Training Business Pros
Site Hosting Terms and Policies

DATA PROCESSING and HOSTING AGREEMENT
This Data Processing Agreement (this “DPA”) is entered between Training Business Pros (“we”) and Customer (“Customer”, “you”), together referred to as “The Parties”. This agreement (“DPA”) is part of the Terms of Service, Privacy Policy and other relevant policies available here. Customer agreeing to these terms enters in this DPA on their own behalf to the extent required under applicable Data Protection Regulations and Laws and to the extent Training Business Pros processes Customer Data as instructed by the Controller (as defined in the Section 1).
In the course of providing the Services to the Customer Training Business Pros may Process Customer Data on behalf of the Customer. The Parties agree to comply with the following provisions with respect to any Customer Data, each acting reasonably and in good faith.

1. Definitions.
Unless otherwise defined in this DPA, all capitalized terms have the meanings outlined below:
“Agreement” means the Terms of Service and other relevant policies announced on our website, together with your Order for the purchase of Services and the Order confirmation sent by Training Business Pros.
“Order” means any Customer’s order for purchase of the respective services.
“Site” means the Training Business Pros website and all services we offer through our website.
“Services” means any hosting services we offer and the Customer has purchased that could involve processing of Personal Data by Training Business Pros.
“Partner” means any entity that directly or indirectly controls, is controlled by, or is under common control with the Training Business Pros subject entity. “Control,” for the purpose of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.
“Additional Products” means any features, products, software, programs, addons, plugins, scripts, tools or any other third-party software or content that are not part of the Services but that may be accessible via the Training Business Pros User Area or the Control Panel, installed by the Customer or otherwise for the usage of the Services.
“CASL” means Canada’s anti-spam legislation which protects consumers and businesses from the misuse of digital technology, including spam and other electronic threats.

“GDPR” means the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of customer data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

“Controller” means the natural person or the legal entity which, alone or jointly with others, determines the purposes and means of the processing of customer data;
“Customer Data” means any “Personal Data” that is provided to Training Business Pros by, or on behalf of the Customer through their use of the Services and that is stored in the Customer’s account (for avoidance of doubt Personal Data part of the Customer’s order for purchase of the respective service shall not be treated as Customer Data). Customer Data may include, but is not limited to, customer data within the meaning set in the GDPR.
“Personal Data” has the meaning as given in the Personal Information Protection and Electronic Documents Act (PIPEDA) of Canada.
“Data Protection Regulations and Laws” means all regulations and laws, including laws and regulations of PIPEDA and GDPR applicable to the Processing of Customer Data under this DPA.
“Data Subject” means the identified or identifiable person to whom the Customer Data relates.
“Effective date” means, as applicable:
6th September, 2019, if the Customer has executed Order(s) and accepted the Agreements or the Parties have otherwise agreed to this DPA in respect of the applicable Agreement prior to or on such date; or
the date on which the Customer clicked to accept the Agreement or the Parties otherwise agreed to this DPA in respect of the applicable Agreement, if such date is after 6th September 2019.

“Processing” has the meaning:
“Processor” means the entity which processes Customer Data on behalf of the Controller.
“Training Business Pros” means the Training Business Pros entity which is a party to this DPA, as specified in the section, a company registered in Toronto, Ontario at 25 Lesmill Road Unit D. Toronto, Ontario Canada M3B 2T3
“Training Business Pros” means Training Business Pros and its related parties engaged in the Processing of Customer Data:
Training Business Pros is the operating name for Pilgrim Productions Incorporated
Pilgrim Productions Incorporated is a registered company in Ontario Canada.
“Standard Contractual Clauses” or “SCCs” means the standard data protection clauses for the transfer of Customer Data,
“Sub-processor” means any Processor engaged by Training Business Pros or Pilgrim Productions Incorporated
“Supervisory Authority” means an independent public authority, which is established in Ontario  within Canada.
“Term” means the period from the Effective Date until the end of Training Business Pros’s provisioning of the Services under the applicable Agreement, including, if applicable, any period during which  the Services may have been suspended and any post-termination period (namely 60 calendar days) during which Training Business Pros may continue providing Services for transitional purposes.
“Data Protection Losses” means all liabilities, including:
costs (including legal costs);
claims, demands, actions, settlements, charges, procedures, expenses, losses and damages (whether material or non-material, and including for emotional distress);
to the extent permitted by Applicable Law:
administrative fines, penalties, sanctions, liabilities or other remedies imposed by a Data Protection Supervisory Authority or any other relevant Regulatory Authority;
compensation to a Data Subject ordered by a Data Protection Supervisory Authority;
the reasonable costs of compliance with investigations by a Data Protection Supervisory Authority or any other relevant Regulatory Authority; and
the costs of loading Customer Data and replacement of Customer materials and equipment, to the extent that the same are lost or damaged, and any loss or corruption of Customer Data including the cost of rectification or restoration of Customer Data;

“Notification Email Address” means the email address specified by the Customer in the My Detail section in the User Area to receive certain notifications from Training Business Pros.
2. Data Processing.
2.1. Scope
This DPA applies where and only to the extent that Training Business Pros processes Personal Data on behalf of the Customer in the course of providing the Services and such Personal Data is subject to the laws of Ontario, Canada.
If the Customer agreeing to this DPA is already a Customer, this DPA forms part of the Agreement, Privacy Policy and other relevant policies and documents announced on our website. In such case, the Training Business Pros entity shall be considered as a party to this DPA.
This DPA is effective only for the Customer account it was agreed for. If the Customer owns multiple accounts, a DPA will be contracted for each individual account separately.
This DPA shall be valid and legally binding only for the physical/legal entity stated in the account in the User Area and only for the Services purchased directly from Training Business Pros within the respective account.
If the Customer entity agreeing to this DPA is neither a party to an Order nor the Agreement, this DPA is not valid and is not legally binding. Such entity should request that the Customer entity who is a party to the Agreement executes this DPA.
This DPA including its appendixes except the clauses in the Privacy Policy will be effective and replace any terms previously applicable to privacy, data processing and/or data security.
2.2. Compliance with Laws.
If CASLlaws apply to this DPA, each party will comply with  the obligations applicable to it under the CANSPAM Legislation with respect to the processing of that Customer Data.
2.3. Subject Matter and Details of the Data Processing
2.3.1 Subject Matter. Training Business Pros will process Customer Data as necessary for the provisioning of the Services, related technical support and other inquiries pursuant to the Agreement and as further instructed by Customer in its use of the Services.
2.3.2. Duration of processing. Subject to Section 11, the duration of data processing shall be the Term designated under the Order and the applicable Agreement.
2.3.3. Nature and Purpose of the Processing. Training Business Pros will process Customer Data for the purposes of providing the Services and related technical support to the Customer in accordance with the Agreement, this DPA and other relevant policies.
2.3.4. Categories of Data Subjects. Customer may submit Customer Data in the course of its use of the Services, the extent of which is determined and controlled by Customer in its sole discretion, and which may include, but is not limited to Personal Data relating to the following categories of data subjects:
Prospects, customers, business partners and vendors of the Customer (who are natural persons and legal entities);
Employees or contact persons of the Customer’s prospects, customers, business partners and vendors;
Employees, agents, advisors, freelancers of the Customer (who are natural persons);
Customer’s Users authorized by the Customer to use the Services;
Individuals who transmit data via the Services, including individuals collaborating and communicating with the Customer or Customer’s end users;
Individuals whose data is provided to Training Business Pros via the Services by or at the direction of the Customer or by the Customer’s end users.
2.3.5. Categories of Personal Data. Customer may submit Customer Data in the course of its use of the Services, the extent of which is determined and controlled by Customer in its sole discretion, and which may include, but is not limited to Personal Data relating to the following categories of Personal Data:
Name
Address
Email address
Any personal data relating to individuals
2.4. Roles of the Parties
The parties acknowledge and agree that:
Training Business Pros is a processor of the Customer Data under the laws of Ontario, Canada.
Customer is a controller or processor, as applicable, of the CASL egislation; and has obtained all consents and rights necessary under Data Protection Laws for Training Business Pros to process Customer Data and provide the Services pursuant to the Agreement and this DPA.
2.5. Instructions for Data Processing.
Training Business Pros shall process Customer Data in accordance with this DPA, which is the Customer’s complete and final instructions to Training Business Pros in relation to processing of Customer Data. Processing outside the scope of this DPA (if any) shall require prior written agreement between Training Business Pros and Customer on additional instructions for processing. By entering into this DPA, Customer instructs Training Business Pros to process Customer data only in accordance with applicable law:
to provide the Services and related technical and other support;
as initiated by the Customer and end users in their usage of the Services;
as specified in the Agreement, Terms of Service, Privacy Policy and other relevant policies governing the provision of the Services and related technical and other support.
2.6. Access or Use.
Training Business Pros shall not access or use Customer Data, except as necessary to provide the Services and related technical support to the Customer in accordance with the DPA, the Agreement and other relevant policies.
2.6.1. Customer’s Processing. The Customer shall, in their use of the Services, Process their Data in accordance with the requirements of Data Protection Laws and Regulations applicable to it. The Customer shall have sole responsibility for the accuracy, quality, and legality of their Data and the means by which the Customer acquired this Data.
2.6.2. Training Business Pros’s Processing of Customer Data. Training Business Pros shall only Process Customer Data on behalf of and in accordance with the Customer’s documented instructions for the following purposes:
Processing to provide the Services and related technical support in accordance with this DPA and applicable Order(s);
Processing initiated by Users in their usage of the Services;
Processing necessary to maintain and improve the Services.

2.6.3. Training Business Pros’s Compliance with Instructions. As from the Effective Date Training Business Pros shall comply with the described instructions above in the Section Customer’s Instructions, including with regard to data transfers, unless Canadian law to which Training Business Pros is subject requires other processing of Customer Data by Training Business Pros, in which case Training Business Pros shall inform the Customer (unless that law prohibits Training Business Pros from doing so on important grounds of public interest) via the Site or the Notification Email Address.
Customer Data may be accessed and processed by Training Business Pros, Authorized Users and Sub-processors to fulfill the obligations under this DPA and the respective Agreement or to provide certain services on behalf of Training Business Pros. Such processing will comply with the measures outlined in Sections 3, Section 7 and Annex 2 Security Measures.
2.7. Rights of the Data Subjects.
2.7.1. Access, Rectification, Restricted Processing, Portability. During the applicable Term, Training Business Pros shall, in a manner consistent with the functionality of the Services, enable Customer to access, rectify and restrict processing of Customer Data, including via deletion of all or some of the Customer Data under their account or deletion of the whole account as described in Section 2.6. (Return and Deletion of customer data), and via export of Customer Data.
2.7.2.   Data Subject Requests.
2.7.2.1. Customer’s Responsibility for Requests. If during the applicable Term, Training Business Pros receives a request from a Data Subject to exercise the Data Subject’s right of access, right to rectification, restriction of Processing, erasure (“right to be forgotten”), data portability, objection to the Processing, or its right not to be subject to an automated individual decision making (“Data Subject Request”), Training Business Pros shall advise the Data Subject to submit his/her request to the Customer, and the Customer shall be responsible for responding to any such request including, where necessary, by using the functionality of the Services. Training Business Pros shall, to the extent legally permitted, take commercially reasonable steps to notify the Customer about such requests.
2.7.2.2. Training Business Pros Data Subject Request Assistance. Taking into account the nature of the Processing, Customer agrees that Training Business Pros shall provide appropriate technical and organizational assistance, insofar as this is possible, for the fulfillment of Customer’s obligation to respond to requests by Data Subjects, including if applicable Customer’s obligation to respond to requests for exercising the data subject’s rights laid down in either CASL or GDPR regulations, by:
providing documentation resources in the form of tutorials and knowledge base articles, functionality and/or controls in the Control Panel that Customer may elect to use to properly configure the Services and use the Services in secure manner.
providing features, functionalities and/or controls in the Control Panel that Customer may elect to use to retrieve, correct or delete the Customer Data from the Services.
complying with the commitments set out in this DPA.
To the extent Customer, in their use of the Services, does not have the ability to address a Data Subject Request, Training Business Pros shall upon Customer’s request provide commercially reasonable efforts to assist Customer in responding to such Data Subject Request, to the extent Training Business Pros is legally permitted to do so and the response to such Data Subject Request is required under Data Protection Laws and Regulations. To the extent legally permitted, Customer shall be responsible for any costs arising from Training Business Pros’s provisioning of such assistance.

The Customer shall cover Training Business Pros’s reasonable costs of providing assistance in section 2.7.2.2.
2.8. Return and Deletion of customer data.
Training Business Pros shall enable Customer to delete Customer Data during the applicable Term in a manner consistent with the functionality of the Services and the features as per the respective Order. If the Customer uses the Services to retrieve or delete Customer Data and the Customer Data cannot be recovered, this shall constitute an instruction to Training Business Pros to delete the relevant Customer Data archived on backup systems in accordance with applicable law and within a maximum period of 60 calendar days.
Deactivation of the Services or expiry of the applicable Term shall constitute an instruction to Training Business Pros to delete the Customer Data and the relevant Customer Data archived on backup systems within a maximum period of 60 calendar days.
Nothing in this Section 2.8 varies or modifies any obligation of Training Business Pros to retain some or all Customer Data as necessary to comply with the law or a valid and binding order of a law enforcement agency (such as a subpoena or a court order).
2.9. Disclosure.
Training Business Pros shall not disclose Customer Data to any government, law enforcement agencies and other authorities, except as necessary to comply with the law or a valid and binding order of a law enforcement agency (such as a subpoena or a court order).
2.10. Training Business Pros’s Personnel.
Training Business Pros restricts its personnel from processing Customer Data without authorisation by Training Business Pros. Access to Customer Data is limited to those personnel performing a role and responsibilities in accordance with the Agreement.
Training Business Pros imposes appropriate contractual obligations upon its personnel, including relevant obligations regarding confidentiality, data protection and data security. Training Business Pros ensures that these confidentiality obligations survive the termination of the personnel engagement.
2.11. Data Protection Officer.
Member/s of the Training Business Pros Group have appointed a Data Protection Officer for the purposes of this DPA and Privacy Policy, who be reached at [email protected] Business Pros.com.
3. Sub-processors.
3.1. Consent to Sub-processor Engagement/Appointment of Sub-processors
The Customer acknowledges and agrees that:
Training Business Pros Partners may be retained as Sub-processors; and
Training Business Pros and Training Business Pros Partners respectively may engage Sub-processors in connection with the provisioning of the Services. Training Business Pros has entered into a written agreement with each Sub-processor containing data protection obligations not less protective than those in this DPA with respect to the protection of Customer Data to the extent applicable to the nature of the Services provided by such Sub-processors. If Customer has entered into Standard Contractual Clauses (Appendix 1) as described in Section 5 (Transfers of Data Out of the EEA), the above authorizations shall constitute Customer’s prior written consent to the subcontracting by Training Business Pros of the processing of Customer Data if such consent is required under the Standard Contractual Clauses.
3.2. Information about sub-processors/ Notification of new Sub-processors.
3.2.1. Sub-processors. Training Business Pros will share information about you with Sub-processors such as the Training Business Proscompanies who are engaged with provisioning of Services subject to your Agreement and who are based within the territory of the Canada and United States, Sub-processor/processors who are engaged with provisioning Services subject to your Agreement and who are based within the territory of Canada and United States, Data Center service providers who are based within the United States. These Sub-processors shall process the provided data under instructions of Training Business Pros and in compliance with our Privacy Policy and this DPA. We do not authorize Sub-processors to retain, share, store or use your personally identifiable information for any secondary purposes.
3.2.2. Notification. When a new Third Party Sub-processor is engaged to process any Customer Data in connection with the provisioning of the applicable Services during the applicable Term of this DPA, Training Business Pros shall inform the Customer of this engagement, including the category and location of the relevant sub-processor and the activities it shall perform, at least 10 calendar days before authorizing the new Third Party Sub-processor either by sending an email to the Notification Email Address or via the User Area.
3.3. Requirements for Sub-processor Engagement.
When engaging any Sub-processor, Training Business Pros shall:
ensure via a written contract that:
the Sub-processor only accesses and uses Customer Data to the extent required to perform the obligations subcontracted to it, and does so in accordance with the applicable Agreement (including this Data Processing Amendment) and any Standard Contractual Clauses entered into or Alternative Transfer Solution adopted by Training Business Pros as described in Section 5 (Transfers of Data Out of the EEA); and
if the GDPR applies to the processing of Customer customer data, the data protection obligations set out in Article 28(3) of the GDPR, as described in this Data Processing Amendment, are imposed on the Sub-processor; and
remain fully liable for all obligations subcontracted to it, and all acts and omissions of, the Sub-processor.
3.4. Objection Right for New sub-processors.
3.4.1. Customer may object to any new Third Party Sub-processor by terminating the applicable Agreement immediately upon written notice to Training Business Pros, on condition that Customer provides such notice within 10 calendar days of being informed of the engagement of the sub-processor. This termination right is Customer’s sole and exclusive remedy if Customer objects to any new Third Party Sub-processor.
3.4.2. Training Business Pros shall refund Customer any prepaid fees covering the remainder of the term of such Order(s) following the effective date of termination with respect to such terminated Services, without imposing a penalty for such termination on the Customer.
4. Impact Assessments, Consultations. Storage.
4.1. Impact Assessments and Consultations.
Upon Customer’s request, Training Business Pros shall provide the Customer with reasonable cooperation and assistance needed to fulfil the Customer’s obligation under the CASL regulations to carry out a data protection impact assessment related to the Customer’s use of Services, to the extent the Customer does not otherwise have access to the relevant information, and to the extent that such information is available to Training Business Pros. Training Business Pros shall provide reasonable assistance to the Customer in the cooperation or prior consultation with the Supervisory Authority in the performance of its tasks relating to this DPA, to the extent required under CASL and GDPR.
5. Transfers Out of the EEA.
5.1. Data Center and storage
Training Business Pros stores and process Customer Data in Data Centers located inside and outside Canada. Information about our Data Center can be requested by Training Business Pros. Our data centers located in Atlanta Georgia, Montreal Quebec, and London, United Kingdom.  All back-ups are off-site on Amazon AWS. Training Business Pros reserves the right to update it from time to time.
The Customer may specify the Data center location where their Customer Data will be stored. The Customer agrees that Training Business Pros may change the locations of the Data Centers and move Customer Data to another Data Center. Training Business Pros shall inform the Customer at least 10 calendar days before moving Customer Data to a new Data Center either by sending an email to the Notification Email Address or via the User Area. If the change of the Data Center results in storing the Customer Data under a different jurisdiction, the Customer may object to such change by terminating the Agreement immediately and upon written notice to Training Business Pros, on condition that the Customer provides such notice within 10 calendar days of being informed of the change of the Data Center.
The Customer can move their account and Customer Data to another Data Center location at any time, provided that the functionality of the Services allows it and in exchange of additional fees. Once the Customer has made their choice and specified a Data Center location within the European Union, Training Business Pros will not store Customer Data outside the borders of European Union except as necessary to comply with the law or a valid and binding order of a law enforcement agency (such as a subpoena or a court order).
5.2. Processing Locations
To the extend the Customer has specified a Data Center outside the European Economic Area and to the extend Training Business Pros provides the Services and related technical and other support, the Customer agrees that Training Business Pros may, subject to Section 5, access and process Customer Data in EEA, United States and any other countries where Training Business Pros and/or its Partners and Sub-processors have Data Centers, facilities or maintain data processing operations. If the  storage and/or processing of Customer Data involves processing of Customer Data outside of the EEA, and the European Data Protection Legislation applies, the Customer agrees that Training Business Pros reasonably requires the Customer to enter into Model Contract Clauses in respect to such transfers in accordance with Section 5.2 and Appendix 1 and the Customer agrees to do so..
5.3. Transfer Mechanism
To the extent Training Business Pros processes or transfers (directly or via onward transfer) Customer Data under this DPA from Canada to countries which do not ensure an adequate level of data protection within the meaning of applicable Data Protection Laws of the foregoing territories, the parties agree that:
The Standard Contractual Clauses (Appendix 1) will apply to Customer Data that is transferred.
Training Business Pros shall be deemed to provide appropriate safeguards to protect Customer Data by virtue of making available Standard Contractual Clauses (Appendix 1) as a transfer mechanism.
The Customer hereby authorises any transfer or access to Customer Data from such destinations outside the European Economic Area subject to any of the measures above;
6. Processing records.
The Customer acknowledges that Training Business Pros is required under the PIPEDA regulation to:
collect and maintain records of certain information, including the name and contact details of each processor and/or controller on behalf of which Training Business Pros is acting and, where applicable, of such processor’s or controller’s local representative and data protection officer; and
make such information available to the supervisory authorities. Accordingly, if the CAS: applies to the processing of Customer data, the Customer shall, where requested, provide such information to Training Business Pros via the Site or other means provided by Training Business Pros, and shall use the Site or such other means to ensure that all provided information is kept accurate and up-to-date.
7.  Security Responsibilities of Training Business Pros.
7.1. Security Measures.
Training Business Pros shall implement and maintain technical and organizational measures to protect Customer Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access as described in Appendix 2 (the “Security Measures”). As described in Appendix 2, the Security Measures include measures to provide encrypted transmission of customer data outside the Service environment; to help ensure ongoing confidentiality, integrity, availability and resilience of Training Business Pros’s systems and services; to help restore timely access to Customer Data from an available backup copy, provided either by Training Business Pros Backup Services or Customer’s own backup copy following an incident; and for regular testing of effectiveness. Training Business Pros may update or modify the Security Measures from time to time provided that such updates and modifications do not result in the degradation of the overall security of the Services.
7.2. Customer’s Security Responsibilities and Assessment.
The Customer agrees that, without prejudice to Training Business Pros’s obligations under Section 7. (Security Responsibilities of Training Business Pros) and other relevant Sections in this DPA:
The Customer is solely responsible for their use of the Services, including:
making appropriate use of the Services to ensure a level of security suitable to the risk in respect of the Customer Data;
securing the account authentication credentials, systems, and devices the Customer uses to access the Services;
ensuring that all programs, scripts, addons, plugins and other software installed on the account are secure and their utilization does not impose any security risk in respect to the Customer Data and the account itself;
securing all installed programs, scripts, addons, plugins and other software, their configuration and their regular maintenance;
any content of the account;
any actions and activity on the account; and
backing up their Customer Data; and
Training Business Pros has no obligation to protect Customer Data that the Customer chooses to store or transfer outside of Training Business Pros’s and its Sub – processors’ systems (for example, offline or on-premise storage), or to protect Customer Data by implementing or maintaining Additional Security Controls except to the extent the Customer has opted to use them.
The Customer is solely responsible for reviewing the documentation and evaluating whether the Services, the Security Measures, Training Business Pros’s commitments under this Section and the following meet the Customer’s needs, including any security obligations of the Customer under the European Data Protection Legislation and/or Non-European Data Protection Legislation, as applicable.
The Customer acknowledges and agrees that (taking into account the costs of implementation and the nature, scope, context and purpose of processing of Customer data as well as the risks to individuals) the Security Measures implemented and maintained by Training Business Pros as set out in Section 7.1. provide the needed level of security appropriate to the risk in respect to the Customer Data.
It is the Customer’s responsibility to backup Customer Data and all data and consent stored within the account in order to prevent potential data loss.
Training Business Pros Backup Services are provided “as-is” and are subject to all limitations of liability set out in the applicable Agreement.
Even if the Customer purchases Backup Services, they  agree that they will maintain their own set of backups independent of those that Training Business Pros maintains and that Training Business Pros’s only obligation is to restore the account space to its operating condition. In the event of an incident, hardware or software failure or any incidental data corruption or loss, Training Business Pros may provide assistance but it is the Customer’s sole obligation to restore the Customer Data.
In the event of partial or full data loss or corruption and in case that the Customer is not satisfied with the outcome of the restore by the Training Business Pros Backup Services or Training Business Pros’s backup copy is not recent or suitable for restore, it shall be the Customer’s obligation to restore Customer Data, their files and any data within the account from Customer’s own backup.
8. Review and Audits of compliance.
The Customer has the right to ask Training Business Pros’s compliance policy with its obligations under this DPA by making a specific request to Training Business Pros in a written form to the address set in the respective Terms of Service.
Training Business Pros shall further provide written responses to all reasonable requests by the Customer and may charge a fee for any review or audit. Training Business Pros will provide details of any applicable fee in advance of any such audit and the Customer will be responsible for any fees charged by any auditor and any fees associated with executing an audit. The reports of any such audit will be made available to Training Business Pros without restrictions of the purposes for its further usage by Training Business Pros.
Training Business Pros may object and decline in writing to the Customer or an auditor appointed by the Customer to conduct any audit if the Customer or the auditor is, in Training Business Pros’s reasonable opinion, not suitably qualified or independent, a competitor of Training Business Pros, or otherwise manifestly unsuitable.
If Training Business Pros declines to follow any instructions requested by the Customer or an auditor regarding a properly requested and scoped audit or inspection, the Customer is entitled to terminate this DPA and the Terms of Service.

Nothing in this Section 8 (Review and Audits of Compliance) varies or modifies any rights or obligations of Customer or Training Business Pros under any Model Contract Clauses entered into as described in Sections 5 (Transfers of Data Out of EEA).
9. Security Breach Notification.
9.1. Training Business Pros maintains security incident management policies and procedures and shall notify the Customer without undue delay after becoming aware of the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Data, including Customer data transmitted, stored or otherwise Processed by Training Business Pros or its Sub-processors of which Training Business Pros becomes aware (a “Customer Data Incident”). Training Business Pros shall make reasonable efforts to identify the cause of such Customer Data Incident and take the steps as Training Business Pros deems necessary and reasonable in order to remediate the cause of such a Customer Data Incident to the extent the remediation is within Training Business Pros’s reasonable control. The obligations herein shall not apply to incidents that are caused by the Customer, Customer’s usage of the Services, Customer’s actions or activities or Customer’s Users.
9.2. Notifications made pursuant to this section shall describe, to the extent possible, details of the Data Incident, including steps taken to mitigate the potential risks and steps Training Business Pros recommends the Customer takes to address the Data Incident.
9.3. Notification(s) of any Data Incident(s) shall be delivered to the Notification Email Address or, at Training Business Pros’s discretion, by direct communication (for example, by phone call). The Customer is solely responsible for ensuring that the Notification Email Address and contact information is current and valid.
9.4. Training Business Pros shall not assess the contents of Customer Data in order to identify information subject to any specific legal requirements. Customer is solely responsible for complying with incident notification laws applicable to the Customer and fulfilling any third party notification obligations related to any Data Incident(s).
9.5. Training Business Pros’s notification of or response to a Data Incident under this Section 10 shall not be construed as an acknowledgement by Training Business Pros of any fault or liability with respect to the Data Incident.
10. Liability and indemnity.
10.1. The Customer shall indemnify and keep indemnified Training Business Pros with respect to all data protection breaches and losses suffered or incurred by, arising from or in connection with:
any non-compliance by the Customer with data protection laws and regulations;
any breach by the Customer of its data protection obligations under this Agreement;

10.2. Training Business Pros shall be liable for data protection breaches and losses caused by processing of Customer Data only to the extent directly resulting from Training Business Pros’s failure to comply with its obligations as Data Processor under Data Protections laws and Regulations.
11. Termination
This DPA will take effect from the Effective Date until the end of Training Business Pros