Updated on: March 30, 2022
1. Introduction and Scope
- This Data Processing Addendum (“DPA”) is an addendum to the Terms of Service (“Terms”) . All provisions of the Terms apply to and are incorporated into this DPA, but if there is a conflict between this DPA and any provisions in the Terms, then the provisions of this DPA shall control.
- This DPA only applies to Clients if and to the extent (a) Liven Studio (WP Umbrella) Processes Client Personal Data (defined below) for or on behalf of the Client pursuant to the Agreement (b) and the Data Protection Laws apply to such Client Personal Data.
- Updates to the DPA. We reserve the right to make changes to this DPA at any time at our sole discretion. If we make changes to this DPA, we will provide notice of such changes by revising the date at the top of this DPA. Your continued use of our Services following notification of changes will constitute your acceptance of such changes. Please periodically review this DPA and check for any updates.
Capitalized terms which are not defined in this DPA shall have the meaning provided elsewhere in the Agreement. In addition, the following defined terms apply solely with respect to this DPA.
- “Controller”, “Processor”, “Data Subject”, “Processing”, “Personal Data”, and “Personal Data Breach” shall have the meanings ascribed to them in Data Protection Laws.
- “Client Personal Data” means any End User Personal Data subject to the Data Protection Laws that Client provides, transfers, or makes accessible to Liven Studio (WP Umbrella) in connection with the Services.
- “Data Protection Laws” means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.
3. Roles of the Parties
- Client is the Controller and Liven Studio (WP Umbrella) is the Processor with respect to Client Personal Data. Liven Studio (WP Umbrella) shall only Process Client Personal Data in accordance with Client’s documented instructions, which include the provisions of the Agreement, unless otherwise required to comply with any Data Protection Laws. We will inform you if, in our opinion, your instructions violate the Data Protection Laws.
- Client and Liven Studio (WP Umbrella) shall comply with the Data Protection Laws. Client shall obtain any required authorizations, consents, releases, or permissions, and provide all required privacy notices, regarding the Client Personal Data. For the avoidance of doubt, Client shall have sole responsibility for the accuracy, quality, and legality of all Client Personal Data and the bases on which it is collected from the Data Subject.
4. Nature, Purpose, and Duration of Processing
- Liven Studio (WP Umbrella) will Process Client Personal Data as necessary to perform the Services – which is generally limited to multiple WordPress websites management and related support – or to protect WP Umbrella’s legal rights, for the duration of the Agreement, unless otherwise agreed upon in writing.
- Client’s transfer of Client Personal Data to Liven Studio (WP Umbrella) in connection with the Services is determined and controlled by Client in its sole discretion.
- Liven Studio (WP Umbrella) may Process the following categories of Client Personal Data: any Personal Data collected, used, or otherwise Processed from End Users of Client Websites.
- Liven Studio (WP Umbrella) may Process Client Personal Data from the following categories of Data Subjects: End Users of Client Websites.
5. Cross-border Transfers
- Liven Studio (WP Umbrella) stores website backups on the Google Cloud Platform data center in Europe. You acknowledge, agree, and understand that all of your Client Personal Data will be automatically transferred and stored in the Google data center in Europe when you activate the backup feature.
- Client authorizes the transfer of Client Personal Data on the Google Cloud Platform data center, for the purpose of providing the Services.
- As the controller and/or exporter of Client Personal Data, Client is responsible for ensuring that any such transfers comply with the Data Protection Laws.
- Liven Studio (WP Umbrella) engages third-party subcontractors that Process Client Personal Data (“Sub-processors“) for the purposes of providing the Services. A current list of Sub-processors is available in Appendix A of this document. Client authorizes Liven Studio (WP Umbrella) to engage these Sub-processors for the purpose of providing the Services.
- Liven Studio (WP Umbrella) may update the Sub-processor List from time to time, and such updates shall be the sole means of providing notice of Sub-processor changes to Client. Client is responsible for regularly checking and reviewing the Sub-processor List. Client’s failure to object in writing to a new Sub-processor within fourteen (14) days of Liven Studio (WP Umbrella) posting of the new Sub-processor on the Sub-processor List shall constitute Client’s authorization of the new Sub-processor.
- If Liven Studio (WP Umbrella) determines in its sole discretion that it cannot reasonably accommodate Client’s timely objection to a Sub-processor, upon notice from Liven Studio (WP Umbrella), Client may choose to terminate the Agreement pursuant to the termination provisions in the Terms of Services which shall be Client’s sole and exclusive remedy.
7. Security and Impact Assessments
- Liven Studio (WP Umbrella) shall ensure that its personnel are subject to binding obligations of confidentiality with respect to Client Personal Data.
- Taking into account the state of the art, the costs of implementation and the nature, scope, context, and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of Data Subjects, Liven Studio (WP Umbrella) shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
- Taking into account the nature of Processing and the information available to Liven Studio (WP Umbrella), Liven Studio (WP Umbrella) shall assist the Client in ensuring compliance with Client’s obligations under the Data Protection Laws with respect to security, impact assessments, and consultations with supervisory authorities or regulators.
8. Personal Data Breach
- Taking into account the nature of Processing and the information available to Liven Studio (WP Umbrella), Liven Studio (WP Umbrella) shall assist the Client in ensuring compliance with Client’s obligations under the Data Protection Laws with respect to a Personal Data Breach.
- In the event of a discovered Personal Data Breach, Liven Studio (WP Umbrella) shall provide prompt notice to Client’s technical and account contacts using those means established for routine account-related communications.
- Our notice shall include the following information to the extent it is reasonably available to Liven Studio (WP Umbrella) at the time of the notice, and Liven Studio (WP Umbrella) shall update its notice as additional information becomes reasonably available: (a) the dates and times of the Personal Data Breach; (b) the basic facts that underlie the discovery of the Personal Data Breach, or the decision to begin an investigation into a suspected Personal Data Breach, as applicable; (c) a description of the Client Personal Data involved in the Personal Data Breach, either specifically, or by reference to the data set(s), and (d) the measures planned or underway to remedy or mitigate the vulnerability giving rise to the Personal Data Breach.
9. Data Subject Requests
- Taking into account the nature of the Processing, Liven Studio (WP Umbrella) shall assist Client by appropriate technical and organizational measures, insofar as this is possible, for the fulfillment of the Client’s obligation to respond to requests for exercising the Data Subject’s rights under the Data Protection Laws.
- Liven Studio (WP Umbrella) will promptly notify Client if we receive a request from a Data Subject to invoke their rights with respect to Client Personal Data, unless otherwise prohibited by applicable law; and, except to the extent required by applicable law, we will not independently take any action in response to a request from a Data Subject without Client’s prior written instruction.
10. Audit and Inspection
Subject to and conditioned on a written confidentiality and non-disclosure agreement, Liven Studio (WP Umbrella) shall provide Client with information reasonably necessary to demonstrate compliance with the obligations set forth in this DPA.
11. Deletion or Return of Client Personal Data
Upon proper termination of the Agreement and at the written direction of the Client, Liven Studio (WP Umbrella) shall take reasonable measures to delete Client Personal Data or return Client Personal Data and copies thereof to the Client.
List of Sub-processors
- OVH: We use OVH to host WP Umbrella’s application (European Servers).
Heroku: we use Heroku to host and manage our database (European Servers).
- Google Cloud Storage: We use Google Cloud Storage to save your backups (European Servers).
- Google Workspace: We use Google Workspace applications to process email communication and manage online documents.
- AnnounceKit: We use AnnounceKit to communicate about product updates.
- HelpScout: We use Intercom to communicate with our customers and provide support.
- Customers.io: Customers.io is an SMTP provider that sends transactional emails to Client email (downtime notifications, etc).
- Sentry: Used to troubleshoot issues on WP Umbrella’s application.
- Hotjar: We use hotjar to see how users interact with our application and new features.
- Slack: We use Slack for internal communication.