Standard Data Processing Agreement

This Vidds.co Standard Data Processing Agreement (the “Data Processing Agreement”) forms part of the agreement entered into concerning services relating to Vidds.co (the “Main Contract”). The Main Contract was entered into by signing an order form or other written or electronic agreement related to the Vidds.co services.

The Data Processing Agreement is entered into Vidds.co, acting as the processor and the customer signing the Main Contract (the “Customer”), acting as the controller.

Vidds.co and the Customer are individually referred to as “Party” and jointly as the “Parties”.

RECITALS:

Under the Main Contract, Vidds.co shall provide certain services to the Customer as detailed in the Main Contract (the “Services”).
The Customer may choose to include personal data in the information, data, text, notices, and other material provided or created by the Customer in conjunction with using the Services (hereinafter referred to collectively as “User Content”). Subject to the terms and conditions in this Data Processing Agreement, Vidds.co agrees to process such personal data in the User Content on behalf of the Customer as a data processor and as further detailed in Appendix 1. For the avoidance of doubt, if the Customer chooses not to include any personal data in the User Content, no personal data will be processed by Vidds.co on behalf of the Customer.
If any provision of the Main Contract conflicts with the terms of this Data Processing Agreement, the terms of this Data Processing Agreement shall prevail.

1. DEFINITIONS

In this Data Processing Agreement the following terms shall have the meanings set forth below:

“Agreement Date” means the date that the parties entered into the Main Contract as indicated above;

“Applicable Legislation” means laws and regulations under EU law and relevant Member State laws that from time to time apply to Vidds.co and the Customer;

“Applicable Data Protection Legislation” means all legislation and regulations, including regulations and decisions issued by relevant supervisory authorities, protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data that from time to time apply to Vidds.co and the Customer, including without limitation the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (the “GDPR”), including any future interpretations thereof in court precedence from the EU Court of Justice or any other authorized court or supervisory authority;

“Data Processing Agreement” means this Data Processing Agreement and the appendices attached hereto (as amended from time to time in accordance herewith); and

“Third Country” means a country which is not a member of the European Union (EU) or the European Economic Area (EEA).

The terms “data subject”, “processing”, “personal data”, and “personal data breach”, shall have the same meanings as set out in article 4 of the GDPR.

2. Vidds.co’S OBLIGATIONS

Vidds.co undertakes to only process personal data in accordance with the Customer’s documented and lawful instructions, including any processing instructions set out in this Data Processing Agreement and the Main Contract. Vidds.co will not process personal data for its own purposes unless required to do so by Applicable Legislation.
In the event the Customer submits new instructions which require Vidds.co to take measures that fall outside the scope of the Services or otherwise are not included in the Main Contract, Vidds.co shall be entitled to remuneration on a time and material basis. New instructions subject to this section 2 shall be subject to any change mechanisms (if any) included in the Main Contract.
Notwithstanding what is stated in section 1 above, Vidds.co may process personal data to the extent it is necessary in order to comply with legal requirements under Applicable Legislation, to which Vidds.co is subject. In such an event Vidds.co shall notify the Customer about the legal requirement before commencing the processing, unless Applicable Legislation prohibits Vidds.co from providing this information to the Customer.
Vidds.co shall as soon as possible notify the Customer if Vidds.co (i) lacks instructions from the Customer, (ii) cannot fulfill its obligations under this Data Processing Agreement, or (iii) is of the view that an instruction regarding the processing of personal data given by the Customer would be in breach of Applicable Data Protection Legislation, unless Vidds.co is prohibited from notifying the Customer under Applicable Legislation. The notice shall be sent to the e-mail address provided by the “Approved purchaser” in the order form or to such other e-mail address explicitly referred by the Customer for such notices.

3. THE CUSTOMER’S OBLIGATIONS

The Customer undertakes to comply with the Customer’s obligations under the Applicable Data Protection Legislation, including but not limited to ensuring that there is legal basis for the processing of any personal data in the User Content.

4. SECURITY MEASURES

Technical and Organizational Security Measures
1. Vidds.co shall take appropriate technical and organizational measures in order to protect the personal data processed by Vidds.co. The measures shall at least maintain a level of security which is deemed appropriate under Applicable Data Protection Legislation.
2. Vidds.co shall, upon the Customer’s written request, provide necessary information (available to Vidds.co) in order to allow the Customer to fulfill its obligations to, where applicable, carry out data protection impact assessments (DPIAs) and prior consultations with the relevant supervisory authority under Applicable Data Protection Legislation in relation to the processing of personal data covered by this Data Processing Agreement. In the event the Customer requests assistance from Vidds.co with respect to the establishment of a DPIA although the Customer is not obligated to conduct a DPIA according to Applicable Data Protection Legislation, Vidds.co shall be entitled to charge the Customer on a time and material basis for such assistance.
Access Control, Confidentiality and Logging
1. Vidds.co shall ensure that access to the personal data is restricted to those employees, consultants or other personnel at Vidds.co who need access to the personal data in order for Vidds.co to fulfill its obligations under this Data Processing Agreement and the Main Contract. Vidds.co shall continuously manage the access rights to ensure that access is stripped when no longer necessary.
2. Vidds.co shall through a non-disclosure agreement or other similar confidentiality arrangement ensure that all employees, consultants or other personnel authorized to access, and process personal data have committed themselves to confidentiality in relation to the processing of personal data covered by this Data Processing Agreement.

5. PERSONAL DATA BREACH

In the event of a personal data breach at Vidds.co, Vidds.co shall notify the Customer in writing without undue delay from when Vidds.co became aware of the Personal Data Breach. The notice shall be sent to the e-mail address provided by the “Approved purchaser” in the order form or to such other e-mail address explicitly referred by the Customer for such notices.
Vidds.co shall immediately upon becoming aware of the personal data breach conduct a risk analysis to assess the severity and scope of the personal data breach. Unless such risk analysis shows that it is unlikely that the personal data breach will purport any risk to the personal integrity of the data subjects, Vidds.co shall promptly take appropriate remedial measures to prevent or limit the potential adverse effects of the personal data breach.
Upon the Customer’s request, Vidds.co shall provide the Customer with:
1. a description of the nature of the personal data breach including the categories and approximate number of data subjects concerned and the categories and approximate number of personal data records concerned;
2. the likely consequences of the personal data breach; and
3. a description of the measures taken or proposed to be taken by Vidds.co to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.
Where and insofar as it is not possible for Vidds.co to provide the above mentioned information at the same time, the information may be provided in phases without further undue delay.
To the extent a personal data breach has occurred due to the Customer’s act or omission, or otherwise as a consequence of any circumstances on the Customer’s side in relation to which Vidds.co has no involvement or responsibility, then any assistance by Vidds.co requested by the Customer will be charged by Vidds.co on a time and material basis.

6. ACCESS TO INFORMATION

The Customer is entitled to, once (1) per year, either by itself or through a third party, conduct audits at Vidds.co to inspect whether Vidds.co is complying with its obligations regarding the security of the processing. Vidds.co shall be notified about such an audit at least fourteen (14) days prior to the audit. Any and all costs and expenses arising out of an audit in accordance with this section 1 shall be borne by the Customer. For the avoidance of doubt, an audit according to this section 6 shall only relate to information that is strictly necessary in order for the Customer to comply with its obligation to inspect the processing under Applicable Data Protection Legislation such as technical descriptions and internal records (subject to art. 30(2) GDPR) and internal data protection policies, and shall not under any circumstances include information pertaining to Vidds.co’s business which is irrelevant in relation to Vidds.co’s processing of personal data on behalf of the Customer.
In the event the Customer assigns a third party, the Customer shall ensure that such third party signs a confidentiality undertaking relating to any and all information which is disclosed to such third party during the audit, such confidentiality undertaking not to be less restrictive than the confidentiality undertaking set forth in section 2 below.
Customer shall be liable for the acts or omissions by any third-party auditor that assists Customer with the inspection subject to this section 6.

7. SUB-PROCESSORS AND TRANSFERS TO THIRD COUNTRY

Vidds.co has the right to engage or replace third parties as sub-processors for the processing of personal data in accordance with this Data Processing Agreement (so called “Sub-processing”) provided that Vidds.co and the sub-processor enters into a written contract and that the Sub-processing complies with this Data Processing Agreement and Applicable Legislation. Vidds.co shall remain responsible for any sub-processors. Vidds.co may also transfer personal data to a Third Country provided that Vidds.co shall comply with the provisions of the GDPR relating to the transfer of personal data outside the EU/EEA and undertakes to take all steps necessary to comply and allow the Customer to comply with such provisions, e.g. by entering into the at each time applicable Standard Contractual Clauses adopted by the EU Commission. Vidds.co shall be entitled to enter into Standard Contractual Clauses with any sub-processor on behalf of the Customer provided that all necessary steps have been taken with respect to assessing the legal landscape of the receiving country and that necessary measures are taken as a consequence of the Third Country’s legislation.

8. CONFIDENTIALITY

Without prejudice to any confidentiality undertakings included in the Main Contract, Vidds.co shall keep and maintain all personal data in strict confidence and not disclose the personal data to a third party, unless otherwise authorized in advance in writing by the Customer or otherwise required by Applicable Legislation or for the performance of this Data Processing Agreement or the Main Contract.
Subject to any confidentiality undertakings in the Main Contract, the Customer undertakes to keep any and all information that the Customer may receive about Vidds.co’s security measures, routines, IT systems or that is otherwise of confidential nature, strictly confidential and not disclose confidential information about Vidds.co or its sub-processors to any third party. The Customer may only disclose such information if the Customer is obligated to disclose such information according to Applicable Legislation or according to the Main Contract or this Data Processing Agreement. The Customer accepts that this confidentiality undertaking shall survive the termination of this Data Processing Agreement.

9. LIABILITY

The Parties are liable jointly and severally in relation to claims from data subjects. The Party compensating the data subject shall have a right to recourse in accordance with the provisions under art. 82 of the GDPR.
The Parties acknowledge and agree that neither Party shall have an obligation to indemnify the other Party for any administrative fines imposed by a supervisory authority or a court under Applicable Data Protection Legislation.
For the purposes of section 2 above, both Parties shall, to a reasonable extent, provide information to the other Party which may be useful within the scope of a supervisory matter or a court proceeding.

10. DATA SUBJECTS’ RIGHTS

Vidds.co shall, insofar it is possible, take necessary technical and organizational measures in order to assist the Customer in its obligation to respond to requests from data subjects to exercise the data subject’s rights according to Applicable Data Protection Legislation. Vidds.co shall upon Customer’s request cooperate with Customer and provide Customer with guidance related to the possibilities to respond to the data subject’s right request, e.g. by demonstrating to the Customer how personal data can be extracted from the Services.
If Vidds.co receives a request directly from a data subject relating to processing operations subject to this Data Processing Agreement, Vidds.co shall immediately and no later than within forty-eight (48) hours forward the request to Customer.

11. RETURN OF PERSONAL DATA

Upon termination of the Main Contract and subject to any provisions related to termination assistance in the Main Contract, the Customer shall instruct Vidds.co whether the personal data that Vidds.co has processed on behalf of the Customer within the scope of this Data Processing Agreement shall either, (i) be returned to the Customer, or (ii) be irreversibly deleted, unless Vidds.co is obligated under Applicable Legislation to continue to store the personal data, in which case Vidds.co shall notify the Customer subject to section 2.3. Unless otherwise agreed in the Main Contract, if the Customer does not submit such instruction within ninety (90) days from the termination of the Main Contract, Vidds.co will at its sole discretion either delete or store the personal data as further detailed in Appendix 1.

12. TERM AND TERMINATION

This Data Processing Agreement shall be effective as of the Agreement Date and until the Main Contract is terminated. However, if Vidds.co processes personal data on behalf of the Customer after the termination of the Main Contract, this Data Processing Agreement shall apply until Vidds.co no longer processes any personal data on the Customer’s behalf.

13. NON-ASSIGNMENT

Neither of the rights nor the obligations of either Party under this Data Processing Agreement may be assigned in whole or in part without the prior written consent of the other Party, unless otherwise stated in this Data Processing Agreement.

14. AMENDMENTS

Vidds.co reserves the right to make additions or amendments to this Data Processing Agreement. If such addition or amendment constitutes either a material adjustment to the Data Processing Agreement or has a material adverse impact on the Customer’s business, Vidds.co shall notify the Customer regarding the changes not later than sixty (60) calendar days prior to the entry into force of the changes. Customer shall have the right to terminate the Main Contract and this Data Processing Agreement in writing with immediate effect if objecting to the changes and such objections are not adhered to by Vidds.co. If the Customer has not terminated the Main Contract and this Data Processing Agreement within the subject sixty (60) day period, the Customer shall be deemed to have accepted the changes.
This Data Processing Agreement applies to and covers any changes, additions, or amendments to the Main Contract (e.g. changes to the service description or additional support). If the Main Contract is terminated and a new contract with a similar scope and purpose to the Main Contract is entered into, but without a new data processing agreement, this Data Processing Agreement shall apply to the new contract. This also applies if an explicit reference is made to this Data Processing Agreement in a contract between the Customer and Vidds.co.

15. GOVERNING LAW

This Data Processing Agreement shall be governed and construed in accordance with the laws of Sweden, without regard to its conflict of law principles.

16. DISPUTE RESOLUTION

Any dispute arising out of or in connection with this Data Processing Agreement shall be finally settled in accordance with the provisions regarding dispute resolution in the Main Contract.

Appendix 1

DESCRIPTION OF THE SCOPE, PROCESSING AND USE OF PERSONAL DATA COVERED BY THE DATA PROCESSING AGREEMENT

Categories of Data Subjects	Data subjects of varying kinds included in the User Content by the Customer in the Services or otherwise added to the Services by the Customer (may include suppliers, interviewees, contributors etc).
Categories of Personal Data	User Content – Personal data included as part of User Content by the Users on behalf of the Controller (may include names or other personal data written in free text, images etc.)
Purpose(s) of the Processing	Producing User Content (both editorial and marketing) in the Vidds.co Services by and on behalf of the Customer.
Processing Operations	The Personal Data will be subject to the following basic processing activities:CollectionStorageDistributionDeletion or destruction
Retention of Personal Data	The personal data may be stored for 6 months after the respective Order Term as defined in the Main Contract or until the Customer requests that Vidds.co deletes the personal data, whichever comes first. The storage limit might be increased upon written agreement between the Customer and Vidds.co.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Vidds AI

Use cases

Features