🔥We can't wait for you to become our next BizKit BadA$$ 🔥

  • What is Thebizkit™
  • Membership Options
  • Testimonials
  • Affiliate Program
  • Stay Informed
  • About Us
  • More
    • What is Thebizkit™
    • Membership Options
    • Testimonials
    • Affiliate Program
    • Stay Informed
    • About Us
  • What is Thebizkit™
  • Membership Options
  • Testimonials
  • Affiliate Program
  • Stay Informed
  • About Us

Data Processing Agreement


Agreement

This Data Processing Agreement (“DPA”), is incorporated into the Terms of Service or other agreement (the “Agreement”) between) 13866777 Canada Inc.  (“TheBizKit™”), and any user or subscriber of TheBizKit (“Subscriber,”) and, together with TheBizKit, collectively referred to as the “Parties”), sets forth the terms and conditions relating to the privacy, confidentiality, and security of Personal Data (as defined below) processed by TheBizKit™ on behalf of Subscriber in connection with providing the Services (as defined in the Agreement) pursuant to the Agreement.


1.0 Definitions

 

1.1. For this DPA:

  • 1.1.1. “CCPA” means the California Consumer Privacy Act, including as modified by the California Privacy Rights Act (“CPRA”) once the CPRA takes effect, together with any implementing regulations;
  • 1.1.2. “Controller” means the entity which determines the purposes and means of the Processing of Personal Data;
  • 1.1.3. “Data Protection Laws” means all laws relating to data protection and privacy applicable to TheBizKit™ Processing of User Personal Data, including without limitation, the CCPA, the GDPR and member state laws implementing the GDPR, the United Kingdom’s Data Protection Act 2018, and applicable privacy and data protection laws of any other jurisdiction, each as amended, repealed, consolidated or replaced from time to time;
  • 1.1.4. “Data Subjects” means the individuals identified in Schedule 1; 
  • 1.1.5. “EU SCCs” means the Standard Contractual Clauses approved with Commission Implementing Decision (EU) 2021/914 of June 4, 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council, as amended, supplemented, updated or replaced from time to time;
  • 1.1.6. “GDPR” means the General Data Protection Regulation (EU) 2016/679 together with any national implementing laws in any member state of the EEA (“EU GDPR”) and the EU GDPR as incorporated into the laws of the United Kingdom (“UK GDPR”)
  • 1.1.7. “Personal Data” and “Processing” will each have the meaning given to them in the Data Protection Laws. The term “Personal Data” includes “personal information,” “personally identifiable information,” and equivalent terms as such terms may be defined by the Data Protection Laws.
  • 1.1.8. “Personal Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to User Personal Data where Data Protection Laws require notification of governmental authorities or affected Data Subjects
  • 1.1.9. “Processor” means the entity which Processes Personal Data on behalf of the Controller;
  • 1.1.10. “Sell” has the meaning given in the Data Protection Laws;
  • 1.1.11. “UK Addendum” means the International Data Transfer Addendum to the EU SCCs, issued by the UK Information Commissioner for parties making restricted transfers, which entered into force on 21 March 2022 (collectively, with the EU SCCs, “the SCCs”); and\
  • 1.1.12. “User Personal Data” means the Personal Data described under Schedule 1 to this DPA

1.2. Capitalized terms not otherwise defined herein shall have the meaning given to them in the Agreement.

 

2. Processing of User Personal Data

  • 2.1. User is a Controller of User Personal Data and TheBizKit™ is a Processor of User Personal Data. The Parties acknowledge that User accesses the Services in connection with selling goods for a multi-level marketing company (the “Brand”). The parties acknowledge that, depending on the circumstances, User and Brand may be joint controllers and/or independent controllers of User Personal Data, as provided in the agreements between or as otherwise determined by User and Brand.
  • 2.2. TheBizKit™ will only Process User Personal Data as a Processor on behalf of and in accordance with User’s prior written instructions, including any instructions provided through User’s use of the Service. User hereby instructs TheBizKit™ to Process User Personal Data to the extent necessary to provide the Service as set forth in the Agreement and this DPA. TheBizKit™ shall not (1) retain, use, or disclose User Personal Data other than: as provided for in the Agreement, as needed to provide the Service, or as otherwise permitted by Data Protection Laws; (2) retain, use, or disclose User Personal Data outside of the direct business relationship between User and TheBizKit™ , including by combining User Personal Data with Personal Data TheBizKit™ receives from third parties (which, for the avoidance of doubt, does not include Brand) except as permitted by the CCPA; or (3) Sell or Share (as the term “Share” is defined in the CCPA) User Personal Data. TheBizKit™ shall notify User if it determines that it cannot meet its obligations under the Data Protection Laws. Upon receiving written notice from User that TheBizKit™ has Processed User Personal Data without authorization, TheBizKit™ will stop or remediate such Processing; or allow User to take reasonable and appropriate steps to remediate such Processing. 
  • 2.3. TheBizKit™ will immediately inform User if, in its opinion, an instruction from User infringes the Data Protection Laws. 
  • 2.4. The details of TheBizKit™ Processing of User Personal Data are described in Schedule 1. 
  • 2.5. If applicable laws preclude TheBizKit™ from complying with User’s instructions, TheBizKit™ will inform User of its inability to comply with the instructions, to the extent permitted by law. 
  • 2.6. Each of User and TheBizKit™ will comply with their respective obligations under the Data Protection Laws.


3. Cross-Border Transfers of Personal Data

  • 3.1. With respect to User Personal Data originating from the European Economic Area (“EEA”), the United Kingdom (the “UK”) or Switzerland that is transferred from User to TheBizKit™, the parties agree to comply with the general clauses and with “Module Two” (Controller to Processor) of the EU SCCs, which are incorporated herein by reference, with User as the “data exporter” and TheBizKit™ as the “data importer.” 
  • 3.2. For purposes of the EU SCCs the parties agree that:
    • 3.2.1. In Clause 7, the optional docking clause will not apply;
    • 3.2.2. In Clause 9, Option 2 will apply and the time period for prior notice of Sub-Processor changes will be as set forth in Section 5.1 of this DPA;
    • 3.2.3. In Clause 11, the optional language will not apply;
    • 3.2.4. For the purposes of Clause 15(1)(a), TheBizKit™ shall notify User and/or Brand and not the Data Subject(s) in case of government access requests and User and/or Brand shall be solely responsible for promptly notifying the affected Data Subjects as necessary;
    • 3.2.5. In Clause 17, Option 1 applies and the EU SCCs shall be governed by the laws of Ireland;
    • 3.2.6. In Clause 18(b), the parties agree to submit to the jurisdiction of the courts of Ireland;
    • 3.2.7. In Annex I, Section A (List of Parties), (i) the User is the data exporter and TheBizKit™ is the data importer and their identity and contact details and, where applicable, information about their respective data protection officer and/or representative in the EEA are those set forth in the Agreement or as otherwise communicated by each party to the other party; (ii) User is a Controller, and TheBizKit™ is a Processor; (iii) the activities relevant to the data transferred under the EU SCCs relate to the provision of the Services pursuant to the Agreement; and (iv) entering into this DPA shall be treated as each party’s signature of Annex I, Section A, as of the effective date of this DPA;
    • 3.2.8. In Annex I, Section B (Description of Transfer): (i) Schedule 1 to this DPA describes TheBizKit™ Processing of User Personal Data; (ii) the frequency of the transfer is continuous (for as long as User uses the Services); (iii) User Personal Data will be retained in accordance with Clause 8.5 of the EU SCCs and this DPA; (iv) TheBizKit™ uses the Sub-Processors identified at https://thebizkit.com/sub-processors/ to support the provision of the Services. 
    • 3.2.9. In Annex I, Section C (Competent Supervisory Authority), the competent supervisory authority identified in accordance with Clause 13 of the EU SCCs is the competent supervisory authority communicated by User to TheBizKit™ . 
    • 3.2.10. In Annex II, data importer has implemented and will maintain appropriate technical and organizational measures to protect the security, confidentiality and integrity of User Personal Data as described at https://thebizkit.com/security.
  • 3.3. If the transfer of User Personal Data is subject to the Swiss Federal Act on Data Protection (“FADP”), the parties agree to rely on the EU SCCs with the following modifications: (i) the Federal Data Protection and Information Commissioner (FDPIC) will be the competent supervisory authority under Clause 13 of the EU SCCs; (ii) the parties agree to abide by the GDPR standard in relation to all Processing of User Personal Data that is governed by the FADP; (iii) the term “Member State” in the EU SCCs will not prevent Data Subjects who habitually reside in Switzerland from initiating legal proceedings in Switzerland in accordance with Clause 18(c) of the EU SCCs; and (iv) references to the ‘GDPR’ in the EU SCCs will be understood as references to the FADP.
  • 3.4. With respect to transfers from User to TheBizKit™ of User Personal Data originating from the United Kingdom, the parties agree that the UK Addendum will complement the EU SCCs to the extent required under Data Protection Law. The UK Addendum is incorporated herein by reference. The parties agree that the UK Addendum is completed as follows: 
    • 3.4.1.For the purpose of Part 1 of the UK Addendum:
      • 3.4.1.1 Table 1: the start date is the effective date of the Agreement, the exporter is the User and the importer is TheBizKit™, the table is deemed to be completed with the information set out in Section 3.2 of this DPA, and by signing this DPA, parties are deemed to have signed the UK Addendum. 
      • 3.4.1.2. Table 2: the “Approved EU SCCs” which the UK Addendum is appended to are the EU SCCs incorporated into this DPA and completed as set out in Section 3.2 of this DPA. 
      • 3.4.1.3. Table 3: the information requested in Annex 1 is provided in Section 3.2.8 and 3.2.9 of this DPA; the security measures requested in Annex 2 is provided at https://thebizkit.com/security; the list of Sub processors is available at https://thebizkit.com/sub-processor. 
      • 3.4.1.4. Table 4: the importer may end the UK Addendum as set out in section 19 of the UK Addendum.


4. Confidentiality and Security

  • 4.1. TheBizKit™  will require TheBizKit™ personnel who access User Personal Data to commit to protect the confidentiality of User Personal Data.
  • 4.2. TheBizKit™ will implement commercially reasonable technical and organizational measures, as further described at the Security Page, that are designed to protect against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to User Personal Data. 
  • 4.3. To the extent required by Data Protection Laws, TheBizKit™ will provide User with reasonable assistance as necessary for the fulfilment of User’s obligations under Data Protection Laws to maintain the security of User Personal Data.


5. Sub-Processing

  • 5.1. User agrees that TheBizKit™ may engage Sub-Processors to Process User Personal Data on User’s behalf. TheBizKit™  current list of Sub-Processors is available at the Sub-Processor List. User may sign up to receive notice of any intended changes concerning the addition or replacement of Sub-Processors on the Sub-Processor List by completing the form at https://thebizkit.com/subprocessor  User acknowledges that TheBizKit™  satisfies its obligation to inform User of changes to the Sub-Processor List by updating the Sub-Processor List and sending a notice to all email addresses added to the Notice Form (the “Notice”). TheBizKit™ will send the Notice at least 10 days prior to permitting the Sub-Processor to access User Personal Data. Through Brand, User may submit objections to changes to the Sub-Processor List, provided such objections have reasonable grounds and are sent to TheBizKit™ by Brand within five days of receiving the Notice. If TheBizKit™ and Brand are unable to resolve such objection, TheBizKit™ or User may terminate the Agreement by providing written notice to the other party. Any termination pursuant to this Section 5.1 will not affect User’s obligation to pay fees incurred prior to the termination.
  • 5.2. TheBizKit™ will impose on its Sub-Processors substantially the same data protection obligations that apply to TheBizKit™ under this DPA. TheBizKit™ will be liable to User for its Sub-Processors’ acts or omissions as it would be for its own.
  • 5.3. The parties agree that the copies of the Sub-Processor agreements that must be provided by TheBizKit™  to User pursuant to the SCCs, if applicable, may have commercial information or clauses unrelated to the SCCs removed by TheBizKit™ beforehand; and, that such copies will be provided by TheBizKit™ , in a manner to be determined in its discretion, only upon User’s written request.


6. Data Subject Rights
User is responsible for responding to any Data Subject requests relating to User Personal Data (“Requests”). If TheBizKit™ receives any Requests during the term, TheBizKit™ will advise the Data Subject to submit the request directly to User, Brand, or the appropriate Controller. TheBizKit™ will provide User with self-service functionality or other reasonable assistance to permit User to respond to Requests.


7. Personal Data Breaches
Upon becoming aware of a Personal Data Breach affecting User Personal Data, TheBizKit™ will (i) promptly take measures designed to remediate the Personal Data Breach and (ii) notify User and/or Brand without undue delay. User is solely responsible for complying with Personal Data Breach notification requirements applicable to User. Through Brand, User may request that TheBizKit™ reasonably assist User’s efforts to notify Personal Data Breaches to the competent data protection authorities and/or affected Data Subjects, if User is required to do so under the Data Protection Laws. TheBizKit™ notice of or response to a Personal Data Breach under this Section 7 will not be an acknowledgement or admission by TheBizKit™ of any fault or liability with respect to the Personal Data Breach.


8. Data Protection Impact Assessment; Prior Consultation
Through Brand, User may request reasonable assistance from TheBizKit™ in connection with conducting data protection impact assessments and consultation with data protection authorities if User is required to engage in such activities under applicable Data Protection Laws, TheBizKit™ assistance is necessary, and the data protection impact assessment or consultation relate to the Processing by TheBizKit™ of User Personal Data.


9. Deletion of User Personal Data
User instructs TheBizKit™ to delete User Personal Data within 90 days of the termination of the Agreement and delete existing copies unless applicable law requires otherwise. The parties agree that the certification of deletion described the SCCs, if applicable, shall be provided only upon User’s written request. Notwithstanding the foregoing, TheBizKit™ may retain User Personal Data to the extent and for the period required by applicable laws provided that TheBizKit™ maintains the confidentiality of all such User Personal Data and Processes such User Personal Data only as necessary for the purpose(s) specified in the applicable laws requiring its storage.


10. Audits
Through Brand, User may audit TheBizKit™ compliance with its obligations under this DPA up to once per year. TheBizKit™ will contribute to such audits by providing Brand with the information and assistance reasonably necessary to conduct the audit as described in TheBizKit™ agreements with Brand.


11. Analytics Data
User acknowledges and agrees that TheBizKit™  may create and derive from Processing related to the Service anonymized and/or aggregated data that does not identify or relate to User or any Data Subject (“Analytics Data”), and use such Analytics Data to improve the Service.


12. Liability

  • 12.1. Each party’s liability towards the other party under or in connection with this DPA will be limited in accordance with the provisions of the Agreement.
  • 12.2. User acknowledges that TheBizKit™ is reliant on User for direction as to the extent to which TheBizKit™ is entitled to Process User Personal Data on behalf of User in performance of the Service. Consequently, TheBizKit™ will not be liable under the Agreement for any claim brought by a Data Subject arising from (a) any action or omission by TheBizKit™ in compliance with User’s instructions or (b) from User’s failure to comply with its obligations under the Data Protection Laws.


13. General Provisions

With regard to the subject matter of this DPA, in the event of inconsistencies between the provisions of this DPA and the Agreement, the provisions of this DPA shall prevail. In the event of inconsistencies between the DPA and the SCCs, the SCCs will prevail.

© 2024 TheBizKit™    

  • What is Thebizkit™
  • Membership Options
  • Testimonials
  • Affiliate Program
  • Stay Informed
  • About Us
  • TermsofService

-

We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.

DeclineAccept

A gift for you!

Great leaders look for ways to continuously improve and serve their team in stronger ways. Take this leadership check-up and business audit to see where you are! 

Download the Freebie here!