Effective: May 23, 2018
In the course of providing Testing Services and other services agreed in the Agreement (“Services”) to Customer (“you”, “your”), Testlio (“we”, “us”) may process personal data on your behalf.
This Data Processing Addendum (“DPA” or “Addendum”) forms part of the existing agreement(s) between you and Testlio, and/or other written or electronic agreement for the purchase of Services provided by Testlio (the “Agreement”) to reflect the parties’ agreement with regard to the Processing of Personal Data of Customer, in accordance with the requirements of Data Protection Laws.
Any capitalized but undefined terms herein shall have the meaning set forth in the Agreement.
“Data Protection Legislation” means European Directives 95/46/EC and 2002/58/EC and any legislation and/or regulation implementing or made pursuant to them, or which amends or replaces any of them (including the General Data Protection Regulation (Regulation (EU) 2016/279)), and all other applicable laws relating to processing of personal data and privacy that may exist in any relevant jurisdiction;
“Data Controller” Data Processor”, “Data Subject”, “Processing”, “Personal Data”, “Subprocessors” and “appropriate technical and organisational measures” shall be interpreted in accordance with applicable Data Protection Legislation.
Where a Data Subject is located in the European Economic Area, that Data Subject’s Personal Data will be processed by Testlio. As part of providing the Services, this Personal Data may be transferred to other regions, including to the United States. Such transfers will be completed in compliance with relevant Data Protection Legislation.
The parties agree that Customer is the data controller and that Testlio is its data processor in relation to personal data that is processed in the course of providing the Services. Customer shall comply at all times with Data Protection Legislation in respect of all personal data it provided to Testlio pursuant to the Agreement.
When Testlio Processes Personal Data in the course of providing the Services, Testlio:
- shall Process the Personal Data as a Data Processor, only for the purpose of providing the Services in accordance with documented instructions from you (provided that such instructions are commensurate with the functionalities of the Services), and as may subsequently be agreed to by you. If Testlio is required to process the personal data for any other purpose provided by applicable law to which it is subject, Testlio will inform you of such requirement prior to the processing unless prohibited by law from providing such notice;
- shall notify you without undue delay if, in Testlio’s opinion, your instruction for the processing of Personal Data infringes applicable Data Protection Legislation;
- shall implement and maintain appropriate technical and organisational measures designed to protect the personal data against unauthorised or unlawful processing and against accidental loss, destruction, damage, theft, alteration or disclosure. These measures shall be appropriate to the harm which might result from any unauthorised or unlawful processing, accidental loss, destruction, damage or theft of the personal data and having regard to the nature of the personal data which is to be protected;
- shall notify you promptly upon becoming aware of and confirming any accidental, unauthorized, or unlawful processing of, disclosure of, or access to the Personal Data;
- shall ensure that all Testlio personnel required to access the personal data are informed of the confidential nature of the personal data and comply with the obligations sets out in this Clause;
- upon termination of the Agreement, Testlio will promptly initiate its purge process to delete or anonymize the Personal Data.
- may use Subprocessors to Process the Personal Data. Any such subprocessor will be permitted to process personal data only to deliver the services Testlio has retained them to provide, and they shall be prohibited from using personal data for any other purpose. Any subprocessor to whom Testlio transfers personal data will have entered into written agreements with Testlio requiring that the subprocessor abide by terms substantially similar to this DPA.
In the event of any conflict or inconsistency between the provisions of the Agreement and this Addendum, the provisions of this Addendum shall prevail. For avoidance of doubt and to the extent allowed by applicable law, any and all liability under this Addendum, including limitations thereof, will be governed by the relevant provisions of the Agreement. You acknowledge and agree that Testlio may amend this Addendum from time to time by posting the relevant amended and restated Addendum on Testlio’s website, and such amendments to the Addendum are effective as of the date of posting. Your continued use of the Services after the amended Addendum is posted to Testlio’s website constitutes your agreement to, and acceptance of, the amended Addendum. If you do not agree to any changes to the Addendum, do not continue to use the Service.