Effective Date: the date of signing of the Cooperation Agreement
These General Terms of Service (the “Agreement”) govern the use of the inmall.io platform (the “Platform”) operated by INMALL SIA, a company incorporated in Latvia, registered under number 40203531565, with its registered office at Elizabetes 45/47, Rīga, LV-1010 (“INMALL”).
By creating an account or otherwise using the Platform, the User agrees to these Terms.

1. Definitions

• “User Content”: all information, data, and materials uploaded or entered into the Platform by the User.
• “Services”: the SaaS property management services provided via the Platform.
• “Data Protection Legislation”: GDPR (Regulation (EU) 2016/679), Latvian laws, and other applicable EU regulations.

2. Scope of Services
2.1. INMALL provides a SaaS platform for shopping center and property management, including tenant coordination, reporting, and administration functionalities.
2.2. All Users have access to the same functionality of the Platform. There are no service levels or subscription tiers.
2.3. INMALL may enhance or modify the Platform from time to time, provided such changes do not materially reduce core features.

3. Pricing and Billing
3.1. Shopping Centers: Access to the Platform is free of charge.
3.2. Tenants: A monthly fee of €0.10 per m² + VAT applies, invoiced via the shopping center’s monthly service charges under the line item “Shopping Center Administration System and Data Security.”
3.3. Implementation Fee: A one-time setup fee starting from €790 (excl. VAT) applies, covering onboarding, integrations, and training.
3.4. Billing: Tenant fees are invoiced monthly. All invoices must be paid within seven (7) calendar days.
3.5. Late Payments: Overdue invoices accrue default interest at 0.1% per day or the maximum permitted by Latvian law.
3.6. Fee Adjustments: INMALL may adjust fees with thirty (30) days’ prior written notice. Continued use constitutes acceptance.

4. Refund Policy
4.1. Except where required by law, all fees (including implementation) are non-refundable.

5. User Responsibilities & Account Security
5.1. The User shall:

• Provide accurate and current account details.
• Maintain the confidentiality of login credentials.
• Ensure all authorized users comply with these Terms.
• Notify INMALL immediately of any breach of security or unauthorized use of the account.

5.2. The User is fully responsible for:

• Safeguarding the password used to access the Services;
• All activities under their account, whether conducted through INMALL’s Services or via integrated third-party services.

5.3. Logo Upload: The User may upload their company logo to the Platform at their discretion. When doing so, the User must ensure that such uploads do not infringe the rights or legitimate interests of third parties or violate applicable laws. The User must only upload their own company logo or other material if they hold the rights to use it.
5.4. Access Rights: INMALL provides three types of access rights within the Platform:

• Owner: Full administrative rights, including managing account settings, billing, and assigning roles.
• Manager: Operational rights, including creating and managing content, accessing data, and overseeing day-to-day use of the Platform.
• Viewer: Limited rights, allowing read-only access to information without the ability to modify or manage settings.
• The User is responsible for assigning and managing these access rights for their organization.

5.5. Cybersecurity Obligations: The User undertakes to use devices protected by up-to-date antivirus and security software when accessing the Platform, and to avoid installing or running software that may introduce viruses, malware, or other harmful code. The User is also obliged to take reasonable precautions against cyberattacks, including maintaining operating system and application security updates.
5.6. The User must not:

• Use the Platform unlawfully or in violation of third-party rights;
• Upload or distribute viruses, malware, or harmful code;
• Resell, sublicense, or otherwise transfer access to the Services without prior written consent from INMALL.

6. Intellectual Property
6.1. INMALL owns all intellectual property in the Platform.
6.2. User Content remains User property.
6.3. By uploading Content, the User grants INMALL a limited license to process, store, and display such content for service delivery.

7. Data Protection and GDPR Compliance
7.1. The User is the Data Controller; INMALL acts as Data Processor.
7.2. The specific rules of processing are detailed in Annex 1 – Data Processing Agreement (DPA), which forms an integral part of this Agreement.
7.3. INMALL applies industry-standard security measures including:

• Encrypted data transmission (TLS/SSL).
• Encrypted backups and secure storage.
• Role-based access controls.
• Logging and monitoring.
• 7.4. Data breaches will be reported to the User within seventy-two (72) hours of discovery.
• 7.5. The User is responsible for ensuring lawful collection and use of personal data uploaded to the Platform.

8. Confidentiality
8.1. Each Party undertakes to treat all confidential information received from the other Party as strictly confidential and to use it only for the performance of this Agreement.
8.2. Confidentiality obligations shall not apply to information that:

• Is or becomes public knowledge other than by a breach of this clause;
• Is received from a third party who lawfully acquired it and is not under confidentiality restrictions;
• Was already lawfully in the possession of the receiving Party prior to disclosure;
• Is independently developed without access to the confidential information.
• 8.3. These obligations survive termination for three (3) years.

9. Service Availability & Support
9.1. INMALL aims to provide at least 99.5% uptime per month, excluding planned maintenance and force majeure.
9.2. Support response times:

• Critical issues: 4 hours
• High priority: 1 business day
• Standard: 3 business days

10. Third-Party Services
10.1. The Platform may connect to third-party services. INMALL is not responsible for their performance or policies.

11. Limitation of Liability
11.1. INMALL is not liable for indirect or consequential damages, including lost profits or data.
11.2. INMALL’s total liability is limited to the fees paid in the twelve (12) months preceding the claim.
11.3. Liability for gross negligence, willful misconduct, or GDPR violations is not excluded.

12. Suspension & Termination
12.1. Users may cancel with thirty (30) days’ notice.
12.2. INMALL may suspend or terminate accounts immediately for breaches.
12.3. Upon termination, the User has thirty (30) days to export data; thereafter, INMALL will delete data unless retention is required by law.

13. Governing Law & Dispute Resolution
13.1. This Agreement is governed by Latvian law.
13.2. Disputes shall first be resolved amicably within thirty (30) days.
13.3. Failing that, disputes are subject to the courts of Riga, Latvia.
13.4. For data protection, applicable EU laws (including GDPR) apply.

14. Amendments
14.1. INMALL may amend these Terms with thirty (30) days’ notice.
14.2. Continued use of the Platform constitutes acceptance of amendments.

15. Contact Information
INMALL SIA
Elizabetes 45/47, Rīga, LV-1010, Latvia
Email: info@inmall.io

Annex 1 – Data Processing Agreement (DPA)
This Data Processing Agreement (“DPA”) is annexed to and forms an integral part of the General Terms of Service between INMALL SIA (“Processor”) and the User (“Controller”).

1. Subject Matter and Duration

• The Processor shall process personal data on behalf of the User solely for the purpose of providing the Platform services.
• This DPA remains in force for as long as the Processor processes personal data on behalf of the User.

2. Roles and Responsibilities

• The User determines the purposes and means of the processing of personal data.
• The Processor shall process data only in accordance with the User’s documented instructions, unless otherwise required by law.
• The Processor shall immediately notify the User if an instruction appears unlawful.

3. Categories of Data Subjects and Data

• Data Subjects may include tenants, employees, contractors, visitors, and representatives of the shopping center or the User.
• Data Types may include identification and contact details (name, email, phone, role), tenant/employee information, and system usage data.

4. Processing Activities and Purpose

• Processing activities include collection, storage, use, transmission, and deletion of data.
• The purpose is limited to providing shopping center management services through the Platform.

5. Confidentiality

• The Processor shall ensure that all persons authorized to process data are bound by confidentiality obligations.

6. Security Measures
The Processor shall implement appropriate technical and organizational measures, including:

• TLS/SSL encrypted transmission.
• Encrypted backups and secure storage.
• Role-based access controls.
• Logging and monitoring.
• Regular system updates and vulnerability testing.

7. Sub-Processors

• The User authorizes the Processor to engage sub-processors for hosting, infrastructure, and support.
• The Processor ensures sub-processors are bound by equivalent obligations.
• The User will be notified of any intended changes to sub-processors.

8. Data Breach Notification

• The Processor shall notify the User without undue delay, and no later than 72 hours after becoming aware of a personal data breach.
• Notifications shall include the nature, scope, likely consequences, and remedial actions.

9. Data Subject Rights

• The Processor shall assist the User in responding to data subject requests (access, rectification, erasure, portability) where reasonably possible.

10. Data Retention and Deletion

• Upon termination of the Agreement, the User shall have 30 days to export its data.
• After this period, the Processor shall securely delete all data unless retention is required by law.

11. Audit Rights

• The User may request documentation to verify compliance with this DPA once per year.
• Audits shall be conducted remotely and must not unreasonably disrupt the Processor’s operations.

12. Governing Law

• This DPA is governed by the laws of the Republic of Latvia.
• Where applicable, EU data protection laws, including GDPR, shall prevail.

Support

«SIA INMALL», reg. no. 40203531565 has signed contract no. SKV-L2023/284 with the Latvian Investment and Development Agency (LIAA) on the project "Promoting International Competitiveness", which is co-financed by the European Regional Fund

Product

Contacts