Debugbe Data Processing Agreement
Last updated: August 18, 2022
This Data Processing Agreement (“DPA”) is incorporated into and forms a part of the Cloud Subscription Agreement, Cloud Terms of Service, or other applicable service or subscription agreement between you and Debugbe with respect to your use of the Cloud Services (“Debugbe Agreement”). This DPA sets out data protection requirements with respect to the processing of Customer Personal Data (as defined below) that is collected, stored, or otherwise processed by Debugbe for the purpose of providing the Cloud Services. This DPA is effective on the effective date of the Debugbe Agreement, unless this DPA is separately executed in which case it is effective on the date of the last signature.
- “Customer,” “you” and “your” means the organization that agrees to an Order Form, or uses the Cloud Services subject to the relevant Debugbe Agreement.
- “Customer Personal Data” means any personal data that Customer uploads into the Cloud Services that is processed by Debugbe.
- “Data Protection Law” means GDPR, CCPA, and any other data protection legislation applicable to the respective party in its role in the processing of Customer Personal Data under the Debugbe Agreement.
- “Data Subject Request” has the meaning given to it in Section 5.1.
- “EEA” means the European Economic Area
- “GDPR” means the General Data Protection Regulation ((EU) 2016/679) and any national implementing laws, regulations and secondary legislation, as amended, updated or replaced from time to time, in the European Union, Switzerland and/or the United Kingdom.
- "Subprocessor" means any third-party data processor engaged by Debugbe to process Customer Personal Data.
- “Technical and Organizational Security Measures” has the meaning given to it in Section 3.2.
- The terms “controller,” “data subject,” “personal data,” “personal data breach,” “processor,” “processing” and “supervisory authority” have the meanings set forth in the GDPR.
2. Data Processing
2.1. Scope and Roles
This DPA applies when Debugbe processes Customer Personal Data in the course of providing the Cloud Services. In this context, Debugbe is a “processor” to Customer, who may act as either a “controller” or “processor” with respect to Customer Personal Data.
2.2. Details of the Processing
2.1.1. Subject Matter
The subject matter of the data processing under this DPA is Customer Personal Data.
The duration of the data processing under this DPA is until the expiration or termination of the Debugbe Agreement in accordance with its terms.
2.2.3. Nature and Purpose
The purpose of the data processing under this DPA is the provision of the Cloud Services to Customer in accordance with the Debugbe Agreement.
2.2.4. Types of Customer Personal Data
The types of Customer Personal Data processed under this DPA include any Customer Personal Data uploaded to the Cloud Services by Customer.
2.2.5. Categories of Data Subjects.
The data subjects may include Customer’s customers, employees, suppliers, and end users, or any other individual whose personal data Customer uploads to the Cloud Services.
2.2.6. Processing Operations
The objective of the processing of Customer Personal Data by Debugbe is the provision of Cloud Services to the Customer in accordance with the Debugbe Agreement.
2.3. Compliance with Laws
Each party will comply with all applicable Data Protection Law, including the GDPR, in relation to the processing of Customer Personal Data.
2.4. Debugbe’s Processing
Debugbe will process Customer Personal Data only for the purposes of: (i) provisioning the Cloud Services, (ii) processing initiated by Customer in its use of the Cloud Services, and (iii) processing in accordance with your Debugbe Agreement, this DPA, and your other reasonable documented instructions that are consistent with the terms of your Debugbe Agreement. Any other processing will require prior written agreement between the parties.
2.5. Customer Obligations
Customer acknowledges that it controls the nature and contents of the Customer Personal Data. Customer will ensure that it has obtained all necessary and appropriate consents from and provided notices to data subjects where required by Data Protection Law to enable the lawful transfer of any Customer Personal Data to Debugbe for the duration and purposes of this DPA and the Debugbe Agreement.
3.1. Confidentiality of Personnel
Debugbe will ensure that any of our personnel and any subcontractors who have access to Customer Personal Data are under an appropriate obligation of confidentiality.
3.2. Security Measures (“Technical and Organizational Security Measures”)
We will implement appropriate technical and organizational security measures to ensure a level of security appropriate to the risks that are presented by the processing of Customer Personal Data.
3.3. Breach Notification
We will notify you without undue delay if we become aware of a personal data breach affecting Customer Personal Data.
4.1. Authorized Subprocessors
You acknowledge and agree that we may retain our affiliates and other third parties to further process Customer Personal Data on your behalf as Subprocessors in connection with the provision of the Cloud Services.
4.2. Subprocessor Obligations
Debugbe will impose on each Subprocessor the same data protection obligations as are imposed on us under this DPA. We will be liable to you for the performance of the Subprocessors' obligations to the extent required by Data Protection Law.
5. Data Subject Requests
5.1 To assist with your obligations to respond to requests from data subjects, the Cloud Services provide Customer with the ability to retrieve, correct, or delete Customer Personal Data. Customer may use these controls to assist it in connection with its obligations under the GDPR, including its obligations related to any request from a data subject to exercise their rights under Data Protection Law (each, a “Data Subject Request”).
5.2. If a data subject contacts Debugbe with a Data Subject Request that identifies Customer, to the extent legally permitted, we will promptly notify Customer. Solely to the extent that Customer is unable to access Customer Personal Data itself, and Debugbe is legally permitted to do so, we will provide commercially reasonable assistance to Customer in responding to the Data Subject Request. To the extent legally permitted, Customer will be responsible for any costs arising from Debugbe’s provision of such assistance, including any fees associated with the provision of additional functionality.
6. Requests for Customer Personal Data
6.1. If we receive a valid and binding legal order (“Request”) from any governmental body (“Requesting Party”) for disclosure of Customer Personal Data, we will use commercially reasonable efforts to redirect the Requesting Party to seek that Customer Personal Data directly from Customer.
6.2. If, despite our efforts, we are compelled to disclose Customer Personal Data to a Requesting Party, we will:
- if legally permitted, promptly notify Customer of the Request to allow Customer to seek a protective order or other appropriate remedy. If we are prohibited from notifying Customer, we will use commercially reasonable efforts to obtain a waiver of that prohibition;
- challenge any over-broad or inappropriate Request (including Requests that conflict with the law of the European Union); and
- disclose only the minimum amount of Customer Personal Data necessary to satisfy the Request.
Taking into account the nature of the processing and the information available to us, at your request and cost, Debugbe will provide reasonable assistance to ensure compliance with the obligations under applicable Data Protection Law with respect to implementing appropriate security measures, personal data breach notifications, impact assessments and consultations with supervisory authorities or regulators, in each case solely related to processing of Customer Personal Data by Debugbe.
8. Return or Deletion of Data
Customer may retrieve or delete all Customer Personal Data upon expiration or termination of the Debugbe Agreement. Upon termination of your Debugbe Agreement or upon your request, Debugbe will delete any Customer Personal Data not deleted by Customer, unless we are legally required to store the Customer Personal Data.