Have questions about Kajabi's updated Data Protection Addendum (DPA)? We've put together a few Frequently Asked Questions to help!
Data Protection Addendum FAQs
Why has Kajabi updated the Data Protection Addendum (DPA)?
We have recently revised our Terms of Service Agreement and Data Protection Addendum (DPA) to include the newly updated Standard Contractual Clauses (SCCs) as published by the European Commission on June 4, 2021.
How does this change impact me as a customer?
The updates to the DPA are only applicable to customers who use Kajabi to process European Economic Area (EEA) data or within the jurisdictions outlined in the agreement.
What do I need to do?
For the customers that are subject to our DPA, no additional action is required. The updated DPA automatically becomes part of your agreement with us effective September 27, 2021.
When is the updated DPA effective?
The updated DPA will automatically be effective on September 27, 2021 for all Kajabi customers that have agreed to our Terms of Service Agreement. All new contracts made after September 27, 2021 must use the new SCCs. Existing contracts will automatically transition to the new SCCs starting December 22, 2022, where applicable.
Will there be any other changes to our DPA?
We have made changes to the DPA for the benefit of our global customers. To that effect, we work to consistently stay abreast of all domestic and global regulations relating to data protection and make updates as deemed necessary.
What changes do the EU's new SCCs contain?
The European Commission updated the SCCs to address additional structures of processing activities that exist in today's world, including the GDPR, and the Schrems II decision. These requirements apply additional transparency and notification controls.
Further, the new SCCs are modular. This enables them to be tailored to the specific type of transfer. The updated clauses have been expanded to include controller-to-controller, controller-to-processor, processor-to-processor, and processor-to-controller transfer, which as stated, align better to transfer paradigms in use globally today.
How are the SCCs applicable to me as a customer?
If you are using Kajabi to transfer personal data originating from the EEA, the UK, and/or Switzerland, then the SCCs are the valid transfer mechanisms to make these transfers.
If you are a customer with global membership, these updates allow for better alignment to your responsibilities of compliance under GDPR and other data protection regulations globally.