This Data Processing Addendum ("DPA") forms part of, and is subject to, the Unitalk Terms & Conditions between Unitalk ("Unitalk") and Customer that reference this DPA (the “Agreement”), and is effective on the Effective Date of the Agreement.
This DPA applies where, and to the extent that, Unitalk processes Customer Personal Data as Processor, on behalf of Customer acting as Controller, when providing Services under the Agreement. All terms not defined in this DPA shall have the meanings set forth in the Agreement.
Without prejudice to the foregoing, Unitalk and the Customer may have access to personal data of natural persons acting as contact points, provided by the other party including employees, representatives or agents of the latter, which it may process as Controller in the context of the proper performance of this Agreement and compliance with their legal and regulatory obligations which are imposed on it. It is the responsibility of each party to inform the data subjects, whose personal data it has disclosed, of the processing carried out by the other party and of the provisions of this DPA.
| Term | Definition |
|---|---|
| Data Breach | means any unauthorized or unlawful breach of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to Customer Personal Data. |
| Data Protection Laws | means all data protection and privacy laws applicable to the processing of Personal Data under the Agreement, including, where applicable, EU Data Protection Laws and UK Data Protection Laws. |
| Data Controller or Controller | means an entity that determines the purposes and means of the processing of Personal Data. |
| Data Processor or Processor | means an entity that processes Personal Data under the instructions and on behalf of a Data Controller. |
| EEA | means the European Economic Area. |
| EU Data Protection Laws | means Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data (General Data Protection Regulation) ("GDPR"). |
| EU-U.S. Data Privacy Framework | means the EU-U.S. EU-U.S. Data Privacy Framework approved by the European Commission pursuant to Decision C(2023) 4745 of 10 July 2023. |
| Personal Data | means any information relating to an identified or identifiable natural person. |
| Processing | has the meaning given to it in the GDPR and "process", "processes" and "processed" will be interpreted accordingly. |
| Sub-Processor | means any Data Processor engaged by Dust or its Affiliates to assist in fulfilling its obligations with respect to providing the Services pursuant to the Agreement or this DPA. Sub-Processors may include third parties or Dust’s Affiliates. |
| UK Data Protection Law | means the UK Data Protection Act 2018 as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019, or any other law or case law in the United Kingdom which is applicable to the Processing. |
2.1 This DPA applies where and only to the extent that Unitalk processes Personal Data that originates from the EEA and the UK and/or that is otherwise subject to EU Data Protection Laws or UK Data Protection Laws on behalf of Customer in the course of providing Services to the Customer pursuant to the Agreement.
3.1 As part of the provision of the Services provided under this Agreement, Unitalk is processing the Customer Personal Data under the instructions and on behalf of the Customer.
3.2 Customer is the Data Controller of Customer Personal Data and Unitalk is the Data Processor acting on behalf of Customer.
4.1 Customer agrees that (i) it will comply with its obligations as a Data Controller under Data Protection Laws in respect of its processing of Customer Personal Data and any processing instructions it issues to Unitalk; and (ii) it ensures that the processing is lawful so that Unitalk can process Customer Personal Data pursuant to the Agreement and this DPA and in compliance with Data Protection Laws.
4.2 It is the Customer's responsibility to provide information (in accordance with the requirements of the Data Protection Laws) to data subjects at the time of collection of their Personal Data.
4.3 Customer agrees not to provide Unitalk with any special category of data as defined under Article 9 of the GDPR.
5.1 Unitalk will process Customer Personal Data in accordance with Customer’s documented instructions. Customer agrees that this DPA, the Agreement and any subsequent statements of work or services orders (agreed in writing between the Parties), and any Services’ configurations made by Customer or its authorized users (in accordance with the Documentation), comprise Customer’s complete instructions to Unitalk regarding the Processing of Customer Personal Data. Any additional or alternate instructions must be agreed between the parties in writing, including the costs (if any) associated with complying with such instructions.
5.2 Unitalk is not responsible for determining if Customer’s instructions are compliant with applicable law. However, if Unitalk is of the opinion that a Customer instruction infringes applicable Data Protection Laws, Unitalk shall notify Customer as soon as reasonably practicable and shall not be required to comply with such infringing instruction.
5**.3 Details of Data Processing**
Details of Data Processing - which refer to the Customer Personal Data uploaded to the Services by the Customer - are set forth in Exhibit B.