re.alto General Terms & Conditions for API Platform use – Annex 2 AUP

Version 06/04/2020

Annex 1 – Acceptable Use Policy for the API Platform

I. General
Capitalised terms used in this Acceptable Use Policy shall have the meaning set forth in Annex 1 to the re.alto General Terms and Conditions (GTC).

II. Use of the API Platform

  1. Any End-User of the API platform undertakes to use the API Platform at all times in compliance with this Acceptable Use Policy
  2. The use of the API Platform by an End-User is subject to compliance by the User with the GTC, as amended from time to time, as may be consulted here: https://realto.io/general-terms-and-conditions/.
  3. Subject to the terms of the AUP, re.alto hereby grants the End-User a non-exclusive, non-transferable, non-sublicensable, limited right and license to use the API Platform for its intended purposes. in order to provide re.alto Services, on condition of the User’s complete payment of applicable Fees and Remuneration and compliance with the GTCs. The rights granted herein are subject to the User’s compliance with the GTCs. End-Users shall only use the API Platform and re.alto Services for their intended purposes, with due care and diligence.
  4. The End-User understands that the API Platform is the full property of re.alto and recognizes all intellectual property rights vested therein. The End-User shall in no way harm or undermine re.alto’s rights connected to the API Platform and re.alto Services, nor the Providers’ rights in relation to Provider Services.
  5. The End-User represents and warrants having all the necessary powers of representation to carry-out all activities it conducts through the API Platform and in relation to re.alto and Provider Services, including the placement of any orders.
  6. The End-User commits not to:
    i) disable, interfere with or circumvent any aspect of the API Platform, or the equipment used to provide the API Platform;
    ii) generate, distribute, publish or facilitate unsolicited mass email, promotions, advertisings or other solicitations (“spam”);
    iii) license, sublicense, sell, resell, rent, lease, transfer, assign, distribute, or otherwise commercially exploit or make the re.alto Services and the API Platform available to any third-party;
    iv) modify, adapt, or hack the API Platform or otherwise attempt to gain unauthorized access to the re.alto Services, Provider Services, or related systems or networks;
    v) falsely imply any association or partnership with re.alto;
    vi) use or encourage the use of re.alto Service in any unlawful manner, including but not limited to violation of any third party intellectual property, privacy rights or image rights;
    vii) use the re.alto Services in any manner that interferes with or disrupts the integrity or performance of the re.alto Services, the API Platform, Provider Services, and/or its components;
    viii) attempt to decipher, decompile, reverse engineer or otherwise discover the source code of the API Platform, the re.alto Services, Provider Services, or other proprietary re.alto software;
    ix) use the re.alto Services to post transmit, upload, link to, send or store any Malicious Software;
    x) use the re.alto Services and API Platform in relation to any illicit activity;
    xi) obtain or attempt to obtain any materials, documents or information, including namely but not exclusively personal identification, password and other information of any other End-User through any means not purposely made available through the re.alto Services;
    xii) probe, scan, or test the vulnerability of any system or network of re.alto or breach any security or authentication measures, avoid, bypass, remove, deactivate, impair, descramble, or otherwise circumvent any technological measure implemented by re.alto to protect the re.alto Services, the API Platform or other proprietary software;
    xiii) misrepresent oneself or one’s powers, act beyond the scope of one’s authorized powers of representation, or impersonate another individual or entity.
  7. The re.alto account details, including usernames and passwords, must be kept confidential. End-Users are responsible for their re.alto Account details. Should the re.alto Account details be lost or made public, the End-User must immediately take the necessary steps to recuperate access to their account through the lost password procedure on the API Platform or change their password through the available API Platform options. re.alto shall not be held liable in the event of third-party’s unauthorized access to the re.alto Account.
  8. Without prejudice to the provisions of the GTC, in the event of the violation of the present AUP, re.alto is entitled to immediately suspend the End-User’s and User’s access to the API Platform or Provider Services until the violation is remedied. Should the End-User refuse to cure the breach in the allotted time period, re.alto can terminate and permanently delete the End-User Account.
  9. If the End-User provides any feedback or makes suggestions regarding the API Platform, re.alto may use that information without any obligation or indemnity being due to the End-User. The End-User hereby waives any right with regard to the feedback and agrees to irrevocably assign to re.alto all right, title, and interest therein.

III.- Data protection

  1. re.alto, located at Keizerslaan 20, 1000 Brussels (registered under 0731.852.330), can be considered the personal data controller. An End-User can contact re.alto at +32 28 918 072 or reach the re.alto Data Protection Officer (DPO) at : legalnotices@realto.io.
  2. re.alto shall process End-User personal data, such as End-User identification, contact information, and professional history and occupation, including for example, name, e-mail address, phone number, country of residence, job title, industry segment and employer.

This is done for the following purposes and based on the following grounds:

PurposeLegal basis
The ordering and performance of re.alto Services, Provider Services, the use of the API Platform, and User administration in relation of the API Platform and the GTCs.Depending on the quality of the End-User, these acts are either necessary for the performance of the re.alto GTCs or the contract between the End-User and User, by virtue of which the End-User acts for the User.
It is also based on re.alto and the User’s legitimate interest on the one hand to perform a service contract (provide commercial services on the market) and, on the other, benefit from and contract those services.
The promotion and publicity of RE.Alto Services, including new Provider Services offered through the API Platform.It is based on RE.Alto’s legitimate interest to promote and develop re.alto Services and publicize its activities.
This is further based on the soft opt-in applicable under the e-privacy directive.
  1. Personal data may be shared with other re.alto affiliates or with any agents carrying out processing activities on its behalf, such as website hosting services. The requisite legal measures have been taken in order to safeguard personal data protection and compliance with applicable legislation. Personal data shall not be transferred to any recipients outside the European Economic Area (EEA). Should the personal data be transferred outside of the EEA, then re.alto shall implement the necessary safeguards to ensure an adequate level of protection in accordance with the General Data Protection Regulation (GDPR), for more information regarding the measures, please contact the re.alto DPO.
  2. Personal data will be stored as long as necessary to fulfill the purposes of processing: it shall be stored for so long as the End-User holds a re.alto account, and for one year thereafter. Any personal data that may give rise to legal effects may be archived for evidentiary purposes for a period equal to the statute of limitation (most often 10 years).
  3. As a data subject, all End-Users have the following rights:
    • To request access to their personal data;
    • To obtain the rectification of any inaccurate personal data;
    • To obtain the erasure of personal data, under the applicable legal conditions;
    • To limit the processing activities to which the personal data is subject, under the applicable legal conditions;
    • To receive their personal data in a structured, commonly used and machine-readable format, and have the personal data transmitted to another controller, under the applicable legal conditions;
    • If processing is based on consent, to withdraw consent at any time (although this does not impact the lawfulness of past processing activities);
    • To lodge a complaint with the national supervisory authority (https://www.autoriteprotectiondonnees.be) ;
    • To the extent any automated decision making would be involved, you have the right not to be subject to a decision (which engenders legal effects) based solely on automated decision making.
    For any explanation of the applicable legal conditions you can consult: https://www.autoriteprotectiondonnees.be/reglement-general-sur-la-protection-des-donnees-citoyen or write to the re.alto DPO.
  4. The personal data requested is necessary to perform the re.alto Services and comply with the GTC. If the personal data is not provided then re.alto shall not be able to provide re.alto Services. Any voluntary personal data will not be marked with an asterisk.