE

This section applies if the Customer has obtained or is using a specific type of Subscription Service through the Symbo platform, which allows the Customer to make calls to their customers and potential customers.

Definitions:

"Unlimited Calling Services" refers to any services through which the Customer can make phone calls without being charged based on actual usage. Our Unlimited Calling Service includes US and CA dialing with some exclusions. Customer may wish to subscribe to other Unlimited Calling Services by contacting our team.
"Unlimited Calling Users" refers to individual users for whom the Customer has obtained the right to use the Unlimited Calling Services.
"Excessive Usage" is defined as a month in which the Customer's total usage of any Unlimited Calling Services exceeds 2,000 minutes per Unlimited Calling User, with all minutes being pooled (i.e. if the Customer has ten (10) Unlimited Calling Users, they may use up to 20,000 minutes per month).

Excessive Usage Policy:
If the Customer engages in Excessive Usage of the Unlimited Calling Services during any two (2) months within a rolling twelve (12) month period, Symbo may charge for usage beyond the permitted usage as outlined in the Excessive Usage definition.

Variable Calling:
If the Customer has not obtained access to Unlimited Calling Services or wishes to call or text to a jurisdiction not covered by these services, additional fees will apply and will be based on actual usage on a per minute basis (“Variable Calling”). Minutes are rounded up to the next full minute. The Customer will be invoiced for the prior month's usage and by using this functionality, they agree to pay for all such usage. The rates for Variable Calling are determined by various factors, including the location of the call or text origin and the recipient's location. For more information about rates, exclusions, and international dialing packages, contact us at team@symbo.ai.

USAGE POLICY

By utilizing Symbo’s services, you affirm and guarantee that you have obtained the necessary consent from the owners of the phone numbers to whom you send messages or conduct broadcasts using our services. This includes their permission to receive such communications. You commit to including explicit opt-out/unsubscribe information in every fifth text message transmitted through Symbo’s services and to adhere to the Consumer Best Practices Guidelines issued by the Mobile Marketing Association. Moreover, any individual who requests "Do-Not-Call" ("DNC") status must promptly be added to your DNC list and eliminated from your list of contacts used with Symbo services.

You are obligated to acquaint yourself with and comply with all applicable local, state, national, and international laws and regulations. You bear sole responsibility for all activities under your account, specifically the content of messages and broadcasts sent through Symbo’s services. You must familiarize yourself with the legal requirements of any messages, calls, broadcasts, and campaigns by consulting relevant legal and regulatory websites, such as:

Federal Trade Commission: http://www.ftc.gov
Federal Communications Commission: http://www.fcc.gov
DoNotCall Registry: http://www.donotcall.gov

Laws and regulations, including the Telephone Consumer Protection Act ("TCPA"), impose restrictions on certain types of phone calls and text messages. Symbo does not interpret these laws but provides these references as a courtesy. It is your responsibility to ensure compliance with legal standards prior to using Symbo's services.

It is your duty to conduct campaigns responsibly and respectfully, complying with all applicable calling time rules and regulations. You must secure any necessary rights or licenses for any data used in your messages, including sound files. If you are uncertain about the legality of any message, broadcast or campaign, consult with a legal advisor before using our services.

Symbo’s services are intended for professional use only, and you agree that your use of our services will not include:

Federal Trade Commission: http://www.ftc.gov
Federal Communications Commission: http://www.fcc.gov
DoNotCall Registry: http://www.donotcall.gov
Sending unsolicited marketing messages or broadcasts (spam).
Making calls to emergency services, such as hospitals, fire, police, 911, or utility-related numbers.
Using sequences of numbers unlawfully in multi-line businesses.
Collecting information about others without their consent.
Misrepresenting the identity of the sender of your messages, impersonating someone else, or using incorrect contact details.
Transmitting unlawful, racist, harassing, libelous, abusive, threatening, immoral, harmful, or obscene material.
Transmitting material that infringes on the intellectual property rights of others.
Transmitting any material that contains harmful software, such as viruses or worms.
Interfering with or disrupting networks connected to the services or violating network regulations.
Attempting unauthorized access to the services, other accounts, or networks.
Interfering with others’ use of the services or engaging in activities that could subject Symbo to legal action.

You must provide legal contact information in any outbound campaign within the initial greeting message. Symbo is not responsible for the content or accuracy of your messages and broadcasts and assumes good faith in your compliant use of our services. Symbo will not be liable for any misuse of the services by you. We are not responsible for the views and opinions contained in your messages or broadcasts.

CONTACT US

In order to resolve a complaint regarding the Site or to receive further information regarding use of the Site, please contact us at:

Symbo LLC
2940 W Maple Loop Dr.
LEHI, UT 84043
legal@symbo.ai

Privacy Policy

Some Notes On Our Relationship

This Privacy Statement applies to "symbo.ai" and the engagement platform service at. which are owned and operated by Symbo LLC. At Symbo, we are committed to maintaining the confidentiality and security of any personal information about our users. Your privacy is always at the top of our priorities, and we are focused on protecting it from unauthorized access.
‍
This Privacy Policy supplements our Terms & Conditions and spells out how we collect, use, and disclose information from or about you through our website www.symbo.ai and the Symbo platform. Users can access the Symbo platform via our extension in the chrome store, applications on Devices, APIs, and third-parties. A "Device" is any device used to access the Symbo platform, including without limitation a computer, mobile phone, tablet, or other electronic device. By using our Service, you are consenting to the collection, transfer, processing, storage, disclosure and other uses described in this Privacy Policy. The use of information collected through our service shall be limited to the purpose of providing the service for which the Symbo client ("Client") has engaged Symbo.

The Information We Collect and Store

Symbo employees are prohibited from viewing the content of the data you import into your Symbo account, except as provided in this Privacy Policy. Of course, in the case that you request our help to resolve your support issues relating to that data, and only after receiving your permission, Symbo employees may access the relevant data.

Information You provide

When you register for an account, we collect some personal information, such as your name, phone number, email address, and home and/or business postal addresses. You may also ask us to import your contacts and email history by giving us access to your third party services (for example, your email account) or to use your social networking information if you give us access to your account on social network connection services. In fact, in order to use our Service, you must link a third party email account to your Symbo account. We then import, create, and update versions of your address book and emails for you to access in Symbo. You will also have the option to import and update versions of your calendar, social media contacts, and mobile phone call history, and you can later choose to upload files to, or provide comments through, Symbo.
‍
When we configure and customize deals, or manage and perform recurring billing, we may also ask you to provide information such as, but not limited to, your bank account number; credit card number; national ID number, insurance number, social security number; taxpayer identification number, tax file number, passport number, and driver's license number.

Collection and Use of 3rd Party Personal Information

You may also provide personal information about other people, such as their email address. This information is only used for the sole purpose of completing your request or for whatever reason it may have been provided.
If you believe that one of your contacts has provided us with your personal information and you would like to request that it be removed from our database, please contact us at team@symbo.ai

Your Data and Other Information About You

With your permission (which you grant when you sign up for or begin using our platform), Symbo collects and stores information you provide or that we collect in order to administer our Services and/or as otherwise described in this Privacy Policy or our Terms & Conditions.

User Data Supplementation

We may receive additional demographic information about you from other sources, including publicly available databases or third parties from whom we have purchased data, and combine this data with information we already have about you. This helps us to update, expand and analyze our records, identify new customers, and provide products and services that may be of interest to you. If you provide us personal information about others, or if others give us your information, we will only use that information for the specific reason for which it was provided to us.
‍
Symbo obtains this business contact and company information from third party sources, such as business intelligence platforms. The information obtained by these third-party sources is from publicly available sources such as news articles. This information is used to support Symbo’s marketing and sales efforts. The Symbo sales team may contact you based on this information to gauge your company’s interest in Symbo’s services and technology solutions. You may opt-out of these communications at any time by clicking the unsubscribe link provided in the email or by sending a request to the Symbo Technical Support team by emailing team@symbo.ai

Log Data

When you use the platform, we automatically collect certain information from your Device, its software, and your activity using the Services. This may include, for example (but without limitation), the Device's Internet Protocol ("IP") address, browser type, the web page visited before or after you came to our website, information you search for on our website, locale preferences, identification numbers associated with your Devices, your mobile carrier, date and time stamps associated with transactions, system configuration information, metadata, and interactions with the Service, Internet service provider, referring/exit pages, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data to analyze trends in the aggregate and administer the site.

Cookies

Symbo and its partners use cookies or similar technologies to analyze trends, administer the website, track users’ movements around the website, and to gather demographic information about our user base as a whole. You can control the use of cookies at the individual browser level, but if you choose to disable cookies, it may limit your use of certain features or functions on our website or service.

Social Media Widgets/Buttons

Our website includes social media features, such as the Facebook Like button and widgets, such as the "Share This" button for Twitter and LinkedIn. These features may collect your IP address and the page you are visiting on our site, and they may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our site. Your interactions with these features are governed by the privacy policy of the company providing it.

Purpose and Legal Basis for Using Personal Information

In the course of using the Service, we may collect or otherwise obtain information that can be used to contact or identify you ("Personal Information"). Under one or more of the following GDPR lawful bases:
Data subject has given consent to the processing of his or her personal data for one or more specific purposes:
- Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
- Processing is necessary for compliance with a legal obligation to which the controller is subject
- Processing is necessary in order to protect the vital interests of the data subject or of another natural person
- Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
- Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

Personal Information is or may be used for the following purposes:

- To provide and improve our Service
- To administer your use of the Service
- To recommend follow-up reminders, assign tasks, or personalize the service
- To provide or offer software updates and product announcements
- To ensure our legal compliance obligations

If you no longer wish to receive communications from us that are not required for the Service, please follow the "unsubscribe" instructions provided in any of those communications or update your account settings information.
Information Sharing and Disclosure by Us (Do Not Sell My Information)
We do not sell Personal Information to third parties.
If you are a California resident our default cookie settings may constitute a sale of personal information. You can change your cookie settings under the Cookies section above.

Service Providers, Business Partners and Others

We may use certain trusted third-party companies and individuals to help us provide, analyze, and improve the Service (including but not limited to data storage, maintenance services, database management, web analytics, payment processing, and improvement of the Service's features). These third parties may have access to your information for purposes of performing these tasks on our behalf and under obligations similar to those in this Privacy Policy. As of the date this policy went into effect, we use Amazon's S3 storage service to store some of your information (for example, your files). You can find more information on Amazon's data security from the S3 site.

Third-Party Applications

Our website includes links to other websites whose privacy practices may differ from those of Symbo. As of the date this policy went into effect, Symbo has never and will not share your information with a third-party application. If you submit personal information to any of those websites, your information is governed by their privacy policies. In the future, with your consent, we may share your information with a third-party application (for example when you choose to access our Services through such an application). We are not responsible for what those parties do with your information, so you should make sure you trust the application and that it has a privacy policy that is acceptable to you.

Compliance with Laws and Law Enforcement Requests; Protection of Symbo's Rights

We may disclose to third parties data stored in your Symbo account and information about you that we collect only in the ways that are described in this privacy policy and when we have a good faith belief that disclosure is reasonably necessary to (a) comply with a law, regulation, or compulsory legal request, such as to comply with a subpoena; (b) protect the safety of any person from death or serious bodily injury; (c) prevent fraud or abuse of Symbo or its users; or (d) to protect Symbo's rights. If we provide any data stored in your Symbo account to a law enforcement agency, we will remove Symbo's encryption from the information before providing it to law enforcement. However, Symbo will not be able to decrypt anything that you encrypted prior to uploading it to Symbo.

Business Transfers

If we are involved in a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction, but we will notify you (for example, via email, sign in notification, and/or a prominent notice on our website) if that happens or if your information otherwise becomes subject to a different privacy policy in lieu of this one. We will also notify you of choices you may have regarding the information.

Changing or Deleting Your Information

Upon request Symbo will provide you with information about whether we hold, or process on behalf of a third party, any of your personal information. If you are a registered user, you may review, update, correct, or delete certain Personal Information provided in your registration or account profile by changing your account settings. If your personal information changes, or if you no longer desire our platform, you may update or delete it by making the change in your account settings, although (in some cases) we may retain copies of your information if required by law, to protect our rights, or if it is not technically reasonably feasible to remove it. You may at any time withdraw any consent that you have provided to us to process your information, or exercise any of the following rights by contacting us as provided below. Please note that we may ask you to verify your identity before taking further action on your request, for security purposes.

- Right of Access - the right to be informed of and request access to the personal data we process about you;
- Right to Rectification - the right to request that we amend or update your personal data where it is inaccurate or incomplete;
- Right to Erasure - the right to request that we delete your personal data; Right to Restrict - the right to request that we temporarily or permanently stop processing all or some of your personal data;
- Right to Object - the right, at any time, to object to us processing your personal data on grounds relating to your particular situation; the right to object to your personal data being processed for direct marketing purposes;
- Right to Data Portability - the right to request a copy of your personal data in electronic format and the right to transmit that personal data for use in another party’s service; and
- Right not to be subject to Automated Decision-making;
- Right to Non-Discrimination – You have a right not to receive discriminatory treatment for exercising your privacy rights as identified in this section of the privacy notice as conferred by the CCPA.

For questions about your Personal Information on our Service, please contact team@symbo.ai or by contacting us by telephone or postal mail at the contact information listed below. We will respond to your inquiry within 30 days.

Data Retention

Symbo will retain personal data we process on behalf of our Clients and our Clients' customer data for as long as needed to provide services to our Client. Our intention is to retain your information for as long as your account is active or as needed to provide you with the platform services. If you wish to cancel your account or request that we no longer use your information to provide you Services, you may delete your account. We may retain and use your information as necessary to comply with our legal obligations, resolve disputes, enforce our agreements and rights, or if it is not technically reasonably feasible to remove it. Consistent with these requirements, we will try to delete your information quickly upon request. Please note, that Symbo may retain your personal data for longer where there is a legal obligation, contractual, or legitimate interest, unless these interests are overridden by the individual’s fundamental rights; in those cases, data will be removed once it is no longer needed for those purposes. In addition, we do not provide access, transfer, change, or delete information from our servers’ files where that right adversely affects the rights of others.

Choice/Opt-Out

If you wish to subscribe to our newsletter(s), we will use your name and email address to send the newsletter to you. You may choose to stop receiving our newsletter or marketing emails by following the unsubscribe instructions included in these emails, accessing the email preferences in your account settings page, or you can contact us at team@symbo.ai

Blogs

Our website offers publicly accessible blogs or community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. To request removal of your personal information from our blog or community forum, contact us at team@symbo.ai. In some cases, we may not be able to remove your personal information. If this is the case, we will let you know and indicate why.

Security

Symbo stresses its privacy and security standards. Although no one can guarantee absolute security, we regularly re-evaluate our privacy and security policies in order to adapt to new challenges. We follow generally accepted standards to protect the information submitted to us, both during transmission and once we receive it. We encrypt the most sensitive data that you store on Symbo using the AES-256 standard, which is the same encryption standard used by banks to secure customer data.

Children

Our Services are not directed to persons under 13. We do not knowingly collect personal information from children under 13. If a parent or guardian becomes aware that his or her child has provided us with Personal Information without the parent's consent, he or she should contact us at team@symbo.ai. If we become aware that a child under 13 has provided us with Personal Information, we will take steps to delete such information from our files.

Contacting Us

If you have any questions about this Privacy Policy, please contact us at team@symbo.ai.

Changes to our Privacy Policy

If we make a change to this privacy policy, we will provide you with notice (for example, by email, a sign-in notification, or some other means) prior to the change becoming effective. By continuing to use the Service after those changes become effective, you are agreeing to be bound by the revised Privacy and Security Policy; if you do not agree to the change, simply don't use the Service after the change is effective, in which case the change will not apply to you.

Information Related to Data Collected through the Symbo Platform

Symbo collects information under the direction of its Clients and has no direct relationship with the individuals whose personal data it processes.

Choice

Symbo acknowledges that you have the right to access your personal information. We collect information for our clients. If you are a customer of one of our Clients and would no longer like to be contacted by one of our Clients that use our service, please contact the client that you interact with directly.

Service Provider, Sub-Processors/Onward Transfer

Symbo may transfer personal information to companies that help us provide our service. Transfers to subsequent third parties are covered by the provisions in this Policy regarding notice and choice, as well as the service agreements with our Clients. A list of Sub-Processors can be made available upon request.

Access to Data Controlled by our Clients

Symbo has no direct relationship with the individuals whose personal data it processes. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data, should direct his query to the Symbo’s Client (the data controller). If the Client requests Symbo to remove the data, we will respond to the request within 30 business days.

Google API Services Usage Disclosure

Symbo’s use of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

Data Processing Agreement (DPA)

This Data Processing Agreement (“DPA”) and the schedules to this DPA apply to the Processing of Client Personal Data on behalf of the Client in order to provide Services ordered from Symbo.

For purposes of this DPA, Client and Symbo agree that Client may be a Data Controller of Client Personal Data, and Symbo may be a Data Processor of such data, except when the Client acts as a Data Processor of Client Personal Data, in which case Symbo is a subprocessor.

In the course of providing Services to the Client, Symbo may Process Client Personal Data on behalf of the Client. Symbo agrees to comply with the following provisions with respect to any Client Personal Data submitted by or on behalf of the Client for the Services or collected and Processed through the Services.

1. Definitions

1.1 Any capitalized term used but not defined in this DPA has the meaning provided to it in Applicable Data Protection Law.

(a) "Applicable Data Protection Law" refers to all laws and regulations applicable to Symbo’s Processing of Personal Data, including, without limitation, European Data Protection Laws and Non-European Data Protection Laws.

(b) "Client Personal Data" means any Personal Data Processed by Symbo on behalf of the Client pursuant to or in connection with the Services, with explicit exclusions of Client Feedback, the Personal Data of representatives of third-party organizations, and records of communications between Symbo and the Client.

(c) "CCPA" means the California Consumer Privacy Act 2018 Cal. Civ. Code 1798.100 et seq., including any amendments and any implementing regulations thereto that become effective on or after the effective date of this Data Processing Agreement, including, without limitation, the California Privacy Rights Act of 2020 (the "CPRA").

(d) "Contractor" has the meaning set forth in the CPRA.

(e) "Delete" means to remove or obliterate Personal Data such that it cannot be recovered or reconstructed, and "Deletion" will be construed accordingly.

(f) "GDPR" means the EU General Data Protection Regulation 2016/679, and to the extent the GDPR is no longer applicable in the United Kingdom, any implementing legislation or legislation having equivalent effect in the United Kingdom.

(g) "Non-European Data Protection Laws" means the CCPA; the Canadian Personal Information Protection and Electronic Documents Act ("PIPEDA"); the Brazilian General Data Protection Law ("LGPD"), Federal Law no. 13,709/2018; the Privacy Act 1988 (Cth) of Australia, as amended ("Australian Privacy Law"); and substantially similar privacy or data protection laws applicable to a party, each as may be amended or replaced from time to time.

(h) "Personal Data" shall have the meaning ascribed to it, or to substantially similar phrases, in Applicable Data Protection Law.

(i) "Processed" means any operation or set of operations which is/are performed on Personal Data, encompassing the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction or erasure of Personal Data. The terms "Process," "Processes," "Processed," or "Processing" shall be construed accordingly.

(j) "Sensitive Data" means (a) social security number, tax file number, passport number, driver’s license number, or similar identifier (or any portion thereof); (b) credit or debit card number (other than the truncated (last four digits) of a credit or debit card); (c) employment, financial, credit, genetic, biometric or health information; (d) racial, ethnic, political or religious affiliation, trade union membership, information about sexual life or sexual orientation, or criminal record; (e) account passwords; or (f) other information that falls within the definition of "special categories of data" under Applicable Data Protection Law.

(k) "Services" means those services and activities to be supplied to or carried out by or on behalf of Symbo for the Client.

(l) "Subprocessor" means any third party appointed by or on behalf of Symbo to Process Client Personal Data.

(m) "Transfer" means the transfer of Client Personal Data outside the United Kingdom or EU/European Economic Area ("EEA").

2. Processing of Client Personal Data

2.1 Instructions for Data Processing: Symbo will, in the course of providing the Services, Process Client Personal Data only on behalf of and in accordance with the documented instructions of the Client, unless required to do otherwise by Applicable Data Protection Law. In such a case, Symbo will inform the Client of that legal requirement before Processing, unless that law prohibits such information on important grounds of public interest. Schedule 1 specifies the duration of the Processing, the nature and purpose of the Processing, and the types of Personal Data and categories of Data Subjects.

2.2 Client Responsibilities: The Client is responsible for ensuring that (a) it has complied, and will continue to comply, with Applicable Data Protection Law in its use of the Services and its own Processing of Client Personal Data; and (b) it has, and will continue to have, the right to Transfer, or provide access to, Client Personal Data to Symbo for Processing in accordance with the terms of this DPA.

2.3 Purpose of Processing: Symbo is authorized to Process Client Personal Data as necessary to provide the Services, and as further instructed by the Client, as described in this DPA.

2.4 Lawfulness of Instructions: The Client will ensure that its instructions comply with Applicable Data Protection Law. The Client acknowledges that Symbo is not responsible for determining which laws are applicable to the Client's business nor whether Symbo's provision of the Services meets or will meet the requirements of such laws. Symbo will inform the Client if it becomes aware or reasonably believes that the Client's data Processing instructions violate any applicable law.

2.5 Sensitive Data: The Client will not provide (or cause to be provided) any Sensitive Data to Symbo for Processing under this DPA, and Symbo will have no liability whatsoever for Sensitive Data, whether in connection with a security incident or otherwise.

2.6 Data Subject Rights: Taking into account the nature of the Processing, Symbo will assist the Client by implementing appropriate technical and organizational measures, insofar as this is possible, for the fulfillment of the Client’s obligations to respond to requests to exercise Data Subject rights under Applicable Data Protection Law.

3. Security

3.1. Confidentiality Obligations: Symbo will ensure that its employees (including subprocessors) who Process Client Personal Data for Symbo or who have access to Client Personal Data are authorized to Process this Personal Data and are contractually bound to observe confidentiality. Symbo will ensure that this obligation to maintain confidentiality continues beyond the termination of employment contracts or service contracts, and beyond the termination of this DPA.

3.2. Technical and Organizational Measures: Taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of Processing, as well as the risk to the rights and freedoms of natural persons, Symbo will implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, as required by Article 32 of the GDPR. As appropriate, this may include:

a) the pseudonymization and encryption of Personal Data;

b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of Processing systems and services; and

c) the ability to restore the availability and access to Client Personal Data in a timely manner in the event of a physical or technical incident.

d) Additional technical security measures can be found in Exhibit A.

3.3. Regular Testing and Evaluation: Symbo will regularly test, assess, and evaluate the effectiveness of technical and organizational measures to ensure the security of the Processing.

4. Subprocessing

4.1 Use of Subprocessors: The Client agrees that Symbo may use Subprocessors to assist in providing the Services. Where Symbo authorizes any Subprocessor as described in this Section 4, Symbo agrees to impose data protection terms on any Subprocessor it appoints that require it to protect Client Personal Data to the standard required by Applicable Data Protection Law, including providing sufficient guarantees to implement appropriate technical and organizational measures in such a manner that the Processing will meet the requirements of the GDPR.

4.2 Client Notification: Symbo will maintain an up-to-date list of its Subprocessors and make it available to the Client upon request. Symbo will notify the Client of any intended changes concerning the addition or replacement of Subprocessors, thereby giving the Client the opportunity to object to such changes within ten (10) business days after being notified.

4.3 Liability for Subprocessors: Symbo will remain liable to the Client for the performance of its Subprocessors' obligations to the extent that Symbo would be liable if performing the services of each Subprocessor directly under the terms of this DPA.

4.4 Objection to Subprocessors: If the Client reasonably objects to the use of a specific Subprocessor, Symbo will work with the Client in good faith to make available a commercially reasonable alternative to provide the Services without the use of the disputed Subprocessor. If Symbo is unable to make such a change within thirty (30) days of the Client's objection, either party may terminate the Services requiring the use of the disputed Subprocessor, without penalty.

5. Data Rights Requests

5.1 Self-Service Features: Symbo’s Services provide the Client with a number of self-service features, including the ability to rectify, delete, obtain a copy of, or restrict the use of Client Personal Data. These features may be used by the Client to assist in complying with its obligations under Applicable Data Protection Law with respect to responding to requests from Data Subjects via the Symbo Services at no additional cost. Additionally, upon the Client’s request, Symbo will provide reasonable additional and timely assistance (at the Client’s expense only if complying with the Client’s request requires Symbo to assign significant resources) to assist the Client in complying with its data protection obligations regarding Data Subject rights under Applicable Data Protection Law.

5.2 Notification of Requests: In the event that any request, correspondence, enquiry, or complaint from a Data Subject, regulatory body, or third party, including but not limited to law enforcement, is made directly to Symbo in connection with Symbo’s Processing of Client Personal Data, Symbo will inform the Client, providing details of the same, to the extent legally permitted. Unless legally obligated to do so, Symbo will not respond to any such request, inquiry, or complaint without the Client’s prior consent. In the case of a legal demand for disclosure of Client Personal Data in the form of a subpoena, search warrant, court order, or other compulsory disclosure request, Symbo will attempt to redirect the requesting party to request disclosure from the Client. If Symbo is legally compelled to respond to such a request, Symbo will notify the Client prior to disclosing Client Personal Data so that the Client may seek a protective order or other relief, if appropriate, unless Symbo is barred by law from giving such notification.

6. Data Breach Notification

6.1 Notification of Personal Data Breach: In the event of a Personal Data Breach affecting Client Personal Data, Symbo will, without undue delay and in any event within 48 hours of becoming aware of the breach, notify the Client. Such notification will include, to the extent possible, sufficient information for the Client to meet any obligations to report or inform Data Subjects of the Personal Data Breach under Applicable Data Protection Law.

6.2 Data Recovery: Symbo will promptly work to recover Client Personal Data which is lost, damaged, destroyed, or distorted as a result of the Personal Data Breach, and take such reasonable commercial steps as may be directed by the Client to assist in the investigation, mitigation, and remediation of each such Personal Data Breach.

7. DPIA and Consultation

7.1. Symbo will provide reasonable assistance to Client in connection with data protection impact assessments, and prior consultations with Supervisory Authorities, which Client reasonably considers to be required of Client by Article 35 or 36 of the GDPR, with regards to Processing of Client Personal Data by Symbo.

8. Return and Deletion of Client Personal Data

8.1. Subject to Section 8.2 below, Symbo will (i) within forty-five (45) days of a Client end user's request, respond to such deletion request (unless Symbo notifies Client of its intent to extend such response deadline by an additional forty-five (45) days) and delete such Personal Data for the respective Client end user. Further, except (i) as required under Applicable Data Protection Law, or (ii) as indicated in Section 8.2 below, Symbo will in each case delete all Client Personal Data (or, if requested by Client, return to Client all Client Personal Data) within three (3) months after the expiration or termination of the Agreement. After such period, Symbo shall have no obligation to maintain or destroy any such Personal Data except in accordance with applicable law and without liability to Client.

8.2. Symbo may retain Client Personal Data after the expiry or termination of the Agreement: (i) to the extent required by Applicable Data Protection Law, and only to the extent and for such period as required by applicable laws and always provided that Symbo will ensure the confidentiality of all such Client Personal Data and will ensure that such Client Personal Data is only Processed as necessary for the purpose(s) specified in the Applicable Data Protection Law requiring its storage and for no other purpose; and (ii) provided, however, Symbo may retain such Client Personal Data in accordance with its standard backup, log, or record retention policies.

8.3. The parties agree that the certification of deletion of Client Personal Data described in Clause 8.5 and 16(d) of the 2021 Controller-to-Processor Clauses and 2021 Processor-to-Processor Clauses, as applicable, shall be provided by Symbo to Client only upon Client’s written request.

9. De-Identified Data

9.1. "De-identified Data" means Client Personal Data that has been Processed such that it can no longer be linked to an identified or identifiable Natural Person, or a device linked to such person.

9.2. Symbo may Process Client Personal Data to create De-identified Data for Symbo’s legitimate business purposes. De-identified Data will not be considered Client Personal Data and Symbo may retain such data at its discretion.

10. Audit Rights

10.1. Subject to this Section 10, Symbo shall make available to the Client, upon request, all information necessary to demonstrate compliance with this Agreement. Symbo shall allow for and contribute to audits, including inspections, by the Client or an auditor mandated by the Client, in relation to the Processing of Client Personal Data by Symbo and its Sub-processors.

10.2. The information and audit rights of the Client under Section 10.1 shall only arise to the extent that this Agreement does not otherwise provide the Client with information and audit rights meeting the relevant requirements of Applicable Data Protection Law.

11. International Data Transfers

11.1. Client authorizes Symbo and its subprocessors to transfer and process Client Personal Data across international borders, including from the UK, European Economic Area, and anywhere else in the world where Symbo, its affiliates, or its subprocessors maintain data processing operations to and in the United States. Symbo shall at all times ensure that such transfers are made in compliance with the requirements of Applicable Data Protection Law and this DPA.

11.2. To the extent that Symbo is a recipient of Client Personal Data protected by the Australian Privacy Law, the parties acknowledge and agree that Symbo may transfer such Client Personal Data outside of Australia as permitted by the terms agreed upon by the parties and subject to Symbo complying with this DPA and the Australian Privacy Law.

11.3. To the extent that Symbo is a recipient of Client Personal Data protected by European Data Protection Laws (“European Data”) in a country outside of Europe that is not recognized as providing an adequate level of protection for personal data (as described in applicable European Data Protection Laws), the parties agree to abide by and process European Data in compliance with the SCCs, which shall be incorporated into and form an integral part of this DPA as follows:

- (a) If Client started using the Service before 27 September 2021, the 2010 Controller-to-Processor Clauses shall apply (regardless of whether Client is a controller or a processor) until December 27, 2022, and thereafter the 2021 Controller-to-Processor Clauses and/or the 2021 Processor-to-Processor Clauses shall automatically apply (according to whether Client is a controller and/or a processor).

- (b) If Client started using the Service on or after 27 September 2021, the 2021 Controller-to-Processor Clauses and/or the 2021 Processor-to-Processor Clauses shall apply (according to whether Client is a controller and/or a processor) immediately.

11.4. The parties agree that if Symbo cannot ensure compliance with the SCCs, it shall promptly inform Client of its inability to comply. If Client intends to suspend the transfer of European Data and/or terminate the affected parts of the Service, it shall first provide notice to Symbo and provide Symbo with a reasonable period of time to cure such non-compliance, during which time Symbo and Client shall reasonably cooperate to agree on what additional safeguards or measures, if any, may be reasonably required. Client shall only be entitled to suspend the transfer of data and/or terminate the affected parts of the Service for non-compliance with the SCCs if Symbo has not or cannot cure the non-compliance within a reasonable period.

11.5. To the extent that and for so long as the SCCs as implemented in accordance with Section 11.3 cannot be relied on to lawfully transfer personal data in compliance with UK Data Protection Laws, the standard data protection clauses for processors adopted pursuant to or permitted under Article 46 of the UK GDPR (“UK SCCs”) shall be incorporated by reference and deemed completed with the relevant information set out in the Annexes of this DPA. Additionally, to the extent Symbo adopts an alternative lawful data transfer mechanism for the transfer of European Data not described in this DPA (“Alternative Transfer Mechanism”), the Alternative Transfer Mechanism shall apply instead of the transfer mechanisms described in this DPA (but only to the extent such Alternative Transfer Mechanism complies with applicable European Data Protection Laws and extends to the countries to which European Data is transferred). In addition, if and to the extent that a court of competent jurisdiction or supervisory authority orders (for whatever reason) that the measures described in this DPA cannot be relied on to lawfully transfer European Data (within the meaning of applicable European Data Protection Laws), Symbo may implement any additional measures or safeguards that may be reasonably required to enable the lawful transfer of European Data.

11.6. Symbo and Client will use the Standard Contractual Clauses described in Schedule 2 as the adequacy mechanism supporting the transfer and processing of Client Personal Data.

12. Jurisdiction Specific Terms

12.1. Where Symbo processes Client Personal Data protected by Applicable Data Protection Law in one of the jurisdictions listed in Schedule 3, the terms specified in Schedule 3 with respect to the applicable jurisdiction(s) ("Jurisdiction Specific Terms") apply in addition to the terms of this DPA. In case of any conflict or ambiguity between the Jurisdiction Specific Terms and any other terms of this DPA, the applicable Jurisdiction Specific Terms will take precedence.

13. General Terms

13.1. Confidentiality. Each Party must keep any information it receives about the other Party and its business in connection with this Agreement ("Confidential Information") confidential and must not use or disclose that Confidential Information without the prior written consent of the other Party except to the extent that:

(a) disclosure is required by law;
(b) the relevant information is already in the public domain.

13.2. Notices. All notices and communications given under this Agreement must be in writing and will be sent by email. The Client shall be notified by email sent to the address related to its use of the Service under the Principal Agreement. Symbo shall be notified by email sent to the address: legal@symbo.com.

14. Liability

14.1. Client and Symbo will each be separately liable to the other party for damages it causes by any breach of the clauses in this DPA. Liability as between the parties is limited to actual damage suffered. Punitive damages (i.e., damages intended to punish a party for its outrageous conduct) are specifically excluded. Each party will be liable to Data Subjects for damages it causes by any breach of third-party rights under these clauses. This does not affect the liability of the data exporter under its Applicable Data Protection Law. Any claims made against Symbo or its affiliates under or in connection with this DPA (including, where applicable, the SCCs) shall be brought solely by the Client that is a party to the Agreement.

15. Failure to Perform

15.1. In the event that changes in law or regulation render performance of this DPA impossible or commercially unreasonable insofar as it concerns the processing of Client Personal Data under these clauses, the Parties may renegotiate this DPA in good faith, provided, for the avoidance of doubt, that one of the following shall have first occurred: (i) Client has suspended the transfer of Client Personal Data to Symbo and Symbo does not restore compliance hereunder within one month of Client’s suspension, (ii) Symbo is in substantial or persistent breach of these clauses, or (iii) Symbo fails to comply with the binding decision of a competent court or supervisory authority regarding its obligations hereunder. If (i), (ii), or (iii) has occurred and renegotiation would not cure the impossibility, or the Parties cannot reach an agreement, the Parties may terminate the Agreement in accordance with the Agreement’s termination provisions. Notwithstanding the foregoing, where the Agreement involves more than two parties, the terminating party may exercise this right only with respect to the applicable counterparty, unless all parties have agreed otherwise.

16. Updates

16.1. Symbo may update the terms of this DPA from time to time; provided, however, Symbo will provide at least thirty (30) days prior written notice (e.g., via electronic means) to Client when a material update is required as a result of (a) the release of new products or services or material changes to any of the existing Services that require a change to the DPA; (b) changes in Applicable Data Protection Law; or (c) a merger, acquisition, or other similar transaction. The then-current terms of this DPA are available at https://symbo.ai.

17. Duration and Survival

17.1. This DPA will become legally binding upon the Effective Date of the Agreement or upon the date that the Parties sign this DPA if it is completed after the effective date of the Agreement. Symbo will process Client Personal Data until the relationship terminates as specified in the Agreement. Any obligation imposed on Symbo under this DPA in relation to the processing of Client Personal Data will terminate when Symbo no longer processes Client Personal Data.

18. Governing Law and Jurisdiction

This DPA shall be governed by and construed in accordance with the same laws and jurisdiction as outlined in the Terms and Conditions between Symbo and the Client, unless otherwise agreed upon by the parties in writing.

‍

Schedule 1

Client Personal Data Processing Details

Subject Matter of Processing

The Processing will involve:

The performance of the Services pursuant to the Agreement.

Duration of Processing

The Processing will continue as set forth in the Agreement.

Categories of Data Subjects

Client employees, contractors, agents, and/or representatives, service providers or vendors

Special Categories of Personal Data

None

Nature and Purpose of Processing

Includes the following:

The Processing activities performed by Symbo for the limited and specified purposes described in the Agreement.

Types of Personal Data

Corporate contact information such as name, job title, email address, physical address, phone number, cookie and other online identifiers, including without limitation, Internet Protocol addresses, browser version, operating system and related configuration information.

Physical Location of Personal Data Processed by Symbo

United States

Symbo List of Data Subprocessors

Available upon request with Signed NDA

‍Schedule 2

Cross Border Data Transfer Mechanisms

1. Definitions

i. “EC” means the European Commission

ii. “EEA” means the European Economic Area

iii. “Standard Contractual Clauses” means, depending on the circumstances unique to Client, any of the following:

1. UK Standard Contractual Clauses, and

2. 2021 Standard Contractual Clauses

iv. “UK Standard Contractual Clauses” means the Standard Contractual Clauses for data controller to data processor transfers approved by the EC in decision 2010/87/EU (“UK Controller to Processor SCCs”), and

v. “2021 Standard Contractual Clauses” means the Standard Contractual Clauses approved by the EC in decision 2021/914

2. Cross Border Data Transfer Mechanisms

i. Order of Precedence. In the event the Services are covered by more than one Transfer Mechanism, the transfer of Personal Data will be subject to a single Transfer Mechanism in accordance with the following order of precedence: (a) the applicable Standard Contractual Clauses as set forth in Section 2(ii) (UK Standard Contractual Clauses) or Section 2(iii) (2021 Standard Contractual Clauses) of this Schedule 2; and, if (a) is not applicable, then (b) other applicable data Transfer Mechanisms permitted under Applicable Data Protection Law.

ii. UK Standard Contractual Clauses. The parties agree that the UK Standard Contractual Clauses will apply to Personal Data that is transferred via the Services from the United Kingdom, either directly or via onward transfer, to any country or recipient outside of the United Kingdom that is: (a) not recognized by the competent United Kingdom regulatory authority or governmental body for the United Kingdom as providing an adequate level of protection for Personal Data. For data transfers from the United Kingdom that are subject to the UK Standard Contractual Clauses, the UK Standard Contractual Clauses will be deemed entered into (and incorporated into this DPA by this reference) and completed as follows:

1. The UK Controller to Processor SCCs will apply where Symbo is processing Personal Data. The illustrative indemnification clause will not apply. Appendix 1 (Subject Matter and Details of the Processing) of this DPA serves as Appendix I of the UK Controller to Processor SCCs. Appendix 2 (Security Measures) of this DPA serves as Appendix II of the UK Controller to Processor SCCs.

iii. 2021 Standard Contractual Clauses. The parties agree that the 2021 Standard Contractual Clauses will apply to Personal Data that is transferred via the Services from the European Economic Area or Switzerland, either directly or via onward transfer, to any country or recipient outside the European Economic Area or Switzerland that is not recognized by the European Commission (or, in the case of transfers from Switzerland, the competent authority for Switzerland) as providing an adequate level of protection for Personal Data. For data transfers from the European Economic Area that are subject to the 2021 Standard Contractual Clauses, the 2021 Standard Contractual Clauses will be deemed entered into (and incorporated into this DPA by this reference) and completed as follows:

1. Module Two (Controller to Processor) of the 2021 Standard Contractual Clauses will apply where Client is a controller of Personal Data and Symbo is processing Personal Data.

2. Module Three (Processor to Processor) of the 2021 Standard Contractual Clauses will apply where Client is a processor of Personal Data and Symbo is processing Personal Data.

3. For each Module, where applicable:

a. in Clause 7 of the 2021 Standard Contractual Clauses, the optional docking clause will not apply;

b. in Clause 9 of the 2021 Standard Contractual Clauses, Option 2 will apply and the time period for prior notice of subprocessor changes will be as set forth in Section 5 (Sub-Processors) of this DPA;

c. in Clause 11 of the 2021 Standard Contractual Clauses, the optional language will not apply;

d. in Clause 17 (Option 1), the 2021 Standard Contractual Clauses will be governed by Irish law;

e. in Clause 18(b) of the 2021 Standard Contractual Clauses, disputes will be resolved before the courts of Ireland;

f. in Annex I, Part A of the 2021 Standard Contractual Clauses:

- Data Exporter: Client.

- Contact Details: The email address(es) designated by Client in Client’s account via its notification preferences.

- Data Exporter Role: The Data Exporter’s role is set forth in Section 2 (Processing of Personal Data) of this DPA.

- Signature and Date: By entering into the Master Services Agreement, Data Exporter is deemed to have signed these Standard Contractual Clauses incorporated herein, including their Annexes, as of the Effective Date of the Master Services Agreement.

- Data Importer: Symbo, LLC

- Contact details: Symbo Privacy Team – legal@symbo.ai

- Data Importer Role: Data Processor.

- Signature and Date: By entering into the Services Agreement, Data Importer is deemed to have signed these Standard Contractual Clauses, incorporated herein, including their Annexes, as of the Effective Date of the Services Agreement.

g. in Annex I, Part B of the 2021 Standard Contractual Clauses:

- The categories of Data Subjects are described in Appendix 1 (Details of Processing) of this DPA.

- The Sensitive Information transferred is described in Appendix 1 (Details of Processing) of this DPA.

- The frequency of the transfer is a continuous basis for the duration of the Services Agreement.

- The nature of the processing is described in Appendix 1 (Subject Matter and Details of the Processing) of this DPA.

- The purpose of the processing is described in Appendix 1 (Subject Matter and Details of the Processing) of this DPA.

- The period for which the Personal Data will be retained is described in Appendix 1 (Subject Matter and Details of the Processing) of this DPA.

- For transfers to subprocessors, the subject matter, nature, and duration of the processing is set forth at https://symbo.ai

h. in Annex I, Part C of the 2021 Standard Contractual Clauses: The Irish Data Protection Commission will be the competent supervisory authority.

i. Appendix 2 (Security Measures) of this DPA serves as Annex II of the Standard Contractual Clauses.

Appendix 1 to Schedule 2

This Appendix 1 forms part of the Clauses and must be completed and signed by the Parties.

The Member States may complete or specify, according to their national procedures, any additional necessary information to be contained in this Appendix 1.

Data exporter

The data exporter is (please specify briefly your activities relevant to the transfer):

- The Data Exporter is the Client of Symbo's Services as defined in the Agreement.

Data importer

The data importer is (please specify briefly your activities relevant to the transfer):

- The Data Importer is Symbo which offers services to Client through its online platform with respect to the Services.

Data subjects

The Personal Data transferred concern the following categories of Data Subjects (please specify):

- See Schedule 1 of the DPA.

Categories of data

The Personal Data transferred concern the following categories of Data Subjects (please specify, tick the applicable):

- See Schedule 1 of the DPA.

Special categories of data (if appropriate)

The Personal Data transferred concern the following special categories of data (please specify, tick the applicable):

- See Schedule 1 of the DPA.

Processing operations

The Personal Data transferred will be subject to the following basic Processing activities (please specify):

- See Schedule 1 of the DPA.

On behalf of the data exporter (Client):

Name (written out in full):

Position:

Address:

Other information necessary in order for the contract to be binding (if any):

Signature……………………………………….

On behalf of the data importer (Symbo):

Name (written out in full):

Position:

Address: 2940 W Maple Loop Dr, Lehi, UT, 84043, USA

Other information necessary in order for the contract to be binding (if any):

‍

Signature……………………………………….

‍

Appendix 2 to Schedule 2

This Appendix forms part of the Clauses and must be completed and signed by the Parties.

Description of the Technical and Organizational Security Measures implemented by the Data Importer in accordance with Clauses 4(d) and 5(c) (or document/legislation attached):

Symbo will maintain administrative, physical, and technical safeguards for protection of the security, confidentiality, availability, resilience and integrity of Client Personal Data, as described in the DPA. Symbo will not materially decrease the overall security of the Services during the term.

Subprocessors will be bound to adhere to similar but not identical organizational security measures which will not fall below the level of data security as agreed herein. Any organizational security measures are subject to change of technical standards and can be adopted. If so requested, Symbo will provide Client with a description of the then current measures.

Symbo shall:

1. ensure that Client Personal Data can be accessed only by authorized personnel for the purposes set forth in Schedule 1 of this DPA;

2. take all reasonable measures to prevent unauthorized access to Client Personal Data through the use of appropriate physical and logical passwords entry controls, securing areas for data processing, and implementing procedures for monitoring the use of data processing facilities;

3. build in system and audit trails;

4. use secure passwords, network intrusion detection technology, encryption and authentication technology, secure logon procedures and malware and virus protection;

5. account for material risks that are presented by processing, for example from accidental or unlawful destruction, loss, or alteration, unauthorized or unlawful storage, processing, access or disclosure of Client Personal Data;

6. ensure pseudonymisation and/or encryption of Client Personal Data, where appropriate;

7. maintain the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;

8. maintain the ability to restore the availability and access to Client Personal Data in a timely manner in the event of a physical or technical incident;

9. implement a process for regularly testing, assessing, and evaluating the effectiveness of technical and organisational measures for ensuring the security of the Processing of Client Personal Data;

10. monitor compliance on an ongoing basis;

11. implement commercially reasonable measures to identify vulnerabilities with regard to the processing of Client Personal Data in systems used to provide services to Client;

12. provide employee and contractor training to ensure ongoing capabilities to carry out the security measures established in policy.

13. Maintain compliance with appropriate system and operating controls.

On behalf of the data exporter (Client):

Name (written out in full):

Position:

Address:

Other information necessary in order for the contract to be binding (if any):

Signature……………………………………….

On behalf of the data importer (Symbo):

Name (written out in full):

Position:

Address: 2940 W Maple Loop Dr, Lehi, UT, 84043, USA

Other information necessary in order for the contract to be binding (if any):

Signature……………………………………….

‍

Schedule 3

Jurisdiction Specific Terms

1. Australia:

1.1. The definition of “Applicable Data Protection Law” includes the Australian Privacy Principles and the Australian Privacy Act (1988).

1.2. The definition of “Personal Data” includes “Personal Information” as defined under Applicable Data Protection Law.

1.3. The definition of “Sensitive Data” includes “Sensitive Information” as defined under Applicable Data Protection Law.

2. Brazil:

2.1 The definition of “Applicable Data Protection Law” includes the Lei Geral de Proteção de Dados (LGPD).

2.2 The definition of “Data Processor” includes “operator” as defined under Applicable Data Protection Law.

3. Canada:

3.1. The definition of “Applicable Data Protection Law” includes The Federal Personal Information Protection and Electronic Documents Act (PIPEDA).

3.2. Symbo's subprocessors, as described in Schedule 1 of this DPA, are Third Parties under Applicable Data Protection Law, with whom Symbo has entered into a written contract that includes terms substantially similar to this DPA. Symbo has conducted appropriate due diligence on its subprocessors.

3.3. Symbo will implement technical and organizational measures as set forth in Section 3 (Security) of this DPA.

4. Israel:

4.1 The definition of “Applicable Data Protection Law” includes the Protection of Privacy Law (PPL).

4.2 The definition of “Data Controller” includes “Database Owner” as defined under Applicable Data Protection Law.

4.3 The definition of “Data Processor” includes “Holder” as defined under Applicable Data Protection Law.

4.4 Symbo will require that any personnel authorized to process Client Personal Data comply with the principle of data secrecy and have been duly instructed about Applicable Data Protection Law. Such personnel sign confidentiality agreements with Symbo in accordance with Section 3 (Security) of this DPA.

4.5 Symbo must take sufficient steps to ensure the privacy of Data Subjects by implementing and maintaining the security measures as specified in Section 3 (Security) of this DPA and complying with the terms of the Agreement.

4.6 Symbo must ensure that the personal data will not be transferred to a subprocessor unless such subprocessor has executed an agreement with Symbo pursuant to Section 4 (Subprocessing) of this DPA.

5. Japan:

5.1 The definition of “Applicable Data Protection Law” includes the Act on the Protection of Personal Information (APPI).

5.2 The definition of “Personal Data” includes “Personal Information” as defined under Applicable Data Protection Law.

5.3 The definition of “Data Controller” includes “Business Operator” as defined under Applicable Data Protection Law. As a Business Operator, Symbo is responsible for the handling of Personal Data in its possession.

5.4 The definition of “Data Processor” includes a business operator entrusted by the Business Operator with the handling of personal data in whole or in part (also a “trustee”), as described under Applicable Data Protection Law. As a trustee, Symbo will ensure that the use of the entrusted Personal Data is securely controlled.

6. Singapore:

6.1 The definition of “Applicable Data Protection Law” includes the Personal Data Protection Act 2012 (PDPA).

6.2 Symbo will process personal data to a standard of protection in accordance with the PDPA by implementing adequate technical and organizational measures as set forth in Section 3 (Security) of this DPA and complying with the terms of the Agreement.

7. United Kingdom:

7.1 References in this DPA to GDPR will to that extent be deemed to be references to the corresponding laws of the United Kingdom (including the UK GDPR and Data Protection Act 2018)

7.2 The Standard Contractual Clauses will also apply to Client in the United Kingdom as data exporter and to Symbo as data importer for Transfers of Personal Data to countries that are not deemed to have an adequate level of data protection under the United Kingdom's Applicable Data Protection Law.

8. United States - California:

8.1 The definition of “Applicable Data Protection Law” includes the California Consumer Privacy Act of 2018 (CCPA), including any amendments and any implementing regulations thereto that become effective on or after the effective date of this Data Processing Addendum, including, without limitation, the California Privacy Rights Act of 2020 (CPRA).

8.2 The definition of “Data Controller” includes “Business” as defined under Applicable Data Protection Law.

8.3 The definition of “Data Processor” includes “Service Provider” as defined under Applicable Data Protection Law.

8.4 The definition of “Personal Data” includes “Personal Information” as defined under Applicable Data Protection Law and, for clarity, includes any Personal Information contained within Client Personal Data.

8.5 The definition of “Data Subject” includes “Consumer” as defined under Applicable Data Protection Law. Any Data Subject rights, as described in Section 5 (Data Rights Requests) of this DPA, apply to Consumer rights.

8.6 Symbo will Process, retain, use, and disclose Personal Data only as necessary to provide the Services under the Agreement, which constitutes a business purpose. Symbo agrees not to (a) sell (as defined by the CCPA) Client Personal Data or Client end users’ Personal Data; (b) retain, use, or disclose Client Personal Data for any commercial purpose (as defined by the CCPA) other than providing the Services; or (c) retain, use, or disclose Client Personal Data outside of the scope of the Agreement. Symbo shall notify Client if it determines that it cannot meet its obligations under the CPRA. Upon receiving written notice from Client that Symbo has Processed Client Personal Data without authorization, Symbo will terminate such Processing.

8.7 Symbo certifies that its subprocessors, as listed in Schedule 1 of this DPA, are Service Providers under Applicable Data Protection Law, with whom Symbo has entered into a written contract that includes terms substantially similar to this DPA. Symbo conducts appropriate due diligence on its subprocessors.

8.8 Symbo will implement and maintain reasonable security procedures and practices appropriate to the nature of the Personal Data it Processes as set forth in Section 3 (Security) of this DPA.

8.9 Symbo will not combine Client Personal Data that is receives from, or on behalf of, Client with Personal Data it receives from, or on behalf of, another person, subject to the exceptions set forth under the CPRA, including that Symbo may combine such Client Personal Data to perform any business purposes defined in applicable CPRA regulations.

Exhibit A

Technical and Organizational Measures (TOMs) for Symbo

As of the effective date of this Data Processing Agreement (DPA), Symbo, when processing personal data on behalf of the Customer, has implemented and maintains the following technical and organizational security measures for the processing of such personal data:

Information Security Program: Symbo will maintain a reasonable information security program based on industry-standard information security principles. This program will cover topics such as policies and procedures, access control, business continuity, HR security, network infrastructure security, third-party security, vulnerability management, vendor management, risk management, and incident response.
Physical Access Controls: Symbo shall take reasonable measures to prevent physical access, such as secured buildings and offices, to ensure unauthorized persons do not gain access to personal data.
System Access Controls: Symbo shall take reasonable measures to prevent unauthorized use of personal data. These controls may include authentication via passwords and/or two-factor authentication, documented authorization processes, documented change management processes, and logging of access at several levels.
Data Access Controls: Symbo shall take reasonable measures to ensure that personal data is accessible and manageable only by properly authorized staff. Direct database query access is restricted, and application access rights are established and enforced to ensure that only individuals with the appropriate privileges have access to personal data.
Transmission Controls: Symbo shall take reasonable measures to ensure that the transfer of personal data by means of data transmission facilities is secure, preventing unauthorized reading, copying, modification, or removal during electronic transmission or transport. Personal data is encrypted in transit over public networks using industry-standard HTTPS/TLS (TLS 1.2 or higher). Personal data is encrypted at rest using AES-256 encryption by Symbo's managed services provider.
Input Controls: Symbo shall implement reasonable measures to provide the ability to check and establish whether and by whom personal data has been entered into, modified, or removed from data processing systems.
Data Backup: Backups of databases in the Service are taken on a regular basis, secured, and encrypted to ensure that personal data is protected against accidental destruction or loss.
Human Resources Security: Symbo employees undergo a comprehensive background check before formal employment offers, where permitted by local regulations. All employees must sign non-disclosure agreements before gaining access to personal data. Each new employee must attend an information security and privacy training session during onboarding, with continuous training provided on Symbo's security policies, best practices, and privacy principles.
Vendor Management: Symbo maintains a vendor management program to ensure that appropriate security controls are in place. Symbo periodically reviews each vendor in light of Symbo’s security and business continuity standards, considering factors like the type of access and classification of data being accessed, the controls necessary to protect data, and legal and regulatory requirements.
Platform Security Measures: Symbo segments its system into separate networks to better protect sensitive data and to separate public services from internal services. Personal data is only permitted to exist within the production network, which is accessible only behind a firewall.
Business Continuity: Symbo maintains a Business Continuity and Disaster Recovery plan based on industry best practices to ensure the reliability and availability of its operational systems and effective recovery in the event of a disruptive event.
Data Center Security: Symbo primarily hosts personal data in DigitalOcean data centers. These data centers are certified to meet recognized standards such as ISO 27001 and PCI DSS Service Provider Level 1. The hosting provider's infrastructure services include backup power, HVAC systems, and fire suppression equipment. On-site security measures include security guards, fencing, intrusion detection technology, and other measures to protect the physical security of servers and customer data.

‍