Data Processing Addendum

Data Processing Addendum

Last modified: January 10, 2022

Welcome! We are Linq App Inc., a Delaware corporation, or as we like to go by “Linq,” “we,” “our,” or “us.” Our mission is to change how the world connects! We offer products, services, and technologies (“Products”) allowing users (“Users”) to organize, display, and share information with their contacts through our software, mobile application, and website (collectively, “Platform”).

This Data Processing Addendum (“DPA”) amends the Terms of Service and Sale (or any other applicable agreement related to our Products, Platform, or Services) between us and you (“Agreement”), and otherwise supplements our other policies, including, our Privacy Policy (collectively, “Policies”). This DPA sets out the additional terms, requirements, and conditions on which we will obtain, handle, process, disclose, transfer, or store Personal Information when providing our Products, Platform, and related services under the Agreement (“Services”)).

When you purchase or use our Products, Platform, or Services you become a User and agree to be comply with and be bound by our Policies (including this DPA). If you do not agree with our Policies, you must not purchase or use our Products, Platform, or Services.

1. Definitions and Interpretation. Capitalized terms shall either have the meaning set forth in the Agreement, Policies (e.g., Terms of Sale), or as set forth below:

Business”, “Business Purpose”, “Consumer”, “Person”, “Personal Information”, “Sell”, “Service Provider”, and “Third Party” shall have the meaning set forth in the applicable Data Protection Legislation.

Data Processor”, “Data Controller”, “Data Subject”, “Processing”, “Subprocessor”, and “Supervisory Authority” shall be interpreted in accordance with the applicable Data Protection Legislation.

Data Protection Legislation” means the European Union Regulation 2016/679 (“GDPR”), the California Consumer Privacy Act as set forth in California Civil Code Section 1798.100-1798.199, et seq. (“CCPA”), as applicable, and any legislation or regulation implementing or made pursuant to it, or which amends or replaces any of it, and any other applicable legislation relating to the Processing of Personal Information that may exist in any applicable jurisdiction.

Data Subject Request” means a request for access, erasure, rectification, or portability of the Personal Information of the User.

Personal Information” shall have the meaning given to that term in our Privacy Policy. Notwithstanding the foregoing, “Personal Information” means any information we Process for our Users that (a) identifies or relates to an individual who can be identified directly or indirectly from that data alone or in combination with other information in our possession or control or that we are likely to have access to, or (b) otherwise defined as protected personal information or personal data under the applicable Data Protection Legislation.

Security Breach” means any act or omission that compromises the security, confidentiality, or integrity of Personal Information or the physical, technical, administrative, or organizational safeguards put in place to protect it. The loss of or unauthorized access, disclosure, or acquisition of Personal Information is a Security Breach whether or not the incident rises to the level of a security breach under the Data Protection Legislation.

Standard Contractual Clauses (SCC)” means the European Commission's standard contractual clauses for the transfer of Personal Information from the European Union to third countries as set forth in the GDPR. In the case of conflict or ambiguity between any of the provisions of this Agreement and any executed Standard Contractual Clauses, the provisions of the executed Standard Contractual Clauses will prevail.

2. Scope; Personal Information Types; and Processing Purposes.

2.1 The parties acknowledge and agree that the User is a Data Controller (and “data importer” under the SCC) and that Linq a Processor (and “data importer” under the SCC) of the Personal Information that it Processes on behalf of its Users in providing its Products, Platform, and Services under the Agreement and related Policies. Any Processing under the Agreement will be limited to the extent necessary for the parties to carry out and perform their obligations under the Agreement and applicable Policies.
2.2 As a User, you retain control over the Personal Information you provide through the Products, Platform, or Services, and you remain responsible for your compliance obligations under applicable Data Protection Legislation.
2.3 Our Privacy Policy, which is hereby incorporated by reference, describes the general categories of Personal Information and types of Data Subject we may Process to fulfill our obligations under the Agreement and our Policies.

 

3. Data Protection Obligations. When we Process Personal Information in the course of providing our Products, Platform, and Services, we will:

3.1 Only process, retain, use, or disclose the Personal Information to the extent, and in such a manner, as is necessary to provide our Products, Platform, Services, or other qualified Business Purposes in accordance with the Agreement and related Policies or in accordance with the written instructions from the User. We will not process, retain, use, or disclose the Personal Information for any other purpose or in a way that does not comply with the Agreement (including this DPA), the Policies, or the Data Protection Legislation. If we are required by law to Process Personal Information for any other purpose, we will provide you with prior notice of this requirement, unless we are prohibited by law from providing such information;

3.2 Promptly comply with any User request or instruction requiring us to amend, transfer, or delete the Personal Information, to stop, mitigate, or remedy any unauthorized Processing, or otherwise comply with a Data Subject Request;

3.3 Notify the User if in our opinion, the User’s instruction would not comply with applicable Data Protection Legislation or if any changes to Data Protection Legislation may adversely affect our performance of the Agreement or our Policies;

3.4 Maintain the confidentiality of all Personal Information, not Sell it to anyone, and not disclose it to a Third Party unless instructed by the User in writing, or as this Agreement and related Policies (including the Privacy Policy) authorize, or as required by law. Notwithstanding the foregoing, in the course of providing our Products, Platform, and Services, you acknowledge and agree that we may use Subprocessors and other Service Providers to Process your Personal Information. Our use of any specific Subprocessor or Service Provider to Process your Personal Information must follow the Data Protection Legislation and must be governed by a contract between us and Subprocessor that requires comparable protections to this DPA. We will remain responsible for our Subprocessor’s and Service Provider’s compliance with the obligations of this DPA, and we will ensure that any Subprocessors or Service Providers to whom we transfer Personal Information have entered into written agreements with us requiring their Service Providers (including any Subprocessors) to comply with terms substantially similar to this DPA. A current list of our Subprocessors and Service Providers may be found on our Privacy Policy under the “To our processors and subprocessors bullet point under the “Disclosure of Your Information” section. If you object to the appointment of a Subprocessor or Service Provider you may terminate this Agreement in accordance with its terms and our Policies;

3.5 Take reasonable steps to ensure that our personnel who access to Personal Information are informed of the confidential nature of your Personal Information's and are subject to confidentiality obligations that restrict their ability to disclose such Personal Information;

3.6 Implement and maintain appropriate technical and organizational measures to protect Personal Information against unauthorized or unlawful Processing and against accidental loss, destruction, damage, theft, alteration, or disclosure. These measures shall be appropriate to the harm which might result from any unauthorized or unlawful Processing, accidental loss, destruction, damage, or theft of Personal Information and appropriate to the nature of the Personal Information which is to be protected, and, at a minimum, in accordance with sound industry practice;

3.7 Upon a valid request, provide reasonably information to help you complete your compliance obligations under the applicable Data Protection Legislation, taking into account the nature of our Processing and the information available to us, including an obligation to respond to Data Subject Requests, adhere to data security obligations, consult with Supervisory Authorities, or conduct data protection assessments. We will notify the User in writing if we receive a request from a Data Subject concerning Personal Information or receive a complaint or request related to the User’s obligations under the Data Protection Legislation. We will allow the User and its authorized agents to conduct reasonable audits and inspections during the term of the Agreement to allow the User to verify that we are processing Personal Information in accordance with our obligations under the Agreement, our Policies, and applicable Data Protection Legislation;

3.8 Notify you, without undue delay, upon becoming aware of and confirming any accidental, unauthorized, or unlawful Processing of, disclosure of, or access to the Personal Information in the course of providing our Products, Platform, or Services under the Agreement, including any Security Breach, and further:

(a) notify the User and provide a detailed description of the Security Breach; the type of information that was disclosed by the Security Breach; the identity of the affected person(s), and the steps we are taking and will take to mitigate and remediate such Security Breach; and

(b) take immediate action to investigate the Security Breach and to identify, prevent, and mitigate the effects of the Security Breach and, with the prior written approval of the User, carry out any recovery or other action necessary to remedy the Security Breach.

3.9 Promptly initiate our purge process to delete or anonymize your Personal Information upon termination of the Agreement; and

3.10 Comply with the applicable Data Protection Legislation.

4. General Provisions.

4.1 In the event of any conflict or inconsistency between the provisions of the Terms of Services and this DPA, the provisions of this DPA shall prevail. For the avoidance of doubt and to the extent allowed by applicable law, any and all liability under this DPA, including limitations thereof, will be governed by the relevant provisions of the Terms of Service and Sale and other Policies. You acknowledge and agree that we may amend this DPA from time to time by posting the relevant amended and restated DPA on our Platform (including our website) and such amendments to this DPA are effective as of the date of posting. Your continued use of our Products, Platform, and Services after the amended DPA is posted to our Platform (including our website) constitutes your agreement to, and acceptance of, the amended DPA. If you do not agree to any changes to this DPA, do not continue to use our Products, Platform, or Services.

4.2 Except as specifically modified and amended in this DPA, all of the terms, provisions and requirements contained in the Agreement shall remain in full force and effect and govern the Agreement. If any provision of this DPA is held illegal or unenforceable in a judicial proceeding, such provision shall be severed and shall be inoperative, and the remainder of this DPA shall remain operative and binding on the parties.