Vendor User Agreement
Last Updated: December 16, 2024
THIS VENDOR USER AGREEMENT (the “Agreement”) is entered into by and between Wreno Home Services LLC, with offices at 15333 North Pima Road STE 305 Scottsdale, Arizona, 85260 (“Wreno”, “we”, "us” or “our”) and the Vendor User ("Vendor User", "you", or "your"). Wreno and the Vendor User may individually each be referred to as a “Party” and collectively as the “Parties” in this Agreement.
This Agreement governs your use of Wreno website at https://wreno.io/, platform, App and related services, including lead generation, compliance management, and communication tools (collectively, the "Services").
By clicking “I Agree” or by accessing and using the Services, you accept and agree to be bound by the terms of this Agreement. If you do not agree to the terms of this Agreement, you must not access or use the Services.
1. DEFINITION AND INTERPRETATION
1.1. Definitions. For purposes of this Agreement:
“Confidential Information” means all non-public, proprietary, or sensitive information disclosed by one Party to other. Such Confidential Information may include, without limitation: (i) business and financial information, (ii) business methods and practices, (iii) technology and technological strategies, (iv) marketing strategies and (v) other such information (such as general know-how) each Party deems as Confidential Information.
“Scope of Work” means the job specification and related information uploaded by
Property Managers to the Wreno platform.
“Services” means the platform operated by Wreno, and associated tools offered by
Wreno, including lead generation, compliance, and messaging functionality.
“Third-Party Content” means any data, materials, or communications not created or controlled by Wreno.
“Writing” includes by email or other written communication.
1.1. Interpretation.
1.2.1. References. References to “Agreement” mean this Agreement (and include possible enclosures). References to “Section” mean the Section of this Agreement. References to the singular include the plural and vice versa and references to any gender include both genders. References to a person include any individual or entity.
1.2.2. Capital Use. It is clarified that the use of capital letters or variations in capitalization within this Agreement has no effect on its interpretation.
2. PLATFORM OVERVIEW
2.1. Platform Overview. Wreno provides a Vendor Management Software platform designed to facilitate connections between Property Managers and vendors. Key features include:
Lead Generation: Opportunities for vendors to access job leads, including Scopes of Work.
Scope of Work (SoW) Building: Property Managers can upload detailed job descriptions, expectations, and requirements for vendor review, enabling vendors to assess and engage with potential opportunities.
Contract Management: Vendors and Property Managers may use the platform to facilitate the review, exchange, and storage of contractual terms. Wreno does not draft or negotiate contractual terms and is not responsible for contract enforcement or compliance.
Vendor Engagement via Chat: Integrated messaging functionality enables communication between Property Managers and vendors to streamline collaboration and clarify job requirements. Wreno does not monitor or moderate chat content and disclaims any liability arising from messaging use.
Notifications: Wreno may send notifications related to SoWs, contracts, platform updates, and leads via text, call, app, or email. It is the user’s responsibility to maintain accurate contact details to ensure receipt of such communications.
2.2. Agreement Structure. This Agreement is governed by the following policies and documents. By accepting this Agreement, you also agree to comply with the associated policies and terms outlined below:
Terms of Use for the Wreno Site:
https://wreno.io/legal/terms-and-conditions
Payment Policy:
https://wreno.io/legal/payment-policy
Privacy Policy:
https://wreno.io/legal/privacy-policy
Data Processing Agreement
Incorporated in this Agreement as Annex I.
These documents may be updated periodically and will remain accessible through our Services. By continuing to use the Services following any updates, you acknowledge that you have read, understood, and agreed to the revised terms.
3. RELATIONSHIP OF THE PARTIES
3.1. Neutral Facilitator. Wreno acts solely as a neutral facilitator and does not manage payments for jobs, support payment disputes, or facilitate communications outside the Wreno messaging feature.
3.2. Wreno’s Limited Role:
3.2.1. Wreno does not supervise, manage or guarantee the quality or outcome of vendor services.
3.2.2. Wreno is not a party to any contract or agreement between Property Managers and vendors.
3.2.3. Wreno does not mediate disputes or handle payment transactions between Property Managers.
3.3. Independent Contractor Relationship. Nothing in this Agreement creates an agency, partnership, joint venture, fiduciary, or employment relationship between the parties. Both Wreno and Vendor User act as independent contractors under this Agreement.
4. VENDOR USER RESPONSIBILITIES
4.1. Compliance with Software Guidelines. You agree to utilize the Vendor Management Software in strict accordance with Wreno’s instructions and guidelines.
4.2. Account Creation. You agree to provide accurate and complete information during registration, including your legal name, contact details, and business information. Payment details necessary for subscription and lead fees.
4.3. Use of the Services. When using our Services, you agree to:
4.3.1. Use the Scope of Work (SoW) and contract management features solely for lawful purposes and in accordance with Wreno’s guidelines.
4.3.2. Communicate through the integrated messaging feature to engage with Property Managers regarding SoWs, contracts, or other relevant matters. You are required to use the communication tools provided within the platform for all interactions related to the services offered.
4.3.3. Receive notifications via text, call, app, or email regarding leads, SoWs, platform updates, and contract-related matters. You acknowledge that it is your responsibility to maintain updated contact information to receive such notifications.
4.3.4. Maintain the confidentiality of your account credentials and notify Wreno immediately of any unauthorized use.
4.4. Vendor Lead Management. Vendors who opt to engage with job leads by unlocking a Scope of Work agree to:
4.4.1. Pay the applicable lead fee immediately upon confirming interest, which will unlock messaging functionality with the Property Manager.
4.4.2. Understand that leads do not guarantee job awards, vendor selection, or payment for services.
4.4.3. Acknowledge that lead pricing may vary based on vendor size and promotional terms.
4.5. Explicit Consent. You acknowledge and provide consent for Wreno to present its vendors with business opportunities offered by external parties through the new vendor sourcing network. You understand that engaging with vendors unaffiliated with Wreno may occur as a result of utilizing the new vendor sourcing network. You acknowledge that the Property Manager uses Wreno to facilitate the vendor agreement, and by using this Services, you understand and accept this arrangement.
4.6. Prohibited Data and Uses. You must not use the Services to:
- 4.6.1. Collect, store, or process sensitive data, including but not limited to:
- Payment card data under PCI DSS.
- Health data protected under HIPAA.
- Special categories of data under GDPR (e.g., racial, genetic, or biometric data).
5. WRENO'S RESPONSIBILITIES
5.1. Wreno’s Role. Wreno will:
5.1.1. Develop and Maintain Software. Develop and maintain the Vendor Management Software, and updated features such as Scope of Work (SoW) building, contract management, and vendor engagement via chat.
5.1.2. Background Checks. Conduct background checks on vendors in accordance with applicable laws and regulations, provided that such actions have been mutually agreed upon by the Parties.
5.1.3. Property Manager Tools. Provide tools for Property Managers to upload and share detailed Scope of Works with vendors.
5.1.4. Secure Data Storage. Safely store and maintain vendor contracts, certificates of insurance, and private information.
5.1.5. Vendor Management Software. Provide you access to our Vendor Management Software, allowing you to onboard vendors, manage compliance, and utilize the new vendor sourcing network.
5.1.6. Vendor Sourcing Network. Facilitate an innovative vendor sourcing network, introducing vendors to business opportunities curated based on compatibility with matching criteria, from both affiliated and unaffiliated sources.
6. PAYMENT TERMS
6.1. Subscription Requirements. Access to the Services requires an active subscription. Subscription payments:
6.1.1. Are processed via Stripe or other designated payment processors. You agree to update payment details as needed if we switch payment platforms.
6.1.2. Automatically renew at the end of the subscription term unless canceled or opted-out.
6.1.3. You can manage your subscription, payment method and membership status through Stripe or by sending an email to support@wreno.io. For more details we encourage you to review our Payment Policy.
6.2. Lead Charges
6.2.1. Bids. Vendors are required to pay a fee to access job leads (“Bids”) upon confirming their interest in the opportunity. Confirming interest is defined as the act of unlocking the option to communicate with the Property Manager regarding the respective lead.
6.2.2. Usage-Based Fees. Fees are calculated on a usage basis and may vary depending on factors such as the vendor's size, scope of services, or applicable promotional terms offered by Wreno.
6.2.2. No Guarantee. Payment of fees and access to leads do not guarantee the awarding of jobs or the selection of the vendor by Property Managers. All lead opportunities are subject to the discretion and decision-making of the Property Managers.
6.3. Lead Expiration
6.3.1. Promotional Periods. During promotional periods, leads remain accessible to vendors without expiration.
6.3.2. Standard Expiration. After the conclusion of promotional periods, access to leads will expire on a monthly basis, measured from the date the lead is made available to the vendor. Specific expiration timelines will be clearly communicated within the vendor’s account dashboard or associated materials.
6.4. Refund Policy
6.4.1. Compliance Refunds: Refunds for compliance fees are available within 7 days of payment.
6.4.2. Lead Package Refunds: Refunds for lead packages are available within 7 days of purchase, provided no leads have been accessed. Once any lead within a package has been accessed or used, the package becomes non-refundable.
6.5. Payment Authorisation. By providing payment information, you authorize Wreno to:
6.5.1. Charge your account for subscription fees, lead charges, and any other applicable fees.
6.5.2. Adjust billing amounts with prior notice for subscription renewals or promotional terms.
7. CONFIDENTIALITY AND DATA PRIVACY
7.1. Obligations of Confidentiality. You acknowledge and agree to keep any Confidential Information received through the Services. This includes but is not limited to vendor contracts, certificates of insurance, financial information, and private user information. You shall not, under any circumstances other than required by law or official authorities, disclose such information to any third party without the prior written consent of Wreno.
7.2. Privacy Policy and Data Handling. We ensure the careful handling and processing of user data in strict adherence to our comprehensive Privacy Policy. This policy outlines the precise procedures for the collection, usage, storage, and disclosure of personal information in a manner that respects user privacy and legal requirements.
7.3. Consent for Data Collection and Processing. By utilizing the Services, you explicitly provide consent for the collection and processing of your personal data as outlined in our Privacy Policy. This consent extends to all necessary actions required to facilitate the platform's functionality and enhance the user experience, while maintaining strict adherence to privacy standards.
7.4. Data Security Commitment. We are committed to maintaining the confidentiality and security of all vendor data and private information collected through the Vendor Management Software. This includes safeguarding sensitive information from unauthorized access, misuse, or disclosure.
7.5. Prohibition on Unauthorized Disclosure. We make an unequivocal pledge not to disclose or share any vendor data or private information with unauthorized third parties. This commitment extends to ensuring that all personnel involved in handling such data are bound by stringent confidentiality obligations and are granted access only to the information necessary for fulfilling their designated tasks.
8. INTELLECTUAL PROPERTY RIGHTS
8.1. Definition and Ownership of Intellectual Property. Intellectual Property (IP) means but is not limited to trademarks, service marks, patents, copyrights, privacy and publicity rights, words, graphics, logos, and any and all intellectual property the Services may contain our IP as well as IP of our affiliates or other companies, provided to you or anyone in connection with the Services. Your use of our Services does not constitute any right or license for you to use such IP. Our Services are also protected under applicable IP laws. The copying, redistribution, use, or publication by you of any portion of our Services is strictly prohibited. Your use of our Services does not grant you ownership rights of any kind in our Services. We reserve all rights not expressly granted to You in these Terms.
8.2. Restrictions on Use. You acknowledge that all intellectual property rights in the platform, including but not limited to text, graphics, logos, images, and software, are owned by us or our licensors. You agree not to reproduce, modify, distribute, or exploit any content belonging to us without obtaining prior written consent.
8.3. Limited License to Use the Platform. You grant us a non-exclusive, worldwide, royalty-free, perpetual, and irrevocable license to use, display, reproduce, modify, and distribute any content submitted by you through the platform for the purposes of facilitating vendor matches and providing the platform's services.
8.4. License for Submitted Content. We hereby grant you, including all your authorized users, a non-exclusive, non-sublicensable, non-assignable, royalty-free, worldwide license to access and use the service of the Vendor Management Software solely for your internal business operations in accordance with the terms and for the duration of this Agreement.
9. THIRD-PARTY SERVICE PROVIDERS
9.1. Third-Party Services. In order to provide our Services, Wreno engages certain trusted third-party service providers. By using the Services, you understand and agree that your data will be processed through these third parties such as:
9.1.1. Hosting and IaaS. Data hosting and IaaS providers that include computing power, storage, and databases. This enables the Services to build, deploy, and scale applications quickly and securely.
9.1.2. Feed Providers. Providers that specialize in scalable, customizable, and real-time activity feeds for our Services. This allows for features such as personalized timelines, news feeds, and notification systems.
9.1.3. SSO. Single Sign-On (SSO) tools that you may choose to connect to the Services. These provide a convenient and secure way for you to access various services without the need to create and manage separate accounts.
9.1.4. Payment Processing Service Providers. Payment processing service providers that assist us in the process of integrating pay-ment functionality into the Services, allowing us to build and scale our online payment operations efficiently.
9.2. Other Services. In order to enhance your experience with our Services, we partner with various third-party services. This helps us offer functionalities like:
9.2.1. Vendor Screening: We use services such as Checkr for conducting background checks;
9.2.2. Payment Processing: Platforms such as Stripe to handle your payment transactions;
9.2.3. Document Management: Tools that assist in reading and extracting data from documents;
9.2.4. Digital Signatures: Services such as HelloSign are used for electronic signing processes;
9.2.5. Communication: Platforms like Zoom, Aircall, and Twilio facilitate SMS, phone calls, and voicemails. Be aware that we store necessary data such as names, phone numbers, and message content for these communications.
9.2.6. Connections. Custom integrations and API access are also available to connect our platform with various property management software systems, including both third-party solutions and proprietary customer systems. As a Property Manager, you need to authorize these integrations and confirm your right to enable such connections. By using our platform and enabling these integrations, you allow us to exchange necessary data with these systems, like vendor and property details, for providing our services.
9.3. Security. We commit to safeguarding the security of these integrations and preventing unauthorized access. However, we cannot be held liable for issues arising from integrations or API access that you authorize.
9.4. Integrations. Please note, enabling custom integrations or API access might require sharing sensitive information, like API keys, between our platform and your management system. It's your responsibility to inform us about any special handling required for such sensitive credentials.
10. LIMITATION OF LIABILITY
10.1. Services Disclaimer. We provide the Services on an “as is” and “as available” basis. We make no representations or warranties regarding:
10.1.1. The accuracy or reliability of the content provided through our Services.
10.1.2. The suitability or quality of vendors or Property Managers using the Services.
10.2. No Liability for Vendor Work. We are not at any time, without or without cause, liable for the quality, completeness, or outcome of services provided by vendors or Property Managers. Nor are we liable for financial disputes or damages arising from vendor-property manager agreements.
10.3. Limitation of Liability. We shall not be liable for any direct, indirect, incidental, consequential, or punitive damages arising from the use or inability to use the Services, even if advised of the possibility of such damages. We shall not be responsible for any loss, damage, or expense caused by errors or omissions in any information, instructions, or data provided through the Services.
10.4. False Documents. We explicitly disclaim liability for any forged, inauthentic, or fraudulent documents that may be submitted by you. In particular, we shall not bear any liability in the event that such a party submits an inaccurate or falsified insurance policy, which subsequently passes our verification process, and an accident thereafter occurs, potentially exposing us to the associated liabilities.
10.5. Responsibility. Property Managers establish compliance rules based on Vendor service type. Vendors must accurately categorize their business type. Property Managers are responsible for reviewing and ensuring correct Vendor classifications. Wreno is not liable for issues arising from inaccurate Vendor service types.
10.6. Limitation of Damages. To the maximum permitted by law, Wreno’s total liability under this Agreement is limited to the amount paid by the Vendor User in the 6 months preceding the claim.
11. INDEMNIFICATION
You agree to indemnify and hold Wreno their affiliates, officers, directors, employees, and agents harmless from any claim or demand, including reasonable attorneys’ fees, made by any third party due to or arising out of the use of our Services, digital products, any breach of this Agreement, or your violation of any rights of another. You further agree to indemnify and hold Wreno harmless any claims arising out of disputes between you and Property Managers or other third parties and the content you share through our Services.
12. THIRD-PARTY CONTENT
You understand and acknowledge that, when using the Services, you may be exposed to content from a variety of sources outside of our control (collectively, “Third-Party Content”) and that we do not control and are not responsible for any Third-Party Content. You understand and acknowledge that you may be exposed to content that is adult-oriented, inaccurate, offensive, indecent or otherwise objectionable or may cause harm to your devices.
13. TERM AND TERMINATION
13.1. Term. This Agreement shall be active for the duration of your purchased subscription term, beginning on the Effective Date. The Effective Date shall be the date on which you complete the sign-up process and agree to the terms and conditions.
13.2. Automatic Termination. Should Vendor User opt not to renew its subscription at the end of the current term, the Agreement and all services provided by Wreno shall automatically terminate at the expiration of the ongoing subscription period.
13.3. Effect of Termination. Termination of this Agreement shall not relieve the Parties of any obligations or liabilities that accrued prior to termination. Sections 7 (Confidentiality and Data Privacy), 8 (Intellectual Property Rights), 10 (Limitation of Liability), 12 (Indemnification), and 14 (Governing Law and Jurisdiction) shall survive termination.
14. GOVERNING LAW JURISDICTION AND DISPUTE RESOLUTION
14.1. Governing Law. This Agreement shall be governed by and construed in accordance with the laws of the state of Arizona, without giving effect to any principles of conflicts of law. It is important to note that by agreeing to these Terms, you comply with the laws of the state of Arizona.
14.2. Competent Court. You agree that any action at law or in equity arising out of or relating to this Agreement shall be filed only in the state or federal courts located nearest to Scottsdale, Arizona, and you hereby consent and submit to the personal jurisdiction of such courts for the purposes of litigating any such action.
14.3. NO CLASS ACTIONS. Disputes must be brought on an individual basis only and may not be brought as a plaintiff or class member in any purported class, consolidated, or repre-sentative proceeding. Class arbitrations, class actions, private attorney general actions, and consolidation with other arbitrations are not allowed. If for any reason a dispute proceeds in court rather than through arbitration, each party knowingly and irrevocably waives any right to trial by jury in any action, proceeding, or counterclaim. This does not prevent either party from participating in a class-wide settlement of claims.
14.4. YOU AGREE TO THE FOLLOWING MANDATORY ARBITRATION AND CLASS ACTION WAIVER PROVISIONS:
14.4.1. MANDATORY ARBITRATION. You and Company agree to resolve any claims relating to these Terms or our Services through final and binding arbitration.
14.4.2. Arbitration Forum. Either party may commence binding arbitration through ADR Services, an alternative dispute resolution provider. The parties will pay equal shares of the arbitration fees.
14.4.3. Arbitration Procedures. The arbitration will be conducted in Maricopa County, Arizona or at another mutually agreed location. All issues are for the arbitrator to decide, including but not limited to issues relating to the scope, enforceability, and arbitrability of this Section. The amount of any settlement offer will not be disclosed to the arbitrator by either party until after the arbitrator determines the final award, if any. The obligation to arbitrate is not binding upon the Services with respect to claims relating to its trademarks, service marks, patents, copyrights, or other intellectual-property rights, or requests for temporary restraining orders, preliminary injunctions or other procedures in a court of competent jurisdiction to obtain interim relief when deemed necessary by such court to preserve the status quo or prevent irreparable injury pending resolution by arbitration of the actual dispute between the parties.
14.4.4. Injunctive Relief. Notwithstanding anything in this Agreement, we may apply for injunctive remedies (or an equivalent type of urgent legal relief) in any jurisdiction. You acknowledge that if you violate or breach these Terms, it may cause irreparable harm to us and our affiliates, and we shall have the right to seek injunctive relief against you in addition to any other legal remedies.
15. FORCE MAJEURE
Neither Party will be liable to the other for any delay or failure to perform any obligation under these Terms (except for a failure to pay ) if the delay or failure is due to unforeseen events that occur after the signing of these Terms and that are beyond the reason-able control of such party, including but not limited to a strike, war, act of terrorism, riot, natural disaster, or failure or diminishment of power or telecommunications or data networks or services.
16. ASSIGNMENT AND SUBCONTRACTING
16.1. Assignment and Subcontracting. Except as set out below, You may not assign or novate this Agreement in whole or in part without Wreno’s express written consent.
16.2. No Assignment. Wreno may: (i) by written notice to You, assign or novate this Agreement in whole or in part to an affiliate of Wreno, or otherwise as part of a sale or transfer of any part of its business; or (ii) subcontract any performance associated with the Wreno to third parties, provided that such subcontract does not relieve Wreno of any of its obligations under this Agreement.
17. FEEDBACK
We appreciate feedback and suggestions for improvements. If you provide us feedback, you hereby grant to us a perpetual, non-revocable, royalty-free worldwide license to use and/or incorporate such feedback into any product or service at any time at our sole discretion.
18. FINAL PROVISIONS
18.1. Entire Agreement. This Agreement constitutes the entire agreement between you and us, superseding any prior agreements, communications, or understandings, whether oral or written, relating to the subject matter hereof.
18.2. Severability. The invalidity, illegality or unenforceability of any of the provisions, terms or conditions of the Agreement shall not affect the validity, legality or enforceability of the remaining provisions, terms or conditions of the Agreement.
18.3. Hierarchy. In the event there is a conflict between the provisions which are subject to this Agreement, the provisions of this Agreement will supersede.
18.4. Amendment. This Agreement may be amended solely when agreed upon in writing by both Parties.
18.5. Notices. All notices required under this Agreement shall be in writing and delivered to the respective Party via email, certified mail, or an internationally recognized courier service, to the addresses provided in this Agreement or otherwise notified in writing.
19. ATTACHMENTS TO THIS AGREEMENT
The following attachment forms an integral and inseparable part of this Agreement:
Exhibit A - Data Processing Agreement — WRENO
EXHIBIT B - Technical And Organisational Measures Including Technical And Organisational Measures To Ensure The Security Of The Data
Both Parties agree that these Annexes hold the same binding authority as this main Agreement and should be referenced for more specific operational guidelines.
By clicking the "I Agree" button or by accessing and using the services provided by Wreno, you acknowledge that you have read, understood, and consented to the terms and conditions of this Agreement, including its Annexes. If you accept these terms on behalf of your company, you represent that you are authorized to accept this Agreement on behalf of your company, and all references to “you” or “Vendor User” reference your company.
IN WITNESS WHEREOF, the Parties hereto have electronically acknowledged and agreed to this Agreement as of the Effective Date.
1. This Data Processing Agreement (“DPA“) forms part of the Agreement between the You (the “Vendor” or the “Data Controller”) and Wreno (the “Data Processor”), (together as the “Parties”).
2. WHEREAS
a. The Vendor acts as a Data Controller.
b. The Vendor wishes to subcontract certain Services, which imply the processing of personal data, to the Data Processor.
c. The Parties seek to implement a data processing agreement that complies with the requirements of the current legal framework in relation to data processing and with the framework of applicable laws including but not limited to the California Consumer Privacy Act of 2018 and any binding regulations promulgated thereunder, in each case, as may be amended from time to time. This includes but it is not limited to the California Privacy Rights Act of 2020.
d. The Parties wish to lay down their rights and obligations.
e. IT IS AGREED AS FOLLOWS in this DPA.
3. Definitions and Interpretation
a. Unless otherwise defined herein, capitalized terms and expressions used in this DPA or the Agreement shall have the following meaning:
b. “Agreement” means the underlying Agreement, this DPA, and all Schedules;
c. “Vendor Personal Data” means any Personal Data Processed by a Subprocessor on behalf of Vendor pursuant to or in connection with the Agreement;
d. “Data Protection Laws” means appliable privacy laws including but not limited to the California Consumer Privacy Act of 2018 and any binding regulations promulgated thereunder, in each case, as may be amended from time to time. This includes but it is not limited to the California Privacy Rights Act of 2020, to the extent applicable;
e. “Data Transfer” means:
i. a transfer of Vendor Personal Data from the Vendor to a Subprocessor; or
ii. an onward transfer of Vendor Personal Data from a Subprocessor to a sub-Subprocessor, or between two establishments of a Subprocessor, in each case, where such transfer would be prohibited by Data Protection Laws (or by the terms of data transfer agreements put in place to address the data transfer restrictions of Data Protection Laws);
f. “Services” means the services the Vendor provides, as defined in the Agreement.
g. “Subprocessor” means any person appointed by or on behalf of Processor to process Personal Data on behalf of the Vendor in connection with the Agreement. Wreno
h. The terms, “Commission”, “Controller”, “Data Subject”, “Member State”, “Personal Data”, “Personal Data Breach”, “Processing” and “Supervisory Authority” shall have the same meaning as in Data Protection Laws or analogous terms, and their cognate terms shall be construed accordingly.
4. Processing of Vendor Personal Data
a. Processor shall comply with all applicable Data Protection Laws in the Processing of Vendor Personal Data; and not Process Vendor Personal Data other than on the relevant Vendor’s documented instructions.
b. The Vendor instructs Processor to process Vendor Personal Data.
5. Applicability and Scope.
a. This DPA will apply only to the extent that Wreno processes, on behalf of Vendor, Personal Data to which Data Protection Laws apply.
b. Scope. The subject matter of the data processing is the provision of the Services, and the processing will be carried out for the duration of the Agreement.
c. Wreno as a Processor. The parties acknowledge and agree that regarding the processing of Vendor Personal Data, Vendor may act either as a controller or processor and Wreno is a processor. Wreno will process Vendor Data in accordance with Vendor’s instructions and as agreed to in the Agreement.
d. Wreno as a Controller of account data. The parties acknowledge that, regarding the processing of account data, Vendor is a controller and Wreno is an independent controller, not a joint controller with Vendor. Wreno will process account data as a controller (a) in order to manage the relationship with Vendor; (b) carry out Wreno’s core business operations; (c) in order to detect, prevent, or investigate security incidents, fraud, and other abuse or misuse of the Services; (d) identity verification; (e) to comply with Wreno’s legal or regulatory obligations; and (f) as otherwise permitted under Data Protection Laws and in accordance with this DPA, the Agreement, and the Privacy Policy.
e. Compliance. Vendor shall be responsible for ensuring that: a) all such notices have been given, and all such authorizations have been obtained, as required under Data Protection Laws, for Wreno to process Vendor Personal Data on behalf of Vendor, as contemplated by this DPA.
f. Processor Personnel. Processor shall take reasonable steps to ensure the reliability of any employee, agent or contractor of any Subprocessor who may have access to the Vendor Personal Data, ensuring in each case that access is strictly limited to those individuals who need to know / access the relevant Vendor Personal Data, as strictly necessary for the purposes of the Agreement, and to comply with Applicable Laws in the context of that individual’s duties to the Subprocessor, ensuring that all such individuals are subject to confidentiality undertakings or professional or statutory obligations of confidentiality.
6. Security
a. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Processor shall in relation to the Vendor Personal Data implement appropriate technical and organizational measures to ensure a level of security appropriate to that risk (see Exhibit B below).
b. In assessing the appropriate level of security, Processor shall take account in particular of the risks that are presented by Processing, in particular from a Personal Data Breach.
7. Subprocessing
a. Vendor agrees that (a) Wreno may engage subprocessors to process Vendor Personal Data on Wreno’s behalf. Vendor provides a general authorization for Wreno to engage onward Subprocessors that is conditioned on the following requirements: (a) Wreno will restrict the onward Subprocessor’s access to Vendor Personal Data only to what is strictly necessary to provide the Services, and Wreno will prohibit the Subprocessor from processing the Vendor Personal Data for any other purpose. (b) Wreno agrees to impose contractual data protection obligations, including appropriate technical and organizational measures to protect personal data, on any Subprocessor it appoints that require such Subprocessor to protect Vendor Personal Data to the standard required by Data Protection Laws; and (c) Wreno will remain liable and accountable for any breach of this DPA that is caused by an act or omission of its Subprocessors.
b. Wreno may, by giving reasonable notice to the Vendor, add new Subprocessors. If Vendor objects to the appointment of an additional Subprocessor within ten (10) calendar days of such notice on reasonable grounds relating to the protection of the Personal Data, then Wreno will work in good faith with Vendor to find an alternative solution. In the event that the parties are unable to find such a solution, Vendor may terminate the Agreement at no additional cost.
8. Data Subject Rights
a. Taking into account the nature of the Processing, Processor shall assist the Vendor by implementing appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Vendor obligations, as reasonably understood by Vendor, to respond to requests to exercise Data Subject rights under the Data Protection Laws.
b. Processor shall promptly notify Vendor if it receives a request from a Data Subject under any Data Protection Law in respect of Vendor Personal Data; and ensure that it does not respond to that request except on the documented instructions of Vendor or as required by Applicable Laws to which the Processor is subject, in which case Processor shall to the extent permitted by Applicable Laws inform Vendor of that legal requirement before the Subprocessor responds to the request.
9. Personal Data Breach
a. Processor shall notify Vendor without undue delay upon Processor becoming aware of a Personal Data Breach affecting Vendor Personal Data, providing Vendor with sufficient information to allow the Vendor to meet any obligations to report or inform Data Subjects of the Personal Data Breach under the Data Protection Laws.
b. Processor shall cooperate with the Vendor and take reasonable commercial steps as are directed by Vendor to assist in the investigation, mitigation and remediation of each such Personal Data Breach.
10. Data Protection Impact Assessment and Prior Consultation Processor shall provide reasonable assistance to the Vendor with any data protection impact assessments, and prior consultations with Supervising Authorities or other competent data privacy authorities, which Vendor reasonably considers to be required by provisions of Data Protection Law, in each case solely in relation to Processing of Vendor Personal Data by, and taking into account the nature of the Processing and information available to, the Subprocessors.
11. Deletion or return of Vendor Personal Data
a. Processor shall promptly following cessation of any Services involving the Processing of Vendor Personal Data (the “Cessation Date”), delete and procure the deletion of all copies of those Vendor Personal Data.
12. Audit rights
a. No more than once per twelve (12) month period, Processor shall make available to the Vendor on request information reasonably necessary to demonstrate compliance with this DPA, and shall allow for and contribute to audits, including inspections, by the Vendor or an auditor mandated by the Vendor in relation to the Processing of the Vendor Personal Data by the Subprocessors.
b. Information and audit rights of the Vendor only arise under section 12 to the extent that the Agreement does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection Law.
13. Data Processing Schedule
Subject-matter of the processing Duration of the processing Nature and purpose of the processing Type(s) of personal data Categories of data subjects
Services provided under the Agreement The term of the Agreement Provision of the Services First and last name Title Position Employer Contact information (company, email, phone, physical business address) Taxpayer Identification # (Employer Identification # "EIN" or Social Security # "SSN") Vendor’s end users: Prospects, customers, business partners and vendors of Vendor (who are natural persons)
14. General Terms
a. Confidentiality. Each Party must keep this DPA and information it receives about the other Party and its business in connection with this DPA (“Confidential Information”) confidential and must not use or disclose that Confidential Information without the prior written consent of the other Party except to the extent that:
i. disclosure is required by law;
ii. the relevant information is already in the public domain.
b. Responding to third party requests. In the event any third party request is made directly to Wreno in connection with Wreno’s processing of Vendor Personal Data, Wreno will promptly inform Vendor and provide details of the same, to the extent legally permitted. Wreno will not respond to any third party request, without prior notice to Vendor and an opportunity to object, except as legally required to do so or to confirm that such third party request relates to Vendor.
c. Notices. All notices and communications given under this DPA must be in writing and will be delivered personally, sent by post or sent by email to the address or email address set out in the heading of this DPA at such other address as notified from time to time by the Parties changing address.
15. Miscellaneous.
a. If there is a conflict between the Agreement and this DPA, the terms of this DPA will prevail. The order of precedence will be: (a) this DPA; (a) the Agreement; and (c) the Privacy Policy.
b. Any claims brought in connection with this DPA will be subject to the terms and conditions, including, but not limited to, the exclusions and limitations set forth in the Agreement.
c. In no event does this DPA restrict or limit the rights of any data subject or of any competent supervisory authority.
d. In the event (and to the extent only) of a conflict (whether actual or perceived) among Data Protection Laws, the parties (or relevant party as the case may be) shall comply with the more onerous requirement or standard which shall, in the event of a dispute in that regard, be solely determined by Wreno.
e. Notwithstanding anything in the Agreement or any order form entered in connection therewith, the parties acknowledge and agree that Wreno access to Vendor Personal Data does not constitute part of the consideration exchanged by the parties in respect of the Agreement.
16. This DPA is incorporated by reference into the Terms of Service or other electronic or written agreement between Wreno and Vendor (“Agreement”) and forms part of such Agreement.
1. Data in transit is encrypted
2. Data is encrypted at rest
3. Policies. Wreno maintains information security policies and reviews them periodically, including after any major changes occur in applicable law or regulatory guidance or are otherwise made to the Services
a. Wreno implements processes designed to ensure the ongoing compliance with these policies and to identify and enable Wreno to take action against any areas of non-compliance. Failure to comply with policies are addressed through appropriate disciplinary actions.
4. Information Security Program. Wreno assigns responsibility for information security management to senior personnel.
a. Wreno implements technical and organizational measures designed to protect against unauthorized or unlawful processing of customer data and against accidental loss or destruction of, or damage to, customer data, including a written information security program, which includes policies, procedures, and technical and physical controls designed to protect the security, availability, integrity and confidentiality.
5. Access Control. Wreno assigns unique user IDs to authorized individual users to access Services. All access to Systems must be authorized and authenticated.
a. Wreno access rights to customer data are based on the principle of least privilege and designed to ensure that persons entitled to use Services have access only to the customer data for which they have a business need.
6. Vulnerability Management Wreno maintains up-to-date anti-malware software, has implemented a vulnerability management program with regular scanning for vulnerabilities, subscribes to a vulnerability notification service, has a method for prioritizing vulnerability remediation based on risk, and has established remediation timeframes based on risk rating.
7. Measures for the protection of data during storage. Intrusion Prevention: Wreno implements and maintains working network security to protect data accessible via the Internet and will keep all Vendor Data protected at all times.
8. Measures for ensuring data minimisation. Data collection is limited to the purposes of processing (or the data that the Vendor chooses to provide). Security measures are in place to provide only the minimum amount of access (least privilege) necessary to perform required functions.
9. Measures for ensuring data quality. Wreno has a process that allows data subjects to exercise their privacy rights (including a right to amend and update their Personal Data), as described in Wreno’s Privacy Policy.
10. Technical and organizational measures to be taken by processor to provide assistance to the controller and, for transfers from processor to a subprocessor. Prior to engaging new third-party service providers (subprocessors) who will have access to Vendors’ Data, Wreno conducts assessment of subprocessor’s data security practices. Wreno will also remain liable and accountable for any breach of this DPA that is caused by an act or omission of its subprocessors.
11. Security Incidents. Wreno has an information security incident management program that addresses management of security incidents as well as taking steps to minimise the chance of future recurrence of such incidents.
12. Secure Disposal. Wreno has controls designed to ensure the secure disposal of customer data in accordance with applicable law taking into account available technology.
13. Data Retention. At the expiry or termination of the Agreement, Wreno will, at customer’s request, option, delete or return all customer data (excluding any back-up copies which shall be deleted in accordance with Wreno’s data retention schedule), except where Wreno is required to retain copies under applicable laws, in which case Wreno will isolate and protect that customer data from any further processing except to the extent required by applicable laws.
By clicking the "I Agree" button or by accessing and using the services provided by Wreno, you, as the Vendor User, acknowledge that you have read, understood, and consented to the terms and conditions of this Agreement. If you accept these terms on behalf of your company, you represent that you are authorized to accept this Agreement on behalf of your company, and all references to “you” or “Vendor User” reference your company. IN WITNESS WHEREOF, the Parties hereto have electronically acknowledged and agreed to this Agreement as of the Effective Date.
