Terms & Condition

Prefer to print this page? Download a pdf here.

Subscription Agreement

This Subscription Agreement, Terms and Conditions and Data Processing Agreement attached hereto (collectively, the “Agreement”) is made and entered into by Optii and Customer and sets forth the terms by which Optii makes the Optii Service available for Customer’s use. This Agreement forms a binding agreement between Optii and Customer and governs Customer’s use of the Optii Service in the “Order”.

For good and valuable consideration, the legal adequacy and receipt of which are hereby acknowledged, the parties agree to be bound by the terms and conditions of this Agreement, including those terms contained on the following pages:

1. OPTII SERVICE. Optii has developed a suite of hosted software applications (the “Optii Service”) as ordered by Customer under an order in the form attached hereto as Attachment C (each, an “Order”). Customer desires to subscribe to the Optii Service and OPTII desires to provide the Optii Service to Customer.
2. TERMS AND CONDITIONS. This Agreement sets forth the terms and conditions under which Optii agrees to provide the Optii Service. Customer’s access and use of the Optii Service is governed solely by the terms of this Agreement.
3. TERM. The term of this Agreement shall begin on the date the Customer commences using any or all of the Optii Service or 90 days after the date the last party has signed the agreement, whichever is the earlier (the "Golive Date") and continues until the last Order has expired or is terminated (“Term”).
4. SUBSCRIPTION. The particular aspects of the Optii Service to which Customer subscribes, the maximum number of users or rooms permitted, and the subscription fees are specified on each Order.
5. MAINTENANCE AND SUPPORT SERVICES. Optii agrees to provide Maintenance and Support Services (as defined in the Terms and Conditions) and hosting of the Optii Service in consideration of the fees set forth on each Order. Any additional integration or Customer-side configuration is not included in the subscription fees.

TERMS AND CONDITIONS

These Terms and Conditions (“Terms and Conditions”) are incorporated by reference into the Agreement and in each Order and set forth the terms and conditions under which Optii will provide to Customer, and sets forth the terms and conditions under which Customer may access and use the Optii Service

1. SUBSCRIPTION AND RIGHT OF USE

1. Subscription. Subject to the terms and conditions of this Agreement, Optii hereby grants to Customer a sub-licensable, non-transferable, non-exclusive subscription to access and use the Optii Service specified in the Order for the number of rooms specified in the Order, solely for Customer’s internal business purposes and not for resale or to provide services to third parties.
2. Use. Customer shall not allow any website to frame, syndicate, distribute, replicate, or copy any portion of the Customer's web site that provides direct or indirect access to the Optii Service.
3. Additional Restrictions. In no event shall Customer disassemble, decompile, or reverse engineer the Optii Service or Confidential Information (as defined herein) or permit others to do so. To the extent any such activity may be permitted pursuant to written agreement, the results thereof shall be deemed Confidential Information subject to the requirements of this Agreement. Customer may use Optii’s Confidential Information solely in connection with the Optii Service and pursuant to the terms of this Agreement and for no other purpose.

2. PAYMENT

1. 1. Subscription and other Fees. The subscription fees herein are for the Initial Term and are as set forth in the Order, payable annually upfront. The Subscription Fees for each Renewal Term will be at Optii’s prevailing fees at the time, which shall not exceed more than five percent (5%) of the previous year's fees. The Customer pays 100% of the annual subscription fee plus all onboarding and service fees net 14 days from the invoice date or before Go Live, whichever is the sooner. Optii accepts electronic payment and wire transfer.
2. Work Fees and Expenses. Any Work and Deliverables provided by Optii shall be at the pricing set forth in an applicable Order. In the event an Order does not reference any specific pricing, such Work shall be provided at Optii’s then current standard time and material rates. Customer shall reimburse Optii for all reasonable travel, food, lodging and other out-of-pocket expenses incurred in the performance of a given Order. Work fees and applicable expenses may be billed to Customer monthly.
3. Late Payments. All Fees shall be paid to Optii within THIRTY (30) days of the date of invoice. Any late payment shall be subject to any costs of collection (including reasonable legal fees) and shall bear interest at the rate of one and one-half percent (1.5%) per month (prorated for partial periods) or at the maximum rate permitted by law, whichever is less.
4. Taxes. The license, service fees, and other amounts required to be paid hereunder do not include any amount for taxes or levy (including interest and penalties). Customer shall reimburse Optii for all sales, use, VAT, excise, property or other taxes or levies which Optii is required to collect or remit to applicable tax authorities. This provision does not apply to Optii’s income or franchise taxes, or any taxes for which Customer is exempt, provided Customer has furnished Optii with a valid tax exemption certificate.

3. MAINTENANCE AND SUPPORT SERVICES

1. Maintenance. In the event of errors or interruptions and in its reasonable discretion, Optii shall use commercially reasonable efforts to provide corrections to reported problems that (i) prevent the Optii Service from conforming in material respects to its specifications, and (ii) are replicated and diagnosed by Optii as defects in the Optii Service (“Maintenance and Support Services”). The subscription fee for the Optii Service includes Maintenance and Support Services and hosting of the Optii Service.
2. Service Availability. Optii’s goal is to provide Optii Service availability twenty-four (24) hours per day, seven (7) days per week (“24x7 Availability”) EXCEPT during times of scheduled updates. However, the parties recognize that 24x7 Availability is only a GOAL, and Optii cannot represent or guarantee that such goal can be achieved. Optii shall use commercially reasonable efforts to achieve 99% Optii Service availability. The Optii Service availability goal excludes any time the site is taken down for scheduled updates and/or errors and interruptions caused by third parties.
3. Response Times. Optii will respond to a Optii Service failure which renders the entire Optii Service inoperable within two (2) business hours of the Customer informing Optii by phone. In case of a Optii Service failure where the Optii Service is operable, though not functioning correctly, Optii will respond within four (4) business hours of the Customer informing Optii. All other Optii Service failures will be responded to by Optii within one (1) business day.
4. Exclusions. Optii shall not be obligated to provide Maintenance and Support Services for any subscribed software other than the Optii Service to which Customer subscribed pursuant to an Order.
5. Third Parties. Optii shall have the right to use third parties, including employees of Optii’s affiliates and subsidiaries (“Subcontractors”) in performance of its obligations and services hereunder and, for purposes of this section, all references to Optii or its employees shall be deemed to include such Subcontractors.

4. OWNERSHIP

1. Reservation of Rights. By signing an Order, Customer irrevocably acknowledges that, subject to the licenses granted herein, Customer has no ownership interest in the Optii Service, Deliverables, or Optii materials provided to Customer. Optii shall own all right, title, and interest in such Optii Service and Optii materials, subject to any limitations associated with intellectual property rights of third parties. Optii reserves all rights not specifically granted herein.
2. Aggregate Data. As between the parties, Optii owns and shall continue to own all right, title and interest in and to all aggregate and statistical information or analyses created and developed by Optii from performance and usage data generated through Customer’s use of the Optii Service (collectively, “Aggregate Data”). Aggregate Data is de-identified so that Customer cannot be identified as the source within the Aggregate Data.

5. CONFIDENTIALITY

1. Definition. “Confidential Information” includes all information disclosed by either party, before or after the Effective Date, and generally not publicly known, whether tangible or intangible and in whatever form or medium provided, as well as any information generated by a party that contains, reflects, or is derived from such information.
2. Confidentiality of Optii Service. All Confidential Information in tangible form shall be marked as “Confidential” or the like or, if intangible (e.g. orally disclosed), shall be designated as being confidential at the time of disclosure and shall be confirmed as such in writing within thirty (30) days of the initial disclosure. Notwithstanding the foregoing, the following is deemed Optii Confidential Information with or without such marking or written confirmation: (i) the Optii Service and other related materials furnished by Optii; (ii) the oral and visual information relating to the Optii Service; and this Agreement.
3. Exceptions. Without granting any right or license, the obligations of the parties hereunder shall not apply to any material or information that: (i) is or becomes a part of the public domain through no act or omission by the receiving party; (ii) is independently developed by the other party without use of the disclosing party’s Confidential Information; (iii) is rightfully obtained from a third party without any obligation of confidentiality; or (iv) is already known by the receiving party without any obligation of confidentiality prior to obtaining the Confidential Information from the disclosing party. In addition, neither party shall be liable for disclosure of Confidential Information if made in response to a valid order of a court or authorized agency of government, provided that notice is promptly given to the disclosing party so that the disclosing party may seek a protective order and engage in other efforts to minimize the required disclosure. The parties shall cooperate fully in seeking such protective order and in engaging in such other efforts.
4. Ownership of Confidential Information. Nothing in this Agreement shall be construed to convey any title or ownership rights to the Optii Service or other Confidential Information to Customer or to any patent, copyright, trademark, or trade secret embodied therein, or to grant any other right, title, or ownership interest to the Optii Confidential Information. Neither party shall, in whole or in part, sell, lease, license, assign, transfer, or disclose the Confidential Information to any third party and shall not copy, reproduce or distribute the Confidential Information except as expressly permitted in this Agreement. Each party shall take every reasonable precaution, but no less than those precautions used to protect its own Confidential Information, to prevent the theft, disclosure, and the unauthorized copying, reproduction or distribution of the Confidential Information.
5. Non-Disclosure. Each party agrees at all times to keep strictly confidential all Confidential Information belonging to the other party. Each party agrees to restrict access to the other party’s Confidential Information only to those employees or Subcontractors who require access in the course of their assigned duties and responsibilities.
6. Injunctive Relief. Each party acknowledges that any unauthorized disclosure or use of the Confidential Information would cause the other party imminent irreparable injury and that such party shall be entitled to, in addition to any other remedies available at law or in equity, temporary, preliminary, and permanent injunctive relief in the event the other party does not fulfill its obligations under this section.
7. Suggestions/Improvements to Optii Service. Notwithstanding this Section, unless otherwise expressly agreed in writing, all suggestions, solutions, improvements, corrections, and other contributions provided by Customer regarding the Optii Service or other Optii materials provided to Customer shall be exclusively owned by Optii, and Customer hereby agrees to assign any such rights to Optii. Nothing in this Agreement shall preclude Optii from using in any manner or for any purpose it deems necessary, the know-how, techniques, or procedures acquired or used by Optii in the performance of services hereunder.

PROTECTION

6. DATA

1. Definition. “Personal Information” means information that identifies, or is capable of being used to identify, a natural person and their personal details.
2. Access. The Customer acknowledges that in order to fulfill the obligations of this Agreement, Optii will require access to Personal Information held by the Customer.
3. Compliance with laws. Optii will comply with all data protection and privacy laws and regulations in any relevant jurisdiction that are applicable to Optii’s processing of Personal Information.
4. Ownership of Information. The parties agree that all Personal Information will be deemed to be the Customer’s Confidential Information and will be owned by the Customer.
5. Protection of information. Optii will implement commercially reasonable technical and organizational measures designed to protect that Personal Information against accidental loss, alteration or unauthorized disclosure. Optii shall promptly notify the Customer should it be aware of or suspect that Personal Information may have been lost, altered or disclosed without authorization.
6. Processing of Information. The parties agree that the processing of Personal Information is subject the the terms of the Data Processing Agreement attached hereto in Attachment B (“Data Processing Agreement”).

7. WARRANTY

1. Authorized Representative. Customer and Optii warrant that each has the right to enter into this Agreement and that the Agreement shall be executed by an authorized representative of each entity.
2. Disclaimer of Warranties. CUSTOMER ACKNOWLEDGES AND AGREES THAT IT IS NOT RELYING ON ANY STATEMENT OR WARRANTY NOT EXPRESSLY PROVIDED HEREIN WITH RESPECT TO THE OPTII SERVICE, MAINTENANCE AND SUPPORT SERVICES, WORK, DELIVERABLE, OR OTHER SERVICES PROVIDED HEREUNDER. EXCEPT AS OTHERWISE STATED IN THIS AGREEMENT, THE OPTII SERVICE,MAINTENANCE AND SUPPORT SERVICES, WORK, DELIVERABLE, AND OTHER SERVICES ARE EACH PROVIDED “AS IS” AND OPTII MAKES NO WARRANTIES, EXPRESS OR IMPLIED, INCLUDING EXPRESS OR IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT.
3. No Modifications. Notwithstanding anything to the contrary in this section, any and all warranties under this Agreement are VOID if Customer has made changes to any Deliverable, Work, Optii Service, or other services provided hereunder, or has permitted any changes to be made other than by or with the express, written approval of Optii.

8. LIMITATION OF LIABILITY

1. Liability Cap. IN NO EVENT SHALL OPTII BE LIABLE UNDER ANY THEORY OF LIABILITY, WHETHER IN AN EQUITABLE, LEGAL, OR COMMON LAW ACTION ARISING HEREUNDER FOR CONTRACT, STRICT LIABILITY, INDEMNITY, TORT (INCLUDING NEGLIGENCE), OR OTHERWISE, FOR DAMAGES WHICH, IN THE AGGREGATE, EXCEED THE AMOUNT OF THE FEES PAID BY CUSTOMER FOR THE OPTII SERVICE AND/OR SERVICES PURCHASED HEREUNDER.
2. Disclaimer of Damages. IN NO EVENT SHALL OPTII BE LIABLE FOR ANY SPECIAL, INCIDENTAL, INDIRECT, EXEMPLARY, PUNITIVE, OR CONSEQUENTIAL DAMAGES OF ANY KIND AND HOWEVER CAUSED INCLUDING, BUT NOT LIMITED TO, BUSINESS INTERRUPTION OR LOSS OF PROFITS, BUSINESS OPPORTUNITIES, OR GOODWILL EVEN IF NOTIFIED OF THE POSSIBILITY OF SUCH DAMAGE.

9. INDEMNIFICATION

1. By Optii, Optii will defend, indemnify and hold Customer harmless from and against any damages and costs (including reasonable attorneys fees and costs incurred by Customer) finally awarded against Customer in connection with any claim, demand, suit or proceeding from an unaffiliated third party (“Claim”) alleging that the Optii Service directly infringes or misappropriates a copyright, trademark or trade secret of a third party. Optii will have no indemnification obligation for claims to the extent arising from: (a) Customer’s or any Authorized User’s use of the Optii Service other than as permitted under this Agreement; (b) the combination of the Optii Service with any Customer or third party products, services, hardware, data, content, or business processes, or (c) the modification of the Optii Service by any party other than Optii or Optii’s agents. The foregoing is Optii’s exclusive obligation for infringement claims. If Optii becomes aware of a Claim alleging infringement or misappropriation, or Optii reasonably believes such a Claim will occur, Optii may, at its sole option: (i) obtain for Customer the right to continue use of the Optii Service, (ii) replace or modify the Optii Service so that it is no longer infringing; (iii) if neither of the foregoing options is reasonably available to Optii, terminate the Optii Service, in which case Optii’s sole liability shall be to refund to Customer a prorated amount of prepaid fees for the Optii Service applicable to the remaining period in the then current subscription term.
2. By Client. Client will defend, indemnify and hold Optii harmless from and against any damages and costs (including reasonable attorney fees and costs incurred by Optii) finally awarded against Optii in connection with any Claim alleging that use of any information provided by Customer or of any Personal Information infringes a copyright, trademark, or trade secret, privacy or publicity rights of a third party.
3. Indemnity Process. Each party’s indemnification obligations are conditioned on the indemnified party: (a) promptly giving notice of the Claim to the indemnifying party; (b) giving the indemnifying party sole control of the settlement and defense of the Claim; and (c) providing to the indemnifying party all available information and assistance in connection with the Claim, at the indemnifying party’s request and expense.

10. TERM AND TERMINATION

1. Term. The term of this Agreement shall begin on the date the Customer commences using the Optii Service or 90 days after the alt party signs this agreement, whichever is the earlier and continues until either party provides notice subject to clause 10.2 (“Term”).
2. Initial and additional Terms. The initial term shall be for twelve (12) months and shall automatically renew for additional one (1) year periods unless either party provides written notice of termination at least thirty (30) days prior to the conclusion of the applicable period.
3. Termination by Optii. This Agreement (or any Order or Statement of Work) and any license created hereunder may be terminated by Optii (i) if Customer fails to make any payments due hereunder within fifteen (15) days of the due date; (ii) on thirty (30) days written notice to Customer if Customer fails to perform any other material obligation required of it hereunder, and such failure is not cured within such thirty (30) day period; or (iii) Customer files a petition for bankruptcy or insolvency, has an involuntary petition filed against it, commences an action providing for relief under bankruptcy laws, files for the appointment of a receiver, or is adjudicated a bankrupt concern.
4. Termination by Customer. This Agreement (or any Order or Statement of Work) may be terminated by Customer on thirty (30) days written notice to Optii if Optii fails to perform any material obligation required of it hereunder, and such failure is not cured within thirty (30) days from Optii’s receipt of Customer’s notice or a longer period if Optii is working diligently towards a cure.
5. Termination. Upon termination of this Agreement, Customer shall no longer access the Optii Service or Deliverables and Customer shall not circumvent any security mechanisms contained therein. Customer agrees that following termination of this Agreement, or termination or expiration of any Order, Optii may immediately deactivate Customer’s account(s) associated with the Agreement or the terminated Order. During the thirty (30) day period following termination of expiration, Optii will grant Customer access to the Optii Service for the sole purpose of retrieving Customer’s data. Thereafter, Optii may delete Customer’s account, including Customer’s data from the Optii Service unless legally prohibited.
6. Other Remedies. Termination of this Agreement shall not limit either party from pursuing other remedies available to it, including injunctive relief, nor shall such termination relieve Customer’s obligation to pay all fees that have accrued or are otherwise owed by Customer under this Agreement.

11. CUSTOMER OBLIGATIONS

1. Ancillary Agreements. Customer agrees that no employees of Optii shall be required to individually sign any agreement in order to perform any services hereunder including, but not limited to access agreements, security agreements, facilities agreements or individual confidentiality agreements. 12. MISCELLANEOUS

1. Compliance With Laws. Customer agrees to comply with all applicable laws, regulations, and ordinances relating to its performance under this Agreement.
2. Assignment. Customer may not assign this Agreement or otherwise transfer any license created hereunder whether by operation of law, change of control, or in any other manner, without the prior written consent of Optii. Any assignment or transfer in violation of this section shall be null and void.
3. Survival. The provisions set forth in sections 2, 6, 7.2, 8, 9.3, 9.4, 12 and 13 of this Agreement shall survive termination or expiration of this Agreement and any applicable Optii Service license hereunder.
4. Notices. Any notice required under this Agreement shall be given in writing and shall be deemed effective upon delivery to the party to whom addressed. All notices shall be sent to the applicable address specified on the face page hereof or to such other address as the parties may designate in writing. Unless otherwise specified, all notices to Optii shall be sent to the attention of the CEO. Any notice of material breach shall clearly define the breach including the specific contractual obligation that has been breached.
5. Force Majeure. Optii shall not be liable to Customer for any delay or failure of Optii to perform its obligations hereunder if such delay or failure arises from any cause or causes beyond the reasonable control of Optii. Such causes shall include, but are not limited to, acts of God, floods, fires, loss of electricity or other utilities, or delays by Customer in providing required resources or support or performing any other requirements hereunder.
6. Restricted Rights. Use of the Optii Service by or for the United States Government is conditioned upon the Government agreeing that the Optii Service is subject to Restricted Rights as provided under the provisions set forth in FAR 52.227-19. Customer shall be responsible for assuring that this provision is included in all agreements with the United States Government and that the Optii Service, when delivered to the Government, is correctly marked as required by applicable Government regulations governing such Restricted Rights as of such delivery.
7. Entire Agreement. This Agreement constitutes the entire agreement between the parties regarding the subject matter hereof and supersedes all proposals and prior discussions and writings between the parties with respect thereto. Any signed copy of this Agreement made by reliable means (e.g., photocopy or facsimile) shall be considered an original.
8. Order of Precedence. In the event of a conflict, an Order or the Terms and Conditions shall prevail, in that order.
9. Modifications. The parties agree that this Agreement cannot be altered, amended or modified, except by a writing signed by an authorized representative of each party.
10. Publicity. Customer agrees to cooperate with Optii (i) in preparation of at least one (1) press release, which can be used in/on Optii’s Web site, marketing materials, trade shows, public advertisements, and other associated marketing uses (“Optii Marketing Materials”); and (ii) in preparation of an Optii-sponsored testimonial advertisement to be run in newspapers, magazines, and other publications and for use in Optii Marketing Materials.
11. No Waiver. No failure or delay in enforcing any right or exercising any remedy will be deemed a waiver of any right or remedy.
12. Severability and Reformation. Each provision of this Agreement is a separately enforceable provision. If any provision of this Agreement is determined to be or becomes unenforceable or illegal, such provision shall be reformed to the minimum extent necessary in order for this Agreement to remain in effect in accordance with its terms as modified by such reformation.
13. Choice of Law. In the event that a dispute cannot be resolved, then a Party may require the matter to be settled by arbitration proceedings which will be heard in accordance with the UNCITRAL Arbitration Rules as at present in force by one arbitrator appointed under those rules. The arbitration will be in English and will take place in specified below relevant to the geographical area in which the Nominated Premises is located. The award will be final and binding on the Parties to this Agreement and the costs of arbitration will be borne and paid for as the arbitration tribunal directs.

 

14. Insurance. Optii shall, at its expense, procure and maintain during the term of this Agreement the following insurance: (i) worker’s compensation as required by applicable worker’s compensation laws; (ii) employer’s liability insurance with a limit of not less than $1,000,000 for each accident and $1,000,000 per employee for bodily injury by disease, with a disease policy aggregate of $1,000,000; and (iii) commercial general liability insurance covering all operations of Optii, including but not limited to products/completed operations, plus broad form endorsement (including independent Contractors, broad form property damage, personal injury, etc.) with a combined single limit of not less than $1,000,000 per occurrence/$2,000,000 general aggregate applying per project.

Data Processing Agreement

• Optii provides a hotel rooms operations optimization platform to improve the guest experience and labour productivity for providers of accommodations (e.g. hotels). For this purpose, Optii processes personal data on behalf of its clients, about their guests.
• Under Regulation (EU) 2016/679, known as the General Data Protection Regulation (GDPR), OPTII’s clients are considered to be ‘controllers’ for the personal data which they process about their guests, and Optii is considered to be the ‘processor’ of such personal data. In the remainder of this Data Processing agreement, the client of Optii is therefore called ‘the Controller’.
• This Data Processing Agreement applies to the processing of personal data by Optii on behalf of the Controller and was specifically created to provide all arrangements required under the GDPR.

Provisions

1. DEFINITIONS

1. In this Data Processing Agreement, 'GDPR' means Regulation (EU) 2016/679, known as the General Data Protection Regulation, as well as all laws and regulations that may replace this regulation in future.
2. Terms defined in the GDPR have the same meaning in this Data Processing Agreement, unless another definition is given here.
3. 'Personal Data' means personal data (as defined by the GDPR) relating to the Controller, its clients and/or other contacts.
4. ‘Personal Data Breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data.
5. 'Subprocessor' means a legal entity or person, not being an employee of Optii, who is or will be engaged by Optii for the purpose of providing products or services to the Controller on Optii’s behalf, for which purpose the engaged person or entity may receive or have access to Personal Data.

2. GENERAL

1. Optii and the Controller shall each ensure compliance with the laws and regulations applicable to them, including in any event the laws and regulations related to the protection of Personal Data, such as the GDPR.
2. Optii will only process Personal Data in accordance with the law and the written instructions of the Controller as set out in this Agreement.
3. Optii will keep secret all Personal Data which it receives from the Controller, or to which it is given access by the Controller, and Optii will not disclose or make this data accessible to third parties (other than permitted Subprocessors) without prior written permission from the Controller, unless the Personal Data must be disclosed to a party authorized to receive such data (such as a supervisory authority, investigating officer or court) pursuant to a written obligation.
4. With respect to all Personal Data and instructions issued by the Controller to Optii, the Controller guarantees that it has the necessary authority. The Controller will indemnify Optii against any form of harm and/or third-party claims that may arise from, or be related to or based on, an assertion that the Controller was not authorized to issue certain Personal Data or a certain instruction to Optii.
5. In case of a conflict between the content of this Data Processing Agreement and the agreement for the supply of products or services, this Data Processing Agreement will prevail.
6. All subsidiaries, sister companies and parent companies in Optii’s group have the same rights and associated obligations under this Agreement as Optii.
7. If another party rather than the Controller is the controller for the processed Personal Data pursuant to the GDPR, the Controller will be regarded as the processor, OPTII as Subprocessor, and any Subprocessor as Sub-subprocessor.

3. PROCESSING OPERATIONS AND PURPOSE

1. Optii will process the Personal Data only to the extent necessary in order to supply the agreed products or services to the Controller, or to fulfill a legal obligation. In case of processing connected to a legal obligation, Optii will at the Controller’s request specify in writing what processing it will perform in connection with which legal obligation.

4. SECURITY

1. Optii and the Controller will put in place appropriate technical and organizational measures to secure the Personal Data against loss or any form of unlawful processing, including unnecessary collection, disclosure or further processing.
2. Optii and the Controller will ensure that security measures are in place at all times.
3. Optii and the Controller will give their staff members and permitted Subprocessors access to the Personal Data only to the extent necessary for the permitted processing purposes. Optii and the Controller shall ensure that people are authorised by each of them to process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
4. The Parties acknowledge that effective security requires frequent evaluation and regular improvement of outdated security measures. To this end, Optii and the Controller will evaluate and strengthen, supplement or improve the measures implemented under this Article 4 on a regular basis (at least once per year) in order to ensure that they continue to meet their obligations.

5. SUBPROCESSORS

1. The Controller hereby gives Optii general permission to engage Subprocessors for the processing of the Personal Data, provided that Optii abides by the applicable requirements of the GDPR and/or other applicable privacy legislation in doing so.
2. Optii will (i) contractually oblige every Subprocessor to comply with the same or equivalent obligations to processing as those by which Optii is bound under this Data Processing Agreement, and (ii) remain liable to the Controller for the performance of the Data Processing Agreement by the Subprocessors and all other acts or omissions of the Subprocessors in connection with the processing of the Personal Data.

6. NOTIFICATION OBLIGATION

1. Optii will inform the Controller, without unreasonable delay and if possible within forty eight (48) hours, if Optii:

1. cannot comply with its obligations under the Data Processing Agreement due to a legal obligation;
2. has received a demand letter or order to appear in court as a witness or expert, or a request from an authorized public supervisory authority to conduct an inspection or investigation in connection with the processing;
3. intends to disclose personal data to an authorized public authority; or discovers that a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data has occurred (a“personal Data Breach”).
4. In case of a Personal Data Breach, without unreasonable delay and if possible within twenty-four (24) hours after the discovery, Optii will document the discovery as completely and accurately as possible and send it to the Controller.
5. Furthermore, in case of a Personal Data Breach, Optii will:
   1. As quickly as possible provide all further information or assistance that is requested by the Controller and that is reasonably needed for the Controller to comply with any of its own obligations, including a notification obligation;
   2. Assist in identifying the data subjects who were or may have been affected and what Personal Data were or may have been compromised;
   3. Provide facilities to ensure that any requests and/or complaints from data subjects are properly handled;
   4. Put in place reasonable measures to undo any negative consequences resulting from an incident as quickly as possible, or at least to minimize any further consequences;
   5. Provide adequate assistance to the data subjects who were or may have been affected, as reasonably requested by the Controller or required under applicable laws and regulations, in particular as referred to in Article 33 of the GDPR;
   6. Follow all reasonable instructions from the Controller on this matter.

The notification obligation described in Article 7 does not apply if compliance with it would conflict with a legal obligation or prohibition.

7. HANDLING REQUESTS AND COMPLAINTS FROM DATA SUBJECTS

1. If a data subject sends Optii a request to access, correct, supplement, remove or block their data, or submits a complaint to Optii, Optii will forward the request or complaint to the Controller and the Controller will follow up on the request or complaint. Optii may inform the data subject that it has done so.
2. At the Controller’s request, when reasonably necessary, Optii will provide support to (i) allow data subjects access to their own Personal Data, with the approval and on the instructions of the Controller, (ii) delete or correct Personal Data, (iii) show that Personal Data have been deleted or corrected if they were incorrect (or, if the Controller does not agree that the Personal Data were incorrect, record the fact that the data subject considers their Personal Data to be incorrect) and (iv) otherwise make it possible for the Controller to comply with its obligations under the GDPR or other applicable legislation in the area of processing Personal Data.

8. COMPLIANCE CHECK (AUDIT)

1. The Controller is entitled to arrange that a suitable external party who is acceptable to Optii performs an audit in order to determine whether Optii complies fully and correctly with this Data Processing Agreement. This party will be bound by confidentiality towards third parties.
2. In conducting the audit, it shall be attempted to minimize any impact on Optii’s business operations. Audits will be performed once per year at most, unless the Controller has specific grounds for suspecting that Optii is not complying or not complying fully with its obligations and the Controller has communicated these suspicions in writing to Optii, substantiated with facts. The audit will be announced at least 14 days in advance.
3. Optii will cooperate in the audit and will make available any information and employees that may reasonably be relevant to the audit (including supporting information such as system logs) as soon as possible.
4. If the audit shows that Optii has materially failed to comply with this Data Processing Agreement, Optii will put in place at its own expense all measures necessary to remedy any observed breach as quickly as possible.
5. If the audit shows that Optii has not failed to comply with this Data Processing Agreement, the Controller will bear the costs of the audit (including the reasonable costs incurred by Optii through cooperating in the audit).

9. AMENDMENTS

1. Optii may amend this Data Processing Agreement from time to time. The Controller will be informed (normally via e-mail or otherwise electronically) of any substantial changes. The modified version will take effect 30 days from notification, unless the Controller has objected to a change before it has taken effect. Insubstantial changes (such as simple corrections of spelling or grammar) may be implemented at any time without notification.

10. DURATION AND TERMINATION

1. This Data Processing Agreement will remain in effect for as long as Optii possesses or has access to Personal Data in the context of supplying products or services to the Controller. This Data Processing Agreement may only be terminated if Optii no longer has any of the Controller’s Personal Data in its possession.
2. In the event that the provision of products or services to the Controller is discontinued, including the processing of Personal Data for any other reason, Optii will send all Personal Data to the Controller on a durable medium in a common and practical format or otherwise make it available to the Controller. If Optii is still in possession of any copies of the Personal Data after all Personal Data have been placed in the Controller’s possession, Optii will immediately destroy the Personal Data, unless the Controller has agreed to continued retention and/or processing. At the Controller’s request, Optii will provide the Controller with a written confirmation and guarantee of destruction, and Optii will permit the Controller to verify that the Controller’s Personal Data concerned are no longer being processed by Optii or by any auxiliary person or third party engaged by Optii.

11. NATURE AND PURPOSE OF DATA

1. Personal Data of guests
   1. First name
   2. Last name
   3. Email address
   4. Room number
2. Sensitive Data (as intended in art. 9 GDPR)
   1. 1. None

12. SECURITY MEASURES

1. Access management

1. The principles of 'least privilege' and 'need‐to‐know' are applied to staff and permitted Subprocessors. User access will be revoked or amended in a timely manner if there is any change to the status of staff members, suppliers, clients, business partners or third parties. Up‐to‐date forms of encoding and encryption that are generally regarded as safe will be used for identification, authentication and authorisation.

2. Staff

1. Employees have been informed of their responsibilities with regard to information security and there is a procedure for verifying that employees comply with their obligations.

3. Subprocessor contract management

1. A Data Processing Agreement for Subprocessors will be signed with every permitted Subprocessor, which will contractually oblige the Subprocessor to comply with the same obligations to processing as are contained in this Data Processing Agreement. Subprocessors will be closely monitored to verify that they comply with their obligations.

4. Security incident response

1. A documented security incident response plan is in place that is suitable for detecting, resolving and reporting Personal Data Breaches, in accordance with the requirements of Article.

5. Vulnerability/patch management

1. Periodic scans are conducted to detect vulnerabilities in the applications, systems and networks used. Security patches are installed or implemented immediately or promptly after they become available.

6. Location

1. The physical location/geography of the stored Personal Data can be shown.

7. Transfer and transportation

Where transferring or transporting data outside of the European Union (in the case of subprocessors), Optii only works with certified Privacy Shield vendors.