Data Processing Agreement

This Data Processing Agreement (“DPA”) is an agreement to the processing of personal data by Microspace on behalf of you, Customer, in connection with the Microspace Subscription Services and forms part of the Microspace Terms of Service (“Service Agreement”).

If you wish to receive a signed copy of this agreement, please contact us at team@microspace.co.

1. Definitions

“European Data Protection Laws" means data protection laws applicable in Europe, including: (i) Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) ("GDPR"); (ii) Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector; and (iii) applicable national implementations of (i) and (ii); or (iii) GDPR as it forms parts of the United Kingdom domestic law by virtue of Section 3 of the European Union (Withdrawal) Act 2018 ("UK GDPR"); and (iv) Swiss Federal Data Protection Act on 19 June 1992 and its Ordinance ("Swiss DPA"); in each case, as may be amended, superseded or replaced.  

"Services" means the services provided to the Customer by Microspace according to the Service Agreement.

“Data Protection Laws” means all applicable worldwide legislation relating to data protection and privacy which applies to the respective party in the role of Processing Personal Data in question under the Agreement, including without limitation European Data Protection Laws, the CCPA and the data protection and privacy laws of Australia and Singapore; in each case as amended, repealed, consolidated or replaced from time to time.

"European Data Protection Laws" means data protection laws applicable in Europe, including: (i) Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) ("GDPR"); (ii) Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector; and (iii) applicable national implementations of (i) and (ii); or (iii) GDPR as it forms parts of the United Kingdom domestic law by virtue of Section 3 of the European Union (Withdrawal) Act 2018 ("UK GDPR"); and (iv) Swiss Federal Data Protection Act on 19 June 1992 and its Ordinance ("Swiss DPA"); in each case, as may be amended, superseded or replaced.  

“Customer Personal Data” means any personal data that is processed by Microspace on behalf of the Customer to perform the Services under the Service Agreement.

“Standard Contractual Clauses” means the standard contractual clauses annexed to the European Commission’s Decision (EU) 2021/914 of 4 June 2021 currently found at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc/standard-contractual-clauses-international-transfers_en , as may be amended, superseded or replaced.

“UK Addendum” means the International Data Transfer Addendum issued by the UK Information Commissioner under section 119A(1) of the Data Protection Act 2018 currently found at https://ico.org.uk/media/for-organisations/documents/4019539/international-data-transfer-addendum.pdf, as may be amended, superseded, or replaced.

The terms "consent", "controller", "data subject", "personal data breach", "processor", "sub processor", "processing", "supervisory authority" and "third party" are defined according to the meaning in article 4 of GDPR.

2. Scope of the Processing

2.1 Processing of Customer Personal Data

The Processing of Customer Personal Data within the scope of the Agreement shall be carried out in accordance with the following stipulations and as required under Article 28(3) of the GDPR. The parties may amend this information from time to time, as the parties may reasonably consider necessary to meet those requirements.

2.2 Processor and Controller

For the purposes of this DPA, the Customer is the controller of the Customer Personal Data and Microspace is the processor of such data.

3. Customer Responsibilities

3.1 Compliance with Applicable Laws

Within the scope of the Service Agreement and the use of the services, you are responsible for complying with all obligations applicable under Data Protection Laws with respect to the Processing of Personal Data and the Instructions issued to us.

3.2 Controller Instructions

The Service Agreement, including this DPA, and your use of the Microspace Subscription Services reflect your instruction to us to the Processing of Customer Personal Data as agreed in the Terms of Services of the Microspace Subscription.

3.3 Security

You are responsible for the secure use of the Microspace Subscription Services, including Customer Personal Data used in integrations with our service and in transit. Additionally, you are responsible for ensuring the data security in the Microspace Subscription meets your obligations to comply with Data Protection laws.

4. Microspace Responsibilities

4.1 Compliance with Instructions

We will only process Customer Personal Data to fulfil our obligations of the Service Agreement and for the purposes described in this DPA or otherwise required by applicable law. Customer instructions shall be documented via support ticket, email or other written communication or by you using the Microspace Subscription Services.

4.2  Compliance with Applicable Laws

We will not process Customer Personal Data if your Instructions are in conflict with applicable laws. In such cases, we will notify you of the legal requirement and will only resume the processing of Customer Data when new Instructions with which we are able to comply. We will not be liable to any interruption in the Microspace Subscription Service experienced by you until we receive new lawful Instructions.

4.3. Security

We will protect Customer Personal Data from Data Breaches by implementing and maintaining suitable technical and organisational measures.

4.4 Confidentiality

Any Microspace team member who is authorized by us to process Customer Personal Data is obliged to confidentiality through appropriate policies and/or contracts in regard to the Customer Personal Data.

4.5 Customer Personal Data Breach

We will notify you without undue delay after we become aware of any personal data breach affecting the Customer Personal Data. We will keep you updated with information regarding the personal data breach as it becomes known or as reasonably equested by you.

4.6 Deletion or Return of Customer Personal Data.

On termination or expiration of your Microspace Subscription Service we will delete all Customer Data taking into account any grace period in accordance with Service Agreement. This is applicable except where we are required by applicable laws to retain some or all Customer Personal Data or where we have stored backups of Customer Personal Data in our backup storage. Backups are securely stored and are not accessible for processing.

You may request immediate permanent deletion of your account by contacting us at support@microspace.co and after identity verification. Any additional cost arising in connection with the return or deletion of Personal Data after the termination or expiration of the Service Agreement shall be borne by the Customer.

5. Data Subject Requests

Your Microspace Subscription Service provides specific controls to delete, restrict and correct Customer Personal Data to allow you to comply with your obligations with respect to Data Protection Laws, including requests from Data Subjects to exercise their rights.

In case you are unable to respond to a Data Subject Request through your Microspace Subscription Service, we will, after receiving a written request, assist the Customer by appropriate measures, insofar this is reasonably possible.

If we receive a Data Subject Request directly, we will inform you without delay, and will instruct the data subject to send their request to you. You are solely responsible to respond appropriately to such Data Subject Requests.

6. Sub-processing

We agree that we may employ sub-processors to process Customer Personal Data on your behalf. Microspace will ensure that the sub-processors are required through written agreements to provide at least the same level of data protection as Microspace through this DPA. Microspace may continue to use those sub-processors already engaged at the date of this DPA.

Sub-processors provide services related to infrastructure and hosting, product features and integrations and services and support. You can find the current list of Sub-processors in Appendix 1.

If we add or replace any Sub-Processors we will update the third party list in Appendix 1. You may request to receive notifications by email of any changes by contacting us at team@microspace.co. You may notify us in writing of any reasonable objections to the proposed sub-processor and Microspace will provide a reasonable written explanation and engage in a good faith discussion to come to a resolution. If Microspace and Customer are not able to come to a resolution, either party has the right to terminate the Service Agreement.

7. Data Protection Impact Assessments

Microspace provide reasonable assistance to Customer at the Customer’s cost, within the scope of the Services provided and information that is available, with any data protection impact assessment and consultations with data protection authorities which are required for Customer to comply with Applicable Data Protection Laws.

7. Data Transfers

Microspace will only transfer Customer Personal Data from the EU, EEC, Switzerland and the United Kingdom within these areas or to countries which provide adequate level of protections in compliance with European Data Protection Laws.

8. Other provisions

8.1 Governing Laws and Jurisdiction

This DPA will be governed by the jurisdiction as determined by the Service Agreement unless otherwise required by Data Protection Laws.

8.2 Amendments

We reserve the right to make any changes or updates to this DPA.

8.3 Severance

If any individual provisions of this DPA are determined to be invalid or unenforceable, the validity and enforceability of the other provisions of this DPA will not be affected.

8.4 Termination

This DPA will terminate automatically with the termination of the Service Agreement

Appendix 1

Authorised Sub-processors as of the DPA Effective Date

Third Party Sub-Processor

Location

Description of Activities

Purpose

Amazon Web Services EMEA SARL

Germany

On-demand cloud computing platforms and APIs

Infrastructure and Hosting

Silevis Software Sp. z o.o.

Poland

Technical Support Services

Support

Mailjet

France

On-demand email services and APIs

Feature and Integration

Last revised January 17, 2023.

Werk samen met ons aan jouw succes

Neem contact met ons op