Terms of Use and DPA
Terms of Service for NinjaiBot
The levels of service provided online depend on the agreements made with our Partners.
1. Parties
Service Provider: NinjaiBot.com – Daniele Luciani P.I. 01164530451
Customer: The legal entity that has accepted these terms of agreement
The following sections of these terms and conditions also apply to all visitors of the ninjaibot.com website: Intellectual Property, Changes to the Service, Data Use and Privacy, Cookies, Limitation of Liability, and Applicable Law and Dispute Resolution
2. Purpose of the agreement
This agreement specifies the terms and conditions under which NinjaiBot.com will provide its online services to the Customer and serves as the general terms of service for all visitors to the NinjaiBot.com website.
3. Description of service
NinjaiBot.com offers cloud-based online chat, interactions, and analytics services to customers worldwide. Further details about the services can be found on the NinjaiBot.com website or in other documentation provided by the Service Provider.
We aim to deliver our services promptly and diligently. If you notice any errors or deficiencies, we commit to rectify them promptly and at no extra charge.
Chatbots Disclaimer: While the AI Chatbots strives to provide accurate and helpful information, they learn from vast amounts of text data and may occasionally generate responses that are incomplete or inaccurate. Think of them as helpful starting points, but always double-check important information as the assistants can’t guarantee perfect accuracy.
4. Intellectual property
All NinjaiBot.com services are provided as SaaS offerings. No licenses or other rights, including intellectual property or distribution rights, are transferred to the Customer or website visitors regarding our services.
5. Changes to service
We reserve the right to make changes to our services at any time to provide new features or improvements. We may notify you of such changes in advance.
6. Service breaks
We may temporarily suspend our services during scheduled maintenance or technical upgrades. We aim to minimize disruptions and will inform you of any planned service breaks in advance.
7. Customer’s responsibilities
- Customers must securely store user IDs and passwords and not share them with third parties.
- When using NinjaiBot services on any website, Customers are responsible for obtaining all necessary consents from visitors.
- Customers must use the service in compliance with applicable laws and regulations.
8. Personal Data and Privacy
Customers can monitor traffic on their websites using our services. All Customer Data collected or generated through NinjaiBot services is available exclusively to the Customer and stored separately from other data.
We may use Customer Content to develop, train, test, or improve our AI systems and applications.
Additionally, Customers acknowledge and accept that our services collect anonymous benchmark data.
9. Cookies
Both the NinjaiBot.com website and our services use cookies. By accessing our website or services, you agree to the use of cookies, profiling, and collection of benchmark data for the stated purposes.
10. Limitation of Liability
The Service Provider or its distributors shall not be liable for any indirect or consequential damages.
11. Reference use
We reserve the right to use Customers as references in our marketing and sales activities.
12. Termination
This agreement will automatically continue indefinitely with a mutual one (1) month notice term before a new invoicing period.
13. Applicable law and Dispute resolution
This agreement and any use of NinjaiBot website and services shall be governed by Italian law.
For further information about these Terms of Service or the Privacy Policy, please contact support@ninjaibot.com.
Data Processing Agreement (DPA) for Ninjaibot
This Data Processing Agreement (“DPA”) is entered into between the Customer (hereinafter “the Controller”) and Ninjaibot (hereinafter “the Processor”), detailing the conditions under which the Processor will process personal data on behalf of the Controller in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR).
1. Object and Duration
The Parties agree that the Data Processor will provide AI chatbot services based on Chat GPT by OpenAI, as outlined in NinjaiBot’s privacy policy, to the Data Controller. This processing will be carried out for the duration of this Agreement or as long as personal data processing is necessary.
2. Obligations
Ninjaibot agrees to:
- Process personal data only on written instructions from the Controller.
- Ensure that authorized personnel processing personal data commit to confidentiality.
- Take all necessary security measures to protect personal data.
- Assist the Controller in responding to data subject requests and in meeting its regulatory obligations.
Processor Obligations
The Processor confirms that it shall process Personal Data on behalf of the Controller and shall take steps to ensure that any natural person acting under the authority of the Processor who has access to Personal Data does not process the Personal Data except on instructions from the Controller
The Processor shall promptly inform the Controller, if in the Processor’s opinion, any of the instructions regarding the processing of Personal Data provided by the Controller, breach any applicable data protection laws.
The Processor shall ensure that all employees, agents, officers, and contractors involved in the handling of Personal Data: (i) are aware of the confidential nature of the Personal Data and are contractually bound to keep the Personal Data confidential; (ii) have received appropriate training on their responsibilities as a data processor; and (iii) are bound by the terms of this DPA.
The Processor shall implement appropriate technical and organizational procedures to protect Personal Data, taking into account the state of the art, the costs of implementation and the nature, scope, context, and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.
The Processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate: (i) the pseudonymisation and encryption of Personal Data; (ii) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; (iii) the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; (iv) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing. In accessing the appropriate level of security, account shall be taken in particular of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data transmitted, stored or otherwise processed.
The Controller accepts and agrees that the technical and organizational measures are subject to development and review and that the Processor may use alternative suitable measures to those detailed in the attachments to this DPA provided that such updates and modifications do not result in the degradation of the overall security of the Services.
Taking into account the nature of the processing and the information available to the Processor, the Processor shall assist the Controller by having in place appropriate technical and organisational measures, in so far as this is possible, for the fulfillment of the Controller’s obligation to respond to requests for exercising the Data Subject’s rights and the Controller’s compliance with the Controller’s data protection obligations in respect of the processing of Personal Data.
Controller Obligations
The Controller represents and warrants that it shall comply with the terms of the Terms of Service Agreement, this DPA and all applicable data protection laws .
The Controller represents and warrants that it has obtained any and all necessary permissions and authorizations necessary to permit the Processor, its Subsidiaries and Sub-Processors, to execute their rights or perform their obligations under this DPA.
The Controller is responsible for compliance with all applicable data protection legislation, including requirements with regards to the transfer of Personal Data under this DPA and the Terms of Service Agreement.
All Subsidiaries of the Controller who use the Services shall comply with the obligations of the Controller set out in this DPA. The Controller may require correction, deletion, blocking and/or making available the Personal Data during or after the termination of the Agreement. The Processor will process the request to the extent it is lawful, and will reasonably fulfill such request in accordance with its standard operating procedures to the extent possible.
The Controller acknowledges and agrees that some instructions from the Controller, including destruction or return of data from the Processor, may result in additional fees.
In such case, the Processor will notify the Controller of such fees in advance unless otherwise agreed.
3. Sub-processing
The Data Processor may engage subprocessors with prior written approval from the Data Controller. The Processor remains fully liable to the Controller for the performance of the subprocessor’s services.
The Controller acknowledges and agrees that: (i) Subsidiaries of the Processor may be used as Sub-processors; and (ii) the Processor and its Subsidiaries respectively may engage Sub-processors in connection with the provision of the Services.
All Sub-processors who process Personal Data in the provision of the Services to the Controller shall comply with the obligations of the Processor similar to those set out in this DPA.
Where Sub-processors are located outside of the EEA, the Processor confirms that such Sub-processors: (i) are located in a third country or territory recognised by the EU Commission to have an adequate level of protection; or (ii) have entered into Standard Contractual Clauses with the Processor; or (iii) have other legally recognised appropriate safeguards in place, such as the EU-US Privacy Shield or Binding Corporate Rules.
The Processor shall make available to the Controller the current list of Sub-processors which shall include the identities of Sub-processors and their country of location. During the term of this DPA, the Processor shall provide the Controller with at least 10 days prior notification, via email (or in-application notice), of any changes to the list of Sub-processor(s) who may process Personal Data before authorising any new or replacement Sub-processor(s) to process Personal Data in connection with the provision of the Services.
The current list of Sub-processors is mentioned in Appendix 1
If the Controller objects to a new or replacement Sub-processor the Controller may terminate the Terms of Service Agreement with respect to those Services which cannot be provided by the Processor without the use of the new or replacement Sub-processor. The Processor will refund the Controller any prepaid fees covering the remainder of the Term of the Service Agreement following the effective date of termination with respect to such terminated Services.
4. Rights of Data Subjects
The Data Processor shall assist the Data Controller in ensuring compliance with the rights of data subjects, in accordance with Chapter III of GDPR.
5. Data Breaches
The Data Processor shall notify the Data Controller without undue delay upon Processor becoming aware of a Personal Data Breach affecting Personal Data, providing sufficient information to allow the Data Controller to meet any obligations to report or inform Data Subjects of the Personal Data Breach under the Data Protection Laws.
The Data Processor shall co-operate with the Data Controller and take reasonable steps to assist in the investigation, mitigation and remediation of each such Personal Data Breach.
6. Data Transfer
Personal data may be transferred outside the European Economic Area only if they meet the transfer conditions established in the GDPR.
7. Terms of Data Erasure or Return
Upon termination of processing services, Ninjaibot will erase or return all personal data to the Controller and delete existing copies, unless otherwise requested by the Controller or required by law to retain the data.
8. Audits and Inspections
The Controller has the right to conduct audits and inspections to verify Ninjaibot’s compliance with this DPA.
APPENDIX 1
Entity | Purpose | Location |
OpenAI | API Services. Handling of chatbot activity data, including interactions, queries, and responses. | OpenAI’s services aren’t located in one physical location. They run on Microsoft’s Azure cloud platform, which means the servers are distributed globally. When you interact with OpenAI’s tools, Azure routes you to the nearest server for the best performance. |
Liquid Web | Liquid Web provides the primary infrastructure used by the Processor to host Service Data submitted to the Services. | Liquid Web operates data centers in several locations around the world, not just in one spot. Their data centers are situated in: Lansing, Michigan (US) (their primary facility); Phoenix, Arizona (US); Amsterdam, Netherlands (Europe). |