Updated Oct 14, 2012
AWProTools.com reserves the right to make changes to this Policy at any time and will post any revised Policy on this page. You will know we have changed the Policy when you see a new updated date at the top of this Policy. We encourage you to check the date of this Policy whenever you visit this Website and/or use the Service so that you will know when you need to review the Policy for modifications. Please note that this Policy applies to all information collected online by AWProTools.com whether through your use of the Website or your use of the Service.
III. COLLECTION AND USE OF INFORMATION
Personal information means information that can be used to identify and contact a person, including, but not limited to, a person's name, postal delivery address, e-mail address, user name, password, payment method (e.g., credit card or debit card) and telephone number, as well as other information when such information is combined with a person's personal information. When you register or use certain services available on our Website, we ask you to supply us with certain personal information (for both you and your customers) so that we can provide, enhance and personalize our services and marketing efforts.
For similar reasons, we may supplement the personal information you provide with publicly available information about you or your customers. We use this personal information to process your registration, your payments, and to communicate with you on these and other topics, as well as to provide you more specialized and focused services through the Service. We may also use your e-mail address to send you newsletters, promotional announcements, and consumer surveys. Please note that you cannot unsubscribe from certain correspondence from us, including messages relating to your account transactions.
We keep track of your interactions with us, including but not limited to your Website activity, your historical Service data, payment history and correspondence, as well as any other related activity. We use this information for such purposes as personalizing the Website to better reflect particular interests, tracking your level of activity, helping us quickly and efficiently respond to inquiries and requests and otherwise enhancing our Service for our customers. We also provide analyses of our users in the aggregate to prospective partners, advertisers and other third parties. We may also disclose and otherwise use, on an anonymous basis, website habits, commentary, reviews, historical Service data and other non-personal information about customers and the Service.
IV. VIEWING AND UPDATING YOUR INFORMATION
You are responsible for updating and maintaining the truth and accuracy of the personal information you provide to us relating to your account. If you want to update your contact information, you should do so by visiting your user profile located on our Website.
V. COOKIES AND OTHER TECHNOLOGY
As you browse the Website, cookies may be placed on your computer's hard drive. Cookies are small pieces of data that are sent to your browser from a Web server and stored on your hard drive for record keeping purposes. In general, cookies can make the Web more useful by storing information about your preferences on a particular site. Cookies in and of themselves do not personally identify users, although they do identify a user's computer. If your browser is set to not accept cookies, you may not be able to use particular services on the Website or offerings through the Service.
In addition to cookies, we may use other technologies, including pixel tags, to gather information on how our users interact with our Website and to otherwise help us efficiently operate and monitor our Website and Service. These technologies show us, for example, popular pages, conversion rates, click-throughs and other information that can be used to improve, operate and monitor our Website and our Service.
VI. DISCLOSURE OF PERSONAL INFORMATION
We use other companies, agents or contractors to perform services on our behalf. For example, we have partnered with other companies to personalize our web pages, process credit card transactions, collect debts, analyze and enhance data (including customers' interaction with our Website), and process consumer surveys. In the course of providing such services, these other companies may have access to your personal information or the personal information of your customers. These companies are not permitted to use such personal information except for the purpose of providing the services we request of them.
In addition, we often partner with third party companies, agents or contractors in order to offer joint promotions, advertisements, programs and marketing campaigns in which we believe our users (or their customers) may be interested. These companies are not permitted to use your personal information (or the personal information of your customers) except for the purpose of participating in the partnership arrangement for which AWProTools.com engages them.
NOTWITHSTANDING ANYTHING SET FORTH HEREIN TO THE CONTRARY, AWProTools.com RESERVES THE RIGHT TO USE YOUR PERSONAL INFORMATION AND THE PERSONAL INFORMATION OF YOUR CUSTOMERS (EXCLUSIVE OF ANY CREDIT CARD INFORMATION PROVIDED, IF ANY) FOR ANY LEGALLY PERMISSIBLE PURPOSE, IN AWProTools.com'S SOLE DISCRETION. AWProTools.com may use your (or your customers') personal information to provide promotional offers to individuals by means of email advertising, text/short message services, telephone marketing, direct mail marketing, online banner advertising, and package stuffers, among other possible uses.
You are responsible for maintaining the confidentiality of your account information and for restricting access to your computer or mobile device through which you access the Service. Users of public or shared computers or unprotected mobile devices should log out at the completion of each visit to our Website when you use the Service.
Unfortunately, no security system can be guaranteed to be 100% secure. Accordingly, we cannot guarantee the security of your personal information and cannot assume liability for improper access to it. By using the Service, or providing personal information to us through any means, you agree that we can communicate with you electronically regarding security, privacy, and administrative issues relating to your use of this Website.
Our address is 1495 Spalding Drive, Atlanta, GA, Attention: AWProTools.com Program Counsel.
DATA PROTECTION ADDENDUM
This Data Protection Addendum ("Addendum") is entered into as of May 24, 2018 (“Effective Date”) and forms part of the Terms of Service between Automailtion LLC ("Vendor") and You ("Company").
WHEREAS, in the course of providing the Services (defined below) to Company pursuant to the Services Agreement, the parties anticipate that Vendor may process Personal Data (defined below); and
WHERAS, the parties desire to set forth their mutual obligations and responsibilities concerning the processing of the Personal Data;
NOW THEREFORE, in consideration of the mutual obligations set out herein, the parties hereby agree that the terms and conditions set out below shall be added as an Addendum to the Services Agreement.
The terms used in this Addendum shall have the meanings set forth in this Addendum. Capitalized terms not otherwise defined herein shall have the meaning given to them in the Services Agreement. Except as modified below, the terms of the Services Agreement shall remain in full force and effect.
“Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control,” for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.
“Controller” means the entity which determines the purposes and means of the Processing of Personal Data.
“Data Protection Laws and Regulations” means all laws and regulations, including laws and regulations of the European Union, the European Economic Area and their member states, Switzerland and the United Kingdom, applicable to the Processing of Personal Data under the Services Agreement.
“Data Subject” means the identified or identifiable person to whom Personal Data relates.
“GDPR” means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
“Personal Data” means any information relating to an identified or identifiable natural person.
“Processing” or “Process” means any operation or set of operations which is performed upon Personal Data or on sets of Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Processor” means the entity which Processes Personal Data on behalf of the Controller.
“Services” unless otherwise specifically defined within the Services Agreement shall mean those services being performed by Vendor on behalf of Company pursuant to the terms and conditions of the Services Agreement.
“Standard Contractual Clauses” means the terms approved by the European Commission’s decision (C(2010)593) of 5 February 2010 on Standard Contractual Clauses for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection, as may be amended from time-to-time by the European Commission.
“Sub-processor” means any Processor engaged by Vendor to Process Personal Data according to the terms of this Addendum, in connection with the performance of the Services under the Services Agreement.
“Supervisory Authority” means an independent public authority which is established by an EU Member State pursuant to the GDPR
2. PROCESSING OF PERSONAL DATA
2.1. Roles of the Parties. The parties acknowledge and agree that with regard to the Processing of Personal Data in connection with the performance of the Services under the Services Agreement, Company is the Controller, Vendor is the Processor and Vendor may engage Sub-processors solely pursuant to the requirements set forth in Section 5 below.
2.2 Company’s Requests for Processing of Personal Data. Company shall, in its use of the Services, Process Personal Data in accordance with the requirements of Data Protection Laws and Regulations. For the avoidance of doubt, Company’s instructions for the Processing of Personal Data shall comply with Data Protection Laws and Regulations. Company shall have sole responsibility for the accuracy, quality, and legality of Personal Data and the means by which Company acquired Personal Data and transferred it to Vendor.
2.3 Vendor’s Processing of Personal Data. Unless required by applicable law, Vendor shall only Process Personal Data in accordance with Company’s documented instructions, and on its behalf, for the following purposes: (i) Processing in the performance of the Services in accordance with the Services Agreement; and (ii) Processing to comply with other reasonable documented instructions provided by Company where such instructions are consistent with the terms of the Services Agreement.
2.4 Details of the Processing. The subject-matter, the nature and purpose of the Processing of Personal Data by Vendor is the performance of the Services pursuant to the Services Agreement. The duration of the Processing of Personal Data by Vendor shall be for the Term of the Services Agreement. The types of Personal Data and categories of Data Subjects Processed under this Addendum are further specified in Schedule 1 (Details of the Processing) to this Addendum.
3. Vendor Personnel
3.1 Vendor shall take reasonable steps to ensure the reliability of any employee, agent or contractor who may have access to Personal Data, ensuring in each case that access is limited to those individuals who need to know, or have access to, the Personal Data for the performance of the Services in accordance with the terms of the Services Agreement, and to comply with applicable laws. Vendor shall ensure that its personnel engaged in the Processing of Personal Data are informed of the confidential nature of the Personal Data, have received appropriate training on their responsibilities, and have executed written confidentiality agreements.
4.1 Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Vendor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
4.2 In assessing the appropriate level of security, Vendor shall take into account in particular the risks that are presented by Processing, including protection against unauthorized or unlawful Processing and against accidental or unlawful destruction, loss or alteration or damage, unauthorized disclosure of, or access to, Personal Data.
5.1 Company hereby agrees that Vendor may appoint Sub-processors in accordance with this Section 5 in furtherance of the performance of the Services according to the terms and conditions of the Services Agreement.
5.2 Company acknowledges that it is aware of the Sub-processors currently engaged by Vendor and agrees that Vendor may continue to use any Sub-processors already engaged by Vendor as of the date of this Addendum. Vendor has entered into a written agreement with each Sub-processor containing data protection obligations not less protective than those in this Addendum with respect to the protection of Personal Data to the extent applicable to the nature of the services provided by such Sub-processor
5.3 Vendor shall give Company prior written notice of its intent to appoint any new Sub-processor during the Term of the Services Agreement, including full details of the Processing to be undertaken by the Sub-processor. If, within five (5) days of receipt of that notice, Company notifies Vendor in writing of any reasonably objections to the proposed appointment, the parties agree to work in good-faith to address the concerns raised by Company or identify an alternate Sub-processor. Vendor shall not provide any Personal Data to any new Sub-processor for Processing prior to the end of the five-day notice period or in the event Company reasonably objects to the appointment, until the parties have mutually resolved Company’s concerns.
5.4 Vendor shall ensure that each Sub-processor performs its obligations in a manner consistent with the terms of this Addendum and the Services Agreement. Vendor shall be liable for the acts and omissions of its Sub-processors to the same extent Vendor would be liable if performing the services of each Sub-processor directly under the terms of this Addendum.
6. Data Subject Rights
6.1 Taking into account the nature of the Processing, Vendor shall assist Company by implementing appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of the Company’s obligations to respond to requests to exercise Data Subject rights under the Data Protection Laws and Regulations.
6.2 To the extent legally permitted, Vendor shall promptly notify Company if Vendor receives a request from a Data Subject to exercise the Data Subject's right of access, right to rectification, restriction of Processing, erasure (“right to be forgotten”), data portability, object to the Processing, or its right not to be subject to an automated individual decision making (each a “Data Subject Request”). Vendor shall not respond to any Data Subject Requests except on the documented instructions of Company or as required by applicable laws.
6.3 To the extent Company does not have the ability to address a Data Subject Request, Vendor shall upon Company’s request provide commercially reasonable efforts to assist Company in responding to such Data Subject Request, to the extent Vendor is legally permitted to do so and the response to such Data Subject Request is required under Data Protection Laws and Regulations. Company shall be responsible for any costs arising from Vendor’s provision of such assistance.
7. Personal Data Breach
7.1 Vendor shall notify Company without undue delay upon Vendor or any Sub-processor becoming aware of a Personal Data Breach affecting Company Personal Data, providing Company with sufficient information to allow Company to meet any obligations to report or inform Data Subjects of the Personal Data Breach under the Data Protection Laws and Regulations.
7.2 Vendor shall cooperate with Company and take such reasonable commercial steps as are directed by Company to assist in the investigation, mitigation and remediation of each such Personal Data Breach.
8. Data Protection Impact Assessment and Prior Consultation
8.1 Vendor shall provide reasonable assistance to Company with any data protection impact assessments, and prior consultations with Supervising Authorities or other competent data privacy authorities, which Company reasonably considers to be required by the applicable Data Protection Laws and Regulations, in each case solely in relation to Processing of Company Personal Data by, and taking into account the nature of the Processing and information available to Vendor. Company shall be responsible for any costs arising from Vendor’s provision of such assistance.
Deletion or return of Company Personal Data
9.1 Subject to Section 9.2, upon termination of the Services Agreement between the parties, Company may by written notice to Vendor, require Vendor and any Sub-processor to (a) return a complete copy of all Company Personal Data to Company by secure file transfer; and/or (b) delete and procure the deletion of any other copies of Company Personal Data Processed by Vendor. Vendor shall promptly comply with such written requests. If Company has not provided a written request for the return of the Company Personal Data within thirty (30) days of the termination of the Services Agreement, Vendor shall be permitted to delete the Company Personal Data with no further liability to Company.
9.2 Vendor and any Sub-processor may retain Company Personal Data to the extent required by applicable laws and only to the extent and for such period as required by applicable laws and always provided that Vendor and each Sub-processor shall ensure the confidentiality of all such Company Personal Data and shall ensure that such Company Personal Data is only Processed as necessary for the purpose(s) specified in the applicable laws requiring its storage and for no other purpose.
10. Audit rights
10.1. Subjection to Section 10.2, Vendor shall make available to Company on request all information reasonably necessary to demonstrate compliance with this Addendum, and shall allow for and contribute to audits, including inspections, by Company or an auditor mandated by Company in relation to the Processing of Personal Data by Vendor for Company.
10.2 Company shall give Vendor reasonable notice of any audit or inspection to be conducted under section 10.1 and shall make (and ensure that each of its mandated auditors makes) reasonable endeavors to avoid causing any damage, injury or disruption to the Vendor's premises, equipment, personnel and business while its personnel are on those premises in the course of such an audit or inspection. Company shall conduct, or have such audits or inspections conducted during normal business hours, unless otherwise required under applicable law. Company shall only perform such audits or inspections no more than once per calendar year, unless the audit or inspection is required due to a Vendor’s breach of the terms of this Addendum or is expressly requested or required by a Supervisory Authority.
11. Restricted Transfers
11.1 To the extent that the Processing to be performed by Vendor in the performance of the Services involves the transfer of Personal Data from the European Economic Area to the United States, Company (as "data exporter") and Vendor (as "data importer") hereby enter into the Standard Contractual Clauses, as may be amended by the European Commission from time-to-time to ensure compliance with the Data Protection Laws and Regulations. In the event, during the Term of the Services Agreement, the Standard Clauses are deemed insufficient to allow for a transfer of Personal Data to the United States in compliance with the Data Protection Laws and Regulations, the parties agree to work together in good-faith to amend this Addendum as necessary to permit the necessary transfer of Personal Data.
12. Limitation of Liability
12.1 Each party’s liability arising out of or related to this Addendum, whether in contract, tort or under any other theory of liability, is subject to the Limitation of Liability section of the Services Agreement, and any reference in such section to the liability of a party means the aggregate liability of that party and all of its Affiliates under the Agreement and this Addendum together.
13. General Terms
13.1 Nothing in this Addendum reduces Vendor or Company's obligations under the Services Agreement in relation to the protection of Personal Data or permits Vendor to Process (or permit the Processing of) Personal Data in a manner which is prohibited by the Services Agreement. In the event of any conflict or inconsistency between this Addendum, the Services Agreement and the Standard Contractual Clauses, the Standard Contractual Clauses shall prevail, followed by the terms of the Addendum.
13.2 Should any provision of this Addendum be invalid or unenforceable, then the remainder of this Addendum shall remain valid and in force. The invalid or unenforceable provision shall be either (i) amended as necessary to ensure its validity and enforceability, while preserving the parties’ intentions as closely as possible or, if this is not possible, (ii) construed in a manner as if the invalid or unenforceable part had never been contained therein.
SCHEDULE 1: DETAILS OF PROCESSING OF COMPANY PERSONAL DATA
This Schedule 1 includes certain details of the Processing of Company Personal Data as required by Article 28(3) GDPR.
Subject matter and duration of the Processing of Company Personal Data
The subject matter and duration of the Processing of the Company Personal Data is set out in the Services Agreement between the parties.
The nature and purpose of the Processing of Company Personal Data
The nature and purpose of the Processing of the Company Personal Data is set out in the Services Agreement between the parties.
The types of Company Personal Data to be Processed
- Email addresses
- IP addresses
- Browser type
- URL query string
The categories of Data Subject to whom the Company Personal Data relates
- Company Customers
- Subscribers to Company mailing lists
The obligations and rights of Company and Company Affiliates
The obligations and rights of Company and Company Affiliates are set out in the Services Agreement and this Addendum