Data Processing Agreement

Notwithstanding any provision to the contrary, we may modify or update the Security Measures at our discretion provided that such modification or update does not result in a material degradation in the protection offered by the Security Measures. “Personal Data” means any information relating to an identified or identifiable individual where such information is contained within Customer Data; and is protected similarly as personal data, personal information or personally identifiable information under applicable Data Protection Laws. However, the version of the DPA which was applicable at the time the relevant Processing Specification entered into force shall govern the Processing between the Parties until terminated as set out under this DPA and relevant Processing Specification. Customer is also encouraged to download this DPA when signing the Processing Specification. The Audit shall be conducted in such a manner that the Data Processor’s undertakings towards third parties (including but not limited to the Data Processor’s customers, partners and vendors) are in no way jeopardized. All the Data Controller’s representatives or external auditors participating in the Audit shall execute customary confidentiality undertakings towards the Data Processor.

For the avoidance of doubt, if HubSpot, Inc. is not a party to the Agreement, the ‘Limitation of Liability’ section of the General Terms will apply as between you and HubSpot, Inc., and in such respect any references to ‘HubSpot’, ‘we’, ‘us’ or ‘our’ will include both HubSpot, Inc. and the HubSpot entity that is a party to the Agreement. We will remain responsible for each Sub-Processor’s compliance with the obligations of this DPA and for any acts or omissions of such Sub-Processor that cause us to breach any of its obligations under this DPA. The Data Processor shall always allow any relevant regulatory authority supervising the Data Controller’s business to conduct Audits of the Data Processor’s operations, in which case relevant parts of the Parties’ agreement hereunder shall apply. Such contractual arrangements shall be carried out in accordance with the standard data protection clauses adopted or approved by the European Commission attached herein (“SCCs”). As an alternative to entering into the SCCs, the Data Processor may rely upon an alternative transfer safeguard permitting and providing for the lawful transfer of Personal Data outside of the Approved Jurisdictions, provided that such safeguard is in compliance with the Laws. The Customer entity that is the contracting entity is responsible for coordinating all Instructions, authorizations and communications with us under the DPA and will be entitled to make and receive any communications related to this DPA on behalf of its Permitted Affiliates. If we become aware that we cannot Process Personal Data in accordance with your Instructions due to a legal requirement under any applicable law, we will promptly notify you of that legal requirement to the extent permitted by the applicable law; and where necessary, cease all Processing until such time as you issue new Instructions with which we are able to comply.

DPA

When Processing European Data in accordance with your Instructions, the parties acknowledge and agree that you are the Controller of European Data and we are the Processor. If a Data Subject Request or other communication regarding the Processing of Personal Data under the Agreement is made directly to us, we will promptly inform you and will advise the Data Subject to submit their request to you. You will be solely responsible for responding substantively to any such Data Subject Requests or communications involving Personal Data.

• Within the scope of the Agreement and in its use of the services, you will be responsible for complying with all requirements that apply to it under applicable Data Protection Laws with respect to its Processing of Personal Data and the Instructions it issues to us.
• The legal entity agreeing to this DPA as Customer represents that it is authorized to agree to and enter into this DPA for and on behalf of itself and, as applicable, each of its Permitted Affiliates.
• Accelerates customer’s digital agenda with global design, cloud, data and software engineering capabilities.
• You are responsible for independently determining whether the data security provided for in the Subscription Service adequately meets your obligations under applicable Data Protection Laws.
• It has provided the Data Processor with all necessary information in order for the Data Processor to perform the Processing in compliance with the Laws.
• This ‘Additional Provisions for European Data’ section will apply only with respect to European Data.
• “Personal Data Breach” will not include unsuccessful attempts or activities that do not compromise the security of Personal Data, including unsuccessful log-in attempts, pings, port scans, denial of service attacks, and other network attacks on firewalls or networked systems.
• The English service is produced in Berlin and Sydney, the Spanish service in Madrid and Berlin, the Arabic service has its main editorial office in Cairo.

The Parties may agree on a more detailed breach notification process in separate. The Data Processor shall without undue delay notify the Data Controller if it, or one of its Sub-Processors, becomes aware of a Personal Data Breach. Information shall be provided to the contact person named by the Data Controller, if not otherwise agreed between the Parties.

DPA Deutsche Presse-Agentur Overview

The server instances that support the products are also architected with a goal to prevent single points of failure. This design assists our operations in maintaining and updating the product applications and backend while limiting downtime.

“Personal Data Breach” will not include unsuccessful attempts or activities that do not compromise the security of Personal Data, including unsuccessful log-in attempts, pings, port scans, denial of service attacks, and other network attacks on firewalls or networked systems. Dpa main wire and dpa regional services publish around 1,100 articles daily from all over the world in the politics, business, sports and panorama sections. An average of 1,000 photos are offered to customers daily via Bildfunk.

References

Both Parties shall be responsible to ensure that the Processing is made in accordance with the Laws which apply to each Party as well as good data processing practices. Drives enterprise-wide transformation across business processes, applications and infrastructure utilizing automation, cloud and data capabilities. We will ensure that any personnel whom we authorize to Process Personal Data on our behalf is subject to appropriate confidentiality obligations with respect to that Personal Data. We will implement and maintain appropriate technical and organizational measures to protect Personal Data from Personal Data Breaches, as described under Annex 2 to this DPA (“Security Measures”).

The Subscription Service provides you with a number of controls that you can use to retrieve, correct, delete or restrict Personal Data, which you can use to assist it in connection with its obligations under Data Protection Laws, including your obligations relating to responding to requests from Data Subjects to exercise their rights under applicable Data Protection Laws (“Data Subject Requests”). We will only Process Personal Data for the purposes described in this DPA or as otherwise agreed within the scope of your lawful Instructions, except where and to the extent otherwise required by applicable law. We are not responsible for compliance with any Data Protection Laws applicable to you or your industry that are not generally applicable to us. You are responsible for independently determining whether the data security provided for in the Subscription Service adequately meets your obligations under applicable Data Protection Laws. You are also responsible for your secure use of the Subscription Service, including protecting the security of Personal Data in transit to and from the Subscription Service . The parties agree that the Agreement , together with your use of the Subscription Service in accordance with the Agreement, constitute your complete Instructions to us in relation to the Processing of Personal Data, so long as you may provide additional instructions during the subscription term that are consistent with the Agreement, the nature and lawful use of the Subscription Service. “Personal Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise Processed by us and/or our Sub-Processors in connection with the provision of the Subscription Services.

Rights and obligations of the Parties

The English service is produced in Berlin and Sydney, the Spanish service in Madrid and Berlin, the Arabic service has its main editorial office in Cairo. In 2010, the editorial headquarters moved to the historical newspaper district of Berlin, location of the former newsroom for Hamburg, Frankfurt, and Berlin. The corporate headquarters remain in Hamburg, along with subsidiaries news aktuell GmbH, dpa-media technology GmbH, and dpa-infocom GmbH. News is available in seven languages, among them German, English, Spanish and Arabic.

• The Parties may agree on a more detailed breach notification process in separate.
• If you do notify us of such an objection, the parties will discuss your concerns in good faith with a view to achieving a commercially reasonable resolution.
• “Personal Data” means any information relating to an identified or identifiable individual where such information is contained within Customer Data; and is protected similarly as personal data, personal information or personally identifiable information under applicable Data Protection Laws.
• The Data Processor shall without undue delay notify the Data Controller if it, or one of its Sub-Processors, becomes aware of a Personal Data Breach.