Veri İşleme Koşulları | OneSuite

This Data Processing Terms Addendum ("Addendum") forms part of the Agreement based on the OneSuite Terms of Use ("Agreement") between OneSuite ("OneSuite") and the individual or entity identified in the Agreement as "You" or "the Customer" to whom OneSuite provides services under the Agreement (the "Customer"). This Addendum applies only to the extent that OneSuite processes personal data (as defined below) originating from the EEA (and/or otherwise subject to Data Protection Laws) on behalf of the Customer as a data processor in the course of providing the OneSuite service pursuant to the Agreement. Data Protection Legislation means (i) to the extent the GDPR is directly applicable in the United States, the GDPR and all national implementing laws, regulations, and secondary legislation as amended in the United States and then (ii) any successor laws to the GDPR or the Data Protection Act 1998. "GDPR" means the General Data Protection Regulation ((EU) 2016/679).

The terms used in this Addendum shall have the meanings set forth in this Addendum. Capitalized terms not otherwise defined herein shall have the meanings assigned to them in the Agreement. Subject to the amendments set forth below, the terms of the Agreement shall remain in full force and effect. In consideration of the mutual obligations, the parties hereby agree that the terms below shall be added as an addendum to the Agreement. Unless the context requires otherwise, references in this Addendum to the Agreement are to the Agreement as amended by and including this Addendum.

1.1 Both parties shall comply with all applicable requirements of the Data Protection Legislation. This Clause 1 supplements the obligations of either party under the Data Protection Legislation and does not relieve, remove, or replace them.

1.2 The parties acknowledge that for the purposes of the Data Protection Legislation, the Customer is the Controller and OneSuite is the Processor of all personal data that OneSuite processes on behalf of the Customer under the Agreement (where personal data, Controller, and Processor have the meanings defined in the Data Protection Legislation).

1.3 Without prejudice to the generality of Clause 1.1, the Customer shall ensure that it has all necessary appropriate consents and notices in place to enable the lawful transfer of personal data (as defined in the Data Protection Legislation) to OneSuite for the duration and purposes of the Agreement.

1.4 Without prejudice to the generality of Clause 1.1, OneSuite shall, in relation to all personal data processed in connection with the performance of OneSuite's obligations under the Agreement:

1.4.1 process such personal data only on the written instructions of the Customer (as documented in Clause 1.7), unless OneSuite is required by Data Protection Legislation to do so;

1.4.2 implement and maintain appropriate technical and organizational data security practices and procedures to ensure a level of security appropriate to the risk of loss of confidentiality, integrity, and availability of the personal data;

1.4.3 ensure that all employees who have access to and/or process personal data are obliged to maintain the confidentiality of the personal data;

1.4.4 to the extent required to comply with applicable legal, regulatory, or law enforcement requirements, promptly inform the Customer upon becoming aware of any loss, theft, misuse, unauthorized access, disclosure or acquisition, destruction, or other compromise of personal data in its systems affecting personal data;

1.4.5 inform the Customer of: (i) formal requests from data subjects to exercise their rights of access, rectification, or erasure of their personal data, their right to restrict or object to processing, and their right to data portability, and not respond to such requests unless instructed in writing by the Customer; and (ii) requests from public authorities requiring the Customer to disclose personal data processed under the Services or to participate in an investigation related to such personal data;

1.4.6 not transfer personal data outside of the European Economic Area unless appropriate safeguards have been applied in accordance with the Data Protection Legislation. The parties agree that OneSuite may transfer personal data processed under the Agreement outside the European Economic Area ("EEA") or Switzerland to the extent necessary for the provision of the Services;

1.4.7 assist the Customer, at the Customer's cost, in responding to data subject requests and in complying with its obligations under the Data Protection Legislation in relation to security, breach notifications, impact assessments, and consultations with supervisory or regulatory authorities;

1.4.8 upon the written instruction of the Customer, delete or return personal data and copies thereof upon termination of the Agreement, unless the Data Protection Legislation requires retention of the personal data;

1.4.9 make available to the Customer, in accordance with the Data Protection Legislation, the information in its possession or control necessary to demonstrate OneSuite's compliance with the obligations set forth in this Clause 1, and allow and contribute to audits, including inspections, by the Customer (or an auditor appointed by the Customer) for this purpose (subject to prior agreement and a maximum of one audit request in any 12-month period); and

1.4.10 maintain complete and accurate records and information to demonstrate compliance with this Clause 1.

1.5 The Customer agrees to the appointment of the sub-processors listed in our current sub-processor list as third-party sub-processors ("Sub-processors") of personal data under the Agreement and grants OneSuite a general authorization to appoint additional Sub-processors. OneSuite confirms that it has entered into or (as the case may be) will enter into a written agreement with each Sub-processor containing provisions substantially similar to those set forth in this Clause 1. OneSuite shall inform the Customer of any addition, replacement, or other change of Sub-processors and give the Customer the opportunity to reasonably object to such changes on legitimate grounds. The Customer acknowledges that these Sub-processors are essential for the provision of the Services and that objecting to the use of a Sub-processor may prevent OneSuite from offering the Services to the Customer. In the event that the Customer objects to the use of a new Sub-processor, either party may terminate the Agreement by notice to the other party without any liability in respect of such termination.

1.6 The parties may amend this Clause 1 by mutual written agreement by replacing it with applicable Standard Contractual Clauses between Controller and Processor or similar terms that form part of an applicable certification scheme (which upon replacement shall apply by attachment to the Agreement).

1.7 Instructions for Processing:

Signatures

IN WITNESS WHEREOF, this Addendum is entered into and becomes a binding part of the Agreement as of the last date of signature.

OneSuite

Signature __________________________

Name: Syed Rezwanul Haque

Title: Founder

Date of Signature:

Customer

Signature __________________________

Name:

Title:

Date of Signature: