<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=3209473&amp;fmt=gif">
Skip to content
English - United States
Contact us
  • There are no suggestions because the search field is empty.

Styku Data Processing Agreement — International Data Transfer Mechanisms

Styku Data Processing Agreement — International Data Transfer Mechanisms

Summary

For cross-border transfers of personal data subject to European, UK, or Swiss data protection laws, Styku relies on the Data Privacy Framework and/or Standard Contractual Clauses (SCCs) as legal transfer mechanisms. The specific SCC module applied depends on whether Styku is acting as a Processor or Controller and whether EU, UK, or Swiss law applies. If these mechanisms become unavailable, Styku will work to adopt alternative compliant transfer mechanisms.

Full Policy Text

Transfer Mechanisms Where the transfer of Customer Personal Data or Controller Personal Data between the parties involves a Restricted Transfer and European Data Protection Laws require putting in place appropriate safeguards, Styku and Customer will comply with the following:

Data Privacy Framework Styku, LLC. participates in and certifies compliance with the Data Privacy Framework. Where and to the extent the Data Privacy Framework applies, Styku, Inc will use the Data Privacy Framework to lawfully receive Customer Personal Data and Controller Personal Data in the United States and will provide at least the same level of protection to such data as is required by the Data Privacy Framework Principles. We will inform you if we are unable to comply with this requirement.

Standard Contractual Clauses If European Data Protection Laws require that appropriate safeguards are put in place (for example, if the Data Privacy Framework does not cover the transfer and/or the Data Privacy Framework is invalidated), the Standard Contractual Clauses will be incorporated by reference and form part of the Agreement as follows:

(A) In relation to Customer Personal Data that Styku Processes as a Processor (i) the Module Two terms apply to the extent Customer is a Controller and the Module Three terms apply to the extent Customer is a Processor of Customer Personal Data; (ii) in Clause 7, the optional docking clause applies; (iii) in Clause 9, Option 2 applies and changes to Sub-Processors will be notified in accordance with the 'Sub-Processors' section of this DPA; (iv) in Clause 11, the optional language is deleted; (v) in Clauses 17 and 18, the parties agree that the governing law and forum for disputes for the Standard Contractual Clauses will be determined in accordance with the 'Contracting Entity; Applicable Law; Notice' section of the Jurisdiction Specific Terms or, if such section does not specify an EU Member State, the Republic of Ireland (without reference to conflicts of law principles); (vi) the Annexes of the Standard Contractual Clauses will be deemed completed with the information set out in the Annexes of this DPA; and (vii) the supervisory authority that will act as competent supervisory authority will be determined in accordance with GDPR.

(B) In relation to Controller Personal Data for which Styku and Customer are each a Controller (i) the Module One terms apply; (ii) in Clause 7, the optional docking clause applies; (iii) in Clause 11, the optional language is deleted; (iv) in Clauses 17 and 18, the parties agree that the governing law and forum for disputes for the Standard Contractual Clauses will be determined in accordance with the 'Contracting Entity; Applicable Law; Notice' section of the Jurisdiction Specific Terms or, if such section does not specify an EU Member State, the Republic of Ireland (without reference to conflicts of law principles); (v) the Annexes of the Standard Contractual Clauses will be deemed completed with the information set out in the Annexes of this DPA; and (vi) the supervisory authority that will act as competent supervisory authority will be the Irish Data Protection Commission.

(C) In relation to Customer Personal Data and Controller Personal Data that is subject to the UK GDPR, the Standard Contractual Clauses will apply in accordance with sub-section (A) and the following modifications (i) the Standard Contractual Clauses will be modified and interpreted in accordance with the UK Addendum, which will be incorporated by reference and form an integral part of the Agreement; (ii) Tables 1, 2 and 3 of the UK Addendum will be deemed completed with the information set out in the Annexes of this DPA and Table 4 will be deemed completed by selecting "neither party"; and (iii) any conflict between the terms of the Standard Contractual Clauses and the UK Addendum will be resolved in accordance with Section 10 and Section 11 of the UK Addendum.

(D) In relation to Customer Personal Data and Controller Personal Data that is subject to the Swiss DPA, the Standard Contractual Clauses will apply in accordance with sub-section (A) and the following modifications (i) references to "Regulation (EU) 2016/679" will be interpreted as references to the Swiss DPA; (ii) references to "EU," "Union," and "Member State law" will be interpreted as references to Swiss law; and (iii) references to the "competent supervisory authority" and "competent courts" will be replaced with the "the Swiss Federal Data Protection and Information Commissioner" and the "relevant courts in Switzerland."

(E) In relation to Customer Personal Data that Styku Processes as a Processor, you agree that by complying with our obligations under the 'Sub-Processors' section of this DPA, Styku, Inc. fulfills its obligations under Section 9 of the Standard Contractual Clauses. For the purposes of Clause 9(c) of the Standard Contractual Clauses, you acknowledge that we may be restricted from disclosing Sub-Processor agreements but we will use reasonable efforts to require any Sub-Processor we appoint to permit it to disclose the Sub-Processor agreement to you and will provide (on a confidential basis) all information we reasonably can. You also acknowledge and agree that you will exercise your audit rights under Clause 8.9 of the Standard Contractual Clauses by instructing us to comply with the measures described in the 'Demonstration of Compliance' section of this DPA.

(F) If and to the extent the Standard Contractual Clauses conflict with any provision of this DPA, the Standard Contractual Clauses will prevail to the extent of such conflict. Where the Styku contracting entity under the Agreement is not Styku, Inc., such contracting entity (not Styku, Inc.) will remain fully and solely responsible and liable to you for the performance of the Standard Contractual Clauses by Styku, Inc., and you will direct any instructions, claims or enquiries in relation to the Standard Contractual Clauses to such contracting entity. If Styku cannot comply with its obligations under the Standard Contractual Clauses for any reason, and you intend to suspend or terminate the transfer of Personal Data to Styku, you agree to provide us with reasonable notice to enable us to cure such non-compliance and reasonably cooperate with us to identify what additional safeguards, if any, may be implemented to remedy such noncompliance. If we have not or cannot cure the non-compliance, you may suspend or terminate the affected part of the Subscription Service in accordance with the Agreement without liability to either party (but without prejudice to any fees you have incurred prior to such suspension or termination).

Alternative Transfer Mechanism In the event that Styku is required to adopt an alternative transfer mechanism under European Data Protection Laws, in addition to or other than the mechanisms described above, such alternative transfer mechanism will apply automatically instead of the mechanisms described in this DPA (but only to the extent such alternative transfer mechanism complies with European Data Protection Laws), and you agree to execute such other documents or take such action as may be reasonably necessary to give legal effect such alternative transfer mechanism.

Applies to: All Styku customers