A great place to start is by looking at the DPAs currently used by enterprise processors. For example, HubSpot’s DPA is easy to find and read. Data processing agreements are lengthy, however, and reading even a few to inform your own contract building can take a lot of time. However, some customers do choose to upload map data to Mapbox for distribution to their end users.

Mezmo will not Process Personal Data for any purpose other than for the specific purposes set forth in the Agreement and as otherwise agreed by the parties, unless obligated to do otherwise by applicable law. In such case, Mezmo will inform Customer of that legal requirement before the Processing unless legally prohibited from doing so. Further details regarding Mezmo’s Processing operations are set forth in Annex I. Mezmo will not (a) sell Personal Data, or (b) retain, use or disclose Personal Data outside of the direct business relationship between Customer and Mezmo, except as permitted under applicable Data Protection Laws. For purposes of this paragraph, “sell” shall have the meaning set forth in the CCPA. Organizations leveraging data on EU residents need a GDPR data processing agreement any time they hire a third party to process that data. For companies which do not engage with EU user data, a DPA can still prove useful for outlining the terms of business with external data processors.

Schedule 1

Customer shall not be entitled to an on-site audit of Webflow’s premises unless legally required by a Regulator. (a) Sinch Email shall, taking into account the nature of the processing and the information available, provide reasonable assistance to the Customer at the Customer’s cost, with any data protection impact assessments and prior consultations with supervisory authorities or other competent regulatory authorities as required for the Customer to fulfill its obligations under Applicable Data Protection Laws. Description of the technical and organisational measures implemented by the data importer(s) (including any relevant certifications) to ensure an appropriate level of security, taking into account the nature, scope, context and purpose of the processing, and the risks for the rights and freedoms of natural persons. A data processing agreement lays out technical requirements for the controller and processor to follow when processing data.


In both cases, Sinch Email shall be authorized to defer the performance of the relevant instruction until it has been amended by Customer or is mutually agreed by both Customer and Sinch Email. You acknowledge and agree that we may access and Process Personal Data on a global basis as necessary to provide the Subscription Service in accordance with the Agreement, and in particular that Personal Data may be transferred to and Processed by HubSpot, Inc. in the United States and to other jurisdictions where HubSpot Affiliates and Sub-Processors have operations. Wherever Personal Data is transferred outside its country of origin, each party will ensure such transfers are made in compliance with the requirements of Data Protection Laws. Compliance with Instructions. We will only Process Personal Data for the purposes described in this DPA or as otherwise agreed within the scope of your lawful Instructions, except where and to the extent otherwise required by applicable law.

Personal Data Breaches

Permitted Affiliates. By signing the Agreement, you enter into this https://investmentsanalysis.info/aws-cloud-engineer-job-description-template-2/ (including, where applicable, the Standard Contractual Clauses) on behalf of yourself and in the name and on behalf of your Permitted Affiliates. For the purposes of this DPA only, and except where indicated otherwise, the terms “Customer”, “you” and “your” will include you and such Permitted Affiliates. Roles of the Parties. When processing California Personal Information in accordance with your Instructions, the parties acknowledge and agree that you are a Business and we are a Service Provider for the purposes of the CCPA. Sub-Processor Agreements.

  • When Processing European Data in accordance with your Instructions, the parties acknowledge and agree that you are the Controller of European Data and we are the Processor.
  • All capitalized terms not otherwise defined herein shall have the meanings as set forth in the Addendum.

(d) «Sinch Email Infrastructure» means (i) Sinch Email’s physical facilities; (ii) hosted cloud infrastructure; (iii) Sinch Email’s corporate network and the non-public internal network, software, and hardware necessary to provide the Services and which is controlled by Sinch Email; in each case to the extent used to provide the Services. This Data Processing Addendum (this «What Is a Front-End Developer? How to Become One, Salary, Skills«) forms part of Sinch Email’s Terms of Service (the «Principal Agreement») by and between Sinch Email and the Customer and is subject to the Principal Agreement. Sinch Email is the Developer & Email business unit of Sinch and comprises of the brands Mailgun, Mailjet, Email on Acid and InboxReady.

Search code, repositories, users, issues, pull requests…

If Schedule 3 applies to Customer’s use of the Service, then, if applicable, under the order of precedence, by entering into this DPA, the Parties are deemed to be signing such EU Standard Contractual Clauses, including each of its applicable Annexes. Instructions. Customer instructs Webflow, when acting as a Processor, to Process Customer Personal Information to provide the Service. Customer warrants that the instructions it provides to Webflow pursuant to this DPA will comply with Data Protection Laws. “Processing” means any operation or set of operations which is performed upon Personal Information, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.

Generally speaking, a DPA should include the scope and purpose of data processing, what data will be processed, how it will be protected, and the controller-processor relationship. Mapbox’s products/services store and serve source data from an AWS primary region in the US. Data is sometimes cached and served out of various regions outside the US for performance reasons, as described in the questions/response above, but Mapbox cannot serve its data from one limited geographic region. To safeguard such transfers to the US and other regions, please see Mapbox’s DPA, Schedule C, which includes the Standard Contractual Clauses released in 2021 by the European Commission. 1.7    To the extent that any online Services usage data is considered Customer Personal Data, Smartsheet is the business with respect to such data and will Process such data in accordance with its Privacy Notice.

Other rights. The parties agree that you will, when reviewing our compliance with this DPA pursuant to the ‘Demonstration of Compliance’ section, take all reasonable measures to limit any impact on us and our Affiliates by combining several audit requests carried out on behalf of the Customer entity that is the contracting party to the Agreement and all of its Permitted Affiliates in one single audit. (C) Where the HubSpot contracting entity under the Agreement is not HubSpot, Inc., such contracting entity (not HubSpot, Inc.) will remain fully and solely responsible and liable to you for the performance of the Standard Contractual Clauses by HubSpot, Inc., and you will direct any instructions, claims or enquiries in relation to the Standard Contractual Clauses to such contracting entity. If we have not or cannot cure the non-compliance, you may suspend or terminate the affected part of the Subscription Service in accordance with the Agreement without liability to either party (but without prejudice to any fees you have incurred prior to such suspension or termination).

  • In such case, the parties will discuss such concerns in good faith.
  • All operations such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of data (whether or not by automated means), etc.
  • Though created by the EU, the GDPR applies to any organization that targets or collects data about people in the EU.
  • For more information on these security measures, please refer to HubSpot’s SOC 2 Type II Report, SOC 3 Report, Security Overview and Penetration Test Summaries, available at trust.hubspot.com.
  • Webflow will process Customer Personal Information in accordance with Customer’s instructions as set forth in Section 3.1 (Instructions).

For the purposes of the Standard Contractual Clauses, the supervisory authority that will act as competent supervisory authority will be determined in accordance with GDPR. Disclosure in accordance with the Agreement (including this DPA) and/or as compelled by applicable laws. Your Contacts and other end users including your employees, contractors, collaborators, customers, prospects, suppliers and subcontractors. Data Subjects may also include individuals attempting to communicate with or transfer Personal Data to your end users.