DATA PROCESSING ADDENDUM
Last updated September 26, 2024
This Data Processing Addendum (the “Addendum”) is between SiteEngine LLC. and/or its Affiliate (“we,” “us” or “Company”) with whom you entered into an agreement or terms of service for the provision of services (the “Terms of Service”) and you (“you” or the “Customer”) and incorporates the terms and conditions set out herein. This Addendum supplements and forms part of the Terms of Service. Unless otherwise defined in this Addendum, all capitalized terms not defined in the Addendum will have the meanings given to them in the Terms of Service.
Customer questions relating to this Addendum may be addressed to us at privacy@siteengine.io.
STANDARD TERMS FOR PROCESSING ADDENDUM
1. Definitions
“Affiliate” means an entity that directly or indirectly controls, is controlled by, or is under common control of the Company. For purposes of this definition, “control” means ownership of more than fifty percent (50%) of the voting stock or equivalent ownership interest in an entity.
“Applicable Data Protection Laws” means any law or regulation applicable to processing of Personal Data under the Terms of Service.
• Brazil’s General Data Protection Law (LGPD)
• California Consumer Privacy Act and from January 1, 2023, as amended by the California Privacy Rights Act of 2020 (CCPA) Cal. Civ. Code 1798.100 et seq.
• Canada’s Federal Personal Information Protection and Electronic Documents Act (PIPEDA) • Colorado Privacy Act (CPA)
• European Union General Data Protection Regulation 2016/679 (GDPR), and the Privacy and Electronic Communications Directive 2002/58/EC.
• Swiss Federal Data Protection Act of 19 June 1992 and its Ordinance.
• UK Data Protection Act 2018, UK General Data Protection Regulation as defined by the DPA as amended by the Data Protection, Privacy and Electronic Communications (as amended from time to time “Amendments”) (EU Exit) Regulations 2019 (together with the DPA, the UK GDPR), and the Privacy and Electronic Communications Regulations 2003
• India’s Digital Personal Data Protection Act, 2023 (‘the Act’) • Australia’s Privacy Act 1988 (No. 119, 1988) (as amended)
• New Zealand’s Privacy Act 2020 (‘the Act’) Data Processing Addendum to Terms of Service
• Hong Kong’s Personal Data (Privacy) Ordinance (Cap. 486) as amended in 2021 (‘PDPO’)
• Ukraine’s Law of 1 June 2010 No. 2297-VI on Personal Data Protection • Singapore’s Personal Data Protection Act 2012 (No. 26 of 2012)
• Philippines’ The Data Privacy Act of 2012 (Republic Act No. 10173)
• Virginia Consumer Data Protection Act (CDPA)
• Any other relevant law, statute, declaration, decree, directive, legislative enactment, order, ordinance, regulation, rule or other binding instrument which implements any of the above or which otherwise relates to data protection, privacy or the use of Personal Data, in each case as applicable and in force from time to time, and as amended, consolidated, re-enacted or replaced from time to time.
“Consumer” has the meaning given in the CCPA, the CPA, and/or the CDPA, as applicable.
“Controller to Controller Clauses” means (i) in respect of transfers of Personal Data and Customer Account Information subject to the GDPR, the standard contractual clauses for the transfer of Personal Data to third countries set out in Commission Decision 2021/914 of 4 June 2021, specifically including Module 1 (Controller to Controller); and (ii) in respect of transfers of Personal Data subject to the UK GDPR, the International Data Transfer Addendum to the EU Commission Standard Contractual Clauses (version B.1.0) issued by the UK Information Commissioner, in each case as amended, updated or replaced from time to time.
“Controller to Processor Clauses” means (i) in respect of transfers of Personal Data subject to the GDPR, the standard contractual clauses for the transfer of Personal Data to third countries set out in Commission Decision 2021/914 of 4 June 2021, specifically including Module 2 (Controller to Processor); and (ii) in respect of transfers of Personal Data subject to the UK GDPR, the International Data Transfer Addendum to the EU Commission Standard Contractual Clauses (version B.1.0) issued by the UK Information Commissioner, in each case as amended, updated or replaced from time to time.
“Customer Account Information” means information created or used by the Company while providing Services, including the Personal Data of the Customer and its employees and representatives and other data relating to the Customer’s account with us including account transaction history and identity verification and subject to Applicable Data Laws.
“Data Subject” means individual identified or identifiable by the Personal Data.
“De-Identified Data” means data that cannot reasonably identify, relate to, describe, be capable of being associated with, or be linked, directly or indirectly, to a specific Data Subject.
“End-User” means the customers of the Customer. For avoidance of doubt, this does not include the Company’s direct contracting customer.
“Independent Controller” means the controller who does not process personal data on behalf of others but does so far for its own purpose.
“Personal Data” has the meaning given under the Applicable Data Protection Laws.
“Process,” “Processed,” or “Processing” have the meaning given in the Applicable Data Protection Laws. Data Processing Addendum to Terms of Service
“Processor to Processor Clauses” means (i) in respect of transfers of Personal Data subject to the GDPR, the standard contractual clauses for the transfer of Personal Data to third countries set out in Commission Decision 2021/914 of 4 June 2021 specifically including Module 3 (Processor to Processor); (ii) in respect of transfers of Personal Data subject to the UK GDPR, the International Data Transfer Addendum to the EU Commission Standard Contractual Clauses (version B.1.0) issued by the UK Information Commissioner, in each case as amended, updated or replaced from time to time.
“Sell,” “Selling,” “Sale,” or “Sold” have the meaning given in the CCPA.
“Sensitive Personal Data” means (a) social security number, passport number, driver’s license number, or similar identifier; (b) credit or debit card information, financial information, bank account numbers, or account passwords; (c) employment, financial, genetic, biometric, or health information; (d) racial, ethnic, political or religious affiliation, trade union membership, or information about sexual life or orientation; (e) account passwords, mother’s maiden name, date of birth, and other similar information used to authenticate a user’s identity; (f) criminal history; (g) biometric data used to identify a specific person (e.g., fingerprints); or (h) any other information or combination of information that falls within the definitions of “special categories of data” under any Applicable Data Protection Law.
“Share,” “Sharing,” or “Shared” have the meaning given in the CCPA.
“Standard Contractual Clauses” or “SCCs” means the standard data protection clauses for the transfer of personal data from a controller or processor established in third countries which do not ensure an adequate level of data protection, as described in Article 46 of the GDPR and approved by the European Commission decision 2021/914 of 4 June 2021.
“Sub-processor” means any Processor engaged by Processor or Controller to Process data on behalf of Controller.
“Third Countries” means a country or territory that is not recognized under Applicable Data Protection Laws from time to time as providing adequate protection for Personal Data, including (i) in relation to Personal Data transfers subject to the GDPR, any country outside of the scope of the data protection laws of the European Economic Area, excluding countries approved as providing adequate protection for Personal Data by the European Commission from time to time; and (ii) in relation to Personal Data transfers subject to the UK GDPR, any country outside of the scope of the data protection laws of the UK, excluding countries approved as providing adequate protection for Personal Data by the relevant competent authority of the UK from time to time.
“UK Standard Contractual Clauses” or “UK SCCs” means the standard data protection clauses for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection, as described in Article 46 of the UK GDPR and approved by the European Commission decision 2010/87/EU.
2. Conditions of Processing
2.1 This Addendum governs the terms under which:
Data Processing Addendum to Terms of Service
• Company will Process the Personal Data on behalf of Customer. The Personal Data is processed solely for the purpose of providing you with certain services as part of the Terms of Service (“Services”), as set out in Error! Reference source not found.Schedule 1 unless described in Schedule 2 or 3.
• Company will Process the Customer Account Information as a Controller. Customer Account Information is processed as determined by the Company to administer your accounts while providing you with Services as set out in Schedule 2.
• Company provides Domain Name Registration services as an Independent Controller as set out in Schedule 3.
2.2 In the event of any conflict or discrepancy between the terms of the Terms of Service and this Addendum, the terms of this Addendum will prevail, to the extent of the conflict. In the event of any conflict or discrepancy between this Addendum and any applicable terms of service or the respective standard contractual clauses, the clauses will prevail to the extent of the conflict.
2.3 Customer Obligations
2.3.1 When you are a Controller, you are solely responsible for determining the purposes and means of processing Personal Data within your control, will have the necessary legal basis, consents, and permissions to provide Personal Data to the Company, and will comply with Applicable Data Protection Laws.
2.3.2 When you are a Processor, you are solely responsible for complying with agreement(s) with your End-Users on whose behalf you are processing Personal Data, will have the necessary legal basis, consents, and permissions from your End-Users, employees, representatives, agents or other individuals to provide Personal Data to the Company, and will comply Applicable Data Protection Laws.
2.4 Company Obligations
2.4.1 When the Company is a Processor, the Company will only Process the Personal Data on behalf of Controller and in accordance with, and for the purposes set out in, the documented instructions received from Controller, unless required to Process such Personal Data by applicable law to which Processor is subject; in which case, Processor will inform Controller of that legal requirement before Processing, unless such law prohibits such information on important grounds of public interest.
2.4.2 When the Company is a Controller, the Company will process Personal Data in compliance with Applicable Data Protection Laws, and with contractual, legal or regulatory authority to process the Personal Data and Customer Account Information to provide the services described in the Terms of Service.
2.4.3 The Company will ensure that its personnel who are authorized to Process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
2.4.4 As a Controller, the Company will comply with requests from a Data Subject seeking to exercise any of their rights under Applicable Data Protection Laws as required. Data Processing Addendum to Terms of Service
2.4.5 As a Processor, the Company will notify Controller without undue delay upon receipt by Processor of a request from a Data Subject seeking to exercise any of their rights under Applicable Data Protection Laws (without responding to such request). Processor will, at Controller’s expense, assist Controller by appropriate technical and organizational measures, for the fulfillment of Controller’s obligations to respond to any such requests by Data Subjects to exercise their rights under Applicable Data Protection Laws (including the right to transparency and information, the Data Subject access right, the right to rectification and erasure, the right to the restriction of processing, the right to data portability and the right to object to processing). Processor will carry out a request from Controller to amend or correct any of the Personal Data to the extent necessary to allow Controller to comply with its responsibilities under Applicable Data Protection Laws. Further, Processor will carry out a request from Controller to block, transfer or delete any of the Personal Data to the extent necessary to allow Controller to comply with its responsibilities as a Controller.
2.4.6 As a Processor, the Company will, insofar as possible and at Controller’s expense, assist Controller in carrying out its obligations under Applicable Data Protection Laws, including Articles 32 to 36 of the GDPR and the UK GDPR, with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators. Processor will without undue delay notify Controller about any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data or any accidental or unauthorized access or any other event affecting the integrity, availability or confidentiality of Personal Data, to the extent required by Applicable Data Protection Laws.
2.4.7 Upon termination of the Processing of Personal Data by the Company, and at the choice and expense of the Customer, the Company will either (i) delete all Personal Data and any copies thereof; or (ii) return all Personal Data to the Customer and delete existing copies, in each case unless otherwise permitted or required by applicable law to which Customer is subject. To the extent any Personal Data is “deidentified” or in the “aggregate” as those terms are defined or understood under Applicable Data Protection Laws, the Company may use such information for any commercial purpose in accordance with Applicable Data Protection Laws, including but not limited to developing analytics, and may retain, use and disclose such information for such purpose, without restriction.
2.4.8 The Company will upon written request from Customer from time to time provide Customer with such information as is reasonably necessary to demonstrate compliance with the obligations laid down in this Addendum. The Company will, subject to reasonable advance notice, permit the Customer or a thirdparty auditor authorized by the Customer and which is not a competitor of Company to carry out an audit and inspection of the processing of Personal Data by the Company during normal Processor business hours. Company may require a third-party auditor to enter into a confidentiality agreement before permitting it to carry out an audit or inspection. The auditing party will bear its own costs in relation to such audit. The obligations set forth in this Section 2 will only apply to the Company to the extent required by Applicable Data Protection Laws.
2.4.9 If and to the extent Customer is a “business” and a Controller, and provides “personal information” to the Company as a Processor (business and personal information, each as defined by the California Consumer Privacy Act and from January 1, 2023, as amended by the California Privacy Rights Act of 2020 (CCPA), the Parties acknowledge and agree that some information provided to Processor in connection with the Terms of Service may constitute “Personal Information” as defined under the CCPA. Terms defined and used under the CCPA and used in the applicable provisions of this Addendum will be replaced as follows: “Personal Data” will mean “Personal Information”; “Controller” will mean Data Processing Addendum to Terms of Service “Business”; “Processor” will mean “Service Provider” or “Contractor” as the case may be; and “Data Subject ” will mean “Consumer”. As used in this Section 3.8, the term “Process,” “Processed,” or “Processing,” will have the meaning as defined under the CCPA. Processor will Process Personal Data in accordance with the CCPA where applicable, and solely for the purpose of providing the Services as specified in the Terms of Service to Controller. If and to the extent Controller is a “business” and Controller provides any “personal information” to Processor (business and personal information, each as defined by the CCPA) subject to the CCPA, Processor will not otherwise (i) Process Personal Data for purposes other than those set forth in the Terms of Service or as instructed by Controller’s documented written instruction, to the extent feasible or required by CCPA; (ii) retaining, using, or disclosing the Personal Data for any purpose other than for the business purpose as specified in the Terms of Service, except as otherwise permitted by the CCPA; (iii) sell or share Personal Data; (iv) retain, use, or disclose Personal Data outside of the direct business relationship between Processor and Controller, except as otherwise permitted by the CCPA; or (v) from January 1, 2023, combining the Personal Data with any other information it receives from or on behalf of a third party or collects from its own interaction with a Data Subject except as otherwise permitted under the CCPA and regulations adopted by the California Privacy Protection Agency. Processor certifies that it understands these restrictions and will comply with them. If Processor must Process Personal Data as otherwise required by applicable law, Processor will inform Controller of that legal requirement before Processing Personal Data, unless that law prohibits such disclosure on important grounds of public interest.
2.4.10 From January 1, 2023, if and to the extent Controller is a “controller” and Controller provides any “personal data” to Processor (controller and personal data, each as defined by the Virginia Consumer Data Protection Act (CDPA) subject to the CDPA, the Parties acknowledge and agree that some information provided to Processor in connection with the Terms of Service may constitute “Personal Data” as defined under the CDPA. Terms defined and used under the CDPA and used in the applicable provisions of this Addendum will be replaced as follows: “Controller” will mean “Controller”; “Processor” will mean “Processor”; and “Data Subject ” will mean “Consumer”. As used in this Section 3.9, the term “Process,” “Processing,” or “Personal Data” will have the meaning as defined under the CDPA. From January 1, 2023, if and to the extent Controller is a “controller” and Controller provides any “personal data” to Processor (controller and personal data, each as defined by the CDPA) subject to the CDPA, Processor will Process Personal Data in accordance with Annex I, except as otherwise permitted by the CDPA and to the extent feasible or required by the CDPA. From January 1, 2023, if and to the extent Controller is a “controller” and Controller provides any “personal data” to Processor (controller and personal data, each as defined by the CDPA) subject to the CDPA, Processor will (i) ensure that each person Processing Personal Data is subject to a duty of confidentiality with respect to the Personal Data; (ii) at Controller direction, delete or return (at Controller’s sole cost and expense) all Personal Data to the Controller as requested at the end of the provision of Services, unless retention of the Personal Data is required by law; (iii) upon the reasonable request of the Controller, but in no event once annually, make available to the Controller all information in Processor’s possession necessary to demonstrate Processor’s compliance with the obligations in this Section 3.9; and (iv) in so far as reasonably practicable and taking into account the information available to Processor and the nature of the Processor’s nature of Processing: (1) reasonably assist Controller with response to Data Subject requests pursuant to the CDPA, (2) reasonably assist the Controller in meeting the Controller’s obligations in relation to (a) the security of Processing the Personal Data and (b) the notification of a breach of security of the system of the Processor pursuant to the CDPA, and (3) provide necessary information to enable the Controller to conduct and document data protection assessments pursuant to the CDPA. Processor Data Processing Addendum to Terms of Service certifies that it understands these restrictions and will comply with them. If Processor must Process Personal Data as otherwise required by applicable law, Processor will inform Controller of that legal requirement before Processing Personal Data, unless that law prohibits such disclosure on important grounds of public interest.
2.4.11 From July 1, 2023, if and to the extent Controller is a “controller” and Controller provides any “personal data” to Processor (controller and personal data, each as defined by the Colorado Privacy Act (CPA) subject to the CPA, the Parties acknowledge and agree that some information provided to Processor in connection with the Terms of Service may constitute “Personal Data” as defined under the CPA. Terms defined and used under the CPA and used in the applicable provisions of this Addendum will be replaced as follows: “Controller” will mean “Controller”; “Processor” will mean “Processor”; and “Data Subject ” will mean “Consumer”. As used in this Section 3.10, the term “Process,” “Processing,” or “Personal Data” will have the meaning as defined under the CPA. From July 1, 2023, if and to the extent Controller is a “controller” and Controller provides any “personal data” to Processor (controller and personal data, each as defined by the CPA) subject to the CPA, Processor will Process Personal Data in accordance with Annex I, except as otherwise permitted by the CPA and to the extent feasible or required by the CPA. From July 1, 2023, if and to the extent Controller is a “controller” and Controller provides any “personal data” to Processor (controller and personal data, each as defined by the CPA) subject to the CPA, Processor will (i) ensure that each person Processing Personal Data is subject to a duty of confidentiality with respect to the Personal Data; (ii) at Controller direction, delete or return (at Controller’s sole cost and expense) all Personal Data to the Controller as requested at the end of the provision of Services, unless retention of the Personal Data is required by law; (iii) upon the reasonable request of the Controller, but in no event once annually, make available to the Controller all information in Processor’s possession necessary to demonstrate Processor’s compliance with the obligations in this Section 3.10; and (iv) in so far as reasonably possible and taking into account the information available to Processor and the nature of the Processor’s nature of Processing: (1) reasonably assist Controller with response to Data Subject requests pursuant to the CPA, (2) reasonably assist the Controller in meeting the Controller’s obligations in relation to (a) the security of Processing the Personal Data and (b) the notification of a breach of security of the system of the Processor pursuant to the CPA, and (3) provide necessary information to enable the Controller to conduct and document data protection assessments pursuant to the CPA. Processor certifies that it understands these restrictions and will comply with them. If Processor must Process Personal Data as otherwise required by applicable law, Processor will inform Controller of that legal requirement before Processing Personal Data, unless that law prohibits such disclosure on important grounds of public interest.
3. International Data Transfers
3.1 Controller acknowledges and agrees that the other Party may, or may appoint an Affiliate or thirdparty subprocessor to, Process the Personal Data in a Third Country, provided that it ensures that such Processing takes place in accordance with the requirements of Applicable Data Protection Laws.
3.2 To the extent the party does Process the Personal Data subject to the GDPR or the UK GDPR in a Third Country or permit any third party including its subcontractors to Process such Personal Data in any Third Country, and it or they are acting as data importer, Controller will comply with the data exporter’s obligations set out in the Controller to Processor Clauses, and Controller to Controller Clauses, which are Data Processing Addendum to Terms of Service hereby incorporated into and form part of this Addendum, and Processor will comply with the data importer’s obligations set out in the Clauses, and:
(i) for the purposes of Annex I or Part 1 (as relevant) of such Controller to Processor Clauses and Controller to Controller Clauses (“Clauses”) the parties and processing details set out in Schedule 1, 2, and 3 (Processing Details) will apply, and the Start Date is the Effective Date;
(ii) if applicable, for the purposes of Part 1 of such Clauses, the relevant Addendum EU SCCs (as such term is defined in the applicable Clauses) are the standard contractual clauses for the transfer of Personal Data to third countries set out in Commission Decision 2021/914 of 4 June 2021 (Modules 1, 2 and 3) as incorporated into this Agreement by virtue of this Clause;
(iii) for the purposes of Annex II or Part 1 (as relevant) of such Clauses, the technical and organisational security measures set out in the Security Policy will apply; and
(iv) if applicable, for the purposes of: (i) Clause 9 of such Clauses, Option 2 (“General written authorization”) is deemed to apply and a notice period of 10 days will apply; (ii) Clause 11(a) of such Clauses, the optional wording in relation to independent dispute resolution is deemed to be omitted; (iii) Clause 13 and Annex I.C, the competent supervisory authority will be the Dutch Supervisory Authority (Autoriteit Persoonsgegevens); (iv) Clause 17, Option 1 is deemed to be selected and the governing law will be Dutch laws; (v) Clause 18, the competent courts will be the courts of the Netherlands; (vi) Part 1 of such Clauses, Processor as importer may terminate the Clauses pursuant to Section 19 of such Controller to Processor Clauses.
3.3 Customer acknowledges and agrees that Processor may appoint an affiliate or third party subcontractor to Process the Personal Data in a Third Country, in which case the Company will execute the Processor to Processor Clauses or Controller to Processor Clauses with any relevant subcontractor (including affiliates) it appoints.
3.4 Controller acknowledges and agrees that the other party relies solely on Controller for direction as to the extent to which party is entitled to access, use, Process and Sell the Personal Data. Consequently, subject to applicable law, a party is not liable for any claim brought by Controller or a Data Subject arising from any action or omission to the extent that such action or omission resulted from Controller’s instructions.
4. Controller’s Obligations
4.1 Controller warrants that it has complied and continues to comply with the Applicable Data Protection Laws, in particular that it has obtained any necessary consents or given any necessary notices, and otherwise has a legitimate ground to disclose Personal Data to Processor and enable the Processing of Personal Data as set out in this Addendum and as envisaged by the Terms of Service.
4.2 Controller agrees that it will indemnify and hold harmless the other party on demand from and against all claims, liabilities, costs, expenses, loss or damage (including consequential losses, loss of profit and loss of reputation and all interest, penalties and legal and other professional costs and expenses) incurred by Processor arising directly or indirectly from a breach of this Section 4 or any Applicable Data Protection Laws. Data Processing Addendum to Terms of Service
5. Information Security Programs
5.1 The Company maintains a risk-based information security program to implement appropriate technical and organizational security measures which are detailed at https://newfold.com/privacycenter/information-security-policy, as amended, updated or replaced from time to time (the “Security Policy”).
5.2 Customer is solely responsible for taking appropriate risk-based steps to ensure the security of its account, and the Personal Data of its End-Users within the Customer’s control. You are responsible for independently determining whether the data security provided by Company adequately meets your obligations under Applicable Data Protection Laws. Customer is responsible to use the security features and functions provided by Company or finding an alternative for the Customer websites. Customer is responsible for ensuring all content that the Customer places within the Company network is free from vulnerabilities that could result in a compromise of the Company systems or the Personal Data of your End-Users. Company is not responsible for backing up your Personal Data or the Personal Data of your End-Users. You are also responsible for your secure use of the services, including protecting the security of your Personal Data in transit to and from the including to securely backup or encrypt any such Personal Data. For more information on your responsibility for account and network security see the Terms of Service.
6. Sub-Processing Customer consents to the Company engaging the third-party Subprocessors listed at https://newfold.com/privacy-center/third-party-data (which may be updated from time to time in accordance with this Addendum), elsewhere on the Company’s website or as otherwise notified to Customer by Customer, to process the Personal Data. Company will provide Customer with 10 days prior notice of any intended changes to Company’s subprocessors (including by posting such notice on its website), during which time Customer may object to any such amendment. To the extent required by Applicable Data Protection Law, Company will ensure that it has a written agreement in place with all subprocessors which contains obligations on such subprocessors which are no less onerous that the obligations on the parties under this Addendum.
7. Term and Termination
7.1 We may amend this Addendum from time to time due to changes in Applicable Data Protection Laws or as otherwise determined by us in our commercially reasonable discretion. Any amendment will become effective upon notification to you (by email or by posting on our website) and, if you do not agree to any such amendment, you should stop using the Services and contact us to cancel your account.
7.2 Termination of this Addendum will be governed by the Terms of Service.
8. Law and Jurisdiction
This Addendum and any dispute or claim (including non-contractual disputes or claims) arising out of or in connection with it or its subject matter or formation will be governed by and construed in all respects in accordance with the laws of the State of Florida and each of Company and Customer hereby submits to the jurisdiction of the federal or state courts located in the County of Okaloosa, Florida.
Schedule 1
PROCESSING DETAILS FOR TERMS OF SERVICE
A. LIST OF PARTIES
Data exporter(s): The Customer under the Terms of Service, entered into between the Data Importer and Data Exporter.
Activities relevant to the data transferred under this Addendum are as identified in the Terms of Service and other relevant agreements applicable to the Services provided to the Data Exporter by the Data Importer.
Role: Controller
Data importer(s):
Name: SiteEngine LLC. and/or the relevant SiteEngine Affiliate Address: 3857 Indian Trail, Destin FL 32541, U.S.A. Contact: Data Protection Officer, privacy@siteengine.io Role: Processor
B. DESCRIPTION OF TRANSFER
The subject matter of the data processing covered by this Addendum is the Personal Data, which is processed for the purposes of the Terms of Service and this Addendum. The Personal Data is processed solely for the purpose of providing the services described in the Terms of Service for the duration thereof. The nature of the processing consists of that which is required in order to provide the Services requested by the Data Exporter.
The categories of Personal Data transferred and categories of data subjects whose personal data is transferred include:
(i) identification and contact information (such as name, email address, address, title and contact details) of Controller and End-Users and other contacts; and
(ii) information gathered in connection with the provision of Services to Controller, including analytics, social networking information, device information, and browser information of both Controller and Controller’s customers and other contacts.
The frequency of the transfer is ongoing and according to the Terms of Service.
The subject matter, the nature, and duration of processing by relevant subprocessors is as set out in this Schedule 1 and as permitted by this Addendum. For example, this includes providing you with customer service, fraud detection and deterrence or access to advertising assets and providing us with information technology and storage services) or to assist us in our own marketing and advertising activities (including providing us with analytic information and search engine optimization services). Additional information about certain third-party service providers we share Personal Information with is available here: https://newfold.com/privacy-center/third-party-data. Our contracts with such third parties prohibit them from using any of your Personal Data for any purpose beyond the purpose for which it was shared. If you purchase a product or service from a third-party through one of our brands, we will pass your Personal Data to such third-party in order for them to fulfill your order. Data retention period is defined by the Terms of Service.
Schedule 2
PROCESSING DETAILS FOR CUSTOMER ACCOUNT INFORMATION A. LIST OF PARTIES
Data exporter(s):
The Customer under the Terms of Service, entered into between the Data Importer and Data Exporter. Contact Information: See Terms of Service
Role: Controller Data importer(s):
Name: SiteEngine LLC. and/or the relevant SiteEngine Affiliate Address: 3857 Indian Trail, Destin FL 32541, U.S.A. Contact: Data Protection Officer, privacy@siteengine.io
Role: Controller B.
DESCRIPTION OF TRANSFER
The subject matter of the data processing covered by this Addendum is the Customer Account Information, which is the Personal Data required for the purposes of the Terms of Service and this Addendum. The nature of the processing consists of that which is required in order to provide the Services requested by the Data Exporter.
The categories of Customer Account Information transferred and categories of data subjects whose personal data is transferred include:
• Identification and contact information (such as name, email address, address, title and contact details) of Customer.
• Customer’s purchase information, including payment method, products purchased, and billing information.
• Information gathered in connection with the provision of Services to Customer, including analytics, social networking information, device information, and browser information of the Customer.
The frequency of the transfer is ongoing and according to the Terms of Service. The subject matter, the nature, and duration of processing by relevant subprocessors is as set out in this Schedule 2 and as permitted by this Addendum. For example, this includes providing you with customer service, fraud detection and deterrence or access to advertising assets and providing us with information technology and storage services) or to assist us in our own marketing and advertising activities (including providing us with analytic information and search engine optimization services). Additional information about certain third-party service providers we share Personal Data with is available here: https://newfold.com/privacy-center/third-party-data. Our contracts with such third Data Processing Addendum to Terms of Service parties prohibit them from using any of your Personal Data for any purpose beyond the purpose for which it was shared. If you purchase a product or service from a third-party through one of our brands, we will pass your Personal Data to such third-party in order for them to fulfill your order. Data retention period is defined by the Terms of Service. Data Processing Addendum to Terms of Service Schedule
3 PROCESSING DETAILS FOR DOMAIN NAME REGISTRATION A. LIST OF PARTIES
Data exporter(s): The Customer under the Terms of Service, entered into between the Data Importer and Data Exporter. Role: Controller Data importer(s):
Name: SiteEngine LLC. and/or the relevant SiteEngine Affiliate Address: 3857 Indian Trail, Destin FL 32541, U.S.A.
Contact: Data Protection Officer, privacy@siteengine.io Role: Independent Controller
B. DESCRIPTION OF TRANSFER
The subject matter of the data processing covered by this Addendum is the Personal Data, which is required for the purposes of domain name registration services. The Personal Data is processed solely for the purpose of providing the domain name registration services requested by the Data Exporter. The categories of Personal Data transferred and categories of data subjects whose personal data is transferred include: • Identification and contact information (such as name, email address, address, title and contact details) of Customer’s employee contact information required from time to time by the agreement domain registry. • Registry communication (where registrant data is supplied to registry to procure or complete a domain registration in accordance with Registry Policy). The frequency of the transfer is ongoing and according to the Terms of Service. The subject matter, the nature, and duration of processing by relevant Subprocessors is as set out in this Schedule 3 and as permitted by this Addendum. For example, this includes providing you with customer service, fraud detection and deterrence or access to advertising assets and providing us with information technology and storage services) or to assist us in our own marketing and advertising activities (including providing us with analytic information and search engine optimization services). Additional information about certain third-party service providers we share Personal Data with is available here: https://newfold.com/privacy-center/third-party-data. Our contracts with such third parties prohibit them from using any of your Personal Data for any purpose beyond the purpose for which it was shared. If you purchase a product or service from a third-party through one of our brands, we will pass your Personal Data to such third-party in order for them to fulfill your order. Data retention period is defined by the Terms of Service.
