The below provisions and the applicable standard contractual clauses referenced below shall be deemed automatically incorporated into the relevant agreement (the "Agreement") that is concluded between Wellable, LLC, on behalf of itself and its affiliates ("Wellable"), and you ("Business Partner") and shall be binding upon the parties to the Agreement (including their affiliates), by virtue of reference to this page in and signature of such Agreement.

For data transfers from the European Economic Area that are subject to the 2021 Standard Contractual Clauses as implemented by the Commission Implementing Decision (EU) 2021/914 of June 4th, 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council (the "2021 Standard Contractual Clauses"), the 2021 Standard Contractual Clauses will apply in the following manner:

  1. Module One (Controller to Controller) will apply to the extent that Business Partner acts as controller and Wellable acts as controller.

  2. Module Two (Controller to Processor) will apply to the extent that Business Partner acts as controller and Wellable acts as processor; and

  3. Module Three (Processor to Processor) will apply to the extent that Business Partner acts as processor and Wellable acts as sub-processor.

 

For each Module, where applicable:

  1. In Clause 7, the option docking clause will not apply;

  2. In Clause 9, Option 2 will apply, and the time period for prior notice of sub-processor changes will be 10 days;

  3. In Clause 11, the optional language will not apply;

  4. In Clause 17 (Option 1), the 2021 Standard Contractual Clauses will be governed by Irish law;

  5. In Clause 18(b), disputes will be resolved before the courts of Ireland;

  6. In Annex I, Part A:

    1. Data Exporter: Business Partner and authorized affiliates of Business Partner.

      1. Contact Details: the email address(es) to which Business Partner elects to receive privacy communications in the Agreement.

      2. Data Exporter Role: the Data exporter processes personal data in connection with its business activities such as client services and other business operations.

      3. Signature & Date: By entering into the Agreement, Data Exporter is deemed to have signed these Standard Contractual Clauses incorporated herein, including their Annexes, as of the Effective Date of the Agreement.

    2. Data Importer: Wellable, LLC

      1. Contact Details: Wellable Privacy Team – support@wellable.co.

      2. Data Importer Role: Data importer provides services to data exporter as required for the latter to accomplish its legitimate business purposes and as described in or instructed by the data exporter pursuant to the relevant services agreement entered into by the Parties.

      3. Signature & Date: By entering into the Agreement, Data Importer is deemed to have signed these Standard Contractual Clauses, incorporated herein, including their Annexes, as of the Effective Date of the Agreement.

  7. In Annex I, Part B:

    1. The categories of Data Subjects to whom the Personal Data relates include the individuals about whom data is provided to Wellable via the Services (as defined in the Agreement) by (or at the direction of) Data Exporter.

    2. The categories of personal data transferred include data relating to Data Subjects provided to Wellable via the Services by (or at the direction of) Data Exporter.

      Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialized training), keeping a record of access to the data, restrictions for onward transfers or additional security measures.

    3. The frequency of the transfer is a continuous basis for the duration of the Agreement.

    4. The nature of the processing. Wellable is a provider of wellness technology services for businesses and consumers. Wellable will process Personal Data as necessary to perform the Services pursuant to the Agreement.

    5. The purpose of the processing of personal data by Data Importer is the performance of the Services pursuant to the Agreement with Data Exporter.

    6. The period for which the Personal Data will be retained, or, if that is not possible, the criteria used to determine that period: Wellable will process stored Personal Data for the purpose of providing the Services until Data Exporter elects to delete such Personal Data via the Services or in accordance with the Agreement.

    7. For transfers to sub-processors, the subject matter, nature, and duration of the processing: Personal Data may be transferred to sub-processors to process data, on Data Importer’s behalf, consistent with Data Exporter’s instructions to data importer and data importers published documentation. Data Importer makes available to Data Exporter a current list of sub-processors engaged in connection with the Services with the identities of those sub-processors in its documentation (at ). Notice of additions or changes to the list of sub-processors will be provided to Data Exporter from time to time.

  8. In Annex I, Part C: The Irish Data Protection Commission will be the competent supervisory authority.

  9. Schedule 2 serves as Annex II of the Standard Contractual Clauses.

    Schedule 2:

    1. Processing of Personal Data

      1. The Data Importer shall process the personal data transferred only on behalf of and in accordance with the instructions of the Data Exporter.

      2. The Data Importer shall not process the personal data transferred for any purposes other than those specified in the Agreement without obtaining the prior written consent of the Data Exporter.

    2. Security Measures

      1. The Data Importer shall implement appropriate technical and organizational measures to protect the personal data transferred against accidental or unlawful destruction, accidental loss or alteration, unauthorized disclosure, or access, and against all other unlawful forms of processing.

      2. The Data Importer shall ensure that its personnel who have access to the personal data transferred are subject to confidentiality obligations.

    3. Data Protection Laws

      1. The Data Importer shall comply with all applicable data protection laws and regulations in relation to the processing of the personal data transferred.

      2. The Data Importer shall promptly inform the Data Exporter if it becomes aware of any breach of data protection laws and regulations in relation to the processing of the personal data transferred.