Updated October 23, 2024
This Data Processing Addendum (“Addendum”), having as an effective date the same Effective Date given in the Master Agreement (defined below) is entered into by and between Wealth Write-Up Inc., a Canadian corporation with offices located at 2000 Avenue McGill-College, Montréal, Québec, H3A 3H3, Canada (“Service Provider”), and Customer (Service Provider and Customer may each be referred to as a "Party", or collectively, the "Parties").
RECITALS
WHEREAS, the Customer and the Service Provider have entered into that certain Agreement (the "Master Agreement"), the form of which is available at https://wealthwriteup.com/ saas-agreement that may require the Service Provider to process personal information provided by or collected on behalf of the Customer; and
WHEREAS, this Addendum sets out additional terms, requirements and conditions for collecting, using, processing, disclosing, transferring or storing Personal Information when the Service Provider provides services under the Master Agreement;
NOW, THEREFORE, in consideration of the mutual covenants and agreements contained in this Addendum and for other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, the Parties agree as follows:
1. Definitions and Interpretation
1.1 The following definitions and rules of interpretation apply in this Addendum. Terms capitalized but not defined herein have the same meaning as given to them in the Master Agreement.
(i) "Business Purpose" means the services described in the Master Agreement.
(ii) "Individual" means an individual who is the subject of Personal Information.
(iii) "Personal Information" means any information the Service Provider collects, uses, processes or maintains for the Customer that is about or relates to an identifiable individual or identifies or can be used to identify that individual, directly or indirectly, either alone or in combination with other information, and includes as applicable any “personal information”, “personally identifiable information” or “personal data” as defined under Privacy and Data Protection Laws. Personal information does not include anonymized information.
(iv) "Processing, processes, or process" means any activity that involves the use of Personal Information or that the relevant Privacy and Data Protection Laws may otherwise include in the definition of processing, processes, or process. It includes collecting, using, disclosing, or carrying out any operation or set of operations on the Personal Information.
(v) "Privacy and Data Protection Laws" means all applicable federal, provincial, and foreign laws and regulations relating to the processing, protection, or privacy of the Personal Information, as each may be amended or replaced from time to time.
(vi) "Security Breach" means any act or omission that materially compromises the security, confidentiality, or integrity of Personal Information or the physical, technical, administrative, or organizational safeguards put in place to protect it.
1.2 This Addendum forms part of and is incorporated into the Master Agreement. In the case of conflict or ambiguity between any of the provisions of this Addendum and the provisions of the Master Agreement, the provisions of this Addendum will prevail.
2. Customer Responsibilities
2.2 The Customer represents and warrants that the Service Provider's expected use of the Personal Information for the Business Purpose and as specifically instructed by the Customer under this Addendum will comply with all Privacy and Data Protection Laws.
3. Service Provider Obligations
3.4 The Service Provider will reasonably assist the Customer with meeting the Customer's compliance obligations under the Privacy and Data Protection Laws, considering the nature of the Service Provider's processing and the information available to the Service Provider. The Customer acknowledges that the Service Provider is under no duty to investigate the completeness, accuracy, or sufficiency of any specific Customer instructions or the Personal Information other than as required under the Privacy and Data Protection Laws.
3.5 The Service Provider will limit Personal Information access to those employees who require it to meet the Service Provider's obligations under this Addendum and the Master Agreement.
3.7 The Service Provider will promptly notify the Customer if it becomes aware of any Security Breach and will take steps to contain and mitigate the Security Breach. The Service Provider will reasonably co-operate with the Customer in the Customer's handling of the matter, including making available all relevant information to the extent required to comply with all Privacy and Data Protection Laws. The Service Provider will not inform any third party of any Security Breach without first obtaining the Customer's prior written consent, except when Privacy and Data Protection Laws, or other laws or regulations, require it. The Service Provider agrees that the Customer has the sole right, to the extent permitted by applicable laws, to determine whether to provide notice of the Security Breach to any Individuals, regulators, law enforcement agencies or others, as required by Privacy and Data Protection Laws.
Customer acknowledges and agrees that Service Provider may process the Personal Information on a global basis as necessary for the Business Purpose, and in particular that Personal Information may be transferred to and processed by Service Provider in Canada, the United States and other jurisdictions where Service Provider affiliates and subprocessors have operations. Wherever the Personal Information is transferred outside its country of origin, each party will ensure such transfers are made in compliance with the requirements of applicable Privacy and Data Protection Laws.
5.1 Customer agrees that Service Provider may engage subprocessors to process the Personal Information on Customer's behalf, provided the Service Provider enters into a written contract with the subprocessor that imposes data protection terms that require the subprocessor to protect the Personal Information to the standard required by applicable Privacy and Data Protection Laws. A list of current subprocessors is available at https://wealthwriteup.com/sub-processors
6. Complaints, Individual Requests and Third Party Rights
6.3 The Service Provider will cooperate with the Customer in responding to any complaint, notice, communication, or Individual request.
7.1 This Addendum will remain in full force and effect until the expiry or termination of the Master Agreement (the “Term”).
7.2 If a change in any Privacy and Data Protection Law prevents either Party from fulfilling all or part of its Master Agreement obligations, the Parties will suspend the processing of Personal Information until that processing complies with the new requirements. If the Parties are unable to bring the Personal Information processing into compliance with the applicable Privacy and Data Protection Law by making commercially reasonable efforts, either Party may terminate the Master Agreement upon written notice to the other Party, without prejudice to any fees incurred by Customer prior to suspension or termination.
8. Data Return and Destruction
8.1 On termination of the Master Agreement for any reason or expiration of its term, the Service Provider will securely destroy or, if directed in writing by the Customer, return and not retain, all or any Personal Information related to this Addendum in its possession or control, unless applicable law permits or requires retention by Service Provider.
10. Limitation of Liability
The limitations of liability set forth in the Master Agreement will apply to this Addendum.