Terms and Conditions
Terms & Conditions in short
By ordering any of our products, you agree to be bound by these terms & conditions.
By placing an order at Lockhart's, you warrant that you are at least 18 years old or have parents' permission to buy from us.
All personal information you provide us with or that we obtain will be handled by Lockhart's as responsible for the personal information.
Events outside Lockhart's control shall be considered force majeure.
The price applicable is that set at the date on which you place your order.
Shipping costs and payment fees are recognized before confirming the purchase.
Card information is transmitted over secure SSL encryption and is not stored.
Please note that local charges may occur.
Lockhart's reserves the right to amend any information without prior notice.
Terms & Conditions
This page contains the terms & conditions. Please read these terms & conditions carefully before ordering any products from us. You should understand that by ordering any of our products, you agree to be bound by these terms & conditions.
By placing an order at Lockhart's, you warrant that you are at least 18 years old (or have parents' permission to buy from us) and accept these terms & conditions which shall apply to all orders placed or to be placed at Lockhart's for the sale and supply of any products. None of these terms & conditions affect your statutory rights. No other terms or changes to the terms & conditions shall be binding unless agreed in writing signed by us.
All personal information you provide us with or that we obtain will be handled by Lockhart's as responsible for the personal information. The personal information you provide will be used to ensure deliveries to you, the credit assessment, to provide offers and information on our catalog to you. The information you provide is only available to Lockhart's and will not be shared with other third parties. You have the right to inspect the information held about you. You always have the right to request Lockhart's to delete or correct the information held about you. By accepting the Lockhart's Conditions, you agree to the above.
Events outside Lockhart's control, which is not reasonably foreseeable, shall be considered force majeure, meaning that Lockhart's is released from Lockhart's obligations to fulfill contractual agreements. Example of such events are government action or omission, new or amended legislation, conflict, embargo, fire or flood, sabotage, accident, war, natural disasters, strikes or lack of delivery from suppliers. The force majeure also includes government decisions that affect the market negatively and products, for example, restrictions, warnings, ban, etc.
Effective Date: January 1, 2020
Thanks for visiting Lockhart’s! Lockhart’s (“Lockhart’s”, “we”, “us” or “our”) respects your privacy. When it comes to your personal information, we believe in transparency, not surprises. That’s why we’ve set out here what personal information we collect, what we do with it and your choices and rights.
1. Some key terms
If you are a User, see our Data Processing Addendum to learn more about how we process User Content or other personal information on your instructions or with your permission.
3. Personal information we collect
We collect various personal information regarding you or your device. This includes the following:
Information you provide to create an Account, specifically email address, first name and last name. If you sign up for Paid Services, we receive a portion of your payment information from our payment processor (such as the last four digits, the country of issuance and the expiration date of the payment card) and we ask you to select your jurisdiction.
Your marketing preferences.
The emails and other communications that you send us or otherwise contribute, such as customer support inquiries or posts to our customer message boards or forums. Please be aware that information on public parts of our sites is available to others.
Information you share with us in connection with surveys, contests or promotions.
Information from your use of the Services or Users’ sites. This includes: IP addresses, preferences, web pages you visited prior to coming to our or our Users’ sites, information about your browser, network or device (such as browser type and version, operating system, internet service provider, preference settings, unique device IDs and language and other regional settings), information about how you interact with the Services and our Users’ sites (such as timestamps, clicks, scrolling, browsing times, searches, transactions, referral pages, load times, and problems you may encounter, such as loading errors).
Information we get from our partners to support our marketing initiatives, improve our Services and better monitor, manage and measure our ad campaigns, such as details about when a partner of ours shows you one of our ads on or via its advertising platform.
Other information you submit to us directly or through Third Party Services if you use a Third Party Service to create an Account (based on your privacy settings with such Third Party Service).
4. How we collect personal information
We obtain personal information from various sources. We do this in three main ways:
You provide some of it directly (such as by registering for an Account).
We record some of it automatically when you use our Services or Users’ sites (including with technologies like cookies).
We receive some of it from third parties (like when you register for an account using a Third Party Service or when you make payments to us using our payment processor or via a mobile app store).
We’ve described this in more detail below.
a. Personal information you provide
When you use our Services, we collect information from you in a number of ways. For instance, we ask you to provide your name and email address to register and manage your Account. We also maintain your marketing preferences and the emails and other communications that you send us or otherwise contribute, such as customer support inquiries or posts to our customer message boards or forums. You might also provide us with information in other ways, including by responding to surveys, submitting a form or participating in contests or similar promotions.
Sometimes we require you to provide us with information for contractual or legal reasons. For example, we may ask you to select your jurisdiction when you sign up for Paid Services to determine if, and how much, tax we need to collect from you. We’ll normally let you know when information is required, and the consequences of failing to provide it. If you do not provide personal information when requested, you may not be able to use our Services if that information is necessary to provide you with the service or if we are legally required to collect it.
b. Personal information obtained from your use of our Services
When you use our Services, we collect information about your activity on and interaction with the Services, such as your IP address(es), your device and browser type, the web page you visited before coming to our sites, what pages on our sites you visit and for how long and identifiers associated with your devices. If you’ve given us permission through your device settings, we may collect your location information in our mobile apps.
c. Personal information obtained from other sources
If you use a Third Party Service (such as Google) to register for an Account, the Third Party Service may provide us with your Third Party Service account information on your behalf, such as your name and email address (we don’t collect or store passwords you use to access Third Party Services). Your privacy settings on the Third Party Service normally control what they share with us. Make sure you are comfortable with what they share by reviewing their privacy policies and, if necessary, modifying your privacy settings directly on the Third Party Service.
5. How we use your personal information
We use the personal information we obtain about you for the following purposes:
Provision of the Services. Create and manage your Account, provide and personalize our Services, process payments and respond to your inquiries.
Communicating with you. Communicate with you, including by sending you emails about your transactions and Service-related announcements.
Surveys and contests. Administer surveys, contests and other promotions.
Promotion. Promote our Services and send you tailored marketing communications about products, services, offers, programs and promotions of Lockhart’s and our partners and measure the success of those campaigns. For example, we may send different marketing communications to you based on your subscription plan or what we think may interest you based on other information we hold about you.
Advertising. Analyze your interactions with our Services and third parties’ online services so we can tailor our advertising to what we think will interest you. For example, we may decide not to advertise our Services to you on a social media site if you already signed up for Paid Services or we may choose to serve you a particular advertisement based on your subscription plan or what we think may interest you based on other information we hold about you.
Improving our Services. Analyze and learn about how the Services are accessed and used, evaluate and improve our Services (including by developing new products and services and managing our communications) and monitor and measure the effectiveness of our advertising. We usually do this based on anonymous, pseudonymized or aggregated information which does not focus on you individually. For example, if we learn that most Users of Paid Services use a particular integration or feature, we might wish to expand on that integration or feature.
Security. Ensure the security and integrity of our Services.
Third party relationships. Manage our vendor and partner relationships.
Enforcement. Enforce our Terms of Service and other legal terms and policies.
Protection. Protect our and others’ interests, rights and property (e.g., to protect our Users from abuse).
Complying with law. Comply with applicable legal requirements, such as tax and other government regulations and industry standards, contracts and law enforcement requests.
We process your personal information for the above purposes when:
Consent. You have consented to the use of your personal information in a particular way. When you consent, you can change your mind at any time.
Performance of a contract. We need your personal information to provide you with services and products requested by you, or to respond to your inquiries. In other words, so we can perform our contract with you or take steps at your request before entering into one. For example, we need your email address so you can sign in to your Lockhart’s account.
Legal obligation. We have a legal obligation to use your personal information, such as to comply with applicable tax and other government regulations or to comply with a court order or binding law enforcement request.
Legitimate interests. We have a legitimate interest in using your personal information. In particular, we have a legitimate interest in the following cases:
To operate the Lockhart’s business and provide you with tailored advertising and communications to develop and promote our business.
To analyze and improve the safety and security of our Services - we do this as it is necessary to pursue our legitimate interests in ensuring Lockhart’s is secure, such as by implementing and enhancing security measures and protections and protecting against fraud, spam and abuse.
To provide and improve the Services, including any personalized services - we do this as it is necessary to pursue our legitimate interests of providing an innovative and tailored offering to our Users on a sustained basis.
To share your personal information with other Lockhart’s group companies that help us provide and improve the Services.
To anonymize and subsequently use anonymized information.
Protecting you and others. To protect your vital interests, or those of others.
Others’ legitimate interests. Where necessary for the purposes of a third party’s legitimate interests, such as our partners who have a legitimate interest in delivering tailored advertising to you and monitoring and measuring its effectiveness or our Users who have a legitimate interest in having their sites function properly and securely and analyzing the usage of their sites so they can understand trends and improve their services.
6. How we share your personal information
We share personal information in the following ways:
Affiliates. We share personal information with our affiliates when it is reasonably necessary or desirable, such as to help provide services to you or analyze and improve the services we or they provide.
Business partners. We may share personal information with business partners. For example, we may share your personal information when our Services are integrated with their Third Party Services, but only when you have been informed or would otherwise expect such sharing.
Service providers. We share personal information with our service providers that perform services on our behalf. For example, we may use third parties to help us provide customer support, manage our advertisements on other sites, send marketing and other communications on our behalf or assist with data storage.
Process payments. We transmit your personal information via an encrypted connection to our payment processor.
Following the law or protecting rights and interests. We disclose your personal information if we determine that such disclosure is reasonably necessary to comply with the law, protect our or others’ rights, property or interests (such as enforcing our Terms of Service) or prevent fraud or abuse of Lockhart’s or our Users or End Users. In particular, we may disclose your personal information in response to lawful requests by public authorities, such as to meet national security or law enforcement requirements.
Advertising. We share personal information with third parties so they and we can provide you with tailored advertising and measure and monitor its effectiveness. For example, we may share your pseudonymized email address with a third party social media platform on which we advertise to avoid serving Lockhart’s ads to people who already use Lockhart’s.
Business transfers. If we're involved in a reorganization, merger, acquisition or sale of some or all of our assets, your personal information may be transferred as part of that deal or the negotiation of contemplated deals.
7. Your rights and choices
Where applicable law requires (and subject to any relevant exceptions under law), you may have the right to access, update, change or delete personal information.
You can access, update, change or delete personal information (or that of your End Users) either directly in your Account or by contacting us at email@example.com to request the required changes. You can exercise your other rights (including deleting your Account) by contacting us via your Account at the same email address. Please note that we may need to verify your identity in connection with your requests, and such verification process may, if you do not have access to your Account, require you to provide us with additional information (e.g. government identification). Even if you have access to your Account, we may request additional information if we believe it’s necessary to verify your identity. If we are unable to verify your identity or request, we may not, in accordance with applicable law, be able to fulfill your request.
You can also elect not to receive marketing communications by changing your preferences in your Account or by following the unsubscribe instructions in such communications.
Please note that, for technical reasons, there is likely to be a delay in deleting your personal information from our systems when you ask us to delete it. We also will retain personal information in order to comply with the law, protect our and others’ rights, resolve disputes or enforce our legal terms or policies, to the extent permitted under applicable law.
You may have the right to restrict or object to the processing of your personal information or to exercise a right to data portability under applicable law. You also may have the right to lodge a complaint with a competent supervisory authority, subject to applicable law. If you are subject to EU data protection laws, we suggest you lodge any such complaints with our lead supervisory authority:
Lockhart’s Authentic Grooming Co. LLC
8755 Monroe Rd. Durand, MI 48429
Additionally, if we rely on consent for the processing of your personal information, you have the right to withdraw it at any time and free of charge. When you do so, this will not affect the lawfulness of the processing before your consent withdrawal.
8. How we protect your personal information
While no service is completely secure, we have a security team dedicated to keeping personal information safe. We maintain administrative, technical and physical safeguards that are intended to appropriately protect against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse and any other unlawful form of processing, of the personal information in our possession. We employ security measures such as using firewalls to protect against intruders, building redundancies throughout our network (so that if one server goes down, another can cover for it) and testing for and protecting against network vulnerabilities.
9. How we retain your personal information
The precise periods for which we keep your personal information vary depending on the nature of the information and why we need it. Factors we consider in determining these periods include the minimum required retention period prescribed by law or recommended as best practice, the period during which a claim can be made with respect to an agreement or other matter, whether the personal information has been aggregated or pseudonymized, and other relevant criteria. For example, the period we keep your email address is connected to how long your Account is active, while the period for which we keep a support message is based on how long has passed since the last submission in the thread.
As Users may have a seasonal site or come back to us after an Account becomes inactive, we don’t immediately delete your personal information when your trial expires or you cancel all Paid Services. Instead, we keep your personal information for a reasonable period of time, so it will be there for you if you come back.
Please note that in the course of providing the Services, we collect and maintain aggregated, anonymized or de-personalized information which we may retain indefinitely.
10. Data transfers
Personal information that you submit through the Services may be transferred to countries other than where you live, such as, for example, to our servers in the U.S. We also store personal information locally on the devices you use to access the Services.
Your personal information may be transferred to countries that do not have the same data protection laws as the country in which you initially provided the information.
We rely upon a number of means to transfer personal information which is subject to the European General Data Protection Regulation (“GDPR”) in accordance with Chapter V of the GDPR. These include:
Privacy Shield. We transfer, in accordance with Article 45 of the GDPR, personal information to companies that have certified their compliance with the EU-U.S. or Swiss-U.S. Privacy Shield Frameworks (each individually and jointly, the “Privacy Shield”), including Lockhart’s, Inc.
Standard data protection clauses. We may, in accordance with Article 46 of the GDPR, transfer personal information to recipients that have entered into the European Commission approved contract for the transfer of personal data outside the European Economic Area.
Other means. We may, in accordance with Articles 45 and 46 of the GDPR, transfer personal information to recipients that are in a country the European Commission or a European data protection supervisory authority has confirmed, by decision, offers an adequate level of data protection, pursuant to an approved certification mechanism or code of conduct, together with binding enforcement commitments from the recipient to apply the appropriate safeguards, including as regards data subjects’ rights, or to processors which have committed to comply with binding corporate rules.
You can find out more information about these transfer mechanisms here.
11. Privacy Shield
Lockhart’s is committed to treating personal information received from the European Economic Area, Switzerland and the United Kingdom pursuant to the Privacy Shield Frameworks in accordance with the applicable Principles
For any complaints that we can’t resolve directly, JAMS is the independent organization responsible for reviewing and resolving complaints about our Privacy Shield compliance. You can contact JAMS free of charge at https://www.jamsadr.com/eu-us-privacy-shield. JAMS is an alternative dispute resolution provider based in the U.S.
If your concern still isn't addressed by JAMS, you may be entitled to a binding arbitration under the Privacy Shield Principles. For purposes of enforcing compliance with the Privacy Shield, Lockhart’s, Inc. is subject to the investigatory and enforcement authority of the U.S. Federal Trade Commission.
12. End Users’ personal information
End User payment information
Your End Users’ payment information may be processed via third party eCommerce Payment Processors with which you integrate your Account, in accordance with such eCommerce Payment Processors’ terms and policies. We receive your End Users’ complete payment information when they initially provide or update it only so that we can pass it along to the eCommerce Payment Processors you agree to use. We don’t collect or store your End Users’ payment information.
13. California Residents
This Section 13 is only applicable to you if you are a resident of the state of California in the US (“California Residents”) and only applies to personal information for which Lockhart’s is a “Business” (as defined in the CCPA), but does not apply to personal information we collect from you in the course of our provision of services to you where you are an employee, owner, director, officer or contractor of a company, partnership, sole proprietorship, non-profit or government agency. It applies to personal information we collect from California Residents on or through our Services and through other means (such as information collected offline or in person). With respect to personal information for which you are a “Business” and Lockhart’s is a “Service Provider,” please see Section 3.7 of our Terms of Service.
a. Categories, business and commercial purposes, sources and third parties
Identifiers: (1) sources: you (either directly or through a Third Party Service), collected by the Services, business partners, service providers and payment processors; and (2) third parties: business partners, service providers and payment processors.
Commercial information: (1) sources: you (either directly or through a Third Party Service), collected by the Services, business partners and service providers; and (2) third parties: business partners, service providers and payment processors.
Financial data: (1) sources: you (either directly or through a Third Party Service), business partners and payment processors; and (2) third parties: business partners, service providers and payment processors.
Internet or other network or device activity: (1) sources: you (either directly or through a Third Party Service), collected by the Services, business partners, service providers and payment processors; and (2) third parties: business partners, service providers and payment processors.
Location information: (1) sources: you (either directly or through a Third Party Service), collected by the Services, business partners and service providers; and (2) third parties: business partners, service providers and payment processors.
Sensory information: (1) sources: you (either directly or through a Third Party Service) and service providers; and (2) third parties: business partners, service providers and payment processors.
Other information that identifies or can be reasonably associated with you: (1) sources: you (either directly or through a Third Party Service), collected by the Services, business partners, service providers and payment processors; and (2) third parties: business partners, service providers and payment processors.
Each Category is collected for the following business purposes: (i) providing the Services (including without limitation maintaining your Account, processing and fulfilling orders, and administering surveys and contests); (ii) providing customer support for the Services; (iii) operating the Services (including without limitation managing third party relationships and enabling usage of our service providers); (iv) communicating with you; (v) customizing the Services; (vi) securing and protecting the Services (including without limitation auditing the Services, bug and fraud detection, debugging and repair of errors and the detection, protection and prosecution of security incidents or illegal activity); (vii) enforcing our terms and policies; (viii) complying with law; (ix) verifying your identity; and (x) other business purposes about which we may notify you from time to time.
Each Category is collected for uses that advance our commercial or economic interests such as: (i) promoting surveys and contests; (ii) promoting and advertising the Services; (iii) customizing the Services; (iv) improving our Services; (v) communicating with you about relevant offers from third parties; and (vi) other commercial purposes about which we may notify you from time to time.
b. Your requests
Subject to certain exceptions and restrictions, the CCPA provides California Residents the right to submit requests to a business which has collected their personal information: (i) to provide them with access to the specific pieces and categories of personal information collected by the business about such California Resident, the categories of sources for such information, the business or commercial purposes for collecting such information, and the categories of third parties with which such information was shared; and (ii) to delete such personal information (each, a “California Request”). We need certain types of information so that we can provide our Services to you. If you ask us to delete some or all of your information, you may no longer be able to access or use the Services.
If you are a California Resident, please follow the instructions in the “Your rights and choices” section above to submit California Requests and please make sure you note that you are a California Resident when you do so. California Residents may designate an authorized agent to make California Requests on their behalf. In order to designate an authorized agent to make a California Request on your behalf, you must provide a valid power of attorney, the requester’s valid government issued identification and the authorized agent’s valid government issued identification.
c. We do not sell your personal information
d. We do not discriminate against you
You also have the right to not be discriminated against (as provided for in applicable law) for exercising certain of your rights. Lockhart’s does not discriminate against California Residents for exercising their rights.
15. Who is Lockhart’s Authentic Grooming Co. LLC?
When we say “Lockhart’s” (or “we”, “us” or “our”), we mean: (a) Lockhart’s Authentic Grooming Co. LLC. if you are a resident of or have your principal place of business in the United States of America or any of its territories or possessions (the “US”).
If your place of residence or principal place of business changes, the Lockhart’s entity that controls your personal information will be determined by your new residence or principal place of business from the date it changes.
16. How to contact us
Lockhart’s Authentic Grooming Co. LLC
8755 Monroe Rd.
Durand, MI 48429
All products remain Lockhart's property until full payment is made. The price applicable is that set at the date on which you place your order. Shipping costs and payment fees are recognized before confirming the purchase. If you are under 18 years old you must have parents' permission to buy from Lockhart's.
All transfers conducted through Lockhart's are handled and transacted through third party dedicated gateways to guarantee your protection. Card information is not stored and all card information is handled over SSL encryption. Please read the terms & conditions for the payment gateway choosen for the transaction as they are responsible for the transactions made.
Please note that local charges (sales tax, customs duty) may occur, depending on your region and local customs duties. These charges are at the customers own expense.
Lockhart's reserves the right to amend any information, including but not limited to prices, technical specifications, terms of purchase and product offerings without prior notice. At the event of when a product is sold out, Lockhart's has the right to cancel the order and refund any amount paid in the best way. Lockhart's shall also notify the customer of equivalent replacement products if available.
Squarepace is not responsible for any content, interactions or transfers made on our website.
All enquiries: firstname.lastname@example.org
You are entitled to an exchange or refund within 14 days of your purchase (except on apparel items, see below). Please note that the product must be returned unused, in original packaging including all tags. In case of refund neither the original shipping cost nor the return shipping cost will be repaid. You can find the return address on our contact page.
Apparel items using our third-party vendor are Final Sale. By using this third-party vendor you are confirming you have checked the correct size of the product you are ordering via the size chart available here. Returns or exchanges will not be accepted.
Effective Date: January 1, 2020
Lockhart’s Ads. We partner with third party publishers, advertising networks and service providers to manage our ads on other sites. Our third party partners may set cookies on your device or browser to gather information about your activities on the Services and other sites you visit, in order to provide you with Lockhart’s ads. For example, if you visit Lockhart’s and also use a social media platform, you may see a Lockhart’s ad in your social media newsfeed or timeline.
Opting Out. You can set your browser to not accept cookies, but this may limit your ability to use the Services. We currently don’t respond to DNT:1 signals from browsers visiting our Services. You can also opt out of receiving interest-based ads from certain ad networks here (or if located in the European Union, here).
Device Identifiers. We use device identifiers on Lockhart’s web and mobile applications to track, analyze and improve the performance of the Services and our ads.
Third Party Tags. We use and manage third party tags on the website and associated domains of www.lockhartsauthentic.com and on Lockhart’s web and mobile applications. Third party tags may take the form of pixels or tracking snippets. We use pixels to learn how you interact with our site pages and emails, and this information helps us and our ad partners provide you with a more tailored experience. We use tracking snippets to capture data from your browser, make requests to a third party partner or set cookies on your device to store data. For example, if you see a Lockhart’s ad on a social media platform and choose to use Lockhart’s, we may use a tag to reduce the number of Lockhart’s ads you see on that platform. We use Google Tag Manager to manage our third party tag usage. This may cause other tags to be activated which may, for their part, collect data and set cookies under certain circumstances. Google Tag Manager does not store this data.
DATA PROCESSING ADDENDUM
Effective Date: May 14, 2018.
This Squarespace Data Processing Addendum forms part of, and is subject to the provisions of, the Squarespace Terms of Service. Capitalized terms that are not defined in this Data Processing Addendum have the meanings set forth in the Terms of Service.
1. Additional Definitions.
The following definitions apply solely to this Data Processing Addendum:
a. the terms “controller”, “data subject”, “personal data”, “process,” “processing” and “processor” have the meanings given to these terms in EU Data Protection Law.
b. “Breach” means a breach of the Security Measures resulting in access to Lockhart’s equipment or facilities storing Your Controlled Data and the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Your Controlled Data transmitted, stored or processed by Lockhart’s on your behalf and instructions through the Services.
c. “Content” means your User Content and any content provided to us from your End Users, including without limitation text, photos, images, audio, video, code, and any other materials.
d. “EU Data Protection Law” means any data protection or data privacy law or regulation of Switzerland or any European Economic Area (“EEA”) country applicable to Your Controlled Data, including, as applicable, the GDPR and the e-Privacy Directive 2002/58/EC.
e. “GDPR” means the EU General Data Protection Regulation 2016/679.
f. “Security Measures” means the technical and organizational security measures.
g. “Sub-Processor” means an entity engaged by Lockhart’s to process Your Controlled Data.
h. “Your Controlled Data” means the personal data in the Content Lockhart’s processes on your behalf and instructions as part of the Services, but only to the extent that you are subject to EU Data Protection Law in respect of such personal data. Your Controlled Data does not include personal data when controlled by us, including without limitation data we collect (including IP address, device/browser details and web pages visited prior to coming to Your Site) with respect to your End Users’ interactions with Your Site through their browser and technologies like cookies.
This Data Processing Addendum only applies to you if you or your End Users are data subjects located within the EEA or Switzerland and only applies in respect of Your Controlled Data. You agree that Lockhart’s is not responsible for personal data that you have elected to process through Third Party Services or outside of the Services, including the systems of any other third-party cloud services, offline or on-premises storage.
3. Details of Data Processing.
3.1 Subject Matter. The subject matter of the data processing under this Data Processing Addendum is Your Controlled Data.
3.2 Duration. As between you and us, the duration of the data processing under this Data Processing Addendum is determined by you.
3.3 Purpose. The purpose of the data processing under this Data Processing Addendum is the provision of the Services initiated by you from time to time.
3.4 Nature of the Processing. The Services as described in the Agreement and initiated by you from time to time.
3.5 Type of Personal Data. Your Controlled Data relating to you, your End Users or other individuals whose personal data is included in Content which is processed as part of the Services in accordance with instructions given through your Account.
3.6 Categories of Data Subjects. You, Your End Users and any other individuals whose personal data is included in Content.
4. Processing Roles and Activities.
4.1 Lockhart’s as Processor and You as Controller. You are the controller and Lockhart’s is the processor of Your Controlled Data.
4.3 Description of Processing Activities. We will process Your Controlled Data for the purpose of providing you with the Services, as may be used, configured or modified from within your Account (the “Purpose”). For example, depending on how you use the Services, we may process Your Controlled Data in order to: (a) enable you to integrate content or features from a social media platform on Your Site; or (b) email your End Users on your behalf.
4.4 Compliance with Laws. You will ensure that your instructions comply with all laws, regulations and rules applicable in relation to Your Controlled Data and that Your Controlled Data is collected lawfully by you or on your behalf and provided to us by you in accordance with such laws, rules and regulations. You will also ensure that the processing of Your Controlled Data in accordance with your instructions will not cause or result in us or you breaching any laws, rules or regulations (including EU Data Protection Law). You are responsible for reviewing the information available from us relating to data security pursuant to the Agreement and making an independent determination as to whether the Services meet your requirements and legal obligations as well as your obligations under this Data Processing Addendum. Lockhart’s will not access or use Your Controlled Data except as provided in the Agreement, as necessary to maintain or provide the Services or as necessary to comply with the law or binding order of a governmental, law enforcement or regulatory body.
5. Our Processing Responsibilities.
5.1 How We Process. We will process Your Controlled Data for the Purpose and in accordance with the Agreement or instructions you give us through your Account. You agree that the Agreement and the instructions given through your Account are your complete and final documented instructions to us in relation to your Controlled Data. Additional instructions outside the scope of this Data Processing Addendum require prior written agreement between you and us, including agreement on any additional fees payable by you to us for carrying out such instructions. We will promptly inform you if, in our opinion, your instructions infringe applicable EU Data Protection Law, or if we are unable to comply with your instructions. We will notify you when applicable laws prevent us from complying with your instructions, except if such disclosure is prohibited by applicable law on important grounds of public interest, such as a prohibition under law to preserve the confidentiality of a law enforcement investigation or request.
5.2 Notification of Breach. We will provide you notice without undue delay after becoming aware of and confirming the occurrence of a Breach for which notification to you is required under applicable EU Data Protection Laws. We will, to assist you in complying with your notification obligations under Articles 33 and 34 of the GDPR, provide you with such information about the Breach as we are reasonably able to disclose to you, taking into account the nature of the Services, the information available to us and any restrictions on disclosing the information such as for confidentiality. Our obligation to report or respond to a Breach under this Section is not and will not be construed as an acknowledgement by Lockhart’s of any fault or liability of Lockhart’s with respect to the Breach. Despite the foregoing, Lockhart’s obligations under this Section do not apply to incidents that are caused by you, any activity on your Account and/or Third-Party Services.
5.3 Notification of Inquiry or Complaint. We will provide you notice, if permitted by applicable law, upon receiving an inquiry or complaint from an End User, or other individual whose personal data is included in your Content, or a binding demand (such as a court order or subpoena) from a government, law enforcement, regulatory or other body in respect of Your Controlled Data that we process on your behalf and instructions.
5.4 Reasonable Assistance with Compliance. We will, to the extent that you cannot reasonably do so through the Services, your Account or otherwise, provide reasonable assistance to you in respect of your fulfillment of your obligation as controller to respond to requests by data subjects under Chapter 3 of the GDPR, taking into account the nature of the Services and information available to us. You will be responsible for our reasonable costs arising from our provision of such assistance.
5.5 Security Measures. We will maintain the Security Measures. We may change these Security Measures but will not do so in a way that adversely affects the security of Your Controlled Data. We will take steps to ensure that any natural person acting under our authority who has access to Your Controlled Data does not process it except on our instructions, unless such person is required to do so under applicable law, and that personnel authorized by us to process Your Controlled Data have committed themselves to relevant confidentiality obligations or are under an appropriate statutory obligation of confidentiality.
5.6 Sub-Processors. You agree that we can share Your Controlled Data with Sub-Processors in order to provide you the Services. We will impose contractual obligations on our Sub-Processors, and contractually obligate our Sub-Processors to impose contractual obligations on any further sub-contractors which they engage to process Your Controlled Data, which provide the same level of data protection for Your Controlled Data in all material respects as the contractual obligations imposed in this Data Processing Addendum, to the extent applicable to the nature of the Services provided by such Sub-Processor. A list of our current Sub-Processors is available upon request by sending an email to email@example.com. Provided that your objection is reasonable and related to data protection concerns, you may object to any Sub-Processor by sending an email to firstname.lastname@example.org. If you object to any Sub-Processor and your objection is reasonable and related to data protection concerns, we will use commercially reasonable efforts to make available to you a means of avoiding the processing of Your Controlled Data by the objected-to Sub-Processor. If we are unable to make available such suggested change within a reasonable period of time, we will notify you and if you still object to our use of such Sub-Processor, you may cancel or terminate your Account or, if possible, the portions of the Services that involve use of such Sub-Processor. Except as set forth in this Section 5.6, if you object to any Sub-Processors, you may not use or access the Services. You consent to our use of Sub-Processors as described in this Section 5.6. Except as set forth in this Section 5.6 or as you may otherwise authorize, we will not permit any Sub-Processor to access Your Controlled Data. Lockhart’s will remain responsible for its compliance with the obligations of this Data Processing Addendum and for any acts or omissions of any Sub-Processor or their further sub-contractors that process Your Controlled Data and cause Lockhart’s to breach any of Lockhart’s obligations under this Data Processing Addendum, solely to the extent that Lockhart’s would be liable under the Agreement if the act or omission was Lockhart’s own.
5.7 Lockhart’s Audits. Lockhart’s may (but is not obliged to) use external or internal auditors to verify the adequacy of our Security Measures.
5.8 Customer Audits and Information Requests. You agree to exercise any right you may have to conduct an audit or inspection by instructing Lockhart’s to carry out the audit described in Section 5.7. You agree that you may be required to agree to a non-disclosure agreement with Lockhart’s before we share any such report or outcome from such audit with you and that we may redact any such reports as we consider appropriate. If Lockhart’s does not follow such instruction or if it is legally mandatory for you to demonstrate compliance with EU Data Protection Law by means other than reviewing a report
from such an audit, you may only request a change in the following way:
a. First, submit a request for additional information in writing to Lockhart’s , specifying all details required to enable Lockhart’s to review this request effectively, including without limitation the information being requested, what form you need to obtain it in and the underlying legal requirement for the request (the “Request”). You agree that the Request will be limited to information regarding our Security Measures.
b. Within a reasonable time after we have received and reviewed the Request, you and we will discuss and work in good faith towards agreeing on a plan to determine the details of how the Request can be addressed. You and we agree to use the least intrusive means for Lockhart’s to verify Lockhart’s compliance with the Security Measures in order to address the Request, taking into account applicable legal requirements, information available to or that may be provided to you, the urgency of the matter and the need for Lockhart’s to maintain uninterrupted business operations and the security of its facilities and protect itself and its customers from risk and to prevent disclosure of information that could jeopardize the confidentiality of Lockhart’s or our users’ information.
You will pay our costs in considering and addressing any Request. Any information and documentation provided by Lockhart’s or its auditors pursuant to this Section 5.8 will be provided at your cost. If we decline to follow any instruction requested by you regarding audits or inspections, you may cancel any affected Paid Services.
5.9 Questions. Upon your reasonable requests to us for information regarding our compliance with the obligations set forth in this Data Processing Addendum, we shall, where such information is not otherwise available to you, provide you with written responses, provided that you agree not to exercise this right more than one (1) time per calendar year (unless it is necessary for you to do so to comply with EU Data Protection Law). The information to be made available by Lockhart’s under this Section 5.9 is limited to solely that information necessary, taking into account the nature of the Services and the information available to Lockhart’s , to assist you in complying with your obligations under the GDPR in respect of data protection impact assessments and prior consultation. You agree that you may be required to agree to a non-disclosure agreement with Lockhart’s before we share any such information with you.
5.10 Requests. You can delete or access a copy of some of Your Controlled Data through your Account. For any of Your Controlled Data which may not be deleted or accessed through your Account, upon your written request, we will, with respect to any of Your Controlled Data in our or our Sub-Processor’s possession that we can associate with a data subject, subject to the limitations described in the Agreement and unless prohibited by applicable law or the order of a governmental, law enforcement or regulatory body: (a) return such data and copies of such data to you provided that you make such request within no more than ninety (90) days after the cancellation of the applicable Paid Services; or (b) delete, and request that our Sub-Processors delete, such data (excluding in the case of (a) or (b) any of such data which is archived on back-up systems, which we shall securely isolate and protect from any further processing, except to the extent required by applicable law). Otherwise, we will delete Your Controlled Data in accordance with our data retention policy. This Section 5.10 does not apply to personal data held by Third Party Services.
6. Data Transfers.
You authorize us to transfer Your Controlled Data away from the country in which such data was originally collected. In particular, you authorize us to transfer Your Controlled Data to the US. We will transfer Your Controlled Data to outside the EEA using the Swiss-U.S. and EU-U.S. Privacy Shield Frameworks or another lawful data transfer mechanism that is recognized under EU Data Protection Law as providing an adequate level of protection for such data transfers.
The liability of each party under this Data Processing Addendum is subject to the exclusions and limitations of liability set out in the Agreement. You agree that any regulatory penalties or claims by data subjects or others incurred by Lockhart’s in relation to Your Controlled Data that arise as a result of, or in connection with, your failure to comply with your obligations under this Data Processing Addendum or EU Data Protection Law shall reduce Lockhart’s maximum aggregate liability to you under the Agreement in the same amount as the fine and/or liability incurred by us as a result.
In the event of a conflict between this Data Processing Addendum and the Terms of Service, this Data Processing Addendum will control.
You are responsible for any costs and expenses arising from Lockhart’s compliance with your instructions or requests pursuant to the Agreement (including this Data Processing Addendum) which fall outside the standard functionality made available by Lockhart’s generally through the Services.