This Data Protection Addendum (“Addendum“) between VuNet Systems Pvt Ltd (“VuNet Systems”) and the Customer (as defined in the Agreement) forms part of the VuNet Systems Terms of Service set forth at https://vunetsystems.com/terms-of-service/ or such other written or electronic agreement incorporating this Addendum, in each case governing Customer’s access to and use of the Services (the “Agreement”).
Customer enters into this Addendum on behalf of itself and any Affiliates authorized to use the Services under the Agreement and who have not entered into a separate contractual arrangement with VuNet Systems. For the purposes of this Addendum only, and except where otherwise indicated, references to “Customer” shall include Customer and such Affiliates.
The Parties hereby agree that the terms and conditions set out below shall be added as an Addendum to the Agreement.
1. Definitions
1.1 In this Addendum, the following terms shall have the meanings set out below and cognate terms shall be construed accordingly:
1.2 The terms “Business”, “Business Purpose”, “commercial purpose”, “Contractor”, “Controller“, “Data Subject“, “Personal Data“, “Personal Data Breach“, “Process“, “Processor“, “Sell”, “Service Provider”, “Share”, “Subprocessor”, “Supervisory Authority“, and “Third Party” have the same meanings as described in applicable Data Protection Laws and cognate terms shall be construed accordingly.
1.3 Capitalized terms not otherwise defined in this Addendum shall have the meanings ascribed to them in the Agreement.
2. Roles of the Parties
3. Description and Purpose of Personal Data Processing
4. Data Processing Terms
In relation to any notice received under section 4.2(d)(i), Customer shall have a period of 30 (thirty) days from the date of the notice to inform VuNet Systems in writing of any reasonable objection on data protection grounds to the use of that Sub-processor. The parties will then, for a period of no more than 30 (thirty) days from the date of Customer’s objection, work together in good faith to attempt to find a commercially reasonable solution for Customer which avoids the use of the objected-to Sub-processor. Where no such solution can be found, either Party may (notwithstanding anything to the contrary in the Agreement) terminate the relevant Services immediately on written notice to the other Party, without damages, penalty or indemnification whatsoever (but without prejudice to any fees incurred by Customer prior to termination);
5. Restricted Transfers
6. Precedence
7. Indemnity
8. Severability
9. Miscellaneous.
Annex 1 to Data Protection Addendum
Description of Processing Activities for Customer Personal Data
This Annex includes certain details of the Processing of Customer Personal Data by VuNet Systems in connection with the Services.
1. List of Parties
Data Exporter
Name: | Customer (as defined in the Agreement) |
Address: | As set forth in the relevant Order Form. |
Contact person’s name, position and contact details: | As set forth in the relevant Order Form. |
Activities relevant to the data transferred under these Clauses: | Recipient of the Services provided by VuNet Systems in accordance with the Agreement. |
Signature and date: | Signature and date are set out in the Agreement. |
Role (controller/processor): | Controller |
Data Importer
Name: | VuNet Systems |
Address: | L77, 15th Cross Rd, Sector 6, HSR Layout, Bengaluru, Karnataka 560102 |
Contact person’s name, position and contact details: | Bharat Joshi, [email protected] |
Activities relevant to the data transferred under these Clauses: | Provision of the Services to the Customer in accordance with the Agreement. |
Signature and date: | Signature and date are set out in the Agreement. |
Role (controller/processor): | Processor |
2. Competent Supervisory Authority
Identify the competent supervisory authority/ies in accordance (e.g. in accordance with Clause 13 SCCs) | As determined by application of Clause 13 of the EU SCCs. |
3. Processing Information
Categories of data subjects whose personal data is transferred | Customer’s authorized users of the Services |
Categories of personal data transferred | Processed automatically by the Services: · Names · email IDs Processed where and to the extent provided by Customer or its authorized users in connection with audit services provided by VuNet Systems: · address · date of birth · past employment details |
Sensitive personal data transferred | None |
Frequency of the transfer | Continuous |
Nature of the processing | The nature of the processing is more fully described in the Agreement and accompanying order forms but will include the following basic processing activities: The provision of Services to Customer. In order to provide people data, VuNet Systems receives identifying Customer Personal Data to permit VuNet Systems to query, cleanse, standardize, enrich, (when required) send to additional data to feed providers, and to store the query information. The purpose of the transfer is to facilitate the performance of the Services more fully described in the Agreement and accompanying order forms. |
Purpose of the data transfer and further processing | |
For processing involving California consumers, please select the Business Purpose(s) for Processing Personal Data | ☐ N/A ☐ Auditing related to counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards ☒ Helping to ensure security and integrity to the extent the use of the consumer’s personal information is reasonably necessary and proportionate for these purposes ☒ Debugging to identify and repair errors that impair existing intended functionality. ☐ Short-term, transient use, including, but not limited to, nonpersonalized advertising shown as part of a consumer’s current interaction with the business, provided that the consumer’s personal information is not disclosed to another third party and is not used to build a profile about the consumer or otherwise alter the consumer’s experience outside the current interaction with the business ☒ Performing services on behalf of the business, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on behalf of the business. ☐ Providing advertising and marketing services, except for cross-context behavioral advertising, to the consumer provided that, for the purpose of advertising and marketing, a service provider or contractor shall not combine the personal information of opted-out consumers that the service provider or contractor receives from, or on behalf of, the business with personal information that the service provider or contractor receives from, or on behalf of, another person or persons or collects from its own interaction with consumers. ☒ Undertaking internal research for technological development and demonstration. ☒ Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by the business, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by the business. ☒ To retain and employ another service provider or contractor as a subcontractor where the subcontractor meets the requirements for a service provider or contractor under CCPA. ☒ To build or improve the quality of the services it is providing to the business even if this Business Purpose is not specified in the written contract required by CCPA provided that Service Provider does not use the Customer Personal Data to perform Services on behalf of another person. ☒ To prevent, detect, or investigate data security incidents or protect against malicious, deceptive, fraudulent, or illegal activity, even if this Business Purpose is not specified in the written contract. |
Period for which the personal data will be retained or criteria used to determine that period | The period for which the Customer Personal Data will be retained is more fully described in the Agreement, Addendum, and accompanying order forms. |
Subprocessor transfers – subject matter, nature, and duration of processing | The subject matter, nature, and duration of the Processing more fully described in the Agreement, Addendum, and accompanying order forms. |
4. Technical and Organisational Security Measures
Description of the technical and organisational security measures implemented by VuNet Systems as the data processor/data importer to ensure an appropriate level of security, taking into account the nature, scope, context, and purpose of the processing, and the risks for the rights and freedoms of natural persons.
Security
Personnel Security.
Access Controls
Data Center and Network Security
Annex 2
VuNet Systems’s Sub-processors
Name of Sub-processor | Description of Processing | Location of Sub-processor |
Google Cloud Platform | Running the Development and Testing environment including the Application and Databases | India |
Microsoft Azzure | Running the Development and Testing environment including the Application and Databases | USA |
Google Workspace | Email services & Docs | India |
ZOHO | Ticketing & Support | India |
Atlassian | Work management | USA |
CKEditor | Document editor | USA |
Github | Code version control | USA |
Slack | Messaging | USA |
ContactForm7 | Contact Information | USA |
VuNet’s Business-Centric Observability platform, vuSmartMaps™ seamlessly links IT performance to business metrics and business journey performance. It empowers SRE and IT Ops teams to improve service success rates and transaction response times, while simultaneously providing business teams with critical, real-time insights. This enables faster incident detection and response.