“Data Protection Legislation” means any data protection or data privacy law or regulation of Switzerland or any European Economic Area (“EEA”) country applicable to Your Personal Data, including, as applicable, the EU General Data Protection Regulation 2016/679 (GDPR) and the e-Privacy Directive 2002/58/EC.
“Data Processor”, “Data Controller”, and “Data Subject” shall be interpreted in accordance with applicable Data Protection Legislation.
“Subprocessor” means any processor engaged by Pixpa or by any other subprocessor of Pixpa, which agrees to receive from Pixpa, or from any other subprocessor of Pixpa, Personal Data intended for processing activities to be carried out on behalf of User and in accordance with its instructions, the terms of this DPA and the terms of the Agreement.
“Personal Data” means the personal data in the User Content that Pixpa processes on your behalf and instructions as part of the Services, but only to the extent that you are subject to Data Protection Legislation in respect of such personal data. Your Personal Data does not include data when controlled by us, including without limitation data we collect (including IP address, device/browser details and web pages visited prior to coming to your Website) with respect to your End Users’ interactions with your Website through their browser and technologies like cookies.
Terms not otherwise defined here shall have the meaning as set forth in the Agreement.
This Data Processing Policy only applies to you if you or your End Users are data subjects located within the EEA or Switzerland and only applies in respect of Your Personal Data. You agree that Pixpa is not responsible for personal data that you have elected to process through Third Party Services or outside of the Services
The parties agree that User is the Data Controller and that Pixpa is its Data Processor in relation to Personal Data that is processed in the course of providing the Services. User shall always comply with Data Protection Legislation in respect of all personal data it provided to Pixpa pursuant to the Agreement.
Pixpa will process the Personal Data as a Data Processor, only for the purpose of providing the Services in accordance with the Agreement or with instructions from the User (including instructions provided through the User's Account).
User agrees that the Personal Data will be collected in compliance with Data Protection Legislation, including all legally required consents, approvals and authorizations. Upon Pixpa’s request, User shall provide adequate proof of having properly obtained all such necessary consents, authorizations and required permissions.
If Pixpa is required by law to process the Personal Data for any other purpose, Pixpa will provide the User with prior notice of this requirement, unless prohibited by law.
Pixpa may transfer Personal Data away from the location it which it was originally collected (i.e. outside of the EEA), in such case, Pixpa will ensure the transfers will be completed in compliance with mechanisms that is recognized under the relevant Data Protection Legislation as providing an adequate level of protection for data transfers.
Pixpa will implement and maintain appropriate technical and organizational measures to protect the Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data. These measures shall be appropriate to the harm which might result from any unauthorized or unlawful processing, accidental loss, destruction, damage or theft of Personal Data and appropriate to the nature of the Personal Data which is to be protected.
Pixpa will ensure that all Pixpa personnel required to access the personal data are informed of the confidential nature of the personal data and comply with the obligations set out in this DPA.
Pixpa will notify the User promptly upon becoming aware of and confirming any accidental, unauthorized, or unlawful processing of, disclosure of, or access to the Personal Data. Pixpa will also take action to investigate the incident and reasonably prevent or mitigate the effects of the case.
Pixpa may use Subprocessors to process the Personal Data. The use of Subprocessor to process the Personal Data will follow Data Protection Legislation and will be governed by a contract between Pixpa and Subprocessor.
Sub processors will be permitted to process personal data only to deliver the services Pixpa has requested, and they shall be prohibited from using Personal Data for any other purpose. A list of our current Subprocessors is available upon request by sending an email to firstname.lastname@example.org.
In the case where the sub-processor further engages with other processor to process Personal Data, they will respect the obligations set out in this DPA.
Pixpa will promptly notify the User of any complaints, questions or requests received from Data Subjects regarding the Personal Data.
When applicable, Pixpa will assist the User in fulfilling your obligations in relation to Data Subject requests under the applicable Data Protection Legislation, to the extent that the information is available to Pixpa and that you cannot otherwise obtain the relevant information. User shall be solely responsible for responding to any requests from End Users and User shall reimburse Pixpa for the costs arising from this assistance.
Upon request, Pixpa will provide all reasonable assistance to the User in respect to exercising its audit rights. Given the purpose of the audit is to verify the Processing of personal data in accordance with this DPA. Prior to the audit, parties will agree on the duration and scope. The request from Users in this aspect shall be reasonable to the extent required by the Data Protection Legislation and Users will be responsible for any cost incurred with regards to the resources and time spent by Pixpa.
Pixpa will enable User to access and delete any Personal Data through the functionalities of Services at any time during the term of the Agreement. If any Personal Data cannot be accessed or deleted through the Service, you can send a request to email@example.com. Following termination of the Agreement, on the User’s request, Pixpa will delete all Personal Data processed within 90 days. Notwithstanding the foregoing, Pixpa may prevent the deletion of any Personal Data, if applicable law prevents Pixpa or Subprocessor from doing so. User Data on backup servers is protected from any further processing, except to the extent required by applicable law.
This DPA only applies where the Personal Data originates from the EEA or is otherwise subject to the Data Protection Legislation through the process of Personal Data during providing Services to the User.
The terms of this Addendum shall be governed by and interpreted in accordance with the laws of India applicable therein, without regard to principles of conflicts of laws.
In the event of any conflict or inconsistency between the terms of the Agreement and this DPA, the provisions of this DPA shall prevail. This DPA might be amended from time to time.
Any claims brought under this DPA will be subject to the same terms and conditions, including the exclusions and limitations of liability, as are set out in the Agreement.
You are responsible for any costs and expenses arising from Pixpa’s compliance with your instructions or requests pursuant to the Agreement (including this Data Processing Addendum) which fall outside the standard functionality made available by Pixpa generally through the Services.
If you have any questions about this Data Processing Addendum please contact us at firstname.lastname@example.org