Privacy Policy and Terms of Use

Privacy Policy and Terms of Use

GDPR Update: 5/24/18

By using the our Sites or contacting us directly, you signify your acceptance of our Privacy Policy. If you do not agree to this Privacy Policy, you should not engage with our Sites, or use our products. Continued use of the Sites, direct engagement with us, or following the posting of changes to our Privacy Policy that do not significantly affect the use or disclosure of your personal information will mean that you accept those changes.


  1. Terms of Use
  2. Privacy Policy
  3. Cookie Policy
  4. Data Processing Amendment
  5. List of Sub-processors

Terms of Use

Welcome to the Kathryn M. B. Johnson family of Sites (as used herein, “Sites” shall include kathrynmbjohnson.com, kmbjohnson.com. We provide our services to you subject to the following conditions. If you visit or shop at any of our Sites, you accept these conditions. Please read them carefully.

Permissions Policy

With the exception of guest posts written by others (see Guest Posts below), we own the content on all of our Sites. It is copyrighted in Kathryn M. B. Johnson’s name. We want to strike the appropriate balance between getting our content widely distributed while at the same time protecting Kathryn’s intellectual property rights. Thanks in advance for your cooperation.

Without Our Permission

You are free to do the following:

– Link to our Sites or any specific post on our Sites.
– Extract and re-post fewer than 200 words on any other website, provided you link back to our original post.
– Print off our posts and photocopy up to 50 copies for internal distribution within your own company or organization.
– Print our posts in any non-commercial publication (e.g., company newsletter, personal newsletter, class syllabus, etc.), provided you include this copyright notice: ‘© 2018 Kathryn M. B. Johnson. All rights reserved. Originally published at www.kathrynmbjohnson.com.’

Only With Our Permission

You must have our express written consent to do any of the following:

– Use this content for commercial purposes, including selling or licensing printed or digital versions of our content.
– Alter, transform, or build upon this work.
– Re-posting and Translation Rights

We do not permit the re-posting of our posts in their entirety. This is because Google penalizes websites for publishing duplicate content. It often can’t tell which website hosts the original, so we risk getting penalized for granting permission.

In addition, we don’t allow the translation and publication of Kathryn’s work in other languages, as we don’t have the resources to validate the quality of the work.

Guest Posts

Guest bloggers retain the copyright to the posts they write. The above permission guidelines do not apply to their work. If you are interested in re-posting or publishing their content, you must contact them directly. We do not serve as their broker, agent, or contact point.

If you have some use for our content not covered here, please email us.

Privacy Policy

Your privacy is important to us. To better protect your privacy we written up our policy explaining our online information practices and the choices you can make about the way your information is collected and used. To make this notice easy to find, we make it available on our homepage and at every point where personally identifiable information may be requested.

User Submissions

For all reviews, comments, feedback, postcards, suggestions, ideas, and other submissions disclosed, submitted or offered to kathrynmbjohnson.com, kmbjohnson.com (collectively known as the ‘Companies’) via our Sites, by e-mail or telephone, by mail, or otherwise disclosed, submitted, or offered in connection with your use of our Sites (collectively, ‘User Submissions’) you grant the Companies a royalty-free, irrevocable, transferable right and license to use the User Submissions however the Companies desire, including without limitation, to copy, modify, delete in its entirety, adapt, publish, translate, create derivative works from, and/or sell and/or distribute such User Submissions and/or incorporate such User Submissions into any form, medium, or technology throughout the world.

The Companies will be entitled to use, reproduce, disclose, modify, adapt, create derivative works from, publish, display, and distribute any User Submissions you submit for any purpose whatsoever, without restriction and without compensating you. The Companies are and shall be under no obligation (1) to maintain any User Submissions in confidence; (2) to pay to user any compensation for any User Submissions; or (3) to respond to any User Submissions. You agree that any User Submissions submitted by you to the Companies will not violate the terms of any rights of any third party, including without limitation, copyright, trademark, privacy, or other personal or proprietary right(s), and will not cause injury to any person or entity. You further agree that no User Submissions submitted by you to the Companies will be libelous or contain libelous or otherwise unlawful, threatening, abusive, or obscene material, or contain software viruses, political campaigning, commercial solicitation, chain letters, mass mailings, or any form of spam.

By using our Sites, you agree to the above terms regarding User Submissions.

Terms of Use

If you are under 16 years of age, you should not provide any personally identifiable information on our Sites without the knowledge and permission of your parent or guardian.

The operator of each site is:
207 Fox Hill Pl
Staunton, VA 24401

By using our Sites you consent to our collection and use of your personal information as described in our Privacy Policy. We reserve the right to modify this privacy statement and related business practices at any time by posting updated text on this website, and your continued use constitutes acceptance of those changes. Thank you for visiting our site, and for taking the time to read this policy.

Electronic Communications

When you visit kathrynmbjohnson.com, kmbjohnson.com or send e-mails to us, you are communicating with us electronically and consent to receive communications from us electronically. We will communicate with you by e-mail or by posting notices on our Sites. You agree that all agreements, notices, disclosures, and other communications we provide you electronically satisfy any legal requirement that such communications be in writing.

Copyright and Trademark

All content on our Sites, such as text, graphics, logos, button icons, images, audio clips, digital downloads, data compilations, and software, is protected by United States and international copyright and trademark laws.

License and Sites Access

Our Sites grant you a limited license to access and make personal use of these Sites but not to download (other than page caching) or modify it, or any portion of it, except with express written consent of the administrator. This license does not include any resale or commercial use of this site or its contents; any collection and use of any product listings, descriptions, or prices; any derivative use of any site or its contents; any downloading or copying of account information for the benefit of another merchant; or any use of data mining, robots, or similar data gathering and extraction tools. Our Sites or any portion of our Sites may not be reproduced, duplicated, copied, sold, resold, visited, or otherwise exploited for any commercial purpose without express written consent. You may not frame or utilize framing techniques to enclose any trademark, logo, or other proprietary information (including images, text, page layout, or form) of our Sites without express written consent. Any unauthorized use terminates the permission or license granted by our Sites. You are granted a limited, revocable, and nonexclusive right to create a hyperlink to the home page of JerryJenkins.com, so long as the link does not portray this store or its products in a false, misleading, derogatory, or otherwise offensive matter. You may not use any Jerry Jenkins Sites logos or other proprietary graphics or trademarks as part of the link without express written permission.

Affiliate Links

From time to time, our Sites may include featured product giveaways. Should we receive compensation as a result of giving away any such product, that fact will be disclosed.

In connection with the operation of our Sites, we feature on our Sites affiliate links, including links to Amazon.com and other websites (Affiliate Links). We earn a commission from the Affiliate Links, which commission is based on the number of sales made as a result of users of our Site clicking over to the Affiliate Link and purchasing from the Affiliate Link a product and/or service.

While we may suggest information for the reader’s convenience and consideration, we do not warrant or make any representation about the substance, quality, functionality, accuracy, fitness for a particular purpose, merchantability, nor do we make any other representation about any affiliate link or its content or any products, services, or other offerings made in any affiliate link. We make no representation or warranty as to any products or services offered on any affiliate link, and we assume no responsibility or liability for the actions, products, services, and/or content of any affiliate link.

Disclaimer of Warranties and Limitation of Liability

Our Sites are provided by us on an ‘as is’ and ‘as available’ basis, and we make no representations or warranties of any kind, express or implied, as to the operation of our Sites or the information, content, materials, or products included on our Sites. You expressly agree that your use of our Sites is at your sole risk. To the full extent permissible by applicable law, we disclaim all warranties, express or implied, including, but not limited to, implied warranties of merchantability and fitness for a particular purpose. We do not warrant that our Sites, their servers, or e-mail sent from us are free of viruses or other harmful components. We will not be liable for any damages of any kind arising from the use of our Sites, including, but not limited to direct, indirect, incidental, punitive, and consequential damages. Certain state laws do not allow limitations on implied warranties or the exclusion or limitation of certain damages. If these laws apply to you, some or all of the above disclaimers, exclusions, or limitations may not apply to you, and you might have additional rights.

Applicable Law

By visiting our Sites, you agree that the laws of the state of Virginia, without regard to principles of conflict of laws, will govern these Site Policies and any dispute of any sort that might arise between you and our Sites.

Site Policies, Modification, and Severability

These policies also govern your visit to our Sites. We reserve the right to make changes to our Sites, policies, and these Site Policies at any time. If any of these conditions shall be deemed invalid, void, or for any reason unenforceable, that condition shall be deemed severable and shall not affect the validity and enforceability of any remaining condition.


kathrynmbjohnson.com, kmbjohnson.com
207 Fox Hill Pl
Staunton, VA 24401

Privacy Policy

Your privacy is extremely important to us and we are committed to fair practices that protect your information. This Privacy Policy is provided to explain our information practices and the choices you can make about the way your information is collected and used. To make this notice easy to find, we make our policies and procedures available on every page of each of our Sites (for more information on our Sites, please see our Terms of Use).

Scope of this Privacy Policy

Please be aware that this Privacy Policy does not govern all the information we may process.

Our commitment to customers and service providers is governed by a separate Data Processing Amendment.

In all instances we are committed to transparency with our customers and protecting your data privacy.

An Overview of the Sources of Personal Data

We obtain information about individuals in these main ways:

– when you visit our Sites or contact us directly about becoming a customer or obtaining other information,
– when you become a customer,
– when individuals use a help desk function, and
– when you are a service provider to us.

This Privacy Policy governs how we collect and process information obtained from your visits to our Sites, when you contact us directly (or interact with us via other media outlets and social media) about becoming a customer or to obtain other information.

Our Data Processing Amendment governs our processing of any information obtained as a result of the customer or service provider relationship. You can read our commitment to customers and service providers, and our fair information practices in the Data Processing Amendment.

Some definitions

This Privacy Policy relates to information collected by kathrynmbjohnson.com, kmbjohnson.com (collectively referred to in this Privacy Policy as “we” or “us” or “our”) through your use of our Sites, their features, the services we provide (outside of our paid-for services), and information available through our Sites.

“You” or “your” refers to the individual who uses this website, features, and services, or accesses available information, or engages with us directly by email or telephone.

As used in this Privacy Policy, the terms “using” and “processing” information include using cookies on a computer, subjecting the information to statistical or other analysis and using or handling information in any way, including, but not limited to collecting, storing, evaluating, modifying, deleting, using, combining, disclosing and transferring information within our organization.

We collect information from three types of individuals:

Our customers are individuals and businesses who have signed up for one of our online products. If you are a customer, we will handle information we receive from you under the terms of our Data Processing Amendment.

Subscribers are individuals that sign up for free coaching content from our Sites. If you submit your email address to download a PDF, or to sign up for our email list, you are probably a subscriber. We process “Subscriber Data” which means information about subscribers, which includes but is not limited to, the first name, last name, phone number and email address of a subscriber.

What information do we collect?

Depending on your use of the our Sites, or direct interactions with us, we collect two types of information: personal information and non-personal information.

Personal Information

Personal information identifies you or may be used in combination with other pieces of personal information to identify you. Examples of personal information include your name, company name, job title, address, e-mail address, telephone number, and billing and credit card information. Personal information can also include information that does not identify you, but could be combined with other information in a way that enables you to be identified. This includes information such as age, gender, profession, zip code, IP address, and current location.

Non-Personal Information

Non-personal information is information that cannot be used or combined with other information to identify or contact you, including browser types, domain names, and statistical data involving the use of our Sites.

When do we use subscriber information from third parties?

We will collect Subscriber Data necessary to provide free content to our subscribers.

Additionally, we may use Subscriber Data to look up and store additional Public Data in order to create a more complete profile of our subscribers. Public Data may be claimed, edited or discarded from their systems by following this link and is subject to WordPress’ Privacy Policy.

If you would like to opt-out of our collection of Subscriber Data, you may decline to provide Subscriber Data to us when we ask for it, though doing so may prevent us from being able to deliver our free coaching to you.

Subscribers may voluntarily provide us with information they have made available on social media websites. If you provide us with any such information, we may collect publicly available information from the social media websites you have indicated. You can control how much of your information social media websites make public by visiting these websites and changing your privacy settings.

When do we use customer information from third parties?

We receive some information from the third parties when you contact us. For example, when you submit your email address to us to show interest in becoming a Help Scout customer, we receive information from a third party that provides us with your email address to contact you. We also occasionally collect information that is made publicly available on social media websites. You can control how much of your information social media websites make public by visiting these websites and changing your privacy settings.

Where and when is information collected from customers and subscribers?

We will collect personal information that you submit to us. We may also receive personal information about you from third parties as described above.

Registering for one of our Sites and in the Course of Using the our products.

Customers will be required to establish an account in order to take advantage of certain features of the our Sites. If you wish to establish an account you will be required to provide us with information (including personal information and non-personal information). In addition, we may obtain your personal information from you if you identify yourself to us by sending us an e-mail with questions or comments.

Cookies and Page Tags

We also use “Page Tags” and “Log Files.” For more information about these and a full list of the cookies we use, what they do, and how to disable the non-necessary ones, please refer to our full Cookie Policy.

Do we collect information from children under 16 years of age?

We are committed to protecting the privacy of children. Our products are not designed for or directed to children under the age of 16. We do not collect personal information from any person we actually know is under the age of 16.

What do we do with the information we collect from customers?

In general, we use the information collected to provide you with a great overall experience interacting with us and when using our Sites and to help us understand who uses our offerings, for internal operations such as operating and improving our Sites and our products, to contact you for customer service and billing purposes and to facilitate the delivery of our advertising in some cases, including using your email to send information to you about our products.

We use your information to send you a welcome e-mail after you create an account, when sign up for our email list, or when you download a content upgrade or webinar or to receive our newsletter. We also use your information to send other e-mail communication related to our Sites. We always give you the option to unsubscribe in any email we send you.

If you identify yourself to us by sending us an e-mail with questions or comments, we may use your information (including personal information) to respond to your questions or comments, and we may file your questions or comments (with your information) for future reference. We also use the information collected to send announcements and updates regarding changes to our Terms of Use, Privacy Policy or when making pricing changes. You will not be able to unsubscribe from these announcements and updates as they contain important information relevant to your use of the Help Scout website and our services.

We may also use the information gathered to perform statistical analysis of user behavior or to evaluate and improve our products. We may link some of this information to personal information for internal purposes or to improve your experience with our Sites and our products, in these cases we will obtain your consent.

What do we do with the information we collect from subscribers?
We use Subscriber Data to identify you and to provide you with customer service. We will disclose Subscriber Data to the relevant team members so that they are better able to assist you. If you are interested in how we process the data on behalf of our customers, please read our Data Processing Amendment.

Third Parties Generally

Third parties may be able to independently directly collect personal and non-personal information without permission from us, and may include potential or actual advertisers, providers of advertising products or services (including vendors and website tracking services), merchants, affiliates and other actual or potential commercial partners, sponsors, licensees, researchers and other similar parties.

Outside Contractors and Third-Party Processors

We may employ independent contractors, vendors and suppliers (collectively, “Outside Contractors”) to provide specific services and products related to our Sites and our products, such as hosting, credit card processing and fraud screening, and mailing list hosting. In the course of providing products or services to us, these Outside Contractors may have access to information collected through our Sites or products, including your personal information. We require that these Outside Contractors agree to (1) protect the privacy of your personal information consistent with this Privacy Policy, or the Data Protection Amendment and (2) not use or disclose your personal information for any purpose other than providing us with the products or services for which we contracted or as required by law.

Laws and Legal Rights

We may disclose your information (including personal information) if we believe in good faith that we are required to do so in order to comply with an applicable statute, regulation, rule or law, a subpoena, a search warrant, a court or regulatory order, or other valid legal process. We may disclose personal information in special circumstances when we have reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be violating our Terms of Use, to detect fraud, or to protect the safety and/or security of our users, our Sites, or the general public. We are subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

We also may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.

In cases of onward transfer to third parties of data of EU or Swiss individuals received pursuant to the EU-U.S. or Swiss-U.S. Privacy Shield, we are potentially liable.


We may disclose information (including personal information) about you to our Corporate Affiliates. For purposes of this Privacy Policy, “Corporate Affiliate” means any person or entity which directly or indirectly controls, is controlled by or is under common control with us, whether by ownership or otherwise. Any information relating to you that we provide to our Corporate Affiliates will be treated by those Corporate Affiliates in accordance with the terms of this Privacy Policy.

Does this Privacy Policy apply when I link to other websites or services?

Our Sites or our services may provide you with access to other websites and services. Please be aware that we are not responsible for the privacy practices of any websites or services other than those provided by us. We encourage you to read the privacy policies or statements of each and every such website and service. This Privacy Policy applies solely to information collected by us.

When do we disclose information to other third parties?

Except as set forth in this Privacy Policy, the Cookie Policy or our Data Processing Amendment or as specifically authorized by you, we will not disclose any information to third parties.

Is the information collected through our Sites secure?

We take precautions to protect the security of your information. We have physical, electronic, and managerial procedures to help safeguard, prevent unauthorized access, maintain data security, and correctly use your information. However, neither people nor security systems are foolproof, including encryption systems. In addition, people can commit intentional crimes, make mistakes or fail to follow policies. Therefore, while we use reasonable efforts to protect your personal information, we cannot guarantee its absolute security. If applicable law imposes any non-disclaimable duty to protect your personal information, you agree that intentional misconduct will be the standards used to measure our compliance with that duty.

We only work with credit card processors who maintain ongoing PCI compliance, adhering to stringent industry standards for storing, processing and transmitting credit card information online.

Could my information be transferred to other countries?

Our Companies are incorporated in the U.S. Information collected via our Sites, through direct interactions with you, or from use of our products may be transferred from time to time to our offices or personnel, or to third parties, located throughout the world, and may be viewed and hosted anywhere in the world, including countries that may not have laws of general applicability regulating the use and transfer of such data. To the fullest extent allowed by applicable law, by using any of the above, you voluntarily consent to the trans-border transfer and hosting of such information.

Are we Safe Harbor and Privacy Shield compliant?

We are not currently in the process of certifying for the EU-US Privacy Shield Framework.

What choices do you have regarding the collection, disclosure and distribution of personal information?

Except as otherwise described in this Privacy Policy or in the Data Processing Amendment, as applicable, we will only use personal information for the purposes described above or as otherwise disclosed at the time we request such information from you. You must “opt in” and give us permission to use your personal information for any other purpose. You may also change your preference and “opt out” of receiving certain marketing communications from us by clicking the unsubscribe link included on the bottom of all such communications, or by contacting us via email.

Do Not Track

The term “Do Not Track” refers to a HTTP header offered by certain web browsers to request that websites refrain from tracking the user. We take no action in response to Do Not Track requests.

Can you update or correct your information?

The rights you have to request updates or corrections to the information we collect depends on your relationship with us.

Customers have the right to request the restriction of certain uses and disclosures of personally identifiable information as follows. You can contact us in order to (1) update or correct your personally identifiable information, (2) change your preferences with respect to communications and other information you receive from us, or (3) delete the personally identifiable information maintained about you on our systems (subject to the following paragraph), by cancelling your account. Such updates, corrections, changes and deletions will have no effect on other information that we maintain, or information that we have provided to third parties in accordance with this Privacy Policy prior to such update, correction, change or deletion. To protect your privacy and security, we may take reasonable steps (such as requesting a unique password) to verify your identity before granting you profile access or making corrections. You are responsible for maintaining the secrecy of your unique password and account information at all times.

You should be aware that it is not technologically possible to remove each and every record of the information you have provided to us from our system. The need to back up our systems to protect information from inadvertent loss means that a copy of your information may exist in a non-erasable form that will be difficult or impossible for us to locate. Promptly after receiving your request, all personal information stored in databases we actively use, and other readily searchable media will be updated, corrected, changed or deleted, as appropriate, as soon as and to the extent reasonably and technically practicable.

If you are a subscriber and wish to update, delete, or receive any information we have about you, you may do so by contacting our Privacy Agent.

How will you know if there are any changes to this Privacy Policy?

We may revise this Privacy Policy from time to time without notice. Having said that, we will not make changes that result in significant additional uses or disclosures of your personal information without notifying you of such changes via e-mail. We may also make non-significant changes to this Privacy Policy that generally will not significantly affect our use of your personal information, for which an e-mail is not required. We encourage you to check this page periodically for any changes. If any non-significant changes to this Privacy Policy are unacceptable to you, you must immediately contact us and, until the issue is resolved, stop using our Sites and any services we provide. Your continued use of our products and our Sites following the posting of non-significant changes to this Privacy Policy constitutes your acceptance of those changes.

Whom do you contact if you have any privacy questions?

If you have any questions or comments about this Privacy Policy or feel that we are not abiding by the terms of this Privacy Policy, please contact our Privacy Agent in any of the following ways:

By email.

By postal mail or courier:

Attn: Privacy Agent
207 Fox Hill Pl
Staunton, VA 24401

Applicable Law

This Privacy Policy is governed by the laws of Virginia, USA without regard to its conflict of laws provision. You consent to the exclusive jurisdiction of the courts in connection with any action or dispute arising between the parties under or in connection with this Privacy Policy.

By using our Sites or contacting us directly, you signify your acceptance of this Privacy Policy. If you do not agree to this Privacy Policy, you should not engage with our Sites, or use our products. Continued use of our Sites, direct engagement with us, or following the posting of changes to this Privacy Policy that do not significantly affect the use or disclosure of your personal information will mean that you accept those changes.

Cookie Policy

If your browser is configured to accept cookies, we may collect non-personally identifiable information passively using “cookies” and “page tags”.

Last revised on July 04, 2018, effective as of May 25, 2018

What’s a cookie?

“Cookies” are small text files that can be placed on your computer or mobile device in order to identify your Web browser and the activities of your computer on our Sites and other websites.

What’s a page tag?

“Page tags,” also known as web beacons or gif tags, are a web technology used to help track website or email usage information, such as how many times a specific page or email has been viewed. Page tags are invisible to you, and any portion of our Sites, including advertisements, or e-mail sent on our behalf, may contain page tags.

Do we use cookies, and why?

Yes. We use cookies to personalize your experience on our Sites (such as dynamically generating content on webpages specifically designed for you), to assist you in using the our products (such as saving time by not having to reenter your name each time you use our products), to allow us to statistically monitor how you are using our Sites and products so that we can improve our offerings, and to target certain advertisements to your browser which may be of interest to you or to determine the popularity of certain content. By using cookies and page tags together, we are able to improve our Sites and products and measure the effectiveness of our advertising and marketing campaigns.

Please be aware that this cookie policy does not govern the use of third-party websites or services or providers of third-party services.

Do you have to accept them?

You do not have to accept cookies to use our Sites or products. If you reject cookies, certain features or resources of the our Sites may not work properly or at all and you may have a degraded experience.

Although most browsers are initially set to accept cookies, you can change your browser settings to notify you when you receive a cookie or to reject cookies generally. To learn more about how to control privacy settings and cookie management, click the link for your browser below.

Internet Explorer

To learn more about cookies; how to control, disable or delete them, please visit http://www.aboutcookies.org. Some third party advertising networks, like Google, allow you to opt out of or customize preferences associated with your internet browsing. For more information on how Google lets you customize these preferences, see their documentation.

All cookies, on our website and everywhere else on the web, fall into one of four categories:

List of cookies we use on our website:

We collect non-personal information through our Internet log files, which record data such as browser types, domain names, and other anonymous statistical data involving the use of our Sites and products. This information may be used to analyze trends, to administer our Sites and products, to monitor the use of the our products and Sites, and to gather general demographic information. We may link this information to personal information for these and other purposes such as personalizing your experience on our Sites and evaluating our Sites and products in general.

Data Processing Amendment

Introduction to this Amendment

Processing personal data in a secure, fair, and transparent way is extremely important to us. As part of this effort, we process personal data in accordance with the EU’s General Data Protection Regulation (“GDPR”), the EU/US Privacy Shield principles (“Privacy Shield”), the laws of the US governing the handling of various types of personal data, and industry standards, such as PCI.[1]

To better protect individuals’ personal data, we are providing these terms to govern our and your handling of personal data (the “Data Processing Amendment” or “DPA”). This DPA amends and supplements your Terms of Use (“ToU”) and requires no further action on your part.

If you do not agree to this DPA, you may discontinue the use of our Sites and products and cancel your account.


It is important that all parties understand what data and whose data is protected under this DPA. Each party has respective obligations to protect personal; therefore, the following definitions explain the scope of this DPA and the mutual commitments to protect personal data.

kathrynmbjohnson.com and kmbjohnson.com are collectively referred to in this Data Processing Amendment as “we” or “us” or “our”.

“You” or “Customer” refers to the company or organization that signs up to use our products to advance your writing career.

“Party” refers to us and/or you depending on the context.

“Data Subjects” refers to those individuals residing in the EU who are consumers or users of a our goods or services (also “consumers”).

“Personal Data” is given the same meaning as in the GDPR which we summarize here as: any data relating directly or indirectly to an identifiable data subject. Personal data does not include any data that is anonymized, aggregated, de-identified and/or compiled on a generic basis and which does not name or identify a specific individual, directly or indirectly.

“Processing” is given the same meaning as in the GDPR, which we summarize as including: collecting, recording, using, storing, amending, adapting, disclosing, transferring or transmitting, structuring, using, combining, deleting or destroying, personal data (“Process” and “Processed” shall have similar meanings).

“Controller” is given the same meaning as in the GDPR, which we summarize as the party that determines the purposes and means of the processing of personal data – the customer is the controller with respect to consumer personal data. Each party may be the controller of personal data it processes about the other’s personnel.

“Processor” is the party that processes personal data on behalf of the controller – we are the processor of the personal data we process about you.

“Sub-processor” is a Third-party, independent contractors, vendors and suppliers who provide specific services and products related to our Sites and our products, such as hosting, credit card processing and fraud screening, and mailing list hosting (“third-party” or “outside contractor” shall have similar meanings).

“Incident” means: (a) a complaint or a request with respect to the exercise of an individual’s rights under the GDPR; (b) an investigation into or seizure of the personal data by government officials, or a specific indication that such an investigation or seizure is imminent; or (c) any breach of the security and/or confidentiality as set out in this DPA leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, the personal data, or any indication of such breach having taken place or being about to take place.

For the sake of readability, we do not use initial capitalization of defined terms in this DPA. Defined terms are defined terms, irrespective of their format.

1. Undertakings regarding personal data

Each party agrees that personal data shall be treated as confidential information under this DPA. In addition, each party shall at all times comply with applicable laws relating to data protection in the relevant jurisdiction with respect to each other’s personal data.

Personal Data shall remain the property of the disclosing party. We acknowledge that customer is the controller and maintains control over data subject’s personal data.

We will process customer’s personal data only to the extent strictly necessary for the purpose of providing the services in accordance with the ToU and any further written instructions from the customer that are mutually agreed upon in writing. We agree that:

  • We will implement and maintain a reasonable and appropriate security program comprising adequate security, technical and organizational measures to protect against unauthorized, unlawful or accidental processing, use, erasure, loss or destruction of, or damage to, customer personal data;
  • We will not modify, alter, delete, publish or disclose any customer personal data to any third party, nor allow any third party to process such personal data on our behalf unless the third party is bound to similar confidentiality and data handling provisions;
  • Only our personnel who “need-to-know” will be given access to customer personal data to the extent necessary to perform our obligations under the ToU. We shall provide adequate training to its staff and ensure that they comply with the obligations in this DPA; and
  • We will only process customer personal data to the extent necessary to perform our obligations under the ToU, upon written instructions of the customer (only as mutually agreed upon), and in accordance with applicable laws.

Upon termination of your account, we will delete, destroy, or anonymize the personal data in accordance with our standard backup and retention policy per the ToU, normally, no later than 60 days, unless we are required to retain personal data due to Union, Member State or United States laws; in which case we reserve the right to retain personal data.

We are certified under the EU/US Privacy Shield Framework and, therefore, customer may transfer personal data from the EU to us, as this transfer mechanism is deemed to be adequate for the purposes of GDPR. We shall not transfer any customer personal data outside of the US or to other locations not deemed to be “adequate” under EU law without providing reasonable notice under the ToU to the customer.

  1. Customer undertakings and our assistance

Customer warrants that it has all necessary rights to provide to us the personal data for processing in connection with the provision of our Sites and products.

To the extent required by applicable law, customer is responsible for ensuring that any data subject consents that may be necessary to this processing are obtained, and for ensuring that a record of such consents is maintained, including any consent to use personal data that is obtained from third parties. Should such consent be revoked by a data subject, customer is responsible for communicating the fact of such revocation to us, and we remain responsible for implementing any customer instruction with respect to the further processing of that personal data, or, as may be in accordance with any of our legal obligations.

Customer understands, as a controller, that it is responsible (as between customer and us) for:

  • determining the lawfulness of any processing, performing any required data protection impact assessments, and accounting to regulators and individuals, as may be needed;
  • making reasonable efforts to verify parental consent when data is collected on a data subject under 16 years of age;
  • providing relevant privacy notices to data subjects as may be required in your jurisdiction, including notice of their rights and provide the mechanisms for individuals to exercise those rights;
  • responding to requests from individuals about their data and the processing of the same, including requests to have personal data altered, corrected, or erased, and providing copies of the actual data processed;
  • implementing your own appropriate technical and organizational measures to ensure and demonstrate processing in accord with this DPA;
  • notifying individuals and any relevant regulators or authorities of any incident as may be required by law in your jurisdiction.

We shall assist the customer by implementing appropriate technical and organizational measures, insofar as this is reasonably and commercially possible (in our sole determination and discretion), in fulfilling customer’s obligations to respond to individuals’ requests to exercise rights under the GDPR.

As stated in our Privacy Policy, the customer consents to our engaging sub-processors to process customer personal data for the permitted purpose of providing products and services for which we contracted provided that: (a) we will maintain an up-to-date list of its sub-processors, which we will update with the details of any change in sub-processors at least 10 days prior to any change; and (b) we will impose data protection terms on any sub-processor it engages with as required to protect customer’s personal data to the standard required by the GDPR.

Customer may object to Help Scout’s appointment or replacement, provided such objection is based on reasonable grounds related to data protection. In such event, we will either not appoint or replace the sub-processor or if that is not possible, customer may suspend or terminate its access to our product or Sites.

  1. Incident Management

When either party becomes aware of an incident that impacts the processing of personal data, it shall promptly notify the other about the incident and shall reasonably cooperate in order to enable the other party to perform a thorough investigation into the incident, to formulate a correct response, and to take suitable further steps in respect of the incident.

Both parties shall at all times have in place written procedures which enable them to promptly respond to the other about an incident. Where the incident is reasonably likely to require a data breach notification under applicable laws, the party responsible for the incident shall notify the other without undue delay of having become aware of such an incident.

Any notifications made under this section shall be made to our Privacy Agent (when made to us) and to our point of contact with you (when made to the customer), and shall contain:(i) a description of the nature of the incident, including, where possible, the categories and approximate number of individuals concerned and the categories and approximate number of records concerned; (ii) the name and contact details of the point of contact where more information can be obtained; (iii) a description of the likely consequences of the incident; and (iv) a description of the measures taken or proposed to be taken to address the incident including, where appropriate, measures to mitigate its possible adverse effects.

  1. Liability and Indemnity

Each party indemnifies the other and holds them harmless against all claims, actions, third party claims, losses, damages and expenses incurred by the indemnified party and arising directly or indirectly out of or in connection with a breach of this DPA.

  1. Duration and Termination

This DPA shall come into effect on May 25, 2018 and shall continue until it is changed or terminated in accordance with the ToU.

Termination or expiration of this DPA shall not discharge the parties from the confidentiality obligations herein.

For an executable copy of this DPA, please visit this page.

List of Sub-processors

Below is a list of Sub-processors we work with.

Verified by ExactMetrics