Teachable Data Processing Agreement

Last updated July 1, 2020

This Data Processing Agreement ("Agreement") entered into by and between Teachable, Inc. ("Teachable" or “Us”) and you ("Creator" or "You"), is incorporated into and supplements our Terms of Use and Privacy Policy when Data Protection Laws apply to the processing of Student Data or Creator Data (as defined below).

When using Teachable Services (as defined in Teachable's Terms of Use), a Creator may upload, submit, or otherwise provide content to the Teachable Platform (“Creator Content”). The Creator is the owner of their Creator Content, and the sole controller of any personal data included in their Creator Content (“Creator Data”). Teachable processes Creator Data on behalf of the Creator at the Creator's direction.

To connect Creators and Students and enable Creators to provide services to their Students, Teachable provides Creators with access to a limited set of personal data of Students enrolled in their services (“Student Data”), as specified in our Privacy Policy. Teachable and Creators may each use Student Data for their own business purposes, at all times subject to the terms of this Agreement, our Terms of Use, and our Privacy Policy.
Terms used but not defined in this Agreement can be found in our Terms of Use. For the avoidance of doubt, this Agreement comprises this Data Processing Agreement, any appendices to it, and the Standard Contractual Clauses (where applicable, and as defined herein).

1. Definitions.

"Data Protection Laws" means all data protection laws and regulations applicable to the processing of Creator Data and Student Data, including, without limitation, the EU Data Protection Law.

"EU Data Protection Law" means all data protection laws and regulations applicable to the European Union, the European Economic Area (“EEA”), Switzerland, and the United Kingdom ("UK"), including (i) Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) ("GDPR"); (ii) Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector; (iii) applicable national legislation implementing the GDPR and Directive 2002/58/EC; and (iii) with respect of the UK, any applicable national legislation that replaces the GDPR or any other law relating to data and privacy as a consequence of the UK leaving the European Union.

"Personal Data Breach" means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, consumer personal data transmitted, stored or otherwise processed.

"Standard Contractual Clauses" means the controller-to-processor contractual clauses issued by the European Commission in Decision 2010/87/EU, as may be amended from time to time by the European Commission.

"Sensitive Data" means (i) social security number, passport number, driver's license number, or similar identifier (or any portion thereof); (ii) credit or debit card number (other than the truncated (last four digits) of a credit or debit card); (iii) employment, financial, genetic, biometric or health information; (iv) racial, ethnic, political or religious affiliation, trade union membership, or information about sexual life or sexual orientation; (v) account passwords; or (vi) other information that falls within the definition of "special categories of data" under applicable Data Protection Laws.

"Sub-Processor" means any entity engaged by Teachable to provide processing services in furtherance of Teachable’s processing of Creator Data.

The terms "personal data", "controller", "data subject", "processor" and "processing" shall have the meaning given to them under Data Protection Laws, or if not defined thereunder, the GDPR, and "process", "processes" and "processed" shall be interpreted accordingly.

1. Relationship between the Parties.

1.1. The parties acknowledge and agree that Creator is the controller and Teachable is a processor acting on behalf of Creator with respect to Creator Data, as further described in Schedule A of this Agreement.

1.2. The parties acknowledge and agree that Teachable and Creator each act as an independent controller with respect to their particular processing of Student Data. For the avoidance of doubt, Teachable and Creator are at all times independent controllers, not joint controllers, of Student Data.

2. Creator Obligations.

2.1. Creator shall (i) comply with all applicable laws, including but not limited to Data Protection Laws, in its use of Teachable Services and its own processing of Creator Data and Student Data, (ii) ensure that it has, and will continue to have, the right to transfer, or provide access to, Creator Data and Student Data to Teachable for processing in accordance with our Terms of Use and this Agreement, and (iii) be solely responsible for the accuracy, quality, and legality of Creator Data and the means by which Creator acquired Creator Data.

2.2. Creator Instructions. Creator appoints Teachable to process Creator Data on behalf of, and in accordance with, Creator’s documented instructions (i) as set forth in our Terms of Use and this Agreement; (ii) as necessary to comply with applicable law; and (iii) as otherwise agreed in writing by the parties. The parties agree that our Terms of Use and this Agreement constitute the Creator’s documented instructions to Teachable regarding the processing of Creator Data, and any processing outside the scope of these instructions shall require prior written agreement between the parties. Creator will ensure that Creator’s documented instructions relating to Teachable’s processing of Creator Data will not cause Teachable to violate any applicable laws, including Data Protection Laws.

2.3. Sensitive Data Prohibition. Creator acknowledges that Teachable Services are not intended for the processing of Sensitive Data and agrees that it will not provide (or cause to be provided) any Sensitive Data to Teachable for processing under this Agreement and our Terms of Use. Teachable will have no liability whatsoever for Sensitive Data, whether in connection with a Personal Data Breach or otherwise. For the avoidance of doubt, this Agreement will not apply to Sensitive Data.

3. Teachable's Obligations as Processor of Creator Data.

3.1. Teachable shall process Creator Data in accordance with applicable Data Protection Laws and consistent with our Terms of Use, Privacy Policy and this Agreement. Teachable shall only process Creator Data in accordance with the Creator’s documented instructions, as outlined in Section 2.2.

3.2. Teachable shall notify the Creator if it becomes aware of, or reasonably believes that, a documented instruction from the Creator infringes upon Data Protection Laws.

3.3. Confidentiality. Teachable shall ensure that its employees, authorized agents, and any Sub-Processors authorized to process Creator Data have agreed to comply with confidentiality obligations with respect to Creator Data.

3.4. Assistance to Creator. Teachable shall, taking into account the nature of the processing and the information available to Teachable, provide reasonable assistance to Creator to enable Creator to comply with its obligations under applicable Data Protection Laws. Notwithstanding the foregoing, Creator agrees that it will not cause Teachable to process any personal data that presents a high risk to the rights and freedoms of data subjects.

Sub-Processors.

3.5.1. Creator hereby provides a general authorization to Teachable to engage Sub-processors for the processing of Creator Data. Teachable maintains a list of Sub-processors that Creator has authorized to process Creator Data on its website at https://teachable.com/legal/subprocessors. Creator consents to Teachable engaging additional or replacement Sub-processors to process Creator Data pursuant to this Agreement, provided that Teachable provides the Creator with its intent to engage a new or replacement Sub-processor. Teachable will provide its intent by updating the list of Sub-Processors, which shall contain a mechanism for Creator to subscribe to notifications of new or replaced Sub-processors. Creator shall, without undue delay, object to any changes with regards to added or replaced Sub-processors. The Creator understands and accepts that such objection may result in Teachable not being able to fulfill its obligations under our Terms of Use to the extent such obligations are related to the relevant Sub-processor.

3.5.2. Prior to the relevant Sub-Processor carrying out any processing activities in respect of Creator Data, Teachable shall enter into an agreement with the Sub-Processor containing data protection obligations that provide at least the same level of protection for Creator Data as those under this Agreement.

3.6 Deletion on Termination. Upon termination or expiration of this Agreement, Teachable shall (at the Creator’s election) return or delete all Creator Data in its possession or control, except that this requirement shall not apply to the extent Teachable is required to retain some or all of the Creator Data to comply with its legal obligations, or to Creator Data it has archived on backup systems, which Teachable shall protect from any further processing and eventually delete in accordance with Teachable’s data retention policies, except to the extent required by applicable law.

3.6.1. Creator acknowledges and agrees that Teachable will fulfill its obligations to return Creator Data under this section by providing Creator the opportunity to download and export Creator Content out of the Teachable Platform.

4. Data Subject Requests.

4.1. Creator Data. As part of Teachable Services, Teachable provides the Creator with a number of self-service features, including the ability to modify, delete, and restrict access to Creator Content, that Creator may use to assist in complying with its obligations under Data Protection Laws with respect to responding to requests from data subjects regarding Creator Data.

4.2. Student Data. Each party shall respond to data subject requests received by it concerning the processing of covered Student Data promptly and within the timeframes required by Data Protection Laws. In the event that Creator receives any data subject requests regarding Student Data, Creator will promptly (and in any event within three business days) notify Teachable and provide Teachable with a copy of the request.

4.3. Teachable shall, taking into account the nature of the processing, provide reasonable assistance to Creator to enable Creator to comply with its data protection obligations with respect to data subject requests.

5. Security and Compliance Rights

5.1. Security Measures. Taking into account the state of technical developments and the nature of processing, Teachable undertakes to establish and maintain appropriate technical and organizational measures in order to protect Creator Data against accidental, unauthorised, or unlawful destruction, loss, alteration, disclosure, or access, in accordance with Teachable’s security standards described in Schedule B ("Security Measures").

5.2. Personal Data Breaches. In the event that Teachable becomes aware of a Personal Data Breach that affects Creator Data or Student Data, Teachable shall notify Creator without undue delay of the Personal Data Breach via the email address associated with the Creator’s primary owner account.

5.3. Compliance Obligations. In order to ensure compliance with the applicable Data Protection Laws, Teachable shall make available to the Creator information necessary to demonstrate compliance with the legal obligations related to the processing of Creator Data by Teachable on behalf of the Creator.

5.3.1. Teachable shall respond to all reasonable requests for information made by Creator to confirm Teachable’s compliance with this Agreement upon Creator’s written request to privacy@teachable.com.

5.3.2. Upon written request, Teachable shall supply (subject to confidentiality protections) a summary copy of its most current audit report(s) ("Audit Report") to Creator, so that Creator can verify Teachable’s compliance with the audit standards against which it has been assessed.

5.3.3.Should an audit be requested under applicable Data Privacy Laws to assess Teachable’s compliance with the terms of this Agreement, the parties shall select an accredited independent third-party audit firm that is mutually agreeable to both parties. Creator shall be responsible for all costs, fees, and expenses related to such audit. The scope of the audit shall be limited to Teachable's compliance with Data Privacy Laws as applied under this Agreement. Notwithstanding the foregoing, the audit shall occur during regular business hours, with reasonable advance notice to Teachable, and subject to confidentiality protections. Creator may not audit Teachable more than once annually.

6. International Transfers

6.1. The Creator acknowledges and agrees that Teachable may transfer and process personal data in and to servers and databases located in the United States and anywhere else in the world where Teachable, its affiliates, or its Sub-Processors maintain their servers, provided that Teachable shall comply with the provisions of applicable Data Protection Laws relating to the transfer.

6.2. To the extent that Teachable transfers Creator Data protected by the European Data Protection Law, Teachable and Creator agree to abide by and process Creator Data in compliance with the Standard Contractual Clauses, which are incorporated in full by reference and form an integral part of this Agreement. For purpose of the Standard Contractual Clauses, Teachable agrees that (i) it is the "data importer" and Creator is the "data exporter" under the Standard Contractual Clauses (notwithstanding that Creator may itself be an entity located outside the EU); and (ii) Schedule A of this Agreement shall replace Appendixes 1 and 2 of the Standard Contractual Clauses, respectively. The parties further agree that the Standard Contractual Clauses will solely apply to Creator Data that is transferred via Teachable Services from the EEA, the UK, and/or Switzerland to outside the EEA, the UK, and Switzerland, either directly or via onward transfer, to any country or recipient not recognized by the European Commission as providing an adequate level of protection for personal data (as described in the European Data Protection Law).

6.3. The Creator acknowledges and agrees that Teachable shall be entitled to enter into Standard Contractual Clauses with any Sub-processor on behalf of the Creator.

7. Limitation of Liability

7.1. Except as otherwise required under Data Protection Laws, Teachable’s liability under this Agreement is limited to the extent and amount set out in our Terms of Use.

8. Jurisdiction Specific Terms

8.1. To the extent Teachable processes Creator Data originating from and protected by applicable Data Protection Laws in one of the jurisdictions listed in Schedule C, then the terms specified in Schedule C with respect to the applicable jurisdiction(s) (“Jurisdiction Specific Terms”) apply in addition to the terms of this Agreement. In case of any conflict or ambiguity between the Jurisdiction Specific Terms and any other terms of this Agreement, the applicable Jurisdiction Specific Terms will take precedence.

9. Miscellaneous

9.1. Superseding Agreement. Unless otherwise agreed to between the parties, Creator acknowledges and agrees this Agreement shall replace any existing data processing agreement or similar document that the parties may have previously entered into in connection with Teachable Services.

9.2. Severability. If any one or more of the provisions contained in this Agreement is, for any reason, held to be invalid, illegal, or unenforceable in any respect, that invalidity, illegality, or unenforceability will not affect any other provisions of this Agreement, but this Agreement will be construed as if those invalid, illegal, or unenforceable provisions had never been contained in it, unless the deletion of those provisions would result in such a material change so as to cause completion of the transactions contemplated by this Agreement to be unreasonable.

9.3. Assignments. No one other than a party to this Agreement its successors and permitted assignees (as determined in our Terms of Use) shall have any right to enforce any of its terms.

9.4. Conflicts. In the event of any conflict or inconsistency between any of the terms of this Agreement and our Terms of Use, the provisions of the following documents (in order of precedence) shall prevail: (i) the Standard Contractual Clauses (where applicable); (ii) this Agreement; and (iii) our Terms of Use.

9.5. Updates. Teachable may update the terms of this Agreement from time to time, at its sole discretion, provided Teachable gives Creator reasonable advance notice of the update. Any additional amendments, change or alteration of this Agreement must be made in writing and duly signed by both Parties in order to become valid and effective.

9.6. Notices. Unless otherwise specified in this Agreement, each party giving notice or other communication required or permitted under this Agreement shall use one of the following methods of delivery: personal delivery, mail (registered or certified mail, postage prepaid, return-receipt requested), nationally recognized overnight courier (fees prepaid), or email.

9.7. Headings. The descriptive headings of the sections and subsections of this Agreement are for convenience only, and do not affect this Agreement, construction or interpretation.

9.8. Gender/Plural. Whenever such wording may appear in this Agreement, words in the singular shall mean and include the plural and vice versa and words in the feminine shall mean and include the masculine and vice versa.

10. Governing law and Jurisdiction; Disputes and Arbitration dispute

10.1. Unless otherwise required by applicable Data Protection Laws, this Agreement shall be governed in accordance with the laws of the State of New York without regard to its conflicts of laws principles. Any action arising out of or relating to this Agreement shall be filed only in the state or federal courts located in the County of New York in the State of New York. You consent and submit to the exclusive personal jurisdiction of such courts for the purpose of litigating any such action.

10.2. Any dispute, controversy, proceeding, or claim arising out of or in connection with or relating to this Agreement shall be resolved by binding confidential arbitration by JAMS pursuant to its Optional Expedited Arbitration Procedures then in effect for JAMS. The arbitration will be conducted in New York County, New York, unless Creator and Teachable agree otherwise. Any judgment on the award rendered by the arbitrator may be entered in any court of competent jurisdiction.

Schedule A: Details of Processing

Teachable’s Processing of Creator Data under this Agreement shall be in accordance with this Schedule A.

1.Subject matter of Processing: Creator Data, as defined in this Agreement.

2.Duration of the Processing: Teachable will store Creator Data in accordance with Section 3.6 of this Agreement (Term and Termination)

3.Nature and Purpose of the Processing: Teachable provides an open online content creation platform and additional services and tools to allow Creators to offer courses and other services to their Students. Creators may upload, submit, or otherwise provide Creator Content to the Teachable Platform in connection with their use of Teachable Services.

Teachable will process any personal data that is included in Creator Content (“Creator Data”) only in accordance with Creator’s documented instructions, including to (i) provide Teachable Services, in accordance with our Terms of Use; (ii) to comply with any other reasonable instructions provided by Creator that are consistent with our Terms of Use; and (iii) to comply with any applicable law.

4.Data Subjects and Categories of Personal Data

A Creator may upload, submit, or otherwise provide certain personal data to the Platform, the extent of which is typically determined and controlled by the Creator, in its sole discretion. The type of data subjects and categories of personal data included will depend on the nature of the Creator Content, and may include personal data about the Creator and/or third parties, such as biographical and contact information.

Schedule B: Security Measures

The Security Measures applicable to the Teachable Platform are described here (as updated from time to time in accordance with Section 5.1 of this Agreement).

Schedule C: Jurisdiction-Specific Terms

California:

  1. The definitions of: “controller” includes “Business”; "Sub-Processor" includes “Service Provider”; “data subject” includes “Consumer”; “personal data” includes “Personal Information”; in each case as defined under the California Consumer Privacy Act ("CCPA").

  2. Teachable’s obligations regarding data subject requests, as described in Section 4 of this Agreement, apply to Consumers’ rights under the CCPA.

  3. For this “California” section of Schedule C only, Creator’s documented instructions shall include, in addition to the purposes set out in Section 2.2, processing of Creator Data as may be permitted for “service providers” under CCPA.

  4. Teachable agrees not to (i) sell (as defined by the CCPA) Creator Data or Student Data or (ii) retain, use, or disclose Creator Data outside of the scope of this Agreement and our Terms of Use.