Data Processing Addendum
This Data Processing Addendum (this “Addendum”), dated as of July 18, 2024, is entered into by and between LetzChat, Inc. (“LetzChat”) and its clients (each a “Party”; collectively, the “Parties”).
Definitions
For purposes of this Addendum, the following definitions apply:
- “Business” means an individual who, or entity that, alone or jointly determines the purpose and means of Processing Personal Data. “Business” includes “Controller” and analogous terms under Privacy Laws.
- “Data Subject” means an identified or identifiable natural person. “Data Subject” includes “Consumer” and analogous terms under Privacy Laws.
- “Deidentified Data” means data that cannot reasonably be used to infer information about, or otherwise be linked to, a Data Subject and where such data is processed only in accordance with Section 5 of this Addendum.
- “Personal Data” means information provided by or on behalf of LetzChat's clients, or collected by LetzChat on behalf of its clients, in connection with LetzChat’s performance of Services and that relates to an identified or identifiable household or living individual. “Personal Data” includes “Personal Information” and analogous terms under Privacy Laws.
- “Privacy Laws” means all laws, regulations, and rules relating to privacy and data protection applicable to the Processing of Personal Data in connection with LetzChat’s provision of Services under an Agreement, as amended from time to time, including but not limited to Cal. Civ. Code §§ 1798.100 et seq. (the California Consumer Privacy Act of 2018) as amended by the California Privacy Rights Act of 2020.
- “Processing” and variations thereof (e.g., “Process”) means any operation or set of operations that are performed on Personal Data or on sets of Personal Data, whether or not by automated means. “Processing” includes collection, storage, use, transfer, compiling, organization, classification, and deidentification of Personal Data.
- “Service Provider” means an individual who, or entity that, Processes Personal Data on behalf of a Business. “Service Provider” includes “Processor” and analogous terms as defined under Privacy Laws.
Relationship
With respect to Personal Data, LetzChat acknowledges that its clients are the Business and LetzChat Processes (and/or will Process) Personal Data as a Service Provider on behalf of its clients. LetzChat acknowledges that its clients are disclosing, or authorizing LetzChat to collect on their behalf or otherwise making available, Personal Data in connection with an Agreement only for the limited and specified purposes set forth in such Agreement and this Addendum.
Processing Requirements
LetzChat shall:
- Process Personal Data only as set forth in an Agreement and this Addendum.
- Process Personal Data at all times in compliance with Privacy Laws, including by providing no less than the level of privacy protection as required by Privacy Laws.
- Ensure that each person Processing Personal Data is subject to a duty of confidentiality with respect to the Personal Data.
LetzChat shall not:
- Retain, use, disclose, or otherwise Process Personal Data except as necessary for the business purposes set forth in an Agreement or this Addendum.
- “Sell” or “Share” Personal Data, as those terms are defined by Privacy Laws.
- Retain, use, disclose, or otherwise Process Personal Data in any manner other than for the direct business relationship between LetzChat and its clients.
- Combine any Personal Data with personal data that LetzChat receives from or on behalf of any other third party or collects from LetzChat’s own interactions with Data Subjects, except that LetzChat may so combine Personal Data for a purpose permitted under Privacy Laws if directed to do so by its clients or as otherwise expressly permitted by Privacy Laws.
Additional Rights and Obligations
LetzChat agrees to allow for and cooperate with any reasonable and appropriate audits, inspections, assessments, or other steps (collectively, “Assessments”) to be performed by its clients or their designated independent assessor (which assessor shall not be a competitor of LetzChat) that its clients deem reasonably necessary to confirm that LetzChat Processes Personal Data in a manner consistent with the obligations under Privacy Laws and this Addendum. Any Assessment performed under this Section 4(a) shall occur no more than once every twelve months, will be conducted during regular business hours and so as not to cause unreasonable disruption to LetzChat’s operations, upon not less than 30 days’ prior notice, and at the client's expense; provided, however, that LetzChat shall bear its expenses in the event the Assessment reveals any material non-compliance by LetzChat with Privacy Laws or this Addendum.
LetzChat may, upon providing reasonable notice to its clients, take reasonable and appropriate steps to prevent, stop, or remediate any unauthorized Processing of Personal Data.
LetzChat agrees to notify its clients if it determines that it can no longer comply with Privacy Laws or its obligations under an Agreement or this Addendum, not later than five business days after it makes such determination.
LetzChat shall not subcontract any Processing of Personal Data to any other person or entity (a “Subprocessor”) without first notifying its clients that it intends to engage a Subprocessor and providing an opportunity to object, and ensuring that such subcontracting is pursuant to a written contract that binds the Subprocessor to terms that are (1) compliant with Privacy Laws; and (2) substantially similar to, and no less protective than, the terms imposed on LetzChat by this Addendum.
If LetzChat receives a request from a Data Subject relating to Personal Data or any rights that potentially arise under Privacy Laws, LetzChat shall immediately notify its clients of such request via email at the contact provided, and in any event not longer than three business days after receipt of such request. LetzChat agrees to reasonably cooperate with its clients in fulfilling Data Subject requests to exercise rights afforded to Data Subjects by Privacy Laws, including by assisting with appropriate technical and organizational measures to facilitate or complete such requests.
In addition to and without limiting LetzChat’s obligations under the Agreements, LetzChat shall implement reasonable physical, technical, and administrative safeguards and other security measures to:
- Ensure a level of security appropriate to the risks related to the Processing of Personal Data in LetzChat’s possession, custody, or control.
- Protect against any unauthorized, accidental, or unlawful acquisition, destruction, loss, alteration, copying, disclosure, access, use, or other Processing of any such Personal Data (a “Security Incident”).
If LetzChat discovers or is notified of any Security Incident, LetzChat will immediately:
- notify the client's designated contact of such Security Incident, but in no case later than three business days after LetzChat has become aware of the Security Incident; and
- if the applicable Personal Information was in the possession of LetzChat at the time of such Security Incident, LetzChat shall:
- start an investigation of the Security Incident and take all appropriate actions to remediate the effects of the Security Incident and mitigate any risks that may arise from the Security Incident, and
- make reasonable efforts to preserve all records and other evidence relating to the Security Incident. The client may disclose the occurrence of a Security Incident as required by law or deemed necessary in their sole discretion (acting reasonably), including, as applicable, any substitute notice required by law (“Notifications”). LetzChat shall reasonably cooperate in good faith with its clients in handling any Security Incident, including without limitation any investigation, reporting, the timing and manner of any Notifications, or other obligations required by applicable law or regulation, or as otherwise reasonably required by its clients to respond to and mitigate any damages caused by the Security Incident solely to the extent required by applicable law. Subject always to the limitations of liability in this Addendum, LetzChat agrees to reimburse its clients for any costs and losses incurred in connection with a Security Incident.
Upon written request by the client (and without any such request, upon the termination or expiration of an Agreement), LetzChat will promptly delete all Personal Data that has been Processed pursuant to such Agreement (and, at the client’s request, shall certify such deletion has occurred), unless retention of such Personal Data is required by law.
Deidentified Data
To the extent LetzChat's clients disclose or otherwise make available Deidentified Data to LetzChat, or to the extent LetzChat creates Deidentified Data from Personal Data, LetzChat shall:
- Adopt reasonable measures to prevent such Deidentified Data from being used to infer information about, or otherwise being linked to, a particular natural person or household;
- Publicly commit to maintain and use such Deidentified Data in a deidentified form and to not attempt to re-identify the Deidentified Data, except that LetzChat may attempt to re-identify the data solely for the purpose of determining whether its deidentification processes are compliant with Privacy Laws; and
- Before sharing Deidentified Data with any other party, including Subprocessors, contractors, or any other persons (“Recipients”), contractually obligate any such Recipients to comply with all requirements of this Section 5 of the Addendum (including imposing this requirement on any further Recipients).
LetzChat shall remain fully liable for any failure by LetzChat or its employees, Subprocessors, agents, or contractors to comply with obligations relating to Deidentified Data.
Information Security Guidelines
LetzChat warrants that it has adopted, documented, implemented, and shall adhere to commercially reasonable written information security guidelines for maintaining security controls to protect Personal Data against accidental, unauthorized, or unlawful destruction, loss, alteration, disclosure, and access, and against all other unlawful activities and shall reasonably discuss such guidelines with its clients. LetzChat’s information security guidelines shall include physical, organizational, administrative, and technical controls. The controls should relate to the collection, maintenance (including access rights), transmittal, and disposal of Personal Data, and should include training, oversight, tests for vulnerabilities, system checks, and measures to prevent and detect unauthorized access. LetzChat’s information security guidelines must include, at a minimum:
- A written plan and the development of measures to detect, assess, manage, and prevent system failures;
- A regular assessment of internal and external data security risks, including risks to the security, confidentiality, and integrity of electronic, paper, and other records containing Personal Data and revision of guidelines to address identified risks;
- Protection of business facilities, paper files, servers, computing equipment, including without limitation all mobile devices and other equipment with information storage capabilities, and backup systems containing Personal Data;
- Network, application (including databases), and platform security;
- Secure transmission and storage of Personal Information;
- Authentication and access control mechanisms over Personal Data, media, applications, operating systems, and equipment;
- Storage limitations such that Personal Data resides only on servers and in data centers that comply with industry standard data center security controls, and restrictions to ensure that personal information files are not placed on any notebook hard drive or removable media, such as compact discs or flash drives, unless encrypted;
- Notice and incident response procedures.
Description of the Processing
LetzChat is authorized to Process Personal Data for the following business purposes (and only these purposes):
Providing language translation services for dealers and individuals who use its clients’ text and messaging service and the related message-management platform.
LetzChat represents and warrants that the following categories of Personal Data are the only Personal Data that will be processed in connection with the Agreements:
The content of the Messages, to the extent that such content constitutes, or includes, Personal Data.
Personal Data may be processed for the duration of an Agreement.
Indemnity
LetzChat agrees to indemnify and defend at its own expense its clients and their affiliates against all liabilities, costs, claims, damages, or expenses incurred by its clients or for which its clients may become liable due to any failure by LetzChat or its employees or agents to comply with any of its obligations under this Addendum (including any claim, demand, or cause of action or other proceeding made or brought by a third party).
General
This Addendum shall constitute an amendment to each of the Agreements, and each of the representations, warranties, and covenants set forth herein shall be deemed incorporated therein. Except as expressly amended by this Addendum, each Agreement shall continue in full force and effect in accordance with its terms.
In the event of any conflict or inconsistency between the terms of an Agreement and this Addendum, the terms of this Addendum shall control.
LetzChat agrees to execute all specific assignments, oaths, declarations, deeds, provisions, amendments, or other instruments, and to do all acts necessary, proper, or advisable, in each case, that are reasonably requested by its clients or their authorized representatives to effectuate the purposes of this Addendum.
Create your free account and
start exploring the language landscape today
Language Analytics & Translations Free • Premium Support offered
Our friendly pack is here every day via live chat, howl, or email.
Take it for a romp around the park. If it doesn't suit your path, no worries!