This Data Processing Addendum (“DPA”) forms part of the Atera Terms of Use (available at https://www.atera.com/terms-of-use/) and Privacy Policy (available at: https://www.atera.com/privacy/) and any other applicable Atera terms or agreement governing the use of the Services (collectively, the “Agreement”).
In order to provide the services provided under the Agreement (“Services”), Atera Networks Ltd. (together with its affiliated companies and subsidiaries worldwide) (“Atera”, “Us”, “We”, “Our”, “Service Provider” or “Data Processor”) may be required to processes data of the Client’s Users’ Information (as defined below).
To the extent Client’s Users’ Information falling within the scope of EU/UK Data Protection Law or Personal Information falling within the scope of the CCPA is processed by Atera on Client’s behalf you acknowledge and agree to abide to this DPA and further agree that Atera will process Client’s Users’ Information as necessary to provide you with the Services and as further detailed herein. By using the Services, you instruct Atera to process such Client’s Users’ Information on your behalf pursuant to this DPA.
“Control”, for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.
“Client” means the entity executing and/or accepting Atera’s Agreement.
“Client’s Users” means Client’s end users and customers..
“Client’s Users’ Information” means Personal Data or Personal Information of Client’s Users that Client submits to Atera or may otherwise be Processed by Atera on Client’s behalf.
“Authorized Affiliate” means any of Client’s Affiliate(s) which (a) is subject to the Data Protection Laws And Regulations of the European Union, the European Economic Area and/or their member states, Switzerland and/or the United Kingdom, and (b) is permitted to use the Services pursuant to the Agreement between Client and Atera, but has not signed its own agreement with Atera and is not a “Customer” as defined under the Agreement.
“Controller” or “Data Controller” means the entity which determines the purposes and means of the Processing of Personal Data. For the purposes of this DPA only, and except where indicated otherwise, the term “Data Controller” shall include yourself, the Organization and/or the Organization’s Authorized Affiliates.
“Data Protection Laws and Regulations” means the laws and regulations of the European Union, the European Economic Area and their Member States, Switzerland and the United Kingdom, applicable to the Processing of Personal Data under the Agreement.
“Data Subject” means the identified or identifiable person to whom the Personal Data relates.
“Member State” means a country that belongs to the European Union and/or the European Economic Area. “Union” means the European Union.
“Atera Group” means Atera and its Affiliates engaged in the Processing of Client’s Users’ Information.
“GDPR” means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Client’s Users’ Information and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
“Personal Data” or “Personal Information” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Process(ing)” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Processor” or “Data Processor” means the entity which Processes Personal Data on behalf of the Controller.
“Security Documentation” means the Security Documentation applicable to the specific Services purchased by Client, as updated from time to time, and will be provided to you upon sending us a request to: [email protected], or as otherwise made reasonably available by Atera.
“Sub-processor” means any Processor engaged by Atera.
“Supervisory Authority” means an independent public authority which is established by an EU Member State pursuant to the GDPR
SCHEDULE 1 – DETAILS OF THE PROCESSING
Subject matter
Data Processor will Process Client’s Users’ Information as necessary to perform the Services pursuant to the Agreement, as further instructed by Client in its use of the Services.
Nature and Purpose of Processing
Duration of Processing
Subject to any Section of the DPA and/or the Agreement dealing with the duration of the Processing and the consequences of the expiration or termination thereof, Data Processor will Process Client’s Users’ Information for the duration of the Agreement, unless otherwise agreed upon in writing.
Type of Client’s Users’ Information
Client may submit Client’s Users’ Information to the Services, the extent of which is determined and controlled by Client in its sole discretion, and which may include, but is not limited to Client’s Users Information provided to, or accessed by Atera, in order to provide the Services subject to this DPA.
For the avoidance of doubt, the log-in details to Atera’s platform and Client’s contact details information are subject to Atera’s privacy policy available here: https://www.atera.com/privacy/ and not to this DPA.
Categories of Data Subjects
Client may submit Client Users’ Information to the Services, the extent of which is determined and controlled by Client in its sole discretion, and which includes Client Users.