L O A D I N G
Get Started Now LOGIN
Get Started Now LOGIN

DPA and GDPR Statement

Data Processing Addendum and GDPR

This Data Processing Addendum ("DPA") constitutes an integral component of the Agreement between flakemails.com ("flakemails.com") and the "Customer," becoming effective upon execution by both parties on the date referred to as the "Effective Date." Capitalized terms not explicitly defined herein shall hold the meanings ascribed to them in the Agreement.

1. Definitions

1.1. Affiliate: An entity directly or indirectly Controlled by, Controlling, or under common Control with another entity.

1.2. Agreement: Refers to flakemails.com's Terms of Use, governing the provision of Services to The Customer, subject to updates by flakemails.com.

1.3. Control: Ownership, voting, or similar interests representing fifty percent (50%) or more of the total interests outstanding in the relevant entity. "Controlled" is interpreted accordingly.

1.4. Customer Data: Personal Data processed by flakemails.com as a Data Processor on behalf of The Customer during the provision of Services, as outlined in this DPA.

1.5. Data Protection Laws: All data protection and privacy laws applicable to the processing of Personal Data under the Agreement, including EU Data Protection Law where applicable.

1.6. Data Controller: An entity determining the purposes and means of Personal Data processing.

1.7. Data Processor: An entity processing Personal Data on behalf of a Data Controller.

1.8. EU Data Protection Law: Directive 95/46/EC before 25 May 2018, and from 25 May 2018 onwards, GDPR, along with Directive 2002/58/EC and applicable national implementations.

1.9. EEA: European Economic Area, United Kingdom, and Switzerland for the purposes of this DPA.

1.10. Group: All Affiliates forming part of an entity's corporate group.

1.11. Personal Data: Any information related to an identified or identifiable natural person.

1.12. Privacy Shield: EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield Framework self-certification program approved by the U.S. Department of Commerce and the European Commission.

1.13. Privacy Shield Principles: Privacy Shield Principles contained in Annex II to the European Commission Decision C(2016)4176 of 12 July 2016.

1.14. Processing: As defined in the GDPR, with "process," "processes," and "processed" interpreted accordingly.

1.15. Security Incident: Any unauthorized or unlawful security breach leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to Customer Data.

1.16. Services: Any product or service provided by flakemails.com to The Customer as per the Agreement.

1.17. Sub-processor: Any Data Processor engaged by flakemails.com or its Affiliates to assist in fulfilling obligations related to providing Services, including third parties or members of the flakemails.com Group.

2. Relationship with the Agreement

2.1. Both parties mutually affirm that this Data Processing Addendum (DPA) supersedes any previously entered DPA concerning the Services.

2.2. The Agreement remains fully intact and effective, with this DPA introducing amendments. In case of any conflict between this DPA and the Agreement, this DPA shall prevail to the extent of the conflict.

2.3. Claims arising under or in connection with this DPA shall adhere to the terms and conditions, encompassing exclusions and limitations outlined in the Agreement.

2.4. Claims against flakemails.com or its Affiliates pursuant to this DPA shall be directed solely at the entity party to the Agreement. No party shall limit its liability concerning an individual's data protection rights under this DPA. The Customer acknowledges that any regulatory penalties incurred by flakemails.com related to Customer Data due to Customer's non-compliance with obligations under this DPA or applicable Data Protection Laws will offset flakemails.com's liability under the Agreement as if it were a liability to The Customer under the Agreement.

2.5. Only a party to this DPA, its successors, and permitted assignees possess the right to enforce its terms.

2.6. The governance and interpretation of this DPA shall align with the governing law and jurisdiction provisions in the Agreement unless otherwise mandated by applicable Data Protection Laws.

3. Scope and Applicability of this DPA

3.1. This Data Processing Addendum (DPA) exclusively applies to the processing of Customer Data by flakemails.com, originating from the European Economic Area (EEA) and/or subject to EU Data Protection Law. Such processing is an integral part of flakemails.com's role as a Data Processor, delivering Services in accordance with the Agreement.

3.2. Part A (comprising Sections 4 to 8 inclusive, along with Annexes A and B) pertains to the processing of Customer Data covered by this DPA from the Effective Date.

3.3. Part B (comprising Sections 9 to 12 inclusive) is applicable to the processing of Customer Data within the scope of this DPA from and after May 25, 2018. Importantly, Part B is supplementary to, and not a substitute for, the terms outlined in Part A.

Part A: General Data Protection Obligations

4. Roles and Scope of Processing

4.1. Role of the Parties: In the context of data processing, The Customer assumes the role of Data Controller for Customer Data, while flakemails.com operates exclusively as a Data Processor, conducting data processing activities on behalf of The Customer.

4.2. Customer Processing of Customer Data: The Customer acknowledges and agrees to fulfill its obligations as a Data Controller under Data Protection Laws regarding the processing of Customer Data. Furthermore, The Customer commits to providing necessary notices, obtaining consents, and securing rights mandated by Data Protection Laws to enable flakemails.com to process Customer Data and deliver Services in accordance with the Agreement and this DPA.

4.3. flakemails.com Processing of Customer Data: flakemails.com undertakes to process Customer Data solely for the purposes outlined in this DPA and strictly in accordance with the documented lawful instructions issued by The Customer. This DPA, in conjunction with the Agreement, represents the comprehensive and definitive instructions provided by The Customer to flakemails.com regarding the processing of Customer Data. Any processing beyond these instructions necessitates a prior written agreement between The Customer and flakemails.com.

4.4. Details of Data Processing:
(a) Subject matter: The data processing under this DPA pertains to Customer Data.
(b) Duration: The data processing continues until the termination of the Agreement, as per its stipulated terms.
(c) Purpose: The objective of data processing is to provide Services to The Customer and fulfill flakemails.com's obligations under the Agreement, including this DPA, or as mutually agreed upon by the parties.
(d) Nature of the processing: flakemails.com offers email services, automation, marketing platforms, and related services as specified in the Agreement.
(e) Categories of data subjects: Data subjects include individuals accessing and/or using the Services through The Customer's account ("Users") and any individuals falling under the categories of: (i) having email addresses in The Customer's Distribution List; (ii) whose information is stored on or collected via the Services; or (iii) with whom Users engage or communicate via the Services ("Subscribers").
(f) Types of Customer Data:
(i) Customer and Users: This category encompasses identification and contact data (such as name, address, title, contact details, and username), financial information (including credit card details, account information, and payment details), and employment details (employer, job title, geographic location, and area of responsibility).
(ii) Subscribers: For Subscribers, the data includes identification and contact details (name, date of birth, gender, occupation, or other demographic information, address, title, and contact details, including email address), personal interests or preferences (such as purchase history, marketing preferences, and publicly available social media profile information), and IT information (IP addresses, usage data, cookies data, online navigation data, location data, and browser data). Additionally, financial information (credit card details, account information, and payment details) is part of this category.

4.5. Data Use for Business Purposes: Notwithstanding provisions in the Agreement, including this DPA, The Customer acknowledges that flakemails.com retains the right to use and disclose data related to the operation, support, and use of the Services for legitimate business purposes. This includes activities such as billing, account management, technical support, product development, sales, and marketing. If such data is classified as Personal Data under Data Protection Laws, flakemails.com acts as the Data Controller and processes it in compliance with the FlakeMails Privacy Policy and Data Protection Laws.

4.6. Tracking Technologies: In the course of service performance, flakemails.com utilizes Tracking Technologies such as cookies, unique identifiers, web beacons, and similar mechanisms. The Customer is responsible for maintaining appropriate notice, consent, opt-in, and opt-out mechanisms, as required by Data Protection Laws. This ensures that flakemails.com can lawfully deploy Tracking Technologies on Subscribers' devices, as outlined and described in the FlakeMails Privacy Policy.

5. Subprocessing:

5.1. Authorized Sub-processors: The Customer acknowledges and accepts that flakemails.com may engage Sub-processors in processing Customer Data on behalf of The Customer. The current roster of Sub-processors engaged by flakemails.com and endorsed by The Customer is meticulously detailed in Annex A.

5.2. Sub-processor Obligations: flakemails.com commits to (i) entering into a written agreement with each Sub-processor, establishing data protection terms to ensure the protection of Customer Data in compliance with Data Protection Laws, and (ii) retaining responsibility for its adherence to the obligations outlined in this DPA. flakemails.com remains liable for any actions or oversights of the Sub-processor that lead to a breach of its obligations under this DPA.

6. Security:

6.1. Security Measures: flakemails.com shall implement and maintain appropriate technical and organizational security measures outlined in Annex B ("Security Measures") to safeguard Customer Data against Security Incidents. These measures aim to uphold the security and confidentiality of Customer Data in alignment with flakemails.com's security standards.

6.2. Updates to Security Measures: The Customer is obliged to review the data security information provided by flakemails.com, assessing whether the Services align with its requirements and legal obligations under Data Protection Laws. Acknowledging that Security Measures may evolve with technical progress, flakemails.com reserves the right to update or modify these measures, ensuring they enhance rather than compromise the overall security of the Services purchased by The Customer.

6.3. Customer Responsibilities: Notwithstanding the above, The Customer is accountable for securely using the Services. This includes safeguarding account authentication credentials, ensuring the security of Customer Data during transit to and from the Services, and taking necessary steps to encrypt or back up any Customer Data uploaded to the Services.

7. Security Reports and Audits:

7.1. Security Audits: flakemails.com undergoes regular audits against SSAE 16 and PCI standards conducted by independent third-party auditors and internal auditors. Upon request, flakemails.com will provide a confidential summary copy of its audit report(s) to The Customer, enabling verification of compliance with audit standards and this DPA.

7.2. Customer Information Requests: flakemails.com commits to supplying written responses (confidentially) to reasonable information requests from The Customer, including responses to security and audit questionnaires. However, The Customer is restricted from exercising this right more than once per year.

8. International Transfers:

8.1. Datacenter locations: flakemails.com reserves the right to transfer and process Customer Data globally, wherever flakemails.com, its Affiliates, or its Sub-processors conduct data processing operations. flakemails.com is committed to maintaining an adequate level of protection for the processed Customer Data at all times, aligning with the requirements of Data Protection Laws.

8.2. Privacy Shield: If flakemails.com processes Customer Data protected by EU Data Protection Law in a country lacking European Commission or Swiss Federal Data Protection Authority's designation for an adequate level of protection, flakemails.com, having self-certified compliance with Privacy Shield, is deemed to provide sufficient protection. flakemails.com undertakes to safeguard such Personal Data in accordance with Privacy Shield Principles and promptly informs The Customer of any inability to comply.

8.3. Alternative Transfer Mechanism: The parties acknowledge that the data export solution outlined in Section 8.2 won't apply if flakemails.com adopts an Alternative Transfer Mechanism for lawful Personal Data transfer outside the EEA under EU Data Protection Laws. In such instances, the Alternative Transfer Mechanism will take precedence, limited to territories where it applies.

Part B: GDPR Obligations from 25 May 2018

9. Additional Security:

9.1. Confidentiality of processing: flakemails.com ensures that any authorized personnel processing Customer Data, including staff, agents, and subcontractors, are bound by an appropriate obligation of confidentiality, be it contractual or statutory.

9.2. Security Incident Response: In the event of a Security Incident, flakemails.com promptly notifies Customer, providing timely and requested information pertaining to the incident.

10. Changes to Sub-processors:

10.1. Notification and Objection: flakemails.com commits to furnishing an up-to-date Sub-processor list upon written request from Customer. Any addition or removal of Sub-processors will be communicated to Customer at least 10 days prior. Customer may object in writing within five (5) calendar days based on reasonable data protection grounds. In case of objection, the parties engage in good faith discussions for resolution. If unsuccessful, Customer may suspend or terminate the Agreement, excluding fees incurred before suspension or termination.

11. Return or Deletion of Data:

11.1. Termination or Expiration: Upon Agreement termination or expiration, flakemails.com, at Customer's discretion, shall either delete or return all Customer Data (including copies) in its possession or control. This obligation excludes Customer Data retention mandated by applicable law or archived on backup systems, which flakemails.com will securely isolate and protect from further processing, except as required by law.