fbpx
Log in
Get started

Data Processing Addendum

This tawk.to Data Processing Addendum (“DPA”) is between tawk.to Inc., a US corporation with registered offices at 187 East Warm Springs Rd, SB298, Las Vegas, Nevada, 89119, on behalf of itself and its UK affiliate tawk.to Ltd. (“tawk.to”) and the customer that is party to the Agreement, as defined below (“Customer” and, together with tawk.to, each a “Party” and collectively the “Parties”). This DPA prevails over any conflicting term of the Agreement to the extent necessary to resolve the conflict.

1. Definitions.

(a) “Agreement” means the written or electronic agreement between tawk.to and Customer that governs the provision of data to Customer, as the same may be updated from time to time.

(b) “Controller” means the natural or legal person that, alone or jointly with others, determines the purpose and means of processing Personal Data.

(c) “Data Protection Laws” means all applicable worldwide legislation relating to data protection and privacy which applies to the respective party in the role of the Processing Personal Data in question under the Agreement, including without limitation European Data Protection Laws and other applicable U.S. federal and state privacy laws, in each case as amended, repealed, consolidated or replaced from time to time.

(d) “Data Processor”, “Data Subject”,“Subprocessor”, and “Supervisory Authority” shall be interpreted in accordance with applicable Data Protection Laws;

(e) “Europe” means the European Union, the European Economic Area and/or their member states, Switzerland and the United Kingdom.

(f) “European Data” means Personal Data that is subject to the protection of European Data Protection Laws.

(g) “European Data Protection Laws” means Data Protection Laws applicable in Europe, including: (i) Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) (“GDPR”); (ii) Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector; and (iii) applicable national implementations of (i) and (ii); or (iv) GDPR as it forms parts of the United Kingdom domestic law by virtue of Section 3 of the European Union (Withdrawal) Act 2018 (“UK GDPR”); and (v) Swiss Federal Data Protection Act and its Ordinance (“Swiss DPA”); in each case, as may be amended, superseded or replaced.

(h) “Personal Data” as used in this DPA, means information relating to an identifiable or identified Data Subject who visits or engages in transactions through your store, which tawk.to Processes as a Data Processor in the course of providing you with the Services. Personal Data includes, for example, name, contact information, identification number, location data, online identifier, IP address, as defined in the Data Protection Laws.

(i) “Processing” means any operation or set of operations performed, whether by manual or automated means, on Personal Data or on sets of Personal Data, such as the collection, use, sale, storage, retention, disclosure, analysis, deletion, or modification of Personal Data and includes the actions of a Controller directing a Processor to process Personal Data. “Process” has a correlative meaning.

(j) “UK Addendum” means the International Data Transfer Addendum issued by the UK Information Commissioner under section 119A(1) of the Date Protection Act 2018 currently found at https://ico.org.uk/media/for-organisations/documents/4019539/international-data-transfer-addendum.pdf, as may be amended, superseded, or replaced.

2. Scope.

The purpose of this DPA is to ensure compliance with the Data Protection Laws and European Data Protection Laws, as laid out in this DPA and the Agreement. The purposes, methods, and duration of the Personal Data Processing; the categories of Personal Data Processed; retention periods; and protection measures are laid out in this DPA and its Annexes.
3. Roles.

(a) tawk.to is the Processor.

(b) Customer is the Controller.

(c) tawk.to will only Process Personal Data on behalf of Customer in accordance with this DPA and other written instructions of Customer and may not Process Personal Data for purposes or using methods other than those included in Customer’s written instructions, including this DPA.

(d) Customer instructs tawk.to to Process Personal Data as a Processor as outlined in this DPA and in compliance with Data Protection Laws.

4. Obligations of Customer.
Customer represents and warrants that it will comply with Data Protection Laws and only instruct tawk.to to Process Personal Data to the extent such Processing is lawful according to Data Protection Laws.
5. Obligations of tawk.to.

(a) Taking into account the nature of Processing and the information available to tawk.to, tawk.to will take reasonable measures to safeguard the security of the Personal Data it Processes as a Processor on behalf of Customer.

(b) Taking into account the nature of Processing and the information available to tawk.to, and insofar as reasonably practical, tawk.to will assist Customer in fulfilling Customer’s obligations under Data Protection Laws by appropriate technical and organizational measures.
tawk.to will notify Customer without undue delay after becoming aware of a Personal Data breach involving Personal Data Processed by tawk.to on behalf of Customer.

(c) tawk.to will not sell or share Personal Data except as instructed by Customer.

(d) tawk.to will not retain, use, or disclose Personal Data it processes on Customer’s behalf for any purpose other than those listed in Annex I to this DPA.

(f) tawk.to will not retain, use, or disclose Personal Data it processes on Customer’s behalf outside of the direct business relationship between tawk.to and Customer.

(g) tawk.to will not combine the Personal Data it processes on Customer’s behalf with Personal Data it receives from or on behalf of another person or persons, or collects from its own interaction with the Data Subject, provided that tawk.to may combine Personal Data as permitted by Data Protection Laws.

(h) In the event tawk.to determines that it can no longer meet its obligations under Data Protection Laws, tawk.to will notify Customer of such determination without undue delay.

6. Audit.
tawk.to will allow and contribute to any audits by the Supervisory Authority.
7. Data Retention.
Upon termination of the Agreement or this DPA, or if the Agreement or this DPA does not take effect, is void, or has been canceled, tawk.to, at Customer’s direction, will return the Personal Data it Processes on behalf of Customer to Customer or delete it, and may not retain such Personal Data, unless otherwise required by law.
8. Confidentiality.

(a) Strict Confidence. tawk.to will keep Personal Data, and all information relating to its Processing, in strict confidence. tawk.to will ensure that all personnel authorized to Process Personal Data are subject to a contractual or statutory obligation of confidentiality.

(b) Nondisclosure. tawk.to will not disclose Personal Data Processed on behalf of Customer to any third party without the consent of Customer, or as otherwise provided in this DPA.

9. Use of Subprocessors.

(a) Identified Subprocessors. Customer authorizes tawk.to to engage the Subprocessors listed in Annex II to this DPA to Process Personal Data on behalf of Customer.

(b) Additional Subprocessors. Customer further authorizes tawk.to to engage other Subprocessors to Process Personal Data on behalf of Customer after reasonably notifying Customer at least ten (10) days in advance of such engagements.

(c) Appointment Rights. Customer may object in writing to the engagement of a Subprocessor prior to the engagement of the Subprocessor. tawk.to will provide Customer with the information necessary to enable Customer to exercise its right to object.

(d) Subprocessors’ Obligations. If tawk.to engages a Subprocessor to Process Personal Data in accordance with this DPA, tawk.to must enter into a written agreement with the Subprocessor that imposes the same obligations on the Subprocessor as are imposed on tawk.to under this DPA.

10. Additional Provisions for European Data.
This Section 10 will apply only with respect to European Data.

(a) When Processing European Data in accordance with Customer’s instructions, Customer is acting as the Controller of European Data (either as the Controller, or as a Processor on behalf of another Controller) and tawk.to is the Processor under the Agreement.

(b) If tawk.to believes that Customer’s instructions infringe European Data Protection Laws (where applicable), tawk.to will inform Customer without delay.

(c) To the extent that the required information is reasonably available to tawk.to, and Customer does not otherwise have access to the required information, tawk.to will provide reasonable assistance to Customer with any data protection impact assessments, and prior consultations with supervisory authorities (for example, the French Data Protection Agency (CNIL), the Berlin Data Protection Authority (BlnBDI) and the UK Information Commissioner’s Office (ICO)) or other competent data privacy authorities to the extent required by European Data Protection Laws.

(d) Transfer Mechanisms for Data Transfers.

(i) tawk.to will not transfer European Data to any country or recipient not recognized as providing an adequate level of protection for Personal Data (within the meaning of applicable European Data Protection Laws), unless it first takes all such measures as are necessary to ensure the transfer is in compliance with applicable European Data Protection Laws. Such measures may include (without limitation) (i) transferring such data to a recipient that is covered by a suitable framework or other legally adequate transfer mechanism recognized by the relevant authorities or courts as providing an adequate level of protection for Personal Data; (ii) to a recipient that has achieved binding corporate rules authorization in accordance with European Data Protection Laws; or (iii) to a recipient that has executed the “Standard Contractual Clauses” in each case as adopted or approved in accordance with applicable European Data Protection Laws.
(ii) Customer acknowledges that in connection with the performance of the Subscription Services, tawk.to is a recipient of European Data in the United States. To the extent that tawk.to receives European Data in the United States, tawk.to will comply with the following:
(1) In relation to European Data that is subject to the GDPR (i) Customer is the “data exporter” and tawk.to is the “data importer”; (ii) the Module Two terms apply to the extent the Customer is a Controller of European Data and the Module Three terms apply to the extent the Customer is a Processor of European Data; (iii) in Clause 7, the optional docking clause applies; (iv) in Clause 9, Option 2 applies and changes to Sub-Processors will be notified in accordance with the Sub-Processors section of this DPA; (v) in Clause 11, the optional language is deleted; (vi) in Clauses 17 and 18, the parties agree that the governing law and forum for disputes for the Standard Contractual Clauses will be determined in accordance with the Contracting Entity; Applicable Law; Notice section of the Jurisdiction Specific Terms or, if such section does not specify an EU Member State, the Republic of Ireland (without reference to conflicts of law principles); (vii) the Annexes of the Standard Contractual Clauses will be deemed completed with the information set out in the Annexes of this DPA; (viii) the supervisory authority that will act as competent supervisory authority will be determined in accordance with GDPR; and (ix) if and to the extent the Standard Contractual Clauses conflict with any provision of this DPA the Standard Contractual Clauses will prevail to the extent of such conflict.
(2) In relation to European Data that is subject to the UK GDPR, the Standard Contractual Clauses will apply in accordance with sub-section (a) and the following modifications (i) the Standard Contractual Clauses will be modified and interpreted in accordance with the UK Addendum, which will be incorporated by reference and form an integral part of the Agreement; (ii) Tables 1, 2 and 3 of the UK Addendum will be deemed completed with the information set out in the Annexes of this DPA and Table 4 will be deemed completed by selecting “neither party”; and (iii) any conflict between the terms of the Standard Contractual Clauses and the UK Addendum will be resolved in accordance with Section 10 and Section 11 of the UK Addendum.
(3) In relation to European Data that is subject to the Swiss DPA, the Standard Contractual Clauses will apply in accordance with sub-section (a) and the following modifications (i) references to “Regulation (EU) 2016/679” will be interpreted as references to the Swiss DPA; (ii) references to “EU”, “Union” and “Member State law” will be interpreted as references to Swiss law; and (iii) references to the “competent supervisory authority” and “competent courts” will be replaced with the “the Swiss Federal Data Protection and Information Commissioner” and the “relevant courts in Switzerland”.
(4) Customer agrees that by complying with our obligations under the Sub-Processors section of this DPA, tawk.to fulfills its obligations under Section 9 of the Standard Contractual Clauses. For the purposes of Clause 9(c) of the Standard Contractual Clauses, Customer acknowledges that tawk.to may be restricted from disclosing Sub-Processor agreements but tawk.to will use reasonable efforts to require any Sub-Processor tawk.to appoint to permit it to disclose the Sub-Processor agreement to Customer and will provide (on a confidential basis) all information tawk.to reasonably can. Customer also acknowledge and agree that Customer will exercise Customer’s audit rights under Clause 8.9 of the Standard Contractual Clauses by instructing tawk.to to comply with the measures described in the Demonstration of Compliance section of this DPA.
(5) If tawk.to cannot comply with its obligations under the Standard Contractual Clauses or is breach of any warranties under the Standard Contractual Clauses or UK Addendum (as applicable) for any reason, and Customer intends to suspend the transfer of European Data to tawk.to or terminate the Standard Contractual Clauses, or UK Addendum, Customer agrees to provide tawk.to with reasonable notice to enable tawk.to to cure such non-compliance and reasonably cooperate with tawk.to to identify what additional safeguards, if any, may be implemented to remedy such non-compliance. If tawk.to has not or cannot cure the non-compliance, Customer may suspend or terminate the affected part of the service in accordance with the Agreement without liability to either party (but without prejudice to any fees Customer has incurred prior to such suspension or termination).
(iii) In the event that tawk.to is required to adopt an alternative transfer mechanism for European Data, in addition to or other than the mechanisms described in sub-section (ii) above, such alternative transfer mechanism will apply automatically instead of the mechanisms described in this DPA (but only to the extent such alternative transfer mechanism complies with European Data Protection Laws), and Customer agrees to execute such other documents or take such action as may be reasonably necessary to give legal effect such alternative transfer mechanism.
11. Miscellaneous

(a) Notice. tawk.to will make all notifications, including security-related notifications, required under this DPA as contemplated in the Agreement. Should you require further information, you can make a request to compliance@tawk.to.

(b) Modifications. This DPA may be modified from time to time, at tawk.to’s sole discretion. tawk.to encourages visitors to frequently check this page for any changes to its DPA. Your continued use of the tawk.to services and use of the Site will constitute your acceptance of such change.

(c) Governing Law. The terms of this DPA shall be governed by and interpreted in accordance with the laws of the State of Nevada and the laws of the United States applicable therein, without regard to principles of conflicts of laws. The parties irrevocably and unconditionally submit to the exclusive jurisdiction of the courts of the State of Nevada with respect to any dispute or claim arising out of or in connection with this DPA.

(d) Liability. For avoidance of doubt and to the extent allowed by applicable law, any and all liability under this DPA, including limitations thereof, will be governed by the relevant provisions of the Agreement. You acknowledge and agree that tawk.to may amend this DPA from time to time by posting the relevant amended and restated DPA on tawk.to’s website, available at https://www.tawk.to/terms-of-service/ (https://www.tawk.to/terms-of-service/) and such amendments to the DPA are effective as of the date of posting. Your continued use of the Services after the amended DPA is posted to tawk.to’s website constitutes your agreement to, and acceptance of, the amended DPA. If you do not agree to any changes to the DPA, do not continue to use the Service

(e) Invalidity and Severability. If any provision of this DPA is found by any court or administrative body of competent jurisdiction to be invalid or unenforceable, then the invalidity or unenforceability of such provision will not affect any other provision of this DPA, and al provisions not affected by such invalidity or unenforceability will remain in full force and effect.

(f) Term. The term of this DPA shall be the same as that of the Agreement.

ANNEX I
Description of Processing

Description of Processing

A. Purpose(s) for Processing:

1. Customer will provide Personal Data to tawk.to to enable tawk.to to provide the services contemplated under the Agreement.

B. Method(s) of Processing:

1. tawk.to will use Personal Data provided by Customer.

C. Categories of Personal Data Processed:

1. Name, email address, date of birth, address, phone number.

 
ANNEX II
Subprocessors Engaged by tawk.to

Customer authorizes tawk.to to engage the following other Processors:

 

Subprocessors

Purpose

Entity Country

Digital Ocean

Data hosting, MTA Email hosting

USA

AWS Amazon

Data hosting & Sending email

USA, Ireland

Twilio

Communications technology provider

USA

Google Inc.

Google Cloud Platform

USA

Loggly

Cloud Analytics provider

USA

Apple Inc.

App Store Distribution

USA

Sendgrid

Sending email

USA

Cloudflare, Inc.

DNS and CDN

USA

Pinecone

Vector Database

USA

PostHog

Customer data analytics

USA

Microsoft Clarity

Customer data analytics

USA

Stripe

Payment Provider

USA, Ireland

Paypal

Payment Provider

USA

OpenAI

Ai Assitant

USA

Get tawk.to

Products

Services

Resources

About

Let's tawk?

The green widget you see below this text is the tawk.to live chat widget, if you click it you will see the window maximize and you will be able to chat with the tawk.to team 24×7-365. You can add a chat widget like this on your own site, with your own custom colors, messages, size, position and language. Click the widget and give it a try!

[language-switcher]
Linkedin-in Twitter Facebook-f Instagram Youtube Wordpress
© Copyright 2024 tawk.to, inc. All Rights Reserved. Various trademarks held by their respective owners
[contact-form-7 id="2264" title="LeadGen"]