Supplemental Terms of Service
(For Data Protection Addendum)
This Supplemental Terms of Service (for Data Protection Addendum) (“Supplemental Terms of Service”) sets forth the obligations of us and you in connection with Personal Data that you make available to, or that is collected by, us in connection with Elisity Offerings that you purchase from us pursuant to a Software Services Order; and such Supplemental Terms of Services are in addition to the Customer Terms of Service between you and us that govern your use of the Elisity Offerings (“Customer Terms of Service” or “Agreement”). Unless already defined, all capitalized terms in these Supplemental Terms of Service shall have the meaning given in the Customer Terms of Service. In the event of a conflict between these Supplemental Terms of Service and the Customer Terms of Service, these Supplemental Terms of Service shall prevail.
- The Parties to these Supplemental Terms of Service, and their Affiliates and each of its employees, contractors, and agents, will comply with applicable data protection laws.
- Within our own organization, we shall implement and maintain adequate technical and organizational measures for the protection of your Personal Data (as defined in applicable data protection laws) in order to safeguard such Personal Data from unintentional or illegal destruction or unintentional loss, modification, unauthorized disclosure or unauthorized access.
- To the extent that we, as a "processor", process Personal Data for you in the performance of any Software Services Order, we will:
- Process Personal Data only for the performance of our obligations under the Agreement and only on documented instructions from you, including with regard to transfers of Personal Data to a third country or an international organization, unless we are required to do so by applicable law; and in such a case, we shall inform you of that legal requirement before processing the Personal Data, unless that law prohibits us from informing you;
- Ensure that persons authorized to process the Personal Data are subject to terms of confidentiality no less restrictive than those set forth in the Customer Terms of Service and this Supplemental Terms of Service;
- Assist you by appropriate technical and organizational measures to allow you to fulfill your obligations to inform the data subject as well as to respond to requests for the data subject's rights; namely in connection with the right of access by the data subject, the right to rectification, erasure, correction, restriction of the processing of Personal Data as well as the right to object to the processing of such Personal Data and the right to receive the Personal Data;
- As applicable with respect to the European General Data Protection Regulation (GDPR), assist you in ensuring compliance with the obligations pursuant to Articles 32 to 36 GDPR, taking into account the nature of processing and the information available to us; and this shall include notifying you without undue delay after becoming aware of a personal data breach as per the GDPR and provide all information required pursuant to Article 33 para. 3 GDPR; and
- Upon written notice from you, delete or return all Personal Data to you after the expiry of the applicable Software Services Order relating to the processing and delete existing copies except as set forth by applicable law or this Agreement, in which case we shall continue to protect and keep confidential such Personal Data as per these Supplemental Terms of Service, which shall continue to apply for as long as we, as a processor, remain in possession of such Personal Data.
- Where we engage another party as a “subprocessor” for carrying out specific processing activities in relation to Personal Data, provisions corresponding to the provisions of this Supplemental Terms of Service shall be imposed on the subprocessor by way of a contract, to the extent they apply, and we will comply with applicable requirements for exports of personal data under the GDPR (g., use of model clauses). Where the subprocessor fails to fulfill its obligations, we shall remain fully liable to Customer. The Elisity website may list Elisity's current subprocessors or we may provide you such list in a separate writing. Your written consent shall be deemed given for our use of those subprocessors listed as of the effective date of the Customer Terms of Service for the applicable Elisity Offerings you purchase. At least 20 days before we engage any new subprocessor, the aforementioned list(s) of subprocessors will be updated and we will provide you with a mechanism to obtain notice of those updates. You shall be entitled to object to any new subprocessor in writing within 10 days for material data protection law related reasons. If you do not object such new subprocessor within such period of time, you shall be deemed to have given your written consent for us to utilize such subprocessor. Where a material data protection law related reason for such objection exists and failing an amicable resolution of this matter by the Parties, we may use such subprocessor, but you shall be entitled to terminate the affected Elisity Offering(s) without any liability. The foregoing shall apply accordingly to new subprocessors after the effective date of the Customer Terms of Service for the applicable Elisity Offerings you purchase.
- The subject-matter and duration of such a processing of Personal Data for you, the nature and purpose of such processing, the type of Personal Data, the categories of data subjects and the obligations and rights of the Parties are set forth in the Customer Terms of Service and these Supplemental Terms of Service. In any event, the type of Personal Data processed may include your Customer Data and related Telemetry Data such as IP addresses of senders and recipients.
- The Parties agree that the Customer Terms of Service and these Supplemental Terms of Service and the manner in which you have configured or have approved the configuration of the applicable Software shall be considered your binding and final instructions as to the processing of Personal Data for the purposes of Section (c) above. You agree to cover any costs that we incur due to requests and inquiries, investigations and audits of you, data subjects, data protection authorities or others in connection with our duties as your processor (if the costs involved are material, such costs shall be pre-approved by you).
- You shall maintain any and all consents or other legal grounds, and remain responsible, as necessary, for permitting us to process Personal Data for you (as your processor) or otherwise for the performance of the Agreement (as a controller of our own), properly inform data subjects about the processing of their Personal Data in connection with the Elisity Offerings and by us, properly respond to any inquiries and requests concerning the Personal Data by data subjects, data protection authorities and others, undertake any notifications or registrations required by law, and ensure the rightful transfer of any Personal Data into an Elisity domain.
- The Parties acknowledge and agree that with regard to the manner in which we shall provide the Elisity Offerings to you, the provisions of these Supplemental Terms of Service shall not require us to perform or provision the Elisity Offerings differently than agreed in the Agreement. In particular, these Supplemental Terms of Service shall not operate to require us to provide a higher or other level of data security, or take other measures or perform the Subscription Services otherwise than agreed in the Agreement.
- You agree that we may manage the provision of the Elisity Offerings from abroad, in particular from our control centers in different time zones (if applicable). If we wish to have them operated by a third party, including an affiliate, we will comply with applicable requirements for exports of Personal Data under the applicable data protection laws (e.g., use of model clauses for GDPR).