Terms of Service for the Bold Web Portal 

 

version 1.4 - 11-2023

Please carefully read these Terms of Service (“ToS”) to ensure that you understand its contents before you use the Bold Web Portal. By checking the acceptance box when you register yourself to use the Bold Web Portal, you enter into an agreement with Bold. If you do not agree with these ToS, please do not use the Bold Web Portal. 

These ToS cover your use of the Bold Web Portal whether or not used in combination with any Bold Product.

If you accept these ToS on behalf of another person, you warrant that you have full legal authority to accept the terms and conditions in these ToS on behalf of that person, and to legally bind that person.

Bold may amend, supplement or replace the conditions of these ToS in its sole discretion.

 

1. How to contact us 

1.1. If you have any questions or suggestions regarding the Bold Web Portal, please contact us at support@boldsmartlock.com.

 

2. Definitions

2.1. In these ToS, the expressions below shall have the meaning assigned to them in this clause, unless the context requires otherwise:

Bold: Bold Security Technology B.V. Leidsevaart 2, 3511SB, Utrecht, the Netherlands;
Bold App: the Bold application, including any Updates, the main purpose of which is to open and close the Bold Smart Cylinder (the cylinder lock which can be opened and closed with the Bold App and a personal PIN code). 
Bold Products: the physical access system products purchasable from Bold, including the Bold Smart Cylinder, the Bold Smart Connect and the Bold Clicker;
Bold Web Portal: web application of Bold that allows managing end users’ access to and use of Bold Products and the Bold App. 
Documentation: The information about the Bold Web Portal, its features and the system requirements as made available by Bold. 
Updates: any modified versions of, and additions to the Bold App. 
ToS: these Terms of Service, including its exhibits.

 

3. License

3.1. All intellectual property rights in the Bold Web Portal and the Documentation throughout the world belong to Bold (or its licensors). 
3.2. Bold grants you a non-exclusive, non-transferable, limited, revocable license to use the Bold Web Portal and the Documentation in accordance with these ToS. Bold reserves all rights not expressly granted to you in these ToS.

 

4. Permitted use and restrictions

4.1. You may use the Bold Web Portal for the purpose of managing end users’ access to and use of Bold Products and the Bold App. 

4.2. If you access or use the Bold Web Portal for the benefit an organization, you warrant that you have obtained the required authorizations to do so from the relevant organization and that you shall cease using the Bold Web Portal if you lose such authorizations. 

4.3. You acknowledge that access to your Bold Web Portal account could result in unauthorized access to private space(s). You are solely responsible for securing any devices that you use to access the Bold Web Portal and keeping your Bold Web Portal account information confidential. 

4.4. You shall use the Bold Web Portal and the Documentation in accordance with applicable laws and shall not:

1. Provided that this is not a part of the intended Bold Web Portal functionality, rent, lease, lend, sell, redistribute, sublicense, provide or otherwise make available the Bold Web Portal and the Documentation in any form, in whole or in part to any person without prior written consent from Bold;
2. Copy, adapt, translate, decompile, reverse engineer, disassemble, alter, modify or create derivative of the Bold Web Portal or any parts thereof, except to the extent permitted by applicable law or as otherwise provided in these ToS;
3. Delete or alter any disclaimers, warnings, copyright or other proprietary notices accompanying the Bold Web Portal and the Documentation; 
4. Use the Bold Web Portal in a way that could result in unauthorized access, damage, disable, overburden, impair or compromise Bold’s systems or security or interfere with other users of the Bold Web Portal;
5. Collect any information or data through and from the Bold Web Portal or Bold’s systems or attempt to decipher any transmissions to or from servers in connection to the Bold Web Portal.

 

5. Updates and support

5.1. From time to time Bold may update and change the Bold Web Portal and the Documentation in its sole discretion and without notice to you, for instance to improve performance, enhance functionality or address security issues. 

 

6. Data Protection

6.1. Under data protection laws, Bold is required to inform you about who Bold is, how Bold processes your personal data and for what purposes, and your rights in relation to your personal data and how to exercise them. This information is provided in the Bold Privacy Statement. We advise you to carefully read this information before using the Bold Web Portal. 

6.2. You are solely responsible for your processing of personal data of individuals whose use of the Bold Products is managed by you via the Bold Web Portal. You are also solely responsible for the legality of such personal data and shall comply with all your obligations under the data protection laws, including but not limited to the General Data Protection Regulation. Bold solely processes any such personal data on your behalf and acts as a data processor. In order to meet the obligation set out in art. 28(3) GDPR, you and Bold enter and comply with the Data Processing Agreement attached to these ToS as Exhibit 1.

 

7. Disclaimer 

7.1. Your use of the Bold Web Portal is at your own risk. 

7.2. The Bold Web Portal and the Documentation are provided on an “as is” and “as available” basis without warranty (garantie) – express or implied – of any kind. Bold specifically disclaims the warranty of fitness for a particular purpose. No oral or written advice given by Bold, its dealers, distributors, agents or employees shall create a warranty or in any way increase the scope of this warranty and you may not rely upon such information or advice.

 

8. Liability

8.1. The liability of Bold for any and all damages incurred by you in connection with the use of the Bold Web Portal and these ToS is excluded to the fullest extent.

9. Term and termination

9.1. These ToS will continue to be in force until terminated by you or Bold. Termination of these ToS entails that you are no longer able to use the Bold Web Portal.

9.2. You are free to terminate these ToS at any time by deleting your Bold Web Portal (and Bold App) account.

9.3. Bold is entitled to terminate these ToS with immediate effect or with effect from a later date specified by Bold at any time without stating reasons.

 

10. Miscellaneous

10.1. A failure by Bold to give notice to you of any breach or non-fulfilment of any provision, term or clause of these ToS shall not constitute a waiver thereof, nor shall the waiver of any breach or non-fulfilment of any provision, term or clause hereof constitute a waiver of any other provision, term or clause thereof.

10.2. The provisions of these ToS apply to the extent permitted under applicable law. In the event that certain provisions are not permitted, those provisions shall not apply to you, while the other provisions shall continue to apply. 

10.3. The Bold Web Portal may contain links to other websites, resources, or services which are proprietary to third parties, such websites, resources and services are provided for your information only and you access them at your own risk. Bold is not liable or responsible for the content or operation of third party websites, resources or services. Bold advises you to carefully read any applicable terms and conditions and privacy policies.

 

11. Governing law and disputes

11.1 These ToS and your use of the Bold Web Portal is governed by and construed in accordance with the laws of the Netherlands, excluding its conflicts of law rules. 

11.2. Any dispute between Bold and you shall exclusively be submitted to the competent court in Utrecht, the Netherlands. The foregoing shall not apply if you, within one month after Bold has invoked this provision, notify Bold in writing that you would like to submit this dispute to the competent court pursuant to applicable procedural law. 

 

1. EXHIBIT 1 – Data Processing Agreement

1. This Data Processing Agreement is an exhibit to and forms an inseparable part of the ToS between you (the Controller, as defined below) and Bold, regarding your use of Bold’s services.

2. Definitions

1. In addition to the definitions in the ToS, in this Processing Agreement the terms below have the meaning as indicated in this paragraph: 

 

“Controller”	You, a business user of Bold Products and the Bold Web Portal, acting as a data controller;
“Bold”	Bold Security Technology B.V. acting as a data processor;
“Applicable Laws”	any and all international, European, national, regional or local laws and rules, regulations, treaties, resolutions, statutes, judgments, court orders, codes of conduct (whether or not binding), guidelines or any other requirements of any relevant government agency or supervisory authority, to the extent that these apply in the Netherlands;
“Personal Data”	any personal data as defined in the Applicable Laws, provided to Bold by the Controller, or collected or generated by Bold in the scope of the fulfilment of the ToS;
“Data Breach”	a security breach leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, the Personal Data transmitted, retained or otherwise processed;
“Processing Agreement”	this Processing Agreement as concluded by the Controller and Bold, including any annexes thereto;
“Processing”	any processing of Personal Data, as defined in the Applicable Laws. “Processing”, “Processes” and “Processed” are interpreted accordingly;
“ToS”	these Terms of Service.

 

3. Scope and instruction

1. This Processing Agreement has been concluded with the purpose to comply with the requirements that the Applicable Laws set to the Processing of Personal Data by Bold. If the Applicable Laws require that this Processing Agreement is amended, each Party may present an amendment proposal, after which the Parties shall negotiate in good faith to reach an agreement, to secure the permanent compliance with the Applicable Laws.  
2. In the course of performing its obligations under the ToS, Bold shall only Process the Personal Data further to the written instructions by the Controller.

 

4. Compliance with the Applicable Laws

1. In the fulfilment of its obligations in the scope of this Processing Agreement, Bold shall always act in accordance with the Applicable Laws and the description of the Processing in Annex A.

2. Bold shall assist the Controller in ensuring compliance with its obligations pursuant to Applicable Laws and shall comply with all reasonable requests of the Controller in this respect. In particular, Bold shall reasonably support the Controller in the fulfilment of its obligations:  

1. To respond to requests of individuals exercising their rights under the Applicable Laws;
2. With respect to the protection of the Processing of the Personal Data, the notification of Data Breaches to competent authorities and data subjects, any possibly required privacy impact assessment and prior consultation of the competent supervisory authority.  

3. If Bold is of the opinion that an instruction given by the Controller shall lead to Bold not acting in accordance with the Applicable Laws, it shall immediately notify the Controller hereof. 

4. The Controller represents and warrants that it has a valid legal basis to process the relevant Personal Data. The Controller represents and warrants that the Personal Data and its Processing are not unlawful and do not infringe any rights of a third party.

 

5. Processing location

1. Bold shall only process the Personal Data in the European Economic Area and shall not transfer the Personal Data outside the European Economic Area without the Controller’s prior written consent. 

 

6. Security

1. Bold shall implement the technical, physical and organizational measures to protect the Personal Data against destruction, loss, alteration, unauthorized disclosure or access, and against all other forms of unlawful Processing (including unnecessary collection or further Processing). These measures are described in Annex B.

 

7. Confidentiality

1. Bold shall keep the Personal Data confidential and shall not provide the Personal Data to third parties, not being sub-processors, at all without the prior written consent of the Controller, except if data have to be disclosed to the competent authorities for the compliance with a legal obligation and the law in question prohibits Bold to obtain the Controller’s prior written consent. 

 

8. Data breach notifications

1. In case of a suspected or actual (i) Data Breach; (ii) breach of security measures; or (iii) breach of confidentiality obligations Bold shall inform the Controller as soon as possible after the first discovery of the incident. Bold shall take all reasonably required measures to prevent or limit any (further) unauthorized access, alteration and provision or any Processing that is illegal in any other way and to end each breach of the security measures or of the confidentiality obligation and to prevent this in the future. 

2. Bold shall make written arrangements with sub-processors on the notification of incidents as referred to in paragraph 7.1 above to Bold, which enable Bold and the Controller to comply with their obligations in the case of such incident pursuant to the Processing Agreement and/or Applicable Laws. 

 

9. Personnel

1. Bold shall take reasonable measures to ensure that the Personal Data are only accessible for Bold employees who need access to the Personal Data in order to fulfil their duty in the scope of the compliance with Bold’ obligations under the ToS. 

 

10. Sub-processors

1. Without the Controller’s prior written consent, Bold shall not engage any sub-processors. If Bold engages a sub-processor, it shall conclude a written agreement with this sub-processor, which shall in any case include that the sub-processor must act in accordance with all the stipulations in the Processing Agreement with respect to the Processing of Personal Data. This shall not alter Bold’ responsibility and liability for the compliance with the Processing Agreement.

 

11. Audit

1. Bold shall have performed an audit no more than once a year at the Controller’s prior written request by a competent authority or an independent IT-auditor to be appointed by the Controller who shall work under a confidentiality obligation with regard to the Bold organization in order to establish that Bold complies with the stipulations in the Processing Agreement and the Applicable Laws. 

2. The costs of an audit shall be borne by the Controller. 

3. Bold shall make its locations, technology, personnel and administration available for the audit and shall offer all cooperation and information that the Controller or a third party may reasonably need for an audit.  

 

12. Termination

1. This Processing Agreement shall become effective upon the Controller’s acceptance of the ToS and shall remain in force during the validity of the contract between the Controller and Bold, and thereafter for as long as necessary for the finalization of the agreed Processing of Personal Data.

2. Terms of this Processing Agreement that by their nature are intended to remain in force after termination shall remain in force after termination. 

3. After termination of this Processing Agreement, Bold shall end the Processing of the Personal Data and Bold shall remove the Personal Data in conformity with paragraph 12. 

 

13. Removal of data

1. Bold shall not retain the Personal Data any longer than necessary to comply with its obligations under this Processing Agreement or to comply with a legal obligation resting on it. 

2. At the Controller’s request, Bold shall remove or destroy the Personal Data, unless a legal obligation rests on Bold to continue the Processing of the Personal Data. 

 

14. Indemnification

1. The Controller shall indemnify Bold against all claims by third parties, including supervisory authorities and data subjects, and against all related damage and reasonably incurred costs that arise from any non-compliance with the Applicable Laws by the Controller or any action of Bold on the instruction of the Controller. 

 

 

Annex A – Description of the Personal Data Processing

Categories of Personal Data

• Logging data: number of activations, activation date, activation time and events, such as activation history.
• Personal details: First name and surname, telephone number and email address.
• Type of Bold Product.

 

Retention periods for each category of personal data

• Personal Data are stored in accordance with the Controller’s selected retention periods.
• Personal Data are only deleted upon the Controller’s instruction thereto once the Controller stops using the Bold Web Portal and/or Bold Products. The request will be processed within 2 months and lock data is stored for platform security reasons for a maximum of 12 months.

 

Categories of data subjects

• Individuals whose use of Bold Products is managed by the Controller (e.g. tenants, employees, guests).

Processing activities (nature and purpose of the Processing)

• Provision of services from Bold to the Controller: the Controller can manage its Bold Products, including but not limited to:
  • Configure who receives notifications regarding the activation of Bold Products.
  • Event logging, provided the Controller selects to enable this functionality: access and manage access rights in connection to the events log of the Bold Products.
  • Manage user rights, such as to add/remove additional users or permit the use of certain Bold Products.
     

Annex B – Description of technical and organizational measures

Bold must implement technical and organisational measures to secure the Personal Data, including all measures required pursuant to Article 32 of the GDPR. This annex sets out the technical and organizational security measures Bold applies when it Processes Personal Data in the context of its provision of services.

The security measures implemented by Bold will at least include:

• Access security
  User accounts are secured with passwords, access is assigned based on the users’ roles, periodic evaluation of access rights, logging of access to Personal Data.
• Data integrity
  Regular backups, logging changes to Personal Data, data integrity safeguarded by digital signatures or checksums and data entry checked.
• Organisational security
  Provision of information to employees regarding security, security policy in place, screening of employees.
• Physical security
  Limited access to the (physical) storage location of Personal Data: authorised employees only, surveillance with video cameras and guards.
• Network and data security
  Firewalls, antivirus software, encryption during storage and transmission, the use of secure communication channels and intrusion detection/prevention systems.
• Management of security incidents
  Action plan in the event of an incident such as a data breach.
• Testing and evaluation procedures
  Independent auditing of the security measures as implemented.
• Destruction of data
  Personal Data is destroyed irreversibly and storage media are destroyed in accordance with industry standards.