ATTACHMENT A: Data Protection Addendum
Updated March 9, 2021
Throughout this Data Protection Addendum, whenever we use the words "Loyalty Gator," "we," "us," "our," or similar, they all refer to Loyalty Gator. Likewise, the words “Client,” "you," "your," and other similar terms refer to you, the user, organization or entity entering into this Agreement with us.
This Agreement is subject to change, however we will post any changes on our Site when made and will do our best to inform you promptly of any material changes.
1. Definitions
1. “Client Personal Data” means any Personal Data processed by Loyalty Gator on behalf of Client pursuant to or in connection with the Agreement;
2. “GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, known more commonly as the EU General Data Protection Regulation;
3. “Loyalty Gator Systems” means any or all of the Loyalty Gator website, customer web portal, and Loyalty Dashboard entities.
4. “Special Categories of Personal Data” shall have the same meaning as in Article 9(1) of the GDPR;
5. “Sub-processor” means any entity engaged by Loyalty Gator to process Client Personal Data in connection with the Services; and
6. For purposes of this Data Protection Addendum, the terms “Controller”, “Data Subject”, “Personal Data”, “Personal Data Breach”, “Processor” “Processing” and “Supervisory Authority” shall have the same meaning as in Article 4 of the GDPR.
2. Loyalty Gator’s Obligations
1. Loyalty Gator (as Processor) agrees with Client (as “Controller”) that it shall:
1. only process Personal Data on behalf of Client and in compliance with Client’s documented instructions and this Agreement unless Loyalty Gator is required to do so by mandatory EU or EU Member State law to which Loyalty Gator is subject. In such cases, Loyalty Gator will inform Client of that legal requirement before Processing, where permitted to under that law;
2. taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Loyalty Gator shall in relation to the Client Personal Data implement appropriate technical and organizational measures to ensure a level of security appropriate to that risk;
3. take reasonable steps to ensure that Loyalty Gator’s personnel, agents and contractors that process the Personal Data are subject to confidentiality undertakings or professional or statutory obligations of confidentiality;
4. taking into account the nature of the Processing, assist Client by implementing appropriate technical and organizational measures, insofar as this is possible, for the fulfillment of Client’s obligations to respond to requests to exercise Data Subject’s rights under the GDPR;
5. notify Client without undue delay of becoming aware of a Personal Data Breach affecting Client Personal Data and taking into account the nature of Processing and the information available to Loyalty Gator, provide reasonable assistance to Client to allow Client to meet any obligations applicable to Client in relation to such breaches under the GDPR;
6. taking into account the nature of the Processing and the information available to Loyalty Gator, provide reasonable assistance to Client in relation to any mandatory obligations applicable to Client in relation to the performance of data protection impact assessments or the carrying out of consultations with a Supervisory Authority (or Supervisory Authority Concerned) under the GDPR, in each case solely in relation to the Processing of Client Personal Data;
7. upon the expiration or termination of this Agreement for any reason, at Client’s election, return or delete all Client Personal Data in Loyalty Gator’s possession and delete existing copies of Client Personal Data, except to the extent necessary to comply with our legal obligations, resolve disputes, and/or enforce our agreements. Note that we will continue to store Client’s business contact information in order to communicate with the client, answer questions or provide support, and we may also retain log files for the purpose of internal analysis, site safety and security, improving site functionality, or where we are legally required to retain them for longer time periods.
8. make available to Client on request all information reasonably necessary to demonstrate compliance with Loyalty Gator’s obligations and, to the extent required under Data Protection Laws, allow for and contribute to audits conducted by Client or another auditor mandated by Client that relate to the Client Personal Data. Before the commencement of any audit, Client and Loyalty Gator shall mutually agree upon the scope, timing, and duration of the audit, in addition to the reimbursement of Loyalty Gator’s costs for which Client shall be responsible; and
9. promptly inform Client if, in its opinion, an instruction infringes applicable Data Protection Laws.
2. Loyalty Gator employs third party Sub-processors to perform certain functions on its behalf, including operating our support ticket system, scheduling, invoicing, client account management, bookkeeping, marketing and customer service assistance, processing payments, and legal document management. A list of Sub-processors, including the identities of those Sub-processors and their country of location, is available upon request as Schedule B1. Client may request further information and an updated list of Sub-processors at any time.
You acknowledge and agree that Loyalty Gator may engage these third party Sub-processors, and additional third-party Sub-processors as it may deem necessary, in connection with the provision of the Services.
3. You acknowledge and agree to the transfer of your data abroad, including to Canada and the United States, so that Loyalty Gator can process information and provide its services, as addressed here and in our Privacy Policy.
4. You agree not to use this Site or Service if you are located in a country that is on an applicable export control or embargo list.
3. Client’s Obligations and Instructions to Loyalty Gator
As a Loyalty Gator Client, you understand and agree that we will collect and use your information as we describe here and in our Privacy Policy. We ask our Clients to read our Privacy Policy in full. When a Client sets up a loyalty program, it acts as the controller of the data that program collects. Loyalty Gator processes the data on the Client’s behalf. It is the Client’s responsibility, as the controller of the data obtained, to ensure that it has met its legal obligations.
1. Client represents and warrants that:
1. all use of Loyalty Gator Systems by Client, its employees, agents and any other persons with access to the Loyalty Gator Systems, and all use of Loyalty Gator’s services, will be in compliance with applicable data protection law.
2. where the GDPR is applicable law, Client shall only process Special Categories of Personal Data using Loyalty Gator Systems in accordance with GDPR Article 9, in reliance on explicit consent or to protect the vital interests of the data subjects or of another person where the data subject is physically or legally incapable of giving consent, and as otherwise permitted by data protection law.
3. to the extent that Client relies on consent as a ground to process Personal Data or Special Categories of Personal Data under Data Protection Laws, Client shall not exceed the scope of consent that was obtained at the time the personal data was provided, or will obtain its own valid consent from Data Subjects in accordance with data protection law (including, in particular, in accordance with Articles 6(1)(a) and 9(2)(a) of the GDPR).
2. Client hereby instructs Loyalty Gator to:
1. process Client Personal Data on its behalf so Loyalty Gator can comply with its obligations under this Agreement and provide the Services and the Loyalty Gator System to Client;
2. disclose Client Personal Data as appropriate to emergency services and other designated third parties where such a disclosure may be necessary to protect the vital interests of data subjects or other members of the public.
Schedule B1
Loyalty Gator Sub-processors of Client Personal Data
In its role as a processor of your Customer Data, Loyalty Gator may engage various third-party sub-processors to process your Company Data and/or Customer Data. Sub-processors may be used by Loyalty Gator to process data that you provide through the Loyalty Gator website, sign up forms, support ticket engine, or loyalty dashboards/API.
An updated list of Sub-processors, including the identities of those Sub-processors and their country of location, is available to Clients upon written request at any time by contacting us at: