Data Processing Addendum

1. Introduction
   
   

   1. Definitions

“Applicable Data Protection Law” refers to all laws and regulations applicable to Layercode's processing of personal data under the Agreement.

“controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

“Customer Account Data” means personal data that relates to Customer's relationship with Layercode, including the names or contact information of individuals authorized by Customer to access Customer's account.

“Customer Content” means (a) personal data exchanged as a result of using the Services (as defined below), such as voice and video media, images, sound, and, where applicable, details Customer submits to the Services from its designated software applications and services and (b) data stored on Customer's behalf such as communication logs within the Services, including but not limited to recordings, or end user application metadata that Customer has uploaded to the Services (as defined below).

“Customer Data” means Customer Account Data, Customer Usage Data, Customer Content, and Sensitive Data, each as defined in this Addendum.

“Customer Usage Data” means data processed by Layercode for the purposes of transmitting or exchanging Customer Content utilizing communication networks operated by Layercode or its Affiliates. Customer Usage Data includes (a) data used to identify the source and destination of a communication, such as (i) data on the location of the device generated in the context of providing the Services, and the date, time, duration and type of communication, and (ii) activity logs used to identify the source of Services requests, optimize and maintain performance of the Services, and investigate and prevent system abuse; and (b) analytics and telemetry data generated by Customer's usage of the Services.

“personal data” means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“processor” means the entity which processes personal data on behalf of the controller.

“processing” (and “process”) means any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

“Security Incident” means a confirmed or reasonably suspected accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Data while in Layercode's possession or under its control.

“Sensitive Data” means (a) social security number, passport number, driver's license number, or similar identifier (or any portion thereof); (b) credit or debit card number (other than the truncated (last four digits) of a credit or debit card), financial information, banking account numbers or passwords; (c) employment, financial, genetic, biometric or health information; (d) racial, ethnic, political or religious affiliation, trade union membership, or information about sexual life or sexual orientation; (e) account passwords, mother's maiden name, or date of birth; (f) criminal history; or (g) any other information or combinations of information that falls within the definition of “special categories of data” under GDPR or any other applicable law or regulation relating to privacy and data protection.

“Services” means the products and services provided by Layercode or its Affiliates, as applicable, that are (a) used by Customer, including, without limitation, products and services that are on a trial basis or otherwise free of charge or (b) ordered by Customer under an Order Form. Services include products and services that provide both (x) platform services, including access to any application programming interface (“Layercode API”) and (y) where applicable, communications services used in connection with the Layercode APIs.

“sub-processor” means (a) Layercode, when Layercode is processing Customer Content and where Customer is a processor of such Customer Content or (b) any third-party processor engaged by Layercode to process Customer Content in order to provide the Services to Customer.

“Third-Party Request” means any request, correspondence, inquiry, or complaint from a data subject, regulatory authority, or third party.

“Layercode Privacy Policy” means the privacy policy for the Services, the current version of which is available at www.layercode.com/privacy-policy.

Capitalized terms not defined in this Section will have the meaning given to them in this Addendum or the Agreement, as applicable.