GDPR

GDPR


Last updated April 14, 2020

GDPR ADDENDUM:

PLEASE READ THIS EU DATA PROCESSING ADDENDUM (“ADDENDUM”) CAREFULLY BEFORE USING THE WEBSITE, SOFTWARE OR SERVICES OFFERED BY ONE POSH PEANUT INC (“POSH PEANUT” OR “COMPANY”). THIS ADDENDUM SHALL APPLY TO THE EXTENT POSH PEANUT IS A PROCESSOR OF PERSONAL DATA (DEFINED BELOW) THAT IS SUBJECT TO CERTAIN DATA PROTECTION LAWS (DEFINED BELOW). YOU OR THE ENTITY YOU REPRESENT AGREE THAT YOU HAVE READ AND ACCEPT THE TERMS IN THIS ADDENDUM, WHICH SUPPLEMENT POSH PEANUT’S TERMS OF SERVICE AVAILABLE AT https://poshpeanut.com/pages/terms-of-use.(“TERMS OF SERVICE”).

IF YOU OR DO NOT UNCONDITIONALLY AGREE TO ALL THE TERMS AND CONDITIONS OF THIS ADDENDUM, YOU HAVE NO RIGHT TO USE POSH PEANUT’S SERVICES AND MUST NAVIGATE AWAY FROM THIS PAGE.

This Addendum supplements the Terms of Service whenever any user of Posh Peanut’s Services provides Posh Peanut with personal data that is or will be subject to Data Protection Laws (for the purposes of this Addendum, each user who does so shall be referred to as a “Controller”).  Any terms not defined in this Addendum shall have the meaning set forth in the Terms of Service. In the event of a conflict between the terms and conditions of this Addendum and the Terms of Service, the terms and conditions of this Addendum shall supersede and control. 

Definitions 1.1 “Data Subject” means any individual about whom Personal Information may be processed under these terms.

1.2 “Data Protection Legislation” means the GDPR (as defined below), together with any national implementing laws in any Member State of the European Union or, to the extent applicable, in any other country, as amended, repealed, consolidated or replaced from time to time.

1.3 “GDPR” means the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

1.4 “Personal Information” means personal data (as defined under the Data Protection Legislation) that are subject to the Data Protection Legislation and that you authorize Posh Peanut to collect in connection with Posh Peanut service terms.

1.5 “Process” or “Processing” means any operation or set of operations performed on Personal Information or on sets of Personal Information, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaption or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction of Personal Information.

1.6 “Security Incident” means a breach of security of the Service or Posh Peanut’s systems used to Process Personal Information leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Information transmitted, stored or otherwise Processed by Posh Peanut in the context of this Addendum. 

1.7 “Sensitive Information” means Personal Information revealing a Data Subject’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, sex life or sexual orientation.

  1. Limitations on Use. Posh Peanut Will Process Personal Information solely on your behalf and in accordance with the Agreement, this Addendum and any other documented instructions from you (whether in written or electronic form), or as otherwise required by applicable law. Posh Peanut is hereby instructed to Process Personal Information to the extent necessary to enable Posh Peanut to provide the Service in accordance with the Agreement. In case Posh Peanut cannot process Personal Information in accordance with your instructions due to a legal requirement under any European Union or Member State law to which Posh Peanut is subject, Posh Peanut shall (i) promptly notify you in writing (including by e-mail) of such legal requirement before carrying out the relevant Processing, to the extent permitted by the applicable law; and (ii) cease all Processing (other than merely storing and maintaining the security of the affected Personal Information) until such time as you provides Posh Peanut with new instructions. you will be responsible for providing any necessary notices to, and obtaining any necessary consents from, Data Subjects whose Personal Information is provided by you to Posh Peanut for Processing pursuant to this Addendum. You acknowledge that the Service are not intended or designed for the Processing of Sensitive Information, and you agree not to provide any Sensitive Information through the Service. 
  2. Posh Peanut shall implement, and maintain throughout the term of the Addendum at all times in accordance with then current good industry practice, appropriate technical and organizational measures to protect Personal Information in accordance with Article 32 of the GDPR. On request, Posh Peanut shall provide you with a written description of the security measures being taken. The Service provides reasonable technical and organizational measures that have been designed, taking into account the nature of its Processing, to assist you in securing Personal Information Processed by Posh Peanut.
  3. Data Subject Requests. You are responsible for handling any requests or complaints from Data Subjects with respect to their Personal Information Processed by Posh Peanut under this Addendum. Posh Peanut will notify you promptly and in any event no less than fifteen (15) business days’ notice, unless prohibited by applicable law, if Posh Peanut receives any such requests or complaints. The Service include technical and organizational measures that have been designed, taking into account the nature of its Processing, to assist customers, insofar as this is possible, in fulfilling their obligations to respond to such requests or complaints.
  4. Regulatory Investigations. At your request, Posh Peanut will assist you in the event of an investigation by a competent regulator, including a data protection regulator or similar authority, if and to the extent that such investigation relates to the Processing of Personal Information by Posh Peanut on your behalf in accordance with this Addendum. Posh Peanut may charge a reasonable fee for such requested assistance except where such investigation arises from a breach by Posh Peanut of the Agreement or this Addendum, to the extent permitted by applicable law.
  5. Security Incident. In the event that Posh Peanut becomes aware of a Security Incident, Posh Peanut will notify you promptly and in any event no later than forty-eight (48) hours after Posh Peanut discovers the Security Incident. In the event of such a Security Incident, Posh Peanut shall provide you with a detailed description of the Security Incident and the type of Personal Information concerned, unless otherwise prohibited by law or otherwise instructed by a law enforcement or supervisory authority. Following such notification, Posh Peanut will take reasonable steps to mitigate the effects of the Security Incident and to minimize any damage resulting from the Security Incident. At your request, Posh Peanut will provide reasonable assistance and cooperation with respect to any notifications that you are legally required to send to affected Data Subjects and regulators. Posh Peanut may charge a reasonable fee for such requested assistance.
  6. Sub-Processors. You agree that Posh Peanut may disclose Personal Information to its subcontractors for purposes of providing the Service (“Sub-Processors ”), provided that Posh Peanut (i) shall enter into an agreement with its Sub-Processors that imposes on the Sub-Processors obligations regarding the Processing of Personal Information that are at least as protective of Personal Information as those that apply to Posh Peanut hereunder, including requiring the Sub-Processors to only process Personal Information to the extent required to perform the obligations sub-contracted to them, and (ii) shall remain fully liable for all obligations subcontracted to, and all acts and omissions of, the Sub-Processors. If you object to a new Sub-processor, as permitted in the preceding sentence, Posh Peanut will use reasonable efforts to make available to you a change in the Service or recommend a commercially reasonable change to your configuration or use of the Service to avoid Processing of Personal Data by the objected-to new Sub processor without unreasonably burdening you. If Posh Peanut is unable to make available such change within a reasonable period of time, which shall not exceed thirty (30) days, either party may terminate the component of the Service which cannot be provided by Posh Peanut without the use of the objected-to new Sub-processor by providing written notice to the other party. 8. Data Transfers. In connection with the performance of the Agreement, you authorize Posh Peanut to transfer Personal Information to the United States. You and Posh Peanut will enter into Standard Contractual Clauses for the Transfer of Personal Data to Processors Established In Third Countries pursuant to Commission Decision 2010/87/EU of 5 February 2010 Countries ("Model Contract "), attached hereto as Exhibit A.
  7. Posh Peanut shall make available to you all information necessary to demonstrate compliance with the obligations laid down in this Addendum and allow for and contribute to audits, including inspections, conducted by you or an auditor mandated by you. Posh Peanut shall immediately inform you if, in its opinion, an instruction infringes the Data Protection Legislation.
  8. Return or Disposal. Upon termination of your User Account for any reason, Posh Peanut will return or destroy Personal Information at your request and choice.
  9. Limitation of Liability. The total liability of Company (and its respective employees, directors, officers, affiliates, successors, and assigns), arising out of or related to this Addendum, whether in contract, tort, or other theory of liability, shall not, when taken together in the aggregate, exceed the limitation of liability set forth in the Terms of Service.