SPECIAL OFFER - Save 72% ( $172.40 Discount ) - EARLY BIRD PLAN - OFFER EXPIRING SOON!
This DPA sets out the additional terms, requirements, and conditions on which SpyHour will process Personal Data when providing services under the SpyHour Terms and Conditions and shall come into force simultaneously with Terms and Conditions whenever updated by SpyHour accordingly. In addition, this DPA contains the mandatory clauses required by Article 28(3) of the General Data Protection Regulation ((EU) 2016/679) ("GDPR") for contracts between controllers and processors.
Please read the Agreement carefully before you start to use the Website.
Definitions and interpretation: The following definitions and rules of interpretation apply in this DPA. Definitions:
Affiliate: any entity controlling, controlled by, or under common control with a party, where "control" is defined as (a) the ownership of at least fifty percent (50%) of the equity or beneficial interests of the entity; (b) the right to vote for or appoint a majority of the board of directors or other governing body of the entity; or (c) the power to exercise a controlling influence over the management or policies of the entity.
Alternative Transfer Solution: a solution other than the Model Contract Clauses that enables the lawful transfer of personal data to a third country under Article 45 or 46 of the GDPR (for example, the EU-U.S. Privacy Shield).
Authorized Persons: the persons or categories of persons that User authorizes to give the SpyHour personal data processing instructions either nominated by User or with ostensible or actual authority.
Business Purposes: the Services described in the SpyHour Terms and Conditions.
Data Protection Legislation: all applicable privacy and data protection laws, including the General Data Protection Regulation ((EU) 2016/679) and, to the extent applicable, the data protection or privacy laws of any other country.
Data Subject: an individual who is the subject of Personal Data.
Model Contract Clauses: the standard data protection clauses for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection, as described in Article 46 of the GDPR.
Personal Data: means any information relating to an identified or identifiable natural person that is processed by the SpyHour as a result of, or in connection with, the provision of the services under the SpyHour Terms and Conditions; an identifiable natural person can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing, processes, and process: either any activity that involves the use of Personal Data or as the Data Protection Legislation may otherwise define processing, processes, or process. It includes any operation or set of functions that are performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. Processing also includes transferring Personal Data to third parties.
Personal Data Breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored, or otherwise processed.
This DPA is subject to the SpyHour Terms and Conditions and is incorporated into the SpyHour Terms and Conditions. Interpretations and defined terms outlined in the SpyHour Terms and Conditions apply to the understanding of this DPA.
The Annexes form part of this DPA and will affect as if set out in full in the body of this DPA. Therefore, any reference to this DPA includes the Annexes.
A reference to writing or written includes email.
In the case of conflict or ambiguity between any provision contained in the body of this DPA and any provision contained in the Annexes, the condition in the body of this DPA will prevail.
This DPA will take effect as stipulated in the recitals above and remain in effect until and expire under clause 12.
The User retains control of the Personal Data and remains responsible for its compliance obligations under the applicable Data Protection Legislation, including providing any required notices and obtaining any required consents. For the processing instructions, it gives to the SpyHour.
Annex 1 describes the subject matter, duration, nature, and purpose of processing and the Personal Data categories and Data Subject types in respect of which the SpyHour may process to fulfill the Business Purposes of the SpyHour Terms and Conditions.
SpyHour and User Responsibilities. If the Data Protection Legislation applies to the processing of User Personal Data, the parties acknowledge and agree that:
If the Data Protection Legislation applies to the processing of User Personal Data and User is a processor, User warrants to SpyHour that User's instructions and actions concerning that User Personal Data, including its appointment of SpyHour as another processor, have been authorized by the relevant controller.
SpyHour will take into account the nature of the processing, assists the User by appropriate technical and organizational measures, insofar as this is possible, for the fulfillment of the controller's obligation to respond to requests for exercising the data subject's rights laid down in Data Protection Legislation.
SpyHour will assist the controller in ensuring compliance with the obligations according to Articles 32 to 36 of GDPR taking into account the nature of processing and the information available to the processor.
User's Instructions. By entering into this DPA, the User instructs SpyHour to process User Personal Data only under applicable law:
SpyHour's Compliance with Instructions. SpyHour will comply with the instructions described in Section 5.1 (User's Instructions) (including concerning data transfers) unless EU or EU Member State law to which SpyHour is subject requires other processing of User Personal Data by SpyHour, in which case SpyHour will inform User (unless that law prohibits SpyHour from doing so on substantial grounds of public interest) via the User email address.
SpyHour will ensure that all employees:
SpyHour must at all times implement appropriate technical and organizational measures against unauthorized or unlawful processing, access, disclosure, copying, modification, storage, reproduction, display, or distribution of Personal Data, and illegal or accidental loss, destruction, alteration, disclosure, or damage of Personal Data. Technical and organizational measures are specified in Annex 2.
SpyHour must implement such measures to ensure a level of security appropriate to the risk involved, including as appropriate:
SpyHour will promptly and without undue delay notify the User if any Personal Data is lost or destroyed or becomes damaged, corrupted, or unusable. Furthermore, SpyHour will restore such Personal Data at its own expense.
Where SpyHour becomes aware of (a) or (b) above, it shall, without undue delay, also provide User with the following information:
Immediately following any unauthorized or unlawful Personal Data processing or Personal Data Breach, the parties will coordinate with each other to investigate the matter. SpyHour will reasonably co-operate with the User in the User's handling of the case under Data Protection Legislation.
SpyHour will not inform any third party of any Personal Data Breach without first obtaining the User's prior written consent, except when required to do so by law.
SpyHour agrees that the User has the sole right to determine:
Data storage and processing facilities. User agrees that SpyHour may, subject to Section 9.2 (Transfers of Data out of the EEA), store and process User Data in the United States of America and any other country in which SpyHour or any of its Subprocessors maintains facilities.
Transfers of Data out of the EEA.
Disclosure of Confidential Information Containing Personal Data. Suppose User has entered into Model Contract Clauses as described in Section 9.2 (Transfers of Data out of the EEA). In that case, SpyHour will, notwithstanding any term to the contrary in the applicable Agreement, ensure that any disclosure of User's Confidential Information containing personal data, and any notifications relating to any such disclosures, will be made under such Model Contract Clauses.
Consent to subprocessor engagement. User expressly authorizes the engagement of SpyHour's Affiliates as subprocessors. In addition, SpyHour generally confirms the concentration of any other third parties as subprocessors ("Third Party Subprocessors"). If User has entered into Model Contract Clauses as described in Section 10.2 (Transfers of Data out of the EEA), the above authorizations will constitute User's prior written consent to the subcontracting by SpyHour of the processing of User Data if such consent is required under the Model Contract Clauses.
Information about subprocessors. Information about subprocessors is available in Annex 1 (as may be updated by SpyHour from time to time under this DPA).
Requirements for subprocessor engagement. When engaging any subprocessor, SpyHour will:
SpyHour shall notify the User immediately if it receives any complaint, notice, or communication that relates directly or indirectly to the processing of the Personal Data or either party's compliance with the Data Protection Legislation.
SpyHour must notify the User within 24 hours if it receives a request from a Data Subject for access to their Personal Data or to exercise any of their related rights under the Data Protection Legislation.SpyHour will give the User its full co-operation and assistance in responding to any complaint, notice, communication, or Data Subject request. SpyHour must not disclose the Personal Data to any Data Subject or a third party other than at User's request or instruction, as provided in this Agreement or as required by law.
Any provision of this DPA that expressly or by implication should come into or continue in force on or after the SpyHour Terms and Conditions' termination to protect Personal Data will remain in full force and effect.
SpyHour's failure to comply with the terms of this DPA is a material breach of the SpyHour Terms and Conditions. In such event, the User may terminate the SpyHour Terms and Conditions practical immediately on written notice to the SpyHour without further liability or obligation.
If a change in any Data Protection Legislation prevents either party from fulfilling all or part of its SpyHour Terms and Conditions obligations, the parties will suspend the processing of Personal Data until that processing complies with the new requirements. If the parties cannot bring the Personal Data processing into compliance with the Data Protection Legislation, they may terminate relations with SpyHour Terms and Conditions on written notice to SpyHour.
Data return and destruction
Where applicable under legislation at the User's request, SpyHour will give User a copy of or access to all or part of User's Personal Data in its possession or control in the format and on the media reasonably specified by User.
On termination of relations with SpyHour for any reason, SpyHour will securely delete or destroy or, if directed in writing by User, return and not retain all or any Personal Data related to this DPA in its possession or control.
Suppose any law, regulation, or government, or regulatory body requires SpyHour to retain any documents or materials SpyHour would otherwise be required to return or destroy. In that case, it will notify the User in writing of that retention requirement, giving details of the documents or materials that it must retain, the legal basis for retention, and establishing a specific timeline for destruction once the retention requirement ends.
SpyHour will certify in writing that it has destroyed the Personal Data within no more than 90 (ninety) days after it completes the destruction unless Data Protection Legislation requires storage.
Where it is applicable under the legislation, SpyHour will keep it detailed, accurate. Up-to-date written records regarding any processing of Personal Data it carries out for User in accordance with Data Protection Legislation, including but not limited to the access, control, and security of the Personal Data, the processing purposes, categories of processing, any transfers of personal data to a third country and related safeguards, and a general description of the technical and organizational security measures (Records).
SpyHour will ensure that the Records are sufficient to enable the User to verify SpyHour's compliance with its obligations under this DPA, and SpyHour will provide the User with copies of the records upon request.
SpyHour shall, upon User's written request and within a reasonable time, provide User with all information necessary for such audit, to the extent that such information is within User's control and User is not precluded from disclosing it by applicable law, a duty of confidentiality, or any other obligation owed to a third party.
SpyHour may object in writing to an auditor appointed by the User to conduct any audit under this clause if the auditor is, in SpyHour's reasonable opinion, not suitably qualified or independent, a competitor of SpyHour, or otherwise manifestly unsuitable. Any such objection by SpyHour will require the User to appoint another auditor or conduct the audit itself.
The User warrants and represents SpyHour's expected use of the Personal Data for the Business Purposes and, as instructed explicitly by User, will comply with the Data Protection Legislation.
Any notice or other communication was given to a party under or in connection with this DPA must be in writing and delivered to: support@SpyHour.com
Clause 17.1 does not apply to the Service of any proceedings or other documents in any legal action or, where applicable, any arbitration or other method of dispute resolution.
The subject matter of processing: SpyHour's provision of the Services and related technical support to User.
Duration of Processing:Personal Data will be processed for the period of the DPA.
Nature of Processing:SpyHour will process User Personal Data submitted, stored, sent, or received by User via the Services to provide the Services and related technical support to SpyHour in accordance with the DPA. Personal Data Categories: Contact Information, the extent of which is determined and controlled by the User in its sole discretion, and other Personal Data such as navigational data (including website usage information), email data, system usage data, application integration data, and other electronic data submitted, stored, sent, or received by end-users via the Service. Data Subject Types: Personal data submitted, stored, sent, or received via the Services may concern the following categories of data subjects: end-users, including User's employees; and any other person who transmits data via the Services. SpyHour and SpyHour Affiliates may engage third-party suppliers to provide other services such as facilities management, maintenance, and security services from time to time.
SpyHour Services are designed to ensure redundancy and seamless failover. The server instances that support the Services are also architected to prevent single points of failure. This design assists SpyHour operations in maintaining and updating the Services applications and backend while limiting downtime.
SpyHour. welcomes your questions or comments regarding the Data Processing Agreement:
KS & SK, LLC.
10601 CLARENCE DR STE 250
FRISCO, TX 75033-3867
Email Address: email@example.com
Effective as of January 01, 2020.
Last updated: July 01, 2021.