FastField Mobile Forms Addendum

Updated January 16, 2024.

This FastField Mobile Forms Addendum ("Addendum") supplements your Order Form and the Terms of Service and apply to your use of FastField Mobile only. In the event of a conflict between the terms of this Addendum or the Order Form or Terms of Service, the terms of this Addendum will control. Capitalized terms not otherwise defined in the Order Form or Terms of Service will have the meaning given to them in this Addendum.

1. Privacy

1.1. Privacy. Through your usage of FastField Mobile, you may submit content to FastField, Inc. (“FastField”), a Quickbase, Inc. affiliate, (including your personal data and the personal data of others) or third parties may submit content to you through the Services (your “Customer Data”). FastField’s Privacy Policy (https://www.fastfieldforms.com...), together with any data use policies, privacy statements and privacy notices (collectively, “privacy policies”), detail how we treat your Customer Data and personal data and we agree to adhere to those privacy policies. You in turn agree that FastField may use and share your Customer Data in accordance with our privacy policies.

1.2. European Union Obligations. If you are a customer who is operating as “data controller” as defined in the European General Data Protection Regulation (“GDPR”), additional terms apply. For specific terms regarding GDPR, please refer to section 14.

2. Security.

FastField will store and process your Customer Data in a manner consistent with industry security standards. We have implemented appropriate technical, organizational, and administrative systems, policies, and procedures designed to help ensure the security, integrity, and confidentiality of your Customer Data and to mitigate the risk of unauthorized access to or use of your Customer Data.

3. Your Customer Data

3.1. Remember to Backup. You are responsible for maintaining, protecting, and making backups of your Customer Data. To the extent permitted by applicable law, FastField will not be liable for any failure to store, or for loss or corruption of, your Customer Data.

3.2. You are the Controller of your Form Data. You are responsible for the definition and maintenance of your own Forms. By defining your forms, you control the content you are collecting. It is your responsibility to review the setup and configuration of your Forms and their respective Delivery, Workflow and Account settings so you safeguard any sensitive data you are collecting through our Services. For example, our Services allow you to distribute form results through email integrations. This is not intended to be used with Forms used to collect private or sensitive data. It is your responsibility to ensure that you protect the data you collect and to avoid using features that may distribute your data inadvertently to the wrong recipient or through less secure delivery channels.

4. European Union Policies and GDPR

Under the GDPR guidelines, the Customer is the controller of Customer Data collected through the Customer's forms and FastField is the processor of this data.

4.1. GDPR Terms for Customers in Europe

4.1.1. Effective Date and Definitions. These additional terms will apply to you where you are a customer of FastField and are operating as a "data controller" (as that term is defined in the GDPR) in your use of the Services.

4.1.2. Processing Instruction. By using our Services and agreeing to these Terms and the FastField privacy policies, you are providing us with instructions to process any personal data collected by you through our Services, on your behalf.

4.1.3. Customer Obligations. You shall ensure and hereby warrant and represent that you are entitled to submit and transfer personal data to FastField so that FastField may lawfully process and transfer the personal data in accordance with these Terms. You shall ensure that relevant data subjects have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection laws and have sole responsibility for the accuracy, quality and legality of personal data processed by FastField in the provision of the Services.

4.1.4. FastField Obligations. Where FastField is processing personal data on your behalf, it will:

4.1.4.1. only do so on your documented instructions and in accordance with applicable law, including with regard to transfers of personal data to a third country or an international organization, and the parties agree that these terms and the FastField privacy policies constitute such documented instructions;

4.1.4.2. ensure that all FastField personnel involved in the processing of personal data have committed themselves to confidentiality;

4.1.4.3. where applicable to you and where it is technically feasible, make available information necessary for you to demonstrate compliance with your obligations under Article 28 of the GDPR, where such information is held by FastField and is not otherwise available to you through your account and user areas or on FastField websites, provided that you provide FastField with at least 14 days’ written notice of such an information request;

4.1.4.4. promptly notify you of all requests received directly from a data subject in respect of that data subject's personal data submitted through the Services;

4.1.4.5. upon deletion by you, not retain personal data from within your account other than in order to comply with applicable laws and regulations and as may otherwise be kept in routine backup copies made for disaster recovery and business continuity purposes (which are also deleted no later than 9-12 months after data is deleted from an account); and

4.1.4.6. to the extent reasonably able, assist you as reasonably required (at your expense) where you wish to conduct a data protection impact assessment involving the Services.

4.1.5. FastField sub-processors. FastField uses 3rd party partners in facilitating certain elements of our Services ("sub-processors"). By agreeing to these Terms, you provide a general authorization to FastField to engage sub-processors, subject to compliance with the requirements set out here. If you wish to receive a list of sub-processors who handle personal data for FastField, please refer to https://www.fastfieldforms.com/subprocessors-and-services.html.

We will return a list of sub-processors currently used by our Service. We will also, add you to a list to be notified in the event we add an additional sub-processor in the future. If you object to a particular sub-processor, who we cannot disassociate from your Services, your sole remedy will be to terminate your subscription relating to the Services that cannot be reasonably provided without the objected-to new sub-processor. Such termination will be without a right of refund for any fees prepaid by you for the period following termination.

4.1.6. Liability. FastField will be liable for the acts and omissions of its sub-processors to the same extent FastField would be liable if performing the services of each of those sub-processors directly under these Terms, except as otherwise set forth in these Terms and FastField ensures that all sub-processors on the sub-processor list are bound by contractual terms that are in all material respects no less onerous than those contained in these Terms.

4.1.7. Security Incident. If FastField becomes aware of any unauthorized or unlawful access to your personal or form data, FastField will take reasonable steps to notify you within 72 hours of becoming aware of the Security Incident. FastField will also reasonably cooperate with you with respect to any investigations relating to a Security Incident with preparing any required notices, and provide any other information reasonably requested by you in relation to any Security Incident, where such information is not already available to you in your online Administration Account through updates provided by FastField.

4.1.8. International Transfer. To the extent applicable, FastField relies upon (i) FastField's Privacy Shield certification; (ii) standard contractual clauses, for data transfer to the United States to FastField. FastField also relies on standard contractual clauses for data transfers to other third parties based in countries outside the European Economic Area, the United States, or countries that do not have adequate levels of data protection as determined by the European Commission. To the extent applicable, you can enter into an additional Data Processing Agreement with FastField, which supplement the terms of this agreement. Where there is a conflict between the terms of a separate Data Processing Agreement with standard contractual clauses and these Terms, the terms of the Data Processing Agreement with standard contractual clauses will prevail.

4.1.9. Liability for Data Processing. The parties’ respective aggregate liability whether in contract, tort (including negligence), breach of statutory duty, or otherwise for any and all claims arising out of or in connection with this Section 14 shall be as set out in these terms, unless otherwise agreed in writing.