"Data Protection Laws" means all data protection laws and regulations applicable to the processing of Creator Data and Student Data, including, without limitation, the EU Data Protection Law.
"EU Data Protection Law" means all data protection laws and regulations applicable to the European Union, the European Economic Area (“EEA”), Switzerland, and the United Kingdom ("UK"), including (i) Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) ("GDPR"); (ii) Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector; (iii) applicable national legislation implementing the GDPR and Directive 2002/58/EC; and (iii) with respect of the UK, any applicable national legislation that replaces the GDPR or any other law relating to data and privacy as a consequence of the UK leaving the European Union.
"Personal Data Breach" means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, consumer personal data transmitted, stored or otherwise processed.
"Standard Contractual Clauses" means the controller-to-processor contractual clauses issued by the European Commission in Decision 2010/87/EU, as may be amended from time to time by the European Commission.
"Sensitive Data" means (i) social security number, passport number, driver's license number, or similar identifier (or any portion thereof); (ii) credit or debit card number (other than the truncated (last four digits) of a credit or debit card); (iii) employment, financial, genetic, biometric or health information; (iv) racial, ethnic, political or religious affiliation, trade union membership, or information about sexual life or sexual orientation; (v) account passwords; or (vi) other information that falls within the definition of "special categories of data" under applicable Data Protection Laws.
"Sub-Processor" means any entity engaged by Teachable to provide processing services in furtherance of Teachable’s processing of Creator Data.
The terms "personal data", "controller", "data subject", "processor" and "processing" shall have the meaning given to them under Data Protection Laws, or if not defined thereunder, the GDPR, and "process", "processes" and "processed" shall be interpreted accordingly.
1. Relationship between the Parties.
1.1. The parties acknowledge and agree that Creator is the controller and Teachable is a processor acting on behalf of Creator with respect to Creator Data, as further described in Schedule A of this Agreement.
1.2. The parties acknowledge and agree that Teachable and Creator each act as an independent controller with respect to their particular processing of Student Data. For the avoidance of doubt, Teachable and Creator are at all times independent controllers, not joint controllers, of Student Data.
2. Creator Obligations.
3. Teachable's Obligations as Processor of Creator Data.
3.2. Teachable shall notify the Creator if it becomes aware of, or reasonably believes that, a documented instruction from the Creator infringes upon Data Protection Laws.
3.3. Confidentiality. Teachable shall ensure that its employees, authorized agents, and any Sub-Processors authorized to process Creator Data have agreed to comply with confidentiality obligations with respect to Creator Data.
3.4. Assistance to Creator. Teachable shall, taking into account the nature of the processing and the information available to Teachable, provide reasonable assistance to Creator to enable Creator to comply with its obligations under applicable Data Protection Laws. Notwithstanding the foregoing, Creator agrees that it will not cause Teachable to process any personal data that presents a high risk to the rights and freedoms of data subjects.
3.5.2. Prior to the relevant Sub-Processor carrying out any processing activities in respect of Creator Data, Teachable shall enter into an agreement with the Sub-Processor containing data protection obligations that provide at least the same level of protection for Creator Data as those under this Agreement.
3.6 Deletion on Termination. Upon termination or expiration of this Agreement, Teachable shall (at the Creator’s election) return or delete all Creator Data in its possession or control, except that this requirement shall not apply to the extent Teachable is required to retain some or all of the Creator Data to comply with its legal obligations, or to Creator Data it has archived on backup systems, which Teachable shall protect from any further processing and eventually delete in accordance with Teachable’s data retention policies, except to the extent required by applicable law.
3.6.1. Creator acknowledges and agrees that Teachable will fulfill its obligations to return Creator Data under this section by providing Creator the opportunity to download and export Creator Content out of the Teachable Platform.
4. Data Subject Requests.
4.1. Creator Data. As part of Teachable Services, Teachable provides the Creator with a number of self-service features, including the ability to modify, delete, and restrict access to Creator Content, that Creator may use to assist in complying with its obligations under Data Protection Laws with respect to responding to requests from data subjects regarding Creator Data.
4.2. Student Data. Each party shall respond to data subject requests received by it concerning the processing of covered Student Data promptly and within the timeframes required by Data Protection Laws. In the event that Creator receives any data subject requests regarding Student Data, Creator will promptly (and in any event within three business days) notify Teachable and provide Teachable with a copy of the request.
4.3. Teachable shall, taking into account the nature of the processing, provide reasonable assistance to Creator to enable Creator to comply with its data protection obligations with respect to data subject requests.
5. Security and Compliance Rights
5.1. Security Measures. Taking into account the state of technical developments and the nature of processing, Teachable undertakes to establish and maintain appropriate technical and organizational measures in order to protect Creator Data against accidental, unauthorised, or unlawful destruction, loss, alteration, disclosure, or access, in accordance with Teachable’s security standards described in Schedule B ("Security Measures").
5.2. Personal Data Breaches. In the event that Teachable becomes aware of a Personal Data Breach that affects Creator Data or Student Data, Teachable shall notify Creator without undue delay of the Personal Data Breach via the email address associated with the Creator’s primary owner account.
5.3. Compliance Obligations. In order to ensure compliance with the applicable Data Protection Laws, Teachable shall make available to the Creator information necessary to demonstrate compliance with the legal obligations related to the processing of Creator Data by Teachable on behalf of the Creator.
5.3.1. Teachable shall respond to all reasonable requests for information made by Creator to confirm Teachable’s compliance with this Agreement upon Creator’s written request to firstname.lastname@example.org.
5.3.2. Upon written request, Teachable shall supply (subject to confidentiality protections) a summary copy of its most current audit report(s) ("Audit Report") to Creator, so that Creator can verify Teachable’s compliance with the audit standards against which it has been assessed.
5.3.3.Should an audit be requested under applicable Data Privacy Laws to assess Teachable’s compliance with the terms of this Agreement, the parties shall select an accredited independent third-party audit firm that is mutually agreeable to both parties. Creator shall be responsible for all costs, fees, and expenses related to such audit. The scope of the audit shall be limited to Teachable's compliance with Data Privacy Laws as applied under this Agreement. Notwithstanding the foregoing, the audit shall occur during regular business hours, with reasonable advance notice to Teachable, and subject to confidentiality protections. Creator may not audit Teachable more than once annually.
6. International Transfers
6.1. The Creator acknowledges and agrees that Teachable may transfer and process personal data in and to servers and databases located in the United States and anywhere else in the world where Teachable, its affiliates, or its Sub-Processors maintain their servers, provided that Teachable shall comply with the provisions of applicable Data Protection Laws relating to the transfer.
6.2. To the extent that Teachable transfers Creator Data protected by the European Data Protection Law, Teachable and Creator agree to abide by and process Creator Data in compliance with the Standard Contractual Clauses, which are incorporated in full by reference and form an integral part of this Agreement. For purpose of the Standard Contractual Clauses, Teachable agrees that (i) it is the "data importer" and Creator is the "data exporter" under the Standard Contractual Clauses (notwithstanding that Creator may itself be an entity located outside the EU); and (ii) Schedule A of this Agreement shall replace Appendixes 1 and 2 of the Standard Contractual Clauses, respectively. The parties further agree that the Standard Contractual Clauses will solely apply to Creator Data that is transferred via Teachable Services from the EEA, the UK, and/or Switzerland to outside the EEA, the UK, and Switzerland, either directly or via onward transfer, to any country or recipient not recognized by the European Commission as providing an adequate level of protection for personal data (as described in the European Data Protection Law).
6.3. The Creator acknowledges and agrees that Teachable shall be entitled to enter into Standard Contractual Clauses with any Sub-processor on behalf of the Creator.
7. Limitation of Liability
8. Jurisdiction Specific Terms
8.1. To the extent Teachable processes Creator Data originating from and protected by applicable Data Protection Laws in one of the jurisdictions listed in Schedule C, then the terms specified in Schedule C with respect to the applicable jurisdiction(s) (“Jurisdiction Specific Terms”) apply in addition to the terms of this Agreement. In case of any conflict or ambiguity between the Jurisdiction Specific Terms and any other terms of this Agreement, the applicable Jurisdiction Specific Terms will take precedence.
9.1. Superseding Agreement. Unless otherwise agreed to between the parties, Creator acknowledges and agrees this Agreement shall replace any existing data processing agreement or similar document that the parties may have previously entered into in connection with Teachable Services.
9.2. Severability. If any one or more of the provisions contained in this Agreement is, for any reason, held to be invalid, illegal, or unenforceable in any respect, that invalidity, illegality, or unenforceability will not affect any other provisions of this Agreement, but this Agreement will be construed as if those invalid, illegal, or unenforceable provisions had never been contained in it, unless the deletion of those provisions would result in such a material change so as to cause completion of the transactions contemplated by this Agreement to be unreasonable.
9.5. Updates. Teachable may update the terms of this Agreement from time to time, at its sole discretion, provided Teachable gives Creator reasonable advance notice of the update. Any additional amendments, change or alteration of this Agreement must be made in writing and duly signed by both Parties in order to become valid and effective.
9.6. Notices. Unless otherwise specified in this Agreement, each party giving notice or other communication required or permitted under this Agreement shall use one of the following methods of delivery: personal delivery, mail (registered or certified mail, postage prepaid, return-receipt requested), nationally recognized overnight courier (fees prepaid), or email.
9.7. Headings. The descriptive headings of the sections and subsections of this Agreement are for convenience only, and do not affect this Agreement, construction or interpretation.
9.8. Gender/Plural. Whenever such wording may appear in this Agreement, words in the singular shall mean and include the plural and vice versa and words in the feminine shall mean and include the masculine and vice versa.
10. Governing law and Jurisdiction; Disputes and Arbitration dispute
10.1. Unless otherwise required by applicable Data Protection Laws, this Agreement shall be governed in accordance with the laws of the State of New York without regard to its conflicts of laws principles. Any action arising out of or relating to this Agreement shall be filed only in the state or federal courts located in the County of New York in the State of New York. You consent and submit to the exclusive personal jurisdiction of such courts for the purpose of litigating any such action.
10.2. Any dispute, controversy, proceeding, or claim arising out of or in connection with or relating to this Agreement shall be resolved by binding confidential arbitration by JAMS pursuant to its Optional Expedited Arbitration Procedures then in effect for JAMS. The arbitration will be conducted in New York County, New York, unless Creator and Teachable agree otherwise. Any judgment on the award rendered by the arbitrator may be entered in any court of competent jurisdiction.
Schedule A: Details of Processing
Teachable’s Processing of Creator Data under this Agreement shall be in accordance with this Schedule A.
1.Subject matter of Processing: Creator Data, as defined in this Agreement.
2.Duration of the Processing: Teachable will store Creator Data in accordance with Section 3.6 of this Agreement (Term and Termination)
3.Nature and Purpose of the Processing: Teachable provides an open online content creation platform and additional services and tools to allow Creators to offer courses and other services to their Students. Creators may upload, submit, or otherwise provide Creator Content to the Teachable Platform in connection with their use of Teachable Services.
4.Data Subjects and Categories of Personal Data
A Creator may upload, submit, or otherwise provide certain personal data to the Platform, the extent of which is typically determined and controlled by the Creator, in its sole discretion. The type of data subjects and categories of personal data included will depend on the nature of the Creator Content, and may include personal data about the Creator and/or third parties, such as biographical and contact information.
Schedule B: Security Measures
The Security Measures applicable to the Teachable Platform are described here (as updated from time to time in accordance with Section 5.1 of this Agreement).
Schedule C: Jurisdiction-Specific Terms
The definitions of: “controller” includes “Business”; "Sub-Processor" includes “Service Provider”; “data subject” includes “Consumer”; “personal data” includes “Personal Information”; in each case as defined under the California Consumer Privacy Act ("CCPA").
Teachable’s obligations regarding data subject requests, as described in Section 4 of this Agreement, apply to Consumers’ rights under the CCPA.
For this “California” section of Schedule C only, Creator’s documented instructions shall include, in addition to the purposes set out in Section 2.2, processing of Creator Data as may be permitted for “service providers” under CCPA.