Data Processing Agreement

 

By making the payment for our Services - You agree and acknowledge to be bound by this Data Processing Agreement.

 

 

Last Updated March 01, 2023



This Data Processing Agreement (“DPA”) is an addendum to the Privacy Policy and Terms and Conditions (together the “Agreement”) between Transfer Express International, and our other affiliates and subsidiaries (collectively, “Transfer Express,” “us,” or “we”) and the client subscribing to our Services (“Client”). This DPA takes effect on the date Client signs up for Services and governs the collection, processing, or receipt of Personal Data by Transfer Express on behalf of the Client in the course of providing the Services. If you have any questions or would like to receive a signed copy of this DPA, please contact us at privacy@hirerepresentatives.com. 

 

Interpretation 

The words in which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in the singular or in the plural. 

Any terms not defined herein shall have the meaning as set forth in the Agreement. 

 

 

Definitions 

Applicable Laws” means all laws, rules, regulations, and orders applicable to the subject matter herein, including without limitation Data Protection Laws. 

California Personal Information” means Personal Data that is subject to the protection of the CCPA. 

"CCPA" means California Civil Code Sec. 1798.100 et seq. (also known as the California Consumer Privacy Act of 2018). 

"Client" is a person or a company or given entity that has purchased and/or used our Services.

"Customer" whoever is looking for and/or making any inquiries or gathering any information about our Services. (all potential Clients)

"Company" (referred to as either "the Company", "We", "Us" or "Our" in this agreement) refers to Transfer Express International, 7th Floor, Main Office #220, 211 East 43rd Street, New York, N.Y. 10017.

"Consumer" is An end person, from your clientele, who engages our Services (for example; Your callers, Your customers, Your clients, Your prospects, Your buyers, Your new chat visitors, Your patients, etc...)

"Consumer", "Business", "Sell", and "Service Provider" may have different meanings under the CCPA. 

Controller”, “Data Subject”, “Processing”, and “Processor” shall have the meanings given to them in the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council together with any subordinate legislation or regulation implementing the General Data Protection Regulation) or “GDPR.” 

Controller-to-Processor SCCs” means the Standard Contractual Clauses (Processors) in the Annex to the European Commission Decision of February 5, 2010, as may be amended or replaced from time to time by the European Commission. 

Client Data” means all Personal Data, including without limitation California Personal Information and European Personal Data, Processed by Transfer Express on behalf of Client pursuant to the Agreement. 

Data Protection Laws” means all applicable worldwide legislation relating to data protection and privacy that apply to the respective Party in its role of Processing Personal Data in question under the Agreement, including without limitation European Data Protection Laws and the CCPA; in each case, as amended, superseded, or replaced from time to time. 

Data Subject” means the Consumer or other individual to whom Personal Data relates. 

European Data” means Personal Data that is subject to the protection of European Data Protection Laws. 

"European Data Protection Laws" means data protection laws applicable in Europe, including (i) Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR); (ii) Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector; and (iii) applicable national implementations of (i) and (ii); or (iii) in respect of the United Kingdom, any applicable national legislation that replaces or converts in domestic law the GDPR or any other law relating to data and privacy as a consequence of the United Kingdom leaving the European Union; and (iv) Swiss Federal Data Protection Act on 19 June 1992 and its Ordinance; in each case, as may be amended, superseded or replaced. 

Instructions” means the written, documented instructions issued by Client to Transfer Express, and directing Transfer Express to perform a specific or general action with regard to Personal Data for the purpose of providing the Services to Client. The Parties agree that the Agreement (including this DPA), together with Client’s use of the Services in accordance with the Terms of Service, constitute Client’s complete and final Instructions to Transfer Express in relation to the Processing of Client Data, and additional Instructions outside the scope of the Instructions shall require a prior written agreement between Transfer Express and Client. 

Personal Data” means any information relating to an identified or identifiable individual where such information is contained within Client Data and is protected similarly as personal data, personal information, or personally identifiable information under applicable Data Protection Laws. 

Personal Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise Processed by Transfer Express and/or its Sub-Processors in connection with the provision of the Services. Personal Data Breach does not include unsuccessful attempts or activities that do not compromise the security of Personal Data, including unsuccessful log-in attempts, pings, port scans, denial of service attacks, and other network attacks on firewalls or networked systems. 

Sub-Processor” means any entity which provides processing services to Transfer Express in furtherance of Transfer Express’ processing of Client Data.

Services” refer to Prime Service, Per Diem Service, Chat Service, and Software.

Terms of Service“ referring to “Terms of Use - Prime Service“ and/or “Terms of Use - Per Diem Service

You“ means the individual/company or other legal entity on behalf of which such individual is accessing or using the Website and/or Services, as applicable.

Website“ refers to hirerepresentatives.com, accessible from www.hirerepresentatives.com and other websites or online channels we own or operate (collectively, the “Site”)

 

 

1. Nature, Purpose, and Subject Matter

The nature, purpose, and subject matter of Transfer Express’ data processing activities performed as part of the Services are set out in the Terms of Service and Agreement. The Client Data that may be processed may relate to Data Subjects, such as the Client Consumers, Client’s employees, and individual users of Transfer Express’ Website or other Services. Categories of Personal Data Processed may include identifiers, sensitive Personal Data, protected classification information, biometric information, internet activity, education or employment-related information, commercial information, and any other Personal Data that may be processed pursuant to the Agreement.

 

2. Duration

The term of this DPA shall follow the term of the Agreement. Transfer Express International will Process Personal Data for the duration of the Agreement unless otherwise agreed in writing. 

 

3. Processing of Client Data

Transfer Express International shall process Client Data only for the purposes described in the Agreement (including this DPA) or as otherwise agreed within the scope of Client’s lawful Instructions, except where and to the extent otherwise required by Applicable Law. If Transfer Express is collecting Personal Data from Consumers on behalf of Client, Transfer Express shall follow Client‘s Instructions regarding such Personal Data collection. Transfer Express shall inform Client without delay if, in Transfer Express’ opinion, an Instruction violates applicable Data Protection Laws and, where necessary, cease all Processing until Client issues new Instructions with which Transfer Express is able to comply. If this provision is invoked, Transfer Express will not be liable to Client under the Agreement for any failure to perform the Services until such time as Client issues new lawful Instructions.

 

4. Payment Processing

Transfer Express charges Clients fees to use the Services and sometimes facilitates payments from Consumers to Clients as a Services feature. Transfer Express uses the PCI-DSS compliant payment processor Stripe to collect, process, and store payment information, subject to the payment processor’s policies and terms. Transfer Express is not a payment processor and we do not store payment information or process payments or receive, transmit, or otherwise handle or process any funds as part of the Services. If a Client pays for Services by ACH payment, the Client’s banking institution processes the payment. Any questions related to payment by ACH should be directed to your banking institution.

 

5. Confidentiality

Transfer Express shall ensure that any personnel whom Transfer Express authorizes to Process Client Data on its behalf is subject to appropriate confidentiality obligations (whether a contractual or statutory duty) with respect to that Client Data. Additionally, Transfer Express shall take reasonable steps to ensure that (i) persons employed by Transfer Express and (ii) other persons engaged to perform on Transfer Express’ behalf comply with the terms of the Agreement.

 

6. Client Responsibilities

Within the scope of the Agreement (including this DPA) and in Client’s use of the Services defined in Terms of Service, Client shall comply with all Applicable Laws, including without limitation all requirements that apply to Client under Data Protection Laws with respect to its Processing of Personal Data and the Instructions it issues to Transfer Express. In particular, and without limiting the generality of the foregoing, Client shall take sole responsibility for (i) the accuracy, quality, and legality of Client Data and the means by which Client acquired Personal Data; (ii) complying with all necessary transparency and lawfulness requirements under applicable Data Protection Laws for the collection and use of the Personal Data, including obtaining any necessary consents and authorizations; (iii) ensuring Client has the right to transfer, or provide access to, the Personal Data to Transfer Express for Processing in accordance with the terms of the Agreement (including this DPA); (iv) ensuring that Client’s Instructions to Transfer Express regarding the Processing of Client Data comply with Applicable Laws; and (v) complying with all Applicable Laws (including Data Protection Laws) applicable to Client’s use of the Services, including without limitation those relating to providing notice and obtaining consents. Client shall inform Transfer Express without undue delay if it is not able to comply with this section or applicable Data Protection Laws. The Controller is responsible for verifying the validity and suitability of the Processor before entering into a business relationship. For the avoidance of doubt, Transfer Express is not responsible for compliance with any Data Protection Laws applicable to Client or Client’s industry that are not generally applicable to Transfer Express. 

 

7. Sub-Processors

Client agrees that Transfer Express may engage Sub-Processors to Process Client Data. Where Transfer Express engages Sub-Processors, Transfer Express will impose data protection terms on the Sub-Processors that provide at least the same level of protection for Personal Data as those in this DPA, to the extent applicable to the nature of the services provided by such Sub-Processors. Transfer Express will remain responsible for each Sub-processor’s compliance with the obligations of this DPA and for any acts or omissions of such Sub-Processor that cause Transfer Express to breach any of its obligations under this DPA.

Below is a current list of the Sub-processors engaged to Process Client Data.

 

Google LLC, United States
Google acts in the capacity of a processor of email and forms data, on our behalf, with respect to the processing and storage of your personal data. For more information, please read their privacy policy:
https://policies.google.com/privacy
1600 Amphitheatre Parkway
Mountain View, California 94043 USA 

 

Stripe Inc., United States
Stripe acts in the capacity of a processor of payment information storage and payment processing, on our behalf. For more information, please read their privacy policy:
https://stripe.com/privacy
354 Oyster Point Blvd South
San Francisco, CA 94080 USA

 

8. Security

Taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Transfer Express shall, in relation to the Client Data, maintain appropriate technical and organizational security measures designed to protect against unauthorized or accidental access, loss, alteration, disclosure or destruction of Client Data. In assessing the appropriate level of security, Transfer Express shall take into account in particular of the risks that are presented by Processing, in particular from a Personal Data Breach. Client hereby acknowledges and agrees that, by its nature, we cannot guarantee that any information transmitted on the internet is absolutely secure. Upon request, Transfer Express shall provide the Client with a summary of Transfer Express’ security policies applicable to the Services. 

 

9. Data Transfers

Client acknowledges and agrees that Transfer Express may access and Process Personal Data on a global basis as necessary to provide the Services in accordance with the Agreement and Section 15, and in particular that Personal Data will be transferred to and processed by Transfer Express in the United States and to other jurisdictions where Transfer Express’ Sub-Processors have operations. 

 

10. European Data

This Section 10 applies only with respect to the Processing of European Data by Transfer Express.

  1. Roles of the Parties. When Processing European Data under the Agreement, the Parties acknowledge and agree that the Client is the Controller and Transfer Express is the Processor.
     
  2. Sub-Processors. In addition to the provisions of Section 7, Transfer Express will notify Client of any changes to Sub-processors engaged to Process European Data by updating the SubProcessor List and posting the changes for Client’s review. A Client may object to the engagement of a new Sub-Processor on reasonable grounds relating to the protection of Personal Data within 30 days after posting the updated Sub-Processor List. If Client so objects, the Parties will discuss Client’s concerns in good faith with a view to achieving a commercially reasonable resolution. If no such resolution can be reached, Transfer Express will, at its sole discretion, either not appoint the new Sub-Processor, or permit Client to suspend or terminate the Agreement without liability to either party (but without prejudice to any fees incurred by Client prior to suspension or termination).
     
  3. Data Transfers. In addition to Section 9, for transfers of European Personal Data to Transfer Express for processing by Transfer Express in a jurisdiction other than a jurisdiction in the EU, the EEA, or the European Commission-approved countries providing “adequate” data protection, Transfer Express agrees it will (i) use the form of the Controller-to-Processor SCCs or (ii) provide at least the same level of privacy protection for European Personal Data as required under the U.S.-EU and U.S.-Swiss Privacy Shield frameworks, as applicable. If such data transfers rely on Controller-to-Processor SCCs to enable the lawful transfer of European Personal Data, as set forth in the preceding sentence, the Parties agree that Data Subjects for whom Transfer Express Processes European Personal Data are third-party beneficiaries under the Controller-to-Processor SCCs. If Transfer Express is unable or becomes unable to comply with these requirements, then (a) Transfer Express shall notify Client of such inability and (b) any movement of European Personal Data to a non-EU country requires the prior written consent of Client.

  4. Data Protection Impact Assessments and Consultation with Supervisory Authorities. To the extent that the required information is reasonably available to Transfer Express, and Client does not otherwise have access to the required information, Transfer Express will provide reasonable assistance to Client with any data protection impact assessments, and prior consultations with supervisory authorities or other competent data privacy authorities to the extent required by European Data Protection Laws. 

 

11. California Personal Information

This Section 11 applies only with respect to the Processing of California Personal Information by Transfer Express in Transfer Express’ capacity as a Service Provider. 

  1. Roles of the Parties. When Processing California Personal Information in accordance with Client’s Instructions, the Parties acknowledge and agree that Client is a Business and Transfer Express is the Service Provider for the purposes of the CCPA. Additionally, for the purposes of interpreting this DPA with respect to the Processing of California Personal Information, the term “Controller” is replaced with “Business” and “Processor” is replaced with “Service Provider" wherever those terms appear under California Personal Information sections of this DPA.
     
  2. Responsibilities. The Parties agree that Transfer Express will process Client’s Consumers California Personal Information as a Service Provider strictly for the business purpose of performing the Services under the Terms of Service and as set forth in Transfer Express’ Agreement. The Parties agree that Transfer Express shall not (i) Sell Client’s Consumers California Personal Information; (ii) retain, use, or disclose Client’s Consumers California Personal Information for a commercial purpose other than for such business purpose or as otherwise permitted by the CCPA; or (iii) retain, use, or disclose Client’s Consumers California Personal Information outside of the direct business relationship between Client and Transfer Express.

  3. Certification. Transfer Express hereby certifies that it understands and will comply with the restrictions of Section 11(b).
     
  4. No CCPA Sale. The Parties agree that Client does not sell California Personal Information to Transfer Express because, as a Service Provider, Transfer Express may only use California Personal Information for the purposes of providing the Services to Client. 

 

12. General

Client represents that it is authorized to and hereby agrees to, enter into and be bound by this DPA for and on behalf of itself and each of its affiliates and subsidiaries, thereby establishing a separate DPA between Transfer Express and Client and each of Client’s affiliates and subsidiaries subject to the Agreement, as applicable. The limitations of liability set forth in the Agreement shall apply to Transfer Express liability arising out of or relating to this DPA and the Standard Contractual Clauses (where applicable), taken in the aggregate along with the Agreement and any other agreement between the Parties. In case of any conflict or inconsistency with the terms of the Agreement, this DPA shall take precedence over the terms of the Agreement to the extent of such conflict or inconsistency. If any individual provisions of this DPA are determined to be invalid or unenforceable, the validity and enforceability of the other provisions of this DPA shall not be affected. We periodically update this DPA, Terms of Service, and Agreement. If you are a current Client, you will be informed of any modification by email, or by other means. 

 

13. Personal Data Breaches

Transfer Express will notify Client without undue delay after Transfer Express becomes aware of any Personal Data Breach involving Client Data, and will provide timely information relating to such Personal Data Breach as it becomes known or reasonably requested by Client. At Client’s request, Transfer Express will promptly provide Client with commercially reasonable assistance as necessary to enable Client to notify authorities and/or affected Data Subjects, if Client is required to do so under Data Protection Laws 

 

14. Data Subject Requests

As part of the Services, Transfer Express provides Client with a number of controls that Client may use to access, correct, delete, or restrict Personal Data, which Client may use to assist them in connection with its obligations under Data Protection Laws, including its obligations relating to responding to requests from Data Subjects to exercise their rights under applicable Data Protection Laws ("Data Subject Requests"). To the extent that Client is unable to independently address a Data Subject Request through the Services, then upon Client’s written request Transfer Express shall provide reasonable assistance to Client to respond to any Data Subject Requests or requests from data protection authorities relating to the Processing of Client Data under the Agreement. Client shall reimburse Transfer Express for the commercially reasonable costs arising from this assistance. If a Data Subject Request or other communication regarding the Processing of Client Data under the Agreement is made directly to Transfer Express, Transfer Express will promptly inform Client and will advise the Data Subject to submit their request to Client. Client shall be solely responsible for responding substantively to any such Data Subject Requests or communications involving Personal Data. 

 

15. Advanced Disclosure

Depending on details such as the time zone and occasion, the information you provide to us may be accessed or given to staff and third parties working outside of the country you are in, for example, employees of our foreign subsidiary entities in order to deliver you with after-hours services.

Where we do disclose your personal information to our international base recipients, these recipients are most likely to be located in the USA or Europe, but this list of countries/regions is not exhaustive. 

Note that other countries may not always have the same or similar privacy and data protection laws as the United States. However, where we do provide your personal information to third parties, Transfer Express International will take such steps as reasonable to ensure your information is used in accordance with Privacy Policy and this Data Processing Agreement. 

 

16. Data Protection Impact Assessment and Prior Consultation

To the extent Transfer Express is required under Data Protection Law, Transfer Express shall (at Client’s expense) provide reasonably requested information regarding Transfer Express’ processing of Client Data under the Agreement to enable Client to carry out data protection impact assessments or prior consultations with data protection authorities as required by law. 

 

17. Deletion or Return of Personal Data

Upon termination or expiration of the Agreement, Transfer Express will delete or return all Client Data Processed pursuant to this DPA in accordance with Client’s reasonable Instructions. The requirements of this section shall not apply to the extent that Transfer Express is required by Applicable Law to retain some or all of the Client Data, or to Client Data Transfer Express has archived on backup systems, which data Transfer Express shall securely isolate and protect from any further Processing and delete in accordance with Transfer Express’ deletion practices. 

 

18. Demonstration of Compliance

Upon Client’s written request, Transfer Express shall make available to Client (on a confidential basis) all information reasonably necessary, and allow for and contribute to audits, to demonstrate Transfer Express’ compliance with this DPA, provided that Client shall not exercise this right more than once per year. Client shall take all reasonable measures to limit any impact on Transfer Express by combining several information and/or audit requests carried out on behalf of Client in one single audit. 

 

19. Your Consent

By signing up or using our Services, You consent to our current Data Processing Agreement (DPA). 

 

20. Contact Us

If You have any questions about this Data Processing Agreement, You can contact us: 

By email: privacy@hirerepresentatives.com





Transfer Express International