Groove Data Processing Agreement

Updated May 21, 2018

From the date of subscribing the Service by the Subscriber: (hereafter referred to as the "Agreement")

Concluded between:
Groove Networks, LLC.
Hereafter referred to as the "Processor".

and

Subscriber
hereafter referred to as a "Controller"

hereafter referred to collectively as the "Parties"

Whereas:

(A) This Agreement is supplemental to any other separate agreement entered into between the Parties and introduces further contractual provisions to ensure the protection and security of personal data passed from the Controller to the Processor for processing.

(B) The Controller may be acting as a data processor for another entity. It is only acting as a Controller for the purpose of the transfer of personal data passed from it to the Processor for processing under the terms of this Agreement.

(C) Following the entry into force of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR) The Parties wish to lay down their rights and obligations.

It is agreed as follows:

Definitions

1. Object of this Agreement

1.1 In the course of providing the Services to the Controller pursuant to this Agreement, the Processor may process personal data on behalf of the Controller. The Processor agrees to comply with the following provisions with respect to any personal data processed for the Controller in connection with the provision of the Services.

1.2 The Processor shall process personal data it receives from the Controller solely for purposes stemming from usage of Service and for no other purpose except with the express written consent of the Controller.

1.3 The Processor shall process categories of data subjects which are provided to the Service by the Controller. Processor is not entitled to process any category of data without prior demand or consent of the Controller.

1.4 Types of personal data. Contact information, the extent of which is determined and controlled by the Controller in its sole discretion, and other personal data such as navigational data (including website usage information), email data, system usage data, application integration data, internet protocol (IP) and other electronic data submitted, stored, sent, or received by end users via the Service.

1.5 Subject-Matter and nature of the processing. The subject-matter of processing of personal data by the Processor is the provision of the Service to the Controller that involves the processing of personal data. Personal data will be subject to those processing activities as may be specified in the Groove Privacy Policy.

2. Data protection

2.1 As the performance of this Agreement implies the processing of personal data, both Parties shall comply with the applicable data protection legislation and regulations including GDPR.

2.2 The Controller will ensure that its instructions for the processing shall comply with applicable data protection legislation and regulations including GDPR. Controller shall have sole responsibility for the accuracy, quality, and legality of personal data and the means by which Controller acquired personal data.

2.3 The Controller agrees that with regard to the processing the Processor may engage Sub -processors compliant with data protection legislation and regulations including GDPR (general consent). Where the Processor engages another Sub-processor for carrying out specific processing activities on behalf of the Controller, the same data protection obligations as set out in this Agreement shall be imposed on that Sub-processor by way of a contract or other legal act under applicable data protection legislation and regulations including GDPR.

2.4 The Processor shall ensure that any personal data that it processes are kept confidential. All persons authorized by the Processor to process the personal data are under an appropriate obligation of confidentiality and not disclose the personal data to any person other than to its personnel.

2.5 The Processor shall ensure that it implies appropriate technical and organisational measures in such a manner that processing will meet the requirements of applicable data protection legislation and regulations including the protection of the rights of the data subject.

2.6 In accordance with GDPR regulation as the performance of this Agreement the Processor shall in particular:

2.7 Personal data processed in the context of this Agreement are transferred to the U.S. The Controller shall agree to transfer personal data to the U.S. by the Processor without further written consent.

2.8 As the transfer of personal data is necessary for the performance of the Service provided by the Processor the Parties shall ensure that the personal data are adequately protected as set forth in Article 49 of the GDPR. In particular the Processor collects and transfers personal data subject to this Agreement by the Controller to fulfil a compelling legitimate interest of the Processor in a manner that does not outweigh Controller’s nor end users rights and freedoms. The personal data safeguard system is described more in detail in " Groove Privacy Policy". [link]

2.9 In order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer of personal data outside the EU by the Controller to the Processor agrees and warrants:

3. Confidentiality

3.1 Both Parties acknowledge that during this Agreement, a Party may become privy to Confidential information which is disclosed by the other Party.

3.2 The receiving Party shall keep all confidential information confidential, in particular the receiving Party shall not disclose any confidential information to any third party and shall not use these information for purposes not resulting from this Agreement.

3.3 Any violation of this section by either of the Parties shall be deemed a material breach of this Agreement.

4. Liability

4.1 The Parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred to in Section 2 by any Party or Sub-processor is entitled to receive compensation from the Controller for the damage suffered.

4.2 Neither Party shall be liable for any indirect or consequential damages, such as (but not limited to) loss of revenue, loss of profit, loss of opportunity, loss of goodwill and third-party claims.

5. General provisions

5.1 This Agreement shall apply to all personal data disclosed to the Processor or otherwise obtained from the Controller from the date of this Agreement until the expiry of the subscription of the Service.

5.2 Where individual provisions of this Agreement are invalid or unenforceable, the validity and enforceability of the other provisions of this Agreement shall not be affected.