A Brief Summary of Our DPA
This Data Processing Addendum (“DPA”) sets out the terms that apply when Personal Data is Processed by influencerstyle.co,A Public Benefit Corporation (“influencerstyle.co”), under the Agreement where the GDPR applies. The purpose of the DPA is to ensure that Processing is conducted in accordance with applicable law and respects the rights of individuals whose Personal Data is Processed under the Agreement.
This DPA does not apply where influencerstyle.co is the Controller.
Processing Personal Data
- Relationship of the Parties. Customer is the “Controller” and influencerstyle.co is the “Processor”, as such terms are defined under the General Data Protection Regulation (GDPR) with respect to the Personal Data Processed under the Agreement. In some circumstances, Customer may be a Processor, in which case Customer appoints influencerstyle.co as Customer’s Subprocessor, which shall not change the obligations of either party under this DPA.
- Customer’s Processing of Personal Data. “Personal Data” and “Processing” will have the same meaning as set forth in the GDPR. Customer shall, in the use of the Services, Process Personal Data in accordance with the requirements of all applicable laws. To the extent Customer acquires Personal Data, Customer shall have sole responsibility for the accuracy, quality, and legality of Personal Data and the means by which Customer acquired Personal Data.
- influencerstyle.co’s Processing of Personal Data. As Customer’s Processor, influencerstyle.co shall only Process Personal Data for the following purposes:
- Processing in accordance with the Agreement;
- Processing initiated by Authorized Users in their use of the Services according to the Agreement; and
- Processing to comply with other reasonable instructions provided by Customer that are consistent with the terms of the Agreement.
Customer acknowledges and agrees that influencerstyle.co may retain certain Subprocessors to Process Personal Data on influencerstyle.co’s behalf in order to provide Services under the Agreement. influencerstyle.co’s Subprocessors are listed in influencerstyle.co’s GDPR Statement. Prior to a Subprocessor’s Processing of Personal Data, influencerstyle.co will impose contractual obligations on the Subprocessor that are substantially the same as those imposed on influencerstyle.co under this DPA. influencerstyle.co remains liable for its Subprocessors’ performance under this DPA to the same extent influencerstyle.co is liable for its own performance. If Customer would like to receive notifications of new Subprocessors influencerstyle.co plans to engage, Customer must contact influencerstyle.co in writing in order to be notified. Customer may reasonably object to influencerstyle.co’s use of a new Subprocessor by notifying influencerstyle.co promptly in writing. After receiving an objection to the use of a new Subprocessor, influencerstyle.co will work with Customer to determine the appropriate course of action.
- Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, influencerstyle.co shall in relation to Personal Data implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including, as appropriate, the measures referred to in Article 32(1) of the GDPR.
- In assessing the appropriate level of security, Processor shall consider the risks that are presented by Processing, in particular from a Personal Data Breach. “Personal Data Breach” will have the same meaning as set forth in GDPR.
- Personal Data Breach.influencerstyle.co shall notify Customer without undue delay upon becoming aware of a Personal Data Breach affecting Customer Personal Data, providing Customer with sufficient information to allow Customer to meet any obligations to report or inform Data Subjects of the Personal Data Breach under applicable law. influencerstyle.co shall cooperate with Customer and take reasonable commercial steps as are directed by Company to assist in the investigation, mitigation and remediation of any such Personal Data Breach.
Rights of Data Subjects
“Data Subject” will have the same meaning as set forth in GDPR. Taking into account the nature of the Processing, influencerstyle.co shall assist Customer by implementing appropriate technical and organizational measures, insofar as possible, for the fulfillment of Customer’s obligations, as reasonably understood by Customer, to respond to requests to exercise Data Subject rights under applicable law. influencerstyle.cot shall:
- Promptly notify Customer if it receives a request from a Data Subject under any applicable law in respect of Customer Personal Data; and
- Ensure that it does not respond to that request except on documented instructions of Customer or as required by applicable law to which influencerstyle.co is subject, in which case, influencerstyle.cot shall, to the extent permitted by applicable law, inform Customer of that legal requirement before responding to the request.
Deletion of Customer Personal Data
Upon termination of the Services for which influencerstyle.co is Processing Personal Data, influencerstyle.co shall, upon Customer’s request and subject to the limitations in the Agreement and unless prevented by applicable law, securely destroy all Customer Personal Data.
Data Protection Impact Assessment
Upon Customer’s request, influencerstyle.coshall provide Customer with reasonable cooperation and assistance needed to fulfill Customer’s obligation under the GDPR to carry out a data protection impact assessment related to Customer’s use of the Services, to the extent Customer does not otherwise have access to the relevant information, and to the extent such information is available to influencerstyle.co. influencerstyle.co shall provide reasonable assistance to Customer in the cooperation or prior consultation with the Supervisory Authority to the extent required under the GDPR or other applicable law. “Supervisory Authority” will have the same meaning as set forth in GDPR.
influencerstyle.co shall make available to the Customer, upon Customer’s request and subject to the confidentiality obligations set forth in the Agreement, all information necessary to demonstrate compliance with this DPA, and shall allow for and contribute to audits, including inspections, by Customer or an auditor in relation to the Processing of Customer Personal Data. Before the commencement of any such audit, Customer and influencerstyle.co shall mutually agree upon the scope, timing, and duration of the audit.
Customer authorizes influencerstyle.co and its Subprocessors to make international transfers of Personal Data in accordance with this DPA so long as applicable data protection laws are respected.
For visitor facing components of influencerstyle.co such as the influencerstyle.co Consent Management, all personal data for visitors is stored in the EEA in influencerstyle.co’s Dublin, Ireland data center.
If Personal Data processed under this DPA is transferred from a country within the European Economic Area to a country outside of the European Economic Area, the parties shall ensure that the Personal Data is adequately protected.