Terms and conditions
KILI TERMS AND CONDITIONS
Last Updated: March 15th 2023
PLEASE READ THE FOLLOWING TERMS AND CONDITIONS (THE “TERMS”), WHICH ALONG WITH ANY APPLICABLE ORDER FORM AND ALL SUPPLEMENTAL TERMS THAT MAY BE PRESENTED TO YOU FOR YOUR REVIEW AND ACCEPTANCE (COLLECTIVELY, THE “AGREEMENT”) CONSTITUTE THE AGREEMENT BETWEEN THE ENTITY SUBSCRIBING TO USE THE SERVICES (“YOU” OR “CUSTOMER”), AND EITHER (I) KILI TECHNOLOGY INCORPORATED, A COMPANY REGISTERED WITH VIRGINIA STATE CORPORATION COMMISSION (SCC) LOCATED 1411 BROADWAY FL 16, NEW YORK, NEW YORK 10018-3471, UNITED STATES OF AMERICA, WHEN CUSTOMER IS LOCATED IN NORTH AMERICA (INCLUDING UNITED STATES OF AMERICA, MEXICO) OR (II) KILI TECHNOLOGY SAS, A FRENCH SIMPLIFIED JOINT STOCK COMPANY REGISTERED IN THE TRADE AND COMPANIES REGISTER OF PARIS UNDER THE NUMBER 843 210 014, WHOSE HEAD OFFICE IS LOCATED 47 BOULEVARD DE COURCELLES, 75008 PARIS, FRANCE, WHEN CUSTOMER IS LOCATED OUTSIDE OF NORTH AMERICA. (“KILI”).
THIS AGREEMENT REPRESENTS THE ENTIRE AGREEMENT CONCERNING THE SERVICES BETWEEN THE PARTIES AND IT SUPERSEDES ANY PRIOR PROPOSAL, REPRESENTATION, OR UNDERSTANDING BETWEEN THE PARTIES. KILI AND CUSTOMER ARE HEREINAFTER JOINTLY DEFINED AS THE “PARTIES” OR INDIVIDUALLY A “PARTY”.
BY EXECUTING AN ORDER FORM THAT REFERENCES THIS AGREEMENT, OR BY TICKING A BOX PROVIDED FOR THIS PURPOSE ON KILI’S WEBSITE, OR BY ACCESSING OR USING, OR SUBSCRIBING TO USE THE SERVICES, YOU ARE ACCEPTING AND AGREEING TO BE BOUND BY AND TO COMPLY WITH ALL THE TERMS AND CONDITIONS OF THIS AGREEMENT (PERSONALLY AND ON BEHALF OF ANY COMPANY OR OTHER LEGAL ENTITY THAT YOU REPRESENT WHEN USING THE SERVICES OR THAT YOU NAME AS THE USER WHEN YOU CREATE AN ACCOUNT), AND YOU REPRESENT AND WARRANT THAT YOU HAVE THE RIGHT, AUTHORITY, AND CAPACITY TO ENTER INTO THIS AGREEMENT AND TO BIND ANY COMPANY OR OTHER LEGAL ENTITY YOU REPRESENT TO THIS AGREEMENT. THE TERMS OF ALL ORDER FORMS ENTERED INTER HEREUNDER SHALL BE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU DO NOT AGREE WITH ALL OF THE PROVISIONS OF THIS AGREEMENT, DO NOT ACCESS AND/OR USE THE SERVICES.
Kili may change these Terms from time to time at its sole discretion, and if it makes any material changes, it will attempt to notify You by sending You an email to the last email address You provided to Kili and/or posting a notice on Kili’s website. Therefore, You agree to promptly notify Kili of any changes in your email address. Any material changes to these Terms will be effective upon the (1) earlier of your acceptance of the new Terms or (2) next renewal date of the Agreement pursuant to the applicable Order Form. If You continue to use the Kili Solution and Services after any change as taken effect, Kili assumes that You have agreed with said changes. If You disagree with any changes to the Terms, You must terminate your use of the Services prior to the next renewal of the Agreement.
1.1 "Affiliate”: means any entity that directly or indirectly Controls, is Controlled by, or under common Control with a Party, where “Control” means the direct or indirect control of more than 50% of the voting rights or equity interests of a Party or the power to direct or cause the direction of the management and/or business strategy of that Party.
1.2 “Authorized Users”: means the individually-identified employees, contractors, representatives or consultants of Customer who have registered on the Platform, and who are permitted to use all or part of the Kili Solution and Services.
1.3 “Customer Data” means all data, content, assets, information, text, drawing, image, video, audio, statistics, analysis and other materials embodied in any form which are supplied to Kili or imported into the Kili Solution by Customer or by a partner under the control of Customer (and/or its Authorized Users).
1.4 "Documentation" means the documents provided by Kili relating to the receipt, operation and use of the Services, including without limitation technical program or interface documentation, user manuals, operating instructions, functionalities, applications, online help guide, quick reference guides and release notes, accessible here: https://docs.kili-technology.com/docs
1.5 “Error” means a reproducible failure of the Kili Solution to substantially conform to the Documentation.
1.6 “Hosting Mode” means, depending on the context, the Software as a Service (SaaS), the On-Premise Data and/or the On-Premise Enterprise mode, as may be specified on any applicable Order Form.
1.7 “Intellectual Property Rights” means (i) patent, copyrights, and related rights, moral rights, rights in computer software and other neighbouring rights, designs (including registered designs and design rights), trademarks, service marks, trade or business names, brand names, domain names and URLs, rights in trade secrets, knowhow and confidential and undisclosed information (such as inventions, whether patentable or not), rights in logos and patents, database; and (ii) all registrations or applications to register, renew and/or extend any of the items referred to in paragraph (i); and (iii) any other rights of a similar nature, however designated, whether registrable, registered or not, in any country.
1.8 “Kili Solution” means each and together the Platform and the Software made available to Customer to enable Customer to upload Customer Data into the Kili Solution and review, label, annotate, classify the Customer Data in a labeling collaborative interface.
1.9 “Kili”: means either (i) Kili Technology Incorporated, duly incorporated under the laws of the state of Delaware and located 1411 Broadway 16th floor, New York, NY 10018, United States of America when Customer is located in North America (including United States of America, Mexico) or (ii) Kili Technology SAS, a French simplified joint stock company registered in the Trade and Companies Register of Paris under the number 843 210 014, located 47 Boulevard de Courcelles, 75008 Paris (France) when Customer is located outside of North America.
1.10 “Labelled Customer Data” means any Customer Data that has been labelled, annotated, classified, tagged via the Kili Solution by Customer or in collaboration with a third-party.
1.11 “License” means, depending on the context, the “Developer License”, “Team License” or “Enterprise License”, or any other license as may identified on any applicable Order Form that is granted by Kili to Customer for the use of the Kili Solution.
1.12 “Licensing Policy”: the licensing policy for each License is available on Kili’s website and containing the parameters defining the License, granted permissions and related use restrictions.
1.13 “Order Form” means all written order forms or other ordering documentation, including online subscription forms, entered into by the Parties hereunder and referencing this Agreement, identifying the applicable Services to be made available by Kili, and containing the pricing, subscription term, and other specific terms and conditions applicable to the Services.
1.14 “Personal Data”: means any information relating to an identified or identifiable natural personal, within the meaning of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (the “GDPR”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
1.15 “Platform”: means the Kili platform available at the following URL https://cloud.kili-technology.com/ , or at any other address that may be substituted for this one whereby, which is used for the purpose of providing the Kili Solution and Services.
1.16 “Services”: means the services to be provided by Kili to Customer as described in these Terms, and according to any Order Form.
1.17 “Software”: means (i) proprietary software and its functionalities (to include its API’s) edited and developed by Kili, including any update, improvements, new versions, new release, modifications, patches, and interfaces and similar works derived work thereto (ii) the associated Documentation; as well as all methods, documents, concepts, codes (source or object) related thereto.
The purpose of this Agreement is to specify the terms and conditions under which Kili makes the Kili Solution available to Customer and its Authorized Users, enabling Customer and its Authorized Users to access and use the technological tools to review, label, annotate Customer Data and all the Services provided under this Agreement. The rights of access and use of the Kili Solution and Services under this Agreement are strictly limited to those expressly granted in this Agreement, depending on the type of License and Hosting Mode selected by Customer.
Kili provides three Hosting Modes for using the Kili Solution:
Software as a Service (SaaS): whereby Kili’s Software and Platform, Customer Data and Labelled Customer Data are made available remotely as a Software as a Service (SaaS), hosted on Kili’s and its cloud providers’ cloud infrastructure.
On-Premise Data (hybrid): whereby Kili’s Software and Platform, as well as Labelled Customer Data are made available as a Software as a Service (SaaS), hosted on Kili’s and its cloud providers’ cloud infrastructure. Customer Data remains on Customer’s infrastructure and Kili does not access to such Customer Data.
On-Premise Enterprise: whereby Kili’s Software and Platform, as well as Customer Data and Labelled Customer Data are hosted on Customer’s infrastructure. Kili’s Platform and Software are installed on hardware owned or arranged by and under the control of Customer, such as Customer owned hardware, a private cloud or a public cloud. Kili does not access to such Customer Data and Labelled Customer Data.
3. AVAILABILITY OF THE KILI SOLUTION
3.1 License Grant. Kili grants to Customer, a revocable, worldwide, non-exclusive, non transferable, non-sublicensable right to access and use the Kili Solution (and/or install as may be applicable), solely for Customer’s internal business purposes and in accordance with the applicable Licensing Policy and the associated Documentation, for the duration of the Subscription Term, subject to Customer’s full compliance with this Agreement and full payment of the Fees (as defined below). The choice of the License and Hosting Mode by Customer, and consequently the scope of the authorization granted by Kili, is indicated in any applicable Order Form. Customer select the License and Hosting Mode according to its needs and the objective sought in the use of the Kili Solution.
3.2 Authorized Users. Customer may allow the use of the Kili Solution and access to the Services to its Authorized Users provided that (i) Customer ensures its Authorized Users comply with the terms of this Agreement, in particular the AUP and (ii) Customer shall be liable towards Kili as if their acts and omissions would have been Customer’s own. Upon request, Customer will provide Kili with details and use reports of all Authorized Users having received access to the Kili Solution and Services. Customer will not use or make available the Kili Solution and Services in a manner that may allow any person or entity other than its Authorized Users to access or use the Kili Solution or otherwise permit unauthorized access to the Kili Solution.
3.3 Customer Affiliates. Any Customer Affiliate may place Order Forms with Kili, by referencing this Agreement, and such Customer Affiliate will be deemed as Customer, and this will cause such Affiliate to comply with Customer’s obligations herein.
3.4 Registration/Access. Customer represents and warrants that the information it or its Authorized User provide upon registration is accurate and warrants to update such information if the registration information changes. Customer is solely responsible for maintaining the confidentiality of Authorized Users' login credentials. Customer will prevent unauthorized access to, or use of, the Kili Solution, and notify Kili promptly of any unauthorized use known to Customer.
3.5 Usage and Licensing Policy. The scope of the License may vary according to the type of License and Hosting mode selected by the Customer. Customer choose the type of License and Hosting mode according to its needs and the objective sought in the use of the Kili Solution. Customer must use the Kili Solution in accordance with the relevant Licensing Policy and comply with all usage restrictions set by Kili on the number of Authorized Users (if any) or other usage limitations as set forth by Kili. Kili may grant certain licenses “for free” or “for trial” or as “early access”, “private preview” or “public preview”, or under a similar designation, for which subscription terms, commercial conditions are different and for which Kili has no obligation to provide any support and professional services.
4. THIRD PARTY PRODUCTS AND ANNOTATION SERVICES
4.1 Third Party Products. Kili Solution may contain or may be used with third party hardware, materials, equipment, browser, components, products, and/or certain software applications (collectively, “Third Party Products”), including open source software, which are the property of their owner. Customer acknowledges that the type of Third Party Products that may be recommended to acquire may vary depending on the License and Hosting Mode selected by Customer. Except if otherwise provided in writing, Third Party Products are not under Kili’s control and Customer hereby acknowledges that Kili is not responsible or liable for the operation, content, functions, accuracy, legality, appropriateness, or any other aspect of such Third Party Products. Any purchase or use of Third Party Products may be subject to additional terms of the applicable third-party provider to the extent required by the applicable third party provider (which terms shall not restrict the rights and obligations granted to Customer). Customer is responsible for acquiring and maintaining the required or recommended Third Party Products. Customer shall accept and comply with all Third Party Terms and shall indemnify and hold Kili harmless from all damages, costs, settlements, attorneys’ fees and expenses arising from or related to Customer’s breach of any Third Party Terms.
4.2 Annotation Services. Customer may use the Kili Solution in conjunction with annotations services to be provided by Kili’s service providers acting as subcontractors of Kili, or by employees of Customer or service provider of Customer. Except when Kili’s service provider acts as a subcontractor of Kili on behalf of Customer as agreed in writing in the Order Form and pursuant to section “Subcontracting”, (i) Customer will be solely responsible for determining which third party service provider will provide such annotation services while using the Kili Solution and (ii) Kili will not be liable for any issues with, or caused by, the annotation services that are outside Kili’s reasonable control.
5. CUSTOMER’S OBLIGATIONS
Customer will use the Kili Solution under its sole control, direction and responsibility (or its Authorized Users). Consequently, Customer shall (a) provide Kili with all information and provide cooperation reasonably required to assist Kili to carry out its obligations under these Terms and any Order Form, and in particular for installing the Software (if applicable), (b) designate one individual (as may be updated from time to time) to act as Customer’s representative for the purposes of accessing (installing) and using the Services who will be Customer’s primary point of contact with Kili, (c) provide an IT environment, equipment, software, electrical power compliant with the instructions of Kili, (d) fulfil all technical and functional prerequisites recommended by Kili, that among other things, sets out the list of hardware, devices, IT environment, equipment, software, browser recommended by Kili as suitable and necessary for the proper use of the Services. Kili’s provisions of the Kili Solution and Services is contingent upon the obligations and warranty provided herein.
6.1 Acceptable Use Policy (AUP). Customer represents that it will use the Kili Solution in accordance with this Agreement and the Acceptable Use Policy (“AUP”) as available and updated from time to time on Kili’s website and which are hereby incorporated into these Terms by reference. Customer is responsible for ensuring all Authorized Users comply with the AUP when accessing and using the Kili Solution (whether its employees, contractors, representatives or consultants).
6.2 Restrictions of Use. Without prejudice to the generality of the foregoing and to the greatest extent permitted by applicable laws, Customer will not, and will not allow or encourage any Authorized User or other third party to: (a) use, the Kili Solution or Services (i) to analyze the Kili Solution for benchmarking purposes, (ii) for the purpose of designing, modifying, creating a derivative work or creating any program that performs functions similar to the functions performed by the Kili Solution, (iii) to misappropriate or infringe any rights or violate any laws or contracts (b) allow any third party to access the Kili Solution except as expressly allowed herein; (c) copy all or part of the Kili Solution unless otherwise instructed by Kili; (d) sublicense, lease, sell, resell, rent, loan, distribute, transfer, assign or otherwise allow the use of the Kili Solution for the benefit of any unauthorized third party; (e) to reverse engineer, decompile, disassemble the Kili Solution or any portion of it, to modify, adapt, alter or translate, decompile, merge, develop versions or derivative works, reverse engineer, upgrade, improve or extend features or functionalities of the Kili Solution or otherwise derive or determine or attempt to derive or determine the source code (or the underlying ideas, algorithms, structure or organization) of the Kili Solution, except as expressly permitted by law and if it is essential to do so for the purpose of achieving interoperability of the Kili Solution or Services with another software program, and provided that Customer has first requested Kili to provide the information necessary to achieve such interoperability with at least 90 (ninety) days advance written notice and Kili has not made such information available; (f) interfere in any manner with the operation of the Kili Solution or the hardware and network used to operate the Kili Solution; (g) modify, copy or make derivative works based on any part of the Kili Solution or Documentation; (h) access or use the Kili Solution to build a similar or competitive product or service; (i) separate the components of the Software and install them on different devices; (j) create a digital file in which all or part of the Software is incorporated in a format that enables its extraction, editing, alteration, enrichment or modification by the recipient of such a document, in any way whatsoever; (k) attempt to access the Kili Solution through any unapproved interface; (l) otherwise use the Services in any manner that exceeds the scope of use permitted under Section 3 (Availability of the Kili Solution) or in a manner inconsistent with applicable law, the Documentation, or this Agreement or (m) remove, alter, or obscure any proprietary notices (including copyright and trademark notices) of Kili or its licensors on the Kili Solution or any copies thereof.
6.3 Personal Data Restrictions. When using Services through the SaaS mode, whenever the GDPR is applicable, Customer expressly undertakes to refrain from uploading Personal Data to the Platform, whatever the License chosen by Customer, unless an account manager at Kili is expressly notified in writing at least one (1) week prior to such upload and expressly accepts in writing that Kili shall process such Personal Data in its capacity as data processor. When using Kili’s Software, Platform and Services through the On-Premise mode, Customer is authorized to upload Personal Data to the Platform, it being specified that, in such a case, Customer will be considered as the controller of Personal Data within the meaning of the GDPR. The Parties agree that, should Personal Data be uploaded to the Platform by Customer through the On-Premise mode, Kili will not be considered as the processor of such Personal Data within the meaning of the GDPR, as, in such case, Personal Data uploaded to the Platform remains on the infrastructure of Customer and Kili does not carry out any processing of such Personal Data on behalf of Customer.
6.4 Termination/Suspension. Kili may immediately suspend or terminate all or part of Customer’s use of the Kili Solution and Services, if Customer or any of its Authorized Users violates the AUP or Customer Restrictions or Personal Data Restrictions, or if Kili reasonably believes that Customer or any of its Authorized User use of the Kili Solutions or Services may adversely impact the Kili Solution and Services, Kili’s or third parties’ rights, without prejudice to any other rights and remedies it may have under this Agreement or otherwise. The effective date of suspension or termination will occur after a notice of 15 calendar days, except in case of serious breach likely to involve the civil or criminal liability of Kili and / or other Users or adversely impact the Kili Solution, Kili’s or third parties’ rights, in which case the suspension or termination will be immediate.
7. TERM AND TERMINATION
7.1 Term. The term of this Agreement will begin on the effective date of the Order Form (“Start Date”) and continue in full force and effect as long as any Order Form remains in effect, unless earlier terminated in accordance with the Agreement (the “Subscription Term”). Unless otherwise agreed in the applicable Order Form, the term of an Order Form will continue in full force and effect for an initial period of twelve (12) months from the Start Date (the “Initial Subscription Term”), unless earlier terminated in accordance with the Agreement. Thereafter, the Order Form shall be automatically renewed for additional successive periods of twelve (12) months (each, a “Renewal Subscription Term”) unless written notice of termination is provided by either Party to the other at least three (3) months prior to the then current Initial Subscription Term or Renewal Subscription Term. For any License that is granted “for free” or “for trial” or as “early access”, or “private preview” or under a similar designation, the Subscription Term may be shorter and will be notified to Customer by Kili before Customer accepts these Terms.
7.2 Termination for material breach. Either Party may terminate this Agreement or any Order Form if the other Party materially breaches this Agreement, and such breach remains uncured more than thirty (30) days after receipt of written notice of such breach sent by registered letter with acknowledgement of receipt or registered letter, without prejudice to any other remedies it may have against Customer under this Agreement or otherwise. In case of late payment of more than 45 days past due, Kili will be entitled to terminate the Order Form or this Agreement by written notice if such breach remains uncured thirty (30) days after written notice.
7.3 Additional Termination Events: This Agreement may be terminated by Kili (i) in case of change of Control or in case Customer does not notify the change of Control as prescribed in the Change of Control Section (ii) if Customer commences or has commenced against them bankruptcy or dissolution proceedings, has a receiver appointed for a substantial part of its assets, is unable to pay its invoices or loans when due, or ceases to operate in the ordinary course of business, subject to mandatory laws.
7.4 Effect of Termination. Upon termination or expiration of an Order Form or of this Agreement for any reason: (a) all licenses and right to use the Kili Solution and Services granted hereunder will immediately terminate and Kili will automatically close Customer’s and any and all Authorized User’s accounts; (b) each Party shall promptly return or destroy all Confidential Information of the other Party, (c) within six (6) months, Kili will return Customer Data in Kili’s possession requested by Customer, after which Kili may destroy Customer Data and (d) any amounts owed to Kili under this Agreement will become immediately due and payable. Customer understands that, except as otherwise provided in this Agreement, Customer will not be entitled to a refund of any Fees paid hereunder.
7.5 Survival. Sections 1 (Definitions), 6 (Restrictions), 7.4 (Effect of Termination), 7.5 (Survival), 8 (Intellectual Property), 10.1 (Customer Data Ownership), 10.2 (Customer Data Responsibility), 13 (Warranties and Disclaimers), 14 (Limitation of Liability), 15 (Indemnification), 16 (Confidentiality), 19 (Notice), and 20 (Miscellaneous) will survive expiration or termination of this Agreement for any reason.
8. INTELLECTUAL PROPERTY
8.1 Ownership. The Kili Solution and Documentation, any modifications thereto and all worldwide Intellectual Property Rights therein, remain the exclusive property of Kili. All rights in and to the Kili Solution and Documentation not expressly granted to Customer in this Agreement are reserved by Kili. Except as expressly set forth herein, no express or implied license or right of any kind is granted to Customer regarding the Kili Solution, Documentation, or any part thereof.
8.2 Feedback. Customer hereby grants to Kili a non-exclusive, royalty-free, irrevocable license, to fully exploit any suggestions, ideas, enhancement requests, feedback, or recommendations Customer provides to Kili that relate to the Kili Solution and Services.
8.3 Usage Data. Customer also grants Kili a non-exclusive, royalty-free, worldwide, transferable, sublicensable, irrevocable, limited license to use, reproduce, display, distribute, transmit, perform, and create derivative works of the Customer Data in an aggregated or de-identified form (such data, once in aggregated or de-identified form, the “Usage Data”) during and after the term to: (A) improve the Services; (B) provide analytics and benchmarking services; and (C) generate and disclose statistics regarding use of the Services, provided, however, that no statistics will be disclosed to third parties in a manner that would directly identify Customer without Customer’s consent.
9. SOFTWARE MODIFICATION, PROVISION OF SUPPORT & PROFESSIONAL SERVICES
9.1 Software Modification. Kili may from time to time at its sole discretion modify, update, upgrade or extend the Kili Solution (including, without limitation, for the purposes of adding features and functionality, or enhancing security or usability), provided that any modification, updated, upgrade or extension to the Kili Solution is not materially detrimental to Customer. Any enhancement, updates or upgrade are included in the Fees. Any additional feature, functionality or additional Services that may be deployed by Kili after the effective date of this Agreement are not included in the Fees and if Customer wishes to purchase it, will be invoiced at Kili 's then current price, subject to the prior agreement of both Parties during the Subscription Term.
9.2 Support Services. In addition, Kili will provide operational and technical support and/or maintenance services necessary to the proper use of the Kili Solution, including all applicable updates, and web-based support assistance. The scope of these support services will depend on the License and Hosting Mode selected by Customer. Customer may be required to subscribe to premium support services depending on the License and Hosting Mode selected. Support services are described in Kili’s website and Licensing Policy and may be further described in any applicable Order Form or document that references and incorporates these Terms. Support services are included in the subscription Fees as provided in the applicable Order Form. Kili has no obligation to provide any support services for any License that is granted “for free” or “for trial” or as “early access”, “private preview” or under a similar designation.
9.3 Professional Services. Other professional services may be made available to Customer subject to additional fees to be agreed in writing between the Parties.
10. CUSTOMER DATA
10.1 Customer Data Ownership. As between the Parties, Customer shall retain all right, title and interest in and to the Customer Data, including all Intellectual Property Rights therein, as well on any information, data, materials and or intellectual property rights provided by Customer and/or any Authorized User in connection with the Kili Solution and Services or under this Agreement.
10.2 Customer Data Responsibility. Customer, not Kili, shall have sole responsibility for the accuracy, quality, integrity, legality, reliability, appropriateness, and intellectual property ownership or right to use of all Customer Data. Customer will obtain all third-party licenses, consents and permissions needed for Kili to use the Customer Data to provide the Services. Customer represents and warrants (a) that it has all necessary permissions and consents necessary to provide, transmit or supply in the Kili Solution the Customer Data and (b) that Customer Data and its use hereunder will not (i) infringe any copyright, trademark, patent or any intellectual property rights of third parties; (ii) misappropriate any trade secret; (iii) be deceptive, defamatory, obscene, pornographic or unlawful or (iv) contain any viruses, worms or other malicious computer programming codes intended to damage Kili’s system or data.
10.3 Customer Data License. Customer grants Kili a non-exclusive, worldwide, royalty-free and fully paid license during the Subscription Term to use the Customer Data as necessary for purposes of providing and improving the Killi Solution and Services and as otherwise permitted by this Agreement.
11. PERSONAL DATA
11.2 Qualification of the Parties. Should Kili expressly accept to process Personal Data on behalf of Customer, Customer shall remain the data controller of such Personal Data within the meaning of the GDPR, whenever the GDPR is applicable. Customer expressly acknowledges that Kili has no direct relationship with data subjects whose personal data might be imported, hosted or transmitted into or through the Services and does not collect Customer Data.
11.3 On-Premise Hosting Mode. As indicated in Section 6.3 above, when using Kili’s Software, Platform and Services through the On-Premise Hosting Mode, Customer is authorized to upload Personal Data to the Platform, it being specified that, in such case, Customer will be considered as the controller of Personal Data within the meaning of the GDPR, whenever the GDPR is applicable. The Parties agree that, should Personal Data be uploaded to the Platform by Customer through the On
Premise Hosting Mode, Kili will not be considered as the processor of such Personal Data within the meaning of the GDPR, as, in such case, Personal Data uploaded to the Platform remain on the infrastructure of Customer and Kili does not carry out any processing of such Personal Data on behalf of Customer.
11.4 Obligations of the Parties. When Customer acts as data controller and Kili acts as data processor, the Parties agree to comply, each as far as it is concerned, with all the provisions applicable to them under the regulations on the protection of personal data, including, where appropriate, the French Law No. 78-17 on data processing, files and freedoms and the GDPR.
11.5 Customer’s obligations. Customer declares that, whenever the GDPR is applicable, it is aware of its obligations as data controller, in particular its obligations to (i) process Personal Data lawfully, fairly and in a transparent manner in relation to the data subjects, i.e., to inform data subjects of the processing of their personal data and ensure that the processing of such data has a legal basis and that the data subjects have, where applicable, given their consent to the processing of their personal data, (ii) to keep records of its processing activities, (iii) when applicable, to appoint a data protection officer, (iv) to notify in the event of a data breach, and (v) to carry out privacy impact assessments. This list is not exhaustive, and the Parties agree that it is the Customer's responsibility to take the necessary steps to comply with the aforementioned regulations in their integrality. Kili can in no way be held responsible for any failure of the Customer to meet its obligations regarding data protection.
11.6 Subject-matter and duration of the processing. When Customer acts as data controller and Kili acts as data processor under the GDPR, Customer instructs Kili, for the duration of the Agreement, to process Personal Data of Customer for the purpose of performing the Services and, notably, managing Authorized Users’ access to the Platform and monitoring Authorized Users’ activity, and, where appropriate, (A) providing maintenance services regarding the Platform, (B) improving the Services and upgrading the Platform; (C) generating and disclosing analytics regarding use of the Services, provided that no analytics are disclosed to third parties in a manner that would directly identify Customer without Customer’s consent.
11.7 Nature and purpose of the processing. The purpose of the processing is to provide Customer with the Services in view of enabling Customer to annotate data to train machine learning algorithms. The nature of the processing consists in the collection, consultation, hosting, storage, retrieval, use, erasure or destruction of Personal Data.
11.8 Type of Personal Data and categories of data subjects. In view of performing the Services, Kili may be required to process data relating to individuals. Such data may include the following categories of Personal Data:
Upon Customer’s request and Kili’s written acceptance, Personal Data uploaded to the Platform.
Upon Customer’s request and Kili’s written acceptance, data annotations.
Contact data (name, first name, e-mail, phone number, organization, position) of Customer’s
employees, service providers providing data annotation and labelling services or other third parties.
Logs and other technical data (IP addresses, timestamp, etc.) of Customer’s employees or other third parties.
11.9 Kili’s obligations. Whenever the GDPR is applicable, in its capacity as processor, Kili undertakes to:
Only process Personal Data on documented instruction from Customer, including with respect to transfers of personal data to a third country or international organization, unless required to do so by Union or French law. In this case, Kili informs the Customer of that legal requirement before processing, unless the law prohibits such information on important grounds of public interest.
Process Personal Data only for the purpose of performing the Services and, notably, managing Authorized Users’ access to the Platform and monitoring Authorized Users’ activity, and, where appropriate, (A) providing maintenance services regarding the Platform, (B) improving the Services and upgrading the Platform; (C) generating and disclosing analytics regarding use of the Services, provided that no analytics are disclosed to third parties in a manner that would directly identify Customer without Customer’s consent.
Ensure that persons authorized to process Personal Data under this Agreement have committed themselves to confidentiality or are subject to an appropriate legal obligation of confidentiality.
Take all measures required under Article 32 of the GDPR, including implementing technical and organizational measures listed in Appendix 1 to ensure a level of security appropriate to the risk.
When engaging one or more subcontractors other than those listed in this Agreement, inform the Customer of any intended changes concerning the addition or replacement of a subcontractor, thereby giving the Customer the opportunity to raise objections to such changes on reasonable grounds. Any objections must be notified by Customer to Kili in writing within eight (8) business days of receipt of Kili's request for approval. In the silence of the Customer from this period of eight (8) days, the Customer is presumed to have accepted the use of this subcontractor. If Customer objects to that change, the Parties will meet in good faith to resolve the issue through a mutually acceptable solution.
When a subcontractor is recruited by Kili to carry out specific processing activities on behalf of Customer, to impose on such subcontractor the same data protection obligations as those stipulated in this Article, in particular as regards providing sufficient guarantees as to the implementation of appropriate technical and organizational measures in such a manner that the processing meets the requirements of the GDPR.
Taking into account the nature of the processing, assist the Customer, through appropriate technical and organizational measures, insofar as this is possible, in fulfilling its obligation to respond to requests made by data subjects who exercise their rights under Chapter III of the GDPR (right to information, right of access, rectification, erasure and objection, right to limitation of processing, right to data portability, right not to be subject to an automated individual decision, including profiling). When a data subject contacts directly Kili to exercise its rights, Kili will transmit this request to the Customer, as soon as possible.
Upon request, provide reasonable assistance to the Customer in ensuring compliance with the obligations set out in Articles 32 to 36 of the GDPR, taking into account the nature of the processing and the information available to Kili, and in particular assist Customer to ensure compliance with its obligations related to the notification of a Personal Data breach and the conduct of impact assessments relating to data protection.
At the choice of Customer, delete all Personal Data or return them to the Customer after the end of the provision of services relating to the processing, and delete existing copies, unless Union law or Member State law requires storage of the Personal Data.
Upon request, make available to Customer all information necessary to demonstrate compliance with the obligations laid down in this Article and allow for and contribute to audits, on an annual basis at the most, including inspections by Customer or another independent auditor appointed by Customer, provided that such audit is (i) conducted upon at least ten (10) business days’ prior written notice, during regular business hours and without interrupting Kili's operations, and (ii) is restricted to the areas and documents relevant in the context of the processing of Personal Data under the Agreement. Customer shall alone bear the costs of the audit.
Inform Customer immediately if, in the opinion of Kili, instructions given by Customer infringe the GDPR or the applicable Union or Member State data protection provision.
In the event that Kili becomes aware, under the Agreement, of a breach of Personal Data, Kili undertakes to notify the Customer of this breach of data as soon as possible and to provide the Customer with all information that will allow it to meet its own obligations.
11.10 Subcontractors. It is expressly agreed between the Parties that, as of the date of the Agreement, Kili uses the following subcontractors:
Google and Microsoft Azure, for the purpose of hosting the Software, the Platform, Customer Data and Labelled Customer Data, in the context of the SaaS and On-Premise Data Hosting Modes, with servers located in Belgium.
Microsoft in relation to the Azure cloud services, with servers located in France. - Upon Customer’s request, a service provider that provides data annotation and labelling services.
11.11 Data transfers. Should Personal Data be transferred to the United States, whenever the GDPR is applicable, such transfer will be governed by the standard contractual clauses for international data transfers adopted by the European Commission on June 4, 2021, signed between Kili and its subcontractors, and specific organizational and technical guarantees will be put in place, including data encryption, the implementation of HTTPS protocol, security updates data backup and certifications (SOC 2, ISO27001, ISO27017, ISO27018).
12.1 Fees. Customer shall pay Kili the amount of the fees charged by Kili for the Kili Solution and Services as set forth on each applicable Order Form or as otherwise agreed in writing (the “Fees”). Unless otherwise agreed in any Order Form, all Fees will be made in cleared funds, without any deduction or set-off, and due within thirty (30) days from the date of the issuance of the invoice. The first invoice will be issued by Kili on the effective date of the Order Form. All Fees paid to Kili hereunder are non-refundable, save as otherwise provided in this Agreement.
12.2 Late payment. In case of late payment, any amounts due will bear interest at the rate of one- and one-half percent (1.5%) per month, or the maximum legal rate if less, from the due date until paid. Pursuant to local mandatory laws, an indemnity of 40 Euros (forty Euros) corresponding to a lump sum recovery indemnity will also be due and payable, without formalities when Kili Technology SAS is the invoicing entity. Where the debt for recovery costs incurred exceed the amount of this indemnity, Kili Technology SAS may request additional compensation, upon justification. Kili may also, without prejudice to any other remedies it may have against Customer under this Agreement or otherwise, be entitled to permanently discontinue or suspend the access and use of all or part of the Kili Solution until the invoice is fully paid, within 30 days from the notification by Kili of such non-payment if this breach is not remedied.
12.3 Taxes. Any Fees hereunder are exclusive of all taxes, value added, levies, import and custom duties, excise or other similar or equivalent taxes imposed on the supply of Services. Customers agree to pay any applicable value added, sales, or other transaction taxes, fees, charges, or surcharges that are owed under this Agreement under any applicable law. Each Party shall be responsible for taxes based on its own net income, employment taxes of its own employees, and for taxes on any property it owns or leases.
12.4 Sales and Use Tax. Kili Technology Incorporated is only considered as having a sales tax nexus in the following States: Florida, Georgia, Nevada and Virginia (the “Nexus States”).In all States other than the Nexus States, Kili Technology Incorporated is not considered as having a sales tax nexus in the Customer’s State and is not required to collect and remit sales tax on sales made to Customers located in or using our products outside of the Nexus States. Certain Customers are required to file a sale and use tax return remitting any unpaid taxes. Customer is responsible for consulting with its own tax advisor and complying with the regulations of the State where Services are used to determine if it is required to file such returns. By default, Kili Technology Incorporated invoices will be issued based on the assumptions that Customer does not have a Sales Tax Exemption Certificate nor a Sales Tax Multiple Points of Use Certificate, nor any other equivalent certificates. Kili Technology Incorporated. will issue invoices with the sales tax amount based on the shipping address indicated on Customer’s Order Form. If Customer has a Sales Tax Exemption Certificate, a Sales Tax Multiple Points of Use Certificate, or any other equivalent certificate, Customer shall submit it to Kili Technology Incorporated before the starting date of the Services.
12.5 Changes. Kili will not change the Fees applicable to an Order Form during the Subscription Term. However, Kili may change the Fees by providing a 45 days’ prior notice to Customer provided that any change in Fees shall not go into effect until the placement of a new Order Form or the renewal of any current Subscription Term following such notice.
13. WARRANTIES AND DISCLAIMERS
13.1 Limited Warranty. Kili represents and warrants that it will provide the Services and perform its other obligations under this Agreement in a professional and workmanlike manner substantially consistent with general industry standards. Kili further warrants to Customer that the Kili Solution will operate free from Errors during the Term, provided that such warranty will not apply to failures to conform to the Documentation to the extent such failures arise, in whole or in part, from (a) any use of the Kili Solution not in accordance with this Agreement or as specified in the Documentation; (b) any use of the Kili Solution in combination with other products, equipment, software or data not supplied by Kili; (c) any modification of the Kili Solution by any person other than Kili or its authorized agents or (d) failure or variations in electrical power or the telecommunications network. To the extent permitted by law, Kili’s sole liability under the Software warranty will be, in Kili’s reasonable commercial discretion, a repair or replacement of the Kili Solution, or if Kili determines that the foregoing remedy is not commercially reasonable, then either Party may terminate this Agreement.
13.2 Disclaimer. THE LIMITED WARRANTY SET FORTH IN SECTION 13.1 IS MADE FOR THE BENEFIT OF CUSTOMER ONLY. EXCEPT AS EXPRESSLY PROVIDED IN THIS SECTION 13 (WARRANTIES AND DISCLAIMERS), AND TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE KILI SOLUTION IS PROVIDED “AS IS” AND KILI MAKES NO (AND HEREBY DISCLAIMS ALL) OTHER WARRANTIES, REPRESENTATIONS, OR CONDITIONS, WHETHER WRITTEN, ORAL, EXPRESS, IMPLIED OR STATUTORY, INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE. KILI DOES NOT WARRANT THAT ALL ERRORS CAN BE CORRECTED, OR THAT OPERATION OF THE KILI SOLUTION WILL BE UNINTERRUPTED OR ERROR-FREE.
14. LIMITATION OF LIABILITY
14.1 Types of Damages. IN NO EVENT WILL EITHER KILI BE LIABLE TO THE CUSTOMER FOR ANY INCIDENTAL, INDIRECT, SPECIAL, CONSEQUENTIAL, INTANGIBLE OR PUNITIVE DAMAGES, REGARDLESS OF THE NATURE OF THE CLAIM, INCLUDING, WITHOUT LIMITATION, LOST PROFITS, LOSS REVENUE OR GOODWILL, COSTS OF DELAY, ANY FAILURE OF DELIVERY, BUSINESS INTERRUPTION, COSTS OF LOST OR DAMAGED DATA OR DOCUMENTATION, OR LIABILITIES TO THIRD PARTIES ARISING FROM ANY SOURCE, EVEN IF KILI HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
14.2 Amount of Damages. TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE MAXIMUM LIABILITY OF KILI ARISING OUT OF OR IN ANY WAY CONNECTED TO THIS AGREEMENT WILL NOT EXCEED THE FEES PAID BY CUSTOMER TO KILI DURING THE TWELVE (12) MONTHS PRECEDING THE ACT, OMISSION OR OCCURRENCE GIVING RISE TO SUCH LIABILITY.
15.1 By Kili. Kili will defend at its expense any suit brought against Customer, and will pay any settlement Kili makes or approves, or any damages finally awarded in such suit, insofar as such suit is based on a claim by any third party alleging that the Kili Solution infringes such third party’s patents, copyrights or trade secret rights under applicable laws of any competent jurisdiction within the limits of this Agreement. If any portion of the Kili Solution becomes, or in Kili’s opinion is likely to become, the subject of a claim of infringement, Kili may, at Kili’s option: (a) procure for Customer the right to continue using the Kili Solution; (b) replace the Kili Solution with non-infringing software or services which do not materially impair the functionality of the Kili Solution; (c) modify the Kili Solution so that it becomes non infringing; or (d) terminate this Agreement and refund any unused prepaid Fees for the remainder of the term then in effect, and upon such termination, Customer will immediately cease all use of the Kili Solution and Documentation. Notwithstanding the foregoing, Kili will have no obligation under this section or otherwise with respect to any infringement claim based upon (i) any use of the Kili Solution not in accordance with this Agreement or as specified in the Documentation; (ii) any use of the Kili Solution in combination with other products, equipment, software or data not supplied by Kili; or (iii) any modification of the Kili Solution by any person other than Kili or its authorized agents. This section states the sole and exclusive remedy of Customer and the entire liability of Kili, or any of the officers, directors, employees, shareholders, contractors, or representatives of the foregoing, for infringement claims and actions.
15.2 Procedure. Kili’s obligations as set forth above are expressly conditioned upon each of the foregoing: (a) Customer will promptly notify Kili in writing of any threatened or actual claim or suit; (b) Kili will have sole control of the defense or settlement of any claim or suit; and (c) Customer will cooperate with Kili to facilitate the settlement or defense of any claim or suit.
16.1 Confidential Information. During the term of the Agreement and for a period of five (5) years after the termination of the present terms and conditions, each Party shall keep confidential and not disclose to any other Party (or their Affiliates) or use, except as required by this Agreement, non-public information obtained from the other Party (“Confidential Information”), such as without limitation, the Kili Solution, trade secrets, know-how, business operations, plans, strategies, customers, pricing, whether or not marked or designated as “confidential”. It shall also include the existence of as well as the terms and conditions of these Terms and any Order Form placed hereunder; provided, however, that the receiving Party shall not be prohibited from disclosing or using information: (i) that is in the rightful possession of the receiving Party free of any obligation of confidence prior to receipt from the disclosing Party; (ii) that at the time of disclosure is publicly available or becomes publicly available through no act or omission of the receiving Party; (iii) that is or has been disclosed to the receiving Party by a third party who is not under (and to whom the receiving Party does not owe) an obligation of confidentiality with respect thereto; and (iv) that is or has been independently acquired or developed by the receiving Party. The receiving Party will treat the Confidential Information with no less than reasonable care and will not disclose or use the Confidential Information to anyone, except to its Representatives (as defined below), who need to know the Confidential Information for the purposes of this Agreement and are bound by a confidentiality obligation at least as restrictive of this section “Confidentiality”. The receiving Party may disclose Confidential Information of the providing Party to the minimum extent use or disclosure is required by court order or as otherwise required by law, on condition that notice of such requirement by law for such disclosure is given to the disclosing Party prior to making any such use or disclosure.
16.2 Representatives. Each Party will be responsible for any breach of these Terms by any of its directors, officers, employees, agents, contractors, Authorized Users, (collectively “Representatives”) to whom it allows access to Confidential Information. At the request of the disclosing Party, the receiving Party will identify and provide the names of its Representatives who have been given access to Confidential Information.
16.3 Equitable Relief. Each Party acknowledge that in the event of any breach or threatened breach of this section by either Party, the other Party may suffer irreparable harm and not possess an adequate remedy at law. Accordingly, each Party shall have the right to seek injunctive or other equitable relief to restrain such breach or threatened breach.
Kili may, at its expense, verify that Customer’s use, access, installation, or deployment of the Kili Solution comply with the terms of this Agreement and of any applicable Order Form. Additionally, no more than once every twelve (12) months, Kili may perform the verifications onsite, either directly or by appointing a Representative, and Customer agrees to provide all the required assistance and support. If the verification discloses a non-conformity Customer will immediately address it.
Kili shall be entitled to use one or more subcontractors for the performance of part of this Agreement (third party subcontractor, supplier or service provider selected by Kili for their know-how, expertise, and specific skill set to perform services that Kili is not in a position to entrust its own personnel with) subject to prior written Customer’s approval. In any case, Kili shall retain sole responsibility towards the Customer for the proper performance of this Agreement.
Unless otherwise provided herein, all notices under this Agreement will be in writing and will be deemed to have been duly given when received, if personally delivered; when receipt is electronically confirmed, if transmitted by email; and upon receipt, if sent by certified or registered mail (return receipt requested), postage prepaid. Kili may provide notice using the information provided in the most recent Order Form or updated information provided in the Customer's account. Customer may provide notice to the following address, as may be updated from time to time:
Orders: [email protected]
Invoices: [email protected]
Support: [email protected]
When Kili Technology SAS is the contracting entity:
Kili Technology SAS
47, Boulevard de Courcelles
When Kili Technology Inc is the contracting entity:
Kili Technology Incorporated
(c/o Orbiss Inc.)
1411 Broadway, 16th floor
New York, NY 10018,
United States of America
20.1 Publicity. Customer expressly authorizes Kili to use its trade name and logos, on any medium, in any of its promotional materials and/or campaigns, as well as in any other communication with third parties, for the purpose of communicating both internally and externally on the business relationship Kili has with Customer. Kili shall use Customer’s trademarks, logos and trade names in compliance with Customer’s guidelines and observe any reasonable instructions of Customer in this respect. Kili undertakes to not disclose to any Customer Data in any communications and case studies. This authorization is granted for the duration of this Agreement and for a duration of three (3) years after the termination/expiration of this Agreement.
20.2 Governing Law. This Agreement and any action related thereto will be governed and interpreted by and under the laws indicated below, depending on Customer domicile/headquarters, without regard to conflicts of law provisions. When Customer is located in North America, this Agreement and any action related thereto will be governed and interpreted by and under the laws of the State of New York. When Customer is located outside North America, this Agreement and any action related thereto will be governed and interpreted by and under the laws of France. The United Nations Convention on Contracts for the International Sale of Goods does not apply to this Agreement.
20.3 Venue. In the event of failure to reach an amicable solution, Customers in North America expressly consents to the personal jurisdiction and venue in the state and federal courts of New York County, New York (USA) for any lawsuit filed there against Customer by Kili arising from or related to this Agreement. In the event of failure to reach an amicable solution, Customers outside North America expressly consents to the exclusive jurisdiction of the Paris Courts (France) for any lawsuit filed between the Parties arising from or related to this Agreement.
20.4 Waiver. The failure or delay by either Party to enforce at any time the provisions of this Agreement or to request performance by the other Party of any such provision, shall in no way constitute a waiver of such provisions, nor in any way affect the validity of this Agreement or any part thereof, or the right of either Party thereafter to enforce each and every provision.
20.5 Severability. If any provision of this Agreement is, for any reason, held to be invalid or unenforceable, the other provisions of this Agreement will remain enforceable and the invalid or unenforceable provision will be deemed modified so that it is valid and enforceable to the maximum extent permitted by law.
20.6 No Assignment. Customer may not assign, subcontract, delegate, or otherwise transfer this Agreement, or any of its rights and obligations herein, without obtaining the prior written consent of Kili.
20.7 Change of Control. Customer shall notify Kili within 30 days prior to its or its Affiliates being acquired by, selling all of its assets to, merging with, or changing its Control in favor of a direct competitor of Kili, or changing its main object of activity into a business competing with Kili.
20.8 Independent Contractors. The relationship between the Parties under this Agreement is that of independent contractors. This Agreement does not create an association or joint-venture. Neither Party has authority to create or assume in the other’s name or on the other’s behalf any obligation, express or implied, or to act or purport to act as agent or representative on behalf of the other for any purpose whatsoever. Neither Party is the employer, employee, agent, partner or co-venturer of or with the other.
20.9 Compliance with Law. Customer will always comply with all international and domestic laws, ordinances, regulations, and statutes that are applicable to its purchase and use of the Services. In particular, in relation to the transactions under this Agreement, each Party confirms that it has not taken and will not take any action, directly or indirectly, in violation of applicable anti-corruption or anti-briery laws (collectively, “Anti-Corruption Laws”). In connection with this Agreement, Customer will not, directly, or indirectly, offer, promise, authorize, accept, or solicit any illegal or improper bribe, kickback, payment, gift, or thing of value. If Customer learns of any violation of Anti-Corruption Laws in connection with this Agreement, Customer will promptly notify Kili in writing and will cooperate with Kili’s review or investigation related to any actual or potential violation of applicable law
20.10 Entire Agreement. These Terms, together with any Order Form(s), AUP, and any documents referenced in the Terms or Order Form(s), if any, are incorporated herein, unless expressly provided otherwise herein, constitute the full and complete understanding of the Parties relating to the subject matter hereof and supersede all prior understandings and agreements relating to such subject matter.
20.11 Order of precedence. In the event of any inconsistencies between the Terms and any other agreement between Customer and Kili (including AUP, Order Form), the Terms shall prevail.
20.12 Translation. This Agreement is drafted in English. In the event this Agreement is translated into one or several other languages, all translations will not be binding on the Parties, and if there is a discrepancy between the English version and the translated text, the English version shall prevail.
20.13 Force Majeure. Except for payment obligations hereunder, either Party shall be excused from performance of non-monetary obligations under this Agreement for such period of time as such Party is prevented from performing such obligations, in whole or in part, due to causes beyond its reasonable control, including but not limited to, delays caused by the other Party, acts of God, war, pandemic, terrorism, criminal activity, civil disturbance, court order or other government action, third party performance or non-performance, strikes or work stoppages, provided that such Party gives prompt written notice to the other Party of such event.
Technical and organizational measures implemented by Kili
In the event Kili expressly accepts to process Personal Data on behalf of Customer in its capacity as processor within the meaning of the GDPR, Kili implements the technical and organizational measures listed below to ensure confidentiality, integrity and availability of Personal Data provided by Customer.
Such measures are not applicable when Customer uses Kili’s Software, Platform and Services through the On-Premise Enterprise mode. In such a case, it is the Customer's responsibility to implement appropriate technical and organizational measures to ensure security of its Personal Data.
Kili implements procedures designed to maintain operations security. Kili has received SOC2 and ISO 27001 certifications.
- Technical testing.
- Protection against malicious software with regularly updated antivirus software.
- Network protection and management with the setup of the WPA2 or WPA2-PSK protocols for Wifi networks; network flows limited to what is necessary; strict isolation of different environments.
- Technical vulnerability management.
- Logging and monitoring.
- Incident response (including a logging system for incidents as well as procedures for Personal Data breach notifications).
- Business continuity planning.
Kili implements access controls regarding Personal Data provided by Customer.
All Kili’s personnel have a unique user identifier for system access, and user credentials and passwords are not shared between multiple personnel and respecting the CNIL recommendation (at least 8 characters in length, and containing at least 3 of the following 4 types of characters: lower case letters (a-z); upper case letters (A-Z); numbers (i.e. 0-9); special characters (e.g. [email protected]#$%^&*). The number of attempts to access an account shall be limited. Access should be restricted to only what is necessary to perform job duties. All accounts use two-factor authentication.
An automatic session lock is set up on every computer and monitored.
An annual review of clearances is done, and all non-essential clearances are deleted.
Only authorized employees and third parties working off a signed contract or statement of work, with a business need, have granted access to the processor production networks. The access rights of all users are promptly removed upon termination of their employment or contract, or when rights are no longer needed due to a change in job function or role. The maximum allowable time period for access termination is 24 business hours.
Contract termination is monitored, a warning is sent the day of the offboarding, and alerts are sent as soon as the contract ends if some permissions remain.
Physical & Environmental Security
The physical and environmental security measures implemented by Kili meet the following requirements.
Secure areas are protected by appropriate entry controls to ensure that only authorized personnel are allowed access. Access events are logged and reviewed as needed according to risk. Cameras and intrusion detection systems are used at facilities that store or process production data.
Physical security for offices, rooms and facilities are designed and applied to protect from theft, misuse, environmental threats, unauthorized access, and other threats to the confidentiality, integrity, and availability of classified data and systems.
Physical protection against natural disasters, malicious attacks or accidents have been designed and applied.
Secure areas are monitored through the use of intrusion detection systems, alarms, and/or video surveillance systems where feasible. Visitor and third-party access to secure areas is restricted to reduce the risk of information loss and theft.
Production processing facilities are equipped with appropriate environmental and business continuity controls including fire-suppression systems, climate control and monitoring systems, and emergency backup power systems. Physical information system hardware and supporting infrastructure are regularly serviced and maintained in accordance with the manufacturer’s recommendations.
Visitors, delivery personnel, outside support technicians, and other external agents are not permitted into secure areas without escort and/or appropriate oversight. Third parties in secure areas sign in and out on a visitor log and are escorted or monitored by Kili’s personnel. Kili’s personnel observing unescorted visitors should approach the visitor, confirm their status, and ensure they return to approved areas, or report the observation to the responsible authority as needed. Visitor’s access to secure areas is confirmed with appropriate personnel prior to being granted access. Kili’s personnel granting access to visitors into secure areas are responsible for ensuring that visitors comply with all security requirements and are accountable for all actions taken by visitors to whom they grant access. Visitors may be allowed to work unescorted, provided that Kili’s personnel can ensure that visitors will not have unauthorized access to the Kili’s information systems, networks, or data.
Kili maintains human resource policies and processes which include criminal background checks for any employees or contractors who access Personal Data provided by Customer.
Background verification checks are carried out in accordance with relevant laws, regulations, and are proportional to the business requirements, the classification of the information to be accessed, and the perceived risks.
Kili has evaluated the risks inherent in processing and storing data and implemented cryptographic controls to mitigate those risks where deemed appropriate. Where encryption is in use, strong cryptography with associated key management processes and procedures have been implemented and documented. All encryptions are performed in accordance with industry standards, including NIST SP 800-57.
For all Personal Data, Kili always consider the state of the art, the costs of implementation and the nature, scope, context, and purposes of processing as well as the risk of varying likelihood and severity to the rights and freedoms of natural persons and implement appropriate technical and organizational measures surrounding the pseudonymization and encryption of data to ensure a level of security appropriate to the risk.
For all web traffic sent over the public Internet containing confidential information, the TLS v1.3 protocol is utilized.
Access to keys and secrets are tightly controlled in accordance with the access control policy.
The following table includes Kili’s practices regarding cryptographic keys:
|Domain||Key Type||Algorithm||Key Length||Max Expiration|
|Web Certificate||Digital Signature||DSA or RSA PCKS#1||2048 bit||Up to 2 years for normal certificates, up to 10 years for root certificates. 3 months certificates are used for the application.|
|Web Cipher||Encryption||AES||256 bit||N/A|
|Confidential||Encryption||AES||256 bit||1 Year|
|Password||Hash||Bcrypt, PBKDF2, or scrypt, ECDH||256 bit+10K Stretch||N/A|
|Laptop HDD||Encryption||AES||128 or 256 bit||N/A|
Data management policy
Kili classifies data and information systems in accordance with legal requirements, sensitivity, and business criticality in order to ensure that information is given the appropriate level of protection.
Customer is responsible for identifying any additional requirements for specific data or exceptions to standard handling requirements.
Information systems and applications are classified according to the highest classification of data that they store or process.
Information security policy
All users are required to report known or suspected security events or incidents, including policy violations and observed security weaknesses. Incidents should be reported immediately or as soon as possible by sending an email to the support.
All end-user, personal (BYOD) or company owned devices used to access Kili’s information systems must adhere to the following rules and requirements:
- Devices must be encrypted with a password-protected screensaver or screen lock after 5 minutes of non-use.
- Devices must be locked whenever left unattended.
- Users must report any suspected misuse or theft of a mobile device immediately to Kili Technology’s IT Department.
- Confidential information must not be stored on mobile devices or USB drives (this does not apply to business contact information, e.g., names, phone numbers, and email addresses).
- Any mobile device used to access company email must not be shared with any other person.
- Upon termination users agree to return all company owned devices and delete all company information and accounts from any personal devices.
Updated 11 days ago