Data Processing Addendum
This Data Processing Addendum ("Addendum") has been entered into by and between Flockler Commerce, Inc., a Delaware corporation, address 1201 W Peachtree St, NW Ste 2625 #36051, Atlanta, GA 30309 ("Flockler"); and "Customer".
Hereinafter Flockler and Customer shall also be individually referred to as "Party" and jointly as "Parties".
1.1. Flockler is the owner and licensor of certain software products and related services which Flockler has licensed to the Customer.
1.2. Flockler and Customer have entered into a separate agreement for the licensing of Flockler’s software and related service (the “Agreement”). The Parties have agreed to alter the terms of the Agreement as follows.
1.3. This Addendum sets out the terms and conditions for the processing of personal data by Flockler on behalf of the Customer.
1.4. Flockler acts as a data processor and the Customer acts as a data controller, within the meaning of the applicable data protection legislation.
1.5. For the purposes of this Addendum, the “applicable data protection legislation” shall mean the applicable laws and regulations in respect of processing personal data, including but not limited to, the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR“).
3.1. The Customer acts as a data controller under applicable data protection legislation. The Customer commits to ensure compliance with the data controller’s obligations under the applicable data protection legislation.
4.1. Flockler acts as a data processor under applicable data protection legislation. Flockler processes personal data the Customer is responsible for on behalf of the Customer according to the Customer’s documented instructions. Flockler shall implement appropriate technical and organizational measures for ensuring the security of the processing and maintain appropriate documentation of these measures and processing activities.
4.2. Flockler commits to ensure that all the persons processing personal data under the authority and supervision of Flockler have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality in addition to that such persons shall process personal data only pursuant to this Addendum, the Agreement and the Customer’s instructions.
4.3. Flockler commits to assist the Customer to ensure compliance with the provisions on the data subject’s rights by appropriate technical and organizational measures and to inform the Customer about the requests received from the data subjects.
4.4. Flockler shall provide the Customer all information necessary to demonstrate compliance with the obligations concerning the processing of personal data. Flockler shall allow the Customer either on their own or with a third party – which shall not be a competitor to Flockler – to conduct audits in the presence of Flockler. The Customer shall notify Flockler in writing at least 30 days in advance, after which the Parties shall mutually agree on the extent and timing of the audit, always conducted during Flockler’s normal working hours.
4.5. Flockler has an obligation to assist the Customer in completing possible data protection impact assessments, notifications of personal data breaches and prior consultation requests to the extent they relate to the software service provided by Flockler.
4.6. Flockler has the right to charge labor costs incurred by the assistance measures set out in this section 4 in accordance with its then current price list.
5.1. Possible subcontractors used by Flockler, which take part to processing of personal data, also act as data processors on behalf of the Customer. By accepting this Addendum, the Customer has provided a written authorization for the use of subcontractors. Flockler shall have full responsibility for the actions and omissions of its subcontractors, and shall ensure that the subcontractors comply with the responsibilities of Flockler under this Addendum and the Agreement. Flockler shall inform the Customer in writing of any intended changes concerning the addition or replacement of subcontractors, thereby giving the Customer the opportunity to object to such changes.
6.1. Flockler shall not transfer any personal data to any third party other than the subcontractors agreed in writing by the parties. Flockler may transfer personal data outside the borders of the European Union and European Economic Area, provided that Flockler shall ensure that it and its subcontractor(s) transfer the personal data in compliance with the applicable data protection legislation. If personal data processed under this Agreement is transferred from a country within the European Economic Area to a country outside the European Economic Area, the parties shall ensure that the personal data are adequately protected. To achieve this, the parties shall, unless agreed otherwise, rely on EU approved standard contractual clauses for the transfer of personal data.
7.1. In the event of a personal data breach, Flockler shall without undue delay after becoming aware of it notify the Customer in writing and additionally in any other reasonable and prompt manner. The personal data breach notification shall contain at least the following:
- A description of the nature of the personal data breach including, the categories and approximate number of data subjects concerned and the categories and approximate number of data records concerned;
- The name and contact details of the person responsible for the data processor’s data protection matters;
- A description of likely consequences and/or realized consequences of the personal data breach; and
- A description of the measures taken to address the personal data breach and to mitigate its possible adverse effects.
8.1. In relation to processing of personal data in connection with this Addendum, both Parties shall be liable towards one another for direct loss and damage caused by their breaches of this Addendum or the applicable data protection legislation to the non-breaching Party (including, but not limited to any administrative sanctions by competent supervisory authorities). Neither Party shall be liable for any indirect or consequential loss or damage, including but not limited to any loss of profits, revenue, reputation or goodwill. The Parties’ liability hereunder shall be subject to the liability cap agreed in the Agreement.
9.1. If provisions of the applicable data protection legislation are changed during the term of this Addendum, or if the data protection supervisory authority issues guidelines, decisions or regulations concerning the application of the data protection legislation in a way that this Addendum would no longer meet the requirements stipulated in Article 28 of the GDPR, the Parties shall make the necessary changes to this Addendum in writing, in order to meet such new or additional requirements; unless required to do so by Union or Member State law to which the processor is subject; in such a case, the processor shall inform the controller of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest.
9.2. All changes and additions to this Addendum shall be made in writing.
10.1. This Addendum enters into force on July 12, 2023. By continuing to use Flockler and the services provided by Flockler, Customer approves the terms and conditions of this Addendum, and it remains in force as long as Flockler processes personal data as the Customer’s data processor.
10.2. After the end of the provision of services under the Agreement Flockler commits to either delete or return all the personal data under the Customer’s responsibility to the Customer, based on the Customer’s choice. Flockler has the right to charge labor costs incurred by returning the personal data by hour according to the price list. Flockler deletes existing copies of the personal data unless legislation requires storage of the personal data.
11.1. This Addendum supersedes and replaces all prior data processing agreements between the Parties and supersedes any deviating provisions of the Agreement concerning the subject matter of this Addendum, notwithstanding anything to the contrary in the Agreement.
11.2. This Addendum shall be governed and construed in accordance with the laws of the State of Delaware. Any dispute arising out of or in connection with this Addendum shall be settled in accordance with the dispute resolution provision in the Agreement.
Nature and purpose of the processing: Providing a platform to store, organize and analyze user-generated content
Subject-matter and duration of the processing: Customer data for the duration of the Agreement.
Types of data stored on Flockler:
- financial information (payment information)
2. Content managers (Flockler users)
- name, email, social media profiles (name, username, profile image)
3. Social media users and content (nicknames, public content available on the web):
- social media post (name, username, profile image, content, location)
- social media profile (name, username, profile image, follower count)
See the updated list of subcontractors
- Changed Flockler Commerce, Inc., a Delaware corporation, address 19 W. 24th Street, Third Floor, New York City, New York 10010
into Flockler Commerce, Inc., a Delaware corporation, address 1201 W Peachtree St, NW Ste 2625 #36051, Atlanta, GA 30309
- 9.1 Added unless required to do so by Union or Member State law to which the processor is subject; in such a case, the processor shall inform the controller of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest.
- Changed Flockler Oy, a limited liability company duly incorporated and organized under the laws of Finland, address Rautatienkatu 21 B, 33100 Tampere, Finland
into Flockler Commerce, Inc., a Delaware corporation, address 19 W. 24th Street, Third Floor, New York City, New York 10010
- 1.2 Added (the “Agreement“)
- 1.5 Removed Finnish Personal Data Act (523/1999), and from 25 May 2018,
added and repealing Directive 95/46/EC,
and removed as well as supplementary Finnish legislation, local adaptions, case-law and guidance from supervisory authorities.
- 6.1 Added If personal data processed under this Agreement is transferred from a country within the European Economic Area to a country outside the European Economic Area, the parties shall ensure that the personal data are adequately protected. To achieve this, the parties shall, unless agreed otherwise, rely on EU approved standard contractual clauses for the transfer of personal data.
- 10.1 Changed 25 May 2018. to July 12, 2023, added and the services provided by Flockler
- 11.2 Changed Finland to the State of Delaware