Data Processing Addendum

Updated: October12, 2022

We take data protection seriously. This document outlines some of the measures we take to protect your data when you use LikePay services.

We have created this Data Processing Addendum for LikePay users who are considered "controllers" of the personal data processed by the LikePay service. If you have a LikePay account and have one or more members who live or travel in the EU, you agree to be bound by this Addendum and agree to take steps to ensure that your business is GDPR compliant.

OUR DPA SUPPLEMENTS OUR TERMS OF USE AND PRIVACY POLICY AND ADDRESSES THE REQUIREMENTS FOR DATA PROCESSING AGREEMENTS BETWEEN CONTROLLERS AND PROCESSORS UNDER THE GDPR.

IN ORDER TO ENSURE THAT NO INCONSISTENCIES OR ADDITIONAL CONDITIONS ARE IMPOSED BEYOND THOSE REFLECTED IN OUR STANDARD DPA AND MODEL CLAUSES, WE CANNOT AGREE TO SIGN YOUR DPA. ALSO, BECAUSE WE ARE A SMALL TEAM, WE DO NOT HAVE A LEGAL TEAM AND CANNOT MAKE INDIVIDUAL CHANGES TO THE DPA. CHANGING A STANDARD DPA WOULD REQUIRE LEGAL COUNSEL AND MULTIPLE DISCUSSIONS, WHICH WOULD BE COSTLY FOR OUR TEAM.

By registering and/or using the Site (as that term is defined herein), you agree to be bound by this Addendum, as applicable (a signed .pdf of our DPA is available upon request). You enter into this Addendum on behalf of yourself and, to the extent required under the Data Protection Act, in the name and on behalf of your Authorized Parties. The parties agree to comply with the terms of this Addendum in relation to such Personal Data. Subject to the foregoing, the parties agree as follows

1. definition

An "affiliate" is an entity that directly or indirectly controls, is controlled by, or is under common control with an entity.

Authorized Affiliate" means your Affiliate who is authorized to receive or has received the benefit of the Services under this Agreement.

The term "control" shall mean ownership, voting rights, or similar interests representing more than 50% of the total outstanding shares of the entity at that time. The term "controlled" shall be construed accordingly.

Controller" means the entity that determines the purposes and means of processing Personal Data. Customer Data" means all data that LikePay and/or its affiliates process on your behalf in the course of providing services under this Agreement.

DATA BREACH" MEANS ANY ACCIDENTAL OR UNLAWFUL DESTRUCTION, LOSS, OR ALTERATION OF PERSONAL DATA, OR ANY UNAUTHORIZED OR UNLAWFUL BREACH OF SECURITY RESULTING IN UNAUTHORIZED DISCLOSURE OF OR ACCESS TO PERSONAL DATA. "DATA PROTECTION LAWS" MEANS ALL DATA PROTECTION AND PRIVACY LAWS APPLICABLE TO THE PROCESSING OF PERSONAL DATA UNDER THIS AGREEMENT AND THIS ADDENDUM, INCLUDING, WITHOUT LIMITATION, EU DATA PROTECTION LAWS, AS APPLICABLE.

"EU Data Protection Law" means (i) Regulation 2016/679 of the European Parliament and of the Council (the "General Data Protection Regulation") ("GDPR") and (ii) Privacy and Electronic Communications Directive 2002/58/EC, as either may be amended, replaced or (iii) the "GDPR" means the GDPR.

Personal Data" means any Customer Data relating to an identified or identifiable natural person to the extent that it is protected as Personal Data under applicable data protection laws.

"PROCESSOR" MEANS AN ENTITY THAT PROCESSES PERSONAL DATA ON BEHALF OF THE CONTROLLER." PROCESSING" SHALL HAVE THE MEANING GIVEN IN THE GDPR AND "PROCESSING", "PROCESS" AND "PROCESSING" SHALL BE INTERPRETED ACCORDINGLY.

Services" means the products or services provided to you by LikePay under this Agreement, as more fully described.

Subprocessor" means a processor engaged by LikePay or its affiliates to assist in the performance of its obligations under the Agreement or this Addendum to provide Services. Subprocessors may include third parties or LikePay Affiliates.

2. relationship between the two companies

2.1 Controllers and Processors

As between you and LikePay, you shall be the controller of your Personal Data and LikePay shall process Personal Data on your behalf only as processor.

2.2 Customer Obligations

As a controller, you agree to (i) comply with your obligations as a controller under the Data Protection Law with respect to your processing of Personal Data and any processing instructions you issue to LikePay, and (ii) notify and obtain (or will obtain) all consents and rights necessary under the Data Protection Law for LikePay to process Personal Data and provide services in accordance with the Agreement and this Addendum. (ii) agree that LikePay has been notified of and has obtained (or will obtain) all consents and rights required under the Data Protection Laws to process personal data and provide services in accordance with the Agreement and this Addendum.

2.3 Limited processing by LikePay

As a Processor, LikePay shall process Personal Data only for the purposes of: (i) processing for the performance of Services in accordance with this Agreement and this Addendum; (ii) performing procedures necessary to perform this Agreement and this Addendum; and (iii) to the extent consistent with the terms of this Agreement and this Addendum Processing solely in accordance with Customer's documented lawful instructions to comply with any other reasonable instructions provided by Customer; and (i) storage and other processing necessary to provide, maintain, and improve the services provided to you; (ii) to provide customer and technical support to you; and (iii) disclosure or further processing required by law. In this case, to the extent permitted by data protection law, LikePay shall inform the Customer of such legal requirements prior to any relevant disclosure or processing of its Personal Data. The parties agree that this Addendum and this Agreement set forth the Customer's complete and final instructions to LikePay regarding the processing of Personal Data and that any processing outside the scope of these instructions (if any) shall require prior written agreement between the Customer and LikePay.

2.4 Data on LikePay

Notwithstanding anything in this Agreement and/or this Addendum to the contrary, you acknowledge that LikePay may use and disclose data obtained in connection with the operation, support, and/or use of the Services for legitimate business purposes, including billing, account management, technical support, product development, sales and marketing. You acknowledge that LikePay may use and disclose data obtained in connection with the operation, support and/or use of the Services for legitimate business purposes, including billing, account management, technical support, product development, sales and marketing. To the extent such data is considered personal data under data protection laws, LikePay is the controller of such data and shall therefore process such data in accordance with data protection laws. Nothing in this Agreement or this Addendum shall prevent LikePay from using or sharing the data it collects and processes independently of your use of the Services.

3. security

3.1 Technical and organizational security measures.LikePay shall implement and maintain appropriate technical and organizational security measures to protect Personal Data from data breaches and to maintain the security and confidentiality of Personal Data. For additional information, please send specific questions to info@likepay.co. You acknowledge that LikePay's technical and organizational security measures are developed on an ongoing basis and may be updated and modified from time to time provided that such updates and modifications do not compromise the overall security of the Services purchased by you.

3.2 Confidentiality of processing

LikePay shall ensure that persons authorized by LikePay to process personal data are bound by appropriate confidentiality obligations (whether contractual or legal).

3.3 Data Leakage

To the extent permitted by law, LikePay shall notify Customer without undue delay if LikePay or a subprocessor becomes aware of a data breach affecting Customer's personal data, and shall provide Customer with sufficient information to enable Customer to fulfill its obligations under data protection laws to report or notify a data breach LikePay shall cooperate with you and take reasonable commercial steps at your direction to assist in the investigation, mitigation, and remediation of such data breach.

3.4 Records Management

LikePay shall maintain records of its security standards. Upon your written request, LikePay shall provide (on a confidential basis) copies of any relevant external certificates, audit report summaries, and/or other documents that you reasonably require to verify LikePay's compliance with this Addendum. further provide (on a confidential basis) written responses to all reasonable requests for information you make, including but not limited to responses to information security and audit questionnaires, that you (acting reasonably) believe are necessary to verify LikePay's compliance with this Addendum You shall.

4. sub-process

4.1 Approved Subprocessors

You agree that LikePay may hire sub-processors to process personal data on your behalf. Subprocessors currently employed by LikePay and approved by you are listed in our list of subprocessors, and LikePay shall provide you with reasonable advance notice (email is sufficient) if it adds or replaces any subprocessor. You may object in writing to LikePay's appointment of a new Subprocessor on reasonable data protection grounds by promptly notifying LikePay in writing within 10 calendar days of receipt of LikePay's notice. Such notice shall explain the reasonable basis for the objection. In such case, the parties shall discuss such concerns in good faith in order to achieve a commercially reasonable resolution. If this is not possible, either party may terminate the applicable service.

4.2 Obligation to Respect Subprocessors

LikePay shall. (i) enter into a written agreement with Subprocessor that imposes data protection conditions requiring Subprocessor to protect personal data to the level required by data protection laws; and (ii) comply with the obligations in this Addendum and that LikePay shall remain responsible for any acts or omissions of Subprocessor that cause it to breach its obligations in this Addendum remain liable for the Subprocessor's acts or omissions that cause LikePay to breach its obligations under this Addendum.

5. international remittance

5.1 Processing location

LikePay stores and processes EU Data (defined below) in data centers located outside the European Union. Other customer data may be transferred to and processed in Japan and anywhere else in the world where LikePay, its affiliates and sub-processors maintain data processing operations. LikePay shall implement appropriate safeguards to protect personal data in accordance with the requirements of data protection laws wherever personal data is processed.

6. cooperative system

6.1 Response to Requests

To the extent LikePay is required to do so under data protection law, LikePay shall provide you with such information as reasonably requested with respect to LikePay's processing of your Personal Data under the Agreement and/or this Addendum (at LikePay shall provide (at the Customer's expense).

6.2 Modification or Erasure by Customer

LikePay shall comply with your commercially reasonable requests to correct, amend, block or delete Personal Data as required by the Data Protection Law to the extent that LikePay is legally permitted to do so.

6.3 Access

To the extent Customer does not have independent access to relevant Personal Data within the Services, LikePay shall (at Customer's expense), taking into account the nature of the Processing and to the extent possible, respond to requests from individuals or applicable data protection authorities regarding the Processing of Personal Data under this Agreement and/or this Addendum by provide reasonable cooperation. If such a request is made directly to LikePay, LikePay shall not respond directly to such communication without your prior authorization unless legally compelled to do so; if LikePay is required to respond to such a request, LikePay shall, unless legally prohibited from doing so promptly notify you and provide you with a copy of the request.

6.4 Exercise of rights by the data subject

Considering the nature of the Processing, LikePay shall assist the Customer by implementing appropriate technical and organizational measures to the extent possible to fulfill the Customer's obligation, which the Customer reasonably understands, to respond to requests from data subjects to exercise their rights under the Data Protection Law. To the extent legally permissible, Customer shall bear all costs incurred by LikePay in providing such assistance (to the extent the provision of such assistance is not included in the Services to which Customer is entitled under this Agreement).

6.5 Return of Deleted Data upon Termination

However, this requirement does not apply to personal data that LikePay is required by applicable law to retain in whole or in part, or that is stored in a backup system, except to the extent that such personal data is required by applicable law to be securely separated and further processing.

7. other

7.1 Conflicts

Except as modified by this Addendum, this Agreement shall remain unchanged and in full force and effect. In the event of any inconsistency between this Addendum and this Agreement, this Addendum shall prevail to the extent of such inconsistency.

7.2 Liability

The liability of each party arising out of or relating to this Addendum and/or this Agreement, whether based in contract, tort or any other theory of liability, in the aggregate, shall be subject to the "Limitation of Liability" section of this Agreement. For the avoidance of doubt, LikePay's total liability for all claims arising out of or relating to this Agreement and this Addendum shall apply in the aggregate to all claims under both this Agreement and this Addendum.

7.3 Governance

This Addendum shall be governed by and construed in accordance with the governing law and jurisdictional provisions of this Agreement, except as otherwise provided by data protection law.