Data Processing Agreement

LocationIQ

Data Processing Addendum

This Data Processing Agreement ("DPA") is made and entered into effective as of the later of May 25, 2018 or the date you submit your Order ("Effective Date").

Between:

(1) The company set forth on your Order, which specifically references this online DPA, including the URL ("Customer"); and

(2) Unwired Labs (India) Pvt Ltd ("LocationIQ"), a company incorporated under the Indian Companies Act of 1956;
(together, the "Parties" and the "Party" shall be construed accordingly).

Recitals

1. LocationIQ is the provider of the Services, as defined in the Terms of Use ("Agreement").
2. LocationIQ may from time to time process certain personal data identified on Schedule A ("Customer Data") on behalf of Customer to enable LocationIQ to provide the Services to Customer in accordance with the Agreement ("License Grant") and Customer may make Customer Data available to LocationIQ in connection with this Purpose.
3. This DPA forms part of the Agreement to reflect the Parties' agreement with regard to the processing of Customer Data.
4. The Parties intend that the processing activities carried out by LocationIQ on behalf of Customer shall comply with the provisions of this DPA.

Definitions

• “Controller” means the entity/ user which holds an account with LocationIQ
• “Processor” relates to LocationIQ; An entity that Processes Personal Data on behalf of the Controller
• “Personal Data” relates to any information that can identify a natural person or legal entity
• “Personal Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise processed.
• “GDPR” means the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
• “Services” relates to the APIs provided by LocationIQ

Processing of Personal Data

• The use of service implies acknowledgement and agreement with regards to the Processing of Personal Data that LocationIQ is the controller. All personal data will be processed in accordance with GDPR policy.
• Controller is solely responsible for the accuracy, quality, legality with respect to means acquisition of personal data.
• Controller shall provide only data that is directly relevant to the input for API. The Data Controller bears sole responsibility for transmission.
• The purpose, nature, duration and the content of information collected is described in Exhibit A

Obligations of Processor

• The Processor shall take the appropriate technical and organizational measures to protect personal data against unlawful modification and access.
• Processor shall ensure that all Authorized Employees are made aware of the confidential nature of Personal Data and have executed confidentiality agreements
• Processor might engage in third-party contracts to provide its services. These sub-contractors may access personal data only to the extent to which It supports API’s subscribed by the Controller
• The processor agrees to make any subcontractor liable to the same obligations that apply to processor
• The processor shall notify Controller without undue delay after becoming aware of accidental or unlawful access of personal data
• The processor agrees to provide reasonable assistance to the controller seeking to exercise their rights under the Data Protection Law with respect to Personal Data to the extent permitted by the law
• The processor agrees to modify/ delete controller personal data on request upto the extent allowed by law

Security of Personal Data

• LocationIQ will adopt and maintain reasonable (including organisational and technical) security measures in dealing with Personal Data in order to protect against unauthorised or accidental access, loss, alteration, disclosure or destruction of such data, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.

Limitation of Liability

• The Processor and its sub-processor’s total liability for all claims from a Controller arising out of or related to the Code of Practice or any Terms of Business and any other contract shall apply in the aggregate for all claims in breach of this GDPR Policy.

Exhibit A

Types of Personal Data

• Name
• Email address

• Only held by Processor to communicate usage, general updates, best practices, new products, and benefits
• Not shared with any third party

• Company name (optional)
• Address (optional)
• Payment details

• Only for paid entity/ user
• Information handled by Stripe and Zoho
• Credit card number is not visible to Controller

• Usage statistics

• Only held by Processor to understand/ report API usage trends
• Not shared with any third party