Data Processing Addendum

Overview

This data processing addendum sets out how Meetniq, as a data processor, will handle data on behalf of data controllers, where that data controller is subject to GDPR. This addendum forms part of the Meetniq Terms of Service.

Definitions

  • "GDPR" means the EU General Data Protection Regulation (Regulation 2016/679).
  • "​controller", "​processor", "​data subject", "​personal data", "​processing" (and "​process") shall have the meanings given in the GDPR.
  • "​Meetniq" means Meetniq Pty Ltd.
  • "Account holder" means the person who holds or is creating a Meetniq account.
  • "Participant" means a person whose information is entered into the Meetniq service by the accoun tholder.
  • "Data" means information entered into the Meetniq service by the account holder or their participants, plus any information described the agreement.
  • "Agreement" means the terms set out in Meetniq's Privacy Policy, Terms of Service, and this addendum.
  • "EEA" means European Economic Area.
  • "​Security Incident" means unauthorised access to, destruction of, or alteration of the data.

Provisions

  1. Relationship of the parties: ​The account holder (the controller) appoints Meetniq as a processor to process the data for the purposes described, and the terms set out in the agreement, including, for the avoidance of doubt, to provide you with, and update and improve, our services (or as otherwise agreed in writing by the parties) (the "​Permitted Purpose"). Each party shall comply with the obligations that apply to it under the GDPR.
  2. International transfers: Meetniq shall not transfer the data outside of the EEA unless it has taken such measures as are necessary to ensure the transfer is in compliance with the GDPR. Such measures may include (without limitation) transferring the data to a recipient in a country that the European Commission has decided provides adequate protection for personal data, to a recipient in the United States that has certified its compliance with the EU-US Privacy Shield, or to a recipient that has executed standard contractual clauses adopted or approved by the European Commission.
  3. Confidentiality of processing: Meetniq shall ensure that any person it authorises to process the data shall protect the data in accordance with Meetniq’s confidentiality obligations under the agreement.
  4. Security: ​ Meetniq shall implement all appropriate technical and organisational measures to protect the data (i) from accidental or unlawful destruction, and (ii) loss, alteration, unauthorised disclosure of, or access to the data.
  5. Subcontracting: ​ The account holder consents to Meetniq engaging third party sub-processors to process the data for the Permitted Purpose provided that:
    • (i) Meetniq maintains an up-to-date list of its sub-processors, which shall be available on its website, which it shall update with details of any change in sub-processors at least 30 days prior to the change;
    • (ii) Meetniq imposes data protection terms on any sub-processor it appoints that require it to protect the data to the standard required by the GDPR; and
    • (iii) Meetniq remains liable for any breach of this addendum that is caused by an act, error or omission of its sub-processor.
    The account holder may object to Meetniq’s appointment or replacement of a sub-processor prior to its appointment or replacement, provided such objection is based on reasonable grounds relating to data protection. In such event, Meetniq will either not appoint or replace the sub-processor or, if, in Meetniq’s sole discretionthis is not reasonably possible, the account holder may suspend or terminate the agreement without penalty (without prejudice to any fees incurred by the account holder up to and including the date of suspension or termination).
  6. Cooperation and data subjects' rights: ​ Meetniq shall provide reasonable and timely assistance to the account holder (at the account holder’s expense) to enable the account holder to respond to:
    • (i) any request from a data subject to exercise any of its rights under the GDPR; and
    • (ii) any other correspondence, enquiry or complaint received from a data subject, regulator or other third party in connection with the processing of the data.
    In the event that any such request, correspondence, enquiry or complaint is made directly to Meetniq, Meetniq shall promptly inform the account holder providing full details of the same.
  7. Data Protection Impact Assessment: ​ If Meetniq believes or becomes aware that its processing of the data is likely to result in a high risk to the data protection rights and freedoms of data subjects, it shall inform the account holder and provide reasonable cooperation to the account holder in connection with any data protection impact assessment that may be required under the GDPR.
  8. Security incidents: ​ If it becomes aware of a confirmed Security Incident, Meetniq shall inform the account holder without undue delay and shall provide reasonable information and cooperation to the account holder so that the account holder can fulfil any data breach reporting obligations it may have under the GDPR. Meetniq shall further take reasonably necessary measures and actions to remedy or mitigate the effects of the Security Incident and keep the account holder informed of all material developments in connection with the Security Incident.
  9. Deletion or return of data: ​ Upon termination or expiry of the agreement, Meetniq will, on the account holder’s explicit request, delete or return the data in its possession or control (in a manner and form decided by Meetniq, acting reasonably). This requirement shall not apply to the extent that Meetniq is required by applicable law to retain some or all of the data, or to data it has archived on back-up systems, which data Meetniq shall securely isolate and protect from any further processing.

Application

If the entity signing this addendum is the account holder at the date of counter-signature, this addendum will form part of the agreement. If the entity signing this agreement is not the account holder at the date of counter-signature, this agreement will not be valid or legally binding.

Execution

If Meetniq processes personal data on behalf of a Meetniq account holder that qualifies as a controller with respect to that personal data under the GDPR, such the account holder may execute this addendum. The account holders can complete this addendum by:

  • Emailing us to request a signed pdf copy of this addendum
  • Signing the addendum and submitting a copy to us at mail@meetniq.org.

Any questions regarding this addendum should be sent to mail@meetniq.org.

Upon receipt of the validly completed and signed addendum in accordance with the instructions above, this addendum will become legally binding.