This Data Protection Agreement (“DPA”) supplements the agreement for Services between GetApp and Software Vendor, to provide additional terms for the sharing and use of Personal Data.
1. Scope, Definitions and Applicable Law. This DPA applies to GetApp’s handling and use of personal data from Software Vendor (“Personal Data”) to allow GetApp to deliver the applicable services. Terms used herein that are not otherwise defined, including, without limitation, “personal data,” “controller,” and “processing,” shall have the meanings set forth in applicable laws, regulations, and decisions applicable to a party to this DPA, including but not limited to Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation), the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), and any future implementing legislation (collectively, “Applicable Law”).
3. Protection of Personal Data. GetApp will: (a) maintain reasonable technical and organizational security measures, in accordance with Applicable Law, to protect against, without limitation, the accidental, unlawful or unauthorized access to or use, transfer, destruction, loss, alteration, commingling, disclosure or processing of Personal Data ; and (b) treat Personal Data with strict confidence and take reasonable steps to ensure that persons who process or will process Personal Data are under a duty of confidentiality with respect to Personal Data no less restrictive than the duties set forth herein.
4. Notice and Cooperation. GetApp will provide written notice, to the extent required by Applicable Law, to a competent regulatory authority, each impacted data subject and/or to Software Vendor, in the case of a personal data breach. ‘Personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.
5. Data Subject Communications. GetApp will provide notice, as required by Applicable Law, to the data subject outlining how GetApp processes their Personal Data. GetApp will be responsible for handling all requests and exercise of rights granted to the data subject under Applicable Law which GetApp receives in respect of GetApp’s processing of Personal Data.
6. International Transfer of Personal Data. If Personal Data originates from the European Economic Area, UK and/or Switzerland, and such Personal Data is transferred to a third country, at either party’s request, the parties will enter into the appropriate Controller to Controller cross border transfer agreement with Software Vendor, as required by applicable local law.
7. Sale or Sharing of Personal Data. As a Business under the California Consumer Protection Act (CCPA), as amended by the California Privacy Rights Act (CPRA), GetApp shall not: (a) “Sell” or “Share” Personal Data, as defined; (b) retain, use, or disclose Personal Data for any purpose other than for the Business Purpose, including to retain, use, or disclose the Personal Data for a commercial purpose other than providing its service under the Agreement; or (c) retain, use, or disclose Personal Data outside of the direct business relationship between GetApp and Software Vendor.
Last Updated: October 2023
Policy Last Updated: October 2023