<aside> ℹ️ If you'd like us to send you a copy of this DPA for signature, please email [email protected] with the subject "Request for DPA."

</aside>

EU Data Processing Addendum (DPA)

PLEASE READ THIS EU DATA PROCESSING ADDENDUM (“ADDENDUM”) CAREFULLY BEFORE USING THE WEBSITE, SOFTWARE OR SERVICES OFFERED BY TYPEGUARD, INC. (“GLIDE” OR “PROCESSOR”). THIS ADDENDUM SHALL APPLY TO THE EXTENT GLIDE IS A PROCESSOR OF PERSONAL DATA (DEFINED BELOW) THAT IS SUBJECT TO CERTAIN DATA PROTECTION LAWS (DEFINED BELOW). YOU OR THE ENTITY YOU REPRESENT AGREE THAT YOU HAVE READ AND ACCEPT THE TERMS IN THIS ADDENDUM, WHICH SUPPLEMENT GLIDE’S TERMS OF SERVICE glideapps.com/terms (THE “TERMS OF SERVICE”). IF YOU ARE ACCESSING THE SERVICES ON BEHALF OF YOUR EMPLOYER, YOU REPRESENT AND WARRANT THAT YOU HAVE THE AUTHORITY TO AGREE TO THIS ADDENDUM ON ITS BEHALF AND THE RIGHT TO BIND YOUR EMPLOYER THERETO. BY EXECUTING THE ADDENDUM IN ACCORDANCE WITH SECTION 11 HEREIN, YOU ENTER INTO THIS ADDENDUM ON BEHALF OF YOURSELF AND, TO THE EXTENT REQUIRED UNDER APPLICABLE DATA PROTECTION LAWS (DEFINED BELOW), IN THE NAME AND ON BEHALF OF YOUR AFFILIATES (DEFINED BELOW), IF ANY.   IF EITHER YOU OR YOUR EMPLOYER DO NOT UNCONDITIONALLY AGREE TO ALL THE TERMS AND CONDITIONS OF THIS ADDENDUM, YOU HAVE NO RIGHT TO USE GLIDE’S SERVICES AND MUST NAVIGATE AWAY FROM THIS PAGE.

This Addendum supplements the Agreement only when and to the extent that a user of Glide’s Services provides Glide with personal data that is subject to Data Protection Laws (for the purposes of this Addendum, each user who does so shall be referred to as a “Controller”).  Any terms not defined in this Addendum shall have the meaning set forth in the Terms of Service. In the event of a conflict between the terms and conditions of this Addendum and the Terms of Service, the terms and conditions of this Addendum shall supersede and control.

1. Definitions

1.1 “Affiliate” means (i) an entity of which a party directly or indirectly owns fifty percent (50%) or more of the stock or other equity interest, (ii) an entity that owns at least fifty percent (50%) or more of the stock or other equity interest of a party, or (iii) an entity which is under common control with a party by having at least fifty percent (50%) or more of the stock or other equity interest of such entity and a party owned by the same person, but such entity shall only be deemed to be an Affiliate so long as such ownership exists.

1.2 “Anonymous Data” means Personal Data that has been processed in such a manner that it can no longer be attributed to an identified or identifiable natural person.

1.3 “Authorized Employee” means an employee of Processor who has a need to know or otherwise access Personal Data to enable Processor to perform their obligations under this Addendum or the Terms of Service.

1.4 “Authorized Sub-Processor” means a third-party who has a need to know or otherwise access Personal Data to enable Processor to perform its obligations under this Addendum or the Terms of Service, and who is either (1) listed in Exhibit C or (2) authorized by Controller to do so under Section 4.2 of this Addendum.

1.5 “Data Subject” means an identified or identifiable person to whom Personal Data relates.

1.6 “Instruction” means a direction, either in writing, in textual form (e.g. by e-mail) or by using a software or online tool, issued by Controller to Processor and directing Processor to Process Personal Data.

1.7 “Personal Data” means any information relating to a Data Subject which is subject to Data Protection Laws (defined below) and which Processor Processes on behalf of Controller other than Anonymous Data.

1.8 “Personal Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.

1.9 “Process” or “Processing” means any operation or set of operations which is performed upon the Personal Data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure, or destruction.

1.10 “Services” shall have the meaning set forth in the Terms of Service.

1.11 “Standard Contractual Clauses” means the agreement executed by and between Controller and Processor and attached hereto as Exhibit B pursuant to the European Commission’s decision (C(2010)593) of February 5, 2010 on standard contractual clauses for the transfer of personal data to processors established in third countries which do not ensure an adequate level of protection (or any updated version thereof).

1.12 “Supervisory Authority” means an independent public authority which is established by a member state of the European Union, Iceland, Liechtenstein, or Norway.

2. Processing of Data

2.1 The rights and obligations of the Controller with respect to this Processing are described herein. Controller shall, in its use of the Services, at all times Process Personal Data, and provide instructions for the Processing of Personal Data, in compliance with the General Data Protection Regulation (Regulation (EU) 2016/679) (the “GDPR”) and the United Kingdom Data Protection Act 2018 (together, “Data Protection Laws”). Controller shall ensure that its instructions comply with all laws, rules and regulations applicable in relation to the Personal Data, and that the Processing of Personal Data in accordance with Controller’s instructions will not cause Processor to be in breach of the Data Protection Laws. Controller is solely responsible for the accuracy, quality, and legality of (i) the Personal Data provided to Processor by or on behalf of Controller, (ii) the means by which Controller acquired any such Personal Data, and (iii) the instructions it provides to Processor regarding the Processing of such Personal Data. Controller shall not provide or make available to Processor any Personal Data in violation of the Terms of Service or otherwise inappropriate for the nature of the Services, and shall indemnify Processor from all claims and losses in connection therewith. This Addendum does not apply to Personal Data for which Processor is a controller.

2.2 Processor shall not Process Personal Data (i) for purposes other than those set forth in the Terms of Service and/or Exhibit A, (ii) in a manner inconsistent with the terms and conditions set forth in this Addendum or any other documented instructions provided by Controller, including with regard to transfers of personal data to a third country or an international organization, unless required to do so by Supervisory Authority to which the Processor is subject; in such a case, the Processor shall inform the Controller of that legal requirement before Processing, unless that law prohibits such information on important grounds of public interest and (iii) in violation of the GDPR. Controller hereby instructs Processor to Process Personal Data in accordance with the foregoing and as part of any Processing initiated by Controller in its use of the Services.