DATA PROCESSING AGREEMENT
Leady is a B2B sales and marketing tool, that identify businesses visiting your website and turn them into actionable leads, furthermore Leady provides customer analytics and insight relating to their website visitors, behavior and time spent.
Leady provides a tracking code, which collects data from visitors to the Customers website when integrated on the website, in addition, identifies company-related visitors to the Customer’s website.
The Leady’s tracking code, which collects data from visitors to the Customers website when integrated on the website, is a software as a service solution in which data processing is carried out (the “Service”), rendering the Customer the data Controller, whilst Leady qualifies as data Processor under the applicable data protection laws. In light of the above, the Parties have agreed on the following terms and conditions set out in this written DPA concerning the processing of Personal Data under this DPA.
This Data Processing Agreement (Agreement) shall be applied to products and services provided by Leady (Supplier) to the entity agreeing to these terms (Customer).
The Supplier and Customer are hereinafter each referred to as a “Party” and jointly as the “Parties”. These Terms govern the conditions for the Supplier’s processing of, and access to, Personal Data belonging to the Customer in the services of Leady.
This Agreement constitutes a written agreement in accordance with the EU General Data Protection Regulation (679/2016) (“Regulation”) concerning the processing of personal data. Those obligations and rights that are directly based on the EU General Data Protection Regulation shall enter into force only when the application of the EU General Data Protection begins on 25 May 2018.
If the terms concerning the Processing of Personal Data of the Agreement and the Agreement are in conflict, the parties shall primarily apply the terms of this Agreement.
Any term which is used in the General Data Protection Regulation and which is not stated below shall be defined as follows from Article 4 of the General Data Protection Regulation. In accordance with the EU General Data Protection Regulation, the terms below are defined as follows:
“Applicable Laws” shall mean all acts, laws, regulations, including but not limited to Data Protection Laws, applicable to each Party.
“Data Protection Laws” shall mean the applicable national laws concerning data protection and, if applicable, the national laws implementing Directive 95/46/EC of the European Parliament and of the Council on the protection of individuals with regard to the processing of Personal Data and on the free movement of such data and Directive 2002/58/EC of the European Parliament and of the Council concerning the processing of Personal Data and the protection of privacy in the electronic communications sector (ePrivacy Directive) and the subsequent directives and regulations such as the General Data Protection Regulation (Regulation no. 2016⁄679) and their national implementations and related national legislation.
“EEA” shall mean the European Economic Area.
“EU” shall mean the European Union.
“Personal Data” shall mean all information that is directly or indirectly referable to a natural living person such as name, email address, IP-address, location data etc.
“Controller” shall mean the Customer or the Customer’s client, who shall define the purposes and methods of Personal Data Processing.
“Processor” shall mean Leady, who shall Process Personal Data on behalf of the Controller based on the Agreement.
“Processing” or “Processing Activities” shall mean any operation or set of operation which is performed on Personal Data or sets of personal data using automated means or manually, such as data collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Personal Data” shall mean any information relating to an identified or identifiable natural person, hereafter ”Data Subject”; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Personal Data Breach” shall mean a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise Processed.
Leady shall process the Personal Data of the Controller on behalf of, and commissioned by the Customer, on the grounds of the Agreement. The Personal Data that Leady Processes may relate to, e.g. customers or leads/prospects. The Customer or the Customer’s client shall be the Controller and Leady shall be the Processor of the Personal Data Processed in the service. The parties undertake to abide by the legislation, decrees and authority orders and guidelines concerning Processing of Personal Data in force from time to time both in Czech Republic and EU.
The Controller is entitled and obligated to define the purpose and methods of the Processing of Personal Data. The subject, character and purpose of Processing is defined in more detail in the agreement or description related to the product or service as well as in the annexes of this Agreement.
Leady is entitled to Process the Personal Data and other data of the Controller only on the grounds of this Agreement and according to the written guidelines of the Customer and only to the extent and in a manner, it is necessary in order to provide services. Leady shall notify the Customer if any conflict with the data protection legislation of EU or Czech Republic is detected in the guidelines and in such a case, Leady may immediately decline and stop the application of the guidelines of the Customer.
Leady shall maintain the service description or another record of the Processing Activities of the service in cases where it is required to do so by the EU General Data Protection Regulation. Leady is entitled to collect anonymous and statistic data of the use of the services pursuant to the Agreement, that does not specify the Customer nor data subjects and uses it for analyzing and developing its services.
Leady shall immediately forward all requests to inspect, rectify, erase or object to the Processing of Personal Data or other requests received from the Data Subjects, to the Customer. If requested by the Customer, Leady shall support the Customer in fulfilling the requests of the Data Subjects.
Leady is obligated, taking into account the nature of the Processing of Personal Data and the data available, to assist the Customer in ensuring that the Customer complies with its legal obligations. These obligations may include requirements related to data security, notifying of data breaches, data protection impact assessments as well as obligations regarding prior consultations. Leady is obligated to assist the Customer only to the extent that applicable legislation obligates the Processor of Personal Data. Unless otherwise agreed, Leady is entitled to invoice the expenses incurred from action pursuant to this section 3.4 according to Leady’s valid price list.
Leady shall forward all inquiries made by data protection authorities directly to the Customer and shall await further guidance from the Customer. Unless otherwise agreed, Leady is not authorized to represent the Customer or act on behalf of the Customer in relation to the authorities supervising the Custom
Leady may Process personal data outside the EU/EEA area. In case such transfers or Processing take place, Leady ensures that the EU Commission standard contractual clauses 2010/87/EU concerning the transfer of Personal Data to outside the EU/EEA, or a similar legal safeguard approved by the Regulation, will apply to such transfer or Processing.
By accepting this Agreement the Customer grants a power of attorney to Leady to represent the Customer in signing the contractual clauses on behalf of and in the name of the Customer. Furthermore, the Customer explicitly accepts that Leady may also represent the subcontractor in question in relation to the contractual clauses.
6) Data Security
The Customer shall be responsible for its own and Leady’s expenses caused by the auditing. If notable defects are perceived during auditing, Leady shall be liable for the costs incurred from the auditing.
Leady shall implement the appropriate technical and organizational measures to protect the Personal Data of the Controller, taking into account all the risks of Processing, especially the unintentional or illegal destruction, loss, alteration, unauthorized disclosures or access to Personal Data that has been transferred, saved or otherwise Processed. When organizing the security measures, the technical options and their costs shall be assessed in relation to the special risks of the Processing at hand and the sensitivity of the Personal Data Processed.
The Customer shall be obligated to ensure that Leady is notified of all the circumstances concerning the Personal Data the Customer has delivered, such as risk assessments and the Processing of special sets of Data Subjects that affect the technical and organizational measures pursuant to this Agreement. Leady shall ensure that the personnel of Leady or a subcontractor of Leady shall abide by the appropriate non-disclosure commitments.
7) Data Breaches
Leady must notify the Customer of all Personal Data Breaches without undue delay after receiving information of the breach or after a subcontractor of Leady has received information of the breach.
If requested by the Customer, Leady shall, without undue delay give the Customer all relevant information concerning the data breach. In so far as the information in question is available to Leady, Leady shall describe at least the following to the customer:
Leady shall document and report the results of the inquiry and the implemented measures to the Customer.
The Customer shall be liable for the necessary notifications to the data protection authorities.
8) Limitation of Liability
If any tangible or intangible damage is caused to a person due to a breach against the EU General Data Protection Regulation or the Agreement, the Provider shall be liable for the damage only in so far that it has not explicitly acted in accordance to the obligations directed to Personal Data Processors in the EU General Data Protection Regulation or this Agreement.
Both parties are obligated to pay only the part of the damages or administrative fine that corresponds to the liability for damage confirmed in the final decision of a data protection authority or a court of law.
Otherwise, the liability of the parties shall be limited to the service fee, price or other consideration paid for the service or product, to the Personal Data of which the damage has been caused, during the 12 months preceding the damage.
Parties shall not be liable for indirect or consequential damages. Indirect damages include, but are not limited to, lost profit or damages that are caused by the decrease or interruption in production or revenue.
The limitations agreed under this section shall not apply to damage caused by willful misconduct or gross negligence.
9) Other provisions
Leady shall notify the Customer in writing of all changes that may affect its ability or chances to abide by this Agreement and the written guidance of the Customer. The Parties shall agree on all additions and amendments to this Agreement writing.
This Agreement shall enter into force after Customer has accepted it via the Leady service. The Agreement shall remain in force (i) as long as the Agreement is in force or (ii) the parties have obligations concerning personal data processing activities towards one another.
Those obligations that due to their nature are meant to survive the expiry of this Agreement shall remain in force after the expiry of the Agreement.
10) Applicable Law and Dispute Resolution
This Agreement and all matters arising out of or in connection with this Agreement shall be interpreted, construed and governed exclusively in accordance with the laws of Czech Republic without reference to its choice of law rules.
The parties shall try to resolve any dispute, controversy or claim concerning or related to this Agreement by negotiations.
In the event no settlement can be reached by means of negotiations within thirty (30) days following from the beginning of negotiations, any dispute, controversy or claim arising out of or relating to this Agreement, or the breach, termination or validity thereof shall be finally settled by arbitration in accordance with the Arbitration Rules of the Czech Central Chamber of Commerce. The arbitration shall take place in Helsinki, Czech Republic. The arbitration shall be conducted, and the arbitration award shall be given, in the English language, or, if all parties to the arbitration are Czech, in the Czech language. The Parties agree that the arbitration and all related material and information are confidential information