Sprii, General Terms and Conditions

1. Change Log

Summary of Updates to Sprii Terms:

We have reorganized and clarified our Terms to make them easier to understand, including:

1. improved structure and clearer definitions
2. updated SLA and liability wording
3. strengthened Data Processing Agreement based on EU standards
4. clearer explanations of fees, renewal, and usage rules
5. updated termination and indemnification sections for transparency

No changes have been made that reduce your rights or materially affect your subscription.

2. Introduction

These General Terms and Conditions (the “Terms”) govern your access to and use of Sprii’s websites, applications, and related services (collectively referred to as the “Service” or “Sprii”).

By accessing, creating an account, or otherwise using any part of the Service, you acknowledge that you have read, understood, and agree to be bound by these Terms.

If you or your organization have entered a separate written Contract with Sprii, that Contract shall prevail in the event of any conflict with these Terms.

These Terms apply to all Users of the Service, including individuals and organizations using Sprii for business or commercial purposes.

In the event of discrepancies between translated versions of these Terms, the English version shall prevail.

3. Sprii Services

For the purposes of these Terms, the “Service” or “Sprii Services” includes the following primary components:

1. Shop.Sprii.io (“Hosted Checkout”) – Sprii’s hosted checkout solution enabling Users to process online transactions without operating their own webshop.
2. Sprii.io (“Website”) – Sprii’s main corporate and informational website.
3. App.Sprii.io (“Web Application”) – Sprii’s central platform where Users manage subscriptions, campaigns, analytics, and integrations.
4. Sprii Onsite (“Embeddable Player”) – A video player with built-in checkout functionality that can be embedded directly on a User’s website for live shopping experiences.
5. Sprii HOST App (“Mobile Streaming App”) – A mobile application allowing Users to broadcast live shopping events from their mobile devices.
6. Marketplace.Sprii.io (“Live Shopping Marketplace”) – Sprii’s centralized marketplace where brands and creators can host live shopping events and reach audiences beyond their own channels. This feature is currently offered in beta and is available only to Users located in Denmark unless otherwise agreed in writing with Sprii.

Sprii may expand, modify, or discontinue elements of the Service at any time in accordance with these Terms. Use of any new or modified feature constitutes acceptance of the updated Service.

4. Definitions

In these Terms, the following expressions have the meanings set out below:

• “User”, “Customer”, or “You” means the individual or legal entity that registers for, subscribes to, or uses the Service.
• “Sprii”, “we”, “our”, or “us” means Sprii ApS, Business Registration No. 42084476, Sommervej 31E, 8210 Aarhus V, Denmark.
• “Service” or “Sprii Services” means the Sprii platform, websites, applications, and related offerings provided by Sprii under these Terms or an applicable Contract.
• “Contract” means a separate written agreement entered between Sprii and a User governing specific commercial or technical terms for the use of the Service. In case of any conflict between a Contract and these Terms, the Contract shall prevail.
• “End Consumer” means the purchaser, viewer, or recipient of goods or services from a User through the Service.
• “Content” means any data, text, images, videos, or other material uploaded, submitted, or otherwise made available through the Service by a User.

Subscription and Renewal Terms:

• “Subscription Start Date” means the calendar day on which the User’s subscription begins.
• “POC Term” (Proof-of-Concept) means a trial period before the start of the subscription during which the subscription can be terminated early without the full Initial Term applying.
• “POC End Date” means the final day of the Proof-of-Concept period. Unless cancelled before the POC Cancellation Deadline, the subscription automatically renews into the Initial Term.
• “POC Cancellation Deadline” means the last date on which the User may cancel to prevent renewal beyond the Proof-of-Concept period.
• “POC Cancellation Term” means the minimum notice period used to define the POC Cancellation Deadline with reference to the POC End Date.
• “Initial Term” means the period between the Subscription Start Date and the first Renewal Date. After this period, the subscription automatically renews for the Renewal Term unless cancelled before the Subscription Cancellation Deadline.
• “Renewal Term” means the period between renewal dates. Each Renewal Term automatically renews for the same length unless cancelled before the Cancellation Deadline.
• “Subscription Renewal Date” means the date on which a Renewal Term begins, unless the subscription is cancelled before the Cancellation Deadline.
• “Subscription End Date” means the last day of the subscription. The subscription does not automatically renew beyond this date.
• “Subscription Cancellation Deadline” means the final date on which the User may cancel to prevent renewal into a new Renewal Term.
• “Subscription Cancellation Term” means the minimum notice period used to define the Subscription Cancellation Deadline with reference to the Subscription Renewal Date.
• “Commitment Period” means the initial minimum period during which the User’s subscription remains binding under a Contract or these Terms.
• “Billing Cycle” means the interval at which charges are issued (e.g., monthly), regardless of the overall subscription term length.
• “Payment Term” means the number of days between the invoice date and the payment due date.

5. General information

Company Details

Sprii ApS

Sommervej 31E, 8210 Aarhus V, Denmark

Business Registration No. 42084476

Phone: +45 3515 4033

Email: hey@sprii.io

Legal Status

Sprii ApS is a private limited company incorporated under Danish law.

Governing Law and Venue

These Terms, and any Contract between Sprii and the User, are governed by and construed in accordance with the laws of Denmark.

The exclusive venue for any dispute arising out of or in connection with these Terms or a Contract shall be the courts of Aarhus, Denmark.

6. Confidentiality

6.1. Definition

“Confidential Information” means any non-public information disclosed by one party (“Disclosing Party”) to the other (“Receiving Party”) in connection with the Service or a Contract, whether in written, oral, electronic, or other form, and whether marked as confidential or not, that a reasonable person would understand to be confidential.

6.2. Obligations

Each party shall:

1. Keep all Confidential Information strictly confidential and use it solely for the purpose of performing under these Terms or a Contract.
2. Not disclose Confidential Information to any third party without the prior written consent of the Disclosing Party, except to its employees, contractors, or professional advisers who need to know it for the permitted purpose and who are bound by equivalent confidentiality obligations.
3. Take all reasonable measures to protect Confidential Information from unauthorized access, loss, or disclosure.

6.3. Exceptions

Confidential Information does not include information that:

1. Is or becomes public other than through a breach of these Terms;
2. Was lawfully known to the Receiving Party before disclosure;
3. Is independently developed without use of or reference to the Confidential Information; or
4. Is required to be disclosed by law, regulation, or court order, provided that the Receiving Party (where legally permissible) gives prompt written notice to the Disclosing Party before such disclosure.

6.4. Duration

The confidentiality obligations set out in this Section shall survive termination of these Terms or any Contract for a period of five (5) years, or longer where required by applicable law or where the information concerns trade secrets.

6.5. Anonymized and Aggregated Data

Nothing in this Section shall prevent Sprii from collecting, using, or sharing aggregated or anonymized data derived from the Service, provided such data does not identify any individual or disclose any User Confidential Information.

7. Processing of personal data 

7.1. Compliance with Data Protection Laws

Sprii and the User shall comply with all applicable data protection laws, including the EU General Data Protection Regulation (GDPR) and equivalent local legislation, in connection with their use of the Service.

7.2. Data Processing Agreement (DPA)

Where Sprii processes personal data on behalf of the User as a data processor, such processing shall be governed by Sprii’s Data Processing Agreement (DPA), which forms an integral part of these Terms and is included as an Annex.

By accepting these Terms or entering a Contract with Sprii, the User acknowledges and accepts the DPA.

7.3. User Responsibility

The User is responsible for ensuring that any personal data shared with Sprii or processed through the Service is collected and processed lawfully and in compliance with applicable data protection requirements, including providing necessary notices to and obtaining valid consents from data subjects where required.

7.4. Independent Controllers

If and to the extent that Sprii and the User each determine the purposes and means of processing personal data independently, they act as separate data controllers, each responsible for its own compliance with applicable data protection obligations.

8. Fees and Services

8.1. Subscription Fees

The User shall pay the subscription fees applicable to the selected Subscription Plan. Subscription fees may include a monthly base fee and any add-ons, modules, or feature packages selected by the User. Subscription fees apply throughout the Commitment Period, Initial Term, and any Renewal Term.

Subscription fees are non-refundable, except where required by applicable law.

8.2. Transaction-Based Fees

Certain Sprii Services include transaction-based pricing. Transaction fees apply to transactions, checkout events, gamification events, reservations, lead events, or other measurable interactions as specified in the User’s Subscription Plan or Contract.

The calculation of transaction fees is governed by Annex 1: “Billing Rules and Fee Calculation”, which forms an integral part of these Terms.

8.3. Usage-Based Limits and Overage Fees

Some features of the Service include usage-based limits, such as streaming hours, viewing hours, SMS usage, campaign sendouts, or other measurable consumption.

If the User exceeds the limits included in the Subscription Plan, Sprii may charge overage fees in accordance with Annex 1: “Billing Rules and Fee Calculation.”

8.4. Sprii Host App

The Sprii Host App is provided free of charge as part of the Subscription and is available only to Apple Devices.

Streaming time through the Host App is subject to the same usage limits described under the Sprii Streaming Service above, including recorded streaming hour limits and any overage rules in accordance with Annex 1: “Billing Rules and Fee Calculation.”

8.5. Additional Services

Fees for onboarding, setup, training, development work, integrations, consultancy, workshops, or other Additional Services will be charged as specified in the applicable Contract, order confirmation, or statement of work.

Unless otherwise agreed, Additional Services are billed as one-time fees or on a time-and-materials basis at Sprii’s current rates.

8.6. Currency and Taxes

All fees are exclusive of VAT or other applicable taxes unless otherwise stated. Fees are payable in the currency specified in the Subscription Plan, Contract, or invoice.

The User is responsible for all taxes associated with their purchase and use of the Service, except for taxes imposed on Sprii’s net income.

8.7. Price Adjustments

8.7.1. Subscription Fees

Sprii may adjust the Subscription Fees, including the Fixed Monthly Cost and any recurring base charges, once per calendar year. Any adjustment will take effect from the first day of the next Renewal Term and will not exceed five percent (5%) of the previous fee, unless justified by significant increases in Sprii’s cost of delivery.

8.7.2. Transaction and Usage Fees

Sprii may adjust Transaction Fees and Usage Fees if changes occur in third-party costs or infrastructure costs that affect Sprii’s ability to provide the Service, including but not limited to changes in SMS provider pricing, streaming or platform API costs, payment service provider fees, or other external cost drivers. Sprii will notify the User in advance of any such adjustments.

8.7.3. Notice Requirement

Sprii shall provide the User with at least 90 days’ written notice of any intended price adjustment.

8.7.4 Right to Terminate

If the User does not accept a price adjustment, the User may terminate the subscription before the effective date of the adjustment.

8.7.5 Methods of Payment

The User must keep payment information accurate and up to date. Sprii accepts payment through the methods communicated to the User.

8.7.6. Failure to Pay

If the User fails to pay any amount when due, Sprii may charge default interest in accordance with applicable law, suspend access to the Service upon prior notice, and revoke discounts or promotional pricing.

Suspension does not relieve the User of any outstanding payment obligations.‍

9. Additional services

9.1. Scope of Additional Services

Sprii may provide Additional Services outside the standard functionality of the Platform, including but not limited to onboarding, training, workshops, consultancy, custom development, integrations, creative services, and technical assistance.

9.2. Ordering Additional Services

Additional Services must be agreed through a Contract, order confirmation, or written agreement between the parties. Sprii is not obligated to provide Additional Services unless such agreement is in place.

9.3. Fees for Additional Services

Unless otherwise agreed in a Contract, additional Services are billed as one-time fees or on a time-and-materials basis, at Sprii’s then-current rates, and Sprii may invoice separately for third-party costs such as travel, materials, software tools, or license fees required for the delivery of the service.

9.4. Delivery Timeline

Sprii will make reasonable efforts to deliver Additional Services within agreed timelines. Any time estimates provided are indicative only and not binding unless explicitly stated as binding in a Contract.

9.5. Light Integrations

Sprii may, at the User’s request, perform small-scale integrations between the Sprii Platform and the User’s webshop or related systems (“Light Integrations”).

Light Integrations are delivered at an agreed price and considered complete once the agreed functionality has been tested and confirmed operational.

The User acknowledges that subsequent changes to the User’s webshop, system configuration, third-party plugins, themes, API behaviour, or hosting environment may affect the functionality of the integration.

Any adjustments, fixes, or modifications required due to such changes will be treated as new work and billed separately at Sprii’s applicable rates.

Sprii does not guarantee that Light Integrations will remain functional if the third-party system introduces breaking changes, updates, or policy limitations.

9.6. Pricing for Additional Services and Light Integrations

Fees for Additional Services, including but not limited to development work, project management, workshops, onboarding, and Light Integrations, are charged according to the rates specified in the User’s Contract or the applicable Sprii Rate Card.

Such fees must be agreed in writing before Sprii commences the work.

9.7. Intellectual Property Rights

Unless otherwise agreed in writing, all deliverables, materials, custom developments, configurations, or integrations created by Sprii in connection with Additional Services remain the exclusive property of Sprii.

The User receives a non-exclusive, non-transferable right to use such deliverables as part of the Sprii Service.

9.8. Dependencies and Cooperation

The User shall provide Sprii with timely access, information, and cooperation necessary for the delivery of Additional Services. Delays caused by the User may result in rescheduling, additional fees, or extended timelines.

9.9. No Guarantee of Results

Sprii makes no guarantee that Additional Services will produce a specific commercial outcome, performance increase, or revenue result. Additional Services are provided on a reasonable-effort basis.

10. Invoicing and payment

10.1. Invoicing

Sprii will invoice the User according to the billing frequency set out in the User’s Subscription Plan or Contract.

All invoices are sent by email to the billing email address provided in the Sprii Platform.

For convenience, copies of previously issued invoices may also be available for download inside the Sprii Platform.

Email delivery constitutes the official issuance and delivery of the invoice.

Subscription fees are invoiced in advance, unless otherwise specified.

Usage-based or transaction-based fees are invoiced in arrears.

10.2. Payment Terms

The due date for each invoice depends on the selected payment method:

10.2.1. Credit Card

When the User pays by credit card, the invoice is due on the invoice date.

10.2.2. Bank Transfer

When the User pays by bank transfer, the invoice is due 8 days after the invoice date, unless a different due date is stated on the invoice.

The User is responsible for ensuring that Sprii has a valid and up-to-date billing email address and that payments are made on time regardless of the payment method chosen.

10.3. Accepted Payment Methods

Sprii accepts payment via:

1. credit card, processed through Sprii’s automated billing system, and
2. bank transfer, where available and agreed with Sprii.

When the User pays by credit card, Sprii may store and process the User’s payment details through a secure, PCI-compliant third-party payment processor for the purpose of recurring billing.

The User is responsible for ensuring that valid payment details are maintained at all times when card payment is used.

10.4. Late Payments

If an invoice is not paid on time:

1. Sprii may charge late interest at the maximum rate permitted by law;
2. Sprii may apply reasonable administrative fees for reminders or collection activities;
3. Sprii may suspend or limit access to the Service until all overdue amounts are settled.

Suspension does not relieve the User of the obligation to pay Subscription Fees for the applicable period.

10.5. Disputed Amounts

If the User disputes an invoice, they must notify Sprii in writing within 30 days of receiving the invoice, specifying the grounds for the dispute.

Undisputed portions of invoices must still be paid on time.

The parties will work in good faith to resolve any disputes.

10.6. Taxes

All fees are exclusive of VAT and other applicable taxes unless expressly stated otherwise.

The User is responsible for all taxes related to the use of the Service, except taxes based on Sprii’s net income.

10.7. Reconciliation and Overage Fees

Sprii may reconcile actual usage, including streaming hours, viewing hours, SMS usage, gamification events, and other measurable units, against the limits included in the Subscription Plan.

Any overage fees will be invoiced in arrears, as described in Annex 1: Billing Rules and Fee Calculation.

10.8. Non-Refundability

All Subscription fees, usage-based fees, transaction fees, and one-time fees are non-refundable, including in cases of non-use, early cancellation, or end-customer returns, unless required by mandatory law.

10.9. Administration Fees

Sprii may charge administration fees when the User requests invoicing or payment handling that differs from Sprii’s standard processes.

No administration fee applies when:

1. invoices are delivered by email, or
2. payment is made by credit or debit card.

Administration fees apply in the following cases:

3. Invoice via EAN or paper mail: EUR 18 (excl. VAT) per invoice
4. Payment via Betalingsservice (DK): EUR 15 (excl. VAT) per payment
5. Payment via bank transfer: EUR 6 (excl. VAT) per invoice

‍

11. Renewal Terms

11.1. Initial Term and Renewal

The Subscription begins on the Subscription Start Date and continues for the Initial Term specified in the User’s Subscription Plan or Contract.

Unless the User cancels the Subscription before the applicable Subscription Cancellation Deadline, the Subscription will automatically renew for consecutive Renewal Terms of the same length as the previous term.

Each Renewal Term begins on the Subscription Renewal Date.

11.2. Cancellation Before Renewal

To prevent renewal, the User must submit written cancellation before the relevant Subscription Cancellation Deadline.

• For subscriptions entered into on or after 1 January 2025, the Cancellation Deadline is 30 calendar days prior to the Subscription Renewal Date, unless otherwise agreed in writing.
• For subscriptions entered into before 1 January 2025, the Cancellation Deadline is five (5) working days prior to the Subscription Renewal Date, unless otherwise agreed in writing. For most Legacy Subscriptions, the Subscription Renewal Date is the first (1st) day of each calendar month.

Cancellations submitted after the Cancellation Deadline take effect at the end of the next Renewal Term.

11.3. Proof of Concept (POC) Period

If a POC Term has been agreed, the subscription will automatically begin unless cancelled in writing on or before the POC Cancellation Deadline.

The POC Cancelation Deadline is 30 calendar days prior to POC End Date.

After the POC Period, standard renewal and cancellation rules apply.

11.4. Renewal Pricing

Fees for renewed Subscription Terms will be based on:

1. the User’s active Subscription Plan, and
2. Sprii’s pricing applicable at the Renewal Date,

subject to any price adjustment rules set out in these Terms.

If pricing is changed, Sprii will notify the User in accordance with the notice periods described in section 9.7 “Price Adjustments”.

11.5. No Cancellation During Active Term

Once the Subscription has entered the POC Term (if applicable), the Initial Term, or any Renewal Term, the User may not terminate early except as permitted under the “Termination” section.

The User remains responsible for all fees for the entire committed term.

11.6. Changes to Subscription Plan

Upgrades to a higher-tier Subscription Plan may take effect immediately or on the next Renewal Date, as agreed with Sprii.

Downgrades only take effect on the next Renewal Date, provided notice is given before the Subscription Cancellation Deadline.

12. Termination

12.1. Termination for Convenience

The User may terminate the Subscription only by submitting written cancellation before the applicable POC Cancellation Deadline or Subscription Cancellation Deadline, as described in Section 12 “Renewal Terms”.

Cancellations submitted after the relevant deadline take effect at the end of the next Renewal Term.

The User cannot terminate the Subscription early during an active POC Term, Initial Term, or Renewal Term.

12.2. Termination for Breach

Either party may terminate the Contract with immediate effect if the other party commits a material breach of these Terms and fails to remedy the breach within 30 days of receiving written notice specifying the breach.

Examples of material breach include, but are not limited to:

1. failure to pay fees when due,
2. unauthorised use of the Service,
3. violation of applicable laws when using the Service,
4. repeated or serious violation of the DPA.

Sprii may suspend the User’s access to the Service during the notice period if the breach concerns non-payment, misuse, security risk, or unlawful activity.

12.3. Termination for Insolvency

Either party may terminate the Contract with immediate effect if the other party becomes insolvent, enters bankruptcy, liquidation, debt restructuring, or is otherwise unable to meet its financial obligations.

12.4. Effect of Termination

Upon termination:

1. all outstanding fees become immediately due and payable,
2. the User remains liable for all fees due for the full contractual term (unless termination is due to Sprii’s material breach),
3. access to the Service will be disabled, and
4. Sprii will delete or return Customer Data in accordance with the DPA.

No fees are refundable upon termination unless required by mandatory law or explicitly agreed.

12.5. Continuing Obligations

Sections relating to confidentiality, intellectual property, liability, data protection, and any other provisions which by their nature should survive termination, shall remain in force.

13. User Responsibilities

13.1. Compliance with Laws and Policies

The User must use the Service in compliance with:

1. all applicable laws and regulations,
2. third-party platform rules (including Meta, Instagram, Facebook, TikTok, YouTube, and any other integrated platforms),
3. these Terms, and
4. the DPA.

Sprii is not responsible for any consequences arising from the User’s breach of applicable laws or third-party platform policies.

13.2. Account Security

The User is responsible for:

1. maintaining the confidentiality of login credentials,
2. restricting access to authorised personnel only,
3. ensuring that only authorised Users access the Sprii Platform, and
4. immediately notifying Sprii of any suspected unauthorised access or security incident.

Sprii is not liable for any loss or damage arising from unauthorised access caused by the User’s actions or omissions.

13.3. Accuracy of Information

The User is responsible for ensuring that all information they provide to Sprii, including product data, pricing, campaign settings, legal terms, and contact information, is accurate, complete, and up to date.

Sprii has no responsibility for errors, mispricing, or incorrect content resulting from inaccurate or incomplete information supplied by the User.

13.4. Content Responsibility

The User is solely responsible for:

1. all content published, streamed, or communicated through the Service,
2. including text, audio, video, images, campaign content, offers, competitions, and interactions with end customers.

The User must ensure that such content:

3. is lawful,
4. does not infringe third-party rights (including copyright and trademarks),
5. complies with consumer protection rules,
6. includes legally required information, and
7. adheres to platform terms and advertising guidelines.

Sprii is not responsible for reviewing or approving User content.

13.5. Proper Use of the Service

The User may not:

1. use the Service in a manner that may harm or impair Sprii’s systems,
2. misuse data, APIs, or integrations,
3. attempt to bypass usage limits or fees,
4. run automated scripts, scrapers, crawlers, or bots without written permission,
5. interfere with the security, functionality, or stability of the Service, or
6. use the Service to send spam, unsolicited messages, or unlawful communications.

Sprii may suspend access to the Service if misuse is detected.

13.6. Cooperation and Configuration

The User must cooperate with Sprii as reasonably required to deliver the Service, including:

1. providing access to systems where integrations are needed,
2. ensuring that relevant settings, permissions, and access tokens are correctly configured,
3. maintaining valid admin access rights for connected social media or webshop accounts,
4. ensuring stable internet connectivity for live streaming and platform use.

Sprii is not responsible for failures caused by missing permissions, misconfiguration, or third-party platform restrictions.

13.7. End-Customer Interactions

The User is solely responsible for:

1. communication with end-customers,
2. fulfilment of orders,
3. payment collection (unless Sprii Hosted Checkout is used),
4. delivery, returns, refunds, and customer service,
5. compliance with consumer protection rules,
6. any competition, giveaway, or gamification rules required by law.

Sprii does not act as a merchant of record, seller, or agent unless explicitly stated in a Contract.

13.8. Prohibited Uses

The User must not use the Service to:

1. violate privacy or data protection laws,
2. impersonate another person or entity,
3. run fraudulent activities or misleading campaigns,
4. stream or publish harmful, illegal, or offensive content,
5. engage in harassment, discrimination, or abuse,
6. distribute malware, viruses, or harmful code.

Sprii may suspend or terminate accounts engaged in prohibited activities.

14. Intellectual property

13.1. Ownership of the Service

All rights, title, and interest in and to the Sprii Platform, including:

1. software, source code, backend systems, algorithms,
2. features, functionality, user interfaces,
3. documentation, training material,
4. designs, graphics, trademarks, and branding,
5. APIs, integrations, data models, and databases,
6. updates, enhancements, modifications, and derivative works,
7. any tools, modules, or components created by Sprii,

are and remain the exclusive property of Sprii or its licensors.

No intellectual property rights are transferred to the User under these Terms.

14.1. Licence to Use the Service

Sprii grants the User a limited, non-exclusive, non-transferable, non-sublicensable licence to access and use the Service for the duration of the Subscription and solely for the User’s internal business purposes.

The User may not:

1. copy, modify, reverse engineer, decompile, or attempt to extract source code,
2. create derivative works from the Service,
3. circumvent technical protections, usage limits, or billing structures,
4. resell, lease, sublicense, or provide the Service to third parties,
5. use the Service to build a competing product.

Any unauthorised use automatically terminates the licence.

14.2. User Content

The User retains all rights to materials they upload or provide to the Service (“User Content”), including product data, images, videos, campaign material, trademarks, and other assets.

The User grants Sprii a non-exclusive, royalty-free licence to:

1. store, process, display, transmit, and use User Content
2. as needed to operate the Service, perform integrations, and deliver support.

Sprii does not claim ownership of User Content.

14.2.1. Licence for Service Delivery

The User grants Sprii a limited, non-exclusive, royalty-free, worldwide licence to use the User’s trademarks, logos, trade names, and User Content solely for the following purposes:

1. providing, operating, and improving the Service, including displaying campaigns, processing transactions, generating product feeds, and enabling all related functionalities;
2. performing support, maintenance, testing, analytics, and integrations required to deliver the Service;
3. generating anonymised and aggregated usage statistics for Sprii’s internal business purposes, provided that such data cannot be used to identify the User.

This licence is strictly limited to what is necessary to operate the Service and does not permit Sprii to use the User’s branding for public marketing or advertising without separate written permission.

14.3. Feedback and Suggestions

If the User provides feedback, ideas, or suggestions relating to the Service (“Feedback”), Sprii may freely:

1. use, modify, implement, and incorporate the Feedback,
2. without restriction, attribution, or compensation to the User.

The User waives any claim to rights in improvements resulting from such Feedback.

14.4. Third-Party Access

Sprii may permit its sub processors, hosting providers, technical partners, and other service providers to access and use the User’s intellectual property solely as necessary for Sprii to operate, maintain, support, and improve the Platform on Sprii’s behalf.

Sprii will ensure that such third parties are bound by confidentiality and contractual obligations consistent with Sprii’s own obligations under these Terms.

Sprii will not otherwise sell, share, sublicense, disclose, or make the User’s intellectual property available to any third party without the User’s prior written consent, unless required by law.

14.5. Third-Party Rights

The User is responsible for ensuring they have all necessary rights, permissions, and licences for any content, data, materials, or trademarks they upload or use within the Service.

Sprii is not responsible for any infringement resulting from User Content or User-provided integrations.

14.6. Protection of Sprii’s IP

The User must not:

1. remove or obscure proprietary notices,
2. use Sprii’s trademarks or branding without prior written approval,
3. claim any rights to Sprii’s intellectual property,
4. register or attempt to register any marks or domains similar to Sprii’s.

Sprii may take legal action to enforce its intellectual property rights if necessary.

14.7. Survival

The intellectual property provisions in this section survive termination of the Subscription.

14.8. Marketing and References

The User grants Sprii a non-exclusive, royalty-free, worldwide licence to use the User’s name, trademarks, and logos solely for the purpose of identifying the User as a customer of Sprii, including in:

1. reference lists,
2. case studies,
3. sales presentations,
4. investor materials,
5. website customer listings,
6. pitch decks,
7. and other similar corporate or promotional contexts.

Any use beyond simple customer identification, including public testimonials, quotes, co-marketing activities, or detailed case studies, requires the User’s prior written consent.

The User may withdraw the reference permission at any time by providing written notice to Sprii, after which Sprii will cease using the User’s marks in future materials (but may continue using already-printed or published materials where removal is impractical).

14.9. Restrictions on Use

Sprii will not sell, license, distribute, or otherwise commercially exploit the User’s intellectual property for any purpose other than:

1. providing and operating the Sprii Platform as described in these Terms, and
2. the limited marketing and reference use permitted under Clause “14.8 Marketing and References”.

All licences granted by the User under this Section are revocable and will automatically terminate when the User’s Subscription ends, except to the extent that continued use is:

3. required for Sprii to comply with legal obligations,
4. necessary to resolve disputes or enforce agreements, or
5. related to the retention and use of anonymised or aggregated data that cannot identify the User.

Sprii will not use or retain the User’s trademarks, logos, or non-anonymised content for any commercial purpose after termination.

15. Sprii Rights 

15.1. Right to Update and Improve the Service

Sprii may update, modify, enhance, or otherwise change the Service at any time, including adding, removing, or altering features, interfaces, integrations, technical components, or performance elements.

Sprii will ensure that such changes do not materially reduce the core functionality of the Service.

Where a change materially affects the User’s use of the Service, Sprii will provide reasonable advance notice.

15.2. Right to Suspend Access

Sprii may temporarily suspend or restrict access to the Service, in whole or in part, without liability, if:

1. the User breaches these Terms, the DPA, or any applicable law;
2. unauthorised access, security issues, or suspected fraud is detected;
3. the User’s actions threaten system stability or other customers’ use of the Service;
4. required by a third-party platform (e.g., Meta, Instagram, TikTok), hosting provider, or regulatory body;
5. invoices remain unpaid after the due date, in accordance with Section 11.

Sprii will restore access once the underlying issue is resolved.

15.3. Right to Remove or Disable Content

Sprii may remove, disable, or restrict access to User Content if:

1. it violates these Terms, applicable law, or third-party platform rules;
2. it infringes intellectual property or privacy rights;
3. it disrupts the operation of the Service or other users’ experience;
4. Sprii receives a legally valid takedown request.

Sprii is not obligated to review or monitor User Content but may act where necessary.

15.4. Right to Manage System Integrity

Sprii may take any measures reasonably necessary to:

1. maintain security and system integrity,
2. prevent abuse, fraud, or unauthorised access,
3. protect other users and the Service,
4. ensure compliance with third-party technical requirements,
5. maintain platform stability and performance.

This includes throttling excessive usage, rate-limiting requests, or blocking harmful activity.

15.5. Right to Introduce New Features or Paid Add-Ons

Sprii may introduce new features, modules, or services that:

1. are included as part of the existing Subscription, or
2. require a separate fee or upgrade, provided the User is informed in advance.

The User has no obligation to purchase optional add-ons.

15.6. Right to Discontinue Legacy Features

To ensure platform stability, Sprii may discontinue outdated or legacy features, provided that:

1. such discontinuation does not materially impair the core service, and
2. reasonable notice is given when feasible.

15.7. Right to Use Anonymised Data

Sprii may collect and use anonymised or aggregated data derived from the User’s use of the Service for:

1. Platform performance analysis,
2. service improvement,
3. analytics,
4. troubleshooting,
5. benchmarking, and
6. product development.

This data will not identify the User or their end customers.

15.8. Reservation of Rights

Except for the limited rights expressly granted to the User under these Terms, Sprii reserves all rights, title, and interest in and to the Service and all related intellectual property.

16. Your Right to Terminate in Case of Material Adverse Change

16.1. Right to Terminate for Material Adverse Change

Sprii may update, modify, enhance, or discontinue parts of the Service, including features, integrations, or technical components.

However, if Sprii makes a change that results in a Material Adverse Change, the User has the right to terminate the Subscription without penalty.

A Material Adverse Change means a modification that:

1. materially reduces the core functionality of the Service, or
2. significantly limits the User’s ability to use the Service for its intended purpose, or
3. materially reduces the overall value of the Service to the User.

16.2. How to Exercise the Right

To exercise this right, the User must notify Sprii in writing within 30 days of receiving notice of the Material Adverse Change.

Upon valid termination under this clause, Sprii will refund the User on a pro rata basis for any prepaid Service fees covering the period after termination takes effect.

16.3. Changes That Are Not Material Adverse Changes

The following changes do not constitute a Material Adverse Change:

1. modifications to beta, experimental, or test features the User has chosen to access,
2. updates or changes required to comply with third-party platform rules (e.g., Meta, Instagram, TikTok) or legal requirements,
3. minor functional adjustments or interface changes that do not materially affect use of the core Service,
4. removal of legacy or deprecated functionality where Sprii provides reasonable notice.

156.4. Notice Requirement

Sprii will provide at least 30 days’ advance written notice of any Material Adverse Change, unless urgent legal, regulatory, or operational reasons prevent this.

Notice will be provided via:

1. the User’s registered email address, or
2. notification inside the Sprii Platform.

17. Mutual Indemnification

17.1 Indemnification by Each Party

Each party (the “Indemnifying Party”) shall indemnify, defend, and hold harmless the other party (the “Indemnified Party”), including its affiliates, officers, directors, employees, agents, and licensors, from and against any third-party claims, liabilities, damages, losses, costs, or expenses (including reasonable attorneys’ fees) to the extent arising from:

1. a breach by the Indemnifying Party of these Terms or applicable law;
2. negligence or wilful misconduct of the Indemnifying Party;
3. infringement of intellectual property rights caused by the Indemnifying Party’s content, data, materials, or actions.

17.2. Exclusions from Indemnity

The Indemnifying Party shall have no obligation to indemnify the Indemnified Party for any claim to the extent such claim arises from:

1. the Indemnified Party’s own breach of these Terms,
2. modifications to the Service not made or authorised by Sprii,
3. combination of the Service with third-party products or services not provided or approved by Sprii,
4. use of the Service in violation of the Terms, the DPA, or applicable law.
5. The indemnity also does not apply to:
6. indirect, incidental, special, punitive, or consequential damages,
7. loss of profits, revenue, goodwill, or business opportunities,
8. force majeure events or circumstances beyond reasonable control.

17.3. Indemnification Procedure

To receive indemnification, the Indemnified Party must:

1. promptly notify the Indemnifying Party of the claim,
2. provide reasonable cooperation in the defence,
3. allow the Indemnifying Party to control the defence and settlement of the claim,
4. not settle any claim without the Indemnifying Party’s written consent (not to be unreasonably withheld).

The Indemnifying Party may not settle a claim in a manner that imposes liability or obligations on the Indemnified Party without its prior written approval.

17.4. Liability Cap for Indemnification

Except where prohibited by law, the Indemnifying Party’s total aggregate liability under this Section shall not exceed the greater of:

1. the total Subscription Fees and Transaction Fees paid by the Indemnified Party to the Indemnifying Party during the twelve (12) months preceding the event giving rise to the claim; or
2. EUR 20000.

17.5. Exceptions to Liability Cap

The liability cap in Section 18.4 does not apply to:

1. liability arising from wilful misconduct or gross negligence,
2. breach of confidentiality obligations,
3. infringement of intellectual property rights caused by the Indemnifying Party.

18. Warranty Disclaimer and Service Levels

18.1. Service Provided “As Is”

The Service is provided “as is” and “as available”, without warranties of any kind, whether express, implied, statutory, or otherwise.

Sprii expressly disclaims all implied warranties, including:

1. merchantability,
2. fitness for a particular purpose,
3. non-infringement,
4. accuracy,
5. reliability,
6. availability.

Sprii does not warrant that:

7. the Service will be uninterrupted, error-free, or secure;
8. defects will be corrected;
9. the Service will be free of viruses or harmful components;
10. the Service will meet the User’s expectations or performance requirements.

Use of the Service is at the User’s own risk.

18.2. Supported Browsers

The Sprii Platform is designed for modern browsers, including:

1. Google Chrome
2. Safari
3. Microsoft Edge
4. Mozilla Firefox

Sprii uses commercially reasonable efforts to support the current release and at least one prior major version of these browsers.

Sprii does not guarantee correct functionality on:

1. outdated versions,
2. unsupported browsers,
3. modified or non-standard browser environments.

The User is responsible for keeping their browser reasonably up to date.

18.3. Service Availability Targets (Non-Binding)

Sprii aims to provide a high level of availability and performance.

Sprii’s non-binding, commercially reasonable target is 99.5% uptime per calendar month, excluding:

1. planned maintenance,
2. emergency maintenance,
3. force majeure events,
4. outages caused by third-party platforms or providers,
5. downtime related to the User’s systems, devices, or connectivity.

These availability levels are targets only, not guarantees.

18.4. Maintenance Windows

Planned maintenance may occur from time to time. Sprii will use reasonable efforts to schedule maintenance outside peak hours (00:00–06:00 CET) and provide 5 day advance notice when practicable.

Emergency maintenance may be carried out without notice if required to maintain service integrity or security.

18.5. Support Requests

Users may submit support requests via the support channels described on Sprii’s website or within the Platform.

Sprii will use commercially reasonable efforts to review and respond to support requests but does not guarantee response or resolution times unless explicitly agreed in writing.

18.6. SLA Exclusions

The service levels and availability targets in this section do not apply to issues caused by:

1. third-party services, systems, APIs, or platforms outside Sprii’s control,
2. the User’s internet connection, hardware, or software,
3. unauthorized modifications or misuse of the Service,
4. beta features, trial features, or test environments,
5. events described in the Force Majeure section.

18.7. No Service Credits or Remedies

This section describes targets, not a guaranteed Service Level Agreement (SLA).

No credits, refunds, damages, or other remedies are due for failure to meet the availability or support targets described here.

19. Limitation of Liability

19.1. No Liability for Third-Party Services

The Service may integrate with third-party platforms, systems, and services, including social media platforms (e.g., Meta, Instagram, Facebook, TikTok), webshops, payment providers, shipping providers, and other external tools.

Sprii does not control these third-party services and is not responsible for:

1. their availability, performance, or functionality;
2. changes to APIs or platform rules;
3. third-party data processing practices;
4. downtime, interruptions, or errors caused by such services.

The User’s use of third-party services is governed by those providers’ own terms.

19.2.Availability, Security, and Integrations

Sprii uses commercially reasonable measures to maintain service availability and security, but does not guarantee uninterrupted operation or absolute security.

Sprii is not liable for:

1. service interruptions, delays, or data loss;
2. unauthorized access, breaches, or security incidents;
3. issues caused by the User’s systems, configuration, or connectivity.

For integrations:

4. Sprii-controlled integrations: Sprii is responsible for ensuring compatibility with the Service.
5. External third-party integrations: Sprii is not responsible for changes, failures, or limitations caused by external systems or providers.

Data security obligations are further described in the DPA, which prevails for Personal Data.

19.3. Exclusion of Indirect and Consequential Damages

To the fullest extent permitted by law, Sprii shall not be liable for any indirect, incidental, punitive, special, or consequential damages, including but not limited to:

1. loss of profits,
2. loss of revenue,
3. loss of business opportunities,
4. loss of data,
5. business interruption,
6. reputational harm,

whether based on contract, tort, or any other legal theory, even if Sprii has been advised of the possibility of such damages.

19.4. Limitation of Direct Liability

Except where liability cannot be limited under applicable law, Sprii’s total aggregate liability arising out of or relating to these Terms shall not exceed the greater of:

1. the total Subscription Fees and Transaction Fees paid by the User in the twelve (12) months preceding the event giving rise to the claim; or
2. EUR 20,000.

This limitation applies to all claims, whether in contract, tort, indemnity, negligence, strict liability, or otherwise.

19.5. Exceptions to the Liability Cap

The liability cap in Section 18.4 does not apply to:

1. wilful misconduct or gross negligence,
2. liability that cannot legally be limited,
3. the parties’ obligations under Section 18 (Mutual Indemnification),
4. breach of confidentiality.

20. Miscellaneous

20.1. Force Majeure

Neither party shall be liable for any failure or delay in performing its obligations under these Terms to the extent caused by circumstances beyond its reasonable control, including but not limited to acts of God, natural disasters, epidemics, war, terrorism, governmental actions, labour disputes, power outages, failures of internet or telecommunications networks, or interruptions of hosting or cloud service providers.

20.2. Assignment

The User may not assign or transfer any rights or obligations under these Terms without Sprii’s prior written consent, and any attempted assignment without such consent is void.

Sprii may assign or transfer its rights and obligations under these Terms, in whole or in part, to an affiliate or a third party, provided that the User is notified.

20.3. Independent Contractors

Sprii and the User are independent contractors. Nothing in these Terms shall be construed to create a partnership, joint venture, employment, or agency relationship between the parties.

20.4. Successors and Assigns

These Terms shall be binding upon and inure to the benefit of the parties and their respective permitted successors and assigns.

21. Complaints

If the User wishes to submit a complaint regarding the Service, billing, or any other matter under these Terms, the User may do so by contacting Sprii at support@sprii.io. Sprii will review the complaint and respond within a reasonable time.

22. Severability

If any provision of these Terms is held to be invalid, illegal, or unenforceable, that provision shall be enforced to the maximum extent permitted by law, and the remaining provisions shall remain in full force and effect.

Where necessary, the invalid or unenforceable provision shall be deemed modified so as to best reflect the original intent of the parties while remaining enforceable.

23. Changes to These Terms

Sprii may update or amend these Terms from time to time to reflect changes in the Service, legal requirements, or business practices. Updated Terms will be published on our website and, where the changes are material, Sprii will provide at least 30 days’ prior notice by email or within the Sprii Platform.

Continued use of the Service after the updated Terms take effect constitutes acceptance of the revised Terms.

If you do not agree to the updated Terms, you must stop using the Service before the changes become effective.

If an update constitutes a Material Adverse Change, you may exercise your right to terminate the Subscription without penalty in accordance with the section 18 “Your Right to Terminate in Case of Material Adverse Change” 

24. Governing Law and Jurisdiction

These Terms shall be governed by and interpreted in accordance with the laws of Denmark, without regard to its conflict-of-law principles.

Any dispute arising out of or in connection with these Terms, the Service, or the parties’ relationship shall be submitted to the exclusive jurisdiction of the courts of Denmark.

If required by mandatory consumer protection rules (where applicable), the User may have the right to bring claims in their local jurisdiction.

25. Notices

All notices under these Terms must be provided in writing.

25.1. Notices from Sprii to the User

Sprii may deliver notices to the User by:

1. email to the primary email address registered in the User’s Sprii account, or
2. in-product notifications or alerts inside the Sprii Platform.

Notices sent by email shall be deemed received when transmitted, unless Sprii receives a delivery failure notification.

25.2. Notices from the User to Sprii

The User must send all notices regarding these Terms, including termination notices, disputes, or legal communications, to:

support@sprii.io

Notices are deemed received when acknowledged by Sprii or, if no acknowledgement is provided, within two (2) business days of transmissio

Annex 1 - Billing Rules and Fee Calculation

This Annex forms an integral part of the Sprii General Terms and Conditions. It describes how fees are calculated for transaction-based and usage-based pricing models.

1. Revenue Calculation for Transaction Fees

1.1. General Rule -  Revenue Includes VAT

For the purposes of calculating transaction fees, Revenue is always based on the full price paid or reserved by the end customer, including VAT and any applicable taxes, unless explicitly stated otherwise by Contract.

1.2. Sprii Hosted Checkout with Payment Integration

Revenue equals the actual paid amount received from the customer.

1.3. Sprii Checkout Without Payment Integration

If Sprii checkout is used without a payment integration, Revenue is based on the value of the basket (including VAT) at the point where the customer reaches the final payment window, meaning the customer has:

1. viewed the basket,
2. entered personal details,
3. accepted the terms of trade.

1.4. Webshop Integration Using Webshop Checkout

Transaction fees are based on the actual paid amount including VAT, but never more than the amount originally reserved through Sprii.

If additional products are added during webshop checkout, no fee is charged on the additional amount beyond the original reservation.

If products are removed and replaced with other products during checkout, Sprii may apply transaction fees to the new products, as the sale was initiated via Sprii. However, the total transaction fee will never be calculated on an amount exceeding the value originally reserved through Sprii.

1.5. Webshop Integrations Without Payment Confirmation Support

If a webshop integration does not support confirming the final paid amount to Sprii, Revenue will be estimated.

Revenue is estimated by reducing total reserved basket value (including VAT) by 25% for all consumers who:

1. received a checkout link, and
2. clicked the link.

Transaction fees are calculated based on this estimated Revenue.

1.6. Returns

Transaction fees are non-refundable, including cases where:

1. the end customer cancels,
2. fails to pay, or
3. returns goods.

Transaction fees apply to the initial sale event only.

1.7. Shipping

Shipping costs may be included in the Revenue basis for transaction fee calculation in the following cases:

1. Sprii Hosted Checkout is used, or
2. the webshop integration does not transmit product-level completion data, resulting in checkout values lower than the Sprii reservation.

2. Lead Fees

Lead fees apply when the Subscription Plan includes lead-based pricing. A lead is generated when an End Consumer submits a comment or interaction that triggers a product reservation or request, and Sprii responds through an automated or manual message flow. Lead fees are calculated per unique consumer who triggers such a reservation request and receives one or more messages, notifications, or links from the Sprii Platform. The applicable unit prices for lead fees are stated in the User’s Subscription overview within the Platform or in the Contract, as applicable.

3. Mixed Campaigns (Checkout + Lead Products)

The following rules apply to campaigns containing both checkout and lead products:

1. Orders containing only checkout products will trigger a fee as described in section 1 .
2. Orders with only lead products will trigger a fee as described in section 2.
3. Mixed orders:
   
   1. If order is completed, then only checkout fees apply as described in section 1.
   2. If order is not completed, then then only lead fees apply as described I section 2

4. Gamification Transaction Fees

Gamification transaction fees apply when the Subscription Plan includes gamification-based pricing and apply when an End Consumer participates in a gamification event offered through the Sprii Platform.

Fees are charged per participating consumer per gamification event.

The applicable prices are shown in the User’s Subscription overview or in the Contract, as applicable.

5. Usage-Based Fees

Usage fees apply where the Subscription Plan includes limits on:

5.1. Streaming Hours

Usage is measured as the total number of recorded streaming hours used per month.

If the included hours are exceeded, overage fees apply according to the User’s Subscription Plan or Contract.

5.2. Viewing Hours (Onsite Video Player)

“Viewing Hours” means the total consumption of video content delivered through the Sprii Onsite video player and is calculated as:

number of viewers × total viewing time

If the User exceeds the Viewing Hour limits included in their Subscription Plan, Sprii may apply overage fees at the rates specified in the Subscription Plan or Contract.

‍

Annex 2 - Data Processing Agreement 

For the purposes of Article 28(3) of Regulation 2016/679 (the GDPR) 

‍

between

‍

User of Sprii Aps Services

(the Data Controller)

‍

and

‍

Sprii ApS

Tax ID: DK42084476

Sommervej 31E, 8210 Aarhus V

Denmark

(the Data Processor)

‍

each a ‘party’; together ‘the parties’

‍

HAVE AGREED on the following Contractual Clauses (the Clauses) in order to meet the requirements of the GDPR and to ensure the protection of the rights of the Data Subject.

1. Content

2. Preamble

3. The rights and obligations of the data controller

4. The data processor acts according to instructions

5. Confidentiality

6. Security of processing

7. Use of sub-processors

8. Transfer of data to third countries or international organisations

9. Assistance to the data controller

10. Notification of personal data breach

11. Erasure and return of data

12. Audit and inspection

13. The parties’ agreement on other terms

14. Commencement and termination

15. Data controller and data processor contacts/contact points 1

Appendix A Information about the processing

Appendix B Authorised sub-processors

Appendix C Instruction pertaining to the use of personal data

Appendix D United Kingdom addendum  

2. Preamble

1. These Contractual Clauses (the Clauses) set out the rights and obligations of the data controller and the data processor, when processing personal data on behalf of the data controller.

2. The Clauses have been designed to ensure the parties’ compliance with Article 28(3) of Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).

3. In the context of the provision of Sprii, the data processor will process personal data on behalf of the data controller in accordance with the Clauses.

4. The Clauses shall take priority over any similar provisions contained in other Agreements between the parties.

5. Four appendices are attached to the Clauses and form an integral part of the Clauses.

6. Appendix A contains details about the processing of personal data, including the purpose and nature of the processing, type of personal data, categories of data subject and duration of the processing.

7. Appendix B contains the data controller’s conditions for the data processor’s use of sub-processors and a list of sub-processors authorised by the data controller.

8. Appendix C contains the data controller’s instructions with regards to the processing of personal data, the minimum security measures to be implemented by the data processor and how audits of the data processor and any sub-processors are to be performed.

9. The Clauses along with appendices shall be retained in writing, including electronically, by both parties.

10. The Clauses shall not exempt the data processor from obligations to which the data processor is subject pursuant to the General Data Protection Regulation (the GDPR) or other legislation.

3. The rights and obligations of the data controller

1. The data controller is responsible for ensuring that the processing of personal data takes place in compliance with the GDPR (see Article 24 GDPR), the applicable EU or Member State  data protection provisions and the Clauses.

2. The data controller has the right and obligation to make decisions about the purposes and means of the processing of personal data.

3. The data controller shall be responsible, among other, for ensuring that the processing of personal data, which the data processor is instructed to perform, has a legal basis. 

4. The data processor acts according to instructions

1. The data processor shall process personal data only on documented instructions from the data controller, unless required to do so by Union or Member State law to which the processor is subject. Such instructions shall be specified in appendices A and C. Subsequent instructions can also be given by the data controller throughout the duration of the processing of personal data, but such instructions shall always be documented and kept in writing, including electronically, in connection with the Clauses. 

2. The data processor shall immediately inform the data controller if instructions given by the data controller, in the opinion of the data processor, contravene the GDPR or the applicable EU or Member State data protection provisions.

5. Confidentiality

1. The data processor shall only grant access to the personal data being processed on behalf of the data controller to persons under the data processor’s authority who have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality and only on a need to know basis. The list of persons to whom access has been granted shall be kept under periodic review. On the basis of this review, such access to personal data can be withdrawn, if access is no longer necessary, and personal data shall consequently not be accessible anymore to those persons.

2. The data processor shall at the request of the data controller demonstrate that the concerned persons under the data processor’s authority are subject to the abovementioned confidentiality.

6. Security of processing 

1. Article 32 GDPR stipulates that, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the data controller and data processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk.

The data controller shall evaluate the risks to the rights and freedoms of natural persons inherent in the processing and implement measures to mitigate those risks. Depending on their relevance, the measures may include the following:

a. Pseudonymisation and encryption of personal data;

b. the ability to ensure ongoing confidentiality, integrity, availability and resilience of processing systems and services;

c. the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;

d. a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.

2. According to Article 32 GDPR, the data processor shall also – independently from the data controller – evaluate the risks to the rights and freedoms of natural persons inherent in the processing and implement measures to mitigate those risks. To this effect, the data controller shall provide the data processor with all information necessary to identify and evaluate such risks.

3. Furthermore, the data processor shall assist the data controller in ensuring compliance with the data controller’s obligations pursuant to Articles 32 GDPR, by inter alia providing the data controller with information concerning the technical and organisational measures already implemented by the data processor pursuant to Article 32 GDPR along with all other information necessary for the data controller to comply with the data controller’s obligation under Article 32 GDPR.

If subsequently – in the assessment of the data controller – mitigation of the identified risks require further measures to be implemented by the data processor, than those already implemented by the data processor pursuant to Article 32 GDPR, the data controller shall specify these additional measures to be implemented in Appendix C.

7. Use of sub-processors

1. The data processor shall meet the requirements specified in Article 28(2) and (4) GDPR in order to engage another processor (a sub-processor).

2. The data processor shall therefore not engage another processor (sub-processor) for the fulfilment of the Clauses without the prior general written authorisation of the data controller.

3. The data processor has the data controller’s general authorisation for the engagement of sub-processors. The data processor shall inform in writing the data controller of any intended changes concerning the addition or replacement of sub-processors at least 1 month in advance, thereby giving the data controller the opportunity to object to such changes prior to the engagement of the concerned sub-processor(s). Longer time periods of prior notice for specific sub-processing services can be provided in Appendix B. The list of sub-processors already authorised by the data controller can be found in Appendix B.

4. Where the data processor engages a sub-processor for carrying out specific processing activities on behalf of the data controller, the same data protection obligations as set out in the Clauses shall be imposed on that sub-processor by way of a contract or other legal act under EU or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the Clauses and the GDPR.

The data processor shall therefore be responsible for requiring that the sub-processor at least complies with the obligations to which the data processor is subject pursuant to the Clauses and the GDPR.

5. A copy of such a Sub-processor Agreement and subsequent amendments shall – at the data controller’s request – be submitted to the data controller, thereby giving the data controller the opportunity to ensure that the same data protection obligations as set out in the Clauses are imposed on the sub-processor. Clauses on business related issues that do not affect the legal data protection content of the Sub-processor Agreement, shall not require submission to the data controller.  

6. The data processor shall agree a third-party beneficiary clause with the sub-processor where – in the event of bankruptcy of the data processor – the data controller shall be a third-party beneficiary to the sub-processor agreement and shall have the right to enforce the agreement against the sub-processor engaged by the data processor, e.g. enabling the data controller to instruct the sub-processor to delete or return the personal data.

7. If the sub-processor does not fulfil his data protection obligations, the data processor shall remain fully liable to the data controller as regards the fulfilment of the obligations of the sub-processor. This does not affect the rights of the data subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the data controller and the data processor, including the sub-processor.

8. Transfer of data to third countries or international organisations

1. Any transfer of personal data to third countries or international organisations by the data processor shall only occur on the basis of documented instructions from the data controller and shall always take place in compliance with Chapter V GDPR. 

2. In case transfers to third countries or international organisations, which the data processor has not been instructed to perform by the data controller, is required under EU or Member State law to which the data processor is subject, the data processor shall inform the data controller of that legal requirement prior to processing unless that law prohibits such information on important grounds of public interest.

3. Without documented instructions from the data controller, the data processor therefore cannot within the framework of the Clauses:

a. transfer personal data to a data controller or a data processor in a third country or in an international organization

b. transfer the processing of personal data to a sub-processor in a third country 

c. have the personal data processed in by the data processor in a third country

4. The data controller’s instructions regarding the transfer of personal data to a third country including, if applicable, the transfer tool under Chapter V GDPR on which they are based, shall be set out in Appendix C.6.

5. The Clauses shall not be confused with standard data protection clauses within the meaning of Article 46(2)(c) and (d) GDPR, and the Clauses cannot be relied upon by the parties as a transfer tool under Chapter V GDPR.

9. Assistance to the data controller

1. Taking into account the nature of the processing, the data processor shall assist the data controller by appropriate technical and organisational measures, insofar as this is possible, in the fulfilment of the data controller’s obligations to respond to requests for exercising the data subject’s rights laid down in Chapter III GDPR.

This entails that the data processor shall, insofar as this is possible, assist the data controller in the data controller’s compliance with:

a. the right to be informed when collecting personal data from the data subject

b. the right to be informed when personal data have not been obtained from the data subject

c. the right of access by the data subject

d. the right to rectification

e. the right to erasure (‘the right to be forgotten’)

f. the right to restriction of processing

g. notification obligation regarding rectification or erasure of personal data or restriction of processing

h. the right to data portability

i. the right to object 

j. the right not to be subject to a decision based solely on automated processing, including profiling

2. In addition to the data processor’s obligation to assist the data controller pursuant to Clause 6.3., the data processor shall furthermore, taking into account the nature of the processing and the information available to the data processor, assist the data controller in ensuring compliance with:

a. The data controller’s obligation to without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the competent supervisory authority unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons;

b. the data controller’s obligation to without undue delay communicate the personal data breach to the data subject, when the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons;

c. the data controller’s obligation to carry out an assessment of the impact of the envisaged processing operations on the protection of personal data (a data protection impact assessment);

d. the data controller’s obligation to consult the competent supervisory authority prior to processing where a data protection impact assessment indicates that the processing would result in a high risk in the absence of measures taken by the data controller to mitigate the risk.

3. The parties shall define in Appendix C the appropriate technical and organisational measures by which the data processor is required to assist the data controller as well as the scope and the extent of the assistance required. This applies to the obligations foreseen in Clause 9.1. and 9.2.

10. Notification of personal data breach

1. In case of any personal data breach, the data processor shall, without undue delay after having become aware of it, notify the data controller of the personal data breach.

2. The data processor’s notification to the data controller shall, if possible, take place within 24 hours after the data processor has become aware of the personal data breach to enable the data controller to comply with the data controller’s obligation to notify the personal data breach to the competent supervisory authority, cf. Article 33 GDPR.

3. In accordance with Clause 9(2)(a), the data processor shall assist the data controller in notifying the personal data breach to the competent supervisory authority, meaning that the data processor is required to assist in obtaining the information listed below which, pursuant to Article 33(3)GDPR, shall be stated in the data controller’s notification to the competent supervisory authority:  

a. The nature of the personal data including where possible, the categories and approximate number of data subjects concerned and the categories and approximate number of personal data records concerned; 

b. the likely consequences of the personal data breach;

c. the measures taken or proposed to be taken by the controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects. 

4. The parties shall define in Appendix C all the elements to be provided by the data processor when assisting the data controller in the notification of a personal data breach to the competent supervisory authority.

11. Erasure and return of data

1. The data processor shall, on request or related to termination of service, delete all personal data processed on behalf of the data controller as specified in appendix C.4

12. Audit and inspection

1. The data processor shall make available to the data controller all information necessary to demonstrate compliance with the obligations laid down in Article 28 and the Clauses and allow for and contribute to audits, including inspections, conducted by the data controller or another auditor mandated by the data controller.

2. Procedures applicable to the data controller’s audits, including inspections, of the data processor and sub-processors are specified in appendices C.7. and C.8.    

3. The data processor shall be required to provide the supervisory authorities, which pursuant to applicable legislation have access to the data controller’s and data processor’s facilities, or representatives acting on behalf of such supervisory authorities, with access to the data processor’s physical facilities on presentation of appropriate identification. 

13. The parties’ agreement on other terms 

1. The parties may agree other clauses concerning the provision of the personal data processing service specifying e.g. liability, as long as they do not contradict directly or indirectly the Clauses or prejudice the fundamental rights or freedoms of the data subject and the protection afforded by the GDPR.

14. Commencement and termination

1. The Clauses shall become effective on the date of both parties’ signature.

2. Both parties shall be entitled to require the Clauses renegotiated if changes to the law or inexpediency of the Clauses should give rise to such renegotiation. 

3. The Clauses shall apply for the duration of the provision of personal data processing services. For the duration of the provision of personal data processing services, the Clauses cannot be terminated unless other Clauses governing the provision of personal data processing services have been agreed between the parties.

4. If the provision of personal data processing services is terminated, and the personal data is deleted or returned to the data controller pursuant to Clause 11.1. and Appendix C.4., the Clauses may be terminated by written notice by either party.

Appendix A - Information about the processing 

A.1. The purpose of the data processor’s processing of personal data on behalf of the data controller is:

Data is processed with the following purposes:

a) To be able to mediate sales between users of Sprii (data controller) and the end customer

A.2. The data processor’s processing of personal data on behalf of the data controller shall mainly pertain to (the nature of the processing):

The data processor processes personal data solely for the purpose of enabling consumer interactions initiated through channels connected to the Sprii Platform, including:

• Interactions from Meta platforms (e.g. Facebook or Instagram) where consumers comment, message, click links, or subscribe to updates.
• Interactions from the Sprii-embedded player integrated on the controller’s website, where consumers may voluntarily enter chat usernames or messages.

In all cases, processing is limited to facilitating the controller’s communication with consumers and fulfilling user-initiated requests.

The collection, handling, and revocation of consent, as well as technical data-flow descriptions, are detailed in Appendix C (Instruction pertaining to the use of personal data).

Sprii does not independently collect, enrich, or use personal data for unrelated marketing, profiling, or analytics purposes.

When Sprii Hosted Checkout is used, additional personal data such as order and contact details are processed as described in Appendix C.1.

The processing of personal data is carried out in accordance with the controller’s documented instructions, as set out in Appendix C, and subject to the security, storage, and deletion provisions specified therein.

A.3. The processing include the following types of personal data:

General personal data that is processed:

• Platform Profile Name (i.e. Facebook, Instagram)

• Chat Name (Embedded player)

If Sprii Hosted Checkout is used:

• Name
• Email address
• Phone number
• Address

All personal data is treated confidentially.

A.4. Processing includes the following categories of data subject:

Information is processed about the following categories of data subjects:

a) End users who are interacting in Sprii assisted activities by the Data Controller. 

A.5. The data processor’s processing of personal data on behalf of the data controller may be performed when the Clauses commence. Processing has the following duration:

This Agreement applies as long as Sprii ApS processes personal data for the data controller in accordance with the parties' separate agreement on system, services, payment, etc. Upon termination of the services relating to the processing of personal data, Sprii will, at the request of the data controller, anonymize all personal data that has been processed on behalf of the data controller and confirm to the data controller that the information has been anonymized, unless the EU law or the national law of the Member States prescribes storage of the personal data. 

Appendix B - Authorised sub-processors

B.1. Approved sub-processors

On commencement of the Clauses, the data controller authorises the engagement of the following sub-processors:

‍

B.1.1 Google Firebase, Alphabeat Inc.

Address: Headquarters: 1600 Amphitheatre Parkway Mountain View, CA 94043 (Headquarter)

Servers used by Sprii: St. Ghislain, Belgium.

Description of processing:

Firebase is a mobile and web application development platform.

Sprii's software and database are hosted by Google Firebase.

The processing includes processing of purchase data, products, and comment data from platforms.

Firebase Data Processing and Security Terms can be found here:

https://firebase.google.com/terms/data-processing-terms

‍

B.1.2 Elasticsearch

Address: Headquarters: 8000 West El Camino Real, Suite 350, Mountain View, CA United States (Headquarter)

Servers used by Sprii: Frankfurt, Germany.

Description of processing:

Elasticsearch is a search engine that makes it possible to perform efficient searches in large amounts of data. It is used, for example, to find all orders relating to a specific customer. ElasticSearch has servers in Frankfurt, Germany, which Sprii uses.

The processing includes the processing of customer orders and products.

https://www.elastic.co/legal/product-privacy-statement

‍

The data controller shall on the commencement of the Clauses authorise the use of the abovementioned sub-processors for the processing described for that party. The data processor shall not be entitled – without the data controller’s explicit written authorisation – to engage a sub-processor for a ‘different’ processing than the one which has been agreed upon or have another sub-processor perform the described processing.

B.2. Changes to use of sub-processors

The Data Processor must notify the Data Controller of any planned changes concerning the addition or replacement of subcontracted data processors and thereby give the Data Controller the opportunity to object to such changes. Such notification must reach the Data Controller at least 3 months before the application or change is to take effect. If the Data Controller objects to the changes, the Data Controller must notify the Data Processor within 1 month of receipt of the notification. The Data Controller may only object if the Data Controller has reasonable, concrete reasons for doing so.

Appendix C - Instruction pertaining to the use of personal data 

C.1. The subject of/instruction for the processing

The data processor’s processing of personal data on behalf of the data controller shall be carried out by the data processor performing the following:

General use:

The data processor collects platform username on the end user, as well as which goods the end customer has requested/ordered/purchased.

If Sprii Hosted Checkout is used:

The data processor collects general personal data (name, address, e-mail, and telephone number) on the end user, as well as which goods the end customer has requested/ordered/purchased.

The data processor processes data received from:

• Meta platforms (Facebook, Instagram) via official APIs, only after a user-initiated action such as a comment, click, message, or subscription.
• The Sprii-embedded video player on the controller’s website, when consumers voluntarily provide information (e.g. a username or message).

The data processor receives only limited data (e.g. platform username, message text, timestamps, campaign reference) transmitted securely via these integrations. No data are collected without a clear user action.

C.1a. Consent Handling and Revocation

Consent is obtained directly within Meta’s platforms or via mechanisms provided by the controller on its website.

• User actions (comment, click, message, subscription) constitute explicit and informed consent within Meta’s controlled environment.
• The controller is responsible for obtaining consent for interactions through the embedded player.
• Users can revoke consent at any time through Meta privacy settings, “unsubscribe” commands, or by blocking the page; Sprii automatically excludes those users from further processing once access is revoked.
• If a user requests deletion of their interaction through the controller’s channels, Sprii will anonymize or delete the corresponding data in accordance with the controller’s instructions.

C.2. Security of processing

The security level must reflect a reasonable and appropriate security level must be established.

The data processor is then entitled and obliged to make decisions about which technical and organizational security measures must be used to create the necessary level of security around the information.

The processing includes personal data, which is why the Data Processor must implement the following measures:

Technical measures:

• Relevant antivirus protection is in place and used

• Two-factor validation for logging into systems where possible

• Backup of systems that process personal data

‍

Organizational measures:

• All employees are instructed in the protection of personal data

• The employee instructions are updated and reviewed at least once a year

• The employee instructions are always reviewed with new employees in connection with employment

• All employees are required to maintain confidentiality during and after employment

• Access and login are role-based or person-based, and staff and systems do not have access to more than is necessary to perform their duties

Physical measures:

• Work facilities and offices are protected by appropriate access controls to ensure that only authorized personnel have access

• All physical media (paper, USB drive, etc.) are destroyed in a responsible manner if they have been used to store personal data

The data processor is entitled to make further decisions about necessary technical and organizational security measures to be implemented to ensure an appropriate level of security regarding the personal data

Sprii ApS and its processing of personal data may take place in whole or in part by using home workplaces, all of which meet the security requirements covered by this data processing agreement.

C.3. Assistance to the data controller

The data processor must as far as possible – within a reasonable scope and extent – assist the data controller in accordance with Provisions 9.1 and 9.2 by implementing the technical and organizational measures as listed under C.2.

The data processor, taking into account the nature of the processing, assists the data controller as far as possible by means of the mentioned appropriate technical and organizational measures in fulfilling the data controller's obligation to respond to requests for the exercise of the data subjects' rights.

C.4. Storage period/erasure procedures 

Personal information is stored by the data processor in the following periods of time:

• Campaign interactions – Personal data is anonymized 2 years from last interaction.
• Subscription lists - Personal data is anonymized 2 years last from Opt-out date.
• Contents of comments in general are stored for 30 days and deleted on the 30^th day.

Upon termination of the services relating to the processing of personal data, the data processor will, at the request of the data controller, anonymize or delete all personal data that has been processed on behalf of the data controller and confirm to the data controller that the information has been anonymized or deleted, unless EU law or the national law of the Member States prescribes the storage of the personal data. 

If nothing is requested by the data controller, the personal data will be anonymized after 2 years.

‍

C.5. Processing location

Processing of the personal data covered by the Regulations may not take place without the data controller's prior written approval at locations other than the following:

• Sprii ApS (CVR 42084476), Søvej 46, 2791 Dragør, Denmark

• Sprii ApS (CVR 42084476), Sommervej 31E, 8210 Aarhus V, Denmark

• Employees' home workplaces, all of which meet the security requirements covered by this data processing agreement

The location of the sub-data processors can be seen under point B.1.

C.6. Instruction on the transfer of personal data to third countries 

If the data controller does not in these Regulations or subsequently give a documented instruction regarding the transfer of personal data to a third country, the data processor is not entitled to carry out such transfers within the framework of these Regulations.

C.7. Procedures for the data controller’s audits, including inspections, of the processing of personal data being performed by the data processor

The data processor must, at the request of the data controller and at the data controller's expense, obtain an audit statement or inspection report from an independent third party regarding the data processor's compliance with the data protection regulation, data protection regulations in other EU law or the national law of the member states and these Regulations.

The audit statement/inspection report is forwarded without undue delay to the data controller for information. The data controller can dispute the framework for and/or the method in the audit statement/inspection report and can in such cases request a new audit statement/inspection report under a different framework and/or using a different method.

Based on the results, the data controller is entitled to request the implementation of additional measures in order to ensure compliance with the data protection regulation, data protection provisions in other EU law or the national law of the Member States and these Regulations.

The data controller or a representative of the data controller also has access to carry out inspections, including physical inspections, of the locations from which the data processor processes personal data, including physical locations and systems used for or in connection with the processing. Such inspections may be carried out when the data controller deems it necessary. The assessment must be based on facts and not on feeling. Physical inspection requires prior agreement with the data processor and with a prior notice of 4 weeks, so that the data processor is prepared to be able to devote the necessary resources to it.

The data controller's possible expenses in connection with a physical inspection are borne by the data controller himself. However, the data processor is obliged to allocate the resources (mainly the time) necessary for the data controller to carry out his inspection.

The data processor complies to participate in the data controller's annual written audit.

Written Confirmation upon Request

Upon the Data Controller’s request, the Data Processor shall provide a written confirmation that Sprii ApS complies with its obligations under this Data Processing Agreement and the General Data Protection Regulation (GDPR).

‍

Such written confirmation may, where relevant, include an internal audit report, a compliance declaration signed by Sprii’s Data Protection Manager, or documentation describing the technical and organisational security measures implemented and maintained by the Data Processor.

‍

This written confirmation may be used by the Data Controller as part of its audit and inspection rights under Clause 12 of this Agreement, unless there are reasonable and specific grounds for conducting a more extensive audit or physical inspection.

C.8. Procedures for audits, including inspections, of the processing of personal data being performed by sub-processors

As a data processor, we update ourselves in the security policies of our sub-data processors in order to ensure that the sub-data processors comply with necessary security measures at all times. This means that we collect information about the organizational and technical security measures of our sub-processors annually. The sub-data processors are mentioned in point B.1.

Any expenses incurred by the data processor and the sub-data processor in connection with an audit of the sub-data processor's premises are the responsibility of the data controller.

Appendix D United Kingdom addendum

This UK-Specific Addendum ("UK Addendum") is entered into by the Parties and forms part of the Data Processing Agreement ("DPA") between the UK based Data Controller and Sprii ApS. This UK Addendum ensures compliance with the UK General Data Protection Regulation ("UK GDPR") and the Data Protection Act 2018 ("DPA 2018").

D.1. Scope and Application
This Addendum applies where the Data Processor processes personal data subject to the UK GDPR and DPA 2018, in addition to the EU GDPR.

‍D.2. Supervisory AuthorityFor UK-based data subjects, the relevant Supervisory Authority is the UK Information Commissioner’s Office (ICO).

‍D.3. UK Data Transfers
- Any transfer of personal data from the UK to a third country must comply with Chapter V of the UK GDPR.- If Standard Contractual Clauses (SCCs) under the EU GDPR are used, the **UK International Data Transfer Addendum** must be incorporated.- Transfers from the UK to the EU are currently deemed adequate under UK law, unless regulatory changes occur.

‍D.4. Data Breach Notification
- If a data breach involves UK data subjects, the Data Processor shall notify the Data Controller in compliance with UK GDPR.- The Data Controller must assess whether to notify the UK Information Commissioner's Office (ICO).

‍D.5. Sub-Processing in the UK- Where the Data Processor engages a sub-processor for UK-based personal data processing, the sub-processor must adhere to UK GDPR standards.- Sub-processors located outside the UK must apply the UK International Data Transfer Addendum, where required.

‍D.6. Governing Law - This UK Addendum shall be governed by and construed in accordance with the laws of **England and Wales