Privacy
Policy
Updated May 10, 2022
PRIVACY POLICY
Liquidity Capital ("Company", "we", "us" or "our") respects your privacy and recognizes that your privacy is important. This privacy policy ("Privacy Policy") sets forth and governs the privacy practices of the Company and applies to users that access our website and the services therein, including our proprietary software platform ("Platform"). It is your responsibility to read this Privacy Policy thoroughly. This Privacy Policy also provides the required information under the EU General Data Protection Regulation ("GDPR") and the California Consumer Privacy Act of 2018 ("CCPA"), to the extent applicable. In that case under the GDPR, you are defined as a “Data Subject” with respect to your use of the Platform and our Site and Services, and as a “Data Controller” with respect to the Company Data (as defined in our Terms and Conditions and, if applicable, in our Master License Agreement).
Applicability
This Privacy Policy explains Liquidity’s data collection practices that are applicable towards: (i) any visitor of our website ("Visitor"); and (ii) any entity which uses our Platform and their users (i.e., their employees) ("Customer"). Customers and Visitors will be jointly referred to as "you" or "your".
The Privacy Policy in a nutshell:
• You are not required by law to provide us with any Personal Data (as such term is defined below). Please note, that some of our services require the processing of certain Personal Data, as further described in this Privacy Policy. Without such data we may not be able to provide you with all or part of the services.
• Our website and services are intended for users over the age of 16 or an equivalent minimum age for providing consent to process Personal Data in the relevant jurisdiction. Children under such age are not permitted to use our services nor provide us with any Personal Data.
• You may be entitled under applicable laws to review, amend, erase, or restrict the processing of your Personal Data. Please review the "Privacy Rights" section below for more information about your rights
Collection and Use of Data
Depending on your interaction with our website or use of the Platform, we may collect two types of data from you, as follows:
"Personal Data" or "Personal Information" (in accordance with applicable law definitions), shall mean information that identifies an individual or may with reasonable effort identify an individual. This may include online identifiers such as your IP address, name, email, etc.
"Non-Personal Data" shall mean technical and aggregated data about you that is non-identifiable and non-personal data. Non-personal Data which is collected may include your aggregated usage information and technical information transmitted by your device, including certain software and hardware information about your device (e.g., the device you use, the type of browser and operating system your device uses, access time and the website's domain name from which you linked to the Website, etc.) in order to enhance the functionality of the website. We may also collect information about your activity on the website (e.g., how many users visited the website, which pages were viewed, etc). If we decide to combine Personal Data with Non-Personal Data, we shall treat the consolidated data as Personal Data. The disclosure of any Personal Data and the process of any such Personal Data by us, shall be in accordance with this Privacy Policy and in accordance with our Data Processing Agreement set forth below. We do not knowingly collect or process any Special Categories of Personal Data, such as constituting or revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning a person's health or data concerning a person’s sex life or sexual orientation. In the event you become aware that such data has been uploaded to the website or the Platform or collected by us unintentionally, please inform us immediately.
The Personal Data and Non-Personal Data are collected as follows:
• Directly from you when you provide it to us;
• Automatically as you navigate through the site using cookies and other tracking technologies defined and discussed with more detail below. Information collected automatically may incluge usage details, email address, IP address, and information collected through cookies and other tracking technologies; and
• From third parties as further described below.
Personal Data is only used for limited purposes, as specified below:
A. Personal Data regarding Customers: If you choose to use our Platform you will be required to provide us with your full name and email address (for signing-up) or access authorizations to the Platform and email address (for login), payment information. As a Customer we will send you emails with marketing materials regarding the services you are currently using or any services we may offer in the future ("Direct Marketing") and subject to your consent (opt-in) we will share your contact details with our Customer. The Purposes of the Processing is to provide the services to the Customers and with respect to EU persons (Legal basis under the GDPR): Performance of a contract with you or in order to take steps at your request prior to entering into a contract. Direct Marketing is subject to our legitimate interest and in accordance with applicable laws, you may opt-out at any time from certain correspondence.
B. Contact Us: In the event you choose to contact us in order to ask any question you will be requested to provide your name, phone number, email address and free text. The Purposes of the Processing is To answer your questions and provide you with assistance, or any other service you requested. The correspondence will be stored by us in the event we believe it is required, for example, in the event of any claims or in order to provide you with any further assistance. And in accordance with the GDPR the processing of such data is subject to your consent.
C. News Letters: In the event that you sign up to receive our newsletter you will be requested to provide your email address. The Purposes of the Processing is to send you newsletters. In accordance with the GDPR, such use and processing is subject to your consent and You may opt out at any time the newsletter service.
D. Device Information: We may collect Personal Data from your device. Such information may include Internet protocol (IP) address, unique identifiers, as well as other information that relates to your activity through the Website. This data might be collected by us or by our service providers (i.e., through cookies). The Purposes of the Processing is our use in such data in order to maintain, protect and manage our website for analytic and statistic purposes regarding interaction with our website. We use this data under our legitimate interests.
Publicly Available Information
We collect, gather, and analyze publicly available information, for example professional information available on social media and information derived from databases that are available to us by third parties, we believe in good-faith that such third parties provide or share with us such data in compliance with all applicable laws. This information mostly includes names, contact information (such as email addresses) and job titles. Even though this data was made publicly available by an individual, we respect the privacy and rights of such individual and thus, this Privacy Policy governs such data as well.
The California Consumer Privacy Act 2018:
The Categories of Personal Information Collected and Shared by Us
Please note that the definition of Personal Information under the CCPA does not include: (i) publicly available information from government records; and (ii) de-identified or aggregated consumer information. According to the CCPA requirements, below is a list specifying the categories of Personal Information we collect from you:
A. Identifiers - A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers. This information is collected.
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) - A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories. Such information is not collected.
C. Protected classification - Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). Such information is not collected.
D. Commercial information - Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. Such information is not collected.
E. Biometric information - Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. Such information is not collected.
F. Internet or other similar network activity - Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement. Such information is not collected. G. Geolocation data - Physical location or movements. Such information is not collected.
H. Sensory date - Audio, electronic, visual, thermal, olfactory, or similar information. Such information is not collected.
I. Professional or employment-related information - Current or past job history or performance evaluations. Such information is not collected.
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)) - Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. Such information is not collected.
K. Inferences drawn from other personal information - Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. Such information is not collected.
According to the CCPA requirements, below is information concerning disclosures of Personal Information we made for business purposes:
In the last twelve (12) months, the Company has disclosed the following categories of Personal Information for business purposes: (A) Identifiers. We have disclosed your Personal Information for a business purpose to the following categories of third parties: service providers & data aggregators (e.g. for analytical purposes), business partners (for fraud detection, payment calculation and bank account integration). Please note, that Personal Information disclosed by us for a business purpose, is subject to contractual obligations on behalf of the third party, to whom the information was disclosed, and who may not use this information for any purpose except for performing its obligations under the engagement we have with such third party.
According to the CCPA requirements, below is information concerning the sale of Personal Information:
In the last twelve (12) months, the Company has not sold Personal Information. With Whom We Share Data We do not sell, trade, or rent our users' Personal Data to other parties. We may share data solely for limited purposes as described below:
• We will share your Personal Data, solely to the extent needed to comply with applicable law or regulation (including our policies and agreements).
• We will share your Personal Data solely to the extent needed to establish or exercise our rights to defend ourselves against legal claims or to prevent harm to our rights, property, or safety and with respect to our users, yourself or any third party or for the purpose of collaborating with law enforcement agencies or in case we find it necessary in order to enforce intellectual property or other legal rights.
• We may share your data, in the event of a corporate transaction (for instance, sale of a substantial part of our business, merger, consolidation or asset sale). In such case, our affiliated companies or acquiring company will assume the rights and obligations as described in this Privacy Policy.
• We may share Personal Data with our trusted partners and service providers who assist us in operating the Services and conducting our business, such as: cloud hosting services, account maintenance and technology services.
• Subject to your consent (opt-in), we may share Personal Data with our Customers for the performance of our Services. • We may share online identifiers collected by us (as detailed herein), for the purpose of operating our business, as well as to calculate payments and detect fraud, security, or technical issues in connection with the Product and Software.
Privacy Rights
Privacy laws in different jurisdictions provide different rights regarding your Personal Data, such as the right to access your Personal Data; The right to delete Personal Data; The right to opt-out from Personal Data processing, and so on. Principally, if you are a resident of the European Economic Area ("EEA") or the State of California, the provisions of the GDPR and the CCPA, respectively, provide you with the following rights:
• The right to be informed: In order to ensure fair and transparent processing of Personal Data, you have the right to be provided with information regarding how we collect data and our privacy practices, as detailed herein.
• The right to access data: You have the right to request a confirmation from us that we process your Personal Data and under certain circumstances, to be provided with a copy of the Personal Data we process.
• The right to request deletion of you Personal Data: You have the right to require us to delete certain Personal Data, if certain conditions are satisfied (if the Personal Data is no longer needed for the original purpose it was collected and there is no new lawful basis for continued processing; If you have exercised your right to withdraw consent (to the extent applicable), or to object to the processing and we have no overriding grounds for the continued processing; The Personal Data is processed unlawfully; Or, erasure of Personal Data is necessary to comply with applicable legislation. Please note, this right is not absolute. We may reject your request under certain circumstances, including where we have to retain the data in order to comply with legal obligations or defend against legal claims, etc.
• The right to object: You have the right to object to the processing of Personal Data, in the event that the basis for our processing activity is based on our legitimate interests, however, we will be permitted to continue the processing if our legitimate interests override your rights or when processing is necessary to establish, exercise or defend a legal claim or right, etc.
• The right to restrict processing: You may ask us to restrict the processing your Personal Data, when: the accuracy of the data is contested; Processing is unlawful and you request restriction instead of erasure; The Personal Data is no longer needed for the original purpose it was collected, however the retention of the data is still required to establish, exercise or defend legal rights; Or, there are overriding grounds in the context of an erasure request.
• Rectification (in the event you are an EEA resident): You have the right to require the update or amendment of Personal Data which is not correct.
• Portability: You have the right to have your Personal Data "ported" to a third-party, subject to the following: The Personal Data was provided by you; The Personal Data is processed automatically; And the Personal Data was processed on the legal bases of contract or consent;
• The Right to Non-Discrimination (in the event you are a California resident): You have the right not to be discriminated against for having exercised your rights under the applicable laws. In particular, we cannot not: deny the consumer goods or services, charge the consumer different prices for goods or services, whether through denying benefits or imposing penalties provide the consumer with a different level or quality of goods or services. We provide you with the option to exercise certain choices and controls in connection with our treatment of your Personal Data, depending on your relationship with us. If you wish to exercise any or all of the above rights, please contact our privacy team at: privacy@liquidity.inc..Where we are not able to provide you with the information or exercise the rights you have asked for, we will try to explain the reasoning for this and inform you of your rights, including the right to complain to the relevant supervisory authority (in the event you are EEA resident). We reserve the right to ask for reasonable evidence needed to verify your identity prior to providing you with any such information in accordance with applicable law.
Cookies
The usage of our website may include implementation of "cookies" or similar technologies, by us or by third parties, which will store certain information on your device. Cookies are used for many different purposes, including, and not limited to, enrichment of our Website work, as well as to understand your needs and optimize the website's performance. Cookies enable us to improve your experience while using the website. See more information about cookies at: www.allaboutcookies.org. See below the list of third-party cookies and other tracking technologies currently used as part of our website:
A. Google Analytics - Analytical, Measurement & Performance, third party privacy policy: www.google.com/policies/privacy/partners;https://policies.google.com/technologies/managing? hl=en; https://tools.google.com/dlpage/gaoptout. For additional information regarding our use of Google products, click here.
B. Intercom - Essential, Functionality, Operation & Security Cookies, third party privacy policy: https://www.intercom.com/legal/privacy.
C. Hubspot - Analytical, Measurement & Performance, third party privacy policy: https://legal.hubspot.com/cookie-policy. We do not collect Personal Information automatically, but we may tie this information to Personal Information about you that we collect from other sources or from information that you may provide to us. However, to the extent the information we collect by automatic means constitutes Personal Data under the GDPR, either before or after we collect it, our processing of such Personal Data complies with the GDPR.
Cookies 0pt-out You are able to manage your cookies preferences, including the deletion of cookies, approval or decline of certain cookies, and receipt of a notification prior to the storage of a cookie. This can be done through your browser settings. For more information, please review the below links (click according to the browser you are using): Google Chrome; Firefox; Internet Explorer; Safari; Edge; Opera. Third party's cookies which are embedded in our website shall be subject to the applicable third party’s cookie policy. Blocking or erasing certain types of cookies may limit your online experience. Furthermore, disabling cookies will not prevent advertisements from being displayed, however the advertisements will not be personalized.
Third Party Websites
Our Privacy Policy only addresses the use and disclosure of information we collect from you. To the extent that you disclose your information to other parties via the website (e.g., by clicking on a link to any other website or location) or via other sites throughout the Internet, different rules may apply to their use or disclosure of the information you disclose to them. You acknowledge that we are not responsible for the products, services, or descriptions of products or services that you receive from third party sites or to the content or privacy practices of those sites and that this Privacy Policy does not apply to any such third party products and services. You are knowingly and voluntarily assuming all risks of using third party sites. You agree that we shall have no liability whatsoever with respect to such third party sites and your usage of them.
Children’s Data
Our website and Platform are not intended or directed for children, as such term is defined under applicable law, and specifically under the age of 16 (or any equivalent age). We do not knowingly collect or solicit information from children. If we later obtain actual knowledge that we processed a child’s Personal Data, we will take necessary steps to delete the applicable data.
Security and Retention Policy
Since your privacy is important to us, we are committed to protecting your Personal Data from unauthorized access, use or disclosure. We have implemented physical, technical, and administrative security measures that comply with applicable laws and industry standards. We will take necessary measures to minimize the Personal Data that is stored on our servers in the first place. In the event of a data breach, in which we discover your Personal Data may be at risk, we will take reasonable efforts to notify you and the applicable authority (if required, subject to applicable laws). The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Sites, you are responsible for keeping this password confidential. You shall not share your password with anyone. We urge you to be careful about giving out information in public areas of the Site (if any). The information you share in public areas may be viewed by any user of the Site. Unfortunately, the transmission of information via the Internet is not completely secure. Although we do our best to protect your personal information generally and in compliance with applicable laws, we cannot guarantee the security of your personal information transmitted to our Site or via our Services. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Site or via the Services.We only retain your personal information/Personal Data for as long as is necessary for us to use your information as described above, or to comply with our legal obligations and legitimate interests. Please be advised that this means that we may retain some of your personal information/Personal Data after you cease to use our Services. For instance, we may retain your data as necessary to meet our legal obligations.
When determining the relevant period in which we retain or establish/revise periods for retaining personal information/Personal Data, we will take the following factors into account: • Our contractual obligations and rights in relation to the information involved;
• Legal obligation(s) under applicable law to retain data for a certain period of time or with respect to pending or anticipated legal actions;
• Our legitimate interest where we weigh your interest in controlling your Personal Data and against our lawful purpose in processing your Personal Data; • Statutes of limitations under applicable law(s); • If you have made a request to have your information deleted; and
• Guidelines issued by relevant data protection authorities. Otherwise, pursuant to GDPR, we will securely erase your personal information/Personal Data once there is no lawful basis or legal obligation to store or process it.
Transfer of Data
We may store or process your Personal Data in AWS servers (located in North Virginia, US) or in other states or countries. In the event of data transfer outside your jurisdiction, we will take appropriate measures to ensure that your Personal Data receives an adequate level of data protection when it is being transferred as required under applicable law.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time and if required under applicable laws. Thus, we encourage you to check this Privacy Policy from time to time in order to be updated with the most recent Privacy Policy. The most recent and updated version of this Privacy Policy is as referred to in the "Updated" heading in the preamble. If a material change occurs, we will make our best efforts to provide you with updates, in accordance with the requirements of the applicable law.
Do Not Track Signals
Please note that Do Not Track signals are not responded. See: http://www.allaboutdnt.com/, for more information.
Contact Information.
If you have any questions, please contact us at: Liquidity Capital M.C. Ltd. 30 Sheshet Hayamim, Rd., Bnei Brak, Israel. You can also contact us via email at: privacy@liquidity.inc
Data Processing Agreement
Recently updated March 10, 2021
PREAMBLE
This Data Processing Agreement (the “DPA”), entered into by the users accessing or using Liquidity’s website or using the Services (each a “User”, “Licensee”, or “you”) and Liquidity Capital M.C. Ltd. (and its subsidiaries) (“Liquidity”, “we”, “us” or “our”), governs the processing of Personal Data that the User uploads or otherwise provides Liquidity in connection with the Services and the processing of Personal Data by Liquidity on behalf of the User in connection with the Services. Capitalized terms not defined in this DPA shall have the meaning given to them in our terms and conditions at: https://www.liquiditygroup.com/terms-conditions(the “Terms and Conditions”), or in the relevant Master License Agreement entered between the parties (the “Master Agreement”). In the event of any conflict or inconsistency between any of the terms of the Terms and Conditions, the Master Agreement and this DPA, the provisions of the following documents (in order of precedence) shall prevail: (a) the Master Agreement (to the extent applicable); (b) the Terms and Conditions; (c) this DPA.
1. DEFINITIONS
1.1. In this DPA, the following terms shall have the meanings set out below and related terms shall be construed accordingly:
a) "Applicable Laws" means (a) European Union or Member State laws with respect to any User Personal Data in respect of which User is subject to EU Data Protection Laws; and (b) any other applicable law with respect to any User Personal Data in respect of which the User is subject to any other Data Protection Laws including the CCPA.
b) “Business Contact Data” means information relating to personnel of either Liquidity or User, which may be processed by the other party in connection with the Agreement.
c) “CCPA” means the California Consumer Privacy Act of 2018 together with any subordinate legislation or regulations.
d) "User Personal Data" means any Personal Data Processed by Liquidity or its Sub Processors pursuant to or in connection with the Services.
e) "Data Protection Laws" means EU Data Protection Laws and, to the extent applicable, the data protection or privacy laws of any other country such as the CCPA.
f) "EU Data Protection Laws" means EU Directive 95/46/EC, as transposed into domestic legislation of each Member State and as amended, replaced or superseded from time to time, including by the GDPR and laws implementing or supplementing the GDPR.
g) "GDPR" means EU General Data Protection Regulation 2016/679.
h) "Services" means the services and other activities to be supplied to or carried out by or on behalf of Liquidity for the User, pursuant to the Master Agreement and/or the Terms and Conditions (as applicable).
i) "Sub Processor" means any entity appointed by or on behalf of Liquidity to Process Personal Data on behalf of the User.
j) "Liquidity" means an entity that owns or controls, is owned or controlled by or is or under common control or ownership with Liquidity.
1.2 The terms "Controller", "Processor", "Data Subject", "Personal Data", "Personal Data Breach","Processing" and "Supervisory Authority" shall have the same meaning as in the GDPR.
2. PROCESSING OF USER PERSONAL DATA
2.1 Liquidity shall:
a)comply with all applicable Data Protection Laws in the Processing of User Personal Data; and
b) subject to Section 14.7, not Process User Personal Data other than on User’s documented instructions, unless Processing is required by Applicable Laws to which Liquidity is subject, in which case Liquidity shall, to the extent permitted by Applicable Laws, inform the User of that legal requirement before the relevant Processing of that Personal Data.
2.2 The User instructs Liquidity and authorizes Liquidity to instruct each Sub Processor to:
a) Process User Personal Data;
b) transfer User Personal Data to any country or territory; and
c) in each case as reasonably necessary for the provision of the Services in consistency with the Master Agreement and the Terms and Conditions.
2.3 The obligations set out in Sections 3 to 5 and 7 to 14 of this DPA apply only if and to the extent that Liquidity processes User Personal Data as a Processor.
3. LIQUIDITY’S PERSONNEL & USER’S OBLIGATIONS
3.1 Liquidity shall take reasonable steps to ensure that any employee, agent or contractor of Liquidity who may have access to the User Personal Data, are subject to confidentiality undertakings or professional or statutory obligations of confidentiality.
3.2 The User warrants and represents that it has and will collect, Process and transfer all User Personal Data, which is Processed by and/or transferred to Liquidity, in accordance with all Applicable Laws. Addendum to this DPA with respect to the CCPA attached hereto as Annex 2.
4. SECURITY
4.1 Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Liquidity shall in relation to the User Personal Data implement appropriate technical and organizational measures to ensure a level of security appropriate to that risk, including, as appropriate, the measures referred to in Article 32(1) of the GDPR.
5. USE OF PROCESSORS AND SUBPROCESSING
5.1 User authorizes Liquidity to appoint (and permit each Sub Processor appointed in accordance with this Section 5 to appoint) Processors and/or Sub Processors in accordance with this Section 5.
5.2 Liquidity may continue to use those Processors and/or Sub Processors already engaged by Liquidity as at the date of this DPA, subject to Liquidity, in each case and as soon as practicable, meeting the obligations set out in Section 5.4.
5.3 Liquidity can at any time and without justification appoint a new Processor and/or Sub-Processor provided that User is given fifteen (15) days' prior notice and the User does not legitimately object to such changes within that timeframe. Legitimate objections must contain reasonable and documented grounds relating to a Processor and/or Sub-Processor's non-compliance with Data Protection Laws. If, in Liquidity's reasonable opinion, such objections are legitimate, Liquidity shall either refrain from using such Processor and/or Sub-Processor in the context of the processing of User Personal Data or shall notify the User of its intention to continue to use the Processor and/or Sub-Processor. Where Liquidity notifies User of its intention to continue to use the Processor and/or Sub-Processor in these circumstances, User may, by providing written notice to Liquidity, stop sharing with Liquidity its User Personal Data.
5.4 With respect to each Processor and/or Sub Processor, Liquidity shall: a)ensure that the arrangement between Liquidity and the Processor and/or Sub Processor is governed by a written contract including terms which offer at least the same level of protection for User Personal Data as those set out in this DPA and meet the requirements of Article 28(3) of the GDPR; b) upon User’s request, provide copies of Liquidity’s agreements with Processors and/or Sub Processors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPA).
5.5 Liquidity shall ensure that each Processor and/or Sub Processor performs the obligations which apply to Processing of User Personal Data carried out by that Processor and/or Sub Processor, as if it were party to this DPA in place of Liquidity.
6. CROSS-BORDER DATA TRANSFERS
6.1 User acknowledges that Applicable Laws may require that additional measures be taken to secure transfers of User Personal Data outside the country or region they originate from. In such a case, User shall assist Liquidity in implementing these additional measures and, for instance, enter into separate agreements, where and as mandated under Applicable Laws. Without limiting the generality of the foregoing, Liquidity shall refrain from transferring any Personal Data subject to the data protection laws of the European Union outside the European Union or a country deemed adequate by the European Commission, without relying on a transfer mechanism in accordance with the legislation of the European Union.
7. DATA SUBJECT RIGHTS
7.1 Considering the nature of the Processing, each Party shall assist the other Party by implementing appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of such Party’s obligations, to respond to requests to exercise Data Subject rights under the Data Protection Laws in so far as such requests relate to the User Personal Data Processed by Liquidity on behalf of the User.
7.2 Liquidity shall: a) promptly notify User if Liquidity receives a request from a Data Subject under any Data Protection Law in respect of User Personal Data; and b) not respond to that request except as required by Applicable Laws to which Liquidity is subject, in which case Liquidity shall to the extent permitted by Applicable Laws inform User of that legal requirement before responding to the request.
8. PERSONAL DATA BREACH
8.1 Liquidity shall notify User without undue delay if Liquidity or any Sub Processor becomes aware of a Personal Data Breach affecting User Personal Data, providing User with sufficient information to allow user to meet any obligations to report or inform Data Subjects of the Personal Data Breach under the Data Protection Laws.
8.2 Liquidity shall co-operate with User and take such reasonable commercial steps as are directed by User to assist in the investigation, mitigation and remediation of each such Personal Data Breach.
9. DATA PROTECTION IMPACT ASSESSMENT AND PRIOR CONSULTATION
9.1. Liquidity shall provide reasonable assistance to User with any data protection impact assessments, and prior consultations with Supervising Authorities or other competent data privacy authorities, which reasonably could be deemed required by Article 35 or 36 of the GDPR or equivalent provisions of any other Data Protection Law, in each case solely in relation to Processing of User Personal Data by, and taking into account the nature of the Processing and information available to Liquidity.
10. DELETION OR RETURN OF USER PERSONAL DATA
10.1. Subject to Sections 10.2 and 10.3, Liquidity shall promptly and in any event within 60 days of the date of cessation of any services involving the Processing of User Personal Data (the "Cessation Date"), delete and procure the deletion of all copies of those User Personal Data, to the extent such User Personal Data includes Personal Data.
10.2. Subject to Section 10.3, User may in its absolute discretion by written notice to Liquidity within 90 days of the Cessation Date require Liquidity, on User’s expense, to (a) return a complete copy of all User Personal Data to the User (to the extent such User Personal Data includes Personal Data) by secure file transfer in such format as is reasonably notified by User to Liquidity; and (b) delete and procure the deletion of all other copies of User Personal Data Processed by Liquidity. Liquidity shall comply with any such written request within 60 days of the request.
10.3. Liquidity may retain User Personal Data to the extent required by Applicable Laws and only to the extent and for such period as required by Applicable Laws and always provided that Liquidity shall ensure the confidentiality of all such User Personal Data and shall ensure that such User Personal Data is only Processed as necessary for the purpose(s) specified in the Applicable Laws requiring its storage and for no other purpose.
10.4. For purposes of clarification, statistical data which has been anonymized and consequently no longer constitute Personal Data may be retained and used freely by Liquidity perpetually in accordance with the terms of the Master Agreement and the terms of our Terms and Conditions (as applicable).
10.5. Liquidity shall upon User’s request provide written certification to User that it has fully complied with this Section 10.
Representation for data subjects in the EU
We value your privacy and your rights as a data subject and have therefore appointed Plighter Group with its local partners as our privacy representative and your point of contact.
Plighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). If you want to contact us via our representative, Plighter or make use of your data subject rights, please visit the following website. https://prighter.com/q/13356608436
11. AUDIT RIGHTS
11.1. Liquidity shall keep, or cause to be kept the information necessary to demonstrate compliance with its obligations under this DPA including full and accurate records relating to the processing of User Personal Data and upon reasonable notice and at User's cost and expense make available to User and grant to User and its auditors or agents a right of access to and to take copies of any relevant information or records kept by Liquidity pursuant to this Section 11.1.
11.2. User’s information and audit rights only arise to the extent that the Master Agreement and the Terms and Conditions do not otherwise give them information and audit rights meeting the relevant requirements of Data Protection Law (including, where applicable, article 28(3)(h) of the GDPR).
11.3. User shall give Liquidity reasonable notice of any audit or inspection to be conducted under Section 11.1 and shall make (and ensure that each of its mandated auditors makes) reasonable endeavors to avoid causing (or, if it cannot avoid, to minimize) any damage, injury or disruption to Liquidity’s premises, equipment, personnel and business while its personnel are on those premises in the course of such an audit or inspection. Liquidity need not give access to its premises for the purposes of such an audit or inspection:
a) to any individual unless he or she produces reasonable evidence of identity and authority;
b) outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and User has given notice to Liquidity that this is the case before attendance outside those hours begins; or c) for the purposes of more than one audit or inspection in any calendar year.
12. REPRESENTATIVE DATA
12.1. The provisions of this DPA shall apply mutatis mutandis in relation to Business Contact Data in relation to which Liquidity is Controller and User’s obligations as Processor shall apply to the User in relation such data.
13. INDEMNIFICATION
13.1. Notwithstanding any limitation of liability agreed between the Parties pursuant to the Agreement, a Party (the “Defaulting Party”) shall indemnify the other Party (the “Non-Defaulting Party”) against all damages and fines that are awarded in a trial or imposed by the Supervisory Authority by way of final decision or settlement (and any reasonable attorney’s fees incurred by the Non-Defaulting Party in respect of such decision or settlement), against the Non-Defaulting Party, arising directly out of the Defaulting Party’s breach of its obligations pursuant to this DPA or a breach of warranty contained herein.
13.2. Liability under this indemnity is conditional on the Non-Defaulting Party having complied with its obligations and warranties under this DPA including, but not limited, to those obligations arising pursuant to Section 13.3.
13.3. If any third party makes a claim, or notifies an intention to make a claim or start an investigation, against the Non-Defaulting Party which may reasonably be considered likely to give rise to a liability under the indemnity contained in Section 13.1, against the Defaulting Party (the “Claim”), the Non Defaulting Party shall: a) notify the Defaulting Party in writing within ten (10) days of receipt by the Non-Defaulting Party of any documentation relating to the Claim, specifying the nature of the Claim and such relief or penalty as is sought therein; b) cooperate with the Defaulting Party in all reasonable respects in connection with the defense or investigation of the Claim; c) not make any admission of liability, agreement or compromise in relation to the Claim without the prior consent of the Defaulting Party (such consent not to be unreasonably withheld or delayed), provided that the Non-Defaulting Party may settle the Claim (after giving prior written notice of the terms of settlement (to the extent legally possible) to the Defaulting Party, but without obtaining the Defaulting Party’s consent) if the Non-Defaulting Party reasonably believes that failure to settle the Claim would be prejudicial to it in any material respect; d) permit the Defaulting Party to, upon written thereof to the Non-Defaulting Party, undertake to conduct all proceedings or negotiations in connection with the Claim, assume the defense thereof, and, if it so undertakes, it shall also undertake all other required steps or proceedings to settle or defend any such claim, including the employment of counsel at the Defaulting Party’s.
13.4. Notwithstanding this Section 13, the Defaulting Party shall have no liability under Section 13.1 to the extent that a Claim has arisen due to any act or omission not attributable to the Defaulting Party.
13.5. Nothing in this Section 13 shall restrict or limit the Non-Defaulting Party’s general obligation at law to mitigate any loss it may suffer or incur as a result of an event that may give rise to a claim under the indemnity contained in Section 13.1.
13.6. In no event shall either Party, any Party’s group company or any of either Party’s directors, officers, employees, agents or consultants be liable for any indirect or consequential loss or loss of profit, or damages, whether or not the party concerned has been advised of the possibility of such damages, or for any loss of opportunity, goodwill, or anticipated earnings, in each case arising out of or in any way in connection with this DPA.
14. MISCELLANEOUS TERMS
14.1. Governing law and jurisdiction. The parties hereby submit to the choice of jurisdiction stipulated in the Terms and Conditions and, if applicable, in the terms of the Master Agreement, with respect to any disputes or claims howsoever arising under this DPA, including disputes regarding its existence, validity or termination or the consequences of its nullity and this DPA and all non-contractual or other obligations arising out of or in connection with it are governed by the laws of the country or territory stipulated for this purpose in the Terms and Conditions and, if applicable, in the terms of the Master Agreement.
14.2. Both Parties shall cooperate and assist the other Party in the event of any measures or investigations taken by the Supervisory Authority related to any activities conducted under this DPA, including promptly notifying the other Party of the threat and commencement of such measures. The Parties shall take all reasonable measures necessary to limit the potential damage incurred to either of the Parties due to such event.
14.3. User acknowledges and agrees that Liquidity may use pseudonymized User Personal Data for the purposes listed in Annex 1 of this DPA, and that Liquidity will act as a Controller in relation to the processing it undertakes for those purposes.
14.4. Should any provision of this DPA be invalid or unenforceable, then the remainder of this DPA shall remain valid and in force. The invalid or unenforceable provision shall be either (i) amended as necessary to ensure its validity and enforceability, while preserving the parties’ intentions as closely as possible or, if this is not possible, (ii) construed in a manner as if the invalid or unenforceable part had never been contained therein
ANNEX 1: DETAILS OF PROCESSING OF USER PERSONAL DATA
This Annex 1 includes certain details of the Processing of User Personal Data as required by Article 28(3) GDPR. Subject matter and duration of the Processing of User Personal Data and the obligations and rights of the User shall be in accordance with the Terms and Conditions, and if applicable, in accordance with the Master Agreement. The nature and purpose of the Processing of User Personal Data: Liquidity processes Personal Data in the following ways:
A. Contact Details - Contact details of the persons on behalf of the User, and or the Scored Entities (as defined in the Terms and Conditions and the Master Agreement).
B. Regulatory requirements - Regulators in different jurisdictions require that Liquidity saves Personal Data for future proof of correct basis for tax payments and other official statements. The categories of Data Subject to whom the User Personal Data relates▪ Contact Details. The types of User Personal Data to be Processed:
▪ Representative Data:
▪ Work email addresses
▪ Work telephone numbers
▪ Job titles
▪ Names
▪ Other information provided in the correspondences.
Annex 2
Addendum to Liquidity’s DPA with respect to the California Consumer Privacy Act
This Addendum is entered into by the users accessing or using Liquidity’s website or using the Services (each a “User”, “Licensee”, or “you”) and Liquidity Capital M.C. Ltd. (and its subsidiaries) (“Liquidity”, “we”, “us” or “our”), and amends the Liquidity’s Data Processing Agreement between Liquidity and the User (“DPA”) with respect to Liquidity’s processing of Customer Personal Data of California Consumers under the CCPA. Capitalized terms used but not otherwise defined in this Addendum will have the meanings given to them in the DPA. Capitalized terms not otherwise defined in the DPA, will have the meanings given to them under the CCPA. No CCPA Sale. The parties agree that for the purposes of the CCPA, Liquidity acts as a CCPA Service Provider for Customer Personal Data. User does not sell User Personal Data to Liquidity because Liquidity shall only use User Personal Data for the purposes specified in the DPA. Liquidity certifies that it has read and understands this Addendum and will abide by it, including by avoiding any action that would cause the other Party to be deemed to have sold Personal Data or Personal Information under the CCPA.