Data processing agreement
Last updated: May 28, 2024
This Data Processing Agreement (“DPA”) forms an integral part of the Service Agreement which governs the use of the Service provided by Upseller. In the Service Agreement, Customer and Upseller have agreed on the Service where Upseller is a Processor of Personal Data on behalf of Customer. This DPA sets out the conditions under which Upseller may Process Personal Data on behalf of Customer and what measures are required to protect Personal Data.
Terms used in this DPA shall have the meaning given in the Service Agreement or in the General Data Protection Regulation (679/2016, “GDPR”) of the EU, together with all laws implementing or supplementing the same and any other applicable data protection or privacy laws (“Data Protection Legislation”).

1. Introduction

1.1. Publisher is a controller of certain personal data that it wishes to share with Upseller in connection with chat sales and automation services provided by Upseller under the service agreement(s) between the parties (the “Service Agreement”).

1.2. The parties have entered into this Agreement to ensure that, in sharing such personal data pursuant to the Service Agreement, they both are in compliance with Privacy Laws and the fundamental data protection rights of the data subjects whose personal data will be processed.

2. Definitions

2.1. “controller”, “processor”, “data subject”, “personal data” and “processing” (and “process”) shall have the meanings given in the applicable Privacy Laws;

2.2. “Privacy Laws” means (i) prior to May 25, 2018, the EU Data Protection Directive (Directive 95/46/EC); (ii) on and after May 25, 2018, the EU General Data Protection Regulation (Regulation 2016/679); (iii) the EU e-Privacy Directive (Directive 2002/58/EC); and (iv) any national data protection laws made under or pursuant to (i), (ii) or (iii).

3. Purpose of Processing

3.1. In connection with the services delivered under the Service Agreement, Publisher will submit or cause to be submitted certain website trac data, chat conversations and related data and material to Upseller, and Upseller acknowledges that such conversations and material may contain data that qualify as personal data under Privacy Laws (the “Data”). Publisher agrees to not pass any such Data unless it has received consent from the data subject pursuant to Privacy Laws.

3.2. Upseller shall process such Data for the purpose of providing the services described in the Service Agreement and for developing such services, or as otherwise agreed in writing by the parties (the “Permitted Purpose”). Upon Publisher’s request, Upseller will restrict the processing of Data identified by Publisher; provided, however, that such restrictions imposed on processing of Data may have the effect that Upseller is not able to perform the agreed services under the Service Agreement.

4. Data Subjects’ Right

4.1. If Publisher, in its use or receipt of Upseller’s services, does not have the ability to correct, amend, restrict, block or delete Data, Publisher will promptly notify Upseller of such inability and Upseller will use all reasonable efforts to facilitate such actions to the extent Upseller is legally permitted and able to do so.

5. Relationship of the Parties

5.1. The parties acknowledge that Publisher is a controller of the Data it discloses to Upseller, and that Upseller will process the Data as a separate and independent controller strictly for the Permitted Purpose. In no event will the parties process the Data jointly as joint controllers.

6. Compliance with Law

Each party shall be individually and separately responsible for complying with the obligations that apply to it as a controller under Privacy Laws. Without limitation to the foregoing, each party shall maintain a publicly accessible privacy policy on its website(s) that satisfies the transparency disclosure requirements of Privacy Laws.

7. Security

7.1. Upseller shall implement appropriate technical and organizational measures to protect the Data from (i) accidental or unlawful destruction; and (ii) loss, alteration, unauthorized disclosure of, or access to, the Data (a “Security Incident”). In the event that Upseller suffers a confirmed Security Incident, it shall notify Publisher without undue delay and both parties shall cooperate in good faith to agree and take action upon such measures as may be necessary to mitigate or remedy the effects of the Security Incident.

8. Subcontracting

8.1. Upseller may appoint third party processors to process Data for the Permitted Purpose, provided that such processors: (i) agree in writing to process Data in accordance with Upseller’s documented instructions; (ii) implement appropriate technical and organizational security measures to protect the Data against a Security Incident; and (iii) otherwise provide sucient guarantees that they will process the Data in a manner that will meet the requirements of Privacy Laws. Upseller accepts responsibility for any breach of this Agreement that is caused by an act, error or omission of a processor it has appointed.

9. International Transfers

9.1. Upseller shall not transfer any Data (nor permit any Data to be transferred) to a territory outside of the European Economic Area unless it has taken such measures as are necessary to ensure the transfer is in compliance with Privacy Laws. Such measures may include, without limitation, transferring the Data to a recipient in a country that the European Commission has decided provides adequate protection for personal data; to a recipient that has achieved binding corporate rules authorization in accordance with Privacy Laws; to a recipient in the United States that has certified compliance with the EU-US Privacy Shield framework; or to a recipient that has executed standard contractual clauses adopted or approved by the European Commission.

10. Cookie Consent

10.1 Upseller uses cookies and similar tracking technologies to provide its services. Publisher shall contractually require its customers to implement appropriate notice and consent mechanisms upon their digital properties so that Upseller can serve cookies lawfully through such properties in order to perform its services under the Service Agreement.

11. Survival

11.1 This Agreement shall survive termination or expiration of the Service Agreement. Upon termination or expiration of the Service Agreement, Upseller may continue to process the Data provided that such processing complies with the requirements of this Agreement and Privacy Laws.

12. Indemnifications

12.1. Each party shall indemnify the other party against any compensation payable to data subjects or administrative fines payable to the supervisory authorities arising out of a breach of this Agreement or the Privacy Laws; provided, that the non-breaching party promptly notifies the breaching party of a claim and gives the breaching party the possibility to co-operate with the non-breaching party in the defence and settlement of the claim.

12.2. Neither party shall be liable for any indirect or consequential damages of the other party arising out of a breach of this Agreement or the Privacy Laws.

13. Applicable law and disputes

13.1. This Agreement shall be governed by the laws of Finland.

13.2. Any disputes arising out of this Agreement shall be finally resolved in arbitration in accordance with the Rules of Arbitration of the Central Chamber of Commerce of Finland. The place of arbitration shall be Helsinki and the number of arbitrators shall be one.



IN WITNESS WHEREOF, authorized representatives of each of the parties hereto have executed this Agreement as of the Effective Date.