Last Updated 5-22-2018
BuzzStream Customer Data Processing Addendum
2. Relationship with this Agreement
2.4 None other than the parties to this DPA shall have any right to enforce any of its terms.
3. Scope and Applicability of DPA
3.2 This DPA shall be applied to the processing of Customer Data from the Effective Date, excepting for universal GDPR obligations which take effect from May 25th, 2018.
4. Roles and Scope of Processing
4.1 Role of the Parties: Customer is the Data Controller of Customer Data. BuzzStream will process Customer Data as a Data Processor acting on behalf of Customer.
4.2 Customer Processing of Customer Data: Customer agrees that it will comply with all obligations as a Data Controller under applicable Data Protection Laws concerning all processing of Customer Data and through any processing instructions issued to BuzzStream or which are utilized as part of the BuzzStream Services.
5.1 Use of Sub-processors: Customer agrees that BuzzStream may use the services of Sub-processors on the behalf of its customers. The list of current Sub-processors may be found in Annex B.
6.2 Secure Customer Use: The Customer agrees that with the exceptions listed in this DPA Customer is responsible for the secure use of all BuzzStream Services including account security, protection of Customer Data when transferring to/from BuzzStream, and encrypting/backing up data as necessary.
7.1 Confidential Processing: BuzzStream ensures that all BuzzStream agents and Sub-contractors will maintain full confidentiality in relation to Customer Data. All of these described entities will undergo training related to confidential data handling and shall serve under and obligation of confidentiality as appropriate.
8. Data Breach
8.1 Response to Data Breach: BuzzStream will notify customer with all due haste in the event of a Security incident related to the compromise of Customer data. It shall provide information as requested in such an event and will work with customer as appropriate to handle the response.
9. Updates to Sub-processor list
9.1 BuzzStream will provide an updated list of sub-processors to customer on request. If desired, Customer may enroll in our list to be updated when BuzzStream modifies the list of Sub-processors through this link. If you have any issues please contact us at firstname.lastname@example.org.
10. Access to Data After Termination of Service
11. Cooperation with Customer
11.1 BuzzStream Services provide tools that allow the Customer to collect, modify, delete, restrict or retrieve Customer Data. The Customer may use these tools to fulfill obligations as required under pertinent Data Protection Laws. If Customer is unable to access necessary Customer Data, BuzzStream will (at Customer expense) cooperate with Customer to access data.
11.2 BuzzStream will not respond to any individuals on the nature of Customer processing of their data or applicable data protection authorities on behalf of the Customer excepting where required by law. In such an event, BuzzStream will notify and forward such requests to Customer unless legally prevented from doing so.
12. Cooperation with Law Enforcement
12.1 If BuzzStream receives a request for Customer Data from a legitimate law enforcement agency, BuzzStream will attempt to redirect that request to the Customer directly. In doing so, BuzzStream may provide necessary contact details on behalf of Customer. If BuzzStream is legally required to disclose Customer Data BuzzStream will attempt to provide notice to Customer unless legally prevented from doing so.
12.2 BuzzStream shall provide information requested by a customer for the purposes of carrying out data impact assessments at Customer to the extent required by Data Protection Laws and at Customer expense.
9. Privacy Shield
9.1 BuzzStream has been certified to provide adequate protection for Customer Data transferred out of the EEA through it’s participation in the Privacy Shield framework and through its adherence to the Privacy Shield Principles. BuzzStream agrees to notify Customer if it is unable to maintain adherence to those Principles or if it exits the Privacy Shield framework.
Signed Copy of DPA
For a signed copy of this DPA please email us at email@example.com. Complete the form and send it to us to ensure full compliance.
Annex A: Data Processing Purpose and Details
Annex B: List of Current BuzzStream Subprocessors
Amazon Web Services