This Data Processing Addendum (“DPA”) is between Razorchat Technologies LLC ("Razorchat") and the customer that is party to the Agreement, as defined below (“Customer” and, together with Razorchat, each a “Party” and collectively the “Parties”). This DPA prevails over any conflicting term of the Agreement to the extent necessary to resolve the conflict.
1. Definitions
(a)
“Agreement” means the written or electronic agreement between Razorchat and Customer that governs the provision of data to Customer, as the same may be updated from time to time.
(b)
“Controller” means the natural or legal person that, alone or jointly with others, determines the purpose and means of processing Personal Data.
(c)
“Data Protection Laws” means all applicable worldwide legislation relating to data protection and privacy which applies to the respective party in the role of the Processing Personal Data in question under the Agreement, including without limitation European Data Protection Laws and other applicable U.S. federal and state privacy laws, in each case as amended, repealed, consolidated or replaced from time to time.
(d)
“Data Processor”, “Data Subject”,“Subprocessor”, and “Supervisory Authority” shall be interpreted in accordance with applicable Data Protection Laws;
(e)
“Europe” means the European Union, the European Economic Area and/or their member states, Switzerland and the United Kingdom.
(f)
“European Data” means Personal Data that is subject to the protection of European Data Protection Laws.
(g)
“European Data Protection Laws” means Data Protection Laws applicable in Europe, including: (i) Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) (“GDPR”); (ii) Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector; and (iii) applicable national implementations of (i) and (ii); or (iv) GDPR as it forms parts of the United Kingdom domestic law by virtue of Section 3 of the European Union (Withdrawal) Act 2018 (“UK GDPR”); and (v) Swiss Federal Data Protection Act and its Ordinance (“Swiss DPA”); in each case, as may be amended, superseded or replaced.
(h)
“Personal Data” as used in this DPA, means information relating to an identifiable or identified Data Subject who visits or engages in transactions through your store, which Razorchat Processes as a Data Processor in the course of providing you with the Services. Personal Data includes, for example, name, contact information, identification number, location data, online identifier, IP address, as defined in the Data Protection Laws.
(i)
“Processing” means any operation or set of operations performed, whether by manual or automated means, on Personal Data or on sets of Personal Data, such as the collection, use, sale, storage, retention, disclosure, analysis, deletion, or modification of Personal Data and includes the actions of a Controller directing a Processor to process Personal Data. “Process” has a correlative meaning.
(j)
“UK Addendum” means the International Data Transfer Addendum issued by the UK Information Commissioner under section 119A(1) of the Date Protection Act 2018 currently found at https://ico.org.uk/media/for-organisations/documents/4019539/international-data-transfer-addendum.pdf, as may be amended, superseded, or replaced.
2. Scope
The purpose of this DPA is to ensure compliance with the Data Protection Laws and European Data Protection Laws, as laid out in this DPA and the Agreement. The purposes, methods, and duration of the Personal Data Processing; the categories of Personal Data Processed; retention periods; and protection measures are laid out in this DPA and its Annexes.
3. Roles
(a)
Customer is the Controller.
(b)
Razorchat is the Processor.
(c)
Razorchat will only Process Personal Data on behalf of Customer in accordance with this DPA and other written instructions of Customer and may not Process Personal Data for purposes or using methods other than those included in Customer’s written instructions, including this DPA.
(d)
Customer instructs Razorchat to Process Personal Data as a Processor as outlined in this DPA and in compliance with Data Protection Laws.
4. Obligations of Customer
Customer represents and warrants that it will comply with Data Protection Laws and only instruct Razorchat to Process Personal Data to the extent such Processing is lawful according to Data Protection Laws.
5. Obligations of Razorchat
(a)
Taking into account the nature of Processing and the information available to Razorchat, Razorchat will take reasonable measures to safeguard the security of the Personal Data it Processes as a Processor on behalf of Customer.
(b)
Taking into account the nature of Processing and the information available to Razorchat, and insofar as reasonably practical, Razorchat will assist Customer in fulfilling Customer’s obligations under Data Protection Laws by appropriate technical and organizational measures.
Razorchat will notify Customer without undue delay after becoming aware of a Personal Data breach involving Personal Data Processed by Razorchat on behalf of Customer.
(c)
Razorchat will not sell or share Personal Data except as instructed by Customer.
(d)
Razorchat will not retain, use, or disclose Personal Data it processes on Customer’s behalf for any purpose other than those listed in Annex I to this DPA.
(e)
Razorchat will not retain, use, or disclose Personal Data it processes on Customer’s behalf outside of the direct business relationship between Razorchat and Customer.
(f)
Razorchat will not combine the Personal Data it processes on Customer’s behalf with Personal Data it receives from or on behalf of another person or persons, or collects from its own interaction with the Data Subject, provided that Razorchat may combine Personal Data as permitted by Data Protection Laws.
(g)
In the event Razorchat determines that it can no longer meet its obligations under Data Protection Laws, Razorchat will notify Customer of such determination without undue delay.
6. Audit
Razorchat will allow and contribute to any audits by the Supervisory Authority.
7. Data Retention
Upon termination of the Agreement or this DPA, or if the Agreement or this DPA does not take effect, is void, or has been canceled, Razorchat, at Customer’s direction, will return the Personal Data it Processes on behalf of Customer to Customer or delete it, and may not retain such Personal Data, unless otherwise required by law.
8. Confidentiality
(a)
Strict Confidence. Razorchat will keep Personal Data, and all information relating to its Processing, in strict confidence. Razorchat will ensure that all personnel authorized to Process Personal Data are subject to a contractual or statutory obligation of confidentiality.
(b)
Nondisclosure. Razorchat will not disclose Personal Data Processed on behalf of Customer to any third party without the consent of Customer, or as otherwise provided in this DPA.
9. Use of Subprocessors.
(a)
Identified Subprocessors. Customer authorizes Razorchat to engage the Subprocessors listed in Annex II to this DPA to Process Personal Data on behalf of Customer.
(b)
Additional Subprocessors. Customer further authorizes Razorchat to engage other Subprocessors to Process Personal Data on behalf of Customer after reasonably notifying Customer at least ten (10) days in advance of such engagements.
(c)
Appointment Rights. Customer may object in writing to the engagement of a Subprocessor prior to the engagement of the Subprocessor. Razorchat will provide Customer with the information necessary to enable Customer to exercise its right to object.
(d)
Subprocessors’ Obligations. If Razorchat engages a Subprocessor to Process Personal Data in accordance with this DPA, Razorchat must enter into a written agreement with the Subprocessor that imposes the same obligations on the Subprocessor as are imposed on Razorchat under this DPA.
10. Additional Provisions for European Data
(a)
When Processing European Data in accordance with Customer’s instructions, Customer is acting as the Controller of European Data (either as the Controller, or as a Processor on behalf of another Controller) and Razorchat is the Processor under the Agreement.
(b)
If Razorchat believes that Customer’s instructions infringe European Data Protection Laws (where applicable), Razorchat will inform Customer without delay.
(c)
To the extent that the required information is reasonably available to Razorchat, and Customer does not otherwise have access to the required information, Razorchat will provide reasonable assistance to Customer with any data protection impact assessments, and prior consultations with supervisory authorities (for example, the French Data Protection Agency (CNIL), the Berlin Data Protection Authority (BlnBDI) and the UK Information Commissioner’s Office (ICO)) or other competent data privacy authorities to the extent required by European Data Protection Laws.
(d)
Transfer Mechanisms for Data Transfers:
(I)
Razorchat will not transfer European Data to any country or recipient not recognized as providing an adequate level of protection for Personal Data (within the meaning of applicable European Data Protection Laws), unless it first takes all such measures as are necessary to ensure the transfer is in compliance with applicable European Data Protection Laws. Such measures may include (without limitation) (i) transferring such data to a recipient that is covered by a suitable framework or other legally adequate transfer mechanism recognized by the relevant authorities or courts as providing an adequate level of protection for Personal Data; (ii) to a recipient that has achieved binding corporate rules authorization in accordance with European Data Protection Laws; or (iii) to a recipient that has executed the “Standard Contractual Clauses” in each case as adopted or approved in accordance with applicable European Data Protection Laws.
(II)
Customer acknowledges that in connection with the performance of the Subscription Services, Razorchat is a recipient of European Data in the United States. To the extent that Razorchat receives European Data in the United States, Razorchat will comply with the following:
(1)
In relation to European Data that is subject to the GDPR (i) Customer is the “data exporter” and Razorchat is the “data importer”; (ii) the Module Two terms apply to the extent the Customer is a Controller of European Data and the Module Three terms apply to the extent the Customer is a Processor of European Data; (iii) in Clause 7, the optional docking clause applies; (iv) in Clause 9, Option 2 applies and changes to Sub-Processors will be notified in accordance with the Sub-Processors section of this DPA; (v) in Clause 11, the optional language is deleted; (vi) in Clauses 17 and 18, the parties agree that the governing law and forum for disputes for the Standard Contractual Clauses will be determined in accordance with the Contracting Entity; Applicable Law; Notice section of the Jurisdiction Specific Terms or, if such section does not specify an EU Member State, the Republic of Ireland (without reference to conflicts of law principles); (vii) the Annexes of the Standard Contractual Clauses will be deemed completed with the information set out in the Annexes of this DPA; (viii) the supervisory authority that will act as competent supervisory authority will be determined in accordance with GDPR; and (ix) if and to the extent the Standard Contractual Clauses conflict with any provision of this DPA the Standard Contractual Clauses will prevail to the extent of such conflict.
(2)
In relation to European Data that is subject to the UK GDPR, the Standard Contractual Clauses will apply in accordance with sub-section (a) and the following modifications (i) the Standard Contractual Clauses will be modified and interpreted in accordance with the UK Addendum, which will be incorporated by reference and form an integral part of the Agreement; (ii) Tables 1, 2 and 3 of the UK Addendum will be deemed completed with the information set out in the Annexes of this DPA and Table 4 will be deemed completed by selecting “neither party”; and (iii) any conflict between the terms of the Standard Contractual Clauses and the UK Addendum will be resolved in accordance with Section 10 and Section 11 of the UK Addendum.
(3)
In relation to European Data that is subject to the Swiss DPA, the Standard Contractual Clauses will apply in accordance with sub-section (a) and the following modifications (i) references to “Regulation (EU) 2016/679” will be interpreted as references to the Swiss DPA; (ii) references to “EU”, “Union” and “Member State law” will be interpreted as references to Swiss law; and (iii) references to the “competent supervisory authority” and “competent courts” will be replaced with the “the Swiss Federal Data Protection and Information Commissioner” and the “relevant courts in Switzerland”.
(4)
Customer agrees that by complying with our obligations under the Sub-Processors section of this DPA, Razorchat fulfills its obligations under Section 9 of the Standard Contractual Clauses. For the purposes of Clause 9(c) of the Standard Contractual Clauses, Customer acknowledges that Razorchat may be restricted from disclosing Sub-Processor agreements but Razorchat will use reasonable efforts to require any Sub-Processor Razorchat appoint to permit it to disclose the Sub-Processor agreement to Customer and will provide (on a confidential basis) all information Razorchat reasonably can. Customer also acknowledge and agree that Customer will exercise Customer’s audit rights under Clause 8.9 of the Standard Contractual Clauses by instructing Razorchat to comply with the measures described in the Demonstration of Compliance section of this DPA.
(5)
If Razorchat cannot comply with its obligations under the Standard Contractual Clauses or is breach of any warranties under the Standard Contractual Clauses or UK Addendum (as applicable) for any reason, and Customer intends to suspend the transfer of European Data to Razorchat or terminate the Standard Contractual Clauses, or UK Addendum, Customer agrees to provide Razorchat with reasonable notice to enable Razorchat to cure such non-compliance and reasonably cooperate with Razorchat to identify what additional safeguards, if any, may be implemented to remedy such non-compliance. If Razorchat has not or cannot cure the non-compliance, Customer may suspend or terminate the affected part of the service in accordance with the Agreement without liability to either party (but without prejudice to any fees Customer has incurred prior to such suspension or termination).
(III)
In the event that Razorchat is required to adopt an alternative transfer mechanism for European Data, in addition to or other than the mechanisms described in sub-section (ii) above, such alternative transfer mechanism will apply automatically instead of the mechanisms described in this DPA (but only to the extent such alternative transfer mechanism complies with European Data Protection Laws), and Customer agrees to execute such other documents or take such action as may be reasonably necessary to give legal effect such alternative transfer mechanism.
11. Miscellaneous
(a)
Notice. Razorchat will make all notifications, including security-related notifications, required under this DPA as contemplated in the Agreement. Should you require further information, you can make a request to compliance@Razorchat.
(b)
Modifications. This DPA may be modified from time to time, at Razorchat’s sole discretion. Razorchat encourages visitors to frequently check this page for any changes to its DPA. Your continued use of the Razorchat services and use of the Site will constitute your acceptance of such change.
(c)
Governing Law. The terms of this DPA shall be governed by and interpreted in accordance with the laws of the State of Nevada and the laws of the United States applicable therein, without regard to principles of conflicts of laws. The parties irrevocably and unconditionally submit to the exclusive jurisdiction of the courts of the State of Nevada with respect to any dispute or claim arising out of or in connection with this DPA.
(d)
Liability. For avoidance of doubt and to the extent allowed by applicable law, any and all liability under this DPA, including limitations thereof, will be governed by the relevant provisions of the Agreement. You acknowledge and agree that Razorchat may amend this DPA from time to time by posting the relevant amended and restated DPA on Razorchat’s website, available at https://razorchat.com/legal/terms-of-use and such amendments to the DPA are effective as of the date of posting. Your continued use of the Services after the amended DPA is posted to Razorchat’s website constitutes your agreement to, and acceptance of, the amended DPA. If you do not agree to any changes to the DPA, do not continue to use the Service.
(e)
Invalidity and Severability. If any provision of this DPA is found by any court or administrative body of competent jurisdiction to be invalid or unenforceable, then the invalidity or unenforceability of such provision will not affect any other provision of this DPA, and al provisions not affected by such invalidity or unenforceability will remain in full force and effect.
Last modified: March 7th, 2025