General Terms and Conditions of Agreements (Streamcoi)

1. GENERAL COMMENTS

1. The GTC document is created by inStreamly. This document applies to all inStreamly contractors using the cloud-based software access service and obtaining a license for this software.
2. The provisions of the GTC may not be modified or limited by the content of orders, including the Order, working arrangements, discussions, or any other communication. The GTC may be modified only in the form provided for in section: AMENDMENT OF THE GTC.
3. Cooperation with inStreamly does not constitute the establishment of a company, partnership, or any other joint venture. The Parties are independent partners, and each of them undertakes to respect the economic independence of the other Party.
4. STREAMCOI Software cannot be used for the provision of illegal content.
5. The use of STREAMCOI Software requires a computer with access to the Internet, access to electronic mail, installed browser (Microsoft Edge, the latest version of Mozilla Firefox, the latest version of Opera, the latest version of Google Chrome, the latest version of Safari), enabled cookies, and disabled advertising blocker (the so-called AdBlock).

SUBJECT OF THE CONTRACT

1. The subject of the Contract consists in the paid and time-limited provision of a service by inStreamly, where the service shall consist in providing access to cloud-based software (STREAMCOI Software), and granting the Partner a time-limited, non-exclusive, paid license for this software, without the right to sub-license. The non-exclusive license shall be granted in the field of use: temporary reproduction of a code fragment only to the extent necessary for the use of the basic function consisting in:
   1. managing and tracking content on multiple TWITCH and/or YouTube channels;
   2. displaying the Partner’s ads on those channels. The Partner may also, at their own discretion, display inStreamly's ads.
2. Displaying inStreamly's ads means paid provision of service by the Partner to inStreamly with the option to display advertising contents on a website or subpage managed by the Partner (in an active stream window of their streamers), as added in the STREAMCOI Software. It means that the Partner provides Internet media, for a specified period of time, to post and maintain contents received from inStreamly at a specific Internet address (lease/ rental of advertising space on a website or subpage managed by the Partner and/or the Partner’s streamers).
3. inStreamly does not guarantee the uninterrupted availability of STREAMCOI Software, i.e. inStreamly may, from time to time, temporarily limit or discontinue the software provision due to:
   1. maintenance, development and implementation work, as well as
   2. software errors that require limitation or discontinuation of software provision.

   The Partner shall be informed in advance about the planned limitation or discontinuation of the software provision. The said limitation should not exceed 48 hours in a given calendar month.

REGISTRATION AND CONCLUSION OF THE CONTRACT

1. The Contract is concluded in an electronic form, (a) as a scanned copy of the signed document, i.e. without the need to substitute it with a paper copy. However, after signing the Contract, ISSTREAMLY may ask for sending a hard copy with signature; or (b) by using an electronic signature.
2. inStreamly strives to simplify the formalities in relations with Partners as much as possible. In some cases, however, inStreamly may require the Partner to perform additional authentication activities before or after the conclusion of the Contract. In particular, inStreamly may request the Partner to:
   1. submit an excerpt from the National Court Register or other register appropriate for the Partner's country (in the case of a Partner who is a legal person or an organizational unit without legal personality), or a certificate of entry in the Central Register and Information on Economic Activity or another register appropriate for the Partner's country (if the Partner runs a registered sole proprietorship);
   2. submit for inspection and enable the making of a copy of an identity card or other identity document in the case of a Partner who is a natural person, or in the case of natural persons acting on behalf of the Partner;
   3. submit a tax residence certificate.

TERMS OF COOPERATION PERTAINING TO THE PARTNER

The Partner may only be:

1. a natural person who is over 18 years old and has full legal capacity, who performs the service covered by the Contract for the purposes directly related to the conducted trade, business, craft activities, or liberal profession (a natural person who is not a consumer). The foregoing does not exclude cooperation with persons who do not possess a registered business (e.g. non-registered activity); or
2. a legal person or an organizational unit with legal capacity granted by the law.

REMUNERATION

For the performance of the Contract, inStreamly shall be entitled to remuneration resulting from the price list published on https://saas.streamcoi.com/ or, if agreed, from the Order. The remuneration:

1. is non-reimbursable (in full or in part), also in the event of:
   • cessation of the performance of the Contract by the Partner (cessation of the use of services provided);
   • cessation of the provision of services covered by the Contract by inStreamly for the Partner as a result of circumstances described in section 8, or as a result of the Partner’s breach of the Contract and suspension of the provision of services or early termination of the Contract;
2. as specified in the price list or in the Order, constitutes net remuneration and, if applicable, shall be increased, from time to time, by the due VAT.
3. amount is stated after any local taxes and fees applicable or payable in the Partner place of residence (business residence). This means that inStreamly is to receive the indicated amount (plus VAT, if applicable) into its bank account and either inStreamly nor any other entity (including Partner) is not obliged to make any deductions, abatements or other payments to tax authorities other than the Polish one

LIABILITY

1. inStreamly shall not be liable for the provision of false or outdated information by the Partner when concluding the Contract, including the Partner’s data, as well as for the failure to update such data by the Partner in the event of their change. The aforementioned also applies to false statements made by the Partner when concluding the Contract.
2. To the fullest extent permitted by the law, the liability of inStreamly is excluded, particularly with regard to:
   1. all losses or damages of the Partner and third parties submitting claims to the Partner, regardless of their causes, source, fault of inStreamly, knowledge of inStreamly about the possibility of their occurrence and the time of their occurrence, including lost profits, lost sales, lost investments, lost business, business opportunities or savings, permanently or temporarily lost data or systems, change in the company’s financial value, lost reputation, losses related to the permanent or temporary cessation of activity, except for liability the exclusion of which would be contrary to any cause that would make this point invalid;
   2. all assurances, warranties, and conditions which may have effect between the Parties, or which may be implied or incorporated by the law and/or custom and/or otherwise, except for any conditions or warranties the exclusion of which would be contrary to any cause that would make this point invalid;

   In particular, inStreamly shall not be liable for the consequences, including any damages to the Partner or third parties, resulting from:

   1. actions or omissions of entities for which inStreamly is not responsible, in particular, for disabling of related services, failure, unavailability or malfunctioning of IT systems of telecommunications operators, actions of hackers or other third parties undertaking activities aimed at obtaining funds by fraud or by interference with data processing;
   2. cases of force majeure;
   3. extension, change, limitation or discontinuation of some or all functions or tools, including those available at the time of conclusion of the Contract;
   4. actions taken by inStreamly in accordance with the Contract;

   as well as for any other actions and circumstances that have not been caused through the fault of inStreamly (intentional fault). To the extent permitted by the law, the total liability of inStreamly towards the Partner shall be limited to the amount corresponding to a one-year fee paid by the Partner in connection with the performance of the Contract.

3. inStreamly does not guarantee the achievement of any result by the Partner in connection with the performance of the Contract. The Contract shall be a non-exclusive license contract and, in terms of the service provision, a contract of due diligence of inStreamly. Such due diligence consists in the service provision.
4. The Partner shall be fully liable for all actions and omissions undertaken by themselves or by using the services provided by inStreamly, for any content made available or introduced, for any breach of the Contract, and shall also be liable to the extent to which inStreamly shall not be liable. The liability of the Partner shall cover actual losses and lost benefits, including all costs incurred by inStreamly in order to defend themselves against claims filed against inStreamly.
5. The Partner shall be solely liable for the fulfilment of legal requirements of their jurisdiction related to the use of services covered by the Contract.
6. The Partner undertakes to enter, in the place of or beside inStreamly, to any proceedings pending in connection with the Contract, and to release inStreamly from liability, which includes the satisfaction of claims against third parties or coverage of recourse claims, and reimbursement of the awarded costs, fines, damages, etc.

COMPLAINTS

1. In the event of non-performance or improper performance of the Contract by inStreamly, the Partner may file a complaint. Complaints should be submitted:
   1. using the contact form available at https://streamcoi.com/; or
   2. by e-mail to the address: contact@streamcoi.com.
2. A complaint must contain at least:
   1. data enabling identification of the Partner;
   2. a description of the problem with as much detail as possible, indicating the period of its occurrence and the scope of irregularity;
   3. expectations as to the manner of solving the problem by inStreamly.

   Complaints not containing the aforementioned elements may be disregarded by inStreamly.

3. inStreamly considers complaints as soon as possible, within no longer than 14 (fourteen) days from the date of their receipt. With the complaint considered, inStreamly shall inform the Partner about the manner of its consideration by means of an e-mail sent to the address indicated by the Partner. If no such address has been indicated, the e-mail shall be sent to the Partner’s address provided during registration.

TERMINATION OF THE CONTRACT. SUSPENSION OF THE PARTNER

1. The Contract is concluded for the term resulting from the selected subscription period. After that period the Contract shall expire unless the Parties conclude a new Order.
2. The Parties shall not provide for the possibility of early termination of the Contract, except for the situation in which the Partner:
   1. is in breach of the Contract or the provisions of the universally applicable law in the jurisdiction proper for the Contract;
   2. has failed to pay for the services provided in accordance with the Contract;
   3. has objected to amendments in the GTC or in the service provision conditions.

   In such case, only inStreamly shall be entitled to terminate the Contract, whereby the termination shall be possible with immediate effect and require the submission of a declaration in electronic form (e-mail sent to the address provided during the process of creating an account).

3. inStreamly may suspend the Partner by temporarily withholding the provision of services for the Partner in full or in part if the Partner:
   1. is in breach of the Contract or the provisions of the universally applicable law in the jurisdiction proper for the Contract;
   2. has failed to pay for the services provided in accordance with the Contract;
   3. has failed to make a supplementary payment despite being informed by inStreamly about the change of the manner of service provision.

   The suspension shall be made for the duration of the reason constituting the grounds for suspension or for the time necessary to remove the effects of a breach.

AMENDMENT OF THE GTC

1. The GTC may be subject to periodical updates, particularly in the event of:
   1. amendments to the relevant provisions of the law or regulatory requirements;
   2. the need to adjust the functionalities provided by inStreamly to the obligations, judgments, decisions, indications, or guidelines of regulatory authorities following from the decisions of a public administration authority or court judgments pertaining to inStreamly;
   3. changes in the functionalities provided by inStreamly, resulting from technical or technological reasons;
   4. deletion or addition of functionalities by inStreamly;
   5. changes in the prices of services.
2. inStreamly informs about these amendments in advance by sending a statement in electronic form to the Partner’s e-mail address provided in the process of creating an account. The advance notice should not be provided in less than 14 (fourteen) days. Lack of objection to the planned amendments on the part of the Partner shall mean the acceptance of changes made by inStreamly and the relevant amendment to the Contract.
3. Only inStreamly is entitled to amend the GTC.

AMENDMENT OF THE CONTRACT

Any amendments to the Contract shall be made in electronic form, in accordance with the rules indicated in sections: CONTACT PERSON AND DETAILS and FINAL PROVISIONS (item 3) of the Order, whereby the Parties exclude the possibility of implied amendment of the Contract (e.g. by tacit consent).

ADDITIONAL CLAUSES

1. If any of the provisions of the Contract, by virtue of the law or by the final or binding decision of any administrative authority or court, are deemed invalid or ineffective, the remaining provisions shall remain in full force and effect. The invalid or ineffective provisions shall be replaced by virtue of the Contract with legally valid and fully effective provisions with legal effects that ensure the economic benefits for each of the Parties as closely as possible to the original benefits.
2. The Contract contains all provisions and arrangements of the Parties covered by its content and supersedes any prior agreements, arrangements and understandings made between the Parties, both oral and written. The GTC and the Order constitute the entire Contract.
3. The Parties jointly declare and, by concluding the Contract, confirm that the content of the Contract is known and understandable to them and that it does not raise any interpretative doubts (exclusion of contra proferentem).
4. Non-performance or delayed performance of any of the provisions of the Contract by either Party or actions in the event of a breach of any of the conditions of the Contract shall not constitute an amendment and/or waiver of such rights and/or provisions.
5. None of the Parties shall be entitled to transfer their rights (including liabilities) arising from the Contract to a third party without prior written consent of the other Party.

CONTACT PERSONS AND DETAILS

All declarations of intent, notifications, working arrangements and other information, including binding arrangements pertaining to services, shall be sent in accordance with the details indicated in the Contract (CONTACT PERSON). For the avoidance of all doubts, the Partner confirms that:

1. the person indicated in the Contract is entitled to submit and agree on the aforementioned elements with effect for the Partner. If several persons have been indicated, each of them is competent individually;
2. the email address is assigned to the aforementioned person only;
3. an email is deemed to be received if the sender’s computer indicates that the message has been received and has not been returned.

This means, in particular, that commencement of the Contract performance by inStreamly does not require any additional representations, signatures, messages, confirmations and/or countersignatures of other persons (including members of the Management Board).

Any change of contact persons referred to in the item above shall not constitute an amendment to the Contract and must be communicated to the other Party in the form of an email sent to the address of the other Party, as indicated in the Contract, otherwise being null and void. Such a change shall take effect upon an email confirmation of receipt.

INFORMATION ABOUT COOPERATION. CASE STUDY

1. inStreamly may publish:
   1. an anonymous description of cooperation with the Partner – at inStreamly’s website and/or marketing materials:
      • an anonymous case study pertaining to cooperation with the Partner;
      • information about cooperation with the Partner with the Partner’s details and logo included.
   2. upon the Partner’s consent, the description and the case study may be non-anonymous, and the Partner shall not unreasonably withhold such a consent. At the same time:
      • a non-anonymous publication may be made using the Partner’s logo;
      • withdrawal of consent granted shall apply only to future materials, i.e. inStreamly shall not be obliged to remove materials which have already been published.
2. inStreamly may ask the Partner for an opinion on the services provided. If the Partner gives such an opinion, inStreamly may publish it and use it in marketing communication, along with the indication of the entity that has given such an opinion.
3. The above does not violate the confidentiality provisions.

CONFIDENTIALITY

1. The Parties shall be obliged not to communicate, disclose or use information that constitutes trade secret of the other Party. A trade secret is any information about the other Party that is not the subject of entries in public registers and is not publicly known, and which a given Party provides to the other Party in the course of performance of the Contract. A trade secret includes, in particular, commercial, technical, technological, organizational information, know-how and any and all information obtained in connection with or during the execution of obligations under the Contract, including pricing.
2. Information constituting a trade secret of a given Party may be disclosed to third parties by one of the Parties only with the consent of the Party to which the information pertains, and without such consent only if required by applicable law and only to the extent necessary. The disclosing Party is to inform the other Party about the obligation to disclose such information, unless the provisions of the Contract prohibit such action.
3. The obligation of confidentiality shall be binding throughout the term of the Contract, as well as within a period of 5 (in words: five) years after its termination or expiry.

GOVERNING LAW AND JURISDICTION

• The provisions of the Contract and the obligations resulting therefrom shall be governed by the Polish law and have been drawn up in Polish.
• Any disputes resulting from the Contract shall be resolved by the Parties amicably, and if such resolution is not possible, the Parties shall submit such a dispute for resolution to the court of territorial and subject-matter jurisdiction over the registered office of inStreamly.
• For matters not settled by the provisions of the Contract, the applicable provisions of the law, in particular the provisions of the Polish Civil Code, shall apply.

PERSONAL DATA

The performance of the Contract shall require the entrustment of the processing of personal data belonging to the Partner to inStreamly. With regard to the foregoing:

1. the Partner represents that they are the controller of such data and that they have fulfilled all legal obligations towards data subjects;
2. the Parties conclude the contract for the entrustment of personal data processing with the wording specified in:
   • Appendix No. 1 to the GTC; or
   • Appendix No. 2 to the GTC.

APPENDIX NO. 1 TO THE GTC:
PERSONAL DATA PROCESSING ENTRUSTMENT CONTRACT

concluded in addition to the Contract, i.e. the contract between inStreamly and the Partner drawn up in accordance with the GTC. The Entrustment Contract does not constitute an annex to the Contract; it is an independent contract drawn up on the basis of and in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter: “GDPR”).

SUBJECT OF THE ENTRUSTMENT CONTRACT

1. [Subject of entrustment] On conditions provided for by the Contract and the Entrustment Contract, the Partner shall entrust inStreamly with the processing of personal data, and inStreamly shall accept this entrustment.
2. [Term of entrustment] The processing shall be entrusted for the term of the Contract.
3. [Nature of entrustment] The entrustment of personal data processing shall be determined by activities entrusted to inStreamly as part of the Contract, i.e. the provision of cloud-based software.
4. [Purpose of entrustment] The processing of personal data shall be entrusted for the purpose of (a) managing and tracking content on multiple TWITCH and/or YouTube channels, and (b) displaying the Partner’s or inStreamly's ads on those channels.

INFORMATION ON PERSONAL DATA

1. [Type] The Partner shall entrust inStreamly with the following (ordinary) personal data:
   1. username/ channel name.

   The Partner additionally declares that inStreamly shall not gain access to any personal data of persons under the age of 16. The Partner shall inform inStreamly about any situation of entrusting personal data of persons under the age of 18. The Partner may entrust the processing of additional personal data not mentioned above, however, this requires notification by the Partner and conclusion of an annex to the Entrustment Contract.

2. [Category of data subjects] The processing of personal data shall concern ordinary personal data of:
   1. TWITCH and/or YouTube channel users.

FURTHER ENTRUSTMENT OF PERSONAL DATA

1. [Sub-entrustment] inStreamly may entrust the performance of specific operations on personal data to third party providers (hereinafter: “Further Entrustment”). Sub-entrustment may be performed by way of a separate contract.
2. [General consent] The Partner does not give their general consent for Further Entrustment.
3. [Further consent] The extension of entities that may perform Further Entrustment and entrustment other than Further Entrustment shall not constitute an amendment to the Contract and, for its validity, it requires:
   1. sending e-mail information to the Partner, in accordance with the data indicated in the Contract;
   2. lack of objection from the Partner.
4. [Transfer of obligations] By making Further Entrustment or an entrustment other than Further Entrustment, inStreamly obliges to collect statements and undertakings from third parties, in accordance with the Entrustment Contract, unless it proves to be not possible or unjustified due to the scope and nature of the aforementioned activities, or unless it results directly from the provisions of the universally applicable law (e.g. GDPR).
5. [Objection] In relation to entities appointed by inStreamly for the performance of activities under Further Entrustment or activities other than Further Entrustment, the Partner may submit an objection which, for its validity, requires:
   1. documentation, which is understood by the Parties as sending unambiguous information to inStreamly, in accordance with the data indicated in the Contract;
   2. justification, which is understood by the Parties as an indication of credible reasons for objection.

   As a result of the objection raised, inStreamly:

   1. cannot perform Further Entrustment or entrustment other than Further Entrustment or, in the event of an objection raised at a later time;
   2. must immediately terminate Further Entrustment or entrustment other than Further Entrustment.

   inStreamly shall inform the Partner of any doubts resulting from the objection raised. In particular, such doubts may include the inability to perform the Contract by inStreamly.

SUPERVISION

1. [Ongoing inspection] The Partner has the right to inspect the activities of inStreamly within the scope necessary to determine if the measures used by inStreamly in the processing and securing of the entrusted personal data meet the requirements of the law and the Entrustment Contract. The aforementioned right may be exercised only during the office hours of inStreamly, upon prior written notification of inStreamly about the intention to perform the inspection, no later than fourteen days in advance.
2. [Scope of inspection] As part of the ongoing inspection of the Partner, inStreamly shall:
   1. provide the Partner with all information necessary to demonstrate the fulfilment of obligations specified in Article 28 of the GDPR;
   2. enable the Partner or the auditor appointed by the Partner to perform audits, including inspections.

   inStreamly shall cooperate with the Partner in inspection activities to the broadest possible extent possible.

3. [Secrecy] None of the supervisory powers of the Partner shall include their access to the information constituting business secret of inStreamly or secret of other partners.
4. [Non-compliance] If any non-compliance occurs on the part of inStreamly, the Partner shall have the right to submit a written request for their removal within the period of time not shorter than fourteen days.

LIABILITY

1. [Own liability] inStreamly shall be liable within the scope resulting from the Contract.
2. [Liability for sub-entrustment] inStreamly shall be liable towards the Partner for entities in relation to which Further Entrustment or an entrustment other than Further Entrustment has been made. Such liability shall be limited in the same manner as own liability of inStreamly resulting from the Contract.
3. [Further exclusion of liability] Any further liability of inStreamly is excluded.

OBLIGATIONS OF inStreamly

[GDPR requirements] inStreamly shall meet all obligations provided for by the law and imposed on the entity performing the processing of personal data. In particular:

1. [Order] they shall process personal data only upon the documented order of the Partner. The order is the Entrustment Contract and the Contract. Any further orders shall require the form of an electronic annex to the Entrustment Contract. If inStreamly learns about the risk of unlawfulness of the order, inStreamly shall inform the Partner thereof, whereby the lack of such information shall not exclude the Partner’s liability towards inStreamly for damage (direct and indirect);
2. [Transfer outside the EEA] they shall not transfer personal data outside the territory of the EEA and shall not use services of third parties which make such transfers, except for entities expressly specified in the Entrustment Contract. In the event of intention to make such a transfer, inStreamly shall inform the Partner thereof for the Partner to be able to take decisions and actions necessary to ensure legal compliance of the processing;
3. [Personal data confidentiality] they shall collect a documented statement on confidentiality of obtained information from persons and entities authorized by inStreamly to access personal data. Furthermore, inStreamly ensures minimum access to such data (limited to those persons who need it to perform the Entrustment Contract and the Contract, and only within the narrowest possible scope);
4. [Security] they shall ensure the security of personal data, also by taking security measures referred to in Article 32 of the GDPR. Furthermore, inStreamly shall cooperate with the Partner in the performance of their obligations resulting from Articles 32 to 36 of the GDPR (which includes: data protection, notifying the supervisory authority of a breach, notifying persons affected by the breach of personal data, evaluation of effects for data protection and prior consultation with the supervisory authority, etc.);
5. [No profiling] they shall not perform automated processing, including profiling, of personal data. In the event of an intention to perform such processing, inStreamly shall inform the Partner thereof in order to allow them to fulfil the information obligation;
6. [Register of activities of personal data processing] they shall maintain documentation describing the processing, including the register of activities of personal data processing. Access to such documentation may be obtained by the Partner in the course of supervisory activities;
7. [Individual rights] they shall cooperate with the Partner in fulfilling their obligation to respond to requests of data subjects within the scope of exercising their rights. This obligation does not exclude the rights of inStreamly under the Contract (including a request for data concerning the entry) and does not release the Partner from the obligation to cooperate in the provision of requested information and documents to inStreamly. Furthermore, in the event of any problems with communication on the part of the Partner, inStreamly may transfer this obligation to the Partner in full by means of an e-mail statement;
8. [Suspected breach] they shall promptly inform the Partner of a suspected breach of personal data confidentiality and enable the Partner to participate in explanatory activities (including notifying the Partner of their course). All information about the suspected breach of confidentiality shall be provided with the documentation necessary for the Partner to fulfil their obligation to inform the supervisory authority;
9. [Erasure of data] upon termination of the Entrustment Contract, inStreamly shall immediately cease the processing of personal data and erase them permanently from their devices.

FINAL PROVISIONS

1. [Term] The Entrustment Contract is concluded for the term of the Contract. The Parties do not provide for the possibility of terminating the Entrustment Contract without the termination of the Contract.
2. [Disputes] Any disputes shall be settled under the terms of the Contract.
3. [Transfer] The rights and obligations resulting from the Entrustment Contract may not be transferred onto a third party or entrusted for performance to a third party.
4. [Non-remuneration] The entrustment of personal data shall be made free of charge.
5. [Relevant application] For matters not settled in the Entrustment Contract, the provisions of the Contract shall apply accordingly.
6. [Form of the contract] The Entrustment Contract is concluded in electronic form, i.e. by submitting an appropriate statement as part of the Contract. Any amendments to the Entrustment Contract shall be made in the same form as amendments to the Contract, otherwise being null and void.
7. [Entry into force] The Entrustment Contract shall enter into force upon the entry into force of the Contract, and expire upon the expiry of the Contract.

APPENDIX NO. 2 TO THE GTC:
STANDARD CONTRACTUAL CLAUSES (P2C)

concluded in addition to the Contract, i.e. the contract between inStreamly and the Partner drawn up in accordance with the GTC. This agreement does not constitute an annex to the Contract; it is an independent contract drawn up on the basis of and in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter: “GDPR”).

SECTION I

Clause 1
Purpose and scope

1. The purpose of these standard contractual clauses is to ensure compliance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) (1) for the transfer of personal data to a third country.
2. The Parties:
   • the natural or legal person(s), public authority/ies, agency/ies or other body/ies (hereinafter ‘entity/ies’) transferring the personal data, as listed in Annex I.A (hereinafter each ‘data exporter’), and
   • the entity/ies in a third country receiving the personal data from the data exporter, directly or indirectly via another entity also Party to these Clauses, as listed in Annex I.A (hereinafter each ‘data importer’)
   have agreed to these standard contractual clauses (hereinafter: ‘Clauses’).
3. These Clauses apply with respect to the transfer of personal data as specified in Annex I.B.
4. The Appendix to these Clauses containing the Annexes referred to therein forms an integral part of these Clauses.

Clause 2
Effect and invariability of the Clauses

1. These Clauses set out appropriate safeguards, including enforceable data subject rights and effective legal remedies, pursuant to Article 46(1) and Article 46(2)(c) of Regulation (EU) 2016/679 and, with respect to data transfers from controllers to processors and/or processors to processors, standard contractual clauses pursuant to Article 28(7) of Regulation (EU) 2016/679, provided they are not modified, except to select the appropriate Module(s) or to add or update information in the Appendix. This does not prevent the Parties from including the standard contractual clauses laid down in these Clauses in a wider contract and/or to add other clauses or additional safeguards, provided that they do not contradict, directly or indirectly, these Clauses or prejudice the fundamental rights or freedoms of data subjects.
2. These Clauses are without prejudice to obligations to which the data exporter is subject by virtue of Regulation (EU) 2016/679.

Clause 3
Third-party beneficiaries

1. Data subjects may invoke and enforce these Clauses, as third-party beneficiaries, against the data exporter and/or data importer, with the following exceptions:
1. Clause 1, Clause 2, Clause 3, Clause 6, Clause 7;
2. Clause 8 – Module One: Clause 8.5 (e) and Clause 8.9(b); Module Two: Clause 8.1(b), 8.9(a), (c), (d) and (e); Module Three: Clause 8.1(a), (c) and (d) and Clause 8.9(a), (c), (d), (e), (f) and (g); Module Four: Clause 8.1 (b) and Clause 8.3(b);
3. Clause 9 – Module Two: Clause 9(a), (c), (d) and (e); Module Three: Clause 9(a), (c), (d) and (e);
4. Clause 12 – Module One: Clause 12(a) and (d); Modules Two and Three: Clause 12(a), (d) and (f);
5. Clause 13;
6. Clause 15.1(c), (d) and (e);
7. Clause 16(e);
8. Clause 18 – Modules One, Two and Three: Clause 18(a) and (b); Module Four: Clause 18.
2. Paragraph (a) is without prejudice to rights of data subjects under Regulation (EU) 2016/679.

Clause 4
Interpretation

1. Where these Clauses use terms that are defined in Regulation (EU) 2016/679, those terms shall have the same meaning as in that Regulation.
2. These Clauses shall be read and interpreted in the light of the provisions of Regulation (EU) 2016/679.
3. These Clauses shall not be interpreted in a way that conflicts with rights and obligations provided for in Regulation (EU) 2016/679.

Clause 5
Hierarchy

In the event of a contradiction between these Clauses and the provisions of related agreements between the Parties, existing at the time these Clauses are agreed or entered into thereafter, these Clauses shall prevail.

Clause 6
Description of the transfer(s)

The details of the transfer(s), and in particular the categories of personal data that are transferred and the purpose(s) for which they are transferred, are specified in Annex I.B.

Clause 7
Docking clause

SECTION II
OBLIGATIONS OF THE PARTIES

Clause 8
Data protection safeguards

The data exporter warrants that it has used reasonable efforts to determine that the data importer is able, through the implementation of appropriate technical and organisational measures, to satisfy its obligations under these Clauses.

8.1 Instructions

1. The data exporter shall process the personal data only on documented instructions from the data importer acting as its controller.
2. The data exporter shall immediately inform the data importer if it is unable to follow those instructions, including if such instructions infringe Regulation (EU) 2016/679 or other Union or Member State data protection law.
3. The data importer shall refrain from any action that would prevent the data exporter from fulfilling its obligations under Regulation (EU) 2016/679, including in the context of sub-processing or as regards cooperation with competent supervisory authorities.
4. After the end of the provision of the processing services, the data exporter shall, at the choice of the data importer, delete all personal data processed on behalf of the data importer and certify to the data importer that it has done so, or return to the data importer all personal data processed on its behalf and delete existing copies.

8.2 Security of processing

1. The Parties shall implement appropriate technical and organisational measures to ensure the security of the data, including during transmission, and protection against a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access (hereinafter ‘personal data breach’). In assessing the appropriate level of security, they shall take due account of the state of the art, the costs of implementation, the nature of the personal data (7), the nature, scope, context and purpose(s) of processing and the risks involved in the processing for the data subjects, and in particular consider having recourse to encryption or pseudonymisation, including during transmission, where the purpose of processing can be fulfilled in that manner.
2. The data exporter shall assist the data importer in ensuring appropriate security of the data in accordance with paragraph (a). In case of a personal data breach concerning the personal data processed by the data exporter under these Clauses, the data exporter shall notify the data importer without undue delay after becoming aware of it and assist the data importer in addressing the breach.
3. The data exporter shall ensure that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

8.3 Documentation and compliance

1. The Parties shall be able to demonstrate compliance with these Clauses.
2. The data exporter shall make available to the data importer all information necessary to demonstrate compliance with its obligations under these Clauses and allow for and contribute to audits.

Clause 9
Use of sub-processors

Clause 10
Data subject rights

The Parties shall assist each other in responding to enquiries and requests made by data subjects under the local law applicable to the data importer or, for data processing by the data exporter in the EU, under Regulation (EU) 2016/679.

Clause 11
Redress

The data importer shall inform data subjects in a transparent and easily accessible format, through individual notice or on its website, of a contact point authorised to handle complaints. It shall deal promptly with any complaints it receives from a data subject.

Clause 12
Liability

1. Each Party shall be liable to the other Party/ies for any damages it causes the other Party/ies by any breach of these Clauses.
2. Each Party shall be liable to the data subject, and the data subject shall be entitled to receive compensation, for any material or non-material damages that the Party causes the data subject by breaching the third-party beneficiary rights under these Clauses. This is without prejudice to the liability of the data exporter under Regulation (EU) 2016/679.
3. Where more than one Party is responsible for any damage caused to the data subject as a result of a breach of these Clauses, all responsible Parties shall be jointly and severally liable and the data subject is entitled to bring an action in court against any of these Parties.
4. The Parties agree that if one Party is held liable under paragraph (c), it shall be entitled to claim back from the other Party/ies that part of the compensation corresponding to its/their responsibility for the damage.
5. The data importer may not invoke the conduct of a processor or sub-processor to avoid its own liability.

Clause 13
Supervision

SECTION III
LOCAL LAWS AND OBLIGATIONS IN CASE OF ACCESS BY PUBLIC AUTHORITIES

Clause 14
Local laws and practices affecting compliance with the Clauses

1. The Parties warrant that they have no reason to believe that the laws and practices in the third country of destination applicable to the processing of the personal data by the data importer, including any requirements to disclose personal data or measures authorising access by public authorities, prevent the data importer from fulfilling its obligations under these Clauses. This is based on the understanding that laws and practices that respect the essence of the fundamental rights and freedoms and do not exceed what is necessary and proportionate in a democratic society to safeguard one of the objectives listed in Article 23(1) of Regulation (EU) 2016/679, are not in contradiction with these Clauses.
2. The Parties declare that in providing the warranty in paragraph (a), they have taken due account in particular of the following elements:
   1. the specific circumstances of the transfer, including the length of the processing chain, the number of actors involved and the transmission channels used; intended onward transfers; the type of recipient; the purpose of processing; the categories and format of the transferred personal data; the economic sector in which the transfer occurs; the storage location of the data transferred;
   2. the laws and practices of the third country of destination– including those requiring the disclosure of data to public authorities or authorising access by such authorities – relevant in light of the specific circumstances of the transfer, and the applicable limitations and safeguards (12);
   3. any relevant contractual, technical or organisational safeguards put in place to supplement the safeguards under these Clauses, including measures applied during transmission and to the processing of the personal data in the country of destination.
3. The data importer warrants that, in carrying out the assessment under paragraph (b), it has made its best efforts to provide the data exporter with relevant information and agrees that it will continue to cooperate with the data exporter in ensuring compliance with these Clauses.
4. The Parties agree to document the assessment under paragraph (b) and make it available to the competent supervisory authority on request.
5. The data importer agrees to notify the data exporter promptly if, after having agreed to these Clauses and for the duration of the contract, it has reason to believe that it is or has become subject to laws or practices not in line with the requirements under paragraph (a), including following a change in the laws of the third country or a measure (such as a disclosure request) indicating an application of such laws in practice that is not in line with the requirements in paragraph (a). [For Module Three: The data exporter shall forward the notification to the controller.]
6. Following a notification pursuant to paragraph (e), or if the data exporter otherwise has reason to believe that the data importer can no longer fulfil its obligations under these Clauses, the data exporter shall promptly identify appropriate measures (e.g. technical or organisational measures to ensure security and confidentiality) to be adopted by the data exporter and/or data importer to address the situation [for Module Three:, if appropriate in consultation with the controller]. The data exporter shall suspend the data transfer if it considers that no appropriate safeguards for such transfer can be ensured, or if instructed by [for Module Three: the controller or] the competent supervisory authority to do so. In this case, the data exporter shall be entitled to terminate the contract, insofar as it concerns the processing of personal data under these Clauses. If the contract involves more than two Parties, the data exporter may exercise this right to termination only with respect to the relevant Party, unless the Parties have agreed otherwise. Where the contract is terminated pursuant to this Clause, Clause 16(d) and (e) shall apply.

Clause 15
Obligations of the data importer in case of access by public authorities

15.1 Notification

1. The data importer agrees to notify the data exporter and, where possible, the data subject promptly (if necessary with the help of the data exporter) if it:
   1. receives a legally binding request from a public authority, including judicial authorities, under the laws of the country of destination for the disclosure of personal data transferred pursuant to these Clauses; such notification shall include information about the personal data requested, the requesting authority, the legal basis for the request and the response provided; or
   2. becomes aware of any direct access by public authorities to personal data transferred pursuant to these Clauses in accordance with the laws of the country of destination; such notification shall include all information available to the importer.
2. If the data importer is prohibited from notifying the data exporter and/or the data subject under the laws of the country of destination, the data importer agrees to use its best efforts to obtain a waiver of the prohibition, with a view to communicating as much information as possible, as soon as possible. The data importer agrees to document its best efforts in order to be able to demonstrate them on request of the data exporter.
3. Where permissible under the laws of the country of destination, the data importer agrees to provide the data exporter, at regular intervals for the duration of the contract, with as much relevant information as possible on the requests received (in particular, number of requests, type of data requested, requesting authority/ies, whether requests have been challenged and the outcome of such challenges, etc.). [For Module Three: The data exporter shall forward the information to the controller.]
4. The data importer agrees to preserve the information pursuant to paragraphs (a) to (c) for the duration of the contract and make it available to the competent supervisory authority on request.
5. Paragraphs (a) to (c) are without prejudice to the obligation of the data importer pursuant to Clause 14(e) and Clause 16 to inform the data exporter promptly where it is unable to comply with these Clauses.

15.2 Review of legality and data minimisation

1. The data importer agrees to review the legality of the request for disclosure, in particular whether it remains within the powers granted to the requesting public authority, and to challenge the request if, after careful assessment, it concludes that there are reasonable grounds to consider that the request is unlawful under the laws of the country of destination, applicable obligations under international law and principles of international comity. The data importer shall, under the same conditions, pursue possibilities of appeal. When challenging a request, the data importer shall seek interim measures with a view to suspending the effects of the request until the competent judicial authority has decided on its merits. It shall not disclose the personal data requested until required to do so under the applicable procedural rules. These requirements are without prejudice to the obligations of the data importer under Clause 14(e).
2. The data importer agrees to document its legal assessment and any challenge to the request for disclosure and, to the extent permissible under the laws of the country of destination, make the documentation available to the data exporter. It shall also make it available to the competent supervisory authority on request.
3. The data importer agrees to provide the minimum amount of information permissible when responding to a request for disclosure, based on a reasonable interpretation of the request.

SECTION IV
FINAL PROVISIONS

Clause 16
Non-compliance with the Clauses and termination

1. The data importer shall promptly inform the data exporter if it is unable to comply with these Clauses, for whatever reason.
2. In the event that the data importer is in breach of these Clauses or unable to comply with these Clauses, the data exporter shall suspend the transfer of personal data to the data importer until compliance is again ensured or the contract is terminated. This is without prejudice to Clause 14(f).
3. The data exporter shall be entitled to terminate the contract, insofar as it concerns the processing of personal data under these Clauses, where:
   1. the data exporter has suspended the transfer of personal data to the data importer pursuant to paragraph (b) and compliance with these Clauses is not restored within a reasonable time and in any event within one month of suspension;
   2. the data importer is in substantial or persistent breach of these Clauses; or
   3. the data importer fails to comply with a binding decision of a competent court or supervisory authority regarding its obligations under these Clauses.

   In these cases, it shall inform the competent supervisory authority [for Module Three: and the controller] of such non-compliance. Where the contract involves more than two Parties, the data exporter may exercise this right to termination only with respect to the relevant Party, unless the Parties have agreed otherwise.

4. Personal data collected by the data exporter in the EU that has been transferred prior to the termination of the contract pursuant to paragraph (c) shall immediately be deleted in its entirety, including any copy thereof. The data importer shall certify the deletion of the data to the data exporter. Until the data is deleted or returned, the data importer shall continue to ensure compliance with these Clauses. In case of local laws applicable to the data importer that prohibit the return or deletion of the transferred personal data, the data importer warrants that it will continue to ensure compliance with these Clauses and will only process the data to the extent and for as long as required under that local law.
5. Either Party may revoke its agreement to be bound by these Clauses where (i) the European Commission adopts a decision pursuant to Article 45(3) of Regulation (EU) 2016/679 that covers the transfer of personal data to which these Clauses apply; or (ii) Regulation (EU) 2016/679 becomes part of the legal framework of the country to which the personal data is transferred. This is without prejudice to other obligations applying to the processing in question under Regulation (EU) 2016/679.

Clause 17
Governing law

These Clauses shall be governed by the law of a country allowing for third-party beneficiary rights. The Parties agree that this shall be the law of Poland.

Clause 18
Choice of forum and jurisdiction

Any dispute arising from these Clauses shall be resolved by the courts of Poland.

APPENDIX
EXPLANATORY NOTE:

It must be possible to clearly distinguish the information applicable to each transfer or category of transfers and, in this regard, to determine the respective role(s) of the Parties as data exporter(s) and/or data importer(s). This does not necessarily require completing and signing separate appendices for each transfer/category of transfers and/or contractual relationship, where this transparency can be achieved through one appendix. However, where necessary to ensure sufficient clarity, separate appendices should be used.

ANNEX I TO STANDARD CONTRACTUAL CLAUSES (P2C)

1. LIST OF PARTIES

   Data exporter: the Partner

   Name: as in the Order

   Address: as in the Order

   Contact person’s name, position and contact details: as in the Order

   Activities relevant to the data transferred under these Clauses: performance of a contract for the provision of STREAMCOI software

   Role: controller

   
   

   Data importer: inStreamly

   Name: as in the Order

   Address: as in the Order

   Contact person’s name, position and contact details: as in the Order

   Activities relevant to the data transferred under these Clauses: performance of a contract for the provision of STREAMCOI software

   Role: procesor

2. DESCRIPTION OF TRANSFER
1. Categories of data subjects whose personal data is transferred: TWITCH and/or YouTube channel users
2. Categories of personal data transferred: username/channel name
3. Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialised training), keeping a record of access to the data, restrictions for onward transfers or additional security measures: not applicable
4. The frequency of the transfer: continuous basis (while using the STREAMCOI Software)
5. Nature of the processing: collecting, storing, browsing, using for providing STREAMCOI Software, transmission while providing STREAMCOI Software
6. Purpose(s) of the data transfer and further processing: performance of a contract for the provision of STREAMCOI software
7. The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period: for the period of performance of the contract
8. For transfers to (sub-) processors, also specify subject matter, nature and duration of the processing: not applicable

Version valid from 17.11.2021r.