How do you compare to the best in business? Take our customer experience benchmarking survey and

Data Processing Addendum

(Updated January 9 2022)

This Data Processing Addendum (“DPA”), forms part of the AskNicely Terms of Use Agreement (“Terms”) or other written or electronic agreement (together the “Agreement”), entered between AskNicely, and the entity that is a party to the Terms together with its Affiliates which have executed the Terms or made online purchases or signed orders (“Customer”), for the provision of certain services defined in the Terms that requires AskNicely to process certain personal data (defined below) on behalf of Customer. This DPA shall be effective on the date both parties entered the Terms, or for those with Terms pre-dating September 27, 2021, the effective date shall be September 27, 2021. Each of Customer and AskNicely may be referred to herein as a “Party” and together as the “Parties”.  

1. DEFINITIONS

1.1  In this DPA, the following terms shall have the meanings set out below and cognate terms shall be construed accordingly:

(a) “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control,” for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity;

(b) “AskNicely” means the contracting party in the order form, which may be any of the following affiliated entities: Ask Nicely LLC, Ask Nicely, Ask Nicely B.V.;

(c) “controller” means the entity which, alone or jointly with others, determines the purposes and means of the processing of personal data;

(d) “Data Protection Law” means the EU General Data Protection Regulation (EU) 2016/679 (“GDPR”), UK General Data Protection Regulations (“UK GDPR”), the UK Data Protection Act 2018 (“DPA 2018”), and the respective implementing regulations for each of the laws and regulations;

(e) “data subject” means the identified or identifiable person to whom the personal data relates;

(f) “Customer Data” means any information provided by Customer or collected from or on behalf of Customer by AskNicely pursuant to the Agreement;

(g) “personal data” means any information relating to an identified or identifiable natural person;

(h) “personal data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored or otherwise processed;

(i) “process” or “processing” means any operation or set of operations which is performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

(j) “processor” means the entity which processes personal data on behalf of the controller;

(k) “Services” means all subscription services, professional services, and related support provided pursuant to the Terms and related order forms, authorized instructions, and operational Customer service;  

2. DATA PROTECTION AND USE

2.1 Data Protection Commitment.  AskNicely and Customer each undertake to process the personal data pursuant to all applicable requirements under the applicable Data Protection Law, including adherence to security measures required pursuant to Article 32 of the GDPR.

2.2 Data Processing Role.  The Parties hereby acknowledge that for the purposes of this Agreement, AskNicely is the data processor and Customer is the data controller, unless the data processing is being carried out on behalf of Customer, who is the data processor processing personal data on behalf of the data controller. Customer shall ensure that it has obtained the prior specific or general written authorization of its business Customers or business partners to engage AskNicely to process the personal data. Customer shall be responsible for the accuracy, quality, and legality of personal data and the means of data acquisition.  

2.3 Processing Per Instructions.  AskNicely agrees to process the personal data only as instructed by Customer for the purposes set forth in Exhibit A, which sets out the subject-matter, nature and purpose of processing undertaken by AskNicely, as well as the duration of processing and the types of personal data and categories of data subjects processed. AskNicely shall not process the personal data other than on Customer’s documented instructions unless processing is required by applicable laws to which AskNicely or their contracted processor is subject, in which case AskNicely shall to the extent permitted by applicable laws inform Customer of that legal requirement before the relevant processing of that personal data. In the event AskNicely cannot processed personal data in accordance with this DPA, AskNicely shall notify the other Party, in which case both parties shall determine whether processing can continue with an appropriate level of protection, or whether processing shall cease in no more than ten (10) days. If it is determined that processing shall cease, personal data shall no longer be processed, and all personal data previously processed, and copies thereof shall either be returned or completely destroyed. In determining whether personal data can be processed in accordance with this DPA, AskNicely shall take into account the national laws of the country in which the personal data is processed, the impact on the rights of individuals in regard to their personal data, and any government access to that personal data and whereby specific notice of the access and processing by that government authority cannot be disclosed.

2.4 Restrictions in Processing. AskNicely shall only process the personal data as instructed by Customer to fulfil its Services as set forth in the Agreement, requested through use of the Services, or applicable written instructions. Personal data shall only be further processed for the purpose of anonymizing for use by AskNicely in improving its Services, aggregate analytics, and research and statistical purposes that are unrelated to an identified individual.

2.5 Confidentiality.  AskNicely shall require its employees and contractors authorized to process the personal data to be subject to confidentiality undertakings in relation to the personal data.

2.6 Security.  AskNicely shall maintain appropriate technical and organizational measures for protection of the security, confidentiality, and integrity of Customer Data, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, to prevent accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored or otherwise processed. AskNicely will not materially decrease the overall security of the Services during a subscription term. Security requirements specific to AskNicely’s technology platform are detailed in Exhibit B.

2.7 Sub-processors.  Customer authorizes AskNicely to engage third-party service providers (“Sub-processors”) to process the personal data of Customer Representatives, Other Business Representatives, and Other Users, to facilitate its Services for all administrative and other business-related activities and shall provide the details of all Sub-processors upon request. AskNicely shall inform Customer in writing, including electronically, at least 30 days in advance of any intended changes that will result in the addition or replacement of a Subprocessor that processes Customer Data under the Agreement thereby giving Customer the opportunity to object to such changes on reasonable grounds prior to the engagement of the concerned Subprocessor(s). In such case Parties will cooperate in good faith to find a mutually acceptable resolution to address such objection. AskNicely agrees to carry out due diligence to confirm its Sub-processors are capable of providing the level of protection required under applicable Data Protection Law, including implementing appropriate technical and organizational measures for processing the personal data and providing protection for the rights of data subjects. If the Subprocessor does not fulfil its data protection obligations under applicable Data Protection Law that relate to its role in processing Customer Data as a Subprocessor, AskNicely shall remain fully liable to Customer as regards the fulfilment of the obligations of the Subprocessor as they relate to Services under this Agreement.  

2.8 Data Transfer to Third Countries or International Organizations.  Customer authorizes AskNicely to transfer the personal data to a third country or an international organization to process the personal data to facilitate its Services on condition that AskNicely ensures adequate protections are in place as required under applicable Data Protection Law for such transfer. Where processing involves transferring of personal data from the European Economic Area to a third country or international organization, including to the United States, the Standard Contractual Clauses in Exhibit D shall apply. Where processing involves transferring of personal data from the United Kingdom to a third country or international organization, including to the United States, the Standard Contractual Clauses in Exhibit E shall apply.

2.9 Rights of Data Subjects. AskNicely agrees to assist Customer to meet its obligations under applicable Data Protection Law for responding to a data subject’s exercise of rights.  AskNicely shall promptly notify Customer if it receives a request from a data subject for whom AskNicely processes personal data under this Agreement in respect of the exercise of the rights of such data subject and shall ensure that it does not respond to that request except on Customer’s documented instructions, or as required by applicable Data Protection Law, in which case AskNicely shall to the extent permitted by law inform Customer of that legal requirement before responding to the request.  

2.10 Data Breach and Other Compliance Obligations. AskNicely shall inform Customer without undue delay after becoming aware of a personal data breach, and in any event within within 48 hours. AskNicely shall make reasonable efforts to identify the cause of the personal data breach and shall take those steps Customer deems necessary and reasonable to remediate the cause of such personal data breach to the extent the remediation is within AskNicely’s reasonable control. The obligations herein shall not apply to personal data breach caused by Customer or Customer’s users. AskNicely agrees to provide information to assist Customer in meeting its requirements for notification to applicable regulatory bodies and data subjects, as required under applicable Data Protection Law.

2.11 Reasonable Assistance.  AskNicely shall provide reasonable assistance to Customer to comply with its obligations under applicable Data Protection Law, including data protection impact assessments and prior consultation with the applicable supervisory authority. AskNicely shall also provide reasonable assistance in providing information to enable Customer to fulfil its obligations and demonstrate its compliance with applicable Data Protection Law and allow for and contribute to audits and inspections, and a right to assistance in the event an audit is required by an applicable supervisory authority.

2.12 Retention of Data.  The personal data shall be retained by AskNicely for a reasonable time in accordance with its provision of Services.  Upon request, AskNicely shall provide specific information on how its retention policy applies to the personal data processed on behalf of Customer.  Upon termination of AskNicely’s Services under this Agreement by either party, and upon request of Customer within thirty days of notice of termination, AskNicely shall at the choice of Customer, delete or return all or any portion of any personal data in its possession or control, and delete existing copies, with deletion occurring as part of AskNicely’s standard deletion cycle.  The personal data will only be further retained as allowed under applicable Data Protection Law or required under regulatory provisions mandating record retention.

3. LIMITED LIABILITY

3.1 Limitation of Liability. Each party’s liability arising out of or related to this DPA, whether in contract, tort or under any other theory of liability, is subject to Section 8.3 “Limitation of Liability” of the Terms, and any reference in such section to the liability of a party means the aggregate liability of that party and all of its Affiliates under the Terms and all DPAs together.  

3.2 NO LIABILITY FOR CONSEQUENTIAL DAMAGES. NOTWITHSTANDING THE FOREGOING, IN NO EVENT SHALL COMPANY BE LIABLE TO CLIENT OR TO ANY THIRD PARTY FOR ANY INDIRECT, SPECIAL, PUNITIVE, INCIDENTAL, CONSEQUENTIAL OR COMPENSATORY LOSSES, DAMAGES, CLAIMS OR CAUSES OF ACTION, INCLUDING, BUT NOT LIMITED TO, THOSE ARISING FROM LOSS OF BUSINESS OR PROFITS OR ANY OTHER ECONOMIC LOSS, EVEN IF COMPANY WAS AWARE OF THE POSSIBILITY OF SUCH DAMAGES.

4. GENERAL

4.1 Precedence. The provisions of this DPA are supplemental to the provisions of the Terms. In the event of inconsistencies between the provisions of this DPA and the provisions of the Terms, the provisions of this DPA shall prevail with respect to the subject matter of this DPA. Where and to the extent that Standard Contractual Clauses in Exhibit D or Exhibit E apply, if there is any conflict between this DPA and Standard Contractual Clauses, Standard Contractual Clauses will prevail.

4.2 Severability. The parties agree that, if any section or sub-section of this DPA is held by any court or competent authority to be unlawful or unenforceable, it shall not invalidate or render unenforceable any other section of this DPA.

4.3 Duration. The DPA shall apply for the duration of the provision of Services under the Terms. For the duration of the provision of Services under the Terms, this DPA cannot be terminated unless the parties have executed an agreement governing the processing of personal data in connection with the provision of the Services under the Terms.

4.4 Governing Law; Venue. Except as otherwise provided herein, this DPA will be governed by and construed in accordance with the laws of the state of Oregon, without regard to its conflict of laws rules. Any legal action or proceeding arising under this Agreement DPA brought by Customer will be brought exclusively in the federal or state courts located in Multnomah County, Oregon and the parties hereby irrevocably consent to the personal jurisdiction and venue therein.

EXHIBIT A
SCOPE OF PROCESSING

This Exhibit A details the scope of the processing of personal data under this Agreement, including for processing of personal data under Exhibit D and Exhibit E, which applies to MODULE 2: Transfer controller to processor and MODULE 3: Transfer processor to processor and MODULE 4: Transfer processor to controller.

Duration of the Processing: AskNicely will process the personal data for the duration of the Agreement, unless otherwise instructed by Customer in writing.  

Subject-Matter of the Processing: The subject matter of the processing is fulfilling of the Services under the Agreement, customer feedback surveys, data analytics and reporting through the AskNicely technology platform, technological support services, and related administrative, sales and marketing activities relevant to the business relationship.  

Nature and Purpose of the Processing: The nature and purpose of the processing is to fulfill the Agreement and perform services on behalf of the Customer to measure customer experience by gathering customer feedback and providing valuable data for business use to improve workforce performance and drive market growth. Other data processing through de-identified, aggregate analysis is for the purpose of improving the AskNicely technology platform and website and for research and statistical purposes.

Categories of Data Subjects: Each category listed includes current, past and prospective data subjects.

  • Customers and Clients
  • Students and pupils
  • Employees, contingent workers, or contractors
  • Customer Representatives
  • Survey Recipients and Respondents
  • Other Users
  • Other Business Representatives

Categories of Data

  • Personal Details: Including name, surname, e-mail and telephone details, address, language preference, date of birth, gender 
  • Employment Details: Including employer name, job title, work email, work phone 
  • Customer Records: Including details of goods and services purchased or for which data subject is considered a prospect; records of interaction with data subject (including customer service records, correspondence and details of complaints and their resolution)l customer billing and financial information (including finance and subscription plans and payment information); account information; communication preferences; content submitted to Customer online properties by data subject (for example, comments posted to website forums hosted by Customer; competition entries; Customer event attendance details; website registration information; personal data collected through the use of cookies set by or on behalf of Customer
  • Electronic Data: Including IP addresses and personal data collected through the use of cookies, navigation, device ID, browser type 
  • Survey Responses: e.g. Customer feedback, experience ratings, and related information
  • Family, Lifestyle and Social Circumstances
  • Other information specific to the AskNicely technology platform and related Services

Special Categories of Data: The parties do not anticipate sharing, and agree to delete upon discovery during their course of performance of the Agreement, personal data that concern any of the following special categories of data:  information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and the processing of data concerning health or sex life or any other similar categories of data provided special protections under applicable data protection laws and regulations.  

Processing Operations: The personal data will be subject to the basic processing activities listed below:

  • Receiving data: Including collection, accessing, retrieval, recording, and data entry
  • Holding data: Including storage, organization and structuring
  • Using data: Including analyzing, consultation, testing, automated decision making and profiling
  • Updating data: Including correcting, adaptation, alteration, alignment and combination
  • Protecting data: Including restricting, encrypting, and security testing
  • Sharing data: Including disclosure, dissemination, allowing access or otherwise making available
  • Returning data to the data exporter or data subject
  • Erasing data: Including destruction and deletion
  • Anonymizing or de-identifying data for aggregate use
  • Protection of rights: Including reducing software piracy and fraud, ensuring that applications and websites are used in compliance with applicable terms and the law; protecting customers and end users; and
  • Product development and improvement: Including measuring and better understanding how websites and applications are used in order to improve these; tailoring overall customer experience with use of websites and applications.
EXHIBIT B
DATA SECURITY REQUIREMENTS

This Exhibit B details the technical and organizational security measures implemented by AskNicely that shall apply to the processing of personal data under this Agreement, including for processing of personal data under Exhibit D and Exhibit E, which applies to MODULE 2: Transfer controller to processor and MODULE 3: Transfer processor to processor.

AskNicely shall implement and maintain appropriate technical an organizational measures designed to protect personal data against any misuse or accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data that AskNicely may transmit, store or otherwise process. AskNicely and each AskNicely Affiliate shall, at a minimum, comply the security standards published  under the AskNicely Security Policy, which can be accessed at: https://www.asknicely.com/security

Technical and Organizational Security Measures Implemented by AskNicely

  • Protect web and database servers using firewalls;
  • Require passwords for account registration requiring minimum password strength attributes;
  • Track user access;
  • Apply role-based security to system access;
  • Use data encryption for personal data appropriate to the type of personal data being processed;
  • Use third-party vendors maintaining compliance with industry standards to process personal data requiring a higher level of protection than available in AskNicely’s systems;
  • Review and test vendor-supplied patches for compatibility before installation;
  • Perform regular system backups;
  • Perform regular maintenance on systems;
  • Perform security monitoring on systems;  
  • Contractually require third-party vendors that process personal data to implement technical and organizational security measures appropriate to the risk of the nature, scope, context and purposes of the processing;
  • Contractually obligate employees to maintain the confidentiality of personal data accessible through their employment; and
  • Require all employees to attend regular security and awareness training.

Technical and Organizational Security Measures applicable to Amazon Web Services

Technical and Organizational Measures applicable to Amazon Web Services are available at: https://aws.amazon.com/security/?nc=sn&loc=0 (last accessed April 16, 2021), and include:

  • AWS investigates all reported vulnerabilities in any aspect of its cloud services.
  • Data encryption in transit interconnecting datacenters and regions is automatically encrypted at the physical layer before it leaves secured facilities.
  • Encryption for all VPC cross-region peering traffic, and Customer or service-to-service TLS connections.
  • Tools managed to encrypt data in transit and at rest to ensure only authorize users can access data.
  • Use of keys managed by AWS Key Management Systems or managed using encryption keys with Cloud HSM using FIPS 140-2 Level 3 validated HSMs.
  • AWS supports more security standards and compliance certifications than any other offering, including PCI-DSS, HIPAA/HITECH, FedRAMP, GDPR, FIPS 140-2, and NIST 800-171, helping satisfy compliance requirements for virtually every regulatory agency around the globe.
EXHIBIT C
LIST OF SUB-PROCESSORS

This Exhibit C details the list of sub-processors engaged to process personal data under this Agreement, including for processing of personal data under Exhibit D and Exhibit E, which applies to MODULE 2: Transfer controller to processor and MODULE 3: Transfer processor to processor.

In the event a sub-processor is engaged to process personal data under this Agreement, the details of the sub-processor shall be added to this Exhibit C.

The controller has authorized the use of the following Sub-processors:

NAME OF SUB-PROCESSOR
LOCATION OF SUB-PROCESSOR
DESCRIPTION OF PROCESSING
Amazon Web Services
USA, Germany, or Australia at the option of customer
Application web hosting and data storage
Datadog
USA
Application data logging
Twilio
USA
SMS
MailChimp
USA
Email delivery
PagerDuty
USA
Server incident alerting
Bugsnag
USA
Exception reporting
Clearbit
USA
Social profile lookup -optional service – see order
New Relic
USA
Application performance monitoring
Pendo
USA
Analytics provider used to track how users interact with the service
Google
USA
Hosting provider
EXHIBIT D
EU STANDARD CONTRACTUAL CLAUSES
(the “EU Standard Contractual Clauses”)

1. Incorporation and References 

The provisions of the EU Standard Contractual Clauses pursuant to European Commission Implementing Decision (EU) 2021/914 of 4 June 2021 available at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc/standard-contractual-clauses-international-transfers_en  and as amended or replaced from time shall be incorporated into this DPA by reference and shall apply to Personal Data of residents of the European Economic Area (“EEA”) as referenced in this Section 1:

  1. On the basis of the Standard Contractual Clauses pursuant to European Commission accessible at https://www.asknicely.com/eu-standard-contractual-clauses 
  2. List of parties required under Annex I as set out in Section 2 of this Exhibit D;
  3. Description of transfer required under Annex I as set out in Exhibit A to this Agreement;
  4. Operative clauses to the EU Standard Contractual Clauses as detailed in Section 3 of this Exhibit D;
  5. Competent supervisory authority required under Annex I as set out in Section 4 of this Exhibit D;
  6. Technical and organizational measures required under Annex II as set out in Exhibit B to this Agreement; and
  7. List of sub-processors authorized for use required under Annex III as set out in Exhibit C to this Agreement.

2. Parties to the EU Standard Contractual Clauses

2.1 Module One shall not apply to this Agreement.

2.2 For the purposes of Module Two the data controller shall be the Customer and the data processor shall be Ask Nicely Holdings Inc., together with its Affiliates (“AskNicely” or “Service Provider”), with offices at 1615 SE 3rd Avenue, Floor 3, Portland, Oregon 97214 United States of America. The Legal Compliance Officer for AskNicely is Sharon Babkes with contact email available at sharon@asknice.ly

2.3 In the event Module Three applies to this Agreement, the processor shall be Ask Nicely Holdings Inc., together with its Affiliates (“AskNicely” or “Service Provider”), with offices at 1615 SE 3rd Avenue, Floor 3, Portland, Oregon 97214 United States of America, and any sub-processor authorized for use as detailed in Exhibit C to this Agreement. The Legal Compliance Officer for AskNicely is Sharon Babkes with contact email available at sharon@asknice.ly

2.4 For the purposes of Module Four the data processor shall be Ask Nicely Holdings Inc., together with its Affiliates (“AskNicely” or “Service Provider”), with offices at 1615 SE 3rd Avenue, Floor 3, Portland, Oregon 97214 United States of America, and the data controller shall be the Customer. The Legal Compliance Officer for AskNicely is Sharon Babkes with contact email available at sharon@asknice.ly

3. Operative Clauses to the EU Standard Contractual Clauses

3.1 The relevant provisions contained in the EU Standard Contractual Clauses are incorporated by reference.

3.2 The personal data transferred concern the categories of data subjects are set out in Exhibit A of the DPA.

3.3 The personal data transferred concern the categories of data are set out in Exhibit A of the DPA.

3.4 If included in processing, the details of special categories are set out in Exhibit A of the DPA.

3.5 In relation to processing operations, the personal data transferred will be subject to the basic processing activities set out in Exhibit A of the DPA.

3.6 The description of the technical and organizational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c) are set out in Exhibit B of the DPA.

3.7 The effective date of the EU Standard Contractual Clauses is the date the Customer agreed to the Agreement.

4. Competent Supervisory Authority

In accordance with Clause 13, the applicable competent supervisory authority shall be determined by reference to the following order:

a) The supervisory authority of the Member State where Customer’s EU headquarters is located; 

b) The supervisory authority of the Member State where Customer’s EU representative is located;  

c) The supervisory authority of one of the Member States in which the data subjects whose personal data is transferred is located; or

d) Dutch Data Protection Authority in the Netherlands. 

EXHIBIT E
UK: STANDARD DATA PROTECTION CLAUSES FOR TRANSFER
Standard Contractual Clauses (processors)

1. Incorporation and References 

1.1 The provisions of the UK Standard Contractual Clauses shall be incorporated into this DPA by reference.

1.2 Pursuant to the terms of the Agreement the parties agree to process personal data of residents of the United Kingdom in compliance with the terms of the UK Standard Contractual Clauses as referenced in this Section 1:

  1. UK Standard Contractual Clauses accessible at https://www.asknicely.com/uk-standard-contractual-clauses 
  2. Data exporter and data importer as detailed in Section 2 of Exhibit E to this Agreement;
  3. Operative clauses to the UK Standard Contractual Clauses as detailed in Section 3 of Exhibit E to this Agreement; and
  4. Information required for the purposes of the Appendices to the UK Standard Contractual Clauses as detailed in Exhibit A, Exhibit B, and Exhibit C of this Agreement as referenced in Section 3 of Exhibit E to this Agreement:

2. Data Exporter and Data Importer

2.1 For the purposes of complying with the UK Standard Contractual Clauses, the Data Exporter is the Customer and engages with AskNicely for specific services that include AskNicely’s proprietary customer feedback software, whereby personal data is transferred for processing and storage through the technology platform, related customer support, and administrative functions. 

2.2 For the purposes of complying with the UK Standard Contractual Clauses, the data importer is AskNicely, the operator of customer feedback software. AskNicely operates data centers in various locations, including USA, Germany, and Australia, for purposes of processing personal data central to its software involving customer feedback and related data analytics and reporting under the Agreement. Account services and customer support services are performed by AskNicely staff in office locations, including in the Netherlands, United States, and New Zealand, where staff access data in the designated data center to perform the tasks relevant to their job roles. The main administrative offices of AskNicely are in Oregon in the United States, from where staff perform administrative functions, involving processing of data in the United States related to the personal data of representatives of AskNicely Customers. The purposes of processing personal data are set out in Exhibit A of the DPA. 

3. Operative Clauses to the UK Standard Contractual Clauses

3.1 The relevant provisions contained in the UK Standard Contractual Clauses are incorporated by reference.

3.2 The personal data transferred concern the categories of data subjects are set out in Exhibit A of the DPA.

3.3 The personal data transferred concern the categories of data are set out in Exhibit A of the DPA.

3.4 If included in processing, the details of special categories are set out in Exhibit A of the DPA.

3.5 In relation to processing operations, the personal data transferred will be subject to the basic processing activities set out in Exhibit A of the DPA.

3.6 The description of the technical and organizational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c) are set out in Exhibit B of the DPA.

3.7 The effective date of the UK Standard Contractual Clauses is the date the data exporter agreed to the Agreement.

Ready to empower your frontline teams?

Book a Demo >