Terms of services - Oncrawl - Technical SEO Platform

1. GENERAL

All Services performed by Cogniteev SAS are provided exclusively on the basis of the terms and conditions below and any Order Form (“Terms and Conditions”). These Terms and Conditions apply to all orders and contractual relations between Cogniteev SAS and the Client unless agreed otherwise. Client’s contradictory or additional terms and conditions, or terms deviating from these Terms and Conditions not expressly acknowledged by Cogniteev SAS in writing, are not valid.

These Terms and Conditions shall apply in relation to clients which are companies, enterprises or professionals.

Offers mentioned in the Order Form are valid for a period of time indicated on the Order Form. If such a period is not specified, the normal validity period of an offer is 1 month. Unless otherwise agreed, Offers which are not accepted by Client within this period may be changed or withdrawn by Cogniteev SAS. In the event of contradiction between the Order Form and the Terms and Conditions, the provisions of Order Form prevail.

2. DEFINITIONS

In these Terms and Conditions, the following terms have the following meanings:

Add-on: an optional component subscribed in addition to a Plan, extending the Client’s access to specific features or services. Subscribed add-ons are defined in the Order Form.

Agreement: the service agreement between Cogniteev SAS and the Client based upon these Terms and Conditions and the Order Form. In the event of any conflict or inconsistency between the documents forming the Agreement, the Order Form shall prevail over these Terms and Conditions.

Client: legal entity identified in the applicable Order Form.

Client Data: any data, information, logs, content or materials submitted, transmitted or made available by the Client through the Services.

Crawler: the website crawling functionality made available through the Services.

Cogniteev SAS: a simplified joint-stock corporation with a capital of 165.469 Euro, whose registered office is located at 3 impasse Rudolf Diesel 33700 Merignac, France, and which is registered under the number 792 261 794. Oncrawl is created and published by Cogniteev SAS. Oncrawl is developed and published by Cogniteev SAS.

Content Lens: a premium Lens available as an add-on.

Dashboards and reports: collections of graphics and data that are part of analyses produced by and available within the Oncrawl platform.

Monthly crawl tokens: the primary quota for crawl analysis that can be consumed and is renewed on a monthly basis. Crawl tokens may have a flexible value in URLs. The number of tokens are defined in the Order form.

Oncrawl: a cloud-based technical SEO platform that helps teams audit, monitor, and optimize how search engines and AI systems interact with websites.

Order Form: any commercial document accepted by the Parties specifying the subscribed Services and commercial conditions.

Plan: the subscription tier defined in the Order Form (Basic, Core or Scale), differentiated by monthly crawl tokens volume and feature access.

Professional Services: any services performed by employees or representatives of Cogniteev SAS to assist the Client in their usage of Oncrawl, including technical support, customer success management (such as onboarding, business reviews, follow-up sessions) and SEO Workshops. Customer success support and accompaniment are included in the Agreement according to the Client’s subscription plan. SEO Workshops are available as a paid add-on and may only be purchased in connection with an active Agreement.

Project: a set of analyses, settings, and access rights determined by the Client relating to a website or a list of URLs to be analyzed.

SaaS or Software as a service: software provided as a service, accessible online through personal and secure accounts attributed by the Client to individuals working on its behalf.

SEO Workshop: a Professional Service available as a paid add-on, consisting of a live session performed by a Cogniteev SAS Customer Success Manager to address specific SEO challenges using Oncrawl data.

Services: Oncrawl services subscribed by the Client in accordance with the Order Form.

Token: countable elements that express a capacity to use features in Oncrawl like crawling. Tokens are purchased as part of the Agreement and consumed by usage of Oncrawl. The number of tokens are defined in the Order Form.

User: any individual authorized by the Client to perform technical SEO for a website, such as an employee, an agency, or a consultant, possessing an individual, personal and secure access to Oncrawl. A user is identified by their email address.

Yearly crawl tokens: additional annual crawl capacity available as an add-on.

3. SAAS SERVICES AND SUPPORT

3.1 Means and collaboration

Cogniteev SAS will use commercially reasonable efforts to provide the Client the Services. Subject to the terms hereof, Cogniteev SAS will provide the Client with reasonable technical support services in accordance with Cogniteev SAS’s standard practice and undertakes to perform the Service in a professional manner in strict compliance with the rules of art applicable to the type of services entrusted by the Client. The Client undertakes to collaborate with Cogniteev SAS by providing with all information that is useful and necessary for the proper execution of the Service and for meeting the deadlines for execution.

3.2 Oncrawl Plans and Services

Cogniteev SAS provides the Client with access to the Services in accordance with the Plan and subscribed add-ons defined in the Order Form. Cogniteev SAS may modify, update, enhance, replace or discontinue certain features and functionalities of the Services from time to time, provided that such modifications do not materially reduce the overall functionality of the subscribed Services.

The Services are offered under different subscription Plans, each providing different usage capacities and access levels to features:

Basic Plan: entry-level subscription providing access to the Oncrawl Crawler and core platform features.
Core Plan: standard subscription providing access to the Oncrawl Crawler, Log Analyzer, and core platform features.
Scale Plan: subscription designed for large-scale usage, providing access to the Oncrawl Crawler, Log Analyzer, and core platform features.

The features available within the Services may include the following functionalities, depending on the subscribed Plan and Add-ons:

Crawler: a technical SEO crawler that collects and analyzes data across website pages, including page responses, content structure, internal linking, JavaScript rendering, and performance signals.
Log Analyzer: a server log analyzer that tracks how search engines, AI bots, and organic visitors interact with the Client’s website, including dedicated monitoring and reporting for AI bot activity. Available on Core and Scale plans only.
Connectors: a set of integrations enabling the Client to enrich Oncrawl analyses with data from third-party sources. Google Search Console and Google Analytics 4 are available on all plans. Additional connectors (including Majestic and Piano Analytics) are available on Core and Scale plans only.
API (Application programming interface): a REST API allowing the Client to incorporate Oncrawl data into their own workflows, reporting tools, and data platforms. Available on all plans.
Lenses: analytical modules that transform SEO data into focused, business-oriented insights covering specific use cases including content performance, AI search visibility, and technical health assessment. Some Lenses are included in the subscribed Plans, while others are available as paid add-ons (premium Lenses), including but not limited to AI Search & Visibility capabilities that enable the Client to monitor AI bot activity, measure AI search visibility using real crawl and log data, and evaluate content quality and readiness for AI-driven search.
Content Lens: Content Lens is a premium Lens sold as an add-on which operates on a dedicated crawl quota, separate from the Client’s monthly crawl tokens, used exclusively for AI-powered content quality analysis. Content Lens is allocated on a per-year basis. For Agreements with an initial term longer than one (1) year, a separate Content Lens quota shall apply to each contract year. Unused Content Lens quota from a given contract year shall not roll over to subsequent years unless otherwise expressly agreed. Content Lens will be renewed on the Agreement anniversary date under the same conditions. In the event of an upsell during the term of the Agreement, the Client shall pay the full one-shot cost applicable to have access to Content Lens until the end of the then-current contract term. Thereafter, Content Lens shall renew on the Agreement anniversary date under the same conditions.
Yearly crawl tokens: Yearly crawl tokens are an add-on providing additional crawl capacity for the Client, that can be used in exceptional circumstances when the standard monthly subscription quota is not sufficient, such as for extra-large crawls that will exceed the monthly quota, but are not run on a monthly basis. Yearly crawl tokens are allocated on a per-year basis, regardless of the activation date. For Agreements with an initial term longer than one (1) year, a separate yearly quota of Crawl Tokens shall apply to each contract year. Unused tokens from a given contract year shall not roll over to subsequent years unless otherwise expressly agreed. They will be renewed on the Agreement anniversary date under the same conditions. In the event of an upsell during the term of the Agreement, the Client shall pay the full one-shot cost applicable to have access to this feature until the end of the then-current contract term. Thereafter, Yearly crawl tokens shall renew on the Agreement anniversary date under the same conditions.

3.3 Access to Oncrawl platform

As part of the registration process, the Client will identify an administrative User and provide their email and a password to manage the Client’s account and the administrative User’s personal account on the Oncrawl platform. Cogniteev SAS gives this User and any additional Users created by the Client access to analysis data by providing dashboards and reports. The Clients’ Users access dashboards and reports using their personal credentials to the Oncrawl platform. Credentials are strictly personal to each User, and the Client undertakes any necessary measures to ensure their confidentiality.

3.4 Maintenance

Services involve corrective, evolutive and preventive maintenance operations performed by Cogniteev SAS.

Cogniteev SAS will notify the Client by email of planned evolutive or preventive maintenance operations only if such operations cause a service interruption. This email will be sent at least three (3) working days before the maintenance and will indicate the risks and impact of the maintenance as well as the duration of the planned interruption.

Corrective maintenance operations in the event of an incident may be carried out at any time.

Cogniteev SAS shall use its best efforts to inform the Client in advance of such corrective maintenance operation and/or planned service interruption.

Cogniteev SAS shall use its best efforts to minimize the duration of any temporary suspension.

3.5 Availability of the Oncrawl platform

The Oncrawl platform is normally available 24 hours a day, 7 days a week, except in cases of Force Majeure (as defined in Article 15) or maintenance operations necessary to ensure its proper functioning.

Cogniteev SAS undertakes to maintain an availability rate of the Oncrawl platform of 99% per calendar month, excluding maintenance operations and cases of Force Majeure.

Availability shall be calculated on a monthly basis excluding scheduled maintenance, emergency maintenance, Force Majeure events, failures of third-party infrastructure providers, and internet or telecommunications disruptions outside Cogniteev SAS’ reasonable control.

Cogniteev SAS undertakes to make its best efforts to respect such availability. However, Cogniteev SAS cannot be held responsible for access difficulties or momentary impossibility of access due to disruptions to the telecommunications network, in particular given the complexity of global networks, and the influx, to certain hours, Internet users.

If the monthly availability rate is less than 99% for three (3) consecutive months, the Client may terminate the Agreement in accordance with Article 10.

3.6 Technical Support

Cogniteev SAS provides technical support to the Client from Monday to Friday (French working days), 9:00 am to 7:00 pm (CET), via online chat and email at support@oncrawl.com.

Incident affecting the availability of the Oncrawl platform: Cogniteev SAS guarantees that any incident reported by the Client to support@oncrawl.com will be acknowledged within one (1) working day. Cogniteev SAS shall use commercially reasonable efforts to provide a resolution within two (2) working days of acknowledgement, unless the cause constitutes a case of Force Majeure as defined in Article 15.

3.7 SEO Workshop

Cogniteev SAS undertakes to provide the Client with SEO Workshops as described in the Order Form, only if the Client has subscribed to them. SEO Workshops are provided remotely unless otherwise specified in the Order Form. If performed on-site, all travel and accommodation costs shall be borne by the Client.

4. RULES OF USE AND CLIENT’S OBLIGATIONS

4.1 Client accesses Software using its personal access code communicated by Cogniteev SAS. The access code is strictly confidential and Client must keep it confidential in accordance with article 5. Client shall immediately notify Cogniteev SAS of any unauthorized use of its access credentials.

The Client shall be responsible for obtaining and maintaining any equipment and ancillary services needed to connect to, access or otherwise use the Services, including, without limitation, modems, hardware, servers, software, operating systems, networking, web servers and the like (collectively, “Equipment”). The Client shall also be responsible for maintaining the security and integrity of the Equipment, Client account, passwords (including but not limited to administrative and user passwords) and files, and for all uses of Client account or the Equipment with or without Client’s knowledge or consent.

4.2 Client represents, covenants, and warrants that Client will use the Services only in compliance with all applicable laws and regulations. Any use of the Services for an illegal activity or contrary to public order rules is strictly prohibited.

4.3 Further, Client shall use the Services solely for his own professional needs. Client may not sublicense, sell, resell, distribute or otherwise provide access to the Services to any third party. Client shall not remove, export or allow the export or re-export of the Services, Software or anything related thereto, or any direct product thereof in violation of any restrictions, laws or regulations of FRANCE or any other European Union or foreign agency or authority.

4.4 Client hereby agrees to indemnify and hold harmless Cogniteev SAS, its affiliates, officers, and employees from and against any claim, damages, losses, liabilities, settlements and reasonable expenses (including attorneys’ fees) resulting from Client’s unlawful use of the Services, breach of applicable laws or regulations, infringement of third-party rights, or breach of this Agreement by the Client in connection with any claim or action that arises from an alleged violation of the foregoing or otherwise from Client’s use of Services. Although Cogniteev SAS has no obligation to monitor Client’s use of the Services, Cogniteev SAS may do so and may prohibit any use of the Services it reasonably believes may be in violation of the Agreement.

5. CONFIDENTIALITY

Each party (the “Receiving Party”) understands that the other party (the “Disclosing Party”) has disclosed or may disclose business, technical or financial information relating to the Disclosing Party’s business (hereinafter referred to as “Proprietary Information” of the Disclosing Party). Proprietary Information of Cogniteev SAS includes non-public information regarding features, functionality and performance of the Service, business plans or trade secrets of the Services. Proprietary Information of Client includes non-public data provided by the Client to Cogniteev SAS to enable the provision of the Services (“Client Data”). The Receiving Party agrees: (i) to take reasonable precautions to protect such Proprietary Information, and (ii) not to use (except in performance of the Services or as otherwise permitted herein) or divulge to any third person any such Proprietary Information. The Disclosing Party agrees that the foregoing shall not apply with respect to any information after five (5) years following the disclosure thereof or any information that the Receiving Party can document (a) is or becomes generally available to the public, or (b) was in its possession or known by it prior to receipt from the Disclosing Party, or (c) was rightfully disclosed to it without restriction by a third party, or (d) was independently developed without use of any Proprietary Information of the Disclosing Party or (e) is required to be disclosed by law, it being agreed that prior to any disclosure required by law the Disclosing Party shall be notified in writing in order to give it the opportunity to object to such disclosure.

6. PROPRIETARY RIGHTS

Client shall own all rights, title and interest in and to the Client Data as well as any data that is based on or derived from the Client Data and provided to Client as part of the Services.

Cogniteev SAS shall own and retain all rights, titles and interests in and to (a) the Services and Software, all improvements, enhancements or modifications thereto, and (b) and all intellectual property rights related to any of the foregoing.

Client will not, directly or indirectly: reverse engineer, decompile, disassemble or otherwise attempt to discover the source code, object code or underlying structure, ideas, know-how or algorithms relevant to the Services or any Software, documentation or data related to the Services; modify or translate the Services or any Software, or create derivative works that infringe the intellectual property rights attached to the Services or any Software (except to the extent expressly permitted by Cogniteev SAS or authorized within the Services); use the Services or any Software for time sharing or service bureau purposes or otherwise for the benefit of a third; or remove any proprietary notices or labels.

7. DATA COLLECT AND ANALYZE

Notwithstanding anything to the contrary, Cogniteev SAS shall have the right to collect and analyze data and other information relating to the provision, use and performance of various aspects of the Services and related systems and technologies (including, without limitation, information concerning Client Data and data derived therefrom), and Cogniteev SAS will be free, during and after the Term hereof, to (i) use such information and data to improve and enhance the Services and for other development, diagnostic and corrective purposes in connection with the Services and other Cogniteev SAS offerings, and (ii) disclose such data in connection with its business but solely in aggregate or other de-identified form in connection with its business. No rights or licenses are granted except as expressly set forth herein.

8. DATA PROTECTION

The Parties undertake to comply with the applicable rules on data protection and, in particular, with French Law No. 78-17 of January 6, 1978, as amended (known as the “Data Protection Act”), as well as Regulation (EU) 2016/679 of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the “GDPR”).

The Parties agree that, in the context of providing Log monitoring services, the Service Provider shall act as a processor within the meaning of Article 28 of the GDPR, and the Client shall act as the controller. Under no circumstances shall the Parties be considered joint controllers within the framework of the service.

The Parties agree that the obligations applicable to processing activities related to Log monitoring are described in the Data Processing Agreement (“DPA”) appended hereto. In the event that an error in the classification of the Parties is identified, the Parties shall meet to amend this clause and take all necessary measures to comply with applicable legal requirements.

Furthermore, the Service Provider may process Client data (e.g., employee data) in connection with the implementation of the service. For further information in this regard, the Client may consult the Service Provider’s Privacy Policy, which is accessible at any time on its website or platform. The Client undertakes to inform its users of this Privacy Policy.

9. PAYMENT OF FEES

Client shall pay Cogniteev SAS the applicable fees described in the Order Form for the Services in accordance with the terms therein (the “Fees”). If Client’s use of the Services exceeds the Service Capacity set forth on the Order Form or otherwise requires the payment of additional fees (per the terms of this Agreement), Client shall be billed for such usage and Client agrees to pay the additional fees in the manner provided on the Order Form.

Cogniteev SAS may adjust the Fees annually based on an increase of up to five percent (5%), with thirty (30) days prior notice to Client (which may be sent by email). No discount will be granted in case of advance payment.

If Client believes that Cogniteev SAS has billed Client incorrectly, Client must contact Cogniteev SAS no later than 30 days after the closing date on the first billing statement in which the error or problem appeared, in order to receive an adjustment or credit. Inquiries should be directed to Cogniteev SAS’s customer support department.

Full payment for invoices issued in any given month must be received by Cogniteev SAS upon receipt of the invoice. Unpaid amounts are subject to a finance charge of 1.5% per month on any outstanding balance, or the maximum permitted by law, whichever is lower, plus all expenses of collection and may result in immediate termination of Service. Client shall be responsible for all taxes associated. In case of delaying payment, Cogniteev SAS may suspend access to the Services fifteen (15) days after written notice remains unanswered.

10. DURATION, RENEWAL AND TERMINATION

Duration and renewal: Subject to earlier termination as provided below, this Agreement is for the Initial Service Term as specified in the Order Form, and shall be automatically renewed for additional periods of the same duration as the Initial Service Term (collectively the “Term”), unless either party requests termination at least thirty (30) days prior to the end of the then-current term by sending a registered termination letter with acknowledgment of receipt.

Termination for breach: In addition to any other remedies it may have, either party may also terminate this Agreement upon thirty (30) days’ notice, if the other party materially breaches any obligations of the Agreement.

The breaching party shall have thirty (30) days to cure such material breach. If such a material breach remains uncured, termination pursuant to this section shall be effective sixty (30) days from the written notice.

In the event of termination due to Client’s material breach, all unpaid Fees due until the end of the current contractual period shall become immediately payable, provided that such amount shall not constitute a manifestly excessive penalty under applicable law.

11. CONSEQUENCES OF THE TERMINATION

All sections of this Agreement which by their nature should survive termination will survive termination, including, without limitation, accrued rights to payment, confidentiality obligations, warranty disclaimers, and limitations of liability.

Upon the termination of the Agreement, Client access to the Software is automatically interrupted and the Services are stopped at the end of the engagement period. Client’s account to the Oncrawl Platform will be automatically deleted.

Unless otherwise required by applicable law or legitimate backup retention policies, Client Data shall be deleted within ninety (90) days following termination of the Agreement.

12. WARRANTY AND DISCLAIMER

Cogniteev SAS warrants that the Services will be performed in a manner consistent with generally accepted industry standards.

Cogniteev SAS shall use reasonable efforts consistent with prevailing industry standards to maintain the Services in a manner which minimizes errors and interruptions in the Services.

HOWEVER, COGNITEEV SAS DOES NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED OR ERROR FREE; NOR DOES IT MAKE ANY WARRANTY AS TO THE RESULTS THAT MAY BE OBTAINED FROM USE OF THE SERVICES.

EXCEPT AS EXPRESSLY SET FORTH IN THIS SECTION, THE SERVICES ARE PROVIDED “AS IS” AND COGNITEEV SAS DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT.

13. INDEMNITY

Cogniteev SAS shall hold Client harmless from liability to third parties resulting from infringement by the Service of any patent or any copyright or misappropriation of any trade secret, provided Cogniteev SAS is promptly notified of any and all threats, claims and proceedings related thereto and given reasonable assistance and the opportunity to assume sole control over defense and settlement; Cogniteev SAS will not be responsible for any settlement it does not approve in writing. The foregoing obligations do not apply with respect to portions or components of the Service (i) not supplied by Cogniteev SAS, (ii) made in whole or in part in accordance with Client specifications, (iii) that are modified after delivery by Cogniteev SAS, (iv) combined with other products, processes or materials where the alleged infringement relates to such combination, (v) where Client continues allegedly infringing activity after being notified thereof or after being informed of modifications that would have avoided the alleged infringement, or (vi) where Client’s use of the Service is not used in a manner authorized by this Agreement. If, due to a claim of infringement, the Services are held by a court of competent jurisdiction to be or are believed by Cogniteev SAS to be infringing, Cogniteev SAS may, at its option and expense (a) replace or modify the Service to be non-infringing provided that such modification or replacement contains substantially similar features and functionality, (b) obtain for Client a license to continue using the Service, or (c) if neither of the foregoing is commercially practicable, terminate this Agreement and Client’s rights hereunder and provide Client a refund of any prepaid, unused fees for the Service.

14. LIMITATION OF LIABILITY

Nothing in this Agreement shall exclude or limit either party’s liability for gross negligence, wilful misconduct, death or personal injury, breach of confidentiality obligations, or infringement of intellectual property rights.

Subject to applicable law and except as expressly provided otherwise in this Agreement, COGNITEEV SAS AND ITS SUPPLIERS (INCLUDING BUT NOT LIMITED TO ALL EQUIPMENT AND TECHNOLOGY SUPPLIERS), OFFICERS, AFFILIATES, REPRESENTATIVES, CONTRACTORS AND EMPLOYEES SHALL NOT BE RESPONSIBLE OR LIABLE WITH RESPECT TO ANY SUBJECT MATTER OF THIS AGREEMENT OR TERMS AND CONDITIONS RELATED THERETO UNDER ANY CONTRACT, NEGLIGENCE, STRICT LIABILITY OR OTHER THEORY: (A) FOR ERROR OR INTERRUPTION OF USE OR FOR LOSS, INACCURACY OR CORRUPTION OF DATA, TO THE EXTENT SUCH LOSS, INACCURACY OR CORRUPTION COULD HAVE BEEN AVOIDED THROUGH REASONABLE BACKUP OR SECURITY MEASURES IMPLEMENTED BY CLIENT, OR COST OF PROCUREMENT OF SUBSTITUTE GOODS, SERVICES OR TECHNOLOGY OR LOSS OF BUSINESS OR PROFITS; (B) FOR ANY INDIRECT, EXEMPLARY, INCIDENTAL, SPECIAL OR CONSEQUENTIAL DAMAGES; (C) FOR ANY MATTER BEYOND COGNITEEV SAS’ REASONABLE CONTROL; OR (D) FOR ANY AMOUNTS THAT, TOGETHER WITH AMOUNTS ASSOCIATED WITH ALL OTHER CLAIMS, EXCEED THE FEES PAID BY CLIENT TO COGNITEEV SAS FOR THE SERVICES UNDER THIS AGREEMENT IN THE 12 MONTHS PRIOR TO THE ACT THAT GAVE RISE TO THE LIABILITY, IN EACH CASE, WHETHER OR NOT COGNITEEV SAS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

15. FORCE MAJEURE

Force Majeure Event means any force majeure event as defined by the French law (Article 1218 of the French civil code) and the French case law of the Court of Cassation.

If a party is prevented, hindered or delayed in or from performing any of its obligations by a Force Majeure Event (Affected Party), the Affected Party shall not be in breach of these contractual obligations or otherwise liable for any such failure or delay in the performance of such obligations. The time for performance of such obligations shall be extended accordingly.

The Affected Party shall: as soon as reasonably practicable after the start of the Force Majeure Event, notify the other party of the Force Majeure Event, the date on which it started; and immediately after the end of the Force Majeure Event, notify the other party that the Force Majeure Event has ended. If the Force Majeure Event prevents, hinders or delays the Affected Party’s performance of its obligations for a continuous period of more than four weeks, the party not affected by the Force Majeure Event may immediately terminate the Service ordered, by sending a letter with acknowledgement of receipt.

16. MISCELLANEOUS

If any provision of this Agreement is found to be unenforceable or invalid, that provision will be limited or eliminated to the minimum extent necessary so that this Agreement will otherwise remain in full force and effect and enforceable.

This Agreement is the complete and exclusive statement of the mutual understanding of the parties and supersedes and cancels all previous written and oral agreements, communications and other understandings relating to the subject matter of this Agreement, and that all waivers and modifications must be in a writing signed by both parties, except as otherwise provided herein.

A reference to a company shall include any company, corporation or other body corporate, wherever and however incorporated or established. Words in the singular shall include the plural and vice versa. A reference to any party shall include that party’s personal representatives, successors or permitted assigns.

Any reference to a French legal term for any action, remedy, method of judicial proceeding, legal document, legal status, court, official or any legal concept or thing shall, in respect of any jurisdiction other than France, be deemed to include a reference to what most nearly approximates to the French legal term in that jurisdiction.

Any words following the terms including, include, in particular, for example or any similar expression shall be construed as illustrative and shall not limit the sense of the words, description, definition, phrase or term preceding those terms.

17. COMMUNICATION

Unless Client objects in writing, Cogniteev SAS may use the Client’s name and logo as a business reference in its marketing and promotional activities.

18. INDEPENDENCE AND COMPLIANCE WITH LAWS

No agency, partnership, joint venture, or employment is created as a result of this Agreement and Client does not have any authority of any kind to bind Cogniteev SAS in any respect whatsoever.

Each party shall at its own expense comply with all applicable laws and regulations relating to its activities under this Agreement, as they may change from time to time, and with any conditions binding on it in any applicable licenses, registrations, permits and approvals. Client is solely responsible for compliance with all laws and regulations applicable in the country of destination regarding import and use of the Services.

19. NOTICES

All notices under this Agreement will be in writing and will be deemed to have been duly given when received, if personally delivered; when receipt is electronically confirmed, if transmitted by facsimile or e-mail; the day after it is sent, if sent for next day delivery by recognized overnight delivery service; and upon receipt, if sent by certified or registered mail, return receipt requested.

20. ASSIGNMENT – SUBCONTRACTOR

This Agreement is not assignable, transferable or sublicensable by Client except with Cogniteev SAS’s prior written consent. Cogniteev SAS may transfer and assign any of its rights and obligations under this Agreement without consent. Further, Cogniteev SAS may delegate its obligations and responsibilities to any subcontractors for performing Services.

21. LITIGATION – JURISDICTION

In any action or proceeding to enforce rights under this Agreement, the prevailing party will be entitled to recover costs and attorneys’ fees. IN THE EVENT OF ANY DISPUTE, CONTROVERSY OR CLAIM ARISING OUT OF OR RELATING TO THE AGREEMENT BETWEEN COGNITEEV SAS AND THE CLIENT OR THE PERFORMANCE HEREOF, THE PARTIES WILL MAKE EVERY EFFORT TO REACH AN AMICABLE SETTLEMENT OF THEIR DIFFERENCES. FAILING SUCH SETTLEMENT, THE COMMERCIAL COURTS OF BORDEAUX (FRANCE) WILL HAVE EXCLUSIVE JURISDICTION TO SETTLE ANY DISPUTE OR CLAIM ARISING OUT OF OR IN CONNECTION WITH THE AGREEMENT OR ITS SUBJECT MATTER OR FORMATION, EXCEPT IN CASE OF INTELLECTUAL PROPERTY DISPUTE WHICH WILL BE SUBMITTED TO THE CIVIL COURT OF BORDEAUX (FRANCE).

22. GOVERNING LAW

This Agreement shall be governed by the laws of FRANCE without regard to its conflict of laws provisions. As a result, any dispute or claim arising out of or in connection with it or its subject matter or formation shall be governed by and construed in accordance with the law of FRANCE.

APPENDIX 1 – DATA PROCESSING AGREEMENT

1. Introduction

The Data Processing Agreement (hereinafter the “Agreement”) aims to govern the use of Personal Data belonging to clients (hereinafter the “Client”) of Cogniteev (hereinafter the “Processor” or “Cogniteev”) when they use the feature of log monitoring and analysis provided by Cogniteev (hereinafter the “Service”).

2. Definitions

The terms “adequacy decision”, “technical and organisational measures”, “data subjects”, “data protection by design”, “data protection by default”, “register”, “joint controller(s)”, “controller”, “processor”, “processing”, “personal data breach” in the Agreement have the meanings described in Articles 4 et seq. of the GDPR.

Other terms are defined below:

“Agreement” means the appendix to the Contract governing the use of the Client’s Personal Data in accordance with the provisions of Article 28 of the GDPR, also referred to as the “Data Processing Addendum” (“DPA”).

“DPIA” means a data protection impact assessment that allows the proportionality of Personal Data processing to be verified and the risks associated with Personal Data processing to be prevented.

“Anonymisation”: means processing aimed at making it impossible to identify the persons concerned by the processing carried out in the context of the Service, in an irreversible manner.

“Supervisory Authority”: refers to the supervisory authority responsible for GDPR compliance for the Service provided by the Processor.

“Client” means the entity that has subscribed to the Service provided by the Processor.

“Client’s Employees”: refers to natural persons (e.g. employees) working on behalf of the Client and using the Service in this capacity.

“Contract” means the contract concluded between the Processor and the Client for the use of the Service, to which this Agreement is attached.

“Right(s) request(s)”: refers to the fundamental rights created by the GDPR in Articles 15 et seq. (e.g. right of access, right to erasure, etc.).

“Client’s Personal Data”: refers to any data relating to an identified or identifiable natural person transmitted to the Processor and processed by the latter on behalf of the Client in connection with the Service, a detailed list of which is provided in the appendix.

“White label”: refers to the unbranded Service provided by the Processor that allows the Client to customise and market the Service under its own brand.

“Party(ies)” means jointly the Client and the Processor.

“GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, also known as the “General Data Protection Regulation”.

“Applicable regulations on the protection of personal data” means French Law No. 78-17 of 6 January 1978 on Data Processing, Data Files and Individual Liberties and the GDPR.

“Reversibility”: refers to the operation of enabling the transfer and integration, in a usable and recognised format, of the Client’s Personal Data from the Processor’s Service to an equivalent service offered by another service provider.

“SaaS Service”: refers to software hosted by the Processor that can be used simultaneously by an unlimited number of Clients.

“Sub-processor”: refers to sub-processors recruited by the Processor to process the Client’s Personal Data exclusively within the scope of the Service.

“End Users” means the Client’s Clients who use the Service on a white label basis.

3. Contractual relations and terms

The Agreement is an integral part of the Contract signed between the Client and the Processor for the use of the Service.

In the event of any conflict between the Contract entered into for the use of the Service and the Agreement, the obligations set out in the Agreement shall prevail over the Contract with regard to the GDPR as a whole.

The Agreement shall remain in force for the entire duration of the Contract concluded for the use of the Service and may continue beyond that date as long as all obligations set out herein remain applicable.

4. Role of the Parties and scope of application

The Client acts, within the framework of the Agreement, as the data controller and Cogniteev acts as a data processor within the meaning of Article 28 of the GDPR.

Under no circumstances shall the Parties be considered jointly responsible in connection with the Service. However, the Parties agree that in the event of an error or change in their status, the Parties shall meet as soon as possible to amend the Agreement and take all measures relating to such a situation to comply with the requirements of the applicable regulations on the protection of personal data.

The Agreement exclusively governs the processing of the Client’s Personal Data carried out within the framework of the Service as a Processor within the meaning of Article 28 of the GDPR, to the exclusion of processing carried out as a data controller by Cogniteev, which is governed by the Contract.

5. Instructions and commitments

The Processor undertakes to use the Client’s Personal Data in connection with the use of the Service only in accordance with the instructions documented in the appendix to the Agreement. The Processor shall immediately inform the Client if it considers that an instruction given by the Client is unlawful under the applicable regulations on the protection of personal data. The Processor shall not be held liable if, despite the Processor’s notification of the illegality of the instruction, the Client maintains and applies this instruction through the Service.

The Processor undertakes to comply with the provisions of the GDPR and, in particular, to keep a record of processing activities specific to the Service and to develop its Service in accordance with the rules of “Data Protection by Design” and “Data Protection by Default”.

The Processor undertakes never to transfer the Client’s Personal Data for reasons other than the provision of the Service and undertakes never to use the Client’s Personal Data for its own interests, as data controller.

The Processor declares that all internal or external personnel required to process the Client’s Personal Data are bound by one or more binding legal acts and regularly undergo training and awareness-raising.

The Processor undertakes to guarantee the security of the Client’s Personal Data and to implement all technical and organisational measures necessary for its Service, details of which are set out in the appendix to the Agreement.

However, the Processor shall never be liable for any breaches by the Client of the applicable regulations on personal data protection when using the Service as data controller.

6. Assistance with the implementation of DPIA

DPIAs must be carried out by the Client in accordance with the provisions of the GDPR. However, the Processor undertakes to provide, upon written request from the Client, all information necessary and required for the Client to carry out a DPIA.

However, the Processor is not required to carry out DPIAs on behalf of the Client. Any additional requests for information may be refused.

7. Assistance with data subjects requests

Requests sent by End Users shall be forwarded to the Client as soon as possible. The Processor is not required to keep an inventory of Rights requests on behalf of the Client and is not responsible for any failure by the Client to manage Rights requests.

The Processor shall, upon written request from the Client, take the technical measures necessary to enable the Client to fulfil its obligation to respond to requests from data subjects.

The Client accepts and understands that the Processor is not required to manage Data Subject Requests made in connection with the Service on behalf of and for the account of the Client. Any additional request to ensure such management will be refused.

Rights requests sent to the Processor as data controller shall be processed exclusively by the Processor and shall not be transferred to the Client.

8. Assistance with security measures

The Processor undertakes to communicate all necessary and required information on the technical and organisational security measures to be implemented to ensure the security of the Client’s Personal Data in connection with the provision of the Service.

9. Personal Data Breaches

The Processor undertakes to notify the Client, as soon as possible and no later than 48 working hours after becoming aware of it, of any personal data breach in connection with the Service that may concern the Client’s Personal Data, as well as all necessary and required information in its possession to mitigate the effects of the personal data breach. The Client accepts and acknowledges that the 72-hour period applicable to it shall only start from the moment it becomes aware of the personal data breach and that, as such, the 48-working-hour period complies with the GDPR.

The Processor is not authorised to handle notifications of personal data breaches to the Supervisory Authority or to inform End Users on behalf of the Client. Any request to this effect from the Client will be refused.

10. Sub-processors

The Client grants the Processor general authorisation to recruit Sub-processors, provided that it is informed of any changes to these Sub-processors as soon as possible so that the Client can raise any objections. The Client accepts and acknowledges that specific authorisation for a SaaS tool is not applicable and could lead to the Service being blocked.

If no objections are raised by the Client within eight (8) days of notification, the new Sub-processor shall be definitively recruited without the Client being able to object, claim damages or request termination of the Contract. If the objection raised within the time limit is considered admissible by the Processor, the latter may offer the Client one of the following solutions: i) withdrawal of the Sub-processor, ii) implementation of additional measures to guarantee the security of the Client’s Personal Data, iii) termination of the Service without the Client being entitled to claim damages.

To be considered admissible by the Processor, objections must be objective and serious and be duly substantiated. The Parties agree that the following situations shall, by default, be considered admissible: i) the proposed Sub-processor is a direct competitor of the Client, ii) the Sub-processor is in a dispute with the Client, iii) the Sub-processor has been convicted by a Supervisory Authority within the 12 months prior to its recruitment and iv) the Sub-processor does not comply, where applicable, with the applicable rules on transfers outside the European Union.

The Processor undertakes to recruit only Sub-processors who, after verification, provide the necessary and sufficient guarantees to ensure the security and confidentiality of the Client’s Personal Data. The relationship between the Processor and the Sub-processor must be governed by an agreement containing obligations similar to those in this Agreement.

The Processor shall remain liable, within the limits of liability provided for in the Contract, for any breaches of the GDPR that may be committed by its Sub-processors in connection with the Service.

11. Hosting and transfers outside the European Union

a) Data hosting

The Processor undertakes to take all necessary measures to host the Client’s Personal Data exclusively within a Member State of the European Union. The Client grants the Processor authorisation to choose the Member State of the European Union of its choice. In the event that Personal Data is hosted in a country outside the European Union, the Processor undertakes to obtain the Client’s prior authorisation and to implement all the mechanisms required to regulate this transfer, such as concluding standard contractual clauses and, where necessary, implementing additional technical measures to enhance the security of the Client’s Personal Data.

b) Data transfers

The Client grants the Processor general authorisation to transfer data outside the European Union if, cumulatively, i) the transfers are made exclusively to Sub-processors that comply with the GDPR and ii) the transfers are made exclusively to a country that has received an adequacy decision or are governed by appropriate safeguards, such as, in particular, Standard Contractual Clauses. If these conditions are not met, transfers outside the European Union are only permitted with the prior consent of the Client. Additional technical security measures to enhance the security of the Client’s Personal Data must be implemented if the Personal Data is transferred to a non-democratic country.

12. Retention periods and fate of the Client’s Personal Data

The Processor undertakes to retain the Client’s Personal Data only for the duration of the use of the Service, in accordance with the detailed instructions in the appendix, and to delete it at the end of the Contract. The Processor shall, upon written request, certify the deletion of the Personal Data and all existing copies.

The Client is informed that they must retrieve their Personal Data before the end of the Agreement. Failing this, the Client will no longer be able to retrieve their Personal Data, as the deletion of personal data is irreversible and final. The Processor cannot be held liable for any loss of Personal Data after its deletion, with the Client assuming full responsibility. The Client agrees that the total, irreversible and definitive anonymisation of the Client’s Personal Data shall be used as a means of deletion and that the Processor shall retain the anonymised data for the improvement of the Service, as accepted by the Supervisory Authorities.

The Processor informs the Client that the return of Personal Data provided for in the GDPR does not constitute Reversibility of data to a new processor and that any request to this effect will always be refused by the Processor.

13. Audits

The Client has the right to conduct an audit in the form of a written questionnaire once a year to verify compliance with this Agreement. The questionnaire shall have the force of a sworn undertaking binding on the Processor. The questionnaire may be communicated in any form to the Processor, who undertakes to respond as soon as possible after receipt.

The Client also has the right to carry out, once a year and at its own expense, an on-site audit, if necessary at the Processor’s premises in the event of a data breach due to a proven and demonstrated breach by the Processor resulting in duly justified damage to the Client. An audit at the Processor’s premises may be carried out either by the Client or by an independent third party appointed by the Client and must be notified in writing to the Processor at least thirty (30) days before the audit is carried out. The Processor has the right to refuse the choice of the independent third party if the latter is i) a direct or indirect competitor of the Processor, ii) in a situation of conflict of interest with the Processor (e.g. advisor to a competitor of the Processor) or ii) in pre-litigation or litigation with the Processor. In this case, the Client undertakes to choose a new independent third party to carry out the audit. The Processor may refuse access to certain areas for reasons of confidentiality or security. In this case, the Processor shall carry out the audit in these areas and communicate the results to the Client.

In the event of any discrepancies identified during the audit, the Processor undertakes to implement, without delay and at its own expense, the measures necessary to comply with this Agreement. Discrepancies may only relate to the applicable Regulations on the Client’s Personal Data and may not relate to internal procedures or measures implemented by the Client on a specific basis. Discrepancies must be duly demonstrated, justified and documented.

In the event of a dispute by the Processor regarding the identified discrepancies, the Processor may, at its discretion and with the prior written consent of the Client, propose to i) meet to find an amicable solution and a compromise, ii) refer the matter to the Supervisory Authority for arbitration, and iii) refer the matter to an independent expert for arbitration.

14. Cooperation with the authorities

The Processor undertakes to cooperate with the CNIL, the competent Supervisory Authority, in the event of an inspection concerning the processing carried out in connection with the Service and undertakes to notify the Client as soon as possible in the event of requests concerning its Personal Data made by the Supervisory Authority or by an administrative, judicial or police authority.

15. Contact

The Client and the Processor shall each appoint a contact person responsible for this Agreement, who shall be the recipient of the various notifications and communications to be made under the Agreement.

The Processor informs the Client that it has appointed Dipeeo SAS as its Data Protection Officer, who can be contacted at the following address:

Email address: dpo@oncrawl.com
Postal address: Dipeeo SAS, 95 avenue du Président Wilson, 93100 Montreuil, France
Telephone number: 01 59 06 81 85

16. Revisions

The Processor reserves the right to modify this Agreement in the event of changes to the applicable rules on the protection of Personal Data or in the event of changes to the Service that would have the effect of modifying any of its provisions.

Certified compliant by Dipeeo ®