PLEASE READ THIS AGREEMENT CAREFULLY BEFORE BUYING A SUBSCRIPTION TO, ACCESSING, ACTIVATING OR USING CNH Industrial® telematics service, inCluding AFS CONNECT™ AND/OR MYPLMCONNECT. THIS AGREEMENT IS A BINDING LEGAL CONTRACT BETWEEN YOU or the entity you represent (“you”) AND CNH Industrial America LLC and its global affiliates and related entities (“CNHI”, “we” or “us”).
I. INTRODUCTION
Thank you for your interest in a subscription to the Telematics Service. The “Telematics Service” (or the “Service”) is CNH Industrial® telematics service, including AFS Connect™ and MYPLMCONNECT, remote display access, data and software management services, wireless data transfer, location history, and other functionalities as further described in CNHI’s standard documentation and in each case to the extent included in your Subscription. The Telematics Service utilizes the telematics device in your machine or equipment provided by CNHI (“Equipment”) and the modem software and other software and/or firmware that is used in, installed on, provided with, or embedded on the Equipment (“Telematics Software”).
This CNH Industrial® Telematics Subscription End User License Agreement (this “Agreement”) applies to (i) your paid, trial, or other subscription (“Subscription”) to the Telematics Service and the website available to subscribers to the Telematics Service and other related websites in order for such subscribers to access certain content, functionality, reports and services, and certain of their data (collectively, the “Site”), (ii) the use of, and your consent to the use of, certain information or data that may be collected, recorded, and transmitted from and about the Equipment associated with Telematics Service, and your use of the Telematics Software. You understand that by using the Telematics Service, CNHI and its business associates may collect and use data to provide you with the Telematics Service and for other purposes, as described below.
1. Acceptance of Agreement. BY “ACCEPTING” THESE TERMS OR ACCESSING, ACTIVATING OR USING THE SITE, THE TELEMATICS SERVICE, OR THE TELEMATICS SOFTWARE, YOU AGREE TO BE LEGALLY BOUND BY THIS AGREEMENT. TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, YOU AGREE: (1) TO RESOLVE ANY DISPUTES BY ARBITRATION ON AN INDIVIDUAL BASIS, AND THAT (2) CLASS ACTIONS AND JURY TRIALS ARE NOT PERMITTED. IF YOU DO NOT AGREE TO THIS AGREEMENT: (1) PLEASE DO NOT, AND YOU ARE NOT PERMITTED TO, ACCESS OR ACTIVATE OR USE THE SITE, THE TELEMATICS SERVICE, OR THE TELEMATICS SOFTWARE; AND (2) FOR CLARITY, DO NOT CLICK “I ACCEPT” IN THIS AGREEMENT.
2. Data Processing Agreement. Your use of the Telematics Service is also subject to the Data Processing Agreement (“DPA”) attached to this Agreement as Appendix I.
II. GRANT OF LICENSE AND LICENSE RESTRICTIONS
1. Limited License. Subject to your compliance with the terms of this Agreement, including the Payment Terms (if applicable), CNHI grants you a limited, worldwide, non-exclusive, non-transferable, non-assignable license (without the right to sublicense) to access and use the Telematics Software and the Telematics Service for the duration of this Agreement, only in a commercially reasonable manner for your legitimate internal business purposes, in accordance with the terms and conditions of this Agreement, and only upon: (1) your purchase or activation of the Telematics Service; and (2) your Acceptance of this Agreement and the DPA without modification. You agree to (i) access and use of the Telematics Software and Service only in a manner consistent with all applicable local, state, national or international laws, rules, orders, directives, statutes, and regulations (“Laws”), and (ii) use the Telematics Software and Service in a manner consistent with CNHI’s documentation. You assume full responsibility for the actions of any third party that you authorize or allow to access the Telematics Software or Service. For clarity, the Telematics Software is licensed, not sold, to you.
2. Compliance with Laws; Consents. You agree that you: (i) have fully complied and will fully comply with all applicable Laws (including anti-bribery and data privacy laws), including those relating to the use of the Telematics Service and the transmission and use of data and information provided to CNHI, and (ii) have provided and will provide all required notices to and have obtained and will obtain all necessary consents from your authorized users and other relevant individuals, including with regard to the transmission and use of data and information by the Telematics Service and CNHI.
3. No Reverse Engineering. The license described in Section II.1 above does not include any right to any source code of any Telematics Software. Except and to the extent required or permitted by Law, you and your authorized users shall not reverse engineer, disassemble, decompile or make any attempt to discover the source code of the Telematics Service, Site, or Telematics Software. Information necessary to achieve interoperability and security testing of the Telematics Service, Site, or Telematics Software is available from CNHI upon request.
4. Security Measures. The Telematics Software may be protected by certain security measures, including but not limited to technological measures under the Digital Millennium Copyright Act, copyright protection measures, application enabling mechanisms, passwords, key codes, encryption or other security devices (the “Security Measures”). You and your authorized users agree that you will not: (i) defeat or attempt to defeat the Security Measures that protect the Telematics Software and that would constitute a violation under applicable Law related to circumvention of technological measures that protect software, copyrighted works, or other intellectual property rights, or (ii) traffic in, purchase, manufacture, design, import, offer, sell or distribute any circumvention or hacking device that is designed to circumvent or hack the Security Measures or the Telematics Software to the extent unlawful under applicable Law.
5. No Misuse. You and your authorized users agree that you will not use the Telematics Service, Site, or Telematics Software for any purpose that is unlawful or not expressly permitted by this Agreement. We may restrict or terminate use of the Telematics Service, Site, or Telematics Software by you and your authorized users, in whole or in part, if there is a reasonable suspicion of, or any actual, misuse or fraudulent use by you or your authorized users. You will be responsible for any costs incurred by us or any other party (including attorneys’ fees) as a result of such misuse or fraudulent use. You and your authorized users may not:
(i) damage, disable, overburden, interfere with, disrupt or impair the Telematics Service, the Site, Telematics Software, or servers or networks connected to them, in any manner;
(ii) use the Telematics Service or Site in a “service bureau” or similar structure whereby third parties obtain or use of the Telematics Service through you, including without limitation as part of a service competitive with any service offered by CNHI;
(iii) interfere with any other party’s access, use or enjoyment of the Telematics Service, the Site, or Telematics Software in any manner;
(iv) intentionally or unintentionally violate any Law, including, but not limited to, Laws related to export;
(v) impersonate any person or entity, or misrepresent your affiliation with a person or entity, or provide any false or misleading information to CNHI;
(vi) use the Telematics Service or Site to convey obscene, prurient, defamatory, salacious, or unlawful information or copyrighted content that is not your property or to violate the rights of any third party;
(vii) use the Telematics Service without permission on a stolen or lost device;
(viii) engage in unauthorized access to the Telematics Service or the Site;
(ix) use the Telematics Service to provide voice over IP services;
(x) use any scheme, false representation or false credit device, with the intent to avoid payment, in whole or in part, for the Telematics Service;
(xi) except to the extent otherwise reasonably necessary to exercise the license rights granted to you under Section II.1 above, reproduce, modify, publish, distribute, publicly display, adapt, alter, translate, disclose, perform, or create derivative works from the Telematics Software (or any part thereof), or any Third Party Materials (as defined below);
(xii) remove, obscure, or alter any copyright, trademark, or other proprietary notices embedded in, affixed to, or accessed in conjunction with the Telematics Software; or
(xiii) track the location of any person or device without first informing and obtaining the necessary approvals from such person, owner, or person in control or possession of such device to permit you and CNHI to track such location.
6. Third Party Materials. The Telematics Software or Service may be bundled or used with software or services that are provided by third parties (“Third Party Materials”). Third Party Materials are not governed by this Agreement, but may be governed by such third parties’ terms of use or other agreements. CNHI will use reasonable efforts to notify you of events affecting Third Party Materials that CNHI bundles with the Telematics Software or Service and that may impact your use of the Telematics Service or Site. HOWEVER, TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, CNHI EXPRESSLY DISCLAIMS ALL RESPONSIBILITY AND LIABILITY (AND YOU WILL NOT HOLD OR ATTEMPT TO HOLD CNHI RESPONSIBLE OR LIABLE) IN CONNECTION WITH THE THIRD PARTY MATERIALS OR USE THEREOF BY YOU OR ANY AUTHORIZED USER.
7. Transfer of Equipment. You agree that you will not assign, sublicense, transfer, pledge, lease, rent, or share your rights under this Agreement, except that if you permanently transfer ownership of the Equipment, then you may also permanently transfer all of your rights under this Agreement; provided that you (i) notify such transferee of the existence of this Agreement and the Telematics Service, and of the transfer of data in accordance with this Agreement, (ii) notify such transferee that it and/or its authorized users must enter into this Agreement with CNHI if they wish to continue to use the Telematics Service, the Site, or Telematics Software, and (iii) promptly notify CNHI of such transfer. You will remain responsible for your Subscription to the Telematics Service and any use of such service, including by the Equipment, until you have contacted CNHI. You must also notify CNHI if you would like to have any of your data deleted from your account or your Equipment prior to the permanent transfer of ownership of your Equipment to the transferee.
III. TELEMATICS SERVICES
1. Nature of the Telematics Service. You acknowledge that in order for the Telematics Service to be provided, the telematics device in your Equipment will transmit certain data through the media of radio waves, cellular, satellite, GPS, Web and/or similar technology. The type, granularity, and volume of data collected will vary by machine type and may change at any time without notice. You consent to such transmission and waive any claims that you may have against us as to the availability, quality and performance of the media transmitting the data, other than those claims which cannot be waived under applicable Law. You understand that the Telematics Service is made available to you on the basis of several factors, including without limitation, Web access, cellular connectivity, computer usage, your Equipment, your operating system, your Equipment’s telematics device being activated and maintained by you, and the package of the Telematics Service you have purchased.
2. SMS Messaging and Emails. If you elect to receive short message service (“SMS”) messages on your mobile device and/or email messages as part of the Telematics Services, you hereby consent to receiving SMS messages and/or email messages from CNHI. Election to receive SMS messages is not a condition to receive the Telematics Service. To elect to receive SMS messages on a mobile device, you must be, and warrant that you are, the authorized user of the mobile device. The number of SMS messages received by you will vary depending upon machine activity. Your receipt of SMS messages may result in you incurring additional message or data fee(s) from your wireless carrier for which you are solely liable.
3. The Site. During the term of this Agreement, you will have access to and use of the Site. CNHI will assign to you user name(s) and password(s) for your use of the Site. You will control access to and use of your user name(s) and password(s), and you will promptly notify CNHI of any unauthorized use of your user name(s) or password(s). You will not (i) permit access to or use of the Site via your user name and/or password by any third party, or (ii) assign or transfer access to the Site or use the Site, except as set forth in this Agreement. If you desire to provide access to your account to a third party, you may grant such access via the Site after the third party creates its own user name and password. You assume full responsibility for the actions of any third party to which you permit access with respect to the Site.
4. Payment. If you have purchased the Telematics Service, you agree to pay all applicable charges and fees in accordance with the payment terms applicable to the Telematics Service subscription plan that you purchase (“Payment Terms”). Except as otherwise provided in the applicable Payment Terms, renewals of the Telematics Service will be at the applicable list price in effect at the time of the applicable renewal.
IV. DATA
1. Data Collection. CNHI will collect and process Personal Data from you for the purpose of creating and administering your account, and by using the Telematics Service, your Equipment will collect, record and/or transmit certain data to CNHI, including Machine Data and Agronomic Data. Personal Data, Machine Data and Agronomic Data are defined in the DPA. This Agreement does not grant CNHI any rights to your data that we may receive under this Agreement except for the rights of use described in this Agreement and in the DPA. Certain Machine Data is proprietary to CNHI.
2. Data Sharing with Dealers. Dealers authorized by CNHI or you to access and use your data made available through the Site and the Telematics Service are called “Authorized Dealers”. CNHI may provide Authorized Dealers information and data for the purpose of servicing your Equipment, including machine diagnostics, remote servicing, and machine component software updates, as further described in the DPA. Authorized Dealers may process and use your or your authorized user(s)' Personal Data only to provide a service in connection with your Equipment and in accordance with the DPA and applicable Law.
3. Use of Data Pursuant to the DPA. You acknowledge that you have been notified of our DPA, and you hereby grant CNHI the right to process, use, disclose and transfer data transmitted to CNHI to provide you with the Telematics Service as described in the DPA, in compliance with applicable Law. This permission extends to third parties engaged by CNHI in connection with providing the Telematics Service.
4. Use of Data for CNHI's Own Purposes. You acknowledge that CNHI will process and use Personal Data, Machine Data and Agronomic Data (as defined in the DPA) for its own purposes in order to improve the products and services, to develop new products and services, to carry out marketing activities, and to comply with laws, regulations, court orders and subpoenas or similar requests for information by authorities, or as otherwise required by Law. You hereby confirm that CNHI is permitted to access and process the Personal Data, Machine Data and Agronomic Data for its own purposes in compliance with applicable Law, including applicable data protection Law. In particular, to the extent required you will provide notification to and obtain any consents from data subjects to permit access to and processing of the Personal Data, Machine Data and Agronomic Data by CNHI as a Data Controller (as defined in the DPA) for its own purposes.
5. Derived Data. You and your authorized users understand that CNHI may aggregate, compile or derive data collected in connection with the Telematics Service such that a specific user or machine is no longer identifiable (“Derived Data”). Derived Data does not consist, contain, or relate to Personal Data. CNHI shall own such Derived Data. To the extent that you obtain any right, title or interest in such Derived Data, you hereby agree to irrevocably assign such right, title and interest to CNHI. Such Derived Data may be accessed and used by CNHI for any purpose, and may be shared by CNHI with third parties, including but not limited to our dealers, our affiliates and their dealers, the manufacturer of the Equipment, and other business partners. CNHI shall implement and maintain measures to ensure that Derived Data remain anonymous.
6. Restriction of Data Access. While you subscribe to the Telematics Service, you may not restrict CNHI’s access to and use of your data, except as permitted by applicable Law and as provided below.
a. Machine Data. If you desire to restrict CNHI’s access to Machine Data governed by this Agreement, you must cancel the Telematics Service by terminating this Agreement (as provided in Section IX below), and request via the Site or a CNHI dealer that CNHI delete the Machine Data available in your account. CNHI will effectuate such deletion within a reasonable period of time after your valid request, subject to Section IV(7) below. CNHI will continue to have access to Machine Data collected by the Telematics Service prior to you restricting CNH’s access to the Machine Data. Restricting CNH’s access to Machine Data will prevent you from receiving remote machine diagnostics, remote machine servicing or other services from CNHI.
b. Agronomic Data. You may restrict CNHI’s access to Agronomic Data through the Site or other services. Removal of CNHI’s access to and use of Agronomic Data through such subscriptions or services will also limit your access to Agronomic Data via the Site and disable your ability to load additional Agronomic Data. You may delete Agronomic Data files as described in Section IV(7) below.
7. Deletion of Data. You may delete any data from your account by deleting the selected data in the Site or contacting your dealer. You may also contact CNHI to request that CNHI permanently delete data maintained in or under your account on its systems, subject to any records retention or legal requirements.
If you or CNHI close your Telematics Service account (e.g., CNHI will close your account upon the termination of this Agreement), unless otherwise required by applicable Law or unless otherwise agreed by CNHI, CNHI has the option and right to permanently delete any and all information, including data, maintained in or under your account, and you will no longer be able to retrieve any data or other information contained in that account. You acknowledge that to the fullest extent permitted by applicable Law, CNHI has no responsibility for the deletion or failure to store any data or other information that may be submitted to CNHI, or that may be maintained or transmitted by the Telematics Service.
Notwithstanding the foregoing, CNHI shall not have any obligation to delete any Derived Data.
8. Transfer of Data. The Telematics Service is administered by CNHI from its offices or those of its affiliates at various locations globally. In accordance with applicable Law, CNHI may also make use of an affiliate or one or more external service providers to host the Telematics Service at various locations globally, subject to the requirements of engaging a Sub-processor as set out in the DPA. Consequently, your data that is provided to CNHI may be collected, sent, processed and stored outside of the country in which you live and, as a result, may be available to governmental authorities under lawful orders and other Laws applicable in such foreign jurisdictions. CNHI will use reasonable means to ensure that such data is protected in these cases, but CNHI cannot guarantee that the Laws of any foreign jurisdiction will accord the same degree of protection as the Laws of your country.
9. Third-Party Telematics Services. As part of the Telematics Service, you may choose to have the Service communicate, transfer and exchange data between your Equipment’s telematics device and certain third-party devices, systems or software to generate custom reports, data or other features (“Third-Party Telematics Services”). CNHI does not exercise control over the form or quality of data transmitted by such Third-Party Telematics Services, nor any reports or other data generated by them (collectively, “Third-Party Telematics Services Data”). Therefore, by choosing to use Third-Party Telematics Services, you and your authorized users agree to the following:
(i) You agree to allow CNHI and/or your Equipment’s telematics device to transfer and exchange your data with such Third-Party Telematics Services. You agree that once CNHI and/or your Equipment’s telematics device has initiated such transfer of your data to such Third-Party Telematics Service, to the extent that your data no longer remains in the CNHI Telematics Service, your data will no longer be governed by this Agreement or the DPA; rather, your data may be governed by such third-party supplier’s privacy statement.
(ii) Third-Party Telematics Services are not governed by this Agreement, but may be governed by the third-party supplier’s terms of use or other agreements which you may enter into directly with the Third-Party Telematics Services. You and your authorized users agree that you and they will not hold CNHI responsible for access to or use of any Third-Party Telematics Services, including any resulting Third-Party Telematics Services Data.
(iii) You accept any and all limitations in the use and quality of the Third-Party Telematics Services and any Third-Party Telematics Services Data, and agree that CNHI is not responsible for the quality or accuracy of, or the inability to receive, access or use Third-Party Telematics Services and/or any Third-Party Telematics Services Data.
(iv) CNHI may control the flow of Third-Party Telematics Services Data transmitted to and from the Telematics Service, and may stop or block the use of any Third-Party Telematics Services and/or any Third-Party Telematics Services Data that CNHI believes may adversely affect the Telematics Service.
(v) TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, CNHI EXPRESSLY DISCLAIMS ALL RESPONSIBILITY AND LIABILITY (AND YOU WILL NOT HOLD OR ATTEMPT TO HOLD CNHI RESPONSIBLE OR LIABLE) IN CONNECTION WITH: (1) YOUR DATA ONCE CNHI AND/OR YOUR EQUIPMENT’S TELEMATICS DEVICE HAS INITIATED SUCH TRANSFER OF YOUR DATA TO A THIRD-PARTY TELEMATICS SERVICE (WHETHER DIRECTLY OR INDIRECTLY THROUGH AN INTERMEDIARY SYSTEM); AND (2) ANY THIRD-PARTY TELEMATICS SERVICES AND/OR ANY THIRD-PARTY TELEMATICS SERVICES DATA, INCLUDING BUT NOT LIMITED TO ANY USE BY YOU OR YOUR AUTHORIZED USERS AND ANY RESULTING DAMAGE OR UNAUTHORIZED ACCESS TO OR LOSS OR ALTERATION OF YOUR EQUIPMENT OR DATA.
V. MODIFICATIONS
1. Modification or Discontinuation. To the fullest extent permitted by applicable Law, CNHI may, at any time, modify, suspend or permanently discontinue the Telematics Service or the Site, or any portion of their features, functions or products or associated support, with or without advance notice, for any or no reason. CNHI will not be liable to you or to any third party for any such modification, suspension or discontinuance, nor will CNHI be obligated to continue offering support for any suspended or discontinued Telematics Service, the Site or portions thereof. By accessing or using the Telematics Service or the Site, you consent to our modification to the Telematics Service or the Site, or any portion of its or their features, functions, products, or associated support. CNHI will provide reasonable advance notice for any modification, suspension or discontinuation of the Telematics Service or the Site, which have an adverse and material impact on the essential part of our bargain under this Agreement.
2. Software Updates. You agree that CNHI may, at any time, remotely change or update the Telematics Software with or without any advance notice. Such changes or updates may include bug fixes, patches, enhanced or new functions or features, and new versions. Unless otherwise explicitly stated by CNHI, any changes and updates to the Telematics Software will continue to be governed by the terms of this Agreement. By accepting this Agreement, you give your express consent to the installation of future software updates.
VI. TELEMATICS SERVICE REQUIREMENTS AND LIMITATIONS
1. Telematics Service Requirements.
(i) General. You understand that in order for the Telematics Service to operate, your Equipment must have a working electrical system, and your Equipment and the telematics device on your Equipment must otherwise be in working condition.
(ii) Third Party Communications Systems. In order to operate, the Telematics Service requires the use of a proprietary third party communications system, such as that of a telephonic wireless communications carrier or a satellite-based communication system (each, a “Communications Carrier”). CNHI HAS NO RESPONSIBILITY FOR THE AVAILABILITY, QUALITY OR PERFORMANCE OF (AND THE TELEMATICS SERVICE EXCLUDES) WIRELESS OR SATELLITE-BASED COMMUNICATIONS SERVICES OR EQUIPMENT FURNISHED BY THE COMMUNICATIONS CARRIERS. THE COMMUNICATIONS CARRIERS ARE EXCLUSIVELY RESPONSIBLE FOR SUCH SERVICES AND EQUIPMENT.
(iii) Site. You agree that the Site requires access to the Web, and you are responsible for the acquisition, configuration, monitoring, maintenance, management, and fees and expenses of your network connection and software and hardware related to your use of the Web, including LAN, computers, modems, and telecommunications devices. CNHI is not responsible for the network connection to access the Web or for issues, problems or conditions arising from or related to the network connection, including but not limited to bandwidth issues, signal coverage, network outages, and/or other conditions that are caused by the Web and/or network connection.
2. Telematics Legal Requirements. Transmission of information using your Equipment’s telematics device is subject to legal requirements that may vary from location to location, including radiofrequency use authorization. You are responsible for limiting your use of any telematics device to those locations where all legal requirements for their use and the communication network have been satisfied. In the event that your Equipment’s telematics device is located in or relocated to a location where (i) legal requirements are not satisfied or (ii) transmitting or processing of such information across multiple locations would not be legal, CNHI disclaims any and all liability related to such failure to comply, and CNHI may discontinue the transmission of information from that device.
VII. SUPPORT SERVICES
CNHI and its dealers may offer to provide (but are not obligated under this Agreement to offer or to provide) you with support services related to the Telematics Service. Any such support services may be subject to additional terms and conditions.
VIII. INTELLECTUAL PROPERTY
You and your authorized users understand that the Telematics Service and Telematics Software are protected by intellectual property laws and international treaties. As between CNHI and you, all rights, title, and interest in and to Telematics Service, the Site, and Telematics Software are owned by CNHI (or its licensors), and nothing contained in this Agreement transfers or assigns any right, title, or interest in the Telematics Service, the Site, or the Telematics Software, including without limitation any trademark rights, to you or your authorized users. You and your authorized users hereby agree and acknowledge that CNHI and its licensors (and as applicable, third-party suppliers) own all right, title and interest in and to all intellectual property rights in connection with or relating to the Telematics Service, the Site, and the Telematics Software.
IX. SUSPENSION AND TERMINATION
1. Suspension/Termination For Cause. CNHI may suspend or terminate your and/or your authorized users’ license to use the Telematics Service and/or Telematics Software, without liability, if:
(i) you or your authorized users violate the terms of this Agreement or any other valid agreement with CNHI for the use of the Telematics Service, the Site, or Telematics Software; or
(ii) CNHI has reason to believe that you, your authorized users, any of your agents or any third party is abusing the Telematics Service, the Site, or Telematics Software, or using it fraudulently or unlawfully.
CNHI may also suspend or terminate your subscription to the Telematics Services if you fail to pay fees or other amounts owed when due. Upon any termination of this Agreement under this paragraph, you will not be entitled to any refund of any payments made by you (if applicable) for the Telematics Services and you will no longer have access to your data via the Site.
2. Termination for Convenience by CNHI. Subject to any additional notice requirements under applicable Law, CNHI may terminate this Agreement upon thirty (30) days’ prior notice to you. Upon any termination of this Agreement under this paragraph, CNHI will refund to you a prorated portion of any payments made by you (if applicable) for the unused Telematics Service and you will no longer have access to your data via the Site. Such reimbursement will be CNHI’s sole liability to you for any such termination for convenience by CNH.
3. Termination for Convenience by You. You may terminate this Agreement upon thirty (30) days’ prior notice to CNHI. Upon any termination of this Agreement under this paragraph, you will not be entitled to any refund of any payments made by you (if applicable) for the Telematics Services and you will no longer have access to your data via the Site.
X. WARRANTIES
TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, CNHI, ITS DIRECTORS, OFFICERS, EMPLOYEES, LICENSORS, AND OTHER SUPPLIERS, DEALERS, AFFILIATES AND AGENTS (EACH A “CNHI PARTY” AND COLLECTIVELY THE “CNHI PARTIES”) DISCLAIM ANY RESPONSIBILITY FOR ANY HARM RESULTING FROM YOUR OR YOUR AUTHORIZED USERS’ USE OF THE TELEMATICS SERVICE, THE SITE, OR TELEMATICS SOFTWARE. YOU AND YOUR AUTHORIZED USERS EXPRESSLY UNDERSTAND AND AGREE THAT: (a) THE TELEMATICS SERVICE, THE SITE, AND THE TELEMATICS SOFTWARE ARE PROVIDED ON AN “AS IS”, “WITH ALL FAULTS” AND “AS AVAILABLE” BASIS AND THE ENTIRE RISK AS TO SATISFACTORY QUALITY, PERFORMANCE, ACCURACY AND EFFORT IS WITH YOU; (b) TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, THE CNHI PARTIES MAKE NO REPRESENTATIONS, WARRANTIES OR CONDITIONS, EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, INCLUDING WITHOUT LIMITATION, (i) WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, WORKMANLIKE EFFORT, ACCURACY, QUIET ENJOYMENT, NO ENCUMBRANCES, NO LIENS AND NON-INFRINGEMENT; (ii) WARRANTIES ARISING THROUGH THE COURSE OF DEALINGS OR USAGE OF TRADE; (iii) WARRANTIES REGARDING THE SECURITY, RELIABILITY, TIMELINESS, AND PERFORMANCE OF THE TELEMATICS SERVICE, SITE, OR TELEMATICS SOFTWARE; AND (iv) WARRANTIES THAT ACCESS TO OR USE OF THE TELEMATICS SERVICE, SITE, OR TELEMATICS SOFTWARE WILL MEET YOUR REQUIREMENTS, BE UNINTERRUPTED OR ERROR-FREE; AND (c) THAT YOU WILL ACCESS AND USE THE TELEMATICS SERVICE, THE TELEMATICS SOFTWARE, AND THE SITE AT YOUR OWN DISCRETION AND RISK AND THAT YOU WILL BE SOLELY RESPONSIBLE FOR ANY DAMAGES TO YOUR COMPUTER SYSTEM(S) OR EQUIPMENT OR LOSS OR ALTERATION OF DATA THAT RESULTS FROM SUCH ACCESS AND USE.
Without limiting the foregoing, due to variables beyond CNHI’s reasonable control with respect to the inherent positional inaccuracies of global navigation satellite systems (each such system, “GNSS”), you acknowledge that CNHI will not be responsible for the operation or failure of operation of GNSS satellites or the availability of GNSS satellite signals.
THERE ARE NO WARRANTIES THAT EXTEND BEYOND THOSE EXPRESSLY GRANTED IN THIS AGREEMENT. MANDATORY LAW IN SOME STATES OR JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES OR LIMITATIONS ON HOW LONG AN IMPLIED WARRANTY LASTS, SO THE ABOVE EXCLUSIONS OR LIMITATIONS MAY NOT APPLY TO YOU.
XI. Limitation of Liability
UNDER NO CIRCUMSTANCES, INCLUDING NEGLIGENCE, WILL THE CNHI PARTIES BE LIABLE TO YOU, YOUR AUTHORIZED USERS OR A THIRD PARTY FOR ANY DAMAGES, INCLUDING, WITHOUT LIMITATION, DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, PUNITIVE, THIRD PARTY OR CONSEQUENTIAL DAMAGES, OR DAMAGES FOR LOSS OF BUSINESS PROFITS, BUSINESS INTERRUPTION, LOSS OR CORRUPTION OF DATA (INCLUDING AS A RESULT OF TELEMATICS SOFTWARE UPDATES OR CHANGES), LOSS OF BUSINESS INFORMATION, VIRUS INFECTIONS, SYSTEM OUTAGES AND THE LIKE, ARISING OUT OF, BASED ON OR RESULTING FROM THIS AGREEMENT OR YOUR OR YOUR AUTHORIZED USERS’ ACCESS TO, USE OF, MISUSE OF OR INABILITY TO USE THE TELEMATICS SERVICE, THE SITE, OR THE TELEMATICS SOFTWARE (INCLUDING LOSSES OR DAMAGES ARISING FROM THEIR INTERRUPTION OR TRANSMISSION ERRORS (INCLUDING LOCATION DATA INACCURACIES), DEFECTS, OR ANY OTHER CAUSES), EVEN IF CNHI HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES (INCLUDING DAMAGES INCURRED BY THIRD PARTIES). CNHI does not assume and will not have any liability arising from events beyond its control or the control of its subcontractors, licensors or business partners, including events such as acts of God, acts of any governmental entity, acts of public enemy, strikes or weather conditions. THE EXCLUSION OF DAMAGES UNDER THIS SECTION XI IS INDEPENDENT OF ANY REMEDY PROVIDED UNDER THIS AGREEMENT AND SURVIVES IN THE EVENT SUCH REMEDY FAILS OF ITS ESSENTIAL PURPOSE OR IS OTHERWISE DEEMED UNENFORCEABLE. THESE LIMITATIONS AND EXCLUSIONS APPLY WITHOUT REGARD TO WHETHER DAMAGES ARISE FROM BREACH OF CONTRACT OR WARRANTY, NEGLIGENCE OR ANY OTHER CAUSE OF ACTION. TO THE EXTENT THAT APPLICABLE LAW DOES NOT PROHIBIT SUCH EXCLUSIONS AND LIMITATIONS, IN NO EVENT WILL CNHI’s TOTAL LIABILITY TO YOU FOR ALL DAMAGES, LOSSES AND CAUSES OF ACTION, WHETHER IN CONTRACT, STRICT LIABILITY, TORT (INCLUDING NEGLIGENCE) OR OTHERWISE, EXCEED THE AMOUNTS PAID BY YOU TO CNHI WITHIN THE 12 MONTHS PRIOR TO THE MOST RECENTLY ENDED MONTH FOR YOUR ACCESS OR USE OF THE TELEMATICS SERVICE. CNHI'S LIABILITY TO YOU FOR ALL DAMAGES, LOSSES AND CAUSES OF ACTION, WHETHER IN CONTRACT, STRICT LIABILITY, TORT (INCLUDING NEGLIGENCE) OR OTHERWISE WILL BE REDUCED BY THE EXTENT, IF ANY, TO WHICH YOU CONTRIBUTED TO THE DAMAGE, LOSS OR CAUSE OF ACTION.
THE PRECEDING LIMITATIONS OF LIABILITY DO NOT APPLY TO LIABILITIES THAT CANNOT BE EXCLUDED OR LIMITED BY APPLICABLE LAWS, SUCH AS IN THE EVENT OF STATUTORILY MANDATED LIABILITY (INCLUDING LIABILITY UNDER APPLICABLE PRODUCT LIABILITY LAW) OR IN THE EVENT OF PERSONAL INJURY ARISING SOLELY FROM A CNHI PARTY’S GROSS NEGLIGENCE OR WILLFUL MISCONDUCT.
In the event that applicable Laws imply warranties or conditions or impose guarantees or obligations on CNHI which cannot be excluded, restricted or modified or cannot be excluded, restricted or modified except to a limited extent ("Non-Excludable Rights"), this Agreement must be read subject to these Laws, and nothing in the Agreement is intended to exclude, restrict or modify your Non-Excludable Rights. If these Laws apply, then to the extent permitted by Law, CNHI limits its liability in respect of any claim under those Laws, (a) in the case of goods, at CNHI's option, to (i) the replacement of the goods or the supply of equivalent goods; (ii) the repair of such goods; (iii) the payment of the cost of replacing the goods or of acquiring equivalent goods; or (iv) the payment of having the goods repaired, and (b) in the case of services and at CNHI's option, to: (i) the supplying of the services again; or (ii) the payment of the cost of having the services supplied.
XII. INDEMNITY
UPON CNHI’S REQUEST, YOU AGREE TO INDEMNIFY, DEFEND AND HOLD HARMLESS EACH OF THE CNHI PARTIES FROM AND AGAINST ANY AND ALL CLAIMS, LAWSUITS, DEMANDS, ACTIONS OR OTHER PROCEEDINGS BROUGHT AGAINST IT BY ANY THIRD PARTY DUE TO, ARISING OUT OF OR RELATED TO YOUR OR YOUR AUTHORIZED USERS’ (A) USE OF THE TELEMATICS SERVICE, THE SITE, OR THE TELEMATICS SOFTWARE (INCLUDING IN CONNECTION WITH TRACKING THE LOCATION OF ANY PERSON OR DEVICE), (B) VIOLATION OF THIS AGREEMENT, (C) FAILURE TO PROVIDE NECESSARY NOTICES OR OBTAIN NECESSARY CONSENTS FROM AUTHORIZED USERS OR OTHER INDIVIDUALS REGARDING THE TELEMATICS SERVICE, THE SITE, OR THE TELEMATICS SOFTWARE (INCLUDING IN CONNECTION WITH TRACKING THE LOCATION OF ANY PERSON OR DEVICE), AND (D) VIOLATION OF ANY LAW OR THIRD PARTY RIGHTS. You shall pay any and all costs, damages and expenses, including, without limitation, reasonable attorneys’ fees and costs awarded against or otherwise incurred by the CNHI Parties in connection with or arising from any such claim, lawsuit, action, demand or other proceeding. A CNHI Party may, at its own expense, assume the exclusive defense and control of any matter otherwise subject to indemnification by you, in which event you agree to cooperate with such CNHI Party in asserting any available defenses.
XIII. OTHER
1. Electronic Signature and Disclosure Consent Notice. You agree to the use of electronic documents and records in connection with this Agreement, the Telematics Service, and the Site. You agree that all such documents and records that CNHI provides to you electronically satisfy any requirement that these documents and records be in writing. You may (i) obtain a paper copy of any document or record, (ii) withdraw your consent to the use of electronic documents and records, and (iii) update your contact information, by contacting CNHI as described on the CNHI website. To receive or access electronic documents and records, you must have a compatible and functional in-cab display or other software capable of displaying PDF files. To retain documents and records, your device must have the ability to download and store PDF files. Your access to this page verifies that your system and device meets the above receipt, access, and retention requirements.
2. Choice of Law and Dispute Resolution. This Agreement is governed by and construed in accordance with the laws of the State of New York and applicable United States federal law, including the Federal Arbitration Act, without reference to “conflicts of laws” provisions or principles. WE BOTH AGREE, TO THE FULLEST EXTENT PERMITTED BY LAW, TO USE FINAL AND BINDING ARBITRATION, NOT LAWSUITS (except for small claims court cases to the extent your claims qualify) TO RESOLVE ANY dispute, claim or controversy relating in any way to your or your Authorized User’s use of the TELEMATICS SERVICE, THE SITE, OR THE TELEMATICS SOFTWARE, or otherwise arising out of or relating to this Agreement OR THE DPA (each, a “DISPUTE”). For purposes of clarity, this arbitration agreement does not apply to any Dispute arising out of the Equipment that is unrelated to the Telematics Service, the Site, the Telematics Software, this Agreement, or the DPA.
The arbitration will be administered by the American Arbitration Association (AAA) in accordance with the AAA’s Commercial Arbitration Rules, and, if applicable, the AAA’s Consumer Arbitration Rules. If you are located in the United States, then unless you and we agree otherwise, the arbitration will take place in a location near where you reside or as otherwise specified in Table 1. If you are located in a jurisdiction other than the United States, the arbitration will take place in a location in the United States which we will select in our sole discretion, unless applicable Law requires otherwise.
You agree that any dispute resolution proceedings will be conducted only on an individual basis and you expressly waive the right to request or maintain any class-wide, representative or consolidated actions, even if AAA procedures or rules would permit them. We each agree that the parties are waiving the right to a trial by jury, and if for any reason a Dispute proceeds in court rather than in arbitration, we each waive any right to a jury trial. Notwithstanding the foregoing, we both agree that you or we may bring suit in court to enjoin infringement or other misuse of intellectual property rights.
To the extent permissible under applicable Law and the relevant AAA rules, you and we agree to pay our own fees, costs, and expenses, including those for any attorneys, experts, and witnesses.
If and to the extent a lawsuit or court proceeding is permitted under this Agreement, then you hereby consent and agree to the exclusive jurisdiction of, and venue in, the state and federal courts located in New York City, New York.
3. Import and Export Compliance. You acknowledge that all system hardware, system software, proprietary data, know-how, or other data or information (herein referred to as "Products") obtained from CNHI may be subject to the import and/or export control Laws of one or more countries and, accordingly, their import, export, re-export, and transfer may be restricted or prohibited. You agree to strictly comply with all such Laws and not to directly or indirectly import, export, re-export, transfer, or cause to be imported, exported, re-exported, or transferred, any such Products to any destination, entity, or persons prohibited or restricted under any Law, unless you have first obtained prior written consent of CNHI and any applicable governmental entity, either in writing or as provided by applicable Law, as the same may be amended from time to time.
4. U.S. Government Restricted Rights and Commercial Computer Software. The Product is deemed to be “commercial computer software” and “commercial computer software documentation” pursuant to DFAR Section 227.7202 and FAR Section 12.212 (and any successor sections). Use of the Product including, but not limited to, its reproduction and display, by the United States of America and/or any of its instrumentalities, regardless of form, is governed by this Agreement.
5. Entire Agreement. This Agreement, the terms of the DPA, and any other valid agreement between you and CNHI for use of the Telematics Service, the Site, and the Telematics Software constitute the entire agreement between you and CNHI and govern your use of the Telematics Service, the Site, and the Telematics Software, superseding any and all prior agreements, negotiations and communications (whether written, oral or electronic) between you and CNHI with respect to such subject matter. Except as otherwise expressly set forth otherwise in this Agreement, no change, modification, or waiver of this Agreement will be binding on CNHI unless made in writing, with CNHI’s approval. Any rights not otherwise expressly granted under this Agreement are reserved by CNHI and its licensors. The failure of CNHI to exercise or enforce any right or provision of this Agreement shall not constitute a waiver of such right or provision. If any part of this Agreement is held invalid or unenforceable by a court of competent jurisdiction, that portion shall be construed in a manner consistent with applicable Law to reflect, as nearly as possible, the original intentions of CNHI, and the remaining portions shall remain in full force and effect. No third party shall have the right to enforce any provision of this Agreement.
SECTIONS IV, VIII, X, AND XI FORM AN ESSENTIAL PART OF OUR BARGAIN.
6. Modification of Agreement. CNHI may modify and update this Agreement at any time. CNHI will provide you with reasonable notice of any such changes. CHNI may notify you of material changes to this Agreement by contacting you via your contact information provided in your account. Your continued use of the Telematics Service, the Site, or the Telematics Software following the posting of any such changes will constitute confirmation of your acceptance of the updated Agreement, unless you notify CNHI in writing within 30 days of the notice that you do not accept the updated Agreement. In that case, this Agreement in effect at the time of your last agreement to or acceptance of this Agreement will remain in effect, unless CNHI, at its option, exercises its right to terminate this Agreement.
7. Time Limits for Pursuing Claims and Disputes. You agree that to the extent permissible under applicable Law, any claim or cause of action arising out of or related to use of the Telematics Service, the Site, or the Telematics Software must be brought either in arbitration or in court in accordance with Section XIII(2) within one (1) year after such claim or cause of action arose or be forever barred.
8. Official Language. The official language of this Agreement is English. Unless the Laws of the location in which you reside require otherwise, the parties hereby acknowledge that they have required this Agreement, and all other documents relating hereto, be drawn up in the English language only. This Agreement may also be provided in other languages. For purposes of interpretation, or in the event of a conflict between the English version of this Agreement and the versions of this Agreement in any other language, the English language version shall control unless the Laws of the location in which you reside require that a different version control.
APPENDIX I
DATA PROCESSING AGREEMENT
This Data Processing Agreement and its Annexes (this "DPA") should be read together with the CNH Industrial Telematics Subscription End User License Agreement ("Agreement"). All definitions used in this DPA are given the meaning contained in the Agreement, unless otherwise defined in this DPA.
INTRODUCTION
Scope. In the context of the provision of Telematics Software and Services by CNHI to you, CNHI will process certain personal data on your behalf as a Data Processor (defined below). The terms of this DPA complement the Agreement and applies for such services of processing of personal data (the “Services” hereafter in this DPA) as further described in Annex 1 to this DPA. This DPA does not apply to the extent CNHI processes data which do not qualify as personal data and to the extent CNHI processes personal data as a Data Controller (defined below).
Interpretation. In the event of inconsistencies between the provisions of this DPA and any other agreements between the Parties, including the Agreement, the provisions of this DPA shall prevail with regard to the Parties' data protection rights and obligations with regard to the Services.
Definitions. For the purpose of this DPA, CNHI shall be considered a “Data Processor” and you shall be considered a “Data Controller”, and each shall be referred to, individually as a “Party” or jointly as the “Parties”. The terms of this DPA shall be read in accordance with the definitions set forth in the applicable data protection laws, including Regulation EU 2016/679 (the “General Data Protection Regulation” or “GDPR”).
ARTICLE 1 - DETAILS OF THE PROCESSING
The details of the processing operations provided by the Data Processor to the Data Controller (e.g., the subject-matter of the processing, the nature and purpose of the processing, the type of personal data and categories of data subjects) are specified in Annex 1 to this DPA.
ARTICLE 2 - PURPOSE AND USE OF PERSONAL DATA
Personal data processed by the Data Processor on behalf of the Data Controller may not be used for purposes other than those set in Annex 1 to this DPA or as otherwise instructed by the Data Controller. Data Controller may give additional instructions beyond those contained in this DPA and the Agreement to the extent such instructions are within the subject-matter of the Agreement. Additional instructions must be given in writing (including via email). In urgent matters, instructions can be given in another form provided they are confirmed without undue delay in writing.
The Data Controller shall ensure that any instruction given to the Data Processor is in compliance with applicable data protection law. The Data Processor shall process the personal data only in accordance with the documented instructions given by the Data Controller unless otherwise required by European Union or Member State law. In such event, (i) Data Processor shall inform the Data Controller of that legal requirement before processing unless European Union or Member State law prohibits such information on important grounds of public interest, and (ii) the Data Processor shall not be obliged to follow the challenged instructions. If the Data Controller confirms the challenged instructions the Data Processor shall follow such instructions only where:
i. the Data Controller acknowledges its liability for the challenged instructions; or
ii. the Data Controller requests a legal assessment from the competent supervisory authority and the latter declares that the challenged instructions are lawful.
ARTICLE 3 - SECURITY MEASURES
The Data Processor shall adopt technical and organizational measures as specified in Annex 2 in order to guarantee an adequate level of data security in accordance with the categories of data.
The Data Controller hereby confirms by accepting this Agreement, before processing is carried out, that the technical and organizational measures of the Data Processor as set out in Annex 2, are appropriate and sufficient to protect the rights of the data subject and acknowledges that the Data Processor provides sufficient guarantees in this respect.
The Data Processor ensures that persons authorized to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
ARTICLE 4 – SUB-PROCESSING
The Data Controller authorizes the Data Processor to use Sub-processors for the provision of the Services under this DPA.
For the purpose of this DPA, “Sub-processor” means any further data processor that is engaged by Data Processor as a sub-contractor for the performance of the Services or parts of the Services on behalf of the Data Controller provided that such Sub-processor has access to the personal data of Data Controller when carrying out the subcontracted Services (including but not limited to Authorized Dealers).
The Data Processor shall be allowed to appoint Sub-processors where the following conditions are met:
i. The Data Processor shall choose the Sub-processors diligently with special attention to their experience, professional skills and compliance with the GDPR and the applicable national data protection law, including the security of personal data.
ii. The Data Processor shall enter into a written contract with the Sub-processor which must be promptly sent to the Data Controller and whereby:
- The subcontracted service, the related processing of personal data and the security technical and organizational measures implemented by the Sub-processors are described;
- The Data Processor remains responsible for any acts or omissions of its Sub-processors in the same manner as for its own acts and omissions hereunder and pursuant to the GDPR and the applicable national data protection law; and
- The Data Processor shall pass on to Sub-processors the obligations of the Data Processor under this DPA to the extent applicable to the subcontracted services.
iii. The Data Processor shall, throughout the term of the DPA, at no charge to the Data Controller, regularly monitor the Sub-processors, shall promptly report to the Data Controller any detected or reported non-compliance by the Sub-processors and all actions taken to remedy any non-compliance. If the Sub-processors fail to remedy any non-compliance within a reasonable time upon receipt of either the Data Processor's or the Data Controller's notice, the Data Controller may revoke the approval of the Sub-Processors.
iv. The Data Processor may remove, replace or appoint suitable and reliable further Sub-processors in accordance with this clause:
- The Data Processor will notify the Data Controller in advance of any changes to its use of Sub-processors. If the Data Controller does not object within thirty (30) days after receipt of the Data Processor’s notice the further Sub-processor(s) shall be deemed accepted.
- If the Data Controller has a legitimate reason to object to a further Sub-processor, the Data Controller shall notify the Data Processor thereof in writing within thirty (30) days after receipt of the Data Processor’s notice. If the Data Controller objects to the use of the further Sub-processor, the Data Processor shall have the right to cure the objection through one of the following options (to be selected at the Data Processor’s sole discretion): (a) the Data Processor will cancel its plans to use the further Sub-processor with regard to the Data Controller's personal data; or (b) the Data Processor will take the corrective steps requested by the Data Controller in its objection (which remove the Data Controller’s objection) and proceed to use the further Sub-processor with regard to the Data Controller's personal data; or (c) the Data Processor may cease to provide or the Data Controller may agree not to use (temporarily or permanently) the particular aspect of the service that would involve the use of such further Sub-processor with regard to the Data Controller's personal data. If none of the above options are reasonably available and the objection has not been cured within thirty (30) days after the Data Processor’s receipt of the Data Controller’s objection, either party may terminate the affected service with reasonable prior written notice.
v. In case any Sub-processor is located outside the EU/EEA in a country that is not recognized as providing an adequate level of data protection, the Data Processor will take steps to address the requirement of an adequate level of data protection at Sub-processor by executing a data transfer agreement based on EU Model Clauses in accordance with the GDPR and the applicable national data protection law.
ARTICLE 5 - DURATION OF THE DPA
The present DPA shall be effective as from the date of signing and in force as long as the Agreement is in force and in any event for the duration necessary for the Services or to comply with this DPA. Termination rights shall be the same as set forth in the Agreement.
As of the termination date, the Data Processor shall cease processing the personal data of the Data Controller, and the personal data processed by the Data Processor and existing copies thereof will have to be permanently deleted, unless Union or Member State law requires storage of such personal data.
ARTICLE 6 - OBLIGATIONS OF THE PARTIES
The Data Controller shall ensure compliance with any applicable obligations under the GDPR and any other applicable data protection law that applies to the Data Controller as well as to demonstrate such compliance as required by Art. 5 (2) GDPR.
The Data Processor shall assist the Data Controller with its obligation under Art. 32 to 34 GDPR, to carry out a data protection impact assessment as may be required by Art. 35 GDPR and prior consultation as may be required by Art. 36 GDPR that relates to the Services provided by the Data Processor to the Data Controller under this DPA by means of providing the necessary and available information to the Data Controller. The Data Processor shall be obliged to provide such assistance only insofar that the Data Controller's obligation cannot be met by the Data Controller through other means. The Data Processor will advise the Data Controller on the costs for such assistance. Once the Data Controller has confirmed to bear such costs, the Data Processor will provide such assistance.
ARTICLE 7 - AUDIT
The Data Processor shall make available to the Data Controller, upon the Data Controller's request, information in order to demonstrate compliance with the obligations of the Data Processor and possible Sub-processors laid down in Art. 28 GDPR. If additional audit activities are legally required, the Data Controller may request inspections conducted by the Data Controller or another auditor mandated by the Data Controller ("On-Site Audit"). The Parties will discuss and agree in advance on the reasonable start date, scope and duration of, and security and confidentiality controls applicable to, any On-Site Audit. The Data Controller shall bear any costs arising out of or in connection with any On-Site Audit.
ARTICLE 8 - DATA BREACH NOTIFICATION
The Data Processor shall notify the Data Controller of any breach it becomes aware of to the security of the personal data they hold, without undue delay after becoming aware of such personal data breach. In this case the Data Processor will assist the Data Controller with the Data Controller's obligation under applicable data protection law to inform the data subjects and the supervisory authorities, as applicable.
ARTICLE 9 - EXERCISE OF THE RIGHTS
The Data Controller is primarily responsible for handling and responding to requests made by data subjects.
When data subjects enforce their rights before the Data Processor, it needs to communicate it without undue delay to the Data Controller.
In any case, when possible, the Data Processor should also collaborate with the Data Controller in responding to requests to exercise rights foreseen in the GDPR when instructed to do so by the Data Controller by appropriate technical and organizational measures. The Data Controller shall determine whether or not a data subject has a right to exercise any such data subject rights and to give instructions to the Data Processor to what extent the assistance is required.
ARTICLE 10 - MISCELLANEOUS
The notices, notifications and information required in this DPA shall be sent to privacy-compliance@cnhind.com for the Data Processor and to the contact details on your account for the Data Controller.
The Parties have the right to ask for changes to this DPA to the extent required to satisfy any interpretations, guidance or orders issued by competent European Union or Member State authorities, national implementation provisions, or other legal developments concerning the GDPR requirements for the commissioning of data processors.
Each Party shall be liable for its obligations set out in this DPA and in accordance with the GDPR and the applicable national data protection law. The Data Processor shall defend, indemnify and hold harmless the Data Controller from all claims, damages, suits, proceedings, regulatory investigations arising out of a violation of the Data Processor's obligations under this DPA.
Should any provision of this DPA be invalid or unenforceable, then the remainder of this DPA shall remain valid and in force. The invalid or unenforceable provision shall be either (i) amended as necessary to ensure its validity and enforceability, while preserving the Parties' intentions as closely as possible or - should this not be possible - (ii) construed in a manner as if the invalid or unenforceable part had never been contained therein. The foregoing shall also apply if this DPA contains any omission.
This DPA shall be governed by the law of the Member State in which the Data Controller is established, except as otherwise stipulated by applicable data protection law. The place of jurisdiction for all disputes regarding this DPA shall be as determined by the Agreement, except as otherwise stipulated by applicable data protection law.
In addition to the processing of the Personal Data, Machine Data and Agronomic Data by CNHI as a Data Processor within the meaning of applicable data protection law as covered and stipulated in this DPA, CNHI may also process and use the Personal Data, Machine Data and Agronomic Data as a Data Controller within the meaning of applicable data protection law and as stipulated in Section IV.4 of the Agreement.
DPA - ANNEX 1
DESCRIPTION OF THE DATA PROCESSING
Subject-matter of the processing
The DATA PROCESSOR provides the CNH Industrial® telematics service, including AFS Connect™ and MYPLMCONNECT, remote display access, data and software management services, wireless data transfer, location history, and other functionalities as further described in CNHI’s standard documentation and in each case to the extent included in DATA CONTROLLER’s subscription (“Telematics Service”). The Telematics Service utilizes the telematics device in DATA CONTROLLER’s machine or equipment provided by DATA PROCESSOR (“Equipment”) and the modem software and other software and/or firmware that is used in, installed on, provided with, or embedded on the Equipment (“Telematics Software”).
Nature and purpose of the processing
The DATA PROCESSOR collects and processes Personal Data (as defined below) from the DATA CONTROLLER for the purpose of creating and administering DATA CONTROLLER’s account, and by using the Telematics Service, the DATA CONTROLLER’s Equipment collects, records and/or transmits Machine Data (as defined below) and Agronomic Data (as defined below) to the DATA PROCESSOR, for the purpose of allowing the DATA PROCESSOR to provide the Telematics Service, (which includes checking and maintaining the telematics service and monitoring Equipment health and performance). PROCESSOR may share Personal Data, Machine Data and Agronomic Data with Sub-processors to provide services to which the DATA CONTROLLER subscribes, including with Authorized Dealers to provide Equipment support and service subject to the requirements of Article 4 of the DPA for the engagement of Sub-processors.
Machine Data processed by DATA PROCESSOR does not enable DATA PROCESSOR to identify the operator of the Equipment. However, Machine Data may constitute personal data if the DATA CONTROLLER is able to relate the Machine Data to the use of Equipment by an identified or identifiable individual, e.g. based on other information available to the DATA CONTROLLER (e.g. employee information). Agronomic Data does not constitute personal data.
Type of personal data
DATA PROCESSOR processes the following categories of Personal Data:
• name
• email address
• account information, including account settings
DATA PROCESSOR also processes Machine Data, which is data generated by DATA CONTROLLER’S machine that is specific to DATA CONTROLLER’S machine. Examples of Machine Data include:
• geolocation information
• fuel usage
• fuel injection rate
• engine speed
• travel speed
DATA PROCESSOR also processes Agronomic Data, which is data generated by DATA CONTROLLER’s machine that is geocentric or relates to DATA CONTROLLER’s field or field operations. Agronomic Data does not constitute personal data. Examples of Agronomic Data include:
• yield
• application rate
• chemical mixes
• prescriptions
Categories of data subjects
DATA CONTROLLER’s staff or representatives (e.g. employees).
DPA - ANNEX 2
DESCRIPTION OF THE TECHNICAL AND ORGANIZATIONAL MEASURES IMPLEMENTED BY THE DATA PROCESSOR IN ACCORDANCE WITH APPLICABLE DATA PROTECTION LAW
Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the DATA PROCESSOR shall implement the following technical and organizational measures which have been confirmed as appropriate by the DATA CONTROLLER to ensure a level of security appropriate to the risks for the rights and freedoms of natural persons. In assessing the appropriate level of security the DATA CONTROLLER took into account in particular the risks that are presented by processing, in particular from accidental or unlawful destruction loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored or otherwise processed.
1. Access control
The DATA PROCESSOR shall implement suitable measures to prevent unauthorized persons from gaining access to the data processing equipment (namely database and application servers and related hardware) where the personal data is processed.
The DATA PROCESSOR shall implement suitable measures to prevent its data processing systems from being used by unauthorized persons.
The DATA PROCESSOR shall commit that the persons entitled to use its data processing system are only able to access the data within the scope and to the extent covered by their respective access permission (authorization) and that personal data cannot be read, copied, modified, or removed without authorization.
2. Transmission control
The DATA PROCESSOR shall implement suitable measures to prevent the personal data from being read, copied, altered, or deleted by unauthorized parties during the transmission thereof or during the transport of the data media.
3. Input control
The DATA PROCESSOR shall implement suitable measures to make sure that it can check and establish whether and by whom personal data has been inputted into data processing systems or removed.
4. Availability control
The DATA PROCESSOR shall implement suitable measures to make sure that personal data is protected from accidental destruction or loss.
5. Encryption
The DATA PROCESSOR shall ensure encryption of the personal data at rest and in transit.
6. Confidentiality, integrity, availability and resiliency of the processing systems and of the services provided by the DATA PROCESSOR
The DATA PROCESSOR shall maintain suitable security measures in order to be able to ensure the confidentiality, integrity, availability and resiliency of the processing systems and of the Services provided by the DATA PROCESSOR.
7. Ability to restore the availability and access to the personal data in a timely manner in the event of a physical or technical incident
The DATA PROCESSOR shall provide the ability to restore the availability and access to the personal data in a timely manner in the event of a physical or technical incident.
8. Process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the data processing
The DATA PROCESSOR shall maintain processes for regularly testing, assessing and evaluating the effectiveness of the technical and organizational measures of the DATA PROCESSOR for ensuring the security of the data processing.
9. System administrators
The DATA PROCESSOR shall fulfill the following requirements:
a. individual appointment of system administrators with detailed description of scope of activities allowed;
b. maintaining an updated and available list of system administrators with their identification details and functions assigned to them;
c. at least yearly communication of the updated list of system administrators and their functions to the DATA CONTROLLER, with a description of those who are even just potentially involved in the data processing of the DATA CONTROLLER’s employees;
d. at least yearly audit of system administrators’ activity in order to assess compliance with assigned instructions received by DATA CONTROLLER and applicable law;
e. recording and storage of systems administrators' access logs and keep them accurate and unmodified for at least six months.
