Data Processing Terms

Last Updated December 11, 2020

Where you are in the European Union or Switzerland, or to the extent that the GDPR (as defined below) applies, you acknowledge that your use of certain Quora products may involve sending Personal Data (as defined below) to Quora. To the extent that we process such data as your Processor (as defined below) these Data Processing Terms apply in addition to any applicable product terms (“Applicable Product Terms”). These Data Processing Terms will take precedence in the event of any conflict with the Applicable Product Terms.

Quora and you agree to the following:

1. Data Processing Terms

A. Quora will:

  1. only process Personal Data in accordance with the Applicable Product Terms;
  2. implement appropriate technical and organizational measures to protect the Personal Data;
  3. assist you by appropriate technical and organizational measures insofar as this is possible (taking into account the nature of the processing) to enable you to fulfill any obligations to respond to requests for the exercise of data subject rights by a data subject under GDPR;
  4. take commercially reasonable steps to ensure the reliability of any personnel engaged in the processing of Personal Data, and implement and maintain commercially reasonable technical and organizational measures, as described in Exhibit 1, Appendix 2 to these Data Processing Terms, to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to provide a level of security appropriate to that risk (including, as appropriate, the measures referred to in Article 32(1) of the GDPR);
  5. assist you in ensuring compliance with your obligations pursuant to Articles 32 to 36 of the GDPR, taking into account the nature of the processing and the information available to Quora;
  6. no later than termination of the relevant Applicable Product Terms, delete the Personal Data as soon as reasonably practicable and within a maximum period of 180 days unless EU or EU Member State law requires further storage, provided however that Quora may keep the Personal Data if necessary to provide other services set forth in other Applicable Product Terms;
  7. make available to you all information that is reasonably necessary to demonstrate Quora’s compliance with its legal obligations as a Data Processor under Article 28 of the GDPR; and
  8. once annually and during normal business hours, upon your written request, allow you, or a qualified, independent third party auditor appointed by you to conduct audits (including inspections) to verify Quora’s compliance with its obligations under these Data Processing Terms, subject to an executed confidentiality agreement. You will provide Quora with at least 30 days prior notice of its intention to audit Quora’s compliance and will be responsible for all costs associated with such audits. You and any relevant auditors will use commercially reasonable efforts to conduct audits in a manner that minimizes any impact or disruptions to Quora.

B. You agree that Quora may subcontract its data processing obligations under these Data Processing Terms to a subprocessor, but only by way of a written agreement with the sub-processor which imposes obligations on the sub-processor no less onerous than as are imposed on Quora under these Data Processing Terms. Where the sub-processor fails to fulfil such obligations, Quora will remain fully liable to you for the performance of that sub-processor’s obligations. You hereby authorize Quora to use those sub-processors engaged by Quora as of the effective date of these Data Processing Terms, and to engage any other Quora subsidiaries and affiliates as its sub-processor(s). Quora will notify you of any additional sub-processor(s) in advance. If you reasonably object to such additional sub-processor(s), you may inform Quora in writing of the reasons for your objections. If you object to such additional subprocessor(s), you should stop using the services under the Applicable Product Terms and providing data to Quora.

C. Quora will notify you without undue delay of the discovery by Quora of any actual or suspected Personal Data Breach involving the Personal Data. Such notice will include, at the time of notification or as soon as possible after notification, details of the nature of the breach and number of records affected, the category and approximate number of affected data subjects, anticipated consequences of the breach and any actual or proposed remedies for mitigating the possible adverse effects of the breach.

D. You instruct Quora (and its sub-processors) to process the Personal Data as necessary to provide the services to you and to carry out your requests, pursuant to the Applicable Product Terms. You consent to the processing and transfer of Personal Data outside of the European Economic Area (“EEA”), including in the United States, and instruct Quora and its sub-processors to transfer Personal Data outside the EEA provided it complies with this paragraph D. You and Quora hereby enter into the EU standard contractual clauses for processors (“SCCs”) attached hereto as Exhibit 1, with respect to the transfer of Personal Data by or to Quora and its sub-processors outside of the EEA. Prior to any transfers of Personal Data to sub-processors located outside the EEA (and not in another jurisdiction that has been determined by the European Commission to have adequate safeguards for Personal Data), Quora will incorporate the terms of the SCCs into its agreement with such sub-processor(s).

E. You and Quora acknowledge and agree that: (a) the duration of the processing will be the term of the Applicable Product Terms plus the length of time until deletion of the Personal Data by Quora in accordance with paragraph 1(A)(6) of these Data Processing Terms; (b) the Applicable Product Terms describe the subject matter of the Processing; (c) Appendix 1 of Exhibit 1, describes the nature and purpose of the processing, the type of personal data and categories of data subjects as required by Art. 28(3) of GDPR; (d) Quora is a processor and you are a controller of the Personal Data under the GDPR; and (e) we will both comply with the obligations applicable to us under the GDPR with respect to the processing of the Personal Data.

F. You and Quora acknowledge and agree that your click through acceptance of Applicable Product Terms (incorporating these Data Processing Terms) will constitute and be deemed the binding signature by you and Quora of these Data Processing Terms, Exhibit 1 of these Data Processing Terms and all Appendixes to Exhibit 1.

2. Definitions. For the purposes of these Data Processing Terms, the following terms have the meaning set out below:

A. “GDPR” means the General Data Protection Regulation (Regulation (EU) 2016/679).

B. “Controller”, “Processor”, “Data Subject”, “Member State,” “Personal Data”, “Personal Data Breach” and “Processing” will have the same meanings as in the GDPR and “Processed” and “Process” will be construed in accordance with the definition of “Processing”.