Customer Data

Data Processor Agreement

This Data Processor Agreement (DPA) replaces any Agreements between Webslice and the Customer and details the rights and obligations of each parties for data privacy under Applicable Laws. Updates to this DPA may be posted at any time at our sole discretion and to ensure future compliance; the current version may be found at webslice.com/policies-compliance/data-processor-agreement.

Definitions

  • "Affiliates" means any subsidiaries, contractors, representatives, agents, vendors or distributors which, as determined by us in our sole and absolute discretion, assist in the performance of the Webslice Services.

  • Customer Data" means all content, including without limitation, all data, text, audio, software (including machine images or processes), or visual (both static and dynamic) files that are provided to us by, or on behalf of, you through your use of the Webslice Services, and all content provided by you or on your behalf relating to your Personal Data or the Personal Data of your End Users.

  • "Data Controller" has the meaning as defined in the EU Model Contract.

  • "Data Exporter" has the meaning as defined in the EU Model Contract.

  • "Data Importer" has the meaning as defined in the EU Model Contract.

  • "Data Processor" has the meaning as defined in the EU Model Contract.

  • "Data Subject" means any natural person who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his/her/its physical, physiological, mental, economic, cultural or social identity, including without limitation, a full name, company name (if applicable), billing address, credit card number and expiration date, email address, and source.

  • "EU GDPR" means the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data);

  • "EU Model Contract" means the Data Processor Agreement and the Standard Contractual Clause C(2010)593 issued by the European Union European Commission, Directorate of General Justice as provided by us to our Customers in the European Economic Area.

  • "Personal Data" means any information relating to a Data Subject that you or your End Users directly or indirectly provide to us as part of the Webslice Services or any Data Subject's use of any Webslice Resource.

  • "Proprietary Rights" means any right, interest or authorized or permitted ability to use, distribute, redistribute, produce, reproduce or display any tangible or intangible property protected by patent, copyright, trade secret, trademark, or other intellectual property right.

  • “Processor” means an entity that processes Personal Data on behalf of the Controller.

  • “Processing” has the meaning given to it in the GDPR and “process”, “processes” and “processed” shall be interpreted accordingly.

  • “Security Incident” means any unauthorized or unlawful breach of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to Personal Data.

  • "Subprocessors" means any subsidiaries, contractors, representatives, agents, vendors or distributors engaged to process Customer Data as part of the Webslice Services.

Scope

This DPA applies where Customer Data is processed by Webslice. Specific provisions in this DPA are applicable where Webslice processes Customer Data where that data includes any Personal Data which is subject to Data Protection Laws of the European Union, The European Economic Area and/or their member states, Switzerland and/or the United Kingdom. The Customer and Webslice agree to comply with this DPA to comply with these laws.

Our Role

Webslice provides hosting infrastructure and services which are made available to you as our Customer. As a digital infrastructure provider, the platforms provided to you are in your control and are highly flexible in enabling you to configure to your requirements, and in this capacity we act as your Data Processor and do not have any Proprietary Rights to any data that is accessed, maintained and/or transmitted by you or your End Users to or from Webslice-managed infrastructure. Nothing in this DPA shall prevent Webslice from using or sharing any data that Webslice would otherwise collect and process independently of your use of our Services.

Customer Role

As a user of our services, you retain control of any data processed by Webslice, so you are the Controller of any Personal Data. Webslice shall only process this data on behalf of you, the Customer. The Customer agrees that as the Controller of any Personal Data, you will comply with any Data Protection Laws with respect to processing of that Personal Data and any instructions sent to Webslice or Webslice systems.

Our Obligations

As a Data Processor, we will only process data as permitted by the Agreement or your other instructions, or as necessary for our internal requirements related to the provision of Service. We will only process Personal Data as and when instructed by you and only to perform services in accordance with this Agreement, to ensure compliance with this agreement, or to comply with other lawful directions from you as the Customer which are consistent with this Agreement. No processing of Personal Data shall be made outside of this Agreement without a separate signed Agreement for that specific Processing.

Customer's Obligations

As the Data Controller, you acknowledge that you are at all times solely responsible for obtaining and maintaining Proprietary Rights for any and all Customer Data you instruct us to Process. You are solely responsible for how this data is accessed or used either directly or indirectly by you or any End Users you may have, including any intentional or un-intentional use or misuse of your Webslice service or account. You are responsible for the usage of Webslice services and ensuring your services are maintained and secured using appropriate steps to ensure all steps for protecting and backing up Customer Data. Any passwords, keys or other access logins provided to you by Webslice are for your use only and should also be secured by you. You are responsible for any End Users of any service provided by Webslice to you and are responsible for any steps to secure or restrict access by End Users to any Personal Data. You are responsible to ensure End Users comply with obligations under this agreement and shall be responsible to provide any support required to any End Users. Webslice will in no way be responsible to provide support to End Users or provide advice to End Users under this agreement.

Personal Data

In the event that a Data Subject makes a direct request to Webslice to disclose, process or retrieve any information relating to Personal Data for which you are the Controller and Webslice is the processor, we will promptly notify you of this request, unless prohibited to do so by relevant law or lawful directions by law enforcement agencies. We will not independently take any actions in relation to a request from a Data Subject without your prior written authorisation and instructions. We will cooperate with your reasonable requests for access to Personal Data and any other information required to assist with responding to a lawful request by a Data Subject.

Subprocessing

The Customer agrees that Webslice may use sub-processors to process Personal Data. Webslice shall ensure that any and all sub-processors who process Personal Data shall conform to our obligations under this Agreement. You expressly grant us authorization for

(i) Webslice to appoint our Affiliates to provide processing or sub-processing services, and

(ii) Webslice and our Affiliates to appoint Subprocessors, including without limitation, third party data center, development, production, maintenance marketing, financing and customer support providers in connection to any Webslice Resource or Webslice Service.

Webslice will provide you with a copy of our Subprocessors which relates to your use of a Webslice Resource or Webslice Service upon request. If you have a reasonable objection to a Subprocessor which relates to your use of a Webslice Resource or Webslice Service, you shall notify Webslice of your objection in writing and Webslice shall respond within thirty (30) days of such request (each a "Subprocessor Request"). Webslice, at Webslice's sole and absolute discretion, shall determine if we are able to provide the applicable Webslice Resource or Webslice Service without the use of the applicable Subprocessor. If Webslice is unable to reasonably satisfy your concerns within ninety (90) days of a Subprocessor Request, you may terminate your Account subject to any term obligations.

Your failure to provide written objections or requests within any of the deadlines provided in Section 10.2 will be deemed to be a waiver of the applicable Subprocessor Request. Webslice shall ensure that our Subprocessors shall only be engaged by written contract which imposes processing and sub-processing terms which are substantially no less protective of your Customer Data than this Agreement. Webslice shall be responsible for procuring Suprocessor performance under this Agreement and shall be liable to Customer for any breach of your Customer Data by a Subprocessor, subject to any indemnification or subrogation agreements entered into by us and the applicable Subprocessor. In all instances not related to a breach of Customer Data by a Subprocessor, you and your End Users expressly acknowledge and agree that any disputes, controversies, claims or actions shall be raised in the first instance against the applicable Subprocessor and not against Webslice.

Disclaimers and Releases

Global Transfers of Personal Data. To the extent that Personal Data originates from the European Economic Area or Switzerland, your transfers of Personal Data to us or to our Affiliates or Subprocessors are made subject to this Agreement, the EU GDPR and the EU Model Contract, with you acting as the Data Exporter and us and/or our Affiliates or Subprocessors acting as the Data Importer. The terms of this Agreement shall be read in conjunction with the EU Model Contract and/or any other appropriate transfer mechanism or device permitted by the laws of the United States of America and the European Union.

Disclaimer of Certain Issues. THE WEBSLICE SERVICES ARE PROVIDED "AS IS." WE, OUR AFFILIATES AND OUR SUBPROCESSORS MAKE NO REPRESENTATIONS OR WARRANTIES OF ANY KIND, WHETHER EXPRESSED, IMPLIED, STATUTORY OR OTHERWISE REGARDING THE WEBSLICE SERVICES, INCLUDING ANY WARRANTY THAT THE WEBSLICE SERVICES WILL BE UNINTERRUPTED, ERROR FREE OR FREE OF RISK OR ADVERSE ELEMENTS, OR THAT ANY CONTENT, INCLUDING YOUR CUSTOMER DATA, WILL BE SECURE OR NOT OTHERWISE LOST OR DAMAGED. EXCEPT TO THE EXTENT PROHIBITED BY LAW, WE AND OUR AFFILIATES AND SUBPROCESSORS DISCLAIM ALL WARRANTIES, INCLUDING ANY IMPLIED WARRANTIES OF MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, OR QUIET ENJOYMENT, AND ANY WARRANTIES ARISING OUT OF ANY COURSE OF DEALING OR USAGE OF TRADE.

Limitation of Liability and Indemnification

Indemnification. You will indemnify, defend and hold us, our Affiliates and our Subprocessors harmless from and against all claims, damages, losses, liabilities, costs and expenses (including reasonable attorney fees and legal costs) in connection with disputes, controversies, claims or actions made or brought by a third party arising from:

(i) you and your End Users' breach of this Agreement or violation of any applicable law;

(ii) you and your End Users' authorized or unauthorized use of the Webslice Services;

(iii) you and your End Users' authorized or unauthorized access, maintenance or transmission of content or data by or through Webslice Resources;

(iv) you and your End Users' wrongful or negligent acts or omission in connection with its performance of any Webslice Service;

(v) you and your End Users' infringement or misappropriation of any Proprietary Right(s);

(vi) Customer's disclosure of any information that is confidential or protected by law and

(vii) as between you and your End Users.

Amendments or Modification

This Agreement shall not be amended or modified, nor shall it be deemed, interpreted or construed to be amended or modified, without the prior written consent of an authorized representative of Webslice. You agree that we may provide you with notices, including those regarding changes to this Agreement or any Service Level Agreements, by email or regular mail to be sent to the addresses listed in your Account or by publication on any Webslice Resource(s). You must provide us with all notices through Webslice Customer Support.

Security

Our Security

Webslice shall maintain and implement appropriate technical and procedural security measures to keep Customer Data protected from Security Incidents and help ensure the integrity and confidentiality of Personal Data.

Confidentiality

Webslice shall ensure that only appropriately trained, screened and vetted personnel should have access to Webslice infrastructure where such personnel need to have access to infrastructure and systems to ensure Webslice systems are maintained and kept secure and available for reliable use. All staff, subprocessors, suppliers or contractors shall be required to act in accordance with this DPA and shall be subject to confidentiality agreements.

Incident Response

Webslice maintains an Incident Response Plan. Appropriately trained Webslice staff are familiar with our Incident Response plan which details responsibilities in the event of any Security Incident.

Incident Reporting

Webslice's Incident Response Plan includes guidelines for timeframes for reporting initial and post-mortem reports in the event of an Incident which may affect Customer Data. Upon becoming aware of a Security Incident, Webslice shall notify and provide appropriate information to the Customer inside a reasonable timeframe as information becomes confirmed and verified or as reasonably requested by the customer.

Severence

Whenever possible, each provision of this Agreement shall be interpreted to be effective and valid under applicable law. If, however, any such provision shall be prohibited by or invalid under such law, it shall be deemed modified to conform to the minimum requirements of such law, or if for any reason it is not so modified, it shall be prohibited or invalid only to the extent of such prohibition or invalidity without the remainder of such provision, or any other provision of these terms and conditions, being prohibited or invalid.