Data Processing Agreement
Date: December 30, 2020
Moxie empowers Instructors on our Platform to directly connect with other Moxie users (“Users”) and
create Classes for them. Capitalized terms (“Instructors”, “Classes”, “Platform”) have the definitions
given to them in Moxie’s Terms of Service.
To facilitate this direct connection with Users and enable obligations to be fulfilled, Moxie provides the
personal data of Users (“User Data”) to Instructors. Instructors then process User Data in order to
provide Users any and all products or services as part of that Instructor’s business on Moxie (the “Moxie
Services”). Moxie requires all Instructors to agree to this Data Processing Agreement (“DPA”) to ensure
that Instructors respect the privacy rights of Users when processing User Data.
This DPA is between Moxie and Instructors, taking effect from the moment the Instructor’s Moxie
account is created, and applies exclusively to the User Data collected by Moxie and provided to
Instructors for the purpose of facilitating the experience of their Attendees.
requirements for Instructors to process User Data during and beyond their relationship with Moxie.
"Data Protection Legislation" means all applicable laws relating to privacy and the
processing of personal data that may exist in any relevant jurisdiction, including, where
applicable, the guidance and codes of practice issued by the supervisory authorities. Data
Protection Legislation includes, but is not limited to, European Directives 95/46/EC and
2002/58/EC (as amended by Directive 2009/136/EC) and any legislation and/or regulation
implementing or made pursuant to them, or which amends, replaces, re-enacts or
consolidates any of them, including the General Data Protection Regulation (Regulation (EU)
"Good Industry Practice" means exercising the same skill, expertise and judgement and
using facilities and resources of a similar quality as would be expected from a person who:(a)
is skilled and experienced in providing the services in question, seeking in good faith to
comply with his contractual obligations and seeking to avoid liability arising under any duty
of care that might reasonably apply; (b) takes all proper and reasonable care and is diligent in
performing his obligations; and (c) complies with the Data Protection Legislation.
The terms "data controller", "data processor", “subprocessor”, "data subject", "personal
data", "processing", and "appropriate technical and organizational measures" shall be
interpreted in accordance with Directive 95/46/EC, or other applicable Data Protection
Legislation, in the relevant jurisdiction.
Scope. The parties agree that Moxie is a data controller and that Instructor is a data processor in
relation to User Data that Instructor processes in the course of providing Moxie Services. The subject
matter of the data processing, the types of personal data processed, and the categories of data subjects
will be defined by, and/or limited to, those necessary to carry out the Moxie Services. The processing to
which this DPA applies will be carried out by Instructor upon leaving the Moxie platform. The subject
matter, duration, nature, and purpose of the processing of the personal data as well as the type of
personal data and categories of data subjects covered by this DPA are as follows:
The subject matter of the data processing is User Data.
The duration of the processing is for as long as Instructor holds User Data.
The nature and purpose of the processing under this DPA is limited to a Instructor’s
fulfillment of Moxie Services to the User.
The type of personal data covered by this DPA is contact information, including but not
limited to First and Last Name, email address, username, number of Classes attended,
shipping address and phone number, as well as any information, given by the Attendee to
the Instructor when attending, or before attending, a Class on Moxie.
The category of the data subjects are Users who sign up for accounts on Moxie.
Data Protection. Instructor shall adhere to the following requirements:
Processing as Instructed. Instructors will process User Data only in accordance with the
Protection Legislation. The nature and purpose of the processing shall be limited to that
necessary to carry out such instructions, and not for Instructor's own purposes, or for any
other purpose except as required by law. If Instructor is required by law to process the
personal data for any other purpose, Instructor will inform User of such requirement prior to
the processing unless prohibited by law from doing so.
Extent of processing. Instructor will process the personal data only to the extent, and in such
manner, as is necessary for the provision of Moxie Services.
Appropriate Technical and Organizational Measures. Instructor will implement and
maintain appropriate technical and organizational measures designed to protect the
personal data against unauthorized or unlawful processing and against accidental loss,
destruction, damage, theft, alteration or disclosure. The measures shall be appropriate to the
harm which might result from any unauthorized or unlawful processing, accidental loss,
destruction, damage or theft of the personal data and having regard to the nature of the
personal data which is to be protected and as a minimum shall be in accordance with the
Data Protection Legislation and Good Industry Practice.
Transfer to Third Parties. Instructor will not give access to or transfer any personal data to
any third party (including any affiliates, group companies or subcontractors) without the
prior consent of Moxie. Instructor must also ensure the reliability and competence of such
third parties, its employees or agents who may have access to the personal data processed in
the provision of Moxie Services, and must include in any contract with such third party
provisions protecting User which are equivalent to those in this DPA and the Terms of Service
and as are required by applicable Data Protection Legislation.
Reliability and Competence of Instructor Personnel. Instructor will take reasonable steps to
ensure the reliability and competence of any Instructor personnel who have access to User
Data. Instructor will ensure that all Instructor personnel required to access the personal data
are informed of the confidential nature of the personal data and comply with the obligations
set out in this DPA.
Acknowledgement of Data Protection Legislation and Assistance. Instructor will take all
reasonable steps to assist Moxie in complying with applicable Data Protection Legislation.
For example, Instructor will promptly inform Moxie in writing if it receives: (i) a request from
a data subject concerning any personal data; or (ii) a complaint, communication, or request
relating to User’s obligations under Data Protection Legislation.
Destruction or Return of Property Upon Moxie Services Completion. Instructor will not
retain any of the personal data for longer than is necessary to provide Moxie Services. At the
end of Moxie Services, or upon a User's request, Instructor will securely destroy or return (at
User’s election) the personal data to User.
Loss or Security Breach. If Instructor becomes aware of any accidental, unauthorized or
unlawful destruction, loss, alteration, or disclosure of, or access to User Data processed by
Instructor in the course of providing Moxie Services, it will do the following:
Provide notice to Moxie. Instructor shall promptly and without undue delay
notify Moxie and provide Moxie with: a detailed description of the Loss or
Security Breach; the type of data that was the subject of the Loss or Security
Breach; the identity of each affected person if known, and the steps Instructor
has taken or will take in order to mitigate and remediate such Security Breach, in
each case as promptly as such information can be collected or otherwise
becomes available (as well as periodic updates to this information and any other
information Moxie may reasonably request relating to the Loss or Security
Investigate the Matter promptly. Instructor shall promptly take action, at its own
expense, to investigate the Loss or Security Breach and to identify, prevent and
mitigate the effects of the Loss or Security Breach and to carry out appropriate
recovery actions to remedy the Loss or Security Breach.
Compliance with Data Protection Legislation. Instructor shall comply at all times with and
assist Moxie in complying with its applicable obligations under Data Protection Legislation.
Instructor shall provide reasonable information requested by Moxie to demonstrate
compliance with the obligations set out in this DPA. Instructor will notify Moxie immediately
if, in Instructor's opinion, an instruction for the processing of personal data given by Moxie
violates any country’s data privacy legislation.