Introduction to the Global Data Processing Agreement
A Global Data Processing Agreement (GDPA) serves as a crucial framework that governs the relationship between parties when handling personal data. It outlines the responsibilities and obligations of both the client, referred to as the “Customer,” and the service provider, designated as Marketermart LLC. This agreement is essential for ensuring compliance with data protection regulations by stipulating how data should be processed, stored, and utilized.
Key Elements of the Agreement
The GDPR details several key components that are significant to both parties. Firstly, it outlines the scope of services, which encompass the marketplace where clients and freelancers can find each other and engage in the buying and selling of freelancer services. This service may also extend to additional offerings as specified in the agreement. Furthermore, the GDPA establishes necessary protocols for data handling, emphasizing the importance of safeguarding personal information against unauthorized access and breaches.
Importance of Compliance
Adherence to the Global Data Processing Agreement is not only a legal requirement but also a best practice that enhances trust between the involved parties. By clarifying the data processing terms, both the Customer and Marketermart foster a transparent environment, essential for maintaining customer confidence in digital marketplaces. Consequently, clients engaging with freelancers can be assured that their data is treated with the utmost care, in alignment with the agreed terms of service as the agreement evolves over time.
The Client agreeing to these terms (“Customer”), and MarketerMartLLC or any other entity that directly or indirectly
controls, is controlled by, or is under common control with MarketerMartLLC (as applicable, “MarketerMartLLC ”) (each, a
“party” and collectively, the “parties”), have entered into an agreement under which MarketerMartLLC has agreed to provide a
marketplace where Clients and Freelancers can identify each other and advertise, buy, and sell Freelancer Services
online, with such other services, if any, described in the agreement (the “Service”) to Customer (as amended from
time to time, the “Agreement”).
Unless otherwise agreed to in writing by you and MarketerMartLLC , to the extent MarketerMartLLC processes any EU personal data for
you as a controller (as defined by the General Data Protection Regulation (EU) 2016/679) in your role as a Customer
as defined in this Global Data Processing Agreement (the “DPA”), this DPA applies. This DPA, including its
appendices, supplements the Agreement. To the extent of any conflict or inconsistency between this DPA and the
remaining terms of the Agreement, this DPA will govern.
1. Introduction
This DPA reflects the parties’ agreement with respect to the processing and security of Customer Data under the
Agreement.
2. Definitions
2.1 The terms “personal data”, “data subject”, “processing”, “controller”, “processor” and “supervisory
authority” have the meanings given in the GDPR, and the terms “data importer” and “data exporter”
have the meanings given in the Standard Contractual Clauses, in each case irrespective of whether the
European Data Protection Legislation or Non-European Data Protection Legislation applies.
2.2 Unless stated otherwise:
● “Affiliate” means any entity that controls or is under common control with a specified entity.
● “Agreed Liability Cap” means the maximum monetary or payment-based amount at which a party’s
liability is capped under the Agreement.
● “Confidential Information” means any information or materials (regardless of form or manner of
disclosure) that are disclosed by or on behalf of one party to the other party that (i) are marked or
communicated as being confidential at or within a reasonable time following such disclosure; or (ii)
should be reasonably known to be confidential due to their nature or the circumstances of their
disclosure. The term “Confidential Information” does not include any information or materials that: (a) are
or become generally known or available to the public through no breach of this Agreement or other
wrongful act or omission by the receiving party; (b) were already known by the receiving party without
any restriction; (c) are acquired by the receiving party without restriction from a third party who has the
right to make such disclosure; or (d) are independently developed by or on behalf of the receiving party
without reference to any Confidential Information.
“Customer Account Data” means personal data that relates to Customer’s relationship with marketermartllc ,
including the names and/or contact information of individuals authorized by Customer to access
Customer’s marketermartllc account and billing information of individuals that Customer has associated with its
marketermartllc account.
● “Customer Personal Data” means the personal data contained within the Customer Data.
● “Customer Data” means the data entered into the Service by or on behalf of any End User, but excludes
Customer Account Data.
● “End User” means an authorized user of the Service under Customer’s account.
● “Data Incident” means a breach of marketermartllc security leading to the accidental or unlawful destruction,
loss, alteration, unauthorized disclosure of, or access to, Customer Data on systems managed by or
otherwise controlled by marketermartllc . “Data Incidents” will not include unsuccessful attempts or activities that
do not compromise the security of Customer Data, including unsuccessful log-in attempts, pings, port
scans, denial of service attacks, and other network attacks on firewalls or networked systems
● “EEA” means the European Economic Area, Switzerland, and/or the United Kingdom.
“European Data Protection Legislation” means, as applicable: (a) the GDPR and its respective
national implementing legislations; and/or (b) the GDPR as it forms part of the law of England and Wales,
Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018 (the
“UK GDPR”).
● “GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April
2016 on the protection of natural persons with regard to the processing of personal data and on the free
movement of such data, and repealing Directive 95/46/EC.
● “EU SCCs” means the EU Standard Contractual Clauses approved by the European Commission in
decision 2021/914 located at https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj.
● “Non-European Data Protection Legislation” means, as applicable, the data protection or privacy
laws, regulations, and other legal requirements other than the European Data Protection Legislation.
“Notification Email Address” means the contact email address that you provided to marketermartllc for the
purpose of receiving notices from marketermartllc .
● “Security Measures” has the meaning given in Section 7.1.1 (marketermartllc Security Measures).
● “Subprocessors” means third parties authorized under this DPA to have logical access to and process
Customer Data in order to provide parts of the Service. For clarity, freelancers that clients engage via
marketermartllc are not Subprocessors under this DPA.
● “Term” means the period from the DPA’s effective date until the end of marketermartllc provision of the Service,
including, if applicable, any period during which provision of the Service may be suspended and any
post-termination period during which marketermartllc may continue providing the Service for transitional
purposes.
● “United Kingdom International Data Transfer Agreement or Addendum” (“UK IDTA”) means either,
as applicable, (a) the International Data Transfer Agreement when used under the UK GDPR, or (b) the
International Data Transfer Addendum to the EU SCCs issued by the Commissioner under s119A(1) of
the Data Protection Act 2018, version A1.0, in force from March 21, 2022.
3. Duration of this DPA
This DPA will remain in effect until, and automatically expire upon, deletion of all Customer Data by marketermartllc as
described in this DPA.
4. Data Protection Legislation
4.1 Application of European Legislation. The parties acknowledge that the European Data Protection
Legislation will apply to the processing of Customer Personal Data to the extent provided under the
European Data Protection Legislation.
4.2 Application of Non-European Legislation. The parties acknowledge that Non-European Data Protection
Legislation may also apply to the processing of Customer Personal Data.
5. Processing of Data
5.1 Roles and Regulatory Compliance; Authorization.
5.1.1 Processor and Controller Responsibilities. If the European Data Protection Legislation applies to the
processing of Customer Personal Data, the parties acknowledge and agree that:
5.1.1.1 Customer is a controller (or processor, as applicable), of the Customer Personal Data under
European Data Protection Legislation;
5.1.1.2 marketermartllc is a processor (or subprocessor, as applicable) of the Customer Personal Data under the
European Data Protection Legislation; and
5.1.1.3 each party will comply with the obligations applicable to it under the European Data Protection
Legislation with respect to the processing of that Customer Personal Data.
Responsibilities under Non-European Legislation. If Non-European Data Protection Legislation applies to
either party’s processing of Customer Personal Data, the parties acknowledge and agree that the
relevant party will comply with any obligations applicable to it under that legislation with respect to the
processing of that Customer Personal Data.
.1.3 Authorization by Third Party Controller. If Customer is a processor, Customer warrants to marketermartllc that
Customer’s instructions (defined below) and actions with respect to that Customer Personal Data,
including its appointment of marketermartllcas another processor, have been authorized by the relevant
controller to the extent required by applicable law
5.2 Scope of Processing.
5.2.1 The subject matter and details of the processing are described in Appendix 1.
5.2.2 Customer’s Instructions. By entering into this DPA, Customer instructs marketermartllc to process Customer
Personal Data only in accordance with applicable law: (a) to provide the Service; (b) as further specified
through Customer’s use of the Service; (c) as documented in the Agreement, including this DPA; and (d)
as further documented in any other written instructions given by Customer and acknowledged by marketermartllc
as constituting instructions for purposes of this DPA (each and collectively, “Customer’s Instructions”)
and only for the foregoing purposes and not for the benefit of any other third party. marketermartllc may condition
the acknowledgement described in (d) on the payment of additional fees or the acceptance of additional
terms.
5.2.3 marketermartllc Compliance with Instructions. With respect to Customer Personal Data subject to European
Data Protection Legislation, marketermartllc will comply with the instructions described in Section 5.2.2
(Customer’s Instructions) (including with regard to data transfers) unless EU or EU Member State law to
which marketermartllc is subject requires other processing of Customer Personal Data by marketermartllc , in which case
marketermartllc will inform Customer (unless that law prohibits marketermartllc from doing so on important grounds of
public interest) via the Notification Email Address
. Data Deletion
6.1 Deletion by Customer. marketermartllc will enable Customer to delete Customer Data during the Term in a
manner consistent with the functionality of the Service. If Customer uses the Service to delete any
Customer Data during the Term and that Customer Data cannot be recovered by Customer, this use will
constitute an instruction to marketermartllc to delete the relevant Customer Data from marketermartllc systems in
accordance with applicable law. marketermartllc will comply with this instruction as soon as reasonably practicable,
unless applicable law requires storage. Nothing herein requires marketermartllc to delete Customer Data from files
created for security, backup, and business continuity purposes sooner than required by marketermartllc existing
data retention processes.
6.2 Deletion on Termination. On expiry of the Term, Customer instructs marketermartllc to delete all Customer Data
(including existing copies) from marketermartllc systems in accordance with applicable law. marketermartllc will comply
with this instruction as soon as reasonably practicable, unless applicable law requires storage. Without
prejudice to Section 9.1 (Access; Rectification; Restricted Processing; Portability), Customer acknowledges
and agrees that Customer will be responsible for exporting, before the Term expires, any Customer Data it
wishes to retain afterwards. If the EU or the UK SCCs are applicable to marketermartllc processing of Customer
Personal Data, the parties agree that the certification of deletion referenced in Clauses 8.5 and 16(d) of the
EU and the UK SCCs shall be provided only upon Customer’s written request. Nothing herein requires
marketermartllc to delete Customer Data from files created for security, backup, and business continuity purposes
sooner than required by marketermartllc existing data retention processes.
. Data Security
7.1 marketermartllc Security Measures, Controls and Assistance.
7.1.1 marketermartllc Security Measures. marketermartllc will implement and maintain technical and organizational
measures designed to protect Customer Data against accidental or unlawful destruction, loss, alteration,
unauthorized disclosure or access as described in Appendix 2 (the “Security Measures”). As described in
Appendix 2, the Security Measures include measures to encrypt personal data; to help ensure ongoing
confidentiality, integrity, availability and resilience of marketermartllc systems and services; to help restore
timely access to personal data following an incident; and for regular testing of effectiveness. marketermartllc may
update or modify the Security Measures from time to time provided that such updates and modifications
do not degrade the overall security of the Service.
Security Compliance by marketermartllc Staff. marketermartllc will take appropriate steps to ensure compliance with the
Security Measures by its staff to the extent applicable to their scope of performance, including ensuring
that all such persons it authorizes to process Customer Personal Data have committed themselves to
confidentiality or are under an appropriate statutory obligation of confidentiality.
7.1.3 marketermartllc Security Assistance. Customer agrees that marketermartllc will (taking into account the nature of the
processing of Customer Personal Data and the information available to marketermartllc ) assist Customer in
ensuring compliance with any of Customer’s obligations in respect of security of personal data and
personal data breaches, including if applicable Customer’s obligations pursuant to Articles 32 to 34
(inclusive) of the GDPR, by:
7.1.3.1 implementing and maintaining the Security Measures in accordance with Section 7.1.1 (marketermartllc
Security Measures);
7.1.3.2 complying with the terms of Section 7.2 (Data Incidents); and
7.1.3.3 providing Customer with the information contained in the Agreement including this DPA
Data Incidents.
7.2.1 Incident Notification. If marketermartllc becomes aware of a Data Incident, marketermartllc will: (a) notify Customer of the
Data Incident promptly and without undue delay after becoming aware of the Data Incident; and (b)
promptly take reasonable steps to minimize harm and secure Customer Data.
7.2.2 Details of Data Incident. Notifications made pursuant to this section will describe, to the extent
practicable, details of the Data Incident, including steps taken to mitigate the potential risks and any
steps marketermartllc recommends Customer take to address the Data Incident.
7.2.3 Delivery of Notification. Notification(s) of any Data Incident(s) will be delivered to the Notification Email
Address or, at marketermartllc discretion, by direct communication (for example, by phone call or an in-person
meeting). Customer is solely responsible for ensuring that the Notification Email Address is current and
valid.
