- The Customer owns the rights to its data as data controller, and the Company acts as data processor on the Customer’s behalf.
- As between Company and Customer, Company will process Personal Data under the Agreement only as a Processor acting on behalf of the Customer. Customer may act either as a Controller or as a Processor with respect to Personal Data.
- Customer will, in its use of the service, comply with its obligations under the EU General Data Protection Law, and any other relevant data protection regulation or law, in respect of its processing of Personal Data and any processing instructions it issues to Company.
- Customer represents that it has all rights and authorizations necessary from the Data Subjects for Company to process Personal Data pursuant to the Agreement.
- Upon notice in writing, Company may terminate the Agreement if Customer declines to comply with Data Protection Laws.
- Company will comply with its processor obligations under Data Protection Law and will process Personal Data in accordance with Customer’s instructions.
- Customer agrees that the Agreement is its complete and final instructions to Company in relation to the processing of Personal Data.
- Processing any Personal Data outside the scope of the Agreement will require prior written agreement between Company and Customer by way of written amendment to the Agreement and will include any additional fees that may be payable by Customer to Company for carrying out such instructions.
- The subject matter of the processing under the Agreement is the Personal Data.
- Company and/or its Sub-processors are providing Services or fulfilling contractual obligations to Customer as described in the Agreement. These Services may include the processing of Personal Data by Company and/or its Sub-processors on systems which may contain Personal Data.
- The data subjects of Customer may include Customer’s end users, employees, contractors, suppliers, and other third parties.
- Company sometimes engages Sub-processors to provide certain services on its behalf. Customer consents to Company engaging Sub-processors to process Personal Data under the Agreement. Company will be responsible for any acts, errors, or omissions of its Sub-processors that cause Company to breach any of Company’ obligations under this Agreement.
- Company will enter into an agreement with each Sub-processor that obligates the Sub-processor to protect the Personal Data in a manner substantially similar to the standards set forth in the Agreement (to the extent applicable to the services provided by the Sub-processor).
- Company will implement and maintain appropriate technical and organizational security measures to protect against Personal Data Breaches and to preserve the security and confidentiality of Personal Data processed by Company on behalf of Customer in the provision of the Services (“Security Measures”). The Security Measures are subject to technical progress and development. Company may update or modify the Security Measures from time to time provided that such updates and modifications do not result in the degradation of the overall security of the Services purchased by the Customer.
- Customer is responsible for using and configuring the Services in a manner which enables Customer to comply with Data Protection Laws, including implementing appropriate technical and organizational measures. Customer undertakes that it has not solicited the Personal Data of minors, under the age of thirteen (13), and indemnifies Company from any claims arising out of such solicitation.
- Company restricts its personnel from processing Personal Data without authorization (unless required to so by applicable law) and will ensure that any person authorized by Company to process Personal Data is subject to an obligation of confidentiality.
- Upon becoming aware of a Personal Data Breach, Company will notify Customer without undue delay and will provide information relating to the Personal Data Breach as reasonably requested by Customer. Company will use reasonable endeavors to assist Customer in mitigating, where possible, the adverse effects of any Personal Data Breach.
- Company audits its compliance against data protection and information security standards on a regular basis. Such audits are conducted by Company’ internal audit team or by third party auditors engaged by Company. The specific audits, and the data protection and information security certifications Company has achieved, will necessarily vary depending upon the nature of the Services in question.
- Through your use of the Services, the Customer consents and acknowledges that Company may also collect and retain data for the purpose of research and/or optimization of the Services, and that all such data shall be appropriately pseudonymized. The Company has commercially reasonable security measures and policies in place to protect all Personal Information and other data collected by it or on its behalf from and against unauthorized access, use and/or disclosure. The Company is and has been in compliance in all material respects with all laws relating to data loss, theft and breach of security notification obligations.