- There are multiple aspects to SNIPER pricing
- The initial 3 months SNIPER access fee is billed on set up.
- Monthly SNIPER access fees are billed the 1st day of each calendar month, and a pro-rata amount is charged in the 4th month to bring in line with 1st month billings for companies that do not start on 1st month.
- Each dedicated mobile number allocated to a client incurs a monthly rental fee and software access fee, multiple dedicated mobile numbers will be discounted based on volume.
- Purchasing initial SMS and MMS credits, as well as ongoing purchase of SMS and MMS credits primarily occurs online, but can be established by invoice and monthly minimum spend contracts.
- Additional services, outside the base fee can be charged for set-up, services quoted in advance, and additional features packs such as loyalty, Add2Wallet, QR Code, Keyword Set Up, Preference Centre and Gift Card.
- All pricing is quoted excluding VAT and GST unless otherwise stated and is dependent on the clients base and billing requirements.
- Pricing can be amended with 30 days notice.
- SNIPER usage after the initial 3-month establishment period reverts to a month to month basis.
- If the monthly license fee is not paid for three (3) months, clients forfeit access to SNIPER and any dedicated mobile numbers allocated to that client.
- Clients have 24 months from purchase date to use MMS and SMS credits.
- Clients who have forfeited use of the dashboard (as per 2.2) will be required to pay set up fees to run promotions using unused credits, or pay all outstanding monthly SNIPER fees.
- Initial licence fee and purchase of credits is payable on invoice.
- MobileDigital’s policy is to not refund or exchange MMS and or SMS credits.
- The monthly access fee is charged per dedicated mobile number and provides Master User Access Login to SNIPER CPaasS Dashboard and up to a maximum of five (5) subordinate users.
- Additional SNIPER access and additional dedicated mobile numbers can be acquired, with pricing determined by volume of numbers and specific business conditions.
- MobileDigital provide unlimited education and support during AEST business hours.
- Education and Support is provided as;
- Video Education
- Screen Sharing Tutorials
- Face to Face delivered educations
- 1st and 2nd Level Tech Support TEXT
- Account Management Support
- Guided Tour
- The standard maximum MMS message size allowable, including all associated tags, text, etc, should not exceed 300kb in size.
- Message formats are flexible, however there are some image & text parameters that you will need to conform to if designing your own messages. Please refer to the following:
On-net & Off-net MMS and Service Delivery
- Within Australia, different telecommunications companies charge carriage at different rates and MobileDigital consider this when setting our pricing.
- Unless otherwise quoted, MobileDigital will establish the requested services within 48 hours of the agreement date. All development work will be undertaken during the MobileDigital standard business hours, AEST Monday to Friday and excluding public holidays.
- Any work undertaken by the MobileDigital outside these hours may incur a service charge.
MobileDigital’s Obligations and the Service
- MobileDigital will provide the SNIPER Software as a service to the Client’s Business throughout the Term. MobileDigital may improve, update or revise the service from time to time.
- MobileDigital must ensure;
- Each MMS and SMS Transaction is accurately completed in accordance with the details inputted by a Customer; and
- it secures from its suppliers the best available MMS and SMS delivery terms, with the objective that an MMS and SMS transaction is delivered as close to the scheduled delivery time as practical.
- MobileDigital will provide the service substantially in accordance with its intended purpose (The services intended purpose is to communicate with customers client and not to harass or send inappropriate messages).
- MobileDigital gives no guarantee that the service will operate uninterrupted, fault-free or without delay or compromise of its security systems, or that errors will be corrected. Further, the operation of the service relies upon third party service providers, and although MobileDigital will use its reasonable endeavours to procure third-party performance, it gives no guarantees in this respect.
- Where MobiledDgital is in control, ie: some security systems, then at a minimum MobileDigital agree to use our best endeavours to rectify the service and failing to do so within 7 days (or a time frame reasonable) MobileDigital will allow clients to terminate the contract and have the ability to be refunded on a pro rata basis.
- MobileDigital must cooperate with, and provide information reasonably requested by the Client in order to assist the Client to resolve a Customer or Recipient enquiry, claim or dispute relating to a completed Transaction or a Terminated Transaction.
- In addition to the Service, MobileDigital will make available to the client data collection and reporting tools when applicable.
- All upgrades and maintenance to servers where security patches are required will happen outside of work hours and we ensure that no user is logged in to minimise impact, these occur irregularly and are applied as soon as they become available. All software upgrades and services impacted are notified by email and again we wait until there is not campaign or user before applying a software upgrade. Issues pertaining to Network and terminating services and outages from these services are out of our control but we always inform clients if there is a service issue on the telco terminating network as soon as we are aware of it.
- MobileDigital will indemnify the client for any reasonable loss, liability or cost suffered or incurred by the client in connection with a claim by the client except if such loss, liability or cost is caused by the clients failure to comply with this Agreement, or beyond MobileDigital’s control.
Client’s Obligations and Acknowledgments
- The Client indemnifies MobileDigital for any loss, liability or cost suffered incurred by MobileDigital in connection with a claim by a Customer against MobileDigital except if such loss, liability or cost is caused by MobileDigital’s failure to comply with this Agreement.
- The Client will not copy or replicate the software, and recognizes MobileDigital Marketing intellectual property as the owner of the SNIPER software and associated services.
- The Client must pay when due the fees in accordance with this agreement.
- The Client will be solely responsible for responding to any Customer or Recipient enquiry, dispute or claim relating to use of the service
- The Client must keep any login details if provided to them by MobileDigital secure and treat these credentials as confidential information.
- Each party acknowledges that Confidential Information howsoever disclosed pursuant to this Agreement is confidential to, proprietary to, and/or a trade secret of, the disclosing party.
- Each party warrants to the other that the Confidential Information of the other party will be used by the first-mentioned party only for the purpose of that party fulfilling its obligations or exercising its rights under this Agreement.
- Except as set out in this Agreement, Confidential Information must not be disclosed by the party that has been provided this information (“Receiving Party”) to any person for any purpose without the prior written consent of the Disclosing Party, except where the Confidential Information which must be disclosed pursuant to any court order or under any law, or comes into the public domain through no fault of the Receiving Party.
Data Collected on your Behalf
- All end customer data collected on your behalf remains your property.
- When MobileDigital stores user or end customer data on your behalf, we will take all reasonable care in providing the highest security to secure data at all times.
- Once we supply you end customer data, it is your responsibility to provide the data security and all end customer collected data usage is governed by your terms and conditions at that time.
- We will retain message records to indicate messages received and sent to a mobile for opt out and message tracking purposes, and all this data will be incorporated within MobileDigitals security framework.
The term ‘MobileDigital’, ‘SNIPER’, or ‘us’ or ‘our’ or ‘we’ refers to MobileDigital, the owner of the website, whose registered office is 4/17 Commercial Drive, Ashmore, Queensland. The term ‘you’ or ‘your’ refers to the website user.Your use of this website is subject to the following terms and conditions:
- The content of this website is for your general information and use only. It is subject to change without prior notice.
- Neither we nor any third parties provide any warranty or guarantee as to the performance, accuracy, timeliness, completeness or suitability of the information and materials found or offered on this website for any particular purpose. You hereby acknowledge that such information and materials may contain mistakes, inaccuracies or errors and we expressly exclude any liability for such to the fullest extent permissible by law.
- Your use of any information or materials on this website is entirely at your own risk, for which we shall not be liable. It shall be your own responsibility to ensure that any products, services or information available through this website meet your specific requirements.
- This website contains material which is owned by or licensed to us. This material includes, but is not limited to, the content, design, layout, appearance, look and graphics of the website. Any reproduction of the website’s material is prohibited other than in accordance with the copyright notice, which forms part of these terms and conditions.
- All trademarks reproduced in this website, which are not the property of, or licensed to us, are acknowledged on the website.
- Unauthorised use of this website may be a criminal offence and/or give rise to a claim for damages.
- This website may also, on occasion, include links to other websites which are not controlled by us. These links are provided for your convenience to provide you with further information. You acknowledge that they are used at your own risk. They do not signify that we recommend or endorse the websites. We have no control over the nature, content and availability of those websites.
- Your use of this website and any dispute arising out of your use of it is subject to the laws of Queensland.
- You may only use the website for lawful purposes and in a manner consistent with the nature and purpose of the website.
- These terms and conditions do not relate to your use of any product or service described on our website unless otherwise agreed. You must refer to the individual warranty relevant to any particular product or service.
- These terms and conditions may be amended from time to time. Your continued use of our website following any such amendments will be deemed to be confirmation that you accept those amendments.
- You indemnify us from and against all claims, suits, demands, actions, liabilities, costs and expenses (including legal costs and expenses on a full indemnity basis) resulting from your use of the website.
- In no event will we be liable for any loss, damage, cost or expense including legal costs and expenses (whether direct or indirect) incurred by you in connection with the use of this website.
Every effort is made to keep the website up and running smoothly. However, we take no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.
FAIR USE POLICY
- Respectful engagement and reasonable and non-invasive communication must be considered at all times.
- The removal of customer Fear Uncertainty and/or Doubt (FUD) is the best way to ensure the ongoing credibility and integrity of your communications. MobileDigital is aware that 50% of malware on mobile phones is from phishing and spoofing, and if we are aware, so are your customers – therefore clear links with brand recognisable URL addresses are a mandatory component of our messaging regime.
- ALL communications must be clear.
- MobileDigital will not send SPAM.
- MobileDigital will not render or deliver messages with poorly formatted, truncated or complex links that are not immediately obvious and clear to the receiver.
- MobileDigital will NOT send anything offensive, promote anything illegal, or to harass anyone.
- MobileDigital reserves the right to not send communications that are not in accordance with this policy.
- We work hard to maintain the positive reputation of our system, but we count on our clients to pitch in too. You may not:
- Use the Service in any way that is unlawful or illegal.
- Send MMS or SMS messages to mobile numbers that are not one of your existing customers or known or related contacts.
- Spam your customers with MMS or SMS messages; the impact and value of MMS messages are directly related to the impact and the uniqueness.
- Send MMS or SMS messages to customers that have opted out or have requested to opt out<./li>
- Send MMS or SMS messages past 8 pm at night or before 6am.
OTHER PRACTICES MAY BE RELEVANT IN DETERMINING LEGITIMATE USE
- MobileDigital reserves the right to refuse delivery of any unlawful or prohibited use.
- MobileDigital will also take abnormal or unusual activity into account in making its determination.
- MobileDigital may at its option, terminate or suspend its relationship immediately if it determines you are using the product contrary to this FUP.
STANDARD DATA PROCESSING AGGREEMENT (SAMPLE)
This Supplementary Agreement (“Agreement”) dated _______ 201[ ] is between:
(1) (“the Controller) and
(2) MobileDigital Marketing™ Pty Ltd ABN: 55 614 170 357 , MobileDigital Marketing Ltd. · CRN: 10014105 (“the Processor”)
A) This Agreement is supplemental to any other separate agreement entered into between the parties and introduces further contractual provisions to ensure the Controller and the Processor comply with their respective obligations under the GDPR in respect of the Data Processing.
B) Recital 81 and Article 28of the GDPR place certain obligations upon a Controller to ensure that the Processor it engages under the terms of this Agreement provides sufficient guarantees in terms of: i) expert knowledge, ii) reliability and resources, iii) ability to implement technical and organisational measures which will meet the requirements of the GDPR including for the security of processing
C) The Controller must also take into account the specific tasks and responsibilities of the Processor under this Agreement in the context of the processing to be carried out and the risks to the rights and freedoms of the data subject
D) This Agreement exists to ensure that there are sufficient guarantees in place as required by the GDPR and that the processing complies with the obligations imposed on both the Controller and the Processor under the GDPR.
“Data” shall mean [List the categories of the data that is being processed and the categories of data subjects this processing relates to]
“Data Subject” shall have the same meaning as set out in Article 4 (1) of the GDPR and means an identified or identifiable natural person
“EEA” means the European Economic Area – the 28 Member states of the European Union plus Iceland, Lichtenstein and Norway
“GDPR” means the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and the Council
“Incident” has the same meaning as a personal data breach in Article 4 (12) of the GDPR and means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Data , transmitted, stored or otherwise processed under the terms of this Agreement
“Processing” shall mean any operation or set of operations which is/are performed upon Data , (whether or not by automatic means) including collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction. Such processing may be wholly or partly by automatic means or processing otherwise than by automatic means of Data which form part of a filing system or one intended to form part of a filing system. A filing system shall mean any structured set of Data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographic basis.”
(a) This Agreement shall apply to all Data processed from the date of this Agreement by the Processor on behalf of the Controller until the date of termination of this Agreement.
3. Purpose of Processing
a) The Processor shall process the Data it processes on behalf of the Controller, solely for the provision of personalising communications and identifying mobile users on behalf of the client in outbound communications and identifying and applying rules to inbound communications from mobile users to clients
in accordance with the written instructions of the Controller (including when making a transfer of personal data to countries outside the EEA) unless required to do by law. The Processor must inform the Controller of what processing the Processor is required to do so by law unless the Processor is prohibited under the relevant law from notifying the Controller of such processing. The Processor shall not process the Data for any other purpose except with the express written consent of the Controller.
b) The Controller confirms and warrants that the Processing of the Data, including the transfer of the Data to the Processor, has been and will continue to be carried out in accordance with the relevant provisions of the GDPR and does not violate the relevant provisions of the EEA country in which the Controller is established
4. Duration of processing
a) The Processor shall process the Data for as long as the separate outsourcing agreement for the provision of SNIPER by MobileDigital services dated [date/month/ year of outsourcing agreement] remains in full force and effect.
5. Type of Personal data
The Processor will process the following types of personal information
•Mobile Numbers , needed in order to create a customer entity
•Personal Details, if loaded by client
• family details, if loaded by client
• lifestyle and social circumstances
• goods and services purchased or offered
• financial details if pertaining to policy or contract reminders
• employment and education details if communication is from such entities
• visual media, if this media is part of the inbound communication
• responses to surveys, if we are the originator of the form supplied
• profile data where relevant to the communication
• tracking data from web activity where necessary for communications received and stored
5. Categories of data subjects
The Processor will process information about the following categories of data subjects
• prospective customers
• individuals contacted when responding to a complaint or enquiry
• service providers
• applicants for a licence or registration
• survey respondents
6. Security and Confidentiality of Data
a) The Processor and the Controller shall implement appropriate technical and organisational measures to ensure a level appropriate to the risks that are presented by the data processing in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal transmitted, stored or otherwise processed.
b) Both the Controller and Processor shall take into account the following when determining the measures:
i) the state of the art, and
ii) the cost of implementation of the measures, and
iii) the nature, scope context and purposes of processing, and
iiv) the risk of varying likelihood and severity for the rights and freedoms of individual Data Subjects
c) The Controller and Processor agree that the measures security measures taken in accordance with Clause 6 (a) of this Agreement after assessment with the requirements of the GDPR are appropriate to protect Data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the Processing involves the transmission of Data over a network, and against all other unlawful forms of Processing, and that these measures ensure a level of security appropriate to the risks presented by the Processing and the nature of the Data to be protected having regard to the state of the art and the cost of their implementation; shall ensure a level of security appropriate to the risk,
d) The measures taken shall include amongst others the following items, where appropriate, from the non- exhaustive list below:
i) the pseudonymisation and encryption of Data
ii) the ability to ensure the ongoing confidentiality, integrity and availability and resilience of processing systems and services
iii) the ability to restore the availability and access to Data in a timely manner in the event of a physical or technical Incident
iv) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
e) The Controller and the Processor may use adherence to an approved code of conduct as referred to by Article 40 of the GDPR or an approved certification mechanism as referred to in Article 42 as an element by which to demonstrate compliance with the requirements set out above in clause 6 ) (b) (c) and (d) of this Agreement
f). The Processor shall ensure that each of its employees, agents or subcontractors are made aware of its obligations with regard to the security and protection of the Data and shall require that they enter into binding obligations with the Processor in order to maintain the levels of security, protection and confidentiality provided for in this Agreement.
g). The Processor shall not divulge the Data whether directly or indirectly to any person, firm or company without the express consent of the Controller except to those of its employees, agents and subcontractors who are engaged in the processing of the Data and are subject to the binding obligations referred to in Clause 6 (e) of this Agreement above).
7. Incident Reporting
a) The Processor must have effective processes for the identification, management and reporting of Incidents. Any Incident, suspected or actual, involving the Controller’s Data must be reported immediately to the Controller. An Incident may include but not be limited to:
• Security breach or fraud
• Misuse of relevant system storing Controller’s Data
• Misuse, loss or corruption of the Controller’s Data
• Unauthorised access to, use of, alteration, amendment or deletion of Controller’s Data
• Physical security incident
• Any unapproved requirement to disclose Controller’s Data to a third party
b) The Processor will be expected to promptly investigate any such Incident, provide status updates throughout the Incident, where appropriate cooperate with reasonable Controller requests during the management of the Incident or permit the Controller to support the management of the Incident, and send a written report to the Controller, describing the nature of the Incident, stating any control weaknesses discovered, and any actions taken/planned. A plan to agree any reasonable additional controls, either identified by the Processor or the Controller, to prevent or reduce the likelihood of a similar Incident must be agreed and monitored.
c) The Processor will assist the Controller in informing Data Subjects if there has been an Incident involving the Processor.
d) The Processor will assist the Controller in informing any relevant supervisory authority of an Incident.
8. Processor’s appointment of a sub – processor
a) The Processor will not engage a sub processor to process the Controller’s Data, without the prior specific or general or written authorisation of the Controller.
b) If the Processor employs a sub – processor under the Controller’s prior general written authorisation the Processor will inform the Controller in writing of any intended additions to or replacement of sub- processor(s) the Processor uses to carry out processing of the Controller’s personal data at least 5 days before the date of any intended additions or changes to the sub processors.
c) If the Controller objects to any such additions to or replacement the Controller shall inform the Processor 5 days of receiving the notice in Clause 8 (b) of this Agreement. Upon receipt of such a notice of objection the Processor shall not make the intended addition or replacement of [a] sub – processor(s)
d) The Processor, upon receipt of a notice under Clause 8 (c) of this Agreement above may choose another sub – processor(s) it wishes to add to or act as a replacement to the existing sub- processor(s) it uses to carry out the processing. The Processor will then inform the Controller in accordance with clause 8( b) of this Agreement and the Controller will have the right to object in accordance with clause 8 (c) of this Agreement
e) The Processor shall ensure by written contract that any agent or sub-processor employed by the Processor to process Data to which this Agreement relates:
i) imposes the same contract terms as listed in Clause 6 – Security and Confidentiality of Data and Clause 7 Incident reporting of this Agreement on any agent or sub- processor
ii) makes it clear that the Processor and not any agent or sub-processor will be liable to the Controller for the compliance of the agent or sub- processor with data protection law
f) The Processor will immediately inform the Controller of any Incident involving any of its’ permitted sub-contractors or sub-processors in accordance with Clause 7 Incident reporting of this Agreement.
g) The Processor will assist the Controller in informing Data Subjects if there has been an Incident involving any of its’ permitted sub-contractors or sub-processors in accordance with Clause 7 Incident reporting of this Agreement.
h) The Processor will assist the Controller in informing any relevant supervisory authority of an Incident.
9. Data Subjects rights
a) The Processor shall have appropriate technical and organisational means taking account of the nature of the Processing in so far as this is possible for the fulfilment of the Controller‘s obligation to respond to requests for exercising the following Data Subject’s rights :
i) information rights under Articles 13 and 14 of the GDPR
ii) right of access by the Data Subject under Article 15 of the GDPR
iii) right to rectification under Article 16 of the GDOR
iv) right to erasure under Article 17 of the GDPR
v) right to restriction of processing under Article 18 of the GDPR
vi) notification regarding the right of rectification and/or erasure of personal data and/or restriction of processing under Article 19 of the GDPR
vii) right to data portability under Article 20 of the GDPR
10. Assisting the Controller
a) The Processor will assist the Controller, taking into account the nature of the Processing and the information available to the Processor, to meet the Controller’s obligations
i) to keep Data secure in accordance with Article 32 of the GDPR
ii) to notify Incidents in accordance with Article 33 of the GDPR
iii) to advise Data Subjects when there has been an Incident in accordance with Article 34 of the GDPR
iv) to carry out data protection impact assessments (DPIAs) in accordance with Article 35 GDPR
v) to consult with the Controller’s supervisory authority where a DPIA indicates there is an unmitigated high risk in accordance with Article 36 of the GDPR
vi) The Processor will immediately pass on any notices, requests or other communications from a Data Subject. The Processor will not act on any request from a Data Subject, without the full written authority of the Controller.
vii) If a privacy impact assessment indicates that there is an unmitigated high risk to the rights and freedoms of the Data Subject, the Processor will assist the Controller in consulting with the relevant supervisory authority or authorities
11. Audit, inspections and legal processing
a) The Processor must provide the Controller with all the information that is needed to show that both the Processor and the Controller have met their obligations under Article 28 of the GDPR
b) The Processor must submit and contribute to audits and inspections conducted by the Controller or another auditor mandated by the Controller.
a) The Processor shall , allow the Controller and/or its auditors, or their representatives, to have access to and audit relevant processes, procedures, documentation, and/or any premises of the Processor. Such access may take place on 5 days’ prior written notice to the Data Processor. The Controller agrees to reimburse the Processor any reasonable charge for the audit, at the hourly rates agreed within the Controller’s contract with the Processor.
b) If the Controller reasonably believes that the Processor is in breach of any of its obligations under this Agreement or in which case the Controller shall not be obliged to give such prior notice and the Processor shall ensure that a Processor appointed representative shall provide full co-operation and assistance to the Controller and/or its representatives, auditors at no additional charge to the Controller.
c) The Processor shall inform the Controller if any instruction that the Controller gives, infringes the GDPR or other EU, or EEA member state data protection provisions.
12. Processor’s responsibilities and liabilities under the GDPR
a) The Processor is aware that it may be subject to enforcement action by any relevant data protection supervisory authority to which the Controller is subject under Article 58 (Powers of the supervisory authority) of the GDPR.
b) The Processor is aware that if it fails to meet its obligations as set out in this Agreement and under Article 83 (General conditions for imposing administrative fines) of the GDPR, it may be subject to an administrative fine.
c) The Processor is aware that if it fails to meet its obligations under GDPR, it may be subject to a penalty under Article 84 (Penalties) of the GDPR.
d) The Processor is aware that if it fails to meet its obligations under GDPR, it may have to pay compensation to individual Data Subjects under Article 82 (right to compensation and liability) of the GDPR.
e) The Processor will appoint a data protection officer, if required in accordance with Article 37 (designation of the data protection officer) of the GDPR.
f) The Processor will appoint (in writing) a representative within the European Union if required because it is not established in the European Union and the provisions of Article 3 (2) apply in accordance with Article 27 (representatives of controllers or processors not established in the Union) of the GDPR .
The Processor’s liability to the Controller for any loss or damage of whatsoever nature suffered or incurred by the Controller or for any liability of the Controller to any other person for any loss or damage of whatsoever nature suffered or incurred by that person shall to the extent permitted by law not exceed [To Be agreed between the parties].
a) Subject to Clause 14 (b) either Party may terminate this Agreement upon giving 1 months prior written notice to the other. Upon the date of termination of this Agreement, the Processor shall return or delete at the Controller’s choice any Data received from the Controller to the Controller
The Processor shall not be obliged to return or delete any Data received from the Controller which has:
a) already been deleted in the normal course of events or
b) the Processor is required to retain by law.
b) Notwithstanding termination of this contract, the provisions of this Agreement shall survive the termination of this Agreement and shall continue in full force and effect for a period of 2 years from the date of termination of the Agreement. The obligations contained in Clause 6 of this Agreement – Security and Confidentiality of Data – and Clause 7of this Agreement- Incident Reporting shall continue indefinitely.
This Agreement shall not be transferred or assigned by either party except with the prior written consent of the other.
This Agreement shall be governed by and construed in accordance with the law of England and Wales and the parties shall submit to the exclusive jurisdiction of the Courts of England and Wales.
IN WITNESS WHEREOF, each of the Parties hereto has caused the Agreement to be executed by its duly authorised representative.