Data Processing Terms
These Terms of Processing (hereinafter the "Terms") shall apply to all Services (as defined below) provided by Kendra, Scale My Business.
Each party, company, or business that holds an account on Kendra, Scale My Business platforms or makes use of the Services in any other way (hereinafter "Customer") shall be deemed to have accepted these Terms in full.
For purposes of these Terms, Customer shall be Data Controller, and Kendra, Scale My Business shall be Data Processor.
Preamble Pursuant to Article 28 of Regulation (EU) 2016/679 (GDPR), these Terms shall apply to all Services provided by Kendra, Scale My Business to Customer, and reflect the parties’ agreement with regard to the processing of Customer Personal Data.
Definitions - "Data Breach", shall mean any unauthorised or unlawful processing, disclosure of, or access to, Personal Data or any accidental or unlawful destruction of, loss of, alteration to, or corruption of Personal Data; - "Customer Personal Data", shall mean any Personal Data processed by Kendra, Scale My Business or third parties commissioned by Kendra, Scale My Business in connection with this Agreement being the data that Customer has provided to Kendra, Scale My Business for purposes of making use of the Services; - "Data Subject", shall mean a natural person whose Personal Data are processed by Kendra, Scale My Business under this Agreement; - "EEA", shall mean the European Economic Area; - "GDPR", shall mean the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC; - "Personal Data", shall have the meaning as set out in Article 4 of the GDPR; - "Privacy Shield", shall mean the EU-U.S. framework to provide companies with a mechanism to comply with data protection requirements when transferring Personal Data from the European Union to the United States; - "Services", shall mean any activities to be supplied or carried out by Kendra, Scale My Business for Customer; - "Sub-processor", shall mean any person or entity appointed by or behalf of Kendra, Scale My Business to process Customer Personal Data.
All terms not defined shall have the same meaning as in the GDPR, and their cognate terms shall be construed accordingly.
Applicability and Duration of Data Processing Agreement These Terms shall apply to all Customer Personal Data processed by Kendra, Scale My Business in relation to Services. Kendra, Scale My Business may trust that the person accepting these Terms is entitled to do so in the name of Customer. The Terms shall remain in effect until, and automatically expire upon, deletion and/or return of all Customer Personal Data, as described in Section 11 of these Terms (Deletion or Return of Personal Data).
Processing of Data
Kendra, Scale My Business shall process Customer Personal Data solely for the purposes of providing Services to Customer. Kendra, Scale My Business shall only process Personal Data on behalf of Customer and in accordance with this Agreement and the documented instructions of Customer, unless required otherwise by the relevant law to which Kendra, Scale My Business is subject. Kendra, Scale My Business shall comply with all applicable data protection laws in the processing of Customer Personal Data. Kendra, Scale My Business shall promptly inform Customer if, in the opinion of Kendra, Scale My Business, an instruction of Customer in relation to the processing of Customer Personal Data, infringes relevant data protection laws and/or this Agreement, unless the applicable law prohibits from doing so on important grounds of public interest.
Security Measures and Confidentiality
Kendra, Scale My Business shall implement and maintain technical and organizational measures to protect Customer Personal Data against a Data Breach. - Security measures shall include, but not be limited to, measures to encrypt Personal Data; the ability to ensure ongoing confidentiality, integrity, availability, and resilience of processing systems and services; the ability to restore timely availability and access to Personal Data following an incident; and regular testing/assessing/evaluating the effectiveness of applied measures for ensuring the security of the processing. - Kendra, Scale My Business shall take appropriate steps to ensure compliance with the security measures by the persons authorized to process Customer Personal Data, including ensuring that all persons authorized to process Customer Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality. - Kendra, Scale My Business shall ensure that only the persons authorized to process Customer Personal Data are given access and only to the extent necessary to provide Services to Customer.
Sub-Processing
Customer generally authorizes Kendra, Scale My Business to engage any third party as Sub-processor, as long as such parties are appointed in accordance with the rules stipulated in this Section. - Kendra, Scale My Business shall only engage a Sub-processor for any processing activities pursuant to this Agreement if such Sub-processor (1) is located within the EEA, or the United States of America (subject to such US party being compliant with the Privacy Shield), and (2) has appropriate GDPR standards and processes in place. In all other cases, Kendra, Scale My Business shall notify Customer through an update of these terms. - Kendra, Scale My Business shall update these terms in the event of changes concerning the addition or replacement of its Sub-processors. Customer may subsequently opt-out from the provision of Services and delete its Customer account. - Up-to-date Information about Sub-processors of Kendra, Scale My Business is available here below.
With respect to each Sub-processor, Kendra, Scale My Business shall ensure that:
Such engagement is set out in a written contract or other written legal act; - The data protection obligations as laid out in this Agreement and under Article 28(3) of the GDPR are imposed mutatis mutandis on the Sub-processor, and - Sub-processor processes Customer Personal Data in line with appropriate and technical organizational measures pursuant to this Agreement and Article 32 of the GDPR.
Data Transfers
Customer Personal Data shall only be processed by Kendra, Scale My Business, and/or appointed Sub-processors: (i) within the EEA; or (ii) the United States of America, if subject to such US party being compliant with the Privacy Shield; or (iii) in a country recognized by the European Commission as providing an adequate level of protection for Personal Data. - Whenever Kendra, Scale My Business is permitted by Customer to transfer Customer Personal Data to any recipient or country outside the EEA or the United States of America, if subject to such US party being compliant with the Privacy Shield; and such country is (i) not recognized by the European Commission as providing an adequate level of protection for Personal Data; or (ii) not covered by a suitable framework or certification recognized by the relevant authorities or courts as providing an adequate level of protection of Personal Data, then Kendra, Scale My Business shall implement Standard Contractual Clauses (pursuant to the European Commission’s decision of 5th February 2010 on Standard Contractual Clauses for the transfer of Personal Data to processors established in third countries which do not ensure an adequate level of data protection).
Data Subject's Rights
Kendra, Scale My Business shall enable Customer on request to access, rectify, restrict and delete the processing of Customer Personal Data, and to export Customer Personal Data.
Data Subject Requests
In the event of receiving any request from a Data Subject in relation to Customer Personal Data, Kendra, Scale My Business shall support Data Subject to submit his/her request to Customer, who shall respond to such requests. - Kendra, Scale My Business shall assist Customer in fulfilling any obligation to respond to requests by Data Subjects, in order to enable exercising Data Subject's rights, as laid down in Chapter III of the GDPR.
Personal Data Breach
In the event of a Data Breach affecting Customer Personal Data, Kendra, Scale My Business shall notify Customer immediately after becoming aware of the breach. Kendra, Scale My Business shall promptly take measures to address the breach and mitigate any adverse effects. - Notification information provided by Kendra, Scale My Business shall assist Customer in ensuring compliance with any legal obligations to report the breach to a supervisory authority or inform Data Subjects of the Data Breach pursuant to Articles 33 and 34 of the GDPR.
Data Protection Impact Assessments and Prior Consultation
Kendra, Scale My Business shall provide assistance to Customer with regard to conducting data protection impact assessments, including any consultations with supervising authorities or other competent data privacy authorities, in order to fulfil obligations as outlined under Articles 35 and 36 of the GDPR, or equivalent provisions of any other data protection law.
Record of Processing Activities
Kendra, Scale My Business shall maintain a record of processing activities relating to this Agreement and to Customer Personal Data, in accordance with the requirements stipulated under Article 30 of the GDPR. - Kendra, Scale My Business shall make such records available to Customer upon request and without undue delay.
Deletion or Return of Personal Data
After the end of the provision of Services, or at any earlier point in time upon written request from Customer, Kendra, Scale My Business shall delete and/or return all Customer Personal Data, including existing copies thereof, to Customer, unless EU or EU Member State law requires storage of such Customer Personal Data. - Upon receiving a written deletion request from Customer, Kendra, Scale My Business shall delete all Customer Personal Data no later than one month after the receipt of such request.
Audit
Customer, or a third-party auditor acting under Customer's direction, shall have the right to conduct data privacy and security audits at own expense, concerning Kendra, Scale My Business’s data security and privacy procedures relating to the processing of Customer Personal Data, and its compliance with this Agreement and the relevant data protection legislation. Customer may require Kendra, Scale My Business to demonstrate evidence of compliance with these procedures in lieu of or in addition to conducting such an audit.
Liability and Indemnity
The liability of Kendra, Scale My Business, under this Agreement or by law, shall at all times be limited to the amount covered by the liability insurance of Kendra, Scale My Business. If such liability insurance does not provide for adequate coverage, the aggregate liability of Kendra, Scale My Business shall at all times be limited to the amount of fees paid by Customer to Kendra, Scale My Business for the related Services in a given calendar year. - Customer shall be solely responsible and liable for ensuring the validity of consent collected from Data Subjects for the subscription to Customer’s newsletters created with the use of Services. Customer shall further indemnify Kendra, Scale My Business and hold Kendra, Scale My Business harmless from all damages resulting from failure to collect and/or record such valid consent.
Final Provisions
This Agreement and its interpretation shall be governed by the law of the U.S.A. - Any disputes arising in relation to the present Agreement shall be brought before the courts in the United States, which shall have exclusive jurisdiction to adjudicate, unless specifically agreed otherwise by the Parties, in writing. - Any future modifications to this Agreement shall be made in writing. - Should any provision of this Agreement be deemed invalid or unenforceable, the remainder of this Agreement shall remain valid and in force. The invalid or unenforceable provision shall be either (i) amended as necessary to ensure its validity and enforceability whilst preserving the Parties’ intentions as closely as possible or, if this is not possible, (ii) construed in a manner as if the invalid or unenforceable part had never been contained therein.
Current sub-processors:
Google
Facebook
Twitter
Instagram
Stripe
PayPal
Amazon