Styku Data Processing Agreement — Styku's Obligations as a Data Processor
Styku Data Processing Agreement — Styku's Obligations as a Data Processor
Summary
Styku will only process customer personal data according to customer instructions or as required by law, and will maintain appropriate technical and organizational security measures. Styku ensures all authorized personnel are bound by confidentiality obligations. In the event of a data breach, Styku will notify the customer without undue delay and provide assistance in notifying relevant authorities and affected individuals as required by law.
Full Policy Text
Compliance with Instructions
We will only Process Customer Personal Data for the purposes described in this DPA or as otherwise agreed within the scope of your lawful Instructions, except where and to the extent otherwise required by applicable law. We are not responsible for compliance with any Data Protection Laws applicable to you or your industry that are not generally applicable to us.
Conflict of Laws
If we become aware that we cannot Process Customer Personal Data in accordance with your Instructions due to a legal requirement under any applicable law, we will (i) promptly notify you of that legal requirement to the extent permitted by the applicable law; and (ii) where necessary, cease all Processing (other than merely storing and maintaining the security of the affected Customer Personal Data) until such time as you issue new Instructions with which we are able to comply. If this provision is invoked, we will not be liable to you under the Agreement for any failure to perform the applicable Subscription Services until such time as you issue new lawful Instructions with regard to the Processing.
Security
We will implement and maintain appropriate technical and organizational measures to protect Customer Personal Data from Customer Personal Data Breaches, as described under Annex 2 to this DPA ("Security Measures"). Notwithstanding any provision to the contrary, we may modify or update the Security Measures at our discretion provided that such modification or update does not result in a material degradation in the protection offered by the Security Measures.
Confidentiality
We will ensure that any personnel whom we authorize to Process Customer Personal Data on our behalf is subject to appropriate confidentiality obligations (whether a contractual or statutory duty) with respect to that Customer Personal Data.
Customer Personal Data Breaches
We will notify you without undue delay after we become aware of any Customer Personal Data Breach and will provide timely information relating to the Customer Personal Data Breach as it becomes known or reasonably requested by you. At your request, we will promptly provide you with such reasonable assistance as necessary to enable you to notify relevant Customer Personal Data Breaches to competent authorities and/or affected Data Subjects, if you are required to do so under Data Protection Laws.
Deletion or Return of Customer Personal Data
We may delete or return a portion of or all Customer Data, including Customer Personal Data (including copies thereof) Processed pursuant to this DPA, on termination or expiration of your Subscription Service in accordance with the procedures set out in our Product Specific Terms. This term will apply except where we are required by applicable law to retain some or all of the Customer Data, or where we have archived Customer Data on back-up systems, which data we will securely isolate and protect from any further Processing and delete in accordance with our deletion practices. You may request the deletion of your Styku account after expiration or termination of your subscription by completing the form at https://www.styku.com/delete-my-information.
Applies to: All Styku customers