PRISMA Home - Canon South & Southeast Asia

Canon Production Printing Netherlands B.V. (“CPP”) is the provider of one or more of the PRISMA online or website-based services on a chargeable (PRISMA Premium Services) or charge – free (PRISMA Freemium - Limited Functionality Services or PRISMA Premium - Trials Services) basis in a subscription made available under this Agreement, as described in more detail below.

This Agreement (the “Agreement”) is between CPP and an organization agreeing to these terms, typically a commercial print shop or in-house print operation (“Subscriber”). This Agreement governs Subscriber’s access at the PRISMA Home portal URL (“PRISMA Website”) to, and use of, the respective PRISMA software available at the PRISMA Website (“PRISMA Software”) and a menu of associated services as outlined in this Agreement and as described from time to time (the “PRISMA Services”) on the PRISMA Website. The initial available PRISMA Services are outlined at downloads.cpp.canon.

Subscriber’s access and use of PRISMA Services is subject to the terms and conditions of this Agreement (which, for the avoidance of doubt, includes the applicable Data Processing Agreement as set out in Annex I) and contingent upon Subscriber’s acceptance of the PRISMA Home Website Terms and CPP’s Privacy Policy published on the PRISMA Website.

The provisions of this Agreement govern provision and use by the Subscriber of chargeable (PRISMA Premium) Services as well as free of charge (i.e., the PRISMA Freemium - Limited Functionality and PRISMA Premium - Trials) Services. The Subscriber acknowledges and agrees the access and use of the above mentioned free of charge PRISMA Services are subject to special provisions, including disclaimers, as set out accordingly in sections 1.m and 1.n below of this Agreement. Subscriber acknowledges and agrees that it should not activate and use the above free of charge services if it does not agree to the special terms referred to above.

Upon acceptance of this Agreement, the Subscriber will be set up as a tenant of the PRISMA Website and will obtain access to and be able to activate, at its discretion, one or more of the PRISMA Freemium (Limited functionality) Services, as more fully described in section 1.m of this Agreement and the relevant service specification. The access to and use of PRISMA Freemium (Limited functionality) Services is free of charge and subject to the terms and conditions set out in section 1.m below.

Once the Subscriber is set up as a tenant of the PRISMA Website as envisaged above and has activated one or more PRISMA Freemium (Limited functionality) Services, the Subscriber can activate one or more PRISMA Premium Services with full functionality on a trial (free of charge) basis as more fully described in section 1.n of this Agreement and the relevant service specification. The access to and use of the PRISMA Premium - Trials Services are free of charge services and the latter provide the Subscriber with the opportunity to test PRISMA Services with full functionality for a limited period of time and subject to the terms and conditions set out in section 1.n below.

Should a Subscriber elect to purchase chargeable PRISMA Services with full functionality (“Premium PRISMA Services”), the Subscriber can do so by contacting the local Canon Affiliate and place an order for the relevant service(s). 

Subscriber can purchase PRISMA Services as a subscription through an authorized retail dealer (“Dealer”) of Canon Affiliate in the territory where the PRISMA Services are provided (“Canon”). This Agreement shall be entered into with Subscriber correspondingly by either Canon or Dealer. In this Agreement such party (Canon or Dealer, whichever is applicable) shall be further referred to as a “Authorised Distributor”. 

By reviewing the terms of this Agreement made available on-screen on the PRISMA Website and signifying its acceptance on a click–through basis, the Subscriber is contractually bound by its terms. The individual accepting this Agreement on behalf of the Subscriber represents that he/she has the authority to bind the Subscriber to this Agreement.

1. Provision of PRISMA Services.

1. Rights to Use. CPP hereby grants to Subscriber a non-exclusive, non-transferable limited, revocable and personal right to permit Subscriber’s Authorized Users (as defined hereinafter) to use the PRISMA Services available on the hosted PRISMA Website during the Term (as such capitalized terms are defined below) and only for permitted business purposes. Subscriber may use the PRISMA Services by accessing the PRISMA Website and only in compliance with the terms and conditions of this Agreement and all Laws (as defined in Exhibit A). 
   
   The Authorised Distributor will set up an account at the PRISMA Website established by CPP in a Japan  based Azure environment, within which the Authorised Distributor can establish the tenancy for Subscriber acting through its Authorized Users who have been provided with credentials to access a subset of Subscriber’s tenancy on the PRISMA Website. 
   
   Authorized Users are collectively (a) Subscriber and (b) the employees of Subscriber. 
   
   Subscriber may use PRISMA Services to monitor and check performance of connected print engines, create reports on engine utilization and print engine user print job statistics and/or validate color performance of connected print engines. 
    
2. An Authorised Distributor may also distribute subscriptions to other services available at the PRISMA Website and provide credentials for Authorized Users of these other services in accordance with the portions of the PRISMA Website governing these other services and with this Agreement. 
   
   As stipulated above, CPP’s PRISMA Home Website Terms of Use and CPP’s Privacy Policy as CPP may publish on the PRISMA Website, shall also govern access to the PRISMA Website by Authorized Users. 
   
   Authorised Distributor’s pricing, if any, to Subscriber for the PRISMA Services and for other ancillary services may be provided in a separate agreement between Authorised Distributor and Subscriber, which may be in the form of a statement of work or purchase order issued pursuant to Authorised Distributor’s contractual undertaking with Subscriber for installation, support and/or maintenance of Subscriber’s fleet of Canon brand printing devices (the “Authorised Distributor-Subscriber Agreement”). For the avoidance of doubt, the terms and conditions of this Agreement (which includes the associated service descriptions, as set out above, and the Data Processing Agreement appended as Annex I, and any terms published on the PRISMA Home Website, including PRISMA Home Website Terms of Use and CPP’s Privacy Policy), shall supersede any conflicting or varying terms in any Authorised Distributor-Subscriber Agreement.
    
3. Facilities and Data Processing. CPP is contracting with an Azure data center hosting provider (“Hosting Provider”) to host the PRISMA Software and associated submission and processing resources for the PRISMA Services at the PRISMA Website. CPP and its Hosting Provider will use, at a minimum, industry standard technical and organizational security measures to transfer, store, and process Subscriber and User Data (defined below). These measures are designed to protect the integrity of Subscriber and User Data and guard against the unauthorized or unlawful access to, use, and processing of Subscriber and User Data. Subscriber acknowledges that CPP will only store Subscriber and User Data in Japan subject to possible CPP involvement in monitoring the operational conditions of the PRISMA Website and resolving service issues, as contemplated in Sections 1.g and 1.j below. “Subscriber and User Data” means collectively Stored Data and Personal Data of Subscriber. “Stored Data” means the files and structured data for print jobs and other PRISMA Services submitted to the PRISMA Website by Subscriber, and “Personal Data” means the account identity and contact information submitted to the PRISMA Website by an Authorized User seeking PRISMA Services as such terms are further defined in Exhibit A.
    
4. Modifications to the PRISMA Services. CPP may update the PRISMA Services from time to time. CPP may add or remove functionalities or features, and may suspend or stop a portion of PRISMA Services altogether. If CPP changes the PRISMA Services in a manner that materially reduces their functionality, Subscriber will be informed through notices at the PRISMA Website. By continuing to access or use the PRISMA Services after respective updates/revisions become effective, Subscriber agrees to be bound by the current version of this Agreement for such revised PRISMA Services set forth at the PRISMA Website. If Subscriber does not agree to the revised PRISMA Services or applicable Agreement terms, Subscriber may terminate the PRISMA Services subscription under this Agreement within thirty (30) days of receiving notice of the change by notifying its Authorised Distributor, and the provisions of Section 7.c below shall govern. 
    
5. Software. To facilitate Subscriber’s use of the PRISMA Services, Subscriber must accept a license (“PRISMA Proxy EULA”) for, and download, PRISMA Proxy Software and install it on a Windows or Apple computer meeting the hardware and software environment  descriptions available at the PRISMA Website or from Subscriber’s Authorised Distributor. CPP may update the PRISMA Proxy software by notice published on the PRISMA Website, in which event Subscriber can download a new version of the PRISMA Proxy software. Subscriber may use the PRISMA Proxy software and other PRISMA software hosted on the PRISMA Website only to access and use the PRISMA Services, in accordance with all terms of this Agreement. If any component of the PRISMA Proxy or other PRISMA software provided as part of the PRISMA Services is offered under an open-source license, CPP will make the license available to Subscriber and the provisions of that license may expressly supersede some of the terms of this Agreement. Where the provision of the PRISMA Services requires the installation of software installed on the Subscriber’s local systems or hardware (e.g., PRISMA Proxy), such installed local software will be provided only for the Term (as defined in Section 7.a below) and subject to this Agreement and the conditions and terms provided in the PRISMA Proxy EULA.
    
6. Service Availability for PRISMA Premium and PRISMA Premium Trials Services. CPP, working with its Hosting Provider will use reasonable and commercial methods to make the PRISMA Website and PRISMA Services available 24 hours a day and 7 days per week, and/or as further set out below and/or in the relevant service description document. CPP will undertake scheduled maintenance outside normal business hours of the Authorised Distributor, which are Monday to Friday 09:00 to 17:00 local time of the Authorised Distributor.
    
7. General Exceptions Applicable to Service Availability. Subscriber’s access to and use of the PRISMA Website and PRISMA Services may be unavailable for the duration of unforeseen or unscheduled downtime caused by uncontrollable events such as systems failures, power outages, failures of CPP’s service providers, problems inherent to the use of electronic communications and the use of the internet or other interruptions. Subscriber is responsible for any desired backing up, Stored Data that Subscriber transmits, posts, creates or processes through the use of the PRISMA Services, as further described in Section 3 below. Notwithstanding anything in this Agreement, if there is a Security Emergency then CPP may suspend use of the PRISMA Services. CPP will make commercially reasonable efforts to narrowly tailor the suspension as needed to prevent or terminate the Security Emergency. “Security Emergency” means: (i) use of the PRISMA Services that does or could disrupt use of the PRISMA Services by any Subscribers, or the infrastructure used to provide the PRISMA Services, (ii) unauthorized third-party access to the PRISMA Services or their hosting infrastructure, including ransomware, denial of service or other hacker-type attacks, or (iii) any other acts beyond CPP control disrupting or significantly impairing PRISMA Services. 
    
8. Subscriber acknowledges and agrees that notwithstanding the provisions of this section 1.h, different service availability levels may apply to separate PRISMA Services, depending on the type of service the Subscriber has chosen to access and use. The service–specific service levels for the relevant PRISMA Service(s) are set out in the service descriptions. In the event of conflict and/or inconsistency between the provisions of this section 1.h and the respective service availability provisions set out in the relevant service specification, the service specification’s service availability provisions shall take precedence, provided, however, that the general exceptions to Service Availability set out in section above shall apply by default in addition to any service specific exceptions to service availability commitments unless a specific service specification expressly excludes some or all of the general exceptions listed in this section.  
    
9. Access to Subscriber and User Data. Access for Authorized Users of Subscriber to the PRISMA Website is governed by Subscriber permission which will be managed by Subscriber’s administrator. A Subscriber only has access to the Subscriber and User Data in its own tenancy. The Subscriber and User Data is secured by the respective passwords of Subscriber. Each Authorized User is allowed to select a password and connects to the Subscriber tenancy using such password. The Authorised Distributor does not have access to Subscriber and User Data stored at the PRISMA Website, except with the Subscriber’s consent to provide support and professional services. Selected and credentialed employees at CPP shall have overall administrative access to the PRISMA Website, including Subscriber and User Data, as reasonably needed for maintenance, monitoring of PRISMA Website operations, giving and receiving of notices and support purposes or other purposes identified in CPP’s PRISMA Services user guides at downloads.cpp.canon. Hosting Provider administrators may also have access to data stored at the PRISMA Website as reasonably needed for similar purposes.
    
10. Security. CPP’s Hosting Provider and/or CPP uses commercially standard methods to protect Subscriber and User Data submitted to the PRISMA Website by use of the PRISMA Services. However, no method of electronic transmission of Subscriber and User Data is 100% secure, and CPP does not guarantee the security of Subscriber and User Data at any time. Subscriber should use whatever other methods of security it deems feasible to meet its own security policies and commitments. A security overview is available at downloads.cpp.canon. Customary antivirus protection is installed by Hosting Provider for the PRISMA Website where Subscriber and User Data is stored. Subscriber is responsible for providing anti-virus protection on its own local or other computers accessing the PRISMA Website. Subscriber must notify CPP, or the Authorised Distributor immediately of any actual or suspected security incident, breach of security, or unauthorized use of PRISMA Services. CPP or the Authorised Distributor will not be liable for any losses caused by any unauthorized use of PRISMA Services, and Subscriber acknowledges that Subscriber use the PRISMA Services at its own risk.
     
11. CPP Warranties. CPP warrants that, except as provided under section m. and n. below, the PRISMA Services will be performed substantially in accordance with user, installation, technical, quick reference and administrative guides and any other guides available at downloads.cpp.canon. Such undertaking shall not apply to the extent of any non-conformance which is caused by use of the PRISMA Services contrary to CPP’s or Canon‘s instructions, or modification or alteration of the PRISMA Services by any party other than CPP or CPP’s duly authorized contractors or agents. If the PRISMA Services do not conform to the foregoing undertaking, CPP will, at its expense, use all reasonable commercial endeavors to correct any such non-conformance promptly, or provide the Subscriber with an alternative means of accomplishing the desired performance. Such correction or substitution constitutes the Subscriber’s sole and exclusive remedy for any breach of the undertaking set out in this clause. 
     
12. Disclaimers. CPP and the Authorised Distributor: (i) do not warrant that the PRISMA Services, and/or the information obtained by the Subscriber through the PRISMA Services will meet the Subscriber’s requirements; (ii) are not responsible for any delays, delivery failures, or any other loss or damage resulting from the transfer of data over communications networks and facilities, including the internet, and the Subscriber acknowledges that the PRISMA Services may be subject to limitations, delays and other problems inherent in the use of such communications facilities; and (iii) do not accept liability for loss of data and/or any consequent business interruption, loss of profit, opportunity business or savings (actual or anticipated), howsoever caused, including for any interruption, outage, unavailability or suspension of the of the PRISMA Website and the PRISMA Services.
     
13. Data Processing Agreement. CPP shall, in providing the PRISMA Services, comply with its privacy commitments as detailed in Data Processing Agreement (Annex I) of this Agreement, as such documents may be amended from time to time. By accepting this Agreement, Subscriber expressly agrees that the collection, use, disclosure and otherwise the processing of Subscriber and User Data is governed by the Data Processing Agreement, appended as Annex I to this Agreement  (in the case of Personal Data), as such documents may be amended from time to time.
     
14. Support. Subscriber shall endeavor to resolve all support requests from Authorized Users or escalate them to Subscriber’s Authorised Distributor. Subscriber’s Authorised Distributor will provide Subscriber first line support and helpdesk services, as may be provided in the Authorised Distributor-Subscriber Agreement, and Canon will assist in the escalation process to CPP in case the first line support cannot resolve Subscriber’s issue.
     
15. PRISMA Freemium (Limited functionality) Services.
    Once the Subscriber is set up as a tenant on the PRISMA Website, the Subscriber would be able to activate certain PRISMA Services on a limited functionality and free of charge basis (“PRISMA Freemium Services”). Once activated, the PRISMA Freemium Services are accessible during the entire duration of the relevant subscription period and can be accessed and used by the Subscriber subject to the terms of this Agreement and particularly subject to the disclaimer below.
    
    Subscriber acknowledges and agrees that the PRISMA Freemium Services, as further described in the relevant Freemium service description may contain defects and errors, and that such services are offered on limited  functionality basis and therefore should not be expected to function fully and/or in accordance with any undertakings (including, but not limited to, any warranties (if any given) and/or service availability undertakings given in this Agreement or otherwise under the respective service descriptions. The Subscriber acknowledges and agrees that the PRISMA Freemium Services are being offered on “as is” basis, the same are being activated and used at the Subscriber’s own risk and CPP does not assume and expressly disclaims any liability in relation to the provision and the Subscribers’ use of the said services. 
     
16. PRISMA Premium - Trials Services.
    Should a Subscriber elect to access and use any of the PRISMA Services (full functionality) for the purposes of testing such for a limited period of time and on a free of charge basis “PRISMA Premium - Trials Services”, the Subscriber can activate and use such services for a trial period with a maximum duration of three (3) months. Once activated and utilised by the Subscriber, the Subscriber will not be able to reactive the same PRISMA Premium - Trials Service for another 9 months following the end of the respective trial period.
    
    The PRISMA Trials Services are available to access and use by the Subscriber subject to the terms of this Agreement and particularly subject to the disclaimer below.
    
    Subscriber acknowledges and agrees that the PRISMA Premium - Trials Services, as further described in the relevant service description may contain defects and errors, and that such services are offered on a trial basis and therefore the Subscriber cannot rely on any undertakings including, but not limited to, any warranties (if any given) given in this Agreement or otherwise (if any) under the respective service descriptions. The Subscriber acknowledges and agrees that the PRISMA Premium - Trials Services are being offered on “as is” basis, the same are being activated and used at the Subscriber’s own risk and CPP does not assume and expressly disclaims any liability in relation to its provision and the Subscriber’s use of such.
    
    If, following the expiration of the relevant PRISMA Premium – Trials Service, the Subscriber does not place an order for purchasing of the respective PRISMA Premium (chargeable) Service, the Subscriber will not be able to continue to use the relevant PRISMA Premium Service, however, it would be able to continue using already activated PRISMA Freemium Service(s) for the remainder of the relevant subscription period.
     

2. Subscriber Obligations.

1. Compliance. Subscriber is responsible for use of the PRISMA Services by all Subscriber’s Authorized Users. Subscriber and all Authorized Users must use the PRISMA Services in compliance with this Agreement and the PRISMA Home Website Terms of Use available on the PRISMA Website. Subscriber will obtain any consents necessary to allow Authorized Users of Subscriber to engage in the activities described in this Agreement and to allow CPP to provide the PRISMA Services. Subscriber will comply with all Laws (as defined in Exhibit A) applicable to Subscriber’s use of the PRISMA Services.
    
2. Subscriber Administration of the Services. Subscriber will ensure that all Authorized Users comply with applicable Subscriber obligations and responsibilities under this Agreement. If Subscriber becomes aware of any violation of applicable obligations and responsibilities by any Authorized User under this Agreement, Subscriber will immediately suspend access to the PRISMA Services by the relevant Authorized User.
    
3. Administration of Authorized Users of the PRISMA Services. After the Authorised Distributor has set up the initial Subscriber Authorized User, Subscriber may specify additional Authorized Users who are Subscriber employees to act as “Administrators” or as operators. Administrators have the ability to access, restrict or remove Subscriber and User Data in or from PRISMA Services accounts of Subscriber. Administrators also have the ability to monitor, restrict, or terminate access to PRISMA Services accounts by Authorized Users. CPP’s responsibilities do not extend to the internal management or administration of the Subscriber’s use of PRISMA Services. Subscriber is responsible for: (i) maintaining and managing the confidentiality of passwords and Administrator or operator access credentials; and (ii) ensuring that Administrator or operator use of the PRISMA Services complies with this Agreement.
    
4. Unauthorized Use & Access. Subscriber will prevent unauthorized use of the PRISMA Services by its Authorized Users and terminate any unauthorized use of or access to the PRISMA Services by persons under Subscriber’s control. Subscriber will promptly notify Authorised Distributor of any unauthorized use of or access to the PRISMA Services.
    
5. Restricted Uses. Without limiting Subscriber’s obligations under the Terms of Use, Subscriber will not (i) sell, resell, lease or otherwise make available the PRISMA Services; (ii) use the PRISMA Services for activities where use or failure of the PRISMA Services could lead to physical damage, death, or personal injury; or (iii) reverse engineer the PRISMA Services, or attempt nor assist anyone else to do so, unless this restriction is prohibited by law.
    
6. SUBSCRIBER ACKNOWLEDGES AND AGREES THAT IN ORDER TO ACCESS THE PRISMA SERVICES SUBSCRIBER MAY NEED TO HAVE “COOKIES” ENABLED, AND THAT IF SUBSCRIBER DISABLES OR REJECTS COOKIES, SOME FEATURES OF THE PRISMA SERVICES MAY BE SLOWER OR MAY NOT WORK OR DISPLAY PROPERLY. Use of the PRISMA Services requires compatible devices and speed internet access. Subscriber shall be solely responsible for acquiring and implementing such devices and internet access. Subscriber agrees that meeting these requirements, which may change from time to time, is Subscriber’s responsibility.
    
7. The Authorised Distributor assumes no responsibility or liability for any Subscriber and User Data that Subscriber provides, publishes, or transmits, directly or indirectly, using the PRISMA Services. Subscriber acknowledges and agrees that the Authorised Distributor is only acting as passive conduit providing web services to process submitted data, in particular, Stored Data.
    
8. Third Party Requests.
   i. “Third Party Request” means a request from a third party for records relating to a Subscriber’s use of the PRISMA Services including information in or from a Subscriber’s PRISMA Services account. Third Party Requests may include valid search warrants, court orders, or subpoenas.
   ii. Subscriber is responsible for responding to Third Party Requests via its own access to information. Subscriber will seek to obtain information required to respond to Third Party Requests and will contact CPP only if it cannot obtain such information despite diligent efforts.
   iii. CPP, in consultation with the Authorised Distributor, will make commercially reasonable efforts, to the extent allowed by law and by the terms of the Third Party Request, to: (A) promptly notify Subscriber of a receipt of a Third Party Request; (B) comply with Subscriber’s commercially reasonable requests regarding its efforts to oppose a Third Party Request; and (C) provide Subscriber with information or tools required for Subscriber to respond to the Third Party Request (if Subscriber is otherwise unable to obtain the information). If Subscriber fails to promptly respond to any Third Party Request, then CPP may, but will not be obligated to, do so.
    

3. Subscriber and User Data. Subscriber will: (a) be solely responsible for the nature, quality and accuracy of the Subscriber and User Data stored on the PRISMA Website by Subscriber; (b) ensure that the Subscriber and User Data (including the storage or transmission thereof) complies with this Agreement, Privacy Policy and all applicable Laws; (c) promptly handle and resolve any notices and claims which Subscriber receives relating to the Subscriber and User Data, including any notices sent to Subscriber by any person claiming that any Subscriber and User Data violates any person’s rights; (d) promptly forward to CPP at the email address indicated on the PRISMA Website any such notices or other pertinent notices received from other entities; and (e) maintain appropriate security, protection and backup copies of the Subscriber and User Data, which may include use of additional encryption technology to protect the Subscriber and User Data from unauthorized access. Subscriber acknowledges and agrees that CPP and/or the Authorised Distributor will have no liability of any kind, including for loss of Subscriber and User Data and/or any consequent business interruption, loss of profit, opportunity business or savings (actual or anticipated) howsoever caused, as a result of the deletion of, correction of, destruction of, damage to, loss of or failure to store or encrypt any Subscriber and User Data by Subscriber. Subscriber understands and agrees that Subscriber is responsible for providing any notices and and/or obtaining any consents required pursuant to applicable Laws that are necessary for CPP and Authorised Distributor to access, use, retain, and transfer Subscriber and User as specified in this Agreement. 
 

4. Intellectual Property Rights.

1. Reservation of Rights. Except as expressly set forth herein, this Agreement does not grant (i) CPP any Intellectual Property Rights in Subscriber and User Data or (ii) Subscriber any rights in the CPP Content of the PRISMA Services (and all hardware, software, Documentation, and other items used to provide the PRISMA Services) or CPP or CANON trademarks and brand features. “CPP Content” and “Intellectual Property Rights” are defined in Exhibit A.
    
2. Limited Permission. Subscriber grants to CPP and Authorised Distributor only the limited rights in Subscriber and User Data that are reasonably necessary for CPP and Authorised Distributor to offer, administer and support the PRISMA Services (e.g., hosting Subscriber and User). This permission also extends to third parties (e.g., Hosting Provider) that CPP works with to offer the PRISMA Services.
    
3. Suggestions. Except as to Stored Data, CPP may, at its discretion and for any purpose, use, modify, and incorporate into its products and services, license and sublicense, any feedback, comments, or suggestions that Subscriber sends to CPP or posts in any CPP or PRISMA Website forum without any obligation to Subscriber.
    

5. Fees & Payment - PRISMA Premium Services.

1. Fees. The Authorised Distributor will advise each of its Subscribers in the Authorised Distributor Subscriber Agreement or otherwise of the fees applicable for the PRISMA Services available from Authorised Distributor. Subscriber will pay to Authorised Distributor the subscription and, if separate and/or applicable based on storage amount used (see subsection c. below), storage fees for the PRISMA Services invoiced by Authorised Distributor to Subscriber. Subscriber is responsible for providing its complete and accurate billing and contact information to the Authorised Distributor. If Subscriber fails to make any payment to the Authorised Distributor, the Subscriber’s access to PRISMA Services may be terminated.
    
2. Taxes. Subscriber is responsible for all taxes payable on the fees for the PRISMA Services payable by Subscriber to Authorised Distributor (unless Subscriber provides Authorised Distributor with a tax exemption certificate acceptable to the relevant taxing authority).
    

6. Suspension. If a Subscriber uses the PRISMA Services in a manner that the Authorised Distributor or CPP reasonably believe will cause liability for Authorised Distributor or CPP,  CPP or Authorised Distributor may suspend or terminate Subscriber access to PRISMA Services.
When applicable the Subscriber shall not be billed by CPP during the period of suspension.
 

7. Term and Termination.

1. Term. This Agreement shall commence on the date of Subscriber’s acceptance of this Agreement, and will remain in effect for the subscription term specified in a statement of work or purchase order issued to the Authorised Distributor (“Initial Term”). Thereafter, this Agreement will be renewed automatically for successive periods of one year (each a “Renewal Period”), unless the Agreement is terminated by either CPP, Authorised Distributor on behalf of CPP or the Subscriber by providing the Authorised Distributor or CPP with at least thirty (30) days’ notice prior to the date of renewal. The Initial Term together with any subsequent Renewal Periods shall constitute the “Term”.
    
2. Termination. Any party may terminate this Agreement if: (i) the other party fails to pay when due any fees or other charges required by this Agreement; (ii) the other party is in material breach of the Agreement (other than non-payment of fees/charges) and fails to cure that breach within thirty (30) days after receipt of written notice; (iii) the other party ceases its business operations or becomes subject to insolvency proceedings and the proceedings are not dismissed within ninety (90) days; or (iv) CPP elects to terminate the PRISMA Services with reasonable notice.
    
3. Effects of Termination. If this Agreement terminates: (i) the rights granted by CPP to Subscriber will cease immediately (except as set forth in this section); (ii) CPP may provide Subscriber access to its account at Authorised Distributor’s then prevailing charges so that Subscriber may export its Stored Data; and (iii) CPP may delete all Subscriber and User Data effective thirty (30) days from the date of termination. Depending on the circumstances of termination of PRISMA Services, CPP may continue to store Subscriber and User Data to facilitate reconnection, or to provide Subscriber an opportunity to retrieve its Subscriber and User Data. The following sections will survive expiration or termination of this Agreement: 2.h (Third Party Requests), 5 (Fees & Payment), 7.c (Effects of Termination), 9 (Disclaimers), 10 (Limitation of Liability), 11 (Disputes), and 12 (Miscellaneous). Neither CPP nor the Authorised Distributor will be responsible for loss of business, business continuity, lost profits, or other consequential damages if Subscriber and User Data is deleted pursuant to the conditions of this Section.
    

8. Infringement.

1. Curing Possible PRISMA Services Infringement. If CPP believes the PRISMA Services infringe or may be alleged to infringe a third party’s Intellectual Property Rights, then CPP may: (i) obtain the right for Subscriber, at CPP’s expense, to continue using the PRISMA Services; (ii) provide a non-infringing functionally equivalent replacement; or (iii) modify the PRISMA Services so that they no longer infringe. If CPP, at its discretion, does not deem the options described in this Section commercially feasible, then CPP may suspend or terminate Subscriber’s use of the affected PRISMA Services. In such case the Authorised Distributor shall provide a refund to Subscriber proportionate to the price of the unused Subscription period.
    
2. Claims Arising through Acts or Omissions of the Subscriber. Subscriber agrees to indemnify and hold harmless CPP, their direct and indirect parent companies, subsidiaries, and other affiliates, and their respective officers, directors, employees, agents, partners, licensors, and Authorised Distributors (collectively, the “CPP Indemnified Parties”) from and against any and all damages, costs, and expenses, including reasonable attorneys' fees (hereinafter “Damages”), incurred by or asserted against any of the CPP Indemnified Parties arising out of or based upon (a) any claim of infringement, misappropriation, or violation of any third party’s patent, copyright, trade secret, trademark, right of privacy or publicity, or other third-party right by Subscriber and User Data; (b) any breach or alleged breach by Subscriber of this Agreement (or any portion thereof); (c) Subscriber’s use of the PRISMA Services in violation of the terms of this Agreement; or (d) a dispute between Subscriber or any third party arising out of the PRISMA Services, to the extent caused by Subscriber or any entity other than CPP, Canon (insert relevant entity) or Authorised Distributor (collectively “Claim(s)”). Upon Request of CPP, Subscriber agrees to defend, at Subscriber’s sole cost and expense, any Claim asserted against any CPP Indemnified Party, provided that CPP gives Subscriber: (a) prompt written notice of the Claim; (b) full information and reasonable cooperation in connection with the defense and/or settlement of the Claim (at Subscriber’s expense); and (c) full (and sole) authority to defend or settle the claim or suit, provided that CPP may participate with counsel of its own choosing at its own expense and further provided that any portion of any settlement or compromise which constitutes an admission or requires contribution from any of the CPP Indemnified Parties shall be subject to the prior written approval of CPP. Notwithstanding the foregoing, failure to so notify Subscriber shall not diminish Subscriber’s defense obligations hereunder. Subscriber acknowledges and agrees that the CPP Indemnified Parties shall have no liability, and Subscriber shall not sue or make any other claims against CPP, either directly or indirectly, as a result of CPP’s decision to remove or refuse to process any Subscriber and User Data, to warn Subscriber, to suspend or terminate Subscriber’s access to the PRISMA Services, or to take any other action during the investigation of a suspected violation or as a result of CPP's conclusion that a violation of this Agreement has occurred. This waiver and indemnity provision applies to all material violations described in or contemplated by this Agreement. This obligation shall survive the termination or expiration of this Agreement and/or Subscriber’s use of the PRISMA Services.
    
3. Disclaimers. THE PRISMA SERVICES ARE PROVIDED “AS IS” TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT AS EXPRESSLY STATED IN THIS AGREEMENT, NONE OF CPP, THE AUTHORISED DISTRIBUTOR AND THEIR RESPECTIVE AFFILIATES, SUPPLIERS, AND DISTRIBUTORS MAKE ANY WARRANTY OR CONDITION OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, INCLUDING (I) ANY WARRANTY OR CONDITION THAT THE PRISMA SERVICES WILL BE UNINTERRUPTED, ERROR-FREE OR FREE OF HARMFUL COMPONENTS, (II) ANY WARRANTY OR CONDITION THAT THE STORED DATA WILL BE SECURE OR NOT OTHERWISE LOST OR DAMAGED, (III) ANY WARRANTY OR CONDITION THAT THE STORED DATA IS PRINTABLE ONCE IT HAS BEEN UPLOADED TO THE PRISMA WEBSITE AND (IV) ANY IMPLIED WARRANTIES OR CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PARTICULAR USE, OR NON-INFRINGEMENT. SUBSCRIBER ASSUMES RESPONSIBILITY FOR MAINTAINING AND BACKING UP ANY STORED DATA.
    

9. Limitation of Liability.

1. Limitation on Indirect Liability. TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, NONE OF CPP, AUTHORISED DISTRIBUTOR, AND THEIR AFFILIATES, SUPPLIERS, AND DISTRIBUTORS WILL BE LIABLE IN CONNECTION WITH USE OF THE PRISMA WEBSITE OR THE PRISMA SERVICES FOR (I) INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, (II) ANY ERRORS OR OMISSIONS IN ANY SUBSCRIBER AND USER DATA, OR ANY LOSS OR DAMAGE INCURRED AS A RESULT OF THE USE OF ANY SUBSCRIBER AND USER DATA PROVIDED, EMAILED, TRANSMITTED OR OTHERWISE MADE AVAILABLE BY SUBSCRIBER THROUGH THE PRISMA SERVICES; OR (III) LOSS OF USE OF SUBSCRIBER AND USER DATA, OR LOSS OF BUSINESS, REVENUES OR PROFITS (IN EACH CASE WHETHER DIRECT OR INDIRECT), UNDER ANY THEORY OF LIABILITY, INCLUDING, WITHOUT LIMITATION, CONTRACT, TORT, WARRANTY, NEGLIGENCE OR OTHERWISE, EVEN IF ANY SUCH ENTITY KNEW OR SHOULD HAVE KNOWN THAT SUCH DAMAGES WERE POSSIBLE.
    
2. Limitation on Amount of Direct Liability. TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, THE AGGREGATE LIABILITY OF CPP, AUTHORISED DISTRIBUTOR IN CONNECTION WITH USE OF THE PRISMA WEBSITE OR THE PRISMA SERVICES FOR DIRECT DAMAGES WILL NOT EXCEED THE AMOUNT PAID BY SUBSCRIBER FOR THE PRISMA SERVICES HEREUNDER DURING THE TWELVE MONTHS (OR SUCH SHORTER PERIOD, WHERE A SUBSCRIPTION HAS EXISTED FOR A LESSER PERIOD) PRIOR TO THE EVENT GIVING RISE TO LIABILITY.
    

10. Disputes.

1. Informal Resolution. Before filing a claim against the other party, each of CPP and Subscriber agrees to attempt  to resolve the dispute by contacting the other party through the notice procedures in section 12.d. Should any issues, disputes and/ or claims arising out or in connection between this Agreement remain unresolved, within reasonable time, through the informal resolution process as set out in this section 10.a, each party, at its discretion, may proceed through the  process set out in section 10.b below.
    
2. Governing Law and Jurisdiction. This Agreement shall be governed by the law of the territory where the PRISMA Services are provided. All disputes shall be resolved by the relevant courts of the territory.
    
3. Injunctions. Notwithstanding the foregoing, CPP may initiate litigation in any court of competent jurisdiction seeking any remedy in equity, including the issuance of a preliminary, temporary, or permanent injunction, or to specifically enforce its rights under this Agreement to stop unauthorized use or abuse of the PRISMA Services or infringement of CPP’s Intellectual Property Rights. Subscriber consents to venue and personal jurisdiction there for such actions.
    

11. Miscellaneous

1. Modification of Agreement. CPP may revise this Agreement from time to time and the most current version will be posted on the PRISMA Website. Revisions may also be posted at CPP’s Website: downloads.cpp.canon. Subscriber is responsible for checking the PRISMA Website and any postings there regularly. By continuing to access or use the PRISMA Services after revisions become effective, Subscriber agrees to be bound by the revised Agreement. If Subscriber does not agree to the revised Agreement terms, Subscriber may terminate the PRISMA Services within thirty (30) days of the posting of the revision by notifying its Authorised Distributor in writing.
    
2. Entire Agreement. This Agreement (which includes the Data Processing Agreement appended as Annex I) published  on the PRISMA Website and accepted by the Subscriber as click-through agreements at the time of their onboarding on the PRISMA Home Website constitutes the entire agreement between Subscriber and CPP with respect to the subject matter of this Agreement and supersedes and replaces any prior or contemporaneous understandings and agreements, whether written or oral, with respect to the subject matter of this Agreement.
    
3. Severability. Unenforceable provisions will be modified to reflect the parties’ intention and only to the extent necessary to make them enforceable, and the remaining provisions of the Agreement will remain in full effect.
    
4. Notice. Notices must be sent via first class, airmail, or overnight courier (if any address is available) and are deemed given when received. Notices to Subscriber may also be sent to the applicable account email address and are deemed given when sent. Notices to CPP must be sent to the Chief Legal Officer of CPP at Van der Grintenstraat 10, 5914 HH, Venlo, the Netherlands.
    
5. Waiver. A waiver of any default is not a waiver of any subsequent default.
    
6. Assignment. Subscriber may not assign or transfer this Agreement or any rights or obligations under this Agreement without the written consent of CPP. CPP may assign, transfer, or otherwise dispose its rights and obligations under this contract, in whole or in part, at any time without notice. Any other attempt to transfer or assign is void.
    
7. No Agency. CPP and Subscriber are not legal partners or agents, but are independent contractors.
    
8. Force Majeure. Except for payment obligations, neither CPP nor Subscriber will be liable for inadequate performance to the extent caused by a condition that was beyond the party’s reasonable contemplation  or control (for example, epidemic, natural disaster, act of war or terrorism, riot, labor strikes, governmental action, and Internet disturbance not attributable to either CPP’s or Subscriber’s acts or omissions).
    
9. Third-Party Beneficiaries Authorised Distributors shall be third party beneficiaries of this Agreement. 
    
10. Audits. Subscriber will keep and maintain, for a period ending five (5) years after the date of termination of this Agreement, proper records relating to its use of the PRISMA Services. During the term of this Agreement and for one (1) year after any termination or expiration hereof, CPP or its designee may inspect such records to verify Subscriber’s compliance with this Agreement upon advance notice to Subscriber and subject to mutual agreement as to the date of such inspection. Any such inspection will be conducted only during regular business hours at Subscriber’s offices in a manner that does not unreasonably interfere with Subscriber’s business activities. However, such inspection shall be at CPP’s cost and expense. If the audit reveals any lack of compliance, (a) the expense of such audit shall be borne and paid by Subscriber and (b) Subscriber shall immediately correct any non-compliance.

Exhibit A
Certain Definitions

CPP Content: means any of the following that is CPP owned, controlled, or otherwise made available to Subscriber hereunder, including but not limited to: (a) technology, including, but not limited to, any features functionality, or other application program interface; (b) content or information, including any text, graphics, photographs, images, video, audio, and/or other data or information; (c) descriptions, data, databases, applications, processes, systems, methods of operation, concepts, software, software libraries, code, templates, command line tools, user interfaces, protocols, formats, techniques, algorithms, methods, devices, procedures, functionalities, or other technology or similar item; (d) URLs, now or at any time during the Term; (e) any adaptations, derivative work, modifications, custom modules, extensions, themes, applications, and add-ons of the information and materials described above; and (f) all Intellectual Property Rights embodied in any of the foregoing.

Intellectual Property Rights: all intellectual property rights recognized as such in any jurisdiction including (without limitation) any and all (a) patents, utility models, trademarks, service marks, business and trade names, and rights in domain names, logos, and get up (including any and all goodwill associated with or attached to same) designs, copyrights, and database rights; and (b) all similar or equivalent rights protecting inventions, discoveries, technology, know-how, trade secrets, expertise, methodologies, or any creative, artistic, or industrial works or information, together with all applications and rights to apply for registration of any such rights.

Laws: collectively (a) local, state, national, and international laws, statutes, rules, regulations applicable to Subscriber, or any data collected or otherwise processed by Subscriber, including but not limited to, all data security laws, privacy, generally accepted industry standards, directives, or guidelines, or self-regulatory principles relating to privacy, data collection, storage, use, disclosure, protection, or security of Stored Data or Personal Data, and any requirements or guidance issued by any applicable data protection authority responsible for privacy-related matters or the processing of Stored Data or Personal Data in an applicable jurisdiction; (b) judicial, governmental, or administrative order, judgement, decree, or ruling or enforceable requirements of any industry self-regulatory body; and (c) enforceable regulatory and binding guidance and written or authoritative interpretation of any of the foregoing by a regulatory body.

Personal Data: means the account identity and contact information submitted to the PRISMA Website by Subscriber seeking or using PRISMA Services, and shall include any information, that can be used to uniquely identify, contact or locate an individual, including, without limitation, first name or initial and last name, date of birth, mother’s maiden name, unique biometric, Social or National Security or similar Number, passport number, driver’s license or other state identification number, financial information, cardholder data, employment information, employer-assigned identification number, signature, personal web page, telephone number, home address, business address, other mailing address, email address or online identifier associated with an individual, geographic location, IP address or similar identifier, MAC (media access control) address, user ID, password, security question and answer, cookie information, profile, and any other information uniquely identifying an individual, including usage and traffic data.

Stored Data: any and all technical and non-personal files, structured data and information, including any text, documents, graphics, photographs, images, video, and audio content relating to print jobs or other PRISMA Services that is submitted to the PRISMA Website by Subscriber by automated or other means.

© 2024 Canon Production Printing Netherlands B.V. All Rights Reserved. Effective: 1 November, 2024

ANNEX I
Data Processing Agreement

This Data Processing AGREEMENT is made as of the date your acceptance of the PRISMA Cloud Service Subscription Agreement (the “Effective Date”)

BETWEEN

(1) CPP; and
(2) Subscriber; 

each a “Party” and together the “Parties”.

BACKGROUND:

I. The Subscriber and CPP are party to an agreement (the “Agreement”) under which CPP agreed to perform certain services for the Subscriber (the “Services”), during the performance of which CPP may process certain Personal Data of the Subscriber (the “Subscriber Personal Data”) as a Processor on behalf of the Subscriber.

II. The parties have executed this data processing agreement (the “DPA”) to meet their obligations under the GDPR and other applicable laws in respect of CPP’s processing of the Subscriber Personal Data.

1. Definitions
   1.1. In this Addendum, the following definitions shall apply:
   “Affiliate” means with respect to a Party, any other person controlling, controlled by, or under common control with, such Party, for only so long as such control exists. For these purposes, “control” shall refer to: (i) the possession, directly or indirectly, of the power to direct the management or policies of a person, whether through the ownership of voting securities, by contract or otherwise, or (ii) the ownership, directly or indirectly, of more than 50 percent (50%) of the voting securities or other ownership interest of a person; 
   
   “Data Protection Legislation” means all applicable data protection and privacy laws, including, as applicable and without limitation, the Singapore Personal Data Protection Act 2012;
   
   “controller”, “processor”, “data subject”, “personal data”, “personal data breach” and “processing” shall have the meanings ascribed to them in the applicable Data Protection Legislation;
   
   “Subscriber Personal Data” means any personal data which may be supplied by Subscriber and/or its Affiliates to CPP under the Agreement and/or which CPP (and/or any Sub-Processor) processes on behalf of Subscriber and/or its Affiliates;
   
   “Data Protection Legislation” means all applicable laws relating to data protection and privacy in Asia (excluding China) where PRISMA Home Cloud Services are provided by CPP and such other locations where the data is stored including (without limitation) the Singapore Personal Data Protection Act 2012 (“PDPA”), and all amendments, or all other applicable international, regional, federal or national data protection laws, regulations and regulatory guidance;
   
   “Sub-Processor” means any person or entity which is not a Party to this Agreement and which is engaged by CPP to perform any or all of its obligations under the Agreement, including for the avoidance of doubt, an Affiliate of CPP. 
    
2. Scope of Agreement
   2.1. This DPA shall apply to the processing of Subscriber Personal Data by CPP pursuant to the Agreement. In case of a conflict between the terms of this data processing agreement (“DPA”) and the Agreement, the terms of the DPA will prevail.
    
3. Processing Requirements
   3.1. Unless otherwise set out in the Agreement or in Statements of Work or Purchase Orders submitted under the Agreement, details about the Subscriber Personal Data to be processed by CPP and the processing activities to be performed under this DPA are set out in Schedule 1.
   
   3.2. CPP shall only process Subscriber Personal Data in accordance with the documented instructions given from time to time by the Subscriber, including with regard to transfers, unless required to do otherwise by applicable law. In which event, CPP shall inform the Subscriber of the legal requirement before processing Subscriber Personal Data other than in accordance with the Subscriber’s instructions, unless that same law prohibits CPP from doing so on important grounds of public interest.
   
   3.3. Where the Subscriber is also procuring the Services for one or more Affiliates, the Subscriber confirms that it is authorized to communicate any instruction or other requirements on behalf of such Affiliates to CPP in respect of the Services.
   
   3.4. If the Subscriber is in breach of its obligations under the Data Protection Legislation due to an act or omission of CPP, CPP shall not be liable for such breach where its act or omission arose from the Subscriber’s instructions.
   
   3.5. Upon termination or expiry of the Agreement, CPP shall, at Subscriber’s request, promptly delete or return all Subscriber Personal Data and delete the copies thereof (unless applicable law requires the storage of such Subscriber Personal Data) and shall confirm to Subscriber in writing that it has done so. This provision is without prejudice to any provisions in the Agreement relating to how long CPP may retain data after the Agreement terminates. 
    
4. Security
   4.1. CPP warrants and undertakes in respect of all Subscriber Personal Data that it shall:
   4.1.1. implement appropriate technical and organisational measures to protect Subscriber Personal Data against unauthorised or unlawful processing against accidental loss, destruction, damage, alteration or disclosure, including those measures specified in Schedule 2;
   4.1.2. without prejudice to any general obligations relating to confidentiality in the Agreement, ensure that its personnel are subject to binding obligations of confidentiality with respect to Subscriber Personal Data; and 
   4.1.3. promptly, and without delay, notify Subscriber in writing of any actual, alleged, or potential unauthorised disclosure, loss, destruction, compromise, damage, alteration, or theft of Subscriber Personal Data. 
   
   4.2. The Subscriber shall promptly and without delay notify CPP in writing if it becomes aware of any breach of security in respect of the Services or its use of the Services. 
    
5. Assistance
   5.1. Taking into account the nature and scope of the Services provided by CPP, CPP shall, to the extent possible, provide such assistance as the Subscriber may reasonably require to comply with its obligations as a data controller, including in relation to data security, data breach notification, data protection impact assessment, prior consultation with data protection authorities, any enquiry, notice or investigation received from a data protection authority, and the fulfilment of data subjects’ rights.
   
   5.2. CPP shall make available to Subscriber all information reasonably necessary to demonstrate its compliance with the obligations set out in this DPA, and allow for and co-operate with any audits, including physical inspections of CPP’s premises, required by Subscriber. Subscriber shall be limited to conducting one such audit or inspection per year, save where the Subscriber reasonably believes that CPP may have breached the provisions of this DPA. Any such audit or inspection shall conducted on reasonable notice during normal business hours. CPP may require that the people conducting the audit sign undertakings of confidentiality.
    
6. Sub-processing
   6.1. The Subscriber provides CPP with a general authorisation to appoint Sub-Processors to process the Subscriber Personal Data provided that the Subscriber is: (i) informed of the identity of the Sub-Processor and is given reasonable notice of no less than 10 business days in advance of any proposed changes concerning the addition or replacement of other Sub-Processors; (ii) given the opportunity to object to such changes where the Subscriber considers that such Sub-Processors do not provide sufficient guarantees under Data Protection Legislation in which event CPP shall use reasonable endeavours to address the Subscriber’s concerns. If Subscriber fails to object within the 10 business days’ notice period, the Subscriber will have been deemed to accept the appointment and/or replacement of the new sub-processor. The Subscriber hereby authorises CPP to use Sub-Processors: (i) expressly authorized in the Agreement; (ii) listed in Schedule 3 of this DPA; or (iii) that are CPP Affiliates.
   
   6.2. CPP shall impose obligations on its Sub-Processors that are the same as or equivalent to those set out in this DPA by way of written contract, and shall remain liable to Subscriber for any failure by a Sub-Processor to fulfil its obligations in relation to the Subscriber Personal Data.
    
7. Data Transfers
   CPP shall ensure that no Subscriber Personal Data is processed outside Japan without Subscriber’s express prior written consent.
    
8. Order of precedence
   In the event of any conflict or inconsistency, the following order of precedence shall apply:
   - This Annex I;
   - The remaining terms of this DPA.
    
9. Governing Law 
   This DPA is governed by the applicable law of the country/territory where the PRISMA Services are provided.

SCHEDULE 1
Description of the Personal data Processing 

The data processing activities carried out by CPP pursuant to the Agreement and this DPA may be described as follows:

1. Subject matter
   PRISMA software and applications, offering subscription-based cloud workflow services and printer tools that help Subscribers to streamline and simplify their print operations.
    
2. Duration
   Duration would be for the term of the subscription agreement.
    
3. Nature and purpose
   Subscriber(s) data
   - The usage data other than the personal data is  stored in PRISMA for the purpose of aggregation and visualization depending on the respective PRISMA 
   - Personal data (username, email-address) gathered by PRISMA from the integrated printer devices can be anonymized at any time, except reports inside the archive or on local storage. 
    
4. Data categories
   - Personal data: full name, email-address
    
5. Data subjects
   - Subscriber Employees:  Administrators, Operators
    
6. Retention Periods
   All data of a Subscriber (including personal data) is removed 30 days after terminating the subscription with that Subscriber. No data will be deleted automatically whilst the subscription is running. The Subscriber has the tools to delete its data in the PRISMA environment. 

SCHEDULE 2
TECHNICAL AND ORGANIZATIONAL MEASURES

Notwithstanding any additional measures agreed to in the Subscription Agreement, CPP has implemented and will maintain for both corporate and customer data (“Data”) the following technical and organizational measures, which in conjunction with the terms and conditions of this Data Processing Agreement (“DPA”), are CPP’s only responsibility with respect to the security of that Data.

Organisational Measures

Policies
Internal policies are in place with respect to information security, data protection and privacy. These policies are reviewed on yearly basis. Additionally, regular trainings are offered (e-learning and classroom).

Risk Management
A formal risk management method is in place. Further data processing (be it as controller or as processor) are documented in a data base managed by the Data Protection Officer. Information security risks are included in the CPP risk management tool.

Roles & Responsibilities
Data Protection Officer and Information Security Director are appointed. R&D functional managers are appointed with appropriate information security, data protection and privacy roles.

Confidentiality
The employees are required to sign a dedicated confidentiality undertaking.

Technical Measures

De-Identification and Deletion
Data pertaining to a tenant are only accessible by the NSO having created the tenant and not accessible (unless ex-plicit consent is provided) by any other NSO (on creation level). and within a tenant only by the assigned employees of that customer and not by other customers or third parties.
In general, after 30 days of ending a subscription for a tenant all Data is deleted.

Encryption
HTTPS is the only mechanism allowed for Data transit. 

User Access Controls
Logical access controls, including unique user account and password management, has been implemented.

Physical Security
All services are hosted on third party servers (Azure, Auth0, SendGrid) with appropriate entry controls. Only authorised personnel are allowed access to information processing facilities or areas that contain sensitive or personal information.

SCHEDULE 3
APPROVED SUB-CONTRACTORS

This website is exclusively designed and designated to enable users to login to PRISMA Home Website, if they are entitled to use PRISMA Applications or Tools based on a valid contractual arrangement with us (“PRISMA Cloud Services Subscription Agreement”).

The use of this website by a user is governed by the PRISMA Cloud Services Subscription Agreement applicable to the specific user. If no such agreements exist, you are not entitled to use this website.

1. Controller
   This Privacy Policy sets out how Canon Production Printing Netherlands B.V. collects and processes information about you when you use this website (“Login Page”). 
   
   Canon Production Printing Netherlands B.V. (hereinafter “we“, “us“, “our“) is the controller of the processing of your personal information for the purposes of this Login Page.
    
2. Personal information we collect and how we use it
   On this Login Page, users who are entitled to use PRISMA Applications or Tools (“PRISMA Services”) based on contractual arrangements with our affiliated companies, their customers or us (“Subscription Agreement”), can initiate their login process to PRISMA and generate a user account.
   
   For this purpose, we process certain personal information, which you provide to us and which we collect when you use this Login Page, particularly your email address and your password.
   
   In order to administer the Login Page for internal business operations including detecting security incidents and debugging to identify and repair errors that impair existing functionality (troubleshooting purposes) and as part of our effort to keep the Login Page safe and secure, we may collect and process certain other personal information such as your IP address, location information, browser plug-in types and versions, operating system.
   
   Further, you may choose to provide additional information to us when you contact us.
    
3. Login via Platform Providers
   As an alternative to the login process described in section 2 above, you may choose to login via external authentication services of the platform providers Google and Microsoft, provided you have a corresponding Google or Microsoft user account. If you use such login function, your email address stored by the respective platform provider will be disclosed to us. In addition, the platform provider will transmit to us the following personal data in the course of the login process: email address, name and profile picture.
   
   We will only use and store the following personal data, which we require for the login process: email address, name, profile picture and login time.
   
   We do not transmit any personal data to the platform provider in connection with the login process. Google and Microsoft record that user logged in in our platform.
   
   Since you enter the platform provider’s websites when logging in, the provider may collect additional information from you (e.g. via your browser).
   
   The platform providers exclusively determine the processing of your personal data including the scope, purpose and duration of the processing. The platform provider’s privacy policy and terms of use apply to any such data processing.
   
   For further information on how Google processes your data when using its services, please refer to the privacy policy and the terms of use of https://policies.google.com.
   
   For further information on how Microsoft processes your data when using its services, please refer to the privacy policy and the terms of use of https://privacy.microsoft.com.
    
4. How we share and disclose your information
   We may share your personal information with our affiliates and third parties, which provide IT services to us and which process the information only for the purpose of such services (Auth0, Inc., Microsoft Corporation).
   
   We may further share your personal information with our affiliates if required to enable your use of the PRISMA Services under the applicable Subscription Agreement. If we do so, we transfer your personal information as a data processor on behalf of the company, which is granting you the use of the PRISMA Services under the applicable Subscription Agreement.
    
5. Legal Basis
   The legal basis for the processing of your personal data as described in Section 1 and 2 above is our and our affiliates’ legitimate interest to run and maintain a secure and efficient centralized website for the login to PRISMA systems by our employees and employees of our affiliates and customers.
    
6. Data Retention
   We will only hold your personal information for the duration necessary to carry out the login process or for any additional period as required by law.
   
   For the avoidance of doubt, we may further hold your personal information to the extent necessary to enable you to use PRISMA Services in accordance with the Subscription Agreement applicable to your use of such services. In this respect, however, we do not hold your personal data as a data controller, but as a data processor on behalf of the company, which is granting you the use of the PRISMA Services under the applicable Subscription Agreement.
    
7. Information Security
   We apply reasonable and appropriate security measures to protect your personal information under our control from unauthorized access, collection, use, disclosure, copying, modification or disposal. All information you provide to us is stored on secure servers.
    
8. Your Rights
   You have the following legal data protection rights under the relevant legal conditions: Right to make complaints and consultations regarding personal information, Right of request disclosure, notification of purpose of use, correction, addition, deletion, suspension of use, erasure, and suspension of provision regarding personal information. The aforementioned data subject rights can be exercised by sending an email to privacy@cpp.canon or by contacting us under the contact details provided hereinafter.
    
9. Contact, Data Protection Officer
   If you have a question, concern or complaint about this Privacy Policy or our handling of your personal information, or wish to exercise your right, please contact our data protection officer at privacy@cpp.canon or under the contact details provided hereinafter.
    
10. Managing the Security of Personal Data
    We have established an appropriate security management to protect personal information and take necessary based on laws and regulations to prevent leakage, loss, or damage of personal information, depending on the respective personal information being processed.

Canon Production Printing Netherlands B.V.
Managing Director: Ernsting - Flamée, Eve Josephine Caroline
Van der Grintenstraat 10, 5914HH Venlo, The Netherlands
Phone: +31 77 359 2222