<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=2849132&amp;fmt=gif">
SCHEDULE DEMO
SCHEDULE DEMO
SCHEDULE DEMO
SCHEDULE DEMO

Download PDF

DATA PROTECTION ADDENDUM

This Exhibit sets out the obligations of the Parties in connection with Personal Data that you make available to us in connection with Elisity Offerings including through integration with a Supported Ecosystem. Unless already defined, all capitalized terms in these Supplemental Terms of Service shall have the meaning given in the Customer Terms of Service located at www.elisity.com/customer-terms-of-service.

(a)    The Parties to these Supplemental Terms of Service, and their Affiliates and each of its employees, contractors, and agents, will comply with applicable data protection laws.

(b)    Within our own organization, we will implement and maintain adequate technical and organizational measures for the protection of your Personal Data (as defined in applicable data protection laws) to safeguard such Personal Data from unintentional or illegal destruction or unintentional loss, modification, unauthorized disclosure or unauthorized access.

(c)    To the extent that we, as a "processor", process Personal Data for you in the performance of any Software Order, we will:

(i)   Process Personal Data only for the performance of our obligations under the Agreement and only on documented instructions from you, including with regard to transfers of Personal Data to a third country or an international organization, unless we are required to do so by applicable law; and in such a case, we shall inform you of that legal requirement before processing the Personal Data, unless that law prohibits us from informing you;

(ii)   Ensure that persons authorized to process the Personal Data are subject to terms of confidentiality no less restrictive than those set forth in the Agreement and this Exhibit;

(iii)   Assist you by appropriate technical and organizational measures to allow you to fulfill your obligations to inform the data subject as well as to respond to requests for the data subject's rights; namely in connection with the right of access by the data subject, the right to rectification, erasure, correction, restriction of the processing of Personal Data as well as the right to object to the processing of such Personal Data and the right to receive the Personal Data;

(iv)   As applicable with respect to the European General Data Protection Regulation (GDPR), assist you in ensuring compliance with the obligations pursuant to Articles 32 to 36 GDPR, taking into account the nature of processing and the information available to us; and this shall include notifying you without undue delay after becoming aware of a personal data breach as per the GDPR and provide all information required pursuant to Article 33 para. 3 GDPR; and

(v)   Upon written notice from you, delete or return all Personal Data to you after the expiry of the applicable Software Order relating to the processing and delete existing copies except as set forth by applicable law or this Agreement, in which case we shall continue to protect and keep confidential such Personal Data as per this Exhibit, which shall continue to apply for as long as we, as a processor, remain in possession of such Personal Data.

(d)    Where we engage another party as a "subprocessor" for carrying out specific processing activities in relation to Personal Data, provisions corresponding to the provisions of this Exhibit will be imposed on the subprocessor by way of a contract, to the extent they apply, and we will comply with applicable requirements for exports of personal data under the GDPR (e.g., use of model clauses). Where the subprocessor fails to fulfill its obligations, we shall remain fully liable to Customer. The Elisity website may list Elisity's current subprocessors or we may provide you such list in a separate writing, with the understanding that on the effective date of the Agreement we utilize AWS for hosting of Cloud Control Center and that use is subject to AWS' published data protection agreement. At least 20 days before we engage any new subprocessor, the aforementioned list(s) of subprocessors will be updated and we will provide you with a mechanism to obtain notice of those updates. You shall be entitled to object to any new subprocessor in writing within 10 days for material data protection law related reasons. If you do not object such new subprocessor within such period of time, you shall be deemed to have given your written consent for us to utilize such subprocessor. Where a material data protection law related reason for such objection exists and failing an amicable resolution of this matter by the Parties, we may use such subprocessor, but you shall be entitled to terminate the affected Elisity Offering(s) without any liability. The foregoing shall apply accordingly to new subprocessors after the effective date of the Agreement for the applicable Elisity Offerings you purchase.

(e)    The subject-matter and duration of such a processing of Personal Data for you, the nature and purpose of such processing, the type of Personal Data, the categories of data subjects and the obligations and rights of the Parties are set forth in the Agreement and this Exhibit. In any event, the type of Personal Data processed may include your Customer Data and related Software Analytics.

(f)    The Parties agree that the Agreement and this Exhibit, and the manner in which you have configured or have approved the configuration of the applicable Software, shall be considered your binding and final instructions as to the processing of Personal Data for the purposes of Section (c) above. You agree to cover any costs that we incur due to requests and inquiries, investigations and audits of you, data subjects, data protection authorities or others in connection with our duties as your processor (if the costs involved are material, such costs shall be pre-approved by you).

(g)    You shall maintain any and all consents or other legal grounds, and remain responsible, as necessary, for permitting us to process Personal Data for you (as your processor) or otherwise for the performance of the Agreement (as a controller of our own), properly inform data subjects about the processing of their Personal Data in connection with the Elisity Offerings and by us, properly respond to any inquiries and requests concerning the Personal Data by data subjects, data protection authorities and others, undertake any notifications or registrations required by law, and ensure the rightful transfer of any Personal Data into an Elisity domain.

(h)    The Parties acknowledge and agree that regarding the way we will provide the Elisity Offerings to you, the provisions of this Exhibit shall not require us to perform or provision the Elisity Offerings differently than agreed in the Agreement. In particular, this Exhibit will require us to provide a higher or other level of data security, or take other measures or perform the Elisity Offerings otherwise than agreed in the Agreement.

(i)    You agree that we may manage the provision of the Elisity Offerings from abroad if you choose to operate Cloud Control Center from a jurisdiction outside of the United States, and in such case each Party will comply with applicable requirements for exports of Personal Data under the applicable data protection laws.