MacKay Enterprises, LLC
Manage My Nest™
GDPR Data Processing Agreement
Updated May 25, 2018
This Data Processing Agreement (DPA) is an addendum to our Terms of Service (Agreement) and is part of the requirements of the European Union
General Data Protection Regulation (GDPR).
- Scope of DPA
This DPA applies when Manage My Nest processes Personal Data on behalf of the Customer to provide Manage My Nest Services and when the
Personal Data is subject to Data Protection Laws of the European Union, the European Economic Area and/or their member states,
Switzerland and/or the United Kingdom. The parties agree to comply with this DPA in connection with such Personal Data.
- Customer: The entity that has contracted the services of the Manage My Nest platform - typically a community such as an HOA, Condominium, Building, Marina, etc. or business that services such communities such as Community Managemnent companies, Accounting companies, Security companies, etc.
- Controller: Entity that manages the means of processing Personal Data.
- Customer Data: Customer Data that Manage My Nest processes on behalf of Customer in the course of providing Services.
- GDPR: European Union General Data Protection Regulation. (GDPR PDF)
- Personal Data: Customer Data that maps to an identifiable natural person.
- Privacy Shield: EU-US and Swiss-US Privacy Shield framework. See: privacyshield.gov
- Processor: Entity that processes Personal Data on behalf of Controller.
- Security Incident: Any security breach that results in loss, alteration, access, disclosure, destruction or theft of Personal Data.
- Sub-Processor: Any Processor that Manage My Nest uses to help provide Services.
- Role of Parties
The Customer is the Controller of Personal Data and Manage My Nest is the Processor that processes Personal Data on behalf of
Customer. The Personal Data processed by Manage My Nest is provided by the Controller. The DPA does not cover data that
Manage My Nest may have collected and processed independently of Customer's use of the Services.
- Obligations of Customer
As the Controller, the Customer agrees to comply with Data Protection Laws in regard to its processing of Personal Data and
processing instructions given to Manage My Nest; and will obtain all consents and rights necessary under Data Protection Laws
for Manage My Nest to process Personal Data and provide the Services.
- Processing of Personal Data
As a Processor, Manage My Nest will only process Personal Data to perform the Services in accordance with the Agreement and
will comply with reasonable and lawful instructions provided by Customer that are consistent with the terms of the Agreement.
Manage My Nest processes Customer Data provided by Customer. The Customer Data may contain special categories of data depending
on how the Services are used. The Customer Data may be subject to the following: (i) storage and other processing necessary to
provide, maintain and improve the Services; (ii) customer care and technical support; and (iii) disclosures as required by law
or otherwise set forth in the Agreement.
- Manage My Nest as Controller
Customer acknowledges that Manage My Nest has the right to use and disclose data relating to and/or obtained in connection with
the operation, support and/or use of the Services for its legitimate business purposes, such as billing, technical support,
product development and marketing. For data considered personal data under Data Protection Laws, Manage My Nest is the Controller
and will process the data in compliance with Data Protection Laws.
Customer agrees that Manage My Nest may engage Sub-Processors to process Personal Data on behalf of the Customer. You may
request a list of Sub-Processors currently engaged by Manage My Nest.
- Sub-Processor Obligations
When Manage My Nest engages a Sub-Processor, Manage My Nest will: (i) enter an agreement with the Sub-Processor that imposes
data protection terms requiring the Sub-Processor to protect Personal Data to standards required by Data Protection Laws;
and (ii) remain responsible for its compliance with the obligations of this DPA and for any acts or omissions of the Sub-Processor
that cause Manage My Nest to breach any of its obligations under this DPA.
- Sub-Processor Changes
Manage My Nest will provide Customer reasonable advance notice via email if it adds or removes a Sub-Processor.
- Objection to Sub-Processor
Customer may object in writing to Manage My Nest’s engagement with a new Sub-Processor on reasonable grounds relating to data
protection. Customer must notify Manage My Nest in writing within five calendar days of receipt of Manage My Nest’s notice in
accordance with Section 2.3. In the event of an objection, the parties will discuss their concerns in good faith and strive
for a reasonable resolution. If this is not possible, either party may terminate the applicable Services.
- Security Measures
Manage My Nest will implement and maintain appropriate technical and organizational security measures to protect Personal
Data from Security Incidents and to preserve the security and confidentiality of the Personal Data.
- Processing Confidentiality
Manage My Nest will ensure that any person who is authorized by Mange My Nest to process Personal Data, including staff and
subcontractors, will be under an appropriate obligation of confidentiality.
- Response to Security Incident
In the event of a Security Incident, Manage My Nest will notify Customer without undue delay about the incident and provide
timely information relating to the Security Incident as it becomes known.
- Security Measure Updates
Customer acknowledges that Security Measures can change and evolve and that Manage My Nest may update or modify the Security
Measures from time to time.
- International Transfers
- Locations of Processing Operations
Manage My Nest stores and processes Personal Data from EU citizens in data centers located outside the European Union.
Manage My Nest's Sub-Processors may be located in the United States or anywhere in the world. Manage My Nest will implement
appropriate safeguards to protect the Personal Data, wherever it is processed, in accordance with the requirements of
Data Protection Laws.
- Transfer Mechanisms
To the extent Manage My Nest processes or transfers Personal Data under this DPA from the European Union, the European
Economic Area and/or their member states and Switzerland in or to other countries, the parties agree that Manage My Nest
will be deemed to provide appropriate safeguards for such data by virtue of having certified its compliance with the
Privacy Shield Framework and Manage My Nest will process such data in compliance with the Privacy Shield Principles.
- Return and Data Deletion
Customer has access to their uploaded data/content and can download the data/content at any time through the Manage My Nest
platform interfaces. Should the Customer have any difficulties in downloading their data/content from the Manage My Nest platform,
Manage My Nest technical support can assist. Upon deactivation of the Services, all Personal Data shall be deleted within a
reasonable period of time, except for that which is required by applicable law to retain, or Personal Data Manage My Nest has
archived on back-up systems, which are securely isolated and protected from any further processing. Back-ups are regularly
rotated, therefore, the Personal Data from a deactivated account will be removed from the back-up on the next rotation.
In response to requests from individuals or data protection authorities, if the Customer is unable to independently access
Personal Data within the Services, Manage My Nest will (at Customer's expense) provide reasonable cooperation to assist Customer
to gain access or obtain the data if possible. If such a request is made directly to Manage My Nest, Manage My Nest will not
respond to such communication directly without Customer's prior authorization, unless legally compelled to do so. If
Manage My Nest is required to respond to such a request, Manage My Nest will notify the Customer and provide them with a copy
of the request unless legally prohibited from doing so.
To the extent Manage My Nest is required under Data Protection Law, Manage My Nest will (at Customer's expense) provide reasonably
requested information regarding Manage My Nest's processing of Personal Data under the Agreement and this DPA to enable the
Customer to carry out data protection impact assessments or prior consultations with data protection authorities as required by law.
- Entire Agreement and Conflict
Except as amended by this DPA, the Agreement remains unchanged and in full force and effect. If there is any conflict
between the Agreement and this DPA, then this DPA will prevail.
This DPA will be governed by and construed in accordance with governing law and jurisdiction provisions in the
Agreement, unless required otherwise by Data Protection Laws.
How to contact us
MacKay Enterprises, LLC
76 Kings Court, Ste 904
San Juan, PR 00911
(844) 688-8771 toll free
(214) 923-5777 direct
(214) 764-4110 fax
Copyright © 2019
All Rights Reserved