PRIVACY POLICY
These DATA PROCESSING TERMS AND CONDITIONS (“Terms and Conditions”) govern the processing of Personal Data (defined below) by Mover Wallet (Audit and Information Services, Inc.) and/or its Affiliates (“Mover Wallet”) in connection with the applicable business transaction for the party identified in the relevant Sales Quote, MSSP Order, or Statement of Work (“Client”).
RECITALS
WHEREAS, these Terms and Conditions amend and supplement all relevant services, including all terms, conditions and underlying agreements referenced therein, between Mover Wallet (Audit and Information Services, Inc.) and Client (“Agreement(s)”), and shall be incorporated into all such Agreement(s) which reference these Terms and Conditions or to which these Terms and Conditions are attached; and
WHEREAS, these Terms and Conditions contain the mandatory clauses required by the General Data Protection Regulation ((EU) 2016/679) (“GDPR”) under Article 28(3) for contracts between controllers and processors, and under Articles 28(4) and 32(4) for contracts between processors and sub-processors, and will apply to the extent Mover Wallet processes Personal Data on behalf of Client.
NOW, THEREFORE, in consideration of the premises and for other good and valuable consideration, the receipt and sufficiency of which is hereby acknowledged, the parties agree to the following Terms and Conditions:
- DEFINITIONS. All capitalized terms not expressly defined herein shall have the meanings ascribed to them in the Agreement(s).
- “Affiliate(s)” means any entity that, directly or indirectly through one or more intermediaries, controls, is controlled by, or is under common control with a party to these Terms and Conditions.
- “Business Purposes” means as needed for Mover Wallet to provide the Products, Services, and/or MSSP under the Agreement(s); as specified in a Statement of Work (“SOW”), or purchase order; and/or as otherwise agreed upon between the parties in writing from time to time.
- “Data Protection Laws” means all applicable privacy and data protection laws, including the GDPR and any applicable national implementing laws, regulations and secondary legislation in any Member State of the European Union relating to the processing of Personal Data and the privacy of electronic communications, as amended, replaced or updated from time to time, including the Privacy and Electronic Communications Directive (2002/58/EC).
- “Data Subject” means an individual who is the subject of Personal Data.
- “Personal Data” means any information relating to an identified or identifiable natural person that is processed by Mover Wallet for Client as a result of, or in connection with, the provision of the Products, Services; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- “Personal Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, the Personal Data transmitted, stored or otherwise processed by Mover Wallet under the Agreement(s).
- “Process”, “Processes” or “Processing” means any operation or set of operations which involves use of Personal Data, whether or not by automated means, including but not limited to: collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- PROCESSING PURPOSES AND PERSONAL DATA TYPES.
- Processing. Mover Wallet and Client each acknowledge that for the purposes of the Data Protection Laws, Client is, depending on the data, a controller or a processor of the Personal Data (“Client Personal Data”), and in regards to Client Personal Data, Mover Wallet is the processor or sub-processor thereof.
- Purposes. The duration, purpose of processing, and the Personal Data categories and Data Subject types that Mover Wallet may process for Client are as follows:
- DURATION OF PROCESSING. Term of service to the Mover Wallet User.
- PERSONAL DATA CATEGORIES.
Client’s employees’ names and contact information, which may include but is not limited to business and home addresses, email addresses, phone numbers, IP addresses, user names, and transaction history Client’s customer names and business contact information, including addresses, email addresses, phone numbers, IP addresses
- TERM AND TERMINATION.
Version 04/15/2019
- Term. These Terms and Conditions will remain in full force and effect so long as: (a) the Agreement(s) remains in effect; (b) any user of Move Wallet has a current subscription to any of the services offered by Mover Wallet.
- Termination for Cause. Either party’s failure to comply with these Terms and Conditions will constitute a material breach of the Agreement(s). In such event, the non-breaching party may terminate the Agreement(s) effective immediately. In addition, if a change in any Data Protection Law prevents either party from fulfilling all or part of its obligations under the Agreement(s), the parties will suspend the processing of Personal Data until that processing complies with the new requirements. If the parties are unable to promptly bring the Personal Data processing into compliance with the Data Protection Laws, either party may terminate the Agreement(s), including any active SOW(s), on written notice to the other party.
- REPRESENTATIONS AND WARRANTIES.
Mover Wallet represents and warrants that it will:
- process Personal Data only to the extent and in such manner as is necessary for the Business Purposes and that it will not process the Personal Data for any other purpose or in a way that does not comply with the Agreement(s), these Terms and Conditions, or the Data Protection Laws;
- take appropriate technical and organizational measures to prevent the unauthorized or unlawful processing of, accidental loss or destruction of, or damage to, Client Personal Data in its control or possession, and will ensure a level of security appropriate to: (A) the harm that might result from such unauthorized or unlawful processing or accidental loss, destruction or damage, (B) the nature of the Personal Data protected, and (C) comply with all applicable Data Protection Laws.
- ensure that all personnel who have access to and/or process Client Personal Data are obliged to keep the Client Personal Data confidential and not to disclose it to third parties unless such disclosure is specifically authorized by Client, or as required by law;
- promptly comply with any request or instruction of Client requiring Mover Wallet to amend, transfer, delete or otherwise process the Personal Data, or to stop, mitigate or remedy any unauthorized processing; and
Client represents and warrants that it:
- will comply with all relevant Data Protection Laws; and
- in its capacity as a data controller, has obtained necessary consent to collect the personal data provided to Mover Wallet for processing hereunder.
- SECURITY STANDARDS. Mover Wallet has implemented and will maintain appropriate technical and organizational measures to protect against unauthorized or unlawful processing, loss, destruction of, or damage to the Client Personal Data in Mover Wallet’s control or possession, appropriate to: (a) the harm that might result there from; and (b) the nature of the Personal Data to be protected, having regard to the state of technological development and the cost of implementing any such measures. Mover Wallet will review its security measures, at least annually, to ensure such measures remain current and complete.
- PERSONAL DATA BREACH.
- Loss or Destruction. Mover Wallet will promptly and without undue delay notify Client if any Client Personal Data in ESPO’s control or possession is lost or destroyed, or becomes damaged, corrupted, or unusable.
- Notification. Mover Wallet will, as soon as practicable and without undue delay, notify Client if it becomes aware of any Personal Data Breach of the Client Personal Data in Mover Wallet’s control or possession, and shall provide Client with a description of the nature of the Personal Data Breach, including approximate number of Data Subjects and Personal Data records concerned, likely consequences, and description of measures taken or proposed to mitigate possible adverse effects. Mover Wallet will not inform any third party of any such Personal Data Breach without first obtaining Client’s prior written consent, except when required to do so by law. Mover Wallet agrees that Client, or where Client is acting as a processor on behalf of a controller, that controller, has the sole right to determine: (a) whether to provide notice of the Personal Data Breach to any Data Subjects, supervisory authorities, regulators, law enforcement agencies or others, as required by law or regulation or, as applicable, in Client’s or the third-party controller’s discretion, including the contents and delivery method of the notice; and (b) whether to offer any type of remedy to affected Data Subjects, including the nature and extent of such remedy.
- Remedy and Assistance. Immediately following any Personal Data Breach of the Client Personal Data in Mover Wallet’s control or possession, the parties will coordinate with each other to investigate the matter. Move Wallet will reasonably cooperate with Client, including (i) assisting with any investigation; (ii) facilitating interviews with employees, former employees and others involved in the matter; (iii) making available all relevant records, logs, files, data reporting and other materials required to comply with all Data Protection Laws or as otherwise reasonably required by Client; and (iv) taking reasonable and prompt steps to mitigate the effects and to minimize any damage resulting from such Personal Data Breach.
- Expense. Each party will cover all expenses associated with its performance of its obligations required under this Section.
- CROSS-BORDER TRANSFERS OF PERSONAL DATA. Client consents to Mover Wallet’s processing of Personal Data outside the European Economic Area (“EEA”), specifically in the United States of America. In order to comply with the Data Protection Laws, the parties agree to (i) comply with, and execute as necessary, the latest version of the Standard Contractual Clauses/EU Model Clauses, which are hereby incorporated by reference (where Client is the entity exporting Personal Data to Mover Wallet outside the EEA), and (ii) take all other actions required by law to legitimize the transfer.
- DATA SUBJECT REQUESTS AND THIRD PARTY RIGHTS.
- Data Subject and Supervisory Authority Requests. Mover Wallet will, at no additional cost, take such technical and organizational measures as may be appropriate, and promptly provide such information as may reasonably be required, to enable Client to comply with: (i) the rights of Data Subjects under the Data Protection Laws, including Data Subject access rights, the right to rectify and erase Personal Data, the right to object to the processing and automated processing of Personal Data, and the right to restrict the processing of Personal Data, and (ii) information or assessment notices served on Client by any supervisory authority under the Data Protection Laws. Mover Wallet will notify Client within five (5) business days if it receives a request from a Data Subject for access to their Personal Data or to exercise any of their related rights under the Data Protection Laws.
- Compliance Notification and Cooperation. Mover Wallet will notify Client as soon as practicable if it receives any complaint, notice or communication that relates directly or indirectly to the processing of Client Personal Data or to Client’s compliance with the Data Protection Laws. Mover Wallet will give Client its reasonable co-operation and assistance in responding to any such complaint, notice, communication or Data Subject request.
- Disclosure. Mover Wallet shall not disclose the Client Personal Data to any Data Subject or to any third party, other than at Client’s or the relevant data controller’s direct request or instruction,
unless otherwise required by law.
- RECORDS AND AUDIT.
- Records. Mover Wallet will keep detailed, accurate and up-to-date written records regarding any processing of Client Personal Data. Mover Wallet will ensure records are sufficient to enable Client to verify compliance with the obligations under these Terms and Conditions, and Mover Wallet will provide Client with copies of such records upon thirty (30) days prior written request.
- INDEMNIFICATION.
Except to the extent caused by the acts, errors, or omissions of the Indemnified Party (defined below), each party (“Indemnifying Party”) agrees to indemnify and defend at its own expense the other party and, as applicable, the controller of the Personal Data, including their respective directors, officers, employees, subcontractors, and agents (each an “Indemnified Party”) against all costs, claims, damages or expenses incurred by an Indemnified Party due to any material failure by the Indemnifying Party or its employees or agents to comply with (a) any of its material obligations under these Terms and Conditions, or (b) the Data Protection Laws. Notwithstanding the foregoing, (i) in no event shall either party be liable for more than its proportionate share of fault; and (ii) in no event shall ESPO’s aggregate liability for all claims arising from or related to these Terms and Conditions exceed the amount of fees actually paid by Client to ESPO during the twelve (12) months preceding the date of the claim.
- GENERAL.
- Notices. Any notice permitted or required under these Terms and Conditions shall be deemed to have been given if it is in writing and (i) personally served or delivered, (ii) mailed by registered or certified mail (return receipt requested), or (iii) delivered by a national overnight courier service with confirmed receipt, to the parties at the addresses set forth in the relevant Agreement. Each party may change its notice address by giving similar notice.
- Severability. In the event a court of competent jurisdiction holds any of these Terms and Conditions invalid or unenforceable, the remainder of the Terms and Conditions will continue in full force and effect. The parties shall in good faith negotiate a mutually acceptable and enforceable substitute for the unenforceable provision, which substitute shall be as consistent as possible with the original intent of the parties.
- No Waiver. The failure by either party to enforce any of these Terms and Conditions shall not be deemed a waiver of such provisions or any subsequent breach thereof.
- Remedies not Exclusive. No remedy made available under these Terms and Conditions is intended to be exclusive unless expressly stated otherwise herein.
- Entire Agreement. These Terms and Conditions along with the Agreement(s) and any amendments thereto contain the entire understanding between the parties with respect to the subject matter hereof and may not be changed except by a separate writing signed by both parties. During the term of the Agreement(s), purchase orders, acknowledgment forms, or similar routine documents may be used. The parties agree that any provisions of such routine documents, which purport to add to or change, or which conflict with these Terms and Conditions or the Agreement(s) shall be deemed deleted and have no force or effect.
- Interpretation and Construction. The section headings in these Terms and Conditions are for reference purposes only and shall not be deemed a part of the Terms and Conditions. The wording herein is the wording chosen by the parties to express their mutual intent, and no rule of strict construction shall be applied against either party.
- Conflicts. In the event of conflict or ambiguity between any of these Terms and Conditions and the provisions of the Agreement(s), these Terms and Conditions will prevail with regard to the subject matter contained herein. In addition, in the case of conflict or ambiguity between any of the provisions of the Agreement(s) and any executed Standard Contractual Clauses, the provisions of the executed Standard Contractual Clauses will prevail.
Mover Wallet – User Data Usages
Customers agree to allowing their information that is entered to be used and viewed by Mover Wallet Consultants and staff. This also extends to Superior Accounting, an accounting firm that will process customer tax filings, but this information will only be shared with the accounting company for customers who have registered and paid for the accounting services.
Mover Wallet will only be collecting information about the customer that they willfully enter into the platform and will not sell or distribute personal data specific to the customer. However, Mover Wallet reserves the right to scrub data of any and all personalized information in order to provide industry benchmarks to better serve our customers. This will allow for data during the consultation process to be shared to let customers know if they are spending more or less than industry benchmarks for further business insights to be explored. This also includes but is not limited to information such as the industry average income of a owner operator, industry average expenses to an owner operator, and industry average profitability of an owner operator to be provided to other interested parties.