Last revised on August 22 , 2024
[Need a signed copy (including the full text of the SCCs, UK Addendum, and Sub-Processors)? Send a message to your CSM or [email protected]]
This Data Protection Agreement (“DPA”) forms part of the Consio’ Master Subscription Agreement (the “Agreement”) between the applicable Consio customer which is a party to such Agreement (“Customer”), and the applicable Consio Entity which is also a party to such Agreement (“Consio”). Customer and Consio are each referred to as a “Party” and collectively as the “Parties”.
1. Definitions
The terms used in this DPA shall have the meanings set forth in this DPA or as defined by Applicable Privacy Law, whichever is broader. Capitalized terms not otherwise defined herein or defined by Applicable Privacy Law shall have the meaning given to them in the Agreement. The following terms have the meanings set forth below:
“Affiliate” means an entity that owns or controls, is owned or controlled by, or is under common control or ownership with either Consio or Customer, respectively.
“Applicable Privacy Law” shall mean applicable data privacy, data protection, and cybersecurity laws, rules and regulations to which Consio is subject, including, but not limited to, (a) the California Consumer Privacy Act of 2018 (“CCPA”), (b) the EU General Data Protection Regulation 2016/679 (“GDPR”) including the applicable implementing legislation of each Member State (“EU GDPR”), (c) the UK Data Protection Act 2018 and the UK General Data Protection Regulation as it forms part of UK law by virtue of section 3 of the European Union (Withdrawal) Act 2018, as amended (including by the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019) (“UK GDPR” and together with the EU GDPR, the “GDPR”), (d) the Swiss Federal Act on Data Protection of 19 June 1992, (e) any other applicable law with respect to any Personal Data in respect of which the Consio is subject to, and (f) any other data protection law and any guidance or statutory codes of practice issued by any relevant Privacy Authority, in each case, as amended from time to time and any successor legislation to the same.
**“Data Subject”** shall mean an identified or identifiable natural person.
“Personal Data” shall mean (i) personal data, personal information, personally identifiable information, or similar term as defined by Applicable Privacy Law or (ii) if not defined by Applicable Privacy Law, any information that relates to a Data Subject; in each case, to the extent Processed by Consio, on behalf of Customer, in connection with Consio’s performance of the Services.
“Consio Entity” shall mean Consio Ai Inc., and/or any Consio Affiliate.
“Privacy Authority” shall mean any competent supervisory authority, attorney general, or other regulator with responsibility for privacy or data protection matters in the jurisdiction of Consio.