Data Processing Addendum

Last updated on July 11, 2018

Terms of Use | Privacy Policy | Data Processing Addendum

Data Processing Addendum

This Data Processing Addendum (“DPA”) is an agreement between Proposify Inc., a company registered in Nova Scotia, Canada and located at 1877 Hollis street, Suite 500, Halifax, NS, B3J 1W5 (“we” or “us” or “Proposify”) and you or the entity you represent (“Customer” or “you”). This DPA supplements the Proposify Terms of Service as updated from time to time (“Terms of Service”), when we process personal data on your behalf in connection with the Services.

1. Definitions

Terms defined in the Terms of Service shall apply in this DPA, unless defined otherwise in this DPA. The following terms used in this DPA shall have the following meanings:

“Data Protection Legislation”
shall mean all applicable laws relating to data protection and privacy including (without limitation) the EU General Data Protection Regulation (2016/679) and any implementing national laws, the EU Privacy and Electronic Communications Directive 2002/58/EC as implemented in each jurisdiction, and any amending or replacement legislation from time to time;

“Customer Personal Data”
shall mean all personal data (as defined in the Data Protection Legislation) controlled by the Customer which is processed by Proposify in providing with the Services; and

the services provided by Proposify to the Customer.

1.1 In this DPA, the terms “process”, “data controller”, “data processor” and “data subject” shall have the meanings set out in the Data Protection Legislation.

1.2 The parties shall each comply with their respective obligations under the Data Protection Legislation as regards the Customer Personal Data. The parties agree that the Customer shall be the data controller and Proposify shall be a data processor of any Customer Personal Data. The Customer warrants that its instructions to Proposify in respect of the Customer Personal Data are lawful.

1.3 Proposify shall:

(a) only process Customer Personal Data in accordance with the Customer’s documented instructions, including with regard to transfers, unless required to do otherwise by applicable law. In which event, Proposify shall inform the Customer of the legal requirement before processing the Customer Personal Data other than in accordance with the Customer’s instructions, unless legally prohibited from doing so;

(b) ensure that its personnel are subject to appropriate obligations of confidentiality;

(c)taking into account the nature of the Services, provide reasonable assistance to the Customer, insofar as this is possible and at the Customer’s cost, for the fulfilment of the Customer’s obligations under the Data Protection Legislation in respect of data security; data breach notification; data protection impact assessments; prior consultation with supervisory authorities; and the fulfilment of data subject’s rights; and

(d)on termination of this DPA, upon the Customer’s request, return or delete the Customer Personal Data, and delete any existing copies in its possession unless required to retain such Customer Personal Data under applicable law.

1.4 The Customer consents to Proposify engaging the subcontractors listed in Schedule 1 to process the Customer Personal Data on its behalf (“Sub-processors”). Proposify shall ensure Sub-processors are subject to contractual obligations which are the same as or equivalent to those imposed on Proposify under this DPA. Proposify shall inform the Customer of any intended changes concerning the addition or replacement of any Sub-processor within a reasonable time prior to implementation of such change. In the event of the Customer objecting to such change, Proposify shall make reasonable efforts to address the Customer’s concerns (including making reasonable efforts to find an alternative Sub-processor). Proposify shall remain liable for the performance of any Sub-processor’s obligations.

1.5 The Customer acknowledges and agrees that Customer Personal Data may be processed by Sub-processors outside the European Economic Area or the country where the Customer is located in order to carry out the Services and Proposify’s other obligations under the Terms of Service. Proposify shall implement a data transfer solution to ensure any such transfers are compliant with the Data Protection Legislation.

1.6 Proposify shall use appropriate technical and organisational measures to protect Customer Personal Data stored within Proposify infrastructure against unauthorised and unlawful processing and against accidental loss, destruction, disclosure, damage or alteration, as described in our Security standards.

1.7 Upon written request, Proposify shall make available to the Customer such information as is reasonably necessary to demonstrate Proposify’s compliance with its obligations under this DPA. In addition, Proposify agrees to permit an audit to be conducted of its facilities, by the Customer or the Customer’s representatives (bound by appropriate obligations of confidentiality), provided such an audit is carried out: (i) during Proposify’s normal business hours; (ii) in a manner that causes minimal disruption to Proposify’s business and excludes from its scope any internal pricing information, information relating to other customers of Proposify or Proposify’s own internal reports; and (iii) at the Customer’s own cost.

1.8 Proposify shall notify the Customer without undue delay of any accidental, unauthorized, or unlawful destruction, loss, alteration, or disclosure of, or access to, Customer Personal Data ("Security Breach"). Proposify shall provide the Customer with reasonable assistance in relation to the Security Breach, including the provision of such information as is known to Proposify regarding the nature of the breach, the categories and approximate number of data subjects and records concerned.

1.9 The Customer Personal Data processing activities carried out by Proposify under this DPA may be described as follows:

Subject matter: The provision of the Services.

Duration: The duration of the Services plus the period from the expiry of the services until deletion of all Customer Personal Data by Proposify.

Nature and purpose: To enable Proposify to provide the Services.

Data categories: personal information relating to employees and business associates of the Customer, which may include name, email, business address, IP address, location by region or country and product usage statistics.

Data subjects: authorized users, employees of Customer, consultants of Customer, contractors of Customer, customers of Customer, agents of Customer, and/or third parties with which Customer conducts business.

2. Conflict

Except as amended by this DPA, the Terms of Service will remain in full force and effect. If there is a conflict between the Terms of Service and this DPA, the terms of this DPA will control.

3. Changes to the Terms of Service and the Service

Proposify reserves the right to update this DPA from time to time, at our discretion and without notice. Each new version will be made available on our Website and it is your responsibility to regularly check our Website for new versions. Your continued use of the Services following the publishing of an updated DPA means that you accept and agree to the changes.

This DPA was last updated on the 11th of July, 2018.


Entity Name
Subprocessing Activities
Entity Country

Cloud-based CRM services
United States

Cloud-based product-management services
United States

Cloud-based analytics services
United States

Campaign Monitor
Cloud-based email services
United States

Cloud-based payment services
United States

Cloud-based CRM services
United States

Cloud-based data connection services
United States

Cloud-based email notification services
United States

Cloud-based web optimization services
United States

Cloud-based webinar services
United States

Cloud-based marketing services
United States

Cloud-based data connection services
United States

Cloud-based analytics services
United Kingdom

Cloud-based analytics services
United States

Cloud-based analytics services
United States

Cloud-based advocate management services
United States

Cloud-based marketing services
United States

Cloud-based net promoter score services
United States

Cloud-based content management services
United States

Grow Sumo
Cloud-based partner management services