Full Context Development Data Protection Agreement

All capitalized terms have their definition in Full Context Development's

Terms of Service

, or in

Section 1.

of this document, unless otherwise noted here.

These terms apply to all our Users. Effective date: December 1, 2021

INTRODUCTION


The parties agree that the Full Context Development Data Protection Agreement (“DPA”) sets forth their obligations with respect to the processing of Customer Personal Data in connection with the Services offered by Full Context Development. Full Context Development makes the commitments in this DPA to all customers using the Service. Separate terms, including different privacy terms, govern Customer’s use of non-Full Context Development products.

In the event of any conflict or inconsistency between the DPA and any other terms in Customer’s agreements with Full Context Development, the DPA shall prevail. The provisions of the DPA supersede any conflicting provisions of the Full Context Development Privacy Policy that otherwise may apply to processing of Customer Personal Data as defined herein.

FULL CONTEXT DEVELOPMENT DATA PROTECTION


  1. Definitions

    1.1 The "Applicable Data Protection Laws" means certain laws, regulations, regulatory frameworks, or other legislations relating to the processing and use of Customer Personal Data, as applicable to Customer's use of Full Context Development and the Full Context Development Service, including:

    a. The EU General Data Protection Regulation 2016/679 ("GDPR"), along with any implementing or corresponding equivalent national laws or regulations, once in effect and applicable; and

    b. The California Consumer Privacy Act of 2018, Cal. Civ. Code §§1798.100 et seq. ("CCPA"); and

    c. The UK Data Protection Act 2018 and implementation of GDPR contained therein.

    1.2 "Controller," "Data Subject," "Member State," "Personal Data," "Personal Data Breach," "Processing," "Processor," and "Supervisory Authority" have the meanings given to them in the Applicable Data Protection Laws. In the event of a conflict, the meanings given in the GDPR will supersede.

    1.3 "Customer Personal Data" means any Personal Data for which Customer is a Controller, whether supplied by Customer for processing by Full Context Development or generated by Full Context Development in the course of performing its obligations under the Agreement. It includes data such as billing information, IP addresses, corporate email addresses, and any other Personal Data for which Customer is a Controller.

    1.4 A "Data Breach" means a Personal Data Breach or any other confirmed or reasonably suspected breach of Customer's Protected Data.

    1.5 "End User" means an individual Data Subject who controls a Full Context Development Account and has agreed to the Full Context Development Terms of Service, and whose Personal Data is being transferred, stored, or processed by Full Context Development. For example, each Customer, employee or contractor who has a Full Context Development Account is also a Full Context Development End User.

    1.6 "Permitted Purposes" for data processing are those limited and specific purposes of providing the Service as set forth in the Agreement, the Full Context Development Privacy Policy, and this Exhibit A, or the purposes for which a Data Subject has authorized the use of Customer Personal Data.

    1.7 "Protected Data" includes any Customer Personal Data processed by Full Context Development on behalf of Customer under the Agreement.

    1.8 "Sensitive Data" means any Customer Personal Data revealing racial or ethnic origin; political opinions, religious or philosophical beliefs or trade union membership; processing of genetic data or biometric data for the purposes of uniquely identifying a natural person; data concerning health, a natural person's sex life or sexual orientation; and data relating to offences, criminal convictions, or security measures.

  2. Status and Compliance.

    2.1 Data Processing

    Full Context Development acts as a Processor in regard to any Customer Personal Data it receives in connection with the Agreement, and Full Context Development will process Customer Personal Data only for Permitted Purposes in accordance with Customer's instructions as represented by the Agreement and other written communications. In the event that Full Context Development is unable to comply with Customer's instructions, such as due to conflicts with the Applicable Data Protection Laws, or where processing is required by the Applicable Data Protection Laws or other legal requirements, Full Context Development will notify Customer to the extent permissible. Full Context Development processes all Customer Personal Data in the European Union; however, Full Context Development's subprocessors may process data outside of the European Union.

    2.2 Data Controllers

    Full Context Development receives Customer Personal Data both from Customer and directly from Data Subjects who create End User accounts. Customer is a Controller only for the Customer Personal Data it transfers directly to Full Context Development.

    2.3 Full Context Development Compliance; Data Transfers

    Full Context Development will comply with Applicable Data Protection Laws in relation to the processing of Customer Personal Data.

    If transfers of Customer Personal Data to a third country or an international organization would happen all will be subject to appropriate safeguards as described in Article 46 of the GDPR and such transfers and safeguards will be documented according to Article 30(2) of the GDPR.

  3. Data Protection.

    3.1 Data Processing

    Full Context Development will process and communicate the Protected Data only for Permitted Purposes, unless the Parties agree in writing to an expanded purpose.

    3.2 Data Quality and Proportionality.

    Full Context Development will keep the Customer Personal Data accurate and up to date, or enable Customer to do so. Full Context Development will take commercially reasonable steps to ensure that any Protected Data it collects on Customer's behalf is adequate, relevant, and not excessive in relation to the purposes for which it is transferred and processed. In no event will Full Context Development intentionally collect Sensitive Data on Customer's behalf. Customer agrees that the Full Context Development Service is not intended for the storage of Sensitive Data; if Customer chooses to upload Sensitive Data to the Service, Customer must comply with Article 9 of the GDPR, or equivalent provisions in the Applicable Data Protection Laws.

    3.3 Data Retention and Deletion.

    Upon Customer's reasonable request, unless prohibited by law, Full Context Development will return, destroy, or deidentify all Customer Personal Data and related data at all locations where it is stored after it is no longer needed for the Permitted Purposes within thirty days of request. Full Context Development may retain Customer Personal Data and related data to the extent required by the Applicable Data Protection Laws, and only to the extent and for such period as required by the Applicable Data Protection Laws, provided that Full Context Development will ensure that Customer Personal Data is processed only as necessary for the purpose specified in the Applicable Data Protection Laws and no other purpose, and Customer Personal Data remains protected by the Applicable Data Protection Laws.

    3.4 Data Processing.

    Full Context Development provides the following information, required by Article 28(3) of the GDPR, regarding its processing of Customer's Protected Data:

    a. The subject matter and duration of the processing of Customer Personal Data are set out in the Agreement and this Addendum.

    b. The nature and purpose of the processing of Customer Personal Data is described in Section 3.1 of this Addendum.

    c. The types of Customer Personal Data to be processed are described in the Full Context Development Privacy Policy, and include Customer Personal Data such as user names, passwords, email addresses, and IP addresses. Full Context Development does not process or store credit card information. Customer may choose to supply Full Context Development with additional Customer Personal Data, such as in Customer's profile settings.

    d. The categories of Data Subject to whom the Customer Personal Data relates are the Customer itself and its End Users.

    e. The obligations and rights of Customer are set out in the Agreement and this Addendum.

  4. Security and Audit Obligations.

    4.1 Technical and Organizational Security Measures.

    Taking into account the state of the art, the costs of implementation, and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Full Context Development will implement appropriate technical and organizational measures to ensure a level of security appropriate to the risks, such as against accidental or unlawful destruction, or loss, alteration, unauthorized disclosure or access, presented by processing the Protected Data. Full Context Development will regularly monitor compliance with these measures and will continue to take appropriate safeguards throughout the duration of the Agreement.

    4.2 Incident Response and Breach Notification.

    Full Context Development will comply with Applicable Data Protection Laws.

    4.3 Full Context Development Personnel.

    Full Context Development represents and warrants that it will take reasonable steps to ensure that all Full Context Development personnel processing Protected Data have agreed to keep the Protected Data confidential and have received adequate training on compliance with this Addendum and the Applicable Data Protection Laws.

    If transfers of Customer Personal Data to a third country or an international organization would happen all will be subject to appropriate safeguards as described in Article 46 of the GDPR and such transfers and safeguards will be documented according to Article 30(2) of the GDPR.

    4.4 Records.

    Full Context Development will maintain complete, accurate, and up to date written records of all categories of processing activities carried out on behalf of Customer containing the information required under the Applicable Data Protection Laws. To the extent that assistance does not risk the security of Full Context Development or the privacy rights of individual Data Subjects, Full Context Development will make these records available to Customer on request as reasonably required, such as to help Customer demonstrate its compliance under the Applicable Data Protection Laws.

    If transfers of Customer Personal Data to a third country or an international organization would happen all will be subject to appropriate safeguards as described in Article 46 of the GDPR and such transfers and safeguards will be documented according to Article 30(2) of the GDPR.

    4.5 Assistance.

    Full Context Development will provide reasonable assistance to Customer with concerns such as data privacy impact assessments, Data Subject rights requests, consultations with Supervisory Authorities, and other similar matters, in each case solely in relation to the processing of Customer Personal Data and taking into account the nature of processing.

  5. Use and Disclosure of Protected Data.

    5.1 No Use in Marketing.

    Full Context Development will not use the Protected Data for the purposes of advertising third-party content, and will not sell the Protected Data to any third party except as part of a merger or acquisition.

    5.2 Full Context Development Privacy Policy.

    The Full Context Development Privacy Policy, publicly available at

    https://www.fullcontextdevelopment.com/legal/privacy

    , provides detailed notice of Full Context Development's privacy and data use practices, including its use of cookies, its dispute resolution process, and further details about Full Context Development's GDPR compliance.

  6. Subprocessing and Onward Transfer.

    6.1 Protection of Data.

    Full Context Development is liable for onward transfers of Protected Data to its subprocessors. In the event that Full Context Development does transfer the Protected Data to a third-party subprocessor, or Full Context Development installs, uses, or enables a third party or third-party services to process the Protected Data on Full Context Development's behalf, Full Context Development will ensure that the third-party subprocessor provides at least the same level of confidentiality, security, and privacy protection as is required of Full Context Development by this DPA and the Applicable Data Protection Laws.

    6.2 Acceptance of Full Context Development Subprocessors.

    Customer authorizes Full Context Development to appoint (and permit each subprocessor appointed in accordance with this Section 6 to appoint) subprocessors in accordance with Section 6 and any other restrictions in the Agreement. Full Context Development may continue to use those subprocessors currently engaged as of the Effective Date of this Addendum.

    6.3 General Consent for Onward Subprocessing.

    Customer provides a general consent for Full Context Development to engage onward subprocessors, conditional on Full Context Development's compliance with the following requirements:

    a. Any onward subprocessor must agree and ensure to only process data in a country that the European Commission has declared to have an "adequate" level of protection; or to only process data on terms equivalent to the Standard Contractual Clauses, or pursuant to a Binding Corporate Rules approval granted by competent European data protection authorities; and

    b. Full Context Development will restrict the onward subprocessor's access to Customer Personal Data only to what is strictly necessary to perform its services, and Full Context Development will prohibit the subprocessor from processing the Customer Personal Data for any other purpose.

    6.4 Disclosure of Subprocessor Agreements.

    Full Context Development maintains a list of onward subprocessors it has engaged to process Customer Personal Data at

    https://www.fullcontextdevelopment.com/legal/subprocessors

    , including the categories of Customer Personal Data processed, a description of the type of processing the subprocessor performs, and the location of its processing. Full Context Development will, upon Customer's written request, provide Customer with this list of subprocessors and the terms under which they process the Customer Personal Data. Pursuant to subprocessor confidentiality restrictions, Full Context Development may remove any confidential or commercially sensitive information before providing the list and the terms to Customer. In the event that Full Context Development cannot disclose confidential or sensitive information to Customer, the Parties agree that Full Context Development will provide all information it reasonably can in connection with its subprocessing agreements.

    6.5 Objection to Subprocessors.

    Full Context Development will provide thirty (30) days' prior written notice of the addition or removal of any subprocessor, including the categories listed in Section 6.4, by announcing changes on its

    https://www.fullcontextdevelopment.com/legal

    site. If Customer has a reasonable objection to Full Context Development's engagement of a new subprocessor, Customer must notify Full Context Development promptly in writing. Where possible, Full Context Development will use commercially reasonable efforts to provide an alternative solution to the affected Service to avoid processing of data by the objectionable subprocessor. In the event that Full Context Development is unable to provide an alternative solution and the Parties cannot resolve the conflict within ninety days, Customer may terminate the Agreement.

  7. Termination.

    7.1 Suspension.

    In the event that Full Context Development is in breach of its obligations to maintain an adequate level of security or privacy protection, Customer may temporarily suspend the transfer of all Customer Personal Data or prohibit collection and processing of Customer Personal Data on Customer's behalf until the breach is repaired or the Agreement is terminated.

    7.2 Termination with Cause.

    In addition to any termination rights Customer has under the Agreement, Customer may terminate the Agreement without prejudice to any other claims at law or in equity in the event that:

    a. Full Context Development notifies Customer that it can no longer meet its privacy obligations;

    b. the transfer, collection, or processing of all Customer Personal Data has been temporarily suspended for longer than one month pursuant to Section 7.1;

    c. Full Context Development is in substantial or persistent breach of any warranties or representations under this Addendum;

    d. Full Context Development is no longer carrying on business, is dissolved, enters receivership, or a winding up order is made on behalf of Full Context Development; or

    e. Customer objects to a subprocessor pursuant to Section 6.5, and Full Context Development has not been able to provide an alternative solution within ninety days.

    7.3 Breach.

    Failure to comply with the material provisions of this Addendum is considered a material breach under the Agreement.

    7.4 Failure to perform.

    In the event that changes in law or regulation render performance of this Addendum impossible or commercially unreasonable, the Parties may renegotiate the Addendum in good faith. If renegotiation would not cure the impossibility, or if the Parties cannot reach an agreement, the Parties may terminate the Agreement after thirty days.

    7.5 Notification.

    In the event that Full Context Development determines that it can no longer meet its privacy obligations under this Addendum, Full Context Development will notify Customer in writing immediately.

    7.6 Modifications.

    G itHub may modify this Addendum from time to time as required by the Applicable Data Protection Laws, with thirty days' notice to Customer.

    7.7 Termination Requirements.

    Upon Termination, Full Context Development must:

    a. take reasonable and appropriate steps to stop processing the Customer Personal Data;

    b. within ninety days of termination, delete or deidentify any Customer Personal Data Full Context Development stores on Customer's behalf pursuant to Section 3.3; and

    c. provide Customer with reasonable assurance that Full Context Development has complied with its obligations in Section 7.7.

  8. Liability for Data Processing.

    8.1 Limitations.

    Except as limited by the Applicable Data Protection Laws, any claims brought under this Addendum will be subject to the terms of the Agreement regarding Limitations of Liability.

License


This Agreement is based on the

Github Data Protection Agreement

and is simiarly licensed under this

CC BY

license.

© 2021 - 2022 All Rights Reserved

József Miskolczy

Find me on

Twitter

Reddit

Terms of Service

|

Privacy Policy

|

Other Legal