Data Processing Addendum
Last modified: January 10, 2022
Welcome! We are Linq App Inc., a Delaware corporation, or as we like to go by “Linq,” “we,” “our,” or “us.” Our mission is to change how the world connects! We offer products, services, and technologies (“Products”) allowing users (“Users”) to organize, display, and share information with their contacts through our software, mobile application, and website (collectively, “Platform”).
When you purchase or use our Products, Platform, or Services you become a User and agree to be comply with and be bound by our Policies (including this DPA). If you do not agree with our Policies, you must not purchase or use our Products, Platform, or Services.
1. Definitions and Interpretation. Capitalized terms shall either have the meaning set forth in the Agreement, Policies (e.g., Terms of Sale), or as set forth below:
“Business”, “Business Purpose”, “Consumer”, “Person”, “Personal Information”, “Sell”, “Service Provider”, and “Third Party” shall have the meaning set forth in the applicable Data Protection Legislation.
“Data Processor”, “Data Controller”, “Data Subject”, “Processing”, “Subprocessor”, and “Supervisory Authority” shall be interpreted in accordance with the applicable Data Protection Legislation.
“Data Protection Legislation” means the European Union Regulation 2016/679 (“GDPR”), the California Consumer Privacy Act as set forth in California Civil Code Section 1798.100-1798.199, et seq. (“CCPA”), as applicable, and any legislation or regulation implementing or made pursuant to it, or which amends or replaces any of it, and any other applicable legislation relating to the Processing of Personal Information that may exist in any applicable jurisdiction.
“Data Subject Request” means a request for access, erasure, rectification, or portability of the Personal Information of the User.
“Security Breach” means any act or omission that compromises the security, confidentiality, or integrity of Personal Information or the physical, technical, administrative, or organizational safeguards put in place to protect it. The loss of or unauthorized access, disclosure, or acquisition of Personal Information is a Security Breach whether or not the incident rises to the level of a security breach under the Data Protection Legislation.
“Standard Contractual Clauses (SCC)” means the European Commission's standard contractual clauses for the transfer of Personal Information from the European Union to third countries as set forth in the GDPR. In the case of conflict or ambiguity between any of the provisions of this Agreement and any executed Standard Contractual Clauses, the provisions of the executed Standard Contractual Clauses will prevail.
2. Scope; Personal Information Types; and Processing Purposes.
3. Data Protection Obligations. When we Process Personal Information in the course of providing our Products, Platform, and Services, we will:
3.1 Only process, retain, use, or disclose the Personal Information to the extent, and in such a manner, as is necessary to provide our Products, Platform, Services, or other qualified Business Purposes in accordance with the Agreement and related Policies or in accordance with the written instructions from the User. We will not process, retain, use, or disclose the Personal Information for any other purpose or in a way that does not comply with the Agreement (including this DPA), the Policies, or the Data Protection Legislation. If we are required by law to Process Personal Information for any other purpose, we will provide you with prior notice of this requirement, unless we are prohibited by law from providing such information;
3.2 Promptly comply with any User request or instruction requiring us to amend, transfer, or delete the Personal Information, to stop, mitigate, or remedy any unauthorized Processing, or otherwise comply with a Data Subject Request;
3.3 Notify the User if in our opinion, the User’s instruction would not comply with applicable Data Protection Legislation or if any changes to Data Protection Legislation may adversely affect our performance of the Agreement or our Policies;
3.5 Take reasonable steps to ensure that our personnel who access to Personal Information are informed of the confidential nature of your Personal Information's and are subject to confidentiality obligations that restrict their ability to disclose such Personal Information;
3.6 Implement and maintain appropriate technical and organizational measures to protect Personal Information against unauthorized or unlawful Processing and against accidental loss, destruction, damage, theft, alteration, or disclosure. These measures shall be appropriate to the harm which might result from any unauthorized or unlawful Processing, accidental loss, destruction, damage, or theft of Personal Information and appropriate to the nature of the Personal Information which is to be protected, and, at a minimum, in accordance with sound industry practice;
3.7 Upon a valid request, provide reasonably information to help you complete your compliance obligations under the applicable Data Protection Legislation, taking into account the nature of our Processing and the information available to us, including an obligation to respond to Data Subject Requests, adhere to data security obligations, consult with Supervisory Authorities, or conduct data protection assessments. We will notify the User in writing if we receive a request from a Data Subject concerning Personal Information or receive a complaint or request related to the User’s obligations under the Data Protection Legislation. We will allow the User and its authorized agents to conduct reasonable audits and inspections during the term of the Agreement to allow the User to verify that we are processing Personal Information in accordance with our obligations under the Agreement, our Policies, and applicable Data Protection Legislation;
3.8 Notify you, without undue delay, upon becoming aware of and confirming any accidental, unauthorized, or unlawful Processing of, disclosure of, or access to the Personal Information in the course of providing our Products, Platform, or Services under the Agreement, including any Security Breach, and further:
(a) notify the User and provide a detailed description of the Security Breach; the type of information that was disclosed by the Security Breach; the identity of the affected person(s), and the steps we are taking and will take to mitigate and remediate such Security Breach; and
(b) take immediate action to investigate the Security Breach and to identify, prevent, and mitigate the effects of the Security Breach and, with the prior written approval of the User, carry out any recovery or other action necessary to remedy the Security Breach.
3.9 Promptly initiate our purge process to delete or anonymize your Personal Information upon termination of the Agreement; and
3.10 Comply with the applicable Data Protection Legislation.
4. General Provisions.
4.1 In the event of any conflict or inconsistency between the provisions of the Terms of Services and this DPA, the provisions of this DPA shall prevail. For the avoidance of doubt and to the extent allowed by applicable law, any and all liability under this DPA, including limitations thereof, will be governed by the relevant provisions of the Terms of Service and Sale and other Policies. You acknowledge and agree that we may amend this DPA from time to time by posting the relevant amended and restated DPA on our Platform (including our website) and such amendments to this DPA are effective as of the date of posting. Your continued use of our Products, Platform, and Services after the amended DPA is posted to our Platform (including our website) constitutes your agreement to, and acceptance of, the amended DPA. If you do not agree to any changes to this DPA, do not continue to use our Products, Platform, or Services.
4.2 Except as specifically modified and amended in this DPA, all of the terms, provisions and requirements contained in the Agreement shall remain in full force and effect and govern the Agreement. If any provision of this DPA is held illegal or unenforceable in a judicial proceeding, such provision shall be severed and shall be inoperative, and the remainder of this DPA shall remain operative and binding on the parties.