Data Processing Agreement (DPA)

 

Processing personal data in a secure, fair, and transparent way is extremely important to us at Brainybear. To better protect individuals’ personal data, we are providing this agreement to govern Brainybear’s and your handling of personal data (the “Data Processing Agreement” or “DPA”).

If you are accepting this DPA on behalf of Customer, you warrant that: (a) you have full legal authority to bind Customer to this DPA; (b) you have read and understand this DPA; and (c) you agree, on behalf of Customer, to this DPA. If you do not have the legal authority to bind Customer, please do not accept this DPA

Definitions

When ordering or registering on our site, as appropriate, you may be asked to enter your name, email address, phone number or other details to help you with your experience. Additionally, for the security of your account, you may also be asked for additional information when recovering a lost or compromised account. Such information may include but is not limited to your billing address, your full name and other identifying information that may be used to securely recover an account, or otherwise where required by local or federal authorities or financial institutions.

  1. “You” or “Customer” refers to the company or organization that signs up to use the Brainybear Service to analyse the online behavior of your website’s visitors or your app’s users;

  2. In the course of providing the Brainybear (“Service”) to Customer pursuant to the Agreement, Brainybear may process personal data on behalf of Customer.

  3. In this Data Processing Agreement (“DPA”), “Data Protection Legislation” means the General Data Protection Regulation (Regulation (EU) 2016/279), and all other applicable laws relating to processing of personal data and privacy that may exist in any relevant jurisdiction;

  4. “data controller”, “data processor”, “data subject”, “personal data”, “processing”, and “appropriate technical and organisational measures” shall be interpreted in accordance with applicable Data Protection Legislation;

  5. The parties agree that Customer is the data controller and that Brainybear is its data processor in relation to personal data that is processed in the course of providing the Service.

Processing of Customer Personal Data

Depending on how the controller chooses to use the Service, the subject matter of processing of personal data may cover the following types/categories of data:

  • Browser, Browser version, Device type, Operating system, the User-Agent

  • Date, time, timezone

  • Pages visited (Page URLs and Page Titles)

  • Referrer URL

  • Marketing campaign URL parameters

The group of data subjects affected by the processing of their personal data under this Agreement includes end-users of the Controller’s websites and apps which make use of the Service provided by the Processor.

Processor’s obligations with respect to the controller

  1. Brainybear will process Customer Personal Data only in accordance with Instructions from Customer through the settings of the Service, i.e. (a) to operate, maintain and support the infrastructure used to provide the Service; (b) to comply with Customer’s instructions and processing instructions in their use, management and administration of the Service; (c) as otherwise instructed through settings of the Service. Brainybear will only process Customer Personal Data in accordance with the Agreement.

  2. Brainybear shall notify Customer without undue delay if, in Brainybear’s opinion, an instruction for the processing of personal data given by Customer infringes applicable Data Protection Legislation.

  3. Brainybear shall guarantee the confidentiality of personal data processed hereunder.

  4. Brainybear shall ensure that all Brainybear personnel required to access the personal data are informed of the confidential nature of the personal data and comply with the obligations sets out in this Agreement.

  5. Brainybear shall implement and maintain appropriate technical and organisational security measures designed to protect the personal data against unauthorised or unlawful processing and against accidental loss, destruction, damage, theft, alteration or disclosure. These measures shall be appropriate to the harm which might result from any unauthorised or unlawful processing, accidental loss, destruction, damage or theft of the personal data and having regard to the nature of the personal data which is to be protected.

  6. Brainybear may hire other companies to provide limited services on its behalf, provided that Brainybear complies with the provisions of this Clause. Any such subcontractors will be permitted to process personal data only to deliver the services Brainybear has retained them to provide, and they shall be prohibited from using personal data for any other purpose. Brainybear remains responsible for its subcontractors’ compliance with the obligations of this DPA. Any subcontractors to whom Brainybear transfers personal data will have entered into written agreements with Brainybear requiring that the subcontractor abide by terms substantially similar to this DPA. A list of subcontractors is available to the Customer in our Privacy policy. Prior to modifying the list of subprocessors, Brainybear shall notify Customer by email. Brainybear will update the list within thirty (30) days of any such notification if Customer does not legitimately object within that timeframe. Legitimate objections must contain reasonable and documented grounds relating to a subcontractor’s non-compliance with applicable Data Protection Legislation. If, in Brainybear’s reasonable opinion, such objections are legitimate, the Customer may, by providing written notice to Brainybear, terminate the Agreement.

  7. If Brainybear becomes aware of any accidental, unauthorised or unlawful security breach, destruction, loss, alteration, or disclosure of the personal data that is processed by Brainybear in the course of providing the Service (an “Incident”), it shall without undue delay (not later than 48 hours after having become aware of it), notify Customer by email notification and provide Customer with a description of the Incident as well as periodic updates to information about the Incident, including its impact on Customer content. Brainybear shall additionally take action to investigate the Incident and reasonably prevent or mitigate the effects of the Incident.

  8. Brainybear shall not on its own authority rectify, erase or restrict the Processing of Personal Data that is being processed on behalf of the Controller (unless this is required by law or the Processor Terms of Service), but shall only do so on documented instructions from the Controller and in accordance to the data retention rules associated to the Controller subscription plan.

  9. Upon termination of your account, Brainybear shall delete Customer data within 30 days in accordance with our standard backup and retention policy per the Terms of Service.

  10. Brainybear has designated a representative within the European Union who can be contacted by email [email protected]

Customer undertakings and Brainybear’s assistance

  1. Customer warrants that it has all necessary rights to provide to Brainybear the personal data for processing in connection with the provision of the Brainybear Services.

  2. Customer shall comply at all times with Data Protection Legislations in respect of all personal data it provided to Brainybear pursuant to the Agreement.

  3. Customer understands, as a controller, that it is responsible (as between customer and Brainybear) for:

    • determining the lawfulness of any processing, performing any required data protection impact assessments, and accounting to regulators and individuals, as may be needed;

    • making reasonable efforts to verify parental consent when data is collected on a data subject under 16 years of age;

    • providing relevant privacy notices to data subjects as may be required in your jurisdiction, including notice of their rights and provide the mechanisms for individuals to exercise those rights;

    • responding to requests from individuals about their data and the processing of the same, including requests to have personal data altered or erased, and providing copies of the actual data processed;

    • implementing your own appropriate technical and organizational measures to ensure and demonstrate processing in accord with this DPA;

    • notifying individuals and any relevant regulators or authorities of any incident as may be required by law in your jurisdiction.

  4. Brainybear shall assist the customer by implementing appropriate technical and organizational measures, insofar as this is reasonably and commercially possible (in Brainybear’s sole determination and discretion), in fulfilling customer’s obligations to respond to individuals’ requests to exercise rights under the GDPR.

  5. Brainybear shall make available to the customer information reasonably necessary to demonstrate compliance with Brainybear’s obligations under this DPA. Such audit shall consist solely of: (i) the provision by Brainybear of written information (including, without limitation, questionnaires and information about security policies) that may include information relating to subcontractors; and (ii) interviews with Brainybear’s IT personnel. Such audit may be carried out by Customer or a national privacy supervisory authority composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality (such as the ICO or the CNIL). For the avoidance of doubt no access to any part of Brainybear’s IT system, data hosting sites or centers, or infrastructure will be permitted.

Liability and Indemnity

Each party indemnifies the other and holds them harmless against all claims, actions, third party claims, losses, damages and expenses incurred by the indemnified party and arising directly or indirectly out of or in connection with a breach of this DPA.

Duration and Termination

This DPA shall come into effect on June 25, 2021 and shall continue until it is changed or terminated in accordance with the Brainybear Terms of Service.

Termination or expiration of this DPA shall not discharge the parties from the confidentiality obligations herein.

Privacy Policy

Please refer to the Brainybear Privacy Policy for more information

Contact Us

Email: [email protected]

Contact form: brainybear.ai/contact