Last updated: April 13, 2023
BOLIDE NETWORK LLC. ("BOLIDE NETWORK", "Company", "us", "we") and you have entered into one or more agreements, including but not limited to those agreements accessible via https://cs-cart.com, or its successor location, (collectively, the "Agreements"), pursuant to which BOLIDE NETWORK may receive Personal Information (as defined below) for the purpose of providing certain services (the "Services"). Solely to the extent that the Personal Information received by BOLIDE NETWORK pursuant to the Agreements is covered by the European General Data Protection Regulation (EU) 2016/679 (the "GDPR"), BOLIDE NETWORK agrees to Process (as defined below) such Personal Information as required by this Data Processing Agreement (this "DPA").
1. DATA PROCESSING AND PROTECTION
1.1. Limitations on Use
BOLIDE NETWORK will Process information, received by or on behalf of you in connection with the performance of the Services, that identifies or relates to an identifiable individual ("Personal Information") only (i) in accordance with your instructions as documented in the Agreements, and (ii) as needed to comply with law. The duration of the Processing will be the same as the duration of the relevant Agreements, except as otherwise agreed to in writing by the parties. The scope of Processing of Personal Information is as specified in the Agreements. "Process" or "Processing" means the collection, recording, organization, structuring, alteration, use, access, disclosure, copying, transfer, storage, deletion, combination, restriction, adaptation, retrieval, consultation, destruction, disposal, or other use of Personal Information.
BOLIDE NETWORK will ensure that persons authorized to Process Personal Information have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
BOLIDE NETWORK will implement, maintain, monitor and, where necessary, update appropriate administrative, technical, and physical safeguards to protect Personal Information against anticipated threats or hazards to its security, confidentiality or integrity.
1.4. Data Breaches
BOLIDE NETWORK will notify you without undue delay via agreed-upon channels, whenever BOLIDE NETWORK learns that there has been a personal data breach (as defined in the GDPR). Taking into account the nature of Processing and the information available to BOLIDE NETWORK, BOLIDE NETWORK will assist you at your request in complying with your notification obligations regarding personal data breaches as required by the GDPR. BOLIDE NETWORK reserves the right to charge a reasonable fee to you for such requested assistance, to the extent permitted by applicable law.
1.5. Cross-Border Transfers
In connection with the performance of the Services, BOLIDE NETWORK may transfer Personal Information to various locations, which may include locations both inside and outside of the European Economic Area ("EEA"). To the extent that such transfers are not to a country recognized by the European Commission as providing an adequate level of data protection according to EEA standards, BOLIDE NETWORK and any BOLIDE NETWORK affiliate or subcontractor will, at your request, enter into an appropriate data processing agreement that incorporates the European Commission Standard Contractual Clauses between Controllers and Processors, or any similar agreement relating to other countries to allow your international offices to transfer Personal Information to BOLIDE NETWORK and any BOLIDE NETWORK affiliate or subcontractor.
1.6. Requests or Complaints from Individuals
Taking into account the nature of the Processing, BOLIDE NETWORK will assist you, at your request, by appropriate technical and organizational measures with your obligation to respond to data subjects' requests to exercise their rights under the GDPR. Taking into account the nature of the Processing and the information available to BOLIDE NETWORK, BOLIDE NETWORK also will assist you at your request in meeting your compliance obligations regarding carrying out privacy and data protection impact assessments and related consultations of data protection authorities. BOLIDE NETWORK reserves the right to charge a reasonable fee to you for such requested assistance, to the extent permitted by applicable law.
1.7. Regulatory Investigations
Upon notice to BOLIDE NETWORK, BOLIDE NETWORK will assist and support you in the event of an investigation by any regulator, including a data protection authority, or similar authority, if and to the extent that such investigation relates to Personal Information handled by BOLIDE NETWORK in connection with the Services. Such assistance will be at your sole expense, except where the investigation was required due to the Company's acts or omissions, in which case such assistance will be at the Company's sole expense.
1.8. Return or Disposal
At your discretion, BOLIDE NETWORK will destroy or return all Personal Information to you after the end of the provision of the Services, unless applicable law requires storage of the Personal Information.
1.9. Adverse Changes
BOLIDE NETWORK will notify you without undue delay if BOLIDE NETWORK: (i) has reason to believe that it is unable to comply with any of its obligations under this DPA and it cannot cure this inability to comply within a reasonable timeframe; or (ii) becomes aware of any circumstances or change in applicable law that is likely to prevent it from fulfilling its obligations under this DPA. In the event that this DPA, or any actions to be taken or contemplated to be taken in performance of this DPA, do not or would not satisfy either party's obligations under the laws applicable to each party, the parties will negotiate in good faith upon an appropriate amendment to this DPA.
2. SEVERABILITY AND CONFLICTS
In the event, any provision of this DPA is held to be invalid or unenforceable by any court of competent jurisdiction, such holding will not invalidate or render unenforceable any other provision herein. This DPA is expressly incorporated into and amends each of the Agreements. In the event of any conflict or inconsistency between the terms of this DPA and the Agreements, the terms of this DPA prevail. Notwithstanding the foregoing, this DPA shall not replace any comparable or additional rights relating to Processing contained in your Agreement (including any existing Data Processing Agreement in your Agreement), if applicable. In the event of any conflict or inconsistency between the terms of this DPA and the Agreements, on the one hand, and the terms of any framework or data transfer agreement entered into pursuant to Section 1.5 herein, the terms of such framework or data
transfer agreement prevail.
The obligations of BOLIDE NETWORK under this DPA will continue for so long as BOLIDE NETWORK continues to have access to, is in possession of or acquires Personal Information, even if all agreements between BOLIDE NETWORK and you have expired or have been terminated.