HomeData Processing Terms
Data Processing Terms
Data Processing Terms Addendum
This Data Processing Terms Addendum (“Addendum“) is an integral part of the agreement based on the AgencySimplifier Terms of Use (“Agreement“) between AgencySimplifier (“AgencySimplifier“) and the entity or individual identified as “Customer” under the Agreement. This Addendum applies to the extent that AgencySimplifier processes Personal Data originating from the European Economic Area (EEA) or is otherwise subject to Data Protection Legislation on behalf of the Customer as a Data Processor.
1. Definitions
Data Protection Legislation: Refers to all applicable data protection and privacy laws, including the General Data Protection Regulation (EU) 2016/679 (“GDPR“), and any national implementing laws, regulations, and secondary legislation, as amended or updated from time to time.
Personal Data: Any information relating to an identified or identifiable natural person as defined in the Data Protection Legislation.
Data Controller: The entity that determines the purposes and means of the processing of Personal Data.
Data Processor: The entity that processes Personal Data on behalf of the Data Controller.
Sub-Processor: Any third party appointed by AgencySimplifier to process Personal Data.
2. Roles and Responsibilities
2.1. Compliance with Data Protection Laws: Both parties agree to comply with all applicable Data Protection Legislation in the performance of their obligations under the Agreement.
2.2. Customer as Data Controller: The Customer is the Data Controller of any Personal Data processed under this Agreement, and AgencySimplifier acts as the Data Processor.
2.3. Lawful Processing: The Customer ensures that all necessary consents and notices are in place to permit the lawful transfer of Personal Data to AgencySimplifier for processing.
3. Obligations of AgencySimplifier
3.1. Processing Instructions: AgencySimplifier shall process Personal Data only on the documented instructions of the Customer unless required to do otherwise by applicable law.
3.2. Security Measures: AgencySimplifier shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including protecting against unauthorized or unlawful processing and against accidental loss, destruction, or damage.
3.3. Confidentiality: All personnel authorized to process Personal Data are obligated to maintain its confidentiality.
3.4. Data Breach Notification: AgencySimplifier shall notify the Customer without undue delay upon becoming aware of any Personal Data breach.
3.5. Assistance to Customer: AgencySimplifier shall assist the Customer in responding to any data subject requests and in ensuring compliance with Data Protection Legislation concerning security, breach notifications, impact assessments, and consultations with supervisory authorities.
3.6. Sub-Processors: AgencySimplifier may engage Sub-Processors to process Personal Data. AgencySimplifier shall inform the Customer of any intended changes concerning the addition or replacement of Sub-Processors, giving the Customer the opportunity to object to such changes.
3.7. International Data Transfers: AgencySimplifier shall not transfer Personal Data outside the EEA unless it ensures that such transfers comply with Data Protection Legislation, including by implementing appropriate safeguards.
3.8. Deletion or Return of Personal Data: Upon termination of the Agreement, AgencySimplifier shall, at the Customer’s choice, delete or return all Personal Data, unless further storage is required by law.
3.9. Audit Rights: AgencySimplifier shall make available to the Customer all information necessary to demonstrate compliance with this Addendum and allow for audits, including inspections conducted by the Customer or an auditor mandated by the Customer.
4. Sub-Processing
4.1. Authorized Sub-Processors: The Customer provides general authorization to AgencySimplifier to appoint Sub-Processors for carrying out specific processing activities.
4.2. Sub-Processor Obligations: AgencySimplifier shall ensure that any Sub-Processor it engages to process Personal Data on its behalf does so under a written contract imposing obligations no less protective than those imposed on AgencySimplifier under this Addendum.
5. Data Subject Rights
5.1. Assistance with Requests: AgencySimplifier shall promptly notify the Customer if it receives a request from a data subject exercising their rights under Data Protection Legislation. AgencySimplifier shall not respond to such requests except on documented instructions from the Customer or as required by applicable law.
6. General Terms
6.1. Term and Termination: This Addendum shall remain in effect for the duration of the Agreement.
6.2. Conflict: In the event of any conflict between this Addendum and the Agreement, the terms of this Addendum shall prevail with regard to the subject matter herein.
6.3. Governing Law: This Addendum shall be governed by and construed in accordance with the governing law and jurisdiction provisions in the Agreement, unless required otherwise by Data Protection Legislation.
7. Amendments
7.1. Changes in Law: The parties agree to negotiate in good faith any necessary amendments to this Addendum to address changes in Data Protection Legislation.