Data Processing Agreement
Updated May 29, 2020
Data Processing Terms
In this DPA, “Data Protection Legislation” means European Directives 95/46/EC and 2002/58/EC (as amended by Directive 2009/136/EC) and any legislation and/or regulation implementing or made pursuant to them, or which amends, replaces, re-enacts or consolidates any of them (including the General Data Protection Regulation (Regulation (EU) 2016/279)), and all other applicable laws relating to the processing of personal data and privacy that may exist in any relevant jurisdiction.
“Data controller”, “data processor”, “data subject”, “personal data”, “processing”, and “appropriate technical and organisational measures” shall be interpreted in accordance with applicable Data Protection Legislation.
“Sub-processor” is a Third-party, independent contractors, vendors and suppliers who provide specific services and products related to the Deadline Funnel website and our services, such as hosting, credit card processing and fraud screening, mailing list hosting, and analytics ("third-party" or "outside contractor" shall have similar meanings).
The parties agree that Customer is the data controller and that Deadline Funnel is its data processor in relation to personal data that is processed in the course of providing the Application Services. Customer shall comply at all times with Data Protection Legislation in respect of all personal data it provided to Deadline Funnel pursuant to the Agreement.
The subject-matter of the data processing covered by this DPA is the Application Services ordered by Customer either through Deadline Funnel’s website or through an Ordering Document and provided by Deadline Funnel to Customer via www.deadlinefunnel.com, or as additionally described in the Agreement or the DPA. The processing will be carried out until the term of Customer’s ordering of the Application Services ceases.
Further details of the data processing are set out hereto. In respect of personal data processed in the course of providing the Application Services, Deadline Funnel shall process the personal data only in accordance with the documented instructions from Customer (as set out in this DPA or the Agreement or as otherwise notified by Customer to Deadline Funnel (from time to time) .
If Deadline Funnel is required to process the personal data for any other purpose provided by applicable law to which it is subject, Deadline Funnel will inform Customer of such requirement prior to the processing unless that law prohibits this on important grounds of public interest; shall notify Customer without undue delay if, in Deadline Funnel’s opinion, an instruction for the processing of personal data given by Customer infringes applicable Data Protection Legislation; shall implement and maintain appropriate technical and organisational measures designed to protect the personal data against unauthorised or unlawful processing and against accidental loss, destruction, damage, theft, alteration or disclosure.
These measures shall be appropriate to the harm which might result from any unauthorised or unlawful processing, accidental loss, destruction, damage or theft of the personal data and having regard to the nature of the personal data which is to be protected.
Deadline Funnel may hire other companies to provide limited services on its behalf, provided that Deadline Funnel complies with the provisions of this Clause. Any such subcontractors will be permitted to process personal data only to deliver the services Deadline Funnel has retained them to provide, and they shall be prohibited from using personal data for any other purpose. Deadline Funnel remains responsible for its subcontractors’ compliance with the obligations of this DPA. Any subcontractors to whom Deadline Funnel transfers personal data will have entered into written agreements with Deadline Funnel requiring that the subcontractor abide by terms substantially similar to this DPA; at the Customer’s request and cost (and insofar as is possible).
Deadline Funnel shall assist the Customer by implementing appropriate and reasonable technical and organisational measures to assist with the Customer’s obligation to respond to requests from data subjects under Data Protection Legislation (including requests for information relating to the processing, and requests relating to access, rectification, erasure or portability of the personal data) provided that Deadline Funnel reserves the right to reimbursement from Customer for the reasonable cost of any time, expenditures or fees incurred in connection with such assistance.
When the General Data Protection Regulation (Regulation (EU) 2016/279) comes into effect, Deadline Funnel shall take reasonable steps at the Customer’s request and cost to assist Customer in meeting Customer’s obligations under Article 32 to 36 of that regulation taking into account the nature of the processing under this DPA, provided that Deadline Funnel reserves the right to reimbursement from Customer for the reasonable cost of any time, expenditures or fees incurred in connection with such assistance.
At the end of the applicable term of the Application Services, upon Customer’s request, shall securely destroy or return such personal data to Customer; may transfer personal data from the EEA to the US for the purposes of this DPA pursuant to the EU-US Privacy Shield provided that Deadline Funnel maintains its certification under the EU-US Privacy Shield; shall allow Customer and its respective auditors or authorized agents to conduct audits or inspections during the term of the Agreement, which shall include providing reasonable access to the premises, resources and personnel used by Deadline Funnel in connection with the provision of the Application Services, and provide all reasonable assistance in order to assist Customer in exercising its audit rights under this Clause.
The purposes of an audit pursuant to this Clause include to verify that Deadline Funnel is processing personal data in accordance with its obligations under the DPA and applicable Data Protection Legislation. Notwithstanding the foregoing, such audit shall consist solely of: (i) the provision by Deadline Funnel of written information (including, without limitation, questionnaires and information about security policies) that may include information relating to subcontractors; and (ii) interviews with Deadline Funnel’s IT personnel. Such audit may be carried out by Customer or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality. For the avoidance of doubt no access to any part of Deadline Funnel’s IT system, data hosting sites or centers, or infrastructure will be permitted.
If Deadline Funnel becomes aware of any accidental, unauthorised or unlawful destruction, loss, alteration, or disclosure of, or access to the personal data that is processed by Deadline Funnel in the course of providing the Application Services (an “Incident”) under the Agreement it shall without undue delay notify Customer and provide Customer (as soon as possible) with a description of the Incident as well as periodic updates to information about the Incident, including its impact on Customer Content. Deadline Funnel shall additionally take action to investigate the Incident and reasonably prevent or mitigate the effects of the Incident; Deadline Funnel shall provide information requested by Customer to demonstrate compliance with the obligations set out in this DPA.
Deadline Funnel complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and the United Kingdom to the United States in reliance on Privacy Shield. Deadline Funnel has certified to the Department of Commerce that it adheres to the Privacy Shield Principles.
In compliance with the Privacy Shield Principles, Deadline Funnel commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Deadline Funnel at: firstname.lastname@example.org.
Deadline Funnel has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU.
Details of the Data ProcessingDeadline Funnel shall process information to provide the Application Services pursuant to the Agreement. Deadline Funnel shall process information sent by Customer’s end users identified through Customer’s implementation of the Application Services. As an example, in a standard programmatic implementation, to utilize the Application Services, Customer may allow the following information to be sent by default as “default properties:”
Types of Personal Data
- First name
- IP Address
- Last Seen (the last time a property was set or updated)
Your Access and Control of DataData Subjects whose Personal Data is covered by this Privacy Shield Policy have the right to access such Personal Data and to correct, amend, or delete such Personal Data if it is inaccurate or has been processed in violation of the Privacy Shield Principles (except when the burden or expense of providing access, correction, amendment, or deletion would be disproportionate to the risks to the Data Subject’s privacy, or where the rights of persons other than the Data Subject would be violated). Requests for access, correction, amendment, or deletion should be sent to: email@example.com.
Recourse, Enforcement, and LiabilityDeadline Funnel’s participation in the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework is subject to investigation and enforcement by the Federal Trade Commission. In compliance with the Privacy Shield Principles, Deadline Funnel commits to resolve complaints about your privacy and our collection or use of your Personal Data. Data Subjects with inquiries or complaints regarding this Privacy Shield Policy should first contact Deadline Funnel at: firstname.lastname@example.org Deadline Funnel has further committed to refer unresolved privacy complaints under the EU-U.S. Privacy Shield Principles to an independent dispute resolution mechanism, the International Centre for Dispute Resolution-American Arbitration Association. Deadline Funnel has further committed to refer unresolved privacy complaints under the Swiss-U.S. Privacy Shield Principles to the Swiss Federal Data Protection and Information Commissioner (FDPIC). Under certain conditions detailed in the Privacy Shield, Data Subjects may be able to invoke binding arbitration before the Privacy Shield Panel to be created by the U.S. Department of Commerce and the European Commission. Deadline Funnel agrees to periodically review and verify its compliance with the Privacy Shield Principles, and to remedy any issues arising out of failure to comply with the Privacy Shield Principles. Deadline Funnel acknowledges that its failure to provide an annual self-certification to the U.S. Department of Commerce will remove it from the Department’s list of Privacy Shield participants.
Accountability for Onward TransferIn the event we transfer Personal Data covered by this Privacy Shield Policy to a sub-processor, we will do so consistent with any notice provided to Data Subjects and any consent they have given, and only if the third party has given us contractual assurances that it will (i) process the Personal Data for limited and specified purposes consistent with any consent provided by the Data Subjects, (ii) provide at least the same level of protection as is required by the Privacy Shield Principles and notify us if it makes a determination that it cannot do so; and (iii) cease processing of the Personal Data or take other reasonable and appropriate steps to remediate if it makes such a determination. If Deadline Funnel has knowledge that a third party is processing Personal Data covered by this Privacy Shield Policy in a way that is contrary to the Privacy Shield Principles, Deadline Funnel will take reasonable steps to prevent or stop such processing. With respect to our agents, we will transfer only the Personal Data covered by this Privacy Shield Policy needed for an agent to deliver to Deadline Funnel the requested product or service. Furthermore, we will (i) permit the agent to process such Personal Data only for limited and specified purposes; (ii) require the agent to provide at least the same level of privacy protection as is required by the Privacy Shield Principles; (iii) take reasonable and appropriate steps to ensure that the agent effectively processes the Personal Data transferred in a manner consistent with Deadline Funnel’s obligations under the Privacy Shield Principles; and (iv) require the agent to notify Deadline Funnel if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Privacy Shield Principles. Upon receiving notice from an agent that it can no longer meet its obligation to provide the same level of protection as is required by the Privacy Shield Principles, we will take reasonable and appropriate steps to stop and remediate unauthorized processing. Deadline Funnel remains liable under the Privacy Shield Principles if an agent processes Personal Data covered by this Privacy Shield Policy in a manner inconsistent with the Principles, except where Deadline Funnel is not responsible for the event giving rise to the damage.
Disclosure of Personal Data to Regulatory AgenciesDeadline Funnel transfers Personal Data to third parties, including without limitation, law enforcement agencies and consumer reporting agencies, under the following normal business procedures:
- Deadline Funnel uses a Visitor\'s IP address to help diagnose problems with its servers, and to administer its website.