Yola Data Processing Addendum

Effective Date: July 24, 2018.

This Yola Data Processing Addendum forms part of, and is subject to the provisions of, the Yola Terms of Service. Capitalized terms not defined here have the meanings set forth in the Terms of Service.

The following definitions apply solely to this Data Processing Addendum:

  • a. the terms “Controller”, “data subject”, “personal data”, “process,” “processing” and “Processor” have the meanings given to these terms in EU Data Protection Law.
  • b. “EU Data Protection Law” means any data protection or data privacy law or regulation of Switzerland, the United Kingdom, or any European Economic Area (“EEA”) country applicable to Your Controlled Data, including, as applicable, the GDPR and the e-Privacy Directive 2002/58/EC.
  • c. “GDPR” means the EU General Data Protection Regulation 2016/679.
  • d. “Sub-Processor” means an entity engaged by Yola to process Your Controlled Data.

We, the Processor, technically operate a website and/or online shop on our systems located in countries including the US on behalf of you, the Controller.

We may also be an independent Controller for some personal data relating to you or your End Users. Please see our Privacy Policy and Terms of Service for details about this personal data which we control. We decide how to use and process that personal data independently and use it for our own purposes. When we process personal data as a Controller, you acknowledge and confirm that this Data Processing Addendum does not create a joint-Controller relationship between you and us. If we provide you with personal data controlled by us, such as in any access to data regarding your End Users’ interactions with Your Site, you receive that as an independent data Controller and are responsible for compliance with EU Data Protection Law in that regard.

The Processor shall process personal data for the Controller in terms of Article 4(2) and Article 28 of the GDPR based on this Agreement.

The contractually stipulated service shall be performed exclusively in a Member State of 欧洲联盟或欧洲经济区协定的一个缔约国. 只有在下列情况下,服务或其部分才应转移到另一个国家 the specific requirements of Article 44 and subsequent Articles of the GDPR are met (e.g. 欧洲委员会作出的适当性决定、标准数据保护条款、经批准的行为准则). We are a certified member of the EU-US and Swiss-US privacy shield. The processing of personal 数据由位于美国的处理器为控制器执行 the framework of these adequacy decisions.

1. Type and Purpose of Processing, Type of Personal Data and Categories of Data Subjects:

MG游戏中心确保阁下的网站及/或网上商店可于 framework of our Terms of Service. Furthermore, we process all information in connection with user orders and make it available to you. You are then responsible for the execution of the contracts concluded with your users.

Type of processing (in accordance with the definition in Article 4 No. 2 of the GDPR):

处理是指收集、储存及使用有关的个人资料 operation of the respective website and/or online shop.

Type of personal data (in accordance with the definition in Articles 4 No. 1, 13, 14 and 15 of the GDPR):

  • Name
  • Company
  • Postal address
  • Phone Number
  • Payment information
  • Email Address
  • Order details
  • IP address
  • Information submitted through the Yola Contact form

Categories of data subjects (in accordance with the definition in Article 4 No. 1 of the GDPR):

Data subjects are users of the respective website and/or online shop.

2. Rights, Duties and Powers of Instruction of the Controller

财务主任应单独负责评估依据程序的合法性 根据《mg游戏平台下载》第6(1)条的规定,并根据《mg游戏平台下载》第6(1)条的规定,保障数据主体的权利 Articles 12-22 of the GDPR. Nevertheless, the Processor shall be obligated to forward to the 管理员所有这些询问,在其意图明确的范围内,不得无故拖延 for the Controller exclusively.

对处理事项的修改和程序的更改应予协调 在控制器和处理器之间,以书面或文档化的电子格式定义.

财务主任一般应以书面形式发出所有命令、部分命令和指示 or in a documented electronic format. Verbal instructions are to be confirmed in writing or in a documented electronic format without undue delay. The Controller shall be entitled to convince itself adequately of the Processor's adherence to technical and organizational 处理方采取的措施,以及本协议中规定的义务 of the processing and on a regular basis thereafter, as set down in Section 4 hereof.

如果控制人发现错误或错误,应立即通知处理人 irregularities when reviewing the results of the processing.

控制人有义务处理有关商业秘密和数据安全的所有知识 由此在合同关系框架内获得的处理程序的度量 confidentially. This obligation shall remain in effect even after the Termination of this Agreement.

3. Controller's Authorized Issuers, Processor's Authorized Recipients

The Controller's authorized issuers of instructions and communication channel for this Agreement shall be:

  • The Processor's authorized recipients of instructions and the communication channel to be used for instructions shall be: privacy@nipaplaza.com
  • If contact persons are changed or hindered for an extended period, the other Party shall be notified of the successors or substitutes without undue delay, generally in writing or electronically. Instructions are to be preserved for the effective term thereof and for three full calendar years thereafter.

4. Duties of the Processor

The Processor shall process personal data exclusively within the bounds of the agreements 除非财务主任有义务执行 根据欧盟或其所属成员国的法律进行其他处理 subject (e.g. investigations by law enforcement and state security authorities); in such a case, the Processor shall inform the Controller of that legal requirement before processing, 除非该法律基于公共利益的重要理由禁止提供此类信息 28(3) Sentence 2 character a of the GDPR).

The Processor hereby warrants that all measures stipulated herein in connection with the processing of personal data under this Agreement will be taken in accordance with this Agreement. The Processor hereby warrants that the data processed for the Controller will be kept strictly separate from other data.

来自控制器的或用于控制器的数据存储媒体必须有专门的标签. The arrival, departure and ongoing use thereof shall be documented.

The Processor shall be required to participate to a necessary extent and provide the Controller with reasonable assistance to the extent possible in safeguarding the rights of data subjects in accordance with Articles 12-22 of the GDPR, in compiling records of 处理活动和必要的影响评估(第28(3)条) Sentence 2 character e and f of the GDPR). The Processor shall provide the necessary information in this regard without undue delay in each case to the Controller. The Controller informs the 处理器在写完本DPA后,立即向控制器办公室汇报 shall be addressed.

处理程序如认为有指示,应及时通知控制程序 违反法定条文(《MG游戏中心》第28(3)条第3句). 处理器有权延迟相关指令的执行,直到它生效 confirmed or amended by the Controller's controller after review. The Processor shall be required 修改、删除或限制处理因合约关系而产生的个人资料 除非财务主任有合法理由反对,否则须以指示方式提出该项要求 interests of the Processor.

处理器不得向第三方提供因合同关系而产生的个人数据 当事人或数据主体未经财务总监事先指示或批准.

  • 处理器特此保证其将在必要时参与该监测 in a supportive fashion.
  • 处理器特此确认其熟悉本协议的数据保护规定 GDPR applicable to the commissioned processing. It also hereby agrees to observe secrecy rules of relevance for this Agreement which are incumbent upon the Controller. As far as the Controller has to observe corresponding special secrecy rules, he informs the processor in writing immediately after conclusion of this DPA, which secrecy rules are concerned.
  • 处理器在此同意对处理过程保密 personal data in accordance with this Agreement. This duty shall continue to be binding after the termination of this Agreement.
  • The Processor hereby warrants that it will make employees engaged in performance of the processing familiar with the respective data protection provisions applicable to them prior to the commencement of their activity and that such employees will be obligated in suitable fashion to maintain secrecy for the period of the activity thereof and after termination of the employment relationship (Article 28(3) Sentence 2 character b and Article 29 of the GDPR).
  • 处理器应监测其公司对数据保护法规定的遵守情况.
  • All correspondence related to this agreement are to be directed to privacy@nipaplaza.com.

5. Processor's Notification Duties in the Event of Disruptions in Processing and Breaches of the Protection of Personal Data:

The Processor shall notify the Controller by posting on Yola.com without undue delay of 加工者或其雇用的人员对规定的破坏和违反 data protection law or the provisions of the Agreement, as well as of the suspicion of data protection violations or irregularities in the processing of personal data. This shall apply above all with respect to possible notification and communication obligations of the Controller in accordance with Article 33 and Article 34 of the GDPR. The Processor hereby warrants that it will adequately assist the Controller with its obligations in accordance 与GDPR第33条和第34条(GDPR第28(3)条第2个字符). Notifications on behalf of the Controller under Articles 33 or 34 of the GDPR may only be executed by the Processor after prior instruction pursuant to Section 4 of this Agreement.

6. Relationships with Subcontractors (Article 28(3) Sentence 2 character d of the GDPR)

处理器可聘请第三方及/或分包商处理个人资料 under this Processor Agreement.

加工商会对这些第三方和/或分包商负责,并将施加 第三方和/或分包商的条件、义务和责任与 mentioned in this Processor Agreement. Upon written request by Controller, the Processor is to 提供有关其子处理器与数据保护相关的义务的信息 at any time.

7. 根据GDPR第32条(第28(3)条)的技术和组织措施 Sentence 2 character c of the GDPR)

一种足以保障受影响的自然人的权利和自由的危险程度 specific processing shall be ensured. To this end, the protective goals of Article 32(1) of the GDPR, such as the confidentiality, integrity and availability of systems and services and the resilience thereof with regard to the nature, scope, context and purpose of the processing shall be taken into account so that 通过适当的技术和组织措施,以持久的方式减轻风险.

Upon written request from the Controller, and no more than once per calendar year, the Processor will make 向财务主任提供所有必要的信息,以证明其遵守其在本协议项下的义务 the GDPR and allow for and contribute to audits, including inspections, conducted by the Controller or another auditor mandated by the Controller. Any reviews of information, audits, or inspections conducted pursuant to this Section shall be at the Controller’s sole expense.

8. Liability

处理方负责实施本数据处理附录中规定的措施. The Processor is not liable if these measures turn out to be insufficient. The Controller indemnifies the Processor against claims of third parties, including data protection authorities, ensuing for any reason 本资料处理附录所载的个人资料处理中的任何内容.

处理方因可归因的未能履行本协议或其他任何责任而承担的任何责任 根据《MG游戏中心》中约定的责任限制.