The Customer agreeing to these terms (“Customer”) and cloudHQ LLC (as applicable, “cloudHQ”) have entered into a as applicable. This amendment (the “Data Processing Amendment”) is entered into by Customer and cloudHQ as of the Amendment Effective Date and amends the cloudHQ Terms Agreement

The “Amendment Effective Date” is: (a) if this Data Processing Amendment is incorporated into the cloudHQ Agreement by reference, the effective date of the cloudHQ Agreement, as defined in that agreement; or (b) if this Data Processing Amendment is not incorporated into the cloudHQ Business Plan Agreement by reference, the date Customer accepts this Data Processing Amendment by clicking to accept these terms.

If this Data Processing Amendment is not incorporated into the cloudHQ Business Plan Agreement by reference and you are accepting on behalf of Customer, you represent and warrant that: (i) you have full legal authority to bind your employer, or the applicable entity, to these terms; (ii) you have read and understand these terms; and (iii) you agree, on behalf of the party you represent, to this Data Processing Amendment. If you do not have the legal authority to bind Customer, please do not click the “I Accept” button.

  • 1. Introduction.
    • This Data Processing Amendment reflects the parties’ agreement with respect to terms governing the processing of Customer Data under the cloudHQ Business Plan Agreement.
  • 2. Definitions.
    • 2.1. Capitalized terms used but not defined in this Data Processing Amendment have the meanings given in the cloudHQ Business Plan Agreement. In this Data Processing Amendment, unless expressly stated otherwise:

      • Agreement” means the cloudHQ Business Plan Agreement, as amended by this Data Processing Amendment and as may be further amended from time to time in accordance with the cloudHQ Business Plan Agreement.
      • Customer Data” means data (which may include personal data and the categories of data referred to in Appendix 1) submitted, stored, sent or received via the Services by Customer, or End Users.
      • Data Incident” means (a) any unlawful access to Customer Data stored in the Services or systems, equipment or facilities of cloudHQ or its Sub-processors, or (b) unauthorized access to such Services, systems, equipment or facilities that results in loss, disclosure or alteration of Customer Data.
      • Data Privacy Officer” means cloudHQ’s Data Privacy Officer for Apps.
      • Data Protection Legislation” means, as applicable: (a) any national provisions adopted pursuant to the Directive that are applicable to Customer as the controller(s) of the Customer Data; and/or (b) the Federal Data Protection Act of 19 June 1992 (Switzerland).
      • Directive” means Directive 95/46/EC of the European Parliament and of the Council on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data.
      • EEA” means the European Economic Area.
      • Instructions” means Customer’s written instructions to cloudHQ consisting of the Agreement, including instructions to cloudHQ to provide the Services and technical support for the Services as set out in the Agreement; instructions given by Customer and End Users via the Admin Console and otherwise in its and their use of the Services and related technical support services; and any subsequent written instructions given by Customer to cloudHQ and acknowledged by cloudHQ.
      • Model Contract Clauses” or “MCCs” means the standard contractual clauses (processors) for the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection.
      • Services” means, for purposes of this Data Processing Amendment, the cloudHQ Business Plan Services which are described at https://www.cloudhq.net/terms (as such services and URL link may be updated or modified by cloudHQ from time to time in accordance with the cloudHQ Business Plan Agreement).
      • Term” means the term of the cloudHQ Business Plan Agreement, as defined in that agreement.
      • Third Party Auditor” means a qualified and independent third party auditor, whose then-current identity cloudHQ will disclose to Customer.
    • 2.2. The terms “personal data”, “processing”, “data subject”, “controller” and “processor” have the meanings given to them in the Directive. The terms “data importer” and “data exporter” have the meanings given to them in the Model Contract Clauses.
  • 3. Term.
    • This Data Processing Amendment will take effect on the Amendment Effective Date and, notwithstanding expiry or termination of the cloudHQ Business Plan Agreement, will remain in effect until, and automatically terminate upon, deletion by cloudHQ of all data as described in Section 7 (Data Deletion) of this Data Processing Amendment.
  • 4. Data Protection Legislation.
    • The parties agree and acknowledge that the Data Protection Legislation may apply to the processing of Customer Data.
  • 5. Processing of Customer Data.
    • 5.1. Controller and Processor. If the Data Protection Legislation applies to the processing of Customer Data, then as between the parties, the parties acknowledge and agree that: (a) Customer is the controller of Customer Data under the Agreement; (b) cloudHQ is a processor of such data; (c) Customer will comply with its obligations as a controller under the Data Protection Legislation; and (d) cloudHQ will comply with its obligations as a processor under the Agreement.
    • 5.2. Scope of Processing. cloudHQ will only process Customer Data in accordance with the Instructions, and will not process Customer Data for any other purpose.
  • 6. Data Security; Security Compliance; Audits.
    • 6.1. Security Measures. cloudHQ will take and implement appropriate technical and organizational measures to protect Customer Data against accidental or unlawful destruction or accidental loss or alteration or unauthorized disclosure or access or other unauthorized processing, as detailed in security document: https://www.cloudHQ.net/security. cloudHQ may update or modify the Security Measures from time to time provided that such updates and modifications do not result in the degradation of the overall security of the Services. Customer agrees that it is solely responsible for its use of the Services, including securing its account authentication credentials, and that cloudHQ has no obligation to protect Customer Data that Customer elects to store or transfer outside of cloudHQ’s systems (e.g., offline or on-premise storage).
    • 6.2. Security Compliance by cloudHQ Staff. cloudHQ will take appropriate steps to ensure compliance with the Security Measures by its employees and contractors to the extent applicable to their scope of performance.
    • 6.3. Data Incidents. If cloudHQ becomes aware of a Data Incident, cloudHQ will promptly notify Customer of the Data Incident, and take reasonable steps to minimize harm and secure Customer Data. Notification(s) of any Data Incident(s) will be delivered to the Notification Email Address provided by Customer in connection with the Agreement or, at cloudHQ’s discretion, by direct communication (e.g., by phone call or an in-person meeting). Customer acknowledges that it is solely responsible for ensuring the contact information given for purposes of the Notification Email Address is current and valid, and for fulfilling any third party notification obligations. Customer agrees that “Data Incidents” do not include: (i) unsuccessful access attempts or similar events that do not compromise the security or privacy of Customer Data, including pings, port scans, denial of service attacks and other network attacks on firewalls or networked systems; or (ii) accidental loss or disclosure of Customer Data caused by Customer’s use of the Services or Customer’s loss of account authentication credentials. cloudHQ’s obligation to report or respond to a Data Incident under this Section will not be construed as an acknowledgement by cloudHQ of any fault or liability with respect to the Data Incident.
  • 7. Data Deletion.
    • 7.1. Deletion by Customer and End Users. During the Term, cloudHQ will provide Customer or End Users with the ability to delete Customer Data in a manner consistent with the functionality of the Services and in accordance with the terms of the Agreement. Once Customer or End User deletes Customer Data and such Customer Data cannot be recovered by the Customer or End User, such as from the “trash" (“Customer-Deleted Data”), cloudHQ will delete such data from its systems as soon as reasonably practicable within a maximum period of 180 days, unless applicable legislation or legal process prevents it from doing so.
    • 7.2. Deletion on Standard Termination. On expiry or termination of the cloudHQ Business Plan Agreement (or, if applicable, on expiry of any post-termination period during which cloudHQ may agree to continue providing the Services), cloudHQ will, subject to Section 7.3 (Deletion on Termination for Non-Payment or No Purchase) below, delete all Customer-Deleted Data from its systems as soon as reasonably practicable within a maximum period of 180 days, unless applicable legislation or legal process prevents it from doing so.
    • 7.3. Deletion on Termination for Non-Payment or No Purchase. On termination of the cloudHQ Business Plan Agreement due to Customer breaching its payment obligations or opting not to purchase the Services at the end of a free trial of the Services, cloudHQ will delete all Customer Data from its systems within a maximum period of 180 days, unless applicable legislation or legal process prevents it from doing so.
  • 8. Access to Data.
    • 8.1. Access; Export of Data. During the Term, cloudHQ will provide Customer with access to and the ability to correct, block and export Customer Data in a manner consistent with the functionality of the Services and in accordance with the terms of the Agreement. To the extent Customer, in its use and administration of the Services during the Term, does not have the ability to correct or block Customer Data as required by applicable law, or to migrate Customer Data to another system or service provider, cloudHQ will comply with any reasonable requests by Customer to assist in facilitating such actions to the extent cloudHQ is legally permitted to do so and has reasonable access to the Customer Data.
    • 8.2. End User Requests. During the Term, if cloudHQ receives any request from an End User for records relating to that End User’s personal data included in the Customer Data, cloudHQ will advise such End User to submit its request to Customer. Customer will be responsible for responding to any such request using the functionality of the Services.
  • 9. Data Privacy Officer.
    • The Data Privacy Officer can be contacted by Customer Administrators at: support@cloudHQ.net (or via such other means as may be provided by cloudHQ). Administrators must be signed in to their Admin Account to use this address.
  • 10. Data Transfers.
    • 10.1. Data Storage and Processing Facilities. cloudHQ may process Customer Data in the United States or any other country in which cloudHQ maintains facilities, subject to Section 10.2 (Transfers of Data Out of the EEA) below.
    • 10.2. Transfers of Data Out of the EEA. If the transfer or processing of Customer Data (as set out in Section 10.1 above) involves transfers of Customer personal data out of the EEA and Data Protection Legislation applies to those transfers, cloudHQ will:

      • 10.2.1 ensure that cloudHQ as the data importer of such Customer personal data enters into Model Contract Clauses with Customer (or an authorized Customer Affiliate) as the data exporter of such data, if Customer so requests, and that the transfers are made in accordance with any such Model Contract Clauses; and/or
      • 10.2.2 adopt an alternative solution that achieves compliance with the terms of the Directive for transfers of personal data to a third country, and ensure that the transfers are made in accordance with any such compliance solution.
    • 10.3. Data Center Information. cloudHQ will make available to Customer information about the countries in which data centers used to store Customer Data are located.
  • 11. Liability Cap.
    • If cloudHQ and Customer (or an authorized Customer Affiliate) enter into Model Contract Clauses as described above, then, subject to the remaining terms of the Agreement relating to liability (including any specific exclusions from any limitation of liability), the total combined liability of cloudHQ and its Affiliates, on the one hand, and Customer and its Affiliates, on the other hand, under or in connection with the Agreement and all those MCCs combined will be limited to the maximum monetary or payment-based liability amount set out in the Agreement.
  • 12. Third Party Beneficiary.
    • Notwithstanding anything to the contrary in the Agreement, where cloudHQ is not a party to the Agreement, cloudHQ will be a third party beneficiary of Section 11 (Liability Cap) of this Data Processing Amendment.
  • 13. Effect of Amendment.
    • To the extent of any conflict or inconsistency between the terms of this Data Processing Amendment and the remainder of the Agreement, the terms of this Data Processing Amendment will govern. Subject to the amendments in this Data Processing Amendment, the Agreement remains in full force and effect.

Appendix 1: Categories of Data and Data Subjects

Categories of Data

Personal data submitted, stored, sent or received by Customer or End Users via the Services may include the following categories of data: user IDs, email, documents, presentations, images, calendar entries, tasks and other electronic data

Data Subjects

Personal data submitted, stored, sent or received via the Services may concern the following categories of data subjects: End Users including Customer’s employees and contractors; the personnel of Customer’s customers, suppliers and subcontractors; and any other person who transmits data via the Services, including individuals collaborating and communicating with End Users.

cloudHQ Business Plan Data Processing Amendment, Version 1.5