These Software Subscription & Services Terms & Conditions (“Terms & Conditions”), including the exhibits hereto, form part of an agreement (this “Agreement”) by and between ProSymmetry, LLC, an Ohio Limited Liability Company (“PROSYMMETRY”) and each customer (“Customer”) that has executed and/or is subject to one or more ProSymmetry order forms (each an “Order”). This Agreement is comprised of such Order and these Terms & Conditions, which are incorporated therein, and is effective as of the date the former has been executed by both Customer and PROSYMMETRY or otherwise takes effect (“Effective Date”). Each of PROSYMMETRY and Customer is a “Party,” and are together the “Parties,” to this Agreement.
EXCEPT FOR THE FOREGOING WARRANTIES, THE SOFTWARE IS PROVIDED “AS IS” AND PROSYMMETRY DISCLAIMS ALL OTHER WARRANTIES, EXPRESS, IMPLIED AND STATUTORY, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. CUSTOMER EXPRESSLY ACKNOWLEDGES THAT THE SOFTWARE MAY NOT BE ERROR FREE NOR ITS USE UNINTERRUPTED.
Data Processing Addendum
to Software Subscription & Services Terms & Conditions
This Data Processing Addendum (the “Addendum”) supplements the ProSymmetry Software Subscription & Services Terms & Conditions (the “Terms & Conditions”) and the agreement of which they are part (the “Agreement”) by and between ProSymmetry, LLC, an Ohio Limited Liability Company (“ProSymmetry”), and the customer identified in an applicable Order (the “Customer”). This Addendum is dated and effective as of the Effective Date of the Agreement.
The Agreement governs access to and use of the Software and related services, pursuant to which data uploaded by the Customer may be stored or processed by ProSymmetry. This Addendum sets out the terms of the Agreement governing data processing.
1.1. Capitalized words and phrases not defined in this Addendum have the same meanings as in the Terms & Conditions.
1.2. “Compliant Jurisdiction” means (i) the United Kingdom, or (ii) a country within the European Economic Area, or (iii) a country with the benefit of a favorable adequacy decision under Article 45 of Regulation (EU) 2016/679.
1.3. “GDPR” means Regulation (EU) 2016/679 (commonly known as the General Data Protection Regulation), as amended from time to time.
1.4. References to ‘Controller’, ‘Data Subject, ‘Personal Data’, ‘Data Breach’, Processor’, ‘Processing’ (including ‘Process,’ ‘Processed,’ etc.), ‘Sensitive Data’ and ‘Supervisory Authority’ have the meanings defined in GDPR. References to ‘Sub-Processor’ mean another Processor appointed by a Processor.
1.5. “Service Data” means aggregated information that is not Personal Data and does not identify the Customer, which arises or results from ProSymmetry’s delivery of the Services pursuant to the Agreement or this Addendum.
2.1. This Addendum supplements the Terms & Conditions and forms part of the Agreement.
2.2. This Addendum applies only to data of or from Customer that includes or might potentially include Personal Data but which expressly excludes Sensitive Data (”Customer Data”) in circumstances where the Processing of that Personal Data by ProSymmetry is subject to GDPR.
2.3. If this Addendum is inconsistent with any other provisions of the Agreement, the Parties intend that the provisions of this Addendum should prevail.
3.1. For all Personal Data provided to ProSymmetry by or on behalf of Customer for Processing under the Agreement, the Parties intend and agree that Customer is the Controller and ProSymmetry is the Processor of the Personal Data
3.2. Except for (i) login details of authorized users of the Software; and (ii) Customer Data that includes Personal Data and is supplied to ProSymmetry by Customer other than by uploading it to or through the Software (if any), ProSymmetry and Customer agree as follows:
3.2.1. ProSymmetry will have no responsibility to Process, store or retain Customer Data except pursuant to the Agreement or other written instructions received from Customer (as Controller) and acknowledged and agreed to by ProSymmetry;
3.2.2. ProSymmetry may implement and maintain such technical and organizational measures to protect Customer Data against unauthorized Processing, accidental loss, destruction, damage, theft, alteration or disclosure (including confidentiality obligations on the part of its employees consistent with the Agreement), as are appropriate in light of the nature of the Customer Data and the harm that might result from the foregoing;
3.2.3. Customer Data may be Processed by ProSymmetry using encryption methods that render such Customer Data unintelligible to ProSymmetry personnel and any software other than the Software in normal operation;
3.2.4. ProSymmetry, as Processor, may engage one or more Sub-Processors to Process Customer Data pursuant hereto;
3.2.5. Customer determines and controls the Customer Data to be Processed hereunder and is solely responsible for transferring or providing access to any Personal Data therein, excluding Sensitive Data therefrom, and for complying with GDPR, as Controller thereof;
3.2.6. Even if the Customer uses the features of the Software to identify Customer Data that contains Personal Data, such attributes of Customer Data may be inaccessible or unintelligible to ProSymmetry personnel and ProSymmetry may therefore be unable to:
18.104.22.168. ascertain whether Customer Data includes Personal Data (as a result of which ProSymmetry may treat all Customer Data as if it might include Personal Data);
22.214.171.124. ascertain whether Customer Data includes any special categories of Personal Data (as a result of which ProSymmetry will not treat any Customer Data any differently);
126.96.36.199. ascertain whether the Software is used by authorized users to Process Customer Data outside the European Economic Area;
188.8.131.52. determine when Personal Data ought to be deleted or when Processing of Personal Data ought to cease;
184.108.40.206. take any steps to comply with the rights of Data Subjects for access to Personal Data, rectification or erasure of Personal Data, data portability, rights to be forgotten, or to act upon any notices from Data Subjects; or
220.127.116.11. keep a record of Processing with any greater information or detail than that which is expressly required to be kept by ProSymmetry pursuant to the Agreement and this Addendum;
3.2.7. ProSymmetry will have the right to collect, extract, compile, synthesize and analyze Service Data and, except as otherwise provided in the Agreement or herein, will own all rights in and to the Service Data.
If Customer uses the Software to Process any Customer Data that includes Personal Data in circumstances where the Processing of that Personal Data is subject to GDPR, for the purpose of ensuring an adequate level of protection as required by Article 45 thereof, ProSymmetry is certified under the Privacy Shield Framework (see www.privacyshield.gov) and shall use commercially reasonable efforts to remain certified for so long as the Framework continues and is generally recognized as satisfying the requirements of Article 45 of GDPR.
This Support Policy is governed by the and incorporated into the PROSYMMETRY Software Subscription & Services Terms & Conditions (the “Terms & Conditions”) and the agreement of which they are part (the “Agreement”). Capitalized terms not defined herein shall have the same meanings as in the Terms & Conditions. Consistent with the terms of each applicable Order, ProSymmetry shall employ commercially reasonable efforts to meet or exceed the standards set forth in this Support Policy.
ProSymmetry shall back up Customer’s data on a daily basis and employ measures intended to ensure that the backup data is accessible and maintained in a manner to enable restoration of the backup version of End Users’ databases in the event of a system malfunction or outage. ProSymmetry shall retain such daily backups of Customer’s data for no more than thirty (30) days.
ProSymmetry service representatives shall be available to respond to Customer’s technical support requests sent by SysAd by email to Support@ProSymmetry.com (“Support Requests”) during the hours of 8:00am – 8:00pm Eastern Standard Time, Monday through Friday, excluding U.S. holidays (the “Support Hours”).
Support Requests submitted to ProSymmetry shall be classified as (i) Level 1 Critical, (ii) Level 2 High, (iii) Level 3 Medium or (iv) Level 4 Low. Customers shall classify such Support Requests in a reasonable manner, based on the severity of the underlying issue. Each Support Request shall be accompanied by (i) a thorough description of the underlying issue (including all information necessary to replicate it) and (ii) the primary point of contact and, if the latter is not a SysAd, (iii) the phone number and (iv) the e-mail address of the primary point of contact.
Upon verifying the severity Level of the Support Request, ProSymmetry will use commercially reasonable efforts to respond to same, as follows:
• Level 1 Critical – ProSymmetry will respond in 2 business hours.
• Level 2 High – ProSymmetry will respond in 4 business hours.
• Level 3 Medium – ProSymmetry will respond in 8 business hours.
• Level 4 Low – ProSymmetry will respond in 16 business hours.
Customer acknowledges and agrees that ProSymmetry cannot guarantee uninterrupted access to or use of the Software or resolution of every issue affecting same and that ProSymmetry shall not be deemed to have breached any provision of the Agreement as a result of failing to resolve any issue within the foregoing response times or otherwise. Customer further acknowledges and agrees that ProSymmetry shall have no liability for any failure or delay in performance resulting directly or indirectly from events or circumstances beyond its control, including acts of God, natural disasters, other catastrophes, acts of civil or military authority, civil disturbance, war, strikes or other labor disputes or disturbances, fire, transportation interruptions, shortages of facilities, fuel, energy, labor or materials, telecommunications disruptions, including interruptions of the Internet, or laws, regulations, acts or orders of any government agency or official thereof.