Data processing addendum

The following data processing addendum (the “Agreement”) govern the use of the TinyPNG and TinyJPG websites and all content and services available at or through the websites (collectively, the “Service”). This Agreement is supplemental to any other separate agreement entered into and introduces further contractual provisions.

This Agreement is concluded between

Tinify B.V.

hereafter referred to as the (“Processor”) and

You

hereafter referred to as a (“Controller”).

If Controller enters into this Agreement on behalf of another juridical entity, Controller represent and warrants to have authority to bind such entity to this Agreement. Controller may be acting as a data processor for another entity. The Service is owned and operated by Processor and offered subject to your acceptance without modification of the Agreement.

Object of this Agreement

In the course of providing the Services to the Controller, the Processor may process personal data on behalf of the Controller. The Processor shall process personal data it receives from the Controller solely for purposes stemming from usage of Service and for no other purpose except with the express written consent of the Controller.

As the performance of this Agreement implies the processing of personal data, both Processor and Controller shall comply with the applicable data protection legislation and regulations including GDPR. Controller shall have sole responsibility for the accuracy, quality, and legality of personal data and the means by which Controller acquired personal data.

Data protection

Both Controller and Subscriber shall ensure that the personal data are adequately protected as set forth in Article 49 of the GDPR. In particular the Processor collects and transfers personal data subject to this Agreement by the Controller to fulfil a compelling legitimate interest of the Processor in a manner that does not outweigh Controller’s nor end users rights and freedoms.

In order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer of personal data outside the EU, Processor warrants to process the personal data only on behalf of the Controller in compliance with its instructions. If it cannot provide compliance, the Controller is entitled to suspend the transfer of data and/or terminate this Agreement.

Sub-processors

The Processor may engage sub-processors compliant with data protection legislation and regulations including GDPR (general consent). Where the Processor engages another sub-processor for carrying out specific processing activities on behalf of the Controller, the same data protection obligations as set out in this Agreement shall be imposed on that sub-processor by way of a contract or other legal act under applicable data protection legislation and regulations.

Data Transfers

Controller authorises Processor to transfer personal data away from the country in which such data was originally collected. In particular, Processor authorises Controller to transfer personal data to the US. Controller will transfer personal data outside the EU using the EU-U.S. Privacy Shield Framework or any lawful data transfer mechanism that is recognised under GDPR as providing an adequate level of protection for such data transfers.

Confidentiality

Both Processor or Controller acknowledge that during this Agreement, a party may become privy to Confidential information which is disclosed by the other party. The receiving party shall keep all confidential information confidential, in particular the receiving party shall not disclose any confidential information to any third party and shall not use these information for purposes not resulting from this Agreement. Any violation of this section by either of the Processor or Controller shall be deemed a material breach of this Agreement.

Liability

Any data subject, who has suffered damage as a result of any breach of the obligations is entitled to receive compensation from the Controller for the damage suffered. Neither Processor or Controller shall be liable for any indirect or consequential damages, such as (but not limited to) loss of revenue, loss of profit, loss of opportunity, loss of goodwill and third-party claims.

Terminiation

This Agreement shall apply to all personal data disclosed to the Processor or otherwise obtained from the Controller from the date of this Agreement until the expiry of the subscription of the Service.

Applicable law and jurisdiction

Except to the extent applicable law, if any, provides otherwise this Agreement, any access to or use of the Software will be governed by the laws of the state of the Netherlands, excluding its conflict of law provisions, and the proper venue for any disputes arising out of or relating to any of the same will be the courts located in The Hague, the Netherlands. If any part of this Agreement is held invalid or unenforceable, that part will be construed to reflect the parties’ original intent, and the remaining portions will remain in full force and effect.

Controller is only acting as a Controller for the purpose of the transfer of personal data in following the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR).

Entire agreement

This Agreement constitutes the entire agreement between Processor and Controller concerning the subject matter hereof. By signing this document, you agree to become bound by the Agreement.

Try TinyPNG with a new browser

TinyPNG is created for modern browsers with HTML5 & CSS3 support. We have not tried it out in other browsers. The site may work, or it may not. If you see this message you may want to try a different browser!