blank img

Data Privacy Addendum

This Data Privacy Addendum sets forth the terms and conditions pursuant to which Personal Information will be transferred and processed in the framework of the Services Agreement.

Definitions. For the purposes of this Privacy Addendum, capitalized terms used shall have the following meanings:

“Law(s)”means all laws or statutes and any other regulation, ordinance, order, decree or rule having the force of law, whether in existence as of the Effective Date or promulgated thereafter, as amended or superseded.
“Personal Information”means any information relating to a Worker provided by the Worker, Ideal, or a third party on their behalf in connection with the Agreement.
“Personal Information Breach”means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Information transmitted, stored or otherwise processed in connection with the provisioning of the Services.
“Privacy Legislationmeans the Laws applicable to the protection of Personal Information relating to the Services, including state-level Laws, as amended or replaced from time to time.
“Processing, Process(es), or Processed”means any operation or set of operations performed, whether by manual or automated means, on Personal Information or on sets of Personal Information, such as the collection, use, storage, disclosure, analysis, deletion or modification of Personal Information.
“Sell”, “Share”has the meaning ascribed to it in the applicable Privacy Legislation.
  1. Interpretation.
    • a) This Privacy Addendum forms an integral part of the Agreement. The provisions of the Agreement therefore apply to this Privacy Addendum. All capitalized terms not defined in this Privacy Addendum will have the meaning set forth in the Agreement.
    • b) Each Party will act independently in its capacity as an entity responsible for determining the purpose and means of Processing of Personal Information.
  2. Specification of Processing.
    • a) This Privacy Addendum sets out the rights and obligations of the Parties with respect to the Processing of Personal Information relating to the Services. It applies to all activities of the Parties when Processing Personal Information.
    • b) Ideal and Client each hereby represent that they will Process Personal Information relating to the Services in accordance with the obligations imposed upon them respectively under Privacy Legislation.
    • c) Client shall further comply with the Privacy Legislation to ensure the lawful Processing of Personal Information of Workers, including by making available to Workers their privacy statement/policy controlling the collection of Worker’s Personal Information when posting a shift and no later than at the point of collection of any Personal Information.
    • d) The Parties shall cooperate with and assist each other under applicable Privacy Legislation with respect to responding to Personal Information Breach notifications and requests for audit or investigation from enforcement authorities.
  3. Exercise of Personal Information Rights.
    • a) If a Worker exercises his or her rights against the Client, in particular of the rights of access, correction, deletion of his or her Personal Information, the Client is obliged to forward the request to Ideal without undue delay and the Client will provide assistance to Ideal to fulfil the request.
  4. Use and Disclosure.
    • a)Client will not: (a) use Personal Information of Workers for any purpose other than as specified in the Agreement; (b) disclose Personal Information of Workers to any third party for any purpose other than as specified in the Agreement; (c) Sell or Share Personal Information of Workers with any third party; or (d) combine Personal Information of Workers with personally identifiable information obtained from other sources, except as stipulated in the Agreement.
    • b) Client will provide the same level of privacy protection with respect to the Processing of Personal Information of Workers as set out in the applicable Privacy Legislation and, without undue delay, notify Ideal if it makes a determination that it can no longer meet its obligations under the applicable Privacy Legislation.
    • c) Client shall take steps to ensure that any person acting under its authority and who has access to Personal Information is only granted such access on a need-to-know basis, is subject to a duly enforceable contractual or statutory confidentiality obligation, and only Processes Personal Information in accordance with this Privacy Addendum.
  5. Deletion and Return of Personal Information.
    • a) Upon termination of the Agreement, unless Client is required to retain Worker Personal Information to satisfy its own data retention requirements, Client shall delete Worker Personal Information from its systems and devices as soon as reasonably and technologically practicable.
  6. Technical and Organizational Measures.
    • a) Client will implement appropriate technical and security measures to protect Personal Information against accidental, unauthorized or unlawful access, disclosure, alteration, loss or destruction and Client will ensure such measures remain in effect for the term of this Agreement.
  7. Privacy Representative.
    • a) Ideal has appointed an individual responsible for privacy and data protection matters. The appointed person can be reached at privacy@ideal.com.
  8. Personal Information Breach.
    • a) In the event of a Personal Information Breach of Worker Personal Information by Client or its subprocessors, and irrespective of its cause, Client shall notify Ideal without undue delay after having become aware of such Personal Information Breach.
    • b) Client shall without undue delay further investigate the Personal Information Breach and shall keep Ideal informed of the progress of the investigation and take reasonable steps to further minimize the impact.
    • c) Client shall be responsible for complying with its own obligations under Privacy Legislation to notify competent authorities of a Personal Information Breach. Client must obtain the written approval of Ideal prior to any communication to Workers related to any Personal Information Breach.
  9. Privacy Impact Assessments.
    • a) Where a Party is obligated by applicable Privacy Legislation to execute privacy impact assessments, the other Party shall provide reasonable cooperation and assistance to the Party for the execution of the privacy impact assessment to allow the Party to comply with its obligations (including any obligation to consult with competent data protection authorities).
  10. Client Responsibilities.
    • a) Client shall comply with Privacy Legislation as well as any other Laws applicable to Client or Client’s industry.
    • b) If compliance with any specific Privacy Legislation requires any actions on the part of Client in addition to the obligations set forth in this Privacy Addendum, Client will accommodate such additional requirements upon reasonable request from Ideal.
  11. Notifications.
    • a) Unless legally prohibited from doing so, Client shall promptly notify Ideal if it, with regard to Worker Personal Information: (i) receives an inquiry, a subpoena or a request for inspection or audit from a competent public authority relating to the Processing; (ii) intends to disclose Personal Information to any competent public authority. At the request of Ideal, Client shall provide a copy of the documents delivered to the competent authority to Ideal.
    • b) Any notification under this Privacy Addendum, including a Personal Information Breach notification, will be delivered via e-mail to privacy@ideal.com.
    • c) If either Party is subject to an inquiry by a data protection authority, regulator or agency, the scope of which includes operations or information within the other Party’s control, each Party agrees to provide reasonable cooperation to the other Party.
  12. Term and Termination.
    • a) This Privacy Addendum is hereby made part of the Ideal Terms of Service in accordance with terms thereof and remains in force until Processing of Personal Information by Client is no longer required (i) in the framework of or pursuant to the Agreement or (ii) for a period after termination of the Agreement or the relevant Services to satisfy a legal requirement.
  13. Applicable Law.
    • a) This Privacy Addendum and any rights and obligations arising out of it shall be interpreted according to and governed by the law governing the Agreement.

Ready to work the Ideal way?

Find work

Discover your ideal way to work. Download the app, pick up shifts when you want, and get paid the same day.

Get started

Find people

Experience the ideal way to staff. Fill schedule and skill gaps on-demand with our pool of W-2 talent.

Get started