Data Processing Addendum | Hubilo

Data Processing Addendum

This​​ Data​​ Processing​​ Addendum​​ (hereinafter​​ the​​ “DPA”​​ or​​ “Addendum”)​​ is​​ an​​ agreement between the organizer of an event on Hubilo Platform​​ (“Customer”)​​ and​​ Hubilo​​ Technologies​​ Inc.​​ and its affiliates​​ (“Hubilo”),​​ enabling​​ Hubilo​​ to​​ assist​​ the​​ Customer​​ in​​ Processing​​ of​​ Customer​​ Personal​​ Data​​ in​​ accordance​​ with​​ the​​ requirements​​ of​​ EU​​ Data Protection Laws more particularly Article 28(3) of GDPR, and the Addendum​​ is​​ incorporated​​ by​​ reference​​ into​​ the​​ Master​​ Subscription​​ Agreement​​ between​​ the​​ Parties​​ (the​​ “Agreement”).​​ This​​ DPA​​ shall​​ come​​ into​​ effect​​ on​​ the​​ same​​ date​​ as the Agreement​​ (“Effective Date”). This Addendum shall form an integral part​​ of​​ the​​ Privacy​​ Policy.

 

The​​ Customer​​ and​​ Hubilo​​ shall​​ be​​ each​​ referred​​ to​​ as​​ Party”​​ or​​ collectively​​ as

“Parties”.

 

In providing the Customer and facilitating the End User/s access to/ use of the​​ Platform​​ in​​ pursuance​​ to​​ the​​ Agreement,​​ Hubilo​​ may​​ Process​​ Customer​​ Personal​​ Data on behalf of Customer in accordance with Customer’s​​ instructions​​ hereunder.

 

Capitalized terms used in this DPA that are not defined herein shall have the​​ meanings​​ and​​ references​​ provided​​ to​​ them​​ in​​ the​​ Agreement.​​ For​​ the​​ purposes​​ of​​ this​​ Addendum,​​ the​​ following​​ terms​​ shall​​ have​​ the​​ following​​ meanings:

 

  • Definitions

    • "Affiliate"​​ means​​ any​​ legal​​ entity​​ directly​​ or​​ indirectly​​ controlling,​​ controlled​​ by​​ or​​ under common control with a party to the Agreement, where “control” means the​​ ownership of a majority share of the stock, equity, or voting​​ interests of such​​ entity.

    • “Customer''​​ means the Organizer that has entered into the Agreement with​​ Hubilo​​ to​​ use/access​​ the​​ Hubilo​​ Platform​​ to​​ host​​ virtual​​ events,​​ which​​ term​​ shall​​ include its employees, independent contractors, consultants,​​ Affiliates,​​ successors​​ and​​ assigns​​ using/​​ accessing​​ the​​ Platform/​​ Services.

    • “Controller”​​ or​​ “Data​​ Controller”​​ means​​ the​​ Customer​​ who,​​ alone​​ or​​ jointly​​ with​​ others, collects Personal Data and determines the purposes and means of its​​ Processing.

    • “Customer​​ Personal​​ Data”:​​ refers​​ to​​ the​​ Personal​​ Data​​ of​​ the​​ Customer​​ as​​ well​​ as​​ the​​ End​​ Users/​​ Attendees​​ of​​ the​​ Customer​​ which​​ is​​ processed​​ by​​ Hubilo​​ under​​ this​​ DPA.

    • “Data​​ Subject”​​ refers​​ to​​ the​​ person/​​ individual​​ whose​​ Personal​​ Data​​ is​​ being​​ accessed​​ with​​ his/​​ her​​ consent.

    • “End​​ Users”​​ or​​ “Attendees”​​ means​​ the​​ customers​​ of​​ the​​ Customer​​ who​​ shall,​​ from​​ time​​ to​​ time,​​ be​​ attending​​ the​​ events​​ organised​​ by​​ the​​ Customer​​ on​​ the​​ Platform.

    • “EU Data Protection Laws”​​ means all data protection laws and​​ regulations​​ applicable,​​ including​​ (i)​​ Regulation​​ 2016/679​​ of​​ the​​ European​​ Parliament​​ and​​ of​​ the Council on the protection of natural persons with regard to the processing of​​ personal data and on the free movement of such data (General Data Protection​​ Regulation) ("GDPR"); (ii) Directive 2002/58/EC concerning the processing of​​ personal data and the protection of privacy in the electronic communications​​ sector;​​ (iii)​​ applicable​​ national​​ implementations​​ of​​ (i)​​ and​​ (ii);​​ and​​ (iii)​​ in​​ respect​​ of​​ the United​​ Kingdom ("UK") any applicable national legislation that replaces or​​ converts in domestic law the GDPR or any other law relating to data and privacy​​ as​​ a​​ consequence​​ of​​ the​​ UK​​ leaving​​ the​​ European​​ Union.

    • “Personal Data”​​ means any information related to the​​ data subject i.e. to an​​ identified​​ or​​ identifiable​​ natural​​ person;​​ an​​ identifiable​​ natural​​ person​​ is​​ one​​ who​​ can be identified, directly or indirectly, in particular by reference to an identifier​​ such​​ as​​ a​​ name,​​ an​​ identification​​ number,​​ location​​ data,​​ an​​ online​​ identifier​​ or​​ to​​ one or more factors specific to the physical, physiological, genetic, mental,​​ economic,​​ cultural​​ or​​ social​​ identity​​ of​​ that​​ natural​​ person.

    • “Process”​​ or​​ “Processing”​​ means​​ any​​ operation​​ or​​ set​​ of​​ operations​​ which​​ is​​ performed upon Personal Data, whether or not by automatic means, such as​​ collection,​​ organization,​​ storage,​​ adaptation​​ or​​ alteration,​​ retrieval,​​ consultation,​​ use,​​ disclosure​​ by​​ transmission,​​ dissemination,​​ or​​ otherwise​​ making​​ available,​​ alignment​​ or​​ combination,​​ restrictions,​​ erasure​​ or​​ destruction.

    • ‘Personal​​ Data​​ Breach’​​ means​​ a​​ breach​​ of​​ security​​ leading​​ to​​ the​​ accidental​​ or​​ unlawful​​ destruction,​​ loss,​​ alteration,​​ unauthorized​​ disclosure​​ of,​​ or​​ access​​ to,​​ personal​​ data​​ transmitted,​​ stored​​ or​​ otherwise​​ processed;

    • "Personnel"​​ means​​ the​​ employees,​​ agents,​​ consultants,​​ and​​ contractors​​ of​​ Customer/​​ Customer's​​ Affiliates​​ or​​ Hubilo/​​ Hubilo​​ Affiliate,​​ as​​ the​​ case​​ may​​ be.

    • "Privacy​​ Laws​​ and​​ Regulations"​​ means​​ all​​ US​​ federal​​ and​​ state​​ privacy​​ laws​​ and​​ regulations​​ and​​ the​​ provisions​​ under​​ Regulation​​ (EU)​​ 2016/679​​ (GDPR),​​ applicable​​ to​​ the​​ Processing​​ of​​ Personal​​ Data​​ under​​ the​​ Agreement.

    • “Processor” or “Data Processor”​​ means a natural or legal person, public​​ authority, agency or other body which processes​​ Personal Data on behalf of the​​ Controller​​ and​​ as​​ instructed​​ by​​ the​​ Controllers,​​ usually​​ for​​ specific​​ purposes​​ and​​ services​​ accessible​​ to​​ the​​ Controller.

    • “Sub-processor”​​ means​​ any​​ entity/​​ person​​ appointed​​ by​​ or​​ on​​ behalf​​ of​​ Processor to Process​​ Personal Data on behalf of the Customer in connection with​​ the​​ Agreement.

  • Data​​ Processing

    • Roles​​ of​​ the​​ Parties

This DPA is applicable when Customer Personal Data is being processed by​​ Hubilo​​ as​​ part​​ of​​ providing​​ access​​ and​​ use​​ of​​ the​​ Platform​​ to​​ the​​ Customer​​ and​​ their End User/s, as further specified in the Agreement. In this context, to the​​ extent​​ that provision under GDPR applies to the Personal Data that Hubilo​​ processes,​​ Customer​​ is​​ the​​ Data​​ Controller​​ and​​ Hubilo​​ is​​ the​​ Data​​ Processor.

    • Nature​​ and​​ Purpose​​ of​​ Processing

  • Hubilo​​ will​​ only​​ Process​​ the​​ Customer​​ Personal​​ Data​​ on​​ behalf​​ of​​ and​​ in​​ accordance​​ with​​ the​​ Customer’s​​ consent​​ and​​ written​​ instructions

  • The Customer shall be responsible for obtaining adequate consents and​​ approvals​​ from​​ the​​ End-Users​​ whose​​ Personal​​ Data​​ shall​​ be​​ processed​​ by​​ Hubilo​​  ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​​​ under​​ this​​ DPA

  • Data​​ Controller​​ requires​​ Hubilo​​ to​​ Process​​ the​​ Customer​​ Personal​​ Data​​ for​​ the​​ following​​ purposes:

  • To​​ Process​​ Customer​​ Personal​​ Data​​ in​​ accordance​​ with​​ the​​ Privacy​​ Policy,​​ Agreement and Order Form, including, without limitation while providing access​​ to/​​ usage​​ of​​ the​​ Platform/​​ Services,​​ and​​ for​​ back-up​​ and​​ recovery,​​ cyber​​ security,​​ operations, control, improvements and development of the Services/ Platform,​​ fraud​​ and​​ service​​ misuse​​ prevention​​ and​​ legal​​ and​​ administrative​​ proceedings;

  • Processing​​ to​​ comply​​ with​​ other​​ reasonable​​ written​​ instructions​​ provided​​ by​​  ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​​​ Customer where such instructions are consistent with the terms of the​​ Agreement​​ and​​ comply​​ with​​ applicable​​ Privacy​​ Laws​​ and​​ Regulations.

  • Processing outside the scope of this DPA (if any) will require prior written​​ agreement between Hubilo and Customer on additional instructions for​​ Processing.​​ These​​ include​​ assisting​​ with​​ data​​ subject​​ requests​​ and​​ performing​​ data​​ protection​​ impact​​ assessments.

 

    • Duration​​ of​​ Processing

Hubilo​​ shall​​ Process​​ the​​ Personal​​ Data​​ for​​ the​​ duration​​ of​​ the​​ Agreement,​​ unless​​ otherwise​​ agreed​​ in​​ writing.

    • Categories​​ of​​ Data​​ Subjects

The Personal Data Processed by Hubilo,​​ relates to the following categories of​​ data​​ subjects:

  • The​​ Customer​​ (any​​ authorized​​ user​​ of​​ the​​ Customer​​ who​​ shall​​ operate​​ the​​ Account),​​ and

  • End-Users​​ authorized​​ by​​ Customer​​ to​​ access​​ the​​ Platform.




    • Type​​ of​​ Personal​​ Data

The Personal Data,​​ Processed by Hubilo includes the following categories of​​ Personal​​ Data:

  • Customer:​​ First​​ name,​​ last​​ name,​​ email​​ address,​​ social​​ media​​ account​​ ID,​​  ​​ ​​ ​​ ​​ ​​ ​​ ​​​​ designation,​​ organization,​​ country​​ etc.

  • End-User:​​ name,​​ last​​ name,​​ e-mail​​ id,​​ contact​​ number,​​ job​​ profile,​​ company​​ name,​​ type​​ of​​ the​​ company​​ social​​ media​​ account​​ ID,​​ Linkedin​​ or​​ Facebook​​ profile​​ details​​ etc

 

 

 

 

 


  • Notice and​​ Consent

 

    • Customer​​ agrees​​ to​​ undertake​​ the​​ responsibility​​ to​​ provide​​ all​​ necessary​​ notices​​ to​​ End-Users​​ and​​ receive​​ all​​ necessary​​ permissions​​ and​​ consents,​​ as​​ important​​ and required for Hubilo to Process the​​ Customer Personal Data under this DPA​​ and​​ pursuant​​ to​​ the​​ applicable​​ Privacy​​ Laws​​ and​​ Regulations.

 

    • To the extent required under the applicable Privacy Laws and Regulations,​​ Customer​​ will​​ appropriately​​ document​​ the​​ consents​​ and​​ approvals​​ of​​ the​​ End-​​ Users.

 

    • To accomplish Customer's notice and consent obligations under applicable​​ Privacy​​ Laws​​ and​​ Regulations,​​ Customer​​ may​​ refer​​ End​​ Users​​ to​​ Hubilo’s​​ Privacy​​ Policy​​ at​​ https://hubilo.com/privacy-policy/

  • Rights​​ of​​ Data​​ Subjects

 

    • Customer​​ has​​ the​​ right​​ to​​ request​​ Hubilo​​ to​​ Process​​ the​​ following,​​ in​​ accordance​​ with​​ Chapter​​ III​​ GDPR:

      • for access, rectification,​​ deletion, data portability, right to be forgotten,​​ automated​​ individual​​ decision-making,​​ securing​​ copies​​ of​​ Customer​​ Personal​​ Data;​​ and

      • to​​ raise​​ objection​​ to​​ and​​ or​​ withdraw​​ their​​ consent​​ to​​ Processing​​ of​​ such​​ Personal​​ data.

    • End User Requests: Hubilo​​ will, to the extent legally permitted, promptly notify​​ Customer if it receives any request from an End User, to exercise the right to​​ access,​​ correct,​​ modify,​​ delete​​ and​​ or​​ secure​​ copies​​ of​​ Personal​​ Data​​ related​​ to​​ the End User, or to exercise other​​ personal rights that the End User may be​​ entitled​​ to​​ pursuant​​ to​​ the​​ applicable​​ Privacy​​ laws​​ and​​ regulations.

 

    • Assistance: Hubilo will provide Customer with commercially reasonable​​ cooperation and assistance in relation to handling the End User’s right to​​ their​​ Personal​​ Data,​​ to​​ the​​ extent​​ legally​​ required​​ and​​ to​​ the​​ extent​​ Customer​​ is​​ unable​​ to​​ process​​ such​​ End​​ User​​ request through the features available on the​​ Platform. Except where such End User request is explicitly not mandated under​​ the​​ applicable Privacy laws and regulations, Customer is liable to reimburse​​ Hubilo​​ for​​ any​​ costs​​ and​​ expenses​​ related​​ to​​ the​​ provision​​ of​​ such​​ assistance.

 

 

 

  • Authority​​ Of​​ Customer​​ To​​ Issue​​ Instructions​​ Assistance​​ In​​ Compliance

 

Customer​​ shall​​ issue​​ instructions​​ to​​ Hubilo​​ in​​ writing/​​ via​​ e-mail.​​ Hubilo​​ will​​ duly​​ cooperate​​ with​​ and​​ make​​ commercially​​ reasonable​​ efforts​​ to​​ assist​​ Customer​​ in​​ complying with Customer's obligations pursuant to Articles 32 to 36 of GDPR,​​ taking into account the nature of​​ processing and the information available to​​ Hubilo.

  • Hubilo​​ Personnel

 

    • Limitation​​ of​​ Access

Hubilo will make sure that access to Customer Personal Data is limited to its​​ Personnel​​ on​​ a​​ need-to-know​​ basis​​ and​​ as​​ strictly​​ necessary​​ for​​ the​​ purposes​​ of​​ the​​ Agreement/​​ DPA,​​ and​​ to​​ comply​​ with​​ the​​ Applicable​​ Laws.

    • Confidentiality

Hubilo​​ shall​​ ensure​​ that​​ all​​ such​​ Personnel​​ are​​ informed​​ of​​ the​​ confidential​​ nature​​ of the Customer Personal Data and are subject to confidentiality undertakings or​​ professional​​ or​​ statutory​​ obligations​​ of​​ confidentiality.

    • Hubilo​​ shall​​ also​​ impose​​ required​​ contractual​​ obligations​​ upon​​ its​​ Personnel​​ who​​ are engaged in the Processing of Customer Personal Data regarding data​​ protection​​ and​​ data​​ security​​ obligations​​ and​​ thus​​ bind​​ the​​ Personnel​​ to​​ the​​ same​​ obligations that Hubilo has with respect to the Processing of Customer Personal​​ Data.

 

 

 

  • Third​​ Party​​ Service​​ Providers/​​ Sub​​ Processors

 

    • Customer acknowledges, agrees and authorizes, that Hubilo may engage Sub​​ Processors or third​​ party service providers for certain Processing activities as​​ required​​ from​​ time​​ to​​ time​​ on​​ Customer's​​ behalf.

 

    • All such Sub Processors (including their personnel) shall enter into written​​ agreements with Hubilo to bind them substantially with the same material​​ obligations under this DPA including the obligations with respect to​​ confidentiality,​​ data​​ protection​​ and​​ the​​ obligations​​ under​​ applicable​​ Privacy​​ Laws​​ and​​ Regulations.

    • Hubilo ensures that the Sub-processors shall provide the same level of protection​​ to the Customer Personal Data as provided by Hubilo under this DPA and shall​​ also​​ meet​​ the​​ requirements​​ of​​ Article​​ 28(3)​​ of​​ the​​ GDPR;

    • Hubilo​​ shall​​ provide​​ Customer​​ with​​ a​​ prior​​ written​​ notice​​ of​​ the​​ appointment​​ of​​ any new Sub-processor or at least​​ within 30 (thirty) days of such appointment,​​ including​​ full​​ details​​ of​​ the​​ Processing​​ to​​ be​​ undertaken​​ by​​ the​​ Sub-processor.

  • Security

 

    • Hubilo​​ will​​ maintain​​ administrative,​​ physical​​ and​​ technical​​ safeguards​​ to​​ ensure​​ a​​ level of security including the​​ pseudonymization and encryption of Customer​​ Personal Data and protection of the security, confidentiality, and integrity of​​ Customer Personal Data. Hubilo shall monitor compliance with these safeguards​​ and will not in any case, decrease the overall security during the Term of the​​ Agreement.

 

    • Hubilo shall provide for regularly testing, assessing and evaluating the​​ effectiveness​​ of​​ technical​​ and​​ organizational​​ measures​​ for​​ ensuring​​ the​​ security​​ of​​ the​​ processing.

 

    • Hubilo​​ shall,​​ while​​ assessing​​ the​​ appropriate​​ level​​ of​​ security,​​ take​​ into​​ account​​ all risks that are presented by Processing, in particular from accidental or​​ unlawful destruction, loss, alteration, unauthorized disclosure of, or access to​​ Personal​​ Data​​ processed.

    • Hubilo stands to the latest security measures for the security of Customer​​ Personal Data and shall provide to the Customer at reasonable intervals and​​ subject​​ to​​ confidentiality​​ limitations,​​ the​​ then​​ most​​ recent​​ version​​ of​​ Hubilo’s​​ information​​ security​​ policy.

 

 

 

  • Supervisory​​ Power​​ Of​​ Customer​​ And​​ Audits

 

    • Hubilo​​ shall​​ make​​ available​​ to​​ the​​ Customer​​ on​​ request​​ all​​ information​​ necessary​​ to demonstrate compliance with this DPA, and shall allow for and contribute to​​ audits which shall take place once in a year,​​ including inspections, by Customer​​ or an auditor mandated by Customer in relation to the Processing of the​​ Customer​​ Personal​​ Data​​ by​​ Hubilo.

    • Information​​ and​​ audit​​ rights​​ of​​ the​​ Customer​​ only​​ arise​​ under​​ clause​​ 9.1​​ to​​ the​​ extent​​ that​​ the​​ Agreement​​ does​​ not​​ otherwise​​ give​​ them​​ information​​ and​​ audit​​ rights meeting the relevant requirements of Data Protection Law (including,​​ where​​ applicable,​​ article​​ 28(3)(h)​​ of​​ the​​ GDPR).

    • Customer or an auditor mandated by the Customer undertaking an audit shall​​ give​​ Hubilo​​ a​​ notice​​ of​​ 30​​ (thirty)​​ days​​ prior​​ to​​ any​​ audit​​ or​​ inspection​​ which​​ is​​ to​​ be conducted and shall make (and ensure that each of its mandated auditors​​ makes)​​ reasonable​​ endeavours​​ to​​ avoid​​ causing​​ any​​ damage,​​ injury​​ or​​ disruption​​ to Hubilo’s​​ premises, software, equipment, Personnel and or business while its​​ personnel​​ are​​ on​​ those​​ premises​​ in​​ the​​ course​​ of​​ such​​ an​​ audit​​ or​​ inspection.

    • Customer shall ensure that any such auditor as engaged by the Customer shall​​ perform​​ the​​ audit​​ in​​ compliance​​ of​​ this​​ DPA,​​ relevant​​ data​​ privacy​​ and​​ protection​​ laws​​ and​​ necessary​​ confidentiality​​ obligations.

 

 

 

  • Security​​ Breach​​ Management​​ And​​ Notification

 

    • Breach prevention and management

      • Hubilo will continue to maintain security incident​​ management policies and​​ procedures​​ to​​ the​​ extent​​ required​​ by​​ law,​​ and​​ shall​​ promptly​​ notify​​ Customer​​ of​​ any​​ Personal​​ Data​​ Breach​​ (or​​ “Security​​ Incident”),​​ which​​ Hubilo​​ or​​ any​​ Sub-​​ processor​​ becomes​​ aware​​ of.

 

      • Hubilo shall provide the Customer with​​ sufficient information regarding the​​ Personal​​ Data​​ Breach​​ enabling​​ the​​ Customer​​ to​​ meet​​ any​​ obligations​​ to​​ report​​ such Security Incident to any authorities or inform the End-Users of such​​ Personal​​ Data​​ Breach.

 

    • Remediation

Hubilo​​ will​​ make​​ reasonable​​ efforts​​ to​​ identify​​ and,​​ to​​ the​​ extent​​ such​​ Personal​​ Data Breach is caused by a violation of the requirements of this DPA by Hubilo,​​ remediate the cause of such Security Incident. Hubilo will provide reasonable​​ assistance​​ to​​ Customer​​ in​​ the​​ event​​ that​​ Customer​​ is​​ required​​ under​​ Applicable​​ Data Protection Law to notify a regulatory authority or any Data Subjects of a​​ Security​​ Incident.

    • Hubilo​​ shall​​ provide​​ notification​​ of​​ a​​ Security​​ Incident​​ in​​ the​​ following​​ manner:

Hubilo​​ shall,​​ to​​ the​​ extent​​ permitted​​ by​​ applicable​​ law,​​ notify​​ Customer​​ without​​ undue delay, but in no event later than 72 (seventy-two) hours after Hubilo’s​​ confirmation​​ or​​ reasonable​​ suspicion​​ of​​ a​​ Security​​ Incident​​ impacting​​ Customer​​ Personal​​ Data​​ of​​ which​​ Hubilo​​ is​​ a​​ processor;

    • Hubilo​​ will​​ notify​​ the​​ occurring​​ of​​ the​​ Security​​ Incident​​ to​​ the​​ email​​ address​​ of​​ Customer’s​​ Account​​ owner.

 

    • As​​ part​​ of​​ above​​ notification,​​ Hubilo​​ shall​​ provide:

      • a​​ description​​ of​​ the​​ nature​​ of​​ the​​ Security​​ Incident,​​ including​​ the​​ volume​​ and​​ type​​ of Customer Personal Data affected​​ and the categories and​​ approximate​​ number​​ of​​ individuals​​ concerned;

      • the​​ likely​​ consequences of​​ the​​ Personal Data​​ Breach;​​ and

      • a description of the measures taken or​​ proposed to​​ be taken to address​​ the​​ Security​​ Breach​​ including,​​ where​​ appropriate,​​ measures​​ to​​ mitigate​​ its​​ possible​​ adverse​​ effects.

 

 

 

  • Data​​ Protection​​ Impact​​ Assessments​​ And​​ Prior​​ Consultations

 

Hubilo shall provide reasonable assistance to the Customer with any data​​ protection impact assessments, and​​ prior consultations with any supervisory​​ authority or other competent data privacy authorities, which the Customer​​ reasonably considers to be required as under article 35 or 36 of the GDPR or​​ equivalent provisions of any other Data Protection Law, in each​​ case solely in​​ relation​​ to​​ Processing​​ of​​ Customer​​ Personal​​ Data​​ by,​​ and​​ taking​​ into​​ account​​ the​​ nature of the Processing and information available to Hubilo or any Sub-​​ processor.

 

 

 

  • Deletion​​ And​​ Retention​​ Of​​ Customer​​ Personal​​ Data

 

    • Data​​ Deletion

After conclusion of an Order Form, or earlier upon request by the Customer, at​​ the latest upon termination of the Agreement, Hubilo shall hand over to the​​ Customer​​ all​​ Customer​​ Personal​​ Data,​​ or​​ Hubilo​​ shall,​​ subject​​ to​​ the​​ Customer’s​​ prior​​ consent, delete Customer Personal Data within 15 (fifteen) days of such​​ conclusion/​​ request​​ or​​ termination​​ event.

    • Data​​ Retention

Copies or duplicates of the data shall never be created, except Customer agrees​​ that Hubilo may retain copies of Customer Personal Data as necessary in​​ connection with its routine backup and archiving procedures and to ensure​​ compliance with its legal obligations and its continuing obligations under the​​ applicable law, including to retain the Customer Personal Data pursuant to legal​​ requirements and to use the Customer Personal Data to protect Hubilo, its​​ agents, and any person acting on their behalf in court and administrative​​ proceedings.

 

    • It shall be Customer’s exclusive responsibility to secure all necessary data/​​ information​​ from​​ the​​ Customer’s​​ Account​​ prior​​ to​​ such​​ deletion,​​ including​​ the​​ End​​ User​​ Data.

  • Disclosure​​ To​​ Competent​​ Authorities

 

Hubilo may disclose Customer Personal Data, (a) if required by a summon/​​ subpoena​​ or​​ other​​ judicial​​ or​​ administrative​​ order,​​ or​​ if​​ otherwise​​ required​​ by​​ law,​​ or​​ (b)​​ if​​ Hubilo​​ deems​​ the​​ disclosure​​ necessary​​ to​​ protect​​ the​​ safety​​ and​​ rights​​ of​​ any​​ person​​ or​​ the​​ general​​ public.

 

 

 

  • Anonymized​​ And​​ Aggregated​​ Data

 

Hubilo may process data based on​​ extracts of Personal Data on an aggregated​​ and​​ non-identifiable​​ form​​ for​​ Hubilo's​​ legitimate​​ business​​ purposes,​​ including​​ for​​ testing, development, controls, and operations of the Service, and may share and​​ retain​​ such​​ data​​ at​​ Hubilo's​​ discretion,​​ provided​​ that​​ such​​ data​​ cannot​​ reasonably​​ identify​​ an​​ individual.

 

 

 

  • Term

 

This​​ DPA​​ will​​ commence​​ on​​ the​​ same​​ date​​ that​​ the​​ Agreement​​ comes​​ into​​ effect​​ and will continue until the Agreement expires or is terminated, pursuant to the​​ terms​​ therein.

 

 

 

  • Compliance

 

    • Hubilo's​​ team​​ is​​ responsible​​ to​​ make​​ sure​​ that​​ all​​ Hubilo​​ Personnel​​ adhere​​ to​​ this ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​​​ DPA.

    • You​​ can​​ reach​​ out​​ to​​ Hubilo​​ for​​ compliance​​ related​​ query​​ at​​ mydata@hubilo.com.

 

 

 

  • Confidentiality

 

Hubilo​​ agrees​​ to​​ maintain​​ the​​ confidentiality​​ of​​ Customer​​ Personal​​ Data,​​ and​​ may​​ disclose it to a govt authority/ court, etc. only in accordance with the provisions​​ of​​ the​​ DPA.

  • Miscellaneous

 

If the Customer Personal Data with Hubilo is​​ jeopardised due to attachment or​​ confiscation,​​ insolvency​​ proceedings​​ or​​ due​​ to​​ other​​ events​​ or​​ measures​​ of​​ third​​ parties, Hubilo shall immediately notify (i) the Customer thereof, and (ii) all​​ institutions or persons competent or concerned that the Customer as the​​ Controller as defined in the GDPR holds the exclusive sovereignty over and​​ exclusive​​ title​​ to​​ the​​ data.

 

Each​​ Party​​ shall​​ keep​​ a​​ record​​ of​​ their​​ processing​​ activities.​​ They​​ agree​​ to​​ co-​​ operate​​ with​​ the​​ Data​​ Protection​​ Authority/​​ Supervisory​​ Authority​​ when​​ required​​ to​​ do​​ so.

 

Hubilo​​ may​​ designate​​ a​​ representative​​ as​​ laid​​ down​​ in​​ Art​​ 27​​ Paragraph​​ 1​​ GDPR​​ in​​ the​​ European​​ Union,​​ as​​ applicable.