Last Updated: December 20th, 2024
This Data Processing Agreement ("DPA") is incorporated into each Agreement between Maestro, LLC (together with its Affiliates, "Maestro") and the customer ("Customer", "you", "your") concerning the use of Maestro’s Services, as defined below. The Customer enters into this DPA on behalf of itself and any affiliates authorized to use Services under the Agreement ("Authorized Affiliate"). Maestro and the Customer are referred to individually as a "party" and collectively as the "parties."
For purposes of this DPA, capitalized terms have the meanings set forth below. Other capitalized terms have the meaning set forth in the Agreement.
1.1 "Affiliate" means any entity that directly or indirectly controls, is controlled by, or is under common control with a party to this DPA.
1.2 "Agreement" means the underlying agreement(s) entered into by Maestro and Customer for the provision of Mighty, Maestro's Chrome extension.
1.3 "Applicable Law" means all laws, regulations and other legal requirements applicable to either (i) Maestro in its role as provider of the Services or (ii) you. This may include, for example, the General Data Protection Regulation (Regulation (EU) 2016/679) ("GDPR"); equivalent requirements in the United Kingdom including the UK General Data Protection Regulation and the Data Protection Act 2018 ("UK Data Protection Law"); the California Consumer Privacy Act and associated regulations ("CCPA"), and the California Privacy Rights Act and its implementing related regulations when effective ("CPRA"); the Personal Information Protection and Electronic Documents Act, SC 2000, c.5 ("PIPEDA"); Australia's Privacy Act 1988 and the Australian Privacy Principles (the "Privacy Act"); the Virginia Consumer Data Protection Act when effective ("VCDPA"); the Utah Consumer Privacy Act when effective ("UCPA"), and the Colorado Privacy Act and related regulations when effective ("CPA"). Each party is responsible only for the Applicable Law applicable to it.
1.4 "Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.
1.5 "Customer Content" (or "Your Content") refers to all content and information that Customer, an Authorized Affiliate, or a User uploads, imports, or develops in or to the Services, or that Maestro otherwise receives by or through the Services from Customer, an Authorized Affiliate, or a User.
1.6 "Data Subject" means an identified or identifiable natural person. Where the CCPA or CPRA apply, the term also includes an identified or identifiable household.
1.7 "Personal Data" means (i) any information relating to an identified or identifiable individual, within the meaning of the GDPR (regardless of whether the GDPR applies); (ii) "personal data" within the meaning of the VCDPA and CPA (regardless of whether they apply); (iii) "personal information" within the meaning of PIPEDA, the CCPA, the CPRA, and the Privacy Act (regardless of whether they apply); and (iv) any analogous term as defined in Applicable Law.
1.8 "Personal Data Breach" means the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data.
1.9 "Process" and "Processing" mean any operation or set of operations performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, creating, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
1.10 "Processor" means a natural or legal person, public authority, agency or other body which Processes Personal Data on behalf of the Controller.
1.11 "Services" means Maestro's software-as-a-service offering, Mighty.
1.12 "Standard Contractual Clauses" and "2021 SCCs" mean the clauses issued pursuant to the EU Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council, available at https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj and completed as described in the "Data Transfers" section below.
1.13 "Subprocessor" means any subcontractor engaged by Maestro for the Processing of Personal Data.
1.14 "Trust & Compliance Documentation" means the documentation regarding privacy, data security, and Subprocessor information applicable to the specific Services purchased by Customer, as may be updated periodically, and accessible via Maestro's website at https://maestrolearning.com/privacy-policy/ and https://mighty.maestrolearning.com/terms and https://maestrolearning.com/gdpr/ and https://mighty-by-maestro.notion.site/GDPR-Data-Subprocessors-list-151460accdc58050834cf22549e1ca63?pvs=74
1.15 "UK SCC Addendum" means the International Data Transfer Addendum to the EU Commission Standard Contractual Clauses (available as of the Effective Date at https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/international-transfers/international-data-transfer-agreement-and-guidance/), completed as set forth in the "Data Transfers" section below.