SERVICE PROVIDER DATA PROCESSING ADDENDUM
This Data Protection Addendum (this “DPA”) is entered into between Callidus Software Inc., located at 4140 Dublin Blvd #400, Dublin, CA 94568, USA (“Callidus”), and Service Provider (defined below). This DPA is effective on the date the parties sign the applicable Agreement.
- The parties have entered into one or more agreements for the provision of services by Service Provider to Callidus (“Agreement“)
- In connection with the Services, the parties anticipate that Service Provider, may from time to time process certain personal data in respect of which (as defined below) Callidus may be a data controller under the Data Protection Legislation (as defined below).
- The Service Provider and Callidus have agreed to this DPA in order to ensure that adequate safeguards are put in place with respect to the protection of such personal data as required by the Data Protection Legislation.
“Adequate Country” means a country or territory that is recognised under Data Protection Legislation from time to time as providing adequate protection for personal data.
“Service Provider” means the provider of Services to Callidus that is identified on, and is a party to, the Agreement.
“Data Protection Legislation” means all privacy laws and regulations applicable to any Personal Data processed under or in connection with this Agreement, including without limitation, the Data Protection Directive 95/46/EC (as the same may be superseded by the GDPR, the Privacy and Electronic Communications Directive 2002/58/EC and all national legislation implementing or supplementing the foregoing.
“GDPR” means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
“Personal Data” means all data which is defined as ‘Personal Data’ in the Data Protection Legislation and that is provided directly or indirectly by Callidus to Service Provider, or accessed, stored or otherwise processed by Service Provider or its subprocessors (as applicable) for the purposes of delivering the Services to Callidus.
“Processing”, “Data Controller”, Data Processor “, “Data Subject” and “Supervisory Authority” shall have the meanings ascribed to them in the Data Protection Legislation.
“Services” means the Services provided by Service Provider to Callidus according to the Agreement.
“Standard Contractual Clauses / SCC” means the Standard Contractual Clauses document attached as Attachment 1.