Wisepops Data Processing Agreement

Need a signed copy? 

This Data Processing Agreement (the “DPA”) is entered into between WISEPOPS and the User and/or Subscriber with respect to the processing of personal data by WISEPOPS on behalf of the User and/or Subscriber. 

With regard to the subject matter of this DPA, in the event of any inconsistencies between the provisions of this DPA and the GTU, the provisions of this DPA shall prevail.

1. Definitions

The definitions of WISEPOPS’ General Terms of Use (hereinafter “GTU”) are applicable to this DPA. In addition, all terms in the terminology of the personal data protection regulation will have the meaning given to them by the General Data Protection Regulation n°2016/679 (“GDPR”).

2. Purpose of the DPA

The purpose of the DPA is to define the terms and conditions under which the processing of personal data occurring during the performance of WISEPOPS services in accordance with the GTU will be implemented. This DPA is part of the GTU.

3. Data processing for the provision of the Services

By displaying the Pop-ups or WISP Notifications and collecting data from Internet users (“User and/or Subscriber Data”) for Users and/or Subscribers, WISEPOPS is required to process personal data related to such User and/or Subscriber data. User and/or Subscriber and WISEPOPS acknowledge that as far as the implementation of this processing is concerned, User and/or Subscriber acts as a data controller and WISEPOPS as a data processor.

3.1 Documented instructions and details of the data processing

WISEPOPS processes User and/or Subscriber Data only on documented instructions from User and/or Subscriber including with respect to the transfer of personal data outside the European Economic Area, except as otherwise required under the law of the European Union or that of a Member State of the European Union to which it would be subject. In such a case, WISEPOPS undertakes to inform the User and/or Subscriber of this obligation, unless the right which is the source prohibits it for important reasons of public interest.

User and/or Subscriber, acting as the data controller and being responsible for the content of their Pop-ups and WISP Notifications, hereby declares and warrants being compliant with any applicable data protection law and regulation and in particular with the GDPR and any other laws such as the California Consumer Privacy Act (“CCPA”) as may be applicable from time to time (“Data Protection Law”).

At the time of the execution of the GTU, User and/or Subscriber instructs WISEPOPS to implement the following personal data processing under the following conditions:

  • Purpose: to provide the services to User and/or Subscriber in accordance with the GTU;
  • Nature of operations: operations necessary for WISEPOPS to provide the services to User and/or Subscriber;
  • Duration of the processing: duration of the subscription to the services unless otherwise indicated by User and/or Subscriber;
  • Categories of data subjects: any visitors of User and/or Subscriber’s websites;
  • Personal data processed: any data collected by User and/or Subscriber when using the services (such as email address and/or phone number), IP addresses.

If the User and/or Subscriber wishes to modify these instructions, it will inform WISEPOPS in writing. In any cases, WISEPOPS processes the User and/or Subscriber Data as reasonably requested by User and/or Subscriber provided that such instructions are consistent with the terms of this DPA and the Data Protection Law. 

User and/or Subscriber may contact WISEPOPS regarding data protection issues by sending an email to the following address: [email protected].

3.2. Records of the data processing

WISEPOPS will maintain a record of all categories of processing activities carried out on behalf of the User and/or Subscriber.

3.3. Confidentiality of the data processing

WISEPOPS ensures that all persons authorized to process User and/or Subscriber Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

3.4. Technical and organizational measures

WISEPOPS will implement and maintain appropriate technical and organizational measures to ensure a level of security appropriate to ensure the security and the confidentiality of User and/or Subscriber Data, as described in the security policy made available to User and/or Subscriber upon written request. WISEPOPS may modify or update this security policy from time to time.

3.5 Assistance

Taking into account the nature of the processing, WISEPOPS will do its best efforts to assist User and/or Subscriber by appropriate technical and organizational measures, insofar as this is possible, for the fulfillment of User and/or Subscriber’s obligation to respond to requests for exercising the data subject’s rights and undertakes to transmit to User and/or Subscriber any request from a data subject regarding the processing of his data and addressed directly to WISEPOPS.

WISEPOPS assists the User and/or Subscriber in ensuring compliance with the obligations related to the security of a data processing, to the notification of a data breach to the supervisory authority, to the communication of data breach to the data subject, to the data protection data assessment and for prior consultation to the supervisory authority.

WISEPOPS will notify the User and/or Subscriber in writing within forty-eight (48) hours after becoming aware of a personal data breach. WISEPOPS will provide User and/or Subscriber with information related to the nature of the personal da{“type”:”block”,”srcClientIds”:[“9d73f389-33d7-46d3-9911-f0898766cc52″],”srcRootClientId”:””}ta breach including where possible, the categories and the approximate number of data subjects concerned and the categories and approximate number of User and/or Subscriber Data records concerned, the likely consequences of the personal data breach and the measures taken or proposed to be taken by the controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects. Where, and in so far as, it is not possible to provide the information at the same time as the notification, the information may be provided in phases without undue further delay.

WISEPOPS makes available to User and/or Subscriber all information necessary to demonstrate compliance with the obligations laid down in this Article. WISEPOPS will contribute to audits, including inspections, conducted by the User and/or Subscriber or another auditor mandated by User and/or Subscriber, at User and/or Subscriber’s costs. WISEPOPS will inform the User and/or Subscriber if, in its opinion, an instruction infringes applicable Data Protection Law.

3.6. Deletion of the personal data

WISEPOPS will delete User and/or Subscriber Data at the end of the provision of the services relating to processing unless applicable Data Protection Law requires the storage of the personal data.

4. Ulterior subprocessing

User and/or Subscriber hereby gives a general authorization to WISEPOPS to engage sub-processors for carrying out specific processing activities on behalf of the User and/or Subscriber in relation to the processing of User and/or Subscriber Data.

At this date, the sub-processors are:

Identity and address of the subsequent sub-processorAppropriate safeguards if non-EEA data transferPurpose of the sub-processing
Name: Google Ireland Limited
Head Office Address: Gordon House, Barrow Street – Dublin 4, Ireland
Not applicableGoogle Cloud &
Google Analytics
Name: Amazon Web Services EMEA SARL
Head Office Address: 38 John F. Kennedy Avenue, L-1855, Luxembourg
Not applicableProvision of hosting services
Name: Cloudflare, Inc.
Head Office Address: 101 Townsend St, San Francisco, CA 94107, USA
The transfer of data is governed by the standard contractual clauses of the European Commission:
https://eur-lex.europa.eu/legal-content/FR/ALL/?uri=celex%3A32010D0087
Content Delivery Network
Name: Postmark
Head Office Address: 2400 Market St #235b, Philadelphia, PA 19103, USA
The transfer of data is governed by the standard contractual clauses of the European Commission:
https://eur-lex.europa.eu/legal-content/FR/ALL/?uri=celex%3A32010D0087
Transactional emails
Name: New Relic
Head Office Address: 188 Spear St, San Francisco
The transfer of data is governed by the standard contractual clauses of the European Commission:
https://eur-lex.europa.eu/legal-content/FR/ALL/?uri=celex%3A32010D0087
Performance monitoring
Name: Rollbar, Inc
Head Office Address: 510 Federal Street Suite 401 San Francisco, CA 94107 United States
The transfer of data is governed by the standard contractual clauses of the European Commission:
https://eur-lex.europa.eu/legal-content/FR/ALL/?uri=celex%3A32010D0087
Software errors tracking
Name: Taxamo
Head Office Address: Ireland
Not applicableTax Compliance service
Name: Hotjar Ltd.
Head Office Address: Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe
Not applicableWeb analytics service
Name: Fullstory
Head Office Address:  
1745 Peachtree St NE Atlanta, USA
The transfer of data is governed by the standard contractual clauses of the European Commission:
https://eur-lex.europa.eu/legal-content/FR/ALL/?uri=celex%3A32010D0087
Product Analytics
Name: Customer.io
Head Office Address: 921 SW Washington St, Suite #820 – Portland, OR 97205
The transfer of data is governed by the standard contractual clauses of the European Commission:
https://eur-lex.europa.eu/legal-content/FR/ALL/?uri=celex%3A32010D0087
Email service provider
Name: Segment.io, Inc.
Head Office Address: 100 California Street, Suite 700 – San Francisco, CA 94111, USA
The transfer of data is governed by the standard contractual clauses of the European Commission:
https://eur-lex.europa.eu/legal-content/FR/ALL/?uri=celex%3A32010D0087
Customer Data
Infrastructure / Business Analytics
 
Name: HubSpot, Inc.
Head Office Address: 25 First Street, 2nd Floor – Cambridge, MA 02141 USA 
The transfer of data is governed by the standard contractual clauses of the European Commission:
https://eur-lex.europa.eu/legal-content/FR/ALL/?uri=celex%3A32010D0087
Customer Relationship Management platform
Name: Intercom
Head Office Address: 55 2nd Street, 4th Floor – San Francisco, CA 94105
The transfer of data is governed by the standard contractual clauses of the European Commission:
https://eur-lex.europa.eu/legal-content/FR/ALL/?uri=celex%3A32010D0087
Customer messaging
application
Name: Stripe
Head Office Address: 510 Townsend Street – San Francisco, CA 94103, USA
The transfer of data is governed by the standard contractual clauses of the European Commission:
https://eur-lex.europa.eu/legal-content/FR/ALL/?uri=celex%3A32010D0087
Payment processing and subscription management
Name: Baremetrics, Inc.
Head Office Address: 548 Market St #22583 – San Francisco, CA 94104
The transfer of data is governed by the standard contractual clauses of the European Commission:
https://eur-lex.europa.eu/legal-content/FR/ALL/?uri=celex%3A32010D0087
Payment analytics and subscription management
Name: Amplitude
Head Office Address: 631 Howard St Floor 5 – San Francisco
The transfer of data is governed by the standard contractual clauses of the European Commission:
https://eur-lex.europa.eu/legal-content/FR/ALL/?uri=celex%3A32010D0087
Product analytics
Name: SatisMeter
Head Office Address: Česká 1113/1, Prague 5, 158 00, Czech Republic
Not applicableProduct analytics
Name: Harvestr
Head Office Address: 5 Rue Eugène Freyssinet F, 75013 Paris
Not applicableProduct management
List of Wisepops Sub-Processors

The same data protection obligations as above-mentioned are imposed on that sub-processors by way of a contract or other legal act. Where that sub-processors fail to fulfil their data protection obligations, WISEPOPS will remain fully liable to the User and/or Subscriber for the performance of other sub-processors’ obligations.

The User and/or Subscriber will be informed of any change, addition, or replacement of sub-processors by subscribing to the change alert. User and/or Subscriber may object to such changes and terminate this agreement by sending a written notice within fourteen days of such notice. The User’s and/or Subscriber’s objection shall be based on reasonable grounds.

If you would like to receive an email when we make updates to the Sub-Processors List, click here.

5. General Provisions

5.1. Severability

If one or several provisions of the DPA are deemed to be invalid or are declared as such under any law or regulation or following a definitive decision by a competent court, the other stipulations shall retain their full force and scope.

5.2. Liability

WISEPOPS’ liability that may arise from this DPA shall be limited in accordance with the provisions of the GTU.

5.3. Governing law and jurisdiction

This DPA is governed by French law. Any interpretation and/or dispute which may result from the DPA as well as any disputes between WISEPOPS and a User and/or Subscriber relating to the processing of User and/or Subscriber personal data are the exclusive jurisdiction of the competent courts located in Paris.