Data Processing Addendum
Data Processing Addendum
This Data Processing Addendum (the “Addendum”) forms part of the Starboard Suite Standard Terms (located at https://www.starboardsuite.com/terms) and the Subscription Agreement between you (“Client”) and D3 Studios, Inc., a California corporation dba Starboard Suite (“Starboard”) (collectively, the “Agreement”). Capitalized terms not defined in the Addendum have the meanings given in the Agreement.
- Definitions. The following terms have the meanings given:
- “Applicable Law” means the California Consumer Privacy Act, the GDPR, and any applicable laws of (a) the United Sates, (b) any state, commonwealth or district located in the United States, and (c) any locality located in the United States.
- “CCPA” means the California Consumer Privacy Act.
- “Client Personal Data” means any Personal Data or Personal Information Processed by Starboard on behalf of Client pursuant to or in connection with the Agreement.
- “GDPR” means EU General Data Protection Regulation 2016/679.
- “Permitted Purpose” means the performance of the Services by Starboard.
- “Services” means the services performed by or on behalf of Starboard for Client pursuant to the Agreement.
- “Sub-processor” means any person appointed by or on behalf of Starboard to Process Client Personal Data in connection with the Agreement.
- The terms “Data Subject”, “Personal Data”, “Personal Data Breach”, and “Processing” (and the variants of “Process” and “Processed”) have the same meaning as in the GDPR.
- The terms “Consumer”, “Personal Information”, and “Verifiable Consumer Request” have the same meaning as in the CCPA.
- Processing. Client instructs Starboard to Process Client Personal Data for the Permitted Purpose. Starboard will not Process Client Personal Data other than on the documented instructions of Client, unless Processing is required by Applicable Law, in which case Starboard shall (to the extent permitted by Applicable Law) inform Client of that legal requirement before the Processing of that Client Personal Data. Client retains control of the Client Personal Data and remains responsible for its compliance obligations under Applicable Law, including (i) providing any required notices, (ii) obtaining any required consents, and (iii) any processing instructions it gives to Starboard. Client acknowledges that Starboard is under no duty to investigate the completeness, accuracy, or sufficiency of any specific Client instructions other than as required by Applicable Law.
- CCPA Deletion Request. Starboard will notify Client, within five days, if Starboard receives a Verifiable Consumer Request to delete Client Personal Data under the CCPA (a “Deletion Request”). Client is responsible for acknowledging and responding to all Deletion Requests. Client is also responsible for determining whether it may retain any Client Personal Data included in a Deletion Request, and notifying the Consumer of any such retention. Starboard has no responsibility for (i) acknowledgment of a Deletion Request, (ii) response to any Deletion Request, or (iii) determination of whether Client Personal Data may be retained.
- Confidentiality. Starboard will treat Client Personal Data as Client’s Confidential Information.
- Security. Starboard and Client shall each, in relation to the Client Personal Data, implement appropriate technical and organizational measures to ensure a level of security appropriate to that risk.
- Cooperation. Starboard shall (at Client’s expense) provide reasonable cooperation for Client to respond to the following in accordance with Client’s obligations under Applicable Law: (a) any request from a Data Subject to exercise their rights under the GDPR; (b) any request from a Consumer to exercise their rights under the CCPA; (c) any other correspondence received from a Data Subject, Consumer, or governmental authority in connection with the Processing of the Client Personal Data; or (d) any Personal Data Breach with respect to Client Personal Data. In the event that any such request or correspondence is made directly to Starboard, or if Starboard becomes aware of a Personal Data Breach with respect to Client Personal Data, Starboard shall promptly notify Client of the same.
- Audit; Data Protection Impact Assessment. On reasonable prior written notice and subject to the confidentiality obligations of the Agreement, Client may audit Starboard’s compliance with this Addendum. Starboard shall (at Client’s expense) reasonably cooperate with Client’s obligation to perform any data protection impact assessment under Applicable Law.
- Deletion or Return of Client Personal Data. Upon termination or expiration of the Agreement, Starboard shall, if directed by Client, destroy or return to Client all Client Personal Data in its possession or control. This requirement shall not apply to the extent that Starboard is required by Applicable Law to retain Client Personal Data, or to Client Personal Data Starboard has archived on back-up systems. Starboard will securely isolate and protect such baked-up Client Personal Data from any further Processing.
- Sub-processors; Client Processors. Client consents to the Processing of their Customer’s Personal Data for the Permitted Purpose by the following subcontractors:
- For hosting, Amazon Web Services.
- For payment processing, the Service works with Stripe, Square and Authorize.net; however, each Client processes payments through their own merchant account with these payment providers, and Starboard does not have access to payment card details.
- To monitor usage, identify potential issues and provide technical support, Mixpanel, Intercom, UpScope, StatusPage, PagerDuty and Google Analytics.
- To send email, MailChimp and Mandrill.
- To facilitate integrations with third-party services at Client’s behest.
Clients are able to sync data to their own accounts with third-party services, including MailChimp, Constant Contact, SmartWaiver, Google Analytics, Trip Advisor, Viator, Google Ads, AdRoll and Facebook.
Starboard may contract with additional subcontractors, and Client consents to the Processing of Client’s Customer’s Personal Data by those additional subcontractors, upon Starboard providing Client with email notice of such additional subcontractors.
- Agreement. This Addendum is subject to the Agreement. Any conflict between the terms of this Addendum and the Agreement shall be resolved in favor of this Addendum.
August 31, 2020