Data Processing Amendment

Last updated: February 6, 2024.

This Data Processing Amendment ("Amendment") is entered into between the Customer (hereinafter referred to as "Data Controller") and ClickPath, the Analytics Service (hereinafter referred to as "Service" or "Data Processor"), collectively referred to as the "Parties," and forms an integral part of the agreement between them.

1. Purpose of Data Processing:

1.1 Scope: This Amendment governs the processing of personal data by the Data Processor on behalf of the Data Controller in connection with the provision of analytics services as per the agreement between the Parties.

2. Data Processing Details:

2.1 Subject Matter: The subject matter of the data processing is the analytics data collected by the Analytics Service's script installed on the Data Controller's website.

2.2 Duration: The data processing activities will continue for the duration of the agreement between the Parties and as long as necessary to fulfill the purposes outlined in the agreement.

2.3 Nature and Purpose: The Data Processor will process personal data for the purpose of providing analytics services, including data tracking, analysis, and reporting.

3. Data Controller's Responsibilities:

3.1 Lawful Basis: The Data Controller ensures that it has a lawful basis for the processing of personal data and has obtained all necessary consents from data subjects.

4. Data Processor's Obligations:

4.1 Compliance with Laws: The Data Processor agrees to comply with all applicable data protection laws, including the GDPR.

4.2 Confidentiality: The Data Processor will ensure that individuals processing personal data are subject to confidentiality obligations.

4.3 Security Measures: The Data Processor will implement appropriate technical and organizational measures to ensure the security and confidentiality of the personal data.

4.4 Assistance to Data Controller: The Data Processor will assist the Data Controller in fulfilling its obligations under data protection laws, including data subject rights, security measures, and data breach notifications.

5. Subprocessing:

5.1 Consent for Subprocessing: The Data Processor shall not engage a subprocessor without obtaining prior written consent from the Data Controller.

5.2 Subprocessor Obligations: In the event of engaging a subprocessor, the Data Processor will ensure that the subprocessor is bound by data protection obligations no less protective than those in this Amendment.

6. Data Subject Rights:

6.1 Assistance: The Data Processor will assist the Data Controller in responding to data subject requests, including access, correction, deletion, and data portability.

7. Data Security Breach:

7.1 Notification: The Data Processor will notify the Data Controller without undue delay upon becoming aware of a data breach, providing sufficient information to allow the Data Controller to meet any obligations to report or inform data subjects.

8. Return or Deletion of Data:

8.1 Data Return/Deletion: Upon termination of the agreement, the Data Processor will, at the Data Controller's choice, return or delete all personal data processed under this Amendment.

9. Governing Law:

9.1 Applicable Law: This Amendment shall be governed by and construed in accordance with the laws of The Netherlands.

10. Miscellaneous:

10.1 Entire Agreement: This Amendment, together with the agreement between the Parties, constitutes the entire understanding between the Parties concerning the subject matter hereof and supersedes all prior and contemporaneous agreements.

By using our Service, you agree to the terms outlined in this Data Processing Amendment. This amendment is subject to periodic updates, so please review it regularly.