Solutions
PR Distribution & Placement
PR Distribution & Placement
PR Distribution & Placement
PR Newswire shares your story to the industry’s largest, most-sourced news distribution network. It amplifies your story by ensuring publication, multiplying social shares, and driving higher engagement.
Speak to an Expert Learn More
Megamenu PR Banner
2023 State of the Media Report
Distribution By PR Newswire
Distribution By PR Newswire
Only PR Newswire can get your news to 200,000+ newsrooms and direct feeds— 180,000+ journalist and influencer inboxes and 9,000+ web sites and digital media outlets. Trusted media pros count on us.
Speak to an Expert Learn More
Megamenu PR Banner
Rethinking the Press Release: Innovations for a New Era of Earned Media
Guaranteed Paid Placement
Guaranteed Paid Placement
Cision’s Guaranteed Paid Placement converts the content of your press release into a digital media asset that can be simultaneously placed on major media outlets. Reach your audience on their favorite sites.
Speak to an Expert Learn More
Megamenu PR Banner
Rethinking the Press Release: Innovations for a New Era of Earned Media
Content Production & Multimedia
Content Production & Multimedia
Our content services bring your messaging to life and deliver it to audiences across multiple platforms. We offer full-service solutions, from video production to events to digital and social solutions.
Speak to an Expert Learn More
Megamenu Content Production & Multimedia Banner
5 Benefits of Sharing Your Story Through Guaranteed Paid Placement
Media Relationship Management
Media Relationship Management
Cision combines the industry's largest media database with robust relationship management. You get carefully researched, fully vetted and pitchable journalists, outlets, and influencers at your fingertips.
Speak to an Expert Learn More
Megamenu Media Relationship Management Banner
2023 State of the Media Report
Media Monitoring
Media Monitoring
Media Monitoring
Cision Media Monitoring enables you to identify trends, understand the impact of your strategies, and make informed decisions about the actions to take for your messages to resonate.
Speak to an Expert Learn More
Megamenu Media Monitoring Banner
A Step-by-Step Guide to Monitoring and Measuring the Impact of PR
Social Monitoring
Social Monitoring
Cision Social Listening gives you social media analytics that cut through the noise, with the AI and reporting tools you need to fully understand your online presence.
Speak to an Expert Learn More
Megamenu Media Monitoring Banner
A Step-by-Step Guide to Monitoring and Measuring the Impact of PR
Broadcast Monitoring
Broadcast Monitoring
Cision offers 24/7 monitoring of 2,700+ domestic and international TV and radio stations and 35,000+ podcasts. Gain insights into your coverage as it plays out over the airwaves.
Speak to an Expert Learn More
Megamenu Media Monitoring Banner
A Step-by-Step Guide to Monitoring and Measuring the Impact of PR
Print Monitoring
Print Monitoring
Cision offers the industry’s most comprehensive global monitoring of print media and paywalled content. You'll be able to stay on top of critical mentions and trending topics in influential publications.
Speak to an Expert Learn More
Megamenu Media Monitoring Banner
A Step-by-Step Guide to Monitoring and Measuring the Impact of PR
Media Analytics & Measurement
Media Analytics & Measurement
Media Analytics & Measurement
Cision gives you unprecedented power to see, understand, and manage your brand story, brand reputation and communication campaigns using a single, trusted source of reliable metrics and KPIs.
Speak to an Expert Learn More
Megamenu Media Analytics & Measurement Banner
The Best Advice from Keeping the Seat You’ve Earned
Brand Measurement & Analytics
Brand Measurement & Analytics
Cision provides advanced brand measurement and PR analytics that give you insight into your earned media performance. You’ll know who is reading your coverage and which actions were taken on your website.
Speak to an Expert Learn More
Megamenu Brand Measurement & Analytics Banner
The Best Advice from Keeping the Seat You’ve Earned
Media Insights Services
Media Insights Services
Media Insights Services
Top brands trust Cision’s Insights team for custom media analysis, communications intelligence, comprehensive reporting, and executive briefings that enable data-driven decision-making at global scale.
Speak to an Expert Learn More
Megamenu Media Insights Services Banner
What Is Influencer Marketing? Definitions and Benefits
Curation & Briefings
Curation & Briefings
Executive and senior leadership at top global brands in virtually every industry rely on Cision daily news briefings—up to the minute industry news that helps them make smarter, faster business decisions.
Speak to an Expert Learn More
Megamenu Curation & Briefings Banner
What Is Influencer Marketing? Definitions and Benefits
Analysis Reporting & Consulting
Analysis Reporting & Consulting
Cision’s Insights team combines AI-powered media measurement and analytics technologies with global media monitoring and social listening to unlock comms opportunities and enhance brand reputation.
Speak to an Expert Learn More
Megamenu Curation & Briefings Banner
What Is Influencer Marketing? Definitions and Benefits
Investor Relations Tools
Investor Relations Tools
Cision offers an integrated set of tools and services to help streamline your IR workflows, minimize non-compliance risk, maximize the efficacy of your communications, and cultivate investor confidence.
Speak to an Expert Learn More
Megamenu Investor Relations Tools Banner
Fewer Journalists, Bigger Goals and Social Distance…OH MY!
Use Cases
PR & Corporate Communications
PR & Corporate Communications
Distribute and amplify news with the unmatched reach of PR Newswire. Engage with the world’s largest media database. Monitor and analyze results and deliver proven impact to the business.
Speak to an Expert Learn More
Megamenu PR Banner
2023 State of the Media Report
Brand Reputation & Crisis Communications
Brand Reputation & Crisis Communications
Cision is the only provider with a full suite of tools to help you understand and protect your brand reputation and grow brand equity. Ensure high impact coverage and respond quickly during a crisis.
Speak to an Expert Learn More
Megamenu Brand Reputation & Crisis Communications Banner
Crisis Communications Toolkit
Campaign & Event Reporting
Campaign & Event Reporting
Cision tracks and measures your KPIs, aggregating data to accurately report campaign and event performance so you can demonstrate the impact and value of your multi-channel comms activities.
Speak to an Expert Learn More
Megamenu Media Insights Services Banner
St. Baldrick's Foundation Manages 100s of Events and Outreach
Social Media Listening
Social Media Listening
Cision Social Listening offers 24/7 monitoring with real-time, AI-driven analysis of the world's largest database of online conversations so you can build stronger campaigns and make smarter decisions.
Speak to an Expert Learn More
Megamenu Media Monitoring Banner
A Step-by-Step Guide to Monitoring and Measuring the Impact of PR
Investor & Analyst Relations
Investor & Analyst Relations
Cision’s integrated suite includes the leading global newswire distribution, 24/7 support from IR experts, compliant single-click SEC filing, customizable IR and ESG microsites, and teleconferencing.
Speak to an Expert Learn More
Megamenu Investor Relations Tools Banner
Fewer Journalists, Bigger Goals and Social Distance…OH MY!
Regulatory Compliance
Regulatory Compliance
Cision offers a comprehensive solution for financial regulatory compliance, including single-click EDGAR filing, targeted distribution of your financial news, and investor and ESG microsite solutions.
Speak to an Expert Learn More
Megamenu Investor Relations Tools Banner
Fewer Journalists, Bigger Goals and Social Distance…OH MY!
Digital Online Newsroom, IR and ESG Website
Digital Online Newsroom, IR and ESG Website
Cision has the communications expertise and technical capability to design, build and host your newsroom, IR and ESG microsite. And with PR Newswire, you can automatically post to your website.
Speak to an Expert Learn More
Megamenu Content Production & Multimedia Banner
5 Benefits of Sharing Your Story Through Guaranteed Paid Placement
Digital Content Amplification
Digital Content Amplification
Cision is the standard for organizations who want to reach and persuade a broader audience with every piece of content, and to measure and prove the financial impact of their content creation efforts.
Speak to an Expert Learn More
Megamenu Media Monitoring Banner
What Is Influencer Marketing? Definitions and Benefits
Resources
About Us
  • About Cision
  • Cision Press Releases
  • Cision’s Earned Media
  • Media Kit
  • Global Leadership
  • Cision Values
  • Diversity & Inclusion
Careers
Contact & Support
Customer Login
  • Cision Communications Cloud
  • Cision Next Gen
  • Cision PR Edition
  • Government Relations
  • PR Newswire
  • PRWeb
  • Gorkana Analysis
Request Pricing Speak To An Expert
  • APAC (Eng)
  • Canada (Eng)
  • Canada (Fr)
  • Denmark
  • Finland
  • France
  • Germany
  • Italy
  • The Netherlands
  • Norway
  • Portugal
  • Spain
  • Sweden
  • United Kingdom
Solutions Use Cases Resources About Us Careers Contact & Support Customer Login
Solutions
PR Distribution & Placement Distribution By PR Newswire Guaranteed Paid Placement
Media Monitoring Social Monitoring Broadcast Monitoring Print Monitoring
Media Analytics & Measurement Brand Measurement & Analytics
Media Insights Services Curation & Briefings Analysis Reporting & Consulting
Content Production & Multimedia Media Relationship Management Investor Relations Tools
Use Cases
PR & Corporate Communications Brand Reputation & Crisis Communications Campaign & Event Reporting Social Media Listening Investor & Analyst Relations Regulatory Compliance Digital Online Newsroom, IR and ESG Website Digital Content Amplification
Resources
About Us
About Cision Cision Press Releases Cision Earned Media Media Kit Global Leadership Cision Values Diversity & Inclusion
Careers
Contact & Support
Customer Login
Cision Communications Cloud Cision Next Gen Cision PR Edition Government Relations PR Newswire PRWeb Gorkana Analysis
Request Pricing Speak to an Expert

Customer Data Processing Agreement

German

French

Swedish

Portuguese

Spanish

Mandarin

 

PDF Download

 

Data Processing Addendum

This Data Processing Addendum ("DPA") forms part of the MSA entered into between the parties identified on the Order as "Supplier" and "Customer".  Capitalized terms used herein shall have the meaning ascribed in the MSA, unless otherwise defined in this DPA. 

1.      Definitions

a.      "Agreement" means the master subscription or services agreement entered into between the parties.

b.      "Applicable Privacy Laws" means all laws regulating the collection, use, disclosure and/or free movement of Personal Data that applies to a party, as and when effective, including without limitation: (i) CCPA (as defined below), as well as the California Privacy Rights Act and the regulations promulgated pursuant thereto (“CPRA”) (ii) Canada’s Personal Information Protection and Electronic Documents Act, and similar provincial implementations, (“PIPEDA”) and any applicable and substantially similar provincial legislation; (iii) the European Union’s (“EU”) General Data Protection Regulation (EU) 2016/679 and any Member State implementing legislation (“GDPR”); (iv) the Privacy and Electronic Communications Directive 2002/58/EC (as amended by Directive 2009/136/E) in the applicable EU Member State; (v) the Asia-Pacific (“APAC”) intraregional frameworks, in particular the Asia-Pacific Economic Cooperation Cross Border Privacy Rules; (vi) the UK GDPR (as defined below); (vii) the SFDPA (as defined below); (viii) the Brazil LGPD; (ix) the China Personal Information Protection Law (“PIPL”); (x) the Virginia Consumer Data Protection Act; (xi) the Colorado Privacy Act; (xii) the Connecticut Act Concerning Personal Data Privacy and Online Monitoring; (xiii) the Utah Consumer Privacy Act and (xiv) substantially similar privacy or data protection laws applicable to a party, each as may be amended or replaced from time to time.

c.      “C2C SCCs” means Module 1 of the SCCs.

d.      “C2P SCCs” means Module 2 of the SCCs.

e.      “CCPA” means the California Consumer Privacy Act of 2018, Cal. Civ. Code §1798.100 et. seq., and its implementing regulations. 

f.       “Contractor” has the meaning given in the CPRA.

g.      "Customer Data" means data that Customer makes available to Supplier for the purpose of Supplier Processing that data on Customer’s behalf.

h.      "Customer Personal Data" means any Personal Data included in Customer Data.

i.       “EEA” means the European Economic Area.

j.       "GDPR" means General Data Protection Regulation ((EU) 2016/679).

k.      “Order” means an ordering document that sets out the products or services that Supplier is to provide to Customer.

l.       "Restricted Transfer" means a transfer of Personal Data from the EEA, UK, Switzerland or any other country where such transfer would, in the absence of SCCs, be prohibited by Applicable Privacy Laws. 

m.    "Security Controls" means the technical and organisational measures as specified in the Agreement or if not so specified then the measures described at https://gdpr.cision.com/technicalorgmeasures.

n.      "SCCs"  means the Standard Contractual Clauses forming part of this DPA pursuant to the European Commission Implementing Decision (EU) 2021/914 of 04 June 2021 for the transfer of Personal Data to Controllers and/or processors established in third countries under the GDPR, found at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en and where applicable, as modified by the UK addendum, and such updated or replacement clauses as the European Commission may approve from time to time or the most recent version of any contractual clauses governing international Personal Data transfers issued by any country for any relevant transfers under the Agreement.  

o.      “SFDPA” means the Swiss Federal Data Protection Act.

p.      “Sub-Processor” means a third party that Supplier engages to Process any Personal Data that Supplier Processes under this DPA, as a Processor on Supplier’s behalf.

q.      "Supplier Data" means any data in Supplier’s databases that Supplier uses in providing Services, excluding Customer Data. This definition of Supplier Data is intended to include similarly defined terms in the Agreement such as “Company Data”, “Cision Data”, or “Brandwatch Data”.

r.       “Supplier Personal Data" means any Personal Data included in Supplier Data.

s.      “UK Addendum” means the addendum to the SCCs covering the transfer of Personal Data from the UK to third countries as approved by the UK Information Commissioner, found at https://ico.org.uk/media/for-organisations/documents/4019539/international-data-transfer-addendum.pdf

t.       “UK GDPR” means the GDPR as it forms part of United Kingdom law pursuant to Section 3 of the European Union (Withdrawal) Act 2018.

u.      The terms "Controller", "Processor", "Personal Data", "Processing", "Special Categories of Data" and "Data Subject" have the meanings given to them in the GDPR or UK GDPR.

v.      For clarity, this DPA covers any Processing that takes place pursuant to the CCPA and the CPRA. Therefore, the following references in the CCPA and the CPRA have the following meanings in this DPA:

  1.  
    1.  
      1. “Business” means  “Controller”
      2. “Service Provider” means “Processor”
      3. “Third Party” means “Sub-Processor”
      4. “Personal Information” means “Personal Data”
      5. “Consumer” means “Data Subject”

2.      General

a.      Controller Data: Supplier and Customer are independent Controllers of Supplier Personal Data and each process this data as a Controller. Where Customer receives, or is provided access to, Supplier Personal Data from or by Supplier, Section 3 applies.

b.      Processor Data: Customer is the Controller and Supplier is the Processor of Customer Personal Data.  Where Supplier processes Customer Personal Data on behalf of Customer, Section 4 applies.

c.      Each party will comply with Applicable Privacy Laws when Processing Personal Data under the Agreement. 

d.      If there is a conflict between this DPA and the Agreement, this DPA prevails.

e.      Both parties will implement and maintain appropriate technical and organisational measures to ensure the security of Personal Data including to protect against unauthorised or unlawful loss, destruction, alteration, unauthorised disclosure or access to Personal Data. 

f.       Both parties will take reasonable steps to ensure that the personnel that it authorises to Process Personal Data have committed themselves to appropriate obligations of confidentiality and that access to Personal Data is limited to those individuals who need to have access for the purposes of the Agreement.

g.      Amendments: Supplier may, at any time on not less than 30 days’ notice, revise this DPA so as to incorporate any mandatory SCCs or other terms that are required by any competent data protection authority in the EU, Switzerland or the UK. The parties agree to adopt any necessary replacement or supplemental SCCs as the EC and/or the UK ICO or other applicable countries may adopt from time to time.   If Customer does not execute such clauses on request by Supplier, Supplier will be entitled to give not less than 30 days' prior written notice to terminate the Agreement.


3.      Supplier Data (Controller to Controller relationship)

a.      Processing for purposes of the Agreement: Each party will process Supplier Personal Data for the purposes of exercising their rights and obligations under the Agreement.  Details of the categories of Supplier Personal Data, the purpose of Processing by Supplier and the duration of the Processing are set out in Annex 1, Part 1

b.      International Data Transfers:

i)       If there is a Restricted Transfer from the EEA the parties will be bound by the C2C SCCs, which are incorporated into this Addendum subject to Clause 5.

ii)      If there is a Restricted Transfer from the UK, the parties will be bound by the UK Addendum in addition to the C2C SCCs, and the C2C SCCs (subject to Clause 5) and the UK Addendum (subject to Clause 6) are both incorporated into this DPA in those circumstances.

iii)    If there is a Restricted Transfer from Switzerland, the parties will be bound by the C2C SCCs, subject to Clause 5 and as amended by Clause 7, and the C2C SCCs are incorporated into this DPA in those circumstances and on that basis.

iv)    If there is a Restricted Transfer from any other country, the parties will be bound by the C2C SCCs, which are incorporated into this DPA subject to Clause 5 in those circumstances.

c.      Data breach: each party will notify the other without undue delay on becoming aware of a Personal Data breach involving Supplier Personal Data or upon receipt of a request or complaint from a Data Subject involving Supplier Personal Data.

4.    Customer Data: Controller to Processor relationship

a.      Written instructions: Supplier will process Customer Personal Data only on Customer’s written instructions, as set out in this DPA. Supplier will not sell or share Customer Personal Data nor combine it with Personal Data from other sources nor retain, use or disclose Customer Personal Data outside of the direct business relationship with Customer.  Where Applicable Privacy Laws state otherwise, Supplier will inform Customer of the legal requirement before Processing, unless that law prohibits this information on important grounds of public interest. Details of the categories of Customer Personal Data, the purpose of Processing by Supplier and the duration of the Processing are set out in Annex 1, Part II.

b.      Lawful use and instruction: Customer will ensure that its use of the Services and its instructions regarding the Processing of any Personal Data pursuant to this DPA will comply with all Applicable Privacy Laws, and that Supplier’s Processing in accordance with the Customer’s instructions will not cause Supplier to be in breach of any Applicable Privacy Laws. Supplier will inform the Customer if, in Supplier’s opinion, the Customer's instructions infringe Applicable Laws or if it cannot meet its obligations under any Applicable Privacy Laws.

c.      Special Categories of data: Customer will notify Supplier if any special categories of data are included within Customer Personal Data.  Supplier may refuse to process such data or impose any restrictions as are necessary, at the Customer's expense, to enable Supplier to comply with its legal and contractual obligations.

d.      International Data Transfers:

i)       If there is a transfer from Customer (as Controller) in the EEA to Supplier (as processor) in any third country, the parties agree to be bound by the C2P SCCs, which are incorporated into this DPA subject to Clause 5.

ii)      If there is a Restricted Transfer from the UK, the parties will be bound by the UK Addendum in addition to the C2P SCCs, and the C2P SCCs (subject to Clause 5) and the UK Addendum (subject to Clause 6) are both incorporated into this DPA in those circumstances

iii)    If there is a Restricted Transfer from Switzerland, the parties will be bound by the C2P SCCs, subject to Clause 5 and as amended by Clause 7, and the C2P SCCs are incorporated into this DPA in those circumstances and on that basis.

iv)    If there is a Restricted Transfer from any other country, the parties will be bound by the C2P SCCs, which are incorporated into this DPA subject to Clause 5.

  v)   Where Supplier appoints any Sub-Processor in accordance with Clause 4.g and such                    appointment involves a Restricted Transfer, Supplier may rely on SCCs to legitimise                              the transfer of Customer Personal Data. 

e.      Records of Compliance: Supplier will maintain complete and accurate records and information to demonstrate its compliance with this Addendum.

f.       Audit: Supplier will support audits to monitor compliance that Customer conducts (either itself or via an external auditor), at Customer’s cost and expense. Any audit conducted pursuant to this DPA is subject to the following conditions:

i)       Customer will provide at least 60 days advance written notice of any audit.

ii)      any audit may only be conducted during Supplier’s normal business hours.

iii)    Customer will conduct the audit so as to cause minimal disruption to Supplier’s normal business operations.

iv)    any third-party auditor will enter into direct confidentiality obligations with Supplier which are reasonably acceptable to Supplier.

v)      any audit will be limited only to Supplier’s Processing activities as a Processor, and to such information that is reasonably necessary for Customer to assess Supplier’s compliance with the terms of this DPA.

vi)    as part of any audit, Customer (or its external auditor) will not have access to Supplier’s Confidential Information.

vii)   Customer will reimburse Supplier’s reasonable and demonstrable costs and expenses associated with any audit.

viii) Customer agrees to accept a Supplier-supplied audit report in lieu of conducting its own audit:

1.      if the scope of the requested audit has been addressed in an audit carried out by a recognised independent third party auditor within twelve (12) months of the Customer's request and the Supplier provides written confirmation that there have been no material changes in the controls and systems to be audited or

2.      if it is intended that such an audit will be conducted within six months of the request and the Supplier provides the report of such to the Customer on completion.

g.      Sub-processors: Customer authorises Supplier to appoint Sub-Processors in connection with the provision of the Services.  A list of Supplier’s current Sub-Processors is available at https://gdpr.cision.com/Sub-Processors.

i)       Supplier will inform the Customer of any intended changes concerning the addition to or replacement of any permitted Sub-Processor with a new Sub-Process or at least 30 days in advance and give the Customer the opportunity to object to such changes. Any Sub-Processor Supplier engages will be subject to materially equivalent terms regarding data protection as are imposed on Supplier pursuant to this DPA.

ii)      Where any Sub-Processor fails to fulfil its obligations regarding data protection, Supplier will remain liable for the performance of the Sub-Processor’s obligations, subject to the exclusions and limitations of liability under the Agreement.

iii)    Where any Contractor has access to Customer Personal Data, it will only do so under a written contract and hereby certifies that it understands and is compliant with Applicable Privacy Laws.

h.      Data breach: If there is a Personal Data breach in relation to Customer Personal Data:

i)       Supplier will cooperate in good faith with the Customer to enable Customer to comply with its obligations under Applicable Privacy Laws.   

ii)      Supplier will notify Customer within 36 hours after becoming aware of a Personal Data breach (as defined in the Applicable Privacy Laws).

iii)    Supplier will assist the Customer in complying with any obligation to notify a supervisory authority of any data breach.

i.       Assistance: Taking into account the nature of the Processing and the information available, Supplier will provide reasonable and appropriate assistance to the Customer (subject to payment of Supplier’s reasonable and demonstrable costs and expenses), where possible, in relation to (i) the Customer’s fulfilment of the Customer’s obligations to respond to requests relating to the exercise of individuals’ rights under the Applicable Privacy Laws where Supplier Processes such individuals’ Personal Data pursuant to this DPA; and (ii) the Customer’s obligations under Articles 32 to 36 of the GDPR and/or the UK GDPR (as applicable).

j.       Termination:

i)       If Supplier is in breach of any of its obligations under this DPA, Customer may instruct Supplier to temporarily suspend the Processing of Customer Personal Data pending the remedy of such breach and may instruct Supplier to terminate the Processing of Customer Personal Data if such breach is not remedied.

ii)      Following the termination of this DPA, Supplier will delete Customer Personal Data unless required to retain the Customer Personal Data by Applicable Privacy Laws in the EU, EU Member States or (if applicable to the Processing) the UK or Switzerland.

5.      SCCs

a.      Where either the C2C SCCs or C2P SCCs are incorporated into this DPA under Clauses 3.b. or 4.d.:

i)       they will come into effect upon the commencement of the relevant Restricted Transfer;

ii)      any clauses which are entirely optional are not included;

iii)    for the purposes of Clause 13 the first option is included;

iv)    for the purposes of Clauses 17 and 18, the Member State for purposes of governing law and jurisdiction is the Member State in which the Customer is established. If the Customer is not established in a Member State, the specified Member State shall be Ireland;

v)      for the purposes of Annex 1.A of the SCCs, the ‘data importer’ and the ‘data exporter’ are set out in Part 1 or Part 2 (as applicable) of Annex 2 of this DPA;

vi)    for the purposes of Annex 1.B of the SCCs, the description of the transfer is set out in Part 1 or Part 2 (as applicable) of Annex 2 of this DPA

vii)   for the purposes of Annex 1.C of the SCCs the competent supervisory authority shall be the supervisory authority competent in the country in which the Customer is established; and

viii) for the purposes of Annex 2 of the SCCs, the technical and organisational measures are the Security Controls.

b.      Where the C2P SCCs are incorporated into this DPA under Clause 4.d.:

i)       Option 2 (“General written authorisation”) of Clause 9 is  selected;

ii)      the time period for the addition or replacement of Sub-Processors shall be as described in Clause 4.g.1 of this DPA; 

6.      UK Addendum

Where the UK Addendum is incorporated into this DPA under either Clauses 3.b. or 4.d.:

a.      It will come into effect upon the commencement of the relevant Restricted Transfer;

b.      for the purposes of Table 1, the Start Date shall be the commencement of the relevant Restricted Transfer, the Parties’ details and the Key Contact are set out in Annex 2 of this DPA and the parties clause of the Agreement;

c.      no signature is required for the purposes of Table 1;

d.      the first option is selected in Table 2, the Approved EU SCCS are defined in Clause 1 of this DPA and the SCCs will start on the commencement of the relevant Restricted Transfer;

e.      the Appendix Information in Table 3 is set out in Annex 1 and 2 to this DPA; and

f.       the first two options (“Importer” and “Exporter”) are selected in Table 4.

7.      Restricted Transfers from Switzerland

Where the C2C or C2P SCCs are incorporated into this DPA under Clauses 3.b. or 4.d., and there is a Restricted Transfer from Switzerland, the C2C SCCs or C2P SCCs (as applicable) shall be amended to comply with Swiss data protection laws, including without limitation the following amendments:

a)       any reference to the "Regulation (EU) 2016/679" or “that Regulation” are replaced by the SFDPA and references to specific Article(s) of “Regulation (EU) 2016/679” are replaced with the equivalent Article or Section of the SFDPA;

b)     all definitions in the SCCs shall be interpreted in accordance with the SFDPA;

c)      references to Regulation (EU) 2018/1725 are removed;

d)     references to the “Union”, “EU”, and “EU Member State” are all replaced with the “Switzerland”;

e)     Clause 13(a) and Part C of Annex II are not used;

f)       the “competent supervisory authority” is the Federal Data Protection and Information Commissioner;

g)      Clause 17 is replaced to state “These Clauses are governed by the laws of Switzerland”; and

h)     Clause 18 is replaced to state “Any dispute arising from these Clauses shall be resolved by the courts of Switzerland. A Data Subject may also bring legal proceedings against the data exporter and/or data importer before the courts of Switzerland. The Parties agree to submit themselves to the jurisdiction of such courts.”.

8.      Miscellaneous

a.      Liability: Each party’s liability under this DPA is subject to the limitations and exclusions of liability set out in the Agreement.  

b.      Governing law: The governing law of the Agreement applies to this DPA, except that the  SCCs are governed by the law specified in Clause 5.a.iv).

Annex 1 - Processing Information

Processing, Personal Data, and Data Subjects

Part 1: Supplier Personal Data (Supplier as Data Controller)

Nature and Purpose of Processing

Customer may process Supplier Data as necessary to receive the Services and comply with its obligations under the Agreement.

Duration of the Processing

Customer may process Supplier Data for the duration of the Agreement, unless otherwise agreed by the parties. 

Types of Personal Data

May include: Name, title, position, email address, business phone number, mobile phone number, employer, social media handles, Information that has been made public by Data Subjects themselves, such as identification data (e.g., name, username, social media handle, geographic location) and media (e.g., images, audio and videos). 

Categories of Data Subject

Individual media contacts including journalists and other media 'influencers' and Individuals publishing information publicly on the Internet, including social media users, bloggers and web content writers.

For French institutional Database: Contacts such as political and elected representatives, contacts within public administrations, personalities from the associative world, financial analysts, shareholders and advisors.

Part 2: Customer Personal Data (Supplier as Data Processor)

Nature and Purpose of Processing

Supplier may process Customer Personal Data as necessary to perform the Services and comply with its obligations under the Agreement. 

Duration of the Processing

Supplier may process Customer Data for the duration of the Agreement, unless otherwise agreed by the parties. 

Types of Personal Data

May include: Name, title, position, employer, email address, business phone number, mobile phone number, social media handles, professional life data (which may include data related to historical employment history, data related to skills, awards, or interests, or other data relating to professional life), Personal life data, which may include data about interests, likes, dislikes, or other data relating to personal life), location data and media (e.g., images, audio and videos) and influencer payment information. 

Categories of Data Subject

Customer’s own prospects, clients, partners, or vendors; Individual media or government affiliated contacts (including personnel of public administrations and personalities from the associative world) provided by Customer; Employees or contact persons of the Customer.

 

Annex 2 - Transfer Information

Part 1 – Supplier Personal Data

 

The Data Exporter

Supplier or any other Supplier Affiliate which exports data under the Agreement

The Data Importer

Customer

Data Subjects

the Data Subjects are those individuals whose Personal Data is contained in the Supplier Personal Data that Customer Processes as part of receiving the Services.

Purposes of the Transfer

the purpose of the transfer is to permit the Customer to process the Supplier Personal Data in accordance with the Agreement.

Categories of Data

the categories of Personal Data are set out in Annex 1, Part I to this DPA

Recipients

the recipients of the Personal Data are as specified in the Agreement, which usually includes the Customer’s employees, contractors, consultants, and customers.

Special Categories of Data

the Special Categories of Personal Data are set out in Annex 1, Part I to this DPA (note: Special Categories are not collected intentionally)

Applicable law

the law of the country in which the data exporter is established.

Technical Measures of the Company (Appendix 2)

technical and organisational measures as specified in the Agreement or if not so specified then the measures described at https://gdpr.cision.com/technicalorgmeasures.

Supplier Contact Point for Data Protection Inquires

privacy@cision.com

Customer Contact Point for Data Protection Inquires

as specified in the Agreement.

 

Part 2 – Customer Personal Data

The Data Exporter

Customer 

The Data Importer

Supplier or any other Supplier Affiliate which imports data under the Agreement

Data Subjects

the categories of Data Subjects are set out in Annex 1, Part II of this DPA. The Customer as the data exporter controls the type and extent of the Personal Data that Supplier processes.

Purposes of the Transfer

to permit Supplier to process the Customer Personal Data in accordance with the Agreement

Categories of Data

the categories of Personal Data are set out in Annex 1, Part II to this DPA). as the Customer acknowledges that as Controller and exporter the Customer controls the type and extent of the Personal Data that may be transferred to Supplier as a Processor.

Recipients

the recipients of the Personal Data are as specified in the Agreement, which usually includes Supplier and any other Supplier affiliates and any Supplier sub-processors.

Special Categories of Data

the Data Exporter may submit Special Categories of Personal Data to Supplier, the extent of which the data exporter controls and determines in its sole discretion. Any Special Categories of Personal Data are set out in Annex 1, Part II to this DPA.

Applicable law

the law of the country in which the data exporter is established. 

Technical Measures of Supplier

technical and organisational measures as specified in the Agreement or if not so specified then the measures described at https://gdpr.cision.com/technicalorgmeasures.

Supplier Contact Point for Data Protection Inquires

privacy@cision.com

Customer Contact Point for Data Protection Inquires

as specified in the Agreement

 


Request Pricing Speak To An Expert

Privacy Concerns: privacy@cision.com
Accessibility Statement Legal Cision ID Opt Out Privacy Policy Cookie Settings

Copyright © 2023 Cision US Inc.
Footer Background