Data Processing Addendum

Last updated on July 11, 2018.

Data Processing Addendum

This Data Processing Addendum (“DPA”) is an agreement between Pitch Perfect Software Inc., a company registered in Nova Scotia, Canada and located at 1877 Hollis street, Suite 500, Halifax, NS, B3J 1W5 (“we” or “us” or “Pitch Perfect”) and you or the entity you represent (“Customer” or “you”). This DPA supplements the Proposify Terms of Service as updated from time to time (“Terms of Service”), when we process personal data on your behalf in connection with the Services.

  1. Definitions

    Terms defined in the Terms of Service shall apply in this DPA, unless defined otherwise in this DPA. The following terms used in this DPA shall have the following meanings:

    “Data Protection Legislation”
    shall mean all applicable laws relating to data protection and privacy including (without limitation) the EU General Data Protection Regulation (2016/679) and any implementing national laws, the EU Privacy and Electronic Communications Directive 2002/58/EC as implemented in each jurisdiction, and any amending or replacement legislation from time to time;

    “Customer Personal Data”
    shall mean all personal data (as defined in the Data Protection Legislation) controlled by the Customer which is processed by Pitch Perfect in providing with the Services; and

    “Services”
    the services provided by Pitch Perfect to the Customer.

  2. 1.1 In this DPA, the terms “process”, “data controller”, “data processor” and “data subject” shall have the meanings set out in the Data Protection Legislation.

    1.2 The parties shall each comply with their respective obligations under the Data Protection Legislation as regards the Customer Personal Data. The parties agree that the Customer shall be the data controller and Pitch Perfect shall be a data processor of any Customer Personal Data. The Customer warrants that its instructions to Pitch Perfect in respect of the Customer Personal Data are lawful.

    1.3 Pitch Perfect shall:

    (a) only process Customer Personal Data in accordance with the Customer’s documented instructions, including with regard to transfers, unless required to do otherwise by applicable law. In which event, Pitch Perfect shall inform the Customer of the legal requirement before processing the Customer Personal Data other than in accordance with the Customer’s instructions, unless legally prohibited from doing so;

    (b) ensure that its personnel are subject to appropriate obligations of confidentiality;

    (c)taking into account the nature of the Services, provide reasonable assistance to the Customer, insofar as this is possible and at the Customer’s cost, for the fulfilment of the Customer’s obligations under the Data Protection Legislation in respect of data security; data breach notification; data protection impact assessments; prior consultation with supervisory authorities; and the fulfilment of data subject’s rights; and

    (d)on termination of this DPA, upon the Customer’s request, return or delete the Customer Personal Data, and delete any existing copies in its possession unless required to retain such Customer Personal Data under applicable law.

    1.4 The Customer consents to Pitch Perfect engaging the subcontractors listed in Schedule 1 to process the Customer Personal Data on its behalf (“Sub-processors”). Pitch Perfect shall ensure Sub-processors are subject to contractual obligations which are the same as or equivalent to those imposed on Pitch Perfect under this DPA. Pitch Perfect shall inform the Customer of any intended changes concerning the addition or replacement of any Sub-processor within a reasonable time prior to implementation of such change. In the event of the Customer objecting to such change, Pitch Perfect shall make reasonable efforts to address the Customer’s concerns (including making reasonable efforts to find an alternative Sub-processor). Pitch Perfect shall remain liable for the performance of any Sub-processor’s obligations.

    1.5 The Customer acknowledges and agrees that Customer Personal Data may be processed by Sub-processors outside the European Economic Area or the country where the Customer is located in order to carry out the Services and Pitch Perfect’s other obligations under the Terms of Service. Pitch Perfect shall implement a data transfer solution to ensure any such transfers are compliant with the Data Protection Legislation.

    1.6 Pitch Perfect shall use appropriate technical and organisational measures to protect Customer Personal Data stored within Pitch Perfect infrastructure against unauthorised and unlawful processing and against accidental loss, destruction, disclosure, damage or alteration, as described in our Security standards.

    1.7 Upon written request, Pitch Perfect shall make available to the Customer such information as is reasonably necessary to demonstrate Pitch Perfect’s compliance with its obligations under this DPA. In addition, Pitch Perfect agrees to permit an audit to be conducted of its facilities, by the Customer or the Customer’s representatives (bound by appropriate obligations of confidentiality), provided such an audit is carried out: (i) during Pitch Perfect’s normal business hours; (ii) in a manner that causes minimal disruption to Pitch Perfect’s business and excludes from its scope any internal pricing information, information relating to other customers of Pitch Perfect or Pitch Perfect’s own internal reports; and (iii) at the Customer’s own cost.

    1.8 Pitch Perfect shall notify the Customer without undue delay of any accidental, unauthorized, or unlawful destruction, loss, alteration, or disclosure of, or access to, Customer Personal Data ("Security Breach"). Pitch Perfect shall provide the Customer with reasonable assistance in relation to the Security Breach, including the provision of such information as is known to Pitch Perfect regarding the nature of the breach, the categories and approximate number of data subjects and records concerned.

    1.9 The Customer Personal Data processing activities carried out by Pitch Perfect under this DPA may be described as follows:

    Subject matter: The provision of the Services.

    Duration: The duration of the Services plus the period from the expiry of the services until deletion of all Customer Personal Data by Pitch Perfect

    Nature and purpose: To enable Pitch Perfect to provide the Services.

    Data categories: personal information relating to employees and business associates of the Customer, which may include name, email, business address, IP address, location by region or country and product usage statistics.

    Data subjects: authorized users, employees of Customer, consultants of Customer, contractors of Customer, customers of Customer, agents of Customer, and/or third parties with which Customer conducts business.

  3. Conflict

    Except as amended by this DPA, the Terms of Service will remain in full force and effect. If there is a conflict between the Terms of Service and this DPA, the terms of this DPA will control.

  4. Changes to the Terms of Service and the Service

    Pitch Perfect reserves the right to update this DPA from time to time, at our discretion and without notice. Each new version will be made available on our Website and it is your responsibility to regularly check our Website for new versions. Your continued use of the Services following the publishing of an updated DPA means that you accept and agree to the changes.

    This DPA was last updated on the 11th of July, 2018.

SCHEDULE 1 – APPROVED SUB-PROCESSORS

Entity Name
Subprocessing Activities
Entity Country

Intercom
Cloud-based CRM services
United States

Productboard
Cloud-based product-management services
United States

Heap
Cloud-based analytics services
United States

Campaign Monitor
Cloud-based email services
United States

Recurly
Cloud-based payment services
United States

Salesforce
Cloud-based CRM services
United States

Zapier
Cloud-based data connection services
United States

Postmark
Cloud-based email notification services
United States

VWO
Cloud-based web optimization services
United States

Crowdcast
Cloud-based webinar services
United States

Marketo
Cloud-based marketing services
United States

Segment
Cloud-based data connection services
United States

Chartmogul
Cloud-based analytics services
United Kingdom

Baremetrics
Cloud-based analytics services
United States

ProfitWell
Cloud-based analytics services
United States

Advocately
Cloud-based advocate management services
United States

Sumo
Cloud-based marketing services
United States

Delighted
Cloud-based net promoter score services
United States

Craft
Cloud-based content management services
United States

Grow Sumo
Cloud-based partner management services
Canada