Where a Data Subject is located in the European Economic Area, that Data Subject’s Personal Data will be processed by 2C Processor USA, LLC. As part of providing the Services, this Personal Data may be transferred to other regions, including to Canada and the United States. Such transfers will be completed in compliance with relevant Data Protection Legislation.
When 2CP Processes Personal Data in the course of providing the Services, 2CP will:
- Process the Personal Data as a Data Processor, only for the purpose of providing the Services in accordance with documented instructions from you (provided that such instructions are commensurate with the functionalities of the Services), and as may subsequently be agreed to by you. If 2CP is required by law to Process the Personal Data for any other purpose, 2CP will provide you with prior notice of this requirement, unless 2CP is prohibited by law from providing such notice
- notify you if, in 2CP’s opinion, your instruction for the processing of Personal Data infringes applicable Data Protection Legislation
- notify you promptly, to the extent permitted by law, upon receiving an inquiry or complaint from a Data Subject or Supervisory Authority relating to 2CP’s Processing of the Personal Data
- implement and maintain appropriate technical and organizational measures to protect the Personal Data against unauthorized or unlawful processing and against accidental loss, destruction, damage, theft, alteration or disclosure. These measures shall be appropriate to the harm which might result from any unauthorized or unlawful processing, accidental loss, destruction, damage or theft of Personal Data and appropriate to the nature of the Personal Data which is to be protected
- provide you, upon request, with up-to-date attestations, reports or extracts thereof where available from a source charged with auditing 2CP’s data protection practices (e.g. external auditors, internal audit, data protection auditors), or suitable certifications, to enable you to assess compliance with the terms of this Addendum
- notify you promptly upon becoming aware of and confirming any accidental, unauthorized, or unlawful processing of, disclosure of, or access to the Personal Data
- ensure that its personnel who access the Personal Data are subject to confidentiality obligations that restrict their ability to disclose the Customer Personal Data;
- upon termination of the Agreement, 2CP will promptly initiate its purge process to delete or anonymize the Personal Data. If you request a copy of such Personal Data within 60 days of termination, 2CP will provide you with a copy of such Personal Data.
- We take precautions to protect your information. When you submit sensitive information via the website, your information is protected both online and offline. Wherever we collect sensitive information (such as credit card data), that information is encrypted and transmitted to us in a secure way. You can verify this by looking for a closed lock icon at the bottom of your web browser, or looking for “https” at the beginning of the address of the web page. While we use encryption to protect sensitive information transmitted online, we also protect your information offline. Only employees who need the information to perform a specific job (e.g, billing or customer service) are granted access to personally identifiable information. The computers/servers on which we store personally identifiable information are kept in a secure environment.