Data Transfer Agreement Ccpa

The data exporter shall keep a list of sub-processing agreements concluded in accordance with the clauses and notified by the data importer in accordance with clause 5(j), updated at least once a year. The list shall be available to the data protection supervisory authority of the data exporter. We agree that we will not use or process your personal data for purposes other than those set out in the agreement, except to respond to requests for specific documents from you regarding your personal data. Under no circumstances will we process, rent, sell, use or transfer your personal data for our own purposes or for third party purposes. In addition, we will delete all your personal data from our systems thirty (30) days after termination of the agreement, unless this is necessary or permitted by applicable law. Some of your personal data is subject to the employment-related data archiving laws of different jurisdictions. In order to comply with this wide range of laws and to allow us to restart customers who may have terminated their agreement with us, we retain employment data for a period of seven years, unless a customer asks us to delete it, in which case we will delete the data within thirty (30) days of receipt of the request. You also agree that you do not use or process the personal data of a data subject for purposes other than those for which you have the consent of the data subject. (g) make available to the data subject, upon request, a copy of the terms or of an existing contract for further processing, unless the terms or contract contain commercial information, in which case he or she may withdraw that commercial information, with the exception of Annex 2, which shall be replaced by a summary description of the security measures where the data subject cannot obtain a copy from the data exporter; The data importer may not invoke a breach of its obligations by a processor in order to avoid its own commitments.

6.1 Data Subject Requests. Unless necessary (or prohibited) under current legislation, the processor informs the customer of any request that the processor or a subcontractor receives from a data subject regarding his or her personal data and does not respond to the data subject. This EU-CCPA Agreement (“DPA”) supplements our Online Platform License and Terms of Use and Privacy Policy (together and individually the “Agreement”) with customers (“Customer” or “them”) to the extent that they relate to the processing of data subject to the European Union General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act (CCPA). To the extent that such DPA is contrary to our Terms of Use or Privacy Policy, such DPA takes precedence. The majeescrits terms used in this DPA have the same meaning as defined for those terms in the GDPR or, where applicable, in the CCPA, unless otherwise indicated. The parties agree that any data subject who has suffered damage as a result of a breach by a party or sub-processor of the obligations referred to in clause 3 or clause 11 is entitled to compensation for the damage suffered by the data exporter. . . .