Data Processing Agreement
This Data Processing Agreement (the "DPA") is incorporated into the agreement pursuant to which
the Customer obtains the right to use the Services (the "Terms of Service") (collectively, the
"Agreement").
Definitions
- “Data Protection Law” means any and all data protection laws and regulations that apply to the Processing of Personal Data by The Supplier under the Agreement.
- “Data Subject” means an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- “GDPR” means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
- “Personal Data” means any data that: (a) is deemed “personal data” or “personal information” (or other analogous variations of such terms) under Data Protection Law; and (b) that Customer submits using the Services for The Supplier to Process on Customer’s behalf.
- “Personal Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data.
- “Process” or “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- “Services” means any of the following services provided by The Supplier pursuant to the Agreement: (a) The Supplier's branded product offerings made available via the Internet, (b) consulting or training services provided by The Supplier either remotely via the Internet or in person, and (c) any support services provided by The Supplier, including access to Form Approvals’ help desk.
- “Standard Contractual Clauses” means the modernized standard contractual clauses issued on 4 June 2021.
Processing of Company Personal Data
The Company instructs Processor to process Company Personal Data.
The Processor will comply with applicable laws and process data only for the purpose of providing
the service, including troubleshooting, and diagnosing errors.
Data Processing and Protection
This DPA applies when The Supplier processes Customer’s data for which The Supplier will act as
“processor” or “service provider” (or other analogous variations of such terms) under Data
Protection Law.
Limitations on Use. The Supplier will process Personal Data only: (a) in a manner
consistent with documented instructions from Customer, including (i) to provide the Services, (ii)
as permitted under the Agreement, and (iii)
consistent with other reasonable instructions of Customer; and (b) with prior notice (unless notice
is legally prohibited), as required by applicable law. Without limiting the foregoing, The Supplier
will not collect, retain, use, or disclose the Personal Data for any purpose other than as necessary
for the specific purpose of performing the Services, including not collecting, retaining, using, or
disclosing the Personal Data for a commercial purpose other than providing the Services.
Confidentiality. The Supplier will ensure that persons authorized by The Supplier to
Process any Personal Data are subject to appropriate confidentiality obligations.
Security. The Supplier will protect Personal Data in accordance with requirements under
Data Protection Law, including by implementing appropriate technical and organizational
measures designed to protect Personal Data against Personal Data Breach per The Supplier’s
Security Overview.
Return or Disposal. At the choice of Customer, delete or return (or will enable Customer
to delete or retrieve) all Personal Data after the end of the provision of Services (unless applicable
law requires The Supplier to store any Personal Data). To request the return or disposal of
your data refer to our Privacy Policy.
Customer Obligations. Customer will not instruct The Supplier to perform any Processing
of Personal Data that violates any Data Protection Law. The Supplier may suspend Processing
based upon any Customer instructions that The Supplier reasonably suspects violate Data
Protection Law. Subject to the cooperation of The Supplier as specified in this DPA, Customer will
be solely responsible for safeguarding the rights of Data Subjects. Customer will promptly notify
The Supplier about any faults or irregularities in the Processing by The Supplier discovered by
Customer.
Subprocessors
Customer authorizes The Supplier to use third-party subprocessors to
Process Personal Data in connection with the provision of Services to Customer
(“Subprocessor”). Customer may request a list of current Subprocessors at any time. If
Customer objects to any Subprocessor, The Supplier may terminate the Agreement immediately
upon notice to Customer without liability.
Miscellaneous
If there is a conflict the Terms of Service will prevail over this DPA. Except for the
matters covered by this DPA, all terms of the Terms of Service, remain in effect. Capitalized
terms not defined in this DPA have the same meaning as in the Terms of Service. Except as
otherwise stated in the Terms of Service, this DPA and the Standard Contractual Clauses will
automatically terminate upon the termination or expiration of the Terms of Service.
Types and categories of data
Other than in connection with configuration and subscription related data stored by the Service,
Customer controls the types of Personal Data and categories of Data Subjects uploaded via the
Services for Processing.