Data Processing Addendum

This Data Processing Addendum (“DPA”) applies whenever it is incorporated by reference into the Terms of Service (“Agreement”) between you and Kind Words Online. Capitalized terms used but not defined in this DPA have the meanings given to them in the Agreement.

1. Purpose and scope

In the course of providing the Offerings to you under the Agreement, Kind Words Online will Process Customer Data on your behalf. Customer Data may include Personal Data. This DPA reflects the parties’ agreement relating to the Processing of Customer Data in accordance with the requirements of Data Protection Laws and Regulations. This DPA will control in the event of any conflict with the Agreement.

2. Definitions

2.1 “Data Controller” means the entity that determines the purposes and means of Processing of Personal Data.

2.2 “Data Processor” means the entity that Processes Personal Data on behalf of the Data Controller.

2.3 “Data Protection Laws and Regulations” means any applicable data protection laws and regulations applicable to the Processing of Personal Data under the Agreement, including the applicable laws and regulations of the European Union, the European Economic Area and their member states, and Switzerland.

2.4 “Data Subject” means the individual to whom Personal Data relates.

2.5 “Personal Data” means any information relating to an identifiable or identified individual.

2.6 “Processing”, “Processes” or “Process” means any operation or set of operations performed upon Personal Data whether or not by automated means, such as collection, recording, organization, storage, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, erasure, or destruction.

2.7 “Sub-processor” means Kind Words Online’s Affiliates or other third-party service providers that Process Customer Data for Kind Words Online.

3. Processing of customer data

3.1 Data Processing Roles. As between you and Kind Words Online, you are the Data Controller of Customer Data and Kind Words Online is the Data Processor. You control the categories of Data Subjects and Personal Data Processed under the Agreement. Kind Words Online has no knowledge of, or control over, the Personal Data that you provide for Processing. You are solely responsible for the accuracy, quality, and legality of the Customer Data and the means by which you acquired the Customer Data.

3.2 Data Processing Instructions. This DPA and the Agreement are your complete and final instructions to Kind Words Online for the Processing of Customer Data. You and Kind Words Online must agree on any additional or alternate instructions. Kind Words Online will inform you if, in Kind Words Online's opinion, your instructions violate Data Protection Laws and Regulations. Kind Words Online will process Customer Data: (1) in accordance with the Agreement (including all documents incorporated in the Agreement), and (2) to comply with other reasonable instructions you provide to Form Nerd (including by email) where your instructions are consistent with the Agreement. Kind Words Online will not otherwise disclose Customer Data to third parties unless required to do so by applicable law, in which case Kind Words Online will inform you in advance unless Kind Words Online is prohibited from doing so. Kind Words Online will not Process Customer Data for any other purpose unless you instruct Kind Words Online.

4. Rights of data subjects

4.1 Correction, Blocking and Deletion. If you do not have the ability to amend, block, or delete Customer Data as required by Data Protections Laws and Regulations, you can provide written instructions to Kind Words Online to act on your behalf. Kind Words Online will follow your instructions to the extent they are technically feasible and legally permissible. You will pay Kind Words Online’s costs of providing this assistance.

4.2 Data Subject Requests. If permitted, Kind Words Online will promptly notify you of any request from a Data Subject for access to, correction, amendment, or deletion of that Data Subject’s Personal Data. Kind Words Online will not respond to any Data Subject request without your prior written consent, except to confirm that the request relates to you.

4.3 Cooperation and Assistance. Kind Words Online will assist you to address any request, complaint, notice, or communication you receive relating to Kind Words Online’s Processing of Customer Data received from (A) a Data Subject whose Personal Data is contained within the Customer Data, or (B) any applicable data protection authority. Kind Words Online will also assist you with your reasonable requests for information to confirm compliance with this DPA or to conduct a privacy impact assessment. You will pay Form Nerd’s costs of providing assistance if the assistance exceeds the services provided under the Agreement.

5. Kind Words Online personnel

5.1 Confidentiality. Kind Words Online informs its personnel engaged in the Processing of Customer Data about the confidential nature of such Customer Data. These personnel receive appropriate training on their responsibilities and are subject to written agreements with confidentiality obligations that survive the termination of their relationship with Kind Words Online.

5.2 Limitation of Access. Kind Words Online ensures that access to Customer Data is limited to those personnel who require access to Process Customer Data under the Agreement.

6. Sub-processors

6.1 Authorization. You expressly authorize Kind Words Online to use Sub-processors to perform specific services on Kind Words Online’s behalf to enable Kind Words Online to perform its obligations under the Agreement. Form Nerd has agreements with its Sub-processors that contain obligations substantially similar Kind Words Online’s obligations under this DPA. Kind Words Online is responsible to you for Kind Words Online’s Sub-processor’s compliance with the terms of the Agreement.

6.2 Notice and Objection. Kind Words Online will notify you of changes to its Sub-processors upon written request. You have a right to reasonably object to Kind Words Online’s use of a new Sub-processor by notifying Kind Words Online in writing within 10 business days after receipt of Kind Words Online’s notice. If you do so, Kind Words Online will use reasonable efforts to change the affected Software or Cloud Service, or recommend a commercially reasonable change to your configuration or use of the affected Software or Cloud Service, to avoid Processing of Customer Data by the new Sub-processor. If Kind Words Online is unable to make or recommend such a change within a reasonable period of time, not to exceed 60 days, you may terminate your Subscription Term with Kind Words Online. You must provide written notice of termination to Kind Words Online in accordance with the Agreement. Kind Words Online will promptly refund you the fees applicable to the unused portion of the Subscription Term for the terminated offering.

7. Security

7.1 Controls for the Protection of Customer Data. Kind Words Online maintains appropriate administrative, technical and organizational safeguards to protect Customer Data from unauthorized or unlawful Processing, from accidental loss, destruction, or damage. Kind Words Online’s obligations are described at https://kindwords.online/terms

7.2 "Incident" means a security event that compromises the integrity, confidentiality or availability of an information asset. Kind Words Online has an incident response plan and team to assess, escalate, and respond to identified physical and cyber security Incidents that impact the organization or customers or result in data loss. Kind Words Online reviews and updates this plan annually and as needed throughout the year. The incident response team resolves intrusions and vulnerabilities upon discovery and in accordance with the established procedures.

7.3 "Breach" means an Incident that results in the confirmed disclosure, not just potential exposure, of data to an unauthorized party. If Form Nerd determines that an Incident has led to a Breach, Kind Words Online will follow its breach notification process. Incident management and escalation procedures exist to ensure that Kind Words Online addresses system issues, problems and security-related events, in a timely manner, and that all Incidents are logged, prioritized, and resolved based on established criteria and severity levels.

7.4 If there is a Breach involving your Customer Data, Kind Words Online will (A) notify you within 72 hours of discovery of the breach, (B) reasonably cooperate with you with respect to any such breach, and (C) take appropriate corrective action to mitigate any risks or damages involved with the breach to protect your Customer Data from further compromise. Kind Words Online will take any other actions that may be required by applicable law as a result of the Breach.

8. Return and deletion of customer data

Under the Agreement, Kind Words Online will provide you an opportunity to retrieve Customer Data at the end of a Subscription Term and will then delete the Customer Data in accordance with the Documentation.

Changes

Kind Words Online may periodically update this policy. We will notify you about significant changes in the way we treat personal information by sending a notice to the primary email address specified in your Kind Words Online primary account holder account or by placing a prominent notice on our site.

Contact

If you have any questions about this DPA you can email us at [email protected].