This Data Processing Agreement and its Annexes (“DPA”) form part of the Agreement entered into between You (“Client”) and Zyte Group Ltd. (“Zyte”) (collectively, the “Parties”) and sets forth the terms and conditions under which the Parties may process Personal Data. In the event of a conflict in relation to the processing of Personal Data between this DPA, Zyte Terms, and any other agreement, this DPA shall prevail. Unless otherwise specified, capitalized terms used but not defined in this DPA shall have the meaning set forth elsewhere in the Terms. This DPA is effective on the date the Agreement is entered into and will continue in force until the expiration or termination of the Agreement in accordance with its terms.
The following definitions shall apply for the purposes of this DPA:
The Parties acknowledge that:
Client represents and warrants that it will only use the Service Personal Data to process Personal Data if such processing is in compliance with the applicable Data Protection Laws.
ANNEX I
A. LIST OF PARTIES
Data exporter(s):
Name: | Zyte Group Ltd. |
Address: | Cuil Greine House, Ballincollig Commercial Park, Link Road, Ballincollig, Co. Cork, Ireland. |
Contact person’s name, position and contact details: | Sanaea Daruwalla, sanaea@zyte.com |
Activities relevant to the data transferred under these Clauses: | Providing Services to Client |
Role (controller/processor): | Module 1 Controller in relation to Contact Data.Module 4 Processor in relation to Service Personal Data. |
Data importer(s):
Name: | Client’s name as set out in an Agreement |
Address: | Client’s address as set out in an Agreement |
Contact person’s name, position and contact details: | As set out in an Agreement or as otherwise agreed with Zyte |
Activities relevant to the data transferred under these Clauses: | Using Zyte’s Services |
Role (controller/processor): | Module 1 Controller in relation to Contact Data.Module 4 Controller in relation to Service Personal Data. |
B. DESCRIPTION OF TRANSFER
Categories of data subjects whose Personal Data is transferred: |
Client staff information; other information as determined by Client |
Categories of personal data transferred: |
Names, usernames (Zyte login details, Slack and other communication software other user names), business email addresses, postal addresses, business phone numbers, job titles,and other information as specified in the Zyte Terms |
Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialized training), keeping a record of access to the data, restrictions for onward transfers or additional security measures. |
N/A |
The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis). |
Continuous |
Nature of the processing |
As specified in the Zyte Terms |
Purpose(s) of the data transfer and further processing |
Zyte will process the Personal Data as necessary to provide the Services |
The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period |
As specified in the Zyte Terms |
For transfers to (sub) processors, also specify subject matter, nature and duration of the processing |
As described in in Annex III |
C. COMPETENT SUPERVISORY AUTHORITY
Identify the competent supervisory authority/ies in accordance with Clause 13 |
Irish Data Protection Commission |
ANNEX II
TECHNICAL AND ORGANIZATIONAL MEASURES INCLUDING TECHNICAL AND ORGANIZATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA
Security Measure | Description of Zyte Process |
Ensuring physical security of locations at which Personal Data is processed | Zyte services are hosted on data servers hosted by highly secure cloud providers. All of Zyte’s hosting providers are ISO 27001 certified. |
Ensuring system event logging | Zyte uses centralized log management, which logs system events. Zyte shall monitor these logs for success rates, availability, and response time. |
Protection of data during transmission | All data in transit is encrypted using Transport Layer Security (TLSv1.2) using RSA256 bit key signed using the algorithm SHA256withRSA. |
Managing vulnerabilities on production environment | Zyte has a vulnerability management program and performs advanced vulnerability scans using leading technology scanners on a daily basis. |
Ensuring password security | Strong passwords are implemented on all applicable systems. Zyte has a password management policy following NIST standard security requirements. |
Ensuring system configuration | Setup on servers is automated using a configuration management and orchestration tool to provide the same configurations per role on all servers. |
User identification and authorisation | Administrative privileges are restricted based on the concept of least privilege and defined roles-level access. Only very limited staff at Zyte have administrator access to Zyte systems. |
Governance and risk management | Zyte has a risk management program in accordance with the NIST Risk Management Framework. |
Managing incidents that affect confidentiality, integrity, and availability | An Information Technology Infrastructure Library is used to manage the lifecycle of an incident. Zyte has an incident response progress and guide for escalation based on the severity of an incident. |
ANNEX III
LIST OF SUB-PROCESSORS
The controller has authorized the use of the following sub-processors (including a clear delimitation of responsibilities in case several sub-processors are authorized) :
Name | Address | Description of processing |
Amazon Web Services | 410 Terry Avenue North, Seattle, WA USA | Hosting provider |
Atlassian | 350 Bush Street Floor 13 San Francisco, CA94104 USA | Project management |
Braintree | 222 W Merchandise Mart Plaza, Suite 800, Chicago, IL 60654 USA | Processing online payment |
Breadwinner by Xero | 8 The Green, Suite #5978, Dover, DE 19901 | Managing financial reporting |
Chargebee | 340 S. Lemon Avenue, Suite #1537, Walnut, CA 91789 USA | Managing payments and subscriptions |
Cinergix Pty | Level 17, 31, Queen St., Melbourne 3000, VIC, Australia | Communication and integration tool |
Confluent | 899 West Evelyn Ave.Mountain View, CA 94041 | Code development system |
Form Keeper by Zapier | 548 Market St. #62411. San Francisco, CA 94104 USA | Data management |
Freshworks | 2950 S. Delaware Street, Suite 201, San Mateo, CA 94403 USA | Issue reporting and tracking |
Gainsight | 655 Montgomery St 7th Floor, San Francisco, CA 94111 USA | Customer relationship management tool |
Github | 88 Colin P Kelly Jr St, San Francisco, CA 94107 USA | Development platform |
Gong | 201 Spear St. 13th FloorSan Francisco, CA 94105 USA | Call recording and customer relationship management tool |
1600 Amphitheatre Parkway Mountain View, CA 94043 USA | Host email, documents, and workspace | |
Google Analytics | 1600 Amphitheatre Parkway Mountain View, CA 94043 USA | Analytics service |
Heap Analytics | 225 Bush Street, Suite 200, San Francisco, CA 94104 USA | Analytics service |
Hetzner | Indrustriestr. 25, 91710Gunzenhausen, Germany | Hosting provider |
Hotjar | Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian's STJ 3141 Malta | User behavior analytics |
Hubspot | 25 First Street, 2nd Floor Cambridge, MA 02141 USA | Customer relationship management tool |
Intercom | 3rd Floor, Stephens Ct., 18-21 St. Stephen’s Green, Dublin 2 Ireland | Customer support channel |
Mail Chimp | 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA | Email tool |
Mail Gun | 112 E Pecan St #1135, San Antonio, TX 78205 USA | Email tool |
ProductBoard | 333 Bush Street, 20th FloorSan Francisco, CA 94104 USA | Customer feedback and support tool |
Salesforce | 415 Mission Street Third Floor San Francisco, CA 94105 USA | Customer relationship management tool |
Servers.com | 2777 N Stemmons Fwy. Dallas, TX 75207, US | Hosting provider |
Retently | 2650 W El Camino Real Suite 2218, Mountain View, CA 94040, USA | Analysis and customer feedback tool |
Xero | 1615 Platte Street, Suite 400, Denver, CO 80202 USA | Invoicing |
Zapier | 548 Market St. #62411. San Francisco, CA 94104 USA | Integration with customer relationship management tool |