Privacy policy

This policy describes how the operator of the Fourwaves Platform, Les Technologies Fourwaves Inc. ("we" or “Fourwaves”) collects, processes, uses and shares personal information and personal data about users of the Fourwaves website (the "Website") and users of the Fourwaves platform (the "Platform"). The use of the second person ("you", "your", "yours") refers to a visitor to the Website, a user of the Platform, depending on the context.

In this policy, the term personal data refers to information about an identifiable individual.

The contact details of the person responsible for the processing of personal data under this policy are as follows :


Privacy Officer
Les Technologies Informatiques Fourwaves Inc. CP 4 Succursale C, Montréal, Québec, H2L 4J7, Canada, privacy@fourwaves.com

Summary

  • We collect data about individuals creating an account on the Fourwaves Platform. Your account on the Fourwaves Platform is not linked to a particular event and is managed by Fourwaves.
  • When you choose to participate in an event, some information about you will be provided to the organizer of the event and to other participants. Event organizers may use and disclose your information in accordance with their own policies.
  • We process personal data independently from the organizers of events. You have to contact us and event organizers separately to exercise your rights about your personal data.
  • We process analytics data based on our legitimate commercial interests in order to improve the quality of the Website and the Platform, to learn about the browsing patterns of our visitors and users, to organize advertising campaigns targeted based on Website traffic.

For more details, refer to the full text of the policy. The links below allow you to access the information that you are concerned with right away.

Quick Links

  1. Summary
  2. Quick Links
  3. Basis for Processing personal data
  4. What type of data do we collect through the Platform?
  5. What type of data do we collect through its Website?
  6. How do we use your data?
  7. How do we store your data?
  8. How is your data protected?
  9. Who has access to your data?
  10. What are your rights regarding your personal data?
  11. Modifications
  12. Additional Information

Basis for Processing personal data 

We process personal data on the following basis:

  • We process your personal data as necessary to provide you services and to enable you to use the Platform.
  • We process certain personal data when we have your express consent.
  • We process personal data for the purposes of our legitimate interests to improve the quality of the Website, to learn about the browsing habits of our visitors and to organize targeted advertising campaigns based on the traffic on the Websites. Processing based on our legitimate interest never involves the monitoring of identified individuals.

What type of data do we collect through the Platform?

Platform Users

We collect the following data about users using the Platform.

Data category

Purpose of use

Account Information :

  • Name;
  • Email address;
  • Organization;

User identification and authentication. 

Provide information to event organizers.

Display information on event websites.

Profile Information : additional information you provide for your profile on the Platform.

  • Biography
  • Profile Picture
  • Social media handle

Provide information to event organizers.

Display information on event websites.

The content of communications transmitted by users

Respond to your requests.

User Content

Operate the Platform.

Provide information to event organizers.

Analytics data which may include : 

  • The operating system of your device;
  • The language of your device;
  • The IP address from which your device accesses the Platform;
  • Browsing and clickthrough data such as the number of connections to the Platform, the duration of a session, the date of connections to the Platform, the functions used;
  • Web page from which you accessed the Platform; 

Analytics data is collected through the Google Analytics service for the purpose of improving the Platform.

What type of data do we collect through its Website?

Information collected from You

We collect the information that you communicate to us (for example, by filling out a form) through the Website interface or otherwise. This information may include the data described below:

Data category

Purpose of use

Name

Email Address

Phone Number

Respond to your requests and for promotional purposes (only as permitted by law)

Creating targeted advertisement audiences

The content of the communications you send to us;

Respond to your requests;

Data Collected Automatically through the Website

We collect information automatically during your use of the Website. This information is recorded each time you interact with the Website. Data collected includes certain information specific to your device and data about your interaction with the Website, including the data described below:

Data category

Purpose of use

Analytics data which may include : 

  • The operating system and language of a device;
  • The IP address from which a device accesses the Website;
  • The country, state, city and postal code where the device is located;
  • Navigation data, such as pages viewed, number of connections to the Website, duration of a session, date of connections to the Website, products viewed, page from which access to the Website is obtained;

Personalization of the Website;

Detection of misuse;

Creating targeted advertisement audiences

Data from analysis tools

When you access the Website, we collect data from analytics tools such as Google Analytics. This data may include, for example, gender, age, interests. This data is not associated with you personally and is transmitted to us in aggregate form. You can deactivate Google Analytics on your browser through an add-on available at this address: https://tools.google.com/dlpage/gaoptout.   

Data from Social Networks

We collect information from social networking sites or applications (Facebook, LinkedIn, Twitter, YouTube, Instagram, Pinterest, etc.) when you interact with profiles that we operate on these social networking sites or applications. These sites or applications are also governed by their own policies relating to your personal data, which may differ from ours and may be applicable.

Tracking Technologies

We use browser cookies and other tracking technologies to improve the performance of the Website and the Platform, to personalize your experience on the Website, and to deliver advertisements to targeted audiences. Cookies are small files stored on your storage space by the server on which the Website is hosted or by third party servers that enable the Website to recognize your device when you visit the Website and to personalize the content of the Website. Some cookies are automatically deleted when you close your browser, while others are stored indefinitely. You can control the storage of browser cookies from your browser. Some browser cookies are provided by our suppliers, and our suppliers may be able to combine some of the data collected through cookies with other data they hold about you.

How do we use your data?

We use the personal data collected through the Website and the Platform for the purposes described below. 

Communication with you

We use the personal data you provide to us (such as your name and email address) to communicate with you about your use of the Platform and to send you communications about our company, products and promotions, but only if you agree to receive marketing communications from us. We comply with all applicable regulations regarding unsolicited emails. If you no longer wish to receive electronic communications from us, you may notify us at any time by writing to us at privacy@fourwaves.com.

Operating the Platform

We use the personal data collected through the Platform to operate the Platform and provide services to you and to our customers organizing events through the Platform. When you register for an event through the Platform, we provide your account information to the organizer of the event for registration purposes.

Personalization of our services and Website

We use the data collected during your connection to the Website to offer you content that corresponds to your situation or interests. For example, the home page of the Website may be displayed according to your language preferences and the products and services displayed may be different depending on your geographic location.

Maintenance and Security

We use the data collected through the Website and the Platform and data from analytics tools to monitor users' use of the Website and the Platform generally, to prevent misuse of the Website or the Platform, to identify problems or bugs with the Website or the Platform, and to determine what features need to be improved. We may use certain data collected automatically to ensure the security of the Website, the Platform and our computer systems, for example to prevent misuse or to prevent or deter fraud.

Personalized marketing and retargeting

We use the data collected through the Website to customize our advertising campaigns based on certain data collected, such as your subscription to our newsletter, your interest in our products and services, and navigational data, such as the pages you visited or the products you searched for or viewed on the Website. This data allows us to target audiences to partners offering advertising services.

How do we store your data?

We retain collected personal data until you request that we destroy it, or until our business no longer requires us to retain it. We do not, however, make a commitment to keep personal data for a specific period of time.

Personal data is stored electronically by our service providers on servers located in Canada.

Personal data about individuals outside of Canada is transferred to Canada. Canada is recognized as an adequate jurisdiction for the transfer of personal data from the European Union. Certain data that is disclosed to our suppliers in accordance with this notice is transferred to other jurisdictions. We ensure that the transfer of such personal data is made with appropriate safeguards with regard to the nature of the personal data being transferred.

Some data is processed by our service providers through facilities that may be located in jurisdictions other than Canada.

Data generated from Google Analytics is stored on servers controlled by Google. 

How is your data protected?

Your personal data is hosted on servers operated by our service providers and is protected by security measures proportionate with the sensitivity of the data against unauthorized access. Your financial data is subject to security measures that comply with the standards established by payment card networks.

Our employees and suppliers are informed of the confidential nature of personal data collected through the Website and the Platform and are made aware of the appropriate security measures to prevent unauthorized access to personal data.

Who has access to your data?

We only share your personal data in the manner described in this policy and when we have obtained your consent. Your personal data may be disclosed to the categories of persons described below for the following purposes.

Employees

Personal data is accessible to our officers and employees who must have access to it in order to use the same as set forth in this policy.

Event Organizers

The person organizing an event for which you have registered through the Platform has access to your account information and to any user content that you post in connection with such particular event.

We provide personal data to event organizers for the sole purpose of managing the event on the Platform, but event organizers may process your personal data in accordance with their own policies.

Event Participants

Other participants in an event may have access to some of your account information depending on your choices on the Platform.

Service Providers

We share personal data with service providers that allow us to provide our services more efficiently. We obtain confidentiality undertakings from these service providers with respect to the personal data provided to them. Our suppliers include the businesses listed below:

Links are provided as a courtesy. The location and content of privacy documentation published by our service providers may change without prior notice.

Supplier

Details

Useful links

Google, LLC

We use the services of Google Analytics on the Website and on the Platform. We use Google's services in order to analyze usage of the Platform and the Website and to personalize our advertising campaigns according to Website traffic.

Google Analytics obtains information about the behavior of visitors to the Website and users of the Platform, including through "cookies" which allow Google to collect information about certain events such as the pages you visit, the length of a session or the products you view.

 

The data processed by Google Analytics through the Website allows us to personalize advertising campaigns on the Google advertising network according to these behaviors.

Google Privacy Policy :

https://policies.google.com/privacy?hl=fr


Google's use of data from third-party sites :

www.google.com/policies/privacy/partners/


Deactivation tool: https://tools.google.com/dlpage/gaoptout 

Facebook Inc.

We use Facebook trackers (such as invisible pixels) on the Website, which allows Facebook to collect information about certain events on the Website (for example page views or clicks). 


Data sharing with Facebook allows us to personalize advertising campaigns on Facebook. Facebook may use collected data in accordance with its data policy.

Facebook Data Policy: https://www.facebook.com/policy.php 

Amazon Web Services

We host personal data on Amazon Web Services infrastructure located in Canada.


AWS agrees to use hosted data only for the purpose of providing its services.

AWS Customer Agreement :

https://aws.amazon.com/agreement/ 

LinkedIn Inc.

We use LinkedIn trackers (such as invisible pixels) on the Website, which allows LinkedInc to collect information about certain events on the Website such as page views or clicks. 


Data sharing with LinkedInc allows us to personalize advertising campaigns on LinkedIn. LinkedIn may use collected data in accordance with its privacy policy.

LinkedIn Privacy Policy: https://www.linkedin.com/legal/privacy-policy 

SendGrid (Twilio)

We use SendGrid for email automation. SendGrid may access email addresses, names and email content.


SendGrid agrees to process personal data only for the purpose of providing its services.

Twilio Data Protection Addendum :

https://www.twilio.com/legal/data-protection-addendum 

Stripe

We use Stripe to process payments. Stripe may access payment information such as credit card numbers, name and billing address.


Stripe agrees to use personal data processed on our behalf for the sole purpose of providing its services or as required by law.

Stripe Privacy Center: 

https://stripe.com/privacy-center/legal 

Vonage (Nexmo Inc.)

We use Vonage video API services to facilitate video communication on the Platform. Vonage may access video content and usernames.


Vonage agrees to use personal data processed on our behalf only in order to provide its services.

Vonage privacy ressources: 

https://www.vonage.com/communications-apis/platform/gdpr/ 

Functional Software, Inc. d/b/a Sentry

We use Sentry’s services to monitor the Platform for software errors. Sentry may access all data collected on the Platform.


Sentry agrees to process personal data for the sole purpose of providing services to us.

Sentry Data Processing Addendum: 

https://sentry.io/legal/dpa/ 

Microsoft Azure

We use Microsoft Azure SignalIR service to enable more efficient communications on the Platform.


Microsoft agrees to process personal data for the sole purpose of providing its services.

Microsoft privacy ressources : https://www.microsoft.com/en-ca/trust-center/privacy 

Netbanx (Paysafe Group)

We use the Netbanx service supplied by Paysafe to facilitate payment processing.


Paysafe agrees to use personal data for the sole purpose of providing its services.

Paysafe Group Privacy Policy:

https://www.paysafe.com/en/paysafegroup/comprehensive-privacy-policy/ 

Hubspot

We use Hubspot to centralize our marketing activities. Hubspot may access data about our customers and prospective customers such as names, email addresses, interests, purchase history.


Hubspot agrees to process personal data only pursuant to our instruction in order to provide us with services.

Hubspot Data Processing Agreement : 

https://legal.hubspot.com/dpa 

Legal Obligations

We may also disclose personal data to third parties if expressly permitted or required to do so by law, or if we are compelled to do so by a competent authority. We may disclose personal data in connection with legal proceedings if necessary to protect our rights or those of our users.

Transfer of Business

In the event that the sale or restructuring of all or part of our business is contemplated, we may disclose  personal data to the persons or organizations involved before and after the transaction, whether or not the transaction actually takes place. In such a case, these persons or organizations commit to us to maintain the confidentiality of personal data so disclosed and to use the same exclusively for the purpose of evaluating the feasibility of the transaction and in accordance with this policy.

What are your rights regarding your personal data?

To exercise your rights with respect to the processing of your personal data by event organizers or another participant, you must contact them directly. Fourwaves and event organizers act as independent controllers with respect to personal data.

Access your Data

You can modify your account data through the Platform. If you would like to access personal data we hold about you or have inaccurate personal data modified in our files, you may make a written request at privacy@fourwaves.com.

We will respond to your request promptly (within 30 days of receipt).

Withdrawal of Consent

Settings and preferences within the Platform allow you to withdraw or modify your consent to the collection, processing and disclosure of your personal data to certain extent.

If you wish to withdraw your consent to the processing of your personal data beyond what is permitted by the Platform, please notify us by writing to us at privacy@fourwaves.com. Using the Website or the Platform entails some processing of your personal data. The only way to stop all processing of your personal data is to stop using the Website and the Platform.

Objection

In certain circumstances, you have the right to object to the processing of your personal data that we carry out for the purpose of our legitimate interests. Your rights in this respect depend, among other things, on your place of residence. To object to the processing of your personal data, you can write to us at privacy@fourwaves.com.     

Deletion

You may request the deletion or erasure of your personal data. To make such a request, please write to us at privacy@fourwaves.com. We will respond to your request as soon as possible (no later than 30 days after receipt).

If you continue to use the Website or the Platform, we will again collect personal data about you in accordance with this policy.

Complaint

If you reside in the European Union, you have the right to file a complaint regarding the processing of your personal data with a supervisory authority responsible for the protection of privacy. This authority varies depending on your country of residence.

Our business is governed by the laws and regulations applicable in Quebec and Canada and is subject to the jurisdiction of privacy protection authorities in Quebec and Canada. Any complaint or claim based on this policy or on our processing of your personal data should be addressed to the authorities in the province of Quebec or in Canada.

Identity validation

We may verify the identity of individuals asking to exercise their rights with respect to their personal data. Any information collected to perform this verification will not be used for any other purpose.

Modifications

We may modify this Policy from time to time to reflect changes in our personal data processing practices. If a modification is made, the new policy will be available through the Platform and on the Website.

If we have collected your contact information, we will notify you of any material changes to our privacy policy by email before the new policy takes effect.

Additional Information

For any additional information with respect to our processing of personal data, you may contact us at the address indicated at the beginning of this policy.

Fourwaves Data Processing Agreement

This Data Processing Agreement (“DPA”) sets forth certain of the Parties’ obligations with respect to the protection of Personal Data, in connection with performance or receipt of the Services under the Fourwaves Terms of Service. This DPA is incorporated by reference into the Fourwaves Terms of Service.

A breach by the Parties of their covenants, representations or other undertakings in this DPA shall constitute a breach of and an event of default under the Fourwaves Terms of Service for which the Parties shall have all rights and remedies provided in the Fourwaves Terms of Service.

DEFINITIONS

In this DPA, the following terms shall have the meaning ascribed to them. Capitalized terms defined in the Fourwaves Terms of Service shall have the meaning ascribed to them in the Fourwaves Terms of Service.

Affiliate” as to Customer or Fourwaves, shall mean any corporation, partnership, limited liability company, or other domestic or foreign entity (a) of which a controlling interest is owned directly or indirectly by a Party to the Fourwaves Terms of Service, or (b) controlled by, or under common control with, a Party to the Fourwaves Terms of Service.

Data Protection Laws” means any and all applicable laws and regulations, applicable to the processing of Personal Data, as the same may be amended from time to time, including, without limitation, Personal Data Protection and Electronic Document Act (PIPEDA), the General Data Protection Regulation (GDPR) and the California Consumer Protection Act (CCPA);

Fourwaves Members” means individuals that have created an account on the Fourwaves Platform;

Participant” means an individual who registers for an Event or who enters information (including by filling an electronic form) on an event website organized by a Customer either through the Fourwaves Platform or otherwise.

Personal Data” means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person, as defined in the applicable Data Protection Laws.

Security Incident” (or “Incident”) means  an occurrence that compromises the security, confidentiality or integrity of Confidential Information or the physical, technical, administrative or organizational safeguards put in place by a Party that relate to the protection of the security, confidentiality or integrity of Confidential Information, or  receipt of a complaint in relation to the privacy practices of a Party, a breach or alleged breach of any data protection, privacy or security representations in the Fourwaves Terms of Service or this DPA.

Services” means the services provided by Fourwaves described in the Fourwaves Terms of Service;

Subprocessor” means any third-Party appointed by a Party to process Personal Data;

Supervisory Authority” means any regulatory authority responsible for the enforcement of Data Protection Laws.

ROLES OF THE PARTIES

      1. Except where expressly stated otherwise herein, each Party will act as a separate controller in relation to Personal Data about Fourwaves Members.
      2. The Parties shall each comply with their respective obligations under the Data Protection Laws and as described in their respective privacy policies in respect of their processing of Personal Data.
      3. Fourwaves shall not be deemed a Subprocessor of Customer with respect to the processing of Personal Data about Fourwaves Members collected by Fourwaves in accordance with Data Protection Laws.
      4. Fourwaves shall be deemed a Subprocessor of Customer only with respect to Personal Data about individuals who are not Fourwaves Members, such as Customer’s employees. 
      5. Customer may provide Fourwaves with its Privacy Policy and Fourwaves shall ensure that each Participant registering for an Event organized by Customer accepts Customer’s privacy policy.
      6. If Customer fails to provide a privacy policy in connection with an Event, Customer shall be deemed to act as a processor on behalf of Fourwaves with respect to Personal Data about Fourwaves Members and shall limit its processing to what is strictly necessary to manage the Event or as instructed in writing by Fourwaves.

PROCESSING OF PERSONAL DATA

When Fourwaves Members use the Fourwaves Platform to sign up for an Event organized by the Customer, or otherwise provide Personal Data to Customer via the Fourwaves Platform, Customer shall:

  1. Provide notice to Fourwaves Members of Personal Data processing practices in accordance with applicable Data Protection Law;
  2. Not process Personal Data in violation of applicable Data Protection Laws.
  3. Have in place appropriate technical and organizational security measures to protect Personal Data against unauthorized or unlawful processing, or accidental loss or destruction or damage. The Parties acknowledge that security requirements are constantly changing and that effective security requires frequent evaluation and regular improvements to outdated security measures. Each Party will therefore evaluate the technical and organizational measures as implemented in accordance with this section on an on-going basis and will tighten, supplement and improve these measures in order to maintain compliance with Data Protection Laws.

With respect to Personal Data processed on behalf of Customer:

  1. Fourwaves shall only process such Personal Data on behalf of and in accordance with Customer’s instructions and shall treat such Personal Data as Customer’s Confidential Information.  
  2. Customer instructs Fourwaves to process such Personal Data for the following purposes:

Processing solely and exclusively in accordance with the Fourwaves Terms of Service and Fourwaves Privacy Policy and only to the extent necessary to deliver and perform the Services; and

Processing to comply with other reasonable instructions provided by Customer from time to time where such instructions are consistent with the terms of the Fourwaves Terms of Service and this DPA.

Fourwaves shall promptly inform Customer if, in its reasonable opinion, it believes that any instruction given by Customer infringes the Data Protection Laws.

CROSS-BORDER TRANSFERS

Each Party shall ensure that any transfer of Personal Data between jurisdiction is authorized by Data Protection Laws.

SECURITY

The Parties shall ensure that all such persons or Parties involved in the processing of Personal Data :

  1. have undertaken appropriate training in relation to the Data Protection Laws, security practices, provided access to the policies and procedures comprising the Parties’ information security program, and evaluated in part based on their compliance with the Parties’ information security program;
  2. are subject to confidentiality undertakings (of which a copy shall be provided upon the other Party’s request); and
  3. are subject to user authentication and log on processes when accessing Personal Data on the Parties’ systems.

Each Party shall keep Personal Data confidential and will instruct its staff and Subprocessors as to the confidentiality of Personal Data.

Each Party shall implement appropriate technical and organizational measures to ensure a level of security of the Personal Data appropriate to the risk and shall take all measures required pursuant to applicable Data Protection Law. In assessing the appropriate level of security, each Party shall take account in particular of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data transmitted, stored or otherwise processed.

SECURITY INCIDENT MANAGEMENT

Each Party shall have procedures in place to:

  1. Provide for event reporting and escalation procedures that are used by all relevant personnel to report and manage Security Incidents.
  2. Require personnel to promptly report each Security Incident to a designated person.

Each Party will remedy each Security Incident in a timely manner following industry best practices.

Each Party must immediately notify the other Party of any actual, suspected or alleged Security Incident involving Personal Data about Participants within twenty-four (24) hours after detection. Upon identification of a Security Incident involving Personal Data about Participants, each Party shall:

  1. Cooperate fully with the other Party in investigating and responding to the Security Incident.
  2. Identify Personal Data about Participants affected.
  3. Immediately take steps to contain the Security Incident and preserve evidence for any necessary investigation.
  4. Complete a thorough forensic investigation of the Security Incident, consistent with industry best practices, and share with the other Party the results of all investigations, which shall include, but not be limited to: (1) a full description of the circumstances surrounding the Security Incident; (2) a description of the evidence reviewed and analysis completed;  (3) identification of the Security Incident’s root cause, if determined; and (4) a determination of whether any Confidential Information was accessed or acquired without authorization.
  5. Permit the other Party, or its designated agent, to conduct an investigation, during normal business hours upon prior written notice, and in a manner that does not unduly interfere with business operations, of the Security Incident, at the investigating Party’s sole cost and expense.
  6. Cooperate with the other Party as reasonably necessary to facilitate compliance with any applicable laws and regulations.

SUBPROCESSING

Each Party may engage Subprocessors to process Personal Data under its control in accordance with the requirements of applicable Data Protection Laws.

Each Party shall inform the other Party if Personal Data processed on behalf of the other Party is disclosed or transferred to a new Subprocessor.

AUDIT

Upon request, each Party shall provide the other Party with all documentation and records to demonstrate its compliance with this DPA and with Data Protection Laws with respect to its processing of Personal Data on behalf of the other Party.

Except as otherwise expressly stated herein, the Parties shall have no obligation to agree to an audit by the other Party with respect to their own processing of Personal Data when acting as a controller.

DATA SUBJECT RIGHTS

Each Party shall cooperate with the other, to the extent reasonably requested, in relation to:

  1. any requests from individuals whose Personal Data is processed by either Party;
  2. any other communication from a data subject or individual concerning the processing of their Personal Data; and
  3. any communication from a Supervisory Authority concerning the processing of Personal Data, or compliance with the Data Protection Laws.

DELETION OR RETURN OF PERSONAL DATA

Each Party shall promptly and in any event within 90 days of the earlier of: (i) cessation of processing of Personal Data on behalf of the other Party ; or (ii) termination of the Fourwaves Terms of Service, at the choice of the Party :

  1. return a complete copy of such Personal Data to the other Party by secure file transfer and securely wipe all other copies of such Personal processed by the receiving Party or any authorized Subprocessor; or
  2. securely wipe all copies such , and in each case provide written certification to the disclosing Party that it has complied fully with this Section 9.

For clarity, each Party may keep Personal Data processed by such Party as a controller in accordance with Data Protection Laws.

INDEMNIFICATION

Each Party agrees to indemnify, defend and hold harmless the other Party, and its officers, directors, employees, sublicensees, and agents from and against any and all claims, losses, demands, liabilities, damages, settlements, expenses and costs (including without limitation attorneys’ fees and costs), and any and all threatened claims, losses, demands, liabilities, damages, settlements, expenses and costs, arising from or based on allegations of, (a) any Security Incident cause by the indemnifying Party’s wrongful act or negligence, (b) any breach of this DPA by the indemnifying Party or (c) any failure of the indemnifying Party to comply any applicable Data Protection Laws. For purposes of certainty, this Section shall not be limited by any provisions of the Fourwaves Terms of Service, including without limitation Force Majeure, liability caps, or limitation on liability.

Neither Party shall have any obligation to indemnify the other Party hereunder for a claim based on such first Party’s or such first Party’s representatives or employees’ fault or negligent action or omission.

MISCELLANEOUS

Any obligation imposed by this DPA in relation to the processing of Personal Data, including but not limited to indemnification hereunder, shall survive any termination or expiration of this DPA and the Fourwaves Terms of Service.

With regard to the subject matter of this DPA, in the event of inconsistencies between the provisions of this DPA and any other agreements between the Parties, including but not limited to the Fourwaves Terms of Service, the provisions of this DPA shall prevail with regard to the protection of Personal Data.

Compliance by each Party with the provisions of this DPA will be at no additional cost to the other Party except where expressly provided herein.

Should any provision of this DPA be invalid or unenforceable, then the remainder of this DPA shall remain valid and in force. The invalid or unenforceable provision shall be either (i) amended as necessary to ensure its validity and enforceability, while preserving the Parties’ intentions as closely as possible or, if this is not possible, (ii) construed in a manner as if the invalid or unenforceable part had never been contained therein.

This DPA is governed by the laws of the Province of Quebec, Canada. Any disputes arising out or in connection with this DPA shall be brought exclusively before the competent court of the Province of Quebec sitting in the judicial district of Montreal. Each Party hereby waives any right to dispute the jurisdiction of such courts,