TERMS AND CONDITIONS OF USE
Last updated on : June 29, 2022
Cratoflow Inc, a Delaware Corporation
Welcome to our website. This site is maintained as a service to our customers. By using this site, you agree to comply with and be bound by the following terms and conditions of use. Please review these terms and conditions carefully. If you do not agree to these terms and conditions, you should not use this site.
IMPORTANT – READ CAREFULLY
THIS MASTER SUBSCRIPTION AGREEMENT (“MSA”) IS ENTERED BETWEEN “YOU” AS A CUSTOMER AND CRATOFLOW, AS SERVICE PROVIDER FOR CRATOFLOW’S HOSTED SERVICE. THE TERMS AND CONDITIONS OF THIS MSA WILL BE LEGALLY BINDING ON YOU UPON YOUR EXECUTION OF AN ORDER FORM. YOU AND CRATOFLOW ARE INDIVIDUALLY REFERRED TO AS A “PARTY” AND COLLECTIVELY AS THE “PARTIES”.
You represent and warrant that you have the authority to accept this Agreement on behalf of the legal entity you have registered at www.cratoflow.com (“you”, “your” throughout this Agreement) and to provide any information that you share with Cratoflow. By indicating your electronic acceptance of this Agreement and by executing an order form (“Order Form”) or other agreement that references this Agreement, you agree to be bound by this Agreement. If you do not accept this Agreement, you must not access or use the Cratoflow’s platform or use Cratoflow Services.
3.2.1. Provision of Hosted Service. Cratoflow will: (a) make the Hosted Service available to you pursuant to this Agreement (including Appendix B) and the applicable Order Form(s); and (b) provide you with 24/7 support as set forth in Appendix A at no additional charge.
ANY DATA CUSTOMER ENTERS INTO THE SERVICES, AND ANY CUSTOMIZATIONS MADE TO THE SERVICES BY OR FOR CUSTOMER, DURING CUSTOMER’S FREE TRIAL WILL BE PERMANENTLY LOST UNLESS CUSTOMER PURCHASES A SUBSCRIPTION TO THE SAME SERVICES AS THOSE COVERED BY THE TRIAL, PURCHASES APPLICABLE UPGRADED SERVICES, OR EXPORTS SUCH DATA, BEFORE THE END OF THE TRIAL PERIOD. CUSTOMER CANNOT TRANSFER DATA ENTERED OR CUSTOMIZATIONS MADE DURING THE FREE TRIAL TO A SERVICE THAT WOULD BE A DOWNGRADE FROM THAT COVERED BY THE TRIAL (E.G., FROM ENTERPRISE EDITION TO PROFESSIONAL EDITION); THEREFORE, IF CUSTOMER PURCHASES A SERVICE THAT WOULD BE A DOWNGRADE FROM THAT COVERED BY THE TRIAL, CUSTOMER MUST EXPORT CUSTOMER DATA BEFORE THE END OF THE TRIAL PERIOD OR CUSTOMER DATA WILL BE PERMANENTLY LOST.
NOTWITHSTANDING THE “REPRESENTATIONS, WARRANTIES, EXCLUSIVE REMEDIES AND DISCLAIMERS” SECTION AND “INDEMNIFICATION BY CRATOFLOW” SECTION BELOW, DURING THE FREE TRIAL THE SERVICES ARE PROVIDED “AS-IS” WITHOUT ANY WARRANTY AND CRATOFLOW SHALL HAVE NO INDEMNIFICATION OBLIGATIONS NOR LIABILITY OF ANY TYPE WITH RESPECT TO THE SERVICES FOR THE FREE TRIAL PERIOD UNLESS SUCH EXCLUSION OF LIABILITY IS NOT ENFORCEABLE UNDER APPLICABLE LAW IN WHICH CASE CRATOFLOW’S LIABILITY WITH RESPECT TO THE SERVICES PROVIDED DURING THE FREE TRIAL SHALL NOT EXCEED $1,000.00. WITHOUT LIMITING THE FOREGOING, CRATOFLOW AND ITS AFFILIATES AND ITS LICENSORS DO NOT REPRESENT OR WARRANT TO CUSTOMER THAT: (A) CUSTOMER’S USE OF THE SERVICES DURING THE FREE TRIAL PERIOD WILL MEET CUSTOMER’S REQUIREMENTS, (B) CUSTOMER’S USE OF THE SERVICES DURING THE FREE TRIAL PERIOD WILL BE UNINTERRUPTED, TIMELY, SECURE OR FREE FROM ERROR, AND (C) USAGE DATA PROVIDED DURING THE FREE TRIAL PERIOD WILL BE ACCURATE. NOTWITHSTANDING ANYTHING TO THE CONTRARY IN THE “LIMITATION OF LIABILITY” SECTION BELOW, CUSTOMER SHALL BE FULLY LIABLE UNDER THIS AGREEMENT TO CRATOFLOW AND ITS AFFILIATES FOR ANY DAMAGES ARISING OUT OF CUSTOMER’S USE OF THE SERVICES DURING THE FREE TRIAL PERIOD, ANY BREACH BY CUSTOMER OF THIS AGREEMENT AND ANY OF CUSTOMER’S INDEMNIFICATION OBLIGATIONS HEREUNDER.
CUSTOMER SHALL REVIEW THE APPLICABLE SERVICE’S DOCUMENTATION DURING THE TRIAL PERIOD TO BECOME FAMILIAR WITH THE FEATURES AND FUNCTIONS OF THE SERVICES BEFORE MAKING A PURCHASE.
3.2.4 Free Services. Cratoflow may make Free Services available to Customer. Use of Free Services is subject to the terms and conditions of this Agreement. In the event of a conflict between this section and any other portion of this Agreement, this section shall control. Free Services are provided to Customer without charge up to certain limits as described in the Documentation. Usage over these limits requires Customer’s purchase of additional resources or services. Customer agrees that CRATOFLOW, in its sole discretion and for any or no reason, may terminate Customer’s access to the Free Services or any part thereof. Customer agrees that any termination of Customer’s access to the Free Services may be without prior notice, and Customer agrees that CRATOFLOW will not be liable to Customer or any third party for such termination.
Customer is solely responsible for exporting Customer Data from the Free Services prior to termination of Customer’s access to the Free Services for any reason, provided that if CRATOFLOW terminates Customer’s account, except as required by law CRATOFLOW will provide Customer a reasonable opportunity to retrieve its Customer Data.
NOTWITHSTANDING THE “REPRESENTATIONS, WARRANTIES, EXCLUSIVE REMEDIES AND DISCLAIMERS” SECTION AND “INDEMNIFICATION BY CRATOFLOW” SECTION BELOW, THE FREE SERVICES ARE PROVIDED “AS-IS” WITHOUT ANY WARRANTY AND CRATOFLOW SHALL HAVE NO INDEMNIFICATION OBLIGATIONS NOR LIABILITY OF ANY TYPE WITH RESPECT TO THE FREE SERVICES UNLESS SUCH EXCLUSION OF LIABILITY IS NOT ENFORCEABLE UNDER APPLICABLE LAW IN WHICH CASE CRATOFLOW’S LIABILITY WITH RESPECT TO THE FREE SERVICES SHALL NOT EXCEED $1,000.00. WITHOUT LIMITING THE FOREGOING, CRATOFLOW AND ITS AFFILIATES AND ITS LICENSORS DO NOT REPRESENT OR WARRANT TO CUSTOMER THAT: (A) CUSTOMER’S USE OF THE FREE SERVICES WILL MEET CUSTOMER’S REQUIREMENTS, (B) CUSTOMER’S USE OF THE FREE SERVICES WILL BE UNINTERRUPTED, TIMELY, SECURE OR FREE FROM ERROR, AND (C) USAGE DATA PROVIDED THROUGH THE FREE SERVICES WILL BE ACCURATE. NOTWITHSTANDING ANYTHING TO THE CONTRARY, IN THE “LIMITATION OF LIABILITY” SECTION BELOW, CUSTOMER SHALL BE FULLY LIABLE UNDER THIS AGREEMENT TO CRATOFLOW AND ITS AFFILIATES FOR ANY DAMAGES ARISING OUT OF CUSTOMER’S USE OF THE FREE SERVICES, ANY BREACH BY CUSTOMER OF THIS AGREEMENT AND ANY OF CUSTOMER’S INDEMNIFICATION OBLIGATIONS HEREUNDER.
Customer Data will not be accessed, used or disclosed by Cratoflow except as explicitly set forth herein. You have sole responsibility for the entry, deletion, correction, accuracy, quality, integrity, legality, reliability, appropriateness and intellectual property ownership or right to use the Customer Data. Cratoflow will not be responsible for any destruction, damage, loss or failure to store any Customer Data beyond its reasonable control or resulting from a failure in data transmission or operation of the Hosted Service by you. If this Agreement is terminated, Cratoflow will make available to you a file of the Customer Data within thirty (30) days of termination if you so request at the time of termination. You agree and acknowledge that Cratoflow has no right or obligation to retain Customer Data more than thirty (30) days after termination or expiration and will destroy Customer Data in its possession or control thirty (30) days after termination or expiration of this Agreement, unless where a statutory obligation imposed Cratoflow to retain some of the Customer Data. In such circumstances, of which Customer shall inform Cratoflow of, Cratoflow will destroy these Customer Data as soon as such statutory obligation to retain them expires. The conditions on the handling by Cratoflow of Customer Data are set forth in greater detail in the Data Processing Agreement.
Cratoflow owns all right, title and interest, including all related Intellectual Property Rights, in and to the Cratoflow Technology, Content, the Hosted Service, the Aggregated Data and any suggestions, ideas, enhancement requests, feedback, recommendations or other information provided by you relating to the Hosted Service. Cratoflow’s name and logo, and the product names associated with the Hosted Service are trademarks of Cratoflow, and no right or license is granted to use them under this Agreement.
THE EXPLICIT REPRESENTATIONS AND WARRANTIES IN SECTION 8 ARE THE PARTIES’ COMPLETE AND EXCLUSIVE REPRESENTATIONS AND WARRANTIES. CRATOFLOW DISCLAIMS ALL OTHER REPRESENTATIONS, WARRANTIES AND GUARANTIES OF ANY KIND,WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTY OF MERCHANTABILITY, TITLE, NON- INFRINGEMENT, OR FITNESS FOR A PARTICULAR USE OF THE HOSTED SERVICE MAY BE SUBJECT TO LIMITATIONS, DELAYS AND OTHER PROBLEMS INHERENT IN THE USE OF THE INTERNET WHICH ARE BEYOND CRATOFLOW’S CONTROL. CRATOFLOW IS NOT RESPONSIBLE FOR ANY DELAYS, DELIVERY FAILURES OR OTHER DAMAGE RESULTING FROM SUCH PROBLEMS.
The Receiving Party will use at least the same degree of care in protecting the Disclosing Party’s Confidential Information that it uses to protect its own Confidential Information, but in no event less than a reasonable standard of care. The Receiving Party shall: (i) not use the Disclosing Party’s Confidential Information except as permitted under this Agreement; and (ii) limit access to the Disclosing Party’s Confidential Information to its, and its Affiliates’, employees and contractors who need such access to perform their duties hereunder and who owe a duty of confidentiality to the Disclosing Party with protections no less stringent than those set forth in this Agreement. The Receiving Party may disclose the Disclosing Party’s Confidential Information to the extent compelled by law to do so, provided that the Receiving Party uses reasonable efforts to give the Disclosing Party prior notice of the compelled disclosure and reasonable assistance, at the Disclosing Party’s cost, in order to permit the Disclosing Party to contest or limit the disclosure. The foregoing confidentiality obligations shall survive termination of this Agreement, regardless of cause. If you become a paying customer of the Hosted Service, you agree that Cratoflow may disclose the fact that you are a customer of Cratoflow.
Cratoflow may give notice regarding operational aspects of the Hosted Service by means of a general notice on the Hosted Service, electronic mail to your e-mail address on record with Cratoflow, or both. Any other notice by one party to the other hereunder will be by written communication sent by first class mail or reputable overnight delivery service and such notice will be deemed to have been given upon receipt (if sent by overnight delivery service), five (5) business days after mailing (if sent by first class mail) or twelve (12) hours after sending (if sent by e-mail). Notice to Cratoflow will be addressed to Cratoflow Inc 975 Mason Ln Unit 108 Anaheim CA 92805, attention: Legal Department. Notice to you will be addressed to your address on record in Cratoflow’s account information.
This Agreement, and the rights and obligations hereunder, may not be assigned by either party, whether by operation of law or otherwise, without the prior written consent of the other party, which will not be unreasonably withheld. Notwithstanding the foregoing, either party may assign this Agreement in its entirety (including all Order Forms), without consent of the other party, to its Affiliate or in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets not involving a competitor of the other party. In the event of an assignment as described in the preceding sentence, the assigning party shall provide the other party with written notice of the Neither party may assign this Agreement to a competitor of the other party without that other party’s consent. A party’s sole remedy for any purported assignment in breach of this Section shall be, at the non-assigning party’s election, termination of this Agreement upon written notice to the assigning party.
This Agreement will be governed by California law and controlling United States federal law, without regard to the choice or conflicts of law provisions of any Any disputes, actions, claims or causes of action arising out of or in connection with this Agreement will be subject to the exclusive jurisdiction of the state and federal courts located in Los Angeles, California.
Neither party shall be in breach of this Agreement for failure to fulfil its material obligations, except for payment obligations, under this Agreement if such failure is caused by acts of God, riots, acts of war, epidemics, pandemics, governmental regulations imposed after the facts, fire, communication line failure, power failure, earthquakes and other natural disasters. A party’s inability to pay cannot be invoked as an event of Force Majeure.
19.Additional Each of the following is hereby incorporated into this Agreement by reference. Cratoflow reserves the right to modify such documents in its reasonable discretion from time to time with notice to you.
Cratoflow’s Support. Cratoflow provides application support for the Hosted Service during business hours 8 am PST to 6 pm PST, seven (7) days a week. Support cases may be conducted via email, telephone, and/or web meeting communication, as appropriate to the case.
The Hosted Service will be available 100% of the time, except for: (i) Scheduled Maintenance; (ii) Emergency Maintenance; and (iii) any unavailability caused by circumstances beyond Cratoflow’s reasonable control, including, for example, acts of God, act of government, flood, fire, earthquake, civil unrest, act of terror, strike or other labor problem (other than one involving Cratoflow’s employees), Internet service provider failure or delay. Downtime is measured from the time you open a trouble ticket. Upon receiving a report of Downtime, for each full hour of Downtime, Cratoflow will credit you two percent (2%) of your monthly fee, up to fifty percent (50%) of your monthly fee for the affected Hosted Service. You agree that the credit specified in this Appendix will be your sole and exclusive remedy for any Downtime.
Data Backup Cycles
Customer Data is routinely propagated via secure connection from Cratoflow’s primary data center to an alternate data center, with the objective of forwarding all updates to Customer Data within approximately one (1) hour after receipt at the primary data center. In the event of an outage at the primary data center which causes Downtime and is not expected to be remedied within four (4) consecutive hours, Customer’s production processing will be diverted to the alternate data center for continued operation.
When you visit the Site, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the Site, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Site, and information about how you interact with the Site. We refer to this automatically collected information as “Device Information”.
We collect Device Information using the following technologies:
Additionally we may collect the following:
Name, phone number, email, date of birth, address, a utility bill to confirm your address, SSN/EIN, corporate documents for institutions and approximate yearly income.
If a customer chooses to pay for their products via PayPal, you may see their privacy statement here:
HOW DO WE USE YOUR PERSONAL INFORMATION?
We use the Information that we collect generally to fulfill any orders placed through the Site (including processing your payment information, arranging for transfers, and providing you with invoices and/or order confirmations) of platforms that we provide in the field of accounting. Credit cards that are used for payment go through Stripe but the credit card information is not stored.
Additionally, we use this Order Information to:
-Communicate with you;
-Screen our orders for potential risk or fraud;
-When in line with the preferences you have shared with us, potentially provide you with information or advertising relating to our products or services.
We use the Device Information that we collect to help us screen for potential risk and fraud (in particular, your IP address), and more generally to improve and optimize our Site (for example, by generating analytics about how our customers browse and interact with the Site, and to assess the success of our marketing and advertising campaigns).
When you make a purchase via our platform you do not automatically receive marketing emails from us. If you wish to receive follow emails regarding offers and product updates you must check a box to receive these merchandising newsletter emails. You may opt out from these newsletters at any time.
When you sign up for our newsletters we are able to send you notifications of new product launches, special discount coupons, events hosted by us, and other information of special interest particularly related to cryptocurrencies and the blockchain.
HOW DO WE KEEP YOUR INFORMATION SAFE?
Here at Cratoflow we take your privacy very seriously. We have implemented processes and protocols of the most stringent in nature, to reduce the risk of any event that could compromise your personal information. Any customer data that we store on location in the United States is secured by encrypted data. We restrict access to customer data on our platform by only providing access to a limited number of employees who have been vetted for their secure privacy practices. These employees act on a need to know basis in order to provide you with a satisfactory customer experience. Lastly, NONE of your data or personal information is being sold to third parties.
DO WE SHARE YOUR PERSONAL INFORMATION?
We may share your Personal Information with third parties to help us use your Personal Information, as described above. We may use Google Analytics to help us understand how our customers use the Site. You can read more about how Google uses your Personal Information here: https://www.google.com/intl/en/policies/privacy/. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
Finally, we reserve the right to share your Personal Information in compliance with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.
As described above, we may use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.
You can opt out of targeted advertising by using the links below:
Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/.
If you are a resident of the European Union or the European Economic Area, you have the right to access personal information we hold about you and to ask that your personal information be corrected, updated, or deleted. If you would like to exercise this right, please contact us through the contact information below.
Additionally, if you are a resident of the European Union of the European Economic Area we note that we are processing your information in order to fulfill contracts we might have with you (for example if you make an order through the Site), or otherwise to pursue our legitimate business interests listed above. Additionally, please note that your information will be transferred outside of Europe, including to Canada and the United States. Furthermore, should you desire to conduct an audit of our data retention processes either as an individual or via an authorized representative, please contact our Data Protection Officer via the contact information below.
California’s “Shine the Light” law permits customers in California to request certain details about how certain types of their information are shared with third parties and, in some cases, affiliates, for those third parties’ and affiliates’ own direct marketing purposes. Under the law, a business should either provide California customers certain information upon request or permit California customers to opt in to, or opt out of, this type of sharing.
Cratoflow may share personal information as defined by California’s “Shine the Light” law with third parties and/or affiliates for such third parties’ and affiliates’ own direct marketing purposes. If you are a California resident and wish to obtain information about our compliance with this law, please contact our Data Protection Officer via the contact information below. Requests must include “California Privacy Rights Request” in the first line of the description and include your name, street address, city, state, and ZIP code. Please note that Cratoflow is not required to respond to requests made by means other than through the provided email address or mail address
Furthermore, if you are a California resident, the California Consumer Protection Act, CA Civil Code Section 1798.100, was enacted to afford you rights around your data privacy. You have the right to request access to our servers to ensure that we are keeping your personal information safe. If you are a California resident you may reach out to our Data Protection Officer with any inquiries.
Any California residents under the age of eighteen (18) who have registered to use the Cryptospace Online Services and posted content or information can request that such information be removed by contacting our Data Protection Officer. Requests must state that the user personally posted such content or information and detail where the content or information is posted. We will make reasonable good faith efforts to remove the post from prospective public view.
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at admin@Cratoflow.com or by mail using the details provided below:
Att: Data Protection Officer
975 E Mason Ln Unit 108
Anaheim CA 92805
Appendix D Data Processing Agreement
DATA PROCESSING AGREEMENT [EU GDPR]
This Data Processing Agreement (“Data Processing Agreement“) forms part of the Master Subscription Agreement between Cratoflow, Inc. and Customer, as defined therein, to which it is attached as an appendix.
The terms used in this Data Processing Agreement shall have the meanings set forth in this Data Processing Agreement. Terms not otherwise defined herein shall have the meaning given to them in the Principal Agreement. Except as modified below, the terms of the Principal Agreement shall remain in full force and effect.
The parties hereby agree that the terms and conditions set out below shall be added as to the Principal Agreement as an appendix.
In this Agreement, the following terms shall have the meanings set out below and cognate terms shall be construed accordingly:
“Authorized Sub-processors” means any Sub-processors consented to in writing by Controller in accordance with Sub-processing section.
“Controller Personal Data” means any Personal Data processed by Processor on behalf of the Controller pursuant to or in connection with the Principal Agreement.
“Data Protection Laws” means EU General Data Protection Regulation 2016/679 of the European Parliament and of the Council (“GDPR”) as well as any local data protection laws.
“EEA” means the European Economic Area.
“Erasure” means the removal or destruction of Personal Data such that it cannot be recovered or reconstructed.
“Personal Data Breach” means a breach of leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Controller Personal Data transmitted, stored or otherwise processed.
“Principal Agreement” means the Master Subscription Agreement between Cratoflow, Inc. and Customer, to which this Data Processing Agreement is attached as an appendix.
“Process/Processing/Processed”, “Data Controller”, “Data Processor”, “Data Subject”, “Personal Data”, “Special Categories of Personal Data” and any further definition not included under this Data Processing Agreement or the Principal Agreement shall have the same meaning as in EU General Data Protection Regulation 2016/679 of the European Parliament and of the Council (“GDPR”).
“Products” means the products to be supplied by the Processor to the Controller pursuant to the Principal Agreement.
“Third country” means any country outside EU/EEA, except where that country is the subject of a valid adequacy decision by the European Commission on the protection of Personal Data in Third Countries.
“Services” means the services to be supplied by the Processor to the Controller pursuant to the Principal Agreement.
“Standard Contractual Clauses” means the standard contractual clauses for the transfer of personal data to Processors established in third countries, as approved by the European Commission Decision 2010/87/EU, or any set of clauses approved by the European Commission which amends, replaces or supersedes these.
“Sub-processor” means any Data Processor (including any third party) appointed by the Processor to process Controller Personal Data on behalf of the Controller..
2. Data Processing Terms
3.Processing of Controller Personal Data
4. Reliability and Non–Disclosure
5. Personal Data Security
5.2. In assessing the appropriate level of security, the Processor shall take into account the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Controller Personal Data transmitted, stored or otherwise processed.
7. Data Subject Rights
8. Personal Data Breach
9.Data Protection Impact Assessment and Prior Consultation
The Processor shall provide reasonable assistance to the Controller with any data protection impact assessments which are required under Article 35 of GDPR and with any prior consultations to any supervisory authority of the Controller which are required under Article 36 of GDPR, in each case solely in relation to Processing of Controller Personal Data by the Processor on behalf of the Controller and considering the nature of the processing and information available to the Processor
10.Erasure or return of Controller Personal Data
Processor shall make available to the Controller, upon request, all information necessary to demonstrate compliance with this Data Processing Agreement and allow for, and contribute to audits, including inspections by the Controller or another auditor mandated by the Controller of any premises where the Processing of Controller Personal Data takes place. The Processor shall permit the Controller or another auditor mandated by the Controller to inspect, audit and copy any relevant records, processes and systems in order that the Controller may satisfy itself that the provisions of this Data Processing Agreement are being complied with. The Processor shall provide full cooperation to the Controller with respect to any such audit and shall, at the request of the Controller, provide the Controller with evidence of compliance with its obligations under this Data Processing Agreement. Processor shall immediately inform the Controller if, in its opinion, an instruction pursuant to this section Audit (Audit Rights) infringes the GDPR or other EU or Member State data protection provisions. Notwithstanding anything herein to the contrary, such audits shall be limited to one (1) per calendar year, except upon showing by Controller of Processor non-compliance with this Data Processing Agreement.
12.International Transfers of Controller Personal Data
13.Codes of Conduct and Certification
At the request of the Controller, the Processor shall comply with any Code of Conduct approved pursuant to Article 40 of GDPR and obtain any certification approved by Article 42 of EU GDPR, to the extent that they relate to the processing of Controller Personal Data.
Appendix E Anti-fraud Policy of Cratoflow, Inc.
Anti-fraud Policy of Cratoflow, Inc.
(Implemented June 2022)
The objective of this Anti-fraud policy is to implement monetary and risk controls that will aid in the detection and prevention of fraud against Cratoflow, Inc. It is the intent of Cratoflow, Inc. to promote consistent organizational behavior and to uphold highest standards of moral and ethics while conducting business.
2.Scope and Applicability
This policy applies to all employees as well as shareholders, consultants, vendors, contractors and/or any other parties with a business relationship with Cratoflow, Inc. (such entities and individuals referenced herein as “Obligated Parties”).
This Anti-fraud policy is applicable to any and all act(s) or omission(s) that constitutes fraudulent or suspected fraudulent activity that includes, but not limited to, monetary items such as cash, funds, stock, proprietary information, intellectual properties, material of value, content, data, assets, properties, consumables, office articles and supplies, deals, contracts, bribes, gifts, favors, influencing, undue prioritisation, etc., for personal gains either individually or collectively by employees or associates of Cratoflow, Inc.
The following definitions constitute “Prohibited Conduct” under this Anti-fraud policy:
Cratoflow, Inc. will not tolerate Prohibited Conduct in any of its activities. Management is responsible for the detection and prevention of Prohibited Conduct, misappropriations, and other irregularities. Any Prohibited Conduct, misappropriation or irregularity that is detected or suspected must be reported immediately to the Chairman of the Board of Directors of Cratoflow, Inc., who coordinates all investigations with legal counsel for taking appropriate action.
Examples of misappropriation and other fiscal irregularities include, but are not limited to:
The Board of Directors of Cratoflow, Inc., or officers to whom it may designate such power, has the primary responsibility for the investigation of all suspected Prohibited Conduct, misrepresentations and irregularities as defined in the policy. If the investigation substantiates that Prohibited Conduct or any other fraudulent misrepresentation has occurred, the Board of Directors of Cratoflow, Inc. may decide to prosecute or refer the investigation results to the appropriate law enforcement and/or regulatory agencies for independent investigation; provided that, such determination will be made in conjunction with legal counsel and senior management, as will final decisions on disposition of any case.
Obligated Parties who suspect dishonest or fraudulent activity will notify the Chairman of the Board of Directors of Cratoflow, Inc. immediately and should not attempt to personally conduct investigations or interviews / interrogations related to any suspected fraudulent act. The Chairman of the Board of Directors treats all information received confidentially. Any Obligated Party who supplies information that results in an investigation will not be disclosed or discussed with anyone other than those who have a legitimate need to know. This is important in order to avoid damaging the reputations of persons suspected but subsequently found innocent of wrongful conduct and to protect Cratoflow, Inc.
The Board of Directors may appoint an investigation team to investigate suspected violations of this Anti-fraud policy. Members of the Investigation team will have:
Great care must be taken in the investigation of suspected improprieties or irregularities so as to avoid mistaken accusations or alerting suspected individuals that an investigation is underway. An Obligated Party who discovers or suspects fraudulent activity will contact the Chairman of the Board of Directors immediately. The Obligated Party may remain anonymous. All inquiries concerning the activity under investigation from the suspected individual, his or her attorney or representative or any other inquirer should be directed to the investigations team or legal counsel. No information concerning the status of an investigation will be given out.
The individual who reports a fraud should be made aware of the following:
If an investigation results in a recommendation to terminate an individual as an employee or contractor, the recommendation from the investigating team will be reviewed for approval by legal counsel, before any such action is taken. The decision to terminate an employee is ultimately made by the Management.
Any deviation to this policy has to be approved by the Board of Directors of Cratoflow, Inc.
6.Non-compliance and Consequence
Violation of this policy is subject to disciplinary action, up to and including termination and a breach of any Master Subscription Agreement, or other similar agreement, that has been executed between Cratoflow, Inc. and the violative Obligated Party.