Programa Data Processing Addendum

Last Updated: August 25, 2024

1. Definitions

  1. We are an Australian based company and we adhere to the obligations of the Australian Privacy Act as a starting point. As we offer our platform and services to users globally, we also carefully consider and where possible enact practices and obligations for users based in regions with alternative regulatory regimes and requirements.
  2. Denpro Pty Ltd (trading as Programa) is the controller of your personal data, unless otherwise specified.
  3. “European Data Protection Laws” means European Union Regulation 2016/679 (the “General Data Protection Regulation”), the UK Data Protection Act 2018 (“DPA”), the UK General Data Protection Regulation as defined by the DPA as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (together with the DPA, the “UK GDPR”), and any relevant law, statute, regulation, rule or other binding instrument which implements the above or otherwise relates to data protection, privacy, data security or the processing of Personal Data in any European member state or the United Kingdom, in each case as applicable and in force, and as amended, consolidated, re-enacted or replaced from time to time.
  4. “Personal Data” shall be interpreted in accordance with Australian Data Protection Laws, as applicable, and relating to an identifiable or identified individual who visits or engages in transactions with your account (a “Customer”), which Programa Processes as a Data Processor or Service Provider (as defined under such laws) in the course of providing you, as a Data Controller or Business (as defined under such laws), with the Services. The term “Personal Data” shall also include “Personal Information” as defined under US Data Protection Laws. Notwithstanding the foregoing sentence, Personal Data does not include information that Programa processes in the context of services that it provides directly to a user as part of the Terms of Service.
  5. “US Data Protection Laws” means the California Consumer Privacy Act as amended by the California Privacy Rights Act (“CCPA”), the Virginia Consumer Data Protection Act (“VCDPA”), the Colorado Privacy Act (“CPA”), the Utah Consumer Privacy Act (“UCPA”) the Connecticut Act Concerning Personal Data Privacy and Online Monitoring (“CTDPA”), and other similar comprehensive state privacy laws that place obligations on a Business or Controller in relation to Personal Data (as defined under such laws), and any relevant regulation, rule or other binding instrument which implements such laws, in each case as applicable and in force, and as amended, consolidated, re-enacted or replaced from time to time.
  6. All other capitalised terms in this Addendum shall have the same definition as in the Terms of Service.

2. Details of Processing

The parties agree that the Definitions of this Addendum describes the subject matter and details of the processing of Personal Data. Programa may aggregate, anonymize or de-identify Personal Data and process such data for the purposes set out in the Definitions or as otherwise permitted by applicable law. To the extent Programa receives from you Personal Data that has been Deidentified (as defined in the General section of this Addendum), Programa will maintain and use the data only in a Deidentified fashion.

 

3. European Union and United Kingdom

  1. This section applies only to the extent that Programa’s Processing of Personal Data is subject to European Data Protection Laws. In this section, “Data Processor”, “Data Controller”, “Data Subject”, “Processing”, “Subprocessor”, and “Supervisory Authority” shall be interpreted in accordance with the European Data Protection Laws.
  2. You acknowledge that Programa acts as an independent Data Controller with regards to personal data that it collects from consumers in connection with its consumer-facing applications and services.
  3. Where a Data Subject is located in the European Economic Area or the United Kingdom, that Data Subject’s Personal Data will be Processed by Denpro Pty Ltd (trading as Programa), unless otherwise specified. As part of providing the Services, this Personal Data may be transferred to other regions, including to the United States. Such transfers will be completed in compliance with relevant Data Protection Legislation.
  4. When Programa Processes Personal Data in the course of providing the Services, Programa will:
    1. Process the Personal Data as a Data Processor and/or Service Provider, only for the purpose of providing the Services in accordance with documented instructions from you (provided that such instructions are commensurate with the functionalities of the Services), and as may subsequently be agreed to by you. If Programa is required by law to Process the Personal Data for any other purpose, Programa will provide you with prior notice of this requirement, unless Programa is prohibited by law from providing such notice;
    2. Notify you if, in Programa’s opinion, your instruction for the Processing of Personal Data infringes applicable European Data Protection Laws;
    3. Notify you promptly, to the extent permitted by law, upon receiving an inquiry or complaint from a Supervisory Authority relating to Programa’s Processing of the Personal Data;
    4. Implement reasonable technical and organisational measures enabling you to execute requests relating to your Customer’s Personal Data that you are obligated to fulfil;
    5. Implement and maintain appropriate technical and organisational measures to protect the Personal Data against unauthorised or unlawful processing and against accidental loss, destruction, damage, theft, alteration or disclosure. These measures shall be appropriate to the harm which might result from any unauthorised or unlawful processing, accidental loss, destruction, damage or theft of Personal Data and appropriate to the nature of the Personal Data which is to be protected;
    6. Upon request, provide reasonable information to help you complete your data protection impact assessments and prior consultations with regulatory authorities;
    7. Provide you, upon request, with up-to-date attestations, reports or extracts thereof where available from a source charged with auditing Programa’s data protection practices (e.g. external auditors, internal audit, data protection auditors), or suitable certifications, to enable you to assess compliance with the terms of this Addendum;
    8. Notify you without undue delay upon becoming aware of and confirming any accidental, unauthorised, or unlawful processing of, disclosure of, or access to the Personal Data;
    9. Ensure that its personnel who access the Personal Data are subject to confidentiality obligations; and
    10. Upon termination of the Agreement, Programa will promptly initiate its purge process to delete or anonymise the Personal Data.
  5. In the course of providing the Services, you acknowledge and hereby grant Programa general written authorisation to use Subprocessors to Process the Personal Data. Programa’s use of any specific Subprocessor to process the Personal Data must be in compliance with European Data Protection Laws and must be governed by a contract between Programa and Subprocessor that requires comparable protections to this Data Processing Addendum. If you object to the appointment of a Subprocessor you may terminate this agreement in accordance with the Terms of Service, if applicable.
  6. You warrant that you have complied and continue to comply with European Data Protection Laws, in particular, you have obtained any necessary consents or given any necessary notices and otherwise have a legitimate ground to disclose data to Programa and enable the processing of Personal Data by Programa as set out in this Agreement.

4. US Users / Consumers

  1. This section applies only to the extent that, for purposes of the US Data Protection Laws, you are a Business or Controller and in the course of providing the Services, Programa processes Personal Data about US User / Consumers that is subject to US Data Protection Laws. In this section, “Business”, “Business Purpose”, “Commercial Purpose”, “Controller”, “Deidentified”, “Processor”, “Sell”, “Sale”, “Service Provider” shall have the meanings ascribed to them in US Data Protection Laws, and “Share” shall have the meaning ascribed to it in the CCPA, are incorporated herein by reference.
  2. With respect to such Personal Data, and to the extent required by applicable US Data Protection Laws, Programa will:
    1. Process Personal Data as a Service Provider and/or Processor on your behalf to provide the Services or as otherwise permitted by US Data Protection Laws;
    2. Not retain, use or disclose Personal Data outside its direct business relationship with you or for any purpose other than to provide the Services, including retaining, using or disclosing such Personal Data for a Commercial Purpose other than performing the Business Purposes described in the Agreement, or as otherwise permitted by US Data Protection Laws;
    3. Not Sell or Share such Personal Data;
    4. Not combine Personal Data collected in connection with performing the Services with Personal Data received from another source or collected from its own interactions with the individual, except to perform the Services, with consent or direction, or as otherwise permitted by US Data Protection Laws;
    5. In connection with processing the Personal Data, comply with provisions of the US Data Protection Laws applicable to Service Providers or Processors, including providing the same level of privacy protection required of Businesses or Controllers by the US Data Protection Laws, and notify you if it determines it can no longer meet these obligations. You may, upon receiving such a notice, take reasonable and appropriate steps to stop and remediate any unauthorised use of Personal Data by Programa;
    6. Only engage subcontractors to process Personal Data on its behalf pursuant to a written contract that requires comparable protections to this Data Processing Addendum. In the course of providing the Services, you acknowledge and hereby grant Programa general written authorisation to use subcontractors to Process the Personal Data. Programa’s use of any specific Subprocessor to process the Personal Data must be in compliance with US Data Protection Laws and must be governed by a contract between Programa and Subcontractor that requires comparable protections to this Data Processing Addendum. If Programa appoints a new subcontractor or intends to make changes concerning the addition or replacement of subcontractors, you will have seven (7) days from the date of the update to object to the change. In the event we do not receive a response from you, the change will be deemed to be accepted. If you object to the appointment of a subcontractor you may terminate this agreement in accordance with the Terms of Service, if applicable.
    7. Ensure that its personnel who process the Personal Data are subject to confidentiality obligations with respect to such information;
    8. Take reasonable and appropriate steps, upon reasonable written notice from you and subject to the confidentiality obligations set out in the Agreement, to assist you with confirming that Programa’s use of Personal Data is consistent with your obligations under US Data Protection Laws;
    9. Upon request, provide a report of a reasonable assessment of Programa’s policies and technical and organisational measures in support of its obligations under applicable US Data Protection Laws using an appropriate and accepted control standard or framework and assessment procedure for such assessments; and
    10. Upon termination of the Terms of Service, Programa will promptly initiate its purge process to delete or Deidentify the Personal Data.
  3. You represent and warrant that you:
    1. Have obtained any necessary consents, rights and authorisations and given any necessary notices to individuals regarding your disclosure of Personal Data to Programa to enable Programa’s processing of Personal Data to provide the Services, as required by applicable law;
    2. Will not share with Programa any Personal Data of any individual subject to the US Data Protection Laws who has exercised an opt-out that you have committed to honouring;
    3. Will not share with Programa sensitive data of any US User / Consumer who has not consented to the processing of their sensitive data;
    4. Inform Programa of any rights requests individuals make to you pursuant to US Data Protection Laws that Programa must comply with and provide the information necessary for Programa to comply with the requests; and
    5. Be solely liable for your compliance with such laws.
  4. You and Programa agree that the existence of this Addendum does not constitute an admission that sharing of Personal Data constitutes a Sale or a Share.

5. General

  1. In the event of any conflict or inconsistency between the provisions of the Terms of Service and this Addendum, the provisions of this Addendum shall prevail, unless such provisions contradict a requirement under applicable law, in which case such requirement shall prevail. For avoidance of doubt and to the extent allowed by applicable law, any and all liability under this Addendum, including limitations thereof, will be governed by the relevant provisions of the Agreement. You acknowledge and agree that Programa may amend this Addendum from time to time by posting the relevant amended and restated Addendum on Programa’s website, and such amendments to the Addendum are effective as of the date of posting. Your continued use of the Services after the amended Addendum is posted to Programa’s website constitutes your agreement to, and acceptance of, the amended Addendum. If you do not agree to any changes to the Addendum, do not continue to use the Service.
  2. Save as specifically modified and amended in this Addendum, all of the terms, provisions and requirements contained in the Agreement shall remain in full force and effect and govern this Addendum. If any provision of the Addendum is held illegal or unenforceable in a judicial proceeding, such provision shall be severed and shall be inoperative, and the remainder of this Addendum shall remain operative and binding on the parties.
  3. The terms of this Addendum shall be governed by and interpreted in accordance with the laws of the Australia applicable therein, without regard to principles of conflicts of laws. The parties irrevocably and unconditionally submit to the exclusive jurisdiction of the courts of Victoria, Australia with respect to any dispute or claim arising out of or in connection with this Addendum.

Appendix 1: Details of Processing

  • Nature and purpose of processing: To provide and improve the Services under the Programa Terms of Service and any other terms that this Addendum is incorporated into, provide any related support to Customer, as otherwise permitted under European Data Protection Laws or US Data Protection Laws, as applicable, or as initiated by you from time to time.
  • Subject Matter, Types of Personal Data and Categories of Data Subjects: Personal Data relating to Customers and Users.
  • Duration of processing: The term of this Addendum plus the period from the end of the term until deletion of all Customer and/or User Personal Data by Programa in accordance with its obligations under this Addendum.
Try Programa for free with a 7 day trial

Try Programa for free with a 7 day trial

Join the world’s best studios

Programa Data Processing Addendum

 

Last Updated on: 25 August, 2024

 

1. Definitions

 

  1. We are an Australian based company and we adhere to the obligations of the Australian Privacy Act as a starting point. As we offer our platform and services to users globally, we also carefully consider and where possible enact practices and obligations for users based in regions with alternative regulatory regimes and requirements.
  2. Denpro Pty Ltd (trading as Programa) is the controller of your personal data, unless otherwise specified.
  3. “European Data Protection Laws” means European Union Regulation 2016/679 (the “General Data Protection Regulation”), the UK Data Protection Act 2018 (“DPA”), the UK General Data Protection Regulation as defined by the DPA as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (together with the DPA, the “UK GDPR”), and any relevant law, statute, regulation, rule or other binding instrument which implements the above or otherwise relates to data protection, privacy, data security or the processing of Personal Data in any European member state or the United Kingdom, in each case as applicable and in force, and as amended, consolidated, re-enacted or replaced from time to time.
  4. “Personal Data” shall be interpreted in accordance with Australian Data Protection Laws, as applicable, and relating to an identifiable or identified individual who visits or engages in transactions with your account (a “Customer”), which Programa Processes as a Data Processor or Service Provider (as defined under such laws) in the course of providing you, as a Data Controller or Business (as defined under such laws), with the Services. The term “Personal Data” shall also include “Personal Information” as defined under US Data Protection Laws. Notwithstanding the foregoing sentence, Personal Data does not include information that Programa processes in the context of services that it provides directly to a user as part of the Terms of Service.
  5. “US Data Protection Laws” means the California Consumer Privacy Act as amended by the California Privacy Rights Act (“CCPA”), the Virginia Consumer Data Protection Act (“VCDPA”), the Colorado Privacy Act (“CPA”), the Utah Consumer Privacy Act (“UCPA”) the Connecticut Act Concerning Personal Data Privacy and Online Monitoring (“CTDPA”), and other similar comprehensive state privacy laws that place obligations on a Business or Controller in relation to Personal Data (as defined under such laws), and any relevant regulation, rule or other binding instrument which implements such laws, in each case as applicable and in force, and as amended, consolidated, re-enacted or replaced from time to time.
  6. All other capitalised terms in this Addendum shall have the same definition as in the Terms of Service.

2. Details of Processing

The parties agree that the Definitions of this Addendum describes the subject matter and details of the processing of Personal Data. Programa may aggregate, anonymize or de-identify Personal Data and process such data for the purposes set out in the Definitions or as otherwise permitted by applicable law. To the extent Programa receives from you Personal Data that has been Deidentified (as defined in the General section of this Addendum), Programa will maintain and use the data only in a Deidentified fashion.

 

3. European Union and United Kingdom

  1. This section applies only to the extent that Programa’s Processing of Personal Data is subject to European Data Protection Laws. In this section, “Data Processor”, “Data Controller”, “Data Subject”, “Processing”, “Subprocessor”, and “Supervisory Authority” shall be interpreted in accordance with the European Data Protection Laws.
  2. You acknowledge that Programa acts as an independent Data Controller with regards to personal data that it collects from consumers in connection with its consumer-facing applications and services.
  3. Where a Data Subject is located in the European Economic Area or the United Kingdom, that Data Subject’s Personal Data will be Processed by Denpro Pty Ltd (trading as Programa), unless otherwise specified. As part of providing the Services, this Personal Data may be transferred to other regions, including to the United States. Such transfers will be completed in compliance with relevant Data Protection Legislation.
  4. When Programa Processes Personal Data in the course of providing the Services, Programa will:
    1. Process the Personal Data as a Data Processor and/or Service Provider, only for the purpose of providing the Services in accordance with documented instructions from you (provided that such instructions are commensurate with the functionalities of the Services), and as may subsequently be agreed to by you. If Programa is required by law to Process the Personal Data for any other purpose, Programa will provide you with prior notice of this requirement, unless Programa is prohibited by law from providing such notice;
    2. Notify you if, in Programa’s opinion, your instruction for the Processing of Personal Data infringes applicable European Data Protection Laws;
    3. Notify you promptly, to the extent permitted by law, upon receiving an inquiry or complaint from a Supervisory Authority relating to Programa’s Processing of the Personal Data;
    4. Implement reasonable technical and organisational measures enabling you to execute requests relating to your Customer’s Personal Data that you are obligated to fulfil;
    5. Implement and maintain appropriate technical and organisational measures to protect the Personal Data against unauthorised or unlawful processing and against accidental loss, destruction, damage, theft, alteration or disclosure. These measures shall be appropriate to the harm which might result from any unauthorised or unlawful processing, accidental loss, destruction, damage or theft of Personal Data and appropriate to the nature of the Personal Data which is to be protected;
    6. Upon request, provide reasonable information to help you complete your data protection impact assessments and prior consultations with regulatory authorities;
    7. Provide you, upon request, with up-to-date attestations, reports or extracts thereof where available from a source charged with auditing Programa’s data protection practices (e.g. external auditors, internal audit, data protection auditors), or suitable certifications, to enable you to assess compliance with the terms of this Addendum;
    8. Notify you without undue delay upon becoming aware of and confirming any accidental, unauthorised, or unlawful processing of, disclosure of, or access to the Personal Data;
    9. Ensure that its personnel who access the Personal Data are subject to confidentiality obligations; and
    10. Upon termination of the Agreement, Programa will promptly initiate its purge process to delete or anonymise the Personal Data.
  5. In the course of providing the Services, you acknowledge and hereby grant Programa general written authorisation to use Subprocessors to Process the Personal Data. Programa’s use of any specific Subprocessor to process the Personal Data must be in compliance with European Data Protection Laws and must be governed by a contract between Programa and Subprocessor that requires comparable protections to this Data Processing Addendum. If you object to the appointment of a Subprocessor you may terminate this agreement in accordance with the Terms of Service, if applicable.
  6. You warrant that you have complied and continue to comply with European Data Protection Laws, in particular, you have obtained any necessary consents or given any necessary notices and otherwise have a legitimate ground to disclose data to Programa and enable the processing of Personal Data by Programa as set out in this Agreement.

4. US Users / Consumers

  1. This section applies only to the extent that, for purposes of the US Data Protection Laws, you are a Business or Controller and in the course of providing the Services, Programa processes Personal Data about US User / Consumers that is subject to US Data Protection Laws. In this section, “Business”, “Business Purpose”, “Commercial Purpose”, “Controller”, “Deidentified”, “Processor”, “Sell”, “Sale”, “Service Provider” shall have the meanings ascribed to them in US Data Protection Laws, and “Share” shall have the meaning ascribed to it in the CCPA, are incorporated herein by reference.
  2. With respect to such Personal Data, and to the extent required by applicable US Data Protection Laws, Programa will:
    1. Process Personal Data as a Service Provider and/or Processor on your behalf to provide the Services or as otherwise permitted by US Data Protection Laws;
    2. Not retain, use or disclose Personal Data outside its direct business relationship with you or for any purpose other than to provide the Services, including retaining, using or disclosing such Personal Data for a Commercial Purpose other than performing the Business Purposes described in the Agreement, or as otherwise permitted by US Data Protection Laws;
    3. Not Sell or Share such Personal Data;
    4. Not combine Personal Data collected in connection with performing the Services with Personal Data received from another source or collected from its own interactions with the individual, except to perform the Services, with consent or direction, or as otherwise permitted by US Data Protection Laws;
    5. In connection with processing the Personal Data, comply with provisions of the US Data Protection Laws applicable to Service Providers or Processors, including providing the same level of privacy protection required of Businesses or Controllers by the US Data Protection Laws, and notify you if it determines it can no longer meet these obligations. You may, upon receiving such a notice, take reasonable and appropriate steps to stop and remediate any unauthorised use of Personal Data by Programa;
    6. Only engage subcontractors to process Personal Data on its behalf pursuant to a written contract that requires comparable protections to this Data Processing Addendum. In the course of providing the Services, you acknowledge and hereby grant Programa general written authorisation to use subcontractors to Process the Personal Data. Programa’s use of any specific Subprocessor to process the Personal Data must be in compliance with US Data Protection Laws and must be governed by a contract between Programa and Subcontractor that requires comparable protections to this Data Processing Addendum. If Programa appoints a new subcontractor or intends to make changes concerning the addition or replacement of subcontractors, you will have seven (7) days from the date of the update to object to the change. In the event we do not receive a response from you, the change will be deemed to be accepted. If you object to the appointment of a subcontractor you may terminate this agreement in accordance with the Terms of Service, if applicable.
    7. Ensure that its personnel who process the Personal Data are subject to confidentiality obligations with respect to such information;
    8. Take reasonable and appropriate steps, upon reasonable written notice from you and subject to the confidentiality obligations set out in the Agreement, to assist you with confirming that Programa’s use of Personal Data is consistent with your obligations under US Data Protection Laws;
    9. Upon request, provide a report of a reasonable assessment of Programa’s policies and technical and organisational measures in support of its obligations under applicable US Data Protection Laws using an appropriate and accepted control standard or framework and assessment procedure for such assessments; and
    10. Upon termination of the Terms of Service, Programa will promptly initiate its purge process to delete or Deidentify the Personal Data.
  3. You represent and warrant that you:
    1. Have obtained any necessary consents, rights and authorisations and given any necessary notices to individuals regarding your disclosure of Personal Data to Programa to enable Programa’s processing of Personal Data to provide the Services, as required by applicable law;
    2. Will not share with Programa any Personal Data of any individual subject to the US Data Protection Laws who has exercised an opt-out that you have committed to honouring;
    3. Will not share with Programa sensitive data of any US User / Consumer who has not consented to the processing of their sensitive data;
    4. Inform Programa of any rights requests individuals make to you pursuant to US Data Protection Laws that Programa must comply with and provide the information necessary for Programa to comply with the requests; and
    5. Be solely liable for your compliance with such laws.
  4. You and Programa agree that the existence of this Addendum does not constitute an admission that sharing of Personal Data constitutes a Sale or a Share.

5. General

  1. In the event of any conflict or inconsistency between the provisions of the Terms of Service and this Addendum, the provisions of this Addendum shall prevail, unless such provisions contradict a requirement under applicable law, in which case such requirement shall prevail. For avoidance of doubt and to the extent allowed by applicable law, any and all liability under this Addendum, including limitations thereof, will be governed by the relevant provisions of the Agreement. You acknowledge and agree that Programa may amend this Addendum from time to time by posting the relevant amended and restated Addendum on Programa’s website, and such amendments to the Addendum are effective as of the date of posting. Your continued use of the Services after the amended Addendum is posted to Programa’s website constitutes your agreement to, and acceptance of, the amended Addendum. If you do not agree to any changes to the Addendum, do not continue to use the Service.
  2. Save as specifically modified and amended in this Addendum, all of the terms, provisions and requirements contained in the Agreement shall remain in full force and effect and govern this Addendum. If any provision of the Addendum is held illegal or unenforceable in a judicial proceeding, such provision shall be severed and shall be inoperative, and the remainder of this Addendum shall remain operative and binding on the parties.
  3. The terms of this Addendum shall be governed by and interpreted in accordance with the laws of the Australia applicable therein, without regard to principles of conflicts of laws. The parties irrevocably and unconditionally submit to the exclusive jurisdiction of the courts of Victoria, Australia with respect to any dispute or claim arising out of or in connection with this Addendum.

Appendix 1: Details of Processing

  • Nature and purpose of processing: To provide and improve the Services under the Programa Terms of Service and any other terms that this Addendum is incorporated into, provide any related support to Customer, as otherwise permitted under European Data Protection Laws or US Data Protection Laws, as applicable, or as initiated by you from time to time.
  • Subject Matter, Types of Personal Data and Categories of Data Subjects: Personal Data relating to Customers and Users.
  • Duration of processing: The term of this Addendum plus the period from the end of the term until deletion of all Customer and/or User Personal Data by Programa in accordance with its obligations under this Addendum.