Bookchain® and Bookchain Solutions® by Scenarex Inc Data Processing Terms


These Bookchain®️ and Bookchain Solutions®️ by Scenarex Inc (“Bookchain®️ and Bookchain Solutions®️”) Data Processing Terms (including the appendices, “Data Processing Terms”) will apply to the processing of Customer Personal Data. These terms serve as an addendum to the agreement between you (“Customer”) and Scenarex Inc. regarding your use of the Bookchain®️ and Bookchain Solutions®️ and Bookchain Solutions®️ service (“Agreement”). Such Agreement may include the Bookchain®️ and Bookchain Solutions®️ Terms of Service or a content license agreement, as applicable to Customer. Please take the time to read these Data Processing Terms carefully.

1. Introduction

These Data Processing Terms reflects the parties’ agreement on the terms governing the processing and security of Customer Personal Data in connection with the Data Protection Legislation.

2. Definitions and Interpretation

2.1 In these Data Processing Terms:

“Affiliate,” if not already defined in the Agreement, means an entity that directly or indirectly controls, is controlled by, or is under common control with, a party.

“Customer Personal Data” means content that is uploaded by Customer to Bookchain®️ and Bookchain Solutions®️ under the terms of the Agreement and processed by Bookchain®️ and Bookchain Solutions®️ on behalf of Customer in Bookchain’s provision of the Processor Services.

“Data Incident” means a breach of Bookchain’s security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Personal Data on systems managed by or otherwise controlled by Bookchain®️ and Bookchain Solutions®️.\

“Data Incidents” will not include unsuccessful attempts or activities that do not compromise the security of Customer Personal Data, including unsuccessful log-in attempts, pings, port scans, denial of service attacks, and other network attacks on firewalls or networked systems.

“Data Protection Legislation” means, as applicable: (a) the GDPR; and/or (b) the Federal Data Protection Act of 19 June 1992 (Switzerland).

“Data Subject Tool” means a tool (if any) made available by Bookchain®️ and Bookchain Solutions®️ to data subjects that enables Bookchain®️ and Bookchain Solutions®️ to respond directly and in a standardized manner to certain requests from data subjects in relation to Customer Personal Data (for example, online advertising settings or an opt-out browser plugin).

“EEA” means the European Economic Area.

“GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

“Bookchain®️ and Bookchain Solutions®️” means the Bookchain®️ and Bookchain Solutions®️ Entity that is party to your Agreement.

“Bookchain Affiliate Subprocessors,” has the meaning given in Section 11.1 (Consent to Subprocessor Engagement).

“ISO 27001 Certification” means ISO/IEC 27001:2013 certification or a comparable certification for the Processor Services.

“Notification Email Address,” means the email address (if any) designated by Customer, via the user interface of the Processor Services or such other means provided by Bookchain®️ and Bookchain Solutions®️, to receive certain notifications from Bookchain®️ and Bookchain Solutions®️ relating to these Data Processing Terms.

“Privacy Shield” means the EU-U.S. Privacy Shield legal framework and the Swiss-U.S. Privacy Shield legal framework.

“Processor Services” means the processing of Customer Personal Data in accordance with these Data Processing Terms.

“Security Documentation” means the certificate issued for the ISO 27001 Certification, if any, and any other security certifications or documentation that Bookchain®️ and Bookchain Solutions®️ may make available in respect of the Processor Services.

“Security Measures,” has the meaning given in Section 7.1.1 (Bookchain’s Security Measures).

“Subprocessors” means third parties authorized under these Data Processing Terms to have logical access to and process Customer Personal Data in order to provide parts of the Processor Services and any related technical support.

“Third Party Subprocessors,” has the meaning given in Section 11.1 (Consent to

Subprocessor Engagement).

2.2 The terms “controller,” “data subjects,” “personal data,” “processing,” “processor” and “supervisory authority” as used in these Data Processing Terms have the meanings given in the GDPR.

2.3 Any reference to a legal framework, statute or other legislative enactment is a reference to it as amended or re-enacted from time to time.

3. Duration of these Data Processing Terms

The term (“Term”) of these Data Processing Terms, and Bookchain’s provision of the Processor Services, will begin on May 25, 2018 (or the date of the Agreement if after May 25, 2018) (“Terms Effective Date”) and will continue until deletion of all Customer Personal Data by Bookchain as described in these Data Processing Terms.

4. Application of these Data Processing Terms

Application of Data Protection Legislation. These Data Processing Terms will only apply to the extent that the Data Protection Legislation applies to the processing of Customer Personal Data, including if:

(a) the processing is in the context of the activities of an establishment of

Customer in the EEA; and/or

(b) Customer Personal Data is personal data relating to data subjects who are

in the EEA and the processing relates to the offering to them of goods or

services or the monitoring of their behaviour in the EEA.

5. Processing of Data

5.1 Roles and Regulatory Compliance; Authorisation.

5.1.1 Processor and Controller Responsibilities.

(a) These Data Processing Terms describe the subject matter and details of the processing of Customer Personal Data;

(b) Bookchain®️ and Bookchain Solutions®️ is a processor of Customer Personal Data under the Data Protection Legislation;

(c) Customer is a controller or processor, as applicable, of Customer Personal Data under the Data Protection Legislation; and

(d) each party will comply with the obligations applicable to it under the Data Protection Legislation with respect to the processing of Customer Personal Data.

5.1.2 Authorisation by Third Party Controller. If Customer is a processor, Customer warrants to Bookchain®️ and Bookchain Solutions®️ that Customer’s instructions and actions with respect to Customer Personal Data, including its appointment of Bookchain®️ and Bookchain Solutions®️ as another processor, have been authorized by the relevant controller.

5.2 Customer’s Instructions. Customer instructs Bookchain®️ and Bookchain Solutions®️ to process Customer Personal Data only in accordance with applicable law and these Data Processing Terms: (a) to provide the Processor Services and any related technical support; (b) as further specified via Customer’s use of the Processor Services (including in the settings and other functionality of the Processor Services) and any related technical support; and (c) as documented in the form of the Agreement, including these Data Processing Terms.

5.3 Bookchain’s Compliance with Instructions. Bookchain®️ and Bookchain Solutions®️ will comply with the instructions described in Section 5.2 (Customer’s Instructions) (including with regard to data transfers) unless EU or EU Member State law to which Bookchain®️ and Bookchain Solutions®️ is subject requires other processing of Customer Personal Data by Bookchain®️ and Bookchain Solutions®️, in which case Bookchain®️ and Bookchain Solutions®️ will inform Customer (unless that law prohibits Bookchain®️ and Bookchain Solutions®️ from doing so on important grounds of public interest).

6. Data Security

6.1 Bookchain’s Security Measures and Assistance.

6.1.1 Bookchain’s Security Measures. Bookchain®️ and Bookchain Solutions®️ will implement and maintain technical and organizational measures to protect Customer Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access. Bookchain®️ and Bookchain Solutions®️ may update or modify the Security Measures from time to time, provided that such updates and modifications do not result in the degradation of the overall security of the Processor Services.

6.1.2 Security Compliance by Bookchain®️ and Bookchain Solutions®️ Staff. Bookchain®️ and Bookchain Solutions®️ will ensure that all persons authorized to process Customer Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

6.1.3 Bookchain’s Security Assistance. Bookchain®️ and Bookchain Solutions®️ will (taking into account the nature of the processing of Customer Personal Data and the information available to Bookchain®️ and Bookchain Solutions®️) assist Customer in ensuring compliance with any obligations of Customer in respect of security of personal data and personal data breaches, including (if applicable) Customer’s obligations pursuant to Articles 32 to 34 (inclusive) of the GDPR, by:

(a) implementing and maintaining the Security Measures in accordance with Section 6.1.1 (Bookchain’s Security Measures);

(b) complying with the terms of Section 6.2 (Data Incidents); and

(c) providing Customer with the Security Documentation in accordance with Section 6.5.1 (Reviews of Security Documentation) and the information contained in these Data Processing Terms.

6.2 Data Incidents.

6.2.1 Incident Notification. If Bookchain®️ and Bookchain Solutions®️ becomes aware of a Data Incident, Bookchain®️ and Bookchain Solutions®️ will: (a) notify Customer of the Data Incident promptly and without undue delay; and (b) promptly take reasonable steps to minimize harm and secure Customer Personal Data.

6.2.2 Details of Data Incident. Notifications made under Section 6.2.1 (Incident Notification) will describe, to the extent possible, details of the Data Incident, including steps taken to mitigate the potential risks and steps Bookchain®️ and Bookchain Solutions®️ recommends Customer take to address the Data Incident.

6.2.3 Delivery of Notification. Bookchain®️ and Bookchain Solutions®️ will deliver its notification of any Data Incident to the Notification Email Address or by other direct communication (for example, by phone call or an in-person meeting). Customer will take all reasonable steps to provide the Notification Email Address and ensure that the Notification Email Address is current and valid.

6.2.4 Third Party Notifications. Customer is solely responsible for complying with incident notification laws applicable to Customer and fulfilling any third party notification obligations related to any Data Incident.

6.2.5 No Acknowledgement of Fault by Bookchain®️ and Bookchain Solutions®️. Bookchain’s notification of or response to a Data Incident under this Section 6.2 (Data Incidents) will not be construed as an acknowledgement by Bookchain®️ and Bookchain Solutions®️ of any fault or liability with respect to the Data Incident.

6.3 Customer’s Security Responsibilities and Assessment.

6.3.1 Customer’s Security Responsibilities. Without prejudice to Bookchain’s obligations under Sections 6.1 (Bookchain’s Security Measures and Assistance) and 6.2 (Data Incidents):

(a) Customer is solely responsible for its use of the Processor Services, including:

(i) making appropriate use of the Processor Services to ensure a level of security appropriate to the risk in respect of Customer Personal Data; and

(ii) securing the account authentication credentials, systems, and devices Customer uses to access the Processor Services; and

(b) Bookchain®️ and Bookchain Solutions®️ has no obligation to protect Customer Personal Data that Customer elects to store or transfer outside of Bookchain’s and its Subprocessors’ systems.

6.3.2 Customer’s Security Assessment. Customer acknowledges and agrees that (taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing of Customer Personal Data as well as the risks to individuals) the Security Measures implemented and maintained by Bookchain®️ and Bookchain Solutions®️ as set out in Section 6.1.1 (Bookchain’s Security Measures) provide a level of security appropriate to the risk in respect of Customer Personal Data.

7. Subprocessors

7.1 Consent to Subprocessor Engagement. Customer specifically authorises the engagement of Bookchain’s Affiliates as Subprocessors (“Bookchain®️ and Bookchain Solutions®️ Affiliate Subprocessors”). In addition, Customer generally authorises the engagement of any other third parties as Subprocessors (“Third Party Subprocessors”).

7.3 Requirements for Subprocessor Engagement. When engaging any Subprocessor, Bookchain®️ and Bookchain Solutions®️ will:

(a) ensure via a written contract that:

(i) the Subprocessor only accesses and uses Customer Personal Data to the extent required to perform the obligations subcontracted to it, and does so in accordance with the Agreement (including these Data Processing Terms) and Privacy Shield; and

(ii) if the GDPR applies to the processing of Customer Personal Data, the data

protection obligations set out in Article 28 (3) of the GDPR are imposed on

the Subprocessor; and

(b) remain fully liable for all obligations subcontracted to, and all acts and omissions of, the Subprocessor.

8. Liability

Notwithstanding anything else in the Agreement, the total aggregate liability of either party towards the other party under or in connection with these Data Processing Terms will be limited to the maximum monetary or payment-based amount at which that party’s liability is capped under the Agreement (for clarity, any exclusion of confidentiality or indemnification claims from the Agreement’s limitation of liability will not apply to claims under the Agreement relating to the Data Protection Legislation). Nothing in this Section 8 (Liability) will exclude or limit either party’s liability for: (a) death or personal injury resulting from its negligence or the negligence of its employees or agents; (b) fraud or fraudulent misrepresentation; or (c) matters for which liability cannot be excluded or limited under applicable law.

9. Effect of these Data Processing Terms

If there is any conflict or inconsistency between the terms of these Data Processing Terms and the remainder of the Agreement, the terms of these Data Processing Terms will govern. Subject to the amendments in these Data Processing Terms, the Agreement remains in full force and effect.

10. Changes to these Data Processing Terms

10.1 Changes to Processor Services. Bookchain®️ and Bookchain Solutions®️ may only change the list of potential Processor Services:

(a) to reflect a change to the name of a service;

(b) to add a new service; or

(c) to remove a service where either: (i) all contracts for the provision of that service are terminated; or (ii) Bookchain®️ and Bookchain Solutions®️ has Customer’s consent.

10.2 Changes to Data Processing Terms. Bookchain®️ and Bookchain Solutions®️ may change these Data Processing Terms if the change:

(a) is expressly permitted by these Data Processing Terms, including as described in Section 10.1;

(b) reflects a change in the name or form of a legal entity;

(c) is required to comply with applicable law, applicable regulation, a court order or guidance issued by a governmental regulator or agency; or

(d) does not (i) result in a degradation of the overall security of the Processor Services; (ii) expand the scope of or remove any restrictions on Bookchain’s processing of Customer Personal Data, as described in Section 5.3 (Bookchain’s Compliance with Instructions); and (iii) otherwise have a material adverse impact on Customer’s rights under these Data Processing Terms, as reasonably determined by Bookchain®️ and Bookchain Solutions®️.

## Appendix 1: Subject Matter and Details of the Data Processing

Subject Matter

Bookchain’s provision of the Processor Services and any related technical support to Customer.

Duration of the Processing

The Term plus the period from expiry of the Term until deletion of all Customer Personal Data by Bookchain®️ and Bookchain Solutions®️ in accordance with these Data Processing Terms.

Nature and Purpose of the Processing

Bookchain®️ and Bookchain Solutions®️ will process (including, as applicable to the Processor Services and the instructions described in Section 5.2 (Customer’s Instructions), collecting, recording, organizing, structuring, storing, altering, retrieving, using, disclosing, combining, erasing and destroying) Customer Personal Data for the purpose of providing the Processor Services and any related technical support to Customer in accordance with these Data Processing Terms.

Types of Personal Data

The types of personal data that constitute Customer Personal Data are content that are uploaded by Customer to Bookchain®️ and Bookchain Solutions®️ under the terms of the Agreement and processed by Bookchain®️ and Bookchain Solutions®️ on behalf of Customer in Bookchain’s provision of the Processor Services.

Sign up for our newsletter




Copyright 2019 Bookchain® All rights reserved. See our terms of conditions and privacy policy .