Data Processing Addendum
Where applicable, this Data Processing Addendum is hereby incorporated in the Superbeings Terms of Service (the “General Terms”), found at https://www.superbeings.ai/terms-of-use, unless Customer has entered into a superseding written agreement with Superbeings, in which case, it forms a part of such written agreement. All capitalized terms not defined herein shall have the meaning set forth in the General Terms. Unless Customer has a superseding written agreement with Superbeings, Superbeings may amend this Data Processing Addendum from time to time on its Website, as its business evolves. Any revisions will become effective on the date Superbeings publishes the changes. Customer can review the most current version of the Data Processing Addendum at any time by visiting this page. If Customer uses the Services after the effective date of any changes, that use will constitute the acceptance of the revised Data Processing Addendum.
1. DEFINITIONS AND INTERPRETATION
1.1 (i) “Data Controller” has the meaning set out in GDPR;
(ii) “Data Processor” has the meaning set out in GDPR;
(iii) “Data Protection Regulator” means the applicable supervisory authority with jurisdiction over either party, and in each case any successor body from time to time;
(iv) “Data Subject” has the meaning set out in GDPR;
(v) “Privacy Laws” means all applicable data protection and privacy legislation, regulations and guidance governing the protection of Personal Information including but not limited to Regulation (EU) 2016/679 (the “General Data Protection Regulation” or “GDPR”); and
(vi) “Process”, “Processing” or “Processed” have the meaning set out in GDPR.
2. PROTECTION OF PERSONAL INFORMATION
2.1 Supersedence. This Data Processing Addendum shall supersede any and all provisions of the General Terms inconsistent herewith.
2.2 Data Controller and Data Processor. The Parties acknowledge that the Customer is the Data Controller and Superbeings is the Data Processor of the Customer Personal Information. Superbeings will Process Personal Information in accordance with Section 3 of this Data Processing Addendum.
2.3 Customer’s Obligations as Data Controller. The Customer warrants that the Customer Personal Information has been obtained fairly and lawfully and, in all respects in compliance with the Privacy Laws.
2.4 Superbeings’ Obligations as Data Processor. Superbeings shall:
2.4.1 Process the Customer Personal Information only in accordance with Section 3 of this Data Processing Addendum and any other reasonable documented instructions as provided by the Customer to Superbeings from time to time (“Instructions”), including with regard to transfers of Customer Personal Information to a third country, save where:
22.214.171.124 such Instructions are unlawful;
126.96.36.199 such Instructions would cause Superbeings to breach its own obligations under Privacy Laws or the General Terms or any other agreement with a third party;
188.8.131.52 such Instructions would negate the Survey Respondents’ right under the General Terms to remain anonymous;
184.108.40.206 Superbeings is under a legal obligation to Process the Customer Personal Information, in which case Superbeings shall inform the Customer of the legal obligation, except to the extent the law prohibits it from doing so; and/or
220.127.116.11 such Instructions would impact the overall availability of the Services or the performance of the Superbeings Platform in an undue manner.
2.4.2 inform the Customer if, in its opinion, an Instruction received from the Customer infringes the Privacy Laws;
2.4.3 ensure that all Superbeings employees and personnel who are involved in the Processing of Customer Personal Information have committed themselves to confidentiality or are under statutory obligations of confidentiality;
2.4.4 not provide any new third party, with access to the Customer Personal Information or sub-contract any of its obligations under the General Terms that involve Processing Customer Personal Information without noticing in advance the Customer and/or publishing the changes in this Data Processing Addendum on the Website. The Customer hereby approves those third parties listed below, or any further third party that is compliant with GDPR requirements regarding transfers of Customer Personal Information to a third country (the “Subprocessors”):
18.104.22.168 AWS - SuperBeings’ internal database/servers are hosted in AWS data centers located in Mumbai, India. SuperBeings and AWS are bound by Standard Contractual Clauses.
22.214.171.124 SendInBlue - SuperBeings uses SendInBlue email services. SendInBlue is headquartered in Paris, France. SuperBeings and SendInBlue are bound by Standard Contractual Clauses.
126.96.36.199 Segment - Superbeings uses Segment for collecting data for warehousing purposes. Segment is headquartered in San Francisco, USA. SuperBeings and Segment are bound by Standard Contractual Clauses.
2.4.5 ensure that any sub-contract entered into by Superbeings (where Customer Personal Information is Processed by a Subprocessor) contains provisions which comply with Privacy Laws and in any event are no less onerous than those imposed under Section 2 of this Data Processing Addendum, and where a Subprocessor fails to fulfil its data protection obligations under GDPR, Superbeings shall remain liable to Customer for the performance of that Subprocessor’s obligations;
188.8.131.52 the anonymization, pseudonymization and/or encryption of Customer Personal Information;
184.108.40.206 the ability to ensure the ongoing confidentiality, integrity, availability and resilience of Processing systems and services;
220.127.116.11 the ability to restore the availability and access to Customer Personal Information in a timely manner in the event of a physical or technical incident; and
18.104.22.168 a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the Processing.
2.4.7 taking into account the nature of the Processing, assist the Customer (at the Customer’s reasonable cost) by appropriate technical and organizational measures, to enable the Customer to comply with its obligations under Privacy Laws in responding to requests from Data Subjects or the Data Protection Regulator, insofar as this is possible, to the extent the anonymity of the Personal Information shall be kept confidential by Superbeings, and not shared with Customer;
2.4.8 assist the Customer (at the Customer’s reasonable cost), to comply with the following obligations under GDPR, taking into account the nature of Processing and information available to Superbeings, including:
22.214.171.124 the Customer’s obligations to carry out data protection impact assessments and any subsequent consultation with the Data Protection Regulator;
2.4.9 make available to Customer or an independent third party auditor mandated by the Customer (but not being a competitor of Superbeings), at the Customer’s reasonable cost, to a maximum of once a year or when a breach of Customer Personal Information is reasonably suspected, all reasonable information that Superbeings deems necessary to demonstrate compliance with the obligations imposed on Superbeings under Section 2 of this Data Processing Addendum, and allow for and contribute to audits, including inspections for the sole purpose of demonstrating such compliance; and
2.4.10 unless required by law, at Customer’s request following termination or expiry of the General Terms for whatever reason, at the Customer’s reasonable cost, securely delete all of the Customer Personal Information.
3 INSTRUCTIONS FOR PROCESSING OF CUSTOMER PERSONAL INFORMATION
Superbeings will Process Customer Personal Information in accordance with the following instructions:
This Policy was last updated on February 14, 2021