Urllo Data Processing Addendum

Urllo Data Processing Addendum

Terms related to the privacy, confidentiality and security of personal data for subscribers subject to EU law.

Contents

  1. I. Definitions
  2. II. Roles and Responsibilities of the Parties
  3. IV. Sub-Processing
  4. V. Compliance With Applicable Laws
  5. VI. Data Security
  6. VII. Data Breach Notification
  7. VIII. Audit
  8. IX. Governing Law
  9. Annex 1: Scope of the Data Processing

Effective

Urllo data processing addendum.

Terms related to the privacy, confidentiality and security of personal data for subscribers subject to EU law.

This Data Processing Addendum ("Addendum"), applies to agreements between EasyRedir Inc. dba Urllo ( “Urllo”), and entities who subscribe for Urllo’s services and who are subject to Applicable Law ("Subscriber") (collectively referred to as the "Parties"), sets forth the terms and conditions relating to the privacy, confidentiality and security of Personal Data (as defined below) associated with services to be rendered by Urllo to Subscriber pursuant to the subscription agreement entered into between the Parties (the "Master Agreement").

I. Definitions

  1. "Applicable Law" means all applicable European Union (“EU”) or national laws and regulations relating to the privacy, confidentiality, security and protection of Personal Data, including, without limitation: the European Union ("EU") General Data Protection Regulation 2016 / 679 ("GDPR"), with effect from 25 May 2018, and EU Member State laws supplementing the GDPR; the EU Directive 2002/58/EC ("e-Privacy Directive"), as replaced from time to time, and EU Member State laws implementing the e-Privacy Directive, including laws regulating the use of cookies and other tracking means as well as unsolicited e-mail communications.
  2. "Data Controller" means a person who alone or jointly with others determines the purposes and means of the Processing of Personal Data.
  3. "Data Processor" means a person who Processes Personal Data on behalf of the Data Controller.
  4. "Data Security Measures" means technical and organizational measures that are aimed at ensuring a level of security of Personal Data that is appropriate to the risk of the Processing, including protecting Personal Data against accidental or unlawful loss, misuse, unauthorized access, disclosure, alteration, destruction, and all other forms of unlawful Processing, including measures to ensure the confidentiality of Personal Data.
  5. "Data Subject" means an identified or identifiable natural person to which the Personal Data pertain.
  6. "Instructions" means this Addendum and any further written agreement or documentation through which the Data Controller instructs the Data Processor to perform specific Processing of Personal Data.
  7. "Personal Data" means any information relating to an identified or identifiable natural person Processed by Urllo in accordance with Subscriber’s Instructions pursuant to this Addendum; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  8. "Personal Data Breach" a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise Processed.
  9. "Process""Processed", or "Processing" means any operation or set of operations performed upon Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  10. "Services" means the services offered by Urllo and subscribed for by Subscriber under the Master Agreement.
  11. "Sub-Processor" means the entity engaged by the Data Processor or any further Sub-Processor to Process Personal Data on behalf and under the authority of the Data Controller.

II. Roles and Responsibilities of the Parties

  1. The Parties acknowledge and agree that Subscriber is acting as a Data Controller, and has the sole and exclusive authority to determine the purposes and means of the Processing of Personal Data Processed under this Addendum, and Urllo is acting as a Data Processor on behalf and under the Instructions of Subscriber.
  2. Any Personal Data will at all times be and remain the sole property of Subscriber and Urllo will not have or obtain any rights therein.

III. Obligations of Urllo

Urllo agrees and warrants to:

  1. Process Personal Data disclosed to it by Subscriber only on behalf of and in accordance with the Instructions of the Data Controller and Annex 1 of this Addendum, unless Urllo is otherwise required by Applicable Law, in which case Urllo shall inform Subscriber of that legal requirement before Processing the Personal Data, unless informing the Subscriber is prohibited by law on important grounds of public interest. Urllo shall immediately inform Subscriber if, in Urllo’s opinion, an Instruction provided infringes Applicable Law.
  2. Ensure that any person authorized by Urllo to Process Personal Data in the context of the Services is only granted access to Personal Data on a need-to-know basis, is subject to a duly enforceable contractual or statutory confidentiality obligation, and only processes Personal Data in accordance with the Instructions of the Data Controller.
  3. Urllo stores and Processes all data, including Personal Data, in the United States. Urllo has and shall continue to enter into any written agreements as are necessary (in its reasonable determination) to comply with Applicable Law concerning any cross-border transfer of Personal Data, whether to or from Urllo.
  4. Inform Subscriber promptly and without undue delay of any formal requests from Data Subjects exercising their rights of access, correction or erasure of their Personal Data, their right to restrict or to object to the Processing as well as their right to data portability, and not respond to such requests, unless instructed by the Subscriber in writing to do so. Taking into account the nature of the Processing of Personal Data, Urllo shall assist Subscriber, by appropriate technical and organizational measures and at Subscriber’s cost, insofar as possible, in fulfilling Subscriber’s obligations to respond to a Data Subject’s request to exercise their rights with respect to their Personal Data.
  5. Notify Subscriber immediately in writing of any subpoena or other judicial or administrative order by a government authority or proceeding seeking access to or disclosure of Personal Data. Subscriber shall have the right to defend such action in lieu of and on behalf of Urllo. Subscriber may, if it so chooses, seek a protective order. Urllo shall reasonably cooperate with Subscriber in such defense.
  6. Provide reasonable assistance to Subscriber, at Subscriber’s cost, in complying with Subscriber’s obligations under Applicable Law.
  7. Maintain internal record(s) of Processing activities, copies of which shall be provided to Subscriber by Urllo or to supervisory authorities upon request.

IV. Sub-Processing

  1. Urllo shall not share, transfer, disclose, make available or otherwise provide access to any Personal Data to any third party, or contract any of its rights or obligations concerning Personal Data, unless Urllo has entered into a written agreement with each such third party that imposes obligations on the third party that are the same as those imposed on Urllo under this Addendum. Urllo shall only retain third parties that are capable of appropriately protecting the privacy, confidentiality and security of the Personal Data.

V. Compliance With Applicable Laws

  1. Each party covenants and undertakes to the other that it shall comply with all Applicable Laws in the use of the Services.
  2. Without limiting the above, Urllo is not responsible for determining the requirements of laws applicable to Subscriber’s business or that Urllo's provision of the Services meet the requirements of such laws. As between the parties, Subscriber is responsible for the lawfulness of the Processing of the Subscriber Personal Data. Subscriber will not use the Services in conjunction with Personal Data to the extent that doing so would violate applicable Data Protection Laws.
  3. If a Data Subject brings a claim directly against Urllo for a violation of their Data Subject rights in breach of Applicable Laws and such claim does not arise from a breach by Urllo of the terms of this Agreement, Subscriber will indemnify Urllo for any cost, charge, damages, expenses or loss arising from such a claim, to the extent that Urllo has notified Subscriber about the claim and given Subscriber the opportunity to cooperate with Urllo in the defense and settlement of the claim. Subject to the terms of the Agreement, Subscriber may claim from Urllo amounts paid to a Data Subject for a violation of their Data Subject rights caused by Urllo’s breach of its obligations under GDPR.

VI. Data Security

  1. Urllo shall develop, maintain and implement a comprehensive written information security program that complies with Applicable Law and good industry practice. Urllo’s information security program shall include appropriate administrative, technical, physical, organizational and operational safeguards and other security measures designed to (i) ensure the security and confidentiality of Personal Data; (ii) protect against any anticipated threats or hazards to the security and integrity of Personal Data; and (iii) protect against any Personal Data Breach, including, as appropriate:
    1. The encryption of the Personal Data;
    2. The ability to ensure the ongoing confidentiality, integrity, availability and resilience of Processing systems and services;
    3. The ability to restore the availability and access to the Personal Data in a timely manner in the event of a physical or technical incident; and
    4. A process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures adopted pursuant to this provision for ensuring the security of the Processing.
  2. Urllo shall supervise Urllo personnel to the extent required to maintain appropriate privacy, confidentiality and security of Personal Data. Urllo shall provide training, as appropriate, to all Urllo personnel who have access to Personal Data.
  3. Promptly (and in any event within 90 days) following the expiration or earlier termination of the Master Agreement, Urllo shall return to Subscriber or its designee, if so requested during such period, or if not so requested securely destroy or render unreadable or undecipherable, each and every original and copy in every media of all Personal Data in Urllo’s, its affiliates’ or their respective subcontractors’ possession, custody or control. In the event applicable law does not permit Urllo to comply with the delivery or destruction of the Personal Data, Urllo warrants that it shall ensure the confidentiality of the Personal Data and that it shall not use or disclose any Personal Data after termination of this Addendum.

VII. Data Breach Notification

  1. Urllo shall promptly inform Subscriber in writing of any Personal Data Breach of which Urllo becomes aware. The notification to Subscriber shall include all available information regarding such Personal Data Breach, including information on:
    1. The nature of the Personal Data Breach including where possible, the categories and approximate number of affected Data Subjects and the categories and approximate number of affected Personal Data records;
    2. The likely consequences of the Personal Data Breach; and
    3. The measures taken or proposed to be taken to address the Personal Data Breach, including, where appropriate, measures to mitigate its possible adverse effects.

Urllo shall cooperate fully with Subscriber in all reasonable and lawful efforts to prevent, mitigate or rectify such Breach. Urllo shall provide such assistance as required to enable Subscriber to satisfy Subscriber’s obligation to notify the relevant supervisory authority and Data Subjects of a personal data breach under Articles 33 and 34 of the GDPR.

VIII. Audit

Urllo shall on written request (but not more than once per year, other than in the event of a breach) make available to Subscriber all information necessary to demonstrate compliance with the obligations set forth in this Addendum and, at the Subscriber’s expense, allow for and contribute to audits, including inspections, conducted by Subscriber or another auditor mandated by Subscriber. Upon prior written request by Subscriber (provided that it shall be not more than once per year other than in the event of a breach), Urllo agrees to cooperate and, within reasonable time, provide Subscriber with: (a) audit reports (if any) and all information necessary to demonstrate Urllo’s compliance with the obligations laid down in this Addendum; and (b) confirmation that no audit, if conducted, has revealed any material vulnerability in Urllo’s systems, or to the extent that any such vulnerability was detected, that Urllo has fully remedied such vulnerability.

IX. Governing Law

To the extent required by Applicable Law, this Addendum shall be governed by the law of Ireland. In all other cases, this Addendum shall be governed by the laws of the jurisdiction specified in the Agreement.

Annex 1: Scope of the Data Processing

This Annex forms part of the Data Processing Addendum between Subscriber and Urllo. The Processing of Personal Data concerns the following categories of Data Subjects:

  1. Subscriber’s authorized users of the Services; and
  2. Data Subjects who are redirected by the Service.

The Processing concerns the following categories of Personal Data:

  1. For Subscriber’s authorized users of the Services, such information as is reasonably required to:
    1. facilitate their use of the system through account creation (which may include name, user name, email address, phone number and similar information); and
    2. monitor their usage of the Services for the purpose of improving the Services and their usage of the Services; and
  2. For Data Subjects who are redirected by the Service, their IP addresses.

The Processing concerns the following categories of Sensitive Data:

None.

The Processing concerns the following categories of data Processing activities (i.e., purposes of Processing):

  1. For Subscriber’s authorized users of the Services, solely to the extent as is required to provide the Services to them and otherwise in accordance with Urllo’s privacy policy; and
  2. For Data Subjects who are redirected by the Service, for the purpose of redirecting those Data Subjects to such URL as may be specified by Subscriber.

Contact us

Ready to talk? Let’s get connected

925-1811 4 Street SW.
Calgary, Alberta, T2S 1W2, Canada

© 2024 EasyRedir Inc.

Get started now

Join over 1,000 global companies that use the world’s most trusted URL redirect service to deliver seamless customer experiences across all their websites and domains.

For enterprise

Speak with an expert

Our team can provide tailored solutions and custom pricing for enterprise businesses.

  • Technical implementation assistance
  • Dedicated success manager
  • Industry-leading support

Get going today

Start your 14-day free trial

Create and deploy your redirects quickly and easily. Starting today.

  • Get support with bulk imports
  • Access our help center
  • Talk to a real person when you need one

We offer plans built to scale as your business does. See all pricing plans