Data Processing Addendum
Important information related to the GDPR.
This Data Processing Addendum sets out how Meetniq, as a data processor, will handle data on behalf of a data controller where that data controller is subject to the GDPR.
This addendum forms part of the Terms of Service.
"Account holder" means a person who controls a Meetniq account.
"Controller", "Processor", "Data subject", "Personal data", "Processing" (and "Process") shall have the meanings given in the GDPR.
"Data" means information entered into the Meetniq service by the account holder or their participants, plus any information described by the Agreement.
"EEA" means European Economic Area.
"GDPR" means the EU General Data Protection Regulation (Regulation 2016/679).
"Meetniq" means Meetniq Pty Ltd.
"Participant" means a person whose information is entered into the Meetniq service by an account holder.
"Security Incident" means unauthorised access to, destruction of, or alteration of the data.
- Relationship of the parties: The account holder (the controller) appoints Meetniq as a processor to process the data for the purposes described, and the terms set out in the agreement, including, for the avoidance of doubt, to provide you with, and update and improve, our services (or as otherwise agreed in writing by the parties) (the "Permitted Purpose"). Each party shall comply with the obligations that apply to it under the GDPR.
- International transfers: Meetniq shall not transfer the data outside of the EEA unless it has taken such measures as are necessary to ensure the transfer is in compliance with the GDPR. Such measures may include (without limitation) transferring the data to a recipient in a country that the European Commission has decided provides adequate protection for personal data, to a recipient in the United States that has certified its compliance with the EU-US Privacy Shield, or to a recipient that has executed standard contractual clauses adopted or approved by the European Commission.
- Confidentiality of processing: Meetniq shall ensure that any person it authorises to process the data shall protect the data in accordance with Meetniq’s confidentiality obligations under the agreement.
Meetniq shall implement all appropriate technical and organisational
measures to protect the data from:
- accidental or unlawful destruction; and
- loss, alteration, unauthorised disclosure of, or access to the data.
The account holder consents to Meetniq engaging third party
sub-processors to process the data for the Permitted Purpose provided
- Meetniq maintains an up-to-date list of its sub-processors, which shall be available on its website, which it shall update with details of any change in sub-processors at least 30 days prior to the change;
- Meetniq imposes data protection terms on any sub-processor it appoints that require it to protect the data to the standard required by the GDPR; and
- Meetniq remains liable for any breach of this addendum that is caused by an act, error or omission of its sub-processor.
Cooperation and data subjects' rights:
Meetniq shall provide reasonable and timely assistance to the account
holder (at the account holder’s expense) to enable the account holder
to respond to:
- any request from a data subject to exercise any of its rights under the GDPR; and
- any other correspondence, enquiry or complaint received from a data subject, regulator or other third party in connection with the processing of the data.
- Data Protection Impact Assessment: If Meetniq believes or becomes aware that its processing of the data is likely to result in a high risk to the data protection rights and freedoms of data subjects, it shall inform the account holder and provide reasonable cooperation to the account holder in connection with any data protection impact assessment that may be required under the GDPR.
- Security incidents: If it becomes aware of a confirmed Security Incident, Meetniq shall inform the account holder without undue delay and shall provide reasonable information and cooperation to the account holder so that the account holder can fulfil any data breach reporting obligations it may have under the GDPR. Meetniq shall further take reasonably necessary measures and actions to remedy or mitigate the effects of the Security Incident and keep the account holder informed of all material developments in connection with the Security Incident.
- Deletion or return of data: Upon termination or expiry of the agreement, Meetniq will, on the account holder’s explicit request, delete or return the data in its possession or control (in a manner and form decided by Meetniq, acting reasonably). This requirement shall not apply to the extent that Meetniq is required by applicable law to retain some or all of the data, or to data it has archived on back-up systems, which data Meetniq shall securely isolate and protect from any further processing.
If the entity signing this addendum is the account holder at the date of counter-signature, this addendum will form part of the agreement. If the entity signing this agreement is not the account holder at the date of counter-signature, this agreement will not be valid or legally binding.
If Meetniq processes personal data on behalf of a Meetniq account holder that qualifies as a controller with respect to that personal data under the GDPR, such the account holder may execute this addendum. The account holders can complete this addendum by:
- Emailing us to request a signed pdf copy of this addendum; or
- Signing the addendum and submitting a copy to us at email@example.com.
Any questions regarding this addendum should be sent to firstname.lastname@example.org.
Upon receipt of the validly completed and signed addendum in accordance with the instructions above, this addendum will become legally binding.