MASTER SUBSCRIPTION AGREEMENT
THIS MASTER SUBSCRIPTION AGREEMENT (“AGREEMENT”) GOVERNS YOUR ACQUISITION AND USE OF HAPPYLOOP'S SERVICES.
By using HappyLoop's services (or by clicking to accept, executing an order form that references this agreement, or otherwise agreeing to this Master Subscription Agreement when such option is made available to you), you accept and agree to be bound by the terms of this agreement effective as of the date of such action. If you are entering into this agreement on behalf of a company or other legal entity, you represent that you have the authority to bind such entity and its affiliates to this agreement. In this context, the terms “you” or “your” shall refer to such entity and its affiliates. If you do not have such authority, or if you do not agree with the terms and conditions of this agreement, you must not accept this agreement and may not access or use HappyLoop's services.
You may not access HappyLoop's services if you are a direct competitor of HappyLoop, except with our prior written consent. In addition, you may not access HappyLoop's services for purposes of monitoring their availability, performance, or functionality, or for any other benchmarking or competitive purposes.
This Agreement was last updated on October 16, 2023.
“Affiliate” means any entity which directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control,” for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.
“Documentation” means the Service Description, user guides, blog posts, and other technical and operations documents and specifications for the Services located on the domain happyloop.com, as updated from time to time. You acknowledge that You have had the opportunity to review the Documentation.
“Malicious Code” means viruses, worms, time bombs, Trojan horses, and other harmful or malicious code, files, scripts, agents, or programs.
“Services” means the products and services made available by Us online via the customer login link at https://www.happyloop.com and/or other web pages designated by Us, including associated offline components, as described in the Documentation. “Services” exclude Third-Party Applications.
“Subscription” means a subscription to the Services based on the Services offerings and prices listed at https://www.happyloop.com/pricing/.
“Order Form” means the invoice or online form used for placing orders, including the type and number of Subscriptions.
"Loops" means the units of computational tokens consumed when users interact with specific features and functionalities within the HappyLoop Services. The number of Loops allocated to a user is determined by their respective Subscription Tier. Loops are integral to the operation of certain tasks and queries within the Services and may be subject to limitations based on the Subscription Tier.
“Subscription Tier” means the applicable tier level at the associated price for respective Services offerings, including the number of Loops allocated to each tier, as listed at https://www.happyloop.com/pricing/.
“Subscription Term” means the term of a Subscription as set forth in the applicable Order Form.
“Service Description” means the description of the features, functions, pricing, limitations, and restrictions (including acceptable use policies, service terms for specific Services, and the allocation of Loops within each Subscription Tier) associated with a Service and located at https://www.happyloop.com, as updated from time to time.
“Third-Party Applications” means online applications and offline software products that are provided by entities or individuals other than Us and are clearly identified as such, and that interoperate with the Services.
“Users” means individuals who are authorized by You to use the Services, for whom subscriptions to a Service have been ordered. Users may include but are not limited to Your employees, consultants, contractors, and agents, and third parties with which You transact business.
“We,” “Us” or “Our” means HappyLoop.
“You” or “Your” means the company or other legal entity for which you are accepting this Agreement, and Affiliates of that company or entity.
“Your Data” means all electronic data or information submitted by You to, or made available by You to and collected by Us as part of, the Purchased Services.
“Your Systems” means the systems, tools, or applications (including those developed by, or licensed from, a third party) made available by You to the Services.
2. PROVISION OF SERVICES
We shall make the purchased Services available to You in accordance with this Agreement and the pertinent Order Forms during a Subscription Term. You agree that Your purchases hereunder are neither contingent on the introduction of any prospective functionality or features nor reliant on any verbal or written public statements made by Us concerning upcoming functionality or features.
Unless otherwise detailed in the relevant Order Form:
(i) Services are acquired as Subscriptions, and where pertinent, at the noted Subscription Tier in the Order Form and may be accessed by no more than the designated number of Users stated in the Order Form.
(ii) Additional Subscriptions can be added during the specified Subscription Term at the same pricing as those of the existing Subscriptions, prorated for the remaining duration of the Subscription Term at the time the new Subscriptions are incorporated.
(iii) These newly added Subscriptions will conclude on the same date as the initial Subscriptions.
Unless otherwise indicated in the respective Order Form, Subscriptions are designated for specific Users only and cannot be divided or accessed by more than one User. However, they can be reallocated to new Users who take the place of former Users no longer needing continued access to the Services.
4. USE OF THE SERVICES
4.1. Our Responsibilities.We shall:
(i) provide Our basic support for the purchased Services to You without additional cost, and/or premium support if acquired separately,
(ii) use commercially reasonable efforts to ensure the purchased Services are available 24/7, barring: (a) scheduled maintenance (of which We will give a minimum of 8 hours notice via the purchased Services, aiming to schedule, where feasible, between 9:00 p.m. to 6:00 a.m. Eastern Time), or (b) unavailability due to events beyond Our reasonable control, such as natural disasters, governmental actions, civil disturbances, terrorist actions, labor disputes, internet service issues, or denial of service attacks,
(iii) deliver the purchased Services in compliance with all relevant laws and governmental regulations.
4.2. Your Responsibilities.You shall:
(i) ensure User adherence to this Agreement,
(ii) vouch for the accuracy, legitimacy, and manner of acquisition of Your Data,
(iii) ensure Your Systems adhere to the standards outlined in the Documentation,
(iv) grant Us the necessary permissions to access and utilize Your Data and Your Systems, purely to deliver the Services as per this Agreement,
(v) make diligent efforts to prevent unauthorized access or usage of the Services, informing Us promptly of any breaches, and
(vi) utilize the Services in alignment with the Documentation and all pertinent laws and governmental regulations.
You shall not:
(a) provide Services access to anyone other than authorized Users,
(b) monetize, rent, or lease the Services,
(c) employ the Services to save or transmit content that is infringing, defamatory, or illegal, or that breaches third-party privacy rights,
(d) use the Services to save or transmit Malicious Code,
(e) compromise the Services' integrity or performance or the data within,
(f) attempt unauthorized access to the Services or associated systems/networks.
4.3. Usage Limitations.Services might have certain restrictions, like limitations on storage capacity, API calls, and other constraints detailed in the Documentation.
5. DATA PROTECTION
5.1. Our Protection of Your Data.We commit to employing comprehensive administrative, physical, and technical safeguards, in line with industry standards, to safeguard the security, confidentiality, and integrity of Your Data. We will not: (a) alter Your Data, (b) reveal Your Data except when mandated by law or as explicitly permitted in writing by You, or (c) access Your Data unless it's to deliver the Services, address service or technical issues, or upon Your directive in relation to customer support inquiries.
5.2. Our Limited Rights to Your Data and Systems.Respecting the restrained rights granted by You within this Agreement, We claim no ownership, title, or interest in Your Data or Your Systems, inclusive of any intellectual property contained therein.
5.3. Adherence to EU General Data Protection Regulation.Regardless of the prior stipulations, if you, as a data controller, fall under the purview of the EU General Data Protection Regulation, Regulation (EU) 2016/679, both Parties agree to finalize a data processor agreement prior to any data processing activities. The data processor agreement is annexed to this Agreement (Exhibit A) and, inclusive of its appendices, is an intrinsic component of this Agreement.
6.1. Definition of Confidential Information.For the purposes of this Agreement, “Confidential Information” is any confidential information shared by one party (“Disclosing Party”) with the other party (“Receiving Party”), whether conveyed orally or in writing, that is expressly labeled as confidential or that, given its nature and the manner of its disclosure, should reasonably be treated as confidential. Your Confidential Information includes Your Data; Our Confidential Information comprises the Services; and the Confidential Information of both parties consists of the specifics of this Agreement, all Order Forms, along with business/marketing strategies, technological insights, product blueprints, and operational processes. However, Confidential Information will not encompass details that: (i) are or become publicly known without any breach of duty to the Disclosing Party, (ii) were known to the Receiving Party before the Disclosing Party shared them and without any breach of duty, (iii) are received from an external source without breaching any obligations to the Disclosing Party, or (iv) are independently conceptualized by the Receiving Party. It should be noted that the confidentiality obligations described in this section apply to Confidential Information exchanged as part of your evaluation of any additional services we may offer.
6.2. Protection of Confidential Information.The Receiving Party will exercise the same care in safeguarding the Disclosing Party's Confidential Information as it would with its confidential data (but no less than reasonable care) to (i) not use the Disclosing Party's Confidential Information for any purposes beyond this Agreement's boundaries, and (ii) only grant access to the Disclosing Party's Confidential Information to its employees, affiliates, contractors, and agents who need this information in line with this Agreement's provisions and who have confidentiality agreements with the Receiving Party that offer at least the same level of protection as this section. Neither party will disclose the specifics of this Agreement or any Order Form to any third party, barring their affiliates and their legal advisors and accountants, without the prior written consent of the other party.
6.3. Compelled Disclosure.If legally obligated, the Receiving Party may reveal the Disclosing Party's Confidential Information. In such a case, the Receiving Party will provide prior notification to the Disclosing Party of such compelled disclosure (where the law permits) and offer reasonable support, with costs borne by the Disclosing Party, if the latter opts to challenge the said disclosure. If the Receiving Party is legally forced to disclose the Disclosing Party's Confidential Information in a civil procedure where the Disclosing Party is involved, and the Disclosing Party isn't opposing the disclosure, the Disclosing Party will cover the Receiving Party's reasonable costs for compiling and safely providing access to the Confidential Information.
7. THIRD-PARTY APPLICATIONS
HappyLoop may incorporate features that are compatible with Third-Party Applications (for instance, Stripe, Zendesk, Asana, Hubspot, Notion, and other applications). To utilize such capabilities, you might need to acquire access to these Third-Party Applications directly from their respective providers. If any provider of a Third-Party Application discontinues its availability for seamless operation with relevant features within HappyLoop on acceptable terms, HappyLoop retains the right to discontinue such features without offering any refunds, credits, or compensations to you.
8. FEES AND PAYMENT FOR PURCHASED SERVICES
8.1. Fees.Applicable fees will be charged upon your acceptance of the Order Form, in line with the billing frequency stated in the respective Order Form. Except as otherwise detailed here or in an Order Form: (i) payment obligations are non-cancelable, and fees paid are non-refundable, and (ii) the number of HappyLoop Subscriptions purchased can't be decreased during the stated Subscription Term on the Order Form. Unless otherwise detailed in the Order Form, HappyLoop Subscriptions necessitate a three-month minimum commitment. Subscription fees are determined based on yearly periods that initiate on the Subscription's start date and its subsequent anniversaries. Subscriptions added mid-term will be billed for the entire month and the months remaining in the Subscription Term. If your usage surpasses your Subscription Tier for three consecutive months, you agree that HappyLoop may adjust your Subscription fees to the appropriate Subscription Tier for the term's remainder.
8.2. Invoicing and Payment.If you provide your credit card information to HappyLoop, you authorize us to charge the card for all Subscriptions listed in the Order Form for the primary Subscription Term and any subsequent Subscription Term(s). These charges will be made in advance, either yearly or based on any differing billing frequency specified in the Order Form. If the Order Form states that payment will be through a different method, HappyLoop will invoice you in advance and in line with the relevant Order Form. You are responsible for supplying accurate billing and contact details to HappyLoop and informing us of any changes.
8.3. Overdue Charges & Suspension of Service.If any charges aren't received by the due date, HappyLoop, at its discretion, may: (a) apply late interest at the rate of 1.5% of the outstanding balance monthly or the highest rate allowed by law, from the due date until the date paid, and/or (b) suspend its services until such charges are settled in full. You'll receive at least a 5-day prior notification of an overdue account before any service suspension.
8.4. Payment Disputes.HappyLoop will not exercise its rights under Section 8.3 if you dispute the applicable charges reasonably, in good faith, and are diligently trying to resolve the dispute.
8.5. Taxes.Unless otherwise mentioned, HappyLoop's fees exclude all taxes, levies, duties, or similar government assessments, including but not limited to value-added, sales, or withholding taxes by any jurisdiction. You're accountable for paying all taxes linked with your purchases. If HappyLoop is legally required to pay or collect taxes for which you are responsible, you will be invoiced the corresponding amount, unless you present a valid tax exemption certificate. HappyLoop is exclusively responsible for taxes based on its income, assets, and employees.
9. PROPRIETARY RIGHTS
9.1. Reservation of Rights in Services.In line with the limited rights specifically granted in this agreement, HappyLoop retains all rights, titles, and interests in and to the Services, encompassing all related intellectual property rights. No rights are conferred to you except for those explicitly detailed herein.
9.2. Restrictions.You must not:(i) allow any third party to utilize the Services unless as allowed in this agreement or in an Order Form,(ii) produce derivative works grounded on the Services unless authorized in this context,(iii) copy, frame, or mirror any component or content of the Services, excluding for copying or framing for your internal business objectives,(iv) reverse engineer the Services, and(v) access the Services with the intent to:(a) develop a competitive product or service, or(b) replicate any of the Services' features, functions, or graphics.
9.3. Your Applications and Code.If you, an entity representing you, or a User formulates applications or programming code using HappyLoop's Services, you grant HappyLoop the authority to host, reproduce, broadcast, exhibit, and modify said applications and code, solely to the extent required for HappyLoop to furnish the Services in line with this agreement. Respecting the aforementioned, HappyLoop does not obtain any right, title, or interest from you or your licensors under this agreement concerning such applications or code, inclusive of any intellectual property rights contained therein.
9.4. Suggestions.HappyLoop shall have a royalty-free, worldwide, irrevocable, perpetual license to use and incorporate into its Services any suggestions, enhancement requests, recommendations, or other feedback provided by You, including Users, relating to the operation of HappyLoop's Services.
9.5. Federal Government End Use Provisions.HappyLoop provides its Services, inclusive of related software and technology, for ultimate federal government end use solely as per the following terms: Government technical data and software rights linked to HappyLoop's Services include only those rights customarily offered to the public as defined in this Agreement. This standard commercial license is extended in line with FAR 12.211 (Technical Data) and FAR 12.212 (Software) and, for Department of Defense dealings, DFAR 252.227-7015 (Technical Data – Commercial Items) and DFAR 227.7202-3 (Rights in Commercial Computer Software or Computer Software Documentation). If a government agency requires rights not granted under these conditions, it must negotiate with HappyLoop to ascertain if there are agreeable terms for such rights transfer. A jointly agreed upon written addendum explicitly conveying such rights must be incorporated in any related contract or agreement.
10. WARRANTIES AND DISCLAIMERS
10.1. Our Warranties.
We warrant that: (i) We have validly entered into this Agreement and have the legal power to do so, (ii) the Services, whether accessed through the web application or Google Chrome extension, shall perform materially in accordance with the Documentation, and (iii) subject to our integration with third-party tools such as Stripe, Zendesk, Asana, Hubspot, and Notion, the functionality of the Services will not be materially decreased during a Subscription Term. For any breach of a warranty above, Your exclusive remedy shall be as provided in Section 13.3 (Termination for Cause) and Section 13.4 (Refund or Payment upon Termination) below.
10.2. Your Warranties.
You warrant that You have validly entered into this Agreement and have the legal power to do so.
EXCEPT AS EXPRESSLY PROVIDED HEREIN, NEITHER PARTY MAKES ANY WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, AND EACH PARTY SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING ANY WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW.
11. MUTUAL INDEMNIFICATION
11.1. Indemnification by Us.
We shall defend You against any claim, demand, suit, or proceeding made or brought against You by a third party alleging that the use of HappyLoop, whether accessed through the web application or Google Chrome extension, as permitted hereunder infringes or misappropriates the intellectual property rights of a third party (a “Claim Against You”). We shall indemnify You for any damages, attorney fees, and costs finally awarded against You as a result of, and for amounts paid by You under a court-approved settlement of, a Claim Against You; provided that You:
(a) promptly give Us written notice of the Claim Against You;
(b) give Us sole control of the defense and settlement of the Claim Against You (provided that We may not settle any Claim Against You without your prior approval unless the settlement unconditionally releases You of all liability); and
(c) provide to Us all reasonable assistance, at Our expense.
In the event of a Claim Against You, or if We reasonably believe the Services provided by HappyLoop may infringe or misappropriate, We may in Our discretion and at no cost to You:
(i) modify HappyLoop so that it no longer infringes or misappropriates, without breaching Our warranties under Section 10.1 (Our Warranties) above,
(ii) obtain a license for Your continued use of HappyLoop in accordance with this Agreement, or
(iii) terminate Your Subscriptions for HappyLoop upon 30 days’ written notice and refund to You any prepaid fees covering the remainder of the term of such User subscriptions after the effective date of termination.
11.2. Indemnification by You.
You shall defend Us against any claim, demand, suit, or proceeding made or brought against Us by a third party alleging that Your Data, Our use of Your Systems to provide HappyLoop in accordance with this Agreement, or Your use of HappyLoop, whether accessed through the web application or Google Chrome extension, in breach of this Agreement, infringes or misappropriates the intellectual property rights of a third party or violates applicable law (a “Claim Against Us”). You shall indemnify Us for any damages, attorney fees, and costs finally awarded against Us as a result of, or for any amounts paid by Us under a court-approved settlement of, a Claim Against Us; provided that We:
(a) promptly give You written notice of the Claim Against Us;
(b) give You sole control of the defense and settlement of the Claim Against Us (provided that You may not settle any Claim Against Us unless the settlement unconditionally releases Us of all liability); and
(c) provide to You all reasonable assistance, at Your expense.
11.3. Exclusive Remedy.
This Section 11 (Mutual Indemnification) states the indemnifying party’s sole liability to, and the indemnified party’s exclusive remedy against, the other party for any type of claim described in this Section.
12. LIMITATION OF LIABILITY
12.1. Limitation of Liability.
NEITHER PARTY’S LIABILITY WITH RESPECT TO ANY SINGLE INCIDENT ARISING OUT OF OR RELATED TO THIS AGREEMENT (WHETHER IN CONTRACT OR TORT OR UNDER ANY OTHER THEORY OF LIABILITY) SHALL EXCEED THE LESSER OF $50,000 OR THE AMOUNT PAID BY YOU FOR USING HAPPYLOOP IN THE 12 MONTHS PRECEDING THE INCIDENT. PROVIDED THAT IN NO EVENT SHALL EITHER PARTY’S AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT (WHETHER IN CONTRACT OR TORT OR UNDER ANY OTHER THEORY OF LIABILITY) EXCEED THE TOTAL AMOUNT PAID BY YOU FOR USING HAPPYLOOP. THE FOREGOING SHALL NOT LIMIT YOUR PAYMENT OBLIGATIONS UNDER ANY RELEVANT PAYMENT SECTION PERTAINING TO HAPPYLOOP'S SERVICES.
12.2. Exclusion of Consequential and Related Damages.
IN NO EVENT SHALL EITHER PARTY HAVE ANY LIABILITY TO THE OTHER PARTY FOR ANY LOST PROFITS OR REVENUES OR FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, COVER OR PUNITIVE DAMAGES HOWEVER CAUSED, WHETHER IN CONTRACT, TORT OR UNDER ANY OTHER THEORY OF LIABILITY, AND WHETHER OR NOT THE PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE FOREGOING DISCLAIMER SHALL NOT APPLY TO THE EXTENT PROHIBITED BY APPLICABLE LAW.
13. TERM AND TERMINATION
13.1. Term of Agreement.
This Agreement commences on the date You accept it and continues until all Subscriptions granted in accordance with this Agreement related to HappyLoop, whether accessed through the web application or Google Chrome extension, have expired or been terminated.
13.2. Term of Purchased Subscriptions.
Subscriptions purchased by You for HappyLoop are activated upon your acceptance of the applicable Order Form and, subject to your payment obligations related to the applicable Order Form, shall continue for the Subscription Term specified therein. Charges for Loops are separate and not included in the Subscription fees. Except as otherwise specified in the applicable Order Form, all Subscriptions and Loops shall automatically renew for additional periods equal to the expiring Subscription Term or one year (whichever is shorter), unless either party gives the other notice of non-renewal at least 30 days before the end of the relevant subscription term. When a credit card is on file, upon the completion of a Subscription Term, unless you provide notice of non-renewal as provided above, you authorize us to automatically charge such credit card for the renewal of the Subscription Term and any Loops used. The per-unit pricing during any such renewal term shall be the same as that during the prior term unless We have given You written notice of a pricing change at least 30 days before the end of such prior term, in which case the pricing change shall be effective upon renewal and thereafter.
13.3. Termination for Cause.
A party may terminate this Agreement for cause immediately upon written notice to the other party thereof:
(i) if the other party materially breaches its obligations under this Agreement related to HappyLoop and, after receiving written notice identifying such material breach in reasonable detail, fails to cure such material breach within 30 days from the date of its receipt of such notice; provided, however, in the case of a material breach that cannot reasonably be cured within such 30-day period (which shall necessarily exclude, for the avoidance of doubt, any payment default), the non-breaching party may terminate this Agreement following such 30-day period only if the breaching party shall have failed to commence substantial remedial actions within such 30-day period and to use reasonable efforts to pursue the same; or
(ii) if the other party becomes the subject of a petition in bankruptcy or any other proceeding relating to insolvency, receivership, liquidation, or assignment for the benefit of creditors.
13.4. Refund or Payment upon Termination.
Upon any termination for cause by You, We shall refund You any prepaid fees covering the remainder of the term of all subscriptions for HappyLoop and any unused Loops after the effective date of termination. Upon any termination for cause by Us, You shall pay any unpaid fees covering the remainder of the term of all Order Forms related to HappyLoop and any used Loops after the effective date of termination. In no event shall any termination relieve You of the obligation to pay any fees payable to Us for HappyLoop or used Loops for the period prior to the effective date of termination.
13.5. Exporting Your Data upon Termination.
For a period of 30 days after the effective date of termination of a Purchased Services subscription with HappyLoop, You will be able to access Your Data for purposes of exporting Your Data. After such 30-day period, We shall have no obligation to maintain or provide access to any of Your Data and shall thereafter, unless legally prohibited, delete all of Your Data in Our systems or otherwise in Our possession or under Our control. Thus, it's imperative for You to export Your Data within 30 days after the effective date of termination, or Your Data will be permanently lost.
13.6. Surviving Provisions.
Sections pertaining to Confidentiality, Fees and Payment for HappyLoop Services and Loops, Proprietary Rights of HappyLoop, Disclaimer, Mutual Indemnification, Limitation of Liability, Refund or Payment upon Termination, Exporting Your Data upon Termination, this specific provision on Surviving Provisions, Notices, Governing Law and Jurisdiction, and General Provisions shall survive any termination or expiration of this Agreement concerning HappyLoop and Loops.
14. NOTICES, GOVERNING LAW AND JURISDICTION
14.1. Manner of Giving Notice.Except as otherwise specified in this Agreement, all notices, permissions, and approvals hereunder shall be in writing and shall be deemed to have been given upon: (i) personal delivery or (ii) the first business day after sending by email (provided email shall not be sufficient for notices of termination or an indemnifiable claim), certified or registered mail (in each case, return receipt requested) or nationally recognized overnight courier (with all fees pre-paid). Billing-related notices to You shall be addressed to the relevant billing contact designated by You. All other notices to You shall be addressed to the relevant HappyLoop system administrator designated by You.
14.2. Governing Law and Jurisdiction.This Agreement shall be interpreted, construed, and enforced in all respects in accordance with the laws of the State of New York except for its conflicts of laws principles. Each party irrevocably consents and submits to the exclusive jurisdiction of the courts of any state or Federal court sitting in the Manhattan Borough of the City of New York in the State of New York, in connection with any action to enforce the provisions of this Agreement, to recover damages or other relief for breach or default under this Agreement, or otherwise arising under or by reason of this Agreement.
14.3. Waiver of Jury Trial.Each party hereby waives any right to jury trial in connection with any action or litigation in any way arising out of or related to this Agreement.
15. GENERAL PROVISIONS
15.1. Export Compliance.The Services, other technology We make available, and derivatives thereof may be subject to export laws and regulations of the United States and other jurisdictions. Each party represents that it is not named on any U.S. government denied-party list. You shall not permit Users to access or use Services in a U.S.-embargoed country (currently Cuba, Iran, North Korea, Sudan, or Syria) or in violation of any U.S. export law or regulation.
15.2. Anti-Corruption.You have not received or been offered any illegal or improper bribe, kickback, payment, gift, or thing of value from any of Our employees or agents in connection with this Agreement. Reasonable gifts and entertainment provided in the ordinary course of business do not violate the above restriction. If You learn of any violation of the above restriction, You will use reasonable efforts to promptly notify Us at (email@example.com).
15.3. Relationship of the Parties.The parties are independent contractors. This Agreement does not create a partnership, franchise, joint venture, agency, fiduciary, or employment relationship between the parties.
15.4. No Third-Party Beneficiaries.There are no third-party beneficiaries to this Agreement.
15.5. Waiver.No failure or delay by either party in exercising any right under this Agreement shall constitute a waiver of that right.
15.6. Severability.If any provision of this Agreement is held by a court of competent jurisdiction to be contrary to law, the provision shall be modified by the court and interpreted so as best to accomplish the objectives of the original provision to the fullest extent permitted by law, and the remaining provisions of this Agreement shall remain in effect.
15.7. Attorney Fees.You shall pay on demand all of Our reasonable attorney fees and other costs incurred by Us to collect any fees or charges due Us under this Agreement following Your breach of Section 8.2 (Invoicing and Payment).
Neither party may assign any of its rights or obligations under this Agreement, whether by operation of law or otherwise, without the prior written consent of the other party (not to be unreasonably withheld). Notwithstanding the foregoing, either party may assign this Agreement in its entirety (including all User Agreements), without consent of the other party, to its Affiliate or in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets not involving a direct competitor of the other party. The non-assigning party's sole remedy for any purported assignment by the other party in breach of this paragraph shall be, at their election, termination of this Agreement upon written notice to the assigning party. In the event of such a termination, HappyLoop shall refund to you any prepaid fees covering the remainder of the term of all subscriptions after the effective date of termination. Subject to the foregoing, this Agreement shall bind and inure to the benefit of the parties, their respective successors, and permitted assigns.
15.9. Entire Agreement.
This Agreement, including all exhibits and addenda hereto and all User Agreements, constitutes the entire agreement between the parties and supersedes all prior and contemporaneous agreements, proposals, or representations, written or oral, concerning its subject matter. No modification, amendment, or waiver of any provision of this Agreement shall be effective unless in writing and either signed or accepted electronically. To the extent of any conflict or inconsistency between the provisions in the body of this Agreement and any exhibit, addendum, or User Agreement, the terms of such exhibit, addendum, or User Agreement shall prevail. Notwithstanding any language to the contrary therein, no terms or conditions stated in your purchase order or other order documentation (excluding User Agreements) shall be incorporated into or form any part of this Agreement, and all such terms or conditions shall be null and void.
EXHIBIT A - DATA PROTECTION ADDENDUM
This Data Protection Addendum ("Addendum") amends and forms part of the Master Subscription Agreement ("Agreement") between HappyLoop, Inc. ("HappyLoop") and the Customer. To the extent HappyLoop and the Customer do not have a written agreement governing their relationship, this Addendum governs the Processing of Personal Information between HappyLoop and the Customer. For the purposes of this Addendum, HappyLoop and the Customer shall be referred to as "Parties" and individually as "Party." In the event of a conflict between the terms of the Agreement and this Addendum, the terms of this Addendum shall govern.
1.1. "Applicable Data Protection Laws" means all laws and regulations applicable to HappyLoop's Processing of Customer Personal Information under the Agreement or the parties' business relationship and this Addendum, including but not limited to the GDPR and CCPA.
1.2. "CCPA" means the California Consumer Privacy Act of 2018, Title 1.81.5 (commencing with Section 1798.100) to Part 4 of Division 3 of the Civil Code, as amended, and inclusive of all implementing regulations, as adopted.
1.3. "Data Security Incident" means a discovered, actual unauthorized access to, destruction of, loss of, alteration of, exfiltration of, theft of, or disclosure of Customer Personal Information transmitted, collected, stored, controlled, or otherwise in the possession of HappyLoop used for Processing under the Agreement or the Parties’ business relationship and this Addendum.
1.4. "Data Subject" shall have the same meaning as "data subject" or "consumer" under any Applicable Data Protection Laws.
1.5. "EU-SCCs" has the meaning set forth in Section 12.2.
1.6. "GDPR" means EU General Data Protection Regulation 2016/679.
1.7. "Controller" shall have the same meaning as "controller" or "business" under any Applicable Data Protection Laws.
1.8. "Customer Personal Information" means any information provided by Customer that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular Data Subject, and includes "personal information" or "personal data" as defined in any Applicable Data Protection Laws.
1.9. "Process," "Processed," or "Processing" means any operation or set of operations that are performed on Customer Personal Information or on sets of Personal Information, automated or manual.
1.10. "Processor" shall have the same meaning as "processor," "service provider," or non "third party" under any Applicable Data Protection Laws.
1.11. "Sale" and "Sell" shall have the same meaning as "sale" and "sell" under any Applicable Data Protection Laws.
1.12. "Services" shall mean the services provided by HappyLoop to Customer pursuant to the Agreement or any other business understanding between the Parties.
1.13. "Standard Contractual Clauses" means the contractual clauses promulgated by the European Parliament and European Council on June 4, 2021 (Commission Implementing Decision) (EU) 2021/914, available for Customer upon request. If adopted, the Standard Contractual Clauses will be incorporated as Schedule 1 to this Addendum.
1.14. "Sub-Processor" means any person (including any third party, but excluding an employee of HappyLoop) appointed by or on behalf of HappyLoop to Process Customer Personal Information.
1.15. "UK-SCCs" has the meaning set forth in Section 12.2.
2. Services Provided / Scope of Addendum
During the course of the Agreement, and from time to time, Customer may provide HappyLoop, or provide access to Customer Personal Information for the purposes of Processing pursuant to the Agreement and this Addendum.
3. Roles of the Parties
The Parties acknowledge and agree that when HappyLoop Processes Customer Personal Information under the Agreement and this Addendum, Customer operates as the Controller and HappyLoop operates as the Processor.
Customer represents and warrants that it is and will at all relevant times remain duly and effectively authorized to give the instructions to HappyLoop concerning the Processing of Customer Personal Information pursuant to the Agreement or the Parties’ business relationship and this Addendum.
4. Data Protection Law Compliance
4.1. HappyLoop and Customer agree to comply with all Applicable Data Protection Laws as it relates to the Processing of Customer Personal Information under the Agreement or the Parties’ business relationship and this Addendum.
4.2. For the avoidance of doubt, and to the extent applicable, HappyLoop agrees to comply with all applicable obligations under the CCPA and provide the same level of privacy protections to applicable Personal Information as required under the CCPA.
4.3. In the event HappyLoop cannot comply with the CCPA, HappyLoop shall notify Customer that it can no longer meet the CCPA’s obligations. To the extent HappyLoop cannot comply with its obligations under the CCPA, Customer may take reasonable and appropriate steps to help ensure that HappyLoop uses Personal Information provided under the Agreement or as part of the business relationship in a manner consistent with the Customer’s obligations under the CCPA.
5. Processing of Customer Personal Information
5.1.1. HappyLoop shall only Process Customer Personal Information for the purpose of the provision of the Services and in accordance with Customer’s documented instructions, unless additional Processing is required by Applicable Data Protection Laws, in which case HappyLoop shall Process Customer Personal Information to the extent permitted by the Applicable Data Protection Laws.
5.1.2. Customer hereby instructs HappyLoop, and authorizes HappyLoop to instruct each Sub-Processor, to Process Customer Personal Information in accordance with the Agreement or the business relationship between the Parties and this Addendum, and to comply with all documented instructions provided by Customer where such instructions are consistent with the terms of the Agreement, the business relationship between the Parties, this Addendum, and Applicable Data Protection Laws.
5.1.3. To the extent HappyLoop considers an instruction from Customer to be infringing upon any Applicable Data Protection Laws, HappyLoop shall immediately notify Customer of said infringement.
5.2. Details of Processing
5.2.1 The subject-matter of the Processing of Customer Personal Information is the performance of the Services set forth in the Agreement or the business relationship between the Parties. The duration of the Processing is for the term of the Agreement or the duration of the business relationship between the Parties. The nature and purpose of the Processing include providing the Services set forth in the Agreement or performing the business relationship between the Parties, including but not limited to chat-based data inquiry, task execution, and third-party tool integrations. The types of Customer Personal Information being Processed include queries, executed tasks, and linked third-party account data. The types of data subjects include: (i) Customer’s representatives and end-users; (ii) Customer’s employees, contractors, and vendors; and (iii) individuals attempting to communicate or transfer Customer Personal Information to users of the Services.
5.2.2. The Parties agree that any transfer, disclosure, or making available of Customer Personal Information by Customer to HappyLoop under the Agreement or during the course of the Parties’ business relationship and this Addendum is not intended to be a Sale.
5.2.3. HappyLoop is prohibited from Selling Customer Personal Information it receives or has access to under the Agreement or the Parties’ business relationship and this Addendum.
5.2.4. HappyLoop certifies that it understands and will comply with the restrictions set forth in this section.
5.3.1. If permissible under the Agreement or the Parties’ business relationship, HappyLoop may engage Sub-Processors in connection with the provision of the Services, including but not limited to for the Processing of Customer Personal Information.
5.3.2. When requested by Customer, HappyLoop shall make available to Customer an up-to-date list of all Sub-Processors used for the Processing of Customer Personal Information.
5.3.3. HappyLoop shall provide reasonable prior written notice to Customer of the appointment of any new Sub-Processor, including details of the Processing to be undertaken by the Sub-Processor. If, within fifteen (15) calendar days of receipt of that notice, Customer notifies HappyLoop in writing of any reasonable objections to the proposed appointment, HappyLoop shall work with Customer in good faith to make available a commercially reasonable change in the provision of the Services which avoids the use of the proposed Sub-Processor.
5.3.4. HappyLoop has or shall enter into a written agreement with each Sub-Processor containing data protection obligations not less protective than those in this Addendum. HappyLoop shall be responsible for the acts of its Sub-Processor as it relates to the provision of Services under this Agreement or through the Parties’ business relationship and the Processing of Customer Personal Information. Upon reasonable written request, HappyLoop shall provide the Customer with a copy of any Sub-Processor agreements, subject to protections of confidentiality, trade secrets, and other lawfully protected information.
5.4.1. HappyLoop agrees to take all reasonable steps to ensure that persons authorized to Process Customer Personal Information under the Agreement or through the Parties’ business relationship and this Addendum are: (i) bound by appropriate contractual obligations or are under appropriate statutory obligations of confidentiality, data protection, and data security; and (ii) Process Customer Personal Information only upon the instructions of Customer, unless required to do so pursuant to Applicable Data Protection Laws.
5.4.2. HappyLoop agrees to limit access to Customer Personal Information to those individuals who need to know/access the relevant Customer Personal Information to perform the Services.
HappyLoop certifies it understands and will comply with the restrictions set forth in this Section 5.
6. Security Measures
HappyLoop shall implement and maintain appropriate and reasonable technical, physical, and organizational safeguards appropriate to the sensitivity of the Customer Personal Information being Processed under the Agreement or through the Parties’ business relationship and this Addendum, and in accordance with Applicable Data Protection Laws ("Security Measures").
7. Data Security Incident
7.1. In the event of a Data Security Incident, HappyLoop shall promptly notify Customer at the earliest opportunity upon becoming aware of the Data Security Incident. In any such notification, HappyLoop shall provide Customer with sufficient information, as available at the time of notification, to assist Customer in assessing the Data Security Incident.
7.2. Unless required by Applicable Data Protection Laws or other applicable legal obligation (statute, court order, contract), HappyLoop will promptly notify Customer of any third-party legal process relating to a Data Security Incident of which HappyLoop is aware.
7.3. With notice to HappyLoop, to the extent there is unauthorized use of Personal Information, Customer may take reasonable and appropriate steps to stop and remediate such unauthorized use of Personal Information.
8. Data Protection Impact Assessment and Prior Consultations
Upon reasonable written request, HappyLoop will reasonably cooperate with and provide reasonable assistance to Customer as it relates to Customer’s undertaking of any data protection impact assessments and/or prior consultations with any appropriate authority under Applicable Data Protection Laws.
9.1. HappyLoop shall make available to Customer, upon reasonable written request, information reasonably necessary to demonstrate HappyLoop’s compliance with the Agreement or the Parties’ business relationship and this Addendum, and shall allow for audits by Customer, or an auditor mandated by Customer, in relation to the Processing of Customer Personal Information under the Agreement or the Parties’ business relationship and this Addendum.
9.2. Customer shall provide HappyLoop at least thirty (30) calendar days’ written notice in advance of any audit to be conducted under this section. The audit must be conducted during HappyLoop’s regular business hours and shall not unreasonably interfere with HappyLoop’s business activities.
9.3. If the requested audit scope is addressed in a third-party audit or certification of HappyLoop’s privacy and security controls reasonably acceptable to Customer ("Third Party Audit") issued within the prior twelve (12) months and HappyLoop provides such report to Customer confirming there are no known material changes in the controls audited, then Customer agrees to accept the findings presented in the Third Party Audit in lieu of requesting an audit of the same controls covered by the Third Party Audit. Any Third Party Audit shall constitute confidential information consistent with the Agreement and this Addendum.
9.4. Customer shall be fully responsible for any costs and/or fees associated with any auditor appointed by Customer to execute an audit under this section.
9.5. Customer shall promptly notify HappyLoop, and no later than fourteen (14) calendar days following the close of an audit under this section, about any alleged non-compliance with the Agreement and/or this Addendum discovered during the course of the audit.
10. Return or Destruction of Customer Personal Information
10.1. HappyLoop will cease Processing Customer Personal Information within ten (10) business days after the termination of the Agreement, or earlier pursuant to a written agreement by the Parties.
10.2. Upon reasonable written request by the Customer, and at the Customer's choice, HappyLoop will return or delete all Customer Personal Information in its possession no later than ninety (90) calendar days after the termination of the Agreement.
11. Data Subject Requests
11.1. HappyLoop shall comply with any reasonable request by the Customer to correct, amend, restrict Processing, or delete Customer Personal Information, as mandated by Applicable Data Protection Laws, to the extent HappyLoop is legally permitted to do so.
11.2. To the extent possible, HappyLoop shall reasonably assist the Customer in implementing appropriate technical and organizational measures for the fulfillment of the Customer’s obligations, as reasonably understood by HappyLoop, to respond to requests by Data Subjects under Applicable Data Protection Laws.
12. Transfer of Data
12.1. The Parties agree that any Customer Personal Information provided by the Customer to HappyLoop under the Agreement and this Addendum shall be hosted within the territorial boundaries of the United States of America (US).
12.2. Applicable Standard Contractual Clauses
12.2.1. EU-SCCs. To the extent the Applicable Data Protection Laws apply to the transfer of Customer Personal Information from a Member State within the European Economic Area (“EEA”) and/or Switzerland to countries which do not ensure an adequate level of data protection within the meaning of such Applicable Data Protection Laws, the Customer and HappyLoop hereby incorporate the unmodified European Union Standard Contractual Clauses set out in the Annex of Commission Implementing Decision (EU) 2021/914 of 4 June 2021, attached as Schedule 1 (“EU-SCCs”).
12.2.2. UK-SCCs. To the extent the Applicable Data Protection Laws apply to the transfer of Customer Personal Information from the United Kingdom to countries which do not ensure an adequate level of data protection within the meaning of such Applicable Data Protection Laws, the Customer and HappyLoop hereby incorporate the unmodified Addendum to the EU Commission Standard Contractual Clauses issued by the Commissioner under S119A(1) Data Protection Act 2018, attached as Schedule 2 (“UK-SCCs”).
12.3. Restricted Transfer
The Standard Contractual Clauses shall not apply to any cross-border transfer of Customer Personal Information unless legally necessary under the Applicable Data Protection Laws, together with other reasonably practicable protections as applicable, to permit the relevant cross-border transfer to take place without breach of any Applicable Data Protection Laws (“Restricted Transfer”).
The Annexes provided in Schedule 3 shall apply to both the respective EU-SCCs and UK-SCCs.
12.5. Sub-Processor Transfers
HappyLoop agrees that before it commences a Restricted Transfer to a Sub-Processor, it shall ensure that one of the following is in place: (i) the Standard Contractual Clauses are at all relevant times incorporated into the agreement between HappyLoop on the one hand and a Sub-Processor on the other; (ii) that Sub-Processor enters into an agreement incorporating the Standard Contractual Clauses with the Customer; or (iii) HappyLoop's entry into the Standard Contractual Clauses, as an agent for and on behalf of the Sub-Processor, will have been duly and effectively authorized (or subsequently ratified) by that Sub-Processor.
12.6. Conflict Resolution
In the event of a conflict between the Agreement and this Addendum and any Standard Contractual Clauses entered into by the Parties, the Standard Contractual Clauses shall prevail.
SCHEDULE 1 - EU-SCCs (The Standard Contractual Clauses set out in the Annex of Commission Implementing Decision (EU) 2021/914 of 4 June 2021)
Purpose and Scope
(a) The purpose of these standard contractual clauses is to ensure compliance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) for the transfer of personal data to a third country.
(b) The Parties:
(i) the natural or legal person(s), public authority/ies, agency/ies, or other body/ies (hereinafter ‘entity/ies’) transferring the personal data, as listed in Annex I.A (hereinafter each ‘data exporter’), and
(ii) the entity/ies in a third country receiving the personal data from the data exporter, directly or indirectly via another entity also a Party to these Clauses, as listed in Annex I.A (hereinafter each ‘data importer’) have agreed to these standard contractual clauses (hereinafter: ‘Clauses’).
(c) These Clauses apply with respect to the transfer of personal data as specified in Annex I.B, particularly in the use of HappyLoop's AI assistant designed to enhance work efficiency, which integrates with third-party tools such as Stripe, Zendesk, Asana, Hubspot, and Notion.
(d) The Appendix to these Clauses containing the Annexes referred to therein forms an integral part of these Clauses.
Effect and Invariability of the Clauses
(a) These Clauses set out appropriate safeguards, including enforceable data subject rights and effective legal remedies, pursuant to Article 46(1) and Article 46(2)(c) of Regulation (EU) 2016/679. They also include standard contractual clauses pursuant to Article 28(7) of Regulation (EU) 2016/679, with respect to data transfers related to the utilization of HappyLoop’s AI assistant service. These clauses are provided they are not modified, except to select the appropriate Module(s) or to add or update information in the Appendix. This does not prevent the Parties from including these standard contractual clauses in a wider contract related to HappyLoop’s services and/or to add other clauses or additional safeguards, provided that they do not contradict, directly or indirectly, these Clauses or prejudice the fundamental rights or freedoms of data subjects.
(b) These Clauses are without prejudice to obligations to which the data exporter is subject by virtue of Regulation (EU) 2016/679.
Data subjects may invoke and enforce these Clauses, as third-party beneficiaries, against the data exporter and/or data importer related to the use of HappyLoop, with the following exceptions:
(i) Clause 1, Clause 2, Clause 3, Clause 6, Clause 7;
(ii) Clause 8 – Clause 8.1(b), 8.9(a), (c), (d) and (e);
(iii) Clause 9 – Clause 9(a), (c), (d) and (e);
(iv) Clause 12 – Clause 12(a), (d) and (f);
(v) Clause 13;
(vi) Clause 15.1(c), (d) and (e);
(vii) Clause 16(e);
(viii) Clause 18 – Clause 18(a) and (b).
(b) Paragraph (a) is without prejudice to rights of data subjects under Regulation (EU) 2016/679.
(a) Where these Clauses use terms that are defined in Regulation (EU) 2016/679, those terms shall have the same meaning as in that Regulation.
(b) These Clauses shall be read and interpreted in the light of the provisions of Regulation (EU) 2016/679.
(c) These Clauses shall not be interpreted in a way that conflicts with rights and obligations provided for in Regulation (EU) 2016/679.
In the event of a contradiction between these Clauses and the provisions of related agreements between the Parties, specifically regarding the use of HappyLoop's AI assistant service and its features, these Clauses shall prevail.
Description of the Transfer(s)
The details of the transfer(s), particularly involving the use of HappyLoop's AI assistant designed to enhance work efficiency and integrate with third-party tools like Stripe, Zendesk, Asana, Hubspot, and Notion, and in particular the categories of personal data that are transferred and the purpose(s) for which they are transferred, are specified in Annex I.B.
(a) An entity that is not a Party to these Clauses may, with the agreement of the Parties, accede to these Clauses at any time, either as a data exporter or as a data importer, by completing the Appendix and signing Annex I.A.
(b) Once it has completed the Appendix and signed Annex I.A, the acceding entity shall become a Party to these Clauses and have the rights and obligations of a data exporter or data importer, specifically in the context of using HappyLoop's services, in accordance with its designation in Annex I.A.
(c) The acceding entity shall have no rights or obligations arising under these Clauses from the period prior to becoming a Party.
SECTION II – OBLIGATIONS OF THE PARTIES
Data Protection Safeguards
The data exporter warrants that it has used reasonable efforts to determine that HappyLoop is able, through the implementation of appropriate technical and organizational measures, to satisfy its obligations under these Clauses.
(a) HappyLoop shall process the personal data only on documented instructions from the data exporter. Instructions may include tasks or queries generated through HappyLoop's AI assistant interface, as well as integration actions with third-party tools like Stripe, Zendesk, Asana, Hubspot, and Notion. The data exporter may give such instructions throughout the duration of the contract.
(b) HappyLoop shall immediately inform the data exporter if it is unable to follow those instructions.
8.2 Purpose Limitation
HappyLoop shall process the personal data only for the specific purpose(s) of enhancing work efficiency, integrating with third-party tools, and generating insights, as set out in Annex I.B, unless on further instructions from the data exporter.
On request, the data exporter shall make a copy of these Clauses, including the Appendix as completed by the Parties, available to the data subject free of charge. To the extent necessary to protect business secrets or other confidential information, including the technical specifications of HappyLoop's AI assistant and integrated features, the data exporter may redact part of the text of the Appendix to these Clauses prior to sharing a copy. However, a meaningful summary will be provided where the data subject would otherwise not be able to understand its content or exercise their rights. On request, the Parties shall provide the data subject with the reasons for the redactions, to the extent possible without revealing the redacted information. This Clause is without prejudice to the obligations of the data exporter under Articles 13 and 14 of Regulation (EU) 2016/679.
If HappyLoop becomes aware that the personal data it has received is inaccurate or has become outdated, it shall inform the data exporter without undue delay. In this case, HappyLoop shall cooperate with the data exporter to erase or rectify the data.
8.5 Duration of Processing and Erasure or Return of Data
Processing by HappyLoop shall only take place for the duration specified in Annex I.B. After the end of the provision of the processing services, which may include tasks performed by the AI assistant, data queries, or third-party integrations like Stripe, Zendesk, Asana, Hubspot, and Notion, HappyLoop shall, at the choice of the data exporter, delete all personal data processed on behalf of the data exporter and certify to the data exporter that it has done so, or return to the data exporter all personal data processed on its behalf and delete existing copies. Until the data is deleted or returned, HappyLoop shall continue to ensure compliance with these Clauses. In the case of local laws applicable to HappyLoop that prohibit return or deletion of the personal data, HappyLoop warrants that it will continue to ensure compliance with these Clauses and will only process it to the extent and for as long as required under that local law. This is without prejudice to Clause 14, in particular the requirement for HappyLoop under Clause 14(e) to notify the data exporter throughout the duration of the contract if it has reason to believe that it is or has become subject to laws or practices not in line with the requirements under Clause 14(a).
8.6 Security of Processing
(a) HappyLoop and, during transmission, also the data exporter shall implement appropriate technical and organizational measures to ensure the security of the data. This includes protection against a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to the data (hereinafter 'personal data breach'). In assessing the appropriate level of security, both Parties shall take into account the state of the art, the costs of implementation, the nature, scope, context, and purpose(s) of processing, which may include tasks performed by the AI assistant, data queries, or third-party integrations like Stripe, Zendesk, Asana, Hubspot, and Notion, and the risks involved in the processing for the data subjects. Both Parties shall consider using encryption or pseudonymization, including during transmission, where the purpose of processing can be fulfilled in that manner. In the case of pseudonymization, the additional information for attributing the personal data to a specific data subject shall, where possible, remain under the exclusive control of the data exporter. To comply with its obligations under this paragraph, HappyLoop shall at least implement the technical and organizational measures specified in Annex II. HappyLoop shall carry out regular checks to ensure that these measures continue to provide an appropriate level of security.
(b) HappyLoop shall grant access to the personal data to members of its personnel only to the extent strictly necessary for the implementation, management, and monitoring of the contract. HappyLoop shall ensure that persons authorized to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
(c) Personal Data Breach Response and Notification
In the event of a personal data breach concerning personal data processed by HappyLoop under these Clauses, HappyLoop shall take appropriate measures to address the breach, including measures to mitigate its adverse effects. HappyLoop shall also notify the data exporter without undue delay after becoming aware of the breach. This notification shall include details of a contact point where more information can be obtained, a description of the nature of the breach (including, where possible, categories and approximate number of data subjects and personal data records concerned), its likely consequences, and the measures taken or proposed to address the breach. This could pertain to tasks performed by the AI assistant or data queries through third-party integrations like Stripe, Zendesk, Asana, Hubspot, and Notion. Where, and insofar as, it is not possible to provide all information at the same time, the initial notification will contain the information then available, and further information will be provided without undue delay as it becomes available.
(d) Regulatory Compliance Cooperation
HappyLoop shall cooperate with and assist the data exporter to enable the data exporter to comply with its obligations under Regulation (EU) 2016/679 (the General Data Protection Regulation or "GDPR"), particularly to notify the competent supervisory authority and the affected data subjects. This cooperation takes into account the nature of processing facilitated by HappyLoop's features and the information available to HappyLoop.
8.7 Sensitive Data
In cases where the transfer involves personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for uniquely identifying a natural person, data concerning health, sex life, sexual orientation, or data related to criminal convictions and offenses (hereinafter 'sensitive data'), HappyLoop shall implement the specific restrictions and/or additional safeguards described in Annex I.B.
8.8 Onward Transfers
HappyLoop shall only disclose personal data to a third-party based on documented instructions from the data exporter. This is particularly relevant when the AI assistant interacts with third-party integrations such as Stripe, Zendesk, Asana, Hubspot, and Notion. Additionally, data may only be disclosed to a third party located outside the European Union (in the same country as HappyLoop or in another third country, hereinafter ‘onward transfer’) if the third party agrees to be bound by these Clauses or if:
(i) The onward transfer is to a country benefiting from an adequacy decision pursuant to Article 45 of Regulation (EU) 2016/679 that covers the onward transfer;
(ii) The third party otherwise ensures appropriate safeguards pursuant to Articles 46 or 47 of Regulation (EU) 2016/679 with respect to the processing in question;
(iii) The onward transfer is necessary for establishing, exercising, or defending legal claims in specific administrative, regulatory, or judicial proceedings;
(iv) The onward transfer is necessary to protect the vital interests of the data subject or another natural person.
Any onward transfer is subject to HappyLoop's compliance with all other safeguards under these Clauses, particularly those related to the limitation of purpose.
8.9 Documentation and Compliance
(a) HappyLoop shall promptly and adequately respond to inquiries from the data exporter that relate to the processing under these Clauses. This includes, but is not limited to, inquiries about how HappyLoop integrates with third-party tools such as Stripe, Zendesk, Asana, Hubspot, and Notion to enhance work efficiency.
(b) Both Parties shall be able to demonstrate compliance with these Clauses. In particular, HappyLoop shall maintain appropriate documentation on the processing activities carried out on behalf of the data exporter, which can range from answering questions like 'What is our monthly revenue?' to performing tasks via chatbot instruction.
(c) HappyLoop shall make available to the data exporter all information necessary to demonstrate compliance with the obligations set out in these Clauses. Upon the data exporter’s request, HappyLoop will allow for and contribute to audits of the processing activities covered by these Clauses, conducted at reasonable intervals or if there are indications of non-compliance. In deciding on a review or audit, the data exporter may consider relevant certifications held by HappyLoop.
(d) The data exporter may choose to conduct the audit independently or mandate an independent auditor. Audits may include inspections at the premises or physical facilities of HappyLoop and shall, where appropriate, be carried out with reasonable notice.
(e) Both Parties shall make the information referred to in paragraphs (b) and (c), including the results of any audits, available to the competent supervisory authority upon request.
Use of Sub-processors
(a) HappyLoop has the data exporter's general authorization for the engagement of sub-processor(s) from an agreed list. HappyLoop shall specifically inform the data exporter in writing of any intended changes to that list through the addition or replacement of sub-processors at least [Specify time period] in advance, thereby giving the data exporter sufficient time to be able to object to such changes prior to the engagement of the sub-processor(s). HappyLoop shall provide the data exporter with the information necessary to enable the data exporter to exercise its right to object.
(b) When HappyLoop engages a sub-processor to carry out specific processing activities (on behalf of the data exporter), it shall do so through a written contract that, in substance, maintains the same data protection obligations as those binding HappyLoop under these Clauses, including terms of third-party beneficiary rights for data subjects. The Parties agree that, by complying with this Clause, HappyLoop fulfills its obligations under the previous clauses concerning data transfers and protections. HappyLoop shall ensure that the sub-processor complies with the obligations to which HappyLoop is subject pursuant to these Clauses.
(c) Upon request, HappyLoop shall provide the data exporter with a copy of such a sub-processor agreement and any subsequent amendments. To protect business secrets or other confidential information, including personal data, HappyLoop may redact portions of the agreement prior to sharing a copy.
(d) HappyLoop shall remain fully responsible to the data exporter for the performance of the sub-processor’s obligations under its contract with HappyLoop. HappyLoop shall notify the data exporter of any failure by the sub-processor to fulfill its obligations under that contract.
(e) HappyLoop shall agree on a third-party beneficiary clause with the sub-processor. In the event that HappyLoop has factually disappeared, ceased to exist in law, or has become insolvent, the data exporter shall have the right to terminate the sub-processor contract and to instruct the sub-processor to erase or return the personal data.
Data Subject Rights
(a) HappyLoop shall promptly notify the data exporter of any request it has received from a data subject. HappyLoop shall not respond to that request itself unless it has been authorized to do so by the data exporter.
(b) HappyLoop shall assist the data exporter in fulfilling its obligations to respond to data subjects' requests for the exercise of their rights under Regulation (EU) 2016/679. In this regard, the Parties shall set out in Annex II the appropriate technical and organizational measures, considering the nature of the processing, by which the assistance shall be provided, as well as the scope and the extent of the assistance required.
(c) In fulfilling its obligations under paragraphs (a) and (b), HappyLoop shall comply with the instructions from the data exporter.
(a) HappyLoop shall inform data subjects in a transparent and easily accessible format, either through individual notice or on its website, of a designated contact point authorized to handle complaints. HappyLoop shall promptly address any complaints received from a data subject.
(b) In the event of a dispute between a data subject and one of the Parties concerning compliance with these Clauses, that Party shall use its best efforts to resolve the issue amicably and in a timely manner. The Parties shall keep each other informed about such disputes and, where appropriate, cooperate in resolving them.
(c) If the data subject invokes a third-party beneficiary right pursuant to Clause 3, HappyLoop shall accept the decision of the data subject to:
(i) Lodge a complaint with the supervisory authority in the Member State of their habitual residence or place of work, or with the competent supervisory authority as per Clause 13;
(ii) Refer the dispute to the competent courts within the meaning of Clause 18.
(d) The Parties agree that the data subject may be represented by a not-for-profit body, organization, or association under the conditions set out in Article 80(1) of Regulation (EU) 2016/679.
(e) HappyLoop shall abide by a decision that is binding under applicable EU or Member State law.
(f) HappyLoop agrees that the choice made by the data subject will not prejudice their substantive and procedural rights to seek remedies in accordance with applicable laws.
(a) Each Party shall be liable to the other Party/ies for any damages it causes the other Party/ies by any breach of these Clauses.
(b) HappyLoop shall be liable to the data subject, and the data subject shall be entitled to receive compensation, for any material or non-material damages HappyLoop or its sub-processor causes the data subject by breaching the third-party beneficiary rights under these Clauses.
(c) Notwithstanding paragraph (b), the data exporter shall be liable to the data subject, and the data subject shall be entitled to receive compensation, for any material or non-material damages the data exporter or HappyLoop (or its sub-processor) causes the data subject by breaching the third-party beneficiary rights under these Clauses. This is without prejudice to the liability of the data exporter and, where the data exporter is a processor acting on behalf of a controller, to the liability of the controller under Regulation (EU) 2016/679 or any applicable regulation.
(d) The Parties agree that if the data exporter is held liable under paragraph (c) for damages caused by HappyLoop (or its sub-processor), it shall be entitled to claim back from HappyLoop that part of the compensation corresponding to HappyLoop's responsibility for the damage.
(e) Where more than one Party is responsible for any damage caused to the data subject as a result of a breach of these Clauses, all responsible Parties shall be jointly and severally liable, and the data subject is entitled to bring an action in court against any of these Parties.
(f) The Parties agree that if one Party is held liable under paragraph (e), it shall be entitled to claim back from the other Party/ies that part of the compensation corresponding to its/their responsibility for the damage.
(g) HappyLoop may not invoke the conduct of a sub-processor to avoid its own liability.
(a) The supervisory authority of one of the Member States in which the data subjects whose personal data is transferred under these Clauses in relation to the use of HappyLoop's services are located, as indicated in a specified annex, shall act as the competent supervisory authority.
(b) HappyLoop agrees to submit itself to the jurisdiction of and cooperate with the competent supervisory authority in any procedures aimed at ensuring compliance with these Clauses. Specifically, HappyLoop agrees to respond to inquiries, submit to audits, and comply with the measures adopted by the supervisory authority, including remedial and compensatory measures. HappyLoop shall provide the supervisory authority with written confirmation that the necessary actions have been taken.
SECTION III – LOCAL LAWS AND OBLIGATIONS IN CASE OF ACCESS BY PUBLIC AUTHORITIES
Local laws and practices affecting compliance with the Clauses
(a) The Parties warrant that they have no reason to believe that the laws and practices in the third country of destination applicable to the processing of the personal data by HappyLoop, including any requirements to disclose personal data or measures authorizing access by public authorities, prevent HappyLoop from fulfilling its obligations under these Clauses. This is based on the understanding that laws and practices that respect the essence of the fundamental rights and freedoms and do not exceed what is necessary and proportionate in a democratic society to safeguard one of the objectives listed in Article 23(1) of Regulation (EU) 2016/679, are not in contradiction with these Clauses.
(b) The Parties declare that in providing the warranty in paragraph (a), they have taken due account in particular of the following elements:
(i) The specific circumstances of the use of HappyLoop, including the functionality enabled by the web application and Google Chrome extension, the number of third-party tools integrated, and the types of data queries and tasks users can perform; intended onward transfers; the type of recipient; the purpose of processing; the categories and format of the transferred personal data; the economic sector in which the use of HappyLoop occurs; the storage location of the data transferred;
(ii) The laws and practices of the third country of destination — including those requiring the disclosure of data to public authorities or authorizing access by such authorities — relevant in light of the specific circumstances of the use of HappyLoop, and the applicable limitations and safeguards;
(iii) Any relevant contractual, technical, or organizational safeguards put in place to supplement the safeguards under these Clauses, including measures applied during the data querying and task execution processes, as well as to the processing of the personal data in the country of destination.
(c) HappyLoop warrants that, in carrying out the assessment under paragraph (b), it has made its best efforts to provide the user with relevant information and agrees that it will continue to cooperate with the user in ensuring compliance with these Clauses.
(d) Both Parties agree to document the assessment under paragraph (b) and make it available to the competent supervisory authority upon request.
(e) HappyLoop agrees to notify the user promptly if, after having agreed to these Clauses and for the duration of the contract, it has reason to believe that it is or has become subject to laws or practices not in line with the requirements under paragraph (a). This includes changes in laws of the third country or a measure (such as a disclosure request) indicating an application of such laws in practice that is not in line with the requirements in paragraph (a).
(f) Following a notification pursuant to paragraph (e), or if the user otherwise has reason to believe that HappyLoop can no longer fulfill its obligations under these Clauses, the user shall promptly identify appropriate measures (e.g., technical or organizational measures to ensure security and confidentiality) to be adopted by the user and/or HappyLoop to address the situation. The user shall suspend the use of HappyLoop if it considers that no appropriate safeguards for data transfer can be ensured, or if instructed by the competent supervisory authority to do so. In this case, the user shall be entitled to terminate the contract, insofar as it concerns the processing of personal data under these Clauses. If the contract involves more than two Parties, the user may exercise this right to termination only with respect to the relevant Party, unless the Parties have agreed otherwise. Where the contract is terminated pursuant to this Clause, specific termination clauses shall apply.
Obligations of HappyLoop in Case of Access by Public Authorities
(a) HappyLoop agrees to notify the user and, where possible, the data subject promptly (if necessary with the help of the user) if it:
(i) Receives a legally binding request from a public authority, including judicial authorities, under the laws of the country of destination for the disclosure of personal data processed through HappyLoop; such notification shall include information about the personal data requested, the requesting authority, the legal basis for the request, and the response provided.
(ii) Becomes aware of any direct access by public authorities to personal data processed through HappyLoop in accordance with the laws of the country of destination; such notification shall include all information available to HappyLoop.
(b) If HappyLoop is prohibited from notifying the user and/or the data subject under the laws of the country of destination, HappyLoop agrees to use its best efforts to obtain a waiver of the prohibition, with a view to communicating as much information as possible, as soon as possible. HappyLoop agrees to document its best efforts in order to be able to demonstrate them upon the request of the user.
(c) Where permissible under the laws of the country of destination, HappyLoop agrees to provide the user, at regular intervals for the duration of the contract, with as much relevant information as possible on the requests received (in particular, the number of requests, the type of data requested, requesting authority/ies, whether requests have been challenged and the outcome of such challenges, etc.).
(d) HappyLoop agrees to preserve the information pursuant to paragraphs (a) to (c) for the duration of the contract and make it available to the competent supervisory authority upon request.
(e) Paragraphs (a) to (c) are without prejudice to the obligation of HappyLoop pursuant to previous clauses to inform the user promptly where it is unable to comply with these Clauses.
15.2 Review of Legality and Data Minimization
(a) HappyLoop agrees to review the legality of the request for disclosure, especially to determine whether it remains within the powers granted to the requesting public authority. HappyLoop will challenge the request if, after careful assessment, it concludes that there are reasonable grounds to believe that the request is unlawful under the laws of the country of destination, applicable obligations under international law, and principles of international comity. HappyLoop shall, under the same conditions, pursue possibilities for appeal. When challenging a request, HappyLoop will seek interim measures to suspend the effects of the request until a competent judicial authority has decided on its merits. HappyLoop shall not disclose the personal data requested until it is required to do so under applicable procedural rules. These requirements are without prejudice to HappyLoop's obligations under previous clauses to inform the user promptly if it is unable to comply with these Clauses.
(b) HappyLoop agrees to document its legal assessment and any challenges made to the request for disclosure. To the extent permissible under the laws of the country of destination, HappyLoop will make this documentation available to the user. It will also make it available to the competent supervisory authority upon request.
(c) HappyLoop agrees to provide the minimum amount of information permissible when responding to a request for disclosure, based on a reasonable interpretation of the request.
SECTION IV – FINAL PROVISIONS
Clause 16: Non-compliance and Termination
(a) HappyLoop shall promptly inform the user if it is unable to comply with these Clauses, for whatever reason.
(b) In the event that HappyLoop is in breach of these Clauses or unable to comply with them, the user shall suspend the use of HappyLoop's services until compliance is again ensured or the user agreement is terminated. This is without prejudice to any previous clauses regarding data security and confidentiality.
(c) The user shall be entitled to terminate the user agreement, insofar as it concerns the processing of personal data under these Clauses, where:
(i) The user has suspended the use of HappyLoop's services pursuant to paragraph (b) and compliance is not restored within a reasonable time, and in any event within one month of suspension;
(ii) HappyLoop is in substantial or persistent breach of these Clauses; or
(iii) HappyLoop fails to comply with a binding decision of a competent court or supervisory authority regarding its obligations under these Clauses.
In these cases, the user shall inform the competent supervisory authority of such non-compliance. Where the user agreement involves more than two Parties, the right to termination may be exercised only with respect to the relevant Party, unless the Parties have agreed otherwise.
(d) Personal data that has been transferred prior to the termination of the user agreement pursuant to previous clauses shall, at the choice of the user, immediately be returned to the user or deleted in its entirety. The same shall apply to any copies of the data. HappyLoop shall certify the deletion of the data to the user. Until the data is deleted or returned, HappyLoop shall continue to ensure compliance with these Clauses. In case of local laws applicable to HappyLoop that prohibit the return or deletion of the transferred personal data, HappyLoop warrants that it will continue to ensure compliance with these Clauses and will only process the data to the extent and for as long as required under that local law.
(e) Either Party may revoke its agreement to be bound by these Clauses where:
(i) The European Commission adopts a decision pursuant to Article 45(3) of Regulation (EU) 2016/679 that covers the transfer of personal data to which these Clauses apply; or
(ii) Regulation (EU) 2016/679 becomes part of the legal framework of the country to which the personal data is transferred.
This is without prejudice to other obligations applying to the processing in question under Regulation (EU) 2016/679.
Clause 17: Governing Law
These Clauses shall be governed by the law of the EU Member State in which the user is established. Where such law does not allow for third-party beneficiary rights, they shall be governed by the law of another EU Member State that does allow for third-party beneficiary rights.
Clause 18: Choice of Forum and Jurisdiction
(a) Any dispute arising from these Clauses shall be resolved by the courts of an EU Member State.
(b) The Parties agree that these shall be the courts of a Member State to be agreed upon between the Parties, and based on the location of the user who is using HappyLoop's services.
(c) A user may also bring legal proceedings against HappyLoop before the courts of the Member State in which he/she has his/her habitual residence.
(d) The Parties agree to submit themselves to the jurisdiction of such courts.
SCHEDULE 2 - HappyLoop UK-SCCs
Table 1: Selected HappyLoop SCCs, Modules, and Selected Clauses
Addendum EU SCCs: ☐ the Approved EU SCCs, including the Appendix Information and with only the following modules, clauses or optional provisions of the Approved EU SCCs brought into effect for the purposes of this Addendum:
Entering into this Addendum
- Each Party agrees to be bound by the terms and conditions set out in this Addendum, in exchange for the other Party also agreeing to be bound by this Addendum.
- Although Schedule 2, Annex 1A, and Clause 7 of the HappyLoop UK-SCCs require signature by the Parties, for the purpose of utilizing HappyLoop’s services, the Parties may enter into this Addendum in any way that makes them legally binding on the Parties and allows users to enforce their rights as set out in this Addendum. Entering into this Addendum will have the same effect as signing the HappyLoop UK-SCCs and any part thereof.
Interpretation of this Addendum
3. Where this Addendum uses terms that are defined in the Approved EU SCCs, those terms shall have the same meaning as in the Approved EU SCCs. In addition, the following terms have the following meanings:
Addendum: This International Data Transfer Addendum, which is made up of this Addendum incorporating the HappyLoop EU SCCs.
HappyLoop EU SCCs: The version(s) of the Approved EU SCCs to which this Addendum is appended, as set out in Table 1, including the Appendix Information.
Appendix Information: As set out in Table 3.
Appropriate Safeguards: The standard of protection over the personal data and data subjects' rights, which is required by UK Data Protection Laws when you are using HappyLoop's services.
Approved Addendum: The template Addendum issued by the ICO and laid before Parliament, as it is revised under Section 18.
Approved EU SCCs: The Standard Contractual Clauses set out in the Annex, which are provided in Schedule 3 below.
ICO: The Information Commissioner.
Restricted Transfer: A data operation that is covered by Chapter V of the UK GDPR within HappyLoop's services.
UK: The United Kingdom of Great Britain and Northern Ireland.
UK Data Protection Laws: All laws relating to data protection, the processing of personal data, privacy, and/or electronic communications in force from time to time in the UK, including the UK GDPR and the Data Protection Act 2018.
UK GDPR: As defined in section 3 of the Data Protection Act 2018.
4. This Addendum must always be interpreted in a manner that is consistent with UK Data Protection Laws and so that it fulfills HappyLoop's and the Users’ obligation to provide the Appropriate Safeguards.
5. If the provisions included in the HappyLoop EU SCCs amend the Approved SCCs in any way which is not permitted under the Approved EU SCCs or the Approved Addendum, such amendment(s) will not be incorporated in this Addendum, and the equivalent provision of the Approved EU SCCs will take their place.
6. If there is any inconsistency or conflict between UK Data Protection Laws and this Addendum, UK Data Protection Laws apply.
7. If the meaning of this Addendum is unclear or there is more than one meaning, the meaning which most closely aligns with UK Data Protection Laws applies.
8. Any references to legislation (or specific provisions of legislation) mean that legislation (or specific provision) as it may change over time. This includes where that legislation (or specific provision) has been consolidated, re-enacted, and/or replaced after this Addendum has been entered into.
9. Although Clause 5 of the Approved EU SCCs states that the Approved EU SCCs prevail over all related agreements between the parties, the parties agree that, for Restricted Transfers, the hierarchy in Section 10 will prevail.
10. Where there is any inconsistency or conflict between this Addendum and the HappyLoop EU SCCs (as applicable), this Addendum overrides the HappyLoop EU SCCs, except where (and in so far as) the inconsistent or conflicting terms of the HappyLoop EU SCCs provide greater protection for data subjects, in which case those terms will override this Addendum.
11. Where this Addendum incorporates HappyLoop EU SCCs which have been entered into to protect transfers subject to the General Data Protection Regulation (EU) 2016/679, then the Parties acknowledge that nothing in this Addendum impacts those HappyLoop EU SCCs.
Incorporation of and Changes to EU SCCs
12. This Addendum incorporates the HappyLoop EU SCCs which are amended to the extent necessary so that:
a. together they operate for data transfers made by the data exporter to the data importer, to the extent that UK Data Protection Laws apply to the data exporter’s processing when making that data transfer, and they provide Appropriate Safeguards for those data transfers;
b. Sections 9 to 11 override Clause 5 (Hierarchy) of the HappyLoop EU SCCs; and
c. this Addendum (including the HappyLoop EU SCCs incorporated into it) is (1) governed by the laws of England and Wales and (2) any dispute arising from it is resolved by the courts of England and Wales, in each case unless the laws and/or courts of Scotland or Northern Ireland have been expressly selected by the Parties.
13. Unless the Parties have agreed upon alternative amendments that meet the requirements of Section 12, the provisions of Section 15 will apply.
14. No amendments to the HappyLoop EU SCCs other than to meet the requirements of Section 12 may be made.
15. The following amendments to the HappyLoop EU SCCs (for the purpose of Section 12) are made:
a. References to the “Clauses” means this Addendum, incorporating the HappyLoop EU SCCs;
b. In Clause 2, delete the words:
“and, with respect to data transfers from controllers to processors and/or processors to processors, standard contractual clauses pursuant to Article 28(7) of UK Data Protection Laws”;
c. Clause 6 (Description of the transfer(s)) is replaced with:
“The details of the transfer(s), and in particular the categories of personal data that are transferred and the purpose(s) for which they are transferred, are those specified in Schedule 3, Annex I.B where UK Data Protection Laws apply to the data exporter’s processing when making that transfer.”;
d. Clause 8.7(i) of Module 1 is replaced with:
“it is to a country benefitting from adequacy regulations pursuant to Section 17A of the UK GDPR that covers the onward transfer”;
e. Clause 8.8(i) of Modules 2 and 3 is replaced with:
“the onward transfer is to a country benefitting from adequacy regulations pursuant to Section 17A of the UK GDPR that covers the onward transfer;”
f. References to specific Articles or Sections of “UK Data Protection Laws” are used where applicable.
g. References to Regulation (EU) 2018/1725 are removed;
h. References to the “European Union”, “Union”, “EU”, “EU Member State”, “Member State” and “EU or Member State” are all replaced with the “UK”;
i. The reference to “Clause 12(c)(i)” at Clause 10(b)(i) of Module one is replaced with “Clause 11(c)(i)”;
j. Clause 13(a) and Part C of Annex I of Schedule 3, are not used;
k. The “competent supervisory authority” and “supervisory authority” are both replaced with the “Information Commissioner”;
l. In Clause 16(e), subsection (i) is replaced with:
“the Secretary of State makes regulations pursuant to Section 17A of the Data Protection Act 2018 that cover the transfer of personal data to which these clauses apply;”;
m. Clause 17 is replaced with:
“These Clauses are governed by the laws of England and Wales.”;
n. Clause 18 is replaced with:
“Any dispute arising from these Clauses shall be resolved by the courts of England and Wales. A data subject may also bring legal proceedings against the data exporter and/or data importer before the courts of any country in the UK. The Parties agree to submit themselves to the jurisdiction of such courts.”; and
o. The footnotes to the HappyLoop EU SCCs do not form part of the Addendum, except for footnotes 8, 9, 10 and 11.
Amendments to this Addendum
16. The Parties may agree to change Clauses 17 and/or 18 of the HappyLoop EU SCCs to refer to the laws and/or courts of Scotland or Northern Ireland.
17. If the Parties wish to change the format of the information included in Part 1: Tables of the HappyLoop Addendum, they may do so by agreeing to the change in writing, provided that the change does not reduce the Appropriate Safeguards.
18. From time to time, the Information Commissioner's Office (ICO) may issue a revised HappyLoop Addendum which:
a. makes reasonable and proportionate changes to the HappyLoop Addendum, including correcting errors in the HappyLoop Addendum; and/or
b. reflects changes to UK Data Protection Laws;
The revised HappyLoop Addendum will specify the start date from which the changes to the HappyLoop Addendum are effective and whether the Parties need to review this Addendum including the Appendix Information. This Addendum is automatically amended as set out in the revised HappyLoop Addendum from the start date specified.
19. If the ICO issues a revised HappyLoop Addendum under Section 18, if any Party selected in Table 4 “Ending the Addendum when the HappyLoop Addendum changes”, will as a direct result of the changes in the HappyLoop Addendum have a substantial, disproportionate and demonstrable increase in:
a. its direct costs of performing its obligations under the Addendum; and/or
b. its risk under the Addendum,
and in either case, it has first taken reasonable steps to reduce those costs or risks so that they are not substantial and disproportionate, then that Party may end this Addendum at the end of a reasonable notice period, by providing written notice for that period to the other Party before the start date of the revised HappyLoop Addendum.
20. The Parties do not need the consent of any third party to make changes to this Addendum, but any changes must be made in accordance with its terms.
SCHEDULE 3 - ANNEX I
A. LIST OF PARTIES
Data exporter(s): [Identity and contact details of the data exporter(s) and, where applicable, of its/their data protection officer and/or representative in the UK]
Contact person’s name, position and contact details: …
Activities relevant to the data transferred under these Clauses: …
Signature and date: …
Role (controller/processor): …
Address: 2810 N Church St, PMB 93186, Wilmington, Delaware 19802-4447, US
Contact person’s name, position and contact details: David Toman, CTO, firstname.lastname@example.org
Activities relevant to the data transferred under these Clauses: HappyLoop’s provision of services pursuant to the Master Subscription Agreement.
Signature and date: Effective date of the Master Subscription Agreement.
Role (controller/processor): Processor.
B. DESCRIPTION OF TRANSFER
Categories of data subjects whose personal data is transferred:
Data subjects include the data exporter’s customer’s representatives and end-users, including employees, contractors, vendors, and customers of the data exporter.
Categories of personal data transferred:
The personal data transferred includes chat data, business metrics, task data, and contact information, all in the context of the Services provided by HappyLoop.
Sensitive data transferred (if applicable) and applied restrictions or safeguards:
Frequency of the transfer:
Nature of the processing:
Cloud-based, API access, web application, and Google Chrome extension.
Purpose(s) of the data transfer and further processing:
To enhance work efficiency by providing insights, automating tasks, answering business-related queries, and integrating with third-party tools like Stripe, Zendesk, Asana, Hubspot, and Notion.
For the term of the Master Subscription Agreement between HappyLoop and the Customer.
For transfers to (sub-) processors, also specify subject matter, nature, and duration of the processing:
The nature of any processing by sub-processors is to facilitate the Services by HappyLoop. The duration is for the term of the Master Subscription Agreement between HappyLoop and the Customer.
C. COMPETENT SUPERVISORY AUTHORITY
Identify the competent supervisory authority/ies in accordance with Clause 13:
The supervisory authorities in the states in which the data subjects reside.
SCHEDULE 3 - ANNEX II
TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA
The data importer, in this case, HappyLoop, will implement and maintain appropriate security standards which consider the state of the art, the costs of implementation, and the nature, scope, context, and purposes of processing, as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons. The aim is to ensure a level of security appropriate to the nature of the information processed.
The security measures employed by HappyLoop include, but are not limited to, the following:
- Data Storage: HappyLoop utilizes secure cloud platforms for storing data, incorporating encryption protocols for data both at rest and in transit.
- Security Audits: HappyLoop engages with third-party security experts to conduct regular vulnerability scanning of HappyLoop’s network and environment. Regular penetration testing is also carried out.
- Access Control: Access to sensitive data within HappyLoop is restricted to authorized personnel who have a demonstrable need to know the information.
- Incident Response: HappyLoop maintains a detailed incident response plan and tests the plan's effectiveness through regular exercises.
- Physical and Digital Security: Measures are taken to secure HappyLoop's physical premises as well as its digital properties, networks, devices, and databases against unlawful and unauthorized access and intrusion.
- Data Handling: HappyLoop employs methods to ensure that sensitive information is transmitted, stored, and disposed of in a secure manner.
- Patch Management: Procedures are in place to appropriately deploy security patches and updates, and to address vulnerabilities as they arise.
- Personnel Security: Integrity procedures and practices are in place that are appropriate to the personnel who may have access to sensitive data.
- Training: All HappyLoop personnel are trained on the importance of security and the measures implemented throughout HappyLoop's environment.
SCHEDULE 3 - ANNEX III
LIST OF SUB-PROCESSORS
The controller has authorized the use of the following sub-processors for HappyLoop:
- Name: Google Cloud Engine
- Address: US Central Council Bluffs, IA 51501
- Contact person’s name, position, and contact details: David Toman, CTO, email@example.com
- Description of processing: Provide cloud-based services to allow HappyLoop to deliver the Services as set forth in the Master Subscription Agreement between HappyLoop and the Customer.
- Name: Amazon AWS
- Address: US East 6685 Crosby Ct, Plain City, OH 43064
- Contact person’s name, position, and contact details: David Toman, CTO, firstname.lastname@example.org
- Description of processing: Provide cloud-based services to allow HappyLoop to deliver the Services as set forth in the Master Subscription Agreement between HappyLoop and the Customer.
- Name: Auth0
- Address: Suite 700, 10800 North East 8th Street, Bellevue, Washington, 98004
- Contact person’s name, position, and contact details: David Toman, CTO, email@example.com
- Description of processing: Provide authentication and authorization services to allow HappyLoop to securely manage user identities and deliver the Services as set forth in the Master Subscription Agreement between HappyLoop and the Customer.