This Data Processing Agreement (the “Agreement”) governs the Processing of personal data of Your customers that You upload or otherwise provide Virtual Impact Sellers.
This Agreement is incorporated into the Virtual Impact Sellers User Terms and Conditions, Privacy Policy, and GDPR Policy (collectively, “Virtual Impact Sellers Terms”) and is binding on You. In the event of any conflict or inconsistency between any of the Virtual Impact Sellers Terms, the provisions of the following documents (in order of precedence) shall prevail: (a) this Agreement; (b) the GDPR Policy; (c) the Virtual Impact Sellers User Terms and Conditions; and (d) the Privacy Policy.
1. DEFINITIONS
A. “Virtual Impact Sellers” & “Impacto Virtual Emprendedores” are a trademark of Virtual Impact Sellers, INC, and also refers to proprietary Virtual Impact Sellers, INC training courses used to create Internet chatbots and sales funnels. Virtual Impact Sellers as used herein also refers to Virtual Impact Sellers, INC.
B. “Data Protection Requirements” means collectively the GDPR, Local Data Protection Laws, any subordinate legislation and regulation implementing the GDPR, and all Privacy Laws.
C. “Data Subject” means a person from whom You collect Personal Data.
D. “Virtual Impact Sellers” means Virtual Impact Sellers, INC, the owner of the Virtual Impact Sellers and other trademarks. In this Agreement, references to “Virtual Impact Sellers ” as a Party means and refers to Virtual Impact Sellers, INC, and Virtual Impact Sellers, INC’s owner(s), parent company(ies), affiliate entities, and employees, and assigns. Virtual Impact Sellers, INC is the data controller under this Agreement.
E. “GDPR” means the General Data Protection Regulation promulgated by the European Union for the protection of individuals with regard to the Processing of personal data and on the free movement of such data.
F. “Parties” mean Virtual Impact Sellers and You. Virtual Impact Sellers and You are each a “Party.”
G. “Personal Data” means Personal Data (i) that You upload or otherwise provide Virtual Impact Sellers in connection with Your use of Virtual Impact Sellers’ services; and (ii) for which You are a data controller as defined by the GDPR; and (iii) that satisfies one of the following: (a) can be used to identify, contact or locate a specific individual, (b) can be combined with other information that can be used to identify, contact or locate a specific individual, or (c) is defined as “personal data” or “personal information” by applicable laws or regulations relating to the collection, use, storage or disclosure of information about an identifiable individual.
H. “Personal Data Breach” means any accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data.
I. “Privacy Laws” means all applicable laws, regulations, and other legal requirements relating to (a) privacy, data security, consumer protection, marketing, promotion, and text messaging, email, and other communications; and (b) the use, collection, retention, storage, security, disclosure, transfer, disposal, and other Processing of any Personal Data.
J. “Process” and its cognates mean any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
K. “Subprocessor” means any entity which provides Processing services to Virtual Impact Sellers in furtherance of Virtual Impact Sellers’ Processing on behalf of You.
L. “Supervisory Authority” means an independent public authority which is established by a European Union member state pursuant to the GDPR.
M. “User” refers to a person who has created a Virtual Impact Sellers Account. “User Account” refers to a User’s Virtual Impact Sellers Account.
N. “You” and “Your” means the Virtual Impact Sellers User who has executed this Agreement by clicking “I Agree.” You are Data Controller.
2. NATURE OF DATA PROCESSING
Each Party agrees to Process Personal Data received under the Agreement only for the purposes set forth in the Agreement. For the avoidance of doubt, the purposes of Personal Data Processing and the categories of Data Subjects subject to this Agreement are described in Schedule A to this Agreement.
3. COMPLIANCE WITH LAWS
The Parties shall each comply with their respective obligations under all applicable Data Protection Requirements.
4. YOUR OBLIGATIONS
You agree to:
4.1 Provide instructions to Virtual Impact Sellers and determine the purposes and general means of Virtual Impact Sellers’ Processing of Personal Data in accordance with the Agreement; and
4.2 Comply with protection, security and other obligations with respect to Personal Data prescribed by Data Protection Requirements for data controllers by: (a) establishing and maintaining a procedure for the exercise of the rights of the individuals whose Personal Data are Processed on Your behalf; (b) Processing only data that has been lawfully and validly collected and ensuring that such data will be relevant and proportionate to the respective uses; and (c) ensuring compliance with the provisions of this Agreement by Your personnel or by any third-party accessing or using Personal Data on Your behalf.
5. Virtual Impact Sellers’ OBLIGATIONS
5.1 Processing Requirements. Virtual Impact Sellers will:
a. Process Personal Data (i) only for the purpose of providing, supporting and improving Virtual Impact Sellers’ services (including to provide insights and other reporting), using appropriate technical and organizational security measures; and (ii) in compliance with instructions received from You. Virtual Impact Sellers will not use or Process Personal Data for any other purpose. Virtual Impact Sellers will promptly inform You in writing if it cannot comply with its requirements under this Agreement, in which case You may terminate the Agreement or take any other reasonable action, including suspending of data Processing operations;
b. Inform You promptly if, in Virtual Impact Sellers’ opinion, an instruction from You violates applicable Data Protection Requirements;
c. Follow Your instructions regarding Personal Data (including with regard to the provision of notice and exercise of choice) You have stored with Virtual Impact Sellers;
d. Take commercially reasonable steps to ensure that (i) persons employed by it and (ii) other persons engaged to perform on Virtual Impact Sellers’ behalf comply with the terms of this Agreement;
e. Ensure that its employees, authorized agents and any Subprocessors are required to comply with and acknowledge and respect the confidentiality of Personal Data, including after the end of their respective employment, contract or assignment;
f. If it intends to engage Subprocessors to help it satisfy its obligations in accordance with this Agreement or to delegate all or Part of the Processing activities to such Subprocessors, (i) obtain the prior written consent of You to such subcontracting, such consent to not be unreasonably withheld; (ii) remain liable to You for the Subprocessors’ acts and omissions with regard to data protection where such Subprocessors act on Virtual Impact Sellers’ instructions; and (iii) enter into contractual arrangements with such Subprocessors binding them to provide the same level of data protection and information security to that provided for herein;
g. Upon request, provide You with a summary of Virtual Impact Sellers’ privacy and security policies; and
h. Inform You if Virtual Impact Sellers undertakes an independent security review.
5.2 Notice to You. Virtual Impact Sellers will inform You if Virtual Impact Sellers becomes aware of:
a. Any non-compliance by Virtual Impact Sellers or its employees with this Agreement or the Data Protection Requirements relating to the protection of Personal Data Processed under this Agreement;
b. Any legally binding request for disclosure of Personal Data by a law enforcement authority, unless Virtual Impact Sellers is otherwise forbidden by law to inform You, for example to preserve the confidentiality of an investigation by law enforcement authorities;
c. Any notice, inquiry or investigation by a Supervisory Authority with respect to Personal Data; or
d. Any complaint or request (in particular, requests for access to, rectification or blocking of Personal Data) received directly from Data Subjects of Yours. Virtual Impact Sellers will not respond to any such request without Your prior written authorization.
5.3 Assistance to You. Virtual Impact Sellers will provide reasonable assistance to You regarding:
a. Any requests from Your Data Subjects in respect to access to or the rectification, erasure, restriction, portability, blocking or deletion of Personal Data that Virtual Impact Sellers Processes for You. In the event that a Data Subject sends such a request directly to Virtual Impact Sellers, Virtual Impact Sellers will promptly send such request to You;
b. The investigation of Personal Data Breaches and the notification to the Supervisory Authority and Your Data Subjects regarding such Personal Data Breaches; and
c. Where appropriate, the preparation of data protection impact assessments and, where necessary, carrying out consultations with any Supervisory Authority.
5.4 Required Processing. If Virtual Impact Sellers is required by Data Protection Requirements to Process any Personal Data for a reason other than providing the services described in the Agreement, Virtual Impact Sellers will inform You of this requirement in advance of any Processing, unless Virtual Impact Sellers is legally prohibited from informing You of such Processing (e.g., as a result of secrecy requirements that may exist under applicable EU member state laws).
5.5 Security. Virtual Impact Sellers will:
a. Maintain appropriate organizational and technical security measures (including with respect to personnel, facilities, hardware and software, storage and networks, access controls, monitoring and logging, vulnerability and breach detection, incident response, encryption of Personal Data while in transit and at rest) to protect against unauthorized or accidental access, loss, alteration, disclosure or destruction of Personal Data;
b. Be responsible for the sufficiency of the security, privacy, and confidentiality safeguards of all Virtual Impact Sellers personnel with respect to Personal Data and liable for any failure by such Virtual Impact Sellers personnel to meet the terms of this Agreement;
c. Take reasonable steps to confirm that all Virtual Impact Sellers personnel are protecting the security, privacy and confidentiality of Personal Data consistent with the requirements of this Agreement; and
d. Notify You of any Personal Data Breach by Virtual Impact Sellers, its Subprocessors, or any other third-parties acting on Virtual Impact Sellers’ behalf without undue delay and in any event within 48 hours of becoming aware of a Personal Data Breach.
6. AUDIT, CERTIFICATION
6.1 Supervisory Authority Audit. If a Supervisory Authority requires an audit of the data Processing facilities from which Virtual Impact Sellers Processes Personal Data in order to ascertain or monitor Your compliance with Data Protection Requirements, Virtual Impact Sellers will cooperate with such audit. You are responsible for all costs and fees related to such audit, including all reasonable costs and fees for any and all time Virtual Impact Sellers expends for any such audit, in addition to the rates for services performed by Virtual Impact Sellers.
6.2 Audits. Virtual Impact Sellers must, upon Your request (not to exceed one request per calendar year) by email to support@virtualimpactsellers.com, certify compliance with this Agreement in writing. If Virtual Impact Sellers’ assurance does not provide, in Your reasonable judgment, sufficient information to confirm Virtual Impact Sellers’ compliance with the terms of this Agreement, then You or an accredited third-party audit firm agreed to by both You and Virtual Impact Sellers may audit Virtual Impact Sellers’ compliance with the terms of this Agreement during regular business hours, with reasonable advance notice to Virtual Impact Sellers and subject to reasonable confidentiality procedures. You will be responsible for all costs and fees related to such audit, including all reasonable costs and fees for any and all time Virtual Impact Sellers expends for any such audit, in addition to the rates for services performed by Virtual Impact Sellers. Before the commencement of any such audit, You and Virtual Impact Sellers shall mutually agree upon the scope, timing, and duration of the audit. You shall promptly notify Virtual Impact Sellers with information regarding any non-compliance discovered during the course of an audit. You may not audit Virtual Impact Sellers more than once annually.
7. DATA RETURN AND DELETION
The Parties agree that on the termination of the data Processing services or upon Your reasonable request, Virtual Impact Sellers shall, and shall cause any Subprocessors to, at the choice of You, return all Personal Data and copies of such data to You or securely destroy them and demonstrate to Your reasonable satisfaction that Virtual Impact Sellers has taken such measures, unless Data Protection Requirements prevent Virtual Impact Sellers from returning or destroying all or part of the Personal Data disclosed. In such case, Virtual Impact Sellers agrees to preserve the confidentiality of the Personal Data retained by it and that it will only actively Process such Personal Data after such date in order to comply with applicable laws.
8. THIRD-PARTY DATA PROCESSORS
You acknowledge that in the provision of some services, Virtual Impact Sellers, on receipt of instructions from You, may transfer Personal Data to and otherwise interact with third-party data Processors. You agree that if and to the extent such transfers occur, You are responsible for entering into separate contractual arrangements with such third-party data Processors binding them to comply with obligations in accordance with Data Protection Requirements. For avoidance of doubt, such third-party data Processors are not Subprocessors.
9. TERM
This Agreement shall remain in effect as long as Virtual Impact Sellers carries out Personal Data Processing operations on behalf of You or until the termination of the Virtual Impact Sellers Contract (and all Personal Data has been returned or deleted in accordance with this Agreement).
10. GOVERNING LAW, JURISDICTION, VENUE, ATTORNEYS’ FEES
Notwithstanding anything in the Agreement to the contrary, this Agreement shall be governed by the laws of Ireland, and any action or proceeding related to this Agreement (including those arising from non contractual disputes or claims) will be brought in Dublin, Ireland. In the event of any litigation between the Parties that in any way relates to this Agreement, each Party shall bear its own costs and attorneys’ fees, regardless of which Party, if either of them, is deemed the prevailing Party.