THIS VERSION IS NO LONGER IN FORCE, THE CURRENT VERSION OF TOLOKA USER AGREEMENT IS LOCATED HERE:
Current User Agreement

User Agreement TERMS OF USE OF THE MINDRIFT PLATFORM

Last updated: 20 June 2024
Effective Date: 20 June 2024 

Welcome to our platform! This User Agreement (the Terms) is a binding agreement between YOU and TOLOKA AI AG, a corporation incorporated and existing under the laws of Switzerland, having its registered office at Werftestrasse 4, 6005 Lucerne Switzerland, and identification number CHE- 132.532.069 (further referred as “MINDRIFT”) as YOU are an internet user registering at https://mindrift.ai and any other associated mobile or web services or applications made generally available by MINDRIFT  (collectively, the “Mindrift Web Site”).

MINDRIFT offers you to provide services in exchange for a fee to MINDRIFT with the use of the Mindrift Web Site (hereinafter referred to as the “Services”) in accordance with these Terms. These Terms consist of the terms and conditions below, and incorporate and include:

  • the MINDRIFT Privacy Notice;

  • the Data Processing Addendum (“DPA”); and

  • any other policies, procedures, and other guidelines that MINDRIFT posts on the Mindrift Web Site or otherwise makes available to you including the terms of the tasks offered to you via the Mindrift Web Site (hereinafter referred to as “Tasks”).

BY REGISTERING FOR OR ACCESSING THE MINDRIFT WEB SITE, YOU ACCEPT THESE TERMS AND WARRANT AND REPRESENT THAT YOU ARE AT LEAST 18 YEARS OLD OR THE AGE OF LEGAL MAJORITY IN YOUR JURISDICTION ANDYOU HAVE AUTHORITY TO BIND YOURSELF TO THESE TERMS. PLEASE CAREFULLY READ THE TERMS AND THE PRIVACY NOTICE BEFORE USING THEMINDRIFT WEB SITE.

1. YOUR general obligations

1.1. By registering or using the Mindrift Web Site, YOU  express your agreement to the terms and conditions of the Terms and represent and warrant that:

  • YOU have carefully read and understood the Terms;

  • YOU have the right, in accordance with the applicable laws, to enter into contractual relations under the Terms, and nothing restricts YOUR capacity to contract;

  • YOU are already 18 years old and YOU are a person of legal majority age in accordance with the laws of the country of YOUR citizenship and the country of YOUR residence and or a tax resident of the Swiss confederation, you may not fulfill the tasks offered via the Mindrift Web Site or otherwise use the Mindrift Web Site or any of its individual functions;

  • YOU are aware that the content of the Mindrift Web Site is for persons of legal age only;

  • YOU comply with all applicable sanctions laws and regulations administered or imposed by the United States, European Union (“EU”), United Kingdom (“UK”), and Switzerland, including, but not limited to, the US Department of Treasury’s Office of Foreign Assets Control (“OFAC”) regulations (31 C.F.R. Chapter V) (collectively, “Sanctions Laws”).

  • YOU represent that neither YOU, nor any other person acting for or on YOUR behalf, is a person that is identified on OFAC’s Specially Designated Nationals and Blocked Persons List, the UK Consolidated List of Financial Sanctions Targets maintained by HM Treasury, the European Union Consolidated Financial Sanctions List maintained by the European Commission, the Swiss sanctions lists, or any other comparable list of persons subject to trade or financial restrictions and/or sanctions imposed or administered by the US, EU, UK, or Switzerland (collectively, “Restricted Persons Lists”). YOU shall immediately notify MINDRIFT in writing of any breach of the foregoing representation or any other material change in fact that makes the foregoing representation no longer accurate;

  • YOU shall not provide, in violation of Sanctions Laws, any goods or services to MINDRIFT under the Terms that are sourced in whole or in part, directly or indirectly, from a country or region embargoed or subject to substantial trade restrictions by the US, EU, UK, or Switzerland. In the event that YOU transact with an embargoed country or region, a person identified on the Restricted Persons Lists, or otherwise in violation of Sanctions Laws in its performance of these Terms, MINDRIFT may immediately terminate the Terms;

  • YOU are not a citizen and (or) tax resident of the Swiss Confederation and, if YOU become such, YOU undertake to immediately discontinue using the Mindrift Web Site and any of its individual functions;

  • The Mindrift Web Site may not be available for use in certain countries: Iran, Cuba, North Korea, Syria, Sudan, Myanmar, Venezuela and other countries where MINDRIFT is not operating in.

1.2. You undertake to:

  • abide all applicable laws, codes, regulations, orders, rules, etc.;

  • obtain at your expense any authorizations, permits, certificates, licenses, patents, declarations, etc. and go through any registration procedure if such is necessary for YOU to be able to provide services to MINDRIFT in accordance with the Terms and to use the Mindrift Web Site;

  • pay on time your own expenses, including those related with telephone communications, Internet access and telecommunication equipment, incurred by YOU for the purpose of obtaining access to the Mindrift Web Site and (or) providing services via the Mindrift Web Site and (or) when withdrawing payments from your account.

1.3. If YOU breach the requirements of Clause 1.1 and or 1.2 of the Terms, MINDRIFT may refuse to accept the results of the Services deeming the latter as improperly provided, fully refuse to pay YOU for the Services and block YOUR account.

1.4. The Mindrift Web Site is designed for inter alia, identifying materials with abusive and (or) pornographic content for the purpose of improving the quality of the search results filtration mechanisms. In this regard, the information reproduced on the Mindrift Web Site may contain materials with abusive and (or) pornographic content, and YOU agree that materials with abusive and (or) pornographic content may be demonstrated to YOU from time to time. YOU may limit the demonstration of such materials to YOU (excluding the materials referred to in Clause 1.5. of the Terms) by unflagging the option “I agree to perform tasks with adult content” in the settings of YOUR account on the Mindrift Web Site. You may also report the content of a Task YOU believe to be abusive by the way of flagging the respective checkbox on the webpage containing the Task and/or via Feedback section of the Mindrift Web Site.

1.5. The Mindrift Web Site may contain URL-links to other web sites on the Internet (third parties’ web sites). MINDRIFT shall bear no responsibility for any information and (or) materials posted on the third parties’ web sites that YOU may access using the Mindrift Web Site, including, but not limited to any opinions or assertions, expressed via the third parties’ web sites, adverts, etc., as well as for availability of these websites or their content, and consequences of YOU using them.

1.6. MINDRIFT hereby notifies YOU that parental control protections (such as computer hardware, software, or filtering services) are commercially available, these parental control protections can help in limiting access to materials that is harmful to minors. Information regarding providers of such protections may be found on the Internet by searching “parental control protection” or similar terms.

1.7. YOU agree that MINDRIFT is not restricting in any way YOUR right or ability to perform any services for others, including but not limited to, any employer, your own clients, or through any other crowdsourcing service or any other means. YOU will not represent yourself to clients or anyone else as an employee or agent of MINDRIFTYOU agree and acknowledge that YOU are an independent contractor of MINDRIFT and will always represent yourself as such. YOU have no authority (and will not hold yourself out as having authority) to bind MINDRIFT, and you will not make any agreements or representations on behalf of MINDRIFT.

2. Registration and Use of YOUR Account and performing the Tasks

2.1. When registering on the Mindrift Web Site, YOU shall create an account. YOU may register only one account throughout the period of use of the Mindrift Web Site. If YOU resume using the Mindrift Web Site after a period, during which YOU have not used the Mindrift Web Site, YOU may not register a new account and shall continue using the previously registered account.

2.2. YOU may not grant access to YOUR account on the Mindrift Web Site to third parties, specifically, allow such third parties to provide the Services (fulfill Tasks) on YOUR or their own behalf with the use of YOUR account on the Mindrift Web Site.

2.3. The data contained in YOUR account shall not refer to YOUR connection with the MINDRIFT and (or) the Mindrift Web Site, in particular, they shall not give the impression that the actions performed by YOU in the course of rendering the Services, are made on behalf or under control of MINDRIFT and/or administration of the Mindrift Web Site.

2.4. YOU agree to be fully liable for ensuring confidentiality and integrity of the password to YOUR  account on the Mindrift Web Site and its non-disclosure to third parties. YOU also agree to be fully liable for any actions performed on the Mindrift Web Site with the use of YOUR  account.

2.5. YOU agree and undertake to provide the Services in accordance with the requirements of the applicable laws, the provisions of the Terms, the Privacy Policy and the terms of each individual Task accepted by YOU via the Mindrift Web Site.

2.6. YOU agree and undertake to perform the Services, Tasks and any other deliverables YOU provide to MINDRIFT or its Clients are of high-quality standards and consistent with any scope of work or other specifications provided by MINDRIFT including to be accurate and within the deadlines. It shall be prohibited to provide the Services by using automated methods (scripts, robots, etc.), unless otherwise provided for by the terms of the corresponding Task. YOU understand that your repeated failure to do so constitutes a breach of these Terms. MINDRIFT reserves the right to confirm the accuracy of the Services, Tasks and other deliverables, and, in addition to MINDRIFT’s right to withhold payment in full or in part, to remove YOU from projects or deactivate your account based on your breach of this section.

2.7. MINDRIFT reserves the right to deem the Services provided as unsatisfactory and may, at it sole discretion, decline payment to YOU and or restrict the ability to perform Tasks and or withdraw funds from YOUR account under the following circumstances:

  1. If YOU provided inaccurate or misleading or unreliable or incomplete data in YOUR account, including situations where the Mindrift Web Site is used by minors and/or tax residents of the Swiss Confederation;

  2. YOU did not provide MINDRIFT the requested information and/or documents;

  3. The Services have been provided under improper conditions (for example, there is a background noise in the record, no audio record is made, low sound quality, no video record is made, low video quality, blocked Web cam);

  4. MINDRIFT concludes that the provided Services (the results of the fulfilled Task) fail to meet the set standards (if applicable) and (or) the terms of the Task, or the Task has been only partially fulfilled (for example, not all of the set problems have been resolved);

  5. The Task is fulfilled upon the expiration of the term set by MINDRIFT in the terms of the Task;

  6. Any breach of the Terms.

2.8. YOU shall act as an independent contractor with respect to MINDRIFT and you are not an employee of MINDRIFT or any of TOLOKA Group entities. TOLOKA Group means in relation to TOLOKA and its subsidiaries or holding companies from time to time: 1) which directly or indirectly hold more than 50% of shares of TOLOKA ; 2) where more than 50% of shares in the authorized capital are held, directly or indirectly, by TOLOKA ; 3) where more than 50% of shares in the authorized capital or stock are held, directly or indirectly, by a person who directly or indirectly holds more than 50% of shares of TOLOKA ; 4) which are entitled to take management decisions with respect to TOLOKA or TOLOKA is entitled to take management decisions. Therefore, YOU may not issue a claim to MINDRIFT or any of TOLOKA Group entities in connection with the provision of the Services under the Terms for payment of salary, vacation pay, temporary disability (illness) allowance, pension and (or) social security benefit, medical service and (or) social assistance privilege, retirement pay or any other payments, benefits, guarantees and (or) compensations stipulated by the applicable labour laws.

2.9. YOU hereby acknowledge that YOUR primary or secondary employment is not related to the provision of the Services with the use of the Mindrift Web Site and that YOU agree to provide such Services at YOUR own risk. YOU also acknowledge that YOU will arrange an appropriate work place and have all necessary equipment for providing the Services including but not limited to internet access. MINDRIFT SHALL not control the time YOU spend on providing the Services, and shall not instruct, supervise or control YOU in any manner.

2.10. YOU represent and warrant that:

  1. YOU have all the mandatory certificates, licenses and/or registrations that are required to operate as an independent contractor in your applicable jurisdiction; and

  2. YOU are registered and act as an individual entrepreneur (sole trader, self-employed person) while YOU provide the Services.

  3. YOU shall pay all applicable social security contributions, insurance contributions and (or) taxes and submit all appropriate reporting forms to competent authorities.

2.11. YOU agree and undertake to reimburse MINDRIFT for all losses incurred by MINDRIFT as a result of YOUR invalid representations and warranties listed in Clause 2.7-2.10 of the Terms.

2.12. MINDRIFT may (but in no case is obligated to) provide monitoring, preliminary moderation, filter, delete any content and (or) results of YOUR Services and (or) investigate into any breach of MINDRIFT’s rules applicable to YOU and (or) review complaints from and with respect to YOU and take appropriate measures.

2.13. YOU may use the Mindrift Web Site solely for the purposes specified in the Terms.

3. Payment for Tasks and withdrawal

3.1. If YOU have provided the Services in accordance with the specified requirements (covering aspects like requirements, quality, deadlines and terms) outlined in the respective Task and these Terms, and MINDRIFT has accepted the result of the Services, the remuneration amount set in the terms of the Task (hereinafter referred to as Payment) shall be transferred to YOUR account on the Mindrift Web Site no later than 30 (thirty) days following the successful fulfillment of the corresponding Task and acceptance by  MINDRIFT. MINDRIFT shall assess the Services on the basis of the obtained results, and not on the basis of the time spent and (or) effort made.

3.1.1. If MINDRIFT and or the Client rejects your submitted Task, MINDRIFT will contact YOU and YOU can only once edit and resubmit the Task, YOU will not receive any additional compensation for this as YOU are an independent contractor and bear the financial risk over YOUR own services. If YOUR submitted tasks are rejected after the first submission, MINDRIFT has the right to withhold part or all of YOUR compensation.

  • YOU may communicate YOUR objections (specifying the number of the respective Task) via the interface of the Mindrift Web Site within 7 calendar days from the date when the respective Services (results of Tasks) have been rejected. YOU agree that any objections communicated after the expiration of the 7 days’ term will not be considered.

  • Provided that YOUR objections have been properly communicated, MINDRIFT may, but shall not be obliged to, consider the objections within 14 calendar days from the date when YOU have communicated YOUR objections.

  • MINDRIFT may decide to accept the Services (results of Tasks) or reject them again. YOU can communicate YOUR objections regarding each refusal to accept YOUR Services only once. If MINDRIFT decides not to consider YOUR objections, MINDRIFT shall not inform YOU thereof.

3.1.2. Where Payment is transferred by the MINDRIFT’s Client to YOUR account on the Mindrift Web Site, YOU may withdraw money from YOUR account by using the details of a payment system operator or a credit institution selected by YOU (from among available ones), given YOUR successful identification in the corresponding payment system and (or) credit institution in accordance with the requirements of the operator of such payment system and (or) the credit institution and the applicable laws. MINDRIFT shall send a request for withdrawal of money from the account on the Mindrift Web Site according to the details of the payment system operator or the credit institution selected by YOU no later than 30 (thirty) calendar days after YOU initiate the withdrawal of the Payment amount.

3.1.3. Payment shall be made in US dollars. If the payment system operator and/or a credit institution selected by YOU do not provide YOU with an opportunity to receive Payment in US dollars (in accordance with the selected terms of use), YOU shall receive an amount in another currency in accordance with the terms of use of the respective payment system operator and (or) the credit institution. YOU may find information on the applied exchange rates and conversion dates in the Help section of the Mindrift Web Site. You understand that neither MINDRIFT nor any related entity is responsible for any foreign exchange fluctuation between local currency and the US Dollar or any timing issue that may affect the value of payments made to you.

3.1.4. Payment sums will be withdrawn from YOUR account on the Mindrift Web Site as per the rules, tariffs and rates set by the payment system operator and (or) the credit institution. MINDRIFT bears no liability for complaints regarding actions and (or) omissions of the payment system operator and (or) credit institution that YOU have selected for the withdrawal of money from YOUR account on the Mindrift Web Site or other operations.

3.1.5. YOU agree that the payment system operator or credit institution selected by YOU may deduct commission fees and request additional documents when withdrawing Payment sums from YOUR account on the Mindrift Web Site.

3.1.6. MINDRIFT shall not participate in the communication between YOU and the payment system or the credit institution.

3.2. If YOU believe there's an error in a Payment, promptly email MINDRIFT Support using the published email address on the Mindrift Web Site. Failure to notify MINDRIFT of errors within 10 calendar days of the transfer to YOUR Mindrift Web Site account constitutes a waiver of claims and acceptance of the payment.MINDRIFT may choose not to consider inquiries submitted more than 10 calendar days after YOU initiate the Payment withdrawal procedure.

3.3. MINDRIFT shall not bear any liability for tax deductions from Payment sums and any other money paid to YOU by MINDRIFT and or MINDRIFT’s Client; YOU shall be fully liable for the calculation, deduction, payment and reporting of any taxes and dues to appropriate regulatory and (or) supervisory authorities, including with respect to sales tax, value-added tax, individual income tax and other taxes, dues, duties, insurance contributions and other charges, assessed, accumulated and (or) payable for any reason in connection with any Payment, provision of the Services, use of the Mindrift Web Site, any of YOUR actions and (or) omission as well as actions and (or) omission of YOUR affiliates.

3.4. YOU agree that the remuneration specified in the terms of the Task and received by YOU for the provided Services, shall be adequate and sufficient remuneration for the provided Services and any information and (or) exclusive rights to intellectual property provided by YOU. All obligations of MINDRIFT to pay YOU any sums in connection with YOUR provision of the Services are fulfilled upon the date that Payment has been made by MINDRIFT.

3.5. YOU agree that if the amount of YOUR account in Mindrift Web Site is 1 US dollar or less and if YOU do not complete Tasks within 12 (twelve) months in a row, the amount from YOUR account is debited by MINDRIFT and the amount of the account remains zero. If the amount is debited from YOUR account under mentioned conditions, you have no claims against MINDRIFT.

4. Intellectual Property Rights

4.1. YOU hereby acknowledge and agree that all intellectual rights with respect to the Mindrift Web Site and Tasks, including but not limited to patents, designs, copyrights, trademarks and service marks, know-how, trade secrets, and right of a like nature, throughout the world, in any case whether registered or not, as well as any applications for any of these rights, shall belong to MINDRIFT.

4.2. YOU also agree and acknowledge that all results of the Tasks/Services fulfilled/provided by YOU shall be created by YOU for MINDRIFT (the Result) and that all rights to such Result, including the exclusive right and other intellectual property rights, shall be transferred at no charge by YOU to MINDRIFT and that such exclusive right and intellectual rights shall be automatically transferred to MINDRIFT each time a corresponding Result is created.

4.3. YOU agree to transfer all rights to the (future) Results as set out in the Terms, each time without any additional fee to YOU such enhancement, modification for such enhancement, modification, or adaptation and regardless of whether or not YOU have received Payment for the provided Services (fulfilled Tasks).

4.4. YOU hereby warrant and represent that the Result does not infringe upon any third party rights and that YOU are the sole right-holder with respect to the Result and are entitled to transfer the rights to the Result as stated in Clauses 4.2 and 4.3 of the Terms, without obtaining consent of third parties, and that such rights to the Result are free from any pledge, arrest, retention, purchase option and other encumbrance.

4.5. On YOUR part, YOU undertake to take all necessary actions (including executing any documents or applications) for all rights to the Result to be transferred to MINDRIFT, as stipulated in the Terms.

4.6. YOU hereby agree and acknowledge that MINDRIFT can use the Result without any reference to YOU as the author, to make any changes, modifications, adaptations, abridgements and/or additions to the Result, make the Result public, incorporate the Result in complex objects comprising several protected intellectual activity results, to create derivative works based on the Result as well as exercise any other right linked to an intellectual property right or other rights mentioned in this Clause 4.

4.7. In instances where the transfer of certain intellectual property rights to MINDRIFT is not possible (e.g., due to mandatory legal restrictions), YOU hereby grant to MINDRIFT an exclusive, worldwide, perpetual, irrevocable, royalty-free, transferable license, with the right to sublicense, to use such intellectual property. This license shall include the rights to use, reproduce, modify, display, perform, distribute, and create derivative works from the intellectual property.

4.8. Insofar as allowed by the applicable laws, the CUSTOMER shall bear no responsibility for any wrong that may be inflicted to YOU as a result of providing Services or using the Mindrift Web Site or otherwise.

5. Confidentiality

5.1. All information, to which YOU obtain access while providing Services and (or) using the Mindrift Web Site (in particular, as terms of a certain Task) shall be deemed confidential, including: scientific and technical, technological, industrial, financial and economic or other information, including, but not limited to, information security tools and identification / authentication, authorization (usernames, passwords, etc.), statistical information, personal data, information about MINDRIFT and or MINDRIFT’s clients, products, services, etc., in any possible form (oral, written, electronic, or other), to which there is no free access on a legal basis, as well as information, explicitly designated as confidential In Tasks on the Mindrift Web Site.

5.2. YOU undertake not to disclose such information, i.e. not to transmit, report or grant access to at least one person (who does not have legal access to such information) in any possible form (oral, written, including using technical means, for example, publishing it in whole or in part in Internet: posting videos on youtube, posting information on social networks, etc.) throughout the period of time while YOU have an account on the Mindrift Web Site and within five years after YOUR  account is deleted. YOUR obligation not to publish and (or) disclose to third parties any Personal Data YOU received access to during YOUR performance of the Services shall remain in force indefinitely. This obligation shall be valid with respect to any information obtained by YOU in the course of YOUR provision of the Services (fulfillment of Tasks) via the Mindrift Web Site and (or) during use of the Mindrift Web Site, except in cases where YOU are required to disclose such information to public agencies upon request thereof in accordance with the requirements of the applicable laws.

5.3. When performing field tasks, YOU undertake not to take photos and/or video recordings of any individuals and/or license plate numbers of any transport vehicles. "Field tasks" means offline tasks posted on the Mindrift Web Site, including, but not limited to, collecting data about organizations (working hours or menus), monitoring pedestrian transport, and checking outdoor advertising.

6. Liabilities

6.1. YOU agree that MINDRIFT, MINDRIFT Group entities and their affiliates, officers, employees and representatives (hereinafter referred to as the "MINDRIFT and related parties" or "MINDRIFT Group entities") shall not be liable to YOU under these Terms or any other contract, and on any other grounds, with regard to:

  1. YOUR direct, indirect, incidental or punitive damages, lost profits, expenses related to the purchase of substitute products and services, whether or not MINDRIFT and related parties could or should have foreseen such damages; and

  2. loss or destruction of data and (or) termination of the ability to use it.

6.2. Insofar as allowed by the applicable laws, the total maximum liability of MINDRIFT and Related Parties to YOU shall not exceed the sums actually paid to YOU by MINDRIFT for the Services in the 12 months preceding the damaging event.

6.3. YOU hereby undertake to reimburse MINDRIFT and Related Parties for losses incurred in connection with any demands, applications, claims or lawsuits of third parties, property liability, damage, penalties, fines and (or) costs of any nature (including reasonable expenses on legal consultants and representatives), as well as for losses incurred due to loss of or damage to any property, during the term of the Terms and upon termination hereof, provided that such losses are incurred due to or in connection with:

  1. breach by YOU of the Terms;

  2. the Services provided by YOU in pursuance of the Terms, and also YOUR actions or omission in connection with such Services; and

  3. infringement of rights of any person or third party, including but not limited to intellectual property rights as defined in Clause 4 of the Terms, personal non-property rights, privacy rights, the right to protect dignity, good name and business reputation and or breach of confidentiality.

If any claims (lawsuits) are filed against MINDRIFT and Related Parties, any of the aforementioned parties has the right to demand that YOU present, at YOUR expense, objections to such claims (statement of defense), and act as the defendant in the lawsuit or trial. YOU shall in such situation employ a legal consultant (representative) with the prior approval by MINDRIFT and Related Parties.

6.4. If YOU disclose any confidential information contained in the Tasks on the Mindrift Web Site, YOU may be held liable in accordance with applicable laws.

6.5. YOU unconditionally agree to the following measures that can be applied to YOU by MINDRIFT if YOU breach the terms and conditions of these Terms:

6.5.1. In case of violation of the provisions of these Terms, namely:

  1. if MINDRIFT detects that YOU have registered and/or used two or more accounts on the Mindrift Web Site, the second and each subsequent identified account is blocked, the funds of these accounts shall become unavailable for withdrawal and are canceled by MINDRIFT in full (i.e. the account balance becomes zero); and

  2. if YOU use automated methods (scripts, robots, etc.), when it is not explicitly stated in the terms of the corresponding Task, MINDRIFT will block YOUR account, and the funds in your account shall become unavailable for withdrawal and will be canceled by MINDRIFT in full (i.e. the account balance becomes zero).

6.5.3. MINDRIFT reserves the right to block YOUR  account;

  1. In case of violation of the provisions of the Confidentiality Clauses, namely: the presence of images of any individuals and/or license plates of any vehicles in the results of performed field tasks, the results of the above stated field tasks may be considered invalid and not subject to payment. In addition, MINDRIFT has the right to take measures, at its sole discretion, to terminate such actions on the part of the User, including, but not limited to, blocking the account, restricting the possibility of withdrawing funds from the account, restricting the use of the Mindrift Web Site.

  2. In case YOU have reported inaccurate and (or) misleading data inYOUR account, including the cases where the Mindrift Web Site is used by minors and (or) citizens and (or) tax residents of the Swiss Confederation, YOUR account is blocked in accordance with the Terms, and the funds in your account shall become unavailable for withdrawal and will be canceled by MINDRIFT in full;

  3. If YOU fail to provide information and/or documents within 30 (thirty) calendar days as requested by MINDRIFT, then MINDRIFT shall reserve the right to block YOUR account, funds in your account shall become unavailable for withdrawal and will be canceled by MINDRIFT in full.

6.6. If MINDRIFT believes or suspects that any actions by a user while using the MINDRIFT website are in breach of the terms and conditions hereof, including actions aimed at receiving payment(s) for Tasks and/or receiving bonus points in an unfair manner, then  MINDRIFT shall have the right in its sole discretion to take measures to end such actions by the user, including, but not limited to, blocking the account, restricting the ability to withdraw funds from the account, restricting the use of the MINDRIFT website.

7. Duration of the Terms

7.1. MINDRIFT reserves the right to, at any time and with no prior notification, amend and supplement the Terms, the Privacy Policy and any other applicable documents. A notice of such amendments shall be sent to YOU in advance to the e-mail specified by YOU during the registration, except in cases where YOU refused to be notified by e-mail, and or via the interface of YOUR account on the Mindrift Web Site. Notifications of amendments to the Terms, the Privacy Policy and other applicable documents shall be also published on the Mindrift Web Site.

7.2. By continuing to fulfill the Tasks received via the Mindrift Web Site or otherwise use the Mindrift Web Site, YOU  express YOUR full and unconditional agreement to the terms of the corresponding version of the Terms, the Privacy Policy and (or) other applicable documents. If YOU do not agree to the amendments made, YOU shall not continue using the Mindrift Web Site.

7.3. The official text of the Terms is only the English version, versions in different languages are provided exclusively for YOUR information.

7.4. The Terms shall be valid until its termination as per Clause 7.5 of the Terms.

7.5. The Terms may be terminated:

  1. by YOU when YOU delete YOUR account and terminate these Terms: press «Remove Profile» in «My Profile» - «Edit» and agree to the terms of the deletion of the account by ticking the box and pressing «Remove Profile»; or

  2. by MINDRIFT in case YOU breach any Confidentiality Clauses of the Terms;

  3. by MINDRIFT at any moment in case YOU breach any of the provision of the Terms and or at any moment for any reason, with a notice to YOU by e-mail and (or) via the interface of YOUR account on the Mindrift Web Site.

7.7. IF THE TERMS ARE TERMINATED AS PER CLAUSE 7.5 HEREOF, YOUMAY NOT CONCLUDE AGAIN TO SUCH TERMS WITH MINDRIFT AND OR REGISTER A NEW ACCOUNT ON THE MINDRIFT WEB SITE AND (OR) RE-ACTIVATE THE PREVIOUSLY CREATED ACCOUNT.

7.8. If MINDRIFT or YOU terminate the Terms in accordance with Clause 7.5., MINDRIFT will send YOU a notification and give YOU the option to withdraw the funds in YOUR account within days that is described in such notification by MINDRIFT. If the Terms are terminated and YOU do not withdraw YOUR funds after receiving such notification from MINDRIFT, then YOU waive YOUR right to receive the funds held in YOUR account and MINDRIFT is no longer obliged to make the respective payments.

7.9. If the Terms is terminated at the initiative of MINDRIFT in connection with YOUR breach of the Terms, MINDRIFT may cancel and refrain from paying YOU the funds accumulated on YOUR account on the Mindrift Web Site or any other sums in YOUR favor.

8. Personal Data

8.1. By using the Mindrift Web Site, YOU agree that YOUR personal data will be processed at in accordance with the Privacy Notice.

8.2. YOU represent and warrant that the personal data provided by YOU are true, accurate, complete and up to date at every moment of  YOUR use of the Mindrift Web Site. In case of changes in personal data YOU shall immediately update YOUR personal data on the Mindrift Web Site or ask MINDRIFT’s support team to help with YOUR request.

8.3. In case of performing Tasks with data collection, read all instructions carefully, since they may contain important guidelines on data processing. Please be informed that in case of personal data collection the requestors who placed the relevant Task (hereinafter – the "Requestor") shall act as data controllers. YOU can contact the Requestor by using its contact details within the relevant Task.

8.4. In case the (personal) data YOU provided within the Task has been rejected by the Requestor, such (personal) data will be deleted immediately and will not be used for any purposes.

8.5. In case of providing personal data of any third party within the Task YOU represent and warrant that YOU have obtained a legal basis for its processing by the Requestor in accordance with the instructions in the Task, and that the processing of personal data by the Requestor as described in the instructions is permissible under applicable data protection law(s) (e.g., the data subjects have been informed about the processing in accordance with applicable data protection laws).

8.6. In case of performing the Requestors' Tasks which contain personal data of third parties YOU shall comply with obligations specified in the Data processing agreement (the "DPA") which is an integral part of the Terms. DPA is stated in the Appendix 1 hereof.

8.7. In case of non-performing Tasks specified in the Clause 8.4. hereof, the DPA is not applicable to YOU.

8.8. MINDRIFT may use contact data YOU provided to MINDRIFT at registration and YOUR network activity on Mindrift Web Site to send YOU our newsletters, messages, and provide and improve the informational support of MINDRIFT resources ("Messages"). MINDRIFT uses an internal tool to deliver Messages. Each message contains an opt-out link for YOU to unsubscribe from our messages at any time or YOU can switch the sliders in inactive mode in YOUR profile. For more information, please see our Privacy Notice.

9. Warranties

9.1. YOU hereby acknowledge and agree that YOU are fully liable for using the Mindrift Web Site and its content and that the Mindrift Web Site and the content published on it are provided ”as is“, without any representations and warranties, to the extent possible in accordance with applicable laws.

9.2. When using the Mindrift Web Site, YOU understand and accept that YOU may access content intended for adults only, specifically, materials with abusive and (or) pornographic content. If such content is unacceptable to YOU or if YOU are not a person of legal age, YOU should immediately stop using the Mindrift Web Site. MINDRIFT bears no responsibility for any content on the Mindrift Web Site that appears abusive and (or) unacceptable to YOU.

9.3. MINDRIFT shall waive all warranties and or representations to the fullest extent permitted by applicable laws regarding:

  1. the relevance, validity, completeness, reliability, acceptability and availability of the content of the Mindrift Web Site and presence of any abusive content on the Mindrift Web Site; and

  2. third-party products, services and content which YOU access via the MINDRIFT website, this also applies in the event YOU yourself go to third-party webistes via URL links on the MINDRIFT website.

9.4 MINDRIFT shall waive any explicit or implicit warranties and representations to the fullest extent permitted by applicable laws, based on MINDRIFT’s previous oral or written statements, in connection with YOUR use of the MINDRIFT Website and providing Services. MINDRIFT therefore waives, including but not limited to any warranties of the quality of the product, the usability of the product for a particular purpose, the warranty of ownership or title, the warranty that of no one’s intellectual property rights will be infringed and other warranties that are generally associated with the business practice.

9.5. MINDRIFT shall waive any warranty regarding continuous availability and performance of the Mindrift Web Site and related services to the fullest extent permitted by applicable laws. MINDRIFT does not warrant that the Mindrift Web Site and related services shall function on a continuous, uninterrupted and secure basis, without faults and errors. MINDRIFT does not warrant that the Mindrift Web Site and related services shall have a certain set of functions and (or) characteristics.

9.6. MINDRIFT does not warrant that the Mindrift Web Site or the server securing the functioning of the Mindrift Web Site, including URL links on the Mindrift Web Site, are free of viruses and (or) other malicious components. YOU agree to use the Mindrift Web Site at YOUR own risk and discretion and YOU are fully liable for damage that may be caused to YOUR PC, mobile device or other equipment, as well as for loss and (or) destruction of any data as a result of using of the Mindrift Web Site.

9.7. MINDRIFT bears no responsibility to the fullest extent permitted by the applicable laws for any damage, and or injustice that may be inflicted to YOU as a result of providing Services or using the Mindrift Web Site or otherwise.

9.8. Notwithstanding the foregoing provisions, YOU agree to indemnify MINDRIFT and to hold it harmless from and against any and all claims, damages, losses, risks, liabilities, and expenses (including attorneys’ fees and costs) incurred by MINDRIFT arising from or related to any breach of the conditions above. These indemnity obligations shall survive the expiration or early termination of the Terms.

10. Governing law and Dispute resolution

10.1. The Terms is subject to and construed in accordance with substantive Swiss law, to the exclusion of its conflict of laws rules and to the exclusion of the UN Convention on the International Sale of Goods (CISG). All disputes arising out of or in connection with the Terms shall be subject to the exclusive jurisdiction of courts of the city of Lucerne. The foregoing shall not restrict the right of MINDRIFT to seek injunction and (or) any other remedy in any other judicial authorities.

10.2. Should any of the provisions of the Terms be recognized by a competent court as invalid, such provision is deemed as excluded from this Agreement, with all the other provisions hereof remaining valid in such case. Such provision of the User Agreement, recognized as invalid, shall be replaced with a provision best reflecting the intents pursued by the Parties to the Terms at the time of its conclusion and the practice of their economic relationship.

11. Final Provisions

11.1. MINDRIFT shall sent notices to YOU in connection with the Terms on the Mindrift Web Site, these notices shall be communicated in a message via the interface of YOUR account on the Mindrift Web Site and (or) sent to the e-mail specified by YOU during the registration, except in cases where YOU refused to be notified by e-mail. E-mail notice shall be sufficient in all cases and shall be deemed to be received by YOU on the following day after such notice is forwarded to YOUYOU must send notices to MINDRIFT to legal@toloka.ai.

11.2. If YOU anticipate that YOU will not be able to fulfil your obligations in connection with the Services, in time or properly, YOU are obligated to inform MINDRIFT immediately in writing. YOU shall be free to find a replacement to perform the Services and or the Task for MINDRIFT (the Substitute). Prior to the replacement, YOU shall inform MINDRIFT in writing as to who will perform the Services and or Task on YOUR behalf. MINDRIFT will not be entitled to refuse the replacement(s) other than on the basis of objective qualifications. Prior to accepting the Substitute, MINDRIFT shall formulate the objective qualifications that any Substitute(s) must meet. The objective qualifications can be measured and or tested by MINDRIFT prior to accepting the Substitute. YOU remain responsible for the quality of the work and for the Substitute to be in compliance with the Terms during the replacement. The Terms shall remain in full force and applicable to YOU.

11.3 YOU may not assign, transfer, delegate, sell, or otherwise dispose of the Terms and/or any rights and obligations under or in relation with the Terms, including, without limitation, by operation of law, without the prior written consent of MINDRIFT as described in 11.2 of the Terms. Any purported assignment, transfer, delegation, sale or other disposition in contravention of this Clause including, without limitation, by operation of law, is void. Subject to the foregoing, the Terms will be binding upon and will inure to the benefit of the parties’ permitted successors and assigns. The MINDRIFT may freely and at its own discretion assign, transfer, delegate, sell, or otherwise dispose of the Terms and/or of any of its rights and obligations under and in relation with the Terms, including, without limitation, by operation of law, without YOUR prior consent.

11.4 In the event that any provision of the Terms are declared by a court of competent jurisdiction to be illegal, unenforceable or void, the Services and the Terms shall continue in full force and effect to the fullest extent permitted by law without said provision, and the parties shall amend the Services or the Terms as far as legally possible to include the substance of the excluded provision so that the original intent of the Parties are realized.

If YOU have questions with respect to the Terms, please send YOUR questions to tolokercare@toloka.ai.

APPENDIX 1 TO THE USER AGREEMENT ("AGREEMENT")
DATA PROCESSING AGREEMENT

TERMS AND DEFINITIONS

Availability — Ensuring timely and reliable access to and use of information

Controller — Person, company, or other body that determines the purpose and means of Personal Data processing (this can be determined alone, or jointly with another person/company/body)

Processor — Person, company, or other body which processes Personal Data on the Controller's behalf

Data subjects — Individual persons whose Personal Data is collected, held or processed by an organisation

Customers — Person or entity that post tasks on the Service

MINDRIFT — TOLOKA AI AG (CHE- CHE-132.532.069, Werftestrasse 4, 6005 Luzern, Switzerland)

Expert — Person or entity that perform tasks posted by Customers

Personal data — means any information relating to an identified or identifiable Data subjects

Personal data breach — Incident wherein information is stolen or taken from a system without the knowledge or authorization of the system's owner

Sub-processors — Third party processor engaged by a Processor who has or will have access to or process Personal Data from a Controller

The Parties hereby conclude the EU Standard Contractual Clauses (issued by the EU Commission by the Commission Implementing Decision (EU) 2021/914 of 4 June 2021) between MINDRIFT (Processor) and Expert (Sub-Processor) (hereinafter – "Clauses").

(a) An entity that is not a Party to these Clauses may, with the agreement of the Parties, accede to these Clauses at any time, either as a data exporter or as a data importer, by adding itself to the Annex I and signing this Data Processing Agreement.

(b) Once it has been added to the Annex I and has signed this Data Processing Agreement, the acceding entity shall become a Party to these Clauses and have the rights and obligations of a data exporter or data importer in accordance with its designation in Annex I.

(c) The acceding entity shall have no rights or obligations arising under these Clauses from the period prior to becoming a Party.

In the event of a contradiction between these Clauses and the provisions of related agreements between the Parties existing at the time when these Clauses are agreed or entered into thereafter, these Clauses shall prevail.

The details of the processing operations, in particular the categories of Personal Data, the purposes for which the Personal Data is processed on behalf of the Controller and duration of the processing, are specified in Annex II.

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Processor (as the owner of the informational system used by Expert ) shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk. List of measures used by the Sub-Processor are included in the Annex III.

Expert guarantees that they won't process, copy, share or do any other activity with Personal Data to which they have access that was given by the Controller as a part of provision of Services to MINDRIFT within informational systems provided by Processor or Controller except on instructions from the Controller, unless they are required to do so by the competent supervisory authorities. Thus, Sub- Processor must refrain from (including, but not limited to):

  • Making photos of the screen with Personal Data provided by the Controller, making screenshots or screen recordings of such data;

  • Selling Personal Data provided by the Controller;

  • Let third parties complete tasks that are assigned to Expert.

7.1. Each Party's liability for any breach of this Data Processing Agreement shall be subject to the limitations and exclusions of liability set out in the Agreement, provided that neither Party limits or excludes any liability that cannot be limited or excluded under applicable law.

7.2. Indemnities in case of Personal Data Breach is regulated in accordance with local legislation and judicial practice (if applicable in accordance with legal requirements).

8. All references of this Data Processing Agreement to requirements of data protection laws of shall be read as references to relevant requirements of applicable data protection laws, including, without limitation, data protection law of Switzerland.

9. Annexes I – III are attached to this Data Processing Agreement.

Availability – Ensuring timely and reliable access to and use of information

Controller – Person, company, or other body that determines the purpose and means of Personal Data processing (this can be determined alone, or jointly with another person/company/body)

Processor – Person, company, or other body which processes Personal Data on the Controller's behalf

Data subjects – Individual persons whose Personal Data is collected, held or processed by an organisation

Customers – Person or entity that post tasks on the Service

Toloka – Toloka AI AG (CHE- CHE-132.532.069, Werftestrasse 4, 6005 Luzern, Switzerland)

Tolokers – Person or entity that perform tasks posted by Customers

Personal data – means any information relating to an identified or identifiable Data subjects

Personal data breach – Incident wherein information is stolen or taken from a system without the knowledge or authorization of the system's owner

Sub-processors – Third party processor engaged by a Processor who has or will have access to or process Personal Data from a Controller

The Parties hereby conclude the EU Standard Contractual Clauses (issued by the EU Commission by the Commission Implementing Decision (EU) 2021/914 of 4 June 2021) between Toloka (Processor) and Toloker (Sub-Processor) (hereinafter – "Clauses").

(a) An entity that is not a Party to these Clauses may, with the agreement of the Parties, accede to these Clauses at any time, either as a data exporter or as a data importer, by adding itself to the Annex I and signing this Data Processing Agreement.

(b) Once it has been added to the Annex I and has signed this Data Processing Agreement, the acceding entity shall become a Party to these Clauses and have the rights and obligations of a data exporter or data importer in accordance with its designation in Annex I.

(c) The acceding entity shall have no rights or obligations arising under these Clauses from the period prior to becoming a Party.

In the event of a contradiction between these Clauses and the provisions of related agreements between the Parties existing at the time when these Clauses are agreed or entered into thereafter, these Clauses shall prevail.

The details of the processing operations, in particular the categories of Personal Data, the purposes for which the Personal Data is processed on behalf of the Controller and duration of the processing, are specified in Annex II.

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Processor (as the owner of the informational system used by Toloker) shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk. List of measures used by the Sub-Processor are included in the Annex III.

Toloker guarantees that they won't process, copy, share or do any other activity with Personal Data to which they have access that was given by the Controller as a part of provision of Services to Toloka within informational systems provided by Processor or Controller except on instructions from the Controller, unless they are required to do so by the competent supervisory authorities. Thus, Sub- Processor must refrain from (including, but not limited to):

  • Making photos of the screen with Personal Data provided by the Controller, making screenshots or screen recordings of such data;

  • Selling Personal Data provided by the Controller;

  • Let third parties complete tasks that are assigned to Toloker.

7.1. Each Party's liability for any breach of this Data Processing Agreement shall be subject to the limitations and exclusions of liability set out in the Agreement, provided that neither Party limits or excludes any liability that cannot be limited or excluded under applicable law.

7.2. Indemnities in case of Personal Data Breach is regulated in accordance with local legislation and judicial practice (if applicable in accordance with legal requirements).

8. All references of this Data Processing Agreement to requirements of data protection laws of shall be read as references to relevant requirements of applicable data protection laws, including, without limitation, data protection law of Switzerland.

9. Annexes I – III are attached to this Data Processing Agreement.

Availability – Ensuring timely and reliable access to and use of information

Controller – Person, company, or other body that determines the purpose and means of Personal Data processing (this can be determined alone, or jointly with another person/company/body)

Processor – Person, company, or other body which processes Personal Data on the Controller's behalf

Data subjects – Individual persons whose Personal Data is collected, held or processed by an organisation

Customers – Person or entity that post tasks on the Service

Toloka – Toloka AI AG (CHE- CHE-132.532.069, Werftestrasse 4, 6005 Luzern, Switzerland)

Tolokers – Person or entity that perform tasks posted by Customers

Personal data – means any information relating to an identified or identifiable Data subjects

Personal data breach – Incident wherein information is stolen or taken from a system without the knowledge or authorization of the system's owner

Sub-processors – Third party processor engaged by a Processor who has or will have access to or process Personal Data from a Controller

The Parties hereby conclude the EU Standard Contractual Clauses (issued by the EU Commission by the Commission Implementing Decision (EU) 2021/914 of 4 June 2021) between Toloka (Processor) and Toloker (Sub-Processor) (hereinafter – "Clauses").

(a) An entity that is not a Party to these Clauses may, with the agreement of the Parties, accede to these Clauses at any time, either as a data exporter or as a data importer, by adding itself to the Annex I and signing this Data Processing Agreement.

(b) Once it has been added to the Annex I and has signed this Data Processing Agreement, the acceding entity shall become a Party to these Clauses and have the rights and obligations of a data exporter or data importer in accordance with its designation in Annex I.

(c) The acceding entity shall have no rights or obligations arising under these Clauses from the period prior to becoming a Party.

In the event of a contradiction between these Clauses and the provisions of related agreements between the Parties existing at the time when these Clauses are agreed or entered into thereafter, these Clauses shall prevail.

The details of the processing operations, in particular the categories of Personal Data, the purposes for which the Personal Data is processed on behalf of the Controller and duration of the processing, are specified in Annex II.

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Processor (as the owner of the informational system used by Toloker) shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk. List of measures used by the Sub-Processor are included in the Annex III.

Toloker guarantees that they won't process, copy, share or do any other activity with Personal Data to which they have access that was given by the Controller as a part of provision of Services to Toloka within informational systems provided by Processor or Controller except on instructions from the Controller, unless they are required to do so by the competent supervisory authorities. Thus, Sub- Processor must refrain from (including, but not limited to):

  • Making photos of the screen with Personal Data provided by the Controller, making screenshots or screen recordings of such data;

  • Selling Personal Data provided by the Controller;

  • Let third parties complete tasks that are assigned to Toloker.

7.1. Each Party's liability for any breach of this Data Processing Agreement shall be subject to the limitations and exclusions of liability set out in the Agreement, provided that neither Party limits or excludes any liability that cannot be limited or excluded under applicable law.

7.2. Indemnities in case of Personal Data Breach is regulated in accordance with local legislation and judicial practice (if applicable in accordance with legal requirements).

8. All references of this Data Processing Agreement to requirements of data protection laws of shall be read as references to relevant requirements of applicable data protection laws, including, without limitation, data protection law of Switzerland.

9. Annexes I – III are attached to this Data Processing Agreement.

ANNEX I

List of parties

Processor:
TOLOKA AI AG Werftestrasse 4, 6005 Luzern, Switzerland Contact person's name, position and contact details:
Contact person's name, position and contact details: tolokercare@toloka.ai

Subprocessor(s):
Retained Experts who will be engaged to perform Controller's tasks via Mindrift Web Site

Availability – Ensuring timely and reliable access to and use of information

Controller – Person, company, or other body that determines the purpose and means of Personal Data processing (this can be determined alone, or jointly with another person/company/body)

Processor – Person, company, or other body which processes Personal Data on the Controller's behalf

Data subjects – Individual persons whose Personal Data is collected, held or processed by an organisation

Customers – Person or entity that post tasks on the Service

Toloka – Toloka AI AG (CHE- CHE-132.532.069, Werftestrasse 4, 6005 Luzern, Switzerland)

Tolokers – Person or entity that perform tasks posted by Customers

Personal data – means any information relating to an identified or identifiable Data subjects

Personal data breach – Incident wherein information is stolen or taken from a system without the knowledge or authorization of the system's owner

Sub-processors – Third party processor engaged by a Processor who has or will have access to or process Personal Data from a Controller

The Parties hereby conclude the EU Standard Contractual Clauses (issued by the EU Commission by the Commission Implementing Decision (EU) 2021/914 of 4 June 2021) between Toloka (Processor) and Toloker (Sub-Processor) (hereinafter – "Clauses").

(a) An entity that is not a Party to these Clauses may, with the agreement of the Parties, accede to these Clauses at any time, either as a data exporter or as a data importer, by adding itself to the Annex I and signing this Data Processing Agreement.

(b) Once it has been added to the Annex I and has signed this Data Processing Agreement, the acceding entity shall become a Party to these Clauses and have the rights and obligations of a data exporter or data importer in accordance with its designation in Annex I.

(c) The acceding entity shall have no rights or obligations arising under these Clauses from the period prior to becoming a Party.

In the event of a contradiction between these Clauses and the provisions of related agreements between the Parties existing at the time when these Clauses are agreed or entered into thereafter, these Clauses shall prevail.

The details of the processing operations, in particular the categories of Personal Data, the purposes for which the Personal Data is processed on behalf of the Controller and duration of the processing, are specified in Annex II.

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Processor (as the owner of the informational system used by Toloker) shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk. List of measures used by the Sub-Processor are included in the Annex III.

Toloker guarantees that they won't process, copy, share or do any other activity with Personal Data to which they have access that was given by the Controller as a part of provision of Services to Toloka within informational systems provided by Processor or Controller except on instructions from the Controller, unless they are required to do so by the competent supervisory authorities. Thus, Sub- Processor must refrain from (including, but not limited to):

  • Making photos of the screen with Personal Data provided by the Controller, making screenshots or screen recordings of such data;

  • Selling Personal Data provided by the Controller;

  • Let third parties complete tasks that are assigned to Toloker.

7.1. Each Party's liability for any breach of this Data Processing Agreement shall be subject to the limitations and exclusions of liability set out in the Agreement, provided that neither Party limits or excludes any liability that cannot be limited or excluded under applicable law.

7.2. Indemnities in case of Personal Data Breach is regulated in accordance with local legislation and judicial practice (if applicable in accordance with legal requirements).

8. All references of this Data Processing Agreement to requirements of data protection laws of shall be read as references to relevant requirements of applicable data protection laws, including, without limitation, data protection law of Switzerland.

9. Annexes I – III are attached to this Data Processing Agreement.

Availability – Ensuring timely and reliable access to and use of information

Controller – Person, company, or other body that determines the purpose and means of Personal Data processing (this can be determined alone, or jointly with another person/company/body)

Processor – Person, company, or other body which processes Personal Data on the Controller's behalf

Data subjects – Individual persons whose Personal Data is collected, held or processed by an organisation

Customers – Person or entity that post tasks on the Service

Toloka – Toloka AI AG (CHE- CHE-132.532.069, Werftestrasse 4, 6005 Luzern, Switzerland)

Tolokers – Person or entity that perform tasks posted by Customers

Personal data – means any information relating to an identified or identifiable Data subjects

Personal data breach – Incident wherein information is stolen or taken from a system without the knowledge or authorization of the system's owner

Sub-processors – Third party processor engaged by a Processor who has or will have access to or process Personal Data from a Controller

The Parties hereby conclude the EU Standard Contractual Clauses (issued by the EU Commission by the Commission Implementing Decision (EU) 2021/914 of 4 June 2021) between Toloka (Processor) and Toloker (Sub-Processor) (hereinafter – "Clauses").

(a) An entity that is not a Party to these Clauses may, with the agreement of the Parties, accede to these Clauses at any time, either as a data exporter or as a data importer, by adding itself to the Annex I and signing this Data Processing Agreement.

(b) Once it has been added to the Annex I and has signed this Data Processing Agreement, the acceding entity shall become a Party to these Clauses and have the rights and obligations of a data exporter or data importer in accordance with its designation in Annex I.

(c) The acceding entity shall have no rights or obligations arising under these Clauses from the period prior to becoming a Party.

In the event of a contradiction between these Clauses and the provisions of related agreements between the Parties existing at the time when these Clauses are agreed or entered into thereafter, these Clauses shall prevail.

The details of the processing operations, in particular the categories of Personal Data, the purposes for which the Personal Data is processed on behalf of the Controller and duration of the processing, are specified in Annex II.

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Processor (as the owner of the informational system used by Toloker) shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk. List of measures used by the Sub-Processor are included in the Annex III.

Toloker guarantees that they won't process, copy, share or do any other activity with Personal Data to which they have access that was given by the Controller as a part of provision of Services to Toloka within informational systems provided by Processor or Controller except on instructions from the Controller, unless they are required to do so by the competent supervisory authorities. Thus, Sub- Processor must refrain from (including, but not limited to):

  • Making photos of the screen with Personal Data provided by the Controller, making screenshots or screen recordings of such data;

  • Selling Personal Data provided by the Controller;

  • Let third parties complete tasks that are assigned to Toloker.

7.1. Each Party's liability for any breach of this Data Processing Agreement shall be subject to the limitations and exclusions of liability set out in the Agreement, provided that neither Party limits or excludes any liability that cannot be limited or excluded under applicable law.

7.2. Indemnities in case of Personal Data Breach is regulated in accordance with local legislation and judicial practice (if applicable in accordance with legal requirements).

8. All references of this Data Processing Agreement to requirements of data protection laws of shall be read as references to relevant requirements of applicable data protection laws, including, without limitation, data protection law of Switzerland.

9. Annexes I – III are attached to this Data Processing Agreement.

ANNEX II

Description of the processing

Categories of Data subjects whose Personal Data is processed - Natural persons whose Personal Data are contained in Customer's dataset and/or are required to perform tasks

Categories of Personal Data processed - Any Personal Data contained in Customer's dataset and/or required to perform tasks -Sensitive data processed (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialized training), keeping a record of access to the data, restrictions for onward transfers or additional security measures.

Sensitive Personal Data contained in Customer's dataset and/or required to perform tasks. Strict purpose limitation and access restrictions are employed.

Nature of the processing - The Sub-Processor provides the Controller with Services specified in the task provided by Controller. The Sub-Processor performs on behalf of the Controller operations on Personal Data required to provide the service: Collection, organisation, structuring, adaptation or alteration, use, alignment or combination.

Purpose(s) for which the Personal Data is processed on behalf of the Controller

  • Execution of tasks by Experts;

  • Execution of tasks by Experts, which, at the request of the Customer, may contain Personal Data;

  • Communication between the Customer and the Expert, when the Expert performs tasks for this Customer.

Duration of the processing - Duration of the processing is limited by the period of completion of a specific task.

Availability – Ensuring timely and reliable access to and use of information

Controller – Person, company, or other body that determines the purpose and means of Personal Data processing (this can be determined alone, or jointly with another person/company/body)

Processor – Person, company, or other body which processes Personal Data on the Controller's behalf

Data subjects – Individual persons whose Personal Data is collected, held or processed by an organisation

Customers – Person or entity that post tasks on the Service

Toloka – Toloka AI AG (CHE- CHE-132.532.069, Werftestrasse 4, 6005 Luzern, Switzerland)

Tolokers – Person or entity that perform tasks posted by Customers

Personal data – means any information relating to an identified or identifiable Data subjects

Personal data breach – Incident wherein information is stolen or taken from a system without the knowledge or authorization of the system's owner

Sub-processors – Third party processor engaged by a Processor who has or will have access to or process Personal Data from a Controller

The Parties hereby conclude the EU Standard Contractual Clauses (issued by the EU Commission by the Commission Implementing Decision (EU) 2021/914 of 4 June 2021) between Toloka (Processor) and Toloker (Sub-Processor) (hereinafter – "Clauses").

(a) An entity that is not a Party to these Clauses may, with the agreement of the Parties, accede to these Clauses at any time, either as a data exporter or as a data importer, by adding itself to the Annex I and signing this Data Processing Agreement.

(b) Once it has been added to the Annex I and has signed this Data Processing Agreement, the acceding entity shall become a Party to these Clauses and have the rights and obligations of a data exporter or data importer in accordance with its designation in Annex I.

(c) The acceding entity shall have no rights or obligations arising under these Clauses from the period prior to becoming a Party.

In the event of a contradiction between these Clauses and the provisions of related agreements between the Parties existing at the time when these Clauses are agreed or entered into thereafter, these Clauses shall prevail.

The details of the processing operations, in particular the categories of Personal Data, the purposes for which the Personal Data is processed on behalf of the Controller and duration of the processing, are specified in Annex II.

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Processor (as the owner of the informational system used by Toloker) shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk. List of measures used by the Sub-Processor are included in the Annex III.

Toloker guarantees that they won't process, copy, share or do any other activity with Personal Data to which they have access that was given by the Controller as a part of provision of Services to Toloka within informational systems provided by Processor or Controller except on instructions from the Controller, unless they are required to do so by the competent supervisory authorities. Thus, Sub- Processor must refrain from (including, but not limited to):

  • Making photos of the screen with Personal Data provided by the Controller, making screenshots or screen recordings of such data;

  • Selling Personal Data provided by the Controller;

  • Let third parties complete tasks that are assigned to Toloker.

7.1. Each Party's liability for any breach of this Data Processing Agreement shall be subject to the limitations and exclusions of liability set out in the Agreement, provided that neither Party limits or excludes any liability that cannot be limited or excluded under applicable law.

7.2. Indemnities in case of Personal Data Breach is regulated in accordance with local legislation and judicial practice (if applicable in accordance with legal requirements).

8. All references of this Data Processing Agreement to requirements of data protection laws of shall be read as references to relevant requirements of applicable data protection laws, including, without limitation, data protection law of Switzerland.

9. Annexes I – III are attached to this Data Processing Agreement.

Availability – Ensuring timely and reliable access to and use of information

Controller – Person, company, or other body that determines the purpose and means of Personal Data processing (this can be determined alone, or jointly with another person/company/body)

Processor – Person, company, or other body which processes Personal Data on the Controller's behalf

Data subjects – Individual persons whose Personal Data is collected, held or processed by an organisation

Customers – Person or entity that post tasks on the Service

Toloka – Toloka AI AG (CHE- CHE-132.532.069, Werftestrasse 4, 6005 Luzern, Switzerland)

Tolokers – Person or entity that perform tasks posted by Customers

Personal data – means any information relating to an identified or identifiable Data subjects

Personal data breach – Incident wherein information is stolen or taken from a system without the knowledge or authorization of the system's owner

Sub-processors – Third party processor engaged by a Processor who has or will have access to or process Personal Data from a Controller

The Parties hereby conclude the EU Standard Contractual Clauses (issued by the EU Commission by the Commission Implementing Decision (EU) 2021/914 of 4 June 2021) between Toloka (Processor) and Toloker (Sub-Processor) (hereinafter – "Clauses").

(a) An entity that is not a Party to these Clauses may, with the agreement of the Parties, accede to these Clauses at any time, either as a data exporter or as a data importer, by adding itself to the Annex I and signing this Data Processing Agreement.

(b) Once it has been added to the Annex I and has signed this Data Processing Agreement, the acceding entity shall become a Party to these Clauses and have the rights and obligations of a data exporter or data importer in accordance with its designation in Annex I.

(c) The acceding entity shall have no rights or obligations arising under these Clauses from the period prior to becoming a Party.

In the event of a contradiction between these Clauses and the provisions of related agreements between the Parties existing at the time when these Clauses are agreed or entered into thereafter, these Clauses shall prevail.

The details of the processing operations, in particular the categories of Personal Data, the purposes for which the Personal Data is processed on behalf of the Controller and duration of the processing, are specified in Annex II.

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Processor (as the owner of the informational system used by Toloker) shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk. List of measures used by the Sub-Processor are included in the Annex III.

Toloker guarantees that they won't process, copy, share or do any other activity with Personal Data to which they have access that was given by the Controller as a part of provision of Services to Toloka within informational systems provided by Processor or Controller except on instructions from the Controller, unless they are required to do so by the competent supervisory authorities. Thus, Sub- Processor must refrain from (including, but not limited to):

  • Making photos of the screen with Personal Data provided by the Controller, making screenshots or screen recordings of such data;

  • Selling Personal Data provided by the Controller;

  • Let third parties complete tasks that are assigned to Toloker.

7.1. Each Party's liability for any breach of this Data Processing Agreement shall be subject to the limitations and exclusions of liability set out in the Agreement, provided that neither Party limits or excludes any liability that cannot be limited or excluded under applicable law.

7.2. Indemnities in case of Personal Data Breach is regulated in accordance with local legislation and judicial practice (if applicable in accordance with legal requirements).

8. All references of this Data Processing Agreement to requirements of data protection laws of shall be read as references to relevant requirements of applicable data protection laws, including, without limitation, data protection law of Switzerland.

9. Annexes I – III are attached to this Data Processing Agreement.

ANNEX III

Technical and organizational measures including technical and organizational measures to ensure the security of the data

Description of the technical and organizational security measures implemented by the Sub- Processor(s) (including any relevant certifications) to ensure an appropriate level of security, taking into account the nature, scope, context and purpose of the processing, as well as the risks for the rights and freedoms of natural persons:

  • For the secure storing and processing of Personal Data, we use the Microsoft Azure platform, which provides the highest level of data protection in the industry. The platform is certified according to the basic information security standards: CSA, SOC2, ISO 27001 and etc. (https://learn.microsoft.com/en-us/azure/compliance/offerings/offering-soc-2);

  • Information security management system has been implemented and certified with ISO 27001 and ISO 27701;

  • TLS is used to protect data during transmission. TLSv1.3 is supported;

  • Centralized authentication system implemented in Azure and used to ensure secure user management (https://download.microsoft.com/download/A/A/4/AA48DC38-DBC8-4C5E-AF07-D1433B55363D/Azure-AD-Data-Security-Considerations.pdf). Access control process has been implemented;

  • All data bases are encrypted at rest;

  • Backups are performed daily. All backups are encrypted;

  • The processor has developed and adopted a number of policies, including but not limited to:

    • Information Security Policy

    • Sensitive User Data Usage Policy

    • Incident Management Policy

    • Malware Protection Policy

    • Regulations for Access Control

For transfers to sub-processors, also describe the specific technical and organizational measures to be taken by the sub-processor to be able to provide assistance to the Controller:

For transfers to sub-processors that are necessary to ensure technical measures that Data subjects are afforded a level of protection that is essentially equivalent to that are implemented by the Sub- Processor.

Description of the specific technical and organizational measures to be taken by the Sub-Processor to be able to provide assistance to the Processor:

Technical and organizational measures to be taken by the Sub-Processor to be able to provide assistance to the Processor are afforded a level of protection that is essentially equivalent to that are implemented by the Processor.

Availability – Ensuring timely and reliable access to and use of information

Controller – Person, company, or other body that determines the purpose and means of Personal Data processing (this can be determined alone, or jointly with another person/company/body)

Processor – Person, company, or other body which processes Personal Data on the Controller's behalf

Data subjects – Individual persons whose Personal Data is collected, held or processed by an organisation

Customers – Person or entity that post tasks on the Service

Toloka – Toloka AI AG (CHE- CHE-132.532.069, Werftestrasse 4, 6005 Luzern, Switzerland)

Tolokers – Person or entity that perform tasks posted by Customers

Personal data – means any information relating to an identified or identifiable Data subjects

Personal data breach – Incident wherein information is stolen or taken from a system without the knowledge or authorization of the system's owner

Sub-processors – Third party processor engaged by a Processor who has or will have access to or process Personal Data from a Controller

The Parties hereby conclude the EU Standard Contractual Clauses (issued by the EU Commission by the Commission Implementing Decision (EU) 2021/914 of 4 June 2021) between Toloka (Processor) and Toloker (Sub-Processor) (hereinafter – "Clauses").

(a) An entity that is not a Party to these Clauses may, with the agreement of the Parties, accede to these Clauses at any time, either as a data exporter or as a data importer, by adding itself to the Annex I and signing this Data Processing Agreement.

(b) Once it has been added to the Annex I and has signed this Data Processing Agreement, the acceding entity shall become a Party to these Clauses and have the rights and obligations of a data exporter or data importer in accordance with its designation in Annex I.

(c) The acceding entity shall have no rights or obligations arising under these Clauses from the period prior to becoming a Party.

In the event of a contradiction between these Clauses and the provisions of related agreements between the Parties existing at the time when these Clauses are agreed or entered into thereafter, these Clauses shall prevail.

The details of the processing operations, in particular the categories of Personal Data, the purposes for which the Personal Data is processed on behalf of the Controller and duration of the processing, are specified in Annex II.

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Processor (as the owner of the informational system used by Toloker) shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk. List of measures used by the Sub-Processor are included in the Annex III.

Toloker guarantees that they won't process, copy, share or do any other activity with Personal Data to which they have access that was given by the Controller as a part of provision of Services to Toloka within informational systems provided by Processor or Controller except on instructions from the Controller, unless they are required to do so by the competent supervisory authorities. Thus, Sub- Processor must refrain from (including, but not limited to):

  • Making photos of the screen with Personal Data provided by the Controller, making screenshots or screen recordings of such data;

  • Selling Personal Data provided by the Controller;

  • Let third parties complete tasks that are assigned to Toloker.

7.1. Each Party's liability for any breach of this Data Processing Agreement shall be subject to the limitations and exclusions of liability set out in the Agreement, provided that neither Party limits or excludes any liability that cannot be limited or excluded under applicable law.

7.2. Indemnities in case of Personal Data Breach is regulated in accordance with local legislation and judicial practice (if applicable in accordance with legal requirements).

8. All references of this Data Processing Agreement to requirements of data protection laws of shall be read as references to relevant requirements of applicable data protection laws, including, without limitation, data protection law of Switzerland.

9. Annexes I – III are attached to this Data Processing Agreement.

Availability – Ensuring timely and reliable access to and use of information

Controller – Person, company, or other body that determines the purpose and means of Personal Data processing (this can be determined alone, or jointly with another person/company/body)

Processor – Person, company, or other body which processes Personal Data on the Controller's behalf

Data subjects – Individual persons whose Personal Data is collected, held or processed by an organisation

Customers – Person or entity that post tasks on the Service

Toloka – Toloka AI AG (CHE- CHE-132.532.069, Werftestrasse 4, 6005 Luzern, Switzerland)

Tolokers – Person or entity that perform tasks posted by Customers

Personal data – means any information relating to an identified or identifiable Data subjects

Personal data breach – Incident wherein information is stolen or taken from a system without the knowledge or authorization of the system's owner

Sub-processors – Third party processor engaged by a Processor who has or will have access to or process Personal Data from a Controller

The Parties hereby conclude the EU Standard Contractual Clauses (issued by the EU Commission by the Commission Implementing Decision (EU) 2021/914 of 4 June 2021) between Toloka (Processor) and Toloker (Sub-Processor) (hereinafter – "Clauses").

(a) An entity that is not a Party to these Clauses may, with the agreement of the Parties, accede to these Clauses at any time, either as a data exporter or as a data importer, by adding itself to the Annex I and signing this Data Processing Agreement.

(b) Once it has been added to the Annex I and has signed this Data Processing Agreement, the acceding entity shall become a Party to these Clauses and have the rights and obligations of a data exporter or data importer in accordance with its designation in Annex I.

(c) The acceding entity shall have no rights or obligations arising under these Clauses from the period prior to becoming a Party.

In the event of a contradiction between these Clauses and the provisions of related agreements between the Parties existing at the time when these Clauses are agreed or entered into thereafter, these Clauses shall prevail.

The details of the processing operations, in particular the categories of Personal Data, the purposes for which the Personal Data is processed on behalf of the Controller and duration of the processing, are specified in Annex II.

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Processor (as the owner of the informational system used by Toloker) shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk. List of measures used by the Sub-Processor are included in the Annex III.

Toloker guarantees that they won't process, copy, share or do any other activity with Personal Data to which they have access that was given by the Controller as a part of provision of Services to Toloka within informational systems provided by Processor or Controller except on instructions from the Controller, unless they are required to do so by the competent supervisory authorities. Thus, Sub- Processor must refrain from (including, but not limited to):

  • Making photos of the screen with Personal Data provided by the Controller, making screenshots or screen recordings of such data;

  • Selling Personal Data provided by the Controller;

  • Let third parties complete tasks that are assigned to Toloker.

7.1. Each Party's liability for any breach of this Data Processing Agreement shall be subject to the limitations and exclusions of liability set out in the Agreement, provided that neither Party limits or excludes any liability that cannot be limited or excluded under applicable law.

7.2. Indemnities in case of Personal Data Breach is regulated in accordance with local legislation and judicial practice (if applicable in accordance with legal requirements).

8. All references of this Data Processing Agreement to requirements of data protection laws of shall be read as references to relevant requirements of applicable data protection laws, including, without limitation, data protection law of Switzerland.

9. Annexes I – III are attached to this Data Processing Agreement.

Previous versions of the document: https://join.toloka.ai/legal/user-agreement/08042024