This Software Subscription and Services Agreement, including the exhibits hereto (the “Agreement”), by and between ProSymmetry, LLC, an Ohio Limited Liability Company (“PROSYMMETRY”) and the customer signing below (“Customer”), is effective as of the date it has been executed by both (“Effective Date”). Each of PROSYMMETRY and Customer is a “Party,” and are together the “Parties,” to this Agreement.
EXCEPT FOR THE FOREGOING WARRANTIES, THE SOFTWARE IS PROVIDED “AS IS” AND PROSYMMETRY DISCLAIMS ALL OTHER WARRANTIES, EXPRESS, IMPLIED AND STATUTORY, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. CUSTOMER EXPRESSLY ACKNOWLEDGES THAT THE SOFTWARE MAY NOT BE ERROR FREE NOR ITS USE UNINTERRUPTED.
Data Processing Addendum
to Software Subscription & Services Agreement
This Data Processing Addendum (the “Addendum”) supplements the ProSymmetry Software Subscription & Services Agreement (the “Agreement”) by and between ProSymmetry, LLC, an Ohio Limited Liability Company (“ProSymmetry”), and the customer identified in an applicable Order (the “Customer”). This Addendum is dated and effective as of the Effective Date of the Agreement.
BACKGROUND
The Agreement governs access to and use of the Software and related services, pursuant to which data uploaded by the Customer may be stored or processed by ProSymmetry. This Addendum sets out the terms of the Agreement governing data processing.
AGREED TERMS
1.2. “Compliant Jurisdiction” means (i) the United Kingdom, or (ii) a country within the
European Economic Area, or (iii) a country with the benefit of a favorable adequacy decision under Article 45 of Regulation (EU) 2016/679.
1.3. “GDPR” means Regulation (EU) 2016/679 (commonly known as the General Data Protection Regulation), as amended from time to time.
1.4. References to ‘Controller’, ‘Data Subject, ‘Personal Data’, ‘Data Breach’,
‘Processor’, ‘Processing’ (including ‘Process,’ ‘Processed,’ etc.), ‘Sensitive Data’ and ‘Supervisory Authority’ have the meanings defined in GDPR. References to ‘Sub-Processor’ mean another Processor appointed by a Processor.
1.5. “Service Data” means aggregated information that is not Personal Data and does not identify the Customer, which arises or results from ProSymmetry’s delivery of the Services pursuant to the Agreement or this Addendum.
2.2. This Addendum applies only to data of or from Customer that includes or might
potentially include Personal Data but which expressly excludes Sensitive Data (”Customer Data”) in circumstances where the Processing of that Personal Data by ProSymmetry is subject to GDPR.
2.3. If this Addendum is inconsistent with any other provisions of the Agreement, the Parties intend that the provisions of this Addendum should prevail.
Processing under the Agreement, the Parties intend and agree that Customer is the Controller and ProSymmetry is the Processor of the Personal Data.
3.2. Except for (i) login details of authorized users of the Software; and (ii) Customer Data that includes Personal Data and is supplied to ProSymmetry by Customer other than by uploading it to or through the Software (if any), ProSymmetry and Customer agree as follows:
3.2.1. ProSymmetry will have no responsibility to Process, store or retain Customer Data except pursuant to the Agreement or other written instructions received from Customer (as Controller) and acknowledged and agreed to by ProSymmetry;
3.2.2. ProSymmetry may implement and maintain such technical and organizational measures to protect Customer Data against unauthorized Processing, accidental loss, destruction, damage, theft, alteration or disclosure (including confidentiality obligations on the part of its employees consistent with the Agreement), as are appropriate in light of the nature of the Customer Data and the harm that might result from the foregoing;
3.2.3. Customer Data may be Processed by ProSymmetry using encryption methods that render such Customer Data unintelligible to ProSymmetry personnel and any software other than the Software in normal operation;
3.2.4. ProSymmetry, as Processor, may engage one or more Sub-Processors to Process Customer Data pursuant hereto;
3.2.5. Customer determines and controls the Customer Data to be Processed hereunder and is solely responsible for transferring or providing access to any Personal Data therein, excluding Sensitive Data therefrom, and for complying with GDPR, as Controller thereof;
3.2.6. Even if the Customer uses the features of the Software to identify Customer Data that contains Personal Data, such attributes of Customer Data may be inaccessible or unintelligible to ProSymmetry personnel and ProSymmetry may therefore be unable to:
3.2.6.1. ascertain whether Customer Data includes Personal Data (as a result of which ProSymmetry may treat all Customer Data as if it might include Personal Data);
3.2.6.2. ascertain whether Customer Data includes any special categories of Personal Data (as a result of which ProSymmetry will not treat any Customer Data any differently);
3.2.6.3. ascertain whether the Software is used by authorized users to
Process Customer Data outside the European Economic Area;
3.2.6.4. determine when Personal Data ought to be deleted or when Processing of Personal Data ought to cease;
3.2.6.5. take any steps to comply with the rights of Data Subjects for access to Personal Data, rectification or erasure of Personal Data, data portability, rights to be forgotten, or to act upon any notices from Data Subjects; or
3.2.6.6. keep a record of Processing with any greater information or detail than that which is expressly required to be kept by ProSymmetry pursuant to the Agreement and this Addendum;
3.2.7. ProSymmetry will have the right to collect, extract, compile, synthesize and analyze Service Data and, except as otherwise provided in the Agreement or herein, will own all rights in and to the Service Data.
Support Policy
This Support Policy is governed by the and incorporated into the PROSYMMETRY Software Subscription & Services Agreement (the “Agreement”). Capitalized terms not defined herein shall have the same meanings as in the Agreement. Consistent with the terms of each applicable Order, ProSymmetry shall employ commercially reasonable efforts to meet or exceed the standards set forth in this Support Policy.
Upon verifying the severity Level of the Support Request, ProSymmetry will use commercially reasonable efforts to respond to same, as follows:
Customer acknowledges and agrees that ProSymmetry cannot guarantee uninterrupted access to or use of the Software or resolution of every issue affecting same and that ProSymmetry shall not be deemed to have breached any provision of the Agreement as a result of failing to resolve any issue within the foregoing response times or otherwise. Customer further acknowledges and agrees that ProSymmetry shall have no liability for any failure or delay in performance resulting directly or indirectly from events or circumstances beyond its control, including acts of God, natural disasters, other catastrophes, acts of civil or military authority, civil disturbance, war, strikes or other labor disputes or disturbances, fire, transportation interruptions, shortages of facilities, fuel, energy, labor or materials, telecommunications disruptions, including interruptions of the Internet, or laws, regulations, acts or orders of any government agency or official thereof.
4834-4872-1084, v.16