These Terms of Service apply to all customers who signed up to Horta.
Article 1: Applicability
These terms of service (“Terms”) constitute the agreement (“Agreement”) between Horta B.V, with its address at Murdoch Mackenziestraat 14, 1086 WH in Amsterdam, registered with the Dutch Trade Register with number 87186187 (“we”, “us”, “Horta”) and any legal entity that uses our Services (“you” or “Customer” and together with Horta “Parties”).
Horta’s Data Processing Addendum (“DPA”) and – if applicable – Horta’s specific proposal accepted by Customer (“Proposal”) are an integral part of this Agreement and shall have the same force and effect as set out in this Agreement. Any reference to this Agreement shall include the Data Processing Addendum and the accepted Proposal (if applicable). In the event of a conflict between provisions of the Agreement, the Proposal shall prevail over the DPA and the Terms, and the DPA shall prevail over the Terms.
Article 2: Our Services
We offer access to candidate sourcing software in the form of Software as a Service (“SaaS”) as-is, that enables you to create a email job alert, for which talent (the “Talent”) can subscribe. We provide several subscription models (“Services”), each with their own set of functionalities, which are detailed at www.horta.io/#pricing (“Service Description”) and can be modified from time to time. Upon selection of the requested Service, you will receive a confirmation email, and in case of a paid Service, also an invoice that sets out the Service you selected, which invoice is an integral part of the Agreement.
Article 3: Upgrading or Downgrading
3.1 You can at any time upgrade the Service provided to you to a more comprehensive Service. Upon selection thereof and receipt of the confirmation email sent by us, your Service is expanded and you can immediately use the additional functionalities associated with the new Service as set out in the Service Description.
3.2 When downgrading your Service, the downgrade, including its corresponding adjustment of functionalities, adjusted Fee and duration, will be in effect upon expiry of the current term.
Article 4: License
Subject to the provisions of the Agreement and payment of the applicable Fees, we hereby grant you a non-exclusive, worldwide, non-transferable and non-sublicensable license to use the relevant Service for recruitment purposes (“License”). The License is granted to you only for the term of this Agreement and terminates automatically upon termination of the Agreement on any grounds.
Article 5: Fees
5.1 The applicable fees (“Fees”) as compensation for the provision of each Service are set out in the Service Description at www.horta.io/#pricing, unless Parties have agreed on a different fee as further specified in the Proposal. The Fees are in EUR and exclusive of VAT. For the provision of the Free Service, no Fee is due. The Fees are paid in advance and will be automatically invoiced and collected by Horta by means of a direct monthly or yearly SEPA transfer or through Customer’s registered credit card account. If such payment is not possible, Customer shall update its payment details within 12 days of the first failed payment.
5.2 When upgrading from a Free Service to a paid Service, such upgrade is only possible after providing the required payment details and payment of the applicable Fee. Upon payment of the applicable Fee connected to the upgraded Service and receipt of the confirmation email, that Service, including its functionalities and duration, will be in effect.
5.3 Upon upgrading from a paid Service to another, more comprehensive paid Service, the Fee paid in connection with the prior Service shall be deducted from your first payment of the new Fee pro rata, taking into account the time of the old term not yet expired.
5.4 Upon downgrading the decreased Fee will become due upon expiry of the prior Service’s term.
5.5 We may reasonably adjust the applicable Fees in writing, observing a notice period of at least three (3) months. If you do not agree with the Fee adjustment, you are entitled to terminate the agreement within thirty (30) days after notification of the adjustment, which termination shall take effect on the date on which the new Fees would take effect.
Article 6: Intellectual Property
6.1 You acknowledge and agree that the provision of the Services does not include the sale, grant or transfer of any intellectual property rights (including but not limited to copyrights, patents, trademarks, trade names and database rights and/or similar rights) (“Intellectual Property Rights”). Horta or its licensors shall retain all Intellectual Property Rights in and to all the Services made available to you under the Agreement. The License is the sole use-right of the SaaS provided to the Customer.
6.2 For the avoidance of doubt: for standard software which is required for the SaaS but which is not a part of the SaaS, such as operating system software, browser software, plugins, interface software, as well as similar third party software, Customer shall acquire a use-right for all such ancillary software at its own expense
6.3 You are responsible for the lawfulness and correctness of all data you submit by using the Service. You are liable for all interruptions, delays and other issues that are caused by errors or viruses contained in that data. You shall indemnify us and hold us harmless against any action or allegation that our use and/or incorporation of that data infringes any third party rights. If a third party asserts that the data used by you in the Services violates their intellectual property rights, we reserve the right to ask you to remove the allegedly infringing item. If you fail to do so within a reasonable period of time, we may suspend or terminate the Agreement.
Article 7: Availability and Maintenance
7.1 Horta shall use commercially reasonable efforts to make the SaaS available twenty-four (24) hours a day, unless the access to the SaaS must be suspended due to maintenance of the SaaS or the systems of Horta or of a third party appointed by Horta. You agree that Horta in no way warrants a certain level of availability.
7.2 The Service is provided to you as-is. Horta has no obligation to modify or add functionalities to the Service. However, Horta may make new applications, tools, features or functionalities available for the Service from time to time, the use of which may be contingent upon Customer’s agreement to additional terms
7.3 Horta may make commercially reasonable updates to the SaaS and may modify the functionality or features of the Service at any time, provided that such updates and modifications do not materially denigrate the functionality of the Service. Horta will not be liable to Customer or any third-party for any such update or modification.
7.4 It may be necessary for Horta to perform scheduled or unscheduled repairs or maintenance, or patch or upgrade the Service, which may temporarily degrade the quality of the Service or result in a partial or complete outage of the Service. Although Horta cannot guarantee that Customer will receive advance notice of repairs or maintenance, Horta will endeavor to provide reasonable notice of scheduled repairs and maintenance
7.5 Horta may suspend all or part of the Services or the access to or use of personal data stored in the Service (i) if Customer is delinquent on payment obligations for 12 (twelve) days or more; or (ii) upon receipt of a subpoena or law-enforcement request; or (iii) when Horta has a commercially reasonable belief that Customer has breached this Agreement or that Customer’s use of the Service poses an imminent security risk or may subject Horta to liability. Horta will use commercially reasonable efforts to give Customer at least 72 (seventy-two) hours’ notice of a suspension unless Horta determines in its commercially reasonable judgment that a suspension on shorter or contemporaneous notice is necessary to protect Horta. Customer shall not set off or suspend any payment.
Article 8: Support
If as a Customer you have problems accessing or using the Service, you can reach the Support department of Horta by email during office hours in CET through firstname.lastname@example.org.
We will respond to you within a reasonable time and will use our best efforts to solve the problem. Support priority may be dependent upon the Service, as detailed in the Service Description.
Article 9: Security
Horta takes appropriate technical and organizational security measures with the objective to protect your information against loss, misuse and unauthorized access, alteration, disclosure or destruction. All information transferred between you and us, or between you and other users, is shared with us only on a strictly need to know basis (e.g. to help you retrieve access to your account), and is treated as strictly confidential. Our technical and organizational security measures are set out under “Security Measures”.
Article 10: No representation
We do not check or view the content placed on our Service and we are under no obligation to verify profiles submitted to you by Talent. We make no representation or warranty in that respect. You warrant that the content you submitted on our Service is not defamatory, obscene, pornographic, offensive, indecent, threatening, intimidating, hateful, objectionable or in any way unlawful and does not infringe any third party rights. If you notice anything on our Service that violates this Agreement, please notify us immediately via email@example.com.
Article 11: Rules of Conduct
11.1 We respect your rights and demand that you respect our rights and the rights of third parties. This includes privacy and Intellectual Property Rights. You agree that you and your Users are not allowed to use the Service to infringe on any rights, including privacy or intellectual property rights or to promote, enable or facilitate others to infringe on any (third party) rights. In addition, you and your Users agree not to: (a) impersonate or pretend affiliation with any person or entity; or (b) access any non-public areas of our website or Service without authorization; or (c) spread viruses, worms, malware, junk mail, spam, chain letters, phishing mails, unsolicited promotions or advertisements of any kind and for any purpose; or (d) attempt to probe, scan, compromise, test, decompile, reverse engineer, similarly analyze or bypass any part of the SaaS, including the security thereof, or any related services.
11.2 It is solely the responsibility of the Customer to create, manage and remove Users in its account in the Service. Any actions or omissions by Users of the Service that have received access through you are deemed to be actions and omissions of the Customer. You and your Users agree to safeguard your account information.
Article 12: Confidential information
We reserve the right to disclose any confidential information in so far necessary (i) to follow a court order, (ii) to abide by any law, regulation or governmental request, (iii) to safeguard national security, defense, public security or public health and (iv) to meet our obligations to you under this Agreement.
Article 13: Term
13.1 This Agreement shall enter into effect on the date of your receipt of the confirmation email confirming your selection of the Service for the period of time as set out in the Service Description. Based on your selection of the Service, the initial term of paid plans is either one (1) month or one (1) year.
13.2 If you entered into an Agreement, after expiry of the initial term the Agreement is automatically extended by that same period of time, unless terminated by you, and taking into account a notice period of at least one (1) month prior to such extension, or by us, by contacting you through your registered contact details and also taking into account a notice period of at least one (1) month prior to such extension.
Article 14: Termination
14.1 Parties can solely terminate the Agreement for convenience as set out in the Agreement.1
14.2 Notwithstanding its rights to suspend the provision of the Services instead, Horta may terminate the Agreement for convenience with immediate effect, without any notice being required and without being liable for any damages as a result of the termination, if: (i) the Customer is in default or negligent in the performance of its duties and obligations pursuant to this Agreement, and has not remedied such non-performance within 14 (fourteen) days after having been notified in writing; or (ii) the Customer has been dissolved or liquidated, is in dissolution or liquidation, or has been granted suspension of payments, or has been declared bankrupt; or (iii) the Customer in the sole opinion of Horta breaches any warranty pursuant to Article 10 of the Terms or any rules of conduct as set out in Article 11 of the Terms; or (iv) in the sole opinion of Horta, Customer’s continued use of the Services could cause a risk of harm or loss to Horta.
Article 15: Effects of Termination
In the event of termination of this Agreement for any cause: the rights granted by one party to the other party under this Agreement will immediately cease; and all Fees owed are immediately due upon receipt of the final electronic bill; and no obligation to undo exists for either party.
Article 16: Force Majeure
16.1 No failure or omission by either of the Parties in the performance of any obligation under the Agreement shall be deemed a breach of the Agreement or create any liability if the same arises on account of force majeure, including but not limited to governmental measures, faults affecting the internet and other networks and/or electricity, war, and riot. Force majeure on the part of Horta shall include a situation of force majeure encountered by Horta’s own suppliers or contractors.
16.2 Without affecting any payment obligations pursuant to these terms and conditions, if a situation of force majeure lasts for longer than three months, both Parties shall be entitled to terminate the Agreement without liability. In this case, you are entitled to remuneration of the Fee on a pro rata basis for the amount of Services received.
Article 17: Liability
The Service is made available on an “as is” and “as available” basis. Horta makes no representation or warranty of any kind, express or implied, regarding the content, availability or use of our Service, or that it will be error-free or that defects will be corrected. Horta shall not be liable to you or to any third party for any kind of direct or indirect damages or losses, including without limitation, damages based upon loss of goodwill, lost sales or profits, work stoppage, production failure, loss of data, claims from third parties, fines by any supervisory authority or otherwise, except for damages and losses arising as a result of gross negligence and/or wilful misconduct. Horta’s liability for any and all claims for damages arising out or in connection with the Service and the access, application and use thereof, shall under no circumstances exceed the price paid by you to use the Service in the last six (6) months prior to the event that led to the damage incurred. If a yearly Fee is paid, said total liability of Horta shall not exceed half of the current yearly Fee paid by you.
Article 18: Modifications to the Terms
Horta reserves the right to change these Terms. When we change these Terms in a significant way, we will notify you by sending an email and by updating the document on the website.
Article 19: Miscellaneous
19.1 If any provision of the Agreement shall be deemed unlawful, void or otherwise unenforceable, then such provision shall be deemed severable from this Agreement and shall not affect the validity and enforceability of any remaining provisions. Any such unenforceable provision shall be replaced or be deemed to be replaced by a provision that is considered to be valid and enforceable and which interpretation shall be as close as possible to the intent of the invalid provision.19.2 This Agreement is governed by Dutch law. The exclusive jurisdiction and venue of any action with respect to any subject matter relating to this Agreement will be the courts located in Amsterdam, the Netherlands.
This data processing addendum (“DPA”) pertains to the processing of personal data by Horta on behalf of the Customer and is an integral part of the Terms of Service (“Terms”) of Horta and, if applicable, the accepted Proposal of Horta, together defined as “Agreement”.
Current as of: May 21, 2022
Article 1: Definitions
The terms used in this DPA correspond with the definitions provided in the Terms of Service of Horta (available at www.horta.io/terms unless specified differently. Terms such as “processing”, “personal data” and “personal data breach” shall have the meaning ascribed to them in the General Data Protection Regulation (2016/679/EU – “GDPR”).
Article 2: Scope and Subject
This DPA applies exclusively to the processing of personal data by Horta on your behalf, in the course of providing the Services to you as set out in the Agreement.
Nature and Purpose of Processing
Horta provides a standardized software platform for organizations to build, grow and nurture their talent pool through job alerts: the SaaS. The Customer determines how and for which purposes the SaaS is used, which functionalities of the SaaS are enabled, and how the settings of the SaaS are configured. The Customer also instructs Horta to analyze the use of the SaaS in order to secure it and to develop it further.
Categories of Data Subjects
Types of Personal Data Processed
For Talent, the personal data consist of profile-related information. This can consist of: email, departments they’re interested in, information on what they’re searching for in a role, links to social media accounts or profiles, personal interests, or any other answers to fields set by the Customer on the job alert.
For Users, the personal data typically consists of: general identification, authentication and authorisation data, configuration of the user profile, actions taken in the SaaS, ATS account information.
The SaaS allows the Customer to significantly customize the amount and types of personal data that will be collected from the Talent as well as the Users. It is the exclusive responsibility of the Customer to ensure that all processing of the personal data is compliant with the Relevant Legislation as defined below.
Special Categories of Data
Customer, Talent or Users may submit personal data through the SaaS which may concern special categories of personal data. It is the exclusive responsibility of the Customer to ensure that all processing of the personal data is compliant with the Relevant Legislation as defined below.
The SaaS allows the Customer to define automatic retention policies for certain personal data of Talent, as well as to delete personal data manually or in bulk. It is the exclusive responsibility of the Customer to implement, maintain and verify, automated and/or manually, a retention policy that is compliant with Relevant Legislation as defined below.
Article 3: Obligations of Parties
3.1 Horta will act as the processor as meant in article 4 paragraph 8 GDPR and the Customer will act as the controller, in the meaning of article 4 paragraph 7 GDPR. Horta will act in accordance with the documented instructions of the Customer, as set out in the Terms and this DPA. Additional instructions to Horta can only be provided by amendment of this DPA or by adjusting relevant settings in the available functionalities of the SaaS.
3.2 Horta will only process the personal data in such manner as - and to the extent that - this is necessary for the provision of the Services under the Terms, as per the instruction as meant in clause 3.1 of the DPA, or to comply with a legal obligation to which Horta is subject, in which case Horta will notify the Customer of such legal obligation, unless that law prohibits such notification on important grounds of public interest. Horta shall not process the personal data for any other purposes than described in article 2 of this DPA.
3.3 Customer warrants that the written instructions given by Customer to Horta in respect of the (processing of) personal data shall at all times be compliant with the GDPR and all other applicable legislation and regulations (“Relevant Legislation”). It is and remains the sole responsibility of Customer to comply with its obligations as a controller under the GDPR. This includes, but is not limited to the obligation to adequately inform data subjects regarding the processing of their personal data, to have a lawful legal basis for the processing and to ensure personal data is only retained for as long as it is necessary for the purpose for which it was obtained.
3.4 Customer shall, through the relevant functionality in the SaaS, provide Horta with an up-to-date email address to be used as the contact point for any relevant notifications or communications regarding the processing of the personal data of Customer (“Privacy Contact”). If a specific Privacy Contact is not provided, we will consider the designated account owner to be the Privacy Contact. Horta is not responsible for emails to the Privacy Contact “bouncing” or being rejected and other delivery failures that cannot be attributed to Horta. It is solely the Customer’s responsibility to ensure that the email address of the Privacy Contact is monitored at all times.
Article 4: Confidentiality
Horta will treat the personal data as confidential, and will ensure that access to the personal data is limited to only those employees who require access to it for the purpose of carrying out the Services. Horta will ensure that all persons authorized to process the personal data have committed themselves to confidentiality.
Article 5: Security Measures
5.1 Without prejudice to any other security measures agreed upon by Parties, Horta shall implement and employ appropriate technical and organizational measures to protect the personal data against unauthorized use or access, loss, destruction, theft, or disclosure, in accordance with article 32 GDPR. An overview of Horta’s security measures to protect the personal data are described on the Security Measures page further down this page.
5.2 Horta may update from time to time the security measures taken as described in clause 5.1 of the DPA, provided that the updated measures will continue to ensure at least the same level of protection. Horta will communicate the updated measures by updating the Security Measures page.
Article 6: Cooperation and Audit
6.1 At the request of the Customer, Horta shall provide the information strictly necessary for the Customer to comply with its obligations under the GDPR, specifically articles 32 through 36 GDPR. With regards to Horta’s cooperation in the context of articles 35 and 36, Customer shall bear the costs thereof.
6.2 The Customer has the right to perform an audit once per twelve months in order to verify the compliance of Horta with the provisions of this DPA. Such audit will be performed by an independent third party and will take place at a time defined by both Parties together. An audit scope and plan must be provided to, and agreed in writing with, Horta in advance.
6.3 Horta shall provide the auditor access – on request of the auditor – to the facilities, personnel, policies and documents that are reasonably necessary for the purpose of the audit and in so far such does not infringe on the rights and freedoms of third parties or result in Horta breaching contractual obligations. The Customer shall bear the costs of such an audit.
6.4 Horta will immediately inform the Customer if a request from (the auditor of) Customer is in the opinion of Horta in violation of the GDPR.
6.5 Horta may choose to satisfy the audit right of Customer as meant in clause of the DPA by providing documentation demonstrating that Horta complies with recognized certification frameworks, including but not limited to ISO 27001 and ISO 27701. If Horta makes use of this right, the audit right of Customer will be limited to only such topics that are not covered by the certification framework, or where found inadequate in the certification assessment.
Article 7: International Data Transfer
Horta shall only transfer Personal Data to a country outside of the European Economic Area if it observes Chapter 5 of the GDPR.
Article 8: Sub-Processors
8.1 Customer provides Horta with specific authorization to engage the sub-processors listed at www.horta.io/terms#sub-processors
8.2 Customer provides Horta with general authorization to engage other sub-processors. Horta shall inform the Customer in advance of the engagement of a new sub-processor, by email to the Privacy Contact.
8.3 The Customer has the right to argue its objection to the engagement of that sub-processor within four (4) weeks of the notification by Horta to the Privacy Contact. If the Customer has not made an objection within that period, the Customer is presumed to have given its specific authorization to the engagement of that sub-processor. If the Customer objects to a sub-processor, its sole remedy is to terminate the Agreement, in accordance with articles 13 and 14 of the Terms, without any right to compensation.
8.4 Horta shall enter into an agreement with its sub-processors, which agreement shall comply with the requirements of GDPR and include similar provisions as included in this DPA. Horta shall remain liable vis-à-vis the Customer for the performance of – or the failure to perform – the obligations set out in this DPA by sub-processors, in accordance with article 17 of the Terms.
Article 9: Security Incidents and Data Subject Rights
9.1 In the event of a security incident, Horta shall promptly take all remedial measures it deems necessary to terminate the incident and mitigate possible damages. If the incident affects the personal data of Customer, Horta shall notify the Customer thereof by email to the Privacy Contact without undue delay.
9.2 In so far as available, Horta shall provide to Customer in the notification as meant in clause 9.1 of the DPA, or any follow-up communication Horta provides, the following information: the nature of the security incident; the known and expected consequences of the security incident; the measures taken by Horta to address the security incident; the measures taken by Horta to limit the consequences of the security incident; and any other relevant information Horta considers that Customer may reasonably require.
9.3 In case Horta receives a complaint or a request from a natural person with regard to the personal data processed on behalf of Customer as described in Chapter 3 of the GDPR, Horta shall inform the natural person without undue delay that Horta operates as a processor on behalf of its customers, and that the complaint or request needs to be addressed to the controller, namely the organization to whom the complaint or request pertains. Horta cannot, and is never held to, verify to which customer the complaint or request pertains, nor to forward the same. In the event Customer requests the assistance of Horta to respond to such a complaint or request, Customer shall bear the costs thereof.
Article 10: Export, Return and Destruction of Personal Data
10.1 Using the functionality of the SaaS, Customer can at any time delete (part of) the personal data in its account. Any deleted data will be archived for a period of seven (7) days, to allow for any error in the deletion request to be corrected. If Customer requests such correction, it shall bear the costs thereof. After that period, the archived data is effectively deleted.
10.2 Deletion of data from the general back-ups of Horta cannot be requested by Customer, as such would affect the integrity of the back-ups.
10.4 Customer can request Horta to provide an export of all (personal) data in its account. Horta shall provide such export without undue delay.
Article 11: Term and Termination
11.1 This DPA shall come into effect and expire simultaneously with the Terms.
11.2 Termination or expiration of this DPA shall not discharge Horta from its obligations under articles 3-5, 9 and 10 of this DPA in so far as meant to survive the termination or expiration of the DPA.
Article 12: Modifications to the DPA
Horta reserves the right to change this DPA. When we change the DPA in a significant way, we will notify you by sending an email to the Privacy Contact and by updating the document on the website.
Current as of: May 21, 2022
These sub-processors are currently authorized to process customer data for Horta’s Services.
Legal entity: Google Cloud EMEA Limited
Service provided: Cloud Service Provider
Data Processing Location: EU
Legal entity: SendGrid, Inc. and Twilio Inc.
Service provided: Email Communications
Data Processing Location: USA
Current: as of May 21, 2022
Horta has implemented a security programme of technical and organizational measures to protect the data of its customers against unauthorized use or access, loss, destruction, theft, or disclosure.
Current security measures include, but are not limited to:
Secure Data Centers: The SaaS is hosted in high-security datacenters with relevant certifications, such as ISO/IEC 27001.
Network Security: Network connections are encrypted using HTTPS, TLS or other industry-standard encryption technology.
Secure Configuration: Systems are configured using secure baselines and reviewed regularly.
Security Patching: Systems, services and application frameworks receive necessary security patches on a regular basis.
Access Control: Access to production systems is restricted to authorized staff and requires multi factor authentication.
Logging: Actions in systems and applications are logged and monitored.
Backups: Data is backed up regularly.