Data Processing Agreement – Human Language

Generally speaking, the Data Processing Agreement (DPA) states that you will only use personal data of the employee for the purpose of providing the services and for no other reason. You will be responsible for ensuring that this data is kept securely and is not shared with anyone without our specific approval.

If there is any kind of breach and anyone external gains access to personal data of the employee, please notify us within 24 hours and provide us with full details about the breach.

Since the personal data may only be used for the purpose of providing the services, once your services with respect to this employee have ended, you should delete any record related to the coaching process.

Please note that the description above is not a summary of the DPA nor legal advice. You are solely responsible for reading and understanding the DPA and determining that you can comply before you sign it.

Data Processing Agreement – Legal Language

Data Processing Agreement

This Data Processing Agreement (“DPA”) forms an integral part of and is subject to the Terms of Service for Experts, entered into by and between Growth Space Ltd. (“Growth Space”) and you (“Expert” and the “Terms of Service” respectively) as of the date it is accepted by the Expert. Capitalized terms not otherwise defined herein shall have the meaning given to them in the Terms of Service.

Whereas, Growth Space Processes Personal Data (“Customer Personal Data”) on behalf of certain its customers (“Customer”) and at their direction; and

Whereas,  Growth Space is subject to certain contractual and regulatory restrictions with respect to its Processing of such Customer Personal Data; and

Whereas, in connection with the performance of its obligations under the Terms of Service, Expert may Process Customer Personal Data on behalf of Growth Space; and

Whereas, the parties wish to set forth the mutual obligations with respect to the processing of Customer Personal Data by Expert;

Now therefore, intending to be legally bound, the parties hereby agree as follows:

1. Definitions. In addition to capitalized terms defined elsewhere in this DPA, the following terms shall have the meanings set forth below:

     1.1. “Applicable Law” means Regulation 2016/679 of the European Parliament and of      the Council of 27 April 2016 on the protection of natural persons with regard to the      processing of personal data and on the free movement of such data and repealing      Directive 95/46/EC (General Data Protection Regulation) (“GDPR”), laws      implementing or supplementing the GDPR; (ii) the California Consumer Privacy Act of      2018, Cal. Civil Code Title 1.81.5 and the regulations thereunder, as may be amended      from time to time (“CCPA”), and/or (iii) any laws applicable to Growth Space’s      Processing of Customer Personal Data.

     1.2.  “EU Laws” means any laws of the European Union or any Member State.         

     1.3. “Personal Data” shall mean both Personal Data as defined under the GDPR and      Personal Information as defined under the CCPA.

     1.4. The terms “Controller”, “Data Subject”, “Member State”, “Personal Data Breach”,      “Processor”, “Processing”, and “Supervisory Authority” shall have the meanings      ascribed to them in the GDPR.

     1.5.  “Business”, “Collect”, “Consumer”, “Processing”, “Request to Know”, “Request to      Delete”, “Request to Opt-Out”, “Sell”, and “Verifiable Consumer Request” shall have      the meanings ascribed to them in the CCPA.

2. Roles of the Parties.

     2.1. When Growth Space Processes Customer Personal Data that is subject to the      GDPR, the applicable Customer serves as a Controller of such Personal Data and      Growth Space serves as a Processor on its behalf. Expert shall serve as a Sub      Processor of such Customer Personal Data. This DPA should be interpreted      accordingly.

     2.2. When Growth Space Processes Personal Data of Customers that is subject to the      CCPA, the applicable Customer serves as a Business with respect to such Personal      Data and Growth Space serves as a Service Provider (as defined in the CCPA) on its      behalf.

3. Processing of Customer Personal Data.

    3.1. Expert shall Process Customer Personal Data on Growth Space’s behalf and at      Growth Space’s instructions as specified in the Terms of Service and/or in this DPA,      including without limitation with regard to transfers of Customer Personal Data to a      third country or international organization. Any other Processing shall be permitted      only in the event that such Processing is required by EU Laws to which Expert is      subject. In such event, Expert shall, unless prohibited by such EU Laws on important      grounds of public interest, inform Growth Space of that requirement before engaging      in such Processing.                                                                                                 

     3.2. Growth Space instructs Expert (i) to Process Customer Personal Data in      accordance with Growth Space’s written instructions, for the sole purpose of      provision of the Services as detailed in the Terms of Service, as set forth in this      DPA, and/or as otherwise directed by Growth Space; and (ii) to transfer Customer      Personal Data to a country or territory as strictly necessary for the provision of the      Services, subject to Applicable Law and Growth Space’s prior written consent.

     3.3. Expert will not solicit Personal Data from Growth Space’s or its customers’ Data      Subjects except as expressly directly by Growth Space in writing. Expert is expressly      prohibited from collecting and/or using Personal Data obtained from any source not      specifically detailed in the Terms of Service and/or this DPA, including illegal      sources. Expert will not disclose any Customer Personal Data to any person or entity      without the prior written approval of Growth Space.

     3.4. In addition, and without derogating from the foregoing, with respect to Personal      Data subject to the CCPA, Expert hereby undertakes that it shall not: (i) sell any of      the Customer Personal Data; (ii) retain, use or disclose any of the Customer Personal      Data for any purpose other than for the specific purpose of performing the Services      or as otherwise permitted by the CCPA; (iii) retain, use, or disclose any Customer      Personal Data for a commercial purpose other than providing the Services; or (iv)      collect, sell, retain, use, or disclose the Customer Personal Data except as necessary      for the provision of the Services in accordance with the Terms of Service.

     3.5. Expert shall document its activities and decision-making processes regarding      the implementation of this DPA. Expert shall provide Growth Space with reports as      requested by Growth Space regarding the management, processing and securing of      Customer Personal Data. In addition, Expert shall disclose unusual events promptly      following occurrence.

     3.6. Growth Space sets forth the details of the Processing of Customer Personal      Data, as required by Article 28(3) of the GDPR in Schedule A (Details of Processing      of Customer Personal Data), attached hereto.

4. Expert Employees. To the extent that Expert engages any employees or service providers, it may not give them access to any Customer Personal Data, without Growth Space’s prior written consent in each instance.

5. Security.

     5.1. Expert shall implement and maintain appropriate technical and organizational      measures to ensure an appropriate level of security of the Customer Personal Data,      including, as appropriate and applicable, structural segregation of the Customer      Personal Data and other security measures commensurate with the type of Customer      Personal Data and the risk of a data security breach and any other measure referred      to in Article 32(1) of the GDPR. The parties acknowledge that security requirements      are constantly changing and that effective security requires frequent evaluation and      regular improvements of outdated security measures. Expert will therefore evaluate      the measures implemented in accordance with this Section ‎4 on an ongoing basis      and will, at its own cost, tighten, supplement and improve these measures in order to      maintain compliance with the requirements set out herein.

     5.2. Without limitation of the foregoing, Expert represents and warrants to Growth      Space that it will comply with its obligations under Applicable Law and will maintain      and process the Customer Personal Data separately from data processed for third      parties including, without limitation, Expert’s other clients.

6. Personal Data Breach.

     6.1. Expert shall notify Growth Space immediately, and in any event within twenty      four (24) hours, by written notice upon Expert becoming aware of a Personal Data      Breach.

     6.2. In such event, Expert shall provide Growth Space with all available information      relating to (i) the nature of the Personal Data Breach including, where possible, the      categories and approximate number of Data Subjects concerned; (ii) the likely      consequences of the Personal Data Breach; and (iii) a description of the measures      taken or proposed to be taken by Expert to address the incident including, where      appropriate, measures to mitigate its possible adverse effects.

     6.3. Expert shall cooperate with Growth Space in connection with the investigation,      mitigation, and remediation of any Personal Data Breach and shall take all necessary      and appropriate corrective action.

7. Sub Processing. Expert may not engage any additional parties to Process Customer Personal Data on its behalf, without obtaining Growth Space’s express prior written consent.

8. Data Subject Rights.

     8.1. Expert shall assist Growth Space in complying with any of Growth Space’s      statutory obligations concerning requests to exercise Data Subject rights under      Applicable Law (e.g., for access, rectification, deletion of Customer Personal Data,      etc.) or any of Growth Space’s statutory obligations concerning Verifiable Consumer      Requests or other requests to exercise any Consumer rights under the CCPA in      connection with any Customer Personal Data (e.g., Request to Know, Request to      Delete, Request to Opt-Out.).                                                 

     8.2. When a Data Subject whose Personal Data is being Processed by Expert submits      a written request to Expert to inspect his or her Personal Data, Expert:

            8.2.1. shall provide Growth Space with written notice of the inquiry together             with all relevant details within two (2) days of being approached by the Data             Subject; and

            8.2.2. shall not respond to that request except on the written instructions of             Growth Space or as required by Applicable Law to which the Expert is subject, in             which case Expert shall, to the extent permitted by Applicable Law, inform             Growth Space of that legal requirement prior to responding to the request.

9. Data Protection Impact Assessment and Prior Consultation. At Growth Space’s request, Expert shall provide assistance to Growth Space for any data protection impact assessments or prior consultations with Supervisory Authorities or other competent data privacy authorities, as required under any Applicable Law.

10. Retention, Deletion or Return of Customer Personal Data.

     10.1. Expert will retain Customer Personal Data only for as long as necessary to      satisfy the purposes for which it was provided to Expert by Growth Space.

     10.2. Expert shall promptly delete, return, or destroy all copies of any Customer      Personal Data or any portion thereof, including without limitation, deletion from its      hard drives, backup devices, and any magnetic or optic media, once such data is no      longer necessary to be retained in accordance with Section 9.1 or upon the request      of Growth Space.

     10.3. Notwithstanding the foregoing, Expert may retain Customer Personal Data to      the extent required by EU Law, provided that such Customer Personal Data shall      continue to be retained in accordance with the terms of this DPA.

     10.4. Upon Growth Space’s written request, Expert shall provide written certification      to Growth Space that it has complied with this Section 9.

11. Inspection and Audit Rights.

     11.1. Expert shall make available to Growth Space or the Customer or to any auditor      mandated by Growth Space, upon Growth Space’s request, all material and      information necessary to enable Growth Space to confirm compliance with this DPA,      and shall allow for audits, including inspections, by Growth Space, the Customer, or      an auditor on behalf of either in relation to the Processing of the Customer Personal      Data by Expert

     11.2. Growth Space shall give Expert reasonable prior notice of any audit or      inspection to be conducted under Section 10.1, provided however that Growth Space,      the Customer, or an auditor on behalf of either may conduct unannounced      inspections to the extent advisable in the Customer’s or Growth Space’s reasonable      estimation to comply with Applicable Law. Expert hereby grants Customer, Growth      Space, any auditor on its behalf, and/or any of their authorized personnel and      representatives, permission to access any of Expert’s computers and/or any other      required materials, documents and devices for the purpose of inspection.

12. Notice of Infringement. Expert shall immediately inform Growth Space if, in its      opinion, an instruction received under this DPA infringes the GDPR or other      applicable Data Protection Laws.

13. Indemnity. Expert shall indemnify and hold Growth Space harmless against all claims, actions, third party claims, losses, damages and expenses incurred by Growth Space and arising directly or indirectly out of or in connection with a breach of this DPA and/or the Applicable Law by Expert.

14. General Terms.

     14.1. Termination. This DPA shall terminate automatically upon the termination of      the Terms of Service, provided however, that Expert’s obligations under this DPA will      apply for as long as Expert has access to Customer Personal Data.

     14.2. Governing Law and Jurisdiction.

            14.2.1. The parties to this DPA hereby submit to the choice of jurisdiction             stipulated in the Terms of Service with respect to any disputes or claims             howsoever arising under this DPA, including disputes regarding its existence,             validity or termination or the consequences of its nullity.

            14.2.2. This DPA and all non-contractual or other obligations arising out of or in             connection with it are governed by the laws of the country or territory stipulated             for this purpose in the Terms of Service.

     14.3. Order of Precedence.

            14.3.1. Nothing in this DPA shall detract from Expert’s obligations under the             Terms of Service in relation to the protection of Personal Data or permit Expert             to Process (or permit the Processing of) Personal Data in a manner that is             prohibited by the Terms of Service.

            14.3.2. In the event of any conflict or inconsistency between this DPA and             Growth Space’s Privacy Notice, this DPA shall prevail with regard to the             processing of Personal Data subject to Applicable Law.

            14.3.3. Subject to this Section ‎13, in the event of inconsistency between the             provisions of this DPA and any other agreements between the parties, including             the Terms of Service and (except where explicitly agreed otherwise in writing)             agreements entered into or purported to be entered into after the date of this             DPA, with regard to the subject matter of this DPA, the provisions of this DPA             shall prevail.

     14.4. Changes in Applicable Law.

            14.4.1. Growth Space may, by prior written notice to Expert, request in writing             any variations to this DPA if they are required as a result of any change in, or             decision of a competent authority under any Applicable Law in order to allow             Customer Personal Data to be Processed (or continue to be Processed) without             breach of that Applicable Law.

            14.4.2. If Growth Space gives notice with respect to its request to modify this             DPA under Section ‎13.4.1, Expert shall make best efforts to accommodate such             modification request.

            14.4.3. In the event that Expert is unable to accommodate such request within             30 days, Growth Space may, with immediate effect and without any penalty,             terminate the Terms of Service to the extent that it relates to the Services that             are affected by the proposed variations. In the event of termination in             accordance with this Section 13.4.3, Expert shall refund Growth Space for any             prepaid and unused amounts following such termination.

     14.5. Severance. Should any provision of this DPA be held invalid or unenforceable,      the remainder of this DPA shall remain valid and in force. The invalid or      unenforceable provision shall either be (i) amended as necessary to ensure its      validity and enforceability, while preserving the parties’ intentions as closely as      possible or, if this is not possible, (ii) construed in a manner as if the invalid or      unenforceable part had never been contained herein.

Schedule A: Details of Processing

This Schedule 1 includes certain details of the Processing of Personal Data as required by Article 28(3) of the GDPR.

Subject matter and duration of the Processing of Personal Data.
The subject matter and duration of the Processing of the Customer Personal Data are set out in the Terms of Service.

The nature and purpose of the Processing of Personal Data:
Rendering Services as an Expert on behalf of Growth Space to employees of Growth Space’s customers, all as detailed in the Terms of Service.

The types of Personal Data to be Processed are as follows:
Personal Data relating to employees or other personnel of Growth Space’s customers, such as name, email address, phone number, level of seniority, age range, identify of manager, background, assessments of strengths and weaknesses, field of business, experience, any additional information provided by Employee.                                    

The categories of Data Subject to whom the Personal Data relates to are as follows:
Data subjects who are employees of Growth Space’s customers.

The obligations and rights of Growth Space.
The obligations and rights of Growth Space are set out in the Terms of Service and this DPA.