Data Processing Agreement

This Data Processing Agreement (“DPA”) is entered into between Live Summer, Inc. (“Provider”) and the individual or entity that has agreed to the SummerOS Terms and Conditions (the “Agreement”) available at https://summeros.com/legal/terms-and-conditions/ (“Customer”). As stated in the Agreement, this DPA is made part or and incorporated into the Agreement. Provider and Customer are together the “Parties”, and each a “Party”. This DPA shall govern all transfers and Processing of data between Provider and Customer. 

In the course of Provider providing products and services to Customer, pursuant to the Agreement, Customer may disclose, and Provider may Process, data, including personal information, on behalf of Customer. The parties agree to comply with the provisions of this DPA with respect to the Processing of all Personal Data collected on behalf of or submitted by Customer in relation to the provision or receipt of products and/or services. The parties also agree to comply with all applicable Data Protection Laws (as defined herein).

DEFINITIONS

“Authorized Persons” means Provider employees, contractors, agents, customers, and auditors who have a need-to-know or otherwise access Personal Data to enable Provider to perform its obligations under the Agreement and this DPA.

“Personal Data” means any personal data or personal information, as defined by Data Protection Laws, that Provider processes on behalf of Customer.

“Data Protection Laws” means any means any law, statute, subordinate legislation, regulation, order, mandatory guidance or code of practice, judgment of a relevant court of law, or directives or requirements of any Regulatory Authority body which relates to the protection of individuals with regard to the Processing of data, whether in effect now or in the future. It shall include, but is not limited to, the California Consumer Privacy Act and California Privacy Rights Act (“CPRA”); the Virginia Consumer Data Protection Act (“VCDPA”); the Colorado Privacy Act (“CPA”); the Connecticut Data Privacy Act (“CDPA”); the Utah Consumer Privacy Act (“UCPA”); the European Union General Data Protection Regulation (EU) 2016/679 (“GDPR”); and the other data protection laws and regulations of the European Union, the European Economic Area and their member states, and the United Kingdom.

“Data Subject Request” means a request made by a Data Subject, consumer, or other individual conferred rights under Data Protection Laws.

“Affiliate”, “Business Purpose”, “Consent”, “Contractor”, “Consumer”, “Personal Information”, “Controller”, “Processor”, “Processing”, “Data Subject”, “Personal Data”, “Sensitive Data”, “Special Categories of Data”, and “Sub-processor” if appearing in this DPA shall have the same meaning as in the Data Protection Laws.

“Regulatory Authority” means any local, state, national, or multinational agency, department, official, parliament, public or statutory person, government or professional body, regulatory authority or supervisory authority, or board or other body responsible for administering Data Protection Laws.

“Security Incident” means any data breach as defined by applicable Data Protection Laws, or any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data on systems managed or otherwise controlled by Customer.

1. ROLES OF THE PARTIES

1.1 Provider will Process Personal Data under this DPA as a Processor in accordance with Attachment A.

1.2 Provider will not collect, use, retain, disclose, sell, or otherwise make Personal Data available for any purpose other than for the specific purposes set forth in the Agreement. 

2. RESPONSIBILITY AND TERM

2.1 Provider will Process Personal Data only as set forth by Customer for the term set forth in the Summer Software as a Service Agreement. 

2.2 Provider will maintain the confidentiality of the Personal Data and will not disclose the Personal Data to third parties unless the Customer, the Agreement, or this DPA specifically authorizes the disclosure, or as required by domestic law, court, or Regulatory Authority. 

2.3 Provider will reasonably assist Customer with meeting compliance obligations under Data Protection Laws.

3. REPRESENTATIONS AND WARRANTIES

1. Customer represents and warrants that:

1. Customer has complied, and will continue to comply, with all applicable laws, including Data Protection Laws, in respect of its processing of Personal Data and any processing instructions it issues to Provider; 
2. Customer has provided, and will continue to provide, all notice and has obtained, and will continue to obtain, all consents and rights necessary under Data Protection Laws for Provider to process Personal Data for the purposes described in the Agreement;
3. Customer has the sole responsibility for the accuracy, quality, and legality of Personal Data and the means by which Customer acquired Personal Data;
4. Customer has ensured that Provider’s processing of the Personal Data in accordance with Customer’s instructions will not cause Provider to violate any applicable law, regulation, or rule, including, without limitation, Data Protection Laws;
5. Customer will only give Provider the minimum necessary amount of Personal Data necessary to achieve the purposes of the Agreement and this DPA; and
6. Customer will only give Provider Personal Data in compliance with this DPA.
7. Any Personal Data Customer provides to or processes via Provider-provided products or services does not and will not contain any Social Security numbers or other government-issued identification numbers; protected health information subject to the Health Insurance Portability and Accountability Act (HIPAA), other information regarding an individual’s medical history, mental or physical condition, or medical treatment or diagnosis by a health care professional, or other health-related data subject to protection under applicable laws and regulations; health insurance information; biometric information; passwords for online accounts; credentials to any financial accounts; tax return data; any payment card information subject to the Payment Card Industry Data Security Standard; personal data of children under 13 years of age; or any other information that falls within any special categories of data or is considered sensitive information (as defined in Applicable Data Protection Laws).

4. AUTHORIZED PERSONS

4.1 Provider will take reasonable steps to ensure the reliability, integrity, and trustworthiness of all Authorized Persons with access to the Personal Data. Provider shall ensure that Authorized Persons shall be under an appropriate obligation of confidentiality (whether a contractual or statutory duty).

5. SECURITY 

5.1 Provider will at all times implement appropriate technical and organizational measures to protect Personal Data.

6. SECURITY INCIDENTS

6.1 Upon becoming aware of a Security Incident, Provider shall: 

1. Notify Customer without undue delay or as otherwise required by Data Protection Laws; and
2. Promptly take reasonable steps to contain and investigate any Security Incident.

6.2 Provider’s notification of or response to a Security Incident under this Section shall not be construed as an acknowledgment by Provider of any fault or liability with respect to the Security Incident.

7. SUB-PROCESSORS

7.1 Customer agrees that Provider may engage Sub-processors to process Personal Data as necessary to provide the Services. A list of all of Provider’s Sub-processors is available at https://summeros.com/legal/subprocessors/ (the “Sub-processor Site”). Provider will update the Sub-processor Site if and when Provider makes changes to its Sub-processors. If Customer objects to the engagement of any Sub-processor, Customer may terminate the Agreement and cancel the Services (as defined in the Agreement) by providing written notice to Provider and pay Provider for all amounts due and owing under the Agreement as of the date of such termination. Customer should regularly check the Sub-processor Site to be aware of any changes to the list of Provider’s Sub-processors. Failure of Customer to object to a Sub-processor constitutes authorization to proceed.

7.2 Provider will enter into a written contract with each Sub-processor that provides no less protection than the protections in this DPA, to the extent applicable to providing Customer with products and services. 

8. INQUIRIES BY DATA SUBJECTS 

8.1 Provider will inform Customer of all Data Subject Requests involving Personal Data, and take reasonable measures to enable Customer to comply with the rights of Data Subjects under Data Protection Laws.

9. RECORDS AND AUDIT

9.1 Provider shall make available to Customer all information reasonably necessary to demonstrate compliance with this DPA and allow for and contribute to audits, no more than once annually, at no additional cost to Provider so that Customer may assess compliance with this DPA. 

10. RETURN OR DESTROY DATA UPON TERMINATION

10.1 Upon termination or expiration of the Agreement, Provider shall (at Customer’s election) delete or return to Customer all Personal Data in its possession or control, except that this requirement shall not apply to the extent Provider is required by applicable law to retain some or all of the Personal Data, or as otherwise specified by the Agreement. 

11. DATA TRANSFERS

11.1 Provider acknowledges that the provision of the products and/or services under the Agreement may require the transfer or Processing of Personal Data in countries outside the United States from time to time.

11.2 In the event that such international transfer is authorized by both Parties, Parties will agree on a legal data transfer mechanism consistent with data protection law.

11.3 Should a change in Data Protection Laws occur, or a decision of a competent authority be made which might affect the validity of an international transfer or adequacy of an international transfer method, Parties agree to promptly address any agreements necessary to restore the validity, adequacy, or compliance of such international transfers under Data Protection Laws. If any transfer mechanisms must be changed for compliance with Data Protection Laws, parties shall enter into a separate, written agreement detailing the new transfer methods. 

12. COOPERATION WITH REGULATORY AUTHORITIES

12.1 Provider shall notify Customer within a reasonable time of all inquiries from a Regulatory Authority that Provider receives which relate to the Processing of Personal Data, the Agreement, or either party’s obligations under this DPA, unless prohibited from doing so by Data Protection Laws or by a Regulatory Authority.

12.2 Provider shall provide Customer with such assistance and information as Customer may reasonably request in order for Customer to comply with any obligation to carry out a data protection impact assessment (DPIA) or consult with a Regulatory Authority pursuant to Articles 35 and 36 of GDPR, respectively.

13. LIMITATION OF LIABILITY & INDEMNIFICATION

13.1 The limitations of liability and indemnification provisions are as set forth in the Agreement, except the limitations shall not apply with respect to any of Customer’s violation of this DPA. 

ATTACHMENT A

DESCRIPTION OF TRANSFER

Data Subjects:

Customer data subjects. 

Subject Matter of Processing:

Personal Data identified in the Agreement.

Duration of Processing: Duration of the Agreement.

Nature and Purpose of Processing:

Provider will Process Personal Data for the purposes of providing services to Customer in accordance with the Agreement and this DPA.

Type of Data:

Personal Data.

Special Categories of Data/Sensitive Data:

Customer may not give Provider any special category, sensitive, or other similar data without written approval from Provider.

Applicability & Eligibility

You should read this Statement carefully and often. By accessing, browsing, or otherwise using the Site, or by using any of our services, you confirm that you have read and understood this Statement. If you do not agree to this Statement, you may not use the Site.

This Statement applies regardless of how the Site is accessed and will cover any technologies or devices by which we make the Site available to you.

We may provide you with additional privacy notices upon your interactions with us. It is important that you read this Statement together with any other notices or policies we may provide so that you are fully aware of how and why we are using your data.

If you have any questions or concerns about our Personal Information policies or practices, you can contact us in the methods described below in the “How to Contact Us” section below.

Information You Provide

• Completing Forms on Our Site. If you request to receive information, participate in a survey, or fill out any forms on our Site, we may ask you to provide Personal Information such as your name, phone number, email address, and/or mailing address.
• When You Contact Us. If you send us an email, text message, or any other form of communication, or if we message you, we will collect your contact information and other information relating to or contained in the message.
• When You Use Our Services. If you use our services, we will need to collect Personal Information about you. Such information may vary, but it will frequently include name, phone number, and email address.
• Social Media or Blog. If you interact with our Site by sharing on a social media platform or on our blog or reviews platform, we may collect information that you post.  Please note that your comments will be visible to the public, so you should never share Personal Information that you would like to keep private.
• Job Applications and Employment. If you apply for a job with or are employed by us, we may collect various pieces of information about you, including Personal Information. Such information may vary, but it will frequently include name, phone number, and email address and information contained on your resume or CV.

Information We Collect as You Navigate Our Site

We automatically collect certain Personal Information as you use the Site, such as the following:

• Usage Information. We may collect information automatically through your use of the Site, such as which of the pages on the Site you access, the frequency of access, and what you click on while on our Site.
• Device Information. We may collect information about the device you are using, such as hardware model, operating system, application version number, browser, and IP addresses.
• Mobile Device Information. When you access our Site via a browser on your mobile device, we may also collect mobile network information, including telephone number, the unique device identifier assigned to that device, mobile carrier, operating system, and other device attributes.

How Do We Use Cookies and Other Tracking Technologies?

We may send one or more Cookies to your computer or other device.  We also use other similar technologies such as tracking pixels, tags, or similar tools when you visit our Site.  These technologies can collect data regarding your operating system, browser type, device type, screen resolution, IP address, and other technical information, as well as navigation events and session information as you interact with our Site.  This information allows us to understand how you use the Site.

What Are Cookies?

“Cookies” are small files created by websites, including our Site, that reside on your computer’s hard drive and that store information about your use of a particular website.  When you access our Site, we use Cookies and other tracking technologies to:

• Estimate our audience size and usage patterns;
• Store information about your preferences, allowing us to customize our Site according to your individual needs;
• Contact you to provide you with information or services that you request from us;
• Advertise new content, events, and services that relate to your interests;
• Provide you with more personalized content that is most relevant to your interest areas; and
• Recognize when you return to our Site.

We set some Cookies ourselves and others are set by third parties.  You can manage your Cookies preference as described in the “Managing Your Cookies” section below.

What Types of Cookies Do We Use and Why?

These are the different types of Cookies that we and our service providers may use on the Site:

• Essential Cookies. These Cookies are required for the operation of the Site and enable you to move around the Site and use its features.  Disabling these Cookies can negatively impact the Site’s performance.
• Analytics, Performance and Research Cookies. These Cookies allow us to analyze activities on the Site.  They can be used to improve the functioning of the Site.  For example, these Cookies recognize and count the number of visitors and see how they move around the Site.  Analytics Cookies also help us measure the performance of our advertising campaigns to help us improve them and to optimize the Site’s content for those who engage with our advertising.
• Functionality Cookies. These Cookies are used to recognize you when you return to the Site.  This enables us to personalize content for you and remember your preferences.
• Social Networking Cookies. These Cookies are used to enable you to share pages and content that you find interesting on our Site through third-party social networking and other websites.  These Cookies may also be used for advertising purposes.

How Long Do Cookies Stay on My Device?

Some Cookies operate from the time you visit the Site until the end of that particular browsing session.  These Cookies, which are called “session cookies,” expire and are automatically deleted when you close your Internet browser.

Some Cookies will stay on your device between browsing sessions and will not expire or automatically delete when you close your Internet browser.  These Cookies are called “persistent cookies” and the length of time they will remain on your device will vary from Cookie to Cookie.  Persistent Cookies are used for a number of purposes, such as storing your preferences so that they are available for your next visit and to keep a more accurate account of how often you visit the Site, how your use of the Site may change over time, and the effectiveness of advertising efforts.

Managing Your Cookies

It may be possible to block Cookies by changing your Internet browser settings to refuse all or some Cookies.  If you choose to block all Cookies (including essential Cookies), you may not be able to access all or parts of the Site.

You can find out more about Cookies and how to manage them by visiting www.AboutCookies.org.

Google Analytics

We use Google Analytics, a web analytics service provided by Google, Inc.  Google Analytics uses Cookies or other tracking technologies to help us analyze how users interact with the Site, compile reports on the Site’s activity, and provide other services related to Site activity and usage.  The technologies used by Google may collect information such as your IP address, time of visit, whether you are a returning visitor, and any referring website.  The technologies used by Google Analytics do not gather information that personally identifies you.  The information generated by Google Analytics will be transmitted to and stored by Google and will be subject to Google’s privacy policies.  To learn more about Google’s partner services and to learn how to opt-out of tracking of analytics by Google, click here.

We also use Google Remarketing features to collect data about visitors to our Site to, among other things, deliver advertising content on sites across the Internet in a manner that is specifically directed toward the interests expressed by the visitors while on our Site. Google uses Cookies to serve ads based on someone’s past visits to the Site. You can opt-out of Google’s use of Cookies to serve ads based on your past visits to the Site via the following link: Google Ad Settings.

Ortto Services

We use Ortto, a web analytics service provided by Ortto, Inc.  Orrto uses Cookies or other tracking technologies to help us analyze how users interact with the Site, compile reports on the Site’s activity, and provide other services related to Site activity and usage.

To learn more about Ortto’s privacy practices, see ortto.com/privacy/.

Does the Site Respond to “Do Not Track” Signals?

There is currently no industry agreed-upon response to a Do Not Track signal.  At this time, our Site does not respond differently based on a user’s Do Not Track signal.

How We Use Personal Information

We use Personal Information we collect about you or that you provide to us in the following ways:

• To present our Services, Site and its contents in a suitable and effective manner for you and your device;
• To contact you to provide you with information or services that you request from us;
• To advertise opportunities, services, or opportunities that we think may be of interest to you;
• To provide customer support, troubleshoot issues, manage accounts, and respond to requests, questions, or comments;
• To carry out our obligations and enforce our rights arising from any contracts; and
• To notify you about any additions, upgrades, or changes in our services.

Your Privacy Rights

Certain states in the U.S., including California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, and Virginia provide (now or in the future) their state residents with rights related to their Personal Information. Although some of these rights apply generally, certain rights will only apply to limited individuals or circumstances. To the extent that these laws apply, you may exercise the following rights:

• Right to Know and Access Information. Note that much of the information you are entitled to know or access is disclosed in this Privacy Notice. With this said, you have the right to know about our information practices. You also have the right to access the categories of data we collect, with whom we share or sell that information, and, in some cases, what specific Personal Information we associate with you or your account.
• Right to Data Portability. If you request a copy of your specific information then we will provide it in an easily accessible format.
• Right to Deletion or Erasure. You may request that we delete the information we have collected about you. Depending on the applicable law, in some cases we are required or permitted to retain your information, even if you validly requested we delete or erase it.
• Right to Correct Information. You may request we correct or rectify inaccurate information we have collected about you.
• Right to Opt out of Targeting Advertising, Sales, or Profiling. You may opt-out of our use of your Personal Information for targeted advertising, sales, or profiling in furtherance of decisions that produce legal or similarly significant effects. Please note that we do not use information collected about you for these activities at this time.

To exercise any of your privacy rights, contact us via email at legal@gosummer.com or via phone at: (833) 218-8756. Please include your email address, full name, and your specific information about your request(s) and, if applicable, specifically what information you do not want to receive. If you would like to update or correct your email address, street address, or other information with us, please include specific details about the information you wish to have updated or corrected.

For requests submitted by email, you must provide enough information that allows us to verify your identity. Only you or your authorized agent may make requests regarding your Personal Information. An authorized agent must have documentation that they are authorized to act on your behalf. We will fulfill or reject your request within the amount of time required by law.

We will confirm that we received your request within ten (10) days and will respond within forty-five (45) days of its receipt. If we require more time, we will inform you of the reason and extension period in writing. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Appeal. If we deny your rights request, you have the right to request an appeal of our decision. To initiate an appeal, follow the instructions provided in the communication denying your request, or contact us at the information provided in this Notice.

Non-Discrimination. You have the right to not experience discrimination from us for exercising the rights listed in this section. What we mean by discrimination is denying you access to our Services or limiting the quality of our Services. However, limiting use of, or deleting, your Personal Information may restrict the purposes or uses that rely on that information.

Nevada Privacy Rights. Nevada residents have the right to opt-out of the sale of their Personal Information by emailing us (see our contact information below) and including “NV Sale Opt Out Request” in the subject line. Please note we will take reasonable steps to verify your identity and the authenticity of the request.

Advertising and Marketing Choices

We respect your rights in how your Personal Information is used and shared.  If at any time you would like to unsubscribe from receiving future emails, you can email us at: [placeholder] as well as follow the instructions at the bottom of each email and we will promptly remove you from all correspondence.  Please note, however, that we may still need to contact you regarding other matters.

Third-Party Links

The Site may contain links to third-party websites, including affiliate links.  When we provide links, we do so only as a convenience and do not endorse any products or services and are not responsible for any content of any third-party website or any links contained within. We may receive a commission for products ordered through our affiliate links. It is important to note that this Statement only applies to this Site.  When you click on an affiliate or third party link, third parties may collect Personal Information about you. We are not responsible and assume no responsibility for any Personal Information collected, stored, or used by any third party as a result of you visiting their website.  We also advise that you read the privacy notice of any third-party websites you choose to visit carefully.

Calendaring

We use Cal.com to provide us with meeting scheduling services. Cal.com may use information collected from cookies. The Cal.com Privacy Notice can be found here.

Data Security

We take various reasonable organizational and technical measures to protect your Personal Information from unauthorized access, disclosure, alteration, or destruction.  If required by law to do so, we will notify you and/or the relevant supervisory authority in the event of a data breach.

However, we cannot and do not guarantee complete security, as it does not exist on the Internet.

Children’s Privacy

The features, programs, promotions and other aspects of our services requiring the submission of Personal Information are not intended for anyone under 18 years of age.  We do not knowingly collect Personal Information from children under the age of 13.  If you are a parent or guardian of a child under the age of 13 and believe he or she has disclosed Personal Information to us, please contact us at legal@gosummer.com.

This Is a U.S. Website

The servers that support this Site are located in the United States, and this Site is intended for United States residents. By using the Site, you freely and specifically give us your consent to process your Personal Information to the United States and to store and use it in the United States.  You understand that data stored in the USA may be subject to lawful requests by the courts or law enforcement authorities in the USA.

Policy Changes

This Statement may change from time to time.  We will post any changes to this Statement on this page, and you should check these terms when you use the Site.

How to Contact Us

Should you have other questions or concerns about this Statement, please feel free to contact us at legal@gosummer.com.