Last Updated 5-22-2018
BuzzStream Customer Data Processing Addendum
This Data Processing Addendum (“DPA”) forms an agreement between Rel Equals, Inc. d/b/a/ BuzzStream and Customer and shall be effective on the date both parties execute this DPA (“Effective Date”). Terms not explicitly detailed within this DPA will be covered within the BuzzStream Terms of Use.
2. Relationship with this Agreement
2.1 Excepting distinct changes made by this DPA, the Terms of Use are still in full effect and enforceable as such. Noted exceptions in this DPA take precedence over conflicting items in the Terms of Use.
2.2 Claims related to this DPA are subject to all exclusions and limitations set forth in the Terms of Use.
2.3 Claims against BuzzStream covered by this DPA shall be brought solely against the entity that is a party to the Terms of Use. No party may limit its liability regarding individuals data protection rights under this DPA or other agreements. Customer agrees that any regulatory penalties brought against or incurred by BuzzStream related to Customer Data that result from or are connected to Customer’s inability or failure to comply with its obligations under this DPA or pertinent Data Protection Laws will be applied to Customer as though they were the full liability of the Customer under this agreement.
2.4 None other than the parties to this DPA shall have any right to enforce any of its terms.
3. Scope and Applicability of DPA
3.1 This DPA applies only to the processing of Customer Data that originates from the EEA or that is otherwise subject to EU Data Protection Law on behalf of Customer in the course of providing services laid out in the Terms of Use.
3.2 This DPA shall be applied to the processing of Customer Data from the Effective Date, excepting for universal GDPR obligations which take effect from May 25th, 2018.
4. Roles and Scope of Processing
4.1 Role of the Parties: Customer is the Data Controller of Customer Data. BuzzStream will process Customer Data as a Data Processor acting on behalf of Customer.
4.2 Customer Processing of Customer Data: Customer agrees that it will comply with all obligations as a Data Controller under applicable Data Protection Laws concerning all processing of Customer Data and through any processing instructions issued to BuzzStream or which are utilized as part of the BuzzStream Services.
4.3 Notice and Consent for Customer Data: Customer affirms that it has provided notice and received consent, as well as providing for the application of all rights associated with and defined by applicable Data Protection Laws, for BuzzStream to process Customer Data and provide services laid out in the Terms of Use and this DPA.
4.4 BuzzStream Processing of Customer Data: BuzzStream will only process Customer Data for the purposes described in this DPA and Terms of Use and only according to the Customer’s lawful intended purpose. Any purposes not covered by this DPA and the Terms of Use will require prior written agreement between Customer and BuzzStream.
4.5 Specifics of Data Processing: Specifics of data processing are covered by the Terms of Use and detailed in Annex A of this DPA.
4.6 Customer agrees that BuzzStream has the right to use and/or disclose information as needed for the purposes of support and/or ongoing use of BuzzStream Services for lawful business purposes. These include account management, product development, technical support, sales, marketing, product development and billing. BuzzStream is considered Data Controller of all such data and will process said data in accordance with the BuzzStream Privacy Policy and Data Protection Laws.
4.7 Tracking: Customer agrees that BuzzStream may employ the use of tracking technologies including cookies, unique identifiers, device identifiers, and similar technologies for the purposes of adequate performance of its Services. These technologies will be implemented in full accordance with this DPA, the BuzzStream Terms of Use and Privacy Policy, and Data Protection Laws.
5. Sub-processors
5.1 Use of Sub-processors: Customer agrees that BuzzStream may use the services of Sub-processors on the behalf of its customers. The list of current Sub-processors may be found in Annex B.
5.2 Authorization and Requirements of Sub-processors: All Sub-processors will enter into a written agreement with BuzzStream requiring the Sub-processor to protect Customer Data to the standards required by applicable Data Protection Laws. BuzzStream will maintain responsibility for compliance with this DPA and the Terms of Use as related to any actions by the Sub-processor that may cause BuzzStream to breach this DPA.
6. Security
6.1 Security Measures: BuzzStream will implement security measures as appropriate to protect against unauthorized or unlawful data access, modification, loss, or destruction. BuzzStream will ensure that all Customer Data is protected to industry standard and will maintain such security protocols to those standards throughout the term of this DPA and the Terms of Use. Further, BuzzStream ensures the resilience and confidentiality of all Services.
6.2 Secure Customer Use: The Customer agrees that with the exceptions listed in this DPA Customer is responsible for the secure use of all BuzzStream Services including account security, protection of Customer Data when transferring to/from BuzzStream, and encrypting/backing up data as necessary.
7. Confidentiality
7.1 Confidential Processing: BuzzStream ensures that all BuzzStream agents and Sub-contractors will maintain full confidentiality in relation to Customer Data. All of these described entities will undergo training related to confidential data handling and shall serve under and obligation of confidentiality as appropriate.
8. Data Breach
8.1 Response to Data Breach: BuzzStream will notify customer with all due haste in the event of a Security incident related to the compromise of Customer data. It shall provide information as requested in such an event and will work with customer as appropriate to handle the response.
9. Updates to Sub-processor list
9.1 BuzzStream will provide an updated list of sub-processors to customer on request. If desired, Customer may enroll in our list to be updated when BuzzStream modifies the list of Sub-processors through this link. If you have any issues please contact us at privacy@buzzstream.com.
9.2 Customer may object to the addition of a Sub-processor within five (5) days of update. If said objection is reasonable BuzzStream will attempt to work with Customer to accommodate their objection. If a mutually agreed upon accomodation cannot be reached, Customer will have the right to suspend or terminate their agreement to the Terms of Use.
10. Access to Data After Termination of Service
10.1 Upon termination of BuzzStream Services or voluntary end of agreement to the Terms of Use or this DPA, BuzzStream will at Customer request return or delete all Customer Data that is under BuzzStream control to the extent that it is appropriate and technically feasible, excepting that which is retained as required by law and that which is archived on back-up systems (which will be isolated from further process at the point of termination of BuzzStream Services or the Terms of Use).
11. Cooperation with Customer
11.1 BuzzStream Services provide tools that allow the Customer to collect, modify, delete, restrict or retrieve Customer Data. The Customer may use these tools to fulfill obligations as required under pertinent Data Protection Laws. If Customer is unable to access necessary Customer Data, BuzzStream will (at Customer expense) cooperate with Customer to access data.
11.2 BuzzStream will not respond to any individuals on the nature of Customer processing of their data or applicable data protection authorities on behalf of the Customer excepting where required by law. In such an event, BuzzStream will notify and forward such requests to Customer unless legally prevented from doing so.
12. Cooperation with Law Enforcement
12.1 If BuzzStream receives a request for Customer Data from a legitimate law enforcement agency, BuzzStream will attempt to redirect that request to the Customer directly. In doing so, BuzzStream may provide necessary contact details on behalf of Customer. If BuzzStream is legally required to disclose Customer Data BuzzStream will attempt to provide notice to Customer unless legally prevented from doing so.
12.2 BuzzStream shall provide information requested by a customer for the purposes of carrying out data impact assessments at Customer to the extent required by Data Protection Laws and at Customer expense.
9. Privacy Shield
9.1 BuzzStream has been certified to provide adequate protection for Customer Data transferred out of the EEA through it’s participation in the Privacy Shield framework and through its adherence to the Privacy Shield Principles. BuzzStream agrees to notify Customer if it is unable to maintain adherence to those Principles or if it exits the Privacy Shield framework.
————————————————————————-
Signed Copy of DPA
For a signed copy of this DPA please email us at privacy@buzzstream.com. Complete the form and send it to us to ensure full compliance.
————————————————————————-
Annex A: Data Processing Purpose and Details
————————————————————————-
Annex B: List of Current BuzzStream Subprocessors
Google Analytics
GoToMeeting
GoToWebinar
Zendesk
Intercom
Sendgrid
Unbounce
Mailchimp
Quickbooks
Amazon Web Services
Stripe
Authorize.net
Sumo