Acceptable Use Policy

Release: September 2022

Content

  1. Privacy and Data Processing
  2. Use of the Services
  3. Social Media Posts
  4. External Services
  5. Sensitive Personal Data
  6. Prohibited Material
  7. Mentions
  8. Crawled Content
  9. U.S. Digital Millennium Copyright Act
  10. Remedies for Breach
  11. Amending this Policy
This Acceptable Use Policy (‘Policy’) describes certain terms, features, restrictions, licenses and notices associated with providing the Lexer Services.  Please refer to your Master Services Agreement and associated Work Orders (or similar documentation) for other applicable terms. Capitalised terms not defined in this Policy are defined in the Master Services Agreement or any applicable Work Order.

As shown in Figure 1 below, which is also shown in Our Master Services Agreement with You, this document is the document labelled “D”, and may be updated from time to time as published on lexer.io/legal.
Figure 1.

1. Privacy and Data Processing

1.1.
Your Privacy Requirements. Without limiting any other clause of this Policy or the Agreement:
1.1.1.
You must publish a privacy policy that complies with applicable Privacy Laws; and
1.1.2.
You are responsible for the accuracy, quality, integrity and legality of Your Data and the means by which You acquired Your Data (including ensuring a legal basis for collection and sharing of Personal Information with Us before including it in Your Data).
1.2.
Our Privacy Requirements: Without limiting any other Section of this Agreement (including any parts incorporated by reference):
1.2.1.
We must in respect of all Personal Information held in connection with this Agreement comply with any reasonable requests or directions issued by You from time to time arising from the exercise of the functions of any privacy regulator;
1.2.2.
We must ensure that any subcontractor or supplier to whom We disclose Personal Information complies with applicable Privacy Laws and Your requirements specified in this Agreement or your Privacy Policy.
1.2.3.
We must not, in respect of any Personal Data held in connection with the DPA, without the prior written approval of Controller (including in the Main Agreement), disclose, transfer or permit the disclosure or transfer outside of the information outside of the data location specified (if any) in the Main Agreement. 
1.2.4.
Where You have approved the disclosure or transfer of Personal Information outside of the Data Location (including in any Work Order), We must take reasonable steps to ensure that the overseas recipient is subject to (via agreement or law)  privacy protection obligations that are substantially similar to Our obligations under the Privacy Law and this Agreement.
1.2.5.
Subject to clause 1.2.3, Personal Information held in connection with this Agreement must be stored in the Data Location only and, in the event that any Personal Information is to be stored by Us on a cloud server, the cloud server must be located in a secure data centre in the Data Location.
1.3.
Complaints handling:  We must inform You within 5 Business Days:
1.3.1.
if a request is received from a person to inspect, access or change Personal Information relating to that person; or
1.3.2.
of any privacy complaints received from a person or any events relating to Personal Information which may cause the Privacy Laws to be breached, and comply with the reasonable directions of You regarding any request or complaint received.
1.4.
Mandatory Data Breach Protection: If We become aware of, or have a reasonable suspicion that there has been any unauthorised access to, or disclosure or loss of, any Personal Information that has been collected from or on behalf of You, directly or indirectly, pursuant to this Agreement We must notify You immediately ('Breach').  In the event of a Breach, We must:
1.4.1.
cooperate with You or any appointed authority in relation to any ensuing investigation or enquiry relating to the Breach;
1.4.2.
cooperate with You or any appointed authority in relation to the preparation of any determination, statement or notice regarding the Breach, and any notifications to affected individuals; and
1.4.3.
cooperate with You or any appointed authority in relation to the provision of information surrounding the circumstances of the Breach, such information which should include: the Personal Information in question; the individuals that are likely to be affected by the Breach; details of the security measures in place and how these may be improved; and all other information relevant for an investigation.
1.4.4.
We must follow Your reasonable directions in relation to any interactions We have with any individuals who may be potentially potentially affected by a Breach or a notification under clauses 1.4 and 1.5.
1.5.
Notification processes:
1.5.1.
In the event of a disagreement between You and Us as to whether or not a Notification should be provided, the disagreeing Party must provide written notice of the basis of its disagreement to the other Party. The Parties must act in good faith to agree on whether or not to provide the Notification.
1.5.2.
If a party reasonably believes there is a legal requirement to submit a Notification, following the process set out in clause 1.5.1 above, either party may elect to provide a Notification, with written notice to the other party.
1.6.
Legal requests, subpoenas and court orders. Unless prohibited by law, We will notify you as soon as possible following receipt of a subpoena, court order or other valid legal request from a person, entity, governmental or law enforcement agency. As Your Data is owned by You, We will direct the requestor to You wherever possible. We will review each request for Your Data on a case-by-case basis and only comply if and to the extent we determine the request is lawful. If We must comply with the request, We will comply with clause 7.3 of the Agreement.

2. Use of the Services

2.1.
Account set up and use of the Services (Users). The following applies to Users when they are required to create an account and specify a password on one of Lexer’s websites in order to access Lexer Services:
2.1.1.
Account creation. The following applies to Users when they are required to create an account and specify a password on one of Lexer’s websites in order to access Lexer Services:
2.1.1.1.
To create an account, the User must be at least 18 years old and must provide truthful and accurate information about the User. 
2.1.1.2.
The User must not impersonate anyone else or use false information when creating the account.
2.1.1.3.
If the User’s information changes at any time, the User must promptly update the User’s account to reflect those changes.
2.1.1.4.
No User may share an account credentials or password with anyone else.
2.1.1.5.
The User must keep passwords confidential. 
2.1.1.6.
If you believe that your account has been compromised at any time, you must notify your system administrator.
2.2.
Usage Limits and Restrictions
2.2.1.
Licence Numbers. Services and Content are subject to usage limits, including, for example, the quantities specified in Work Orders. Unless otherwise specified:
2.2.1.1.
a quantity in a Work Order refers to Users, and the Service or Content may not be accessed by more than that number of Users; and 
2.2.1.2.
a User’s password or account with Us may not be shared with any other individual or third party, including within Your organisation.
2.2.2.
Meaning of ‘unlimited’. In relation to the Services, the term ‘unlimited’ does not mean infinite, particularly in relation to Users, monitored terms and application program interface (API) calls. If Your use of a particular part of the Service is more than 10x the client average, it may contribute to system performance issues for other clients and use in this manner breaches this Policy.
2.2.3.
Usage Restrictions. You may not, and may not allow any third-party, including You Users, to use Our Services (or information obtained using Our Services) or an External Service to:
2.2.3.1.
make any Service or Content available to, or use any Service or Content for the benefit of, anyone other than You or Users, unless expressly stated otherwise in a Work Order or the Security Documents, 
2.2.3.2.
sell, resell, license, sublicense, distribute, make available, rent or lease any Service or Content, or include any Service or Content in a service bureau or outsourcing offering, 
2.2.3.3.
send, upload, distribute or disseminate, or offer to do the same with respect to material that meets the criteria for Prohibited Content (see clause 6)
2.2.3.4.
use a Service or Non-Lexer Application to store or transmit a virus or malicious code,
2.2.3.5.
interfere with or disrupt the integrity or performance of any Service or third-party data contained therein,
2.2.3.6.
attempt to gain unauthorized access to any Service or Content or its related systems or networks,
2.2.3.7.
permit direct or indirect access to or use of any Service or Content in a way that circumvents a contractual usage limit, or use any of Our Services to access or use any of Our intellectual property except as permitted under this Agreement or a Work Order,
2.2.3.8.
copy a Service or any part, feature, function or user interface thereof,
2.2.3.9.
copy Content except as permitted herein or in a Work Order or the Acceptable Use Policy,
2.2.3.10.
frame or mirror any part of any Service or Content, other than framing on Your own intranets or otherwise for Your own internal business purposes or as permitted in the Acceptable Use Policy,
2.2.3.11.
access any Service or Content in order to build a competitive product or service or to benchmark with a Non-Lexer product or service,
2.2.3.12.
reverse engineer, decompile, modify, combine, create derivative works of, distribute or adapt any Service (to the extent such restriction is permitted by law), or
2.2.3.13.
use the Services in a manner that would violate laws prohibiting discrimination or to determine adverse terms and conditions or ineligibility for employment, credit, health care treatment or insurance. 
2.2.3.14.
imitate or impersonate another person or his, her or its email address, or otherwise engaging in "phishing" or "spoofing"
2.2.3.15.
generate or facilitate unsolicited email (spam), for example in violation of the U.S. CAN- SPAM Act, the Spam Act 2003 (Cth), or any other applicable anti-spam law in any applicable jurisdiction;
2.2.3.16.
generate or facilitate unsolicited SMS, MMS, or other text messages or push notifications that violate the Telephone Consumer Protection Act or any other applicable telemarketing or telephone consumer protection law or regulation sending email to individuals who have asked not to receive future messages from You.
2.2.3.17.
sell to, exchange with, share with or distribute to a third party personal information, including the email addresses of any person without such person's knowing and continued consent to such disclosure
2.2.3.18.
engage in, promote or facilitate illegal activity or violate any applicable local, state, national or international law or regulation (including without limitation data, privacy, and export control laws);
2.2.3.20.
interfere with other Users' enjoyment of Our Services;
2.2.3.21.
access (including through any interfaces provided with an External Service), any of Our products or services, or other service or website, in a manner that violates the terms for use of or access to such service or website;
2.2.3.22.
perform significant load or security testing without first obtaining Our written consent;
2.2.3.23.
remove any copyright, trade mark or other proprietary rights notices contained in or on the Service or reformat or frame any portion of the web pages that are part of the Service's administration display; or
2.2.3.24.
disable, avoid, or circumvent, damage or otherwise interfere with any security or access-related features or restrictions of Our Services, features that prevent or restrict the use or copying of content from the Services, or features that enforce limitations on the use of the Services
2.3.
Breach of Usage Restrictions. Any use of the Services in breach of the Agreement, this Policy or Work Orders, by You or Users that in Our judgment threatens the security, integrity or availability of Our Services, may result in Our immediate suspension of the Services, however We will use commercially reasonable efforts under the circumstances to provide You with notice and an opportunity to remedy such violation or threat prior to such suspension.
2.4.
Planned Downtime. Our Agreement allows us to schedule periods where the Services may not be available for a set period of time (refer clause 1.1.3 of our Agreement). The term 'Planned Downtime' means where We give You at least 8 hours’ electronic notice of a scheduled period of downtime (including by way of publishing an update on status.lexer.io), and which We will schedule to the extent practicable during weekend or non-business hours (according to the region with the highest likely impact).

3. Social Media Posts

3.1.
Your rights to post social media content. We may provide opportunities for you to post text, photographs, videos, or other information (collectively, ‘Your Posts’) on social media networks (including Twitter, Facebook and Instagram) and other owned or third party systems via Our Services. You can only post Your Posts if you own all the rights to that content, or if another rights holder has given you permission.
3.2.
Limited licence to Us to Your Posts. You do not transfer ownership of Your Posts simply by posting it using the Services. However, by posting Your Posts, you grant us, our agents, licensees, and assigns an irrevocable, perpetual (non-exclusive) right and permission to reproduce, encode, store, copy, transmit, publish, post, broadcast, display, publicly perform, adapt, modify, create derivative works of, exhibit, and otherwise use Your Posts. Without those rights, we couldn’t offer the Services. Please note that this license continues even if you stop using the Services.
3.3.
Indemnity to Us regarding Your Posts. You agree to indemnify Us from any costs, damages, liability, claims, actions, loss, harm or expense arising out of any of Your Posts you post using the Services.

4. External Services

4.1.
Connection to External Services. Our Services allow users to interact with, including accessing Content and External Services (including, without limitation, social media and other websites, third party services, and platforms, including websites operated by or on behalf of You). While Your use of the features connected with the Services is governed by an Agreement with You, Your access and use of External Services features and the services provided through Our Services is governed by the terms of service and other agreements posted on those External Services sites. You are responsible for ensuring that your use of those External Services complies with any applicable terms of service or other agreements. A list of the current integrations offered with Our Services is located at https://learn.lexer.io/docs/marketing
4.2.
The following applies in relation to Your use of the features connected with External Services:
4.2.1.
You must enable Our Services to access their External Services accounts, as applicable.
4.2.2.
Our Services may access, collect, process, and/or store information or data from External Services accounts (including, but not limited to, information and data otherwise classified as Your Data under Your Agreement with Us).
4.2.3.
We may, without notice to You, delete from Our Services any information or data retrieved from External Services to the extent required by External Services providers, and, in the event customers have exported such information or data from Our Services to other Lexer services, then such exported information or data may also be subject to deletion without notice.
4.2.4.
Customers are solely responsible for:
4.2.4.1.
any information or data their users provide to any Third Party Platform; 
4.2.4.2.
their users’ interactions with or communications with third parties through any Third-Party Platforms; and
4.2.4.3.
any transactions relating to a separate agreement or arrangement between customers or their users and any Third- Party Platform provider or website.
4.3.
External Services. If You subscribe to a Service for sending electronic messages or for the creation and hosting of, or for posting content on, external-facing websites, that use by You is subject to these  external service provisions of the Acceptable Use Policy.

5. Sensitive Personal Data 

5.1.
Sensitive data prohibited. Unless expressly stated otherwise in a Work Order, the following types of sensitive personal data must not be submitted to Our Services:
5.1.1.
government-issued identification numbers (for example, drivers’ licence, social security or tax file numbers);
5.1.2.
financial information of end customers (such as credit or debit card numbers, any related security codes or passwords, and bank account numbers, but not including any financial information submitted for the purposes of payment of the account for Our Services);
5.1.3.
information related to an individual’s physical or mental health; and
5.1.4.
information related to the provision or payment of health care.

6. Prohibited Material

6.1.
Prohibited material. You may not use Our Services to solicit, display, store, process, send or transmit:
6.1.1.
material that infringes or misappropriates a third party's intellectual property or proprietary rights;
6.1.2.
content that promotes, condones, encourages or facilitates hate, violence or discrimination against people based on race, ethnicity, color, national origin, religion, age, gender, gender identity, sexual orientation, disability, medical condition, veteran status or any other characteristic;
6.1.3.
obscene, indecent, defamatory, libelous, deceptive, fraudulent, pornographic, harmful to minors, threatening, excessively profane or otherwise objectionable material;
6.1.4.
content that violates, encourages or furthers conduct that would violate any applicable laws;
6.1.5.
any of the categories of sensitive personal data referenced in clause 5 above;
6.1.6.
information related to children under the age of 13 (or in the European Economic Area, under 16);  
6.1.7.
material advocating or advancing computer hacking or cracking;
6.1.8.
material related to phishing or drug paraphernalia;
6.1.9.
malicious material;
6.1.10.
unlawful software;
6.1.11.
malicious code, such as viruses, worms, time bombs, Trojan horses and other harmful or malicious scripts, agents or programs; or
6.1.12.
material that violates or encourages conduct that would violate any applicable laws, including any criminal laws, or any third-party rights, including publicity or privacy rights.

7. Mentions

7.1.
Our Services provide You with access to Content that has been made publicly available on the Internet, including, but not limited to, links, posts and excerpts (each individual link, post or excerpt is referred to as a ‘Mention’). Mentions are made available to You through Our Services subject to the following conditions.
7.1.1.
We do not own or control Mentions.
7.1.2.
Mentions may be indecent, offensive, inaccurate, unlawful or otherwise objectionable.
7.1.3.
We are not obligated to preview, verify, flag, modify, filter, store or remove any Mentions, even if requested to do so by You, although We may do so in its sole discretion.
7.1.4.
Mentions may be used to create aggregations which do not reveal individual Mentions. These aggregations may be made available to third parties.
7.1.5.
Our Services provide customers with the source URL for Mentions, enabling direct access to, and the complete text of, each Mention from its original location so long as the applicable Mention is still available from its original source.
7.1.6.
Mentions are provided for Your internal use only and may not be redistributed or made available to third parties.
7.1.7.
You are responsible for complying with Your privacy obligations, including applicable laws and You data privacy policies, in Your collection and use of Mentions via Our Services.
7.1.8.
Mentions are presented to You in snippet form of up to 310 characters and are therefore decontextualized.
7.1.9.
You and Your Users accessing Mentions from jurisdictions that require a shorter form of snippeting are prohibited from accessing such Mentions. Our Services collect and store Mentions, which may include personal data, without consent. If You are subject to legal requirements that permit the processing of personal data that is publicly available, You can, when searching for Mentions, limit their search queries to return Mentions that are publicly available or have been recently made publicly available. You can select to retrieve Mentions derived from: 
7.1.9.1.
sources that provide Us with regular updates and deletion notices in relation to the Mentions provided by such source, such as Twitter; and/or
7.1.9.2.
a specific time period so as to only retrieve recently published Mentions. Further information about these controls are set our in the Marketing Cloud help and user documentation.

8. Crawled Content

8.1.
Our Services may provide access to Mentions that are sourced from the Internet and not through a direct licence agreement (‘Crawled Content’).
8.1.1.
Crawled Content is gathered by web crawlers (or robots) operated by Us and by web robots operated by third parties under agreements with Us.
8.1.2.
All web robots used by Us honor robots.txt protocols.
8.1.3.
We promptly comply with requests from owners, providers, and/or licensors of Crawled Content to discontinue making available their Crawled Content from Our Services.

9. U.S. Digital Millennium Copyright Act

9.1.
As a customer of Ours, Our policy regarding allegations of copyright infringement applies to Your use of Our Services.
9.2.
Third party copyright takedown requests. We will respond to notices alleging that any material uploaded by users of the Services infringes another person’s copyright. The reference used in this clause 9 to ‘DMCA’ is a reference to Title II of the Digital Millennium Copyright Act of 1998 (Section 512 of the U.S. Copyright Act) (the ‘DMCA’) applicable to the US, but other similar copyright takedown processes may apply in other regions. 
9.3.
Making a DMCA takedown request. If any person (whether a customer of Ours or otherwise) believes any material accessible on or from Our website or the Services infringes their copyright, they may request removal of those materials from Our website or the Services by contacting the Lexer copyright agent (identified below) and providing the following information:
9.3.1.
Identification of the copyrighted work that they believe to be infringed (including, wherever possible, specific location such as a URL of an authorised version of the work to make the request easier to verify).
9.3.2.
Identification of the material that they believe to be infringing and its location.  (including, wherever possible, specific location such as a URL of the allegedly infringing material, to make the request easier to verify).
9.3.3.
The requestor’s name, address, telephone number and (if available) email address.
9.3.4.
A declaration that they have a good faith belief that the use of the materials is not authorised by the copyright owner, its agent, or the law.
9.3.5.
A declaration that the information that they have supplied is accurate, and indicating that ‘under penalty of perjury’, they are the copyright owner or are authorised to act on the copyright owner’s behalf.
9.3.6.
A signature or the electronic equivalent from the copyright holder or authorised representative.
9.4.
Notifying us of a DMCA takedown request. Our agent for copyright issues relating to the Lexer website or Services is:
Lexer Legal
Lexer Pty ltd
86 Inkerman Street, St Kilda, Victoria, Australia, 3182
Phone: +61 3 7036 8405 (Australia)
+1 (650) 649-4138 (United States)
Email: legal@lexer.io
Please include the subject line: DMCA Takedown Request.
9.5.
Assessing a DMCA takedown request. We will review a request for accuracy, validity, and completeness. If a request has satisfied the requirements above, We will take action on the request. Our actions to comply with the request may include removing or disabling access to the allegedly infringing material and forwarding a full copy of your request (including the requestor’s name and contact information) to the user(s) engaged in the allegedly infringing activity. We will make a good faith effort to contact the affected user(s) with information concerning the removal or disabling of access.
9.6.
Contesting a DMCA takedown request. If You (as a customer of Ours) are the recipient of a takedown request, please read the request carefully. If you believe that the allegedly infringing material reported in the takedown request was misidentified, is not infringing, or was removed or disabled in error, you may send Us a counter-notification or you may seek a retraction of the takedown request from the requester (whose details will be provided to you as part of the DMCA takedown request).
9.7.
Sharing requestor information. We may, in our discretion, share a copy of a requestor’s DMCA takedown request or counter-notification with third parties (including for publication). If you are uncomfortable sharing your contact information, you may wish to consider appointing an agent to submit your request or counter-notification on your behalf. 
9.8.
Repeat infringer policy. In accordance with the DMCA and other applicable law, we have adopted a policy of terminating, in appropriate circumstances, Users who are deemed to be repeat infringers. We may also limit access to the Service and/or terminate the accounts of any Users who infringe any intellectual property rights of others, whether or not there is any repeat infringement.

10. Remedies for Breach

10.1.
Remedy where You breach this Policy. If We inform you that Your use of the Service is in breach of our Policy, You must promptly and in good faith respond to a request from Us to comply with the Policy. You agree to work with Us in good faith to remedy the issue by reducing the number of Users, terms, API calls, etc., as applicable.
10.2.
Repeated or serious breach of Policy. If we determine (in our sole discretion) that you engage in activities that seriously or repeatedly violates the Agreement or this Policy, or You authorise or help others to do so, We may suspend or terminate your use of the Services without notice or liability, and without limiting any other right or recourse We may also have. We have the right, but not the obligation, to monitor or investigate your use of the Services at any time for compliance with this Policy.

11. Amending this Policy

11.1.
We may amend this Policy. We may update this Policy from time to time by posting an updated version at lexer.io/legal and any such updates will be effective upon posting. When we update this Policy, the “Last Updated” date above will be updated to reflect the date of the most recent version. Your continued use of the Services constitutes your acceptance of the modified Policy. We encourage you to review this Policy regularly.
11.2.
Violation of Policy. If you become aware of any violation of this Policy, please contact us at report@lexer.io