This Data Processing Addendum ("DPA") forms part of the Master Subscription Agreement or other agreement for services ("Agreement") between Score Infinity, LLC ("Score Infinity") and the entity identified as the customer in the Agreement ("Customer"). This DPA describes the parties' obligations with respect to the processing of Personal Data under applicable Data Protection Laws.
1. Definitions
"Data Protection Laws" means all applicable privacy and data protection laws, including the GDPR and the CCPA/CPRA. "Personal Data" means any information relating to an identified or identifiable natural person processed by Score Infinity on behalf of Customer in the course of providing Services.
2. Roles and Scope
For the purposes of Data Protection Laws, Customer is the Controller and Score Infinity is the Processor in respect of Customer Data processed under the Agreement. This DPA applies to Customer Data processed by Score Infinity in connection with the Services.
3. Processing of Personal Data
Score Infinity shall process Personal Data only for the purposes described in the Agreement and this DPA, and in accordance with Customer's documented instructions.
4. Security
Score Infinity shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, which may include:
- Access controls and role-based privileges;
- Encryption of data in transit (TLS) and at rest where practicable;
- Network and application monitoring, logging and alerting;
- Regular vulnerability scanning and patch management;
- Incident response planning and testing.
5. Subprocessors
Customer agrees that Score Infinity may engage subprocessors to provide the Services. Score Infinity maintains a list of subprocessors (including HubSpot) and will notify Customer of any material changes. Score Infinity remains liable for the acts and omissions of its subprocessors to the extent required by Data Protection Laws.
6. Data Subject Rights
Taking into account the nature of the processing, Score Infinity shall assist Customer by appropriate technical and organizational measures for the fulfillment of Customer's obligation to respond to requests for exercising Data Subject rights (e.g., access, rectification, erasure, objection, portability).
7. Personal Data Breach
Score Infinity shall notify Customer without undue delay upon becoming aware of a Personal Data Breach affecting Customer Data. Score Infinity will provide reasonably available information to enable Customer to meet any legal obligations to notify supervisory authorities and affected data subjects.
8. Return and Deletion of Personal Data
Upon termination or expiration of the Agreement, Score Infinity shall, at Customer's choice, delete or return all Personal Data processed on behalf of Customer, unless applicable law requires continued storage.
9. International Transfers
Where transfers of Personal Data outside the EEA are required, Score Infinity will implement appropriate safeguards, such as Standard Contractual Clauses or other mechanisms recognized by Data Protection Authorities.
10. Audit Rights
Customer may exercise audit rights as set out in the Agreement. Score Infinity will cooperate with reasonable audits and provide information necessary to demonstrate compliance with this DPA.
11. Governing Law
This DPA shall be governed by the laws of the State of Maryland, USA, unless the Agreement specifies otherwise.
Questions: [email protected]