Data Protection Addendum

This Data Protection Addendum ( "Addendum" ) forms part of the Shogun Terms of Service (or other written or electronic agreement incorporating this Addendum by reference) between Shogun and Customer for the purchase of a subscription to Shogun's cloud-based page building software toolsmade generally available by Shogun for use by its customers to build and serve their e-commerce websites (hereinafter defined as the " Service", and such Terms of Service or other agreement defined herein as the " Agreement"). This Addendum reflects the parties' agreement with regard to the Processing of Personal Data. Customer enters into this DPA on behalf of itself and, to the extent required under applicable Data Protection Laws, in the name and on behalf of its affiliates, if and to the extent Shogun processes Personal Data for which such affiliates qualify as the Controller. In providing the Service to Customer pursuant to the Agreement, Shogun may Process Personal Data on behalf of Customer, and the parties agree to comply with the following provisions with respect to any Personal Data.

If you would like to complete a countersigned copy of this Addendum for your records, the following are the instructions for completing such a copy:

1. This Addendum consists of two parts: the main body of the Addendum, and Exhibit A (including all Appendices thereof).

2. This Addendum has been pre-signed on behalf of Shogun.

3. To complete a countersigned copy of this Addendum, you must:

  • Complete the information in the signature box and sign this Addendum below.
  • Send the completed and signed Addendum to Shogun by email, indicating your website/ online store URL to founders@getshogun.com.

1. Data Protection

General

1.1 The parties acknowledge and agree that for the purposes of the Agreement the Customer is the Data Controller and Shogun is a Data Processor in respect of all Personal Data Processed pursuant to the Agreement.

1.2 The Customer shall comply with its obligations under Data Protection Laws in respect of all Personal Data Processed pursuant to the Agreement.

1.3 Shogun shall only Process Personal Data for the purpose of performing the Services during the term of the Agreement on documented instructions that the Customer may give to Shogun from time to time concerning such Processing or as otherwise expressly permitted in the Agreement. The Customer shall ensure that any such instructions comply with all applicable laws (including the Data Protection Laws).

1.4 Notwithstanding any provision to the contrary within this Addendum, Shogun may take any steps that Shogun (acting reasonably and in good faith) determines are necessary in order for it to comply with Data Protection Laws. This shall include, without limitation, Shogun having the right to notify any relevant Supervisory Authority of any circumstance that has arisen in relation to the Processing of Personal Data under the Agreement to the extent that Shogun (acting reasonably and in good faith) believes that this is necessary in order to comply with Data Protection Laws.

Security

1.5 Shogun shall maintain appropriate technical and organisational security measures in accordance with Article 32 of the General Data Protection Regulation.

1.6 Shogun shall ensure that the measures to be taken pursuant to clause 1.5 are appropriate having regard to:

1.6.1 the nature of the Personal Data and the scope, context and purposes of the Processing and the likelihood and severity of the risks to Data Subjects that are presented by the Processing of such Personal Data, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data transmitted, stored or otherwise Processed; and

1.6.2 the state of technological development and the cost of implementing such measures.

Record-Keeping & Audits

1.7 Shogun shall:

1.7.1 maintain a record of its Processing activities which relate to the Agreement in accordance with the requirements of Article 30(2) of the General Data Protection Regulation;

1.7.2 at any time upon request deliver up:

1.7.2.1 all Personal Data Processed pursuant to the Agreement; and

1.7.2.2 all such records that Shogun holds in accordance with clause 1.7.1 (except for any Personal Data which Data Protection Laws require to be stored)

Following such delivery up and in the event of termination or expiry of the Agreement Shogun shall promptly and securely delete or destroy all such Personal Data (except for any Personal Data which Data Protection Laws require to be stored).

1.8 Each party shall:

1.8.1 provide the other with such information as such other party reasonably requests from time to time to enable such other party to satisfy itself that the party providing the information is complying with its obligations under the Data Protection Laws; and

1.8.2 allow the other party, its agents, representatives and external auditors access (on reasonable notice and during normal business hours) to its premises and/or any other location where Personal Data is Processed under this Addendum to allow such other party to audit its compliance with Data Protection Laws and provide reasonable co-operation as requested by such other party in the performance of such audit.

Data Transfers

1.9 The Customer acknowledges and agrees that Shogun shall be entitled to use sub-processors to Process Personal Data on Shogun's behalf. If Shogun wishes to appoint additional or replacement sub-processors during the term of the Agreement, it shall inform the Customer of such proposed appointment in advance and give the Customer the opportunity to object to the appointment. The Customer shall take into account any objections communicated to Shogun by the Customer when deciding whether to make the appointment, but the Customer shall not be bound by such objections.

1.10 Shogun shall procure that any sub-processors who have access to Personal Data in connection with the Agreement shall be subject to binding contractual obligations which are consistent with the terms of this clause 1 and Shogun shall be liable for all acts and omissions of such sub-processors in relation to the Processing of such Personal Data.

Data Subject Rights

1.11 Shogun shall, to the extent reasonably practicable, provide the Customer with such assistance as the Customer reasonably requests in order to comply with its obligations and fulfil Data Subjects' rights under Data Protection Laws, including:

1.11.1 responding to requests or queries from Data Subjects in respect of their Personal Data;

1.11.2 co-operating with an investigation in connection with the Personal Data by a regulatory body; or

1.11.3 reconstructing and/or otherwise safeguarding the Personal Data, within any reasonable timescales specified by the Customer.

Personal Data Breach Notification

1.12 Shogun shall notify the Customer without undue delay if Shogun becomes aware of a Personal Data Breach.

Miscellaneous

1.13 Shogun shall ensure that its personnel, to the extent that they are involved in the Processing of Personal Data in connection with the Agreement, shall be subject to appropriate binding obligations to protect the confidentiality of such Personal Data.

1.14 Shogun's obligations under this Addendum exclude any Personal Data relating to its personnel engaged in the performance of Shogun's obligations under the Agreement generated by Shogun solely for the purposes of its internal human resources procedures and records.

1.15 For the purpose of this Addendum only the following definitions apply:

TermDefinition"Data Controller"has the meaning given to "controller" in the General Data Protection Regulation;"Data Processor"has the meaning given to "processor" in the General Data Protection Regulation;"Data Protection Laws"General Data Protection Regulation and any national implementing legislation so that for example in the UK, this will include the Data Protection Act 2018;"Data Subject"has the meaning given in the General Data Protection Regulation;"General Data Protection Regulation"Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data;"Personal Data"personal data (as defined under the Data Protection Laws) that are subject to the Data Protection Laws and that Customer authorizes Shogun to collect in connection with Shogun's provision of the Service under the Agreement;"Personal Data Breach"a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise Processed; and"Processing"has the meaning given in the General Data Protection Regulation and "Process" and "Processed" have corresponding meanings.

Shogun:

By: -eSigned-

Name: Nick Raushenbush
Title: Cofounder
Date: 11/15/2018

Customer:

By:

Name:
Title (if applicable):
Date:

Schedule 1

The Data Processing Services

1. THE SUBJECT-MATTER AND DURATION OF THE PROCESSING: The subject-matter of the Processing of Personal Data by Shogun is the provision of the Service. Personal Data will be processed for the duration of the Agreement.

2. THE NATURE AND PURPOSE OF THE PROCESSING: Personal Data will be subject to those Processing activities which Shogun needs to perform in order to provide the Service pursuant to the Agreement, and for purposes of providing the Service set out into the Agreement.;

3. THE TYPE OF PERSONAL DATA: Personal Data processed by Shogun includes Personal Data, the extent of which is determined and controlled by the Customer in its sole discretion, provided to Shogun via the Service, by (or at the direction of) Customer or any Customer's clients or other end users.

4. THE CATEGORIES OF DATA SUBJECTS: The individuals about whom Personal Data is provided to Shogun via the Services by (or at the direction of) Customer or by any Customer's clients or other end users.