Terms and Conditions and Data Processing Agreement
WEBSITE Terms and Conditions
PLEASE READ THESE TERMS and Conditions CAREFULLY. BY ACCESSING, using any part of OUR WEBSITE OR USING OUR SERVICES, YOU AGREE TO BE BOUND BY THIS DOCUMENT. IF YOU DO NOT AGREE TO ALL OF THESE TERMS and conditions, DO NOT USE OUR WEBSITE OR OTHER PRODUCTS OR SERVICES RELATED TO IT.
To the maximum extent permitted by applicable law, nothing in this document will:
- limit or exclude your liability or misinterpretation of the information presented on the website;
- limit any of your liabilities in any way that is not permitted under applicable law;
The limitations and exclusions of liability set out in this section and elsewhere in this disclaimer:
(a) are subject to the preceding paragraph;
(b) will govern all liabilities arising under the disclaimer or in relation to the subject matter of this disclaimer.
This website is owned and operated by Oxhill Pty Ltd (doing business as “Chicken Caravan”). Throughout the site, the terms “we”, “us”, “Chicken Caravan” and “our” refer to Oxhill Pty Ltd. Chicken Caravan offers this website, including all information, tools and services available from this site to you, the user, conditioned upon your acceptance of all terms, conditions, policies and notices stated here.
By visiting our site and/ or purchasing something from us, you engage in our “Service” and agree to be bound by the following terms and conditions (“Terms and Conditions”, “Terms”), including those additional terms and conditions and policies referenced herein and/or available by hyperlink. These Terms and Conditions apply to all users of the site, including without limitation users who are browsers, vendors, customers, merchants, and/ or contributors of content.
Please read these Terms and Conditions carefully before accessing or using our website. By accessing or using any part of the site, you agree to be bound by these Terms and Conditions. If you do not agree to all the terms and conditions of this agreement, then you may not access the website or use any services. If these Terms and Conditions are considered an offer, acceptance is expressly limited to these Terms and Conditions.
Any new features or tools which are added to the current store shall also be subject to the Terms and Conditions. You can review the most current version of the Terms and Conditions at any time on this page. We reserve the right to update, change or replace any part of these Terms and Conditions by posting updates and/or changes to our website. It is your responsibility to check this page periodically for changes. Your continued use of or access to the website following the posting of any changes constitutes acceptance of those changes.
SECTION 1 – STORE TERMS
By agreeing to these Terms and Conditions, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this site.
You may not use our products for any illegal or unauthorized purpose nor may you, in the use of the Service, violate any laws in your jurisdiction (including but not limited to copyright laws).
You must not transmit any worms or viruses or any code of a destructive nature.
A breach or violation of any of the Terms will result in an immediate termination of your Services.
SECTION 2 – GENERAL CONDITIONS
We reserve the right to refuse service to anyone for any reason at any time.
You understand that your content (not including credit card / PayPal / Stripe information), may be transferred unencrypted and involve (a) transmissions over various networks; and (b) changes to conform and adapt to technical requirements of connecting networks or devices. Credit card information is always encrypted during transfer over networks.
We reserve the right to stop offering customer support & product updates to anyone for any reason at any time.
The headings used in this agreement are included for convenience only and will not limit or otherwise affect these Terms.
SECTION 3 – ACCURACY, COMPLETENESS AND TIMELINESS OF INFORMATION
We are not responsible if information made available on this site is not accurate, complete or current. The material on this site is provided for general information only and should not be relied upon or used as the sole basis for making decisions without consulting primary, more accurate, more complete or more timely sources of information. Any reliance on the material on this site is at your own risk.
This site may contain certain historical information. Historical information, necessarily, is not current and is provided for your reference only. We reserve the right to modify the contents of this site at any time, but we have no obligation to update any information on our site. You agree that it is your responsibility to monitor changes to our site.
SECTION 4 – MODIFICATIONS TO THE PRODUCTS, SERVICE AND PRICES
Prices for our products are subject to change without notice.
We reserve the right at any time to modify or discontinue Products or Services (or any part or content thereof) without notice at any time.
We shall not be liable to you or to any third-party for any modification, price change, suspension or discontinuance of the Products or Services.
SECTION 5 – PRODUCTS OR SERVICES (if applicable)
Certain products or services may be available exclusively online through the website. These products or services may have limited quantities and are subject to return or exchange only according to our Return Policy.
We have made every effort to display as accurately as possible the products that appear on this site. We cannot guarantee that your computer monitor’s display of any color will be accurate.
We reserve the right, but are not obligated, to limit the sales of our products or Services to any person, geographic region or jurisdiction. We may exercise this right on a case-by-case basis. We reserve the right to limit the quantities of any products or services that we offer. All descriptions of products or product pricing are subject to change at any time without notice, at the sole discretion of us. We reserve the right to discontinue any product at any time. Any offer for any product or service made on this site is void where prohibited.
We do not warrant that the quality of any products, services, information, or other material purchased or obtained by you will meet your expectations, or that any errors in the Service will be corrected.
SECTION 6 – ACCURACY OF BILLING AND ACCOUNT INFORMATION
We reserve the right to refuse any order you place with us. We may, in our sole discretion, limit or cancel quantities purchased per person, per household or per order. These restrictions may include orders placed by or under the same customer account, the same credit card, and/or orders that use the same billing and/or shipping address. In the event that we make a change to or cancel an order, we may attempt to notify you by contacting the e-mail and/or billing address/phone number provided at the time the order was made. We reserve the right to limit or prohibit orders that, in our sole judgment, appear to be placed by dealers, resellers or distributors.
You agree to provide current, complete and accurate purchase and account information for all purchases made at our store. You agree to promptly update your account and other information, including your email address and credit card numbers and expiration dates, so that we can complete your transactions and contact you as needed.
For more detail, please review our Returns Policy.
SECTION 7 – OPTIONAL TOOLS
We may provide you with access to third-party tools over which we neither monitor nor have any control nor input.
You acknowledge and agree that we provide access to such tools ”as is” and “as available” without any warranties, representations or conditions of any kind and without any endorsement. We shall have no liability whatsoever arising from or relating to your use of optional third-party tools.
Any use by you of optional tools offered through the site is entirely at your own risk and discretion and you should ensure that you are familiar with and approve of the terms on which tools are provided by the relevant third-party provider(s).
We may also, in the future, offer new products, services and/or features through the website. Such new products, features and/or services shall also be subject to these Terms and Conditions.
SECTION 8 – THIRD-PARTY LINKS
Certain content, products and services available via our Service may include materials from third-parties.
Third-party links on this site may direct you to third-party websites that are not affiliated with us. We are not responsible for examining or evaluating the content or accuracy and we do not warrant and will not have any liability or responsibility for any third-party materials or websites, or for any other materials, products, or services of third-parties.
We are not liable for any harm or damages related to the purchase or use of goods, services, resources, content, or any other transactions made in connection with any third-party websites. Please review carefully the third-party’s policies and practices and make sure you understand them before you engage in any transaction. Complaints, claims, concerns, or questions regarding third-party products should be directed to the third-party.
The following organizations may link to our website without prior written approval:
- Government agencies;
- Search engines;
- News organizations;
- Online directory distributors, when they list us in the directory may link to our Web site in the same manner as they hyperlink to the Web sites of other listed businesses;
- Systemwide Accredited Businesses, except soliciting non-profit organizations, charity shopping malls, and charity fundraising groups which may not hyperlink to our website.
These organizations may link to our home page, to publications or to another website information as long as the link:
(a) is not in any way misleading;
(b) does not falsely imply sponsorship, endorsement or approval of the linking party and its products or services;
(c) fits within the context of the linking party’s site.
We may consider and approve in our sole discretion other link requests from the following types of organizations: commonly-known consumer and/or business information sources such as Chambers of Commerce, dot.com community sites, associations or other groups representing charities, including charity giving sites, online directory distributors; internet portals; accounting, law and consulting firms whose primary clients are businesses; educational institutions and trade associations;
We will approve link requests from these organizations if we determine that:
(a) the link would not reflect unfavourably on us or our accredited businesses (for example, trade associations or other organizations representing inherently suspect types of business, such as work-at-home opportunities, shall not be allowed to link);
(b) the organization does not have an unsatisfactory record with us;
(c) the benefit to us from the visibility associated with the hyperlink outweighs the absence of;
(d) where the link is in the context of general resource information or is otherwise consistent with editorial content in a newsletter or similar product furthering the mission of the organization.
If you are among the organizations listed in this section and are interested in linking to our website, you must notify us by sending an e-mail. Please include your name, your organization name, contact information (such as a phone number and/or e-mail address) as well as the URL of your site, a list of any URLs from which you intend to link to our website, and a list of the URL(s) on our site to which you would like to link. Allow 2-3 weeks for a response.
Approved organizations may hyperlink to our website as follows:
- By use of our corporate name;
- By use of the uniform resource locator (web address) being linked to;
- By use of any other description of our website or material being linked to that makes sense within the context and format of content on the linking party’s site.
No use of Chicken Caravan logo or other artwork will be allowed for linking absent a trademark license agreement.
Without prior approval and express written permission, you may not create frames around our web pages or use other techniques that alter in any way the visual presentation or appearance of our website.
Reservation of Rights.
We reserve the right at any time and in our sole discretion to request that you remove all links or any particular link to our website. You agree to immediately remove all links to our website upon such request. We also reserve the right to amend these Terms and Conditions and its linking policy at any time. By continuing to link to our website, you agree to be bound to and abide by these linking terms and conditions.
Removal of links from our website.
If you find any link on our website or any linked website objectionable for any reason, you may contact us about this. We will consider requests to remove links but will have no obligation to do so or to respond directly to you. Whilst we endeavour to ensure that the information on this website is correct, we do not warrant its completeness or accuracy; nor do we commit to ensuring that the website remains available or that the material on the website is kept up to date.
We shall have no responsibility or liability for any content appearing on your website. You agree to indemnify and defend us against all claims arising out of or based upon your website. No link(s) may appear on any page on your website or within any context containing content or materials that may be interpreted as libellous, obscene or criminal, or which infringes, otherwise violates, or advocates the infringement or other violation of, any third-party rights.
SECTION 9 – USER COMMENTS, FEEDBACK AND OTHER SUBMISSIONS
If, at our request, you send certain specific submissions, or without a request from us you send creative ideas, suggestions, proposals, plans, or other materials, whether online, by email, by postal mail, or otherwise (collectively, ‘comments’), you agree that we may, at any time, without restriction, edit, copy, publish, distribute, translate and otherwise use in any medium any comments that you forward to us. We are and shall be under no obligation (1) to maintain any comments in confidence; (2) to pay compensation for any comments; or (3) to respond to any comments.
We may, but have no obligation to, monitor, edit or remove content that we determine in our sole discretion are unlawful, offensive, threatening, libelous, defamatory, pornographic, obscene or otherwise objectionable or violates any party’s intellectual property or these Terms and Conditions.
You agree that your comments will not violate any right of any third-party, including copyright, trademark, privacy, personality or other personal or proprietary right. You further agree that your comments will not contain libelous or otherwise unlawful, abusive or obscene material, or contain any computer virus or other malware that could in any way affect the operation of the Service or any related website. You may not use a false e-mail address, pretend to be someone other than yourself, or otherwise mislead us or third-parties as to the origin of any comments. You are solely responsible for any comments you make and their accuracy. We take no responsibility and assume no liability for any comments posted by you or any third-party.
SECTION 10 – PERSONAL INFORMATION
SECTION 11 – ERRORS, INACCURACIES AND OMISSIONS
Occasionally there may be information on our site or in the Service that contains typographical errors, inaccuracies or omissions that may relate to product descriptions, pricing, promotions, offers, product shipping charges, transit times and availability. We reserve the right to correct any errors, inaccuracies or omissions, and to change or update information or cancel orders if any information in the Service or on any related website is inaccurate at any time without prior notice (including after you have submitted your order).
We undertake no obligation to update, amend or clarify information in the Service or on any related website, including without limitation, pricing information, except as required by law. No specified update or refresh date applied in the Service or on any related website, should be taken to indicate that all information in the Service or on any related website has been modified or updated.
SECTION 12 – PROHIBITED USES
In addition to other prohibitions as set forth in the Terms and Conditions, you are prohibited from using the site or its content: (a) for any unlawful purpose; (b) to solicit others to perform or participate in any unlawful acts; (c) to violate any international, federal, provincial or state regulations, rules, laws, or local ordinances; (d) to infringe upon or violate our intellectual property rights or the intellectual property rights of others; (e) to harass, abuse, insult, harm, defame, slander, disparage, intimidate, or discriminate based on gender, sexual orientation, religion, ethnicity, race, age, national origin, or disability; (f) to submit false or misleading information; (g) to upload or transmit viruses or any other type of malicious code that will or may be used in any way that will affect the functionality or operation of the Service or of any related website, other websites, or the Internet; (h) to collect or track the personal information of others; (i) to spam, phish, pharm, pretext, spider, crawl, or scrape; (j) for any obscene or immoral purpose; or (k) to interfere with or circumvent the security features of the Service or any related website, other websites, or the Internet. We reserve the right to terminate your use of the Service or any related website for violating any of the prohibited uses.
SECTION 13 – DISCLAIMER OF WARRANTIES; LIMITATION OF LIABILITY
We do not guarantee, represent or warrant that your use of our website will be uninterrupted, timely, secure or error-free.
You expressly agree that your use of, or inability to use, the service is at your sole risk. The service and all products and services delivered to you through the service are (except as expressly stated by us) provided ‘as is’ and ‘as available’ for your use, without any representation, warranties or conditions of any kind, either express or implied, including all implied warranties or conditions of merchantability, merchantable quality, fitness for a particular purpose, durability, title, and non-infringement.
In no case shall Chicken Caravan, our directors, officers, employees, affiliates, agents, contractors, interns, suppliers, service providers or licensors be liable for any injury, loss, claim, or any direct, indirect, incidental, punitive, special, or consequential damages of any kind, including, without limitation lost profits, lost revenue, lost savings, loss of data, replacement costs, or any similar damages, whether based in contract, tort (including negligence), strict liability or otherwise, arising from your use of any of the service or any products procured using the service, or for any other claim related in any way to your use of the service or any product, including, but not limited to, any errors or omissions in any content, or any loss or damage of any kind incurred as a result of the use of the service or any content (or product) posted, transmitted, or otherwise made available via the service, even if advised of their possibility. Because some states or jurisdictions do not allow the exclusion or the limitation of liability for consequential or incidental damages, in such states or jurisdictions, our liability shall be limited to the maximum extent permitted by law.
SECTION 14 – INDEMNIFICATION
You agree to indemnify, defend and hold harmless Chicken Caravan and our subsidiaries, affiliates, partners, officers, directors, agents, contractors, licensors, service providers, subcontractors, suppliers, interns and employees, harmless from any claim or demand, including reasonable attorneys’ fees, made by any third-party due to or arising out of your breach of these Terms and Conditions or the documents they incorporate by reference, or your violation of any law or the rights of a third-party.
SECTION 15 – SEVERABILITY
In the event that any provision of these Terms and Conditions is determined to be unlawful, void or unenforceable, such provision shall nonetheless be enforceable to the fullest extent permitted by applicable law, and the unenforceable portion shall be deemed to be severed from these Terms and Conditions, such determination shall not affect the validity and enforceability of any other remaining provisions.
SECTION 16 – TERMINATION
The obligations and liabilities of the parties incurred prior to the termination date shall survive the termination of this agreement for all purposes.
These Terms and Conditions are effective unless and until terminated by either you or us. You may terminate these Terms and Conditions at any time by notifying us that you no longer wish to use our Services, or when you cease using our site.
If in our sole judgment you fail, or we suspect that you have failed, to comply with any term or provision of these Terms and Conditions, we also may terminate this agreement at any time without notice and you will remain liable for all amounts due up to and including the date of termination; and/or accordingly may deny you access to our Services (or any part thereof).
SECTION 17 – ENTIRE AGREEMENT
The failure of us to exercise or enforce any right or provision of these Terms and Conditions shall not constitute a waiver of such right or provision.
These Terms and Conditions and any policies or operating rules posted by us on this site or in respect to The Service constitutes the entire agreement and understanding between you and us and govern your use of the Service, superseding any prior or contemporaneous agreements, communications and proposals, whether oral or written, between you and us (including, but not limited to, any prior versions of the Terms and Conditions).
Any ambiguities in the interpretation of these Terms and Conditions shall not be construed against the drafting party.
SECTION 18 – GOVERNING LAW
These Terms and Conditions and any separate agreements whereby we provide you Services shall be governed by and construed in accordance with the laws of Australia.
SECTION 19 – FINAL PROVISIONS
You can review the most current version of the Terms and Conditions at any time at this page.
We reserve the right, at our sole discretion, to update, change or replace any part of these Terms and Conditions by posting updates and changes to our website. It is your responsibility to check our website periodically for changes. Your continued use of or access to our website or the Service following the posting of any changes to these Terms and Conditions constitutes acceptance of those changes.
These Terms and Conditions shall constitute the entire agreement between the parties in relation to the subject matter.
Information entered on the request forms contained on the website is not disclosed to third parties.
The information on the website can only be viewed and printed for personal, non-commercial use.
SECTION 20 – CONTACT INFORMATION
Questions about the Terms and Conditions should be sent to us here.
DATA PROCESSING AGREEMENT
Effective Date: May 25th 2018
This Data Processing Agreement ( “DPA” ) is made as of the Effective Date by and between Oxhill Pty Ltd (“Chicken Caravan”), the Customer, and the sub-processor, based on the Terms of Service, as applicable (“Agreement”).
This DPA overrides any previous Chicken Caravan data processing agreement and may only be varied in writing by, and at the instigation of, Chicken Caravan, or by agreement between Chicken Caravan, a customer and a sub-processor, should the performance of the DPA be then operative between Chicken Caravan and them.
This DPA amends the Terms and Conditions on the website and sets out the terms that apply when Personal Data is processed by sub-processors under the Agreement. The purpose of the DPA is to ensure such processing is conducted in accordance with applicable laws and with due respect for the rights and freedoms of individuals whose Personal Data are processed. Other capitalized terms used but not defined in this DPA have the same meanings as set out in the Agreement.
1.1. For the purposes of this DPA:
a) “ EEA ” means the European Economic Area, which constitutes the member states of the European Union, the United Kingdom, Norway, Iceland and Liechtenstein.
b) “ EU Data Protection Legislation ” means (i) prior to 25 May 2018, Directive 95/46/EC of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data, including any applicable national implementations of it; and (ii) on and after 25 May 2018, Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (as amended, replaced or superseded) (“GDPR”);
c) “ Controller ” shall mean the entity which, alone or jointly with others, determines the purposes and means of the processing of Personal Data;
d) “ Processor ” shall mean an entity which processes Personal Data on behalf of the Controller;
e) “ Personal Data ” means any information relating to an identified or identifiable individual where such information is contained within Customer Data and is protected similarly as personal data or personally identifiable information under applicable Data Protection Law.
f) “Data Subject” means the individual to whom Personal Data relates.
g) “Instruction” means the written, documented instruction, issued by Controller to Processor, and directing the same to perform a specific action with regard to Personal Data (including, but not limited to, depersonalizing, blocking, deletion, making available).
h) “Personal Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise processed.
i) “Processing” means any operation or set of operations which is performed on Personal Data, encompassing the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction or erasure of Personal Data.
2. Details of the Processing
2.1. Categories of Data Subjects.
Controller’s Contacts and other end users including Controller’s employees, contractors, collaborators, customers, prospects, suppliers and subcontractors. Data Subjects also include individuals attempting to communicate with or transfer Personal Data to the Controller’s end users.
2.2. Types of Personal Data
Contact Information, the extent of which is determined and controlled by the Customer in its sole discretion, and other Personal Data such as navigational data (including website usage information), email data, system usage data and other electronic data submitted, stored, sent, or received by end users via the Service.
2.3. Subject-Matter and Nature of the Processing
The subject-matter of Processing of Personal Data by Processor is the provision of the services to the Controller that involves the Processing of Personal Data. Personal Data will be subject to those Processing activities as may be specified in this DPA and an Order.
2.4. Purpose of the Processing
Personal Data will be Processed for purposes of providing the services set out and otherwise agreed to in the Terms of Service and this DPA.
2.5. Duration of the Processing
Personal Data will be Processed for the duration of this DPA, subject to Section 4 of this DPA.
3. Roles and Customer responsibility
3.1. Parties’ Roles . To the extent that Chicken Caravan processes Personal Data in the course of providing the Services, it will do so only as a Processor acting on behalf of Customer (as Controller) and in accordance with the requirements of the Agreement.
3.2. Purpose Limitation . Chicken Caravan will process the Personal Data only for the purpose of providing the Services and in accordance with Controller’s lawful instructions.
3.3. Scope. Within the scope of this DPA and in its use of the services, Controller shall be solely responsible for complying with the statutory requirements relating to data protection and privacy, in particular regarding the disclosure and transfer of Personal Data to the Processor and the Processing of Personal Data. For the avoidance of doubt, Controller’s instructions for the Processing of Personal Data shall comply with the Data Protection Law. This DPA is Customer’s complete and final instruction to Chicken Caravan in relation to Personal Data and that additional instructions outside the scope of DPA would require prior written agreement between the parties. Instructions shall initially be specified in this DPA and may, from time to time thereafter, be amended, amplified or replaced by Controller in separate written instructions (as individual instructions).
3.3. Compliance . Customer, as Controller, shall be responsible for ensuring that: a) it has complied, and will continue to comply, with all applicable laws relating to privacy and data protection, including EU Data Protection Legislation; and b) it has, and will continue to have, the right to transfer, or provide access to, the Personal Data to Chicken Caravan for processing in accordance with the terms of the Agreement and this DPA.
3.4. Controller shall inform Processor without undue delay and comprehensively about any errors or irregularities related to statutory provisions on the Processing of Personal Data.
4. Applicability of DPA .
4.1 . This DPA will apply only to the extent that Chicken Caravan processes Personal Data from the EEA on behalf of the Customer.
4.2 GDPR . The parties agree that Exhibits A and B to this DPA will apply only on and after 25 May 2018. Where the GDPR materially or adversely impacts Chicken Caravan’s continued provision of the Services (including its costs in providing the Services) and / or Customer’s receipt of the Services, the Parties shall discuss in good faith and acting reasonably what changes may be necessary and operationally, technically and commercially feasible to the Agreement and/or the DPA and/or the Services (including, without limitation, the fees payable by Customer to Chicken Caravan for the Services) in order to enable Chicken Caravan to continue providing the Services. No such changes shall be effective unless agreed between the Parties pursuant to this Clause.
5. Obligations of Processor
5.1. Compliance with Instructions
5.1.1. The parties acknowledge and agree that Customer is the Controller of Personal Data and Chicken Caravan is the Processor of that data. Processor shall collect, process and use Personal Data only within the scope of Controller’s Instructions. If the Processor believes that an Instruction of the Controller infringes the Data Protection Law, it shall immediately inform the Controller without delay. If Processor cannot process Personal Data in accordance with the Instructions due to a legal requirement under any applicable European Union or Member State law, Processor will (i) promptly notify the Controller of that legal requirement before the relevant Processing to the extent permitted by the Data Protection Law; and (ii) cease all Processing (other than merely storing and maintaining the security of the affected Personal Data) until such time as the Controller issues new instructions with which Processor is able to comply. If this provision is invoked, Processor will not be liable to the Controller under this DPA for any failure to perform the applicable services until such time as the Controller issues new instructions in regard to the Processing.
5.2.1. Processor shall take the appropriate technical and organisational measures to adequately protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data. Such measures include, but are not be limited to:
- the prevention of unauthorised persons from gaining access to Personal Data Processing systems (physical access control),
- the prevention of Personal Data Processing systems from being used without authorisation (logical access control),
- ensuring that persons entitled to use a Personal Data Processing system gain access only to such Personal Data as they are entitled to accessing in accordance with their access rights, and that, in the course of Processing or use and after storage, Personal Data cannot be read, copied, modified or deleted without authorisation (data access control),
- ensuring that Personal Data cannot be read, copied, modified or deleted without authorisation during electronic transmission, transport or storage on storage media, and that the target entities for any transfer of Personal Data by means of data transmission facilities can be established and verified (data transfer control),
- ensuring the establishment of an audit trail to document whether and by whom Personal Data have been entered into, modified in, or removed from Personal Data Processing systems (entry control),
- ensuring that Personal Data is Processed solely in accordance with the Instructions (control of instructions),
- ensuring that Personal Data is protected against accidental destruction or loss (availability control).
5.2.2. Upon Controller’s request, Processor shall provide a current Personal Data protection and security program relating to the Processing hereunder.
5.2.3. Processor will facilitate Controller’s compliance with the Controller’s obligation to implement security measures with respect to Personal Data (including if applicable Controller’s obligations pursuant to Articles 32 to 34 (inclusive) of the GDPR), by (i) implementing and maintaining security measures, (ii) complying with the terms of Section ”Personal Data Breaches”; and (iii) providing the Controller with information in relation to the Processing in accordance with Section ”Audits”.
5.3.1. Processor shall ensure that any personnel whom Processor authorises to process Personal Data on its behalf is subject to confidentiality obligations with respect to that Personal Data. The undertaking to confidentiality shall continue after the termination of the above-entitled activities.
5.4. Personal Data Breaches
5.4.1. Processor will notify the Controller as soon as practicable after it becomes aware of any of any Personal Data Breach affecting any Personal Data. At the Controller’s request, Processor will promptly provide the Controller with all reasonable assistance necessary to enable the Controller to notify relevant Personal Data Breaches to competent authorities and/or affected Data Subjects, if Controller is required to do so under the Data Protection Law.
5.5. Data Subject Requests
5.5.1. Processor will provide reasonable assistance, including by appropriate technical and organisational measures and taking into account the nature of the Processing, to enable Controller to respond to any request from Data Subjects seeking to exercise their rights under the Data Protection Law with respect to Personal Data (including access, rectification, restriction, deletion or portability of Personal Data, as applicable), to the extent permitted by the law. If such request is made directly to Processor, Processor will promptly inform Controller and will advise Data Subjects to submit their request to the Controller. Controller shall be solely responsible for responding to any Data Subjects’ requests. Controller shall reimburse Processor for the costs arising from this assistance.
5.6.1. To support delivery of our Services, Chicken Caravan may engage and use data processors with access to certain Customer Data (each, a “Sub-Processor”). This page provides important information about the identity, location and role of each Sub-Processor. Terms used on this page but not defined have the meaning set forth in the Terms and conditions or superseding written agreement between Customer and Chicken Caravan (the “Agreement”).
5.6.2. Chicken Caravan currently uses third party Sub-Processors to provide infrastructure services, and to help us provide customer support and email notifications. Prior to engaging any third party Sub-Processor, Chicken Caravan performs diligence to evaluate their privacy, security and confidentiality practices, and executes an agreement implementing its applicable obligations.
5.6.3. Chicken Caravan shall be entitled to engage sub-Processors to fulfil Processor’s obligations defined in this DPA only with Controller’s written consent. For these purposes, Controller consents to the engagement as sub-Processors of Processor’s affiliated companies and third parties.
5.6.4. If Chicken Caravan intends to instruct sub-Processors, it will notify the Controller thereof in writing (email to the email addresses) on record in Processor’s account (information for Controller is sufficient) and will give the Controller the opportunity to object to the engagement of the new sub-Processors within 30 days after being notified. The objection must be based on reasonable grounds (e.g. if the Controller proves that significant risks for the protection of its Personal Data exist at the sub-Processor). If the Processor and Controller are unable to resolve such objection, either party may terminate this DPA by providing written notice to the other party. Controller shall receive a refund of any prepaid but unused fees for the period following the effective date of termination.
5.6.5. Where Processor engages sub-Processors, Processor will enter into a contract with the sub-Processor that imposes on the sub-Processor the same obligations that apply to Processor under this DPA. Where the sub-Processor fails to fulfil its data protection obligations, Processor will remain liable to the Controller for the performance of such sub-Processors obligations.
5.6.6. Where a sub-Processor is engaged, the Controller must be granted the right to monitor and inspect the sub-Processor’s activities in accordance with this DPA and the Data Protection Law, including to obtain information from the Processor, upon written request, on the substance of the contract and the implementation of the data protection obligations under the sub-Processing contract, where necessary by inspecting the relevant contract documents.
5.6.7. The provisions of this Section shall mutually apply if the Processor engages a sub-Processor in a country outside the European Economic Area (“EEA”) not recognized by the European Commission as providing an adequate level of protection for personal data. If, in the performance of this DPA, Chicken Caravan transfers any Personal Data to a sub-processor located outside of the EEA, Chicken Caravan shall, in advance of any such transfer, ensure that a legal mechanism to achieve adequacy in respect of that processing is in place.
5.6.8. Transfers to subsequent third parties are covered by the service agreements with our Customers (the Controller). Furthermore, Chicken Caravan supports End Users’ rights to retrieve any information retained on our servers which relates to such End User. Chicken Caravan acknowledges that you have the right to access your Personal Information. We have processes in place to accommodate an End User’s rights to delete data, amend erroneous data, access data and receive Personal Data or Sensitive Data in a machine readable commonly used format, all subject to reasonable technical restrains and abilities.
5.6.10. Personal Information or Personal Data is information by which an individual may be personally identified, including name, address, e-mail address, telephone number or any other information that is defined as Personal Information, Personal Data, or Personally Identifiable Information under an applicable law (hereinafter referred to as “ Personal Information ”)
5.6.10. Users are not obligated to provide us with any information by law. However, we require certain information in order to provide our services properly. Under some jurisdictions (such as under certain E.U. regulations), a User has a right to withdraw its consent at any time. In such a case, the withdrawal will not affect the lawfulness of processing based on consent before its withdrawal.
5.6.11. Please note that consent for the gathering and processing of data for one Service does not automatically mean that a User consents to the processing of data in connection with other Services. Our Customer (Data Controller) should always make sure that the User’s consent is relevant, clear, valid, and to the extent reasonably possible, not “bundled” with any other written agreement (especially if required under applicable laws), unambiguous and if required under applicable law, affirmative and active (meaning not by virtue of any inaction).
5.6.12. Chicken Caravan aims to process only adequate, accurate and relevant data limited to the needs and purposes for which it is gathered. It also aims to store data for the time period necessary to fulfill the purpose for which the data is gathered. Chicken Caravan only collects data in connection with a specific legitimate purpose.
5.7. Data Transfers
5.7.1. Controller acknowledges and agrees that, in connection with the performance of the services under this DPA, Personal Data will be transferred to Chicken Caravan in Australia. Chicken Caravan is compliant with the directives of the Australian Information Commissioner pursuant to the provisions of the Privacy Act 1988 (Cth) and the Notifiable Data Breaches (NDB) Scheme and associated legislation in regards implementing appropriate safeguards for such transfers pursuant to Article 46 of the GDPR.
5.8. Deletion or Retrieval of Personal Data
5.8.1. Other than to the extent required to comply with Data Protection Law, following termination or expiry of this DPA, Processor will delete all Personal Data (including copies thereof) processed pursuant to this DPA. If Processor is unable to delete Personal Data for technical or other reasons, Processor will apply measures to ensure that Personal Data is blocked from any further Processing.
5.8.2. Controller shall, upon termination or expiration of this DPA and by way of issuing an Instruction, stipulate, within a period of time set by Processor, the reasonable measures to return data or to delete stored data. Any additional cost arising in connection with the return or deletion of Personal Data after the termination or expiration of this DPA shall be borne by Controller.
6.1. Controller may, prior to the commencement of Processing, and at regular intervals thereafter, audit the technical and organisational measures taken by Processor.
For such purpose, Controller may:
- obtain information from the Processor,
- request Processor to submit to Controller an existing attestation or certificate by an independent professional expert,
- upon reasonable and timely advance agreement, during regular business hours and without interrupting Processor’s business operations, conduct an on-site inspection of Processor’s business operations or have the same conducted by a qualified third party which shall not be a competitor of Processor.
6.2. Processor shall, upon Controller’s written request and within a reasonable period of time, provide Controller with all information necessary for such audit, to the extent that such information is within Processor’s control and Processor is not precluded from disclosing it by applicable law, a duty of confidentiality, or any other obligation owed to a third party.
7. Data Privacy, Security & Confidentiality
7.1. We take great care in implementing, enforcing and maintaining the security of our Services, Site and Users’ information, also complying to the EU General Data Protection Regulation (Released April 6, 2016).
7.2. Chicken Caravan understands that the service provided can capture a wide range of information and may be highly sensitive, confidential or proprietary. Chicken Caravan values the trust that our customers, whether they be individuals or large organisations, place in us by letting us be the custodians of their personal data.
Chicken Caravan implements, enforces and maintains security policies to prevent the unauthorized or accidental access to or destruction, loss, modification, use or disclosure of Personal Information or Personal Data and to monitor compliance of such policies on an ongoing basis.
7.4. Chicken Caravan takes our users’ security and privacy concerns seriously. We strive to ensure that user data is kept secure, and that we collect only as much personal data as is required to make our users’ experience with Chicken Caravan as efficient and satisfying as possible. We also aim to collect data in the most unobtrusive manner possible. We aim to be transparent about our security infrastructure and practices to help reassure you that your data is sufficiently protected.
7.7. All information is stored with logical separation from information of other Customers. However, we do not guarantee that unauthorized access will never occur.
7.8. We use a combination of processes, technology and physical security controls to help protect Personal Information and Personal Data from unauthorized access, use, or disclosure. When Personal Information or Personal Data is transferred over the Internet, we encrypt it using Transfer Layer Security (TLS) encryption technology or similar technology. Each server is protected by a firewall, exposing it only to the minimum ports necessary. However, no security controls are 100% effective, and we cannot completely ensure or warrant the security of your Personal Information and Personal Data.
7.9. Unless otherwise agreed with the Customer and subject to applicable law, Chicken Caravan shall act in accordance with its policies to promptly notify Customer in the event that any Personal Information or Personal Data processed by Chicken Caravan on behalf of a Customer is lost, stolen, or where there has been any unauthorized access to it.
8. Access Control
Preventing Unauthorized Access
8.1. Outsourced processing: As previously stated, Chicken Caravan may host its Service with outsourced cloud infrastructure providers. Additionally, Chicken Caravan maintains contractual relationships with vendors in order to provide the Service in accordance with our Data Processing Agreement. Chicken Caravan relies on contractual agreements, privacy policies, and vendor compliance programs in order to protect data processed or stored by these vendors.
8.2. Physical and environmental security: Chicken Caravan may host its infrastructure with multi-tenant, outsourced infrastructure providers. The physical and environmental security controls are audited for ISO 27001 compliance, among other certifications.
Preventing Unauthorized services Use
8.5. Chicken Caravan implements industry standard access controls and detection capabilities for the internal networks that support its services.
8.6. Access controls: Network access control mechanisms are designed to prevent network traffic using unauthorised protocols from reaching the infrastructure. The technical measures implemented differ between infrastructure providers and include Virtual Private Cloud (VPC) implementations, security group assignment, and traditional firewall rules.
8.7. Intrusion detection and prevention: Chicken Caravan implemented a Web Application Firewall (WAF) solution to protect Chicken Caravan services and other internet-accessible applications. The WAF is designed to identify and prevent attacks against publicly available network services.
8.8. Static code analysis: Security reviews of code stored in Chicken Caravan’s source code repositories is performed, checking for coding best practices and identifiable software flaws.
Limitations of Privilege & Authorization Requirements
8.10. Service access: A subset of Chicken Caravan’s employees have access to the services and to customer data via controlled interfaces. The intent of providing access to a subset of employees is to provide effective customer support, to troubleshoot potential problems, to detect and respond to security incidents and implement data security. Access is enabled through “just in time” requests for access; all such requests are logged. Employees are granted access by role, and reviews of high risk privilege grants are initiated daily. Employee roles are reviewed at least once every six months.
8.11. Background checks: All Chicken Caravan employees undergo a third-party background check prior to being extended an employment offer, in accordance with the applicable laws. All employees are required to conduct themselves in a manner consistent with Chicken Caravan guidelines, non-disclosure requirements, and ethical standards.
8.12. In-transit: Chicken Caravan makes HTTPS encryption (also referred to as SSL or TLS) available on every one of its login interfaces. Chicken Caravan’s HTTPS implementation uses industry standard algorithms and certificates.
8.13. At-rest: Chicken Caravan stores user passwords following policies that follow industry standard practices for security. Chicken Caravan has implemented technologies to ensure that stored data is encrypted at rest when appropriate.
8.15. Response and tracking: Chicken Caravan maintains a record of known security incidents that includes description, dates and times of relevant activities, and incident disposition. Suspected and confirmed security incidents are investigated by security, operations, or support personnel; and appropriate resolution steps are identified and documented. For any confirmed incidents, Chicken Caravan will take appropriate steps to minimize Customer damage or unauthorized disclosure.
8.16. Communication: If Chicken Caravan becomes aware of unlawful access to Customer data stored within its services, Chicken Caravan will: 1) notify the affected Customers of the incident; 2) provide a description of the steps Chicken Caravan is taking to resolve the incident; and 3) provide status updates to the Customer contact, as Chicken Caravan deems necessary. Notification(s) of incidents, if any, will be delivered to one or more of the Customer’s contacts in a form Chicken Caravan selects, which may include via email or telephone.
8.17. Infrastructure availability: The infrastructure providers use commercially reasonable efforts to ensure a minimum of 99.95% uptime. The providers maintain a minimum of N+1 redundancy to power, network, and HVAC services.
8.18. Fault tolerance: Backup and replication strategies are designed to ensure redundancy and fail-over protections during a significant processing failure. Customer data is backed up to multiple durable data stores and replicated across multiple availability zones.
8.19. Online replicas and backups: Where feasible, service databases are designed to replicate data between no less than 1 primary and 1 secondary database. All databases are backed up and maintained using at least industry standard methods.
Chicken Caravan’s services are designed to ensure absolute customer satisfaction. The server instances that support the services are also architected with a goal to prevent support failure.
9. International transfers
9.1. Adequacy. Chicken Caravan will provide an adequate level of protection for Personal Data that it processes on behalf of Customer in accordance with the requirements of EU Data Protection Legislation.
10. Service Data
10.1 Notwithstanding anything in this DPA, Chicken Caravan will have the right to collect, extract, compile, synthesize and analyze non-personally identifiable data or information resulting from Customer’s use or operation of the Services (“Service Data”) including, by way of example and without limitation, information relating to volumes, frequencies, recipients, bounce rates, or any other information regarding the communications Customer, its end users or recipients generate and send using the Services. To the extent any Service Data is collected or generated by Chicken Caravan, such data will be solely owned by Chicken Caravan and may be used by Chicken Caravan for any lawful business purpose without a duty of accounting to Customer or its recipients, provided that such data is used only in an aggregated form, without directly identifying any person. For the avoidance of doubt, this DPA will not apply to Service Data.
11.1. Except as amended by this DPA, the Agreement will remain in full force and effect.
11.2 . If there is a conflict between the Agreement and this DPA, the terms of this DPA will control.
11.3. Any claims brought under this DPA shall be subject to the terms and conditions, including but not limited to, the exclusions and limitations set forth in the Agreement.