Data Processing Addendum
Updated: 15th December 2021
This data processing addendum is part of the agreement between ProAPIs Inc. (that is rendering its services as iScraper on www.iscraper.io) and its API Customers with regard to processing of LinkedIn public data by ProAPIs on behalf of the Customer.
For the purpose of this agreement, the terms:
“Data Processor”, “We”, “Us” or “Our” refers to ProAPIs Inc.
“API Customer” refers to data science companies, individuals and other companies that have created an account with and enjoy the services provided by ProAPIs on www.iscraper.io
“Data Protection laws” refers to the data protection laws applicable in Delaware, USA.
“Data Subject” refers to an individual to who personal data relates or an individual who can be identified based on the personal data collected as per the terms of this agreement
“You” or “Your” refers to the API Customer.
“Services rendered by ProAPIs” refers to the processing of LinkedIn public data by ProAPIs on behalf of the customer.
“Parties” refers to the customer and ProAPIs Inc.
“Personal data” refers to information relating to an identifiable individual like name, location or physical address, phone number and email address.
The Customer has contacted and entered into a contract with the Data Processor to render the service of processing LinkedIn public data on their behalf. The public data that the customer needs falls under the category of personal data. The Customer and Data Processor enter into addendum so as to set the terms and their responsibilities in respect to processing of this personal data (LinkedIn public data) together with the Customer’s personal data provided during registration of an account.
By using the services rendered by ProAPIs, the Customer accepts this data processing addendum and will be legally bound by it. If you cannot comply with any of the clauses provided herein or do not agree with any of them, do not use our services.
Processing of personal data
The type of data processed pursuant to this agreement is LinkedIn public data of regular profiles, companies and company employees. The Data Processor does not collect any data categorised as private on a Company or Individual’s LinkedIn Profile. As such, the Data Processor doesn’t guarantee the availability of all information requested by the Customer since they may not be available.
Role of the customer
The main role of the Customer is to request the Data Processor to process LinkedIn public information of regular profiles, companies and their employees on the customer’s behalf. The Customer must comply with Data Protection laws. Additionally, the customer:
- Must have a legal basis to request for data collection
- Is responsible for taking up security measures to protect personal data from unauthorized processing.
- Shall be responsible for the accuracy, quality and legality of the personal data and the means of acquiring the data.
Role of the Data Processor
The main role of the Data Processor is to process data on behalf of the customer. With respect to personal data, the Data Processor shall only process data in accordance with applicable data laws, the customer’s instructions and will take appropriate steps to ensure that any individual acting under its authority will process it as provided herein. The customer’s instructions must comply with the law for the Data Processor to act in accordance with them. The Data Processor must inform the customer promptly if the instructions provided violate any laws.
Additionally, the Data Processor shall:
- Inform the customer of any legal requirements before processing
- Take appropriate measures to ensure that the personal data they collect on behalf of the customer is protected
- Process the data within reasonable time and inform the Customer about the duration
- Assist the Customer promptly with regards to security breach
- Delete the customer’s personal data upon receiving the customer’s request
Data subject rights
Data subjects have the right to privacy which includes a right to decide which of their personal information they want disclosed or which one they want concealed. While exercise this right, the data subjects can request the Data Processor to access, rectify, erase or delete any of their personal data that the Processor collected, stored and submitted to the Customer. The Data Processor has the obligation to obey the request of the data subject because failure to do so will arise to the violation or infringement of the data subject’s right to privacy.
Upon receiving a request from the data subject, the Data Processor has an obligation to:
- Inform the client promptly about the request received from the data subject
- Assist the Customer to comply with the request made by the data subject
The Customer permits the Data Processor to delegate its role of data collection by appointing third parties called sub-processors. However, although this is the case, the Data Processor will still be liable to the customer even for the activities or omissions of the sub-processor. If the Customer doesn’t object the appointment of a sub-processor after being informed by the Processor, an assumption of acceptance will be made.
The Data Processor has the obligation of ensuring that the sub-processor:
- Will act in compliance with all the legally binding agreements that govern the relationship between the Customer and Data Processor.
- Takes reasonable steps to protect personal data collected for the purpose of this agreement.
Data protection impact assessment
The Customer has a legal obligation to carry out a data protection risk assessment. The Data Processor ought to offer reasonable assistance to the Customer upon being requested. The reason behind needing assistance is that the Customer may not have access to all the relevant information.
Audit and records
The Customer can request the Data Processor to disclose information relating to processing of personal data for their review. In compliance with this section and agreement, the Data Processor shall permit the inspection requests made by availing any records in its possession. Any records that the Data Processor avails must be treated as confidential and shall not be disclosed to third parties.
The customer is responsible for the costs of the audit and even reimbursement of the Data Processor provided that the audit doesn’t portray a breach on the part of the Processor.
Deletion of data
Upon termination of this agreement, ProAPIs undertakes that it will delete the personal data of the Customer in its possession like credit card information and records of usage of the site.
Security and breach
The Data Processor shall take all the necessary measures to protect the Customer’s Personal Data. In case the Processor notices a breach of the Customer’s Personal Data, it will have the following obligations:
- To promptly inform the Customer about the breach
- To investigate the Personal Data breach
- Take reasonable steps to mitigate and minimize the damage caused by the breach
In the event that a court or any other authorized body declares any provision or part of this agreement invalid, that section will be considered unenforceable and deleted. However, the other remaining provisions shall be valid and enforceable.
Modification of this document
The Data Processor reserves the right to modify this document without giving prior notice to the customer. However, after modification of the agreement and before the enforcement date of the new document, the Data Processor shall inform the API customers about the modifications and give them a chance to have a look at the new document. By continuing to use the website after the enforcement date of the new agreement, the Customer signifies acceptance of the new provisions. If any of the clients has concerns regarding the new document, they can contact the Data Processor via email on firstname.lastname@example.org.
The laws of Delaware, US govern this agreement and will be applicable in the event that a dispute arises.