Privacy Policy


Information Collection and Use

This statement discloses our practices for gathering and disseminating information we collect when you visit this website or use any services, devices or mobile applications Owl Labs my make available. We have created this privacy policy to demonstrate our firm commitment to your privacy and the protection of your information. Owl Labs is the sole owner of the information collected on this website (or through your use of any services). We will not sell, share, or rent this information to others in ways different from what is disclosed in this policy.  

We may collect information from your use of this website. This could include information about your navigation of our website, and how you use it.  Also, through the use of cookie technology or otherwise, we may track and collect information about your computer and software when you visit this website. This information may include: (i) your IP address; (ii) domain server; (iii) type of computer; (iv) type of web browser; (v) access times; and (vi) referring websites addresses (collectively “Traffic Data”). Traffic Data is anonymous information that does not personally identify you. Traffic Data assists us to design and arrange our web pages in the user-friendliest manner and to continually improve our website and services to better meet the needs of users.

If you contact us, we may keep a record of your communication to help solve any issues you might be facing. We may use your email address to inform you about our products and services, such as letting you know about upcoming changes or improvements.

We aim to maintain our website in a manner that protects information from accidental or malicious destruction. Because of this, after you delete information from our website, we may not immediately delete residual copies from our active servers and may not remove information from our backup systems.

Personal Information

We use the term “Personal Information” to mean both “Personal Data” as defined by the EU General Data Protection Regulation or “GDPR” and “Personally Identifiable Information” as that term is understood in the United States. In order for you to access certain portions of our website, we may require you to provide us with information that personally identifies you, such as your name, mailing address, email address and home and/or business telephone numbers (“Personal Information”). If you communicate with us by email or otherwise complete online forms or the like, any information provided in such communication may be collected as Personal Information. You may choose not to provide us with any Personal Information. In such an event, you can still access and use much of the website. You, however, will not be able to access or use those portions of the website (or any services) that require your Personal Information.

If you use a blog, bulletin board or chat room on this website, you should be aware that any Personal Information you submit there can be read, collected, or used by other users of these forums, and could be used to send you unsolicited messages. We are not responsible for the Personal Information you choose to submit in these forums.

Log Files

We use IP addresses to analyze trends, administer the website, track users’ movements, and gather broad demographic information for aggregate use.

Cookies

In order to improve our website and our visitors’ experience while at our website, we sometimes use technology referred to as “cookies” We may employ cookie technology to store and sometimes track information about the users of the website and/or Services. Cookies are a feature of web browser software that allows web servers to recognize the computer used to access a website. Cookies are small pieces of data that are stored by a user’­s web browser on the user’s hard drive. Cookies can remember what information a user accesses on one web page to simplify subsequent interactions with that website by the same user or to use the information to streamline the user’s transactions on related web pages. Most web browsers automatically accept cookies, but you can change your browser to prevent the browser from accepting cookies.

We may use web beacons (small pieces of data that are embedded in images on the pages of websites) and auditing software to track page views and entry and exit points to and from the website. In addition, we may use web beacons, cookies, customized links and/or similar technologies to determine whether electronic newsletters sent by us to those who have requested them from us have been opened and which links are clicked. Any data collected will only be used in an aggregate form and will not contain any personal information, as that term is defined below

A user who does not accept cookies from our website may not be able to access certain areas of the website.

Surveys and Responsive Requests

From time to time, our website may request information from users via surveys or similar responsive requests. Participation in these surveys or responsive requests is completely voluntary and the user therefore has a choice whether or not to disclose this information. Information requested may include contact information (such as name, email and shipping address), and demographic information (such as zip code, age level). If you give us personal information about somebody else, such as a spouse or work colleague, we will assume that you have their permission to do so. Survey information may be used to monitor or improve the use and satisfaction of this website.

This Privacy Notice for California Residents supplements this privacy policy and any terms defined in the CCPA have the same meaning when used in this Notice.

Information We Collect

Our Website collects the above information, in the following categories:

  1. Identifiers.

  2. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). 

    YES

  3. Commercial information. YES

  4. Internet or other similar network activity. 

    YES

Personal information under the CCPA does not include:

* Publicly available information from government records.

* Deidentified or aggregated consumer information.

* Information excluded from the CCPA’s scope, like: 

o health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;

o personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.

Owl Labs, Inc. obtains the categories of personal information listed above from the following categories of sources:

* Directly from you. For example, from forms you complete or products and services you purchase.

* Indirectly from you. For example, from observing your actions on our Website.

Use of Personal Information

We may use or disclose the personal information we collect for one or more of the following business purposes:

* To fulfill or meet the reason you provided the information. For example, if you share your name and contact information to request a price quote or ask a question about our products or services, we will use that personal information to respond to your inquiry. If you provide your personal information to purchase a product or service, we will use that information to process your payment and facilitate delivery. We may also save your information to facilitate new product orders or process returns.

* To provide customer support.

* For testing, research, analysis, and product development, including to develop and improve our Websites, products, and services.

* To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.

Sharing Personal Information

Owl Labs, Inc. does not disclose your personal information to a third party other than for law enforcement requests and as required by applicable law, court order, or governmental regulations.

Disclosures of Personal Information for a Business Purpose

In the preceding twelve (12) months, Owl Labs has not disclosed personal information for a business purpose.

In the preceding twelve (12) months, Owl Labs has not sold personal information.

Your Rights and Choices 

The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights. Right to Delete

You have the right to request that Owl Labs deletes the personal information we currently hold about you.

To exercise this right, contact us @ privacy@owllabs.com 

Right to Opt-Out of ‘Sales’ of Personal Information

If you are a California resident, the CCPA allows you to request that a company no longer “sells” your personal information. Insofar as Owl Labs does not sell or otherwise transfer personal information, this provision is not applicable to Owl Labs.

Right to Non-Discrimination for the Exercise of a Consumer’s Privacy Rights

You have the right not to receive discriminatory treatment for the exercise of the privacy rights conferred by the CCPA.

Data Integrity and Security

Owl Labs uses extensive security measures to protect against the loss, misuse and/or alteration of data located on our systems. We implement appropriate measures and processes, such as using encryption when transmitting certain sensitive information, to help us to keep your information secure and to maintain its quality. We regularly review our security and related policies to adapt the technology as new threats evolve, and monitor our systems to help ensure the highest level of availability. If you have any questions about the security at our website, you can send an email to support@owllabs.com.

Sharing and Usage

We will never intentionally share, sell, or rent Personal Information with anyone without your advance permission or unless ordered by a court of law, in order to:

  • meet any applicable law, regulation, legal process or enforceable governmental request.

  • enforce applicable terms of service, including investigation of potential violations.

  • detect, prevent, or otherwise address fraud, security or technical issues.

  • protect against harm to the rights, property or safety of Owl Labs, our users or the public as required or permitted by law.

If we are involved in a merger, acquisition or asset sale, we will continue to ensure the confidentiality of any personal information.

Otherwise, information submitted to us is only available to our employees managing this information for purposes of contacting you or sending you emails based on your request for information and to contracted service providers for purposes of providing services relating to our communications with you. These employees and contracted service providers have been trained to handle such data properly and in accordance with our security protocols and strict standards of confidentiality. Although we cannot guarantee against any loss, misuse, unauthorized disclosure, alteration or destruction of data, we take reasonable precautions to prevent such unfortunate occurrences.

Use of Information

Owl Labs does not share any information with any third-parties, other than its agents who assist it in the collection and analysis of information as outlined herein. We may, from time to time, contact you with regard to our products and services or with other information that you may be interested in receiving. You can at any time request that no further contact be made, by emailing us at support@owllabs.com.

Transfer

Owl Labs may receive and transfer information all over the world. Consequently, your personal information may be used, stored and processed outside of the country where you entered that information. When transferred from the European Union to the United States, the transfer is conducted under the Standard Contractual Clauses of EU Article 26(2) of Directive 95/46/EC, attached hereto.

Wherever we are required to transfer your personal information, regardless of where this occurs, we have taken steps to ensure that your information is treated securely and in accordance with this privacy policy. Please note that your submission of information or use of our services will be deemed by us to signify explicit consent on your part to such transfer of information to any part of the world.

Links to Other Web Sites

This website may contain links to other sites that are not operated by Owl Labs. Please be aware that we are not responsible for the privacy practices or content of such other sites. We encourage our users to be aware when they leave our website and to read the privacy statements of each and every web site that collects personally identifiable information. We do not make any warranty or representation regarding, nor do we endorse, any linked third-party websites or the information appearing thereon or any of the products or services described thereon. If you decide to access linked third-party websites, you do so at your own risk.  This privacy statement applies solely to information collected by the Owl Labs’ website and services.

Disclaimer

No data transmission over the internet can be guaranteed to be entirely secure. As a result, while we always use all reasonable efforts to protect the personal information you provide to us, we cannot guarantee the security of your information and the submission of data is thus at your own risk. Please be aware that in certain circumstances, it is possible that personal information may be subject to disclosure pursuant to judicial or other government subpoenas, warrants, or orders.

Children's Privacy

The Children’s Online Privacy Protection Act restricts the collection and use of personal information pertaining to children under the age of 13.  We do not allow such children to register as users and will not knowingly collect or solicit personal information from anyone under the age of 13.  No one under the age of 13 should provide any personal information on or through this site or otherwise.  In the event we learn that we have collected personal information from a child under age 13, we will terminate the account and delete the information.  If you believe that we might have any information from or about a child under 13, please contact us at support@owllabs.com.  Minors aged 13 and over should not use this site or post any information or other content without adult supervision.

California Notices

Users who reside in California and have provided Personal Information to Owl Labs have the right to receive: (a) information identifying any third party to whom we may have disclosed, within the past year, personal information pertaining to you and your family for that party’s direct marketing purposes; and (b) a description of the categories of personal information disclosed. To obtain such information, please email your request to support@owllabs.com.  This request may be made no more than once per calendar year. We reserve our right not to respond to requests submitted other than to the address specified in this paragraph.

Newsletters and Email Privacy

Why did you receive an email from us? 

If you received a mailing from us, (a) your email address is either listed with us as someone who has expressly shared this address for the purpose of receiving information in the future ("opt-in"), or (b) you have registered or purchased or otherwise have an existing relationship with us.

How can you stop receiving email from us?

Each email sent contains an easy way for you to cease receiving email from us. If you wish to do this, simply follow the instructions at the end of any email. If you have received unwanted, unsolicited email sent via this system or purporting to be sent via this system, please forward a copy of that email with your comments to support@owllabs.com.

Recruiting SMS Policy

Owl Labs Corp, also known as Owl Labs offers you the option to engage in SMS text conversations about your job application. By participating, you also understand that message frequency may vary depending on the status of your job application, and that message and data rates may apply. Please consult your carrier for further information on applicable rates and fees. Carriers are not liable for delayed or undelivered messages. Reply STOP to cancel and HELP for help.By opting-in to receiving SMS text messages about your job application, you acknowledge and agree that your consent data, mobile number, and personal information will be collected and stored solely for the purpose of providing you with updates and information related to your job application. We are committed to protecting your privacy and shall not share or sell your consent data, mobile numbers, or personal information to third parties under any circumstances.

Acceptance and Privacy Policy

Consent and Notification of Changes

By using the website or any Owl Labs’ services, you consent to the collection, use and storage of your information by us in the manner described in this privacy policy. We reserve the right to make changes to this privacy policy at any time. If we decide to change our privacy policy, we will post those changes on our website so our users are aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it.

If you do not agree with this Privacy Policy, please do not use our website (or any services offered). Your continued use of this website and services following posting of changes to these terms will mean you accept those changes.

Standard Contractual Clauses (C2P)

For the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection;

Name of the data exporting organization

Address: 

Telephone: 

Fax: 

e-mail address:

(the "data exporter")

AND

Name of the data importing organization: Owl Labs, Inc

Address: 33 1/2 Union Square, Somerville, MA 02143

Telephone: +1-857-214-4341

Fax: N/A

e-mail address: John.Stevens@owllabs.com

(the "data importer")

Each a ‘party’; together ‘the parties’, 

HAVE AGREED on the following Contractual Clauses (the Clauses) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Appendix 1.

Clause 1

Definitions

For the purposes of the Clauses: 

  1. ‘personal data’, ‘special categories of data’, ‘process/processing’, ‘controller’, ‘processor’, ‘data subject’ and ‘supervisory authority’ shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data;

  2. ‘the data exporter’ means the controller who transfers the personal data;

  3. ‘the data importer’ means the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country’s system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC;

  4. ‘the sub-processor’ means any processor engaged by the data importer or by any other sub-processor of the data importer who agrees to receive from the data importer or from any other sub-processor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract;

  5. ‘the applicable data protection law’ means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established;

  6. ‘technical and organisational security measures’ means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.

Clause 2

Details of the transfer

The details of the transfer and in particular the special categories of personal data where applicable are specified in Appendix 1 which forms an integral part of the Clauses.

Clause 3

Third-party beneficiary clause

  1. The data subject can enforce against the data exporter this Clause, Clause 4(b) to (i), Clause 5(a) to (e), and (g) to (j), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third-party beneficiary.

  2. The data subject can enforce against the data importer this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.

  3. The data subject can enforce against the sub-processor this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the sub-processor shall be limited to its own processing operations under the Clauses.

  4. The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law.

Clause 4

Obligations of the data exporter

The data exporter agrees and warrants:

  1. that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;

  2. that it has instructed and throughout the duration of the personal data-processing services will instruct the data importer to process the personal data transferred only on the data exporter’s behalf and in accordance with the applicable data protection law and the Clauses;

  3. that the data importer will provide sufficient guarantees in respect of the technical and organisational security measures specified in Appendix 2 to this contract;

  4. that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;

  5. that it will ensure compliance with the security measures; 

  6. that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;

  7. to forward any notification received from the data importer or any sub-processor pursuant to Clause 5(b) and Clause 8(3) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension; 

  8. to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for sub-processing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;

  9. that, in the event of sub-processing, the processing activity is carried out in accordance with Clause 11 by a sub-processor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and

  10. that it will ensure compliance with Clause 4(a) to (i).

Clause 5

Obligations of the data importer

The data importer agrees and warrants: 

  1. to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;

  2. that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;

  3. that it has implemented the technical and organisational security measures specified in Appendix 2 before processing the personal data transferred; 

  4. that it will promptly notify the data exporter about:

  5. any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as prohibition under criminal law to preserve the confidentiality of a law enforcement investigation;

  6. any accidental or unauthorized access; and

  7. any request received directly from the data subjects without responding to that request, unless it has been otherwise authorized to do so;

  8. to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;

  9. at the request of the data exporter to submit its data-processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority

  10. to make available to the data subject upon request a copy of the Clauses, or any existing contract for sub-processing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;

  11. that, in the event of sub-processing, it has previously informed the data exporter and obtained its prior written consent;

  12. that the processing services by the sub-processor will be carried out in accordance with Clause 11; 

  13. to send promptly a copy of any sub-processor agreement it concludes under the Clauses to the data exporter.

Clause 6

Liability 

  1. The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or sub-processor is entitled to receive compensation from the data exporter for the damage suffered.

  2. If a data subject is not able to bring a claim for compensation in accordance with paragraph 1 against the data exporter, arising out of a breach by the data importer or his sub-processor of any of their obligations referred to in Clause 3 or in Clause 11, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract of by operation of law, in which case the data subject can enforce its rights against such entity.

The data importer may not rely on a breach by a sub-processor of its obligations in order to avoid its own liabilities. 

  1.  If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs 1 and 2, arising out of a breach by the sub-processor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the sub-processor agrees that the data subject may issue a claim against the data sub-processor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the sub-processor shall be limited to its own processing operations under the Clauses.

Clause 7

Mediation and jurisdiction

  1. The data importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject:

  2. to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority;

  3. to refer the dispute to the courts in the Member State in which the data exporter is established.

The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.

Clause 8

Cooperation with supervisory authorities

  1. The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.

  2. The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any sub-processor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law.

  3. The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any sub-processor preventing the conduct of an audit of the data importer, or any sub-processor, pursuant to paragraph 2. In such a case the data exporter shall be entitled to take the measures foreseen in Clause 5(b).

Clause 9

Governing law

The Clauses shall be governed by the law of the Member State in which the data exporter is established, namely: [Country].

Clause 10

Variation of the contract

The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clauses.

Clause 11

Sub-processing

  1. The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the sub-processor which imposes the same obligations on the sub-processor as are imposed on the data importer under the Clauses. Where the sub-processor fails to fulfill its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the sub-processor’s obligations under such agreement.

  2. The prior written contract between the data importer and the sub-processor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the sub-processor shall be limited to its own processing operations under the Clauses.

  3. The provisions relating to data protection aspects for sub-processing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the data exporter is established, namely: [Country].

  4. The data exporter shall keep a list of sub-processing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5(j), which shall be updated at least once a year. The list shall be available to the data exporter’s data protection supervisory authority.

Clause 12

Obligations after the termination of personal data-processing services

  1. The parties agree that on the termination of the provision of data-processing services, the data importer and the sub-processor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.

  2. The data importer and the sub-processor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data-processing facilities for an audit of the measures referred to in paragraph 1.

Dated: 

On behalf of the data exporter:

Name:

Position:

Address: 

Signature:

On behalf of the data importer: Owl Labs, Inc.

Name: John Stevens

Position: Chief Financial Officer

Address: 33 1/ Union Square, Somerville, MA 02143

Signature:

Appendix 1

To the Standard Contractual Clauses

This Appendix forms part of the Clauses and must be completed and signed by the parties.

Data exporter

The data exporter is (please specify briefly your activities relevant to the transfer):

Registered Address

Data importer

The data importer is (please specify briefly activities relevant to the transfer):

Using the name and email address of an employee of the Data Exporter for purposes of registering Owl Labs telecommunications devices.

Data subjects

The personal data transferred concern the following categories of data subjects (please specify):

Employees of the Data Exporter

Categories of data

The personal data transferred concern the following categories of data (please specify):

Name and email address

Special categories of data (if appropriate)

The personal data transferred concern the following special categories of data (please specify):

None

Processing operations 

The personal data transferred will be subject to the following basic processing activities (please specify): 

Registering Owl Labs devices and validating the devices during customer support by Owl Labs.

Data Exporter

Name: Registered Address

Authorized signature: 

Data Importer

Name: John Stevens, CFO

Authorized signature: 

Appendix 2

To the Standard Contractual Clauses

This Appendix forms part of the Clauses and must be completed and signed by the parties.

Description of the technical and organisational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c) (or document/legislation attached):

Owl Labs uses extensive security measures to protect against the loss, misuse and/or alteration of data located on our systems. We implement appropriate measures and processes, such as using encryption when transmitting certain sensitive information, to help us to keep your information secure and to maintain its quality. We regularly review our security and related policies to adapt the technology as new threats evolve, and monitor our systems to help ensure the highest level of availability. If you have any questions about the security at our website, you can send an email to support@owllabs.com.