Data Processing Addendum
Published on 2 August, 2023 | Terms | 123 views | 7 minutes read
1. Protection of personal data
When you use the WORLDWIDE SYSTEM OF MEDIA, DOMAINS AND SOCIAL LINKS, you and we collect and use information about people (such as visitors to your website and individuals who appear in your content). Brazilian laws have rules that protect this information (known as the “Lei Geral de Defesa de Dados Pessoais (LGPD)”).
This Data Processing Addendum (“DPA”) applies to you when the use of your account in the WORLD MEDIA SYSTEM, DOMAINS AND SOCIAL LINKS is subject to the General Law of Protection of Personal Data. It forms part of the Terms (but if there is any conflict between this DPA and the Terms, this DPA will take precedence).
2. Responsibilities
Your responsibilities and our responsibilities under this DPA depend on our roles as a "controller" or "processor" of personal data under Personal Data Protection Laws.
When we talk about any of us acting as a “controller”, we mean us or you determining what personal data is for and how it is used. When we talk about the WORLDWIDE SYSTEM OF MEDIA, DOMAINS AND SOCIAL LINKS acting as a “processor”, we mean that we handle or process personal data on your behalf, as the “controller”.
2.1 User as Controller
Generally, you act as a personal data controller:
contained in any content you post or generate on the WORLDWIDE SYSTEM OF MEDIA, DOMAINS AND SOCIAL LINKS; It is
in relation to Website Visitors, (together “Profile Data”).
2.2 Platform as controller
The WORLDWIDE SYSTEM OF MEDIA, DOMAINS AND SOCIAL LINKS may also act as controller of Profile Data/Mini site where:
- check profiles, websites and links to decide whether to apply sensitive content warnings, block a domain, remove any content or suspend your profile (as per our Community Standards);
- we analyze visitors' interactions with profiles and websites to: (i) provide tips and suggestions to optimize your profile's performance; and (ii) recommend profiles and websites to visitors who sign up for users of the WORLD MEDIA SYSTEM, DOMAINS AND SOCIAL LINKS (“Subscribers”);
- we produce statistics about the operation of the link blocking functionality you choose to apply and we use this information for analysis purposes; It is
- we use System-controlled cookies to process personal data about Website Visitors for analytics purposes (see our Cookie Notice), collectively the “Controller Services”.
2.3 Platform as Processor
We also process Profile Data on your behalf when:
- make it easy for you to post content to your Website (either directly or via links to embedded content);
- we collect personal data generated when a person visits or interacts with your Website (for example, filling out a contact form or making payments to you); It is
- we implement link blocking functionality to facilitate unblocking of restricted areas on your Website, collectively the “Processor Services”, for the purpose of providing our service in accordance with the Terms (the “Permitted Purpose”).
3. Controller Services
Each of us has responsibilities in relation to the Controller Services, which are defined in the table below. To the extent that there are additional obligations under Data Protection Laws in relation to the Controller Services, these will remain with each of us and with you individually.
3.1 A legal basis
3.1.1 Platform
We rely on our legitimate interests and those of our users to perform the Controller Services.
3.1.2 User
You must identify a lawful basis for the processing you perform by letting us perform the Controller Services.
3.2 Providing information to individuals (“Data Subjects”)
3.2.1 Platform
Our Privacy Notice sets out how we process personal data for the purposes of the Controller Services.
3.2.2 User
You must notify the Data Subjects of (i) your role in allowing the System to process your data to perform the Controller Services; and (ii) any other processing you undertake.
3.3 Complying with the Data Subject's requests for rights
3.3.1 Platform
We are responsible for addressing the rights of Website visitors with respect to any personal data we store for the performance of the Controller Services.
When you inform us of a profile visitor/mini site who has exercised their rights against you, or any communication from a supervisory authority (each a “Request”), we will deal with the Request to the extent that we are responsible for doing so under this DPA.
We will also provide you with any reasonable assistance you request to enable you to fulfill your obligations under Data Protection Laws.
3.3.2 User
You are responsible for addressing the Data Subjects' rights in relation to their role in enabling us to perform the Controller Services.
Where you have received a request, you are not permitted to respond on behalf of the WORLDWIDE SYSTEM OF MEDIA, DOMAINS AND SOCIAL LINKS. You will promptly share all relevant information with us (within a maximum of 7 days) and provide any reasonable assistance we request to enable us to fulfill our obligations under the Data Protection Laws.
3.4 Protecting profile data
3.4.1 Platform
We will implement appropriate technical and organizational measures to ensure a level of security adequate to the risks presented by the Controller Services, in particular of accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to personal data transmitted, stored or otherwise processed.
3.4.2 User
You will keep your password secure and ensure that you do not do anything that could compromise the security of personal data processed as part of the Controller Services.
3.5 Notification of personal data breaches
3.5.1 Platform
We will be responsible for fulfilling our obligations under Data Protection Laws in relation to the Controller Services.
3.5.2 User
You will be responsible for complying with your obligations under Data Protection Laws in relation to Controller Services.
4. Processor Services
You will comply with your obligations by acting as a “controller” under applicable data protection laws in relation to the Profile Data and the WORLDWIDE SYSTEM OF MEDIA, DOMAINS AND SOCIAL LINKS will follow your instructions and comply with its obligations under the Data Protection Laws. Data, by acting as a “processor” in relation to the Processor Services as follows:
- we will only process Profile Data in accordance with the Terms. If we become aware that processing for the Permitted Purpose infringes Data Protection Laws, we will inform you;
- we guarantee that anyone we authorize to process the Profile Data will keep it confidential;
- we implement appropriate technical and organizational measures designed to protect the Profile Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access;
- if we become aware of a confirmed personal data breach in relation to the Profile Data, we will notify you without undue delay;
- you consent to engage third parties ("Sub Processors") to process Profile Data for the Permitted Purpose, provided that: (i) we maintain an up-to-date list of Sub Processors in our Privacy Notice, which we will update before we make any changes to Sub Processors ; (ii) we will impose data protection terms on any Sub-Processor as necessary to protect the Profile Data in accordance with the standard set by the Data Protection Laws; and (iii) we remain liable for any breach of this DPA caused by any Sub Processor. You can object to a sub-processor before appointing or replacing it, provided that your objection is based on reasonable grounds relating to data protection. In such event, we will not appoint or replace the Sub Processor or, if this is not possible, you may suspend or terminate your account (but you will not receive a refund of any prepaid fees);
- taking into account the nature of the processing, we will provide all reasonable and timely assistance to you (at your expense) to enable you to complete a legally required data protection impact assessment and to respond to: (i) any request from a individual to exercise their rights under Data Protection Laws; and (ii) any other inquiry or complaint received from an individual, regulator or third party in relation to the processing of Profile Data;
- upon termination of your account, we will delete Profile Data in our possession or control for purposes of the Processor Services (except to the extent we are required by applicable law to retain Profile Data); It is
- upon request, we will provide copies of the relevant safety certifications or other necessary documentation.
- Upon request, we will provide copies of relevant security certifications or other documentation necessary to verify our compliance with this DPA in relation to Processor Services. Such documents will be subject to the confidentiality provisions of the Terms.
5. Definitions
Words used but not defined in this DPA have the same meaning as in the Terms. In addition, the following definitions apply:
“General Law for the Protection of Personal Data (LGPD)” Law No. 13.709/2018 means protecting the fundamental rights of freedom and privacy and the free formation of the personality of each individual.
“controller”, “processor”, “personal data” and “personal data breach” have the meanings defined in the Data Protection Laws.