Orange County NC Website
Browse       Search
DocuSign Envelope ID:90A54439-23B9-40AF-8246-BFCAAEAA529D <br /> OR ANY OTHER LEGAL OR EQUITABLE THEORY, EXCEED THE TOTAL AMOUNTS PAID TO <br /> SUBMITTABLE UNDER THE TOS IN THE ONE YEAR PERIOD PRECEDING THE EVENT <br /> GIVING RISE TO THE CLAIM OR $200.00, WHICHEVER IS LESS. THE FOREGOING <br /> LIMITATIONS APPLY EVEN IF ANY REMEDY FAILS OF ITS ESSENTIAL PURPOSE. <br /> 9. Special Laws Regarding Personal Information. <br /> 9.1 Provided the Business Purpose allows Submittable access to Personal Information in the <br /> form of protected health information as defined by HIPAA, the Parties shall execute Submittable's <br /> HIPAA-compliant business associate agreement. <br /> 9.2 Provided the Business Purpose allows Submittable access to Personal Information <br /> subject to FERPA, Submittable will be considered a "school official" with a "legitimate educational <br /> interest" as those terms are used in FERPA and its implementing regulations, and Submittable <br /> agrees to abide by the applicable limitations on disclosure and re-disclosure of personally identifiable <br /> information from education records under FERPA. <br /> 10. Cross-Border Transfers of Personal Information. <br /> 10.1 For purposes of the GDPR, the parties acknowledge and agree that with regard to the <br /> Processing of Personal Information, Customer is the Controller and Submittable is a Processor. <br /> 10.2 If the Privacy and Data Protection Requirements restrict cross-border Personal <br /> Information transfers, Customer will only transfer or cause to be transferred that Personal <br /> Information to Submittable under the following conditions: <br /> (a) Submittable, either through its location or participation in a valid cross-border <br /> transfer mechanism under the Privacy and Data Protection Requirements, as identified in <br /> Appendix A, may legally receive that Personal Information, however, Submittable must <br /> promptly inform Customer of any change to that status; <br /> (b) Customer obtained valid Data Subject consent to the transfer under the Privacy <br /> and Data Protection Requirements; or <br /> (c) the transfer otherwise complies with the Privacy and Data Protection <br /> Requirements for the reasons set forth in Appendix A. <br /> 10.3 If any Personal Information transfer between Submittable and Customer requires <br /> implementation of Standard Contractual Clauses in order to comply with the Privacy and Data <br /> Protection Requirements, the Standard Contractual Clauses contained in Appendix C, shall be in <br /> effect, and each Party shall abide by its obligations and take all other actions required to legitimize <br /> the transfer, including, if necessary: <br /> (a) co-operating to register the Standard Contractual Clauses with any Supervisory <br /> Authority in any European Economic Area country; <br /> (b) procuring approval from any such Supervisory Authority; or <br /> (c) providing additional information about the transfer to such Supervisory <br /> Authority. <br /> 10.4 Subject to the terms of this DPA, Submittable makes available the transfer mechanisms <br /> listed on Appendix A which shall apply, in the order of precedence as set out below, to any transfers <br /> of Personal Information under this DPA from the European Union, the European Economic Area <br /> and/or their member states, Switzerland and the United Kingdom to countries which do not ensure <br /> an adequate level of data protection within the meaning of Privacy and Data Protection <br /> Requirements of the foregoing territories, to the extent such transfers are subject to such Privacy and <br /> Data Protection Requirements: <br /> Submittable Customer Terms of Service v1.1—Exhibit B Page 7 of 12 <br />