Data Processing Addendum

First Published:  

August 17th, 2018

If you are an organization for which we are processing data, our Terms of Service as well as the following terms apply.

1. Data processor provisions

Relevant definitions

1.1 Additional capitalized terms in this clause [1] shall have the meaning given to them in the DataProtection Law and as set out below:

Data Protection Law means all laws and regulations, including laws and regulations of theEuropean Union, the European Economic Area and their member states, applicable to theProcessing of Personal Data under the Agreement.

Your Group means all the companies affiliated with you.

Your Personal Data means, with respect to the data processing addendum the Personal Data relating to the employees of contractors, employees, and individual customers who are Data Subjects of Your Group which are Processed by the PageCloud under this Agreement. Your Personal Data does not include personal data that is being controlled by PageCloud, including without limitation the data we collect (including device/browser details, IP addresses, and pages visited prior to coming to your Site) with respect to your users interaction with your site through the use of web technologies like cookies and their browser.

Data Controller means the entity which determines the purposes and means of the Processing of Personal Data

Data Processor means the entity which Processes Personal Data on behalf of the Data Controller

Data Subject means someone who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his/her physical, physiological, mental, economic, cultural or social identity as defined in and who is subject to the Data Protection Law.

Data Subject Request means a request from a Data Subject for access to, correction, amendment, transfer or deletion of that person's Personal Data

Personal Data means any information relating to an identified or identifiable natural person thatyou, your Group or its end users provide to the PageCloud pursuant to this Agreement

Processing or Process means any operation or set of operations which is performed by the PageCloud as part of the Services upon Personal Data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction

Security Incident has the meaning given in clause 1.7(g).

Data Controllers and Data Processors in respect of your Personal Data

1.2 The parties acknowledge that you are the Data Controller in respect to your Personal Data andPageCloud shall process your Personal Data as its Data Processor.

Compliance with Data Protection Law

1.3 You undertake that you shall obtain necessary consents or establish other grounds in order thatPageCloud can process Your Personal Data in compliance with the Data Protection Law.

1.4 Subject to clause 1.3, PageCloud undertakes to perform its obligations under this Agreement in a manner that does not cause you to breach the Data Protection Law in relation to its Processing ofYour Personal Data and shall notify You immediately if an instruction it receives in relation to this clause infringes applicable laws.

Nature of processing

1.5 Details of the processing of personal data pursuant to this Agreement are set out in below.

(a) Subject Matter. The subject matter of the data processing under this Data ProcessingAddendum is Your Personal Data.

(b) Duration. The duration of the data processing under this Data Processing Addendum is determined by you.

(c) Purpose. The purpose of the data processing under this Data Processing Addendum is governed by the Services initiated by you.

(d) Nature of Processing. The Services as described in the Terms and initiated by you.

(e) Type of Personal Data. Your Personal data relating to you, or your end users whos data is included in personal data and your stuff which is processed as part of the Services in accordance with the Terms.

(f) Categories of Data Subjects. You, your end users and any other individuals who’s personal data is included in your stuff.

Transfers outside the EEA to Canada

1.6 You acknowledge and agree that it is acting as Data Controller and data exporter, and PageCloud or its subcontractor, is acting as data importer to Canada, which is designated as a jurisdiction having adequate protections for the transfer of personal data to processors established in third countries. You will ensure you obtain any required contractual assurances or consents before transferring Your Personal Data to PageCloud or it subcontractor. You will adopt any measures that are reasonably required to allow export to the data importer jurisdiction in compliance with relevant Data Protection Law.

Data Processor obligations

1.7 PageCloud shall in respect to all Your Personal Data:

Processing of personal data

(a) only process Your Personal Data to the extent and in such manner as is necessary for the performance of its obligations under the Agreement and in accordance with Your written instructions (or when required to do so by applicable law);

(b) not disclose Your Personal Data to any third parties without your consent other than to the extent required by any Regulator or court of law;

Rights of data subjects

(c) notify you within three (3) Business Days upon receipt of any Data Subject Request and give immediate attention, co-operation and assistance to You in order that You may comply with any Data Subject Request and comply with all instructions of, and timetables implemented by You in relation to the provision of details of Your Personal Data to the relevant individual;

PageCloud personnel

(d) take reasonable steps to ensure the reliability of PageCloud’s personnel required to accessPersonal Data and ensure that such personnel are trained in respect of data security and privacy and are subject to duties of confidence in respect to Your Personal Data;

Security

(e) take appropriate procedural, technical and organizational measures to prevent unlawful disclosure, unauthorized processing of or accidental loss, destruction, damage or alteration to Your Personal Data;

(f) if required by You, promptly provide a written description of the technical and organizational security measures employed for processing personal data and notify you of any material changes to such security measures from time to time;

Security breach management and notification

(g) notify You immediately upon the occurrence of any incident which has resulted, or is reasonably likely to result, in a breach by PageCloud, or its subcontractors of the protections relating to Your Personal Data set out in this clause 1.6, including any loss, theft, deletion, disclosure or corruption of Your Personal Data and/or any unauthorized use or access toYour Personal Data (a “Security Incident”);

(h) provide all cooperation and information reasonably requested by you in respect of a SecurityIncident, including, as soon as possible following, and in any event within 2 Business Days of, the detection of the Security Incident by PageCloud:

(i) details of the Security Incident;

(ii) details of Your Personal Data compromised;

(iii) details of how the Security Incident is being investigated and remedial steps already put in place and to be put in place; and

(iv) whether any Regulator, the data subjects themselves and/or the media have been informed or is otherwise already aware of the Security Incident, and their response;

(i) maintain proper records of all processing of Your Personal Data (including an up to date log of which PageCloud personnel have or have had access to Your Personal Data at any time during the term of the Agreement, what processing has been undertaken, which sub-processors have been involved and any the geographic location of the processing);

Audit

(j) subject to reasonable and appropriate confidentiality undertakings, permit you (or its authorized representative) to inspect and audit PageCloud’s data processing policies and procedures and comply with all reasonable requests or directions by you to enable it tore view PageCloud ‘s data protection obligations;

Return and deletion of data

(k) on termination of this Agreement for whatever reason, or upon written request from you at any time, forthwith cease to use or process any of Your Personal Data received from or on behalf of you under this Agreement, and return to you , or destroy (at your direction), any ofYour Personal Data in PageCloud’s possession or control (unless applicable laws require the continued storage of such Personal Data;

Cooperation and assistance in dealing with regulators

(l) notify you immediately upon receipt of any complaint or request relating to your obligations under the Data Protection Law, relating to Your Personal Data, or of any breach of this clause 1 and shall provide all co-operation and assistance in relation to such complaint, request or breach reasonably requested by You;