Data Processing Agreement

"Data Protection Laws" means all applicable laws and regulations relating to the processing of Personal Data and privacy that may exist in any relevant jurisdiction, including, where applicable, the EU General Data Protection Regulation (GDPR).

"Personal Data", "Controller", "Processor", "Data Subject", and "Processing" shall have the meanings given to them in the applicable Data Protection Laws.

FeedNest shall process Personal Data only on behalf of the Controller and in accordance with the Controller's documented instructions, including with regard to transfers of personal data to a third country or an international organization, unless required to do so by applicable law.

The subject matter, nature, and purpose of the processing, the type of personal data, and categories of data subjects are described in our Privacy Policy.

FeedNest implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:

• Pseudonymization and encryption
• Confidentiality and integrity
• Availability and resilience
• Timely restoration of access
• Regular security testing

The Controller grants FeedNest a general authorization to engage sub-processors. FeedNest shall inform the Controller of any intended changes concerning the addition or replacement of other sub-processors, thereby giving the Controller the opportunity to object to such changes.

Where FeedNest engages a sub-processor for carrying out specific processing activities on behalf of the Controller, the same data protection obligations as set out in this DPA shall be imposed on that other processor.

FeedNest ensures that any transfer of Personal Data to a third country or an international organization is subject to appropriate safeguards as described in Article 46 of the GDPR, such as the Standard Contractual Clauses (SCCs).

Taking into account the nature of the processing, FeedNest shall assist the Controller by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of the Controller's obligation to respond to requests for exercising the Data Subject's rights laid down in Chapter III of the GDPR.

FeedNest shall notify the Controller without undue delay after becoming aware of a Personal Data breach. The notification shall describe the nature of the personal data breach, the categories and approximate number of data subjects concerned, and the likely consequences of the personal data breach.

If you have any questions about this DPA or need to sign a copy, please contact us at dpa@feednest.com.