In the coming months, we expect EU data protection authorities to issue additional guidance on the CJEU`s decision, including additional measures for those who transfer data based on THE COLLECTIVE AGREEMENT. In addition, the current form of the CTCs was drafted before the entry into force of the GDPR and will be updated at a specific time. We will continue to closely monitor future guidelines to stay informed and assess whether we need to make changes to our existing practices. Depending on the country you reside in, you may have the following privacy rights: You can export data about individual contacts from your Mailchimp account, which can help you prove your consent and respond to access requests. We are also developing and publishing tools that make it easier for our users to manage their customers` data appropriately. (b) Processor (Data Importer): Mailchimp, a Georgia limited liability company whose official name is The Rocket Science Group LLC d/b/a Mailchimp. “Agreement” means mailchimp`s Terms of Use or other written or electronic agreements governing the provision of the Service to Customer, as such terms or agreements may be updated from time to time. We take all necessary steps to ensure that our agreements with our international third-party service providers (including sub-processors) contain appropriate obligations of such third parties with respect to the transfer and processing of European data outside Europe and that we put in place an appropriate and lawful data transfer mechanism (e.g. B, the standard contractual clauses) and, if necessary, additional safeguards. Up-to-date information about the subcontractors we use can be found here. Clause 5(a) and Clause 5(b): Suspension of Data Transfers and Termination (g) Categories of Data Subjects: (i) Members and (ii) Contacts, each as defined in Mailchimp`s Privacy Policy.
storage and any other processing necessary to provide, maintain and improve the service provided to the Customer in accordance with the Agreement; and/or deletion or return upon termination. Upon termination or expiration of the Agreement, Mailchimp (at Customer`s option) will delete or return to Customer all Customer Data (including copies) in its possession or control, except that this requirement does not apply to the extent that Mailchimp is required by applicable law to provide all or part of the Customer Data or Customer Data, that it has archived on backup systems. what customer data Mailchimp securely isolates, protects against further processing, and ultimately deletes it in accordance with Mailchimp`s deletion policy, unless required by applicable law. Mailchimp is headquartered in the United States and has offices in the United States and our servers are also located in the United States. This means that the data we process may be transferred, stored or processed in the United States. In addition, we use third-party service providers who process personal data on our behalf to provide services to Mailchimp and their servers may be located outside the EU/UK. A complete list of the subcontractors we use to process our users` data, as well as details about their location, can be found here. We take steps to ensure that our suppliers provide adequate safeguards to protect the personal data they process on our behalf and contractually require them to process such data in accordance with applicable data protection laws. (c) Purpose: The purpose of the data processing under this DPA is customer data. 2.4 Customer`s Compliance with Regulations. Customer represents and warrants that (i) it has complied and will continue to comply with all applicable laws, including data protection laws, with respect to the processing of Customer Data and any processing instructions it gives to Mailchimp; and (ii) it has provided and will continue to provide all notices and has obtained and will continue to obtain all consents and rights required by Mailchimp`s data protection laws to process Customer Data for the purposes described in the Agreement.
The Customer is solely responsible for the accuracy, quality and legality of the Customer Data and the means by which the Customer acquired the Customer Data. Without prejudice to the generality of the foregoing, Customer agrees to be responsible for compliance with all laws (including data protection laws) applicable to campaigns (as defined in the Agreement) or any other content created, sent or managed through the Service, including those that rely on obtaining consent (if necessary) to send emails, obtain the content of the emails and their email delivery practices. Mailchimp provides an email service, automation and marketing platform, and other related services, as further described in the Agreement. The purpose of the data processing within the framework of this DPA is the customer`s data. Customer data is processed in accordance with the Agreement (including this DPA) and may be subject to the following processing activities: If a contact objects to the processing of their personal data, you may delete them from your Mailchimp account at any time. You can also opt out of including your contacts` data in our data analytics project by changing your account privacy settings. If we do not have a continued legitimate business need to process your personal data, we will delete or anonymize it or, if this is not possible (for example. B, because your personal data has been stored in backup archives), we will store your personal data securely and isolate it from further processing until deletion is possible. We may use the information we collect through our Mailchimp websites and in connection with our marketing events and activities (alone or in combination with other information we collect) for a number of reasons based on our legitimate interests, including: As described above, for much of the personal information we collect and process through contacts through the Service; we act as a subcontractor on behalf of our members. In such cases, if you are a contact and wish to exercise the data protection rights you have under applicable law, or if you have any questions or concerns about how your personal data is processed by Mailchimp as a processor on behalf of our individual members, you must contact the relevant member using the Mailchimp Service.
and refer to their separate privacy policies. 6.3 Transfers of European data. To the extent that Mailchimp is a recipient of Customer Data protected by EU data protection laws (“EU Data”) in a country outside europe that is not recognized as the recipient of an adequate level of protection of personal data (as described in applicable European data protection legislation), the parties agree that: If you no longer wish to be contacted by one of our Members via our Service, please unsubscribe directly from that Member`s newsletter or contact the Member directly to update or delete your information. If you contact us directly, we can either forward your request to the member in question or provide you with the identity of the member so that you can contact them directly. 8.1 Data Subject Requests. As part of the Service, Mailchimp provides Customer with a number of self-service features that Customer may use to retrieve, correct, delete, or restrict the use of Customer Data, which Customer may use to assist Customer in fulfilling its obligations under data protection laws with respect to responding to data subject requests through Customer`s account at no additional cost. In addition, given the nature of the processing, Mailchimp will, to the extent possible, provide Customer with appropriate additional assistance to enable it to comply with its data protection obligations with respect to the data subject`s rights under data protection laws. In the event that such a request is addressed directly to Mailchimp, Mailchimp will not respond directly to such notice unless it is appropriate (e.B. to ask the data subject to contact the customer) or as required by law, without the prior consent of the customer. If Mailchimp is required to respond to such a request, Mailchimp will promptly notify Customer and provide Customer with a copy of the request, unless mailchimp objects by law. For the avoidance of doubt, nothing in the Agreement (including this DPA) prevents or prevents Mailchimp from responding to requests from data subjects or data protection authorities regarding personal data for which Mailchimp is a controller. “Sensitive Data” means (a) the Social Security number, tax number, passport number, driver`s license number or similar identifier (or part thereof); (b) credit or debit card number (other than the truncated number (last four digits) of a credit or debit card); (c) employment, financial, credit, genetic, biometric or health information; (d) racial, ethnic, political or religious affiliation, trade union membership, information on sex life, sexual orientation or criminal record; (e) Account Passwords; or (f) other information that falls within the definition of “special categories of data” under applicable data protection laws.
.
