🚀 Big News: ClientSuccess Acquires Product Signals to Transform Product Feedback into Actionable Insights
Learn More
ClientSuccess

Data Processing Amendment

This Data Processing Amendment (“DPA”) forms part of the Terms of Service or other written agreement between ClientSuccess, Inc. (“ClientSuccess”) and the customer (“Customer”) for the purchase of services from ClientSuccess (the “Agreement”).

1. Definitions

For the purposes of this DPA:

  • “Controller” means the entity which determines the purposes and means of the processing of Personal Data.
  • “Data Protection Laws” means all applicable laws and regulations regarding the processing of Personal Data, including GDPR where applicable.
  • “GDPR” means the General Data Protection Regulation (EU) 2016/679.
  • “Personal Data” means any information relating to an identified or identifiable natural person processed by ClientSuccess on behalf of the Customer in connection with the Services.
  • “Processor” means the entity which processes Personal Data on behalf of the Controller.
  • “Sub-processor” means any Processor engaged by ClientSuccess to assist in fulfilling its obligations with respect to the Services.

2. Roles of the Parties

The parties acknowledge that with regard to the processing of Personal Data, Customer is the Controller and ClientSuccess is the Processor. ClientSuccess shall process Personal Data only in accordance with Customer’s documented instructions, including with regard to transfers of Personal Data to a third country or an international organization.

3. Processing of Personal Data

ClientSuccess shall:

  • Process the Personal Data only on documented instructions from Customer;
  • Ensure that persons authorized to process the Personal Data have committed themselves to confidentiality;
  • Implement appropriate technical and organizational security measures;
  • Respect the conditions for engaging Sub-processors;
  • Assist the Customer in ensuring compliance with security obligations, data breach notifications, data protection impact assessments, and prior consultations;
  • Delete or return all Personal Data after the end of the provision of services; and
  • Make available to Customer all information necessary to demonstrate compliance with the obligations laid down in this DPA.

4. Security

ClientSuccess shall implement and maintain appropriate technical and organizational measures to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access. Such measures include, as appropriate:

  • Encryption of Personal Data;
  • Ability to ensure ongoing confidentiality, integrity, availability, and resilience of processing systems;
  • Ability to restore availability and access to Personal Data in a timely manner in the event of a physical or technical incident;
  • A process for regularly testing, assessing, and evaluating the effectiveness of security measures.

5. Sub-processors

Customer grants ClientSuccess general authorization to engage Sub-processors for the processing of Personal Data. ClientSuccess maintains a list of Sub-processors at www.clientsuccess.com/list-of-sub-processors. ClientSuccess shall inform Customer of any intended changes concerning the addition or replacement of Sub-processors, giving Customer the opportunity to object to such changes.

6. Data Subject Rights

Taking into account the nature of the processing, ClientSuccess shall assist Customer by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of Customer’s obligation to respond to requests for exercising data subjects’ rights under Data Protection Laws.

7. Data Breach Notification

ClientSuccess shall notify Customer without undue delay after becoming aware of a personal data breach affecting Personal Data processed on behalf of Customer. Such notification shall include, to the extent available, the information required under applicable Data Protection Laws.

8. Termination

This DPA shall automatically terminate upon the termination or expiry of the Agreement. Upon termination, ClientSuccess shall, at Customer’s choice, delete or return all Personal Data and delete existing copies unless applicable law requires storage of the Personal Data.

9. Contact

For questions regarding this DPA, please contact us at privacy@clientsuccess.com.