The Fine Print
Data Processing Addendum
Last Updated: April 19, 2018
This Bibliopolis Data Processing Addendum (“Addendum”) amends the Bibliopolis Terms of Service (the “Agreement”) by and between You and Bibliopolis, LLC.
In this Addendum, the following terms shall have the meanings set out below and cognate terms shall be construed accordingly:
- “EU Data Protection Laws” means European Directives 95/46/EC and 2002/58/EC, and any legislation and/or regulation implementing or made pursuant to them, or which amends or replaces any of them, including by the GDPR and laws implementing or supplementing the GDPR;
- "Data Protection Laws" means EU Data Protection Laws and, to the extent applicable, the data protection or privacy laws of any other country;
- “GDPR" means EU General Data Protection Regulation 2016/679;
- “EEA” means the European Economic Area;
- “Data Processor”, “Data Subject”, “Personal Data Breach”, “Processor”, “Processing”, “Subprocessor”, and “Supervisory Authority” shall have the same meaning as in the GDPR, and their cognate terms shall be construed accordingly;
- “Personal Data” as used in this Addendum means information relating to an identifiable or identified Data Subject who visits or engages in transactions through your website (a “Customer”), which Bibliopolis Processes as a Data Processor when providing you with the Services; and
All other capitalized terms in this Addendum shall have the same definition as in the Agreement.
2) Data Protection
Where a Data Subject is located in the EEA, that Data Subject’s Personal Data will be processed by Bibliopolis, whose servers are located in the United States. As part of providing the Services, this Personal Data may be transferred to the United States, provided that such transfer complies with relevant EU Data Protection Laws.
When Bibliopolis Processes Personal Data as part of providing the Services, Bibliopolis will:
- comply with all applicable Data Protection Laws and only process Personal Data that is relevant to Your documented instructions, as defined in the Services. If we are required by law to process the Personal Data for any purpose other than that of providing the Services, we will promptly notify you unless prohibited by law to do so;
- notify You if, in Bibliopolis’ opinion, your instruction for the Processing of Personal Data infringes applicable EU Data Protection Laws;
- promptly notify You of any request or complaint from a Data Subject or Supervisory Authority under any Data Protection Law relating to our Processing of the Personal Data;
- implement appropriate technical and organizational measures to protect the Personal Data against unauthorized or unlawful Processing. The measures shall be appropriate to protect Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the Processing and the nature of the Personal Data to be protected;
- promptly notify You of any Personal Data Breach affecting Personal Data and provide You with sufficient information to meet any obligations to report or inform Data Subjects of the Personal Data Breach under the Data Protection Laws;
- provide You, upon request, all available information necessary to demonstrate compliance with the terms of this Addendum;
- shall take reasonable steps to ensure the reliability of any employee, agent or contractor of Bibliopolis who may have access to the Personal Data, ensuring in each case that access is strictly limited to those individuals who need to access the relevant Personal Data for providing the Services, ensuring that all such individuals are subject to confidentiality undertakings or professional or statutory obligations of confidentiality; and
- upon termination of the Agreement, Bibliopolis will promptly delete or anonymize the Personal Data.
In providing the Services, You acknowledge and agree that Bibliopolis may use Subprocessors to Process the Personal Data. Bibliopolis’ use of any specific Subprocessor to process the Personal Data must be in compliance with EU Data Protection Laws and must be governed by a contract between Bibliopolis and Subprocessor.
3) General Terms
In the event of any inconsistencies between the provisions of this Addendum and any other agreements between the parties, the provisions of this Addendum shall prevail. This Addendum and all non-contractual or other obligations arising out of or in connection with it are governed by the laws of the country or territory stipulated for this purpose in the Agreement. You acknowledge and agree that Bibliopolis may amend this Addendum from time to time by posting the relevant amended and restated Addendum on Bibliopolis’ website, available at https://www.bibliopolis.com/dpa and such amendments to the Addendum are effective as of the date of posting. Your continued use of the Services after the amended Addendum is posted to Bibliopolis’ website constitutes your agreement to, and acceptance of, the amended Addendum.
Should any provision of this Addendum be invalid or unenforceable, then the remainder of this Addendum shall remain valid and in force. The invalid or unenforceable provision shall be either (i) amended as necessary to ensure its validity and enforceability, while preserving the parties’ intentions as closely as possible or, if this is not possible, (ii) construed in a manner as if the invalid or unenforceable part had never been contained therein.