Data Processing Addendum

Similar documents
Data Processing Agreement

Data Processing Agreement

DocuSign Envelope ID: D3C1EE91-4BC9-4BA9-B2CF-C0DE318DB461

Appendix 1 Data Processing Agreement

FUJITSU Cloud Service K5: Data Protection Addendum

Purchasing Terms and Conditions

SUPPLIER DATA PROCESSING AGREEMENT

DATA PROCESSING AGREEMENT

DATA PROCESSING ADDENDUM

DATA PROCESSING ADDENDUM. 1.1 The User and When I Work, Inc. ("WIW") have entered into the Terms of Service, for the provision of the Service.

Telekom Austria Group Standard Data Processing Agreement

DATA PROCESSING AGREEMENT. (1) You or your organization or entity as The Data Controller ( The Client or The Data Controller ); and

DATA PROCESSING AGREEMENT. between [Customer] (the "Controller") and LINK Mobility (the "Processor")

BASECONE DATA PROCESSING AGREEMENT (BASECONE AS PROCESSOR)

Model Data Processing Agreement (GDPR)

Serco Limited Purchase Order Terms and Conditions (the "PO Terms")

LISTING AGREEMENT STANDARD TERMS AND CONDITIONS Date: March 1, 2016

Data Processing Addendum

DACS Website Licence Terms and Conditions November 2014

Terms of Business

THIS INDEPENDENT ENGINEER'S AGREEMENT (this Independent Engineer's Agreement) is made on [ ]

CONQUAS TRAINING CONSTRUCTION QUALITY ASSESSMENT SYSTEM TERMS & CONDITIONS

GAC GLOBAL HUB SERVICES HUB AGENCY STANDARD TERMS AND CONDITIONS. 1.1 In this Agreement, the following words shall have the following meanings:

AGREEMENT WHEREAS Product ). WHEREAS WHEREAS WHEREAS NOW, THEREFORE, Appointment & License End-users Reseller Obligations Sales Exhibit 1

ARTICLE 29 DATA PROTECTION WORKING PARTY

Conditions of Contract for Purchase of Goods and Services

CONDITIONS DELEGATED REPORTING EMIR CLIENT REPORTING SERVICE AGREEMENT

EU GDPR - DATA PROCESSING ADDENDUM INSTRUCTIONS FOR CDNETWORKS CUSTOMERS

DACS DIGITAL PLATFORM LICENCE TERMS AND CONDITIONS 2016

LICENSE AGREEMENT. For purposes of this Agreement, the following terms shall have the following meanings:

TERMS AND CONDITIONS. V6 (15 December 2017) 2017 Intercontinental Exchange, Inc. 1 of 6

Client Order Routing Agreement Standard Terms and Conditions

Company Policies CHEMIDOSE LIMITED. Chemical dosing specialists

Data Processing Addendum

OPICO LIMITED STANDARD TERMS AND CONDITIONS OF SALE

STANDARD TERMS AND CONDITIONS FOR SUPPLY OF GOODS AND SERVICES FROM PREMIER PRODUCE SCOTLAND LTD.

Sangoma Remote Monitoring Service (RMS)

THIS SUBSCRIPTION AGREEMENT ( AGREEMENT ) GOVERNS YOUR 30-DAY FREE TRIAL OF THE SERVICES.

THIS DELEGATED REPORTING SERVICE AGREEMENT (the Agreement )

ENT CREDIT UNION ELECTRONIC DEPOSIT AGREEMENT

EasyVote grants you the following rights provided that you comply with all terms and conditions of this Agreement:

TERMS AND CONDITIONS OF SALE

Introduction Agreement

Annex 1: Standard Contractual Clauses (processors)

SOUTHERN CALIFORNIA EDISON COMPANY ENERGY SERVICE PROVIDER SERVICE AGREEMENT

Interactive Brokers Hong Kong Agreement for Advisors Providing Services to Interactive Brokers Clients

AGREEMENT FOR ACCESS, WHICH MAY RESULT IN PERSONAL DATA PROCESSING

Data Processing Agreement. <<Health Service Provider>> The National Message Broker Service known as Healthlink

Content Provider Agreement

PUBLICATIONS SUBSCRIPTION AND ACCESS AGREEMENT TERMS & CONDITIONS FOR SUBSCRIBERS TO THE ELECTRONIC PUBLICATIONS

ONLINE TRADING AGREEMENT

Certified Partner Agreement. THIS AGREEMENT ( Agreement ) is made and entered into on, between the City of Sacramento ( City ) and BACKGROUND

COMMON TERMS AND CONDITIONS FOR CASH MANAGEMENT PRODUCTS & SERVICES

Working document 01/2014 on Draft Ad hoc contractual clauses EU data processor to non-eu sub-processor"

Presidion IBM SPSS Academic Licence Agreement

LFMI MEDIA SERVICES LIMITED T/A RUE POINT MEDIA

EU STANDARD CONTRACTUAL CLAUSES (PROCESSORS)

GRANT AGREEMENT ( Agreement ) Effective as at the last date of signing.

Data Licensing Agreement

MUTANT DESIGN LTD PROFESSIONAL LICENCE AND SUPPORT AGREEMENT

ADDENDUM TO STANDARD CONTRACT BETWEEN Community Coordinated Care for Children, Inc. (4C) AND (CONTRACTOR)

Terms and Conditions Belfius via SWIFT

AGREEMENT Agreement for the Provision of Serial Subscription Services. Made and executed this day of, 2013 by and between

END USER LICENSE AGREEMENT

Prufrex USA, Inc. TERMS AND CONDITIONS OF PURCHASE

INTRODUCING BROKER AGREEMENT

3T Software Labs EULA

MICROSTRATEGY CLICKWRAP SOFTWARE LICENSE IMPORTANT - READ CAREFULLY

STANDARD TERMS AND CONDITIONS FOR SUPPLY OF GOODS AND SERVICES. React Computer Partnership Ltd

OTTO Archive, LLC CONTENT LICENSE AGREEMENT

SERVICE PROVIDER MLS CONTENT ACCESS AND LICENSE AGREEMENT

Application Software License Agreement

SOFTWARE LICENCE. In this agreement the following expressions shall have the following meanings:

THE CHARTERED INSTITUTE OF MANAGEMENT ACCOUNTANTS. and. xxxxxxxxx RESEARCH AGREEMENT

END USER LICENSE AGREEMENT FOR FOUNDRY PRODUCTS VIA ATHERA

ILM Customer Handbook (for ILM Centres and Providers)

MARITEC-X MARINE AND MARITIME RESEARCH, INNOVATION, TECHNOLOGY CENTRE OF EXCELLENCE. Consortium Agreement

Date Reference 1 (14) 1 December 2015 TSA XXX-XXX

THE SCOTTISH ENVIRONMENT PROTECTION AGENCY CONSULTANCY TERMS AND CONDITIONS

PROFESSIONAL SERVICES AGREEMENT

AMBASSADOR AGREEMENT

OZO LIVE EVALUATION SOFTWARE LICENSE AGREEMENT

Trademark License Agreement

Terms and Conditions

MNG HEALTH Website Terms and Conditions

MUTANT DESIGN LTD ENTERPRISE LICENCE AND SUPPORT AGREEMENT

Effective Date means the date on which the Licensee first downloads and/or uses all or any part of the Software;

ICONS Terms of Use. Effective Date: March 1st, 2016

Airtime Purchase. INSP Airtime Purchase. Inventory Ownership. Submission of Short and Long Form Material. Terms & Conditions Definitions

ICE OTC PARTICIPANT AGREEMENT

GlobalSign Certificate Centre (GCC) Terms of Service Non US Version

FLEXE.COM TERMS OF SERVICE. (Last Revised: June 1, 2016)

PLEASE READ CAREFULLY BEFORE AGREEING TO THE TERMS AND CONDITIONS

RAYTHEON COMPANY ELECTRONIC DATA INTERCHANGE TRADING PARTNER AGREEMENT

Basis Account Terms of Service Agreement. Statista, Inc.

License Agreement. 1.4 Named User License A Named User License is a license for one (1) Named User to access the Software.

NON-TRANSFERABLE AND NON-EXCLUSIVE LICENSE AGREEMENT

North America Point-of-Sale Commission and Fare Agreement Part I Standard Terms and Conditions

DigiCert, Inc. Certificate Subscriber Agreement

Veterans Off The Streets Australia VOTSA Ltd Site Terms and Conditions

Transcription:

Data Processing Addendum This Data Processing Addendum ("DPA") forms an integral part of, and is subject to the Magisto Terms of Service, entered into by and between you, the customer ("Customer" or "Controller") and Magisto Ltd. and its Affiliates (as defined below) ("Magisto" and the "Terms"). Capitalized terms not otherwise defined herein shall have the meaning given to them in the Terms. Whereas, in connection with the performance of its obligations under the Terms, Magisto may Process Customer Personal Data (both as defined below) on behalf of the Customer; and Whereas, the parties wish to set forth the mutual obligations with respect to the processing of Customer Personal Data by Magisto; Now therefore, intending to be legally bound, the parties hereby agree as follows: 1. Definitions. In addition to capitalized terms defined elsewhere in this DPA, the following terms shall have the meanings set forth opposite each one of them: 1.1. "Affiliate" means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. "Control" for purposes of this definition means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity. 1.2. "Applicable Law" means EU Directive 95/46/EC, as transposed into domestic legislation of each Member State and as amended, replaced or superseded from time to time, including by Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) ("GDPR") and laws implementing or supplementing the GDPR. 1.3. "Customer Personal Data" means any Personal Data Processed by Magisto on behalf of Customer pursuant to or in connection with the Terms; 1.4. "Data Protection Laws" means Applicable Law and, to the extent applicable, the data protection or privacy laws of any other applicable country as agreed in writing between the Parties, including in the US and Israel. 1.5. "Sub Processor" means any person (excluding an employee of Magisto or any Magisto Affiliate) appointed by or on behalf of Magisto or any Magisto Affiliate to Process Personal Data on behalf of the Customer in connection with the Principal Terms; and 1.6. The terms "Controller", "Data Subject", "Member State", "Personal Data", "Personal Data Breach", "Processor", "Processing" and "Supervisory Authority" shall have the meanings ascribed to them in the GDPR. 2. Processing of Customer Personal Data. 2.1. Magisto shall Process Customer Personal Data at the Customer's instructions as specified in the Terms and/or this DPA, including without limitation, with regard to transfers of Customer Personal Data to a third country or international organization. Any other Processing shall only be permitted in the event that such Processing is required by Applicable Law to which Magisto is subject. In

such event, Magisto shall, unless prohibited by such Applicable Law, inform Customer of that requirement before engaging in such Processing. 2.2. Customer instructs Magisto (and authorizes Magisto to instruct each Sub Processor) to (i) Process Customer Personal Data for the provision of the services, as detailed in the Terms ("Services") and as otherwise set forth in the Terms and in this DPA; and (ii) transfer Customer Personal Data to any country or territory as reasonably necessary for the provision of the Services and in accordance with Applicable Law. 2.3. Customer sets forth the details of the Processing of Customer Personal Data, as required by article 28(3) of the GDPR in Schedule 1 (Details of Processing of Customer Personal Data), attached hereto. 2.4. Magisto shall be allowed to exercise its own discretion in the selection and use of such means as it considers necessary to pursue the purposes set forth in Schedule 1, subject to the requirements of this DPA. 3. Controller. Customer represents and warrants that it has and shall maintain throughout the term of the Terms and this DPA, all necessary rights to provide the Customer Personal Data to Magisto for the Processing to be performed in relation to the Services and in accordance with the Terms and this DPA. To the extent required by Applicable Law, Customer is responsible for obtaining any necessary Data Subject consents to the Processing, and for ensuring that a record of such consents is maintained throughout the terms of the Terms and this DPA and/or as otherwise required under Applicable Law. In the event that any Data Subject exercises any of its rights under Applicable Law, then Customer shall notify Magisto of any such Data Subject request relevant to Magisto, within seven (7) business days. 4. Processor Employees. Magisto shall take reasonable steps to ensure that access to the Customer Personal Data is limited on a need to know and/or access basis, and that all Magisto employees receiving such access are subject to confidentiality undertakings or professional or statutory obligations of confidentiality in connection with their access to and use of Customer s Personal Data. 5. Security. Magisto shall implement appropriate technical and organizational measures to ensure an appropriate level of security of the Customer Personal Data, including, as appropriate and applicable, the measures referred to in Article 32(1) of the GDPR. In assessing the appropriate level of security, Magisto shall take into account the risks that are presented by the nature of the Processing and the information available to Magisto. 6. Personal Data Breach. 6.1. Magisto shall notify Customer without undue delay and, where feasible, not later than within forty eight (48) hours upon Magisto becoming aware of a Personal Data Breach affecting Customer Personal Data. In such event, Magisto shall provide Customer with reasonable and available information to assist Customer to meet any obligations to inform Data Subjects or Supervisory Authorities of the Personal Data Breach as required under the Applicable Law. 6.2. At the written request of the Customer, Magisto shall reasonably cooperate with Customer and take such commercially reasonable steps as are agreed by the parties or required under Applicable Law to assist in the investigation, mitigation and remediation of each such Personal Data Breach.

7. Sub Processing. 7.1. Customer authorizes Magisto to appoint (and permits each Sub Processor appointed in accordance with this Section 7 to appoint) Sub Processors in accordance with this Section 7. 7.2. Magisto may continue to use those Sub Processors already engaged by Magisto as identified to Customer as of the date of this DPA. 7.3. Magisto may appoint new Sub Processors and shall give notice of the appointment of any new Sub Processor to Customer by updating the list available at https://www.magisto.com/privacy-parties. If, within seven (7) days of such notice, Customer notifies Magisto in writing of any objections (on reasonable grounds) to the proposed appointment, Magisto shall not appoint for the processing of Customer Personal Data the proposed Sub Processor until reasonable steps have been taken to address the objections raised by Customer, and Customer has been provided with a reasonable written explanation of the steps taken. Where such steps are not sufficient to relieve Customer s reasonable objections then Customer or Magisto may, by written notice to the other Party, with immediate effect, terminate the Terms to the extent that it relates to the Services which require the use of the proposed Sub Processor without bearing liability for such termination. 7.4. With respect to each new Sub Processor, Magisto shall: 7.4.1. before the Sub Processor first Processes Customer Personal Data, take reasonable steps (for instance by way of reviewing privacy policies as appropriate) to ensure that the Sub Processor is committed and able to provide the level of protection for Customer Personal Data required by the Terms; and 7.4.2. ensure that the arrangement between Magisto and the Sub Processor is governed by a written contract, including terms which offer materially similar level of protection for Customer Personal Data as those set out in this DPA and that meet the requirements of Applicable Law. 7.5. Magisto shall remain fully liable to the Customer for the performance of any Sub Processor's obligations. 8. Data Subject Rights. 8.1. Customer shall be solely responsible for compliance with any statutory obligations concerning requests to exercise Data Subject rights under Data Protection Laws (e.g., for access, rectification, deletion of Customer Personal Data, etc.). Magisto shall use commercially reasonable efforts to assist Customer to fulfill Customer's obligations with respect to such Data Subject requests, as required under Applicable Law, at Customer s sole expense. 8.2. Magisto shall: 8.2.1. promptly notify Customer if it receives a request from a Data Subject under any Data Protection Law in respect of Customer Personal Data; and 8.2.2. ensure that it does not respond to that request except on the documented instructions of Customer or as required by Applicable Law to which Magisto is subject, in which case Magisto shall, to the extent permitted by Applicable Law, inform Customer of that legal requirement before it responds to the request.

9. Data Protection Impact Assessment and Prior Consultation. 9.1. At Customer s written request and expense, Magisto and each Sub Processor shall provide reasonable assistance to Customer with respect to any Customer Personal Data Processed by Magisto and/or a Sub Processor, with any data protection impact assessments or prior consultations with Supervisory Authorities or other competent data privacy authorities, as required under any applicable Data Protection Laws. 10. Deletion or Return of Customer Personal Data. Magisto shall promptly and in any event within up to sixty (60) days of the date of cessation of provision of the Services to Customer involving the Processing of Customer Personal Data (the "Cessation Date"), delete, return or anonymize all copies of those Customer Personal Data, provided however that Magisto may, subject to Applicable Law, retain Customer Personal Data. 11. Audit Rights 11.1. Subject to Sections Error! Reference source not found. and 11.3, Magisto shall make available to a reputable auditor mandated by Customer in coordination with Magisto, upon prior written request, such information reasonably necessary to demonstrate compliance with this DPA, and shall allow for audits, including inspections, by such reputable auditor mandated by the Customer in relation to the Processing of the Customer Personal Data by Magisto, provided that such third-party auditor shall be subject to confidentiality obligations. 11.2. Any audit or inspection shall at Customer s sole expense, and to Magisto's obligations to third parties, including with respect to confidentiality. 11.3. Customer and any auditor on its behalf shall use best efforts to minimize or avoid causing any damage, injury or disruption to Magistos' premises, equipment, employees and business. Customer and Magisto shall mutually agree upon the scope, timing and duration of the audit or inspection in addition to the reimbursement rate for which Customer shall be responsible. Magisto need not give access to its premises for the purposes of such an audit or inspection: 11.3.1. to any individual unless he or she produces reasonable evidence of identity and authority; 11.3.2. if Magisto was not given a prior written notice of such audit or inspection; 11.3.3. outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis; or 11.3.4. for the purposes of more than one (1) audit or inspection, in respect of each Magisto, in any calendar year, except for any additional audits or inspections which: 11.3.4.1. Customer reasonably considers necessary because of genuine concerns as to Magisto s compliance with this DPA; or 11.3.4.2. Customer is required to carry out by Applicable Law, a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Applicable Law in any country or territory, where Customer has identified its concerns or the

relevant requirement or request in its prior written notice to Magisto of the audit or inspection. 12. Liability and Indemnity. Customer shall indemnify and hold Magisto harmless against all claims, actions, third party claims, losses, damages and expenses incurred by the Magisto and arising directly or indirectly out of or in connection with a breach of this DPA and/or the Applicable Law by Customer. 13. General Terms 13.1. Governing Law and Jurisdiction. 13.1.1. The Parties to this DPA hereby submit to the choice of jurisdiction stipulated in the Terms with respect to any disputes or claims howsoever arising under this DPA, including disputes regarding its existence, validity or termination or the consequences of its nullity; and 13.1.2. This DPA and all non-contractual or other obligations arising out of or in connection with it are governed by the laws of the country or territory stipulated for this purpose in the Terms. 13.2. Order of Precedence. 13.2.1. Nothing in this DPA reduces Magisto s obligations under the Terms in relation to the protection of Customer Personal Data or permits Magisto to Process (or permit the Processing of) Customer Personal Data in a manner that is prohibited by the Terms. 13.2.2. This DPA is not intended to, and does not in any way limit or derogate from Customer s own obligations and liabilities towards Magisto under the Terms, and/or pursuant to the Applicable Law or any law applicable to Customer, in connection with the collection, handling and use of Customer Personal Data by Customer or its Affiliates or other processors or their sub-processors, including with respect to the transfer or provision of Customer Personal Data to Magisto and/or providing access thereto to Magisto. 13.2.3. Subject to this Section 13.2, with regard to the subject matter of this DPA, in the event of inconsistencies between the provisions of this DPA and any other agreements between the Parties, including the Terms and including (except where explicitly agreed otherwise in writing, signed on behalf of the Parties) agreements entered into or purported to be entered into after the date of this DPA, the provisions of this DPA shall prevail. In the event of inconsistencies between the provisions of this DPA and the Standard Clauses, the Standard Clauses shall prevail. 13.3. Changes in Data Protection Laws. 13.3.1. Customer may by at least forty-five (45) calendar days' prior written notice to Magisto, request in writing any variations to this DPA if they are required as a result of any change in, or decision of a competent authority under any applicable Data Protection Law in order to allow Customer Personal Data to be Processed (or continue to be Processed) without breach of that Data Protection Law; and 13.3.2. If Customer gives notice with respect to its request to modify this DPA under Section 13.3.1:

13.3.2.1. Magisto shall make commercially reasonable efforts to accommodate such modification request; and 13.3.2.2. Customer shall not unreasonably withhold or delay agreement to any consequential variations to this DPA proposed by Magisto to protect Magisto against additional risks, or to indemnify and compensate Magisto for any further steps and costs associated with the variations made herein. 13.4. Severance. Should any provision of this DPA be invalid or unenforceable, then the remainder of this DPA shall remain valid and in force. The invalid or unenforceable provision shall either be (i) amended as necessary to ensure its validity and enforceability, while preserving the Parties intentions as closely as possible or, if this is not possible, (ii) construed in a manner as if the invalid or unenforceable part had never been contained therein.

Schedule 1: Details of Processing of Controller Personal Data This Schedule 1 includes certain details of the Processing of Controller Personal Data as required by Article 28(3) GDPR. Subject matter and duration of the Processing of Controller's Personal Data. The subject matter and duration of the Processing of the Controller's Personal Data are set out in the Terms, in Magisto s Privacy Notice ("Privacy Notice"), and this DPA. The nature and purpose of the Processing of Controller Personal Data: Rendering Services in the nature of a marketing video platform, as detailed in the Terms and the Privacy Notice. The types of Controller Personal Data to be Processed are as follows: As detailed in the Privacy Notice. The categories of Data Subject to whom the Controller Personal Data relates to are as follows: Data Subjects who are end users of the Magisto's web and mobile application services. The obligations and rights of Controller. The obligations and rights of Controller are set out in the Terms and this DPA.

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback