Orange County NC Website
Browse       Search
DocuSign Envelope ID:90A54439-23B9-40AF-8246-BFCAAEAA529D <br /> acquisition of Personal Information is a Security Breach whether or not the incident rises to the level <br /> of a security breach under the Privacy and Data Protection Requirements. <br /> "Standard Contractual Clauses" means the European Commission's Standard <br /> Contractual Clauses for the transfer of Personal Information from the European Union to processors <br /> established in third countries (controller-to-processor transfers), as set out in the Annex to <br /> Commission Decision 2010/87/EU, a completed copy of which comprises Appendix C. <br /> "Sub-processor" means any third-party engaged by Submittable, or by a Submittable <br /> Sub-processor to perform Process under the Services. <br /> "Supervisory Authority" means an independent public authority which is established <br /> by an EU Member State pursuant to the GDPR. <br /> 1.2 The Appendices form part of this DPA and will have effect as if set out in full in the body <br /> of this DPA. Any reference to this DPA includes the Appendices. <br /> 1.3 A reference to writing or written includes faxes, email, and any text sent via a messaging <br /> system from one party to another party. <br /> 1.4 In the case of conflict or ambiguity between: <br /> (a) any provision contained in the body of this DPA and any provision contained in <br /> the Appendices A through C, the provision in the body of this DPA will prevail; <br /> (b) any of the provisions of this DPA and any executed Standard Contractual Clauses <br /> (Appendix C), the provisions of the executed Standard Contractual Clauses will prevail. <br /> (c) the terms of any Order Form and any provision contained in the Appendices, the <br /> provision contained in the Appendices will prevail; and <br /> (d) any of the provisions of this DPA and the provisions of the TOS, the provisions of <br /> this DPA will prevail. <br /> 2. Personal Information Types; Processing Purposes; General Obligations. <br /> 2.1 Submittable shall comply with all applicable Privacy and Data Protection <br /> Requirements applicable to Submittable's provision of the Services. <br /> 2.2 Customer shall comply with all applicable Privacy and Data Protection Requirements <br /> related to its use of the Services, Customer's transfer of Personal Information to Submittable, and <br /> Customer's procurement of Personal Information from End Users through the Services including <br /> providing any required notices, obtaining any required consents, and for the processing instructions <br /> it gives to Submittable. Customer shall have sole responsibility for the accuracy, quality, and legality <br /> of such notices, consents, and instructions pertaining to Personal Information collected and stored in <br /> regards to all End Users and the means by which Customer acquires Personal Information. <br /> 2.3 Appendix A describes the general categories, subject-matter, duration, nature, purpose, <br /> type, and categories of the data processing, the types of Personal Information involved in the data <br /> processing, and the Data Subject types Submittable may use or Process to fulfill the Business <br /> Purpose. <br /> 3. Submittable's Obligations. <br /> 3.1 Submittable will not Process the Personal Information in a way that that would violate <br /> this DPA or the Privacy and Data Protection Requirements. Submittable will only Process the <br /> Personal Information to the extent, and in such a manner: <br /> (a) for the Business Purpose and in accordance with Customer's reasonable and <br /> lawful written instructions, where such instructions are consistent with the terms of the TOS <br /> and this DPA; <br /> Submittable Customer Terms of Service v1.1—Exhibit B Page 2 of 12 <br />