This Data Protection Addendum henceforth referred to as the "Addendum", is entered into by and between www.danwarburton.com and visionpurposeprogram.com, henceforth referred to as "www.danwarburton.com" and "visionpurposeprogram.com", and the customer agreeing to this Addendum, henceforth referred to as the "Customer".
This Addendum will be effective from the Addendum Effective Date (as defined below) and replace any previously applicable data protection addendum.
If you are accepting this Addendum on behalf of Customer/Affiliate, you represent and warrant that:
-You have read and understood this Addendum
-You have the full legal authority to bind yourself, or the applicable entity, to these Terms
-You agree, on behalf of the party, you represent, to this Addendum.
If you do not have the legal authority to bind Customer, please do not "Sign/Accept/Opt IN".
Terms Defined by the General Data Protection Regulation (GDPR):
A. "Addendum Effective Date" is defined as the date on which the Customer clicked to accept or opt-in to this Addendum.
B. "Adequate Country" is defined as a country that is deemed adequate by the European Commission under Article 25(6) of Directive 95/46/EC or Article 45 of GDPR.
C. "Data Subject" is defined as the identified or identifiable person who is the subject of Personal Data.
D. "Personal Data" is defined as any information included in the Customer Data relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural, or social identity.
E. "Processing" is defined by the applicable EU Data Protection Law and "process", "processes" and "processed" will be interpreted accordingly.
F. "Data Controller" is defined as the party that determines the purposes and means of the processing of Personal Data.
G. "Data Processor" is defined as the party that Processes Personal Data on behalf of, or under the instruction of, the Data Controller.
H. "Data Transfer Mechanism" is defined as an alternative data export solution for the lawful transfer of Customer Data (as recognized under EU Data Protection Law) outside the EEA.
I. "Data Protection Laws" are defined with respect to a party, all privacy, data protection, information security-related, and other laws and regulations applicable to such party, including, where applicable, EU Data Protection Law.
J. "Data Protection Authority" is defined as the competent body in the jurisdiction charged with enforcement of applicable Data Protection Law.
K. "EEA" means the European Economic Area, United Kingdom, and Switzerland.
L. "EU Data Protection Law" means
- Prior to 25th May 2018, European Union Directive 95/46/EC; and
- On and after 25th May 2018, European Union Regulation 2016/679 ("GDPR")
M. References to "written instructions" and related terms mean Data Controller’s instructions for Processing of Customer Data, which consist of
- The terms of the Agreement and this Addendum,
- Processing enabled by Data Controller through the Service, and
- Other reasonable written instructions of the Data Controller consistent with the terms of the Agreement.
N. "Model Contracts" are defined as the Standard Contractual Clauses for Processors as approved by the European Commission under Decision 2010/87/EU in the form made accessible in the www.danwarburton.com or visionpurposeprogram.com Workspace.
O. "Security Incident" is defined as any unauthorized or unlawful confirmed breach of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data in Data Processor’s control.
P. "Subprocessor" is defined as any Third Party engaged by Data Processor or its affiliates to process any Customer Data pursuant to the Agreement or this Addendum.
Q. "Third Party" shall mean any natural or legal person, public authority, agency, or any other body other than the Data Subject, Data Controller, Data Processor, Subprocessors, or other persons who, under the direct authority of the Data Controller or Data Processor, are authorized to Process the data.
R. Other capitalized terms not defined herein have the meanings given in the Agreement.
Terms Defined by Consulting.com with respect to GDPR:
A. "Data Subjects" are defined to include the individuals about whom data is provided to www.danwarburton.com and visionpurposeprogram.com via the Services by (or at the direction of) the Customer.
B. "Details of Processing Subject Matter" is defined as the subject matter of the data processing under this Addendum is Customer Data.
C. "Duration of the Processing" is defined as the duration of the data processing under this Addendum is until the termination of the Agreement plus the period from the expiry of the Agreement until the deletion of all Customer Data by www.danwarburton.com and visionpurposeprogram.com in accordance with the terms of the Addendum.
D. "Nature and Purpose of the Processing" is defined as the purpose of the Processing under this Addendum is the provision of the Service to Customer and the performance of www.danwarburton.com’s and visionpurposeprogram.com's obligations under the Agreement (including this Addendum) or as otherwise agreed by the parties.
E. "Categories of Data" is defined as data relating to individuals provided to www.danwarburton.com and visionpurposeprogram.com when Customers sign up, log in, use the product, interact with the website, and interact with the ads.
F. "Security Measures" are defined as the measures that www.danwarburton.com and visionpurposeprogram.com agrees to use. They are commercially reasonable technical and organizational measures designed to prevent unauthorized access, use, alteration, or disclosure of the Service or Customer Data.
A. This Addendum forms part of the Agreement and except as expressly set forth in this Addendum, the Agreement remains unchanged and in full force and effect. If there is any conflict between this Addendum and the Agreement, this Addendum shall prevail to the extent of that conflict in connection with the processing of Customer’s Personal Data.
B. All activities under this Addendum (including without limitation Processing of Customer Data) remain subject to the applicable limitations of liability set forth in the Agreement.
C. This Addendum will be governed by and construed in accordance with governing law and jurisdiction provisions in the Agreement unless required otherwise by applicable Data Protection Laws.
D. This Addendum and Model Contracts will automatically terminate upon expiration or termination of the Agreement.
4. Scope and Applicability of this Addendum:
A. This regulation applies to the processing of the personal data in the context of the activities of the establishment of a Controller or a Processor in the EU.
B. This Addendum applies where and to the extent that www.danwarburton.com and visionpurposeprogram.com processes Customer Data that originates from the EEA or that is otherwise subject to EU Data Protection Law on behalf of Customer in the course of providing the Service pursuant to the Agreement.
C. This Addendum applies where and to the extent that www.danwarburton.com and visionpurposeprogram.com processes Customer Data that originates from the EEA or that is otherwise subject to EU Data Protection Law on behalf of Customer in the course of providing the Service pursuant to the Agreement.
5. Role and Scope of the Processing:
A. Customers will act as the Data Controller and www.danwarburton.com and visionpurposeprogram.com will act as the Data Processor under this Addendum. Both Customer and www.danwarburton.com shall be subject to applicable Data Protection Laws in the carrying out of their responsibilities as set forth in this Addendum.
B. The customer retains all ownership rights in the Customer Data, as set forth in the Agreement. Except as expressly authorized by Customer in writing or as instructed by Customer, www.danwarburton.com and visionpurposeprogram.com shall have no right directly or indirectly to sell, rent, lease, combine, display, perform, modify, transfer, or disclose the Customer Data or any derivative work thereof. www.danwarburton.com and visionpurposeprogram.com shall act only in accordance with Customer's instructions regarding the Processing of the Customer Data except to the extent prohibited by applicable Data Protection Laws.
C. Additional instructions not consistent with the scope of the Agreement require the prior written agreement of the parties, including the agreement on any additional fees payable by the Customer.
D. Notwithstanding the above, the Customer acknowledges that www.danwarburton.com and visionpurposeprogram.com shall have a right to use Aggregated Anonymous Data as detailed in the Agreement Section 4.4.
E. www.danwarburton.com and visionpurposeprogram.com shall not disclose the Customer Data to any Third Party in any circumstances other than in compliance with Customer’s instructions or in compliance with a legal obligation to disclose. www.danwarburton.com and visionpurposeprogram.com shall inform Customer in writing prior to making any such legally required disclosure, to the extent permitted by Data Protection Laws.
F. For clarity, nothing in this Addendum limits www.danwarburton.com and visionpurposeprogram.com from transmitting Customer Data (including without limitation Personal Data) as instructed by Customer through the Service.
A. www.danwarburton.com’s and visionpurposeprogram.com's obligations under this Addendum shall apply to www.danwarburton.com and visionpurposeprogram.com's employees, agents, and Subprocessors who may have access to the Personal Data.
B. Customer agrees that www.danwarburton.com and and visionpurposeprogram.com is authorized to use Subprocessors (including without limitation cloud infrastructure providers) to Process the Personal Data, provided that www.danwarburton.com and visionpurposeprogram.com:
- Enters into a written agreement with any Subprocessor, imposing data protection obligations substantially similar to this Addendum; and
- Remains liable for compliance with the obligations of this Addendum and for any acts or omissions of the Subprocessor that cause www.danwarburton.com and visionpurposeprogram.com to breach any of its obligations under this Addendum.
C. Information about Subprocessors, including their functions and locations, is available on request and may be updated by www.danwarburton.com and visionpurposeprogram.com from time to time in accordance with this Addendum.
A. www.danwarburton.com and visionpurposeprogram.com shall implement and maintain appropriate technical and organizational security measures to protect Personal Data from Security Incidents and to preserve the security and confidentiality of the Personal Data, in accordance with www.danwarburton.com's and visionpurposeprogram.com's security standards.
B. The customer is responsible for reviewing the information made available by www.danwarburton.com and visionpurposeprogram.com relating to data security and making an independent determination as to whether the Service meets the Customer’s requirements and legal obligations under Data Protection Laws. The customer acknowledges that the Security Measures are subject to technical progress and that www.danwarburton.com and visionpurposeprogram.com may update or modify the Security Measures from time to time provided that such updates and modifications do not result in the degradation of the overall security of the Service purchased by Customer.
C. www.danwarburton.com and visionpurposeprogram.com shall ensure that any person who is authorized by Customer to process Personal Data (including its staff, agents and Subprocessors) shall be under an appropriate contractual or statutory obligation of confidentiality.
8. Onward Transfer:
A. www.danwarburton.com and visionpurposeprogram.com may, subject to complying with this Section 8, store and process Customer Data anywhere in the world where www.danwarburton.com and visionpurposeprogram.com, its affiliates or Subprocessors maintain data processing operations.
B. To the extent that www.danwarburton.com and visionpurposeprogram.com processes any Personal Data protected by GDPR and/or originating from the EEA in the United States or another country outside the EEA that is not designated as an Adequate Country, then the parties shall sign the Model Contracts.
C. The parties agree that www.danwarburton.com and visionpurposeprogram.com is the "data importer" and Customer is the "data exporter" under the Model Contracts (notwithstanding that Customer may be an entity located outside of the EEA).
D. The parties agree that the data export solution identified in Section 8.B shall not apply if and to the extent that www.danwarburton.com and visionpurposeprogram.com adopts an Alternative Transfer Mechanism. In which event, the Alternative Transfer Mechanism shall apply instead (but only to the extent such Alternative Transfer Mechanism extends to the territories to which Personal Data is transferred).
9. Regulatory Compliance:
A. At Customer’s request and expense, www.danwarburton.com and visionpurposeprogram.com shall reasonably assist Customers as necessary to meet its obligations to regulatory authorities, including Data Protection Authorities.
B. www.danwarburton.com and visionpurposeprogram.com shall (at Customer's expense) reasonably assist Customer to respond to requests from individuals in relation to their rights of data access, rectification, erasure, restriction, portability, and objection. In the event that any such request is made directly to www.danwarburton.com and visionpurposeprogram.com, www.danwarburton.com and visionpurposeprogram.com shall not respond to such communication directly without the Customer's prior authorization unless required by Data Protection Laws.
10. Reviews of Data Processing:
A. At Customer’s request, www.danwarburton.com and visionpurposeprogram.com shall provide Customer with written responses to all reasonable requests for information made by Customer relevant to the Processing of Personal Data under this Addendum, including responses to security and audit questionnaires, in each case solely to the extent necessary to confirm www.danwarburton.com and visionpurposeprogram.com's compliance with this Addendum.
B. www.danwarburton.com and visionpurposeprogram.com's will provide such information within thirty (30) days of Customer’s written request unless shorter notice is required by the Customer’s regulatory authorities.
C. Except as expressly required by Data Protection Laws, any review under this Section 10 will:
- Be conducted no more often than once per year during www.danwarburton.com and and visionpurposeprogram.com's normal business hours, in a manner so as not to interfere with standard business operations;
- Be subject to www.danwarburton.com and visionpurposeprogram.com's reasonable confidentiality and security constraints;
- Be conducted at Customer’s expense; and
- Not extend to any information, systems or facilities of www.danwarburton.com and visionpurposeprogram.com other customers or its Third Party infrastructure providers.
Any information provided by www.danwarburton.com and visionpurposeprogram.com under this Section 10 constitutes www.danwarburton.com and visionpurposeprogram.com confidential Information under the Agreement.
11. Return or deletion of data:
A. www.danwarburton.com and visionpurposeprogram.com shall, within ninety (90) days after request by Customer at the termination or expiration of the Agreement, delete or return, at Customer's choice, all of the Personal Data from www.danwarburton.com and visionpurposeprogram.com systems. Within a reasonable period following deletion, at Customer’s request, www.danwarburton.com will provide written confirmation that www.danwarburton.com and visionpurposeprogram.com obligations of data deletion or destruction have been fulfilled.
B. Notwithstanding the foregoing, the Customer understands that www.danwarburton.com and visionpurposeprogram.com may retain Customer Data as required by Data Protection Laws, which data will remain subject to the requirements of this Addendum.
12. Additional Security:
A. Upon becoming aware of a confirmed Security Incident, www.danwarburton.com shall notify the Customer without undue delay, in accordance with the Security Measures. Notwithstanding the foregoing, www.danwarburton.com and visionpurposeprogram.com is not required to make such notice to the extent prohibited by Data Protection Laws, and www.danwarburton.com and visionpurposeprogram.com may delay such notice as requested by law enforcement and/or in light of www.danwarburton.com and visionpurposeprogram.com legitimate needs to investigate or remediate the matter before providing notice.
B. Each notice of a Security Incident will include:
-The extent to which Personal Data has been, or is reasonably believed to have been, used, accessed, acquired, or disclosed during the Security Incident;
-A description of what happened, including the date of the Security Incident and the date of discovery of the Security Incident, if known;
- The scope of the Security Incident, to the extent, known; and
- A description of www.danwarburton.com and visionpurposeprogram.com response to the Security Incident, including steps www.danwarburton.com and visionpurposeprogram.com has taken to mitigate the harm caused by the Security Incident.
C. www.danwarburton.com and visionpurposeprogram.com shall take reasonable measures to mitigate the harmful effects of the Security Incident and prevent further unauthorized access or disclosure.
13. Changes to Subprocessors:
When any new Subprocessor is engaged, www.danwarburton.com and visionpurposeprogram.com will, at least a week before the new Subprocessor processes any Customer Data, inform Customer of the engagement by sending an email or via the in-app notification.
14. Further cooperation:
A. Where and when required by Data Protection Laws, www.danwarburton.com and visionpurposeprogram.com will provide the relevant Data Protection Authorities with information related to www.danwarburton.com and visionpurposeprogram.com Processing of Personal Data. www.danwarburton.com and visionpurposeprogram.com further agrees that it will maintain such required registrations and where necessary renew them during the term of this Addendum. Any changes to www.danwarburton.com and visionpurposeprogram.com status in this respect shall be notified to the Customer immediately either via email or in-app notifications.
B. To the extent www.danwarburton.com and visionpurposeprogram.com is required under Data Protection Laws, www.danwarburton.com and visionpurposeprogram.com shall (at Customer's expense) provide reasonably requested information regarding the Service or prior consultations with Data Protection Authorities to enable Customer to carry out data protection impact assessments.