This Data Processing Addendum ("DPA") forms part of the Terms of Service or other agreement between Social Anchor LLC ("Social Anchor," "we," "us," or "our") and the client identified in the applicable Order ("Client," "you," or "your") (together, the "Agreement") and governs the processing of Personal Data by Social Anchor on behalf of Client in connection with the services we provide. By accepting the Agreement, Client also accepts the terms of this DPA where it applies.
Capitalized terms not defined in this DPA have the meanings given in the Agreement. The following definitions apply to this DPA:
This DPA applies to the extent that Social Anchor processes Personal Data on behalf of Client in connection with the services provided under the Agreement and where such processing is subject to Applicable Data Protection Laws.
In the event of any conflict between this DPA and the Agreement, this DPA controls with respect to the processing of Personal Data.
For Personal Data processed under the Agreement:
Each party is responsible for its own compliance with Applicable Data Protection Laws in its respective role.
Social Anchor will process Personal Data only on documented instructions from Client, including with regard to transfers of Personal Data to a third country or international organization, unless required to do so by law applicable to Social Anchor. The Agreement, this DPA, and Client's reasonable use of the services constitute Client's documented instructions.
Each party will comply with its respective obligations under Applicable Data Protection Laws. Social Anchor will notify Client if, in our opinion, Client's instruction would violate Applicable Data Protection Laws.
The subject matter, duration, nature, purpose, types of Personal Data, and categories of Data Subjects are described in Schedule 1.
Client provides Social Anchor with general authorization to engage Subprocessors to process Personal Data as needed to deliver the services. A current list of Subprocessors is set out in Schedule 3 and is also available on request.
Before engaging any Subprocessor, Social Anchor will:
Social Anchor will notify Client of any intended addition or replacement of Subprocessors at least thirty (30) days in advance, giving Client an opportunity to object to such changes. If Client reasonably objects on data protection grounds, the parties will work together in good faith to resolve the objection. If the parties cannot resolve the objection, Client may terminate the affected portion of the services for cause.
Social Anchor remains liable to Client for the acts and omissions of its Subprocessors to the same extent Social Anchor would be liable for performing the services directly.
Social Anchor will ensure that any person authorized to process Personal Data (including Subprocessor personnel) is bound by appropriate confidentiality obligations, whether through contract or statutory duty.
Social Anchor will implement appropriate technical and organizational measures to protect Personal Data against unauthorized or unlawful processing, accidental loss, destruction, or damage, in accordance with Applicable Data Protection Laws.
A description of the security measures we maintain is set out in Schedule 2. Social Anchor may update these measures from time to time, provided the updated measures do not materially reduce the level of protection.
Social Anchor will provide reasonable assistance to Client in fulfilling Client's obligation to respond to requests from Data Subjects exercising their rights under Applicable Data Protection Laws (including rights of access, rectification, erasure, restriction, portability, and objection).
If Social Anchor receives a request directly from a Data Subject regarding Personal Data processed under the Agreement, we will promptly forward the request to Client and will not respond to the Data Subject directly except as instructed by Client or required by law.
Social Anchor will notify Client without undue delay, and in any event within seventy-two (72) hours, after becoming aware of a Personal Data Breach affecting Personal Data processed on Client's behalf. The notification will include, to the extent then known:
Social Anchor will cooperate with Client and provide reasonable assistance in connection with Client's obligations under Applicable Data Protection Laws to notify Supervisory Authorities and Data Subjects.
Social Anchor will provide reasonable assistance to Client in carrying out data protection impact assessments and prior consultations with Supervisory Authorities where required by Applicable Data Protection Laws, taking into account the nature of the processing and the information available to Social Anchor.
To the extent that the processing of Personal Data under this DPA involves the transfer of Personal Data from the European Economic Area, the United Kingdom, or Switzerland to a country that has not been deemed to provide an adequate level of protection:
The optional Module Two (Controller to Processor) of the SCCs applies. Where the SCCs offer choices, the parties select the option providing the greater protection for Data Subjects.
Upon termination of the Agreement, Social Anchor will, at Client's choice, delete or return all Personal Data to Client and delete existing copies, unless retention is required by applicable law.
Client may make this election at any time before or within thirty (30) days after termination by notice to Social Anchor. If Client does not make an election within that period, Social Anchor will delete the Personal Data in accordance with our standard data retention practices, subject to legal retention requirements.
Social Anchor will make available to Client information reasonably necessary to demonstrate compliance with this DPA and will allow for and contribute to audits, including inspections, conducted by Client or an independent auditor mandated by Client.
Audits will be subject to the following conditions:
Social Anchor may satisfy its audit obligations by providing copies of relevant third-party audit reports (such as SOC 2 or ISO 27001 reports) in lieu of an on-site audit, to the extent such reports cover the matters in question.
Each party's liability arising out of or in connection with this DPA is subject to the limitations of liability set out in the Agreement.
This DPA is effective on the date Client accepts the Agreement and continues for the duration of the Agreement. The provisions of this DPA that by their nature should survive termination will survive, including those relating to confidentiality, return or deletion of Personal Data, and liability.
If there is a conflict between this DPA and the Agreement, this DPA controls with respect to the processing of Personal Data. If there is a conflict between this DPA and the Standard Contractual Clauses, the SCCs control.
Social Anchor may update this DPA from time to time to reflect changes in Applicable Data Protection Laws, our services, or our subprocessors. Material changes will be communicated by email or by prominent notice on our site.
This DPA is governed by the laws specified in the Agreement, except where Applicable Data Protection Laws require otherwise.
Provision of short-form video production and social media management services by Social Anchor to Client under the Agreement.
For the duration of the Agreement, plus any period thereafter during which Social Anchor retains Personal Data in accordance with this DPA and applicable law.
Personal Data is processed to enable Social Anchor to deliver the services described in the Agreement, including video production, post-production, native publication to social media platforms, advertising campaign management (where applicable), and performance reporting.
Social Anchor maintains the following technical and organizational measures, as described in greater detail on our Security page:
The following Subprocessors are authorized as of the effective date of this DPA:
Updated lists of Subprocessors are available on request from Privacy@SocialAnchor.io. New Subprocessors will be notified in accordance with Section 5.
Questions about this DPA:
