Sendvio's Data Processing Addendum

Version Date: May 28, 2018.

This Data Processing Addendum (“DPA” or the “Addendum”) forms part of the agreement between “Sendvio” Services (“The Platform,” “we,” “us,” or “our”) and you or the entity that you represent (“Customer”, “you” or “your”), supplementing the Privacy Policy and Terms and Conditions of Use available at https://www.sendvio.com/privacy, and https://www.sendvio.com/terms, or any other agreement between you and “Sendvio” governing Customer’s use of the Service (the “Agreement”) when the GDPR applies to your use of the “Sendvio” Services to perform the tasks that you configure on this Platform.

With the purpose of providing the Services to Customer conforming to the Agreement, "Sendvio" may process personal data on behalf of Customer and the Parties agree to comply with the provisions of this Agreement in regard to any Personal Data.


Data Processing Terms

1. Definitions

“Controller” means an entity that determines the purposes and means of the processing of Personal Data.

“Customer Data” means what is defined in the Agreement as “Customer Data.”

“Data Protection Laws and Regulations” means all laws and regulations, including laws and regulations of the European Union, the European Economic Area and their member states, Canada, Switzerland and the United Kingdom, applicable to the Processing of Personal Data under the Agreement.

“Data Subject” means the identified or identifiable person to whom Personal Data relates.

“GDPR” means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

“Personal Data” means any information relating to (i) an identified or identifiable natural person and, (ii) an identified or identifiable legal entity (where such information is protected similarly as personal data or personally identifiable information under applicable Data Protection Laws and Regulations), where for each (i) or (ii), such data is Customer Data.

“Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

“Processor” means the entity which Processes Personal Data on behalf of the Controller.

"Services” means any service offering or customer support services provided by Sendvio to Customer pursuant to the Agreement.



2. Data Processing.

2.1 This Data Processing Addendum (the “Addendum”), along with the Sendvio’s Terms and Conditions of Use, reflect the agreement between Sendvio and the Customer with regard to the processing of Personal Data.

2.2 This DPA applies when Customer Data is processed by “Sendvio”. In this context, “Sendvio” will act as “Data Processor” to Customer who may act either as “Data Controller” only for the purpose of providing the Services in accordance with documented instructions from you with respect to Customer Data (as each term is defined in the GDPR).

2.3 The Services provide Customer with a number of controls, including security features and functionalities, that Customer may use to create automation with data provided by Customer. Customer may use these controls as technical and organizational measures to assist it in connection with its obligations under the GDPR.



3. Details of Data Processing.

3.1 Subject matter. The subject matter of the data processing under this DPA is Customer Data.

3.2 Duration. As between “Sendvio” and Customer, the duration of the data processing under this DPA is determined by Customer.

3.3 Purpose. The purpose of the data processing under this DPA is the provision of the Services initiated by Customer from time to time.

3.4 Nature of the processing: Compute, storage and such other Services provided by “Sendvio”.

3.5 Type of Customer Data: Customer Data uploaded to the Services under Customer’s “Sendvio” accounts.

3.6 Categories of data subjects: The data subjects may include Customer’s customers, employees, suppliers, and end-customers.

Each party will comply with all laws, rules, and regulations applicable to it and binding on it in the performance of this DPA, including the GDPR.



4. Customer Instructions.

The parties agree that this DPA and the Agreement (including the provision of instructions via configuration tools such as the “Sendvio” management console) constitute Customer’s documented instructions regarding “Sendvio” processing of Customer Data (“Documented Instructions”). “Sendvio” will process Customer Data only in accordance with Documented Instructions.



5. Data Protection.

5.1 “Sendvio” will use strict security procedures to keep information safe in compliance with standard security requirements and will use only providers that are in compliance with security and privacy Requirements, including GDRP Requirements.

5.2 “Sendvio” will notify you if, in “Sendvio” opinion, your instruction for the processing of Personal Data infringes applicable Data Protection Legislation.

5.3. “Sendvio” will notify you promptly, to the extent permitted by law, upon receiving an inquiry or complaint from a Data Subject or Supervisory Authority relating to your use of our Services.

5.4 “Sendvio” will maintain an information security program (including the adoption and enforcement of internal policies and procedures) against accidental or unlawful loss, access or disclosure. Accordingly, we are committed to identifying reasonably foreseeable and internal risks to security and unauthorized access to the “Sendvio” services and minimize security risks, including through risk assessment and regular testing.

5.5 “Sendvio” will notify you promptly upon becoming aware of and confirming any accidental, unauthorized, or unlawful processing of, disclosure of, or access to the Personal Data.

5.6 If the Agreement is ended, “Sendvio” will promptly initiate the process to delete your Personal Data.



6. Miscellaneous.

In the event of any conflict or inconsistency between the provisions of the Agreement and this Addendum, the provisions of this Addendum shall prevail. For the avoidance of doubt and to the extent allowed by applicable law, any and all liability under this Addendum, including limitations thereof, will be governed by the relevant provisions of the Agreement. You acknowledge and agree that “Sendvio” may amend this Addendum from time to time by posting the relevant amended and restated Addendum on “Sendvio” website, available at https://www.sendvio.com/dpa and such amendments to the Addendum are effective as of the date of posting. Your continued use of the Services after the amended Addendum is posted to “Sendvio” Website constitutes your agreement to, and acceptance of, the amended Addendum. If you do not agree to any changes to the Addendum, do not continue to use the Service.

Save as specifically modified and amended in this Addendum, all of the terms, provisions, and requirements contained in the Agreement shall remain in full force and effect and govern this Addendum. If any provision of the Addendum is held illegal or unenforceable in a judicial proceeding, such provision shall be severed and shall be inoperative, and the remainder of this Addendum shall remain operative and binding on the parties.