GDPR DATA PROCESSING ADDENDUM INSTRUCTIONS FOR JOSTLE CUSTOMERS

Similar documents
HOW TO EXECUTE THIS DPA:

Data Processing Addendum

DATA PROCESSING ADDENDUM

Moxtra, Inc. DATA PROCESSING ADDENDUM

DATA PROCESSING AGREEMENT/ADDENDUM

DATA PROCESSING AGREEMENT

DATA PROCESSING AGREEMENT

DATA PROCESSING ADDENDUM

ON24 DATA PROCESSING ADDENDUM

URBAN AIRSHIP DATA PROCESSING ADDENDUM with EU Standard Contractual Clauses. (Revised September 2017)

Data Processing Addendum

Customer GDPR Data Processing Agreement

Data Processing Addendum

DATA PROCESSING ADDENDUM

CLIENT DATA PROCESSING AGREEMENT

EU Data Processing Addendum

DATA PROCESSING ADDENDUM

AppLovin Data Processing Agreement

GDPR : We protect your data

CLOUDINARY DATA PROCESSING ADDENDUM

GDPR Data Processing Addendum (DPA) Instructions for Area 1 Security Customers

DATA PROCESSING ADDENDUM

Customer GDPR Data Processing Agreement

DATA PROCESSING ADDENDUM

Data Processing Appendix

DATA PROCESSING AGREEMENT (GDPR, Privacy Shield, and Standard Contractual Clauses)

DATA PROCESSING ADDENDUM (GDPR, Salesforce Processor Binding Corporate Rules, Privacy Shield, and Standard Contractual Clauses) (Revision April 2018)

RBI GDPR DATA PROCESSING ADDENDUM

DATA PROCESSING ADENDUM

ROSETTA STONE LTD. PROCESSING ADDENDUM

Lifesize, Inc. Data Processing Addendum

DATA PROTECTION ADDENDUM

DATA PROCESSING ADDENDUM (INCLUDING EU STANDARD CONTRACTUAL CLAUSES)

DATA PROCESSING ADDENDUM (GDPR and EU Standard Contractual Clauses)

DATA PROCESSING TERMS AND CONDITIONS

Twilio Data Protection Addendum ( DPA ) (GDPR, Binding Corporate Rules, Privacy Shield, and Standard Contractual Clauses) (Revision June 2018)

GDPR Data Processing Addendum

Data Processing Appendix

Rigor, Inc. GDPR Data Processing Addendum

DATA PROCESSING ADDENDUM with EU Standard Contractual Clauses

IRIS Group of Companies Customer Data Processing Terms

GROUP PRIVACY POLICY. Adopted June 20th, 2017 by each of the Boards of Carnegie Holding AB and Carnegie Investment Bank AB (publ).

EU GDPR DATA PROCESSING ADDENDUM INSTRUCTIONS FOR CLOUDFLARE CUSTOMERS

CUSTOMER DATA PROCESSING ADDENDUM

SUMMARY OF BINDING CORPORATE RULES

DATA PROCESSING ADDENDUM

DATA PROCESSING ADDENDUM

DATA PROCESSING ADDENDUM FOR CUSTOMERS AND USER OF AEROHIVE PRODUCTS AND SERVICES. Version May 2018

DATA PROCESSING ADDENDUM (v1.0)

Data Processing Addendum

Data Processing Agreement

Amgen Binding Corporate Rules (BCRs) Public Document

PERSONAL DATA PROCESSOR AGREEMENT

Member Circular March Implementation of the EU General Data Protection Regulation 2016/679 General Guidance to Members

DATA HANDLING AGREEMENT

DATA PROCESSING ANNEX

Broadbean Technology Limited - Data Processing Agreement (25th May 2018)

Data Processing Addendum

DATA PROCESSING TERMS DEFINITIONS

DATA HANDLING AGREEMENT

The Controller and Processor Data Protection Binding Corporate Rules of BMC Software

BINDING CORPORATE RULES

GDPR: The Most Frequently Asked Questions: Are the Standard Contractual Clauses Enough?

Aegon Asset Management Europe ICAV ( the Fund ) Data Protection Policy

Client Relationship Agreement for Products

Michael R. Cohen CIPP/US, CIPP/E Gray Plant Mooty. Overview of the EU General Data Protection Regulation (GDPR)

Episerver Data Processing Agreement

AWS GDPR DATA PROCESSING ADDENDUM

TEREX CORPORATION DATA PROTECTION POLICY

DATA PROCESSING AGREEMENT ( AGREEMENT )

Licence Agreement

Data Processing Addendum (Revision May 2018)

Privacy Shield Notice

MentorcliQ Data Processing Agreement

The contract is important so that both parties understand their responsibilities and liabilities.

End User Subscription Agreement. 1. Scope; Procurement and Provisioning by Affiliates; Subscription Services Users.

Appropriate Policy Document

BASWARE PERSONAL DATA PROCESSING APPENDIX

Data Processing Agreement and Privacy Policy (EU) Classification: PUBLIC March 2018

Privacy Policy. This privacy policy shall be valid even if you have reserved your transfers through the other sales partners of Plus Group Kft.

ADDSECURES WAY OF PROCESSING PERSONAL DATA

Terms and Conditions of Business for the supply of Contract/Temporary Staff

INSTRUCTIONS FOR COMPLETING THE SITE LICENSE SUBSCRIPTION FORM

CPI PROPERTY GROUP. Group Data Protection Policy. 25 May Summary

The GDPR how to prepare MiFID II where are we now? Wednesday 21 February 2018

URBANDOOR GUEST TERMS OF SERVICE Version Last Updated: June 15, 2018

Terms of Business for Intermediaries. Effective from 17 May 2018

Your Right Hand Finance Ltd (YRH) Subject Request Policy

TWILIO INC. EC DATA PROTECTION AGREEMENT

MEMORANDUM OF UNDERSTANDING for DATA SHARING BETWEEN DISTRICT AND SCCOE

DATA PROTECTION NOTICE

Kalo SaaS Terms of Use

SUBCONTRACTOR BUSINESS ASSOCIATE ADDENDUM

Data Protection Agreement

Data Processing Agreement

KISS COMPANIES: TERMS AND CONDITIONS OF SUPPLY. NOTE: Your attention is particularly drawn to the contents of clause 13.

DATA SUBJECT ACCESS REQUEST POLICY AND PROCEDURE

Legal Considerations in Negotiating Cloud Contracts

Personal Data. Protection Policy

Pension Trustees. Final Countdown to the GDPR

Transcription:

GDPR DATA PROCESSING ADDENDUM INSTRUCTIONS FOR JOSTLE CUSTOMERS WHO SHOULD EXECUTE THIS DPA: If you have determined that you qualify as a data controller under the GDPR, and need a data processing addendum (DPA) in place with vendors that process personal data on your behalf, we want to help make things easy for you. Our GDPR compliant DPA is attached and ready for your signature in accordance with the instructions below. HOW TO EXECUTE THIS DPA: 1. This DPA has been pre-signed on behalf of Jostle Corporation. 2. To complete this DPA, Customer must complete the information in the signature boxes and sign on Pages 4. 3. Send the completed and signed DPA to privacy@jostle.me Upon receipt of the validly completed DPA by Jostle at this email address, this DPA will become legally binding. i

JOSTLE CORPORATION DATA PROCESSING ADDENDUM This Data Processing Addendum ( DPA ) forms part of the Jostle Services Subscriber Agreement available at https://www.jostle.me/subscriber-agreement (the Agreement ) entered into by and between the Customer and Jostle Corporation ( Jostle ), pursuant to which Customer has accessed Jostle Services. The purpose of this DPA is to reflect the parties agreement with regard to the Processing of personal data by Jostle on behalf of Customer in order to provide Jostle Services to Customer and members of Customer s organization. This DPA shall be effective as of the date of Customer signing, or May 25, 2018, whichever is later. In the event of a conflict between any parts of the Agreement, then this DPA shall prevail. 1. Definitions Affiliate means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. Control, for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity. Authorized Affiliate means any of Customer's Affiliate(s) which (a) is subject to the data protection laws and regulations of the European Union, the European Economic Area and/or their member states, Switzerland and/or the United Kingdom, and (b) is permitted to use the Service pursuant to the Agreement between Customer and Jostle, but has not signed its own Agreement with Jostle and is not a "Customer" as defined under the Agreement. Customer Data has the meaning assigned to that term in the Agreement. Data Controller means the entity which determines the purposes and means of the Processing of Personal Data. Data Processor means the entity which processes Personal Data on behalf of the Data Controller. Data Protection Laws means the GDPR and, and to the extent applicable, the data protection or privacy laws of any other country. Data Subject means a natural person whose personal data is processed by a controller or processor. EU Model Clauses means the standard contractual clauses for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection as approved by the European Commission pursuant to Decision C (2010)593. GDPR means the Regulation (EU) 2016/679 of the European Parliament and of the Council of the 27 April 2016 on the protection of natural persons with regards to the Processing of personal data and on the free movement of such data as applicable as of 25 May 2018, as may be amended from time to time. Personal Data means any information related to a natural person or Data Subject that can be used to directly or indirectly identify the person. Processing means any operation or set of operations which is performed on personal data whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or 1

alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction Request means a written request from a Data Subject to exercise his/her specific data subject rights under the Data Protection Laws in respect of Personal Data. Sub-processor means any Data Processor engaged by Jostle to process Customer Data on its behalf. 2. Processing 2.1. Role of the Parties. The parties acknowledge and agree that with regard to the Processing of Personal Data, Customer is the Data Controller, and Jostle is the Data Processor. 2.2. Customer Processing of Personal Data. Customer shall, in its use of the Jostle Services, Process Personal Data in accordance with the requirements of Data Protection Laws and Regulations. For the avoidance of doubt, Customer s instructions for the Processing of Personal Data shall comply with Data Protection Laws and Regulations. Customer shall have sole responsibility for the accuracy, quality, and legality of Personal Data and the means by which Customer acquired Personal Data. 2.3. Jostle s Processing of Personal Data. Jostle shall treat Personal Data as Confidential Information and shall only Process Personal Data on behalf of and in accordance with Customer s documented instructions for the following purposes: (i) Processing in accordance with the Agreement and applicable Order Form(s); (ii) Processing initiated by Authorized Users in their use of the Services; and (iii) Processing to comply with other documented reasonable instructions provided by Customer (e.g., support ticket) where such instructions are consistent with the terms of the Agreement. 3. Rights of Data Subjects 3.1. Corrections. To the extent Customer, in its use of the Service, does not have the ability to correct, amend, block or delete Personal Data, as required by Data Protection Laws, Jostle shall comply with any commercially reasonable Request by Customer to facilitate such actions to the extent Jostle is legally permitted to do so. 3.2. Data Subject Requests. Jostle shall, to the extent legally permitted, promptly notify Customer if it receives a Request from a Data Subject for access to, correction, amendment, or deletion of that person s Personal Data. Jostle shall not respond to any such Data Subject Request without Customer s prior written consent except to confirm that the Request relates to Customer. Jostle shall provide Customer with commercially reasonable cooperation and assistance in relation to handling of a Data Subject s request for access to that person s Personal Data, to the extent legally permitted and to the extent Customer does not have access to such Personal Data through its use or receipt of the Services. 4. Jostle Personnel Jostle shall ensure that its personnel engaged in the Processing of Personal Data are informed of the confidential nature of the Personal Data, have received appropriate training on their responsibilities and have executed written confidentiality agreements. Jostle shall ensure that 2

such confidentiality obligations survive the termination of the personnel engagement. Jostle shall ensure that Jostle's access to Personal Data is limited to those personnel who require such access to perform the Agreement. 5. Sub-processors 5.1. Appointment of Sub-processors. Customer acknowledges and agrees that Jostle may engage third-party Sub-processors in connection with the provision of the Services. Jostle has entered into a written agreement with each Sub-processor containing data protection obligations not less protective than those in this Agreement with respect to the protection of Personal Data to the extent applicable to the nature of the Service provided by such Subprocessor. A list of current Sub-processors can be provided upon written request. 5.2. Liability. Jostle shall be liable for the acts and omissions of its Sub-processors to the same extent Jostle would be liable if performing the services of each Sub-processor directly under the terms of this DPA, except as otherwise set forth in the Agreement. 6. Security 6.1. Controls for the Protection of Personal Data. Jostle shall maintain appropriate technical and organizational measures for the protection of the security, confidentiality and integrity of Personal Data. 6.2. Third-Party Certifications and Audits. Jostle has obtained the third-party certifications and audits set forth on its security overview https://www.jostle.me/security. Upon Customer s written request at reasonable intervals, and subject to reasonable confidentiality obligations, Jostle shall make available to Customer a copy of Jostle s then most recent thirdparty audits or certifications, as applicable. 7. Security Breach Management and Notification Jostle maintains security incident management policies and procedures and shall, to the extent permitted by law, notify Customer without undue delay of any actual unauthorized disclosure of Customer Data, including Personal Data, by Jostle or its Sub-processors of which Jostle becomes aware (a Security Breach ) and provide details of the Security Breach to the Customer. To the extent such Security Breach is caused by a violation of the requirements of this Addendum by Jostle, Jostle shall identify and remediate the cause of such Security Breach. 8. Transfer of Data to International Organizations As a Canadian company, Jostle must comply with Canadian privacy laws which the European Commission has decided ensures an adequate level of data protection. All transfers of data to Jostle s Sub-processors shall be governed by contracts between Jostle and its Sub-processors incorporating EU Model Clauses. 9. Deletion of Customer Data Jostle shall delete Customer Data in accordance with Jostle s procedures and Data Protection Laws and consistent with the terms of the Agreement. 3

10. Assistance 10.1. Co-operation and Assistance. Jostle shall provide reasonable assistance, information and cooperation to the Customer to ensure compliance with the Customer s obligations under Data Protection Laws. 10.2. Records of Processing. Jostle shall make available to the Customer on request such information as is reasonably required by the Customer to demonstrate Jostle s compliance with its obligations under Data Protection Law and under this Addendum. 11. Limitation of Liability Each party s and all of its Affiliates liability, taken together in the aggregate, arising out of or related to this Addendum, whether in contract, tort or under any other theory of liability, is subject to the Limitation of Liability section of the Agreement, and any reference in such section to the liability of a party means the aggregate liability of that party and all of its Affiliates under the Agreement. The parties authorized signatories have duly executed this Agreement: JOSTLE CORPORATION Signature: David O'Brien Name: CFO & VP-Customer Operations Title: 4/9/2018 Date: CUSTOMER Entity Legal Name: Signature: Name: Title: Date: 4

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback