Canva Data Processing Agreement

8. DATA PROTECTION IMPACT ANALYSES. Instructure provides the client with appropriate support for data protection impact assessments that the customer deems reasonably necessary under data protection laws and regulations, only with respect to Instructure`s handling of personal data. This CCA does not affect the rights and obligations of the parties under the agreement, which continue to have all the effects and effects. In the event of a conflict between the terms and conditions of this data protection authority and the terms of the agreement, the provisions of this data protection authority prevail only to the extent that the purpose concerns the processing of personal data. This data protection authority does not confer rights on a third party, is determined only in the interests of the parties and their licensees and their approved beneficiaries, and cannot be implemented by another person. This CCA applies only to the extent that the subcontractor processes personal data on behalf of the client. Unless required by the RGPD, this DPA and all related measures are subject to and interpreted in accordance with the laws of the State of California without the conflict of laws coming into force. With the exception of arbitration disputes, as described in the agreement, which contain provisions contained in this reference, the parties to the personal jurisdiction and jurisdiction of the los Angeles, California courts agree.

This DPA is, with the agreement, the final, comprehensive and exclusive agreement reached between the parties regarding the purpose of this agreement and replaces and merges all prior discussions and agreements between the parties on this subject. To indicate which categories of data they are used for, coloured stickers or different and consistent colors of adhesion notes can be used to display links throughout the RGPD canvas. The purpose of data collection is extremely important in the context of the RGPD. Any processing activity must be supported by a specific purpose and the purposes must be explained in your privacy policy. Finally, note the adhesion notes that organizations are transferred to for data recipients/transmissions. This does not include the organizations that instruct you to process your data on your behalf (these will be treated later as data processors). To the extent that it is established by a data protection authority that the data protection agreement or authority is not sufficient to comply with existing EU data protection legislation or to the extent that changes to existing data protection legislation make it necessary, the customer and the subcontractor agree to cooperate in good faith to amend the agreement or this CCA or to enter into other mutually acceptable treatment agreements in order to comply with the European data protection law applicable to the subcontractor and customers. HOW THIS ADDENDUM DOES NOT REPLACE THE RIGHTS TO PROCESS DATA PREVIOUSLY NEGOTIATED BY THE CUSTOMER IN THE AGREEMENT.

Comments are closed.