Terms and Conditions
Last updated on 21 January 2025.

These terms and conditions ("Agreement") of Charter Itinerary AG, Florastrasse 40, 8008 Zurich, Switzerland ("Charter Itinerary", “Provider” "we", "us" or "our") set forth the general terms and conditions of your use of the charteritinerary.com website and/or platform ("Website") and any of its related products and platform operator services provided through the Website and/or other services provided by Charter Itinerary as described and selected on the Website (collectively, "Services"). The Services do not include the performance of the yacht charter agreement regarding the use of a yacht ("Charter") and/or concierge, experiences, hospitality and auxiliary services typical of a luxury yacht charter ("Luxury and Auxiliary Services") agreements which will be provided by the respective partners (and not by Charter Itinerary, acting as intermediary). This Agreement is legally binding between you being a central agency, retail brokerage agency, captain or any other entity or individual using the Website ("User", "you" or "your") and Charter Itinerary. By accessing and using the Website and/or Services, you acknowledge that you have read, understood, and agree to be bound by the terms of this Agreement. If you are entering into this Agreement on behalf of a business or other legal entity, you represent that you have the authority to bind such entity to this Agreement, in which case the terms "User", "you" or "your" shall refer to such entity. If you do not have such authority, or if you do not agree with the terms of this Agreement, you must not accept this Agreement and may not access and use the Website and/or Services. You acknowledge that this Agreement is a legally valid and binding contract between you and Charter Itinerary, even though it is electronic and is not physically signed by you, and it governs your use of the Website and/or Services.

I. WEBSITE AND SERVICES

Subject to the terms of this Agreement and particularly the payment in full of the fees or charges (as per section III) by you, Charter Itinerary grants to you a non-exclusive worldwide license to use the Services (depending on your subscription plan and as described on the Website) by way of an online access to the Website during the term (section IV) of and subject to the conditions of this Agreement.

You shall not assign, transfer or sub-license all or part of this Agreement and/or any rights and obligations originating from this Agreement without the prior written consent of Charter Itinerary.

The Services provided through the Website by Charter Itinerary to User consist of providing a tool for yacht charter professionals.

The details of the features and functionalities of the Website and the Services are described on the Website. The features and functionalities available to you depend on your selection of the subscription plan according to the Website. The Services may include further product or services as described on the Website, including, but not limited to, application programming interfaces (API).

Charter Itinerary is not and shall not become a party to any Charters and/or Luxury and Auxiliary Services agreements and shall not enter into any legal or contractual relationship with any yacht owners and/or charterers or become a party to any other agreement concerning a Charter and/or the provision of Luxury and Auxiliary Services.

II. CONTENT

1. User Content

We do not own any data, information or material (collectively, "Content") that you submit to us on the Website or otherwise in the course of using the Services (“User Content”), other than that defined under clause 2 “Shared User Content” of this section II. You shall have sole responsibility for the accuracy, quality, integrity, legality, reliability, appropriateness, and intellectual property ownership or right to use of all User Content, other than Content provided by us under clause 3, section II “Provided Content”. We may, but have no obligation to, monitor and review the Content on the Website submitted or created using our Services by you. You grant us permission to access, copy, distribute, store, transmit, reformat, display and perform the User Content of your user account solely as required for the purpose of providing the Services to you only and shall not be made available to other Users. Without limiting any of your representations or warranties, we have the right, though not the obligation, to, in our own sole discretion, refuse or remove any User Content that, in our reasonable opinion, violates any of our policies or is in any way harmful or objectionable.

2. Shared User Content

For the purposes of providing the Services to you, you grant Charter Itinerary a non-exclusive, worldwide, royalty-free, sub-licensable and transferable license, for the term of the protection of the rights so licensed, to access, store, copy, modify, prepare derivative works of, distribute, publish, transmit, use, and otherwise exploit in any manner yacht related User Content like yacht listing information. This information will be used externally and be accessed by, as the case may be, yacht owners, charterers, retail agencies, central agencies and the like, using the Website or the Services (“External User Content”).

For the purposes of further developing the database of the Website, the Website as such and improving our Services for you and/or other users/customers, you grant Charter Itinerary a non- exclusive, worldwide, royalty-free, sub-licensable and transferable license, for the term of the protection of the rights so licensed, to access, store, copy, modify, prepare derivative works of and use and otherwise exploit in any manner User Content that is not External User Content and that is for example relating to destination descriptions, custom locations and crew profiles. Unless explicitly authorized by you otherwise, this information will be used internally and exclusively for the purposes of the improving the Website and the Services and never for commercial or marketing purposes.

If User Content includes personal data, such User Content will only be used

in compliance with applicable data protection laws; and
in case of personal data of you or your employees, contractors, corporate bodies, or representatives: in compliance with our Privacy Policy; and
in case of personal data of your clients such as yacht owners and/or charterers: in compliance with our Data Processing Agreement (DPA).

3. Provided Content

The Website or the Services provide Content (“Provided Content”) to you or other users e.g. in the form of location and destination images and descriptions as well as Luxury and Auxiliary Services offerings and although part of this Provided Content has been curated by us or our partners, we do not assume any responsibility, warranty and/or liability for its accuracy, integrity, validity and/or reliability (see also section V below).

User may use Provided Content (only) within the purpose of this Agreement and shall immediately cease to use Provided Content once this Agreement is terminated.

III. BILLING AND PAYMENTS

1. General Provisions

All prices/fees/commissions are net amounts, exclusive of value added tax (VAT) and other applicable taxes and levies, if any.

2. Payment for Services

You shall pay all fees or charges to your account in accordance with the fees, charges, and billing terms in effect at the time (depending on your subscription plan and as described on the Website) by the payment means described and selected on the Website. Where Services are offered on a free trial basis, payment may be required after the free trial period ends, and not when you enter your billing details (which may be required prior to the commencement of the free trial period). If auto-renewal is enabled for the Services you have subscribed for, you will be charged automatically in accordance with the term you selected (annually or monthly, as the case may be). It remains your sole responsibility to ensure that you have chosen the payment plan that best suits your needs. Although we will always endeavour to find a solution, we cannot be held accountable, nor be required to refund you, should you wish to cancel or change a plan before its expiry within the notice period according to section IV. In such a case, the entire amount for the respective subscription term (until the expiry or renewal date) is due and payable. If, in our judgment, your purchase constitutes a high-risk transaction, we will require you to provide us with a copy of your valid government-issued photo identification, and possibly a copy of a recent bank statement for the credit or debit card used for the purchase. Moreover, we may be required to obtain, verify and record information regarding the User, its directors, partners or authorized signing officers of the User and the transactions contemplated by this Agreement. The User undertakes to promptly provide to us such information.

We reserve the right to change products and/or pricing at any time. Should our pricing be changed, you will be notified and it will only come into effect on your next renewal period. In case due fees and charges are not settled immediately, we may suspend or block your account, and/or limit or cease our Services in part or in full, without further notice.

3. Commission on Luxury & Auxiliary Services

Charter Itinerary may, for acting as intermediary, earn a commission ("Commission") from the partners on the payments made to the partners for Luxury and Auxiliary Services that have been concluded through the Website. For the avoidance of doubt, the Commission applies only to Luxury and Auxiliary Services, and not to Charters, for which Charter Itinerary does not act as intermediary, nor earn any fees of any kind.

Charter Itinerary may share the Commission received by Charter Itinerary from the respective partner with the Owner of the account having booked the respective Luxury and Auxiliary Services through the Website, as shall be agreed between the Parties in writing.

IV. TERM AND TERMINATION

This Agreement shall be concluded for the subscription term as described on the Website and shall continuously automatically renew thereafter for another subscription term of the same duration unless terminated by the User by disabling the “auto-renewal” option (which is set as default) prior to the end of any subscription term.

Charter Itinerary may terminate this Agreement immediately and without prior notice as provided by section XIII. Further, Charter Itinerary may disable, suspend or block User’s access to the Website as provided by sections III, IX and X.

Upon termination or expiration of this Agreement: (i) the license (section I) shall immediately terminate; (ii) you shall no longer have access to the Website and the Services; and (iii) you shall have no right to use the Provided Content (section II.3) and shall confirm to Charter Itinerary in writing its deletion or return to Charter Itinerary upon request. Charter Itinerary shall have no obligation to store or release/transfer to you any data (in particular External User Content) after the termination of this Agreement.

Any payment obligation of Licensee accrued prior to the termination or expiration of this Agreement shall survive the termination of this Agreement.

V. ACCURACY OF CONTENT

Occasionally there may be Content (Provided Content and/or External User Content) on the Website that contains (typographical) errors, inaccuracies or omissions that may relate to destination descriptions, yacht information, images, pricing, availability, promotions and as Luxury and Auxiliary Services offers. We reserve the right to correct any errors, inaccuracies or omissions, and to change or update information and/or cancel orders if any Content on the Website or Services is inaccurate at any time without prior notice (including after you have submitted your order). We undertake no obligation to update, amend or clarify Content on the Website including, without limitation, pricing information, except as required by law. No specified update or refresh date applied on the Website should be taken to indicate that all Content on the Website or Services has been modified or updated.

Although part of the Content (Provided Content and/or External User Content) has been curated by us, we do not assume any responsibility, warranty and/or liability for its accuracy, integrity, validity and/or reliability, and the User retains sole responsibility for the accuracy of content provided by them

VI. THIRD PARTIES

We may engage third parties regarding the provision of the Services.

VII. BACKUPS

Full system backups of the Website, all content and databases are performed every 24 hours. Whilst best practices are used to ensure complete and accurate backups, you are responsible for maintaining your own backups of your data. We do not provide any sort of compensation for lost or incomplete data in the event that backups do not function properly.

VIII. LINKS TO OTHER RESOURCES AND USER PROVIDED CONTENT

Although the Website and Services may link to other resources (such as websites, mobile applications, etc.), we are not, directly or indirectly, implying any approval, association, sponsorship, endorsement, or affiliation with any linked resource, unless specifically stated herein. We are not responsible for examining or evaluating, and we do not warrant the offerings of, any businesses or individuals or the content of their resources. We do not assume any responsibility or liability for the actions, products, services, and content of any other third parties. You should carefully review the legal statements and other conditions of use of any resource which you access through a link on the Website and Services. Your linking to any other off-site resources is at your own risk.

You acknowledge that you understand that the Website may curate or the Services may process information from other websites or sources. You represent and warrant that you have all rights and/or licences necessary to use any material or content which you upload to the Website or use the Website or Services to upload, access or curate and that you at all times comply with applicable laws and regulations and the terms and conditions and policies of such other websites, accounts or services. You shall be wholly and exclusively responsible for the inclusion of any third party content uploaded, generated or processed by the Website or the Services as a result of your use of it, including without limitation any proposal generated as a result of your use of the Website. You agree to indemnify and hold us harmless from any third party claim, loss or liability that we may suffer as a result of your use of the Website and Services as described in this subsection.

IX. ACCOUNTS AND MEMBERSHIP

If you create an account on the Website, you are responsible for maintaining the security of your account and you are fully responsible for all activities that occur under the account and any other actions taken in connection with it. Registration is only permitted for legal entities, partnerships and individuals who are 18 years or older. You may not register more than one account or transfer your account to someone else. You must immediately notify us of any unauthorized uses of your account or any other breaches of security and whilst we will not be liable for any such breaches, acts or omissions by you, including any damages of any kind incurred as a result of such breaches, acts or omissions, we will always endeavour to be of assistance to you. We may suspend, disable, or delete your account (or any part thereof) if we determine that you have violated any provision of this Agreement or that your conduct or content would tend to damage our reputation and/or goodwill.

X. ADMISSION CRITERIA

For yachts:

Yachts with an active listing on another platform recognized by us (please contact us to receive a current list of recognized platforms) will be automatically admitted on the Website.

For Yachts which are not listed on a recognized platform, the following must be satisfied:

You must provide evidence that you have the right to represent the yacht for charter.
All yachts listed must be commercially registered and in compliance with LY2 or SCV, or the equivalent legislation in non-Red Ensign jurisdictions regulating the commercial use of yachts and other commercial vessels for use for sport or pleasure. Evidence thereof must be provided by means of a Certificate of Registry (CoR) issued by a reputable Flag State, clearly noting the status of the yacht as commercial; and/or a Certificate of Compliance (or equivalent), issued by a recognized and authorized authority.
A valid P&I insurance policy where the name of the applying yacht is clearly visible must be provided.
A reference from an external company that is an active member of either AYCA, CYBA, IYBA or MYBA that the yacht is of an excellent charter standard must be provided.
Yachts are to be fully and permanently crewed by professional yacht crew, as well as maintained and equipped to the highest standards for chartering. We reserve the right to request references from a surveyor and/or reputable broker who are active members of either AYCA, CYBA, IYBA or MYBA.
Yachts may only be represented on Website by one central agency or retail brokerage agency at a time.

Should we receive three written complaints from three different sources against a yacht over a 12-month period, we will take action to review the yacht, during which time the yacht may be temporarily delisted.

Yachts not made available for charter for periods of more than 12 months, without Charter Itinerary having been notified, will be deemed inactive and will be removed from the Website.

For users:

If the User is an active member of two or more of the following associations: AYCA, CYBA, IYBA or MYBA, admission is automatically approved.

Should the User not be a member of two of the aforementioned associations, they must be able to demonstrate the following:

Each applicant User shall provide a minimum of three independent references from reputable central agencies or retail brokerage agencies who are active members of either AYCA, CYBA, IYBA or MYBA.
Each applicant User shall provide a minimum of two concluded charter contracts (AYCA, CYBA MYBA, E-contracts) performed over the last 12 months, in which the applicant User is acting as either the central agency or the retail brokerage agency (stakeholder).
Evidence of a dedicated client bank account in which to hold client and stakeholder funds must be provided.
The applicant User’s primary business shall be that of charter brokerage and/or charter
The applicant User’s primary business shall be that of charter brokerage and/or charter management, yacht management and/or sale of luxury crewed yachts, as evidenced by appropriate corporate documentation relevant to the country of registration (eg. an extract from the commercial register).
The applicant User must have a professional indemnity insurance policy covering the activities of luxury yacht charter brokerage and charter management in the name of the applicant User.

Should we receive three written complaints from three different sources against an approved User over a 12-month period, we will take action to review the approved User, during which time the User’s access to the Website may be temporarily suspended.

XI. PROHIBITED USE

In addition to other terms as set forth in the Agreement, you are prohibited from using the Website and Services or Content: (a) for any unlawful purpose; (b) to solicit others to perform or participate in any unlawful acts; (c) to violate any international, federal, provincial or state regulations, rules, laws, or local ordinances; (d) to infringe upon or violate our intellectual property rights or the intellectual property rights of others; (e) to harass, abuse, insult, harm, defame, slander, disparage, intimidate, or discriminate based on gender, sexual orientation, religion, ethnicity, race, age, national origin, or disability; (f) to submit false or misleading information; (g) to upload or transmit viruses or any other type of malicious code that will or may be used in any way that will affect the functionality or operation of the Website and Services, third party products and services, or the Internet; (h) to spam, phish, pharm, pretext, spider, crawl, or scrape; (i) for any obscene or immoral purpose; (j) to hack, avoid, remove, impair, or otherwise attempt to circumvent any security or technological measure used to protect the Website or Content; (k) to decipher, decompile, disassemble or reverse engineer any of the software or hardware used to provide the Website and/or Services or (l) to interfere with or circumvent the security features of the Website and Services, third party products and services, or the Internet.

Further to the above, you (1) may not share login credentials with any other persons outside of your organisation; (2) may not, without prior written consent download whole or parts of the features for future use outside of the Website; (3) may not download and/or store any of the Content provided on the Website; (4) may not use the Website and/or the Services to on behalf of other persons or companies other than in the normal course of business, against remuneration for this service; (5) may not access the object code or source code of the Services, either during or after the Term; (6) may not, without prior written consent, allow for public use of the features via your website or other channels (social media, email campaigns and the like).

You warrant that any of your use of the Website and/or the Services are at any time in compliance with applicable laws.

XII. COMMUNICATION WITH LUXURY EXPERIENCES & AUXILIARY SERVICESPPARTNERS

You undertake to communicate with Luxury and Auxiliary Services partners (and/or its subcontractors) only via the Website, whether it be with respect to the offers, conclusion of the contracts, the provision of services or any other related matters. Only in exceptional circumstances and where absolutely necessary for the provision of the Luxury and Auxiliary Services, you shall be permitted to contact and/or communicate with the partners (and/or its subcontractors) outside of the Website (e.g. by mobile phone) and Charter Itinerary shall at all times be informed of such instances without undue delay.

Should any Luxury and Auxiliary Services partner (and/or any of its subcontractors) contact you outside the Website and/or directly, i.e. not as described above, you shall reject such communication and instruct said partner to communicate as provided above.

XIII. BREACH OF THIS AGREEMENT

While reserving the right to claim further damages, we shall have the right to terminate with immediate effect the Agreement and your use of the Website and Services (without notice, without any obligation to refund) for violating any of the prohibited uses listed above, and/or any other use and/or action which we deem, in our absolute discretion, to be in breach of this Agreement or applicable law. In such case, we may, in our sole discretion, block, limit, cease or delete your account.

XIV. INTELLECTUAL PROPERTY RIGHTS

"Intellectual Property Rights" means all present and future rights conferred by statute, common law or equity in or in relation to any copyright and related rights, trademarks, designs, patents, inventions, goodwill and the right to sue for passing off, rights to inventions, rights to use, and all other intellectual property rights, in each case whether registered or unregistered and including all applications and rights to apply for and be granted, rights to claim priority from, such rights and all similar or equivalent rights or forms of protection and any other results of intellectual activity which subsist or will subsist now or in the future in any part of the world.

This Agreement does not transfer to you any Intellectual Property Rights owned by Charter Itinerary or third parties (including Charter Itinerary’s partners), and all rights, titles, and interests in and to such property will remain solely with Charter Itinerary or the respective third party. This includes any and all rights, in particular, Intellectual Property Rights, in and to Provided Content such as the location and destination images and descriptions as well Luxury and Auxiliary Services offers the User may get access to through the Services. All trademarks, service marks, graphics and logos used in connection with the Website and Services, are trademarks or registered trademarks of Charter Itinerary or its licensors. Other trademarks, service marks, graphics and logos used in connection with the Website and Services may be the trademarks of other third parties (including Charter Itinerary’s partners). Your use of the Website and Services grants you no right or license to reproduce or otherwise use any of Charter Itinerary or third- party Intellectual Property Rights, such as trademarks, copyrights, code or design features other than as explicitly stated in this Agreement (see section II.3 above)

XV. YOUR SUGGESTIONS

Any feedback, comments, ideas, improvements or suggestions (collectively, "Suggestions") provided by you to Charter Itinerary with respect to the Website and/or the Services shall remain or become, respectively the sole and exclusive property of Charter Itinerary.

Charter Itinerary shall be free to use, copy, modify, publish, or redistribute the Suggestions for any purpose and in any way without any credit or any compensation to you.

XVI. LIMITED WARRANTY

Charter Itinerary warrants: (a) that it has the legal right and authority to enter into and perform its obligations under the Agreement; (b) that, to its knowledge, the Services will not infringe third-party Intellectual Property Rights (c) that it will perform the Services under the Agreement diligently, with reasonable care and skill; (d) the Services (incl. availability) are provided on a commercially reasonable-effort basis (e) the Website is and will remain free from viruses and other malicious software programs.

You acknowledge and agree that: (a) software is never wholly free from defects, errors and bugs, and Charter Itinerary gives no warranty that the Website and/or the Services will be wholly free from such defects, errors and bugs; (b) Charter Itinerary does not warrant that the Website and/or the Services will be compatible with any application, program or software not specifically identified as compatible; (c) the Website, its Content as well as any Services are provided on an "as is" and "as available" basis; (d) that the Services are provided to you as the User of the Services and we are not in any way to be held liable to any third-party (incl. your customers).

All of Charter Itinerary’s representations and/or warranties in respect of this Agreement are expressly set out in this section XVI of the Agreement. To the maximum extent permitted by applicable law, any further representations and/or warranties shall expressly be excluded and no other representations and/or warranties concerning the subject matter of the Agreement will be implied into the Agreement.

Charter Itinerary does not assume any responsibility, warranty and/or liability for the accuracy, integrity, validity and/or reliability of the Content (including, but not limited to, Provided Content and External User Content).

Any calculations or other information provided by Charter Itinerary or the Website in relation to contract payments, the tax applicable to Charters or Luxury and Auxiliary Services, including but not limited to VAT, is for guidance only. Charter Itinerary shall not be liable in any way for any such calculation or information and Users must not act in reliance on the same.

Charter Itinerary may from time to time provide suggested routes and itineraries for Charters on the Website. Charter Itinerary shall have no liability in relation to such routes or itineraries whatsoever and however arising.

Charter Itinerary is a mere platform operator and is not and shall not become a party to any Charters or Luxury and Auxiliary Services agreements and shall not enter into any corresponding legal or contractual relationship with any yacht owners and/or charterers. Therefore, Charter Itinerary does not warrant or represent that any yacht listing, destination, or Luxury and Auxiliary Services offers information (that may be provided by third parties) is correct and up to date. You and your clients enter into any and all Charters or Luxury and Auxiliary Services agreements at your/their own risk. Charter Itinerary shall not be liable for or in respect of any disputes or disagreements between any yacht owners, charterers, retail agencies, central agencies and/or Luxury and Auxiliary Services partners even if they arise out of or are in any way related to the Service or the Website.

XVII. REFERENCES

Upon the User’s prior consent, Charter Itinerary shall be entitled to refer to the User on the Website, as well as during events or within other marketing activities, as a reference for advertising purposes and use User’s trademarks, logos and the company name (where appropriate, in abbreviated form) for this purpose.

XVIII. LIMITATION OF LIABILITY

To the fullest extent permitted by applicable law (see below), in no event will Charter Itinerary, its affiliates, directors, officers, employees, agents, suppliers or licensors be liable to any person for any indirect, incidental, special, punitive, cover or consequential damages (including, without limitation, damages for lost profits, revenue, sales, goodwill, use of content, impact on business, business interruption, loss of anticipated savings, loss of business opportunity) however caused, under any theory of liability, including, without limitation, contract, tort, warranty, breach of statutory duty, negligence or otherwise, even if the liable party has been advised as to the possibility of such damages or could have foreseen such damages. Besides, the aggregate liability of Charter Itinerary and its affiliates, officers, employees, agents, suppliers and licensors relating to the Website and/or the Services shall be limited to the amounts actually paid by you to Charter Itinerary for the one-month period prior to the first event or occurrence giving rise to such liability. The limitations and exclusions also apply if this remedy does not fully compensate you for any losses or fails of its essential purpose.

Please note that the above limitation of liability shall not apply if and to the extent mandatory applicable law does not allow for such exclusions or limitations. For example, according to applicable law, Charter Itinerary cannot and therefore does not exclude or limit its liability for willful misconduct or gross negligence or for personal injury.

For further limitations of liability please refer to section XVI (Limited Warranty).

XIX. INDEMNIFICATION

You agree to indemnify and hold Charter Itinerary and its affiliates, directors, officers, employees, agents, suppliers and licensors harmless from and against any liabilities, losses, damages or costs, including reasonable attorneys' fees, incurred in connection with or arising from any damages arising from or associated with (i) your breach of this Agreement, in particular, any third party allegations, claims, actions, disputes, or demands asserted against any of them as a result of or relating to your Content, your use of the Website and/or Services and/or (ii) any gross negligence or willful misconduct on your part and/or (iii) your breach (or alleged breach) of any term of the contracts regarding the Charters or the provision of the Luxury and Auxiliary Services and/or (iv) a violation by you of any applicable law or regulation (including, in particular, applicable data protection provisions).

XX. SEVERABILITY

All rights and restrictions contained in this Agreement may be exercised and shall be applicable and binding only to the extent that they do not violate any applicable laws and are intended to be limited to the extent necessary so that they will not render this Agreement illegal, invalid or unenforceable. If any provision or portion of any provision of this Agreement shall be held to be illegal, invalid or unenforceable by a court of competent jurisdiction, it is the intention of the parties that the remaining provisions or portions thereof shall constitute their agreement with respect to the subject matter hereof, and all such remaining provisions or portions thereof shall remain in full force and effect.

XXI. APPLICABLE LAW AND JURISDICTION

This Agreement shall be governed by and construed and interpreted in accordance with the substantive laws of Switzerland, excluding the Swiss conflict of law rules. The United Nations Convention for the International Sales of Goods ("Vienna Sales Convention") is excluded. Any dispute under this Agreement shall be submitted to the exclusive jurisdiction of the Courts of Zurich, Switzerland, venue being Zurich 1.

XXII. ASSIGNMENT

You may not assign, resell, sub-license or otherwise transfer or delegate any of your rights or obligations hereunder, in whole or in part, without our prior written consent, which consent shall be at our own sole discretion and without obligation; any such assignment or transfer shall be null and void. We are free to assign any of our rights or obligations hereunder, in whole or in part, to any third party as part of the sale of all or substantially all of its assets or stock or as part of a merger.

XXIII. CHANGES AND AMENDMENTS

We reserve the right to modify the terms relating to the Website and Services at any time, after posting of an updated version of these terms on the Website and effective upon the start of your next renewal period. When we do, we will post a notification on the main page of the Website. Continued use of the Website and Services after any such changes shall constitute your consent to such changes.

XXIV. WRITTEN FORM

Where this Agreement refers to ‘written’ or ‘in writing’ or equivalent, such form shall include, besides wet ink signatures and qualified (officially recognized) electronic signatures, email correspondence and simple electronic signatures (such as DocuSign, Adobe Sign or Skribble) as well.

XXV. ACCEPTANCE OF THESE TERMS

You acknowledge that you have read this Agreement and agree to all its terms and conditions. By accessing and using the Website and/or Services you agree to be bound by this Agreement.

XXVI. CONTACTING US

If you would like to contact us to understand more about this Agreement or wish to contact us concerning any matter relating to it, you may send an email to hello@charteritinerary.com.

Privacy Policy of Charter Itinerary AG
Version effective as of 16 June 2023

With this Privacy Policy we, Charter Itinerary AG, Florastrasse 40, 8008 Zurich, Switzerland (hereinafter Charter Itinerary, we or us), describe how we collect and further process personal data.

The term "personal data" in this Privacy Policy shall mean any information that identifies, or could reasonably be used to identify any person.

If you provide us with personal data of other persons (such as family members, work colleagues), please make sure the respective persons are aware of this Privacy Policy and only provide us with their data if you are allowed to do so and such personal data is correct.

This Privacy Notice is aligned with the EU General Data Protection Regulation («GDPR») and the Swiss Data Protection Act («DPA»). However, the application of these laws depends on each individual case.

1. Controller / Data Protection Officer / Representative

The "controller" of data processing as described in this Privacy Policy (i.e. the responsible person) is Charter Itinerary AG, Florastrasse 40, 8008 Zürich, Switzerland. You can notify us of any data protection related matters using the following contact details: Florastrasse 40, 8008 Zürich, Switzerland or [hello@charteritinerary.com].

2. Collection and Processing of Personal Data

We primarily process the following personal data that we obtain from our clients and other business partners as well as other individuals in the context of our business relationships with them or that we collect from users when operating our websites, apps and other applications:

First name, last name, job titles, company, email addresses;
IP addresses.

Insofar as it is permitted to us, we obtain certain personal data from publicly accessible sources (e.g., debt registers, land registries, commercial registers, press, internet) or we may receive such information from affiliated companies of Charter Itinerary, from authorities or other third parties. Apart from data you provided to us directly, the categories of data we receive about you from third parties include, but are not limited to, information from public registers, data received in connection with administrative or court proceedings, information in connection with your professional role and activities (e.g., in order to conclude and carry out contracts with your employer), information about you in correspondence and discussions with third parties, credit rating information (if we conduct business activities with you personally), information about you given to us by individuals associated with you (family, consultants, legal representatives, etc.) in order to conclude or process contracts with you or with your involvement (e.g. references, your delivery-address, powers of attorney), information regarding legal regulations such as anti-money laundering and export restrictions, bank details, information regarding insurances, our distributors and other business partners for the purpose of ordering or delivering services to you or by you (e.g., payments made, previous purchases), information about you found in the media or internet (insofar as indicated in the specific case, e.g. in connection with job applications, media reviews, marketing/sales, etc.), your address and any interests and other socio-demographic data (for marketing purposes), data in connection with your use of our websites (e.g., IP address, MAC address of your smartphone or computers, information regarding your device and settings, cookies, date and time of your visit, sites and content retrieved, applications used, referring website, localization data).

3. Purpose of Data Processing and Legal Grounds

We primarily use collected data in order to conclude and process contracts with our clients/licensees and business partners, in particular in connection with providing a software tool for yacht charter and luxury travel professionals and related software, products or services , as well as in order to comply with our domestic and foreign legal obligations. You may be affected by our data processing in your capacity as an employee of such a client/licensee or business partner.

In addition, in line with applicable law and where appropriate, we may process your personal data and personal data of third parties for the following purposes, which are in our (or, as the case may be, any third parties') legitimate interest, such as:

providing and developing our products, services and websites, software (including applications) and other platforms;
communication with third parties and processing of their requests (e.g., job applications, media inquiries);
review and optimization of procedures regarding needs assessment for the purpose of direct customer approach as well as obtaining personal data from publicly accessible sources for customer acquisition;
advertisement and marketing (including organizing events), provided that you have not objected to the use of your data for this purpose (if you are part of our customer base and you receive our advertisement, you may object at any time and we will place you on a blacklist against further advertising mailings);
market and opinion research, media surveillance;
asserting legal claims and defense in legal disputes and official proceedings;
prevention and investigation of criminal offences and other misconduct (e.g. conducting internal investigations, data analysis to combat fraud);
ensuring our operation, including our IT, our websites, software (including applications) and other appliances;
video surveillance to protect our domiciliary rights and other measures to ensure the safety of our premises and facilities as well as protection of our employees and other individuals and assets owner by or entrusted to us (such as e.g. access controls, visitor logs, network and mail scanners, telephone recordings);
acquisition and sale of business divisions, companies or parts of companies and other corporate transactions and the transfer of personal data related thereto as well as measures for business management and compliance with legal and regulatory obligations as well as internal regulations of Charter Itinerary.

If you have given us your consent to process your personal data for certain purposes (for example when registering to receive newsletters or carrying out a background check), we will process your personal data within the scope of and based on this consent, unless we have another legal basis, provided that we require one. Consent given can be withdrawn at any time, but this does not affect data processed prior to withdrawal.

4. Cookies / Tracking and Other Techniques Regarding the Use of our Website

We typically use "cookies" and similar techniques on our websites or software (including applications), which allow for an identification of your browser or device. A cookie is a small text file that is sent to your computer and automatically saved by the web browser on your computer or mobile device, when you visit our website or install our software (including applications). If you revisit our website or use our software (including applications), we may recognize you, even if we do not know your identity. Besides cookies that are only used during a session and deleted after your visit of the website ("session cookies"), we may use cookies in order to save user configurations and other information for a certain time period (e.g., two years) ("permanent cookies"). Notwithstanding the foregoing, you may configure your browser settings in a way that it rejects cookies, only saves tem for one session or deletes them prematurely. Most browsers are preset to accept cookies. We use permanent cookies for the purpose of saving user configuration (e.g., language, automated log in), in order to understand how you use our services and content, and to enable to show you customized offers and advertisement (which may also happen on websites of other companies; should your identity be known to us, such companies will not learn your identity from us; they will only know that the same user is visiting their website has previously visited a certain website). Certain cookies are sent to you from us, others from business partners with which we collaborate. If you block cookies, it is possible that certain functions (such as, e.g., language settings, shopping basket, ordering processes) are no longer available to you.

In accordance with applicable law, we may include visible and invisible image files in our newsletters and other marketing e-mails. If such image files are retrieved from our servers, we can determine whether and when you have opened the e-mail, so that we can measure and better understand how you use our offers and customize them. You may disable this in your e-mail program, which will usually be a default setting.

By using our websites, software (including applications) and consenting to the receipt of newsletters and other marketing e-mails you agree to our use of such techniques. If you object, you must configure your browser or e-mail program accordingly or uninstall the software (including applications), should the respective setting not be available.

We may use Google Analytics or similar services on our website. These are services provided by third parties, which may be located in any country worldwide (in the case of Google Analytics Google Ireland Ltd. (located in Ireland), Google Ireland relies on Google LLC (located in the United States) as its sub-processor (both «Google»), www.google.com) and which allow us to measure and evaluate the use of our website (on an anonymized basis). For this purpose, permanent cookies are used, which are set by the service provider. We have configured the service so that the IP addresses of visitors are truncated by Google in Europe before forwarding them to the United States and then cannot be traced back. We have turned off the «Data sharing» option and the «Signals» option. Although we can assume that the information we share with Google is not personal data for Google, it may be possible that Google may be able to draw conclusions about the identity of visitors based on the data collected, create personal profiles and link this data with the Google accounts of these individuals for its own purposes. If you have registered with the service provider, the service provider will also know your identity. In this case, the processing of your personal data by the service provider will be conducted in accordance with its data protection regulations. The service provider only provides us with data on the use of the respective website (but not any personal information of you).

In addition, we may use plug-ins from social networks such as Facebook, Twitter, Youtube, Pinterest or Instagram on our websites. This is visible for you (typically based on the respective symbols). We have configured these elements to be disabled by default. If you activate them (by clicking on them), the operators of the respective social networks may record that you are on our website and where on our website you are exactly and may use this information for their own purposes. This processing of your personal data lays in the responsibility of the respective operator and occurs according to its data protection regulations. We do not receive any information about you from the respective operator.

5. Datatransfer and Transfer of Data Abroad

In the context of our business activities and in line with the purposes of the data processing set out in Section 3, we may transfer data to third parties, insofar as such a transfer is permitted and we deem it appropriate, in order for them to process data for us or, as the case may be, their own purposes. In particular, the following categories of recipients may be concerned:

our service providers, including processors (such as e.g. IT providers);
dealers, suppliers, subcontractors and other business partners;
clients or licensees;
domestic and foreign authorities or courts;
acquirers or parties interested in the acquisition of Charter Itinerary or business divisions or other parts of Charter Itinerary;
other parties in possible or pending legal proceedings;
affiliates of Charter Itinerary;

together Recipients

Certain Recipients may be within Switzerland but they may be located in any country worldwide. In particular, you must anticipate your data to be transmitted to other countries in the EEA and the USA where our service providers are located (such as cloud computing/storage providers).

If a recipient is located in a country without adequate statutory data protection, we require the recipient to undertake to comply with data protection (for this purpose, we use the revised European Commission’s standard contractual clauses, which can be accessed here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj), unless the recipient is subject to a legally accepted set of rules to ensure data protection and unless we cannot rely on an exception. An exception may apply for example in case of legal proceedings abroad, but also in cases of overriding public interest or if the performance of a contract requires disclosure, if you have consented or if data has been made available generally by you and you have not objected against the processing.

6. Retention Periods for your Personal Data

We process and retain your personal data as long as required for the performance of our contractual obligation and compliance with legal obligations or other purposes pursued with the processing, i.e. for the duration of the entire business relationship (from the initiation, during the performance of the contract until it is terminated) as well as beyond this duration in accordance 6with legal retention and documentation obligations. Personal data may be retained for the period during which claims can be asserted against our company or insofar as we are otherwise legally obliged to do so or if legitimate business interests require further retention (e.g., for evidence and documentation purposes). As soon as your personal data are no longer required for the above-mentioned purposes, they will be deleted or anonymized, to the extent possible. In general, shorter retention periods of no more than twelve months apply for operational data (e.g., system logs).

7. Data Security

We have taken appropriate technical and organizational security measures to protect your personal data from unauthorized access and misuse such as IT and network security solutions, access controls and restrictions, encryption of data carriers and transmissions, pseudonymisation, inspections.

8. Obligation to Provide Personal Data To Us

In the context of our business relationship you must provide us with any personal data that is necessary for the conclusion and performance of a business relationship and the performance of our contractual obligations (as a rule, there is no statutory requirement to provide us with data). Without this information, we will usually not be able to enter into or carry out a contract with you (or the entity or person you represent). In addition, the website cannot be used unless certain information is disclosed to enable data traffic (e.g. IP address).

9. Profiling and Automated Individual Decision-Making

We may partially process your personal data automatically with the aim of evaluating certain personal aspects (profiling). In particular, profiling allows us to inform and advise you about products possibly relevant for you more accurately. For this purpose, we may use evaluation tools that enable us to communicate with you and advertise you as required, including market and opinion research.

In establishing and carrying out a business relationship, we generally do not use any fully automated individual decision-making (such as pursuant to article 22 GDPR). Should we use such procedures in certain cases, we will inform you separately on this and advise you of your relevant rights if required by law.

10. Your Rights

In accordance with and as far as provided by applicable law (as is the case where the GDPR is applicable), you have the right to access, rectification and erasure of your personal data, the right to restriction of processing or to object to our data processing, in particular for direct marketing purposes, for profiling carried out for direct marketing purposes and for other legitimate interests in processing in addition to right to receive certain personal data for transfer to another controller (data portability). Please note, however, that we reserve the right to enforce statutory restrictions on our part, for example if we are obliged to retain or process certain data, have an overriding interest (insofar as we may invoke such interests) or need the data for asserting claims. If exercising certain rights will incur costs on you, we will notify you thereof in advance. We have already informed you of the possibility to withdraw consent in Section 3 above. Please further note that the exercise of these rights may be in conflict with your contractual obligations and this may result in consequences such as premature contract termination or involve costs. If this is the case, we will inform you in advance unless it has already been contractually agreed upon.

In general, exercising these rights requires that you are able to prove your identity (e.g., by a copy of identification documents where your identity is not evident otherwise or can be verified in another way). In order to assert these rights, please contact us at the addresses provided in Section 1 above.

In addition, every data subject has the right to enforce his/her rights in court or to lodge a complaint with the competent data protection authority. The competent data protection authority of Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).

11. Amendments of this Privacy Policy

We may amend this Privacy Policy at any time without prior notice. The current version published on our website shall apply. If the Privacy Policy is part of an agreement with you, we will notify you by e-mail or other appropriate means in case of an amendment.

Cookie policy
Last updated on March 20, 2021

This cookie policy ("Policy") describes what cookies are and how and they're being used by the charteritinerary.com website ("Website" or "Service") and any of its related products and services (collectively, "Services"). This Policy is a legally binding agreement between you ("User", "you" or "your") and Charter Itinerary AG ("Charter Itinerary AG", "we", "us" or "our"). You should read this Policy so you can understand the types of cookies we use, the information we collect using cookies and how that information is used. It also describes the choices available to you regarding accepting or declining the use of cookies.

What are cookies?

Cookies are small pieces of data stored in text files that are saved on your computer or other devices when websites are loaded in a browser. They are widely used to remember you and your preferences, either for a single visit (through a "session cookie") or for multiple repeat visits (using a "persistent cookie"). Session cookies are temporary cookies that are used during the course of your visit to the Website, and they expire when you close the web browser.

Persistent cookies are used to remember your preferences within our Website and remain on your desktop or mobile device even after you close your browser or restart your computer. They ensure a consistent and efficient experience for you while visiting the Website and Services.

Cookies may be set by the Website ("first-party cookies"), or by third parties, such as those who serve content or provide advertising or analytics services on the Website ("third party cookies"). These third parties can recognize you when you visit our website and also when you visit certain other websites. Click here to learn more about cookies and how they work.

What type of cookies do we use?

Necessary cookies

Necessary cookies allow us to offer you the best possible experience when accessing and navigating through our Website and using its features. For example, these cookies let us recognize that you have created an account and have logged into that account to access the content.

Functionality cookies

Functionality cookies let us operate the Website and Services in accordance with the choices you make. For example, we will recognize your username and remember how you customized the Website and Services during future visits.

Analytical cookies

These cookies enable us and third party services to collect aggregated data for statistical purposes on how our visitors use the Website. These cookies do not contain personal information such as names and email addresses and are used to help us improve your user experience of the Website.

Social media cookies

Third party cookies from social media sites (such as Facebook, Twitter, etc) let us track social network users when they visit or use the Website and Services, or share content, by using a tagging mechanism provided by those social networks.

These cookies are also used for event tracking and remarketing purposes. Any data collected with these tags will be used in accordance with our and social networks’ privacy policies. We will not collect or share any personally identifiable information from the user.

What are your cookie options?

If you don't like the idea of cookies or certain types of cookies, you can change your browser's settings to delete cookies that have already been set and to not accept new cookies. Visit internetcookies.org to learn more about how to do this.

Please note, however, that if you delete cookies or do not accept them, you might not be able to use all of the features the Website and Services offer.

Changes and amendments

We reserve the right to modify this Policy or its terms relating to the Website and Services at any time, effective upon posting of an updated version of this Policy on the Website. When we do, we will post a notification on the main page of the Website. Continued use of the Website and Services after any such changes shall constitute your consent to such changes.

Acceptance of this policy

You acknowledge that you have read this Policy and agree to all its terms and conditions. By accessing and using the Website and Services you agree to be bound by this Policy. If you do not agree to abide by the terms of this Policy, you are not authorized to access or use the Website and Services.

Contacting us

If you would like to contact us to understand more about this Policy or wish to contact us concerning any matter relating to our use of cookies, you may send an email to hello@charteritinerary.com.

Data Processing Agreement (“AGREEMENT”)

You(“Customer”) are entering into a business relationship with

Charter Itinerary AG, with registered office at, Florastrasse 40, 8008 Zurich, Switzerland (company number CHE-358.606.500) (“Supplier”).

Background

Customer has engaged (or proposes to engage) Supplier to provide software services (SaaS) (“Services”) described in an agreement (terms of service) between Customer and the Supplier (the "Services Agreement").
In the course of providing the Services, Supplier will be processing Customer Personal Data (as defined below) on behalf of Customer. This Agreement sets out the terms on which Supplier will be processing that Customer Personal Data.

Agreed Terms

Definitions
1. In this Agreement:
  1. “Customer Personal Data” means any Personal Data for which Customer is a controller.
  2. “Customer Personal Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Customer Personal Data.
  3. “Data Protection Laws” means any applicable privacy or data protection laws or regulations, including as the case may be and without limitation the GDPR, the Swiss Federal Act on Data Protection, the UK Data Protection Act 2018 (“DPA 2018”) and any other federal, state, or local privacy, data protection, information security, or related laws or regulations (together, including any similar, analogous or successor laws, regulations, or other standards).
  4. “EEA” means the European Economic Area.
  5. “EU GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
  6. “GDPR” means UK GDPR or EU GDPR, as applicable.
  7. “Personal Data” means any information relating to identified or identifiable natural persons; that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked to, directly or indirectly, a particular individual, consumer, data subject, or household; or that is defined as “personal data,” “personal information,” “personally identifiable information” or similar term under applicable Data Protection Laws (as defined herein), and shall include any IP addresses, cookies or other identifiers for individual users..
  8. “Security Measures” means technical and organisational measures against unauthorised or unlawful processing, access, disclosure, copying, modification, storage, reproduction, display or distribution of Customer Personal Data, and against accidental or unlawful loss, destruction, alteration, disclosure or damage of Customer Personal Data.
  9. “Standard Contractual Clauses” means any or all of the following:
    1. the standard contractual clauses for the transfer of personal data to third countries set out in European Commission Decision 2021/914;
    2. in respect of transfers subject to the EU GDPR or Swiss Federal Act on Data Protection only, until 27 December 2022 the standard contractual clauses set out in the Data Protection Directive 95/46 in relation only to contracts that were concluded before 27 September 2021, provided that the processing operations that are the subject matter of the contract remain unchanged;
    3. the international data transfer agreement issued by the UK Information Commissioner under section 119A of the DPA 2018;
    4. the international data transfer addendum to the European Commission’s standard contractual clauses for international data transfers issued by the UK Information Commissioner under section 119A of the DPA 2018; or
    5. such standard contractual provisions issued by the UK Information Commissioner or European Commission as may replace any of the above from time to time.
  10. “UK GDPR” means (i) the retained EU law version of the EU GDPR as in force in in UK, (ii) the DPA 2018, (iii) or similar legislation as implemented under English law in each case in force in England from time to time.
  11. The terms “controller”, “processor”, “data subject” and “processing” have the meanings given to them in GDPR.
2. In this Agreement, the following rules apply:
  1. a “person” includes a natural person, corporate or unincorporated body (whether or not having separate legal personality);
  2. a reference to a party includes its personal representatives, successors or permitted assigns;
  3. a reference to a statute or statutory provision is a reference to such statute or statutory provision as amended or re-enacted. A reference to a statute or statutory provision includes any subordinate legislation made under that statute or statutory provision, as amended or re-enacted;
  4. any phrase introduced by the terms “including”, “include”, “in particular” or any similar expression will be construed as illustrative and will not limit the sense of the words preceding those terms; and
  5. a reference to “writing” or “written” includes emails but not faxes.
Agreement
1. In consideration of Customer engaging Supplier to process Customer Personal Data and Customer agreeing to comply with Customer’s obligations under this Agreement, Supplier undertakes to comply with Supplier’s obligations set out in this Agreement.
2. This Agreement shall form part of the Services Agreement and the terms of the Services Agreement will apply to this Agreement.
Data processing Particulars
1. Each of the parties acknowledges and agrees that the table set out in Annex 1 is an accurate description of the processing of Customer Personal Data under this Agreement.
2. Either party may from time to time propose in writing updates to the table set out in Annex 1 in order to ensure it remains an accurate description of the Data Protection Particulars, and neither party will unreasonably withhold its consent to any change reasonably necessary to ensure the table remains an accurate description of the Data Protection Particulars.
Data processing
1. Supplier acknowledges that it acts as a processor in respect of any Customer Personal Data processed by it in connection with this Agreement.
2. Subject to clause 4, Supplier will:
  1. process Customer Personal Data only to the extent, and in such a manner, as is necessary for the provision of the Services in accordance with the Services Agreement, together with any other purposes described in the Data Processing Particulars, in accordance with Customer's written instructions as set out in this Agreement;
  2. not process Customer Personal Data for any other purpose or in a way that does not comply with this Agreement or the Data Protection Laws; and
  3. taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, in relation to the Customer Personal Data, implement appropriate technical and organisational measures to ensure that a level of security appropriate to the risk including considering those measures referred to in Article 32 of the GDPR (‘Security of processing’); and
  4. comply with all obligations imposed on processors by the Data Protection Laws from time to time.
3. Supplier will promptly notify Customer if:
  1. in Supplier’s opinion, any Customer instruction would not comply with the Data Protection Laws; or
  2. if it is required under applicable law to process any Customer Personal Data other than as stated in clause 4.2, except where those laws prohibit Supplier notifying Customer on important grounds of public interest.
Compliance with data protection laws
1. Customer warrants it has all rights to appoint the Supplier to process the Customer Personal Data in compliance with all Data Protection Laws and the processing of the Customer Personal Data by the Supplier will not put the Supplier in breach of the Data Protection Laws
2. Supplier will reasonably assist Customer with meeting Customer’s compliance obligations under the Data Protection Laws, taking into account the nature of Supplier’s processing and the information available to Supplier, including in relation to Data Subject and consumer rights, data protection impact assessments and reporting to and consulting with supervisory authorities under the Data Protection Laws.
3. In particular, Supplier will at the request of the Customer and in respect of the Customer Personal Data in so far as which the Supplier is acting as processor:
  1. promptly comply with any reasonable Customer request or instruction requiring Supplier to amend, transfer, delete or otherwise process Customer Personal Data, or to stop, mitigate or remedy any unauthorised processing;
  2. promptly (and in any event within 48 hours of receipt) notify Customer if Supplier receives any complaint, notice or communication that relates directly or indirectly to the processing of Customer Personal Data by the Supplier as processor;
  3. promptly (and in any event within 48 hours of receipt) notify Customer if it receives a request from a data subject for access to their Customer Personal Data or to exercise any of their related rights under the Data Protection Laws in respect of the Customer Personal Data;
  4. promptly provide reasonable assistanceto the Customer with all notices, requests or other enquiries in respect of the Customer Personal Data relating to the Data Protection Laws which may be received whether by Customer or Supplier, including requests from data subjects and consumers;
  5. promptly provide reasonable assistance to the Customer in fulfilling any obligation to respond to requests by data subjects or consumers, including Customer’s obligation to respond to requests for exercising the data subject’s or consumer’s rights laid down in Data Protection Laws;
  6. not disclose any Customer Personal Data in response to any data subject or consumer access request without first obtaining the consent of Customer;
  7. not disclose any Customer Personal Data to a third party except at the specific request of Customer or where obliged to do so under any requirements of law (in which case where permissible it will advise Customer in advance of such disclosure);
  8. promptly provide reasonable assistance to the Customer in ensuring compliance with any obligations of Customer in respect of data protection impact assessments and prior consultation, including if applicable Customer’s obligations pursuant to Articles 35 and 36 of GDPR;
  9. promptly provide any information reasonably requested by Customer and in the Customer’s possession concerning Supplier’s systems and processes relating to the processing of Customer Personal Data under this Agreement and Supplier’s compliance with its obligations under this Agreement; and
  10. allow its data processing facilities, procedures and documentation to be submitted for scrutiny by Customer or its auditors in order to ascertain compliance with the terms of this Agreement provided reasonable notice is given in advance.
  11. The Customer shall reimburse the Supplier for any third party costs, expenses and any time reasonably incurred by the Supplier in connection with the fulfilment of the Supplier’s obligations under clause 5.3 (d), (e) and (h).
Confidentiality
1. Supplier will maintain the confidentiality of all Customer Personal Data and will not disclose Customer Personal Data to third parties unless Customer or this Agreement specifically authorises the disclosure, or as required by law. If a law, court, regulator or supervisory authority requires Supplier to process or disclose Customer Personal Data, Supplier will first inform Customer of the legal or regulatory requirement and give Customer an opportunity to object or challenge the requirement, unless the law prohibits such notice.
2. Supplier will ensure that only such of its employees who may be required by Supplier to assist it in meeting its obligations under this Agreement will have access to the Customer Personal Data and that all employees’ use of it will be subject to written contractual obligations which are no less onerous than those imposed on Supplier by this Agreement, including contractual or statutory obligations of confidentiality no less onerous than those set out in clause 6.1.
Subprocessors
1. Supplier will not engage another processor (“Subprocessor”) to process Customer Personal Data without prior specific or general written authorisation of Customer. Customer authorises Supplier to engage the Subprocessors set out in Annex 2 (if any).
2. Supplier will inform the controller of any intended changes concerning the addition or replacement of Subprocessors.
3. If Customer objects to any change under clause 7.2 then Customer will have the right to terminate the Services Agreement by notice in writing to Supplier (given within 90 days of Customer’s receiving notice under clause 7.2), and Supplier will provide a pro rata refund of prepaid fees upon that termination taking effect.
4. Without prejudice to Customer’s rights under clause 7.3, Supplier will (at Customer’s request) discuss in good faith with Customer how to resolve Customer’s objections to a change notified under clause 7.2.
5. Supplier will ensure that any Subprocessor is bound by obligations no less onerous than those set out in this Agreement. In particular, any Subprocessor will enter into a written agreement that:
  1. imposes obligations to implement appropriate technical and organisational measures to ensure that the processing will meet the requirements of Data Protection Laws;
  2. requires Subprocessor to access, retain, process, and use Customer Personal Data solely as necessary to provide services to Customer or Supplier acting on either entity’s behalf; and
  3. prohibits Subprocessor from selling Customer Personal Data.
6. Supplier will be liable for the acts or omissions of any Subprocessor in relation to Customer Personal Data as if they were the acts or omissions of Supplier.
Security
1. Supplier will at all times implement appropriate Security Measures. Supplier will document those Security Measures in writing and periodically review them to ensure they remain current and complete, at least annually.
2. Supplier will implement such Security Measures to ensure a level of security appropriate to the risk involved, including as appropriate:
  1. the pseudonymisation and encryption of personal data;
  2. the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
  3. the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; and
  4. a process for regularly testing, assessing and evaluating the effectiveness of security measures.
Customer personal data breach
1. Supplier will notify Customer without undue delay if any Customer Personal Data is lost or destroyed or becomes damaged, corrupted, or unusable. Supplier will restore that Customer Personal Data at its own expense.
2. Supplier will notify Customer without undue delay if it becomes aware of any Customer Personal Data Breach.
3. Where Supplier becomes aware of a Customer Personal Data Breach, it will, without undue delay, also provide Customer with the following information:
  1. a description of the nature of the Customer Personal Data Breach, including the categories and approximate number of both Data Subjects and Personal Data records concerned;
  2. the likely consequences; and
  3. a description of the measures taken, or proposed to be taken to address the Customer Personal Data Breach, including measures to mitigate its possible adverse effects.
4. Following any Customer Personal Data Breach, the parties will co-ordinate with each other to investigate the matter. Supplier will provide all reasonable cooperation with Customer in Customer’s handling of the matter, including:
  1. assisting with any investigation;
  2. providing Customer with physical access to any facilities and operations affected;
  3. facilitating interviews with Supplier’s employees, former employees and others involved in the matter;
  4. making available all relevant records, logs, files, data reporting and other materials required to comply with all Data Protection Laws or as otherwise reasonably required by Customer; and
  5. taking reasonable and prompt steps to mitigate the effects and to minimise any damage resulting from the Customer Personal Data Breach.
5. Supplier will not inform any third party of any Customer Personal Data Breach without first obtaining Customer’s prior written consent, except when required to do so under the Data Protection Laws.
6. Supplier agrees that Customer has the sole right to determine:
  1. whether to provide notice of a Customer Personal Data Breach to any Data Subjects, supervisory authorities, regulators, law enforcement agencies or others, as required by law or regulation or in Customer’s discretion, including the contents and delivery method of the notice; and
  2. whether to offer any type of remedy to affected Data Subjects, including the nature and extent of such remedy.
7. Supplier will cover all reasonable expenses associated with the performance of the obligations under clause 9.3 and clause 9.4, unless the matter arose from Customer’s specific instructions, negligence, wilful default or breach of this Agreement, in which case Customer will cover all reasonable expenses.
8. Supplier will also reimburse Customer for actual reasonable expenses that Customer incurs when responding to a Customer Personal Data Breach to the extent that Supplier caused that Customer Personal Data Breach, including all costs of notice and any remedy as set out in clause 9.6.
Data Transfers
1. Supplier will not transfer any Customer Personal Data from one jurisdiction to another jurisdiction without obtaining Customer’s prior written consent. Customer hereby consents to the transfer of Customer Personal Data to the Sub-processors set out in Annex 2, subject to the Supplier’s compliance with this DPA and in particular this Clause 10.
2. Where such consent is granted, Supplier will only process Customer Personal Data outside of the United Kingdom or EEA or Switzerland in compliance with appropriate safeguards (as set out in Article 46 of GDPR or UK GDPR and the Swiss Federal Act on Data Protection), including entering into and complying with any required Standard Contractual Clauses with any Sub-processor and (promptly upon Customer’s written request) with Customer.
3. If at any time the United Kingdom is (for the purposes of EU GDPR and/or the Swiss Federal Act on Data Protection) a third country which the European Commission or the Swiss Federal Data Protection and Information Commissioner has not decided offers an adequate level of protection (as defined in EU GDPR and in the Swiss Federal Act on Data Protection), then the parties will cooperate to implement such measures as Customer may reasonably request (including the signing of standard contractual clauses) in order to ensure that any transfers of Customer Personal Data to or from the United Kingdom comply with the requirements of the Data Protection Laws.
4. Supplier warrants that, where applicable, it has relied on an adequacy finding or has entered into an international data transfer agreement (as referred to in (i) of the definition of Standard Contractual Clauses) or international data transfer addendum (as referred to in (ii) of the definition of Standard Contractual Clauses) with each Sub-processor outside the UK, EEA or Switzerland.
Termination of the services agreement
1. This Agreement will terminate immediately upon termination of the Services Agreement.
2. On termination of this Agreement, howsoever caused, Supplier will immediately cease processing the Customer Personal Data and, at Supplier’s option or direction, arrange for the prompt and safe return or destruction of all Customer Personal Data together with all copies in its possession or control and, where requested by Customer, certify that such destruction has taken place.

Annex 1

Data processing particulars

The subject matter and duration of the processing	The provision of Services by Supplier under the Services Agreement for the duration of the Services Agreement.
The nature and purpose of the processing	Providing a tool for charter professionals to manage the charter enquiry process form start to finish, including creating itineraries, yacht proposals, managing guest preferences, managing charter contract payments and other processes involved in a yacht charter transaction. Providing customer support for the above.
The type of Personal Data being processed	first name, last name; address; passport number; bank account details; and/or email address (all such data if and to the extent Customer elects to provide this data as it is not required to use the tool/Services).
The categories of data subjects	Clients of Customer/Users of the Services (in particular yacht owners and charterers/charter clients)

Annex 2

Subprocessors

Subprocessor name	Subprocessor location	Subprocessor role
Amazon Web Services, Inc.	P.O. Box 81226 Seattle, WA 98108-1226 USA http://aws.amazon.com	Hosting, Storage and diagnostics