DATA PROCESSING AGREEMENT
"Applicable Privacy Law" means: (i) the General Data Protection Regulation (EU) 2016/679 ("GDPR"); (ii) GDPR as applicable as part of UK domestic law by virtue of section 3 of the European Union (Withdrawal) Act 2018 and as amended by the Data Protection, Privacy and Electronic Communications, as a consequence of the United Kingdom leaving the European Union ("UK GDPR"); (iii) the California Consumer Privacy Act, Cal. Civ. Code §§ 1798.100 et seq. ("CCPA"), and any other data protection laws which apply to the Processing of Personal Data under this DPA.
"Business Purpose" has the meaning assigned to under CCPA.
"Commercial Purpose" has the meaning assigned to under CCPA.
"Controller" means the entity which determines the purposes and means of the Processing of Personal Data.
"Customer Data" means any data, information or other material provided, uploaded, or submitted by User in the course of using the Service.
"Data Subject" means the identified or identifiable person to whom Personal Data relates
"Europe" means the European Union, the European Economic Area, Switzerland and the United Kingdom.
"Personal Data" has the meaning given to it in the Applicable Privacy Law.
"Processor" ,"Processing" or "Process" shall have the meaning as set forth in the Applicable Privacy Law.
"Security Incident" means any unauthorized or unlawful breach of security that leads to the accidental or unlawful destruction, loss, or alteration of, or unauthorized disclosure of or access to, Personal Data on systems managed or otherwise controlled by DreamApp.
"Standard Contractual Clauses" means the applicable Standard Contractual Clauses for the transfer of Personal Data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and the Council approved by European Commission Implementing Decision (EU) 2021/914 of 4 June 2021, as currently set out at https://eurlex.europa.eu/eli/dec_impl/2021/914/oj.
"Sub processor" has the meaning assigned to under GDPR.
SCOPE AND APPLICATION
To the extent DreamApp processes Personal Data on behalf of User in connection with the Agreement, the parties agree to comply with the provisions set forth in this DPA. In this context, DreamApp may act as a Processor respectively with respect to User's Personal Data.
User's Responsibilities. User shall submit or make available Personal Data to DreamApp for Processing in accordance with the requirements of the Applicable Privacy Laws. User shall have sole responsibility for the initial accuracy, quality, and legality of Customer Data. User instructs DreamApp to Process Personal Data for the following purposes: (i) Processing in accordance with the Agreement, including to provide the Services; (ii) Processing initiated by Users in their use of the Site.
DreamApp shall be prohibited from selling, retaining, using, or disclosing Personal Data for any purpose other than to perform the Service in accordance with the Agreement and DPA and shall further refrain from collecting, selling or using any Personal Data except as necessary to perform its Business Purpose or Commercial Purpose. For the purposes of the CCPA, the parties acknowledge and agree that the DreamApp will act as a "Service Provider" and not as a "Third Party," as such terms are defined in the CCPA, in its performance of its obligations pursuant to the Agreement.
SECURITY OF PROCESSING
DreamApp will implement and maintain appropriate technical and organisational security measures to prevent Security Incidents, and to preserve the security, availability, integrity and confidentiality of Personal Data. DreamApp shall ensure that its personnel engaged in the Processing of Personal Data are informed of the confidential nature of the Personal Data, and have received appropriate training on their responsibilities and have executed written confidentiality agreements.
COMPLIANCE WITH LAWS
Each party will comply with all applicable laws, rules, and regulations (including Applicable Privacy Law) in its performance of this DPA. DreamAapp certifies that it understands the requirements under this DPA, including without limitation requirements under CCPA and that it will abide by it.
The current list of Sub-processors engaged in Processing Personal Data for the performance of each applicable Service, are located at https://dreamapp.io/privacy. DreamApp shall be liable for the acts and omissions of its Sub-processors to the same extent DreamApp would be liable if performing the services of each Sub-processor directly under the terms of this DPA, unless otherwise set forth in the Agreement.
CATEGORIES OF PERSONAL DATA
The subject matter, nature and purpose and details and duration of the data processing and the details of the type of Personal Data and categories of data subjects are as determined by the User and as permitted under the applicable Agreement.
In the event of a Security Incident, DreamApp will notify User, without undue delay, after DreamApp becomes aware of the Security Incident, via email address or as may be provided in the Services user interface, or as otherwise required under Applicable Privacy Law. DreamApp will supply User with information regarding the Security Incident (to the extent applicable and such information is available). DremApp will, promptly, commence an investigation of and take appropriate remedial steps to prevent and minimize any possible harm.
RETURN AND DELETION
DreamApp shall return or delete Personal Data, to the extent allowed by applicable law, in accordance with DreamApp's data retention policies and procedures. Until such Personal Data is deleted or returned, DreamApp shall continue to comply with this DPA.
Personal Data may be transferred outside Europe. If, in the performance of the Services, Personal Data that is subject to the GDPR, UK GDPR, or any other law relating to the protection or privacy of individuals that applies in Europe is transferred out of Europe to countries which do not ensure an adequate level of data protection within the meaning of the Applicable Privacy Law, the transfer mechanism shall be in accordance with the Standard Contractual Clauses.
LIMITATION OF LIABILITY
Each party's liability, taken together in the aggregate, arising out of or related to this DPA, whether in contract, tort or under any other theory of liability, is subject to the Limitation of Liability Section under the Agreement. For the avoidance of doubt, DreamApp's total liability for all claims from User arising out of or related to the Agreement and DPA shall apply in the aggregate for all claims under both agreements.
This DPA will terminate automatically (i) upon termination of the Agreement; or (ii) until DreamApp ceases to process Personal Data. In the event of a conflict between the Agreement and this DPA, the terms of this DPA will take precedence to the extent of the conflict. If any part of this DPA be invalid or unenforceable, then the remainder of this DPA shall remain valid and in force. The invalid or unenforceable provision shall be either (i) amended as necessary to ensure its validity and enforceability, while preserving the parties' intentions as closely as possible or, if this is not possible, (ii) construed in a manner as if the invalid or unenforceable part had never been contained therein.
13 Barfleur Lane,
London, England SE8 3DD
Free dream interpretations