Wisepops Data Processing Agreement
This Data Processing Agreement (the “DPA”) is entered into between WISEPOPS and the User and/or Subscriber with respect to the processing of personal data by WISEPOPS on behalf of the User and/or Subscriber.
With regard to the subject matter of this DPA, in the event of any inconsistencies between the provisions of this DPA and the GTU, the provisions of this DPA shall prevail.
1. Definitions
The definitions of WISEPOPS’ General Terms of Use (hereinafter “GTU”) are applicable to this DPA. In addition, all terms in the terminology of the personal data protection regulation will have the meaning given to them by the General Data Protection Regulation n°2016/679 (“GDPR”).
2. Purpose of the DPA
The purpose of the DPA is to define the terms and conditions under which the processing of personal data occurring during the performance of WISEPOPS services in accordance with the GTU will be implemented. This DPA is part of the GTU.
3. Data processing for the provision of the Services
By displaying the Pop-ups or WISP Notifications and collecting data from Internet users (“User and/or Subscriber Data”) for Users and/or Subscribers, WISEPOPS is required to process personal data related to such User and/or Subscriber data. User and/or Subscriber and WISEPOPS acknowledge that as far as the implementation of this processing is concerned, User and/or Subscriber acts as a data controller and WISEPOPS as a data processor.
WISEPOPS certifies that it understands and will comply with the restrictions on the use of User and/or Subscriber Data in connection with the WISEPOPS services set forth in this DPA. WISEPOPS will ensure that any employees, subcontractors, and agents involved in performing WISEPOPS services under the GTU comply with the terms of this DPA.
3.1 Documented instructions and details of the data processing
WISEPOPS processes User and/or Subscriber Data only on documented instructions from User and/or Subscriber including with respect to the transfer of personal data outside the European Economic Area, except as otherwise required under the law of the European Union or that of a Member State of the European Union to which it would be subject. In such a case, WISEPOPS undertakes to inform the User and/or Subscriber of this obligation, unless the right which is the source prohibits it for important reasons of public interest.
User and/or Subscriber, acting as the data controller and being responsible for the content of their Pop-ups and WISP Notifications, hereby declares and warrants being compliant with any applicable data protection law and regulation and in particular with the GDPR and any other laws such as the California Consumer Privacy Act (“CCPA”) as may be applicable from time to time (“Data Protection Law”).
At the time of the execution of the GTU, User and/or Subscriber instructs WISEPOPS to implement the following personal data processing under the following conditions:
Purpose: to provide the services to User and/or Subscriber in accordance with the GTU;
Nature of operations: operations necessary for WISEPOPS to provide the services to User and/or Subscriber;
Duration of the processing: duration of the subscription to the services unless otherwise indicated by User and/or Subscriber;
Categories of data subjects: any visitors of User and/or Subscriber’s websites;
Personal data processed: any data collected by User and/or Subscriber when using the services (such as email address and/or phone number), IP addresses.
If the User and/or Subscriber wishes to modify these instructions, it will inform WISEPOPS in writing. In any cases, WISEPOPS processes the User and/or Subscriber Data as reasonably requested by User and/or Subscriber provided that such instructions are consistent with the terms of this DPA and the Data Protection Law.
User and/or Subscriber may contact WISEPOPS regarding data protection issues by sending an email to the following address: [email protected].
3.2. Records of the data processing
WISEPOPS will maintain a record of all categories of processing activities carried out on behalf of the User and/or Subscriber.
3.3. Confidentiality of the data processing
WISEPOPS ensures that all persons authorized to process User and/or Subscriber Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
3.4. Technical and organizational measures
WISEPOPS will implement and maintain appropriate technical and organizational measures to ensure a level of security appropriate to ensure the security and the confidentiality of User and/or Subscriber Data, as described in the security policy made available to User and/or Subscriber upon written request. WISEPOPS may modify or update this security policy from time to time.
3.5 Assistance
Taking into account the nature of the processing, WISEPOPS will do its best efforts to assist User and/or Subscriber by appropriate technical and organizational measures, insofar as this is possible, for the fulfillment of User and/or Subscriber’s obligation to respond to requests for exercising the data subject’s rights and undertakes to transmit to User and/or Subscriber any request from a data subject regarding the processing of his data and addressed directly to WISEPOPS.
WISEPOPS assists the User and/or Subscriber in ensuring compliance with the obligations related to the security of a data processing, to the notification of a data breach to the supervisory authority, to the communication of data breach to the data subject, to the data protection data assessment and for prior consultation to the supervisory authority.
WISEPOPS will notify the User and/or Subscriber in writing within forty-eight (48) hours after becoming aware of a personal data breach. WISEPOPS will provide User and/or Subscriber with information related to the nature of the personal da{“type”:”block”,”srcClientIds”:[“9d73f389-33d7-46d3-9911-f0898766cc52″],”srcRootClientId”:””}ta breach including where possible, the categories and the approximate number of data subjects concerned and the categories and approximate number of User and/or Subscriber Data records concerned, the likely consequences of the personal data breach and the measures taken or proposed to be taken by the controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects. Where, and in so far as, it is not possible to provide the information at the same time as the notification, the information may be provided in phases without undue further delay.
WISEPOPS makes available to User and/or Subscriber all information necessary to demonstrate compliance with the obligations laid down in this Article. WISEPOPS will contribute to audits, including inspections, conducted by the User and/or Subscriber or another auditor mandated by User and/or Subscriber, at User and/or Subscriber’s costs. WISEPOPS will inform the User and/or Subscriber if, in its opinion, an instruction infringes applicable Data Protection Law.
3.6. Deletion of the personal data
WISEPOPS will delete User and/or Subscriber Data at the end of the provision of the services relating to processing unless applicable Data Protection Law requires the storage of the personal data.
4. Ulterior subprocessing
User and/or Subscriber hereby gives a general authorization to WISEPOPS to engage sub-processors for carrying out specific processing activities on behalf of the User and/or Subscriber in relation to the processing of User and/or Subscriber Data.
At this date, the sub-processors are:
| Identity of the subsequent sub-processor | Head office address | Appropriate safeguards if non-EEA data transfer | Purpose of the sub-processing |
|---|---|---|---|
| Google Ireland Limited | Gordon House, Barrow Street – Dublin 4, Ireland | The transfer of data is governed by the standard contractual clauses of the European Commission: https://cloud.google.com/terms/sccs/eu-p2p | Provision of cloud hosting services |
| Amazon Web Services EMEA SARL | 38 John F. Kennedy Avenue, L-1855, Luxembourg | The transfer of data is governed by the standard contractual clauses of the European Commission: https://d1.awsstatic.com/Processor_to_Processor_SCCs.pdf | Provision of cloud hosting services |
| Cloudflare, Inc. | 101 Townsend St, San Francisco, CA 94107, USA | The transfer of data is governed by the standard contractual clauses of the European Commission as incorporated in their DPA: https://www.cloudflare.com/cloudflare-customer-dpa/ | Content delivery network |
| SingleStore, Inc. | 534 4th Street, San Francisco, CA 94107 | The transfer of data is governed by the standard contractual clauses of the European Commission as incorporated in their DPA: https://www.singlestore.com/assets/contracts/singlestore-dpa.pdf (and additional information in https://www.singlestore.com/eu-uk-privacy-faq/) | Data hosting and processing |
The same data protection obligations as above-mentioned are imposed on that sub-processors by way of a contract or other legal act. Where that sub-processors fail to fulfil their data protection obligations, WISEPOPS will remain fully liable to the User and/or Subscriber for the performance of other sub-processors’ obligations.
The User and/or Subscriber will be informed of any change, addition, or replacement of sub-processors by subscribing to the change alert. User and/or Subscriber may object to such changes and terminate this agreement by sending a written notice within fourteen days of such notice. The User’s and/or Subscriber’s objection shall be based on reasonable grounds.
If you would like to receive an email when we make updates to the Sub-Processors List, click here.
5. General Provisions
5.1. Severability
If one or several provisions of the DPA are deemed to be invalid or are declared as such under any law or regulation or following a definitive decision by a competent court, the other stipulations shall retain their full force and scope.
5.2. Liability
WISEPOPS’ liability that may arise from this DPA shall be limited in accordance with the provisions of the GTU.
5.3. Governing law and jurisdiction
This DPA is governed by French law. Any interpretation and/or dispute which may result from the DPA as well as any disputes between WISEPOPS and a User and/or Subscriber relating to the processing of User and/or Subscriber personal data are the exclusive jurisdiction of the competent courts located in Paris