Data Processing Addendum

This Simplistic Data Processing Addendum (“Addendum”) supplements the Simplistic Terms of Service (the “Agreement”) by and between you (“Client”) and Simplistic LLC. This Addendum is shall be applicable to any Client

‍1) Definitions
‍
‍(a)        “Controller”, “Data Processor”, “Data Subject”, “Processor”, “Processing”, “Subprocessor”, and “Supervisory Authority” shall be interpreted in accordance with applicable Data Protection Legislation;
(b)       “Data Protection Legislation” means European Directives 95/46/EC and 2002/58/EC, and any legislation and/or regulation implementing or made pursuant to them, or which amends or replaces any of them (including the General Data Protection Regulation, Regulation (EU) 2016/679);
(c)        “GDPR” means the General Data Protection Regulation, Regulation (EU) 2016/679);
(d)        “Personal Data” as used in this Addendum means information relating to an identifiable or identified Data Subject who visits or engages in transactions through your business (a “Customer”); and
(e)        All other capitalized terms in this Addendum shall have the same definition as in the Agreement.

‍2) Data Protection

‍Each company is responsible for ensuring their own compliance with all Data Protection Legislation, just as they are responsible for compliance with the laws that apply to them today.

Prior to providing any data to Simplistic, Client (you) (and any data provider you may use) represents and warrants that they acquired and continuously maintain said data in compliance with all Data Protection Legislation and any other laws that might relate to said data. You warrant that you have a lawful basis (in compliance with all applicable laws, regulations and industry guidelines) for the disclosure and use of Customer Data. In the event that said data is passed on to Simplistic, each party acknowledges that the Client is the Controller of the Personal Data and Simplistic is the Processor.

Client, as Controller shall: (i) comply with all applicable privacy and data protection laws including the Data Protection Legislation; (ii) ensure that any instructions that it issues to Simplistic shall comply with the Data Protection Legislation; (iii) have sole responsibility for the accuracy, quality and legality of the Personal Data provided to Simplistic; (iv) have established the legal basis for processing under the Data Protection Legislation; (v) have provided all notices and obtained all consents as may be required under the Data Protection Legislation; and (vi) ensure that it has and will continue to have, the right to provide access to the Personal Data to Simplistic in accordance with the terms of the Agreement and this Addendum.If Simplistic believes that any instruction from Client is in violation of, or would result in Processing in violation of the Data Protection Legislation, then Simplistic will promptly notify Client, and if Client believes Simplistic is or may be in violation of the Data Protection Legislation it will notify Simplistic.

Where a Data Subject is located in the European Economic Area, that Data Subject’s Personal Data may be processed by Simplistic LLC. As part of providing the Services, this Personal Data may be transferred to other regions which our third parties or service providers store or process data, including to Canada and Ireland. Such transfers will be completed in compliance with relevant Data Protection Legislation.

When Simplistic Processes Personal Data in the course of providing the Services, Simplistic will comply with all applicable privacy and data protection laws, including the Data Protection Legislation, and will:

Process the Personal Data as a Data Processor, only for the purpose of providing the Services in accordance with documented instructions from you (provided that such instructions are commensurate with the functionalities of the Services), and as may subsequently be agreed to by you, unless otherwise required to do so by Union or Member State law to which Simplistic is subject. If Simplistic is required by law to Process the Personal Data for any other purpose, Simplistic will provide you with prior notice of this requirement, unless Simplistic is prohibited by law from providing such notice;
Ensure all persons authorized to process the personal data are under confidentiality obligations;
notify you if, in Simplistic’s opinion, your instruction for the processing of Personal Data infringes applicable Data Protection Legislation;notify you promptly, to the extent permitted by law, upon receiving an inquiry or complaint from a Data Subject or Supervisory Authority relating to Simplistic’s Processing of the Personal Data;
delete or return all personal data to the controller after the end of provision of the Services, and delete all copies of such data unless otherwise required by law;
taking into account the state of the art, cost of implementation, and the nature, scope, context, and purpose of the Processing, implement and maintain appropriate technical and organizational measures appropriate to the risk to protect the Personal Data against unauthorized or unlawful processing and against accidental loss, destruction, damage, theft, alteration or disclosure. These measures shall be appropriate to the harm which might result from any unauthorized or unlawful processing, accidental loss, destruction, damage or theft of Personal Data and appropriate to the nature of the Personal Data which is to be protected;
notify you promptly upon becoming aware of and confirming any accidental, unauthorized, or unlawful processing of, disclosure of, or access to the Personal Data;
prior to engaging a sub-processor, Simplistic will bind such sub-processor to the data protection obligations set forth in this Agreement;
Simplistic will adhere to an approved code of conduct as referred to in Article 40 of the GDPR;
ensure that its personnel (including its staff, agents, subcontractors, and Subprocessors) who access the Personal Data are subject to confidentiality obligations that restrict their ability to disclose the Customer Personal Data;
upon termination of the Agreement and the end of provision of the Services, Simplistic will promptly initiate its purge process to delete or anonymize the Personal Data which falls under Data Protection Legislation, unless Union or Member State law requires storage of such Personal Data. If you request a copy of such Personal Data within 7 days of termination, Simplistic will provide you with a copy of such Personal Data;
taking into account the state of the art, the cost of implementation, and the nature, scope, context, and purposes of the Processing, assist the controller, at the controller’s expense, by appropriate technical and organizational measures, insofar as this is reasonably possible, for the fulfillment of the controller’s obligations to respond to requests for exercising the data subject’s rights as provided in Chapter III of the GDPR;
reasonably assist the controller, at the controller’s expense, in ensuring compliance with its obligations pursuant to Articles 32 to 36 of the GDPR, taking into account the nature of processing and the information available to the processor;
make available to the controller all information reasonably necessary to demonstrate Simplistic’s compliance with the obligations as provided in Article 28 of the GDPR;
upon prior reasonable notice to Simplistic, allow for and contribute to on no more than an annual basis, audits, including inspections, conducted by the controller or another auditor mandated by the controller and subject to the approval of Simplistic, with such approval not being unreasonably withheld.

In the course of providing the Services, you acknowledge and agree that Simplistic may use Subprocessors to Process the Personal Data. Simplistic’s use of any specific Subprocessor to process the Personal Data must be in compliance with Data Protection Legislation and must be governed by a contract between Simplistic and Subprocessor, providing such Subprocessors be bound by the same data protection obligations set out in this Addendum.

Special Provisions Concerning the Use of Facebook Pixels and SDKsYou (or partners acting on your behalf) may not place Facebook pixels on websites that you do not own without written permission.

If you use Facebook pixels or SDKs, you further represent and warrant that you have provided robust and sufficiently prominent notice to users regarding the Customer Data collection, sharing and usage that includes, at a minimum:For websites, a clear and prominent notice on each webpage where Facebook pixels are used that links to a clear explanation (a) that third parties, including Facebook, may use cookies, web beacons, and other storage technologies to collect or receive information from your websites and elsewhere on the internet and use that information to provide measurement services and target ads, (b) how users can opt-out of the collection and use of information for ad targeting, and (c) where a user can access a mechanism for exercising such choice (e.g., providing links to: http://www.aboutads.info/choices and http://www.youronlinechoices.eu/).

For apps, a clear and prominent link that is easily accessible inside your app settings or any privacy policy and from within any store or website where your app is distributed that links to a clear explanation (a) that third parties, including Facebook, may collect or receive information from your app and other apps and use that information to provide measurement services and targeted ads, and (b) how and where users can opt-out of the collection and use of information for ad targeting.

In jurisdictions that require informed consent for the storing and accessing of cookies or other information on an end user’s device (such as but not limited to the European Union), you must ensure, in a verifiable manner, that an end user provides the necessary consent before you use Facebook Business Tools, including Pixels, to enable Facebook to store and access cookies or other information on the end user’s device. (For suggestions on implementing consent mechanisms, visit Facebook’s Cookie Consent Guide for Sites and Apps.)

‍3) Miscellaneous

‍In the event of any conflict or inconsistency between the provisions of the Agreement and this Addendum, the provisions of this Addendum shall prevail. For avoidance of doubt and to the extent allowed by applicable law, any and all liability under this Addendum, including limitations thereof, will be governed by the relevant provisions of the Agreement. You acknowledge and agree that Simplistic may amend this Addendum from time to time by posting the relevant amended and restated Addendum on Simplistic’s website, available at https://www.Simplistic.co and such amendments to the Addendum are effective as of the date of posting. Your continued use of the Services after the amended Addendum is posted to Simplistic’s website constitutes your agreement to, and acceptance of, the amended Addendum. If you do not agree to any changes to the Addendum, do not continue to use the Service.You have the right to lodge a complaint with a Supervisory Authority.

Save as specifically modified and amended in this Addendum, all of the terms, provisions and requirements contained in the Agreement shall remain in full force and effect and govern this Addendum. If any provision of the Addendum is held illegal or unenforceable in a judicial proceeding, such provision shall be severed and shall be inoperative, and the remainder of this Addendum shall remain operative and binding on the parties.The terms of this Addendum shall be governed by and interpreted in accordance with the laws of the state of Texas and the laws of United States applicable therein, without regard to principles of conflicts of laws. The parties irrevocably and unconditionally submit to the exclusive jurisdiction of the courts of the state of Texas with respect to any dispute or claim arising out of or in connection with this Addendum.In the event that as a Client you work with multiple Clients that you offer Simplistic’s services to (“Sub-clients”), you agree that you have the right to and shall bind said Sub-clients to all terms outlined within this Data Processing Addendum.nce Officer][ADDRESS]