Data Processing Addendum

Last Edited October 18, 2022

Hey, we’re slynk! We’re a Detroit company that wants to help our users become better networkers and make more valuable and efficient connections. 

In this statement, we refer to ourselves as “slynk”, the “Company”, “we”, “ours”, and “us”. slynk is committed to maintaining robust privacy protections for our users.  For purposes of this Agreement, “Site” refers to our website, which can be accessed at www.slynk.app/shop. “Application” or “App” refers to the Company’s mobile application. “Web Application” or “Web App” refers to the Company’s progressive web application. “Service” refers to our services accessed via our Site, App, and/or Web App, in which users can create personal and professional profiles, share contact information, link outside URls and applications, share documents, make payments to and from other users and businesses, and more. “You” or “User” refers to you, as a user of our Site or our Service. 

Our Data Processing Addendum (“Data Processing Addendum” or “DPA”) is designed to help you understand that your use of our Service may involve sending personal information to us, how we collect, use and safeguard the information you provide to us and to assist you in making informed decisions when using our Service. By using our Service, you, the User, agrees to the terms of this agreement as well as those stated in our Terms and Conditions and Privacy Policy. The terms stated in this addendum are not independent of our other legal policies. 

Definitions

For the purposes of this DPA, the following terms have the meaning set out below:

“GDPR” means the General Data Protection Regulation of the European Union (Regulation (EU) 2016/679). References to GDPR and its provisions include the GDPR as amended and incorporated into UK law after the GDPR ceases to apply in the UK.

“Personal Information” refers to that which we have defined in our Privacy Policy. It relates to an identified or identifiable natural person (“Data Subject”) who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, financial, cultural or social identity of that natural person. The term “Personal Information” also covers information of deceased natural persons where this is required under applicable privacy and data protection laws.

“Controller” means the natural or legal person, public authority, agency or other body which determines the purposes and means of the processing of Personal Information.

“Processor” means a natural or legal person, public authority, agency or other body which processes Personal Information on behalf of the Controller.

“Personal Information Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Information transmitted, stored or otherwise processed under this DPA.

“Processing” means any operation or set of operations which is performed on Personal Information or on sets of Personal Information, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

slynk and you agree to the following:

1. slynk shall only process Personal Information in accordance with this DPA, our Terms and Conditions, and our Privacy Policy.
2. slynk shall ensure that any person authorized to process Personal Information under the terms of this DPA is bound by appropriate obligations of confidentiality.
3. slynk shall implement appropriate technical and organisational measures to protect the Personal Information processed under the terms of this DPA.
4. Taking into account the nature of the processing of Personal Information under the terms of this DPA, slynk will assist you by appropriate technical and organisational measures, insofar as this is possible, to enable you as Controller to fulfill your binding obligations, if any, under applicable privacy and data protection laws to respond to requests from Data Subjects for the exercise of their Data Subject rights.
5. To the extent the GDPR applies to your processing of Personal Information under this DPA, slynk shall assist you in ensuring compliance with your binding obligations as a Controller pursuant to Articles 32 to 36 of the GDPR, taking into account the nature of the processing and the information available to slynk.
6. slynk will make available to you all information that is reasonably necessary to demonstrate slynk’s compliance with its obligations as a Processor under this DPA and, to the extent the GDPR applies to your Processing of Personal Information under this DPA, under Article 28 of the GDPR.
7. slynk shall provide a copy of its then-current audit report once per year upon request. Such audit report refers to a SOC 2 Type II audit or another industry standard audit that may be deemed appropriate by slynk as part of slynk’s audit programs which relates to the data processing services and is conducted by an independent third-party auditor on an annual basis, such third-party auditor hereby deemed mandated by you. The audit report will be deemed to be slynk’s confidential information.
8. To the extent required by privacy and data protection laws applicable to you as the Controller, slynk shall notify you without undue delay of the discovery by slynk of a Personal Information Breach involving the Personal Information Processed under this DPA. Such notice shall include, where possible at the time of notification, or as soon as possible after notification, details of the nature of the Personal Information Breach and number of records affected, the category and approximate number of affected Data Subjects, the anticipated consequences of the Personal Information Breach and any actual or proposed remedies for mitigating its possible adverse effects.
9. You agree that slynk may subcontract its obligations under this DPA to a sub-processor which might be based in the United States, the European Union (EU)/European Economic Area (EEA) or in other countries but only by way of a written agreement with the sub-processor which imposes obligations on the sub-processor no less onerous than as are imposed on slynk under this DPA. Where the sub-processor fails to fulfill such obligations, Facebook shall remain fully liable to you for the performance of that sub-processor’s obligations.