Effective Date: August 17, 2016
We want to thank you for using InJoy Global’s products, services, websites, and products. Our customers are the most important aspect of our business and we appreciate you looking to InJoy Global to further your business. InJoy Global offers our customers an online platform to create programs to support their digital businesses. The entire selection of products, services and tools offered on our platform are our “Product.”
If you have any questions or unresolved privacy concerns, please contact us at email@example.com
Information that We Collect
Information that you provide to us: We may collect personal information that you provide when using our Product, such as when you: (1) create an account; (2) subscribe to our Product; (3) participate in events or promotions; (4) send questions or comments via email or live chat; (5) interact with our sales or customer support team; (6) apply for a job with us online; (7) fill out surveys; or (8) otherwise communicate with us through or about our Product. The types of personal information that you provide may include your name, email address, telephone number, mailing address, credit card information, and other contact or identifying information that you choose to provide. We store, process, and maintain files and content that you create and/or upload using our Product, as well as other data related to your account to provide the Product to you.
We do not store any credit card information we receive except as necessary to complete and satisfy our rights and obligations with regard to such transaction, billing arrangement, and/or as otherwise authorized by you. We use third party payment processors to process online payments.
Information about use of our Product: We collect certain device-specific information when you download and install the Product on your mobile device, including your mobile device model, operating system information, our mobile version and usage information. In addition, we may collect a resettable device identifier from your device. Resettable device identifiers (also known as mobile advertising identifiers) are similar to cookies and are found on many mobile devices and tablets (for example, the “Identifier for Advertisers” (or IDFA) on Apple iOS devices and the “Google Advertising ID” (or GAID) on Android devices), and certain streaming media devices. Like cookies, resettable device identifiers are used to make online advertising more relevant and for analytics and optimization purposes. Your mobile device’s operating system allows you to adjust your settings to opt out of providing this identifier. However, we do not use these identifiers to serve in-app advertising. Also, with your prior permission, we may collect your location information provided by your mobile device, which you may disable at any time through the device settings.
Our servers automatically collect usage information about your use of the Product, including the pages visited, number of log-ins, data displayed or clicked on, actions taken, your language preference, and other login information. We may collect automated error reports in the case of software malfunctions, which may contain some or all of the information in your account and content and may be reviewed to help resolve problems with the Product.
We collect information from the device and application you use to access our Product. Device data mainly means your IP address, operating system version, device type, device ID/MAC address, system and performance information, and browser type. If you are on a mobile device, we also collect the UUID for that device.
Like most websites, our web servers keep log files that record data each time a device accesses those servers. The log files contain data about the nature of each access, including originating IP addresses, internet service providers, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system versions, device type and timestamps.
If you arrive at Injoy Global from an external source (such as a link on another website or in an email), we record information about the source that referred you to us.
Information from third parties and integration partners: We may obtain personal information from third parties and combine such information with the information that we collect through our Product and such information may be used for the purposes described in the “How We Use the Information We Collect” section below. For example:
- You give permission to those third parties to share your information with us or where you have made that information publicly available online.
- You create or log into your account through a third-party social networking site or one of our integration partners, we will have access to certain information from that service such as your name and account information.
- If you subscribe to our Product, we may receive information from our third-party payment processors.
- We may collect information from unaffiliated third parties so that we can better understand you and provide you with information and offers that may interest you.
How We Use the Information We Collect
Use of Information: We may use the personal information collected through our Product to:
- Operate and improve our Product;
- Send you advertising or promotional materials;
- Provide and deliver the Product or other services you request, process transactions, and send you related information;
- Send you technical notices, updates, security alerts, and support and administrative messages;
- Respond to your comments, questions, and requests and provide you with requested customer support;
- Monitor and evaluate trends, usage, and activities in connection with our Product;
- Secure our systems, prevent fraud, and help us to protect the security of your account;
- Prevent, detect, and investigate potentially prohibited or illegal activities and to enforce our terms and policies;
- Personalize and improve the Product, and provide content, communications, or features that match users interests; and
- Link or combine with other information we obtain from third parties to help understand your needs and provide you with better service.
We reserve the right at all times to review your content and information to help resolve problems with our software or Product, or to ensure that you remain in compliance with our Terms of Service[link] and Acceptable Use Policy[link].
Information we may share: We do not “sell” your personal information (as that term is defined in the California Consumer Privacy Act). However, we may share your personal information with third parties as follows:
- Authorized Service Providers: We use other companies, agents, or contractors to perform services on our behalf or to assist us with the provision of services to you. For example, we engage service providers to provide marketing, advertising, communications, security, payment processing, infrastructure and IT services, to customize, personalize, and optimize our Product, to process payment transactions, to provide customer service, and to analyze and enhance data. To provide the services, these service providers may have access to your personal information. These service providers have agreed to maintain the confidentiality, security, and integrity of the personal information that they obtain from us and we do not authorize them to use or disclose your personal information except in connection with providing their services.
- Other Users: Content that you create, upload, or copy into our Product, may, if you choose, be read, copied, used, and distributed by people you know, your members, or people you don’t know. Information that you disclose using the chat function of the Product may be read, copied, used, and distributed by people participating in the chat. Use care when including sensitive information, such as home addresses or phone numbers, in content you share or chat sessions.
- With Your Consent: We may share your personal information when we have your consent.
Where We Store Your Personal Data
Data Storage: All data that you provide to use through our Product is stored on secure servers located in the United States. Any payment transactions will be encrypted using SSL technology; all payment data is stored by our payment processors and is never stored on our servers. Where we have given you (or where you have chosen) a password that enables you to access your account and the Product, you are responsible for keeping this password confidential. We recommend that you not share your password and that you change it frequently.
Data Security: Injoy Global takes reasonable measures to protect your personal information and your content from loss, misuse, and unauthorized access, disclosure, modification, and destruction and to ensure that your content remains protected and available to you. Unfortunately, the transmission of data via the internet is not completely secure and although we do our best to protect your personal data, we cannot guarantee the security of your data transmitted through the Product. All transmissions are at your own risk.
Data Retention: Injoy Global stores the information we collect for as long as necessary for the purpose for which it was originally collected and in compliance with our legal obligations. The retention periods applied by Injoy Global comply with applicable legislation then in effect, namely:
- For data relating to your account, such data will not be retained beyond your request that your account be deleted.
- For transactional data relating to your purchases, such data is kept for the entire period of our contractual relationship, then in accordance with legal obligations and applicable statute of limitations periods. Please note that this data does not include payment card information, which is processed by our third-party payment processors and not InJoy Global.
- For data collected based on your consent to receive marketing communications, we will use the data until you withdraw your consent or applicable law requires that such data is no longer used.
- For data collected in connection with your requests or questions, such data is kept for the period necessary to process and reply to your request or question.
- When cookies or other trackers are placed on your computer, they may be retained for a period of 12 months.
We may retain certain information for legitimate business purposes or as required by law.
Children Age 16 and Under
The Product is not directed at children under the age of 16 and we never knowingly collect personal information from children. We recognize the special obligation to protect personal information obtained from children age 13 and under. IF YOU ARE 16 YEARS OLD OR YOUNGER, THE COMPANY REQUESTS THAT YOU NOT SUBMIT ANY PERSONAL INFORMATION TO THE SITE OR TO INJOY GLOBAL. If we discover that a child age 16 or younger has signed up for our Product or provided us with personal information, we will delete that child’s identifiable information from our records.
How We Use “Cookies” and Other Tracking Technologies
The cookies used on the Website do not identify you personally. They merely recognize your browser, unless you choose to identify yourself voluntarily. You may choose to identify yourself for the following reason: So the browser will remember your username and password.
We may use session and persistent cookies. Session cookies exist only during an Internet user’s online session. They disappear (or expire) from the user’s computer when he/she closes the browser software.
We may also use first-party and third-party cookies. First-party cookies are served directly by a website to your computer’s browser and are only used by the website operator, who recognizes your computer when you revisit a website. Third-party cookies are served to your computer through one of our service providers on behalf of a website operator.
You have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. For further information about disabling cookies you can visit www.allaboutcookies.org. If you choose to decline cookies, you may not be able to login or use other interactive features of our Website and services that depend on cookies.
Your Choices and Rights
Subject to applicable law, we will make reasonable efforts to ensure your collected personal information is accurate and complete and we will update or correct your information as needed when notified by you. If you would like to request access to your personal information, request to verify your personal information, identify any inaccuracy in your personal information, or change or delete your personal information, please contact us at firstname.lastname@example.org. We strive to respond to these requests with 30 days or as required in accordance with applicable law.
Whenever you directly provide us with your personal information, please be sure it is accurate and complete. We cannot be responsible for any information you provide to us that is incomplete or incorrect.
We will not collect, use, or disclose your personal information in any ways or for any purposes that are materially different from those set forth herein. However, if we wish to do so in the future, we will obtain your consent first, and offer you the choice to opt-out of such proposed collection, use, or disclosure.
In addition, you have several options with respect to your personal information, as follows:
- You may terminate your use of the Product at any time. However, please note that InJoy Global may still process your personal information as a service provider to our customers if your personal data.
- If you have created an account, you may at any time access, edit, or delete your personal information. Please note that even if you delete information from your account, or deactivate your account, we may retain certain information as required by law or for legitimate business purposes. We may also retain cached or archived copies of your information for a certain period of time.
- You may opt out of receiving promotional emails, text messages, or mail from InJoy Global by visiting your user settings via the “Edit Your Preferences” or “Completely Unsubscribe” link in any promotional email or make this request via email to email@example.com. If you opt out, we may still send you transactional or relationship messages, such as emails about your account or updates to our Product.
- If you do not have a user account and wish to delete your email address or other personal information that you might have provided through your use of our Product and/or any other services, please email us at firstname.lastname@example.org with the words “Delete My Information” in the subject line.
Links to External Sites
Data Posted on Forums
Product users may have the ability to post content to one or more Product or other forums sponsored by Injoy Global, such as chat rooms and bulletin boards. You should be aware that when you voluntarily disclose personal information in any forum, that information can be collected and used by others and may result in unsolicited messages from other people. You are responsible for the personal information you choose to submit in these instances. Please take care when using these features. You may request and obtain removal of such posted content by contacting us at email@example.com and specifically identifying the content to be removed. Please be advised that any such removal does not ensure complete or comprehensive removal of all traces of the content posted on the our forums.
Located in the United States
For users located outside the jurisdiction of the United States, InJoy Global operates and processes data in the United States. Information we collect from you will be processed in the United States, and by using this website you acknowledge and consent to the processing of your data in the United States. The United States has not received a finding of “adequacy” from the European Union under Article 41 of the GDPR. We collect and transfer to the US personal data only with your consent; to perform a contract with you; or to fulfill a compelling legitimate interest of ours in a manner that does not outweigh your rights and freedoms. Please be aware that the United States and jurisdictions other than the one in which you are located may not provide the same level of data protection as considered adequate in your country. Note also that your personal information may be available to the US Government or its agencies under legal process in the United States.
If your business operates within the European Economic Area (EEA), United Kingdom or Switzerland, as an InJoy Global customer you are operating as a “data controller” of “personal data” of “data subjects” located in the EEA (as those terms are defined in the European General Data Protection Regulation 2016/679 (GDPR)). By requesting the Product and agreeing to these Terms, you are providing us with instructions to process any personal data collected by you through our Product on your behalf. You shall ensure and hereby warrant and represent that you are entitled to transfer personal data to InJoy Global so that we may lawfully process and transfer the personal data in accordance with these Terms. You shall ensure that relevant data subjects have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection laws and have sole responsibility for the accuracy, quality and legality of personal data processed by us in the provision of the Product.
California Privacy Rights
California Civil Code Section 1798.83, also known as the “Shine The Light” law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided below.
If you are under 18 years of age, reside in California, and have provided your personal information to our Website, you have the right to request removal of unwanted data that you publicly post on the Website. To request removal of such data, please contact us using the contact information provided below, and include sufficient detail about the public post(s) and a statement that you reside in California. We will make sure the data is not publicly displayed on the Website, but please be aware that the data may not be completely or comprehensively removed from our systems, nor can we guarantee any cached or archived version of the Website will remove such data.
Nevada Privacy Rights
Nevada law (SB 220) requires website operators to provide a way for Nevada consumers to opt out of the sale of certain information that the website operator may collect about them. We do not sell your personal information to third parties as defined in Nevada law, and will not do so in the future without providing you with notice and an opportunity to opt-out of such sale as required by law.
European Economic Area, UK and Swiss Privacy Rights
For residents of the European Economic Area (EEA), United Kingdom (UK) or Switzerland, we advise that your personal information will be transferred to and processed in the United States, which has data protection laws that are different than those in your country and may not be as protective. The United States has not sought or received a finding of “adequacy” from the European Union under Article 45 of the General Data Protection Regulation (GDPR). Our legal basis for collecting and using your personal information is to do so with your consent; where we need the personal information for performance of a contract or requested service, or where the collection and use is in our or another’s legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect the personal information in question. If we collected your personal information with your consent, you may withdraw your consent at any time.
Our retention of your personal information and any subsequent communications are based on our legitimate interest in providing you with new and potentially relevant materials based on your geography, role, or company. As always, you can elect to opt out from receiving such future communications.
To the extent that we transfer personal information from the EEA, UK or Switzerland to a jurisdiction outside those countries that has not been adduced by the European Commission as providing adequate data protections (such as the United States), we will ensure that such personal information is safeguarded through appropriate contractual terms or other approved mechanisms.
Rights for EEA/UK/Swiss Residents – If you are a resident of the EEA, UK or Switzerland, you have the right to:
- Find out if we use your personal information, to access your personal information and receive copies of your personal information.
- Withdraw any express consent that you have provided to the processing of your personal information at any time without penalty.
- Access your personal information and have it corrected or amended if it is inaccurate or incomplete.
- Obtain a transferable copy of some of your personal information which can be transferred to another provider when the personal information was processed based on your consent.
- If you believe your personal information is inaccurate, no longer necessary for our business purposes, or if you object to our processing of your personal information, you also have the right to request that we restrict the processing of your data pending our investigation and/or verification of your claim.
- Request your personal information be deleted or restricted under certain circumstances. For example, if is using your personal information on the basis of your consent and has no other legal basis to use such, you may request your personal information be deleted when you withdraw your consent.
Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
If we ask you to provide personal information to us to comply with a legal requirement or enter into a contract, we will inform you of this and let you know whether providing us with your personal information is required and if not, the consequences of not sharing your personal information with us.
Similarly, if we collect and use your personal information in reliance on our or a third party’s legitimate interests and those interests are not already described above, we will let you know what those legitimate interests are.
To withdraw consent or exercise these rights, please contact us via email at firstname.lastname@example.org.
If you are not satisfied with our response, or believe we are processing your personal information in violation of the law, you have the right to lodge a complaint with the Supervisory Authority (also known as Data Protection Authority) or other appropriate governmental authority in your EEA Member State. A list of Supervisory Authorities is available here: https://edpb.europa.eu/about-edpb/board/members_en.
INJOY GLOBAL INC DATA PROCESSING AGREEMENT
INJOY GLOBAL INC DATA PROCESSING AGREEMENT
Date: June 28, 2022
The General Data Protection Regulation (GDPR) is a set of rules, enforced on 25th May 2018, that aims to give EU citizens more control over their personal information. INJOY GLOBAL INC (“we, us”) is committed to respect all GDPR requirements.
01. Application of the DPA
1.1. This Data Processing Agreement, including its Appendixes (the “DPA”), is between us and entities who subscribe for INJOY GLOBAL INC’s services (“Customer, you, your”) and reflects the Parties agreements with respect to the processing of personal data by us, on your behalf and in connection with the services we provide to our customers under our terms and conditions (the “Master Agreement”). Please note, however, that this DPA solely applies if the processing of data is governed by the GDPR.
1.2. If this DPA applies, this DPA forms part of our terms and conditions between us and you. In other words: this DPA supplements the Master Agreement and forms an integral part of the Master Agreement.
2.1. In this DPA, the following terms shall have the following meaning:
a) “Applicable Privacy Law(s)” means EU Data Protection laws and regulations, including the GDPR;
b) “EEA” means the European Economic Area;
c) “GDPR” means the European Union General Data Protection Regulation (2016/679);
d) “Personal data” means all data which is qualified as personal data under Applicable Privacy Law(s);
e) “Services” means all products and services provided by us under the Main Agreement;
f) “Sub-processors” means any entity appointed by us or on our behalf to process personal data;
g) “Standard Contractual Clauses” means the “controller-to-processor” (Module 2) modules of the Standard Contractual Clauses for the transfer of Personal data to third countries pursuant to Regulation (EU) (04 June 2021).
2.2. Other terms such as “controller”, “processor”, “data subject”, “sensitive data”, or “data breach”, shall have the meaning assigned to them under the Applicable Privacy Law(s).
03. Roles of the Parties
3.1. The Parties acknowledge and agree that, with respect to the processing of Personal data under this DPA:
You act as the controller, and have the sole and exclusive authority to determine the purposes and means of the processing of Personal data;
We act as the processor, and will only process Personal data on your behalf and under your instructions;
We may engage sub-processors (in accordance with article 9).
3.2. All Personal data processed under this DPA shall remain your property and we will not have or obtain any rights therein. Under no circumstances will we act, or be deemed to act, as a “Controller” of the personal data under Applicable Privacy Law(s).
04. Your responsibilities
4.1. You agree and guarantee that:
the processing of Personal data, including your instructions to us, are and shall continue to be in accordance with all Applicable Privacy(s);
the Personal data may be processed outside of the European Economic Area (EEA);
you have provided notice and obtained all consents and rights necessary under Applicable Privacy Law(s) for us to process Personal data and provide our services to you under the Master Agreement;
you will be solely responsible for the quality, accuracy and legality of Personal data and the means by which you acquired the Personal data;
if processing by us involves any sensitive data, you have collected such data in accordance with all Applicable Privacy Law(s);
you will inform your data subjects about your use of data processors to process their Personal data, including us (INJOY GLOBAL INC).
05. Purpose, ownership of data
5.1. In using our services under the Main Agreement, you may submit through the services or otherwise provide access to us, certain Personal data. As your processor, we shall only process Personal data for the following purposes:
In order to provide our services in accordance with the Main Agreement, including transmission of communication, implementing improvements and updates;
In order to comply with other reasonable instructions provided by you (e.g., via support tickets or email);
As initiated through the use of our services by you, your personnel and other end users you allow to use our services;
For our legitimate business purposes, such as preventing security threats from happening, billing, financial reporting, product improvement, and to comply with any legal requirements.
5.2. You agree to take full responsibility to keep the amount of Personal data provided to us, to the minimum necessary for the performance of our services under the Master Agreement. You are solely responsible for ensuring that your use of our services comply with Applicable Privacy Law(s).
06. Data Subject Requests
6.1. To the extent we are required under Applicable Privacy Law(s) and only to the extent you are unable to independently address a request or complaint from a data subject, we will provide reasonable assistance to you to respond to such a request or complaint. You shall be responsible for any costs arising from this assistance.
6.2. Please note that we will not respond to a request or complaint from a data subject, except on your written request or if required by Applicable Privacy Law(s).
6.3. In the event that we receive a request or complaint from a data subject, we shall promptly notify you and shall not respond to such communication without your consent, unless we are required to do so by Applicable Privacy Law(s).
07. International transfers
7.1. We are located in the United States. You understand and agree that we may transfer Personal data to the United States and to other jurisdictions where we and / or our sub-processors have operations. We will only do so, however, if there is an adequacy decision in place issued by the EU Commission or if there are appropriate safeguards in place for the transfer.
7.2. If Personal data is transferred out of the EEA or Switzerland, to countries which do not ensure an adequate level of data protection within the meaning of the Applicable Privacy Law(s), the relevant Standard Contractual Clauses will apply, which shall be deemed incorporated into and form a part of this DPA. The Parties agree to abide by and process Personal data in compliance with the Standard Contractual Clauses. Since we are acting as a processor, and you are acting as a controller, the Controller-to-Processor clauses (Module 2) will apply to a data transfer.
7.3. The Parties agree that for the purposes of the Standard Contractual Clauses, (i) we will be deemed the data importer and (ii) you will be deemed the data exporter.
7.4. Nothing in this DPA will be construed to prevail over any conflicting clause of the Standard Contractual Clauses.
7.5. Where the Standard Contractual Clauses require the Parties to choose between optional clauses and / or to input information, the Parties have agreed as follows:
Docking clause: this option under clause 7 shall not apply;
In Clause 9, Option 2 (“General written authorisation”) shall apply: “The data importer has the data exporter’s general authorisation for the engagement of sub-processor(s) from an agreed list. The data importer shall specifically inform the data exporter in writing of any intended changes to that list through the addition or replacement of sub-processors at least 14 days in advance, thereby giving the data exporter sufficient time to be able to object to such changes prior to the engagement of the sub-processor(s). The data importer shall provide the data exporter with the information necessary to enable the data exporter to exercise its right to object.”;
In Clause 17, Option 1 will apply: “These Clauses shall be governed by the law of one of the EU Member States, provided such law allows for third-party beneficiary rights. The Parties agree that this shall be the law of the Netherlands”;
Clause 18(b), (“Choice of forum and jurisdiction”): disputes shall be resolved before the court of the Netherlands;
For Clause 11(a) (“Redress”): the Parties do not adopt the Option.
The Annexes of the Standard Contractual Clauses shall be deemed completed with the relevant information set out in Appendix 1 and Appendix 2 of this DPA.
7.6. The Standard Contractual Clauses will not apply to a transfer of Personal data if we have adopted Binding Corporate Rules or an alternative recognized compliance standard for lawful transfers.
08. Government access requests
8.1. As a matter of general practice, we do not voluntarily provide government authorities or agencies with access to Personal data. We shall promptly notify you about any compulsory request for disclosure of Personal data from any government authority or agency, unless otherwise prohibited from doing so. We shall challenge the request if, after careful assessment, we determine that the request is unlawful.
9.1. By means of this DPA, you agree and provide a general authorization to us to engage Sub-processors for the processing of personal data.
9.2. A list of our current Sub-processors is set out in Appendix 3. We may update the list of Sub-processors from time to time. Before replacing or engaging a new Sub-processor, we will give you the option to object to the change (“change notice”). We may change a Sub-processor where the reason for the change is outside of our reasonable control (“emergency replacement”). In this case, we will inform you of the emergency replacement, as soon as possible.
9.3. If you have a legitimate reason that relates to the Sub-processors’ processing of Personal data, you may object to a new Sub-processor, by notifying us within 10 days of receipt of our change notice. When you object to the use of a new Sub-processor, the Parties will come together in good faith to discuss a solution. If it is not possible to come to a commercially reasonable solution, either party may terminate the Master Agreement on thirty days’ written notice. Please note that if you do not terminate the Master Agreement in accordance with this clause, you are deemed to have agreed to the new Sub-processor.
9.4. We shall make proper arrangements with any Sub-processors. We do our best to ensure that our Sub-processors comply with the obligations set forth in this DPA with respect to the processing of the Personal data. If a Sub-processor fails to comply with its data protection obligations, we shall remain fully liable to you for the performance of the Sub-processor’s obligations.
10.1. We are willing to cooperate and provide information in the event of an audit. Upon your written request, we shall (but not more than once per year, other than in the event of a breach) submit to your audits and inspections, to demonstrate compliance with the obligations set forth in this DPA and our respective obligations under Applicable Privacy Law(s). The findings of the audit conducted will be assessed by the Parties in mutual consultation. The costs of the audit will be borne by you.
11. Data breach
11.1. In the event of a data breach, we will inform you of the data breach within a timely manner and in accordance with the timeframe required of us under Applicable Privacy Law(s), so that you are able to meet your obligations to report a data breach.
11.2. In the event of a data breach, we shall take all reasonable steps to mitigate the effects of the incident and / or prevent such a breach from reoccurring.
11.3. The Parties agree to coordinate in good faith on developing the content of any public/regulatory communication or press release, provided that this shall not prevent you from complying with Applicable Privacy Law(s).
12.1. This DPA shall remain in effect for as long as we and / or our Sub-processors process Personal data on your behalf or until termination of the Master Agreement (and all Personal data has been returned or deleted in accordance with article 14 of this DPA).
12.2. Obligations under the DPA that are intended by their nature to continue after termination of the DPA, will continue to apply after termination of the DPA.
13. Limitation of liability
13.1. Notwithstanding anything to the contrary in the Master Agreement or this DPA, the
liability of each party and each party’s affiliates under this DPA will be subject to
the limitations and exclusions of liability set out in the Master Agreement.
14. Deletion and return of Personal data
14.1. Upon termination or expiration of the Master Agreement, we will (at your election) delete or return to you all Personal data in our control or possession. We, or our Sub-processors, may retain some or all Personal data to the extent that it is required by Applicable Privacy Law(s). In this event, we shall protect the Personal data from any further processing except when required by such law.
14.2. If we are unable to delete Personal data due to technical or other reasons, we shall apply reasonable measures to ensure that:
the Personal data is blocked from any further processing;
the Personal data is anonymized.
15. Amendment to this DPA
15.1. We are allowed on at least 30 days’ notice to you, to make any variations to this DPA that we deem necessary in case of changes in the Master Agreement, Applicable Privacy Law(s) or other relevant circumstances affecting the processing of personal data.
15.2. If you choose to object to any variation on reasonable grounds, you have the right to terminate the Master Agreement on written notice, provided that we receive your notice before the effective date of our 30 days’ notice.
16. Governing law and jurisdiction
16.1. This DPA shall be governed by and construed in accordance with the governing law and jurisdiction provisions in the Master Agreement, unless required otherwise by Applicable Privacy Law(s).
17.1. If there is any conflict or inconsistency between this DPA and the Master Agreement, the provisions of the following documents (in order of precedence) shall prevail: (i) SCCs; then (ii) this DPA; and then (iii) the Master Agreement.
APPENDIX 1 – Details of Data Processing
Where relevant, this Appendix I will serve as Annex I to the Standard Contractual Clauses EEA, Module 2 (Transfer Controller-to-Processor).
Annex 1 , Section A, List of Parties
Data exporter(s): You, the Customer.
Data exporter contact details: the contact details that are stored in the Customer’s account.
Signature and date: as of the effective date of this DPA, you are deemed to have signed and accepted the Standard Contractual Clauses incorporated herein.
Representative: not applicable.
Data importer: we, InJoy Global, Inc.
Data importer contact details: InJoy Global, Inc., General Counsel 5348 Vegas Dr., Las Vegas, NV 89108 USA (email@example.com)
Signature and date: as of the effective date of this DPA, we are deemed to have signed and accepted the Standard Contractual Clauses incorporated herein.
Representative: not applicable.
Annex 1 , Section B, Description of transfer
1. Categories of data subjects whose personal data is transferred:
Transferred Personal data relates to the following categories of data subjects: customers’ end-users and other individuals having been granted access to the services.
2. Categories of personal data transferred:
Communication information, such as personal data included in chats;
End-user account information, such as first name, last name, as email address, telephone number, location information;
End-user usage information, such as device-specific information, resettable device identifier.
3. Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialised training), keeping a record of access to the data, restrictions for onward transfers or additional security measures:
Although we do not anticipate the transfer of sensitive data, it may happen that we process sensitive data if you or your end-users choose to transmit sensitive data using our services. Please note that you are solely responsible for applying specific restrictions and / or additional safeguards adapted to the specific nature of the sensitive data.
4. The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis):
Personal data is transferred on a continuous basis.
5. Nature of the processing:
Personal data will be processed by us to the extent necessary to provide the services under the Master Agreement and as otherwise authorized by the Master Agreement, this DPA or Applicable Privacy Law(s).
6. Purpose(s) of the data transfer and further processing:
We process Personal data for the purpose of providing our services under the Master Agreement and for the other purposes as set out in this DPA.
7. The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period:
We store the information we collect for as long as necessary for the purpose for which it was originally collected and in compliance with our legal obligations. End-users data relating to the personal account, will not be retained after the account has been deleted.
8. For transfers to (sub-) processors, also specify subject matter, nature and duration of the processing:
For transfers to (sub-)processors, the subject matter and nature of the processing is outlined at Appendix 3 – List of sub-processors. The duration is for the duration of the Master Agreement.
Annex 1 , Section C, Competent supervisory authority
Identify the competent supervisory authority/ies in accordance with Clause 13:
If the data exporter is established in an EU Member State: the supervisory authority responsible for ensuring compliance by the data exporter with the GDPR.
If the data exporter is not established in an EU Member State, but falls within the (extra-)territorial scope of the GDPR and has appointed a representative pursuant to Article 27(1) of the GDPR: the supervisory authority of the Member State in which the representative is established.
If the data exporter is not established in an EU Member State but falls within the (extra-)territorial scope of the GDPR without, however, having to appoint a representative pursuant to Article 27(2) of the GDPR: the supervisory authority of one of the Member States in which the data subjects whose Personal data is transferred under the Standard Contractual Clauses, are predominantly located.
APPENDIX 2 – Technical and organizational measures, including technical and organizational measures to ensure the security of the data
The security measures applicable to the processing of data subjects’ personal data, are described here (as updated from time to time):
Physical access controls are in place
Logging & monitoring
Customer data stored within AWS is encrypted at all times
APPENDIX 3 – List of Sub-processors
The controller has authorized the use of the following sub-processors:
Amazon Web Services
410 Terry Avenue North, Seattle, WA
Hosting provider to store the personal data that is being processed
354 Oyster Point Blvd South San Francisco, CA 94080 United States
Payment processor to process customer payments
Do Not Track Disclosure
We currently do not process or comply with any web browser’s “do-not-track” signal or other similar mechanism that indicates a request to disable online tracking of individual users who visit the Product or visit an Injoy Global website.
Contact Information for Complaints or Concerns
InJoy Global, Inc.
5348 Vegas Dr.
Las Vegas, NV 89108 USA
Your Acceptance of These Terms