This Dot.vu ("Vendor") Data Processing Addendum ("DPA") forms part of the Dot.vu’s Terms of Service available at https://dot.vu/terms-of-service (the "Principal Agreement") and reflects the parties’ agreement with respect to the terms of governing the Processing of Personal Data.
We periodically update these terms. If you have an active Dot.vu subscription, we will let you know when we do via an email or in-app notification.
The terms of this DPA shall follow the terms of the Principal Agreement. Terms not otherwise defined herein shall have the meaning as set forth in the Principal Agreement.
Vendor warrants and represents that, before any Vendor Affiliate Processes any Company Personal Data on behalf of any Company Group Member, Vendor's entry into this Addendum as agent for and on behalf of that Vendor Affiliate will have been duly and effectively authorised (or subsequently ratified) by that Vendor Affiliate.
Vendor and each Vendor Affiliate shall take reasonable steps to ensure the reliability of any employee, agent or contractor of any Contracted Processor who may have access to the Company Personal Data, ensuring in each case that access is strictly limited to those individuals who need to know / access the relevant Company Personal Data, as strictly necessary for the purposes of the Principal Agreement, and to comply with Applicable Laws in the context of that individual's duties to the Contracted Processor, ensuring that all such individuals are subject to confidentiality undertakings or professional or statutory obligations of confidentiality.
Vendor and each Vendor Affiliate shall provide reasonable assistance to each Company Group Member with any data protection impact assessments, and prior consultations with Supervising Authorities or other competent data privacy authorities, which Company reasonably considers to be required of any Company Group Member by article 35 or 36 of the GDPR or equivalent provisions of any other Data Protection Law, in each case solely in relation to Processing of Company Personal Data by, and taking into account the nature of the Processing and information available to, the Contracted Processors.
This Annex 1 includes certain details of the Processing of Company Personal Data as required by Article 28(3) GDPR.
Subject matter and duration of the Processing of Company Personal Data
The subject matter and duration of the Processing of the Company Personal Data are set out in the Principal Agreement and this Addendum.
The nature and purpose of the Processing of Company Personal Data
The Vendor shall Process only data that Company decides to collect while using the services of Vendor. The Data is collected and securely stored for Company’s access, as well as integration and secure transfer of data to systems owned or controlled by Company. The Vendor does not process Data in any form beyond the request of Company, which may implicit in the usage of the Vendor’s services.
The types of Company Personal Data to be Processed
The only Company Personal Data that is processed is defined by the company. This includes:
The categories of Data Subject to whom the Company Personal Data relates
The obligations and rights of Company and Company Affiliate
The obligations and rights of Company and Company Affiliates are set out in the Principal Agreement and this Addendum.