Data Privacy Addendum

Updated January 27, 2021

 

 

This Lakeside Software Data Privacy Addendum (“Privacy Addendum”) will apply when it is incorporated by reference into terms of service for one or more Lakeside Software service (“Terms of Service”). In the event of a conflict with the Terms of Service, the provisions of this Privacy Addendum will control.

1.  Definitions.

Any capitalized terms not defined herein will have the meaning specified in the applicable Terms of Service.

1.1 “Controller” means a person or entity that determines the purposes and means of the Processing of Personal Data and Usage Data.

1.2 “Data Breach” means accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, and all other unlawful forms of Processing of Your Content stored in Lakeside Software the Lakeside Software Cloud.

1.3 “Personal Data” means any information relating to an identified or identifiable individual.

1.4 “Processor” means a person or entity that Processes Personal Data on behalf of a Controller.

1.5 “Processing” or “Process” means any operation or set of operations that is performed upon Personal Data and Usage Data.

1.6 “Relationship Data” means Personal Data (other than Your Content) about individuals provided by you during the purchase, sign up, use or maintenance of your account.

1.7 “Usage Data” means information regarding your consumption of the Service Offering, such as information on the amount of computing and storage resources purchased or consumed, user counts, and third party licenses consumed. Usage Data may also include information related to the consumption of optional or third party or co-branded services provided to you through the Service Offering.

1.8 “Lakeside Software Cloud” means: (a) the physical facilities; and (b) those servers, storage devices, networking equipment, and other hardware and software over which we have administrator access or control; in each case to the extent used to provide the Service Offering.

2.  Your Content.

2.1 Our role. If you provide consent, we may access Your Content as both a Processor on your behalf and an independent Controller, for the purposes set forth in the Agreement. We may also access Your Content without your consent when required by law. We will not divulge Your Content to any third party, unless permitted under this Privacy Addendum, directed to do so by you in your role as Data Controller or required by law. In the event a third party raises a complaint about or requests access to Your Content, we will attempt to redirect the third party to you. If we are required to respond to a subpoena, court order, warrant, audit or agency action and that occurrence demands that we disclose Your Content, we will promptly notify and provide you with a copy of the demand unless legally prohibited from doing so.

2.2 Lakeside Software Cloud. We reserve the right to monitor and administer the Lakeside Software Cloud so that we can (i) prevent or address service or technical problems; (ii) provide customer support; (iii) detect, prevent or address fraud, technology or security issues; (iv) protect against harm to the rights, property or safety of us, our users or the public; and (v) perform or enforce contractual obligations, or comply with applicable law.

2.3 Your compliance. You represent and warrant to us that (i) you will comply with all applicable privacy and data protection laws with respect to your Processing of Your Content; (ii) it is legal for you to use the Service Offering in your country under all applicable laws and regulations and you will comply with all data processing registration or notification requirements to which you are subject under applicable law; (iii) you will ensure that you have obtained (or will obtain) all consents and rights necessary for us to Process Your Content in accordance with this Privacy Addendum; and (iv) you will not upload any data within Your Content which is regulated by the US Health Insurance Portability and Accountability Act into the Service Offering (unless you have entered into a business associate agreement with Lakeside Software).

2.4 Subprocessing. You authorize us to subcontract Processing of Your Content under this Privacy Addendum to a third party. We will ensure any subcontractor we appoint will protect Your Content in a manner which is substantially similar to the standard that is set forth in this Privacy Addendum.

2.5 Cooperation. During the term of your Agreement, we will provide all assistance reasonably required by you (at your expense) to enable you to address any request or complaint received by you from (i) any natural individual whose Personal Data is contained within Your Content that is Processed by us on your behalf or (ii) any applicable data protection authority.

2.6 Data Breach. Upon becoming aware of a Data Breach, we will promptly notify you and will periodically update you of developments relating to the Data Breach. We will use reasonable endeavors to mitigate and, where possible, to remedy the effects of any Data Breach.

2.7 Transfer of Data. You consent that we will store Your Content in a location in the United States. By uploading Your Content into the Service Offering, you may transfer and access Your Content from around the world, including to and from the location in which Your Content is maintained. To the extent you provide Your Content in connection with customer support, you acknowledge and agree that we may handle Your Content in any country in which we or our subcontractors maintain facilities. If you are a customer in the European Union or Switzerland, you acknowledge and agree that the Service Offering storage location, and the location in which Your Content is Processed for customer support, may be in countries where the laws do not protect your personal information to the same extent as the laws in your country. We will implement measures to ensure that we provide adequate protection for Your Content that we Process on your behalf. To this end, we will maintain an appropriate Privacy Shield certification with the US Department of Commerce (or an equivalent data export solution) when you transfer Your Content to us from the European Union or Switzerland.

2.8 Deletion of Your Content. We may delete Your Content as described in the Terms of Service.  We make no warranty regarding retention of Your Content or its backup.

3.  Relationship Data.

We collect and Process Relationship Data as an independent Controller for the following purposes: to provide the Service Offering to you, manage your account, send you notifications (including about the availability of our other products and services), bill you for purchased services, enforce compliance with this Privacy Addendum and the Terms of Service, provide support, and comply with our contractual obligations and applicable law. We may share Relationship Data with our affiliates and third party service providers that we use for these purposes or as otherwise required by applicable law.

4.  Usage Data.

We collect and Process Usage Data as an independent Controller for the following purposes: to assist us in providing the Service Offering (including tracking and managing our Cloud, network, storage, and software for billing, capacity planning, troubleshooting, and other forecasting and improvement purposes), and comply with our contractual obligations and applicable law. We may share Usage Data with our affiliates and third party service providers for these purposes or as otherwise required by applicable law.