This Data Processing Addendum (“Addendum”) applies pursuant to and supplements the EasySend Platform Subscription Agreement (“Agreement”) entered into by EasySend Ltd. (“EasySend”) and Customer (as defined in the Agreement).
1. Select Definitions. The following terms, when capitalized and used in this Addendum (unless otherwise indicated), shall have the meaning set forth below. Any capitalized terms not defined in this Addendum shall have the meanings given to them in the Agreement.
1.1 “Applicable Laws” means any laws with respect to any Customer Personal Data in respect of which Customer is subject to;
1.2 “Customer Personal Data” means the Personal Data collected or Processed by Customer or which Customer has made available to EasySend for Processing a part of the Services;
1.3 “Data Protection Laws” means laws and regulations which apply to the protection of Personal Data;
1.4 “Personal Data” means any information relating to an identified or identifiable natural person (“Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
1.5 “Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction; and
1.6 “Services” means the products, services and other activities to be supplied to or carried out by or on behalf of EasySend pursuant to the Agreement, including without limitation the provision of the Platform.
2. Processing. EasySend may Process Customer Personal Data for the purposes of performing or providing the Services in accordance with the Agreement or as EasySend believes is required by any applicable law. EasySend may also Process Customer Personal Data in order to comply with Customer’s other requests or instructions.
3. Nature of Personal Data.
3.1 Customer agrees to notify EasySend in writing of the categories of data, individuals and the locations and nationalities of the individuals from or about whom the Customer Personal Data relates, or which Customer intends to collect or receive, or provide or make available to EasySend (including without limitation, citizens of the State of California or EU member states or individuals located in the EU or the State of California), with a reasonable amount of time in advance of using the Services in connection with such Personal Data or providing such Personal Data to EasySend, to enable EasySend to impact the requirements of any applicable law and implement the necessary measures (“Personal Data Notice”).
3.2 In the event that EasySend at any time determines that the use of the Services or Processing of the Customer Personal Data require the execution of additional agreements or documentation, including, without limitation, amendments to the Agreement or this Addendum, Customer shall execute such agreements or documents prior to using the Services in connection with the Customer Personal Data or providing or making it available to EasySend.
3.3 Customer represents, warrants, and undertakes that except as expressly set forth in the Personal Data Notice, the Customer Personal Data is not and does not and shall not include (a) Personal Data which is or indicates a person’s racial or ethnic origin, political opinions, religious or philosophical beliefs, membership in any trade union, or genetic data, biometric data, or data regarding a person’s sex life or sexual orientation; (b) data concerning a person’s health or “Personal Health Information” as such term is defined in 45 C.F.R. §160.103; (c) the data of children under the age of 18 years of age, including, without limitation, “Personal Information” of a “Child” as such terms are defined in 15 C.F.R. §312.2; or (d) data collected from or relating to persons residing outside the United States (other than negligible amounts of data unknowingly collected), or, to the knowledge of Customer, “Consumers” as defined under Cal. Civil Code §1798.140, and additionally that Customer is not a “Business” as defined under Cal. Civ. Code §1798.140.
4. Compliance with Law.
4.1 EasySend will comply with all Data Protection Laws of which it is aware and which apply to the Processing of the Customer Personal Data. Customer shall be responsible for identifying to EasySend the Data Protection Laws which actually apply to Customer’s Processing and the Customer Personal Data.
4.2 Customer may only collect and receive, and use the Services to collect, receive and Process, including, without limitation, transferring or making available to EasySend, Personal Data in accordance with all Data Protection Laws and any other applicable law. Customer agrees that is solely liable for the legality of the Processing of the Personal Data by EasySend which is done in accordance with the Agreement and this Addendum.
4.3 Customer shall, and shall be solely liable for (a) posting a privacy policy on its website and other digital platforms on which the Customer Personal Data is collected or obtained describing its receipt, collection, use and Processing of Personal Data (“Privacy Policy”), (b) posting and providing all notices and policies obtaining consents required by all Data Protection Laws and any other applicable law; and (b) for complying with its Privacy Policy and such other notices and policies, and any other published policies or statements, promises or warranties made by Customer, and all other requirements under Data Protection Laws and any applicable laws such as responding to the requests of data subjects or privacy or data protection authorities. EasySend shall assist customer in responding to such requests as set forth in this Addendum.
5. Security. EasySend takes reasonable technical and organizational measures in order to secure its customers’ Personal Data, and for such purpose has adopted an internal security policy, which includes physical and network security measures at data centers, product security architecture and strategy, vulnerability management policies, security incident response risk assessments and audits, employee training and security awareness.
6. Subprocessing. As part of the provision of Services, Customer authorizes EasySend to engage third-party services providers in the Processing of Customer Personal Data (“Service Providers”), including without limitation EasySend’s affiliates. EasySend engages reputable Service Providers or uses other commercially reasonable efforts to ensure that the Service Providers use reasonable measures to secure Customer Personal Data.
7. Data Subject Rights. EasySend shall use reasonable efforts in assisting Customer, at Customer’s expense, in complying with any requests made by the subjects of any Customer Personal Data with which Customer is required to comply pursuant to applicable Data Protection Laws.
8. Data Protection Impact Assessment and Prior Consultation. EasySend shall use reasonable efforts in assisting Customer, at Customer’s expense, with any data protection impact assessments, and prior consultations with relevant data or privacy protection agencies, which Customer is required by applicable Data Protection Laws to perform in relation the Processing of Customer Personal Data by EasySend.
9. Deletion or Return of Customer Personal Data. Following termination or expiration of the Agreement, upon Customer’s request, EasySend shall within 180 days of the date of cessation of any Services (including any relevant post-termination obligations or activities in accordance with the Agreement), take reasonable measures to delete all copies of records of Customer Personal Data, except for permanent copies which cannot be deleted or to the extent EasySend may be required by Applicable Laws to retain such records.
10. Anonymous Data. Customer acknowledges and agrees that in order to improve its products and services, EasySend uses and collects data about the usage of the Services. Any such data which EasySend collects or extrapolates which is Anonymous Data (defined below), shall not be subject to the restrictions and obligation set forth in this Addendum, and may be used by EasySend for any purpose. “Anonymous Data” means any data or information that is not linked or reasonably linkable to any person or household, including, without limitation aggregated information.
11. Governing Law; Jurisdiction. This Addendum, the subject matter thereof, and any disputes relating to the foregoing shall be subject to the laws of the jurisdiction set forth in the Agreement, and any such disputes shall be exclusively adjudicated in by the competent courts of the jurisdiction, city or county set forth in the Agreement.
12. Agreement. This Addendum is hereby incorporated into and made part of the Agreement. Notwithstanding anything to the contrary, to the extent any provision of the Agreement is contradicted by or inconsistent with the provisions of this Addendum, the terms of the Agreement shall prevail.