GDPR Data Processing Addendum

Introduction to this Addendum

We here at Know Your Team believe in the transparent, secure, and fair controlling and processing of personal data, and we support the privacy rights of our customers. As a result, we comply with the EU’s General Data Protection Regulation (“GDPR”).

This Data Protection Addendum (“DPA") forms part of the Terms of Service available at http://knowyourteam.com/terms (“ToS”) entered into by and between you, the Customer, and us, Know Your Team, LLC (“Know Your Team”). The purpose of this DPA is to reflect both parties’ agreement with regard to the processing of personal data in accordance with the requirements of Data Protection Legislation as defined below. This DPA amends and supplements your Terms of Service (“ToS”) and requires no further action on your part.

If you do not agree to this DPA, you may discontinue the use of the Know Your Team service and cancel your account by emailing us at support@knowyourteam.com.

Definitions

It is important that all parties understand what data and whose data is protected under this DPA. Each party has respective obligations to protect personal data; therefore, the following definitions explain the scope of this DPA and the mutual commitments to protect personal data.

In this DPA, “Data Protection Legislation” means European Directives 95/46/EC and 2002/58/EC (as amended by Directive 2009/136/EC) and any legislation and/or regulation implementing or made pursuant to them, or which amends, replaces, re-enacts or consolidates any of them (including the General Data Protection Regulation (Regulation (EU) 2016/279)), and all other applicable laws relating to processing of personal data and privacy that may exist in any relevant jurisdiction.

“Know Your Team”, “we”, “us”, or “our” refers to the provider of the Know Your Team website and services (including The Watercooler https://thewatercooler.io), collectively referred to as the “Application Service.”.

“Data Controller”, “Data Processor”, “Data Subject”, “Personal Data”, and “Processing” shall be interpreted in accordance with applicable Data Protection Legislation;

If you use Know Your Team, the parties agree that Know Your Team is the data controller and the data processor in relation to personal data that is processed in the course of providing the Know Your Team services. As a data controller, we determine the purposes for which, and the way in which, personal data is processed. As a data processor, we process personal data on behalf of you, the Customer.

If you use The Watercooler (http://thewatercooler.io), the parties agree that Know Your Team is only the data controller. This is because we determine the purposes for which, and the way in which, personal data is processed. Customer shall comply at all times with Data Protection Legislation in respect of all personal data it provides to Know Your Team pursuant to the ToS.

The subject-matter of the data processing covered by this DPA is the Application Services ordered by Customer either through Know Your Team’s website at http://knowyourteam.com/gdpr, or as additionally described in the ToS or the DPA. The processing will be carried out until the term of Customer’s ordering of the Application Services ceases or until the otherwise terminated. Further details of the data processing are set out in Annex 1 hereto.

In respect of personal data processed in the course of providing the Application Services, Know Your Team:

  1. shall process the personal data only in accordance with the documented instructions from Customer (as set out in this DPA or the ToS or as otherwise notified by Customer in writing) to Know Your Team (from time to time) If Know Your Team is required to process the personal data for any other purpose provided by applicable law to which it is subject, Know Your Team will inform Customer of such requirement prior to the processing unless that law prohibits this on important grounds of public interest;
  2. shall notify Customer without undue delay if, in Know Your Team’s opinion, an instruction for the processing of personal data given by Customer infringes applicable Data Protection Legislation;
  3. shall implement and maintain appropriate technical and organizational measures designed to protect the personal data against unauthorized or unlawful processing and against accidental loss, destruction, damage, theft, alteration or disclosure. These measures shall be appropriate to the harm which might result from any unauthorized or unlawful processing, accidental loss, destruction, damage or theft of the personal data and having regard to the nature of the personal data which is to be protected;
  4. may hire other companies to provide limited services on its behalf, provided that Know Your Team complies with the provisions of this Clause. Any such subcontractors will be permitted to process personal data only to deliver the services Know Your Team has retained them to provide, and they shall be prohibited from using personal data for any other purpose. Know Your Team remains responsible for its subcontractors’ compliance with the obligations of this DPA. Any subcontractors to whom Know Your Team transfers personal data will have entered into written agreements with Know Your Team requiring that the subcontractor abide by terms no less restrictive than this DPA. A list of subcontractors is available to the Customer here. If Customer requires prior notification of any updates to the list of sub-processors, Customer can request such notification in writing by emailing support@knowyourteam.com. Good faith objections to subcontractors must be submitted by emailing support@knowyourteam.com and must contain reasonable and documented grounds. If, in Know Your Team's reasonable opinion, such objections are legitimate, the Customer may, by providing written notice to Know Your Team, terminate the ToS or Know Your Team will work to provide another subcontractor .
  5. shall ensure that all Know Your Team personnel required to access the personal data are informed of the confidential nature of the personal data and comply with the confidentiality and other obligations sets out in this Clause;
  6. at the end of the applicable term, or upon earlier termination of the Application Services, upon Customer’s written request, shall securely destroy or return such personal data to Customer;
  7. shall allow Customer and its respective auditors or authorized agents to conduct audits or inspections during the term of the ToS at its sole cost, which shall include providing reasonable access to the premises, resources and personnel used by Know Your Team in connection with the provision of the Application Services, and provide all reasonable assistance in order to assist Customer in exercising its audit rights under this Clause. The purposes of an audit pursuant to this Clause include to verify that Know Your Team is processing personal data in accordance with its obligations under the DPA and applicable Data Protection Legislation. Notwithstanding the foregoing, such audit shall consist solely of: (i) the provision by Know Your Team of written information (including, without limitation, questionnaires and information about security policies) that may include information relating to subcontractors; and (ii) interviews with Know Your Team’s IT personnel. Such audit may be carried out by Customer or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality. For the avoidance of doubt no access to any part of Know Your Team’s IT system, data hosting sites or centers, or infrastructure will be permitted;
  8. If Know Your Team becomes aware of any accidental, unauthorized or unlawful destruction, loss, alteration, transfer, or disclosure of, or access to the personal data that is processed by Know Your Team in the course of providing the Application Services (an “Incident”) under the ToS it shall without undue delay notify Customer and provide Customer (as soon as possible, and within 72 hours) with a description of the Incident as well as periodic updates to information about the Incident, including its impact on Customer Content. Know Your Team shall additionally cooperate with Customer, and Customer shall cooperate with Know Your Team, to take action to investigate the Incident and reasonably prevent or mitigate the effects of the Incident;
  9. Know Your Team shall provide information requested by Customer to demonstrate compliance with the obligations set out in this DPA.

Annex 1

Details of the Data Processing

Know Your Team shall process information to provide the Application Services pursuant to the ToS. Know Your Team shall process information sent by Customer’s end users identified through Customer’s implementation of the Application Services. As an example, in a standard programmatic implementation, to utilize the Application Services, Customer may allow the following information to be sent by default as “default properties:”

Types of Personal Data

For a full list of the personal data we process, please email us at support@knowyourteam.com.

Categories of Data Subjects

Users of the Customers web and mobile applications. These users are individuals, or companies in lawful possession of individuals’ personal data.

Processing Activities

The provision of Application Services by Know Your Team to Customer. For detailed information regarding the Application Services please see http://knowyourteam.com/gdpr.

For an executable copy of this DPA, please email us at support@knowyourteam.com.