The Data Processing Agreement (“DPA”) forms part of the Master Services Agreement or other written or electronic agreement between Episerver and Customer for the purchase of online services from Episerver (identified either as “Software Services” or otherwise in the applicable agreement, and hereinafter defined as “Software Services”) (the “Agreement”) to reflect the parties’ agreement with regard to the Processing of Personal Data.
By signing this Agreement, Customer enters into this DPA on behalf of itself and, to the extent required under applicable Data Protection Laws and Regulations, in the name and on behalf of its Authorized Affiliates, if and to the extent Episerver processes Personal Data for which such Authorized Affiliates qualify as the Controller. For the purposes of this DPA only, and except where indicated otherwise, the term "Customer" shall include Customer and Authorized Affiliates. All capitalized terms not defined herein shall have the meaning set forth in the Agreement, end-user services agreement (“EUSA”) and service level agreement (“SLA”).
In the course of providing the Software Services to Customer pursuant to the Agreement, Episerver may Process Personal Data on behalf of Customer and the Parties agree to comply with the following provisions with respect to any Personal Data, each acting reasonably and in good faith.
If Customer entering into this DPA is a party to the Agreement, this DPA is an addendum to and forms part of the Agreement. In such case, the Episerver entity that is party to the Agreement is party to this DPA.
If Customer’s Affiliate entering into this DPA has executed an Order with Episerver or its Affiliate pursuant to the Agreement, but is not itself a party to the Agreement, this DPA is an addendum to that Order and applicable renewal Orders, and the Episerver entity that is party to such Order is party to this DPA.
If the Customer entity signing the DPA is not a party to an Order nor a Master Services Agreement directly with Episerver but is instead a customer indirectly via an authorized reseller of Episerver services, this DPA is not valid and is not legally binding. Such entity should contact the authorized reseller to discuss whether any amendment to its agreement with that reseller may be required.
This DPA shall not replace any additional terms relating to Processing of Customer Data contained in any Amendment(s) to Customer’s Agreement, however shall replace any existing standard data processing agreement between the Parties.
If an entity signing this DPA is neither a party to an Agreement nor an Order, this DPA is not valid and is not legally binding. Such entity should request that a Customer entity who is a party to the Agreement executes this DPA on their behalf.
**Note: If Customer is using Episerver Managed Services (formerly Everweb), this DPA is not valid and is not legally binding unless written confirmation from Episerver has been received stating that the minimum GDPR technical and organizational measures on Customer’s environment have been met.
For further information, please see the Episerver Trust Center here.
As always, we at Episerver take your privacy seriously. Please find our privacy statement here.