We at Runai Labs Ltd. and Runai Labs USA Inc. (“Run:AI “ “us”, “we”, or “our”) recognize and respect the importance of maintaining the privacy of our customers and their end users. This Privacy Notice describes the types of information we collect from you when you visit our website and/or platform (respectively “Site” and ”Platform”) and/or use our services (“Services”). This Privacy Notice also explains how we process, transfer, store and disclose the information collected, as well as your ability to control certain uses of the collected information. If not otherwise defined herein, capitalized terms have the meaning given to them in the Terms of Service, available at https://www.run.ai/terms-of-service/ (“Terms”). “You” means any adult user of the Site, Platform and/or Services.
If you are an individual located in the European Union (“EU Individual”), some additional terms and rights may apply to you, as detailed herein.
Runai Labs Ltd. and Runai Labs USA Inc. are joint controllers in respect of the processing activities outlined in this Privacy Notice. For further details regarding Runai Labs Ltd.’s arrangement with Runai Labs USA Inc., please contact us at email@example.com. Runai Labs Ltd.’s details and contact information are as follows: 17 Haarba’a st, Tel-Aviv, Israel. Runai Labs USA Inc.’s details and contact information are as follows: Delancey 85 St, New York, NY, 10002, USA.
When we process information in the context of providing Services to our customers (“Customers”), including with regard to each Customer’s end users, the applicable Customer serves as a controller with respect to such Customer’s end user Personal Data (as defined below) and we serve as a processor on its behalf.
“Personal Data” means any information that refers, is related to, or is associated with an identified or identifiable individual or as otherwise may be defined by applicable law. This Privacy Notice details which Personal Data is collected by us in connection with provision of the Services.
Privacy Notice Key Points
The key points listed below are presented in further detail throughout this Privacy Notice. You can click on the headers in this section in order to find out more information about any topic. These key points do not substitute the full Privacy Notice.
- Personal Data We Collect, Uses and Legal Basis. We collect certain Personal Data that you provide to us including registration information, and contact information. We also collect certain Personal Data automatically when you use the Site, Platform and/or Services. We use your Personal Data for various reasons, including to provide you with the Site, Platform and/or Services, improve our Services, and to contact you with marketing offers. These processing activities are based on different legal bases including performance of a contract, legitimate interests, and your consent.
- Sharing the Personal Data We Collect. We share the Personal Data we collect with our service providers and subcontractors who assist us in the operation of the Site, Platform and/or Services and process the information on our behalf and under our instructions. As joint controllers, Runai Labs Ltd. and Runai Labs USA Inc. share the data with each other. When we act as a processor on behalf of our Customers, we will share your Personal Data with the applicable Customer.
- International Transfer. Some of our service providers, subcontractors, business partners or affiliates who have access to your Personal Data are located in countries other than your own. We will ensure that we have agreements in place with such parties that ensure the same level of privacy and data protection as set forth in this Privacy Notice.
- We implement measures aimed at protecting your Personal Data, but they do not provide absolute information security. Such measures include physical, electronic, and procedural safeguards (such as secure servers, firewalls, and SSL encryption), access control, and other internal security policies.
- Your Rights. Subject to applicable law and in addition to other rights as set forth below, you may have a right to access, update, delete, and/or obtain a copy of the Personal Data we have collected about you. You also have the right to object at any time to processing your Personal Data for certain purposes, including marketing purposes. You have the right to withdraw your consent to processing, if provided, at any time by contacting us at firstname.lastname@example.org.
- Data Retention. We retain Personal Data for as long as necessary for the purposes set forth in this Privacy Notice. We consider a number of different factors when determining the appropriate retention periods.
- We do not knowingly collect Personal Data from children under the age of sixteen (16).
- Third-Party Applications and Services. All use of third-party applications or services is at your own risk and subject to such third party’s privacy policies.
- We may send you e-mail or other messages about us or our Services. You will have the opportunity to opt-out of receiving certain messages that are not service-related.
- Changes to the Privacy Notice. We may change this Privacy Notice from time to time and shall notify you of such changes by indicating on the Site that the Privacy Notice has been amended and by publishing an updated Privacy Notice on the Site.
- Comments and Questions. If you have any comments or questions about this Privacy Notice, or if you wish to exercise your legal rights with respect to your Personal Data, please contact us at email@example.com.
Personal Data We Collect, Uses and Legal Basis
Depending on your usage, we collect different types of data and we and any of our third-party sub-contractors and service providers use the data we collect for different purposes, as specified below. It is your voluntary decision whether to provide us with certain Personal Data, but if you refuse to provide such Personal Data we may not be able to register you to the Site, Platform and/or provide you with the Services or part thereof.
Data Collected from the Site:
Contact Information - In order to contact us through the Site, you will be required to provide us with the following Personal Data: name, email address and company name.
How we use this data: (1) respond to your inquiries and requests and to contact and communicate with you; and (2) to provide you with informational newsletters and promotional materials relating to our Platform and Services, including via email. For more information about our direct marketing activities and how you can control your preferences, please see the Direct Marketing section below.
Legal Basis: We process this Personal Data for the purpose of responding to your inquiries and requests, which is considered performance of a contract with you, as applicable, including responding to your inquiries and requests and providing customer support.
Automatically Collected Data - When you visit the Site, we automatically collect information about your computer or mobile device, including non-Personal Data such as your operating system, and Personal Data such as IP address, device ID, and subject to your consent as may be required under applicable law, (geo) location, as well as your browsing history and any information regarding your viewing history on the Services or Site. For more information about the cookies and similar technologies we use and how to adjust your preferences, please see the section “Cookies and Similar Technologies” below.
How we use this data: (1) to review usage and operations, including in an aggregated non-specific analytical manner, develop new products or services and improve current content, products, and Services; (2) to prevent fraud, protect the security of our Site and Services, and address any problems with the Site and/or Services; (3) to provide you with customized content, targeted offers, and advertising related to our products and Services, based on your usage history on the Site/App/Platform, on other third-party sites or apps you may visit and/or use, or via e-mail.
Legal Basis: We process this Personal Data for our legitimate interests to develop and improve our products and Services, review usage, perform analytics, prevent fraud, for our record keeping and protection of our legal rights and to market our own products and services. ’Additional information regarding direct marketing is provided below.
Statistical Information and Analytics
We and/or our service providers use analytics tools, including “Google Analytics” to collect and analyze information about the use of the Site and/or Services, such as how often users visit the Site, what pages they visit when they do so, and what other sites and mobile applications they used prior to visiting the Site. By analyzing the information we receive, we may compile statistical information across a variety of platforms and users, which helps us improve our Site and Services, understand trends and customer needs and consider new products and services, and tailor existing products and services to customer desires. The information we collect is anonymous and aggregated and we will not link it to any Personal Data. We may share such anonymous information with our partners, without restriction, on commercial terms that we can determine in our sole discretion. You can find more information about how Google collects information and how you can control such use at https://policies.google.com/technologies/partner-sites.
Data Collected from the Platform:
Platform Registration Data - In order to use our Platform and/or receive related Services, you will be required to register and provide us with the following Personal Data: your email address and password.
How we use this data: (1) to provide you with the Platform and/or Services and to respond to your inquiries and requests and to contact and communicate with you; (2) to prevent fraud, protect the security of and address any problems with the Platform, and (3) to provide you with informational newsletters and promotional materials relating to our Platform and Services, including via email. For more information about our direct marketing activities and how you can control your preferences, please see the Direct Marketing section below.
Legal Basis: (1) We process this Personal Data for the purpose of providing the Services to you and our Customers, which is considered performance of a contract with you or our Customers, as applicable, including responding to your inquiries and requests and providing customer support. (2) When we process your Personal Data for the purposes of preventing fraud, protecting the security of and/or addressing problems with the Site and Services and/or for the purpose of providing you with informational newsletters and promotional materials relating to our Services, such processing is based on our legitimate interests.
Data collected by means of the Platform – when Customers and their personnel use the Platform, we collect the following data: When you use the Platform, we automatically collect information about your computer and machine, including machine name, internal IPs, Machine characteristics including CPU/GPU/Memory, list of workloads being run by the user including, container names, requested and allocated GPU/CPU resources, job statuses, names of container owners, training status information sent by container itself, list of projects names and quotas.
How we use this data: To provide you with the Services.
Legal Basis: We process this Personal Data for the purpose of performance of a contract with you.
Additional Uses of Data
As described above, we may use Personal Data to let you know about our products and Services that we believe will be of interest to you. We may contact you by email, post, or telephone or through other communication channels. In all cases, we will respect your preferences for how you would like us to manage marketing activity with respect to you. To protect privacy rights and to ensure you have control over how we manage marketing with you:
- We will take steps to limit direct marketing to a reasonable and proportionate level and only send you communications which we believe may be of interest or relevance to you.
- You can ask us to stop sending email marketing by following the “unsubscribe” link you will find on all the email marketing messages we send you. Alternatively, you can contact us at firstname.lastname@example.org.
- You can change the way your browser manages cookies, which may be used to deliver online advertising, by following the settings on your browser as explained below. If our marketing activities are based upon your consent, you may withdraw this consent at any time.
Sharing the Personal Data We Collect
We share your information, including Personal Data, as follows:
As joint controllers, we at Runai Labs Ltd. and Runai Labs USA Inc. share information, including your Personal Data, with each other where this is necessary to provide you with our products and Services, and for the purpose of management of our business.
Service Providers, and Subcontractors
We disclose information, including Personal Data we collect from and/or about you, to our trusted service providers and subcontractors, who have agreed to confidentiality restrictions and who use such information solely on our behalf in order to: (1) help us provide you with the Site, Platform and/or Services; (2) aid in their understanding of how users are using our the Site, Platform and/or Services; (3) for the purpose of direct marketing (see above for more details)
Such service providers and subcontractors provide us with IT and system administration services, data backup, security, and storage services, data analysis and help us serve advertisements and provide other marketing services.
Your Personal Data may be disclosed as part of, or during negotiations of, any merger, sale of company assets or acquisition (including in cases of liquidation) in such case, your Personal Data shall continue being subject to the provisions of this Privacy Notice.
Law Enforcement Related Disclosure
We may share your Personal Data with third parties: (i) if we believe in good faith that disclosure is appropriate to protect our or a third party’s rights, property or safety (including the enforcement of the Terms and this Privacy Notice); (ii) when required by law, regulation subpoena, court order or other law enforcement related issues, agencies and/or authorities; or (iii) as is necessary to comply with any legal and/or regulatory obligation.
We may use your Personal Data as required or permitted by any applicable law, for example, to comply with audit and other legal requirements.
We use subcontractors and service providers and have affiliates who are located in countries other than your own, such as the United States of America and send them information we receive (including Personal Data). We conduct such international transfers for the purposes described above. We will ensure that these third parties will be subject to written agreements ensuring the same level of privacy and data protection as set forth in this Privacy Notice, including appropriate remedies in the event of the violation of your data protection rights in such third country.
Whenever we transfer your Personal Data to third parties based outside of the European Economic Area (“EEA”), we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for Personal Data by the European Commission.
- Where we use certain service providers not located in countries with an adequate level of protection as determined by the European Commission, we may use specific contracts approved by the European Commission which give Personal Data the same protection it has in the EEA.
- Where we use service providers based in the US, we may transfer Personal Data to them if they have been certified by the EU-US Privacy Shield, which requires them to provide similar protection to Personal Data shared between the EU and the US or any other arrangement which has been approved by the European Commission or other body having jurisdiction to approve such arrangement.
Please contact us at email@example.com] if you would like further information on the specific mechanism used by us when transferring your Personal Data out of the EEA.
We have implemented and maintain appropriate technical and organization security measures, policies and procedures designed to reduce the risk of accidental destruction or loss, or the unauthorized disclosure or access to Personal Data appropriate to the nature of such data. The measures we take include:
Safeguards – The physical, electronic, and procedural safeguards we employ to protect your Personal Data include secure servers, firewalls, and SSL encryption of data.
Access Control – We dedicate efforts for a proper management of system entries and limit access only to authorized personnel on a need to know basis of least privilege rules, review permissions quarterly, and revoke access immediately after employee termination. ]
Internal Policies – We maintain and regularly review and update our privacy related and information security policies.
Personnel – We require new employees to sign non-disclosure agreements according to applicable law and industry customary practice.
Encryption – We encrypt the data in transit using secure protocols.
Database Backup – Our databases are backed up on a periodic basis for certain data and are verified regularly. Backups are encrypted and stored within the production environment to preserve their confidentiality and integrity, are tested regularly to ensure availability, and are accessible only by authorized personnel.
However, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
As the security of information depends in part on the security of the computer you use to communicate with us and the security you use to protect user IDs and passwords, please take appropriate measures to protect this information.
Your Rights - How to Access and Limit Our Use of Certain Personal Data
Subject to applicable law and certain exemptions, and in some cases dependent upon the processing activity we are undertaking, you have certain rights in relation to the Personal Data that we or other controllers hold about you, as detailed below. For any requests to exercise such rights with respect to information held by other controllers, please contact the applicable controller directly. If you wish for us to notify all independent controllers, please specify that request when you contact us in order to exercise any of your rights. We will investigate and attempt to resolve complaints and disputes and make every reasonable effort to honour your wish to exercise your rights as quickly as possible and, in any event, within the timescales provided by applicable data protection laws. We reserve the right to ask for reasonable evidence to verify your identity before we provide you with any information and/or comply with any of your requests, as detailed below:
- Right of Access. You have a right to know what Personal Data we collect about you and, in some cases, to have such Personal Data communicated to you. Subject to applicable law, we may charge you with a fee. Please note that we may not be able to provide you with all the information you request, and, in such case, we will endeavor to explain to you why.
- Right to Data Portability. If the processing is based on your consent or performance of a contract with you and processing is being carried out by automated means, and if you are an EU individual you may be entitled to (request that we) provide you or another party with a copy of the Personal Data you provided to us in a structured, commonly-used, and machine-readable format.
- Right to Correct Personal Data. Subject to the limitations in applicable law, you may request that we update, complete, correct or delete inaccurate, incomplete, or outdated Personal Data.
- Deletion of Personal Data (“Right to Be Forgotten”). If you are an EU Individual, you have a right to request that we delete your Personal Data if either: (i) it is no longer needed for the purpose for which it was collected, (ii) our processing was based on your consent and you have withdrawn your consent, (iii) you have successfully exercised your Right to Object (see below), (iv) processing was unlawful, or (iv) we are required to erase it for compliance with a legal obligation. We cannot restore information once it has been deleted.. We may retain certain Personal Data (including following your request to delete) for audit and record-keeping purposes, or as otherwise permitted and/or required under applicable law.
- Right to Restrict Processing. If you are an EU Individual, you can ask us to limit the processing of your Personal Data if either: (i) you have contested its accuracy and wish us to limit processing until this is verified; (ii) the processing is unlawful, but you do not wish us to erase the Personal Data; (iii) it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise, or defend of a legal claim; (iv) you have exercised your Right to Object (below) and we are in the process of verifying our legitimate grounds for processing. We may continue to use your Personal Data after a restriction request under certain circumstances.
- Direct Marketing Opt Out. You can change your mind at any time about your election to receive marketing communications from us and/or having your Personal Data processed for direct marketing purposes. If you do, please notify us by contacting us at firstname.lastname@example.org. We will process your request as soon as reasonably possible, however it may take a few days for us to update our records before any opt out is effective.
- Right to Object. If you are an EU Individual, you can object to any processing of your Personal Data which has our legitimate interests as its legal basis, if you believe your fundamental rights and freedoms outweigh our legitimate interests. If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.
- Withdrawal of Consent. You may withdraw your consent in connection with any processing of your Personal Data based on a previously granted consent. This will not affect the lawfulness of any processing prior to such withdrawal.
- Right to Lodge a Complaint with Your Local Supervisory Authority. If you are an EU Individual, you may have the right to submit a complaint to the relevant supervisory data protection authority if you have any concerns about how we are processing your Personal Data, though we ask that as a courtesy you please attempt to resolve any issues with us first.
Subject to applicable law, we retain Personal Data as necessary for the purposes set forth above. We may delete information from our systems without notice to you once we deem it is no longer necessary for these purposes. Retention by any of our processors may vary in accordance with the processor’s retention policy.
In some circumstances, we may store your Personal Data for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax, audit, accounting requirements and so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your Personal Data or dealings. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data, and whether those purposes can be achieved through other means, as well as applicable legal requirements.
Please contact us at email@example.com if you would like details regarding the retention periods for different types of your Personal Data.
Cookies and Similar Technologies
What are Cookies?
A cookie is a small piece of text that is sent to a user’s browser or device. The browser provides this piece of text to the device of the originating user when this user returns.
- A “session cookie” is temporary and will remain on your device until you leave the Site.
- A “persistent” cookie may be used to help save your settings and customizations across visits. It will remain on your device until you delete it.
- First-party cookies are placed by us, while third-party cookies may be placed by a third party. We use both first- and third-party cookies.
- We may use the terms “cookies” to refer to all technologies that we may use to store data in your browser or device or that collect information or help us identify you in the manner described above, such as web beacons or “pixel tags”.
The specific names and types of the cookies, web beacons, and other similar technologies we use may change from time to time. However, the cookies we use generally fall into one of the following categories:
Third Party Cookies
How to Adjust Your Preferences
Most Web browsers are initially configured to accept cookies, but you can change this setting so your browser either refuses all cookies or informs you when a cookie is being sent. In addition, you are free to delete any existing cookies at any time. Please note that some features of the Services may not function properly when cookies are disabled or removed. For example, if you delete cookies that store your account information or preferences, you will be required to input these each time you visit.
Third-Party Applications and Services
All use of third-party applications or services is at your own risk and subject to such third party’s terms and privacy policies.
We reserve the right to send you service-related communications, including service announcements and administrative messages, without offering you the opportunity to opt out of receiving them.
We do not knowingly collect Personal Data from children under the age of sixteen (16). In the event that you become aware that an individual under the age of sixteen (16) has enrolled or used the Site and/or Platform without parental permission, please advise us immediately.
Changes to the Privacy Notice
We may update this Privacy Notice from time to time to keep it up to date with legal requirements and the way we operate our business, and we will place any updates on this webpage. Please come back to this page every now and then to make sure you are familiar with the latest version. If we make material changes to this Privacy Notice, we will seek to inform you by notice on our Site or per email.
Comments and Questions
If you have any comments or questions about this Privacy Notice or if you wish to exercise any of your legal rights as set out herein, please contact us at firstname.lastname@example.org.
Last updated: April 2020
Run:AI Terms of Service
Runai Labs Ltd., and Runai Labs USA Inc. (“Run:AI” or “us”, “our”, “we”) provides a website located at run.ai (the “Site”) and a management platform for AI infrastructure (the “Platform” and together with the Site, the “Solution”). The Platform is provided through a cloud-based platform located at app.run.ai. These Terms of Service (these “Terms”) govern our provision of Solution to you in connection with, or your access and use of the Solution. “User/s” or “you” includes persons visiting the Run:AI Site, as well as organizations which have subscribed to use the Platform and their personnel or persons affiliated with them.
Please read these Terms carefully. These Terms govern your use of the Solution. You must accept these Terms prior to using the Solution. By using the Solution, you signify your assent to these Terms and all their exhibits and you represent that you are authorized to accept these Terms on behalf of your company or organization. With respect to users of the Platform, your consent to be bound by these terms is both on your own behalf and on behalf of any corporate entity that employs you or which you represent or with which you are affiliated, and the term “you” as used herein will be deemed to refer to both you and your employer or entity with which you are affiliated, jointly and severally. Changes may be made to these Terms from time to time. Your continued use of the Solution will be deemed acceptance to amended or updated Terms. As such, you should check frequently to see if we have updated these Terms. If you do not agree to any of these Terms, please do not use the Solution.
- Solution. Subject to the terms and conditions of these Terms, Run:AI shall provide User with a limited, revocable, non-exclusive, non-transferable, non-sublicenseable license to the Solution. Subject to the terms and conditions hereof, Users may use the Solution for internal business purposes only. Run:AI reserves the right to modify the Solution at any time in its sole discretion subject to written notification to User of such modification. You are not entitled to any source code or executables in respect of the Solution. User will receive bug fixes and updates to the Solution during the term of these Terms and subject to the terms and conditions of these Terms. No licenses or rights are granted herein by estoppel or by implication. User represents that it has all necessary authority to enter into these Terms and that the execution of these Terms and the receipt of the Solution will not conflict with any legal, regulatory or contractual obligations of User.
- Registration. You must register with Run:AI in order to use the Platform. To register you must provide specified information and select a password. You may not provide false information during the registration process and you must keep all information up-to-date. You should not reveal your password to anyone else. You agree to immediately notify Run:AI of any unauthorized use of your account or password. You are fully and solely responsible for all activity on your account, even if such activities were not committed by you. Notwithstanding anything to the contrary herein, Run:AI will not be liable for any losses or damage arising from unauthorized use of your account or password unless you have notified us that your account has been compromised, and have requested us to block access to it.
- Restrictions. Except as set forth expressly herein, you shall not, and shall not permit any third party, to (a) use the Solution to provide services to any third party, (b) reverse engineer or attempt to find the underlying code of the Solution, (c) modify the Solution in any way, (d) circumvent any security or access control features of the Solution, (e) sublicense your rights hereunder or provide any third party with access to the Solution, (f) rent, lease, modify, copy, loan, transfer, distribute or create derivative works of the Solution or (f) use the Solution in a manner that violates applicable law; or (g) use the Solution for purposes other than those expressly permitted herein. To the extent any of the restrictions set forth in this Section are not enforceable under applicable law, you shall inform Run:AI in writing in each instance prior to engaging in the applicable activity. You shall use the Solution only in accordance with applicable law (including any law concerning the collection, use and storage of Personal Data) and shall have all responsibility and liability for any use of the Solution in violation of applicable law.
- Intellectual Property. All right, title and interest in and to the Solution and related documentation and all enhancements, derivatives, bug fixes or improvements to the foregoing shall at all times remain with Run:AI or its licensors. Run:AI grants no rights in or to the Solution except as expressly set forth herein. Run:AI does not request your feedback regarding the Solution. Notwithstanding the foregoing, if you provide Run:AI with feedback regarding the Solution, Run:AI shall not be subject to any non-disclosure or non-use obligations in respect of such feedback, and may use such feedback in any manner it deems appropriate, including for commercial purposes and as part of its products and Solution.
- Data; Privacy. Run:AI collects two types of personal data: data from persons who visit the Site (“Site Data”) and data concerning individuals who use the Platform (“Platform Data”). Run:AI will own the Site Data and the User (whether the employee/person affiliated with the organization or the employer/organization) will own the Platform Data. Run:AI will implement reasonable security measures appropriate to the nature of the Site Data and Platform Data including without limitation, technical, physical, administrative and organizational controls, and will maintain the confidentiality, security and integrity of such Site Data and Platform Data. Run:AI may use and process Site Data and Platform Data for providing services to User with the Solution. Run:AI will use and process data in compliance with applicable law and in accordance with Run:AI’s Privacy Notice, as may be amended from time to time. See link at https://www.run.ai/privacy/. In processing data, Run:AI may use subcontractors that are located in third party countries. Run:AI may disclose Site Data and Platform Data to the extent required by applicable law or to cooperate with a law enforcement investigation. In addition, Run:AI may disclose Site Data and Platform Data as necessary to enforce agreements and policies, to investigate any claims against Run:AI, and to protect the rights and property of Run:AI or its agents, employees and customers. Run:AI may disclose or transfer data and information in connection with a sale of all or part of its business, or in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of its business assets. With respect to organizations using the Platform: You further represent and warrant that (a) when we process Platform Data on your behalf for the purpose provision of the services with respect to the Platform, you will at all times be considered the data Controller (as defined in the GDPR) and you are responsible for compliance with your obligations as data Controller under applicable law including the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (“GDPR”) and we shall act solely as a data Processor (as defined in the GDPR) on your behalf, all in accordance with the Data Processing Agreement (“DPA”), available at [ADD URL]; (b) you are responsible for compliance with your obligations as data Controller under applicable law including any applicable data protection laws and the GDPR (c) you have and shall maintain throughout the term of these Terms and the DPA all necessary rights and consents required under applicable law in order to provide the Platform Data to Run:AI and allow it to provide its services as a Processor; (d) you shall ensure that a record of such consents is maintained, as required under applicable law; and (e) you shall not provide Run:AI with any Special Categories of Data (as defined in the GDPR) and/or any data or information subject to special regulatory or statutory protection regimes (including but not limited to data regarding children, financial and health data).
- Representations and Warranties. You represent and warrant that you will use the Solution only in accordance with applicable law. Both Parties further represent and warrant that they have full authority to enter into these Terms, and that the provision of the Solution and associated Solution hereunder will not violate any other of their contractual or other obligations.
- Confidentiality. Either party (a “Disclosing Party”) may disclose to the other party (a “Receiving Party”) certain confidential information regarding its technology and business (“Confidential Information”). Receiving Party shall restrict disclosure of Confidential Information to those of its employees with a reasonable need to know such information and which are bound by written confidentiality obligations no less restrictive than those set out herein. All non-public information in respect of the Solution shall be deemed the Confidential Information of Run:AI. The Platform Data shall be deemed the Confidential Information of User and/or User’s employer or organization with which s/he is affiliated. The non-disclosure provisions hereof do not apply to any information that (a) is generally known to the public, (b) is made available to the Receiving Party by a third party not subject to any confidentiality obligations to the Disclosing Party or (c) is required to be disclosed by law, regulation or rule provided that the Receiving Party shall provide the Disclosing Party with prompt written notice of such obligation and shall reasonably cooperate with the Disclosing Party, at the Disclosing Party’s expense, as required to obtain confidential treatment for such information.
- Disclaimer of Warranties. OTHER THEN AS SPECIFICALLY STATED HEREIN, RUN:AI EXPRESSLY DISCLAIMS ALL IMPLIED AND STATUTORY WARRANTIES IN RESPECT of the Solution, including, but not limited to, any implied warranty of merchantability, fitness for aPARTICULAR PURPOSE OR NON- RUN:AI DOES NOT MAKE ANY WARRANTY IN RESPECT OF ANY RESULTS TO BE OBTAINED AS A RESULT OF THE USE OF THE SOLUTION. RUN:AI DOES NOT GUARANTEE THE SOLUTION WILL BE OPERABLE AT ALL TIMES OR DURING ANY DOWN TIME (1) CAUSED BY OUTAGES TO ANY PUBLIC INTERNET BACKBONES, NETWORKS OR SERVERS, (2) CAUSED BY ANY FAILURES OF YOUR EQUIPMENT, SYSTEMS OR LOCAL ACCESS SOLUTION, OR (3) FOR PREVIOUSLY SCHEDULED MAINTENANCE. NOTWITHSTANDING ANYTHING TO THE CONTRARY SET FORTH HEREIN, USER AGREES THAT USER IS SOLELY RESPONSIBLE FOR ENSURING THAT RUN:AI HAS THE LAWFUL RIGHT TO USE PERSONAL DATA IN ACCORDANCE WITH THESE TERMS, AND RUN:AI SHALL HAVE NO LIABILITY ARISING FROM OR RELATING TO USER’S FAILURE TO COMPLY WITH THIS OBLIGATION.
- Indemnification. You shall defend, indemnify and hold harmless Run:AI (and its affiliates, officers, directors and employees) from and against any and all damages, costs, losses, liabilities or expenses (including court costs and attorneys’ fees) which Run:AI may suffer or incur in connection with any claim, demand, action or other proceeding by any third party arising from or relating to (a) any breach of your obligations, representations or warranties herein, or (b) any breach of third party privacy or data protection rights arising from or relating to your breach of obligations hereunder.
- Limitation of Liability. In no event shall either party, its directors, officers, employees, agents or SHAREHOLDERS, BE LIABLE TO the other party OR ANY THIRD PARTY FOR (A) ANY INCIDENTAL, CONSEQUENTIAL, INDIRECT, SPECIAL OR PUNITIVE DAMAGES, ARISING OUT OF OR RELATING TO THE SOLUTION OR ANY OTHER MATTERS CONTEMPLATED HEREIN OR (B) ANY AMOUNT EXCEEDING US $10,000. YOU HAVE ALL RESPONSIBILITY FOR ANY DECISIONS MADE AS A RESULT OF ANY THE USE OF THE SOLUTION.
- Term. The term of these Terms shall commence on the day you accept these Terms (or, if earlier, on the day that you first use the Solution) and shall continue unless terminated by either party with 30 days prior written notice and/or, with respect to the Platform, when the services agreement between Run:AI and the User’s employer or organization with which s/he is affiliated terminates. Run:AI may terminate these Terms by written notice to you if you have materially breached any provision of these Terms or if it has reason to believe you are making illegal use of the Solution. Upon any termination or expiration of these Terms, Run:AI will cease providing you with access to the Solution. Sections 3-5 and 7-12 of these Terms shall survive any expiration or termination thereof.
- Miscellaneous. These Terms and the exhibits thereto represent the entire agreement between the parties regarding the subject matter hereof and supersede any and all other agreements or understandings between the parties, whether written or oral, regarding the subject matter hereof. Run:AI and you shall be deemed independent contractors, and nothing herein shall be deemed to create any employer-employee relationship between the parties or authorize you to make any representations, warranties or contractual obligation on behalf of Run:AI. These Terms may not be modified or amended except in a writing executed by both parties. A waiver of any default hereunder of any provision of these Terms shall not be deemed to be a continuing waiver or a waiver of any other default or of any other term or condition, but shall apply solely to the instance to which such waiver is directed. Run:AI may assign its rights or obligations pursuant to these Terms. You agree not to assign any rights or obligations under these Terms other than due to change of control, merger, acquisition or sale of all or substantially all of your shares or assets; any attempted assignment other then as specifically stated above shall be null and void. If any part of these Terms shall be invalid or unenforceable, such part shall be interpreted to give the maximum force possible to such terms as possible under applicable law, and such invalidity or unenforceability shall not affect the validity or enforceability of any other part or provision of these Terms which shall remain in full force and effect. These Terms shall be governed by the laws of the State of Israel, and the competent courts in the city of Tel-Aviv/Jaffa shall have exclusive jurisdiction to hear any disputes arising hereunder.
Data Processing Addendum
This Data Processing Addendum (“DPA”) forms an integral part of, and is subject to the Terms of Service, entered into by and between you, the customer (“Customer” or “Controller”) and Run:Ai Labs Ltd., and Run:Ai Labs USA Inc. (“Run:Ai” and the “Terms”). Capitalized terms not otherwise defined herein shall have the meaning given to them in the Terms.
Whereas, in connection with the performance of its obligations under the Terms, Run:Ai may Process Customer Personal Data (both as defined below) on behalf of the Customer; and
Whereas, the parties wish to set forth the mutual obligations with respect to the processing of Customer Personal Data by Run:Ai;
Now therefore, intending to be legally bound, the parties hereby agree as follows:
- Definitions. In addition to capitalized terms defined elsewhere in this DPA, the following terms shall have the meanings set forth below:
- “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control” for purposes of this definition means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.
- “Applicable Law” means Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”), laws implementing or supplementing the GDPR.
- “Customer Personal Data” means any Personal Data Processed by Run:Ai on behalf of Customer pursuant to or in connection with the Terms;
- “Data Protection Laws” means Applicable Law and, to the extent applicable, the data protection or privacy laws of any other applicable country as agreed in writing between the parties, including in the US and Israel.
- “Standard Clauses” means the standard clauses for the transfer of Personal Data to processors established in third countries under Directive 95/46/EC of the European Parliament and of the Council, available at:
- “Sub Processor” means any person (excluding an employee of Run:Ai or any Run:Ai Affiliate) appointed by or on behalf of Run:Ai or any Run:Ai Affiliate to Process Personal Data on behalf of the Customer in connection with the Terms; and
- The terms “Controller”, “Data Subject”, “Member State”, “Personal Data”, “Personal Data Breach”, “Processor”, “Processing” and “Supervisory Authority” shall have the meanings ascribed to them in the GDPR.
- Processing of Customer Personal Data.
- Run:Ai shall Process Customer Personal Data on Customer’s behalf and at Customer’s instructions as specified in the Terms and/or this DPA, including without limitation with regard to transfers of Customer Personal Data to a third country or international organization. Any other Processing shall be permitted only in the event that such Processing is required by any Data Protection Laws to which Run:Ai is subject. In such event, Run:Ai shall, unless prohibited by such Data Protection Laws on important grounds of public interest, inform Customer of that requirement before engaging in such Processing.
- Customer instructs Run:Ai (and authorizes Run:Ai to instruct each Sub Processor) (i) to Process Customer Personal Data for the provision of the Platform, Solution and services, as detailed in the Terms (“Services”) and as otherwise set forth in the Terms and in this DPA, and/or as otherwise directed by Customer; and (ii) to transfer Customer Personal Data to any country or territory as reasonably necessary for the provision of the Services and in accordance with Applicable Law.
- The details of the Processing of Customer Personal Data, as required by Article 28(3) of the GDPR are set forth in Schedule 1 (Details of Processing of Customer Personal Data), attached hereto.
- To the extent that the Processor Processes Personal Data in countries outside of the European Economic Area that do not provide an adequate level of data protection, as determined by the European Commission or other adequate authority as determined by the EU, the Standard Contractual Clauses shall apply and shall be incorporated herein upon execution of this DPA by the parties. Appendix 1 attached hereto shall apply as Appendix 1 of the Standard Clauses and Appendix 2 shall apply as Appendix 2 of the Standard Clauses.
- Controller. Customer represents and warrants that it has and shall maintain throughout the term of the Terms and this DPA, all necessary rights to provide the Customer Personal Data to Run:Ai for the Processing to be performed in relation to the Services and in accordance with the Terms and this DPA. To the extent required by Data Protection Laws, Customer is responsible for obtaining any necessary Data Subject consents to the Processing, and for ensuring that a record of such consents is maintained throughout the term of the Terms and this DPA and/or as otherwise required under Data Protection Laws.
- Processor Employees. Run:Ai shall take reasonable steps to ensure that access to the Customer Personal Data is limited on a need to know and/or access basis and that all Run:Ai employees receiving such access are subject to confidentiality undertakings or professional or statutory obligations of confidentiality in connection with their access to and use of Customer Personal Data.
- Security. Run:Ai shall implement appropriate technical and organizational measures to ensure an appropriate level of security of the Customer Personal Data, including, as appropriate and applicable, the measures referred to in Article 32(1) of the GDPR. In assessing the appropriate level of security, Run:Ai shall take into account the risks that are presented by the nature of the Processing and the information available to Run:Ai.
- Personal Data Breach.
- Run:Ai shall notify Customer without undue delay and, where feasible, not later than within 48 (forty eight) hours upon Run:Ai becoming aware of a Personal Data Breach affecting Customer Personal Data. In such event, Run:Ai shall provide Customer with reasonable and available information to assist Customer in meeting any obligations to inform Data Subjects or Supervisory Authorities of the Personal Data Breach as required under Applicable Law.
- At the written request of the Customer, Run:Ai shall reasonably cooperate with Customer and take such commercially reasonable steps as are agreed by the parties or required under Applicable Law to assist in the investigation, mitigation and remediation of any Personal Data Breach.
- Sub Processing.
- Customer authorizes Run:Ai to appoint (and permits each Sub Processor appointed in accordance with this Section 7 to appoint) Sub Processors in accordance with this Section 7.
- Run:Ai may continue to use those Sub Processors already engaged by Run:Ai as of the date of this DPA.
- Run:Ai may appoint new Sub Processors.With respect to each new Sub Processor, Run:Ai shall:
- Prior to the Processing of Customer Personal Data by Sub Processor, take reasonable steps (for instance by way of reviewing privacy policies as appropriate) to ensure that Sub Processor is committed and able to provide the level of protection for Customer Personal Data required by this DPA; and
- Ensure that the arrangement between Run:Ai and the Sub Processor is governed by a written contract, including terms that offer a materially similar level of protection for Customer Personal Data as those set out in this DPA and meet the requirements of Applicable Law.
- Run:Ai shall remain fully liable to the Customer for the performance of any Sub Processor’s obligations.
- Data Subject Rights.
- Customer shall be solely responsible for compliance with any statutory obligations concerning requests to exercise Data Subject rights under Data Protection Laws (e.g., for access, rectification, deletion of Customer Personal Data, etc.). Run:Ai shall, at Customer’s sole expense, use commercially reasonable efforts to assist Customer in fulfilling Customer’s obligations with respect to such Data Subject requests, as required under Data Protection Laws.
- Upon receipt of a request from a Data Subject under any Data Protection Laws in respect to Customer Personal Data, Processor shall promptly notify Customer of such request and shall not respond to such request except on the documented instructions of Customer or as required by Data Protection Laws to which Run:Ai is subject, in which case Run:Ai shall, to the extent permitted by Data Protection Laws, inform Customer of such legal requirement prior to responding to the request.
- Data Protection Impact Assessment and Prior Consultation. At Customer’s written request and expense, Run:Ai and each Sub Processor shall provide reasonable assistance to Customer with respect to any Customer Personal Data Processed by Run:Ai and/or a Sub Processor, with any data protection impact assessments or prior consultations with Supervisory Authorities or other competent data privacy authorities, as required under any Data Protection.
- Deletion or Return of Customer Personal Data. Run:Ai shall promptly and in any event within 60 (sixty) days of the date of cessation of provision of the Services to Customer involving the Processing of Customer Personal Data, delete, return, or anonymize all copies of such Customer Personal Data, provided however that Run:Ai may retain Customer Personal Data, as permitted by Applicable Law.
- Audit Rights.
- Subject to Sections 2 and 10.3, Run:Ai shall make available to an auditor mandated by Customer in coordination with Run:Ai, upon prior written request, such information reasonably necessary to demonstrate compliance with this DPA and shall allow for audits, including inspections, by such reputable auditor mandated by the Customer in relation to the Processing of the Customer Personal Data by Run:Ai, provided that such third-party auditor shall be subject to confidentiality obligations.
- Any audit or inspection shall be at Customer’s sole expense and shall be subject to the terms of the Agreement, and subject to Run:Ai’s obligations to third parties, including with respect to confidentiality.
- Customer and any auditor on its behalf shall use best efforts to minimize or avoid causing any damage, injury or disruption to Run:Ai’s premises, equipment, employees and business. Customer and Run:Ai shall mutually agree upon the scope, timing and duration of the audit or inspection and the reimbursement rate, for which Customer shall be responsible. Run:Ai need not give access to its premises for the purposes of such an audit or inspection:
- to any individual unless he or she produces reasonable evidence of identity and authority;
- if Run:Ai was not given a prior written notice of such audit or inspection;
- outside of normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis; or
- for the purposes of more than one (1) audit or inspection in any calendar year, except for any additional audits or inspections which:
- Customer reasonably considers necessary because of genuine concern as to Run:Ai’s compliance with this DPA; or
- Customer is required to carry out by Applicable Law, a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Applicable Law in any country or territory, where Customer has identified its concerns or the relevant requirement or request in its prior written notice to Run:Ai of the audit or inspection.
- Processor shall immediately inform Customer if, in its opinion, an instruction received under this DPA infringes the GDPR or other applicable Data Protection Laws.
- Indemnity. Customer shall indemnify and hold Run:Ai harmless against all claims, actions, third party claims, losses, damages and expenses incurred by Run:Ai and arising directly or indirectly out of or in connection with a breach of this DPA and/or the Data Protection Laws by Customer.
- General Terms.
- Governing Law and Jurisdiction.
- The parties to this DPA hereby submit to the choice of jurisdiction stipulated in the Terms with respect to any disputes or claims howsoever arising under this DPA, including disputes regarding its existence, validity or termination or the consequences of its nullity.
- This DPA and all non-contractual or other obligations arising out of or in connection with it are governed by the laws of the country or territory stipulated for this purpose in the Terms.
- Order of Precedence.
- Nothing in this DPA reduces Run:Ai’s obligations under the Terms in relation to the protection of Customer Personal Data or permits Run:Ai to Process (or permit the Processing of) Customer Personal Data in a manner that is prohibited by the Terms.
- This DPA is not intended to, and does not in any way limit or derogate from Customer’s obligations and liabilities towards Run:Ai under the Terms and/or pursuant to Data Protection Laws or any law applicable to Customer in connection with the collection, handling and use of Customer Personal Data by Customer or other processors or their sub processors, including with respect to the transfer or provision of Customer Personal Data to Run:Ai and/or providing access thereto to Run:Ai.
- Subject to this Section 13.2, with regard to the subject matter of this DPA, in the event of inconsistencies between the provisions of this DPA and any other agreements between the parties, including the Terms and including (except where explicitly agreed otherwise in writing, signed on behalf of the parties) agreements entered into or purported to be entered into after the date of this DPA, the provisions of this DPA shall prevail. In the event of inconsistencies between the provisions of this DPA and the Standard Clauses (to the extent they apply), the Standard Clauses shall prevail.
- Changes in Data Protection Laws.
- Customer may, by at least 45 (forty five) calendar days’ prior written notice to Run:Ai, request in writing any variations to this DPA if they are required as a result of any change in, or decision of a competent authority under any Data Protection Laws in order to allow Customer Personal Data to be Processed (or continue to be Processed) without breach of that Data Protection.
- If Customer gives notice with respect to its request to modify this DPA under Section 3.1, (i) Run:Ai shall make commercially reasonable efforts to accommodate such modification request and (ii) Customer shall not unreasonably withhold or delay agreement to any consequential variations to this DPA proposed by Run:Ai to protect Run:Ai against additional risks, or to indemnify and compensate Run:Ai for any further steps and costs associated with the variations made herein.
- Severance. Should any provision of this DPA be held invalid or unenforceable, then the remainder of this DPA shall remain valid and in force. The invalid or unenforceable provision shall either be (i) amended as necessary to ensure its validity and enforceability, while preserving the parties’ intentions as closely as possible or, if this is not possible, (ii) construed in a manner as if the invalid or unenforceable part had never been contained therein.
Details of Processing of Customer Personal Data
This Schedule 1 includes certain details of the Processing of Customer Personal Data as required by Article 28(3) GDPR.
Subject matter and duration of the Processing of Customer Personal Data.
The subject matter and duration of the Processing of the Customer Personal Data are set out in the Terms, in Run:Ai’s Privacy Notice (“Privacy Notice”), and this DPA.
The nature and purpose of the Processing of Customer Personal Data:
Providing the Platform and rendering Services to the Customer, as detailed in the Terms and the Privacy Notice.
The types of Customer Personal Data to be Processed are as follows:
As detailed in the Privacy Notice.
The categories of Data Subject to whom the Customer Personal Data relates to are as follows:
Data Subjects who are employees, consultants, or agents of the Customer and use the Run:Ai’s Platform.
The obligations and rights of Controller.
The obligations and rights of Customer are set out in the Terms and this DPA.
Appendix 1 to the Standard Contractual Clauses
This Appendix forms part of the Clauses and must be completed and signed by the Parties.
The states may complete or specify, according to their national procedures, any additional necessary information to be contained in this Appendix.
The data exporter is:
Customer who has entered into the DPA to which this is attached.
The data importer is:
Run:Ai, Inc. and Run:Ai Labs Ltd., providing a management platform for AI infrastructure
The personal data transferred concern the following categories of data subjects (please specify):
As set out in Schedule 1 to the DPA
Categories of data
As set out in Schedule 1 to the DPA
Special categories of data (if appropriate)
The personal data transferred concern the following special categories of data (please specify):
The personal data transferred will be subject to the following basic processing activities (please specify):
As set out in Schedule 1 to the DPA
Appendix 2 to the Standard Contractual Clauses
This Appendix forms part of the Clauses and must be completed and signed by the Parties.
Description of the technical and organisational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c) (or document/legislation attached):
Run:Ai uses firewalls to protect our internet connection This will be your first line of defense against an intrusion from the internet.
Run:Ai uses the most appropriate secure settings for its devices and software. Most hardware and software will need some level of set-up and configuration in order to provide effective protection.
Run:Ai controls who has access to your data and services Restrict access to your system to users and sources you trust.
Run:Ai protects itself from viruses and other malware.
Run:Ai keeps its software and devices up-to-date. Hardware and software needs regular updates to fix bugs and security vulnerabilities.
Run:Ai regularly backup its data. Regular backups of your most important data will ensure it can be quickly restored in the event of disaster or ransomware infection.