1.1 Scope of application

These General Terms and Conditions (hereinafter “GTC”) for Users of Doodle govern the access to and use of the Services of Doodle AG (“Doodle”) and all transactions incidental thereto, which are offered online via www.doodle.com or www.doodle.ch or other top-level domains as part of a software-as-a-service solution. Please read these GTC carefully before using the Services, as your use of the Services, opening of an account or your order for subscription, whichever comes first, shall be construed as your acceptance of the terms of the GTC. Your acceptance of the GTC shall be construed as your agreement to be bound by the terms of the GTC with respect to your access and use of the Services. No other terms or conditions shall be of any force or effect unless otherwise specifically agreed upon by Doodle in writing duly executed by an authorized officer of Doodle.

Doodle may refuse any order for subscription for any or no reason. No order for subscription shall be binding upon Doodle until Doodle’s written confirmation of payment of the subscription fee.

Unless otherwise agreed by Doodle in writing, the GTC and the other provisions, including but not limited to the Permitted Use Policy for Doodle Services, the Privacy Policy and the Service Level Agreement referred to in these GTC, as such may be amended by Doodle unilaterally from time to time (the “Ancillary Documents and Policies”) together with any terms on Doodle’s email confirmation (the “Subscription Confirmation”) constitute the entire agreement between you and Doodle, and shall supersede any and all prior written or oral agreements, offers or other representations with respect to the Services. In the event of conflict between the terms of these GTCs, the Ancillary Documents and Policies and the Subscription Confirmation, the order of precedence shall be as follows: 1. The Subscription Confirmation; 2. these GTC; 3. the Permitted Use Policy for Doodle Services, 4. the Service Level Agreement and 5. the Privacy Policy. If you access or use the Services or continue to use the Services after you have been notified of a change to the GTC or other referenced documents, you confirm that you have read, understood and agree to the GTC and all such referenced documents, as amended.

1.2 Definitions

Capitalized terms that are not defined in the other provisions of these GTC shall have the following definitions.

Services: shall mean the services performed by Doodle using the Doodle software and such other applications as Doodle may deem appropriate from time to time to enable Users to quickly and efficiently plan appointments and give the organizer full control over the planning and necessary postponement of an appointment which may be used free of charge in the basic version and in advanced versions for a fee by subscribing to Doodle Premium (as defined below) pursuant to these GTC.

User: shall mean any individual or entity using the Services either with or without creating an account with Doodle and who shall be bound to these GTC, the Ancillary Documents and Policies and Subscription Confirmation. For the avoidance of doubt, individuals or entities using the Services without a paid subscription or an account (e.g., as a guest by way of invitation) shall be considered a User for the purposes of these GTC.

Doodle Premium: shall mean the fee-based Services offered by Doodle, available as a Pro, Team, or Enterprise solution, and described in more detail under: https://doodle.com/premium; and such description shall be incorporated in these GTC in full by reference.

Integrations: shall mean third-party applications that Users may integrate in their Doodle account in order to use the Services’ additional features such as link scheduling with calendars specifically used. An up-to-date overview of the Integrations can be found here: https://doodle.com/de/integrations, as such may be amended by Doodle unilaterally from time to time.

Account: shall mean the account created by a User and/or Doodle to enable a User to access and use the Services; the creation of such Account shall require the following information or such additional information as may be determined by Doodle from time to time: first name, last name, email address and for Doodle Premium, postal address and, where applicable, the company name.

Upgrade: shall mean the change of a User subscription from a subscription free of charge to any type of Doodle Premium Service which a User may choose to do at any time by creating an account and making the change therein.

Downgrade: shall mean the change from a Doodle Premium subscription to a subscription free of charge. Such Downgrade shall only take effect upon the expiration of the then agreed term for the existing Doodle Premium subscription. For the avoidance of doubt, a User acknowledges and agrees that a Downgrade shall not result in a refund of any paid subscription fees.

API: shall mean an application programming interface, which is a program component that a software system (here: Doodle software) makes available to other programs for connecting to the Doodle software.

2.1 License

Unless otherwise agreed by Doodle in writing, Doodle grants you a limited, worldwide, personal, non-exclusive, non-sublicensable and non-transferable license to access and use the Services via the API or a web-based hosted services platform solely for your internal business purposes to the extent necessary for you to use the Services as agreed to between you and Doodle.

2.2 Use

Unless Doodle has entered into a separate agreement with you, youagree to use the Services only in accordance with:

1. the present provisions of these GTC and

2. the Permitted Use Policy for Doodle Services, as such may be amended by Doodle from time to time;as well as

3. all other Ancillary Documents and Policies

4. or arising from applicable laws, rules and regulations.

2.3 Creating an account and communicating

For you to access and/or use the Services, Doodle may, at its sole discretion, require you to create a User account on a website or a platform as determined by Doodle, or Doodle may, at its sole option, create such User account for you. You shall accurately and truthfully complete and keep up to date all information you provide in the registration process. You are also solely responsible for the security of your password and those of other Users registered under your User account in accordance with these GTC and the policies referenced herein including but not limited to the Permitted Use Policy for Doodle Services. Accounts may not be created automatically such as through bots.

2.4 Free and Paid Services

2.4.1 Free Services

In Doodle’s sole discretion, the Services may be offered to a User free of charge with limited functionalities (“Free Service”).

2.4.2 Doodle Premium

2.5 Price changes

Doodle reserves the right to change the subscription fees of any Doodle Premium Service. You will be notified of such changes within a reasonable time by means of an email sent to the email address you have provided Doodle at registration. Changes to the subscription fees shall not affect any paid subscriptions until the end of such paid subscription period. If you do not agree with the change in subscription fees, you can opt not to renew your subscription.

2.6 Use of the API

2.7 Use of Integrations

Users may only use the Integrations set forth in https://doodle.com/en/integrations/ and shall be responsible for any damages caused or in any way related to the User’s use of the Integrations and the data contained therein. The use of the Integrations shall be the sole responsibility of the User including without limitation any misappropriation, violation and/or infringement of intellectual property rights with respect to such Integrations. User agrees to indemnify, defend and hold Doodle harmless for any damages caused by User’s use of the Integrations including but not limited to damages caused and related to the infringement of a third party’s intellectual property rights caused by or in any way related to the User’s use of the Integrations.

2.8 Uploading Content

Doodle may but is not required to include a personal profile image on the Doodle platform in which you access the Services (an “Uploaded Content”). For the Uploaded Content, you grant Doodle and its affiliates a worldwide, non-exclusive, non-transferable, non-sublicensable and royalty-free license for the term of your subscription to enable Doodle to perform the subscribed Services.

2.9 Defining a URL

For some Services (or parts thereof), you can define a personal URL(web address) tied to your access to the Services. You shall not choose a URL that is protected by copyright, trademark, or other proprietary or intellectual property rights of a third party. Doodle reserves the right to request that the URL you selected be changed immediately for any or no reason but particularly if you, by using the selected URL, intentionally or unintentionally infringe or may infringe on Doodle’s or a third party’s intellectual property right.

2.10 Representations and Warranties; Indemnification by User

3.1 Limited Warranty

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE SERVICES PERFORMED BY DOODLE ARE PROVIDED “AS IS,” and “AS AVAILABLE”, AND DOODLE DISCLAIMS ANY AND ALL OTHER PROMISES, INDEMNITIES, REPRESENTATIONS AND WARRANTIES, WHETHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, QUIET ENJOYMENT, SYSTEM INTEGRATION AND DATA ACCURACY, AND ALL WARRANTIES ARISING FROM COURSE OF DEALING, USAGE, OR TRADE PRACTICE. DOODLE DOES NOT WARRANT THAT (a) THE SERVICE OR ANY OTHER SERVICES PROVIDED BY DOODLE WILL MEET USER’S OR ANY OTHER PERSON’S REQUIREMENTS OR (b) THAT THE OPERATION OF THE SERVICE WILL BE UNINTERRUPTED OR ERROR-FREE, OR (c) THAT THE SERVICE WILL ACHIEVE ANY INTENDED RESULT OR (d) THAT THE SERVICE OR ANY COMPONENT THEREOF WILL BE COMPATIBLE OR WORK WITH ANY INTEGRATIONS, SOFTWARE, SYSTEM, OR OTHER SERVICES, OR BE SECURE, ACCURATE, COMPLETE, OR FREE OF HARMFUL CODE, OR (e) THAT ALL ERRORS WILL BE CORRECTED.

3.2 Limitation of Liability

IN NO EVENT WILL DOODLE BE LIABLE TO USER FOR ANY INCIDENTAL, INDIRECT, SPECIAL, CONSEQUENTIAL OR PUNITIVE DAMAGES, REGARDLESS OF THE NATURE OF THE CLAIM, INCLUDING, WITHOUT LIMITATION, LOST PROFITS, COSTS OF DELAY, ANY FAILURE OF DELIVERY, BUSINESS INTERRUPTION, COSTS OF LOST OR DAMAGED DATA OR DOCUMENTATION, INCREASED COSTS, DIMINUTION IN VALUE OR LOST BUSINESS, PRODUCTION, OR REVENUES, LOSS OF GOODWILL OR REPUTATION,OR COST OF REPLACEMENT OF GOODS OR SERVICES, OR LIABILITIES TO THIRD PARTIES ARISING IN CONNECTION WITH THIS AGREEMENT OR UNDER ANY LEGAL OR EQUITABLE THEORY, INCLUDING BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), OR STRICT LIABILITY. WITHOUT LIMITING THE GENERALITY OF THE FOREGOING, DOODLE SHALL NOT BE LIABLE FOR ANY LOSSES OR DAMAGES RESULTING FROM: (I) USER’S USE OR THE INABILITY TO USE THE SERVICES; (II) ANY CHANGES WHICH DOODLE MAY MAKE TO THE SERVICES, OR ANY PERMANENT OR TEMPORARY CESSATION IN THE PROVISION OF THE SERVICES; (III) UNAUTHORIZED ACCESS TO OR ALTERATION OF USER TRANSMISSIONS OR DATA; (IV) THE DELETION OF, CORRUPTION OF,OR FAILURE TO STORE, ANY CONTENT AND OTHER COMMUNICATIONS DATA MAINTAINED OR TRANSMITTED BY OR THROUGH THE USE OF THE SERVICES; (V) RECOVERY OF ANY DATA,OR BREACH OF DATA OR SYSTEM SECURITY; OR (VI) OR ANY OTHER MATTER RELATING TO THE SERVICES, IN EACH CASE, REGARDLESS OF WHETHER DOODLE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH LOSSES OR DAMAGES OR SUCH LOSSES OR DAMAGES WERE OTHERWISE FORESEEABLE. THIS LIMITATION OF DOODLE’S LIABILITY SHALL APPLY WITHOUT REGARD TO WHETHER OTHER PROVISIONS OF THIS AGREEMENT HAVE BEEN BREACHED OR HAVE PROVEN INEFFECTIVE. THE AGGREGATE LIABILITY OF DOODLE FORALL CLAIMS ARISING FROM OR RELATING TO THIS AGREEMENT, INCLUDING, WITHOUT LIMITATION, ANY CAUSE OF ACTION INCLUDING BREACH OF CONTRACT, TORT, STRICT LIABILITY, EQUITABLE THEORY OR OTHERWISE, WILL NOT EXCEED THE TOTAL AMOUNT OF ALL FEES PAID TO DOODLE BY USER UNDER THESE GTC DURING THE TWELVE (12)-MONTH PERIOD PRECEDING THE EVENT GIVING RISE TO SUCH CLAIM.

User acknowledges and understands that the disclaimers, exclusions and limitations of liability set forth in this Section form an essential basis of the agreement between the parties, that the parties have relied upon such disclaimers, exclusions and limitations of liability in negotiating the terms of these GTC, and that absent such disclaimers, exclusions and limitations of liability, the terms and conditions of these GTC would be substantially different.

3.3 Technical support

Doodle provides technical support on a best-effort basis and exclusively via email. A user may send his/her request to our Support Team in each case. Doodle does not warrant the availability of technical support for any use outside of Doodle Premium Services. Users of a Doodle Premium account are subject to the provisions of the separate Service Level Agreement.

3.4 Enhancement, Modification, Discontinuation of Services and Maintenance

Doodle has the right at any time for any or no reason to suspend, restrict discontinue, or modify the Services (or any part thereof) permanently or temporarily or to add new types of services. Such changes shall become effective without any further action by any party and automatically subject to these GTC. Your continued use of the Services or any part thereof after we make changes shall deemed as your acceptance of those changes. If the suspension, restriction, discontinuation, removal or modification of the Services results in a materially significant change to the agreed Services, as determined solely by Doodle, you may terminate the subscription for cause with immediate effect. In no event shall Doodle be required to issue any refund of the subscription fee for any remaining period in the event of such termination.

Doodle may perform maintenance on the Services offered at any time at its sole discretion. Maintenance that would require a deactivation of the Services shall be communicated to the User via email at least 72 hours before deactivation. Doodle shall endeavor to keep any necessary shutdowns of the Services to a minimum. In no event shall Doodle be liable to you or any third party for any damages caused or related to such deactivation.

3.5 Use of Third Parties

You hereby acknowledge and agree that Doodle has the right to use third parties to provide the Services or a portion thereof at any time as it sees fit.

3.6 Inclusion of advertising in the Services

You acknowledge and agree that Doodle shall have the right to finance the Free Services also by means of advertising and/or other promotional measures and may send Users advertising, promotion and other related correspondence or materials. The display of such advertisements may be managed by Doodle, its affiliates and/or their respective service providers based on information generated by or through your use of the Services, and you hereby consent to the use by Doodle and/or its affiliates of such generated information and accept the terms of the Privacy Policy as such terms are incorporated herein by reference and may be amended by Doodle from time to time. Doodle, its affiliates and/or their respective service providers may change the type and extent of advertising and promotional measures and materials at any time. If you use the Free Services, you may not block, interfere with, or otherwise technically suppress the advertising media.

4.1 Ownership

Doodle, its affiliates or their respective licensors, as may be applicable, shall retain exclusive ownership of all rights, title and interest in and to the Services and all components thereof including but not limited to the software, API, and web-based platform. User acknowledges that it neither owns nor acquires any additional rights in and to the Services or any component thereof not expressly granted by these GTC.

4.2 Doodle Marks

Without limiting the generality of Section 4.1., you acknowledge that the names, marks, logos, insignias, trademarks, trade names, trade secrets, and/or service marks of Doodle (the “Doodle Marks”) are owned exclusively by Doodle, its affiliates or licensors, and that, except as otherwise expressly set forth in these GTC, Users have no right to use the Doodle Marks without the prior written consent of Doodle. Except as otherwise expressly set forth in these GTC or a separate agreement with Doodle, you shall not represent that you have any rights, title or interest in and to Doodle Marks.

4.3 User Obligations with Respect to Doodle’s Intellectual Property

You shall not (i) decompile, disassemble, reverse engineer or otherwise attempt to obtain or perceive the source code from which any software component of the Services are compiled or interpreted, and you acknowledge that nothing in these GTC will be construed to grant you any right to obtain or use such code; (ii) create any derivative product from any of the foregoing, except with the prior written consent of Doodle; or (iii) allow third parties other than authorized users to gain access to the Services or use the Services as a service bureau; (iv) assign, sublicense, sell, resell, lease, rent or otherwise transfer or convey, or pledge as security or otherwise encumber your rights. You shall ensure that its use of the Services complies with all applicable laws.

5.1 Breach; Corrective Measures

If Doodle believes that a User is in breach of the GTC, the Permitted Use Policy for Doodle Services, including without limitation User’s unauthorized use, excessive use or misuse of the Services, or a User has created a risk for Doodle, the Integrations and/or any third party, Doodle may unilaterally, at its sole discretion, block, deactivate, or revoke such User’s access (in its entirety or a portion thereof) to the Services with immediate effect, or if the damage caused by the breach is reversible (as determined by Doodle), notify the User about the breach. In the event User fails to cure the damage (if determined by Doodle as reversible) within fourteen (14) days from the date of the notification from Doodle, Doodle may terminate the agreement with such User and revoke such User’s access to the Services immediately upon the expiration of the notice period. User shall not be entitled to any refund of paid subscription fees in the event of such termination by Doodle.

You agree to defend, indemnify, and hold harmless Doodle, its affiliates, licensors, and service providers, and its and their respective officers, directors, employees, contractors, agents, licensors, suppliers, successors, and assigns from and against any claims, liabilities, damages, judgments, awards, losses, costs, expenses, or fees (including reasonable attorneys' fees) (the “Losses”) arising out of or relating to (i) your violation of these GTC, (ii) your use of the Services, any information obtained from through your access and use of the Services; and (iii) your Uploaded Content and selected URL, including, but not limited to our use thereof and/or any misappropriation, violation or infringement of third party intellectual property rights.

7.1 Governing law and jurisdiction

These GTC shall be governed exclusively by Swiss law, excluding the provisions on conflict of laws thereof and the United Nations Convention on the International Sale of Goods. Any disputes arising from these GTC shall be decided by the courts of Zurich, Switzerland. Each User and Doodle irrevocably submit to the exclusive jurisdiction of such courts in any such suit, action, or proceeding and waives any objection it may have to such forum or venue, including without limitation the objection of forum non conveniens.

7.2 Data protection

Our Privacy Policy accessible at https://doodle.com/en/privacy-policy explains how we, our affiliates, and service providers, as applicable, collect and use your information obtained through your use of the Services or when you signed up for an account with Doodle. In this regard, we give great importance to the protection of your privacy and the security of the data stored with us, and we comply with the applicable data protection laws. You acknowledge and agree that the terms of our Privacy Policy are hereby incorporated herein by reference. By using the Services, you acknowledge that you have read and accept the terms of the Privacy Policy, as such may be amended by us from time to time.

7.3 Severability

Should one or more provisions of these GTC be invalid now or in the future, this shall not affect the validity of any other provision or covenant. Doodle may replace the invalid provisions with a legally valid provision that is as consistent as possible with the economic spirit and purpose of the invalid provision.

7.4 Notices and changes to these GTC

Unless otherwise specified in these GTC or with the User, written notices from Doodle to the User shall be sent via the email address specified in the User Account or during the registration process. It is your responsibility to keep your e-mail address up to date at all times during your subscription to the Services. The User may contact Doodle for any queries via our support form. However, this does not apply to legal notices. These must also be sent to [email protected]. Notice shall be deemed to have been duly served on the earlier of the day after the e-mail is sent or when you continue using the Services after viewing the notification on the Website’s homepage.

Doodle reserves the right to make changes to these GTC at any time. Doodle may, in its sole discretion, provide User with written notice as set forth in the foregoing paragraph, via in-app messaging or by publishing the notice on a banner on the Website’s homepage, of any such changes, provided, however that any such changes shall become effective without any further action by any party. In the event of a material change to these GTC, you may terminate the subscription prior to the agreed end of the subscription period within one (1) month following the date of notification of the change. All Services provided up to the date of termination of the Agreement must be paid for in full. No refund shall be paid to you for any remaining period of your subscription. With regard to price changes, the rules set forth in Section 2.5 above shall prevail. If you fail to terminate the Agreement within the notice period under this Section 7.4. using the feature set upfor this purpose in your account or you continue to use the Services after the notice period, such failure to act shall be construed as your acceptance to the changes to the GTC in its entirety.

7.5 Assignment

You may not assign your rights and/or delegate your obligations under these GTC, the Ancillary Documents and Policies, and Subscription Confirmation without the prior written consent of Doodle.

7.6 Force Majeure

Except with respect to payment obligations hereunder, if Doodle is prevented or delayed in performance of its obligations hereunder as a result of circumstances beyond Doodle’s reasonable control, including, by way of example, war, riot, fires, floods, epidemics, pandemics or government restrictions as a result thereof, or failure of public utilities or public transportation systems, such failure or delay will not be deemed to constitute a breach of these GTC, but such obligation will remain in full force and effect, and will be performed or satisfied as soon as reasonably practicable after the termination of the relevant circumstances causing such failure or delay, provided that if Doodle is prevented or delayed from performing for more than ninety (90) days, you may terminate these GTC upon thirty (30) days’ written notice.

7.7 No Third Party Beneficiaries

You acknowledge that the covenants set forth in these GTC are intended solely for the benefit of the parties to the agreement, their successors and permitted assigns. Except for the authorized Users under a valid subscription, nothing herein, whether express or implied, will confer upon any person or entity, other than you and Doodle, their respective successors and permitted assigns, any legal or equitable right whatsoever to enforce any provision of these GTC.

7.8 Waiver

Doodle’s waiver of any breach or violation of these GTC by you shall not be construed as a waiver of any other present or future breach or breaches by you.

This Data Processing Addendum, including the exhibits to it (“DPA”), is incorporated into the General Terms and Conditions (the “Agreement”) that are between you (together, with any subsidiaries and affiliated entities, collectively, “Customer” or “Controller”) and Doodle AG with the business address of Werdstrasse 21, 8004 Zürich, Switzerland (together, with any subsidiaries and affiliated entities, collectively “Doodle” or “Processor”) and sets forth additional terms that apply to the extent any information you provide to Doodle pursuant to the Agreement includes Personal Data (as defined below).

DEFINITIONS

A. “CCPA” means the California Consumer Privacy Act (California Consumer Privacy Act of 2018, Cal. Civ. Code § [1798.100 - 1798.199.100]​​) as amended, including by the California Privacy Rights Act of 2020 and its implementing regulations.

B. “Data Privacy Framework(s)” means, as applicable, the EU-US Data Privacy Framework, the UK Extension to the EU-US Data Privacy Framework, and the Swiss-US Data Privacy Framework developed by the US Department of Commerce and the European Commission, UK Government, and Swiss Federal Administration permitting organisations participating in such Data Privacy Frameworks to receive Personal Data from the European Union / European Economic Area, the UK and Gibraltar, and Switzerland in compliance with applicable Data Protection Laws in those regions.

C. “Data Protection Laws” means all applicable federal, state, and foreign data protection, privacy and data security laws, as well as applicable regulations and formal directives intended by their nature to have the force of law, all as amended from time to time, including, without limitation, the EU Data Protection Laws, UK Data Protection Laws, the Swiss Data Protection Laws, the Privacy Act 1988, the Personal Information Protection and Electronic Documents Act, and United States state privacy laws, including the CCPA,  and the privacy laws of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, and Montana. 

D. “Data Subject” means the individual or consumer to whom Personal Data relates.

E. “Data Subject Request” means a request by a Data Subject to exercise rights afforded by Data Protection Laws with respect to the Data Subject’s Personal Data.

F. “EU Data Protection Laws” means GDPR together with any applicable implementing legislation or regulations, as well as European Union or Member State laws, as amended from time to time. 

G. “GDPR” means the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.) 

H. “Personal Data” means any Customer Data relating to an identified or identifiable natural person that is Processed by Doodle on behalf of Customer in connection with providing the Services to Customer, when such information is protected as “personal data” or “personal information” or a similar term under Data Protection Law(s). 

I. “Process” or “Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction. 

J. “Security Breach” means a confirmed breach of Doodle’s information security measures leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data covered by this DPA. 

K. “Services” means the services provided by Doodle to Customer under the Agreement. 

L. “Standard Contractual Clauses” or “SCCs” means the model clauses for the transfer of Personal Data to processors established in third countries approved by the European Commission, the approved version of which is set out in the European Commission Implementing Decision 2021/914 of 4 June 2021 and at:

 https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?uri=CELEX%3A32021D0914&locale=e. 

M. “Swiss Data Protection Laws” means all laws relating to data protection, the Processing of Personal Data, privacy and/or electronic communications in force from time to time in Switzerland, including the Federal Act on Data Protection of June 19, 1992 and its ordinances, and, once it entered into force, in accordance with Article 16 paragraph 2 letter d of the future revised Swiss Federal Act on Data Protection dated 25 September 2020 (collectively, “FADP”).

N. “UK Data Protection Laws” means all laws relating to data protection, the Processing of Personal Data, privacy and/or electronic communications in force from time to time in the United Kingdom (“UK”), including the United Kingdom GDPR and the Data Protection Act 2018.

O. “UK GDPR” means the United Kingdom General Data Protection Regulation, as it forms part of the law of the United Kingdom by virtue of section 3 of the European Union (Withdrawal) Act 2018.

P. The terms “Processor” and “Controller” shall have the meanings given to them under the applicable Data Protection Law. Any capitalised terms herein that are not defined in this DPA shall have the meanings associated with them in the Agreement and are hereby adopted by reference in this Addendum.

PROCESSING AND TRANSFER OF PERSONAL DATA

A. Customer Obligations. Customer is the Controller of Personal Data and shall (a) determine the purpose and essential means of the Processing of Personal Data in accordance with the Agreement; (b) be responsible for the accuracy of Personal Data; and (c) comply with its obligations under Data Protection Laws, including, when applicable, ensuring Customer has a lawful basis to collect Personal Data, providing Data Subjects with any required notices, and/or obtaining the Data Subject’s consent to process the Personal Data.

B. Doodle Obligations. Doodle is the Processor of Personal Data and shall (a) Process Personal Data on Customer’s behalf in accordance with Customer’s written instructions (unless waived in a written requirement) provided during the term of this DPA; and (b) comply with its obligations under Data Protection Laws. A description of the processing of Personal Data intended to be carried out under this DPA is set out in Annex 1. The parties agree that the Agreement, including this DPA, together with Customer’s use of the Services in compliance with the Agreement, constitute Customer’s complete and final written instruction to Doodle in relation to the Processing of Personal Data, and additional instructions outside the scope of these instructions shall require a prior written and mutually executed agreement between Customer and Doodle. In the event Doodle reasonably believes there is a conflict with any Data Protection Law and Customer’s instructions, Doodle will inform Customer promptly and the parties shall cooperate in good faith to resolve the conflict and achieve the goals of such instruction. 

C. Data Use. Doodle shall not use Personal Data, except for usage of Personal Data pursuant to Customer’s instructions, as permitted under the Agreement and as necessary to bring and defend claims, to comply with requirements of the legal process, to cooperate with regulatory authorities, and to exercise other similar permissible uses as expressly provided under Data Protection Laws.

D. Location of Processing. The parties acknowledge and agree that processing of the Personal Data will occur in the European Union (EU) and perhaps other jurisdictions outside the residence of the Data Subjects, and Customer shall comply with all notice and consent requirements for such transfer and processing to the extent required by Data Protection Laws.

E. Return or Destruction of Data. Doodle shall return or securely destroy Personal Data, in accordance with Customer’s instructions, upon Customer’s request or upon termination of Customer’s account(s) unless Personal Data must be retained to comply with applicable law.

SWISS, EU, AND UK DATA PROTECTION LAWS

This Section shall apply with respect to Processing of Personal Data when such Processing is subject to the Swiss Data Protection Laws, EU Data Protection Laws, or UK Data Protection Laws.

A. Transfers of Personal Data. Customer acknowledges and agrees that Doodle is located in the European Economic Area (“EEA”). All transfers of Customer Personal Data out of the EU (“EU Personal Data”), Switzerland (“Swiss Personal Data”) or the United Kingdom (“UK Personal Data”) shall be governed by a data transfer agreement in a form prescribed by applicable Data Protection Laws (e.g. Standard Contractual Clauses or equivalent), to the extent that the formalisation of such a document represents a valid means of transferring Personal Data outside of the EEA or the relevant jurisdiction.

B.GDPR and UK GDPR Obligations. Doodle shall: (i) assist Customer, to a reasonable extent, in complying with its obligations with respect to EU Personal Data pursuant to Articles 32 to 36 of GDPR (or their equivalent under UK Data Protection Laws for UK Personal Data); (ii) maintain a record of all categories of Processing activities carried out on behalf of Customer in accordance with Article 30(2) of the GDPR (or their equivalent under UK Data Protection Laws for UK Personal Data); and (iii) cooperate, on request, with an EU or UK supervisory authority regarding the performance of the Services.

CCPA

A. CCPA. This Section applies to Doodle’s, and Doodle acts as Customer’s service provider with respect to, Processing of Personal Data subject to the CCPA. Customer discloses the Personal Data to Doodle, and Doodle shall Process such Personal Data only for the purposes as set out in this Agreement, including this DPA. B. Doodle shall not: a. sell or share the Personal Data;

b. retain, use, or disclose the Personal Data  for any purpose, including a commercial purpose, other than the business purposes as set out in the Agreement, or  outside of the direct business relationship between the parties; 

c. combine the Personal Data  with personal data that Doodle receives from, or on behalf of, another person or persons, or collects from its own interaction with the consumer, provided that Doodle may combine Personal Data to perform any business purpose as permitted by the CCPA.

C. Doodle shall comply with obligations applicable to it as a service provider under the CCPA, and shall provide Personal Data with the same level of privacy protection as is required by the CCPA.

D. Customer shall have the right to take reasonable and appropriate steps to help ensure that Doodle uses the Personal Data in a manner consistent with Customer’s obligations under the CCPA. The process for such steps shall be as set out in Section 8 below.

E. Doodle shall notify Customer if it makes a determination that it can no longer meet its obligations as a service provider under the CCPA. If Doodle so notifies Customer, Customer shall have the right to take reasonable and appropriate steps to stop and remediate unauthorised use of Personal Data.    

F. For any sub-processors used by Doodle to process Personal Data subject to the CCPA, in addition to its obligations in Section 5 below, Doodle’s agreement with any such sub-processor shall obligate such sub-processor to observe its requirements under the CCPA.

G. For purposes of this Section 4, the terms “consumer”, “service provider”, “sell” and “share” shall have the meanings given to them under the CCPA.

SUB-PROCESSORS

A. Sub-processor List. Customer consents to Doodle’s use of sub-processors who may Process Personal Data on behalf of Customer to help Doodle provide the Services. Doodle may update its list of sub-processors from time to time, and shall make available any updates to such list here.

B. Sub-processor Agreements. Doodle shall enter into a written agreement with any such sub-processor containing data protection obligations that are at least as restrictive as its obligations in this DPA.

DATA PROTECTION

A. Data Security. Doodle will utilise commercially reasonable technical and organisational measures to maintain the security, confidentiality, and integrity of the Personal Data, the details of which are set forth at the following link: https://doodle.com/en/features/security

B. Authorised Personnel. Doodle shall ensure that Doodle’s employees, contractors, agents, and auditors who need to know or otherwise access Personal Data for the purposes of enabling Doodle to perform its obligations under the Agreement are under a duty of confidentiality with respect to the Personal Data.

C. Security Breaches. Upon becoming aware of a Security Breach, Doodle will promptly: (i) notify Customer of the Security Breach; (ii) investigate the Security Breach; (iii) provide Customer with necessary details about the Security Breach as required by applicable law; and (iv) take reasonable actions to prevent a recurrence of the Security Breach. Doodle will make available relevant records and other materials related to the Security Breach’s effects on Customer as required to comply with Data Protection Laws.

ASSISTANCE

A. Processor Assistance. Upon Customer's written request, Doodle shall provide reasonable assistance to Customer as necessary in order to assist Customer with meeting its obligations under Data Protection Laws, including by providing information to Customer about Doodle’s technical and organisational security measures, and as needed to complete data protection assessments (the process for which is set out in the ‘Audits’ Section below). B. Data Subject Requests. If an Invitee, a Customer employee, or other applicable Data Subject makes a Data Subject Request to Doodle, Doodle will advise the Data Subject to submit their request directly to the Doodle customer who is the applicable Controller of that Personal Data, and will inform Customer of such request if the Data Subject identifies Customer as the applicable Controller to Doodle. Customer is responsible for Data Subject Requests. Doodle shall provide full cooperation and assistance to the Controller in relation to any request by data subjects to have access to Personal Data held about them or in relation to any other request, allegation or complaint by a competent authority or data subject, including notifying the Controller in writing without undue delay of receipt of any such notice or request. Contact information for data subject requests can be found on our website.

C. Costs. If Doodle determines in good faith that a request for assistance under this Section is unreasonable, overly burdensome, and outside of industry expectation for assistance with each respective matter, the parties will agree in good faith on costs to be paid by Customer to Doodle for such assistance.

AUDITS Within thirty (30) days of Customer’s written request, and no more than once annually, Doodle shall make available to Customer (or a mutually agreed upon third-party auditor) information reasonably necessary to demonstrate Doodle’s compliance with the obligations set forth in this DPA in the form of its most recent third party audit or certification report(s) (such as SOC 2 or Cloud Verify).  If, after receiving the report(s), Customer in its reasonable judgement determines that further information is needed to confirm that Doodle is meeting its obligations in this DPA or for Customer to complete a data protection assessment, Customer may request in writing such additional information. The parties will then work together in good faith to agree upon the additional information which Doodle shall provide, and Doodle will provide the agreed upon information. All information provided by Doodle under this Section is considered Doodle’s Confidential Information and is subject to the confidentiality obligations set forth in the Agreement.

DOODLE’S ROLE AS A CONTROLLER

The parties acknowledge and agree that Doodle processes certain personal data as a Controller which is described in, and processes it in accordance with, our Privacy Notice for the following purposes when EU, UK or Swiss Data Protection Laws apply to such personal data: (i) to manage the relationship with Customer, including creating customer accounts, handling billing, and performing sales and marketing activities; (ii) for purposes related to Doodle’s internal business operations, such as accounting, audits, tax preparation and filing and compliance purposes; (iii) to monitor, investigate, prevent and detect fraud, security incidents and other misuse of the Services; (iv) for identity verification purposes; (v) to comply with legal or regulatory obligations applicable to the processing and retention of personal data to which Doodle is subject; (vi) to develop, improve, and understand usage of its products and services, and (vii) as otherwise permitted under Data Protection Laws and as set out in Doodle’s Privacy Notice.

MISCELLANEOUS

A. Conflict. In the event of any conflict or inconsistency between this DPA and Data Protection Laws, Data Protection Laws shall prevail. In the event of any conflict or inconsistency between the terms of this DPA and the terms of the Agreement, the terms of this DPA shall prevail solely to the extent that the subject matter concerns the processing of Personal Data. 

B. Liability.  Each Party’s liability arising out of or related to this DPA, whether in contract, tort or under any other theory of liability, is subject to the limitations of liability contained in the Agreement. For the avoidance of doubt, each reference herein to the “DPA” means this DPA including its exhibits and annexes. 

C. Entire Agreement.  This DPA is without prejudice to the rights and obligations of the parties under the Agreement which shall continue to have full force and effect. This DPA together with the Agreement is the final, complete and exclusive agreement of the Parties with respect to the subject matter hereof and supersedes and merges all prior discussions and agreements between the parties with respect to such subject matter.

ANNEX 1: SCOPE OF PROCESSING A. List of parties

a. Data exporter.

i. Data exporter is the Customer. ii. Address: the Customer’s address set out in the Agreement. Contact person’s (DPO and/or EU representative) name, position, and contact details: the Customer’s contact details. iii. Activities relevant to the data transferred under these Clauses: activities necessary to provide the Services described in the Agreement. iv. Signature and date: Customer is deemed to have signed this Annex I by accepting Doodle’s General Terms and Conditions. b. Data importer.

i. The data importer is Doodle AG. ii. Address: Werdstrasse 21, 8004 Zürich, Switzerland  iii. Contact person’s (DPO and/or EU representative) name, position, and contact details: Niel Harper, Data Protection Officer, [email protected]. iv. Activities relevant to the data transferred under these Clauses: Activities necessary to provide the Services described in the Agreement. v. Signature and date: Doodle is deemed to have signed this Annex I by accepting Calendly’s General Terms and Conditions.

B. Categories of data subjects whose personal data is processed. Customer may submit Personal Data to Doodle, the extent of which is determined and controlled by the Customer in their sole discretion, and which may include, but is not limited to Personal Data relating to the following categories of data subjects: (i) the Customer’s end-users as permitted in the Agreement, including employees, contractors, representatives, and agents, and (ii) persons with whom Customer is scheduling appointments and meeting with through use of Doodle’s Services which may include its representatives, business partners, collaborators, job candidates, customers, and potential customers.

C. Categories of personal data processed. Customer may submit Personal Data to Doodle, the extent of which is determined and controlled by the Customer in its sole discretion, and which may include, but is not limited to the following categories of Personal Data: First and last name; Title; Position; Employer; Contact information (company, email, phone, physical business address); Personal data contained in connected calendar event details; Approximate location and/or time zone; and other data in an electronic form used by Customer in the context of the Services.

D. Sensitive data transferred (if applicable). Sensitive data may be transferred in certain use cases of the Services such as racial or ethnic origin or trade union membership.

E. The Frequency of the Transfer. Continuous.

F. Nature of the processing. The processes may include collection, storage, retrieval, consultation, use, erasure, or destruction, disclosure by transmission, dissemination, or otherwise making available data exporter’s data as necessary to provide the Services in accordance with the data exporter’s instructions, including related internal purposes where permitted by applicable laws (such as quality control, troubleshooting, information security, prevention and detection of spam, fraud, and abuse and product development and improvement).

G. Purpose(s) of the data transfer and further processing. The objective of the processing of Personal Data by the data importer is the performance of the contractual Services under the Agreement with the data exporter. 

H. The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period. Personal data is retained for so long as is reasonably necessary to fulfil the purposes for which the data was collected, to perform our contractual and legal obligations, and for any applicable statute of limitations periods for the purposes of bringing and defending claims. 

I. For transfers to (sub-) processors, also specify subject matter, nature and duration of the processing. The subject matter and nature of the processing by sub-processors is as set out in the subprocessor list here. The duration of the processing by sub-processors shall be for so long as data importer provides the Services under the Agreement to data exporter.