TERMS AND AGREEMENT
Thanks for using Lean PlanDo. This policy explains the term and agreements for using Lean PlanDo.
We’ll start by getting a few definitions out of the way that should help you understand this policy. When we say "we," "us," and "Lean PlanDo” and ”Lean Station” and application provider and service provider we’re referring to Lean Station Pte Ltd, d/b/a Lean PlanDo , a Singapore private limited company. When we say “you” or “Member,” we’re referring to the person or entity that’s registered with us to use the Services.
We provide online platforms and mobile apps for Google Android and Apple devices that you may use lean construction methodologies to create, plan, and manage construction activities (the “Services”). We offer the Services on our websites
(each a “Website” and together the “Websites”) and through our mobile apps for Google Android and Apple IOS devices. In the course of providing the Services, we may collect Personal Information, which means information about a Member. A "collaboration list" is a list of email addresses that one of our Members has added, or intends to invite to in a project, and all information relating to those email addresses.
3. Effective date
Terms & conditions
The “services” are licensed, not sold, to the member for use only under the terms of this license, unless a Product is accompanied by a separate license agreement, in which case the terms of that separate license agreement will govern, subject to Your prior acceptance of that separate license agreement. The licensor (“Application Provider”) reserves all rights not expressly granted to the member. The Product that is subject to this license is referred to in this license as the “Licensed Application.”
a. Scope of license: This license granted to the member for the Licensed Application by Application Provider is limited to a non-transferable license to use the Licensed Application for a term on any device that the member own or control. This license does not allow the member to use the Licensed Application on any device that the member do not own or control, and the member may not distribute, share or make the link to Licensed Application available over a network where it could be used by unintended parties without the consent of the Application Provider. The member may not rent, lease, lend, sell, redistribute or sublicense the Licensed Application. the member may not copy (except as expressly permitted by this license and the Usage Rules), decompile, reverse engineer, hack code, disassemble, attempt to derive the source code of, modify, or create derivative works of the Licensed Application, any updates, or any part thereof (except as and only to the extent any foregoing restriction is prohibited by applicable law or to the extent as may be permitted by the licensing terms governing use of any open sourced components included with the Licensed Application). Any attempt to do so is a violation of the rights of the Application Provider and its licensors. If the member breaches this restriction, the member may be prosecuted and damages applicable or punishable by law. Further, the license may be revoked or terminated prematurely without any refund for paid amounts. The terms of the license will govern any upgrades provided by Application Provider that replace and/or supplement the original Product, unless such upgrade is accompanied by a separate license in which case the terms of that license will govern. The license will be assigned is to specific person, signing on behalf of the organization they are working for and is not transferrable and should not be shared. The Member agreed that the information provided is accurate and complete. The Member is aware that any changes, requiring your approval, may be subject to additional costs.
b. Consent to use of data: The member agree that Application Provider may collect and use technical data and related information, including but not limited to technical information about Your device, system and application software, and peripherals, that is gathered periodically to facilitate the provision of software updates, product support and other services to the member (if any) related to the Licensed Application. Application Provider may use this information, as long as it is in a form that does not personally identify the member, to improve its products or to provide services or technologies to the member.
c. Termination. The license is effective until terminated by the member or Services Provider. Your rights under this license will terminate automatically without notice from the Application Provider if the member fail to comply with any term(s) of this license. Upon termination of the license, the member shall cease all use of the Licensed Application, and destroy all copies, full or partial, of the Licensed Application.
d. Services: Third Party Materials. The Licensed Application may enable access to Application Provider’s and third party services and websites (collectively and individually, "Services"). Use of the Services may require Internet access and that the Member accepts additional terms of service. The member agrees to use the Services at their sole risk and that the service provider shall not have any liability to the member for content that may be found to be offensive, indecent, or objectionable.
e. Subject to the terms hereof, Company will provide Member with reasonable technical support services in accordance with the terms set forth. For a paying Member technical support is extended via online medium and phone medium only. Direct on-site Member support is not applicable unless it has been agreed mutually between the member or the organization.
f. NO WARRANTY: LEAN STATION DOES NOT GUARANTEE THAT THE PROGRAMS WILL PERFORM ERROR-FREE OR UNINTERRUPTED OR THAT LEAN STATION WILL CORRECT ALL PROGRAM ERRORS. TO THE EXTENT PERMITTED BY LAW, THESE WARRANTIES ARE EXCLUSIVE AND THERE ARE NO OTHER EXPRESS OR IMPLIED WARRANTIES OR CONDITIONS, INCLUDING WARRANTIES OR CONDITIONS OF MERCHANTABILITY, SATISFACTORY QUALITY AND FITNESS FOR A PARTICULAR PURPOSE. THE MEMBER EXPRESSLY ACKNOWLEDGE AND AGREE THAT USE OF THE LICENSED APPLICATION IS AT YOUR SOLE RISK AND THAT THE ENTIRE RISK AS TO SATISFACTORY QUALITY, PERFORMANCE, ACCURACY AND EFFORT IS WITH THE MEMBER. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED APPLICATION AND ANY SERVICES PERFORMED OR PROVIDED BY THE LICENSED APPLICATION ("SERVICES") ARE PROVIDED "AS IS" AND “AS AVAILABLE”, WITH ALL FAULTS AND WITHOUT WARRANTY OF ANY KIND, AND APPLICATION PROVIDER HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS WITH RESPECT TO THE LICENSED APPLICATION AND ANY SERVICES, EITHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES AND/OR CONDITIONS OF MERCHANTABILITY, OF SATISFACTORY QUALITY, OF FITNESS FOR A PARTICULAR PURPOSE, OF ACCURACY, OF QUIET ENJOYMENT, AND NON-INFRINGEMENT OF THIRD PARTY RIGHTS. APPLICATION PROVIDER DOES NOT WARRANT AGAINST INTERFERENCE WITH YOUR ENJOYMENT OF THE LICENSED APPLICATION, THAT THE FUNCTIONS CONTAINED IN, OR SERVICES PERFORMED OR PROVIDED BY, THE LICENSED APPLICATION WILL MEET YOUR REQUIREMENTS, THAT THE OPERATION OF THE LICENSED APPLICATION OR SERVICES WILL BE UNINTERRUPTED OR ERROR-FREE, OR THAT DEFECTS IN THE LICENSED APPLICATION OR SERVICES WILL BE CORRECTED. NO ORAL OR WRITTEN INFORMATION OR ADVICE GIVEN BY APPLICATION PROVIDER OR ITS AUTHORIZED REPRESENTATIVE SHALL CREATE A WARRANTY. SHOULD THE LICENSED APPLICATION OR SERVICES PROVE DEFECTIVE, THE MEMBER ASSUME THE ENTIRE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES OR LIMITATIONS ON APPLICABLE STATUTORY RIGHTS OF A CONSUMER, SO THE ABOVE EXCLUSION AND LIMITATIONS MAY NOT APPLY TO THE MEMBER.
g. Limitation of liability. LEAN STATION WILL NOT BE LIABLE FOR ANY DAMAGES RESULTING IN THE USE OF ITS FEATURES OR SERVICES OR FROM THE USE OF DATA OR INFORMATION FROM THE LICENSED APPLICATION TO THE EXTENT NOT PROHIBITED BY LAW, IN NO EVENT SHALL APPLICATION MANUFACTURER, PROVIDER OR DISTRIBUTOR BE LIABLE FOR PERSONAL INJURY, OR ANY INCIDENTAL, SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES WHATSOEVER, INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, LOSS OF DATA, BUSINESS INTERRUPTION OR ANY OTHER COMMERCIAL DAMAGES OR LOSSES, OR ATTORNEY’S FEES. ARISING OUT OF OR RELATED TO YOUR USE OR INABILITY TO USE THE LICENSED APPLICATION, HOWEVER CAUSED, REGARDLESS OF THE THEORY OF LIABILITY (CONTRACT, TORT OR OTHERWISE) AND EVEN IF APPLICATION PROVIDER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME JURISDICTIONS DO NOT ALLOW THE LIMITATION OF LIABILITY FOR PERSONAL INJURY, OR OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THIS LIMITATION MAY NOT APPLY TO THE MEMBER. IN NO EVENT SHALL APPLICATION PROVIDER’S TOTAL LIABILITY TO THE MEMBER FOR ALL DAMAGES EXCEED THE AMOUNT OF ONE DOLLAR ($1.00). THE FOREGOING LIMITATIONS WILL APPLY EVEN IF THE ABOVE STATED REMEDY FAILS OF ITS ESSENTIAL PURPOSE.
h. Member may not remove or export from Singapore or allow the export or re-export of the Services, Software or anything related thereto, or any direct product thereof in violation of any restrictions, laws or regulations of any governing authority.
i. The laws of the Singapore, excluding its conflicts of law rules, govern this license and your use of the Licensed Application. Your use of the Licensed Application may also be subject to other local, state, national, or international laws.
j. Lean Station will manufacture and sell the Products in compliance with the state, and local laws applicable to each Product. Member will comply with the state, and local laws applicable to the handling, transportation, storage, use, processing, disposal, distribution, sale, and resale of Products and to any of Member’s products that contain or are made by using Products. Under no circumstances will either party offer or make any payment or give anything of value to another person or entity where such payment or action would violate an applicable law or regulation, including, but not limited to, any applicable anti-bribery, anti-corruption, or anti-kickback law.
CONFIDENTIALITY; PROPRIETARY RIGHTS
Each party (the “Receiving Party”) understands that the other party (the “Disclosing Party”) has disclosed or may disclose business, technical or financial information relating to the Disclosing Party’s business (hereinafter referred to as “Proprietary Information” of the Disclosing Party). Proprietary Information of Company includes non-public information regarding features, functionality, algorithms or methods and performance of the of the Licensed Application. Proprietary Information of Member includes non-public data provided by Member to Company to enable the provision of the Services (“Member Data”). The Receiving Party agrees:
a.to take reasonable precautions to protect such Proprietary Information, and
b.not to use (except in performance of the Services or as otherwise permitted herein) or
c.divulge to any third person any such Proprietary Information.
The Disclosing Party agrees that the foregoing shall not apply with respect to any information after five (5) years following the disclosure thereof or any information that the Receiving Party can document
a.is or becomes generally available to the public, or
b.was in its possession or known by it prior to receipt from the Disclosing Party, or
c.was rightfully disclosed to it without restriction by a third party, or
d.was independently developed without use of any Proprietary Information of the Disclosing Party
e.is required to be disclosed by law.
Member shall own all right, title and interest in and to the Member Data, as well as any data that is based on or derived from the Member Data and provided to Member as part of the Services. Company shall own and retain all right, title and interest in and to:
a.the Services and Software, all improvements, enhancements or modifications thereto,
b.any software, applications, inventions or other technology developed in connection with Implementation Services or support, and
c.all intellectual property rights related to any of the foregoing.
Notwithstanding anything to the contrary, Company shall have the right collect and analyse data and other information relating to the provision, use and performance of various aspects of the Services and related systems and technologies (including, without limitation, information concerning Member Data and data derived therefrom), and Company will be free (during and after the term hereof) to
a.use such information and data to improve and enhance the Services and for other development, diagnostic and corrective purposes in connection with the Services and other Company offerings, and
b.disclose such data solely in aggregate or other de-identified form in connection with its business.
No rights or licenses are granted except as expressly set forth herein.
If any provision of this Agreement is found to be unenforceable or invalid, that provision will be limited or eliminated to the minimum extent necessary so that this Agreement will otherwise remain in full force and effect and enforceable. This Agreement is not assignable, transferable or sub licensable by Member except with Company’s prior written consent. Company may transfer and assign any of its rights and obligations under this Agreement without consent. This Agreement is the complete and exclusive statement of the mutual understanding of the parties and supersedes and cancels all previous written and oral agreements, communications and other understandings relating to the subject matter of this Agreement, and that all waivers and modifications must be in a writing signed by both parties, except as otherwise provided herein. No agency, partnership, joint venture, or employment is created as a result of this Agreement and Member does not have any authority of any kind to bind Company in any respect whatsoever. In any action or proceeding to enforce rights under this Agreement, the prevailing party will be entitled to recover costs and attorneys’ fees. All notices under this Agreement will be in writing and will be deemed to have been duly given when received, if personally delivered; when receipt is electronically confirmed, if transmitted by facsimile or e-mail; the day after it is sent, if sent for next day delivery by recognised overnight delivery service; and upon receipt, if sent by certified or registered mail, return receipt requested. This Agreement shall be governed by the laws of Singapore without regard to its conflict of laws provisions.Updated January 01, 2021
Thanks for using Lean PlanDo. This policy explains the what, how, and why of the information we collect when you use Lean PlanDo. It also explains the specific ways we use and disclose that information. We never sell lists or email addresses.
We’ll start by getting a few definitions out of the way that should help you understand this policy. When we say "we," "us," and "Lean PlanDo” and ”Lean Station” we’re referring to Lean Station Pte Ltd, d/b/a Lean PlanDo , a Singapore private limited company. When we say “you” or “Member,” we’re referring to the person or entity that’s registered with us to use the Services.
We provide online platforms and mobile apps for Google Android and Apple devices that you may use lean construction methodologies to create, plan, and manage construction activities (the “Services”). We offer the Services on our websites
(each a “Website” and together the “Websites”) and through our mobile apps for Google Android and Apple IOS devices. In the course of providing the Services, we may collect Personal Information, which means information about a Member. A "collaboration list" is a list of email addresses that one of our Members has added, or intends to invite to in a project, and all information relating to those email addresses
3. Effective date
If you have any questions or comments, or if you want to update, delete, or change any Personal Information you’ve submitted on the Website, please write to firstname.lastname@example.org to get in touch.
5. Information we collect
2.List and email information: When you add a collaborator to the project or create an email with the Services, we have access to the data on your list and the information in your email.
3.Information from your use of the service: We may get information about how and when you use the Services. This information may include your IP address, time, date, browser used, and actions taken by you within the application. Also, project data gathered from the use of services.
4.Cookies: When you register to use Lean PlanDo, we store "cookies," which are strings of code, on your computer. We use those cookies to collect information about when you visit our Website, when you use the Services, your browser type and version, your operating system, and other similar information. You may turn off cookies that have been placed on your computer by following the instructions on your browser, but if you block our cookies, it may be more difficult (and maybe even impossible) to use the Services.
5.Construction related information: All data that are added to the websites are captured including the names of the activities, the type of activities, the duration, constraints, site photos, drawings, layouts, permits, images, videos etc. When the member or any invited collaborator updates this information again real-time data is captured through information such as task progress or variance etc. These are all considered as personal data to the member and all this data is captured and stored securely.
6. Use and disclosure of your personal data
We use the data we collect from all of our services to provide, maintain, protect and improve them, to develop new ones, and to protect Lean Station, it’s products and our users. We also use this information to offer you tailored personalized information. Our automated systems analyze your data to provide you personally relevant product features, such as customized insights, analysis, and notifications. We use and disclose your personal data only as follows:
1.To promote use of our services. For example, if you leave your Personal Information when you visit our Website and don’t sign up for any of the Services, we may send you an email asking whether you want to sign up. And if you use any of our Services, and we think you might benefit from using another Service we offer, we may send you an email telling you about it.
2.For R&D of our products and services. For example our automated systems will analyze your data provided when you use our products and services to improve them, develop new, secure, maintain and provide stable operations consistently.
3.To bill and collect money owed to us. This includes sending you emails, invoices, receipts, notices of delinquency, and alerting you if we need a different credit card number. We use third parties for secure credit card transaction processing, and we send billing information to those third parties to process your orders and credit card payments. To learn more about the steps we take to safeguard that data, see Section 7 below.
6.To provide customer support. This may include providing project level support from a representative from the company who can access your project data upon your approval.
7.To protect the rights and safety of our members and third parties, as well as our own.
8.To meet legal requirements like complying with court orders and valid subpoenas.
9.To provide information to representatives and advisors, like attorneys and accountants, to help us comply with legal, accounting, or security requirements.
10.To prosecute and defend a court, arbitration, or similar proceeding.
11.To support and improve the services we offer.
12.To communicate with you about your account for informational, not promotional, reasons.
14.To send you informational and promotional content that you may choose (or "opt in") to receive. You can stop receiving our promotional emails by following the unsubscribe instructions included in every email.
Lean Station only discloses your personal data in limited circumstances
LS will only disclose the personal data you have provided to us to entities outside the Lean Station group of companies if it is necessary and appropriate to facilitate the purpose for which your personal information was collected pursuant to this Policy, including the provision of the Service.
Occasionally, we have to disclose information about our customers to meet legal requirements. Third-party disputes are a common example: If two parties have a dispute, and one of them used Lean PlanDo in a way that’s relevant to the dispute, then we might get a request for user data. Whether we say “no way” or comply depends on the subpoena.
It’s the law! Unsubscribe links are required by the CAN-SPAM act. Plus, making it easy for people to opt out is the nice thing to do.
7. Public information and third parties
1.Blog. We have public blogs on our Websites. Any information you include in a comment on our blog may be read, collected, and used by anyone. If your Personal Information appears on our blogs and you’d like it to be removed, contact us at email@example.com. If we’re not able to remove your information, we’ll let you know why.
2.Social media widgets. Our Websites include social media features, like the Facebook Like button. These features may collect information about your IP address and which page you’re visiting on our site, and they may set a cookie to make sure the feature functions properly. Social media features and widgets are either hosted by a third party or hosted directly on our site. Your interactions with those features are governed by the privacy policies of the companies that provide them.
4.Service providers. If it is necessary to provide you a service you've requested, like send you a T-shirt or enable a feature like Social Profiles, then we may provide your personal information to a service provider. We will restrict any service provider's use of your personal information. We will tell you whenever reasonably possible and you may request at any time the name of our service providers.
8. Notice of breach of security
Nobody’s safe from hackers. If a security breach causes an unauthorized intrusion into our system that materially affects you or people on your collaboration Lists, then Lean Station will notify you as soon as possible and later report the action we took in response.
9. Safeguarding your information
We do not capture any credit card information at this point and the site uses no SSL certification at this moment. When we begin processing credit card information, to protect your information, our credit card processing vendor will use the latest 128/256-bit Secure Socket Layer (SSL) technology for secure transactions. Our vendor is certified as compliant with card association security initiatives, like the Visa Cardholder Information Security and Compliance (CISP), MasterCard® (SDP), and Discovery Information Security and Compliance (DISC). However, Lean Station will not be liable to you for any damages resulting from the use of data or information from this product.
Lean PlanDo accounts require a username and password to log in. You must keep your username and password secure, and never disclose it to a third party. Because the information in your Collaboration Lists is so sensitive, account passwords are encrypted, which means we can’t see your passwords. We can’t resend forgotten passwords either. We’ll only reset them.
10. Personal data protection notice
Lean PlanDo complies with the Singapore’s Personal Data Protection Act (pdpa) which is overseen by the Government of Singapore,. We certify that we follow the principles of notice, choice, onward transfer, security, data integrity, access, and enforcement.
This Personal Data Protection Policy notice for personal data (“Notice”) is issued to all our valued customers and guests of Lean Station Pte Ltd (“[LEAN STATION]”, “[LS]”, “us”, “we”, “our” or “ours”), pursuant to the statutory requirements of the Personal Data Protection Act 2012 (“PDPA”).
We at LS take our responsibilities under Singapore’s PDPA seriously. We also recognize the importance of the personal data you have entrusted to us and believe that it is our responsibility to properly manage, protect and process your personal data.
During your course of dealing with us, we may have, and / or will collect, use, disclose and process your personal data for purposes, including, to communicate with you, provide products and/or services to you, respond to your enquiries or complaints, provide you with information and/or updates on products, services and/or promotions offered by LS and selected third parties and other purposes required to operate and maintain our business as set out in our Personal Data Protection Policy (collectively referred to as “Purposes”).
In order to conduct our business operations more smoothly, we may also be disclosing the personal data you have provided to us to our third party service providers, agents and/or our affiliates or related corporations, and/or other third parties whether sited in Singapore or outside of Singapore, for one or more of the above-stated Purposes. Such third party service providers, agents and/or affiliates or related corporations and/or other third parties would be processing your personal data either on our behalf or otherwise, for one or more of the above-stated Purposes.
11. Safe harbor certification
We certify that we follow the principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. In light of a recent European Court of Justice ruling users may request an updated data processing agreement which incorporates the Standard Contractual Clauses here.
12. Accuracy of data, transparency, and choice
We do our best to keep your data accurate and up to date, to the extent that you provide us with the information we need to do that. If your data changes (like a new email address), then you’re responsible for notifying us of those changes.
We only store data about you for as long as it’s reasonably required to fulfill the purposes that gave us the right to access it in the first place. We keep some data indefinitely, relating to when and where emails were sent, which bounced, which resulted in a complaint, and similar information, because we use it to help us screen out people who violate SPAM laws, and for other reasons explained in this policy.
We’ll give you access to any Personal Information about you that we hold within 30 days of any request for that information you make by contacting the Data Protection Officer on firstname.lastname@example.org. Unless it’s prohibited by law, we’ll remove any Personal Information about you from our servers at your request.Updated January 01, 2021
DATA PROCESSING AGREEMENT
The Personal Data protection Act (PDPA) took effect in phases starting with the provisions relating to the formation of the PDPC on 2 January 2013. Provisions relating to the DNC Registry came into effect on 2 January 2014 and the main data protection rules on 2 July 2014. This allowed time for organisations to review and adopt internal personal data protection policies and practices, to help them comply with the PDPA.
Passed in 2016, the new General Data Protection Regulation(GDPR) is the most significant legislative change in European data protection laws since the EU Data Protection Directive (Directive 95/46/EC), introduced in 1995. The GDPR, which becomes enforceable on May 25, 2018, seeks to strengthen the security and protection of personal data in the EU and serve as a single piece of legislation for all of the EU. It will replace the EU Data Protection Directive and all the local laws relating to it.
We support the PDPA and GDPR and will ensure all Lean Station services comply with its provisions from May 25, 2018. Not only is the PDPA and GDPR an important step in protecting the fundamental right of privacy for all users, it also raises the bar for data protection, security and compliance in the industry.
Customer Personal Data Protection Agreement (PDPA)
This Customer Data Processing Agreement reflects the requirements of the Singaporean Personal Data Protection Act (PDPA) as it comes into effect on 2 Jan, 2013. Lean Station´s products and services offered in the Singapore region are PDPA ready and this DPA provides you with the necessary documentation of this readiness.
Customer GDPR Data Processing Agreement
This Customer Data Processing Agreement reflects the requirements of the European Data Protection Regulation (“GDPR”) as it comes into effect on May 25, 2018. Lean Station´s products and services offered in the European Union are GDPR ready and this DPA provides you with the necessary documentation of this readiness.
This Data Processing Agreement (“DPA”) is an addendum to the Customer Terms of Service (“Agreement”) between Lean Station, Pte Ltd (“Lean Station”) and the Customer. All capitalized terms not defined in this DPA shall have the meanings set forth in the Agreement. Customer enters into this DPA on behalf of itself and, to the extent required under Data Protection Laws, in the name and on behalf of its Authorized Affiliates (defined below).
The parties agree as follows:
“Affiliate” means an entity that directly or indirectly Controls, is Controlled by or is under common Control with an entity.
“Authorized Affiliate” means any of Customer Affiliate(s) permitted to or otherwise receiving the benefit of the Services pursuant to the Agreement.
“Control” means an ownership, voting or similar interest representing fifty percent (50%) or more of the total interests then outstanding of the entity in question. The term “Controlled” shall be construed accordingly.
“Controller” means an entity that determines the purposes and means of the processing of Personal Data.
“Customer Data” means any data that Lean Station and/or its Affiliates processes on behalf of Customer in the course of providing the Services under the Agreement.
“Data Protection Laws” means all data protection and privacy laws and regulations applicable to the processing of Personal Data under the Agreement, including, where applicable, PDPA or the EU Data Protection Law.
“EU Data Protection Law” means (i) prior to May 25, 2018, Directive 95/46/EC of the European Parliament and of the Council on the protection of individuals with regard to the processing of Personal Data and on the free movement of such data (“Directive”) and on and after May 25, 2018, Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data (General Data Protection Regulation) (“GDPR”); and (ii) Directive 2002/58/EC concerning the processing of Personal Data and the protection of privacy in the electronic communications sector and applicable national implementations of it (in each case, as may be amended, superseded or replaced).
“Personal Data” means any Customer Data relating to an identified or identifiable natural person to the extent that such information is protected as personal data under applicable Data Protection Law
“Privacy Shield” means the EU-US and Swiss-US Privacy Shield Frameworks, as administered by the U.S. Department of Commerce.
“Privacy Shield Principles” means the Privacy Shield Framework Principles (as supplemented by the Supplemental Principles) contained in Annex II to the European Commission Decision of 12 July 2016 pursuant to the Directive, details of which can be found at www.privacyshield.gov/eu-us-framework.
“Processor” means an entity that processes Personal Data on behalf of the Controller.
“Processing” has the meaning given to it in the GDPR and “process”, “processes” and “processed” shall be interpreted accordingly.
“Security Incident” means any unauthorized or unlawful breach of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to Personal Data.
“Services” means any product or service provided by Lean Station to Customer pursuant to and as more particularly described in the Agreement.
“Sub-processor” means any Processor engaged by Lean Station or its Affiliates to assist in fulfilling its obligations with respect to providing the Services pursuant to the Agreement or this DPA. Sub-processors may include third parties or any Lean Station Affiliate.
2. Scope and Applicability of this DPA
2.1 This DPA applies where and only to the extent that Lean Station processes Personal Data on behalf of the Customer in the course of providing the Services and such Personal Data is subject to Data Protection Laws of Singapore, the European Union, the European Economic Area and/or their member states, Switzerland and/or the United Kingdom. The parties agree to comply with the terms and conditions in this DPA in connection with such Personal Data.
2.2 Role of the Parties. As between Lean Station and Customer, Customer is the Controller of Personal Data and Lean Station shall process Personal Data only as a Processor on behalf of Customer. Nothing in the Agreement or this DPA shall prevent Lean Station from using or sharing any data that Lean Station would otherwise collect and process independently of Customer's use of the Services
2.3 Customer Obligations. Customer agrees that (i) it shall comply with its obligations as a Controller under Data Protection Laws in respect of its processing of Personal Data and any processing instructions it issues to Lean Station; and (ii) it has provided notice and obtained (or shall obtain) all consents and rights necessary under Data Protection Laws for Lean Station to process Personal Data and provide the Services pursuant to the Agreement and this DPA.
2.4 Lean Station Processing of Personal Data. As a Processor, Lean Station shall process Personal Data only for the following purposes: (i) processing to perform the Services in accordance with the Agreement; (ii) processing to perform any steps necessary for the performance of the Agreement; and (iii) to comply with other reasonable instructions provided by Customer to the extent they are consistent with the terms of this Agreement and only in accordance with Customer’s documented lawful instructions. The parties agree that this DPA and the Agreement set out the Customer’s complete and final instructions to Lean Station in relation to the processing of Personal Data and processing outside the scope of these instructions (if any) shall require prior written agreement between Customer and Lean Station.
2.5 Nature of the Data. Lean Station handles Customer Data provided by Customer. Such Customer Data may contain special categories of data depending on how the Services are used by Customer. The Customer Data may be subject to the following process activities: (i) storage and other processing necessary to provide, maintain and improve the Services provided to Customer; (ii) to provide customer and technical support to Customer; and (iii) disclosures as required by law or otherwise set forth in the Agreement.
2.6 Lean Station Data. Notwithstanding anything to the contrary in the Agreement (including this DPA), Customer acknowledges that Lean Station shall have a right to use and disclose data relating to and/or obtained in connection with the operation, support and/or use of the Services for its legitimate business purposes, such as billing, account management, technical support, product development and sales and marketing. To the extent any such data is considered personal data under Data Protection Laws, Lean Station is the Controller of such data and accordingly shall process such data in compliance with Data Protection Laws.
3.1 Authorized Sub-processors. Customer agrees that Lean Station may engage Sub-processors to process Personal Data on Customer's behalf. The Sub-processors currently engaged by Lean Station and authorized by Customer are listed in Annex A.
3.2 Sub-processor Obligations. Lean Station shall: (i) enter into a written agreement with the Sub-processor imposing data protection terms that require the Sub-processor to protect the Personal Data to the standard required by Data Protection Laws; and (ii) remain responsible for its compliance with the obligations of this DPA and for any acts or omissions of the Sub-processor that cause Lean Station to breach any of its obligations under this DPA.
3.3 Changes to Sub-processors. Lean Station shall provide Customer reasonable advance notice (for which email shall suffice) if it adds or removes Sub-processors.
3.4 Lean Station engages Cloudalio Technologies Pvt Ltd, India d.b.a, Lean Station India to as a sub-processor.
3.5 Objection to Sub-processors. Customer may object in writing to Lean Station’s appointment of a new Sub-processor on reasonable grounds relating to data protection by notifying Lean Station promptly in writing within five (5) calendar days of receipt of Lean Station’s notice in accordance with Section 3.3. Such notice shall explain the reasonable grounds for the objection. In such event, the parties shall discuss such concerns in good faith with a view to achieving commercially reasonable resolution. If this is not possible, either party may terminate the applicable Services that cannot be provided by Lean Station without the use of the objected-to-new Sub-processor.
4.1 Security Measures. Lean Station shall implement and maintain appropriate technical and organizational security measures to protect Personal Data from Security Incidents and to preserve the security and confidentiality of the Personal Data, in accordance with Lean Station's security standards.
4.2 Confidentiality of Processing. Lean Station shall ensure that any person who is authorized by Lean Station to process Personal Data (including its staff, agents and subcontractors) shall be under an appropriate obligation of confidentiality (whether a contractual or statutory duty).
4.3 Security Incident Response. Upon becoming aware of a Security Incident, Lean Station shall notify Customer without undue delay and shall provide timely information relating to the Security Incident as it becomes known or as is reasonably requested by Customer.
4.4 Updates to Security Measures. Customer acknowledges that the Security Measures are subject to technical progress and development and that Lean Station may update or modify the Security Measures from time to time provided that such updates and modifications do not result in the degradation of the overall security of the Services purchased by the Customer.
5. Security Reports and Audits
5.1 Lean Station shall maintain records of its security standards. Upon Customer's written request, Lean Station shall provide (on a confidential basis) copies of relevant external ISMS certifications (if available), internal audit report summaries and/or other documentation reasonably required by Customer to verify Lean Station's compliance with this DPA (on a Confidential basis). Lean Station shall further provide written responses (on a confidential basis) to all reasonable requests for information made by Customer, including responses to information security and audit questionnaires, that Customer (acting reasonably) considers necessary to confirm Lean Station's compliance with this DPA, provided that Customer shall not exercise this right more than once per year.
6. International Transfers
Available upon request (confidential information)
7. Return or Deletion of Data
7.1 Upon deactivation of the Services, all Personal Data shall be deleted, save that this requirement shall not apply to the extent Lean Station is required by applicable law to retain some or all of the Personal Data, or to Personal Data it has archived on back-up systems, which such Personal Data Lean Station shall securely isolate and protect from any further processing, except to the extent required by applicable law.
8.1 To the extent that Customer is unable to independently access the relevant Personal Data within the Services, Lean Station shall (at Customer's expense) taking into account the nature of the processing, provide reasonable cooperation to assist Customer by appropriate technical and organizational measures, in so far as is possible, to respond to any requests from individuals or applicable data protection authorities relating to the processing of Personal Data under the Agreement. In the event that any such request is made directly to Lean Station, Lean Station shall not respond to such communication directly without Customer's prior authorization, unless legally compelled to do so. If Lean Station is required to respond to such a request, Lean Station shall promptly notify Customer and provide it with a copy of the request unless legally prohibited from doing so.
8.2 To the extent Lean Station is required under Data Protection Law, Lean Station shall (at Customer's expense) provide reasonably requested information regarding Lean Station's processing of Personal Data under the Agreement to enable the Customer to carry out data protection impact assessments or prior consultations with data protection authorities as required by law.
9.1 Except for the changes made by this DPA, the Agreement remains unchanged and in full force and effect. If there is any conflict between this DPA and the Agreement, this DPA shall prevail to the extent of that conflict.
9.2 This DPA is a part of and incorporated into the Agreement so references to "Agreement" in the Agreement shall include this DPA.
9.3 In no event shall any party limit its liability with respect to any individual's data protection rights under this DPA or otherwise.
9.4 This DPA shall be governed by and construed in accordance with governing law and jurisdiction provisions in the Agreement, unless required otherwise by Data Protection Laws.