This data processing addendum (the “Addendum”) applies to personal data that Vizia processes on the Customer’s behalf as part of Vizia’s services to the Customer (“Services”). Vizia means Vizia Limited, an English company (company number 11796969) with its registered office at Sovereign House, Church Street, 1st Floor, Brighton, BN1 1UJ (“Vizia”).
This Addendum is forms part of the terms and conditions agreed to (“Agreement”) between Vizia and the Customer. This Addendum only applies to Vizia’s processing of personal data on the Customer’s behalf as part of any Services. In the event of a conflict between the Agreement and this Addendum, this Addendum prevails. Any terms not defined in this Addendum have the meanings given to them in the Agreement.
How to execute this Addendum:
- Vizia has pre-signed this Addendum. The Customer only needs to sign this Addendum and email it to Vizia.
- The Customer must print and sign this Addendum at the bottom of this document, before Schedule 1.
- After the Customer has signed everything in this Addendum, the Customer must print and email the signed Addendum to email@example.com.
1. The Customer’s instructions
1.1. In this Addendum, the terms “personal data”, “process”, “data controller”, “data processor”, “data subject”, and “personal data breach” have the meanings set out in the Data Privacy Laws.
1.2. If Vizia processes any personal data on the Customer’s behalf as part of any Services, Vizia will process such personal data only on the Customer’s documented instructions, unless required to do so by applicable law; where applicable law requires otherwise, Vizia will inform the Customer of the legal requirement before processing, unless that law prohibits such information on important grounds of public interest.
1.3. The parties agree that this Addendum constitutes the Customer’s documented instructions for the processing of personal data as part of the provision of the Services. Additional instructions outside the scope of this Addendum will be subject to the prior written agreement between the parties, including in relation to any additional fees that the Customer is required to pay to Vizia for carrying out such instructions.
1.4. The Customer will ensure that its use of the Services and its instructions regarding the processing of any personal data pursuant to this Addendum will comply with all applicable laws, and that Vizia’s processing of any personal data in accordance with the Customer’s instructions will not cause Vizia to be in breach of any Data Privacy Laws.
2. Vizia’s obligations
2.1. If Vizia processes any personal data on the Customer’s behalf as part of the provision of the Services, Vizia will:
(a) its personnel that it authorises to process personal data have committed themselves to appropriate obligations of confidentiality;
(b) implement appropriate technical and organisational measures to ensure a level of security appropriate to the risks associated with processing the personal data;
(c) taking into account the nature of the processing and the information available to Vizia, subject to payment of Vizia’s reasonable and demonstrable costs and expenses, provide reasonable and appropriate assistance to the Customer, to the extent possible, in relation to:
(i) the fulfilment by the Customer of the Customer’s obligations to respond to requests relating to the exercise of individuals’ rights under Data Privacy Laws where Vizia processes such individuals’ personal data pursuant to this Addendum; and
(ii) the Customer’s compliance with its obligations under Data Privacy Laws relating to the security of personal data, notification of personal data breaches to the applicable supervisory authority and/or communication of personal data breaches to individuals (to whom such personal data relate), data protection impact assessments and prior consultation with supervisory authorities, in each case in relation to any personal data Vizia processes pursuant to this Addendum;
(d) notify the Customer without undue delay after becoming aware of a personal data breach;
(e) at the written request of the Customer, delete or return all personal data to the Customer after the end of the provision of the Services relating to the processing under this Addendum, and delete existing copies unless applicable law requires storage of any personal data;
(f) not process any personal data outside the European Economic Area without providing for appropriate safeguards in accordance with applicable Data Privacy Laws; and
(g) make available to the Customer all information necessary to demonstrate compliance with the obligations in this Addendum.
2.2. Nothing in this Addendum is intended to prevent Vizia from complying with any legal obligation imposed by a supervisory authority, other regulator, or court.
3.1. Notwithstanding any other provisions of the Agreement, Vizia will not engage any third party to process any personal data under this Addendum (a “Sub-processor”) that is not listed at www.brandwatch.com/legal/sub-processors when the Customer signs this DPA, without the Customer’s prior written consent. Any Sub-processor Vizia engages will be subject to materially equivalent terms regarding data protection as are imposed on Vizia pursuant to this Addendum.
3.2. All Sub-processors listed at www.brandwatch.com/legal/sub-processors constitute permitted Sub-processors to which you do not object. Vizia will inform the Customer of any intended changes concerning the replacement of any permitted Sub-processor with a non-permitted Sub-processor and give the Customer the opportunity to object to such changes.
3.3. Where any Sub-processor fails to fulfil its obligations regarding data protection, Vizia will remain liable for the performance of the Sub-processor’s obligations, subject to the exclusions and limitations of liability under the Agreement.
4. Audit and inspections
4.1. Subject to clause 4.2 of this Addendum, Vizia will support audits that the Customer conducts (either itself or via an external auditor), at Customer’s cost and expense.
4.2. Any audit conducted pursuant to clause 4.1 of this Addendum is subject to the following conditions:
(a) the Customer will provide reasonable advance notice of any audit;
(b) any audit may only be conducted during Vizia’s normal business hours;
(c) any audit must be conducted so as to cause minimal disruption to Vizia’s normal business operations;
(d) any third-party auditor will enter into direct confidentiality obligations with Vizia which are reasonably acceptable to Vizia;
(e) any audit will be limited only to Vizia’s data processing activities as part of its Services as a data processor to Customer, and to such information as is reasonably necessary for Customer to assess Vizia’s compliance with the terms of this Addendum;
(f) as part of any audit Customer (or its external auditor) will not have access to Vizia’s Confidential Information; and
(g) Customer will reimburse Vizia’s reasonable and demonstrable costs and expenses associated with any audit.
Details of the processing
Subject matter: The subject matter of the data processing under this Addendum is the Services that involve the processing of personal data on the Customer’s behalf, as defined in the Agreement.
Duration: The duration of the processing under this Addendum is for the duration of the Agreement.
Nature and Purpose of the processing: The provision of Vizia’s Services.
Type of Personal Data: The type of personal data that Vizia processes on the Customer’s behalf depends on how the Customer uses the Services and which personal data the Customer selects to be processed via the Services. Such personal data could include the following:
- First and last name
- Professional life data, which may include data related to historical employment history, data related to skills, awards, or interests, or other data relating to professional life
- Personal life data, which may include data about interests, likes, dislikes, or other data relating to personal life
- Location data
Categories of data subjects: The Customer may request that Vizia processes various types of personal data, depending on the data sources or applications that the Customer uses. This may include:
- Prospects, customers, business partners, or vendors of the Customer;
- Employees or contact persons of the Customer;
- The Customer’s users of the Services; and
- Individual authors who publish data on social media platforms, blogs, and other parts of the internet.