MacKay Enterprises, LLC
Manage My Nest™
GDPR Data Processing Agreement

Updated May 25, 2018

This Data Processing Agreement (DPA) is an addendum to our Terms of Service (Agreement) and is part of the requirements of the European Union General Data Protection Regulation (GDPR).
  1. Scope of DPA
    This DPA applies when Manage My Nest processes Personal Data on behalf of the Customer to provide Manage My Nest Services and when the Personal Data is subject to Data Protection Laws of the European Union, the European Economic Area and/or their member states, Switzerland and/or the United Kingdom. The parties agree to comply with this DPA in connection with such Personal Data.

    1. Definitions
      • Customer: The entity that has contracted the services of the Manage My Nest platform - typically a community such as an HOA, Condominium, Building, Marina, etc. or business that services such communities such as Community Managemnent companies, Accounting companies, Security companies, etc.
      • Controller: Entity that manages the means of processing Personal Data.
      • Customer Data: Customer Data that Manage My Nest processes on behalf of Customer in the course of providing Services.
      • GDPR: European Union General Data Protection Regulation. (GDPR PDF)
      • Personal Data: Customer Data that maps to an identifiable natural person.
      • Privacy Shield: EU-US and Swiss-US Privacy Shield framework. See: privacyshield.gov
      • Processor: Entity that processes Personal Data on behalf of Controller.
      • Security Incident: Any security breach that results in loss, alteration, access, disclosure, destruction or theft of Personal Data.
      • Sub-Processor: Any Processor that Manage My Nest uses to help provide Services.

    2. Role of Parties
      The Customer is the Controller of Personal Data and Manage My Nest is the Processor that processes Personal Data on behalf of Customer. The Personal Data processed by Manage My Nest is provided by the Controller. The DPA does not cover data that Manage My Nest may have collected and processed independently of Customer's use of the Services.

    3. Obligations of Customer
      As the Controller, the Customer agrees to comply with Data Protection Laws in regard to its processing of Personal Data and processing instructions given to Manage My Nest; and will obtain all consents and rights necessary under Data Protection Laws for Manage My Nest to process Personal Data and provide the Services.

    4. Processing of Personal Data
      As a Processor, Manage My Nest will only process Personal Data to perform the Services in accordance with the Agreement and will comply with reasonable and lawful instructions provided by Customer that are consistent with the terms of the Agreement.
      Manage My Nest processes Customer Data provided by Customer. The Customer Data may contain special categories of data depending on how the Services are used. The Customer Data may be subject to the following: (i) storage and other processing necessary to provide, maintain and improve the Services; (ii) customer care and technical support; and (iii) disclosures as required by law or otherwise set forth in the Agreement.

    5. Manage My Nest as Controller
      Customer acknowledges that Manage My Nest has the right to use and disclose data relating to and/or obtained in connection with the operation, support and/or use of the Services for its legitimate business purposes, such as billing, technical support, product development and marketing. For data considered personal data under Data Protection Laws, Manage My Nest is the Controller and will process the data in compliance with Data Protection Laws.

  2. Sub-Processing
    1. Sub-Processors
      Customer agrees that Manage My Nest may engage Sub-Processors to process Personal Data on behalf of the Customer. You may request a list of Sub-Processors currently engaged by Manage My Nest.

    2. Sub-Processor Obligations
      When Manage My Nest engages a Sub-Processor, Manage My Nest will: (i) enter an agreement with the Sub-Processor that imposes data protection terms requiring the Sub-Processor to protect Personal Data to standards required by Data Protection Laws; and (ii) remain responsible for its compliance with the obligations of this DPA and for any acts or omissions of the Sub-Processor that cause Manage My Nest to breach any of its obligations under this DPA.

    3. Sub-Processor Changes
      Manage My Nest will provide Customer reasonable advance notice via email if it adds or removes a Sub-Processor.

    4. Objection to Sub-Processor
      Customer may object in writing to Manage My Nest’s engagement with a new Sub-Processor on reasonable grounds relating to data protection. Customer must notify Manage My Nest in writing within five calendar days of receipt of Manage My Nest’s notice in accordance with Section 2.3. In the event of an objection, the parties will discuss their concerns in good faith and strive for a reasonable resolution. If this is not possible, either party may terminate the applicable Services.

  3. Security
    1. Security Measures
      Manage My Nest will implement and maintain appropriate technical and organizational security measures to protect Personal Data from Security Incidents and to preserve the security and confidentiality of the Personal Data.

    2. Processing Confidentiality
      Manage My Nest will ensure that any person who is authorized by Mange My Nest to process Personal Data, including staff and subcontractors, will be under an appropriate obligation of confidentiality.

    3. Response to Security Incident
      In the event of a Security Incident, Manage My Nest will notify Customer without undue delay about the incident and provide timely information relating to the Security Incident as it becomes known.

    4. Security Measure Updates
      Customer acknowledges that Security Measures can change and evolve and that Manage My Nest may update or modify the Security Measures from time to time.

  4. International Transfers
    1. Locations of Processing Operations
      Manage My Nest stores and processes Personal Data from EU citizens in data centers located outside the European Union. Manage My Nest's Sub-Processors may be located in the United States or anywhere in the world. Manage My Nest will implement appropriate safeguards to protect the Personal Data, wherever it is processed, in accordance with the requirements of Data Protection Laws.

    2. Transfer Mechanisms
      To the extent Manage My Nest processes or transfers Personal Data under this DPA from the European Union, the European Economic Area and/or their member states and Switzerland in or to other countries, the parties agree that Manage My Nest will be deemed to provide appropriate safeguards for such data by virtue of having certified its compliance with the Privacy Shield Framework and Manage My Nest will process such data in compliance with the Privacy Shield Principles.

  5. Return and Data Deletion
    Customer has access to their uploaded data/content and can download the data/content at any time through the Manage My Nest platform interfaces. Should the Customer have any difficulties in downloading their data/content from the Manage My Nest platform, Manage My Nest technical support can assist. Upon deactivation of the Services, all Personal Data shall be deleted within a reasonable period of time, except for that which is required by applicable law to retain, or Personal Data Manage My Nest has archived on back-up systems, which are securely isolated and protected from any further processing. Back-ups are regularly rotated, therefore, the Personal Data from a deactivated account will be removed from the back-up on the next rotation.

  6. Cooperation
    In response to requests from individuals or data protection authorities, if the Customer is unable to independently access Personal Data within the Services, Manage My Nest will (at Customer's expense) provide reasonable cooperation to assist Customer to gain access or obtain the data if possible. If such a request is made directly to Manage My Nest, Manage My Nest will not respond to such communication directly without Customer's prior authorization, unless legally compelled to do so. If Manage My Nest is required to respond to such a request, Manage My Nest will notify the Customer and provide them with a copy of the request unless legally prohibited from doing so.

    To the extent Manage My Nest is required under Data Protection Law, Manage My Nest will (at Customer's expense) provide reasonably requested information regarding Manage My Nest's processing of Personal Data under the Agreement and this DPA to enable the Customer to carry out data protection impact assessments or prior consultations with data protection authorities as required by law.

  7. General
    1. Entire Agreement and Conflict
      Except as amended by this DPA, the Agreement remains unchanged and in full force and effect. If there is any conflict between the Agreement and this DPA, then this DPA will prevail.

    2. Jurisdiction
      This DPA will be governed by and construed in accordance with governing law and jurisdiction provisions in the Agreement, unless required otherwise by Data Protection Laws.


How to contact us

MacKay Enterprises, LLC
76 Kings Court, Ste 904
San Juan, PR 00911

(844) 688-8771 toll free
(214) 923-5777 direct
(214) 764-4110 fax

info@managemynest.com


Copyright © 2018
All Rights Reserved