TERMS AND AGREEMENT
Thanks for using Lean PlanDo (“Software”). This policy explains the term and agreements for using Lean PlanDo and shall be deemed to be an integral part of the License and Services Agreement entered into by the Licensee with Lean Station in respect of the Software.
We’ll start by getting a few definitions out of the way that should help you understand this policy. When we say "we", "us", "Lean PlanDo”, ”Lean Station” and “Licensor”, we’re referring to Lean Station Pte Ltd, d/b/a Lean PlanDo, a Singapore private limited company and/or Lean Station India Private Limited, an Indian private limited company, as applicable. When we say “you” or “Licensee”, we’re referring to the person or entity that’s registered with us to use the Services and license the Software.
We provide online platforms and mobile apps for Google Android and Apple IOS devices that you may use lean construction methodologies to create, plan, and manage construction activities (“Services”).
We offer the Services on our websites:
(each a “Website” and together the “Websites”) and through our mobile apps for Google Android and Apple IOS devices. In the course of providing the Services, we may collect Personal Information, which means information about a Licensee. A “Collaboration List” is a list of email addresses that one of our Licensees has added, or intends to invite to in a project, and all information relating to those email addresses.
3. EFFECTIVE DATE
4. TERMS & CONDITIONS
a. Scope of license: This license granted to the Licensee for the Software by Licensor is a non-exclusive, revocable, fee-bearing, non-transferable and non-sub-licensable license to use the Software for a term on any device that the Licensee owns or controls. This license does not allow the Licensee to use the Software on any device that the Licensee does not own or control, and the Licensee may not distribute, share or make the link to the Software available over a network where it could be used by unintended parties without the consent of the Licensor. Any attempt to do so is a violation of the rights of the Licensor. If the Licensee breaches this restriction, the Licensee may be prosecuted for damages as prescribed by applicable law. Further, the license may be revoked or terminated prematurely without any refund for paid amounts. The terms of the license will govern any upgrades provided by Licensor that replace and/or supplement the original Software, unless such upgrade is accompanied by a separate license in which case the terms of that license will govern. It is hereby clarified that nothing in this license or the License and Services Agreement shall be interpreted to mandate that the Licensor shall develop and release revisions, updates, customize any revisions or updates to the Software to satisfy the Licensee’s requirements or to be integrated into the Licensee’s particular software or technical environment. The license will be granted to a specific person, signing on behalf of the organization they are working for, and is not transferrable and should not be shared. The Licensee agrees that the information they provide is accurate and complete. The Licensee is aware that any changes, requiring your approval, may be subject to additional costs.
b. Services: The Software may enable access to Licensor’s and third-party services and websites (collectively and individually, "Third Party Services"). Use of the Third Party Services may require Internet access and that the Licensee accepts additional terms of service. The Licensee agrees to use the Third Party Services at their sole risk and that the Licensor shall not have any liability to the Licensee for content that may be found to be offensive, indecent, or objectionable. Subject to the terms hereof, the Licensor will provide the Licensee with reasonable technical support services in accordance with the terms set forth. For a paying Licensee technical support is extended via online medium and phone medium only. Direct on-site Licensee support is not applicable unless it has been agreed mutually between the Licensee or the organization.
c. Conditions. The Licensor’s obligations pursuant to the license are expressly conditioned upon the Licensee:
(i) providing adequate access, where applicable, to Licensee Content (as defined in the License and Services Agreement);
(ii) completing all tasks that the Licensee has agreed to perform in a timely manner;
(iii) providing a single point of contact for the Lean Consultants (as defined in the License and Services Agreement) of the Licensor; and
(iv) providing that level of cooperation and support which is a necessary prerequisite to the Licensor’s provision of the Services (such as by ensuring appropriate attendance at training sessions, assigning competent and sufficient staff and resources to the Project), or which is reasonably requested by the Licensor.
d. Prohibitions: Except as otherwise expressly provided in this license or the License and Services Agreement, the Licensee shall not and shall not permit others to:
(i) install, use, copy, adapt, modify or create derivative works of the Software including, any access or use of the Software for any purpose other than the Project (as defined in the License and Services Agreement);
(ii) reverse-engineer, disassemble, or decompile the Software or otherwise attempt to determine its underlying source code;
(iii) sell, lease, sublicense, rent, redistribute, lend or provide any portion of the Software to any person or allow the use of the Software by or for the benefit of any person other than the Licensee and the users on the Collaboration List; and
(iv) use the Software in outsourcing or other arrangement to process or administer data on behalf of any other person.
The Licensee may not remove or export or allow the export or re-export of the Services, Software or anything related thereto, or any direct product thereof in violation of any restrictions, laws or regulations of any governing authority.
e. Warranty: The Licensor does not warrant that the Software or Services will be free of interruptions, errors, bugs, viruses or security problems (especially when the Licensor is doing maintenance work on the Software), or that the Software or the Services will meet the Licensee’s requirements. The Software and Services are provided “as is” and the Licensor specifically disclaims all warranties and indemnities, express, implied or statutory, including without limitation any warranty of merchantability, fitness for a particular purpose, satisfactory quality, fitness for a particular purpose, accuracy, quiet enjoyment, non-infringement of third party rights and any warranty arising from the course of performance or course of dealing. The Licensee expressly acknowledges and agrees that use of the Software is at the Licensee’s sole risk and that the entire risk as to satisfactory quality, performance, accuracy and effort is with the Licensee. No oral or written information or advice given by Licensor, or its authorized representative shall create a warranty. Should the Software or Services prove defective, the Licensee shall assume the entire cost of all necessary servicing, repair or correction. Some jurisdictions do not allow the exclusion of implied warranties or limitations on applicable statutory rights of a consumer, so the above exclusion and limitations may not apply to the Licensee.
f. Limitation of Liability: Lean Station will not be liable for any damages resulting in the use of its features or services or from the use of data or information from the Software to the extent not prohibited by law, in no event shall application manufacturer, provider or distributor be liable for personal injury, or any incidental, special, indirect or consequential damages whatsoever, including, without limitation, damages for loss of profits, loss of data, business interruption or any other commercial damages or losses, or attorney’s fees arising out of, or related to, your use or inability to use the Software, however caused, regardless of the theory of liability (contract, tort or otherwise) and even if Licensor has been advised of the possibility of such damages. Some jurisdictions do not allow the limitation of liability for personal injury, or of incidental or consequential damages, so this limitation may not apply to the Licensee. In no event shall Licensor’s total liability to the Licensee for all damages exceed the amount of one dollar ($1.00). The foregoing limitations will apply even if the above stated remedy fails of its essential purpose.
The warranties specified in this license or the License and Services Agreement will not apply if the Software malfunctions due to extrinsic causes, including but not limited to:
(i) misuse or improper use of the Software including without limitation use of the Software in browsers and devices not recommended for the same by the Licensor (recommended browsers and devices are those specified in the online user manual of the Software which shall be updated by the Licensor from time to time and it is the Licensee’s responsibility to keep track of changes, if any);
(ii) the combination of the Software with other non-Licensor software (unless such combination was expressly permitted by the Licensor in writing); or
(iii) any security breach or unauthorized access to the Licensee’s network as a result of actions by third parties.
Additionally, it is hereby agreed that the Licensor will not be liable for any delays and/or cost overruns with regard to the Project where the Software is deployed owing to any reason whatsoever.
g. Data Consent: The Licensee agrees that the Licensor may collect and use technical data and related information, including but not limited to technical information about your device, system and application software, and peripherals, that is gathered periodically to facilitate the provision of software updates, support and other services to the Licensee (if any) related to the Software. The Licensor may use this information, as long as it is in a form that does not personally identify the Licensee, to improve its Software or to provide services or technologies to the Licensee.
h.Termination: The license is effective until terminated by the Licensee or Services Provider. Your rights under this license will terminate automatically without notice from the Licensor if the Licensee fails to comply with any term(s) of this license. Upon termination of the license, the Licensee shall cease all use of the Software, and destroy all copies, full or partial, of the Software.
i. Governing Laws: The governing law specified in the License and Services Agreement will govern the license of the Software and Services. Your use of the Software may also be subject to other local, state, national, or international laws. Lean Station will manufacture and license the Software in compliance with the state, and local laws applicable to each Software. Licensee will comply with the state, and local laws applicable to the handling, transportation, storage and use of the Software.
j.Corruption & Anti-Bribery: Under no circumstances will Licensor or Licensee offer or make any payment or give anything of value to another person or entity where such payment or action would violate an applicable law or regulation, including, but not limited to, any applicable anti-bribery, anti-corruption, or anti-kickback law. As applicable, Licensor and Licensee shall comply with their obligations under the Prevention of Corruption Act, 1988 or other such equivalent enactment in the concerned jurisdictions where the Software is deployed and the Services and Training (as defined in the License and Services Agreement) are provided.
5. CONFIDENTIALITY & PROPRIETARY RIGHTS
The Software, including any modifications to it, and its structure, organization and source code constitute valuable trade secrets of the Licensor. All worldwide intellectual property rights in the Software are the exclusive property of the Licensor. As between the Licensor and the Licensee, all items used by the Licensor for the performance of the Services, except for the Licensee Content, will be the property of the Licensor. All Services will be subject to the same license restrictions as the Software under this license or the License and Services Agreement. All rights not expressly granted to the Licensee in this license, or the License and Services Agreement are reserved by the Licensor, including but not limited to, rights related to all Software derivatives and branding. Nothing shall be deemed a joint work, and furthermore, to the extent any moral rights are claimed or retained, as a matter of law, by the Licensee or its employees or representatives, the Licensee shall ensure that no such rights shall be used or asserted. The Licensor, its successors and assigns shall retain exclusive rights and title to use, commercialize and convey all such intellectual property rights therein. To the extent that any intellectual property rights in the Software and/or Services do not automatically vest in the Licensor, the Licensee hereby assigns all such intellectual property rights to the Licensor with full right and title.
The Licensee acknowledges that the Software and any other information provided by the Licensor to the Licensee, including, but not limited to, any training materials, program listings, data models, database schema, flow charts, logic diagrams, functional specifications, and instructions incorporate confidential and proprietary information developed or acquired by or licensed to the Licensor (“Confidential Information”). The Licensor acknowledges that the Licensee Content (as defined in the License and Services Agreement) will also be Confidential Information. Licensor and Licensee will take all reasonable precautions necessary to safeguard the confidentiality of the other party’s Confidential Information, including (i) those taken by it to protect its own confidential information; and (ii) those which the other party may reasonably request from time to time. Neither Licensor or Licensee will allow the removal or defacement of any confidentiality or proprietary notice placed on the Software. The placement of copyright notices on these items will not constitute publication or otherwise impair their confidential nature.
Neither Licensor or Licensee will have any confidentiality obligation with respect to any portion of the other party’s Confidential Information that:
a. became available to the public other than as a result of any act or omission by it or any of its Affiliates, agents, employees or consultants;
b. is previously known or independently developed by the recipient without use or reliance on the other party’s Confidential Information, as evidenced by records;
c. was received from a third party who was not under a duty of non-disclosure; or
Each party (“Receiving Party”) understands that the other party (“Disclosing Party”) has disclosed or may disclose business, technical or financial information relating to the Disclosing Party’s business (“Proprietary Information”). Proprietary Information of the Licensor includes non-public information regarding features, functionality, algorithms or methods and performance of the of the Software. Proprietary Information of Licensee includes non-public data provided by Licensee to the Licensor to enable the provision of the Services (“Licensee Data”). The Receiving Party agrees:
a. to take reasonable precautions to protect such Proprietary Information, and
b. not to use (except in performance of the Services or as otherwise permitted herein) or
c. divulge to any third person any such Proprietary Information.
The Disclosing Party agrees that the foregoing shall not apply with respect to any information after five (5) years following the disclosure thereof or any information that the Receiving Party can document
a. is or becomes generally available to the public, or
b. was in its possession or known by it prior to receipt from the Disclosing Party, or
c. was rightfully disclosed to it without restriction by a third party, or
d. was independently developed without use of any Proprietary Information of the Disclosing Party, or
e. is required to be disclosed by law.
Licensee shall own all right, title and interest in and to the Licensee Data, as well as any data that is based on or derived from the Licensee Data and provided to Licensee as part of the Services. The Licensor shall own and retain all right, title and interest in and to:
a. the Services and Software, all improvements, enhancements or modifications thereto,
b. any software, applications, inventions or other technology developed in connection with Implementation Services or support, and
c. all intellectual property rights related to any of the foregoing.
Notwithstanding anything to the contrary, the Licensor shall have the right collect and analyze data and other information relating to the provision, use and performance of various aspects of the Services and related systems and technologies (including, without limitation, information concerning Licensee Data and data derived therefrom), and the Licensor will be free (during and after the term hereof) to:
a. use such information and data to improve and enhance the Services and for other development, diagnostic and corrective purposes in connection with the Services and other Licensor offerings, and
b. disclose such data solely in aggregate or other de-identified form in connection with its business.
No rights or licenses are granted except as expressly set forth herein.
The Licensor has the right to use the Licensee's name and logo and the Project name, logo and images in Licensor’s lists, brochures, marketing collateral and web pages solely to indicate that the Licensee is a licensee of the Software and a licensee of the Licensor. Upon the Licensor’s reasonable request, the Licensee will provide a reference to the Licensor prospects regarding its use of the Software. The Licensor will have the right to reproduce and distribute any written or oral statements made by the Licensee regarding the Licensor and the Software.
6. DATA PROTECTION
As applicable, Licensor and Licensee warrants that they shall comply with their obligations under the applicable laws pertaining to any personal data processed in connection with the License and Services Agreement, in the concerned jurisdictions where the Software is deployed, including without limitation to the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 as amended or re-enacted from time to time. Unless otherwise agreed between the Parties, the Licensee acknowledges that the Licensor is not involved in collection of personal or sensitive personal data or information as provided and regulated under the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 or other such equivalent enactment in the concerned jurisdictions where the Software is deployed. It shall be the Licensee’s responsibility to ensure that it has complied with the provisions of the aforesaid Rules, if it collects such data and provides the same to the Licensor to store.
Thanks for using Lean PlanDo (“Software”). This policy explains the what, how, and why of the information we collect when you use Lean PlanDo. It also explains the specific ways we use and disclose that information. We never sell lists or email addresses.
We’ll start by getting a few definitions out of the way that should help you understand this policy. When we say "we", "us", "Lean PlanDo”, ”Lean Station” or “Licensor”, we’re referring to Lean Station Pte Ltd, d/b/a Lean PlanDo, a Singapore private limited company and/or Lean Station India Private Limited, an Indian private limited company, as applicable. When we say “you” or “Licensee”, we’re referring to the person or entity that’s registered with us to use the Services and license the Software.
We provide online platforms and mobile apps for Google Android and Apple IOS devices that you may use lean construction methodologies to create, plan, and manage construction activities (“Services”).
We offer the Services on our websites (“Websites”):
(each a “Website” and together the “Websites”) and through our mobile apps for Google Android and Apple IOS devices. In the course of providing the Services, we may collect Personal Information, which means information about a Licensee. A "Collaboration List" is a list of email addresses that one of our Licensees has added, or intends to invite to in a project, and all information relating to those email addresses.
3. EFFECTIVE DATE
If you have any questions or comments, or if you want to update, delete, or change any Personal Information you’ve submitted on the Websites, please write to firstname.lastname@example.org to get in touch.
5. INFORMATION WE COLLECT
b. List and email information: When you add a collaborator to the project or create an email with the Services, we have access to the data on your list and the information in your email.
c. Information from your use of the service: We may get information about how and when you use the Services. This information may include your IP address, time, date, browser used, and actions taken by you within the application. Also, project data gathered from the use of services.
d. Cookies: When you register to use Lean PlanDo, we store "cookies," which are strings of code, on your computer. We use those cookies to collect information about when you visit our Website, when you use the Services, your browser type and version, your operating system, and other similar information. You may turn off cookies that have been placed on your computer by following the instructions on your browser, but if you block our cookies, it may be more difficult (and maybe even impossible) to use the Services.
e. Construction related information: All data that are added to the websites are captured including the names of the activities, the type of activities, the duration, constraints, site photos, drawings, layouts, permits, images, videos etc. When the Licensee or any invited collaborator updates this information again real-time data is captured through information such as task progress or variance etc. These are all considered as personal data to the Licensee and all this data is captured and stored securely.
6. USE AND DISCLOSURE OF YOUR PERSONAL DATA
We use the data we collect from all of our Services to provide, maintain, protect and improve them, to develop new ones, and to protect the Licensor, its Software and our users. We also use this information to offer you tailored personalized information. Our automated systems analyze your data to provide you personally relevant Software features, such as customized insights, analysis, and notifications. We use and disclose your personal data only as follows:
a. To promote use of our services. For example, if you leave your Personal Information when you visit our Website and don’t sign up for any of the Services, we may send you an email asking whether you want to sign up. And if you use any of our Services, and we think you might benefit from using another Service we offer, we may send you an email telling you about it.
b. For R&D of our Software and Services. For example, our automated systems will analyze your data provided when you use our Software and Services to improve them, develop new, secure, maintain and provide stable operations consistently.
c. To bill and collect money owed to us. This includes sending you emails, invoices, receipts, notices of delinquency, and alerting you if we need a different credit card number. We use third parties for secure credit card transaction processing, and we send billing information to those third parties to process your orders and credit card payments. To learn more about the steps we take to safeguard that data, see Section 7 below.
f. To provide customer support. This may include providing project level support from a representative from the company who can access your project data upon your approval.
g. To protect the rights and safety of our Licensees and third parties, as well as our own.
h. To meet legal requirements like complying with court orders and valid subpoenas.
i. To provide information to representatives and advisors, like attorneys and accountants, to help us comply with legal, accounting, or security requirements.
j. To prosecute and defend a court, arbitration, or similar proceeding.
k. To support and improve the Services we offer.
l. To communicate with you about your account for informational, not promotional, reasons.
n. To send you informational and promotional content that you may choose (or "opt in") to receive. You can stop receiving our promotional emails by following the unsubscribe instructions included in every email.
The Licensor has the right to use the Licensee's name and logo and the Project (as defined in the License and Services Agreement) name, logo and images in the Licensor’s lists, brochures, marketing collateral and web pages solely to indicate that the Licensee is a licensee of the Software and a licensee of the Licensor. Upon the Licensor’s reasonable request, the Licensee will provide a reference to the Licensor prospects regarding its use of the Software. The Licensor will have the right to reproduce and distribute any written or oral statements made by the Licensee regarding the Licensor and the Software.
Occasionally, we have to disclose information about our customers to meet legal requirements. Third-party disputes are a common example: If two parties have a dispute, and one of them used Lean PlanDo in a way that’s relevant to the dispute, then we might get a request for user data. Whether we say “no way” or comply depends on the subpoena.
Unsubscribe links are required by the CAN-SPAM act. It’s the law! Plus, making it easy for people to opt out is the nice thing to do.
7. PUBLIC INFORMATION AND THIRD PARTIES
a. Blog: We have public blogs on our Websites. Any information you include in a comment on our blog may be read, collected, and used by anyone. If your Personal Information appears on our blogs and you’d like it to be removed, contact us at email@example.com. If we’re not able to remove your information, we’ll let you know why.
b. Social media widgets: Our Websites include social media features, like the Facebook Like button. These features may collect information about your IP address and which page you’re visiting on our site, and they may set a cookie to make sure the feature functions properly. Social media features and widgets are either hosted by a third party or hosted directly on our site. Your interactions with those features are governed by the privacy policies of the companies that provide them.
d. Service providers: If it is necessary to provide you a service you've requested, like send you a T-shirt or enable a feature like Social Profiles, then we may provide your personal information to a service provider. We will restrict any service provider's use of your personal information. We will tell you whenever reasonably possible and you may request at any time the name of our service providers.
8. NOTICE OF BREACH OF SECURITY
Nobody’s safe from hackers. If a security breach causes an unauthorized intrusion into our system that materially affects you or people on your collaboration Lists, then the Licensor will notify you as soon as possible and later report the action we took in response.
9. SAFEGUARDING YOUR INFORMATION
We do not capture any credit card information at this point and the site uses no SSL certification at this moment. When we begin processing credit card information, to protect your information, our credit card processing vendor will use the latest 128/256-bit Secure Socket Layer (SSL) technology for secure transactions. Our vendor is certified as compliant with card association security initiatives, like the Visa Cardholder Information Security and Compliance (CISP), MasterCard® (SDP), and Discovery Information Security and Compliance (DISC). However, the Licensor will not be liable to you for any damages resulting from the use of data or information from the Software.
Lean PlanDo accounts require a username and password to log in. You must keep your username and password secure, and never disclose it to a third party. Because the information in your Collaboration Lists is so sensitive, account passwords are encrypted, which means we can’t see your passwords. We can’t resend forgotten passwords either. We’ll only reset them.
10. PERSONAL DATA PROTECTION NOTICE
Lean PlanDo complies with the Singapore’s Personal Data Protection Act (pdpa) which is overseen by the Government of Singapore,. We certify that we follow the principles of notice, choice, onward transfer, security, data integrity, access, and enforcement.
This Personal Data Protection Policy notice for personal data (“Notice”) is issued to all our valued customers and guests of the Licensor, pursuant to the statutory requirements of the Personal Data Protection Act 2012 (“PDPA”).
We take our responsibilities under Singapore’s PDPA seriously. We also recognize the importance of the personal data you have entrusted to us and believe that it is our responsibility to properly manage, protect and process your personal data.
During your course of dealing with us, we may have, and / or will collect, use, disclose and process your personal data for purposes, including, to communicate with you, provide the Software and/or Services to you, respond to your enquiries or complaints, provide you with information and/or updates on the Software, Services and/or promotions offered by the Licensor and selected third parties and other purposes required to operate and maintain our business as set out in our Personal Data Protection Policy (collectively referred to as “Purposes”).
In order to conduct our business operations more smoothly, we may also be disclosing the personal data you have provided to us to our third party service providers, agents and/or our affiliates or related corporations, and/or other third parties whether sited in Singapore or outside of Singapore, for one or more of the above-stated Purposes. Such third-party service providers, agents and/or affiliates or related corporations and/or other third parties would be processing your personal data either on our behalf or otherwise, for one or more of the above-stated Purposes.
11. SAFE HARBOR CERTIFICATION
We certify that we follow the principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. In light of a recent European Court of Justice ruling users may request an updated data processing agreement which incorporates the Standard Contractual Clauses here.
12. ACCURACY OF DATA, TRANSPARENCY, AND CHOICE
We do our best to keep your data accurate and up to date, to the extent that you provide us with the information we need to do that. If your data changes (like a new email address), then you’re responsible for notifying us of those changes.
We only store data about you for as long as it’s reasonably required to fulfill the purposes that gave us the right to access it in the first place. We keep some data indefinitely, relating to when and where emails were sent, which bounced, which resulted in a complaint, and similar information, because we use it to help us screen out people who violate SPAM laws, and for other reasons explained in this policy.
We’ll give you access to any Personal Information about you that we hold within 30 days of any request for that information you make by contacting the Data Protection Officer on firstname.lastname@example.org. Unless it’s prohibited by law, we’ll remove any Personal Information about you from our servers at your request.Updated July 15, 2022
DATA PROCESSING AGREEMENT
The Personal Data protection Act (PDPA) took effect in phases starting with the provisions relating to the formation of the PDPC on 2 January 2013. Provisions relating to the DNC Registry came into effect on 2 January 2014 and the main data protection rules on 2 July 2014. This allowed time for organisations to review and adopt internal personal data protection policies and practices, to help them comply with the PDPA.
Passed in 2016, the new General Data Protection Regulation(GDPR) is the most significant legislative change in European data protection laws since the EU Data Protection Directive (Directive 95/46/EC), introduced in 1995. The GDPR, which becomes enforceable on May 25, 2018, seeks to strengthen the security and protection of personal data in the EU and serve as a single piece of legislation for all of the EU. It will replace the EU Data Protection Directive and all the local laws relating to it.
We support the PDPA and GDPR and will ensure all Lean Station services comply with its provisions from May 25, 2018. Not only is the PDPA and GDPR an important step in protecting the fundamental right of privacy for all users, it also raises the bar for data protection, security and compliance in the industry.
Customer Personal Data Protection Agreement (PDPA)
This Customer Data Processing Agreement reflects the requirements of the Singaporean Personal Data Protection Act (PDPA) as it comes into effect on 2 Jan, 2013. Lean Station´s products and services offered in the Singapore region are PDPA ready and this DPA provides you with the necessary documentation of this readiness.
Customer GDPR Data Processing Agreement
This Customer Data Processing Agreement reflects the requirements of the European Data Protection Regulation (“GDPR”) as it comes into effect on May 25, 2018. Lean Station´s products and services offered in the European Union are GDPR ready and this DPA provides you with the necessary documentation of this readiness.
This Data Processing Agreement (“DPA”) is an addendum to the Customer Terms of Service (“Agreement”) between Lean Station, Pte Ltd (“Lean Station”) and the Customer. All capitalized terms not defined in this DPA shall have the meanings set forth in the Agreement. Customer enters into this DPA on behalf of itself and, to the extent required under Data Protection Laws, in the name and on behalf of its Authorized Affiliates (defined below).
The parties agree as follows:
“Affiliate” means an entity that directly or indirectly Controls, is Controlled by or is under common Control with an entity.
“Authorized Affiliate” means any of Customer Affiliate(s) permitted to or otherwise receiving the benefit of the Services pursuant to the Agreement.
“Control” means an ownership, voting or similar interest representing fifty percent (50%) or more of the total interests then outstanding of the entity in question. The term “Controlled” shall be construed accordingly.
“Controller” means an entity that determines the purposes and means of the processing of Personal Data.
“Customer Data” means any data that Lean Station and/or its Affiliates processes on behalf of Customer in the course of providing the Services under the Agreement.
“Data Protection Laws” means all data protection and privacy laws and regulations applicable to the processing of Personal Data under the Agreement, including, where applicable, PDPA or the EU Data Protection Law.
“EU Data Protection Law” means (i) prior to May 25, 2018, Directive 95/46/EC of the European Parliament and of the Council on the protection of individuals with regard to the processing of Personal Data and on the free movement of such data (“Directive”) and on and after May 25, 2018, Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data (General Data Protection Regulation) (“GDPR”); and (ii) Directive 2002/58/EC concerning the processing of Personal Data and the protection of privacy in the electronic communications sector and applicable national implementations of it (in each case, as may be amended, superseded or replaced).
“Personal Data” means any Customer Data relating to an identified or identifiable natural person to the extent that such information is protected as personal data under applicable Data Protection Law
“Privacy Shield” means the EU-US and Swiss-US Privacy Shield Frameworks, as administered by the U.S. Department of Commerce.
“Privacy Shield Principles” means the Privacy Shield Framework Principles (as supplemented by the Supplemental Principles) contained in Annex II to the European Commission Decision of 12 July 2016 pursuant to the Directive, details of which can be found at www.privacyshield.gov/eu-us-framework.
“Processor” means an entity that processes Personal Data on behalf of the Controller.
“Processing” has the meaning given to it in the GDPR and “process”, “processes” and “processed” shall be interpreted accordingly.
“Security Incident” means any unauthorized or unlawful breach of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to Personal Data.
“Services” means any product or service provided by Lean Station to Customer pursuant to and as more particularly described in the Agreement.
“Sub-processor” means any Processor engaged by Lean Station or its Affiliates to assist in fulfilling its obligations with respect to providing the Services pursuant to the Agreement or this DPA. Sub-processors may include third parties or any Lean Station Affiliate.
2. SCOPE AND APPLICABILITY OF THIS DPA
2.1 This DPA applies where and only to the extent that Lean Station processes Personal Data on behalf of the Customer in the course of providing the Services and such Personal Data is subject to Data Protection Laws of Singapore, the European Union, the European Economic Area and/or their member states, Switzerland and/or the United Kingdom. The parties agree to comply with the terms and conditions in this DPA in connection with such Personal Data.
2.2 Role of the Parties. As between Lean Station and Customer, Customer is the Controller of Personal Data and Lean Station shall process Personal Data only as a Processor on behalf of Customer. Nothing in the Agreement or this DPA shall prevent Lean Station from using or sharing any data that Lean Station would otherwise collect and process independently of Customer's use of the Services
2.3 Customer Obligations. Customer agrees that (i) it shall comply with its obligations as a Controller under Data Protection Laws in respect of its processing of Personal Data and any processing instructions it issues to Lean Station; and (ii) it has provided notice and obtained (or shall obtain) all consents and rights necessary under Data Protection Laws for Lean Station to process Personal Data and provide the Services pursuant to the Agreement and this DPA.
2.4 Lean Station Processing of Personal Data. As a Processor, Lean Station shall process Personal Data only for the following purposes: (i) processing to perform the Services in accordance with the Agreement; (ii) processing to perform any steps necessary for the performance of the Agreement; and (iii) to comply with other reasonable instructions provided by Customer to the extent they are consistent with the terms of this Agreement and only in accordance with Customer’s documented lawful instructions. The parties agree that this DPA and the Agreement set out the Customer’s complete and final instructions to Lean Station in relation to the processing of Personal Data and processing outside the scope of these instructions (if any) shall require prior written agreement between Customer and Lean Station.
2.5 Nature of the Data. Lean Station handles Customer Data provided by Customer. Such Customer Data may contain special categories of data depending on how the Services are used by Customer. The Customer Data may be subject to the following process activities: (i) storage and other processing necessary to provide, maintain and improve the Services provided to Customer; (ii) to provide customer and technical support to Customer; and (iii) disclosures as required by law or otherwise set forth in the Agreement.
2.6 Lean Station Data. Notwithstanding anything to the contrary in the Agreement (including this DPA), Customer acknowledges that Lean Station shall have a right to use and disclose data relating to and/or obtained in connection with the operation, support and/or use of the Services for its legitimate business purposes, such as billing, account management, technical support, product development and sales and marketing. To the extent any such data is considered personal data under Data Protection Laws, Lean Station is the Controller of such data and accordingly shall process such data in compliance with Data Protection Laws.
3.1 Authorized Sub-processors. Customer agrees that Lean Station may engage Sub-processors to process Personal Data on Customer's behalf. The Sub-processors currently engaged by Lean Station and authorized by Customer are listed in Annex A.
3.2 Sub-processor Obligations. Lean Station shall: (i) enter into a written agreement with the Sub-processor imposing data protection terms that require the Sub-processor to protect the Personal Data to the standard required by Data Protection Laws; and (ii) remain responsible for its compliance with the obligations of this DPA and for any acts or omissions of the Sub-processor that cause Lean Station to breach any of its obligations under this DPA.
3.3 Changes to Sub-processors. Lean Station shall provide Customer reasonable advance notice (for which email shall suffice) if it adds or removes Sub-processors.
3.4 Lean Station engages Cloudalio Technologies Pvt Ltd, India, to act and work as a sub-processor.
3.5 Objection to Sub-processors. Customer may object in writing to Lean Station’s appointment of a new Sub-processor on reasonable grounds relating to data protection by notifying Lean Station promptly in writing within five (5) calendar days of receipt of Lean Station’s notice in accordance with Section 3.3. Such notice shall explain the reasonable grounds for the objection. In such event, the parties shall discuss such concerns in good faith with a view to achieving commercially reasonable resolution. If this is not possible, either party may terminate the applicable Services that cannot be provided by Lean Station without the use of the objected-to-new Sub-processor.
4.1 Security Measures. Lean Station shall implement and maintain appropriate technical and organizational security measures to protect Personal Data from Security Incidents and to preserve the security and confidentiality of the Personal Data, in accordance with Lean Station's security standards.
4.2 Confidentiality of Processing. Lean Station shall ensure that any person who is authorized by Lean Station to process Personal Data (including its staff, agents and subcontractors) shall be under an appropriate obligation of confidentiality (whether a contractual or statutory duty).
4.3 Security Incident Response. Upon becoming aware of a Security Incident, Lean Station shall notify Customer without undue delay and shall provide timely information relating to the Security Incident as it becomes known or as is reasonably requested by Customer.
4.4 Updates to Security Measures. Customer acknowledges that the Security Measures are subject to technical progress and development and that Lean Station may update or modify the Security Measures from time to time provided that such updates and modifications do not result in the degradation of the overall security of the Services purchased by the Customer.
5. SECURITY REPORTS AND AUDITS
5.1 Lean Station shall maintain records of its security standards. Upon Customer's written request, Lean Station shall provide (on a confidential basis) copies of relevant external ISMS certifications (if available), internal audit report summaries and/or other documentation reasonably required by Customer to verify Lean Station's compliance with this DPA (on a Confidential basis). Lean Station shall further provide written responses (on a confidential basis) to all reasonable requests for information made by Customer, including responses to information security and audit questionnaires, that Customer (acting reasonably) considers necessary to confirm Lean Station's compliance with this DPA, provided that Customer shall not exercise this right more than once per year.
6. INTERNATIONAL TRANSFERS
Available upon request (confidential information)
7. RETURN OR DELETION OF DATA
7.1 Upon deactivation of the Services, all Personal Data shall be deleted, save that this requirement shall not apply to the extent Lean Station is required by applicable law to retain some or all of the Personal Data, or to Personal Data it has archived on back-up systems, which such Personal Data Lean Station shall securely isolate and protect from any further processing, except to the extent required by applicable law.
8.1 To the extent that Customer is unable to independently access the relevant Personal Data within the Services, Lean Station shall (at Customer's expense) taking into account the nature of the processing, provide reasonable cooperation to assist Customer by appropriate technical and organizational measures, in so far as is possible, to respond to any requests from individuals or applicable data protection authorities relating to the processing of Personal Data under the Agreement. In the event that any such request is made directly to Lean Station, Lean Station shall not respond to such communication directly without Customer's prior authorization, unless legally compelled to do so. If Lean Station is required to respond to such a request, Lean Station shall promptly notify Customer and provide it with a copy of the request unless legally prohibited from doing so.
8.2 To the extent Lean Station is required under Data Protection Law, Lean Station shall (at Customer's expense) provide reasonably requested information regarding Lean Station's processing of Personal Data under the Agreement to enable the Customer to carry out data protection impact assessments or prior consultations with data protection authorities as required by law.
9.1 Except for the changes made by this DPA, the Agreement remains unchanged and in full force and effect. If there is any conflict between this DPA and the Agreement, this DPA shall prevail to the extent of that conflict.
9.2 This DPA is a part of and incorporated into the Agreement so references to "Agreement" in the Agreement shall include this DPA.
9.3 In no event shall any party limit its liability with respect to any individual's data protection rights under this DPA or otherwise.
9.4 This DPA shall be governed by and construed in accordance with governing law and jurisdiction provisions in the Agreement, unless required otherwise by Data Protection Laws.