Data Processing Addendum
This Addendum applies where and only to the extent that SimpleTexting processes Client and Customer Data that is subject to Data Protection Laws on behalf of Clients as Data Processor in the course of providing Business pursuant to the Agreement.
In the course of providing Business services to Clients pursuant to the Agreement, SimpleTexting may process Personal Data on behalf of Clients, and by agreeing to the Terms and Conditions available at https://simpletexting.com/terms/, SimpleTexting and Clients hereby agree to comply with the following provisions with respect to any Consumers’ Personal Information:
“Account Users” means any individual accessing and/or using the Business through the Client’s Account as authorized by Client.
“SimpleTexting” means SimpleTexting LLC.
“Customer Data” means any Personal Data that SimpleTexting processes as a Data Processor on behalf of Client.
“Data Controller” means the entity which determines the purposes and means of the processing of Personal Data. Client is the Data Controller with respect to Client Data.
“Data Processor” means the entity which Processes Personal Data on behalf of the Data Controller. SimpleTexting is the Data Processor with respect to Client Data under EU Data Protection Laws, and “Service Provider” under the California Consumer Privacy Act (“CCPA”).
“Data Protection Laws” means EU Data Protection Laws and, and to the extent applicable, the data protection or privacy laws of the United States of America, including without limitation, the California Consumer Privacy Act of 2018, as amended (the “CCPA”), or of any other applicable country.
“EU Data Protection Laws” means (i) Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data (General Data Protection Regulation), as may be amended from time to time (“GDPR”); and (ii) Directive 2002/58/EC concerning the processing of Personal Data and the protection of privacy in the electronic communications sector and applicable national implementations of it (as may be amended, superseded or replaced).
“Personal Data” shall have the same meaning as in the applicable Data Protection Laws, provided, that with respect to this Addendum, the reference is to Personal Data processed in relation to Client’s access to and use of the Service.
“Request” means a written request from a Data Subject to exercise his/her specific data subject rights under the Data Protection Laws in respect of Personal Data.
“Service” means SimpleTexting’s web-based application for managing mobile marketing campaigns including mobile messaging capabilities.
“Sub-processor” means any Data Processor engaged by SimpleTexting to assist in fulfilling its obligations with respect to providing Business pursuant to the Agreement or this Addendum.
The terms, “Data Subject”, “Member State”, “Processing”, “Process” and “Supervisory Authority” shall have the same meaning as in the GDPR, and their cognate terms shall be construed accordingly.
2. PROCESSING OF PERSONAL DATA
2.1 Roles of the Parties. The parties acknowledge and agree that with regard to the Processing of Personal Data, Client is the Data Controller of Customer Data, and SimpleTexting will process Customer Data only as a Data Processor acting on the instructions of Client.
2.3 SimpleTexting’s Processing of Customer Data. SimpleTexting shall only process Customer Data on behalf of and in accordance with Client’s instructions. Instructions by Client to SimpleTexting to process Customer Data include processing initiated by Account Users in their use of the Business.
2.4 Details of Data Collection and Processing
(a) Subject matter: The subject matter of the data processing under this Addendum is the Customer Data.
(b) Duration: As between SimpleTexting and Client, the duration of the data processing under this Addendum is until the termination of the Agreement in accordance with its terms.
(c) Purpose: The purpose of the data processing under this Addendum is the provision of the Business to the Client and the performance of SimpleTexting’s obligations pursuant to the Agreement (including this Addendum) or as otherwise agreed by the parties.
(d) Nature of the processing: SimpleTexting is a web-based application for managing mobile marketing campaigns including mobile messaging capabilities (the “Service”).
(e) Categories of data subjects: Accounts Users and any end user of a mobile application, web domains, devices, software applications and/or communication channels owned or controlled by Client and to or with respect to whom Client sends notifications or processes Personal Data via the Service (collectively, “End Users”).
(f) Categories of Customer Data:
- Client and Account Users: Account User’s login credentials to the Service, name, phone number, email, website, physical address, credit card or paypal account information, IP address, and URL information.
- End Users: Client may process Personal Data via the Service, the extent of which is determined by Client based on Client’s configuration and use of the Service, which may include, at Client’s sole discretion, but is not limited to the following categories of Personal Data: names, phone numbers, email addresses, online identifiers, and location data.
(g) Sources of Customer Data: All Customer Data is stored on the SimpleTexting database.
3. DATA REQUESTS
3.1 Data Requests. The Service provides Client with a number of functions that Client may use to retrieve, correct, delete, or restrict Customer Data, which Client may use to assist it in connection with its obligations under the Data Protection Laws including, for example, its obligations relating to responding to Requests from Data Subjects or applicable data protection authorities (including requests for information relating to the processing, and requests relating to access, rectification, erasure or portability of the Personal Information).
To the extent Client is unable to independently access the relevant Customer Data within the Service, SimpleTexting will provide reasonable cooperation to assist Client, at Client’s cost to the extent legally permissible, to respond to any requests from Data Subjects or applicable data protection authorities relating to the processing of Personal Data under the Agreement and this Addendum.
In the event any such request is made directly to SimpleTexting, SimpleTexting will not respond to such communication directly without Client’s prior authorization, unless legally compelled to do so. If SimpleTexting is required to respond to such a request, SimpleTexting will promptly notify Client and provide it with a copy of the request unless legally prohibited from doing so.
3.2 If the request is pursuant to the CCPA:
i) the Consumer has the following rights: a) the right to request disclosure of the data collection and sales practices in connection with the requesting consumer, including the categories of personal information SimpleTexting has collected, the source of the information, and SimpleTexting’s use of the information; b) the right to request a copy of the specific personal information collected about the Consumer during the 12 months before their request; c) the right to have such information deleted (subject to exceptions in the CCPA); and d) the right not to be discriminated against because they exercised any of these rights under the CCPA.
ii) SimpleTexting has the right to collect information from the requesting party to verify their identify;
iii) SimpleTexting will respond to the request within 45 days; and
iv) California Consumers can make up to two Requests within a 12 month period.
3.3 SimpleTexting does not disclose or sell Customer Data to third parties.
3.4 Government Requests. If a law enforcement agency sends SimpleTexting a demand for Customer Data (for example, through a subpoena or court order), SimpleTexting will attempt to redirect the law enforcement agency to request that data directly from Client. As part of this effort, SimpleTexting may provide Client’s basic contact information to the law enforcement agency. If compelled to disclose Customer Data to a law enforcement agency, then SimpleTexting will give Client reasonable notice of the demand to allow Client to seek a protective order or other appropriate remedy unless SimpleTexting is legally prohibited from doing so.
4.1 Appointment of Sub-processors. Client acknowledges and agrees that SimpleTexting may engage third-party Sub-processors in connection with the provision of the Service. Any such Sub-processor will be permitted to customer data only to the extent needed to deliver the Services. None of this customer data is used for any promotional purposes, or shared with third parties for their promotional purposes.
5. RELATIONSHIP WITH THE AGREEMENT
5.1 Except for the changes made by this Addendum, the Agreement remains unchanged and in full force and effect. If there is any conflict between this Addendum and the Agreement, this Addendum will prevail to the extent of that conflict.
5.2 Claims. Any claims brought under or in connection with this Addendum will be subject to the terms and conditions, including but not limited to, the exclusions and limitations set forth in the Agreement. Other than liability that may not be limited under applicable law, each party’s liability, taken together in the aggregate, arising out of or related to this Addendum, whether in contract, tort or under any other theory of liability, is subject to the ‘Limitation of Liability’ section of the Agreement, and any reference in such section to the liability of a party means the aggregate liability of that party under the Agreement and all Addenda together.
5.3 No Third Party Beneficiary. No one other than a party to this Addendum, its successors and permitted assignees will have any right to enforce any of its terms. Any claims against SimpleTexting under this Addendum will be brought solely against the entity that is a party to the Agreement. Client further agrees that any regulatory penalties or other liability incurred by SimpleTexting in relation to the Customer Data that arise as a result of, or in connection with, Client’s failure to comply with its obligations under this Addendum or any applicable Data Protection Laws will count toward and reduce SimpleTexting’s liability under the Agreement as if it were liable to the Client under the Agreement.
5.4 Governing Law. This Addendum will be governed by and construed in accordance with governing law and jurisdiction provisions in the Agreement, unless required otherwise by applicable Data Protection Laws.
6. LEGAL EFFECT
This Addendum shall only become legally binding between Client and SimpleTexting when executed as described in the introductory paragraphs to this Addendum.
7. ANNUAL UPDATE