This Data Processing Addendum (“DPA”) forms part of the Terms of Service available at Terms of Service, entered into by and between the Customer and Scholastica, Inc. (“Scholastica”). The purpose of this DPA is to reflect the parties’ agreement with regard to the processing of personal data in accordance with the requirements of Data Protection Legislation as defined below.
In the course of providing the Site or Services to Customer, Scholastica may process personal data on behalf of Customer. Scholastica agrees to comply with the following provisions with respect to any personal data submitted by or for Customer to the Site or collected and processed by or for Customer through the Site.
In this DPA, “Data Protection Legislation” means European Directives 95/46/EC and 2002/58/EC (as amended by Directive 2009/136/EC) and any legislation and/or regulation implementing or made pursuant to them, or which amends, replaces, re-enacts or consolidates any of them (including the General Data Protection Regulation (Regulation (EU) 2016/279)), and all other applicable laws relating to processing of personal data and privacy that may exist in any relevant jurisdiction.
“data controller”, “data processor”, “data subject”, “personal data”, “processing”, and “appropriate technical and organisational measures” shall be interpreted in accordance with applicable Data Protection Legislation;
The parties agree that the Customer is the data controller and that Scholastica is its data processor in relation to personal data the Customer enters and that is processed in the course of providing the Site and Services (e.g. a journal editor uploads in potential reviewer email addresses into Scholastica, or an institutional account administrator uploads email addresses of their faculty). Customer shall comply at all times with Data Protection Legislation in respect of all personal data it provided to Scholastica.
The parties agree that Scholastica is the data controller in relation to personal data entered by the data subject themselves (e.g. a user creating an account and uploading their name, email address, etc.). Scholastica may also act as a controller of Customer-entered data. For example, we may need to use certain customer data for the legitimate interests of billing, customer support, and in the context of detecting problems within the Site.
In respect of personal data processed in the course of providing the Application Services, Scholastica: