a) The terms “Controller”, “Data Subject”, “Personal Data”, “Processing”, “Processor”, “Subprocessor” and “Supervisory Authority” shall have the meanings as set forth in the EU General Data Protection Regulation 2016/679 (“GDPR”).
b) “User Personal Data” means Personal Data of the individual(s) authorized by ISSA Charities to use the Service.
2. Processing Details. You authorize ISSA Charities to process, host and maintain User Personal Data in connection with the Service and to share User Personal Data with Qooper that will likewise process, host and maintain the User Personal Data exclusively for the purpose of providing the Service. ISSA Charities and Qooper shall retain User Personal Data only for a period of time necessary for it to provide the Service.
a) Types of User Personal Data to be Processed. User Personal Data will consist of contact information such as an individual’s name, title, company affiliation, and email address.
b) Sensitive Data. Users shall not be required to provide Sensitive Data, including but not limited to social security numbers, passport numbers, driver’s license numbers or birthdates.
3. Processing Limited. You authorize ISSA Charities to process User Personal Data only as necessary for the purposes described in Section 2, and as necessary to provide the Service to You under this Agreement.
4. Controls and Safeguards. ISSA Charities has implemented and maintains appropriate technical, organizational, and physical controls and other safeguards (including measures required by GDPR Article 32) as reasonably necessary to maintain and ensure a level of security that is appropriate to the nature of User Personal Data and the particular risks associated with that processing. ISSA Charities shall take reasonable steps to: i) limit access to individuals who need to know as necessary for a legitimate purpose and require all such individuals to a duty of confidence; and ii) provide recurring awareness training to its employees.
5. Qooper Authorized as Subprocessor. You authorize ISSA Charities to appoint Qooper as a Subprocessor in accordance with the use of the Service and this Agreement. ISSA Charities represents and warrants that it has: i) conducted due diligence to verify that Qooper maintains an adequate level of protection for User Personal Data including, without limitation, any cross-border transfers; and ii) entered into a written data processing agreement with Qooper that impose on Qooper substantially the same protections of User Personal Data as provided by this Agreement.
6. User Requests for User Personal Data. Upon the request by the User at any time during which their use of Qooper is authorized by ISSA Charities and within 30 days of the date after which their use of Qooper is no longer authorized, ISSA Charities will make User Personal Data available to User, and shall otherwise return User Personal Data to You within 30 days of the request. In addition, during the time User is authorized to use Qooper, ISSA Charities shall provide User the ability to obtain extracts of User Personal Data. Within a reasonable period following completion of the Services related to the relevant processing, ISSA Charities will destroy copies of the User Personal Data
7. Transfer of User Personal Data out of European Economic Area (EEA). User acknowledges that during the period in which User is authorized to use Qooper, ISSA Charities primary processing operations are based in the United States. To the extent that User’s use of the Service requires transfer of personal data out of the EEA, User and ISSA Charities agree that such transfer shall be made in compliance with an appropriate transfer mechanism providing adequate safeguards under the GDPR. The determination of the appropriate transfer mechanism is in the sole discretion of ISSA Charities, provided that such mechanism is legally effective.
8. Data Breach. ISSA Charities shall notify User without undue delay upon becoming aware of a data breach involving User Personal Data, but in no event less than seventy-two (72) hours after discovery of the breach. ISSA Charities will provide User with sufficient information for User to meet any obligations to report or inform Data Subjects of the data breach under the Data Protection Laws. ISSA Charities will take reasonable commercial steps and cooperate with User in the investigation, mitigation, and remediation of such data breach.