This Data Processing Addendum for DataHappy Services (“DPA”) forms a part of the DataHappy Terms of Use between Drivn Ltd and Customer (“Agreement”) which apply to the Customer’s use of the DataHappy service. All capitalized terms not defined herein shall have the meaning set forth in the Agreement.
This DPA is an addendum to and forms a part of the Agreement, and shall be legally binding with effect from the commencement of the Agreement. If any terms of this DPA are inconsistent with the terms of the Agreement, including the exhibits thereto, then the terms of this DPA shall prevail.
BACKGROUND
APPENDICES
Customer as a Data Controller determines the purposes of collecting and processing Customer Personal Data in DataHappy. Appendix 1 states the details of the processing Drivn will provide via DataHappy under the Agreement. Appendix 2 states the technical and organizational measures Drivn applies to DataHappy, unless the Agreement states otherwise. Appendix 3 defines the applicable modules and options for the EU Standard Contractual Clauses and the UK Standard Contractual Clauses.
DRIVN OBLIGATIONS
SUBPROCESSORS
INTERNATIONAL TRANSFERS
DEFINITIONS
“Customer Personal Data” means any Personal Data that the Customer or any of its Users uploads to DataHappy.
“Data Protection Legislation” means the Data Protection Act 2018, Regulation (EU) 2016/679 of the European Parliament and of the Council, (the General Data Protection Regulation); any other existing or future law, directive or regulation (anywhere in the world) relating to the Processing of Personal Data or privacy, to which Drivn is subject.
“Data Controller”, “Data Processor”, “Data Subject”, “Processing” and “Personal Data” have the meanings given to those expressions or any equivalent or corresponding expressions in the Data Protection Legislation.
“EEA” means the European Economic Area, namely the European Union Member States along with Iceland, Lichtenstein and Norway.
“EU Standard Contractual Clauses” shall mean the standard contractual clauses promulgated by the Commission Implementing Decision (EU) 2021/914 of 4 June 2021 (C/2021/3972) on standard contractual clauses for the transfer of personal data to third countries pursuant to the GDPR.
“Security Breach” means a confirmed accidental or unlawful destruction, loss, alteration, or disclosure that results in the compromise of the integrity and/or confidentiality of Personal Data. They include Appendices 1 and 2 attached to this DPA.
“Subprocessor” means Drivn affiliates and third parties engaged by Drivn or Drivn’s affiliates to process Personal Data.
“Third Country Subprocessor” means any Subprocessor incorporated outside the EEA and outside any country for which the European Commission has published an adequacy decision as published at http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm.
“UK Standard Contractual Clauses” means the UK Data Transfer Addendum, being the applicable EU Standard Contractual Clauses as amended by a data transfer addendum in a form adopted by the UK ICO, as amended, superseded or replaced from time to time.
Data Exporter
Name: The Customer acting as a Data Controller subscribed to a Service that allows authorized users to enter, amend, use, delete or otherwise process Personal Data, as identified in the Agreement.
Address: As stated in the Agreement.
Contact person’s name, position and contact details: As stated in the Agreement.
Role: (Controller/Processor): Controller