3.1. GeneralIn order to provide our Services and to corporate with our Partners, we may collect or obtain certain types of data from them. Partners may upload, transmit, import, post or process anonymized data about their users, visitors and/or customers ("
Data"). During a Partner's use of our Services, it may provide us with its and/or its users', visitors' and/or customers' information via API and/or other electronic and digital means. Partner will not use, and will not assist or knowingly permit any third party to, (i) use the Services to collect or store personally identifiable information (information that may identify an individual); (ii) pass personally identifiable information data to us that could use or recognize as personally identifiable information of its customers. This information is used by us to identify the Partner and/or its users, visitors and/or customers and provide our Services, support, mailings, sales and marketing actions, billing (if required or applicable) and to meet our contractual obligations with the relevant Partner. In addition, we will only have access to information related to the Partner's users, visitors and/or customers after it has been pseudonymized by the Partner, unless otherwise required and authorized by such users', visitors' and/or customers' explicit consent, or by the law and/or legal authority.
Partner acknowledges that: (i) the Service does not operate as an archive or file storage service and we do not obligate to store or backup the Data that Partner upload, import or post to us, or otherwise generate during its use of the Service; (ii) it is solely responsible for the backup of the Data; and (iii) it will lose access to any Data that have been deleted according to our sole discretion or as required by the law and/or any legal authority.
Partner understands and acknowledges that the Internet and communications over it may not be secure, and that connecting to it provides the opportunity for unauthorized access to computer systems, networks, and all data stored therein. The information and data transmitted through the Internet (including, without limitation, the Data) or stored on any equipment through which Internet information is transmitted may not remain confidential and we make no representation or warranty regarding privacy, security, authenticity, non-corruption or destruction of any such information. Use of any information transmitted or obtained over the Internet is at the Partner's own risk and we shall not be responsible for any adverse consequence or loss whatsoever from the use of the Internet.
3.2. Processing of Personal DataWe rely on the Partner's consent to process Personal and/or on Partner's representations and statements that such Partner has obtained the required consent from its users, visitors and/or customers. On other occasions, we may process Personal Data when it needs to do this to fulfill a contractual obligation with you as a Partner or where it is required to do so by law.
We may also process Personal Data when it is in our or our Partners' legitimate interests to do so and when these interests are not overridden by the individual's data protection rights (which may vary based on an individual's jurisdiction).
Partner acknowledges and agrees that the Data which will be provided to us may contain personally identifying information or personal data, as defined by the applicable laws which govern the use of data relating to identified or identifiable natural persons residing in the EU and/or the state of California in the United States, including the laws of the European Union ("
EU") Data Protection Act 1998, the EU General Data Protection Regulation ("
GDPR"), and the California Consumer Protection Act effective as of January 1, 2020, as each of these laws is amended or replaced from time to time, and any other foreign or domestic laws to the extent that they are applicable to the personally identifiable or personal data you upload, transmit, post or process while using the Service ("Data Protection Laws and Regulations").
Partner hereby grants us a non-exclusive right and license to receive, retrieve, access, use, reproduce, display, copy, transmit, process and store (collectively, "
Process") the Data in order to provide the Services. We may redact, anonymize, and/or aggregate the Data with content and data from our other Partners or as collected by us pursuant to this Policy ("
Data Aggregations") for purposes including, without limitation, product and service development and commercialization and quality improvement initiatives. We will redact or anonymize Data in such a way as to not divulge any Confidential Information (as defined below) or personally identifying information. All Data Aggregations will be the sole and exclusive property of us.
Partner represents and warrants that: (i) it have lawfully obtained any personally identifying information or Personal data pursuant to any and all applicable and relevant Data Protection Laws and Regulations; (ii) it have appropriately disclosed to users, visitors and/or customers how personally identifiable information or personal data will be used, processed, stored and/or shared pursuant to any and all applicable and relevant
Data Protection Laws and Regulations; (iii) it is responsible for honoring any requests from users, visitors and/or customers relating to the collection, use and storage of personally identifiable information or personal data as required by any and all relevant Data Protection Laws and Regulations; (iv) it owns or have acquired the right to all of the intellectual property rights subsisting in the Data, and have the right to provide us the license granted herein to the Data; and (ii) the Data does not infringe or violate any patents, copyrights, trademarks or other intellectual property, proprietary or privacy rights of any third party. Partner shall remain solely responsible and liable for the Data, including without limitation for our use of and reliance upon such Data, and expressly release us from any and all liability arising from any such activities.
3.3. Controller/ProcessorWe may process Personal Data both as a Processor and/or as a Controller, as defined in the GDPR and/or the Data Protection Laws and Regulation:
- For Visitor's and/or User's data, provided by the Visitor and/or User to us, we will be the Controller in accordance with the GDPR and/or the Data Protection Laws and Regulations.
- For Partner's data and/or Partner's and its users', visitors' and/or customers' data, provided by the Partner to us, we will be the Processor in accordance with the GDPR and/or the Data Protection Laws and Regulations.
All data collected by us will be stored in secure hosting facilities. All hosting is performed in accordance with the highest security regulations. We contract with such hosting providers ensures that all hosting is performed in accordance with the highest security regulations.
We have adopted reasonable physical, technical and organizational safeguards against accidental, unauthorized or unlawful destruction, loss, alteration, disclosure, access, use or processing of the Partner's data and/or Partner's data and/or the Personal Data in our possession. We will promptly notify Partner in the event of any known unauthorized access to, or use of, the Partner's data and/or Partner's and its users', visitors' and/or customers' data and/or the Personal Data.
3.4. Third-Party Data Protection.To the extent that the use of the Services (where applicable) requires Partner to process its users', visitors' and/or customers' Personal Data, as part of its use of any third-party's platform, for the purposes of the GDPR and/or the Data Protection Laws and Regulations, such platform will be the Controller and Partner will act as a Processor and will:
(a) comply with, and only act on, instructions from and on behalf of the third-party platform regarding the processing of that Personal Data;
(b) not process that Personal Data for any purposes other than the Services;
(c) ensure that appropriate technical and organizational measures are taken to avoid unauthorized or unlawful processing of that Personal Data and against loss or destruction of, or damage to, that Personal Data;
(d) ensure the reliability of all of the personnel who have, and will have, access to that Personal Data;
(e) not, by any act or omission, place the third-party platform and/or us in breach of the Data Protection Laws;
(f) inform the third-party platform and/or us immediately of any suspected or confirmed data protection breaches or unauthorized or unlawful processing, loss, or destruction of, or damage to, that Personal Data;
(g) not subcontract to any third party any of Partner's obligations to process the Personal Data on behalf of the third-party platform without the platform's prior written consent;
(h) not process, or cause to be processed, that Personal Data outside the European Economic Area unless Partner has: (i) the third-party platform's prior written consent to do so; and (ii) fulfilled all of the third-party platform's requirements to enable the processing to take place outside the European Economic Area; and
(i) to the extent that Partner is sending any electronic marketing communications on its behalf and/or on behalf of the third-party platform, ensure that the recipient has provided its consent to such communications, provide the ability to unsubscribe from such communications with each such communication, and comply with any such unsubscribe requests.