Data Processing Addendum
This GDPR Data Processing Addendum (“DPA”) forms part of the terms of service agreement available at https://mare.io/terms/ or such other location as the Terms of Service may be posted from time to time (as applicable, the “Agreement”), entered into by and between the Customer and Samu Suite, Inc. ("Mare.io"), pursuant to which Customer has accessed Mare.io's Application Services as defined in the applicable Agreement. The purpose of this DPA is to reflect the parties’ agreement with regard to the processing of personal data in accordance with the requirements of Data Protection Legislation as defined below.
In the course of providing the Application Services to Customer pursuant to the Agreement, Mare.io may process personal data on behalf of Customer. Mare.io agrees to comply with the following provisions with respect to any personal data submitted by or for Customer to the Application Services or collected and processed by or for Customer through the Application Services. Any capitalized but undefined terms herein shall have the meaning set forth in the Agreement.
Data Processing Terms
In this DPA, “Data Protection Legislation” means European Directives 95/46/EC and 2002/58/EC (as amended by Directive 2009/136/EC) and any legislation and/or regulation implementing or made pursuant to them, or which amends, replaces, re-enacts or consolidates any of them (including the General Data Protection Regulation (Regulation (EU) 2016/279)), and all other applicable laws relating to processing of personal data and privacy that may exist in any relevant jurisdiction.
“data controller”, “data processor”, “data subject”, “personal data”, “processing”, and “appropriate technical and organisational measures” shall be interpreted in accordance with applicable Data Protection Legislation;
The parties agree that Customer is the data controller and that Mare.io is its data processor in relation to personal data that is processed in the course of providing the Application Services. Customer shall comply at all times with Data Protection Legislation in respect of all personal data it provided to Mare.io pursuant to the Agreement.
The subject matter of the data processing covered by this DPA is the Application Services ordered by Customer through Mare.io's website. Further details about what is processed is set out in Appendix 1 below.
In respect of personal data processed in the course of providing the Application Services, Mare.io:
- shall notify Customer without undue delay if, in Mare.io's opinion, an instruction for the processing of personal data given by Customer infringes applicable Data Protection Legislation;
- shall implement and maintain appropriate technical and organisational measures designed to protect the personal data against unauthorised or unlawful processing and against accidental loss, destruction, damage, theft, alteration or disclosure. These measures shall be appropriate to the harm which might result from any unauthorised or unlawful processing, accidental loss, destruction, damage or theft of the personal data and having regard to the nature of the personal data which is to be protected;
- shall ensure that all Mare.io personnel required to access the personal data are informed of the confidential nature of the personal data and comply with the obligations sets out in this Clause;
- at the Customer’s request and cost (and insofar as is possible), shall assist the Customer by implementing appropriate and reasonable technical and organisational measures to assist with the Customer’s obligation to respond to requests from data subjects under Data Protection Legislation (including requests for information relating to the processing, and requests relating to access, rectification, erasure or portability of the personal data) provided that Mare.io reserves the right to reimbursement from Customer for the reasonable cost of any time, expenditures or fees incurred in connection with such assistance;
- when the General Data Protection Regulation (Regulation (EU) 2016/279) comes into effect, shall take reasonable steps at the Customer’s request and cost to assist Customer in meeting Customer’s obligations under Article 32 to 36 of that regulation taking into account the nature of the processing under this DPA, provided that Mare.io reserves the right to reimbursement from Customer for the reasonable cost of any time, expenditures or fees incurred in connection with such assistance;
- at the end of the applicable term of the Application Services, upon Customer’s request, shall securely destroy or return such personal data to Customer;
- If Mare.io becomes aware of any accidental, unauthorised or unlawful destruction, loss, alteration, or disclosure of, or access to the personal data that is processed by Mare.io in the course of providing the Application Services (an “Incident”) under the Agreement it shall without undue delay notify Customer and provide Customer (as soon as possible) with a description of the Incident as well as periodic updates to information about the Incident, including its impact on Customer Content. Mare.io shall additionally take action to investigate the Incident and reasonably prevent or mitigate the effects of the Incident;
- Mare.io shall provide information requested by Customer to demonstrate compliance with the obligations set out in this DPA.
Types of personal data that is processed by Mare.io
- Browser Version
- IP Address
- Current URL
- Referral URL
- Screen Dimensions
- Survey Repsonses
- Any additional details passed via custom variables
You may opt-out from having Mare collect your information when visiting a Mare website at any time by using a ‘Do Not Track’ header, refusing to agree to the opt-in box that appears on your first visit, or visiting our opt-out page.
You may deactivate your Mare account and / or unsubscribe from receiving content or offers from us at any time, by emailing us at info[at]mare.io
Changes to this Policy