Terms of Service of Rakuten CPaaS GLOBAL SMS API

These Terms will apply to, and are incorporated by reference into, all Applications, orders or other agreements between Rakuten Symphony and User concerning the use of the Services (“Agreement”)

The rules regarding the use of the Services that Rakuten Symphony publishes on Rakuten Symphony’s website constitute a part of the Agreement.

In the event of any conflicts between the Agreement and the rules referred to in Section 1.2 above or other descriptions of the Services outside of the Agreement, the provisions of the Agreement shall take precedence and prevail.

“Applicable Laws” shall mean any statute, statutory instrument, regulation, order and other legislative provision, including any delegated or subordinate legislation, and any judgment of a relevant court of law or decision of a tribunal or competent authority, to the extent any of the foregoing applies to a Party’s performance of obligations under this Agreement in the relevant jurisdiction, including Japanese laws, such as the Act on Specified Commercial Transactions, and the Act on Regulation of Transmission of Specified Electronic Mail, and the Telecommunications Business Act, and laws and regulations relating to privacy, security, or protection of Personal Data, including, but not limited to, the EU General Data Protection Regulation (Regulation 2016/679) (GDPR); the Act on the Protection of Personal Information of Japan (APPI); the California Consumer Protection Act (CCPA), and the California Privacy Rights Act (CPRA) and any subsequent supplements, amendments, or replacements to the same.

“Affiliated Mobile Service Provider” shall mean the legal entity which operates a mobile telecommunications system or network that the Recipient has contracted with.

“Confidential Information” is defined in Section 15 (Confidentiality)

“Intellectual Property Rights” shall mean copyrights, patent rights, utility model rights, design rights, trademark rights and other intellectual property rights (including the right to obtain such rights and the right to apply for registration of such rights).

“Opt-in” shall mean the Recipient accepts receiving SMS sent by the User in advance.

“Opt-out” shall mean the Recipient refuses to receive SMS sent by the User.

"Personal Data" shall have the same meanings given to them in the GDPR (or, where the same or similar terms are used under other Applicable Laws).

“Recipient” shall mean a person who receives SMS through the Services.

“SMS” an abbreviation of “Short Message Services,” shall mean a set of systematized textual and numeric characters (text), transmitted to Recipients.

“SPAM” shall mean sending unsolicited SMS without obtaining prior express consent to receive SMS (including sending SMS to a list of telephone numbers without prior consent), sending SMS after consent to receive SMS has been withdrawn, or sending SMS for fraudulent purposes.

“User” shall mean a personal/an entity who enters into an Agreement with Rakuten Symphony to use the Services.

“User ID” shall mean the identifier given to User for the usage of the Services.

The person/entity that applies for the use of the Services (“Applicant”) may proceed with the application for the use of the Services (“Application”) when the Applicant agrees to these Terms.

Rakuten Symphony will notify the Applicant of the approval or rejection of the Application.

Subject to and in accordance with its standards, policies and procedures, Rakuten Symphony may determine in its sole discretion to withhold or deny approval of the Application for any reason, including, but not limited to, the following :

The User shall promptly notify Rakuten Symphony of any changes to the information provided during the Application, using the method specified by Rakuten Symphony.

If the User fails to make such necessary changes and, as a result, cannot receive notifications from Rakuten Symphony, or is unable to use the Services, Rakuten Symphony shall have no responsibility for such failure.

When Rakuten Symphony accepts the Application as stated in Section 3, Rakuten Symphony will provide the User with a User ID and the  corresponding password necessary for using the Service.

If the User is granted access to any Rakuten Symphony software, program, or platform via a User ID(s) in order to utilize the Services in any way, the User shall strictly manage its ID(s) and corresponding passwords for the Services at its own risk and shall not allow any third party to access, use or otherwise learn the User’s ID(s) or passwords. The User may only use the User ID(s) for the purposes of using the Services. For the avoidance of doubt, the may not under any circumstances, lend or assign its User ID(s) or passwords to a third party, change the name under which such User ID(s) and passwords are used, or sell, trade or otherwise dispose of the same.

User ID(s) may not be shared or otherwise used by multiple individuals or passed to other individuals. If an individual user leaves their role or no longer uses the Services for any reason, the User must delete or return the corresponding User ID and create or apply for a new User ID for any new individual that may use the Services

If the User creates or applies for more User IDs than is included in the license package purchased by the User or if Rakuten Symphony detects use of a User ID by multiple individuals, the User becomes liable to pay the corresponding fees for the license package covering the correct number of individual users.

The User will be responsible and liable for any and all claims, damages, loss, or harm arising from its failure to maintain the limited use and access to its unique User ID(s), and for any management or use or misuse by a third party of the same.

The User shall be responsible for managing the SMS sender number used in the Service at its own risk and on its own account.

The User shall notify Rakuten Symphony of the SMS sender numbers for the SMS and shall obtain the approval of Rakuten Symphony to those SMS sender numbers in advance. The User shall not change the SMS sender number without obtaining prior consent from Rakuten Symphony.

If the User changes the SMS sender numbers, or if Rakuten Symphony reasonably suspects that the same has occurred without notice to and prior approval from Rakuten Symphony, then Rakuten Symphony may, in its sole discretion, immediately suspend all SMS transmission by the User. If reasonably adequate remedial measures are taken to address the failure to comply with Section 6.2 above, Rakuten Symphony may restore all Services.

The User shall pay the fees corresponding to the number of SMS messages sent, or according to any other license package or usage criteria, in accordance with the Application or the fee table specified by Rakuten Symphony. The User shall make the payment of the fees using the method specified by Rakuten Symphony. Unless specified differently in the Application, the User shall make payment of the fees monthly in arrears by the end of the following month.

In the event of a delay in the payment of usage fees by the User, the User shall pay late interest to Rakuten Symphony calculated at the rate of fourteen point six percent (14.6%) per annum.

If the User is required to deduct or withhold taxes from the payment amount, the User shall gross up the necessary amount to the payment so that Rakuten Symphony receives the total amount reflected on the invoice. The User agrees to be responsible for any necessary deductions or withholding taxes and agrees to make the appropriate payment to the relevant authorities on behalf of Rakuten Symphony with the period allowed under Applicable Laws. The User will cooperate in good faith with Rakuten Symphony to minimize taxes with the legally permissible limits. To the extent applicable, the User or Rakuten Symphony will provide each other with resale certificates, use in multiple points certificates, treaty certificates, and other exemption information that the other party reasonably requests.

In the event of a tax audit or tax dispute with tax authorities (excluding withholding income tax) arising from the Agreement or if there are legal changes that affect the tax obligations of both parties, both parties agree to cooperate in resolving the issue.

Rakuten Symphony is entitled to require advance payment of anticipated fees, if the User has previously been late in paying fees or if Rakuten Symphony in its sole discretion considers the User a credit risk.

The User shall comply with the following provisions:

1. The User shall comply with the Applicable Laws and any requirements set out in any applicable industry or carrier code of conduct, guidelines, or similar requirements..
2. The User agrees that all SMS must identify User, including but not limited to the User name, brand name, company, or brand identity and personal or legal name of User, the URL address, the electronical mail address (including characters, numerical characters codes, etc.) to identify User of such content for receiving notification or other matters specified in the applicable ordinances of the Japan Cabinet or Ministry of Internal Affairs and Communications.
3. The User agrees that,  when required under Applicable Laws, no promotional or marketing content may be sent unless Recipient has consented to receive such content via specific opt-in.
4. The User agrees that, when required under Applicable Laws, all promotional and marketing content must contain a specific opt-out mechanism.
5. The User agrees not to send any electronic mail (including SMS content) falsifying the following information of the User:
   1. the electronic mail address used for sending electronic mail or
   2. codes, including characters, numerical characters, and marks, for identifying telecommunications facilities for sending said electronic mail.
6. The User agrees not to send any electronic mail to fictious electronic mail address for the purposes of sending electronic mails for its own or third-party’s sales activities.
7. The User shall not use any Services for any illegal, immoral, or improper purpose, including content containing defamatory statements, fraudulent, deceptive or misleading statements or adult-themed materials, or content that may lead to death, personal injury, physical or property damage or environmental damage or in any manner which contravenes Applicable Laws of the appropriate jurisdiction or mobile operator requirements as they exist and as they change over time and undertakes not to allow any third party to do so.
8. In the event that Rakuten Symphony receives any complaints from Recipients about SPAM sent through the Services, Rakuten Symphony shall notify the User that SPAM is being received and shall provide the User with all reasonable information, and the User shall immediately take appropriate action.
9. The User shall act in a timely manner and in any event not more than twenty-four (24) hours from the date of receipt of a communication pursuant to the above section to prevent the flow of SPAM to Recipient. The User shall immediately contact Rakuten Symphony informing it that SPAM has been sent, and the User and Rakuten Symphony shall immediately initiate efforts and work in good faith and exchange information to determine the source of SPAM as soon as possible after the incident. In addition, Rakuten Symphony may without liability, suspend the provision of the Services to the User in whole or in part with immediate effect. Following any such suspension, Rakuten Symphony shall recommence provision of the Services as soon as the proper and effective actions have been taken by the User to prevent further instances of SPAM complained of and as soon as it receives evidence from the User that adequate actions and measures have been put in place to prevent any other SPAM.
10. If Rakuten Symphony suspects the User’s accounts are being used to send SPAM:
    1. Rakuten Symphony may without prior notice immediately suspend some or all of the Services.
    2. Upon notice from Rakuten Symphony, the User must immediately take all necessary action to cease such SPAM, including suspending or terminating any user account.
    Rakuten Symphony and the User shall cooperate to cease the sending of SPAM, including sharing user details where necessary to identify the sender of SPAM.
11. If the User suspects that its account is being used to send SPAM, the User must immediately take all necessary action to cease such SPAM, including suspending or terminating any user account, and cooperate with Rakuten Symphony to cease such SPAM
12. The User agrees not copy, reverse engineer, modify, create derivative works of, distribute, sell, resell, assign, pledge, sublicense, lease, loan, rent, share, timeshare, grant a security interest, deliver, or otherwise transfer, directly or indirectly, any portion of or rights in the Services, customer portal, licensed data, or any of Rakuten Symphony’s software (including source code thereto), computer systems or networks, or otherwise make available the Services to third parties.
13. The User agree to maintain the confidentiality of its username and password of the client portal utilized to access the Services and to keep secure Rakuten Symphony’s API key. The User bears the sole responsibility for any requests sent from its account and/or via the User’s API and any and all usage of the Services via its account and any password and/or via the User’s API, any user or any third party, whether with or without the User’s permission. Any such usage shall be deemed to be User’s use of the Services. Either Rakuten Symphony and the User must immediately notify the other upon any disclosure of User’s account password or any unauthorized use of User’s account or if the User’s API key have been compromised.

The User must not engage in any of the following acts when using this Services:

1. Fraudulent or coercive acts against Rakuten Symphony, other users of the Service, or third parties or other businesses who are not contracting users under the Agreement
2. Acts that violate laws, regulations, or public order and morals
3. Acts that infringe upon the Intellectual Property Rights, publicity rights, privacy rights, reputation, or any other rights or interests of Rakuten Symphony, other users of the Services, or other third parties
4. The User must not send or transmit information through the Services that falls under, or as determined by Rakuten Symphony to fall under, the following:
   • Information containing excessively violent or cruel expressions
   • Information containing harmful computer programs or virus
   • Information containing expressions that defame the reputation or credibility of Rakuten Symphony, other users of the Services, or any third party
   • Information containing excessively obscene expressions
   • Information containing expressions that escalate discrimination
   • Information containing expressions that escalate suicide or self-harm
   • Information containing expressions that escalate the inappropriate use of drugs
   • Information containing antisocial expressions
   • Information seeking the dissemination of information to third parties, such as chain emails
   • Information containing expressions that cause discomfort to others
5. Acts that excessively burden the network, system, or other components of the Services.
6. Acts that may hinder the operation of the Services.
7. Unauthorized access to Rakuten Symphony and its affiliate’s network, system, or other components.
8. Acts that violate Section 6 (SMS Sender Number) or impersonate a third party.
9. Using the User ID or password of other users of the Services.
10. Collecting information of other users of the Services.
11. Acts that cause disadvantages, damages, or discomfort to Rakuten Symphony, other users of the Services, or other third parties.
12. Acts that violate the rules regarding the use of the Services published on Rakuten Symphony’s website.
13. Providing benefits to Anti-social Forces (including but not limited to: organized crime, member of a criminal organization, a person who has been a member of a criminal organization in the past five years, a quasi-member of a criminal organization, organized crime-related entity, corporate extortionist, racketeering organization, violence group with special intelligence, or any person who is equivalent to the foregoing, collectively “Anti-Social Force(s)”) or similar entities.
14. Acts with the purpose of meeting unfamiliar persons.
15. Acts that directly or indirectly cause or facilitate the aforementioned acts.
16. Attempts to engage in the aforementioned acts.
17. Any other acts deemed inappropriate by Rakuten Symphony.

Any and all Intellectual Property Rights related to Rakuten Symphony’s website and the Services belong to Rakuten Symphony or any individual or entity that has granted a license to Rakuten Symphony. The grant of license to use the Services under the Agreement will not constitute a grant of license to use such Intellectual Property Rights.

The User represents and warrants to Rakuten Symphony that it is duly authorized to post or send the SMS that such SMS does not infringe any Intellectual Property Rights of any third party.

The User agree not to exercise moral rights against Rakuten Symphony or any individual or entity to which the Intellectual Property Rights has been assigned or a license granted by Rakuten Symphony.

If the User falls under any of the following reasons, Rakuten Symphony will notify the User in advance by the method determined by Rakuten Symphony and suspend the use of the Services for a period deemed appropriate by Rakuten Symphony.

1. Violation of any provision of the Agreement
2. Discovery of false information in the details provided in the Application (including changes as specified in Section 4).
3. Suspension of payment or insolvency, commencement of bankruptcy proceedings, civil rehabilitation proceedings, corporate reorganization proceedings, special liquidation proceedings, or filing of similar proceedings.
4. Failure to receive notifications from Rakuten Symphony.
5. Any other circumstances where Rakuten Symphony determines that the use of the Services or the continuation of the contract is not appropriate.

Rakuten Symphony may suspend the provision of all or part of the Services without a prior notification tothe User if any of the following matters occurred:

1. When Rakuten Symphony or Affiliated Mobile Service Provider conducts inspection or maintenance of the telecommunications equipment related to the Services
2. In the event of computer malfunctions, communication line issues, operational errors, excessive concentration of access, unauthorized access, hacking, or any other circumstances that prevent the operation of the Services
3. In the event that the operation of the Services becomes impossible due to force majeure events such as earthquakes, lightning, floods, power outages, natural disasters, or geological changes
4. In any other cases where Rakuten Symphony deems it necessary to suspend the Services

The User may terminate the Services by notifying Rakuten Symphony through the prescribed method.

Rakuten Symphony is entitled to terminate the Services, the Agreement and any corresponding rights to use the Services by the User if the User falls under any of the reasons in Section 10.1, and the condition has not been resolved even after the expiration of the suspension period.

Rakuten Symphony is entitled to terminate the Services, the Agreement and any corresponding rights to use the Services by the User if any of the events specified in Section 10.2 occurs, and Rakuten Symphony deems, in its sole discretion, that the operation of the Services is unlikely to be restored.

Rakuten Symphony may change the details of the Services or terminate the provision of the Services at its own convenience and for any reason, and shall not be obligated to notify the User except in the event that Rakuten Symphony decides to terminate the provision of the Services entirely, in which case Rakuten Symphony will notify the User at least one (1) months prior to such termination.

In the cases set forth in Sections 11, 12.1 and 12.2 above, if the User owes any obligation to Rakuten Symphony, the due date of any and all such obligation owed by the User to Rakuten Symphony will be accelerated to the date of termination of the Services, and such obligation will immediately become due and payable to Rakuten Symphony in full, or if the foregoing is not commercially practicable, then such obligations shall survive the termination of this Agreement for the specific period of time necessary for their prompt settlement as if this Agreement had not been terminated specifically with respect thereto.

THE SERVICES ARE PROVIDED “AS IS”. RAKUTEN SYMPHONY DOES NOT PROVIDE ANY WARRANTIES, WHETHER EXPRESS OR IMPLIED, REGARDING THIS SERVICES, INCLUDING BUT NOT LIMITED TO ITS FITNESS FOR A PARTICULAR PURPOSE, EXPECTED FUNCTIONALITY, PRODUCT VALUE, ACCURACY, USEFULNESS, TIMELESS, COMPLIANCE WITH APPLICABLE LAWS OR INTERNAL REGULATIONS OF REGULATORY BODIES OR INDUSTRY ASSOCIATIONS THAT MAY APPLY TO THE USER, CONTINUOUS AVAILABILITY, OR ABSENCE OF MALFUNCTIONS.

Except for Rakuten Symphony’s willful misconduct,Rakuten Symphony shall not be liable for any indirect incidental, consequential, exemplary, special or punitive damages incurred by the User, including without limitation any loss of profit, revenue or income, loss or use of data, or interruption of business, however arising and whether an action in contract, tort, negligence or any other theory of liability, even if the User has been advised of the possibility of such damages.

In no event shall Rakuten Symphony’s total liability to the User under the Agreement, however arising and whether an action in contract, tort, negligence or any other theory of liability, exceed the greater of fifty United States Dollars ($50.00) ten (10) present of the total usage fees the Users has paid to Rakuten Symphony in the 12 months preceding the liability event or any minimum amount allowed under applicable laws and regulations for the duration of the entire Agreement. The foregoing limitations will apply even if the above stated remedy fails of its essential purpose.

The User shall defend, indemnify and hold harmless Rakuten Symphony, its affiliates, and their respective officers, directors, agents and employees (collectively, the “Indemnified Party”) against any and all claims, demands, actions, liabilities, costs, expenses, damages and losses (including attorneys’ fees and labor costs required to resolve disputes and lost profits) suffered or incurred by the Indemnified Party arising out of any claim made by any third party (including Recipients) related to or arising from:

1. any actual or alleged infringement of third-party rights, including infringement, violation or misappropriation of Intellectual Property Rights, Confidential Information or other protected or legal rights of any third party, regarding use of the Services;
2. breach of any of the User’s obligations, warranties or representations under these Terms; or
3. any personal injuries or damage to physical property.

All confidential information, disclosed by a party hereto ("Disclosing Party"), which

1. if delivered in tangible form (including by e-mail), is clearly marked as "Confidential" at the time of disclosure,
2. if delivered orally, is designated upon delivery as confidential and delivered in tangible form (including by e-mail) marked as "Confidential" within five (5) business days after such oral delivery, or
3. should reasonably be understood as being confidential in the context of its disclosure ( “Confidential Information”), will be safeguarded and kept confidential by the other party ("Receiving Party") in accordance with this Section 15, during the term of this Agreement and for three (3) years thereafter. The Disclosing Party’s Confidential Information shall be safeguarded by the Receiving Party to the same extent that it safeguards its confidential materials of similar importance; provided, however, that the Receiving Party uses at least reasonable care. Without limiting the generality of the preceding sentence, the Receiving Party shall:

1. not use the Disclosing Party’s Confidential Information for any purpose other than in the performance of its obligations and the activities contemplated under this Agreement;
2. restrict disclosure of the Disclosing Party’s Confidential Information to only its employees, directors, officers and agents who have a "need to know" such Confidential Information for the purposes of this Agreement; and
3. ensure and instruct and require its employees, directors, officers and agents to maintain the confidentiality of such Confidential Information and not to use such Confidential Information except as expressly permitted under this Agreement.

Notwithstanding the foregoing, Rakuten Symphony may disclose the User’s Confidential Information to Rakuten Symphony’s agents, subcontractors and affiliates, to the extent necessary to perform the activities contemplated under this Agreement; provided, however, that Rakuten Symphony shall impose confidentiality obligations substantially similar to those provided for in this Section 15 on such agents, subcontractors and affiliates.

The foregoing confidentiality obligations shall not apply to information which:

1. now or hereafter, through no act or failure to act on the part of the Receiving Party, is or becomes generally known or available;
2. was in the Receiving Party’s possession at the time of disclosure and without restriction as to confidentiality;
3. is furnished to the Receiving Party by a third-party without breaching confidentiality obligations; or
4. is independently developed by the Receiving Party without use of the Disclosing Party’s Confidential Information.

Notwithstanding the foregoing, the Receiving Party may disclose the Disclosing Party's Confidential Information to the extent required by law or as requested by any court or governmental authority; provided, that prior to complying with any such requirement or request, the Receiving Party shall

1. provide the Disclosing Party with reasonable advance notice of such requirement or request so that the Disclosing Party may seek a protective order or other appropriate remedy or waive compliance with the provisions of this Agreement;
2. cooperate with the Disclosing Party in protecting against any such disclosure and/or obtaining such a protective order or other appropriate remedy that narrows the scope of the disclosure;
3. disclose only such Confidential Information as is required; and (d) use commercially reasonable efforts to obtain confidential treatment for any Confidential Information so disclosed.

All Confidential Information of a Disclosing Party shall remain the sole property of such Disclosing Party. The Receiving Party shall have no rights to the Confidential Information of the Disclosing Party except as may be expressly provided in this Agreement. After the expiration or termination of this Agreement for any reason, upon written request, each Party shall promptly
(i) discontinue the use of, and return within five (5) business days all originals and copies of, any Confidential Information of the other Party that has been fixed in any tangible means of expression; and (ii) erase any such Confidential Information that has been stored by electronic means and provide to the other Party a written certification of such erasure.

User and Rakuten Symphony shall process Personal Data in accordance with the provisions of the Data Processing Addendum.

The use of any API or web-based platform in connection with the Services is subject to the applicable Privacy Policy.

Rakuten Symphony may use and disclose the information and data provided by the User, in an aggregated and anonymized from as statistical information, at Rakuten Symphony’s discretion. The User agrees not to raise objections to this practice

Rakuten Symphony reserves the right to modify these Terms if deemed necessary. In the event of any modifications to these Terms, the effective date and content of the modified Terms will be announced on Rakuten Symphony’s website or notice will be given to the User directly through such means as Rakuten Symphony deems reasonable to communicate the notice of change. However, if the User’s consent is required for such modifications under Applicable Laws, Rakuten Symphony will obtain the User’s consent as required.

Any notice or report pursuant to these Terms shall be in writing or by electronic means, and in English andbshall be deemed given:

1. upon receipt when delivered personally;
2. three business days in the country of origin after mailing if sent by registered air mail (or internationally recognized express mail such as DHL), postage paid, addressed to the other party hereto at the address as designated by the party by written notice; or
3. upon receipt if sent by electronic means. Any notices, demand or other communications required or permitted to be given or made under or in connection with this Agreement shall be in writing and delivered personally or sent by pre-paid registered post or email (with receipt confirmed) to the designated addresses of the parties.

Neither the Agreement nor any of the rights and obligations stipulated herein may be assigned, delegated, pledged or otherwise encumbered or disposed of, in whole or in part, by either party to a third-party without prior written consent of the other party hereto. Any attempt to do so without the other party’s prior written consent shall be null and void. Notwithstanding the foregoing, Rakuten Symphony may assign the rights and obligations under the Agreement to any affiliate without the consent of the User.

The failure of either party to enforce at any time any provision of this Agreement shall not be construed to be a waiver of any such provision and shall not affect the validity of the Agreement or these Terms or the right of either Party to enforce such provision in the future. No waiver of any breach of the Agreement shall be construed to be a waiver of any other breach.

Neither party shall issue any press release or other announcement relating to the Services without the other party’s prior written consent, which shall not be unreasonably withheld. The parties agree to cooperate on the preparation and issuance of appropriate announcements.

No termination or expiration of the Agreement shall release any party from any liability or obligation which at such time has already accrued to the other party, and shall not constitute a waiver or release of, or otherwise be deemed to prejudice or adversely affect, any rights, remedies or claims, which a party may have under theAgreement which may arise out of, in connection with or relating to such termination or expiration. The rights and obligations of the parties under this Section 22 and Sections 7 (Fees and Payment Methods), 9 (Ownership of Rights), 11 (Termination by User), 12 (Termination by Rakuten Symphony), 13 (Payment after Termination of the Services), 14 (Disclaimer and Limitation of Liability), 15 (Confidentiality), 16 (Handling of User Information and Data Security), 17 (Modification of these Terms), 18 (Notices), 25 (Governing Law and Dispute Resolution), shall survive any termination or expiration of this Agreement.

1. both parties shall complete delivering the obligations that have not specifically cancelled upon termination; and
2. the User shall pay for all Services previously performed by Rakuten Symphony and all Services subsequently  performed by Rakuten Symphony referred to in sub-section (i) above.

If any event of force majeure, including, but not limited to, disasters, fire, war, acts of terrorism, civil commotion, strikes, governmental regulations or other occurrences beyond the reasonable control of either party, shall occur and make it impracticable for either party to perform its obligations set forth in this Agreement, the affected party shall promptly deliver to the other party a notice setting forth the details of such event of force majeure. Upon such notice, the provisions of these Terms related to such performance shall be suspended, but only for as long as and to the extent that the impediment exists. In the event of such suspension, the affected party shall use its best efforts to overcome the cause and effect of such suspension.
If such suspension lasts for a period of two (2) months, the non-affected party shall have the right to terminate the Agreement immediately upon written notice to the affected party.

If any term, provision, covenant or condition of these Terms or the application thereof is held by a court of competent jurisdiction or any other lawful tribunal, administrative or other authorities to be invalid, void, unenforceable, or contrary to law, then the validity of the remaining provisions of this Agreement shall remain in full force and effect and shall in no way be affected, impaired, or invalidated. In such instance, the parties shall use their best efforts to replace the invalid, void or unenforceable provisions, or provisions being contrary to law, with legally valid and enforceable provisions approximating to the extent possible the original intent of the parties hereto.

These Terms and the Agreement shall be, governed by the laws of Singapore without regard to its choice of law rules. The United Nations Convention on Contracts for the International Sale of Goods shall not apply to this Agreement.

Any dispute arising out of or in connection with the Agreement, including any question regarding its existence, validity or termination shall be settled by arbitration in Singapore. Such arbitration shall be administered by the Singapore International Arbitration Centre (SIAC) in accordance with its then current arbitration rules, which are deemed to be incorporated by reference in this Section 25. The Tribunal shall consist of 1 arbitrator. The language of arbitration shall be English.

ThisDPA is supplemental to and an integral part of the Terms of Service of Rakuten CPaaS GLOBAL SMS API (hereinafter “the Terms”), and shall prevail in case of contradiction between this DPA and anyother terms.

Forthe Purposes of this DPA:

1. "Personal Data", "special categories of data"/“sensitive data”, "process/processing", "Controller", "Processor", "data subject", “personal data breach” and "supervisory authority" shall have the same meanings given to them in the GDPR (or, where the same or similar terms are used under another applicable Data Protection Law, the meanings given to such terms under such Data Protection Law).
2. "Account Information” means Personal Data processed in connection with the creation or administration of User’s account. For example, Account Information may include personnel’s names, User ID, phone numbers, email addresses, and User activity.
3. “APPI” means Act on the Protection of Personal Information of Japan.
4. “Appropriate Safeguards” means a legally binding mechanism which, under applicable Data Protection Law, enables the lawful transfer of Personal Data to a Third Country.
5. “CCPA” means the California Consumer Privacy Act of 2018.
6. “Data Protection Law(s)” means privacy or data protection laws that apply to Personal Data processed by Rakuten Symphony, including, but not limited to, the APPI, the CCPA, the GDPR, the PDPA, or any successor(s) to any of those, as well as any other applicable data protection law.
7. “GDPR” or “UK GDPR” means Regulation (EU) 2016/679 of the European Parliament and the Council (General Data Protection Regulation) and it equivalent in the UK.
8. “PDPA” means the Singapore Personal Data Protection Act 2012.
9. “SCC” means the Standard Contractual Clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 in accordance with Commission Implementing Decision (EU) 2021/914 of 4 June 2021.
10. “Third Country” means a country not providing adequate Personal Data protection in accordance with applicable Data Protection Laws. For clarification purposes, under the APPI the definition of Third Country is equal to the definition of foreign country.
11. “Traffic Information” means Personal Data processed to enable the transmission of information via electronic telecommunication networks, and billing thereof.
12. “UK Addendum” means the International Data Transfer Addendum to the EU Commission Standard Contractual Clauses, VERSION B1.0, in force 21 March 2022.
13. “User Data” means Personal Data processed as contained in the content which transmission via electronic telecommunication networks and as initiated by User via the Services, and reports related to such transmission.

Regarding User Data, the Parties agree that under this DPA, Rakuten Symphony is a Processor whenever User is a Controller, and Rakuten Symphony is a sub-Processor whenever User is a Processor. Rakuten Symphony shall not be deemed a Controller except as provided in clause 2.2 below. Rakuten Symphony will process User Data only: (i) on behalf of User and in compliance with its lawful and documented instructions within the scope of performing the Services; and (ii) as required under Applicable Law or a valid and binding order of a law enforcement agency, subpoena or court order.

Regarding Account Information and Traffic Information, the Parties agree that Rakuten Symphony is an independent Controller. Rakuten Symphony may process Account Information and Traffic Information for the following purposes only: (i) providing the Services, (ii) detecting security incidents, (iii) protecting Rakuten Symphony, User, and other users of the Services against fraudulent or illegal activity, (iv) improving stability and performance of the Services, and (iv) exercising Rakuten Symphony’s legal rights and fulfilling its legal obligations. (v) Rakuten Symphony may also process Account Information to improve existing features or develop new features of the Services.

Rakuten Symphony shall not use Personal Data for profiling or advertising, combine it with any other data sourced from third parties except for a business purpose expressly permitted by Data Protection Law, nor shall Rakuten Symphony sell or make available Personal Data to third parties for monetary or other valuable consideration.

The details of the processing activities carried out by Rakuten Symphony are specified in Schedule 1.

The Parties agree that the following instructions constitute User’s complete and final documented instructions: (i) the Terms, including this DPA; (ii) User’s actions within the Services via the interfaces made available to User (including API and web-based platform); and (iii) reasonable written instructions pursuant to clauses 4.e, 4.f, 4.g and 4.h below. Any other instruction will be deemed as attempted instruction, and must be agreed on between the Parties, including an agreement on any additional fees payable by User to Rakuten Symphony for carrying out such instructions.

Rakuten Symphony shall:

1. process Personal Data in compliance with applicable Data Protection Laws;
2. treat Personal Data in a confidential manner, and have in place and maintain appropriate technical and organisational security measures to protect Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, or other unlawful forms of processing, which shall include at least measures referenced in Schedule 2;
3. ensure that all relevant employees, agents or sub-contractors authorized to process Personal Data (i) have committed themselves to confidentiality or are under a statutory obligation of confidentiality; (ii) access it only on a need-to-know basis; and (iii) receive adequate training regarding their responsibilities in connection with Personal Data;
4. not disclose User Data to any individual or entity other than User without the written consent or request of User, except to those of Rakuten Symphony's employees, agents, or sub-Processors who are engaged in the processing of User Data, or as otherwise provided for by this DPA;
5. identify to User a point of contact within its organisation authorised to respond to enquiries concerning processing of Personal Data, and keep a record of all processing activities carried out on User Data;
6. provide User with reasonable cooperation and assistance considering the information and interfaces already made available to User, in relation to: (i) request to exercise rights received from or on behalf of a data subject; (ii) data protection impact assessments; and (iii) regulatory consultation that User is legally required to make with respect to Personal Data;
7. notify User without undue delay if it becomes aware of:
   • any legally binding request for disclosure of User Data by a law enforcement authority unless notification is prohibited by law;
   • any personal data breach of User Data processed by Rakuten Symphony or a sub-Processor; or
   • any complaint, communication or request received directly by Rakuten Symphony or a sub-Processor from, or on behalf of, a data subject regarding User Data;
8. upon discovery of any personal data breach of Personal Data:

   • promptly take action to mitigate the effects, or potential effects, of the personal data breach and to prevent any further personal data breach; and

   • provide User with reasonable and prompt cooperation and assistance in relation to any notifications that User is legally required to make as a result of the personal data breach.

User warrants and undertakes that:

1. User’s instructions, or instructions carried out on behalf of a Controller as the case may be, comply with applicable Data Protection Laws;
2. it is authorized to use Rakuten Symphony and the Services;
3. it will, to the extent required by applicable Data Protection Laws, inform or collect consent from data subjects or Controller regarding the processing carried out by Rakuten Symphony in its capacity of Processor or sub-Processor of User Data;
4. it will, to the extent required by applicable Data Protection Laws, inform or collect consent from data subjects or Controller regarding the processing carried out by Rakuten Symphony in its capacity of Controller of Account Information and Traffic Information;
5. it will notify Rakuten Symphony without undue delay if it becomes aware of any complaint or request received by User from, or on behalf of, a data subject regarding processing carried out by Rakuten Symphony of Account Information and Traffic Information, and will direct data subject or its mandatee to Rakuten Symphony without adding further to that response;
6. it will identify to Rakuten Symphony a point of contact within its organisation authorised to receive and follow up on notifications concerning processing of Personal Data.

User grants Rakuten Symphony a general authorization to use sub-Processors to process User Data in connection with provision of the Services under the Terms, provided that Rakuten Symphony shall do so only by way of a written agreement with the sub-Processor which imposes same obligations on the sub-Processor as are imposed on Rakuten Symphony under this DPA. Rakuten Symphony shall remain liable to User for the acts or omissions of sub-Processors that result in a breach of this DPA.

User acknowledges that Rakuten Symphony may use sub-Processors referenced in the list accessible in Schedule 3, and appoint from time to time new sub-Processors. Rakuten Symphony shall notify User of any appointment of a new sub-Processor and update of Schedule 3 no less than thirty (30) days before allowing said new sub-Processor to process User Data, in order to afford User adequate time to object. User shall subscribe to receive notification as described in Schedule 3.

User may object in good faith and based on reasonable grounds to appointment of a new sub-Processor, by notifying Rakuten Symphony in writing and providing reasonable grounds for its objection within the period provided in clause 6.2 above. Rakuten Symphony shall, at its sole discretion: (i) propose an alternative sub-Processor; (ii) propose reasonable adjustments to the Services to prevent User Data from being processed by the new sub-Processor; or (iii) allow User to terminate without penalty the portion of the Services that is affected by the new sub-Processor, and refund to User any credit or prepaid fee for the terminated Services.

Rakuten Symphony shall not transfer Personal Data to a Third Country unless said transfer is assorted with Appropriate Safeguards. The obligations herein shall also apply to any onward transfer to another Third Country, or to another entity within the same country.

User acknowledges that Rakuten Symphony may notify User of the Appropriate Safeguards chosen at its sole discretion, and shall process Personal Data accordingly. Absent such notification, and to the extent that the GDPR or UK GDPR are applicable to Personal Data, Rakuten Symphony and User are presumed to have entered the SCC and the UK Addendum as below:

1. The SCC and UK Addendum shall be deemed to be completed as follows, where applicable:
   • Exporter: User, Importer: Rakuten Symphony
   • Module:
     (1) Controller to Controller: for Account Information, and for Traffic Information if User is acting as Controller of Traffic Information;
     (2) Controller to Processor: for User Data if User is acting as a Controller of User Data;
     (3) Processor to Processor: for User Data if User is acting as Processor of User Data;
     (4) Processor to Controller: for Traffic Information if User is acting as Processor of Traffic Information;
   • Clause 7: the optional docking clause does not apply;
   • Clause 9: Option 2 (General Authorization);
   • Clause 11: the optional language does not apply;
   • Clause 17: Option 2 does apply. Where the respective EU member state does not allow for third-party beneficiary rights, the law of Luxembourg shall apply;
   • Clause 18(b): disputes shall be resolved before the courts of Luxembourg;
   • Annex I A shall be deemed completed with the information of the Parties of this DPA;
   • Annex I B shall be deemed completed with the information set out in Schedule 1 to this DPA;
   • Annex I C: The competent supervisory authority shall be the National Commission for Data Protection of the Grand-Duchy of Luxembourg (“CNPD”);
   • Annex II shall be deemed completed with the information set out in Schedule 2 to this DPA;
   • Annex III shall be deemed completed with the information set out in Schedule 3 to this DPA.
2. The terms of this DPA shall not vary the SCC or UK Addendum in any way.
3. In the event that the SCC or UK Addendum are amended, replaced or repealed, Rakuten Symphony shall, at its sole discretion: (i) chose alternative Appropriate Safeguards, including any updated version of the SCC or the UK Addendum; (ii) propose reasonable adjustments to the Services to prevent Personal Data from being transferred to a Third Country; or (iii) allow User to terminate without penalty the portion of the Services that is affected by the transfer to a Third Country, and refund to User any credit or prepaid fee for the terminated Services.

To the extent required under applicable Data Protection Law, User may, on giving at least thirty (30) day-notice to Rakuten Symphony, at its own cost, inspect or appoint representatives to inspect all facilities, equipment, documents and electronic data relating to the processing of User Data by Rakuten Symphony to audit that Rakuten Symphony is complying with its obligations under this DPA.
User may exercise its audit right at reasonable intervals and no more than once per calendar year, or if there are indications of non-compliance with this DPA, and only during business days and hours of the relevant location of the facilities, equipment, documents, or data that are audited.

To the extent permissible by law, each Party’s liability, arising out of or related to one or more breaches of this DPA, whether in contract, tort or under any other theory of liability, is subject to the ‘Disclaimer and Limitation of Liability’ section of the Terms.

User may instruct Rakuten Symphony to delete User Data at any time, via the interfaces made available to User. Rakuten Symphony shall carry out this instruction within reasonable time, unless Applicable Law requires storage of User Data.

User hereby instructs Rakuten Symphony, on termination of the Services, to delete all User Data and copies thereof, unless Applicable Law requires storage of User Data.

Where storage is required by Applicable Law, Rakuten Symphony shall maintain its obligation under this DPA and shall process User Data only as necessary to comply with Applicable Law.

This DPA shall remain into effect until User Data has been deleted by Rakuten Symphony as described in this DPA.