LOREM IPSUM

Data Processing

This Data Processing Addendum (“Data Processing Addendum”) is incorporated into and subject to the provisions of the Master Services Agreement entered into by Customer and Ikigai Labs (the “Agreement”). Capitalized words and phrases have the meaning specified in the Agreement. During the course of providing Services, Ikigai Labs may obtain, access or otherwise Process Personal Data. Ikigai Labs agrees to protect all Personal Data as detailed in this Exhibit D.

1. Definitions

a. “Applicable Privacy Laws” means all applicable privacy, information security, data protection, and data breach notification laws and regulations.

b. “Information Security Program” means a comprehensive written information security program which complies with Applicable Privacy Laws, and contains appropriate administrative, technical, and physical safeguards to protect Personal Data against anticipated threats or hazards to its security, confidentiality or integrity (such as unauthorized access, collection, use, copying, modification, disposal or disclosure, unauthorized, unlawful, or accidental loss, destruction, acquisition, or damage or any other unauthorized form of Processing).

c. “Personal Data” means any information in any form, format or media (including paper, electronic and other records), that identifies an individual or relates to an identifiable individual that (i) is provided by or on behalf of Customer (or its employees, contractors or agents), (ii) Ikigai Labs provided to or obtained for Customer or (iii) Ikigai Labs Processes, in each case, in connection with the Cloud Services.

d. “Process” or “Processing” or “Processed” means the collection, recording, organization, structuring, alteration, use, access, disclosure, copying, transfer, storage, deletion, combination, restriction, adaptation, retrieval, consultation, destruction, disposal or other use of Personal Data.

e. “Security Incident” means any accidental or unauthorized access, acquisition, use, modification, disclosure, loss, destruction of or damage to Personal Data, or any other unauthorized Processing of Personal Data.

f. “Sensitive Personal Data” means any of the following types of Personal Data: (i) social security number, taxpayer identification number, passport number, driver’s license number or other government-issued identification number; (ii) payment card (including credit or debit card) details or financial account number, with or without any code or password that would permit access to the account or credit history; or (iii) information on race, religion, ethnicity, sex life or practices or sexual orientation, medical or health information, genetic or biometric information, biometric templates, political or philosophical beliefs, political party or trade union membership, background check information or judicial data such as criminal records or information on other judicial or administrative proceedings.

2. Data Processing and Protection

a. Compliance with Applicable Privacy Laws. Ikigai Labs will comply with Applicable Privacy Laws relating to Ikigai Labs’ performance under this Data Processing Addendum and each applicable Order Form.

b. Limitations on Use. Ikigai Labs will Process Personal Data only on Customer’s behalf to deliver Cloud Services in accordance with this Data Processing Addendum or Customer’s other documented instructions, whether in written or electronic form, such as an applicable Order Form. The duration of the Processing will be the same as the duration the applicable Order Form.

c. Information Security Program. Ikigai Labs will implement, maintain, monitor and, where necessary, update an Information Security Program that will include the measures listed in the Security Standards attached hereto as Appendix 1.

d. Data Integrity. Ikigai Labs will ensure that all Personal Data created or maintained by Ikigai Labs on Customer’s behalf is accurate and, where appropriate, kept up to date, and will erase or rectify inaccurate or incomplete Personal Data in accordance with Customer’s instructions.

e. Cross-Border Transfers. Ikigai Labs will ensure that Personal Data is not physically transferred to, accessed by or otherwise processed by its Ikigai Labs personnel in any country other than those specified in the applicable Order Form, if specified, unless Customer agrees in writing. If applicable, at Customer’s request, Ikigai Labs (and if relevant, Ikigai Labs’ affiliates or subcontractors) will enter into an appropriate data processing agreement that incorporates the European Commission Standard Contractual Clauses between Controllers and Processors, or any similar agreement relating to other countries, with Customer to allow Customer’s international offices to transfer Personal Data to Ikigai Labs or such affiliates and/or subcontractors.

f. Subcontracting. Notwithstanding, and expressly in limitation of, anything to the contrary in the Agreement, Ikigai Labs will not disclose or transfer Personal Data to, or allow access to Personal

Data by, (each, a “Disclosure”) any third party without Customer’s express prior written consent; provided, however, that Ikigai Labs may Disclose Personal Data to its affiliates and subcontractors for purposes of providing the Cloud Services to Customer, subject to the following conditions: (i) Ikigai Labs will maintain a list of the affiliates and subcontractors to which it makes such Disclosures and will provide this list to Customer upon Customer’s request; (ii) Ikigai Labs will provide Customer at least 30 days’ prior notice of the addition of any affiliate or subcontractor to this list and the opportunity to object to such addition(s); and (iii) if Customer makes such an objection on reasonable grounds and Ikigai Labs is unable to modify the Cloud Services to prevent Disclosure of Personal Data to the additional affiliate or subcontractor, Customer will have the right to terminate the relevant Processing. Ikigai Labs will, prior to any Disclosure, ensure that such third party is bound by contractual obligations that are at least as restrictive as this Exhibit. Ikigai Labs shall remain fully responsible to Customer for the proper and complete discharge of all the subcontracted obligations.

g. Requests or Complaints from Individuals. Ikigai Labs will notify Customer in writing, without undue delay, unless specifically prohibited by laws applicable to Ikigai Labs, if Ikigai Labs receives: (i) any requests from an individual with respect to Personal Data Processed by or on behalf of Ikigai Labs, such as opt-out requests, requests for access and/or rectification, erasure, restriction, requests for data portability, and all similar requests; or (ii) any complaint relating to the Processing of Personal Data, including allegations that the Processing infringes on an individual’s rights. Ikigai Labs (i) will not respond to any such request or complaint unless expressly authorized to do so by Customer; (ii) will cooperate with Customer with respect to any action taken relating to such request or complaint, whether received by Ikigai Labs or Customer; and (iii) will implement appropriate processes (including technical and organizational measures) to assist Customer in responding to requests or complaints from individuals.

h. Audit. Upon reasonable notice to Ikigai Labs during normal business hours, in a manner to minimize impact on Ikigai Labs’ business operations and in observance of Ikigai Labs’ obligations of client confidentiality, Ikigai Labs will provide to Customer, its authorized representatives, and such independent inspection body as Customer may appoint, for the purpose of auditing Ikigai Labs’ compliance with its obligations under this Exhibit: (i) access to Ikigai Labs’ information, processing premises, and records; (ii) reasonable assistance and cooperation of Ikigai Labs personnel; and (iii) reasonable facilities at Ikigai Labs’ premises.

i. Regulatory Investigations. Upon request by Customer, Ikigai Labs will assist and support Customer in the event of an investigation by any regulator or authority, including a data protection authority, if and to the extent that such investigation relates to Personal Data Processed by Ikigai Labs on Customer’s behalf in accordance with this Exhibit D.

j. Security Incident. Ikigai Labs will notify Customer in writing without undue delay whenever Ikigai Labs reasonably believes a Security Incident has occurred. After providing notice, Ikigai Labs will investigate the Security Incident, take all necessary steps to eliminate or contain the exposure of the Personal Data, and keep Customer informed of the status of the Security Incident and all related matters. Ikigai Labs further agrees to provide reasonable assistance and cooperation requested by Customer and/or Customer’s designated representatives, in the furtherance of any correction, remediation or investigation of any Security Incident and the mitigation of any potential damage, including any notification that Customer may determine appropriate to send to affected individuals, regulators or third parties, and/or the provision of any credit reporting service that Customer deems appropriate to provide to affected individuals. Unless required by law applicable to Ikigai Labs, Ikigai Labs will not notify any individual or any third party other than law enforcement of any potential Security Incident involving Personal Data in any manner that would identify, or is reasonably likely to identify or reveal the identity of, Customer, without first obtaining written permission of Customer.

k. Return or Disposal of Personal Data. Upon termination or expiration of its obligations under this Data Processing Addendum or upon request of Customer, whichever comes first, Ikigai Labs shall (i) cease all Processing of and return to Customer or, at the written request of Customer, securely dispose of or securely destroy all Personal Data in the custody and control of the Ikigai Labs (or agents or subcontractors, as applicable), in each case using appropriate physical, administrative and

technical safeguards to protect such Personal Data against loss, theft and unauthorized access, disclosure, copying, use, or modification; and (ii) certify to Customer, in writing, that Ikigai Labs has complied with its obligations under this Section.

l. Assistance. Ikigai Labs will provide appropriate information and assistance requested by Customer to demonstrate Ikigai Labs’ compliance with its obligations under this Exhibit and assist Customer in meeting its obligations under Applicable Privacy Laws regarding: (i) registration and notification; (ii) ensuring the security of the Personal Data; and (iii) carrying out privacy and data protection impact assessments and related consultations with data protection authorities. In addition, when Ikigai Labs is responding to Customer’s requests, Ikigai Labs will inform Customer if Ikigai Labs believes that any Customer instructions regarding the Processing of Personal Data would violate Applicable Privacy Laws.

Contact us

Let’s get in touch

We are here to help with your questions. Write us a message, and we will get back to you shortly

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Send Request