Terms, Privacy and Data

  • Syarat dan Ketentuan World Foundation

  • Pemberitahuan Privasi World Foundation

  • Kebijakan Cookie World Foundation

  • Formulir Persetujuan Data Biometrik World Foundation

  • Penafian Hibah Kolektif Manusia

  • Aviso de Privacidad de Worldcoin Foundation - Argentina

  • Foundation Data Processing Agreement

Foundation Data Processing Agreement

Effective October 08 2024
Foundation Data Processing Agreement
This Data Processing Addendum (“DPA”) shall amend and apply to all of your agreements (“Agreements”) with the Worldcoin Foundation (“Foundation”), and their affiliates and/or subsidiaries (collectively,“WF”) to the extent that you process any personal data from a user of WF’s services (collectively, “User Data”).
1. Definitions
Words and expressions used in this DPA but not defined including, without limitation, “business,” “business purpose,” “consumer”, “controller,” “data subject,” “personal data,” “personal information,” “processing,” “processor,” “sell,” “sensitive data,” “service provider,” “sub-processor” and their respective derivative terms, shall have the meanings set forth in the privacy and data protection laws, regulations, and decisions applicable to a party to this DPA (“Applicable Data Protection Law”). “You” and or “Your” refers to the individual or business who has agreed to this DPA with WF.
2. Details of the Processing Operations
WF determines the purposes for and means by which User Data is being or will be processed by You, and the manner in which they are or will be processed by You. The nature and subject matter of the processing, including the processing operations carried out by you on behalf of WF, WF’s instructions to you, and the security measures and policies that you must comply with, are described in the relevant agreements and materials provided to you as part of your provision of services to WF.
3. Your Obligations
3.1 Accordingly, You agree that You will:
3.1.1 unless otherwise required by applicable law, process User Data only on WF’s behalf and in compliance with WF’s instructions (including relating to international data transfers), including instructions in this DPA and all Agreements between You and WF;
3.1.2 immediately inform WF if in You believe an instruction from WF infringes Applicable Data Protection Law;
3.1.3 implement appropriate technical and organizational security measures as provided for in Your Agreements with Wf prior to the commencement of the processing activities for User Data, maintain such security measures (or better security measures) for the duration of this DPA, and provide WF with reasonable evidence of Your privacy and security policies when requested;
3.1.4 take reasonable steps to ensure that (i) persons employed by You and (ii) other persons engaged at Your place of business who may process User Data are aware of and comply with this DPA;
3.1.5 comply with confidentiality obligations in respect of User Data as detailed in all Agreements and take appropriate steps to ensure that Your employees, authorized agents and any sub-processors comply with and acknowledge and respect the confidentiality of User Data, including after the end of their employment, contract or at the end of their assignment;
3.1.6 inform WF of:
3.1.6.1 any legally binding request for disclosure of User Data by a law enforcement authority, unless otherwise prohibited, such as in order to preserve the confidentiality of an investigation by the law enforcement authorities;
3.1.6.2 any personal data breach (or analogous concept) under Applicable Data Protection Law relating to User Data (“Security Incident”);
3.1.6.3 any relevant notice, inquiry or investigation by a supervisory authority relating to User Data; and
3.1.6.4 any requests from a data subject/consumer to exercise their data protection rights under Applicable Data Protection Law without responding to that request, unless WF has authorized a response or such a response is required by law;
3.1.7 provide WF with reasonable co-operation and assistance in respect of WF’s obligations regarding:
3.2.7.1 requests from data subjects/consumers in respect of the exercise of their data protection rights under Applicable Data Protection Law with respect to User Data;
3.2.7.2 the investigation of any Security Incident and the notification to the supervisory authority and data subjects in respect of such a Security Incident;
3.2.7.3 the preparation of data protection impact assessments and, where applicable, carrying out consultations with the supervisory authority, in each case where and to the extent required by Applicable Data Protection Law;
3.2.7.4 the security of User Data, including by implementing the technical and organizational security measures detailed in Your Agreements with WF;
3.1.9 upon reasonable request, make available to WF all information necessary to demonstrate compliance with the obligations in this DPA, including complying with the audit responsibilities set out below.
3.2 You and WF further agree that:
3.2.1 You are acting solely as a processor, service provider or in such other similar capacity as may be understood under Applicable Data Protection Law with respect to User Data;
3.2.2 You shall not retain, use or disclose User Data for any purpose other than for the specific purpose of performing the services specified in this DPA or any other Agreement between You and WF; and
3.3 You will, upon WF’s request (not to exceed one request per calendar year unless required by Applicable Data Protection Law), certify compliance with this DPA in writing. Upon request, you will also provide to WF each year an opinion or Service Organization Control report provided by an accredited, third-party audit firm under the Statement on Standards for Attestation Engagements (SSAE) No. 18 (“SSAE 18”) (Reporting on Controls at a Service Organization) or the International Standard on Assurance Engagements (ISAE) 3402 (“ISAE 3402”) (Assurance Reports on Controls at a Service Organization) standards applicable to the data processing services under the Agreements (each such report, a “Report”). If a Report does not provide, in WF’s reasonable judgment, sufficient information to confirm Your compliance with the terms of this DPA, then WF or an accredited third-party audit firm agreed to by both You and WF may audit Your compliance with the terms of this DPA.
3.4 If (i) User Data includes any personal data that is protected under the GDPR or Applicable Data Protection Law of Switzerland or the UK, (ii) You process such personal data outside of the EEA, Switzerland, or the UK; and (iii) such processing takes place in a country that is not subject to an adequacy determination by the European Commission, the UK or Swiss authorities (as applicable), then the standard contractual clauses annexed to the European Commission's Implementing Decision 2021/914 of 4 June 2021 (“SCCs”) are hereby incorporated by reference and form an integral part of this DPA.
4. Post-termination obligations
You and WF agree that on the termination of any of the data processing services, You and any sub-processors shall, upon request, subject to the limitations described in any relevant Agreements, return all User Data relating to such data processing services and copies of such data to You or securely destroy them and demonstrate to WF’s reasonable satisfaction that You have taken such measures, unless applicable law prevents it from returning or destroying all or part of the User Data.
5. Conflicts
In the event of any conflict between the terms of this DPA, the SCCs and any other terms between You and WF, including but not limited to the terms of any Agreements, the terms shall apply in the following order of precedence: (i) the SCCs, (ii) this DPA, and then (iii) any other terms of your Agreements between You and WF. This agreement is written in English and may be translated into other languages and made available by WF. The version in English will prevail over versions translated into other languages, which are for mere reference.