LEGAL

DATA PRIVACY ADDENDUM

Last updated: June 6, 2022

In You have any questions regarding this Addendum, contact supportpolicy@danian.co

This Data Privacy Addendum reflects the requirements of the European Data Protection Regulation (“GDPR”). Our products and services offered are GDPR ready and this DPA provides You with the necessary documentation of this readiness.

This Data Privacy Addendum (“DPA”) is an addendum to the Terms of Service Agreement (“Agreement”) between DANIAN OÜ and Customer and addresses the rights and obligations of the parties with respect to data privacy under Applicable Law. We may update this DPA from time to time in our sole discretion; the current version may be found at https://www.danian.co/legal/data-privacy-addendum/. All capitalized terms not defined in this DPA shall have the meanings set forth in the Agreement. Customer enters into this DPA on behalf of itself and, to the extent required under Data Protection Laws, in the name and on behalf of its Authorized Affiliates (defined below).

The parties agree as follows:

1. Definitions

1.1. “Applicable Law” means any statute, regulation, executive order, and other rule or rules issued by a government office or agency that have binding legal force and are generally applicable to Personal Data or the provision of the Services with respect to Personal Data, including GDPR, CCPA, and the Estonian laws.
1.2. “CCPA” means the California Consumer Privacy Act of 2018.
1.3. “Data Subject” means an identified or identifiable natural person whose rights are protected by GDPR or a “Consumer” as defined under CCPA.
1.4. “GDPR” means Regulation 2016/679 of the European Parliament.
1.5. “Personal Data” means any information about a natural person that is identified or identifiable to the natural person, either alone or in combination with other information, that DANIAN OÜ will Process or have access to as part of providing the Services, including any such information that is created by means of the Services. Personal Data includes “personal data” as that term is defined under GDPR and “personal information” as defined under CCPA.
1.6. “Process,” when used with respect to Personal Data, means: (i) to record, store, organize, structure, analyze, query, modify, combine, encrypt, display, disclose, transmit, receive, render unusable, or destroy, by automated means or otherwise; (ii) to provide cloud or other remote technology hosting services for applications or services that do any of the foregoing; and (iii) any other use or activity that is defined or understood to be processing under Applicable Law.
1.7. “Security Event” means any of the following: (i) unauthorized Processing or other use or disclosure of Personal Data; (ii) unauthorized access to or acquisition of Personal Data or the systems on which Personal Data is Processed; (ii) any significant corruption or loss of Personal Data that DANIAN OÜ is unable to repair within a minimal period of time; (iii) any event that has or is reasonably likely to significantly disrupt the Processing of the Personal Data as part of the Services; and (iv) any material unsuccessful attempt to gain unauthorized access to, or to destroy or corrupt, the Personal Data, but not including any routine, unsuccessful events such as pings, port scans, blocked malware, failed log in attempts, or denial of service attacks.
1.8. “Services” means any product or service provided by DANIAN OÜ to Customer pursuant to and as more particularly described in the Agreement.
1.9. “Sub-processor” means any Processor engaged by DANIAN OÜ or its Affiliates to assist in fulfilling its obligations with respect to providing the Services pursuant to the Agreement or this DPA. Sub-processors may include third parties or any DANIAN OÜ Affiliate.

2. Confidential Information

The Personal Data that DANIAN OÜ Processes for you as part of the Services is your Confidential Information covered by our confidentiality commitments stated in the Agreement. We make the additional commitments stated in this DPA as to the Personal Data.

3. Use and Disclosure

We will not use, disclose, or Process the Personal Data except as permitted by the Agreement or your other written instructions, or as strictly necessary for our internal administrative purposes related to the provision of our Services. Customer agrees that DANIAN OÜ may engage Sub-processors to process Personal Data on Customer’s behalf. The Sub-processors currently engaged by DANIAN OÜ and authorized by Customer are listed in Annex A. We will require any sub-processors to contractually agree to terms at least as protective of your Personal Data as those stated in this DPA and the Agreement.

4. Compliance and Applicable Law

Each party will comply with Applicable Law as it relates to such party’s performance under the Agreement.

5. Notice of Request from Data Subject

We will promptly notify you if we receive a request from a Data Subject to disclose, provide a copy, modify, block, or take any other action with respect to Personal Data pertaining to the Data Subject, unless notice is prohibited by Applicable Law; and, except to the extent required by Applicable Law, we will not independently take any action in response to a request from a Data Subject without your prior written instruction. We will cooperate with your reasonable requests for access to Personal Data and other information and assistance as necessary to respond to a request or complaint by a Data Subject.

6. In the event of an actual or suspected Security Event

In the event of a discovered or suspected Security Event, DANIAN OÜ shall provide notice without undue delay to Customer’s technical and account contacts using those means established for routine account-related communications (or other such method of notice as agreed between us). Our notice shall include the following information to the extent it is reasonably available to DANIAN OÜ at the time of the notice, and DANIAN OÜ shall update its notice as additional information becomes reasonably available: (i) the dates and times of the Security Event; (ii) the facts that underlie the discovery of the Security Event, or the decision to begin an investigation into a suspected Security Event, as applicable; (iii) a description of the Personal Data involved in the Security Event, either specifically, or by reference to the data set(s), and (iv) the measures planned or underway to remedy or mitigate the vulnerability giving rise to the Security Event. We will take those measures available, including measures reasonably requested by you, to address a vulnerability giving rise to a successful Security Event, both to mitigate the harm resulting from the Security Event and to prevent similar occurrences in the future. We will cooperate with your reasonable requests in connection with the investigation and analysis of the Security Event, including a request to use a third-party investigation and forensics service. DANIAN OÜ shall retain all information that could constitute evidence in a legal action arising from the Security Event and shall provide the information to you upon your request. Except to the extent required by law in the written and reasonable opinion of DANIAN OÜ’s legal counsel, or as reasonably required by our investigation of the Security Event or our other contractual obligations, we will not disclose to any third party the existence of a Security Event or suspected Security Event or any related investigation without Customer’s prior written consent.

7. Your representations with regard to Personal Data you disclose to us

With regard to the Personal Data of others that you may provide to us, you hereby represent and warrant: (i) the Personal Data has been collected in accordance with Applicable Law; (ii) the transfer to us for the purpose of providing the Services is authorized under Applicable Law; (iii) you will comply with Applicable Law as to requests from Data Subjects in connection with the Personal Data; (iv) you shall disclose to us only that Personal Data that is necessary for our provision of the Services; and (v) you shall not ask us to take any action with respect to the Personal Data that you are not permitted to take directly.

8. CCPA

For the purposes of CCPA: (i) we are a “Service Provider” as defined under Section 1798.140(v); (ii) you are disclosing Personal Data to us solely for a valid business purpose in providing the Services to you; and (iii) we may not sell Personal Data or retain, use, or disclose Personal Data except as required to provide the Services in accordance with the Agreement. We certify that we understand and will comply with these obligations.

8. Audit; Records

We will comply with any audit request to the extent required by law or due legal process. We will keep reasonable records to evidence our compliance with our obligations under this DPA and shall preserve such records for at least two (2) years from the date of the events reflected therein.

DANIAN OÜ
Harju maakond, Tallinn, Kesklinna linnaosa, Ahtri tn 12, 10151
Contact: supportpolicy@danian.co

Annex A – List of DANIAN OÜ Sub-professors:

Sub-Processor: Let’s Encrypt
Purpose: SSL certificate provider
Location: USA

Sub-Processor: 1984 ehf.
Purpose: Data hosting, backups and DNS services
Location: Iceland

Sub-Processor: VPS.BG Ltd.
Purpose: Data hosting and backups
Location: Bulgaria

Sub-Processor: Shinjiru International Inc.
Purpose: Data hosting and backups
Location: Malaysia

Sub-Processor: Private Layer Inc.
Purpose: Data hosting and backups
Location: Switzerland

Note that not all vendors are applicable for every customer; whether a particular vendor applies to you depends on the services and features that you elect to use on our platform and the means by which you choose to communicate with us. If you have any specific questions about your service, please contact our Support team.