Legal

TERMS AND AGREEMENT

Thanks for using Lean PlanDo. This policy explains the term and agreements for using Lean PlanDo.

THE BASICS

1. Definitions

We’ll start by getting a few definitions out of the way that should help you understand this policy. When we say "we," "us," and "Lean PlanDo” and ”Lean Station” and application provider and service provider we’re referring to Lean Station Pte Ltd, d/b/a Lean PlanDo , a Singapore private limited company. When we say “you” or “Member,” we’re referring to the person or entity that’s registered with us to use the Services.

We provide online platforms and mobile apps for Google Android and Apple devices that you may use lean construction methodologies to create, plan, and manage construction activities (the “Services”). We offer the Services on our websites

http://www.leanstation.com

http://www.leanplando.com

http://www.theplando.com

http://www.leanvplando.com

(each a “Website” and together the “Websites”) and through our mobile apps for Google Android and Apple IOS devices. In the course of providing the Services, we may collect Personal Information, which means information about a Member. A "collaboration list" is a list of email addresses that one of our Members has added, or intends to invite to in a project, and all information relating to those email addresses.

2. Changes

If there are any changes to this Privacy Policy, we’ll post them on the Website and send them to the last email address you gave us. Any changes will be effective as of the date we post on the Website or send the email (or whichever date is later). You may object to any changes within 10 days after they’re posted on our Website or delivered to you, in which case none of the proposed changes will be effective with respect to information that we’ve already collected from you, but will apply only to information we collect in the future. We won't treat information of any open account differently from any other open account. If you object to changes in our Privacy Policy, we’ll have to terminate your account. That said, if we ever changed our Privacy Policy to expand our rights to use or disclose Personal Information for marketing purposes, you‘d be able to opt out without termination.

3. Effective date

This Privacy Policy is effective with respect to any data that we’ve collected, or collect, about and/or from you, according to our Terms of Use from the effective date of joining subject to your agreement of the terms of use.

4. Questions

If you have any questions or comments, or if you want to update, delete, or change any Personal Information you’ve submitted on the Website, please write to support@leanstation.com to get in touch.

Terms & conditions

The “services” are licensed, not sold, to the member for use only under the terms of this license, unless a Product is accompanied by a separate license agreement, in which case the terms of that separate license agreement will govern, subject to Your prior acceptance of that separate license agreement. The licensor (“Application Provider”) reserves all rights not expressly granted to the member. The Product that is subject to this license is referred to in this license as the “Licensed Application.”

a. Scope of license: This license granted to the member for the Licensed Application by Application Provider is limited to a non-transferable license to use the Licensed Application on any device that the member own or control. This license does not allow the member to use the Licensed Application on any device that the member do not own or control, and the member may not distribute, share or make the link to Licensed Application available over a network where it could be used by unintended parties without the consent of the Application Provider. the member may not rent, lease, lend, sell, redistribute or sublicense the Licensed Application. the member may not copy (except as expressly permitted by this license and the Usage Rules), decompile, reverse engineer, disassemble, attempt to derive the source code of, modify, or create derivative works of the Licensed Application, any updates, or any part thereof (except as and only to the extent any foregoing restriction is prohibited by applicable law or to the extent as may be permitted by the licensing terms governing use of any open sourced components included with the Licensed Application). Any attempt to do so is a violation of the rights of the Application Provider and its licensors. If the member breach this restriction, the member may be subject to prosecution and damages. The terms of the license will govern any upgrades provided by Application Provider that replace and/or supplement the original Product, unless such upgrade is accompanied by a separate license in which case the terms of that license will govern.

b. Consent to use of data: the member agree that Application Provider may collect and use technical data and related information, including but not limited to technical information about Your device, system and application software, and peripherals, that is gathered periodically to facilitate the provision of software updates, product support and other services to the member (if any) related to the Licensed Application. Application Provider may use this information, as long as it is in a form that does not personally identify the member, to improve its products or to provide services or technologies to the member.

c. Termination. The license is effective until terminated by the member or Services Provider. Your rights under this license will terminate automatically without notice from the Application Provider if the member fail to comply with any term(s) of this license. Upon termination of the license, the member shall cease all use of the Licensed Application, and destroy all copies, full or partial, of the Licensed Application.

d. Services: Third Party Materials. The Licensed Application may enable access to Application Provider’s and third party services and websites (collectively and individually, "Services"). Use of the Services may require Internet access and that the member accept additional terms of service.The member agree to use the Services at their sole risk and that the service provider shall not have any liability to the member for content that may be found to be offensive, indecent, or objectionable.

e. Subject to the terms hereof, Company will provide Customer with reasonable technical support services in accordance with the terms set forth. For a paying customer technical support is extended via online medium and phone medium only. Direct on-site customer support is not applicable unless it has been agreed mutually between us and the user.

f. NO WARRANTY: LEAN STATION DOES NOT GUARANTEE THAT THE PROGRAMS WILL PERFORM ERROR-FREE OR UNINTERRUPTED OR THAT LEAN STATION WILL CORRECT ALL PROGRAM ERRORS. TO THE EXTENT PERMITTED BY LAW, THESE WARRANTIES ARE EXCLUSIVE AND THERE ARE NO OTHER EXPRESS OR IMPLIED WARRANTIES OR CONDITIONS, INCLUDING WARRANTIES OR CONDITIONS OF MERCHANTABILITY, SATISFACTORY QUALITY AND FITNESS FOR A PARTICULAR PURPOSE. THE MEMBER EXPRESSLY ACKNOWLEDGE AND AGREE THAT USE OF THE LICENSED APPLICATION IS AT YOUR SOLE RISK AND THAT THE ENTIRE RISK AS TO SATISFACTORY QUALITY, PERFORMANCE, ACCURACY AND EFFORT IS WITH THE MEMBER. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED APPLICATION AND ANY SERVICES PERFORMED OR PROVIDED BY THE LICENSED APPLICATION ("SERVICES") ARE PROVIDED "AS IS" AND “AS AVAILABLE”, WITH ALL FAULTS AND WITHOUT WARRANTY OF ANY KIND, AND APPLICATION PROVIDER HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS WITH RESPECT TO THE LICENSED APPLICATION AND ANY SERVICES, EITHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES AND/OR CONDITIONS OF MERCHANTABILITY, OF SATISFACTORY QUALITY, OF FITNESS FOR A PARTICULAR PURPOSE, OF ACCURACY, OF QUIET ENJOYMENT, AND NON-INFRINGEMENT OF THIRD PARTY RIGHTS. APPLICATION PROVIDER DOES NOT WARRANT AGAINST INTERFERENCE WITH YOUR ENJOYMENT OF THE LICENSED APPLICATION, THAT THE FUNCTIONS CONTAINED IN, OR SERVICES PERFORMED OR PROVIDED BY, THE LICENSED APPLICATION WILL MEET YOUR REQUIREMENTS, THAT THE OPERATION OF THE LICENSED APPLICATION OR SERVICES WILL BE UNINTERRUPTED OR ERROR-FREE, OR THAT DEFECTS IN THE LICENSED APPLICATION OR SERVICES WILL BE CORRECTED. NO ORAL OR WRITTEN INFORMATION OR ADVICE GIVEN BY APPLICATION PROVIDER OR ITS AUTHORIZED REPRESENTATIVE SHALL CREATE A WARRANTY. SHOULD THE LICENSED APPLICATION OR SERVICES PROVE DEFECTIVE, THE MEMBER ASSUME THE ENTIRE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES OR LIMITATIONS ON APPLICABLE STATUTORY RIGHTS OF A CONSUMER, SO THE ABOVE EXCLUSION AND LIMITATIONS MAY NOT APPLY TO THE MEMBER.

g. Limitation of liability. TO THE EXTENT NOT PROHIBITED BY LAW, IN NO EVENT SHALL APPLICATION MANUFACTURER, PROVIDER OR DISTRIBUTOR BE LIABLE FOR PERSONAL INJURY, OR ANY INCIDENTAL, SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES WHATSOEVER, INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, LOSS OF DATA, BUSINESS INTERRUPTION OR ANY OTHER COMMERCIAL DAMAGES OR LOSSES, or ATTORNEY’S FEES. ARISING OUT OF OR RELATED TO YOUR USE OR INABILITY TO USE THE LICENSED APPLICATION, HOWEVER CAUSED, REGARDLESS OF THE THEORY OF LIABILITY (CONTRACT, TORT OR OTHERWISE) AND EVEN IF APPLICATION PROVIDER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME JURISDICTIONS DO NOT ALLOW THE LIMITATION OF LIABILITY FOR PERSONAL INJURY, OR OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THIS LIMITATION MAY NOT APPLY TO THE MEMBER. IN NO EVENT SHALL APPLICATION PROVIDER’S TOTAL LIABILITY TO THE MEMBER FOR ALL DAMAGES EXCEED THE AMOUNT OF ONE DOLLAR ($1.00). THE FOREGOING LIMITATIONS WILL APPLY EVEN IF THE ABOVE STATED REMEDY FAILS OF ITS ESSENTIAL PURPOSE.

h. Customer may not remove or export from Singapore or allow the export or re-export of the Services, Software or anything related thereto, or any direct product thereof in violation of any restrictions, laws or regulations of any governing authority.

i. The laws of the Singapore, excluding its conflicts of law rules, govern this license and your use of the Licensed Application. Your use of the Licensed Application may also be subject to other local, state, national, or international laws.

CONFIDENTIALITY; PROPRIETARY RIGHTS

Each party (the “Receiving Party”) understands that the other party (the “Disclosing Party”) has disclosed or may disclose business, technical or financial information relating to the Disclosing Party’s business (hereinafter referred to as “Proprietary Information” of the Disclosing Party). Proprietary Information of Company includes non-public information regarding features, functionality and performance of the Service. Proprietary Information of Customer includes non-public data provided by Customer to Company to enable the provision of the Services (“Customer Data”). The Receiving Party agrees:

a.to take reasonable precautions to protect such Proprietary Information, and

b.not to use (except in performance of the Services or as otherwise permitted herein) or

c.divulge to any third person any such Proprietary Information.

The Disclosing Party agrees that the foregoing shall not apply with respect to any information after five (5) years following the disclosure thereof or any information that the Receiving Party can document

a.is or becomes generally available to the public, or

b.was in its possession or known by it prior to receipt from the Disclosing Party, or

c.was rightfully disclosed to it without restriction by a third party, or

d.was independently developed without use of any Proprietary Information of the Disclosing Party

e.is required to be disclosed by law.

Customer shall own all right, title and interest in and to the Customer Data, as well as any data that is based on or derived from the Customer Data and provided to Customer as part of the Services. Company shall own and retain all right, title and interest in and to

a.the Services and Software, all improvements, enhancements or modifications thereto,

b.any software, applications, inventions or other technology developed in connection with Implementation Services or support, and

c.all intellectual property rights related to any of the foregoing.

Notwithstanding anything to the contrary, Company shall have the right collect and analyse data and other information relating to the provision, use and performance of various aspects of the Services and related systems and technologies (including, without limitation, information concerning Customer Data and data derived therefrom), and Company will be free (during and after the term hereof) to

a.use such information and data to improve and enhance the Services and for other development, diagnostic and corrective purposes in connection with the Services and other Company offerings, and

b.disclose such data solely in aggregate or other de-identified form in connection with its business.

No rights or licenses are granted except as expressly set forth herein.

MISCELLANEOUS

If any provision of this Agreement is found to be unenforceable or invalid, that provision will be limited or eliminated to the minimum extent necessary so that this Agreement will otherwise remain in full force and effect and enforceable. This Agreement is not assignable, transferable or sub licensable by Customer except with Company’s prior written consent. Company may transfer and assign any of its rights and obligations under this Agreement without consent. This Agreement is the complete and exclusive statement of the mutual understanding of the parties and supersedes and cancels all previous written and oral agreements, communications and other understandings relating to the subject matter of this Agreement, and that all waivers and modifications must be in a writing signed by both parties, except as otherwise provided herein. No agency, partnership, joint venture, or employment is created as a result of this Agreement and Customer does not have any authority of any kind to bind Company in any respect whatsoever. In any action or proceeding to enforce rights under this Agreement, the prevailing party will be entitled to recover costs and attorneys’ fees. All notices under this Agreement will be in writing and will be deemed to have been duly given when received, if personally delivered; when receipt is electronically confirmed, if transmitted by facsimile or e-mail; the day after it is sent, if sent for next day delivery by recognised overnight delivery service; and upon receipt, if sent by certified or registered mail, return receipt requested. This Agreement shall be governed by the laws of Singapore without regard to its conflict of laws provisions.

Updated January 04, 2016

Legal

PRIVACY POLICY

Thanks for using Lean PlanDo. This policy explains the what, how, and why of the information we collect when you use Lean PlanDo. It also explains the specific ways we use and disclose that information. We never sell lists or email addresses.

THE BASICS

1. Definitions

We’ll start by getting a few definitions out of the way that should help you understand this policy. When we say "we," "us," and "Lean PlanDo” and ”Lean Station” we’re referring to Lean Station Pte Ltd, d/b/a Lean PlanDo , a Singapore private limited company. When we say “you” or “Member,” we’re referring to the person or entity that’s registered with us to use the Services.

We provide online platforms and mobile apps for Google Android and Apple devices that you may use lean construction methodologies to create, plan, and manage construction activities (the “Services”). We offer the Services on our websites

http://www.leanstation.com

http://www.leanplando.com

http://www.theplando.com

http://www.leanvplando.com

(each a “Website” and together the “Websites”) and through our mobile apps for Google Android and Apple IOS devices. In the course of providing the Services, we may collect Personal Information, which means information about a Member. A "collaboration list" is a list of email addresses that one of our Members has added, or intends to invite to in a project, and all information relating to those email addresses

2. Changes

If there are any changes to this Privacy Policy, we’ll post them on the Website and send them to the last email address you gave us. Any changes will be effective as of the date we post on the Website or send the email (or whichever date is later). You may object to any changes within 10 days after they’re posted on our Website or delivered to you, in which case none of the proposed changes will be effective with respect to information that we’ve already collected from you, but will apply only to information we collect in the future. We won't treat information of any open account differently from any other open account. If you object to changes in our Privacy Policy, we’ll have to terminate your account. That said, if we ever changed our Privacy Policy to expand our rights to use or disclose Personal Information for marketing purposes, you‘d be able to opt out without termination.

3. Effective date

This Privacy Policy is effective with respect to any data that we’ve collected, or collect, about and/or from you, according to our Terms of Use.

4. Questions

If you have any questions or comments, or if you want to update, delete, or change any Personal Information you’ve submitted on the Website, please write to support@leanstation.com to get in touch.

Your Information

5. Information we collect

1.Information you provide to us: When you register to use the Services, communicate with our customer service team, send us an email, or post on our blog, you’re giving us information that we collect. That information may include your IP address, name, physical address, email address, phone number, credit card information, and other details like gender, occupation, and other demographic information. By giving us this information, you consent to your information being collected, used, disclosed, and stored by us, only as described in our Terms of Use and Privacy Policy.

2.List and email information: When you add a collaborator to the project or create an email with the Services, we have access to the data on your list and the information in your email.

3.Information from your use of the service: We may get information about how and when you use the Services. This information may include your IP address, time, date, browser used, and actions taken by you within the application.

4.Cookies: When you register to use Lean PlanDo, we store "cookies," which are strings of code, on your computer. We use those cookies to collect information about when you visit our Website, when you use the Services, your browser type and version, your operating system, and other similar information. You may turn off cookies that have been placed on your computer by following the instructions on your browser, but if you block our cookies, it may be more difficult (and maybe even impossible) to use the Services.

5.Construction related information: All data that are added to the websites are captured including the names of the activities, the type of activities, the duration, constraints, site photos, drawings, layouts, permits, images, videos etc. When the member or any invited collaborator updates this information again real-time data is captured through information such as task progress or variance etc. These are all considered as personal data to the member and all this data is captured and stored securely.

6.Information from other sources: We may get more information about you, like name, age, and participation in social media websites, by searching the internet or querying third parties (we’ll refer to that information as Supplemental Member Information). We only collect data that’s publicly available or provided by a third party according to its terms of use.

6. Use and disclosure of your personal data

We use the data we collect from all of our services to provide, maintain, protect and improve them, to develop new ones, and to protect Lean Station, it’s products and our users. We also use this information to offer you tailored personalized information. Our automated systems analyze your data to provide you personally relevant product features, such as customized insights, analysis, and notifications. We use and disclose your personal data only as follows:

1.To promote use of our services. For example, if you leave your Personal Information when you visit our Website and don’t sign up for any of the Services, we may send you an email asking whether you want to sign up. And if you use any of our Services, and we think you might benefit from using another Service we offer, we may send you an email telling you about it.

2.For R&D of our products and services. For example our automated systems will analyze your data provided when you use our products and services to improve them, develop new, secure, maintain and provide stable operations consistently.

3.To bill and collect money owed to us. This includes sending you emails, invoices, receipts, notices of delinquency, and alerting you if we need a different credit card number. We use third parties for secure credit card transaction processing, and we send billing information to those third parties to process your orders and credit card payments. To learn more about the steps we take to safeguard that data, see Section 7 below.

4.To send you system alert messages. For example, we may let you know about temporary or permanent changes to our Services, like planned outages, new features, version updates, releases, abuse warnings, and changes to our Privacy Policy.

5.To enforce compliance with our terms of use and applicable law. This may include developing tools and algorithms that help us prevent violations.

6.To provide customer support. This may include providing project level support from a representative from the company who can access your project data upon your approval.

7.To protect the rights and safety of our members and third parties, as well as our own.

8.To meet legal requirements like complying with court orders and valid subpoenas.

9.To provide information to representatives and advisors, like attorneys and accountants, to help us comply with legal, accounting, or security requirements.

10.To prosecute and defend a court, arbitration, or similar proceeding.

11.To support and improve the services we offer.

12.To communicate with you about your account for informational, not promotional, reasons.

13.To transfer your information in the case of a sale, merger, consolidation, or acquisition. In that event, any acquirer will be subject to our obligations under this Privacy Policy, including your rights to access and choice. We will notify you of the change either by sending you an email or posting a notice on our Web site.

14.To send you informational and promotional content that you may choose (or "opt in") to receive. You can stop receiving our promotional emails by following the unsubscribe instructions included in every email.

Lean Station only discloses your personal data in limited circumstances

LS will only disclose the personal data you have provided to us to entities outside the Lean Station group of companies if it is necessary and appropriate to facilitate the purpose for which your personal information was collected pursuant to this Policy, including the provision of the Service.

We will ask for your consent before using information for a purpose other than those that are set out in this Privacy Policy.

Subpoenas

Occasionally, we have to disclose information about our customers to meet legal requirements. Third-party disputes are a common example: If two parties have a dispute, and one of them used Lean PlanDo in a way that’s relevant to the dispute, then we might get a request for user data. Whether we say “no way” or comply depends on the subpoena.

Unsubscribe links

It’s the law! Unsubscribe links are required by the CAN-SPAM act. Plus, making it easy for people to opt out is the nice thing to do.

7. Public information and third parties

1.Blog. We have public blogs on our Websites. Any information you include in a comment on our blog may be read, collected, and used by anyone. If your Personal Information appears on our blogs and you’d like it to be removed, contact us at support@leanstation.com. If we’re not able to remove your information, we’ll let you know why.

2.Social media widgets. Our Websites include social media features, like the Facebook Like button. These features may collect information about your IP address and which page you’re visiting on our site, and they may set a cookie to make sure the feature functions properly. Social media features and widgets are either hosted by a third party or hosted directly on our site. Your interactions with those features are governed by the privacy policies of the companies that provide them.

3.Links to third-party sites. Our Websites include links to other websites, whose privacy practices may be different from Lean PlanDo’s. If you submit Personal Information to any of those sites, your information is governed by their privacy policies. We encourage you to carefully read the privacy policy of any Website you visit.

4.Service providers. If it is necessary to provide you a service you've requested, like send you a T-shirt or enable a feature like Social Profiles, then we may provide your personal information to a service provider. We will restrict any service provider's use of your personal information. We will tell you whenever reasonably possible and you may request at any time the name of our service providers.

SECURITY

8. Notice of breach of security

Nobody’s safe from hackers. If a security breach causes an unauthorized intrusion into our system that materially affects you or people on your collaboration Lists, then Lean Station will notify you as soon as possible and later report the action we took in response.

9. Safeguarding your information

We do not capture any credit card information at this point and the site uses no SSL certification at this moment. When we begin processing credit card information, to protect your information, our credit card processing vendor will use the latest 128/256-bit Secure Socket Layer (SSL) technology for secure transactions. Our vendor is certified as compliant with card association security initiatives, like the Visa Cardholder Information Security and Compliance (CISP), MasterCard® (SDP), and Discovery Information Security and Compliance (DISC).

Lean PlanDo accounts require a username and password to log in. You must keep your username and password secure, and never disclose it to a third party. Because the information in your Collaboration Lists is so sensitive, account passwords are encrypted, which means we can’t see your passwords. We can’t resend forgotten passwords either. We’ll only reset them.

COMPLIANCE

10. Personal data protection notice

Lean PlanDo complies with the Singapore’s Personal Data Protection Act (pdpa) which is overseen by the Government of Singapore,. We certify that we follow the principles of notice, choice, onward transfer, security, data integrity, access, and enforcement.

This Personal Data Protection Policy notice for personal data (“Notice”) is issued to all our valued customers and guests of Lean Station Pte Ltd (“[LEAN STATION]”, “[LS]”, “us”, “we”, “our” or “ours”), pursuant to the statutory requirements of the Personal Data Protection Act 2012 (“PDPA”).

We at LS take our responsibilities under Singapore’s PDPA seriously. We also recognize the importance of the personal data you have entrusted to us and believe that it is our responsibility to properly manage, protect and process your personal data.

During your course of dealing with us, we may have, and / or will collect, use, disclose and process your personal data for purposes, including, to communicate with you, provide products and/or services to you, respond to your enquiries or complaints, provide you with information and/or updates on products, services and/or promotions offered by LS and selected third parties and other purposes required to operate and maintain our business as set out in our Personal Data Protection Policy (collectively referred to as “Purposes”).

In order to conduct our business operations more smoothly, we may also be disclosing the personal data you have provided to us to our third party service providers, agents and/or our affiliates or related corporations, and/or other third parties whether sited in Singapore or outside of Singapore, for one or more of the above-stated Purposes. Such third party service providers, agents and/or affiliates or related corporations and/or other third parties would be processing your personal data either on our behalf or otherwise, for one or more of the above-stated Purposes.

11. Safe harbor certification

We certify that we follow the principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. In light of a recent European Court of Justice ruling users may request an updated data processing agreement which incorporates the Standard Contractual Clauses here.

12. Accuracy of data, transparency, and choice

We do our best to keep your data accurate and up to date, to the extent that you provide us with the information we need to do that. If your data changes (like a new email address), then you’re responsible for notifying us of those changes.

We only store data about you for as long as it’s reasonably required to fulfill the purposes that gave us the right to access it in the first place. We keep some data indefinitely, relating to when and where emails were sent, which bounced, which resulted in a complaint, and similar information, because we use it to help us screen out people who violate SPAM laws, and for other reasons explained in this policy.

We’ll give you access to any Personal Information about you that we hold within 30 days of any request for that information you make by contacting the Data Protection Officer on support@leanstation.com. Unless it’s prohibited by law, we’ll remove any Personal Information about you from our servers at your request.

Updated January 04, 2016

DATA PROCESSING AGREEMENT

Overview

Passed in 2016, the new General Data Protection Regulation(GDPR) is the most significant legislative change in European data protection laws since the EU Data Protection Directive (Directive 95/46/EC), introduced in 1995. The GDPR, which becomes enforceable on May 25, 2018, seeks to strengthen the security and protection of personal data in the EU and serve as a single piece of legislation for all of the EU. It will replace the EU Data Protection Directive and all the local laws relating to it.

We support the GDPR and will ensure all Lean Station services comply with its provisions by May 25, 2018. Not only is the GDPR an important step in protecting the fundamental right of privacy for European citizens, it also raises the bar for data protection, security and compliance in the industry.

Customer GDPR Data Processing Agreement

This Customer Data Processing Agreement reflects the requirements of the European Data Protection Regulation (“GDPR”) as it comes into effect on May 25, 2018. Lean Station´s products and services offered in the European Union are GDPR ready and this DPA provides you with the necessary documentation of this readiness.

This Data Processing Agreement (“DPA”) is an addendum to the Customer Terms of Service (“Agreement”) between Lean Station, Pte Ltd (“Lean Station”) and the Customer. All capitalized terms not defined in this DPA shall have the meanings set forth in the Agreement. Customer enters into this DPA on behalf of itself and, to the extent required under Data Protection Laws, in the name and on behalf of its Authorized Affiliates (defined below).

The parties agree as follows:

1. Definitions

“Affiliate” means an entity that directly or indirectly Controls, is Controlled by or is under common Control with an entity.

“Authorized Affiliate” means any of Customer Affiliate(s) permitted to or otherwise receiving the benefit of the Services pursuant to the Agreement.

“Control” means an ownership, voting or similar interest representing fifty percent (50%) or more of the total interests then outstanding of the entity in question. The term “Controlled” shall be construed accordingly.

“Controller” means an entity that determines the purposes and means of the processing of Personal Data.

“Customer Data” means any data that Lean Station and/or its Affiliates processes on behalf of Customer in the course of providing the Services under the Agreement.

“Data Protection Laws” means all data protection and privacy laws and regulations applicable to the processing of Personal Data under the Agreement, including, where applicable, EU Data Protection Law

“EU Data Protection Law” means (i) prior to May 25, 2018, Directive 95/46/EC of the European Parliament and of the Council on the protection of individuals with regard to the processing of Personal Data and on the free movement of such data (“Directive”) and on and after May 25, 2018, Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data (General Data Protection Regulation) (“GDPR”); and (ii) Directive 2002/58/EC concerning the processing of Personal Data and the protection of privacy in the electronic communications sector and applicable national implementations of it (in each case, as may be amended, superseded or replaced).

“Personal Data” means any Customer Data relating to an identified or identifiable natural person to the extent that such information is protected as personal data under applicable Data Protection Law

“Privacy Shield” means the EU-US and Swiss-US Privacy Shield Frameworks, as administered by the U.S. Department of Commerce.


“Privacy Shield Principles” means the Privacy Shield Framework Principles (as supplemented by the Supplemental Principles) contained in Annex II to the European Commission Decision of 12 July 2016 pursuant to the Directive, details of which can be found at www.privacyshield.gov/eu-us-framework.

“Processor” means an entity that processes Personal Data on behalf of the Controller.

“Processing” has the meaning given to it in the GDPR and “process”, “processes” and “processed” shall be interpreted accordingly.

“Security Incident” means any unauthorized or unlawful breach of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to Personal Data.

“Services” means any product or service provided by Lean Station to Customer pursuant to and as more particularly described in the Agreement.

“Sub-processor” means any Processor engaged by Lean Station or its Affiliates to assist in fulfilling its obligations with respect to providing the Services pursuant to the Agreement or this DPA. Sub-processors may include third parties or any Lean Station Affiliate.

2. Scope and Applicability of this DPA

2.1 This DPA applies where and only to the extent that Lean Station processes Personal Data on behalf of the Customer in the course of providing the Services and such Personal Data is subject to Data Protection Laws of the European Union, the European Economic Area and/or their member states, Switzerland and/or the United Kingdom. The parties agree to comply with the terms and conditions in this DPA in connection with such Personal Data.

2.2 Role of the Parties. As between Lean Station and Customer, Customer is the Controller of Personal Data and Lean Station shall process Personal Data only as a Processor on behalf of Customer. Nothing in the Agreement or this DPA shall prevent Lean Station from using or sharing any data that Lean Station would otherwise collect and process independently of Customer's use of the Services

2.3 Customer Obligations. Customer agrees that (i) it shall comply with its obligations as a Controller under Data Protection Laws in respect of its processing of Personal Data and any processing instructions it issues to Lean Station; and (ii) it has provided notice and obtained (or shall obtain) all consents and rights necessary under Data Protection Laws for Lean Station to process Personal Data and provide the Services pursuant to the Agreement and this DPA.

2.4 Lean Station Processing of Personal Data. As a Processor, Lean Station shall process Personal Data only for the following purposes: (i) processing to perform the Services in accordance with the Agreement; (ii) processing to perform any steps necessary for the performance of the Agreement; and (iii) to comply with other reasonable instructions provided by Customer to the extent they are consistent with the terms of this Agreement and only in accordance with Customer’s documented lawful instructions. The parties agree that this DPA and the Agreement set out the Customer’s complete and final instructions to Lean Station in relation to the processing of Personal Data and processing outside the scope of these instructions (if any) shall require prior written agreement between Customer and Lean Station.

2.5 Nature of the Data. Lean Station handles Customer Data provided by Customer. Such Customer Data may contain special categories of data depending on how the Services are used by Customer. The Customer Data may be subject to the following process activities: (i) storage and other processing necessary to provide, maintain and improve the Services provided to Customer; (ii) to provide customer and technical support to Customer; and (iii) disclosures as required by law or otherwise set forth in the Agreement.

2.6 Lean Station Data. Notwithstanding anything to the contrary in the Agreement (including this DPA), Customer acknowledges that Lean Station shall have a right to use and disclose data relating to and/or obtained in connection with the operation, support and/or use of the Services for its legitimate business purposes, such as billing, account management, technical support, product development and sales and marketing. To the extent any such data is considered personal data under Data Protection Laws, Lean Station is the Controller of such data and accordingly shall process such data in compliance with Data Protection Laws.

3. Subprocessing

3.1 Authorized Sub-processors. Customer agrees that Lean Station may engage Sub-processors to process Personal Data on Customer's behalf. The Sub-processors currently engaged by Lean Station and authorized by Customer are listed in Annex A.

3.2 Sub-processor Obligations. Lean Station shall: (i) enter into a written agreement with the Sub-processor imposing data protection terms that require the Sub-processor to protect the Personal Data to the standard required by Data Protection Laws; and (ii) remain responsible for its compliance with the obligations of this DPA and for any acts or omissions of the Sub-processor that cause Lean Station to breach any of its obligations under this DPA.

3.3 Changes to Sub-processors. Lean Station shall provide Customer reasonable advance notice (for which email shall suffice) if it adds or removes Sub-processors.

3.4 Objection to Sub-processors. Customer may object in writing to Lean Station’s appointment of a new Sub-processor on reasonable grounds relating to data protection by notifying Lean Station promptly in writing within five (5) calendar days of receipt of Lean Station’s notice in accordance with Section 3.3. Such notice shall explain the reasonable grounds for the objection. In such event, the parties shall discuss such concerns in good faith with a view to achieving commercially reasonable resolution. If this is not possible, either party may terminate the applicable Services that cannot be provided by Lean Station without the use of the objected-to-new Sub-processor.

4. Security

4.1 Security Measures. Lean Station shall implement and maintain appropriate technical and organizational security measures to protect Personal Data from Security Incidents and to preserve the security and confidentiality of the Personal Data, in accordance with Lean Station's security standards.

4.2 Confidentiality of Processing. Lean Station shall ensure that any person who is authorized by Lean Station to process Personal Data (including its staff, agents and subcontractors) shall be under an appropriate obligation of confidentiality (whether a contractual or statutory duty).

4.3 Security Incident Response. Upon becoming aware of a Security Incident, Lean Station shall notify Customer without undue delay and shall provide timely information relating to the Security Incident as it becomes known or as is reasonably requested by Customer.

4.4 Updates to Security Measures. Customer acknowledges that the Security Measures are subject to technical progress and development and that Lean Station may update or modify the Security Measures from time to time provided that such updates and modifications do not result in the degradation of the overall security of the Services purchased by the Customer.

5. Security Reports and Audits

5.1 Lean Station shall maintain records of its security standards. Upon Customer's written request, Lean Station shall provide (on a confidential basis) copies of relevant external ISMS certifications (if available), internal audit report summaries and/or other documentation reasonably required by Customer to verify Lean Station's compliance with this DPA. Lean Station shall further provide written responses (on a confidential basis) to all reasonable requests for information made by Customer, including responses to information security and audit questionnaires, that Customer (acting reasonably) considers necessary to confirm Lean Station's compliance with this DPA, provided that Customer shall not exercise this right more than once per year.

6. International Transfers

Available upon request

7. Return or Deletion of Data

7.1 Upon deactivation of the Services, all Personal Data shall be deleted, save that this requirement shall not apply to the extent Lean Station is required by applicable law to retain some or all of the Personal Data, or to Personal Data it has archived on back-up systems, which such Personal Data Lean Station shall securely isolate and protect from any further processing, except to the extent required by applicable law.

8. Cooperation

8.1 To the extent that Customer is unable to independently access the relevant Personal Data within the Services, Lean Station shall (at Customer's expense) taking into account the nature of the processing, provide reasonable cooperation to assist Customer by appropriate technical and organizational measures, in so far as is possible, to respond to any requests from individuals or applicable data protection authorities relating to the processing of Personal Data under the Agreement. In the event that any such request is made directly to Lean Station, Lean Station shall not respond to such communication directly without Customer's prior authorization, unless legally compelled to do so. If Lean Station is required to respond to such a request, Lean Station shall promptly notify Customer and provide it with a copy of the request unless legally prohibited from doing so.

8.2 To the extent Lean Station is required under Data Protection Law, Lean Station shall (at Customer's expense) provide reasonably requested information regarding Lean Station's processing of Personal Data under the Agreement to enable the Customer to carry out data protection impact assessments or prior consultations with data protection authorities as required by law.

9. Miscellaneous

9.1 Except for the changes made by this DPA, the Agreement remains unchanged and in full force and effect. If there is any conflict between this DPA and the Agreement, this DPA shall prevail to the extent of that conflict.

9.2 This DPA is a part of and incorporated into the Agreement so references to "Agreement" in the Agreement shall include this DPA.

9.3 In no event shall any party limit its liability with respect to any individual's data protection rights under this DPA or otherwise.

9.4 This DPA shall be governed by and construed in accordance with governing law and jurisdiction provisions in the Agreement, unless required otherwise by Data Protection Laws.

Lean Station Pte Ltd Global compliance team Annex A - List of Lean Station Sub-processors Available upon request