Data Processing Addendum

Effective October 11, 2022 - UPDATED TERMS

DATA PROCESSING ADDENDUM

This Data Processing Addendum (‚ÄúAddendum‚ÄĚ) is hereby attached, subject to and incorporated in by reference to the Terms of Service located at https://www.logikcull.com/policies/terms-of-service (‚ÄúTerms of Service‚ÄĚ) by and between Logik Systems, Inc. (dba Logikcull), a Delaware corporation (‚ÄúLogikcull‚ÄĚ),and the customer agreeing to be bound by such Terms of Service (‚ÄúCustomer‚ÄĚ).Logikcull and Customer shall be collectively referred to herein as ‚ÄúParties‚ÄĚand individually as a ‚ÄúParty‚ÄĚ. Any capitalized terms used but not defined in this Addendum shall have their meanings set out in the Terms of Service.

‚Äć

1.     DEFINITIONS

a.¬†¬†¬†¬†‚ÄúBusiness Purpose‚ÄĚ means the Services defined in the Terms of Service.

b.¬†¬†¬†¬†‚ÄúController‚ÄĚ means the entity which determines the purposes and means of the Processing of Personal Information.

c.¬†¬†¬†¬†‚ÄúData Incident‚ÄĚ means any act or omission that compromises the security, confidentiality or integrity of Personal Information or the physical, technical, administrative or organizational safeguards put in place to protect it that rises to the level of a security breach or incident under the applicable Data Protection Laws and Regulations.

d.¬†¬†¬†¬†‚ÄúData Protection Laws and Regulations‚ÄĚ means all applicable laws and regulations, including, without limitation ,laws and regulations of the European Union; the European Economic Area and their member states; Switzerland; the United Kingdom; Canada and its provinces; the People's Republic of China; and the United States and its individual states; applicable to the Processing of Personal Information under thisAddendum.

e.¬†¬†¬†¬†‚ÄúData Subject‚ÄĚ means. the identified or identifiable person to whom Personal Information relates.

f.¬†¬†¬†¬†¬†‚ÄúPersonal Information‚ÄĚ means any information Logikcull Processes for Customer that (a) identifies or relates to an individual who can be identified directly or indirectly from that data alone or in combination with other information in Logikcull‚Äôs possession or control or that Logikcull is likely to have access to, or any other information that is defined as ‚Äúpersonal information‚ÄĚ or ‚Äúpersonal data‚ÄĚ under any applicable Data Protection Laws andRegulations.

g.¬†¬†¬†¬†‚ÄúProcess‚ÄĚ or ‚ÄúProcessing‚ÄĚ means any operation or set of operations which is performed upon PersonalInformation, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, otherwise making available, alignment or combination, restriction, erasure, destruction, or any other activity that the relevant Data Protection Laws and Regulations may otherwise include in the definition of processing.

h.¬†¬†¬†¬†‚ÄúProcessor‚ÄĚ means the entity which Processes Personal Information on behalf of the Controller.¬†

i.¬†¬†¬†¬†¬†‚ÄúServices‚ÄĚ means those certain services provided by Logikcull to Customer pursuant to the Terms of Service.

j.¬†¬†¬†¬†¬†‚ÄúService Provider‚ÄĚ means a Processor Processing PersonalInformation for the Business Purpose and any other entity that is defined as a‚Äúservice provider‚ÄĚ under applicable Data Protection Laws and Regulations.

k.¬†¬†¬†¬†‚ÄúStandardContractual Clauses‚ÄĚ means the Standard Contractual Clauses based on theCommission Decision C(2010)593 Standard Contractual Clauses (Model 2:controller to processor) found at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en,as set out in the Annex to Commission Decision (EU) 2021/914, which are incorporated herein by reference, and which a completed copy of the applicable Annexes are attached as Appendix B.

l.¬†¬†¬†¬†¬†‚ÄúSub-processor‚ÄĚ means any Processor engaged by Logikcull in connection with performing the Services for Customer.

‚Äć

‚Äć

2.     PROCESSING OF PERSONAL INFORMATION.

a.    Roles of the Parties. The Parties agree that in regard to the Processing of Personal Information under Data Protection Laws and Regulations that define the Parties’ relationship as one between a Controller and a Processor (such as GDPR), Customer is the Controller and Logikcull is the Processor. The Parties agree that in regard to the Processing of Personal Information under Data Protection Laws and Regulations that define the Parties’ relationship as one between a business and a Service Provider, (such as CCPA and PIPEDA), Logikcull is the Service Provider. The Parties agree that in regard to the Processing of Personal Data under Data Protection Laws and Regulations that define the Parties’ relationship as one between a Personal Information Processor and an Entrusted Party, Customer is the Personal Information Processor and Logikcull is the Entrusted Party.

b.    Customer’s Processing of Personal Information. Customer shall, in its use of the Service, Process Personal Information in accordance with, and     in compliance with, all applicable laws, including, without limitation,Data Protection Laws and Regulations. Customer’s instructions provided to     Logikcull with respect to the Processing of Personal Information shall at all times comply with Data Protection Laws and Regulations. Customer shall     have sole responsibility for the accuracy, quality and legality of Personal Information and the means by which Customer acquired any Personal     Information, including, without limitation, receiving all necessary consents of each Data Subject and ensuring the accuracy of all Personal Information. 

c.    Logikcull’s Processing of Personal Information. Logikcull agrees to treat Personal Information as Confidential Information of Customer in accordance with the Terms of Service and will only Process Personal Information on behalf of and in accordance with Customer’s documented written instructions in connection with: (i) Processing in accordance with this Addendum and the Terms of Service; (ii) Processing in relation to the Business Purpose; (iii) Processing initiated by Customer’s users in their use or receipt of the Service; (iv) Processing to comply with other documented written instructions provided by Customer where such documented written instructions are consistent with the terms of this Addendum and the Terms of Service and are in compliance with applicable Data Protection Laws and Regulations; or (v) Processing otherwise required pursuant to applicable Data Protections Laws and Regulations. Logikcull agrees to Process Personal Information in material accordance with, and in material compliance with, applicable Data Protection Laws and Regulations. The subject matter of the Processing is the Business Purpose.

d. ¬†¬†¬†Data Subject Requests. Logikcull will, to the extent legally permitted, notify Customer within a reasonable period of time if Logikcull receives a request from a Data Subject to exercise the Data Subject's right of access, right to rectification, restriction of Processing, erasure (i.e. ‚Äúright to be forgotten‚ÄĚ), data portability, object to the Processing, its right not to be subject to automated individual decision making or another applicable data subject right available to such Data Subject under applicable Data Protection Laws and Regulations (‚ÄúData Subject Request‚ÄĚ). Taking into account the nature of the Processing, Logikcull will assist Customer by appropriate technical and organizational measures, insofar as each are possible and reasonable, for the fulfillment of Customer‚Äôs obligation to respond to a Data Subject Request under Data Protection Laws and Regulations. In addition, to the extent Customer, in its use of the Service, does not have the ability to address a Data Subject Request, Logikcull shall, upon Customer‚Äôs request, use commercially reasonable efforts to assist Customer in responding to such Data Subject Request, to the extent Logikcull is legally permitted to do so and the response to such Data Subject Request is required under Data Protection Laws and Regulations. Customer shall be responsible for any costs arising from Logikcull‚Äôs provision of such assistance.

e.    Logikcull Personnel. Logikcull will ensure that its personnel engaged in the Processing of Customer Data are informed of the confidential nature of any Personal Information, have received appropriate training on their responsibilities and have executed written confidentiality agreements. Logikcull will ensure that such confidentiality obligations survive the termination of the personnel engagement. Logikcull will use commercially reasonable efforts to take necessary steps to ensure the reliability of any Logikcull personnel engaged in the Processing of Personal Information. Logikcull will use     commercially reasonable efforts to ensure that Logikcull’s access to Personal Information is limited to those personnel providing services to Customer pursuant to the Terms of Service. Logikcull has appointed a data protection officer who ensures compliance with the Data Protection Laws and Regulations. The appointed person may be reached at privacy@logikcull.com.  

f.    Return and Deletion of Customer Data. With respect to Hosted Data submitted through the Service,  Logikcull will return Hosted Data to Customer and/or, to the extent  permitted under applicable Data Protection Laws and Regulations, may delete such Hosted Data in accordance with the procedures and timeframes set forth in the Terms of Service and in compliance with Data Protection Laws and Regulations. With respect to Customer Data collected by or provided to Logikcull other than Hosted Data submitted through the Service, Logikcull will retain and/or delete such Customer Data in accordance with its retention and deletion policy and in compliance with Data Protection Laws and Regulations.

g.   Data Retention. Subject to Section 3(f), Logikcull may, in its discretion, retain Personal Information in accordance with the Terms of Service and all applicable laws, including the Data Protection Laws and Regulations. Logikcull reserves the right to retain relevant data and information when required by statute, rule or regulation; when under court order, subpoena, or other legal order; or when preserving evidence following or in anticipation of a civil or criminal lawsuit.

‚Äć

3.     SUB-PROCESSORS.  

a.     Engagement. Customer acknowledges and agrees that Logikcull may engage third-party Sub-processors in connection with the provision of services. Customer consents to the use of Logikcull’s currentSub-processors, a list of which is available at this link. In the event that Logikcull intends to engage a new Sub-processor with respect to the Service, Logikcull will update this list and send notification to the primary account owner.

b.     Objection. Customer may object to Logikcull’s use of a new Sub-processor by notifying Logikcull promptly in writing within ten (10) business days after receipt of Logikcull’s notice in accordance with the notice requirements set forth in this Addendum. In the event Customer objects to a new Sub-processor, Logikcull will use commercially reasonable efforts to make available to Customer a change in the Service or recommend a commercially reasonable change to Customer’s configuration or use of the Service to avoid Processing of Personal Information by the objected-to new Sub-processor without unreasonably burdening Customer. If Logikcull is unable to make available such change within a reasonable period of time, which shall not exceed thirty (30) days, Customer may terminate the applicable Terms of Service and other related documents with respect to receipt of those services which cannot be provided by Logikcull without the use of the objected-to newSub-processor by providing written notice to Logikcull.

c.     Liability. Logikcull will remain liable for the acts and omissions of its Sub-processors to the same extent Logikcull would be liable if performing the services of eachSub-processor directly under the Terms of Service, except as otherwise set forth in this Addendum.

‚Äć

‚Äć

4.     SECURITY AND INCIDENT MANAGEMENT.  

a.     Security.     Logikcull maintains relative and appropriate technical, and organizational measures for protection of the security (including protection against unauthorized or unlawful Processing and against accidental or unlawful destruction, loss or alteration or damage, unauthorized disclosure of, or     access to, Personal Information), confidentiality and integrity of Personal Information, in compliance with Logikcull’s then-current policies and     procedures and Data Protection Laws and Regulations. Logikcull regularly monitors compliance with these measures. Logikcull agrees not to materially decrease the overall security of the Service during the applicable subscription term. Logikcull has obtained industry standard data security and privacy certificates and agrees to maintain such certificates during the applicable subscription term with respect to Customer’s receipt of services. 

b.     Incident  Management.     Logikcull maintains an industry standard security incident management policy and shall notify Customer without undue delay after becoming aware of any actual Data Incident. Logikcull shall use reasonable efforts to identify the cause of any such Data Incident and take reasonable steps necessary to remediate the cause of such Data Incident, to the extent remediation is within Logikcull’s reasonable control. Following a Data Incident, the Parties agree to cooperate and take reasonable commercial steps as to investigate, mitigate, and remediate the Data Incident and the consequences of such incident.  The obligations set forth herein shall not apply to any incident caused by Customer or Customer’s users. 

c.     Record keeping and Audit.     Logikcull will maintain such records with respect to Processing Personal Information in connection with the Service as necessary to comply with its obligations under Data Protection Laws and Regulations. Upon Customer’s request, and subject to the confidentiality obligations set forth in the Terms of Service, Logikcull will make available to Customer information regarding Logikcull’s compliance with this Addendum and Data Protection Laws and Regulations in the form of third party certifications and audits.    

‚Äć

5.     COOPERATION.

Logikcull shall provideCustomer with reasonable cooperation and assistance necessary to fulfill Customer’s obligations under Data Protection Laws and Regulations, including in carrying out a data protection impact assessment related to Customers use of theService, providing necessary information relating to Logikcull’s Processing pursuant to the Services to the extent Customer does not otherwise have access to the relevant information. Logikcull shall provide reasonable assistance to Customer and cooperation with respect to any consultation or request by any regulatory or supervisory authority who has governance over Customer, to the extent required under Data Protection Laws and Regulations.

‚Äć

6.     INTERNATIONALTRANSFERS.

If Data Protection Laws and Regulations restrict cross-border Personal Information transfers, Customer will only transfer that Personal Information to Logikcull under the following conditions: (i) Logikcull, either through its location or participation in a valid cross-border transfer mechanism under Data Protection Laws andRegulations, as identified in Appendix A, may legally receive that PersonalInformation, or (ii) the transfer otherwise complies with Data Protection Laws and Regulations for the reasons set forth in Appendix A. If any Personal Information transfer between Customer and Logikcull requires execution of Standard Contractual Clauses in order to comply with Data Protection Laws andRegulations, the Parties agree the Standard Contractual Clauses will thereby be deemed incorporated herein, and will complete all relevant details in, and execute, the Standard Contractual Clauses contained in Appendix B, and take all other actions required to legitimize the transfer, including, if necessary: (i)co-operating to register the Standard Contractual Clauses with any supervisory authority in any European Economic Area country; (ii) procuring approval from any such supervisory authority; or (iii) providing additional information about the transfer to such supervisory authority. In the event of a conflict or inconsistency between thisAddendum and the Standard Contractual Clauses, the Standard Contractual Clauses shall prevail.

‚Äć

7.  SALE OF PERSONAL INFORMATION.  

Logikcull shall: (a) not sell the Personal Information (including to the extent of the definition of ‚Äúsell‚ÄĚ as defined in the CCPA); (b) not retain, use or disclose Personal Information for any purpose other than for the Business Purpose, in compliance with the Terms of Service, or as otherwise permitted by applicable Data Protection Laws and Regulations; (c) not retain, use or disclose the Personal Information for a commercial purpose (including to the extent of the definition of ‚Äúcommercial purpose‚ÄĚ as defined in the CCPA) other than the agreed purposes set forth in the Terms of Service; and (d) not retain, use, or disclose Personal Information outside of the direct business relationship between Logikcull and Customer, except as may otherwise be provided in this Addendum or the Terms of Service. Logikcull hereby certifies that it understands and is willing to abide by the restrictions in this Section.

 

8.  GENERAL PROVISIONS.

a.    Notice Requirements. Logikcull agrees that it will notify Customer if it determines that it cannot or will no longer meet the obligations set forth in this Addendum or applicable Data Protection Laws and Regulations with respect to performing the Services for Customer; and upon such notice, Logikcull will take reasonable and necessary steps, without undue delay, to stop Processing any impacted Personal Information. All such notices shall be sent to the email address associated with your Logikcull Account Owner. In notices required to be delivered by Customer to Logikcull hereunder shall be sent to privacy@logikcull.com.

b.    Term. Logikcull will Process Personal Information for the duration of the Terms of Service, unless otherwise agreed in writing.

c.    Severability. If one or more provisions of this Addendum are held to be unenforceable under applicable law, the Parties agree to renegotiate such provision in good faith. In the event that such provision was not required by the Data Protection Laws and Regulations and the Parties cannot reach a mutually agreeable and enforceable replacement, then (a) such provision shall be excluded from this Addendum, (b) the balance of this Addendum shall be interpreted as if such provision were so excluded, and (c) the balance of thisAddendum shall be enforceable in accordance with its terms.

d.    Limitation of Liability. Each Party’s liability arising out of or related to this Addendum, whether in contract, tort or under any other theory of liability, is subject to those limitations of liability set forth in the Terms of Service and any reference in the Terms of Service limiting a Party’s liability means the aggregate liability of that Party under the Terms of Service and this Addendum.

e.    Independent Contractors. The Parties are independent contractors, and nothing contained in this Addendum shall be construed to constitute the Parties as partners, joint venturers, co-owners or otherwise as participants in a joint or common undertaking.

f.     Governing Law. Apart from the specific provisions and requirements governed by Data Protection Laws and Regulations, this Addendum and all acts and transactions pursuant hereto and the rights and obligations of the parties hereto shall be governed, construed and interpreted in accordance with the laws of the State of Delaware, USA, without giving effect to principles of conflicts of law. The Standard Contractual Clauses shall be governed by the law of one of the EU Member States, provided such law allows for third-party beneficiary rights. The Parties agree that this shall be the law of Ireland. Any dispute arising from the Standard Contractual Clauses shall be resolved by the courts of an EU Member State. The Parties agree that those shall be the courts located in Ireland.

g.    Remedies. Logikcull and Customer each agree that the obligations set forth in this Addendum are necessary and reasonable in order to ensure that Data Subjects continue to benefit from effective safeguards and protection as required by the Data Protection Laws and Regulations with respect to the Processing Personal Information. Logikcull and Customer each expressly agree that due to the unique nature of the Personal Information covered hereunder monetary damages would be inadequate to compensate either Party for any breach by the other Party of its covenants and agreements set forth in thisAddendum. Accordingly, Logikcull and Customer each agree and acknowledge that any such violation or threatened violation shall cause irreparable injury to aParty and that, in addition to any other remedies that may be available, in law, in equity or otherwise, such Party shall be entitled to obtain injunctive relief against the threatened breach of this Addendum or the continuation of any such breach by the other Party, without the necessity of proving actual damages. Except as expressly set out in this Addendum, each Party’s rights and remedies under this Addendum are cumulative and not exclusive of any other rights or remedies to which the Party may be lawfully entitled under thisAddendum or at law, and each Party may pursue all of the Party’s rights and remedies concurrently, consecutively and alternatively.

h.    Headings. The headings and subheadings within this Addendum are for convenience only and do not define, limit, or enlarge the scope or meaning of this Addendum or any of its provisions.

‚Äć

Any term of this Addendum may be amended with the written consent of the Parties. Any amendment or waiver effected in accordance with this Section shall be binding upon the parties and their respective successors and assigns. Failure to enforce any provision of this Addendum by a Party shall not constitute a waiver of any term hereof by such Party.

 

APPENDIX A

 

PERSONAL INFORMATION PROCESSING PURPOSES ANDDETAILS

 

Business Purposes:  Performance of the Services pursuant to the Terms of Service.

 

Personal Data Categories:  Personal information uploaded by Customer to Logikcull under the Terms of Service.

 

 Data Subject Types: Data subjects whose personal information is uploaded to Logikcull by Customer under the Terms of Service.

 

Approved Sub-processors located at: Logikcull's data sub-processors | FrequentlyAsked Questions

 

 Identify Counterparty’s legal basis for receiving Personal Data with cross-border transfer restrictions (select one):

 

‚óĽ Located in an EEA Member State or in a country with a current determination of adequacy (list country):___________________________

‚óĽ Binding Corporate Rules

[x] Standard Contractual Clauses

‚óĽ Other (describe in detail):_______________________________________________________

 


 

APPENDIX B

 

StandardContractual Clauses

 

ANNEX I

 

A. LIST OF PARTIES

 

Data exporter(s):

 

     1. Name: …Refer to the account details under the Terms of Service

        Address: … Refer to the account details under the Terms of Service

        Contact person’s name, position and contact details: …Refer to the account details under the Terms of Service

        Activities relevant to the data transferred under these Clauses: …Performance of the Services

        Role (controller/processor): …Controller

 

Data importer(s):

 

     1. Name: … Logik Systems, Inc.

        Address: …111 Sutter St., 14th Floor, San Francisco,California, USA, 94104

        Contact: … Rachel Curran, Director of Risk and Compliance, privacy@logikcull.com

        Activities relevant to the data transferred under these Clauses: …Performance of the Services

        Role (controller/processor): …Processor

 

 

B. DESCRIPTION OF TRANSFER

 

Categories of data subjects whose personal information is transferred

 

Data subjects whose personal information is uploaded to Logikcull by Customer under the Terms of Service.

 

Categories of personal information transferred

 

Personal information uploaded by Customer to Logikcull under the Terms of Service.

 

Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take

into consideration the nature of the data and the risks involved, such as for instance strict

purpose limitation, access restrictions (including access only for staff having followed

specialized training), keeping a record of access to the data, restrictions for onward transfers

or additional security measures.

 

Sensitive data as uploaded by Customer to Logikcull under the Terms of Service; see Section 4.d. Data Privacy and Security of the Terms of Service.

 

The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis)

 

‚óĽ ¬†One-time

‚óĽ ¬†Periodic (specify frequency):

[x] Ongoing

‚󼬆 Other: ____________________________

 

Nature of the processing

As needed to perform the Services under the Terms of Service.

 

Purpose(s) of the data transfer and further processing

As needed to perform the Services under the Terms of Service.

 

The period for which the personal information will be retained, or, if that is not possible, the criteria used to determine that period

As needed to perform the Services under the Terms ofService. Personal Information will be deleted following termination of the Services pursuant to the terms of the Terms of Service.

 

B. COMPETENT SUPERVISORY AUTHORITY

 

Identify the competent supervisory authority/ies in accordance with Clause 13

Ireland

 

ANNEX II - TECHNICAL AND ORGANIZATIONAL MEASURES INCLUDING TECHNICAL AND ORGANIZATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA

 

Description of the technical and organizational measures implemented by the data importer(s) (including any relevant certifications) to ensure an appropriate level of security, taking into account the nature, scope, context and purpose of the processing, and the risks for the rights and freedoms of natural persons:

 

Refer to Section 4.d. Data Privacy and Security of the Terms of Service.

 

 

ANNEX II - LIST OF SUB-PROCESSORS

The controller has authorized the use of the sub-processors located at Logikcull's data sub-processors | FrequentlyAsked Questions.

 

 

 

 

‚Äć

PREVIOUS VERSIONS

July 16, 2020

November 27, 2019
May 25, 2018

‚Äć