Data Processing Agreement

The undersigned:

SegaMini

(hereinafter referred to as: Controller)

and

Google, Meta, Twitter, LinkedIn, Tumblr

(hereinafter referred to as: Services Providers or Data Processor)
(hereinafter jointly referred to as: Parties)

1. Definitions

The following terms used in this Data Processing Agreement shall have the meaning hereby assigned to them:

1.1 Agreement

The agreement between the Controller and the Service Provider.

1.2 Data Processing Agreement

This agreement including its recitals and annexes.

1.3 Data Subject

The person to whom Personal Data relates.

1.4 Personal Data

Any personal information relating to an identified or identifiable natural person that the Service Provider processes on behalf of the Controller within the scope of the Agreement.

1.5 Processing

Any operation or any set of operations relating to Personal Data within the scope of the Agreement, carried out by means of automated processes or otherwise, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by means of transmission, disseminating or otherwise making available, aligning or combining, restriction, erasure or destruction.

1.6 Regulation

The major privacy protection laws at the State and federal level.

1.7 Security Breach

A breach of security that accidentally or unlawfully results in the destruction, loss, alteration or unauthorized disclosure or access to unencrypted personal data transmitted, stored or otherwise processed. This also includes encrypted personal information if the encryption key or security credential was, or is reasonably believed to have been, acquired by an unauthorized person and the person or business that owns or licenses the encrypted information has a reasonable belief that the encryption key or security credential could render that personal information readable or useable.

2. Subject of this Data Processing Agreement

2.1

This Data Processing Agreement regulates the Processing of Personal Data by the Service Provider within the scope of the Agreement.

2.2

The nature and the purpose of the Processing, the type of Personal Data, and the categories of Data Subjects are set out in Annex 1.

3. Entry into force and duration

3.1

This Agreement shall enter into force on the date it is signed by the Parties.

3.2

This Data Processing Agreement shall terminate after and insofar as the Service Provider has deleted or returned all Personal Data in accordance with Article 9.

3.3

Neither Party may terminate this Data Processing Agreement prematurely.

3.4

Parties may only amend this Agreement by mutual consent. Any amendment or modification of this Agreement or additional obligation assumed by either Party in connection with this Agreement will only be binding if evidenced in writing signed by each Party or an authorized representative of each Party.

4. Scope of Processing Authority of the Service Provider

4.1

The Service Provider shall process the Personal Data exclusively on the basis of  written instructions from the Controller, except in the case of derogating statutory provisions applicable to the Service Provider. If, in the opinion of the Service Provider, an instruction as referred to in the first paragraph conflicts with a statutory regulation on data protection, it shall inform the Controller thereof prior to the Processing, unless a statutory regulation prohibits such notification.

4.2

If the Service Provider is required to provide Personal Data on the basis of a statutory provision, it shall inform the Controller without delay and, if possible, prior to providing the data.

4.3

The Service Provider is not allowed to do one of the following:
Selling the Personal Data. Retaining, using, or disclosing the Personal Data for any purpose other than for the specific purpose of performing the services specified in the contract, including retaining, using, or disclosing the Personal Data for a commercial purpose other than providing the services specified in the contract. Retaining, using, or disclosing the information outside of the direct business relationship between the Service Provider and the Controller.

5. Security of the Processing

5.1

The Service Provider will endeavour to implement and maintain reasonable security procedures and practices appropriate to the nature of the information, to protect the Personal Information from unauthorized access, destruction, use, modification, or disclosure.

5.2

Parties recognise that ensuring an appropriate level of security may require additional security measures to be implemented at any time. The Service Provider shall ensure a level of security appropriate to the risk. If and insofar as the Controller explicitly requests this in writing, the Service Provider shall implement additional measures with respect to the security of the Personal Data. The Service Provider may process the personal data in States within the United States of America. Transfer to countries outside the US is permitted, provided the relevant legal conditions have been met. Upon request, the Service Provider shall inform the Controller of the country or countries that is or are involved.

6. Duty of Confidentiality of Personnel of the Service Provider

6.1

The Personal Data is of a confidential nature. The Service Provider is required to maintain the confidentiality of the information and is prohibited from disclosing or using the information other than to carry out the service that is subject of this Data Processing Agreement.

6.2

At the request of the Controller, the Service Provider shall demonstrate that its Personnel have undertaken to observe confidentiality. The personal data will only be disclosed to those employees and/or third parties who must necessarily take cognisance of the Personal Data.

6.3

This duty of confidentiality shall not apply where the Controller has given express consent to disclose the data to third parties, if disclosure of the data to third parties is logically necessary given the nature of the assignment and the performance of this Data Processing Agreement, or if there is a statutory obligation to disclose the data to a third party.

7. Assistance on account of the rights of the Data Subject

7.1

In the event a data subject submits a request to the Service Provider to exercise his/her legal rights, the Service Provider shall forward the request to the Controller, and the Controller shall further handle the request. The Service Provider may inform the data subject accordingly.

7.2

The Service Provider shall, to the extent within its power, provide reasonable assistance to the Controller in fulfilling the latter’s obligation to respond to requests of the Data Subject to exercise its rights laid down in the Regulation.

7.3

The Service Provider may charge the reasonable additional costs it incurs in this respect to the Controller.

8. Security Breach

8.1

The Service Provider shall inform the Controller without unreasonable delay, as soon as it has become aware of a Security Breach.

8.2

Information that must at least be provided by the Service Provider shall include:
The nature of the Personal Data Breach;
The Personal Data and Data Subject;
Likely consequences of the Security Breach;
Measures proposed or implemented by the Service Provider to address the Security Breach, including, where appropriate, measures to mitigate its possible adverse effects.

8.3

The Service Provider shall also inform the Controller of further developments concerning the Security Breach after having reported the breach pursuant to the first paragraph.

8.4

Each party shall bear their own costs relating to the report to the Data Subject.

9. Returning Personal Data

After expiry of the Agreement, the Service Provider shall, at the discretion of the Controller, arrange for the return of all Personal Data to the Controller or for the erasure of all Personal Data. The Service Provider shall remove all copies, except where otherwise provided by law.

10. Obligation to disclose information

10.1

The Service Provider shall provide all information necessary to demonstrate that the obligations arising from this Data Processing Agreement have been and are being fulfilled.

10.2

The Controller shall have the right to conduct audits to verify compliance with all points of the Data Processing Agreement and everything directly related to this. This audit shall only take place after the Controller has requested similar audit reports from the Service Provider, reviewed them, and put forward reasonable arguments to justify an audit initiated by the Controller.

10.3

Such an audit shall be justified in the event of a concrete suspicion of abuse. The Controller shall communicate the audit to the Service Provider in advance, with due observance of a minimum period of two weeks.

10.4

The findings of the audit carried out will be assessed by the Parties in joint consultation and, depending on the assessment, implemented (or not) by either Party or jointly by both Parties.

10.5

The costs of the audit as described in paragraph 1 shall be borne by the Service Provider.

11. Other Terms and Conditions

The Service Provider shall be liable towards the Controller for all consequences of the breach of this Data Processing Agreement, and shall indemnify the Controller against all claims by third parties, including any penalties, to the extent attributable to the Processor. In the event that any of the provisions of this Agreement are held to be invalid or unenforceable in whole or in part, all other provisions will nevertheless continue to be valid and enforceable with the invalid or unenforceable parts severed from the remainder of this Agreement.

12. Disclaimer

SegaMini makes every effort to keep this site up-to-date and accurate. If you still encounter something that is incorrect or out of date, we’d appreciate it if you let us know. Indicate where on the site you read the information. We will look into it as soon as possible. Please send your response by e-mail to: [email protected]. We are not responsible for losses resulting from inaccuracies or incompleteness, nor for losses resulting from problems caused by or inherent in the dissemination of information via the Internet, such as disruptions or interruptions. When using web forms, we try to limit the number of required fields to a minimum. SegaMini accepts no liability for any losses incurred as a result of the use of data, advice or ideas provided by or on behalf of SegaMini through this website. Replies and privacy inquiries submitted via email or web form will be treated in the same way as letters. This means that you can expect a response from us within 1 month at the latest. For complex inquiries, we will inform you within 1 month if we need a maximum of 3 months. Any personal information you provide to us in the context of your response or request for information will only be used in accordance with our privacy statement. SegaMini will use reasonable efforts to protect its systems from any form of unlawful use. SegaMini will implement appropriate technical and organizational measures for this purpose, taking into account, inter alia, the state of the art. However, it shall not be liable for any losses, direct and/or indirect, incurred by the user of the website as a result of the unlawful use of its systems by a third party. SegaMini assumes no responsibility for the content of websites to which or from which hyperlinks or other references are made. Products or services offered by third parties are subject to the applicable terms and conditions of those third parties. Our employees make every effort to guarantee the accessibility of our website and to constantly improve it. Including for people who use special software due to a disability. All intellectual property rights to the content of this website belong to SegaMini. Content on this site is licensed under a Creative Commons Attribution 3.0 license unless otherwise stated. If you have any questions or problems with the accessibility of the site, please do not hesitate to contact us.

13. Certification as required by Section 1798.40 CCPA

As the Data Processor receiving the personal information We hereby certify that We understand the following restrictions and will comply with them.This agreement prohibits Us from: Selling the personal information. Retaining, using, or disclosing the personal information for any purpose other than for the specific purpose of performing the services specified in the contract, including retaining, using, or disclosing the personal information for a commercial purpose other than providing the services specified in the contract. Retaining, using, or disclosing the information outside of the direct business relationship between Us and the business.

14. Annex 1: The Processing of Personal Data

14.1 Purpose of the processing

Advertisement

14.2 Personal Data

Within the scope of the Data Processing Agreement, the Service Provider shall process the following Personal data on the instructions of the Controller:
E-mail adress;
Browse history;
IP address;
Social media accounts.

14.3 Data subject categories

Personal data of the following groups of persons shall be processed:
Account Holders;
Website visitors.

14.4 Data subject categories

The Controller shall ensure that the purposes, personal data, and categories of data subjects described in this Annex 1 are complete and correct, and shall indemnify the Service Provider against any defects and claims resulting from an incorrect representation by the Controller.