language
Data Processing Agreement
This Data Processing Agreement forms part of the End-User License Agreement ("EULA") between
The entity as specified as the User or Customer in the EULA
(the "User")
and
OM Digital Solutions Corporation
(the "Processor")
(together as the "Parties")
WHEREAS
(A) The User acts as a data controller.
(B) The User wishes to contract certain Services, which implies the processing of Personal Data, to the Processor.
(C) The Parties seek to implement a data processing agreement that complies with the requirements of the current legal framework in relation to data processing.
(D) The Parties wish to lay down their rights and obligations.
IT IS AGREED AS FOLLOWS:
1. Definitions and Interpretation
Unless otherwise defined herein, capitalized terms and expressions used in this Agreement shall have the following meaning:
1.1 "Agreement" means this Data Processing Agreement and all Schedules;
1.2 "User Personal Data" means any Personal Data processed by the Processor on behalf of the User pursuant to or in connection with the EULA;
1.3 "Data Protection Laws" means the data protection or privacy laws of any country that are applicable to the processing of User Personal Data, including, where applicable, the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), and the California Consumer Privacy Act of 2018;
1.4 "Personal Data" means any information relating to an identified or identifiable natural person ("Data Subject");
1.5 "Personal Data Breach" means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise processed;
1.6 "Services" means the services which the Processor provides for the User in accordance with the EULA;
1.7 "Subprocessor" means any person appointed by or on behalf of the Processor to process User Personal Data on behalf of the User in connection with the Agreement.
2. Processing of User Personal Data
2.1 The Processor shall:
2.1.1 comply with all Data Protection Laws in the processing of User Personal Data;
2.1.2 not process User Personal Data other than on the relevant User’s documented instructions unless required to do so by the applicable laws. In this case, the Processor shall inform the User of that legal requirement before processing, unless the law prohibits this on important grounds of public interest; and
2.1.3 notify the User promptly when the Processor makes a determination that it can no longer meet its obligations under the Data Protection Laws.
2.2 This Agreement and the EULA shall constitute a part of User’s instructions for the Processor to process User Personal Data.
2.3 The details of processing by the Processor under this Agreement shall be set out in Schedule 1.
2.4 The User reserves the right, upon notice to the Processor, to take reasonable and appropriate steps to ensure that the Processor processes User Personal Data in a manner consistent with Processor’s obligations under the Data Protection Laws or to stop and remedy Processor’s unauthorized processing of User Personal Data.
3. Processor Personnel
The Processor shall take reasonable steps to ensure the reliability of any employee, agent or contractor of the Processor who may have access to the User Personal Data, ensuring in each case that access is strictly limited to those individuals who need to know / access the relevant User Personal Data, as strictly necessary for the purposes of the EULA, and to comply with applicable laws, ensuring that all such individuals are subject to confidentiality undertakings or professional or statutory obligations of confidentiality.
4. Security
4.1 Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the Processor shall in relation to the User Personal Data implement appropriate technical and organizational measures to ensure a level of security appropriate to that risk.
4.2 In assessing the appropriate level of security, the Processor shall take account in particular of the risks that are presented by processing, in particular from a Personal Data Breach.
5. Subprocessing
5.1 The Processor shall not appoint (or disclose any User Personal Data to) any Subprocessor unless required or authorized in writing by the User.
5.2 The User hereby authorizes the Processor to appoint the entities listed in the Schedule 2 as Subprocessors.
5.3 Where the Processor engages a Subprocessor for carrying out the processing of User Personal Data on behalf of the User, it shall do so by way of a contract which imposes on the Subprocessor, in substance, the same data protection obligations as the ones imposed on the Processor in accordance with this Agreement. The Processor shall ensure that the Subprocessor complies with the obligations to which the Processor is subject pursuant to this Agreement and to the Data Protection Laws.
5.4 The Processor shall remain fully responsible to the User for the performance of Subprocessor’s obligations in accordance with its contract with the Processor. The Processor shall notify the User of any failure by the Subprocessor to fulfil its contractual obligations.
6. Data Subject Rights
6.1 Taking into account the nature of the processing, the Processor shall assist the User by implementing appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of the User’s obligations, as reasonably understood by the User, to respond to requests to exercise Data Subject rights under the Data Protection Laws.
6.2 Processor shall:
6.2.1 promptly notify the User and fully cooperate with the User at its request if it receives a request from a Data Subject under any Data Protection Law in respect of User Personal Data; and
6.2.2 ensure that it does not respond to that request except on the documented instructions of the User or as required by applicable laws to which the Processor is subject.
7. Personal Data Breach
7.1 The Processor shall notify the User without undue delay upon the Processor becoming aware of a Personal Data Breach affecting User Personal Data, providing the User with sufficient information to allow the User to meet any obligations to report or inform Data Subjects or public authorities of the Personal Data Breach under the Data Protection Laws.
7.2 The Processor shall fully cooperate with the User and take reasonable commercial steps as are directed by the User to assist in the investigation, mitigation and remediation of each such Personal Data Breach.
8. Data Protection Impact Assessment and Prior Consultation
The Processor shall provide reasonable assistance to the User with any data protection impact assessments, and prior consultations with supervising authorities or other competent data privacy authorities, which the User reasonably considers to be required by the Data Protection Laws, in each case solely in relation to processing of User Personal Data by, and taking into account the nature of the processing and information available to, the Processor.
9. Deletion or Return of User Personal Data
9.1 Subject to this section 9 Processor shall delete and procure the deletion of all copies of those User Personal Data in accordance with the User’s instruction after the date of termination or cessation of any Services involving the processing of User Personal Data.
9.2 The Processor shall provide written certification to the User that it has fully complied with this section 9 when the User requires it.
10. Audit Rights
Subject to this section 10, the Processor shall make available to the User on request all information necessary to demonstrate compliance with this Agreement, and shall allow for and contribute to audits, including inspections, by the User or an auditor mandated by the User in relation to the processing of the User Personal Data by the Processor.
11. Data Transfer
The Processor may transfer or authorize the transfer of User Personal Data to countries outside the country where the Processor is located in accordance with the Data Protection Laws and the EULA.
12. Governing Law and Jurisdiction
12.1 This Agreement is governed by the Data Protection Laws; provided, however, that matters in this Agreement, which are not regulated under the Data Protection Laws, are governed by laws of Japan.
12.2 Any dispute arising in connection with this Agreement, which the Parties will not be able to resolve amicably, will be submitted to the exclusive jurisdiction of the Tokyo District Court.
Schedule 1
Details of Processing
1. Subject matter and duration of the processing
The subject matter of the processing is set out in the EULA.
The duration of the processing is same as the duration of the Services provided by the Processor to the User.
2. Nature and purpose of processing
Nature of processing includes collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
The purpose of processing is to provide the Services to the User.
3. Type of Personal Data and categories of Data Subjects
The following is a list of types of Personal Data processed:
Company Name;
Country;
Administrator’s name;
Administrator’s email address;
Administrator’s password;
User’s’name;
User’s’email address;
User’s’password;
Author ID; and
Sound Data;
Categories of Data Subjects whose Personal Data is processed are the User and the speakers in the audio recordings.
Schedule 2
List of Subprocessors
The Processor may appoint the entities listed in the below as Subprocessors:
1. Processor’s group companies;
2. Distributors and dealers of the Services engaged by Processor’s group companies;
3. Microsoft Ireland Operations Limited; and
4. Sony Network Communications Inc.