Data Processing Agreement

Last Updated: Saturday, September 4, 2021

1 INTRODUCTION

This Agreement between Logically Social Inc. (“we”, “us”, “our”) and you the users (“users”, “you”, “your,”) reflects the agreement with respect to the Controlling and Processing Personal Data on behalf of a Data Subject for the provision of the Platform and connected Services as may be applicable. This Agreement shall hereby, through this reference, be construed as a part of our Privacy Policy.

2 DEFINITIONS

2.1 “Agreement”, “DPA” means this Data Processing

2.2 “Contracted Processor” means a Subprocessor;

2.3 “Data Protection Laws” means EU Directive 95/46/EC, as transposed into domestic legislation of each Member State, and as amended, replaced, or superseded from time to time, including by the GDPR and laws implementing or supplementing the GDPR and, to the extent applicable, the data protection or privacy laws of any other

2.4 “Data Transfer” means a transfer of Personal Data to a Subprocessor as specified herein;

2.5 “EEA” means the European Economic Area;

2.6 “GDPR” means EU General Data Protection Regulation 2016/679;

2.7 “Permitted Affiliates” means any of your Affiliates that (i) are permitted to use the Services pursuant to the Agreement but have not signed their own separate agreement with us and are not a Consumer as defined under the Agreement, (ii) qualify as a Controller of Personal Data Processed by us, and (iii) are subject to Data Protection

2.8 “Personal Data” means any information about an identified or identifiable natural An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number, location data, online identifier, or to one or more factors specific to that person’s physical, physiological, genetic, mental, economic, cultural, or social identity.

2.9 “Personal Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored, or otherwise Processed by where applicable us/ Parties and/or our Sub-Processors in connection with the provision of the Services. “Personal Data Breach” will not include unsuccessful attempts or activities that do not compromise the security of Personal Data, including unsuccessful log-in attempts, pings, port scans, denial of service attacks, and other network attacks on firewalls or networked

2.10 “Platform” means our website at https://logicallysocial.com/, media channels, software as well as any mobile applications linked and connected

2.11 “Services” means the services provided by us through the

2.12 “Special categories” of personal data (sensitive personal data) relate to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person’s sex life or sexual orientation. Special category data can include racial and ethnic origin, health records, criminal record check

2.13 “Subprocessor” means any person appointed by or on behalf of us to process Personal Data in connection with the Agreement.

2.14 The terms, “Commission”, “Controller”, “Consumer”, “Processor”, “Data Subject”, “Member State”, “Processing” and “Supervisory Authority” shall have the same meaning as in the GDPR, and their cognate terms shall be construed

3 TERM

The term of this Agreement commences as soon as you sign up for an account with us and subsists unless terminated by you or us in accordance with the terms and conditions of the applicable contract between us and you. Termination of this Agreement does not waive any obligations such as “confidentiality” and other terms of similar nature which ought to survive the termination of this Agreement. By clicking on “Accept” or other analogous terms when prompted, you agree to be bound by the terms of this DPA.

4 STATEMENT ON DATA PROTECTION

We are the Data Controller and Processor and are committed to protecting your rights in line with the Data Protection Laws. We are committed to keeping your Personal Data and any other personal data collected, used, or stored by us as secure and private as possible. Where applicable, you shall also be bound by the same or stricter obligations applicable to us for personal data processing activities when you collect Personal Data of other users for any reason. You shall not use any Personal Data for any commercial activities and other activities in contravention of any applicable laws.

5 SCOPE AND APPLICATION

This Agreement governs how your Personal Data is shared. Our rights and obligations are specified herein.

6 PRINCIPLES

6.1 In accordance with the requirements outlined in the Data Protection Laws, Personal Data will be:

6.1.1 Processed lawfully, fairly and in a transparent

6.1.2 Collected for specified, explicit and legitimate purposes and processed in a manner that is compatible with those purposes;

6.1.3 Adequate, relevant, and limited to what is necessary in relation to the purposes for which they are

6.1.4 Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that Personal Data that is inaccurate, having regard to the purposes for which they are processed, are erased, or rectified without delay.

6.1.5 Kept no longer than is necessary for the purposes for which the Personal Data are processed;

6.1.6 Processed in a manner that ensures appropriate security of the Personal Data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.

7 DATA PROTECTION OFFICER (DPO)

7.1 We have an appointed DPO who will:

7.1.1 Inform and advise us and our personnel about their obligations to comply with the Data Protection Laws and other data protection laws.

7.1.2 Monitor our compliance with the Data Protection Laws, including managing internal data protection activities, advising on data protection impact assessments, conducting internal audits, and providing the required training to

7.1.3 We have a Data Protection Officer who can be contacted through email at [email protected]. The individual appointed as DPO will have professional experience and knowledge of data protection The DPO will report to the highest level of management at Seccuracy. The DPO will operate independently and will not be dismissed or penalized for performing their task.

8 SECURITY

8.1 Considering the state of the art, the costs of implementation and the nature, scope, context, and purposes of Processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Processor shall in relation to the Personal Data implement appropriate technical and organizational measures to ensure a level of security appropriate to that risk, including, as appropriate, the measures referred to in Article 32(1) of the GDPR.

8.2 In assessing the appropriate level of security, we shall particularly consider the risks that are presented by Processing, from a Personal Data

8.3 Encryption methods such as SSL, and HTTPS are utilized to protect Personal We have also implemented a logging and audit system which will notify us upon any Personal Data Breach. Our systems are designed to block any suspicious IP addresses and spams automatically. If Personal Data such as passwords and other credentials are attempted to be stolen, such hackers shall be blocked from using our systems to gain access to your credentials pre-emptively.

9 DATA PROTECTION IMPACT ASSESSMENT AND PRIOR CONSULTATION

Where applicable, you shall provide reasonable assistance to us with any data protection impact assessments and prior consultations with Supervising Authorities or other competent data privacy authorities, which we reasonably consider to be required by article 35 or 36 of the GDPR or equivalent provisions of any other Data Protection Law, in each case solely in relation to Processing of Company Personal Data by, and taking into account the nature of the Processing and information available to, the Contracted Processors.

10 NETWORK SECURITY

We shall maintain policies and procedures around the network infrastructure used to process Personal Data, establish, and enforce safe network practices, and define service level agreements with internal and external network services.

11 ACCOUNTABILITY

We implement appropriate technical and organizational measures to demonstrate that data is processed in line with the principles set out in Data Protection Laws. Records of activities relating to higher risk processing will be maintained, such as the processing of special categories data or that in relation to criminal convictions and offences.

12 LAWFUL PROCESSING

12.1 The legal basis for processing data will be identified and documented prior to data being processed. Under Data Protection Laws, data will be lawfully processed under the following conditions:

12.1.1 The consent of the data subject has been

12.1.2 Processing is necessary for:

- - - - Compliance with a legal
      - For the performance of a contract with the data subject or to take steps to enter into a contract.
      - Protecting the vital interests of a data subject or another
      - For the purposes of legitimate interests pursued by the controller or a third party.

12.2 Special category data will only be processed under the following conditions:

12.2.1 Explicit consent of the data subject,

12.2.2 Processing relates to personal data manifestly made public by the data

12.2.3 Processing is necessary for:

- - - - Carrying out obligations under employment, social security or social protection law, or a collective agreement.
      - Protecting the vital interests of a data subject or another individual where the data subject is physically or legally incapable of giving consent.
      - The establishment, exercise, or defence of legal claims or where courts are acting in their judicial capacity.

13 ACCESS TO PERSONAL DATA; USAGE

13.1 We strive to maintain the highest security standards with respect to the Personal Data of data As such, the Personal Data is shared strictly for the purposes for which it was collected. The Personal Data is not shared with any individual or entity not bound by strict confidentiality obligations in writing. The Personal Data shall solely be shared with our sales and social media management team and other personnel engaged by us to whom sharing of Personal Data is necessary to provide services.

13.2 We share Personal Data with our sales team to contact you and accordingly provide you with information regarding our services. Personal Data is shared with our social media management team so that we can provide our services to you whilst maintaining confidentiality as laid down in this DPA, our Privacy Policy and confidentiality and privacy provisions in other documents which we may use to enter into contracts with you.

As Personal Data is not shared by us with any party not bound by strict confidentiality obligations in writing, as applicable, all Processors shall not engage Subprocessors without our consent.

14 INDIVIDUAL’S RIGHTS

14.1 Individuals have the following rights pertaining to their personal data:

14..1.1 To be informed – that means an individual has the right to be informed about the collection and use of their personal

14.1.2 Rights to access and port data – that means an individual has the right to access their personal data and supplementary

14.1.3 To rectify – that means an individual is entitled to have personal data rectified if it is inaccurate or

14.1.4 To erase – is also known as ‘the right to be forgotten’. That means right is to enable an individual to request the deletion or removal of personal data where there is no compelling reason for its continued processing.

14.1.5 To restrict individual’s data – that means an individual has a right to ‘block’ or suppress processing of personal data.

14.1.6 To object to processing.

14.1.7 To withdraw consent if processing is based on consent.

15 PRIVACY BY DESIGN

We will act in accordance with the Data Protection Laws by adopting a privacy by design approach and implementing technical and organizational measures which demonstrate how we have considered and integrated data protection into processing activities.

16 AFFILIATES AND THIRD PARTY SUBPROCESSORS

To the extent we engage Third Party Subprocessors and/or our Affiliates to Process Personal Data, such entities shall be subject to the same level of data protection and security as us under this Agreement and our Privacy Policy.

17 DATA BREACHES

We will strive to ensure that all our personnel are made aware of, and understand, what constitutes as a data breach as part of their training. Where a breach is likely to result in a risk to the rights and freedoms of individuals, the appropriate authorities will be informed. All notifiable breaches will be reported to the relevant supervisory authority within 72 hours of us becoming aware of it. The risk of the breach having a detrimental effect on the individual, and the need to notify the relevant supervisory authority, will be assessed on a case-by-case basis. In the event that a breach is likely to result in a high risk to the rights and freedoms of an individual, we will notify those concerned directly.

18 DATA TRANSFER

You may not transfer or authorize the transfer of Data to countries outside the EU and/or the European Economic Area (EEA) without our prior written consent.

19 DELETION OR RETURN OF PERSONAL DATA

19.1 Subject to this section, we shall promptly and in any event within 40 business days of the date of cessation of any Services, or upon the request of a Data Subject involving the Processing of Personal Data (the “Cessation Date“), delete and procure the deletion of all copies of those Personal Data.

19.2 Notwithstanding the foregoing, For the purposes of keeping records, we retain Personal Data for a period of at least 3 years.

20 AMENDMENTS

We shall have the right to make modifications or replace any of our policies, or suspend, change, or discontinue the Platform (including but not limited to, the availability of any featured content, or database,) at any time or instance by posting a notice through the Platform. We may also do so by sending you a notice via email, via the Platform, or by any other means of communication. We reserve the right to impose limits on certain features and services. We may if required to do so restrict your access to parts or all of the Platform without notice or liability. We endeavour to try and provide notice of modifications to this Agreement. However, you also agree that it is also your responsibility to make reasonable efforts to be aware of such modifications.

21 NOTICES

All notices under this Agreement shall be in writing unless otherwise specified in this Agreement. Notices to us shall be sent by email to [email protected]. You shall ensure written confirmation of receipt for notice to be effective. Notices to you shall be sent to your last known email address (or the email address of your successor, if any) and/or to any email address that would be reasonably likely to provide notice to you, and such notice shall be effective upon transmission.

22 NO WAIVER

Our failure to enforce any part of this Agreement shall not constitute a waiver of our right to later enforce that or any other part of this Agreement. Waiver of compliance in any particular instance does not mean that we will waive compliance in the future.

23 INTERPRETATION

The headers are provided only to make this agreement easier to read and understand.

24 GOVERNING LAW

You agree that the validity, operation, and performance of these Terms shall be governed by and interpreted in accordance with the laws of Canada applicable therein (notwithstanding conflict of law rules). You expressly and irrevocably concede to the jurisdiction of courts located in Ontario, Canada, with respect to any matter or claim, suit, action or proceeding arising under or related to this Agreement.

25 CONTACT

You may contact us through the address given below:

Company name: Logically Social Inc.,

Email: [email protected]