Terms of service

Terms of service

Xenioo Terms of Service

Last Modified: 24 May 2018

 

Matelab Srl (“Matelab”, “Xenioo”,  “Owner”, “we”, or “us”) provide an online software platform that allows developers, individuals, companies and agencies (the “Customers”) to build, manage and host chatbots. These Terms of Service (these “Terms”) shall govern the use of Xenioo (“Xenioo”, “The Application”, “Service”).

  1. Introduction a. By using our service, you accept these Terms in full; accordingly, if you disagree with these Terms or any part of these Terms, you must not use our service. b. If you register with Xenioo, we will ask you to expressly agree to these Terms. c. You must be at least 18 years of age to use our service; by using our service or agreeing to these Terms, you warrant and represent to us that you are at least 18 years of age. d. Our service uses cookies; by using our service or agreeing to these Terms, you consent to our use of cookies in accordance with the terms of our privacy and cookies policy.
  2. Acceptable Use You are fully permitted to use our Application and Services (as well as our API) in commerce as a means to resell or build goods and services which you use or offer commercially, with the exception of cases in which your product is materially similar or designed to compete directly with the Services offered by Xenioo. You must not: a. Use Xenioo in any way or take any action that causes, or may cause, damage to the Service or impairment of the performance, availability or accessibility of the Service; b. Use Xenioo in any way that is unlawful, illegal, fraudulent or harmful, or in connection with any unlawful, illegal, fraudulent or harmful purpose or activity; c. Use our service to copy, store, host, transmit, send, use, publish or distribute any material which consists of (or is linked to) any spyware, computer virus, Trojan horse, worm, keystroke logger, rootkit or other malicious computer software; d. Conduct any systematic or automated data collection activities (including without limitation scraping, data mining, data extraction and data harvesting) on or in relation to our website without our express written consent; e. Remove any copyright, trademark or other proprietary rights notices displayed through the Services. f. Post, distribute or reproduce in any way any copyrighted material, trademarks, or other proprietary information without obtaining the prior consent of the owner of such proprietary rights. g. Directly modify, adapt, translate, reverse engineer, decipher, decompile or otherwise disassemble any portion of Xenioo or any software used on or for the Services, or cause or assist others to do so.
  3. Subscribing to Service Xenioo is free to utilize but has optional paid plans with varying prices.  For paying Customers, the service is billed in advance on a monthly basis and is non-refundable. There will be no refunds or credits for partial months of service, upgrade/downgrade refunds, or refunds for months unused with an open account. Charges are solely based on our measurements of your use of the Service, unless otherwise agreed to in writing. All fees are exclusive of all taxes, levies, or duties imposed by taxing authorities, and you shall be responsible for payment of all such taxes, levies, or duties. The base paid plan has a fixed price. The total monthly or yearly fees may vary depending on the additional services you may want to add on monthly or yearly basis and may change the amount required with each billing. Paid subscription service may be terminated anytime by the user through the application account administration panel.
  4. Registration and accounts a. You may register for an account with Xenioo by completing and submitting the signup form on our website. b. You will be able to access Xenioo immediately without email confirmation. Confirming your email address, by clicking on our confirmation email link, will unlock the chatbot publish functionality. c. You must not allow any other person to use your account to access the service. d. You must notify us in writing immediately if you become aware of any unauthorised use of your account. e. You must not use any other person’s account to access the website, unless you have that person’s express permission to do so. f. You’re responsible for any activity associated with your account.
  5. User login details a. You must keep your password confidential. b. You must notify us in writing immediately if you become aware of any disclosure of your password. c. You are responsible for any activity on our website arising out of any failure to keep your password confidential, and may be held liable for any losses arising out of such a failure.
  6. Cancellation and suspension of accounts a. We may suspend your account, cancel your account or edit your account details at any time in our sole discretion without notice or explanation. b. You may cancel your account on our website using your account control panel on the website.
  7. Service Reselling Customers are not allowed to reproduce, duplicate, copy, sell, resell or exploit any portion of Xenioo and of its Service without the Owner’s express prior written permission, granted either directly or through a proper reselling program.
  8. Service Interruption The Owner reserves the right to add and remove functionalities or features as well as suspend or even discontinue the Service, either temporarily or permanently. In case of final discontinuation, the Owner will do the utmost to allow Customers to withdraw their information held by the Owner.
  9. Copyright notice We, together with our licensors, own and control all the copyright and other intellectual property rights of every material or resource you may find using our service and all the copyright and other intellectual property rights you may find using our service are reserved. Except for Application Content that is in the public domain or for which permission has been provided, you may not copy, modify, publish, transmit, distribute, perform, display, or sell any Application Content.Subject to these Terms, we grant to you a limited, revocable, non-exclusive, fully paid license to access the Application Content, for the sole and limited purpose of facilitating your use of the Services.
  10. Disclaimer of Warranties We provide Xenioo Services on an “As Is”, “with all faults” and “As Available” basis, without any warranties of any kind, including any implied warranties or conditions of merchantability, fitness for a particular purpose, workmanlike effort, non-infringement, or any other warranty – all to the fullest extent permitted by law. We specifically do not represent or warrant that the Xenioo Services (or any part, feature or Content thereof) are complete, accurate, of any certain quality, reliable or secure in any way, suitable for or compatible with any of your (or your End Users’) contemplated activities, devices, operating systems, browsers, software or tools (or that they will remain as such at any time), or comply with any laws applicable to you or your End Users (including in any jurisdiction in which you operate), or that their operation will be free of any viruses, bugs or other harmful components or program limitations. Moreover, we do not endorse any entity, product or service (including any Third Party Services) mentioned on or made available via the Xenioo Services – so please be sure to verify those before using or otherwise engaging them.
  11. Limitation of Liability To the fullest extent permitted by law in each applicable jurisdiction, Xenioo, its officers, directors, shareholders, employees, affiliates and/or agents shall not be liable to you for any direct, indirect, incidental, special, punitive, exemplary or consequential damages whatsoever, including any damages resulting from (1) errors, mistakes, or inaccuracies of or in any content; (2) any personal injury or property damage related to your use of the Xenioo Services; (3) any unauthorized access to or use of our servers and/or any personal information and/or other information stored therein; (4) any interruption or cessation of transmission to or from the Xenioo Services; (5) the use or display of any Content or User Content posted, emailed, transmitted, or otherwise made available via the Xenioo Services; (6) events beyond the reasonable control of Xenioo, including any internet failures, equipment failures, electrical power failures, strikes, labor disputes, riots, insurrections, civil disturbances, shortages of labor or materials, fires, floods, storms, earthquakes, explosions, acts of God, war, terrorism, intergalactic struggles, governmental actions, orders of courts, agencies or tribunals or non-performance of third parties; and/or (7) loss of use, data, profits, goodwill, or other intangible losses, resulting from the use or the inability to use any or all of Xenioo Services.
  12. Indemnity The User agrees to indemnify and hold the Owner and its subsidiaries, affiliates, officers, directors, agents, co-branders, partners and employees, as the case may be, harmless from and against any claim or demand, including without limitation, reasonable lawyer’s fees and costs, made by any third party due to or arising out of the User’s content, use of or connection to the Service, violation of these Terms, or violation of any third-party rights.
  13. Changes to these Terms Matelab reserves the right to modify these Terms at any time, informing Customers by publishing a notice within Xenioo. Customers who continue to use Xenioo  after the publication of the changes accept the new Terms in their entirety.
  14. Governing Law and Jurisdiction These Terms and any dispute concerning the implementation, interpretation and validity of this agreement are subject to the law, the jurisdiction of the state and to the exclusive jurisdiction of the courts where the Owner has their registered offices. An exception to this rule applies in cases, where the law provides a sole place of jurisdiction for consumers.
  15. Miscellaneous a. Without prejudice to our other rights under these Terms and conditions, if you breach any provision of these Terms and conditions in any way, or if we reasonably suspect that you have breached these Terms and conditions in any way, we may delete, unpublish or edit any or all of your content and delete or terminate your account. b. You hereby waive all your moral rights in your content to the maximum extent permitted by applicable law; and you warrant and represent that all other moral rights in your content have been waived to the maximum extent permitted by applicable law. c. You and we are independent contractors, and no agency, partnership, joint venture, employee-employer or franchisor-franchisee relationship is intended or created by these Terms.

Data Processing Addendum Agreement to the Xenioo Terms of Service Last Modified: 24 May 2018 This Data Processing Addendum Agreement (“DPA”) form parts of the Terms of Service and Privacy Policy (“Agreement”) entered into by and between Matelab Srl, via Roma 6, 23900, Lecco, Italy (“Xenioo”) and Xenioo’s customers being subjected to the rules under the European General Data Protection Regulation (“GDPR”) or the Standard Contractual Clauses for Processors pursuant to European Commission Decision of 5 Febraury 2010 (“Customer”) and shall be effective as of 24 May 2018.

  1. Definitions Agreement” means Xenioo’s Terms of Service, which govern the provision of the Services to Customer. “Adequate Country” means a country or territory that is recognized under EU Data Protection Laws as providing adequate protection for Personal Data. Customer Data” means any Personal Data that Xenioo processes on behalf of Customer as a Data Processor in the course of providing Services, as more  described in this DPA. “Data Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Data Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Data Controller. Data Protection Law” means all applicable legislation relating to data protection and privacy including without limitation the EU Data Protection Directive 95/46/EC and all local laws and regulations which amend or replace any of them, including the GDPR, together with any national implementing laws in any Member State of the European Union or, to the extent applicable, in any other country, as amended, repealed, consolidated or replaced from time to time. The terms “process”, “processes” and “processed” will be construed accordingly. Data Subject” means the individual to whom Personal Data relates. GDPR” means the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. “Instruction” means the written, documented instruction, issued by Controller to Processor, and directing the same to perform a specific action with regard to Personal Data (including, but not limited to, depersonalizing, blocking, deletion, making available). Personal Data” means any information relating to a Data Subject. Services” means any product or service provided by Xenioo to Customer pursuant to the Agreement. “Sub-processor” means any Data Processor engaged by Xenioo to assist in fulfilling its obligations with respect to providing the Services pursuant to the Agreement or this DPA.
  2. Basis of Contract 2.1 The parties agree that this DPA shall replace any existing DPA the parties may have previously entered into in connection with the Services. 2.2 Except for the changes made by this DPA, the Agreement remains unchanged and in full force and effect. If there is any conflict between this DPA and the Agreement, this DPA shall prevail to the extent of that conflict so far as the subject matter concerns the processing of Customer Data. 2.3. Any claims brought under or in connection with this DPA shall be subject to the terms and conditions, including but not limited to the exclusions and limitations, set forth in the Agreement. 2.4. In no event shall any party limit its liability with respect to any individual’s data protection rights under this DPA or otherwise. Customer further agrees that any regulatory penalties incurred by ManyChat in relation to the Customer Data that arise as a result of, or in connection with, Customer’s failure to comply with its obligations under this DPA or any applicable Data Protection Laws shall count toward and reduce ManyChat’s liability under the Agreement as if it were liability to the Customer under the Agreement. 2.5. This DPA shall be governed by and construed in accordance with governing law and jurisdiction provisions in the Agreement, unless required otherwise by applicable Data Protection Laws.
  3. Processing of Customer Data 3.1 Role of the parties. As between Xenioo and Customer, Customer is the Data Controller of Customer Data, and Xenioo shall process Customer Data only as a Data Processor acting on behalf of Customer. 3.2 Customer Processing of Customer Data. Customer agrees that (i) it shall comply with its obligations as a Data Controller under Data Protection Laws in respect of its processing of Customer Data and any processing instructions it issues to Xenioo; and (ii) it has provided notice and obtained (or shall obtain) all consents and rights necessary under Data Protection Laws for Xenioo to process Customer Data and provide the Services pursuant to the Agreement and this DPA. 3.3 Xenioo Processing of Customer Data. Xenioo shall process Customer Data only for the purposes described in this DPA and only in accordance with Customer’s instructions. 3.4 Duration. As between Xenioo and Customer, the duration of the data processing under this DPA is until the termination of the Agreement in accordance with its terms. 3.5 Purpose of the Processing. The purpose of the data processing under this DPA is the provision of the Services to the Customer Customer and the performance of Xenioo’s obligations under the Agreement (including this DPA) or as otherwise agreed by the parties. 3.6 Subject-Matter and Nature of the Processing. The subject-matter of Processing of Personal Data by Processor is the provision of the services to the Controller that involves the Processing of Personal Data. Personal Data will be subject to those Processing activities as may be specified in the Agreement and an Order. 3.7 Data Subjects. Customer’s Contacts and other end users including Customer’s employees, contractors, collaborators, customers, prospects, suppliers and subcontractors. Data Subjects also include individuals attempting to communicate with or transfer Personal Data to the Customer’s end users. 3.8 Type of Customer Data. (i) Customer and Users: identification, publicly available social media profile information, e-mail, IT information (IP addresses, usage data, cookies data, browser data); financial information (credit card details, account details, payment information). (ii) Subscribers: identification and publicly available social media profile information (name, date of birth, gender, geographic location), chat history, navigational data (including chatbot usage information), application integration data, and other electronic data submitted, stored, sent, or received by end users and other personal information, the extent of which is determined and controlled by the Customer in its sole discretion. 3.9 Notwithstanding anything to the contrary in the Agreement (including this DPA), Customer acknowledges that Xenioo shall have a right to use and disclose data relating to the operation, support and/or use of the Services for its legitimate business purposes, such as billing, account management, technical support, product development and sales and marketing. To the extent any such data is considered Personal Data under Data Protection Laws, Xenioo is the Data Controller of such data and accordingly shall process such data in accordance with the Xenioo Privacy Policy and Data Protection Laws.
  4. Sub-Processing 4.1 Authorized Sub-processors. Customer agrees that Xenioo may engage Sub-processors to process Customer Data. The Sub-processors currently engaged by Xenioo are listed in Appendix 1, and Customer hereby authorizes these specific Sub-processors. 4.2 Sub-processor Obligations. Xenioo shall: (i) enter into a written agreement with the Subprocessor imposing data protection terms that require the Sub-processor to protect the Customer Data to the standard required by Data Protection Laws; and (ii) remain responsible for the Sub-processor’s compliance with the obligations of this DPA and for any acts or omissions of the Sub-processor that cause ManyChat to breach any of its obligations under this DPA. 4.3 Sub-processor List. When requested by the Customer, Xenioo shall make available to Customer an up-to-date list of all Sub-processors used for the processing of Customer Data.
  5. Data Subject Requests Xenioo will provide reasonable assistance, including by appropriate technical and organizational measures and taking into account the nature of the Processing, to enable Customer to respond to any request from Data Subjects seeking to exercise their rights under the Data Protection Law with respect to Personal Data (including access, rectification, restriction, deletion or portability of Personal Data, as applicable), to the extent permitted by the law.  If such request is made directly to Xenioo, Xenioo will promptly inform Customer and will advise Data Subjects to submit their request to the Customer. Customer shall be solely responsible for responding to any Data Subjects’ requests. Customer shall reimburse Xenioo for the costs arising from this assistance.
  6. Personal Data Breach Xenioo will notify the Customer as soon as practicable after it becomes aware of any of any Personal Data Breach affecting any Personal Data. At the Customer’s request, Xenioo will promptly provide the Customer with all reasonable assistance necessary to enable the Customer to notify relevant Personal Data Breaches to competent authorities and/or affected Data Subjects, if Customer is required to do so under the Data Protection Law.
  7. Data Transfer Customer acknowledges and accepts that the provision of the Services under the Agreement may require the processing of Customer Data by sub-processors in countries outside the EEA. If, in the performance of this DPA and/or the Agreement, Xenioo transfers any Customer Data to, or permits processing of Customer Data by, a Sub-processor located outside of the EEA and not in an Adequate Country, then, in advance of any such transfer, Xenioo shall ensure that the transfer is compliant with the EU Data Protection Laws.
  8. Deletion or Retrieval of Personal Data Other than to the extent required to comply with Data Protection Law, following termination or expiry of the Agreement, Xenioo will delete all Personal Data (including copies thereof) processed pursuant to this DPA. If Xenioo is unable to delete Personal Data for technical or other reasons, Xenioo will apply measures to ensure that Personal Data is blocked from any further Processing. Customer shall, upon termination or expiration of the Agreement and by way of issuing an Instruction, stipulate, within a period of time set by Xenioo, the reasonable measures to return data or to delete stored data. Any additional cost arising in connection with the return or deletion of Personal Data after the termination or expiration of the Agreement shall be borne by Customer.
  9. Security 9.1 Adequate Measures. Xenioo  shall take the appropriate technical and organizational measures to adequately protect Customer Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Customer Data, described under Appendix 2. 9.2  Confidentiality. Xenioo shall ensure that any personnel whom Xenioo authorizes to process Customer Data on its behalf (including its staff, agents and subcontractors) is subject to confidentiality obligations with respect to that Customer Data.
  10. Customer Responsability Within the scope of the Agreement and in its use of the services, Customer shall be solely responsible for complying with the statutory requirements relating to data protection and privacy, in particular regarding the disclosure and transfer of Personal Data to the Xenioo and the Processing of Personal Data. For the avoidance of doubt, Controller’s instructions for the Processing of Personal Data shall comply with the Data Protection Law. This DPA is Controller’s complete and final instruction to Matelab in relation to Personal Data and that additional instructions outside the scope of DPA would require prior written agreement between the parties. Instructions shall initially be specified in the Agreement and may, from time to time thereafter, be amended, amplified or replaced by Controller in separate written instructions (as individual instructions). Customer shall inform Xenioo without undue delay and comprehensively about any errors or irregularities related to statutory provisions on the Processing of Personal Data.
  11. Data Breach Xenioo will notify the Customer as soon as practicable after it becomes aware of any  Customer Data Breach affecting any Customer Data. At the Customer’s request, Xenioo will promptly provide the Customer with all reasonable assistance necessary to enable the Customer to notify relevant Customer Data Breaches to competent authorities and/or affected Data Subjects, if Customer is required to do so under the Data Protection Law.

Appendix 1 List of Sub-Processors

  • HEBERGEMENT OVH INC.
  • Stripe, Inc.
  • Mixpanel, Inc.
  • SendGrid, Inc.

Appendix 2 Security Measures Xenioo has implemented and will maintain appropriate technical and organizational measures, internal controls, and information security routines intended to protect customer data against accidental loss, destruction, or alteration; unauthorized disclosure or access; or unlawful destruction.

  1. Access Control a. Preventing Unauthorized Product Access. Xenioo hosts its Service with outsourced cloud infrastructure providers. Additionally, Xenioo maintains contractual relationships with vendors in order to provide the Service in accordance with our DPA. Xenioo relies on contractual agreements, privacy policies, and vendor compliance programs in order to protect  data processed or stored by these vendors. b. Authentication. Xenioo implemented a uniform password policy for its customer products. Customers who interact with the products via the user interface must authenticate before accessing non-public customer data. c. Authorization. Customer data is stored in multi-tenant storage systems accessible to Customers via only application user interfaces and application programming interfaces. Customers are not allowed direct access to the underlying application infrastructure. The authorization model in each of Xenioo’s products is designed to ensure that only the appropriately assigned individuals can access relevant features, views, and customization options. d. Confidentiality. (i) Xenioo instructs its personnel to disable administrative sessions when leaving the Xenioo’s premises or when computers are unattended. (ii) Xenioo stores passwords in a way that makes them unintelligible while they are in force.
  2. Personnel Xenioo’s personnel (employees and contractors) will not process customer data without authorization. Personnel are obligated to maintain the confidentiality of any customer data and this obligation continues even after their engagement ends.
  3. Storage Xenioo’s database and data processing servers are hosted in a data center located in the EU and operated by a third party vendor. Xenioo maintains complete administrative control over the virtual servers, and no third-party vendors have logical access to customer data. All databases are backed up and maintained using at least industry standard methods.
  4. Software Development For the software developed by Xenioo, Xenioo follows secure coding standards and procedures set out in its standard operating procedures.
  5. Risk Management Xenioo implements measures, as needed, to address vulnerabilities discovered in a timely manner.
  6. Network Security Xenioo’s information systems have security controls designed to detect and mitigate attacks by using logs and alerting.