Data Protection Addendum

Version 2.1.  Last updated 1st October 2020.
View changelog

Our Data Protection Addendum is an agreement that sets out the legal framework under which OnceHub processes personal data.  The Data Protection Addendum is an addendum to, and forms part of our Master Services Agreement.

  1. Introduction
    1. This Data Protection Addendum (the “Addendum“) forms part of the Master Services Agreement (the “MSA”) between OnceHub and you the Customer to reflect the parties’ agreement with regards to the Processing of Personal Data.
    2. By signing the MSA, Customer enters into this Addendum on behalf of itself and, if applicable, it’s Authorized Affiliates to the extent that, OnceHub processes Personal Data on behalf of Customer or Authorized Affiliates. For the purposes of this Addendum only, and except where indicated otherwise, the term “Customer” shall include Customer and Authorized Affiliates.
    3. This Addendum is entered into and becomes a binding part of the MSA with effect from the date the MSA, or an agreement into which this Addendum is incorporated by reference, was entered into.
  2. Definitions
    1. Capitalized terms have the definitions as set forth below or inline in this Agreement.
      1. Affiliate” means an entity that owns or controls, is owned or controlled by or is or under common control or ownership with the subject entity, where control is defined as the possession, directly or indirectly, of the power to direct or cause the direction of the management and policies of an entity, whether through ownership of voting securities, by contract or otherwise.
      2. Application Data” means all data, including text, sound or image files that are provided to OnceHub by, or on behalf of, Customer through Customer’s use of the Services, including Personal Data, but excluding Usage Data.
      3. Authorized Affiliate” means any of Customer’s Affiliate(s) which is permitted to use the Services pursuant to the Agreement between Customer and OnceHub, but has not signed its own Order Form with OnceHub.
      4. CCPA” means the California Consumer Privacy Act, Cal. Civ. Code § 1798.100 et seq., and its implementing regulations.
      5. Controller” means the entity which determines the purposes and means of the Processing of Personal Data.
      6. Data Protection Law” means all laws and regulations, including laws and regulations of the European Union, the European Economic Area and their member states, Switzerland and the United Kingdom, applicable to the Processing of Personal Data under the MSA.
      7. Data Subject” means the identified or identifiable person to whom Personal Data relates.
      8. GDPR” means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
      9. Non-OnceHub Application” means any application, software, plug-in, or other software application functionality that interoperates with the Services and is provided by Customer or a third party.
      10. OnceHub” means OnceHub Inc., 2093 Philadelphia Pike #5585, Claymont, DE 19703, USA and its Affiliates.
      11. Order Form” means an ordering document or online order specifying the Services to be provided hereunder that is entered into between Customer and OnceHub.
      12. Personal Data” means any information relating to
        1. An identified or identifiable natural person; and
        2. An identified or identifiable legal entity (where such information is protected similarly as personal data or personally identifiable information under applicable Data Protection Laws and Regulations),
          where for each (i) or (ii), such data is Application Data.
      13. Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
      14. Processor” means the entity which Processes Personal Data on behalf of the Controller.
      15. Services” means the SaaS products and other activities to be supplied to or carried out by or on behalf of OnceHub for Customer pursuant to the MSA.
      16. Standard Contractual Clauses” means the agreement executed by and between Customer and OnceHub and pursuant to the European Commission’s decision (C(2010)593) of 5 February 2010 on Standard Contractual Clauses for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection.
      17. Subprocessor” means any person or legal entity appointed by or on behalf of OnceHub to Process Personal Data on behalf of Customer in connection with the Master Services Agreement.
      18. Supervisory Authority” means an independent public authority which is established by an EU Member State pursuant to the GDPR.
      19. Usage Data” means information about your use of the Services, including for example through analysis of patterns and trends, that is stored in an anonymized, pseudonymized, de-personalized or aggregated form in accordance with applicable privacy laws.
  3. Authorized Affiliates
    1. The parties acknowledge and agree that, by executing the MSA, the Customer enters into this Addendum on behalf of itself and, as applicable, in the name and on behalf of its Authorized Affiliates, thereby establishing a separate Addendum between OnceHub and each such Authorized Affiliate subject to the provisions of the MSA and this clause 3.
    2. The Customer that is the contracting party to the MSA shall remain responsible for coordinating all communication with OnceHub under this Addendum and be entitled to make and receive any communication in relation to this Addendum on behalf of its Authorized Affiliates.
    3. Where an Authorized Affiliate becomes a party to this Addendum with OnceHub, it shall to the extent required under applicable Data Protection Law be entitled to exercise the rights and seek remedies under this Addendum.
    4. Except where applicable Data Protection Laws and Regulations require the Authorized Affiliate to exercise a right or seek any remedy under this Addendum against OnceHub directly by itself, the parties agree that:
      1. Solely the Customer that is the contracting party to the MSA shall exercise any such right or seek any such remedy on behalf of the Authorized Affiliate; and
      2. The Customer that is the contracting party to the MSA shall exercise any such rights under this Addendum not separately for each Authorized Affiliate individually but in a combined manner for itself and all of its Affiliates together.
  4. Processing of data
    1. The parties acknowledge and agree that;
      1. With regard to the Processing of Personal Data, Customer is the Controller, and OnceHub is the Processor and that OnceHub has no direct control or ownership of Personal Data that it processes; and
      2. That OnceHub will engage Subprocessors pursuant to the requirements in clauses 10 and 11.
  5. Subject matter of Processing of Personal Data
    1. The subject matter of Processing of Personal Data by OnceHub is the performance of the Services pursuant to the MSA and Order From(s). The duration of the Processing, the nature and purpose of the Processing, the types of Personal Data and categories of Data Subjects Processed under this Addendum are further specified in Appendix 1, “Details of the Processing” to this Addendum.
  6. Responsibilities of each party
    1. Customer shall:
      1. At all times, in its use of the Services, Process Personal Data in compliance with applicable Data Protection Law. For the avoidance of doubt;
        1. Customer shall have sole responsibility for complying with Data Protection Law that requires providing notice, disclosure, or obtaining consent prior to transferring Personal Data to OnceHub for processing purposes;
        2. Customer shall have sole responsibility for the accuracy, quality, and legality of Personal Data that Customer or Customer’s end users submit to OnceHub Services;
        3. Customer specifically acknowledges that its use of the Services will not violate the rights of any Data Subject that has opted out from sales or other disclosures of Personal Data, to the extent applicable under the CCPA; and
        4. Customer shall ensure that OnceHub’s processing of Personal Data in accordance with Customer’s instructions will not cause OnceHub to violate any applicable law, regulation, or rule, including, without limitation, Data Protection Law.
    2. OnceHub shall:
      1. Only Process Personal Data on behalf of, and in accordance with Customer’s documented instructions for the following purposes:
        1. Processing in accordance with the MSA and applicable Order Forms;
        2. Processing initiated by users in their use of OnceHub Services; and
        3. Processing to comply with other documented reasonable instructions provided by Customer (e.g., via email) where such instructions are consistent with the MSA and applicable Order Forms.
      2. Treat Personal Data as Confidential Information;
      3. Not sell, rent, lease, disclose, disseminate, make available, transfer, or otherwise communicate orally, in writing, or by electronic or other means, Personal Data to another business, person, or third party for monetary or other valuable consideration; and
      4. Inform Customer if it becomes aware or reasonably believes that Customer’s data processing instructions violate applicable Data Protection Law.
  7. Confidentiality
    1. OnceHub shall ensure that its employees who may process Personal Data are informed of the confidential nature of the data, and have received appropriate training on their responsibilities and are subject to confidentiality undertakings which shall survive the termination of the personal engagement.
    2. OnceHub shall take commercially reasonable steps to ensure the reliability of any OnceHub personnel engaged in the processing of Personal Data.
  8. Return and deletion of data
    1. OnceHub will to the extent permitted by applicable law, delete Application Data in accordance with the procedures and timeframes specified in the MSA and OnceHub Privacy Notice.
  9. Security
    1. OnceHub shall maintain appropriate technical and organizational measures for protection of the security, including protection against unauthorized or unlawful Processing and against accidental or unlawful destruction, loss or alteration or damage, unauthorized disclosure of, or access to, and the confidentiality and integrity of Application Data, as detailed in the MSA and in the Trust Center on the OnceHub website.
    2. Customer is responsible for reviewing the information OnceHub makes available regarding its data security, including its audit reports, and making an independent determination as to whether the Services meet the Customer’s requirements and legal obligations, including its obligations under applicable Data Protection Law and this Addendum. Customer is further responsible for properly configuring the Services and using available features and functionalities to maintain appropriate security in light of the nature of the data processed by Customer’s use of the Services.
    3. OnceHub will not materially decrease the overall security of the Services during a subscription term.
  10. Data Incident
    1. OnceHub will notify Customer via email to the email address of the Administrator as recorded in the Services by the Customer, no later than 48 hours after becoming aware of the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Application Data, including Personal Data, transmitted, stored or otherwise Processed by OnceHub or its Subprocessors of which OnceHub becomes aware (a “Data Incident“).
    2. OnceHub will make reasonable efforts to identify and remediate the cause of such Data Incident, to the extent that remediation is within OnceHub’s reasonable control. OnceHub will provide reasonable assistance to Customer in the event that Customer is required under Data Protection Law to notify a Supervisory Authority or any data subjects of the Data Incident.
    3. Customer agrees that:
      1. An unsuccessful Data Incident will not be subject to this clause 10. An unsuccessful Data Incident is one that results in no unauthorized access to Application Data or to any of OnceHub’s equipment or facilities storing , and may include, without limitation, pings and other broadcast attacks on firewalls or edge servers, port scans, unsuccessful log-on attempts, denial of service attacks, packet sniffing (or other unauthorized access to traffic data that does not result in access beyond headers) or similar incidents; and
      2. OnceHub’s obligation to report or respond to a Data Incident under this clause 10 is not and will not be construed as an acknowledgement by OnceHub of any fault or liability of OnceHub with respect to the unsuccessful Data Incident.
    4. The obligations herein shall not apply to Data Incidents that are caused by Customer or Customer’s end users.
  11. Subprocessors
    1. Customer agrees that;
      1. Customer provides a general consent to OnceHub to engage Subprocessors conditional on the requirements of clauses 11 and 12 herein;
      2. OnceHub’s Affiliates may be retained as Subprocessors; and
      3. OnceHub may continue to use those Subprocessors already engaged by OnceHub as at the date of this Addendum as listed on the Subprocessor page on OnceHub’s web site, “the Subprocessor List”.
    2. Where OnceHub authorizes any Subprocessor in accordance with clause 11.1, OnceHub agrees:
      1. That before the Subprocessor first Processes Customer Data, OnceHub shall carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Data required by this Addendum and the MSA;
      2. OnceHub shall enter into a written agreement with each Subprocessor containing data protection obligations not less protective than those in the MSA and this Addendum with respect to the protection of Customer Data to the extent applicable to the nature of the Services provided by such Subprocessor.
      3. Restrict the Subprocessor access to Application Data only to what is strictly necessary to perform its services, and OnceHub will prohibit the Subprocessor from processing Customer Data for any other purpose.
    3. OnceHub shall be liable for the acts and omissions of its Subprocessors to the same extent OnceHub would be liable if performing the services of each Subprocessor directly under the terms of this Addendum, except as otherwise set forth in the MSA.
  12. Notification of existing and new Subprocessors and the right to object
    1. A list of the current Subprocessors used by OnceHub for the provision of the Services can be found in the Subprocessor List on the OnceHub web site. Customer may subscribe to notifications of new Subprocessors via the mechanisms described on the Subprocessor list web page.
    2. OnceHub shall provide notification to Customer of a new Subprocessor by adding details of the new Subprocessor to the Subprocessor List before authorizing any new Subprocessor to Process Personal Data in connection with the provision of the Services.
    3. Customer may object to OnceHub’s appointment or replacement of a Subprocessor prior to its appointment, provided such objection is in writing and based on reasonable grounds relating to data protection.
    4. OnceHub will use reasonable efforts to make available to Customer a change in the Services or recommend a commercially reasonable change to Customer’s configuration or use of the Services to avoid Processing of Personal Data by the objected to new Subprocessor without unreasonably burdening Customer.
    5. If OnceHub is unable to make available such change within a reasonable period of time, which shall not exceed thirty days, Customer may terminate the applicable Order Form with respect only to those Services which cannot be provided by OnceHub without the use of the objected to new Subprocessor by providing written notice to OnceHub.
    6. OnceHub will refund Customer any prepaid fees covering the remainder of the term of such Order Form following the effective date of termination with respect to such terminated Services, without imposing a penalty for such termination on Customer.
  13. Customer audit rights
    1. Upon Customer’s written request at reasonable intervals, and subject to reasonable confidentiality controls, OnceHub will make available to Customer, that is not a competitor of OnceHub (or Customer’s independent, third-party auditor that is not a competitor of OnceHub), a copy of OnceHub’s most recent audit reports, or an Executive Summary thereof.
    2. Customer agrees that any audit rights granted by Data Protection Law (including, where applicable, Article 28(3) of the GDPR or clauses 5(f) and 12(2) of the Standard Contractual Clauses) will be satisfied by these Audit Reports, and will only arise to the extent that OnceHub’s provision of an audit report does not provide sufficient information or to the extent that Customer must respond to a regulatory or Supervisory Authority audit.
    3. In such event, Customer agrees to enter a mutually agreed upon audit plan that:
      1. Ensures the use of an independent third party, that is not a competitor of OnceHub;
      2. Provides notice to OnceHub in a timely fashion;
      3. Requests access only during agreed business hours;
      4. Accepts billing to Customer at OnceHub’s then current rates;
      5. Occurs no more than once annually;
      6. Restricts its findings to only Personal Data relevant to Customer; and
      7. Obligates Customer, to the extent permitted by law, to keep confidential any information gathered that, by its nature, should be confidential.
  14. Rights of data subjects
    1. OnceHub will provide reasonable and timely assistance to Customer to enable Customer to respond to a request received by Customer from a data subject seeking to exercise their rights under applicable Data Protection Law, to the extent that Customer is unable to respond to such requests through its use of the Services.
    2. OnceHub shall promptly notify Customer if OnceHub or any Subprocessor receives a request from a data subject under Data Protection Law that identifies Customer as the applicable Controller, and shall ensure that OnceHub and the Subprocessor does not respond to that request.
  15. Limitation of liability
    1. Each party’s and all of its Affiliates’ liability, taken together in the aggregate, arising out of or related to this Addendum, and all Addendums between Authorized Affiliates and OnceHub, whether in contract, tort or under any other theory of liability, is subject to the ‘Limitation of Liability’ clause of the MSA, and any reference in such clause to the liability of a party means the aggregate liability of that party and all of its Affiliates under the MSA and all Addendums together.
    2. For the avoidance of doubt, OnceHub’s total liability for all claims from the Customer and all of its Authorized Affiliates arising out of or related to the MSA and all Addendums shall apply in the aggregate for all claims under both the MSA and all Addendums established under this Agreement, including by Customer and all Authorized Affiliates, and, in particular, shall not be understood to apply individually and severally to Customer and to any Authorized Affiliate that is a contractual party to any such Addendum.
  16. Regulatory fines and penalties
    1. Notwithstanding anything to the contrary in this Addendum or in the MSA (including, without limitation, either party’s indemnification obligations), neither party will be responsible for any fines issued or levied against the other party by a regulatory authority or governmental body in connection with such other party’s violation of Data Protection Law.
  17. European specific provisions
    1. OnceHub will Process Personal Data in accordance with the GDPR requirements directly applicable to OnceHub’s provision of its Services.
    2. OnceHub shall provide reasonable assistance to Customer needed to fulfil Customer’s obligation under the GDPR to carry out any data protection impact assessments related to Customers use of the Services, including prior consultations with Supervising Authorities or other competent data privacy authorities, to the extent that Customer does not otherwise have access to the relevant information, and to the extent that such information is available to OnceHub.
    3. Subject to the additional terms in Appendix 2, the transfer mechanism listed below shall apply to any transfers of Personal Data under this Addendum from the European Union, the European Economic Area and their member states, Switzerland and the United Kingdom to countries which do not ensure an adequate level of data protection within the meaning of Data Protection Law of the foregoing territories, to the extent such transfers are subject to such Data Protection Law:
      1. The Standard Contractual Clauses for data controller to data processor transfers approved by the European Commission in decision 2010/593/EU, which are hereby incorporated by reference, provided that Appendices 1 and 2 of the Standard Contractual Clauses are set forth in Appendix 3 to this Addendum.
    4. OnceHub have appointed a data protection officer. The appointed person may be reached at privacyoffice@oncehub.com

APPENDIX 1 – DETAILS OF THE PROCESSING

 

  1. Nature and purpose of Processing
    1. OnceHub will Process Personal Data as necessary to perform the Services pursuant to the MSA, and as further instructed by Customer in its use of the Services.
    2. The purposes of the Processing of data from the Controller is to provide a SaaS subscription Service (which may include the detection, prevention and resolution of security and technical issues) and otherwise to fulfil the obligations under the terms of service as stated in the MSA and Order Forms.
    3. OnceHub processes data to provide and improve the services we offer and perform essential business operations. This includes operating the services, maintaining and improving the performance of the services, including developing new features, research and providing customer support.
    4. OnceHub does not sell Customer end users’ Personal Data and does not share end users’ information with third parties for those third parties’ own business interests
  2. Duration of Processing
    1. Subject to clause 8 of this Addendum, OnceHub will Process Personal Data for the duration of the MSA, unless otherwise agreed upon in writing.
  3. Categories of data subjects
    1. Customer may submit Personal Data to the Services, the extent of which is determined and controlled by Customer in its sole discretion, and which may include, but is not limited to Personal Data relating to the following categories of data subjects:
      1. Prospects, customers, business partners and vendors of Customer (who are natural persons);
      2. Employees or contact persons of Customer prospects, customers, business partners and vendors;
      3. Employees, agents, advisors, freelancers of Customer (who are natural persons); and
      4. Customer’s Users authorized by Customer to use the Services.
  4. Type of Personal Data
    1. Customer may submit Personal Data to the Services, the extent of which is determined and controlled by Customer in its sole discretion, and which may include, but is not limited to the following categories of Personal Data:
      1. First and last name
      2. Title
      3. Position
      4. Employer
      5. Contact information (company, email, phone, physical business address)
      6. ID data
      7. Professional life data
      8. Personal life data
      9. Sensitive personal data, to the extent permitted by the OnceHub Acceptable User Policy

 

 

APPENDIX 2 – ADDITIONAL TERMS FOR EUROPEAN DATA TRANSFERS

 

ADDITIONAL TERMS FOR STANDARD CONTRACTUAL CLAUSES

Customer parties to the Standard Contractual Clauses

The Standard Contractual Clauses and the additional terms specified in this section “Additional Terms for Standard Contractual Clauses” apply to Customer including Authorized Affiliates which are subject to the data protection laws and regulations of the European Union, the European Economic Area and their member states, Switzerland or the United Kingdom

For the purpose of the Standard Contractual Clauses and this section “Additional Terms for Standard Contractual Clauses” Customer, and each Authorized Affiliate, shall be deemed “data exporters”.

Instructions

This Addendum, the MSA, and the Order Form(s) are the Customer’s complete and final documented instructions at the time of signature of the MSA to OnceHub for the Processing of Personal Data. Any additional or alternate instructions must be agreed upon separately between the parties.

For the purposes of clause 5(a) of the Standard Contractual Clauses, the following is deemed an instruction by the Customer to process Personal Data:

(a) Processing in accordance with the MSA and applicable Order Forms;

(b) Processing initiated by users in their use of OnceHub Services; and

(c) Processing to comply with other documented reasonable instructions provided by Customer (e.g., via email) where such instructions are consistent with the MSA and applicable Order Forms.

Appointment of new Subprocessors and list of current Subprocessors.

Pursuant to clause 5(h) of the Standard Contractual Clauses, Customer acknowledges and expressly agrees that

(a) OnceHub’s Affiliates may be retained as Subprocessors; and

(b) OnceHub and OnceHub’s Affiliates respectively may engage third-party Subprocessors in connection with the provision of the OnceHub Services. OnceHub shall make available to Customer the current list of Subprocessors in accordance with clause 12 of this Addendum.

Notification of new Subprocessors and objection right for new Subprocessors

Pursuant to clause 5(h) of the Standard Contractual Clauses, Customer acknowledges and expressly agrees that OnceHub may engage new Subprocessors as described in clauses 11 and 12 of this Addendum.

Copies of Subprocessor agreements

The parties agree that the copies of the Subprocessor agreements that must be provided by OnceHub to Customer pursuant to clause 5(j) of the Standard Contractual Clauses may have all commercial information, or clauses unrelated to the Standard Contractual Clauses or their equivalent, removed by OnceHub beforehand; and, that such copies will be provided by OnceHub, in a manner to be determined in its discretion, only upon request by Customer.

Audits and certifications

The parties agree that the audits described in clause 5(f) and clause 12(2) of the Standard Contractual Clauses shall be carried out in accordance with clause 13 of this Addendum.

Certification of deletion

The parties agree that the certification of deletion of Personal Data that is described in clause 12(1) of the Standard Contractual Clauses shall be provided by OnceHub to Customer only upon Customer’s request.

Conflict

In the event of any conflict or inconsistency between the body of this Addendum and any of its Appendices (not including the Standard Contractual Clauses) and the Standard Contractual Clauses, the Standard Contractual Clauses shall prevail.
Signatories to the Standard Contractual Clauses

DATA EXPORTER
Signed by Customer executing the MSA or an agreement into which this Addendum is incorporated by reference, on behalf of itself and each Authorized Affiliate

DATA IMPORTER
Signed by OnceHub executing the MSA or an agreement into which this Addendum is incorporated by reference, on behalf of itself and each of its Affiliates

 

 

APPENDIX 3 – APPENDICES TO STANDARD CONTRACTUAL CLAUSES

 

APPENDIX 1 TO THE STANDARD CONTRACTUAL CLAUSES

This Appendix forms part of the Clauses and must be completed and signed by the parties.
The Member States may complete or specify, according to their national procedures, any additional necessary information to be contained in this Appendix.

Data exporter
The data exporter is (please specify briefly your activities relevant to the transfer):

The data exporter is the Customer as defined above and the user of OnceHub’s Services

Data importer
The data importer is (please specify briefly activities relevant to the transfer):

The data importer for the OnceHub Services is OnceHub Inc.

Data subjects
The personal data transferred concern the following categories of data subjects (please specify):

Data exporter’s customers and end-users. The data importer will receive any personal data in the form of Application Data that the data exporter instructs OnceHub to process through its cloud communications products and services. The precise personal data that the data exporter will transfer to the data importer is necessarily determined and controlled solely by the data exporter.

Categories of data
The personal data transferred concern the following categories of data (please specify):

Customer may submit Personal Data to the Services, the extent of which is determined and controlled by Customer in its sole discretion, and which may include, but is not limited to the following categories of Personal Data:

(a) First and last name
(b) Title
(c) Position
(d) Employer
(e) Contact information (company, email, phone, physical business address)
(f) ID data
(g) Professional life data
(h) Personal life data
(i) Sensitive personal data, to the extent permitted by the OnceHub Acceptable Use Policy

Special categories of data (if appropriate)
The personal data transferred concern the following special categories of data (please specify):

Data exporter may submit special categories of data to the OnceHub Services in accordance with the terms of the OnceHub Acceptable Use Policy, the extent of which is determined and controlled by the data exporter in its sole discretion, and which is for the sake of clarity Personal Data with information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade-union membership, and the processing of genetic data,

Processing operations
The personal data transferred will be subject to the following basic processing activities (please specify):

The objective of Processing of Personal Data by data importer is the performance of the OnceHub Services pursuant to the Agreement.

APPENDIX 2 TO THE STANDARD CONTRACTUAL CLAUSES
This Appendix forms part of the Clauses and must be completed and signed by the parties.

Description of the technical and organizational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c) (or documentation/legislation attached):

Data importer shall maintain appropriate technical and organizational measures for protection of the security, including protection against unauthorized or unlawful Processing and against accidental or unlawful destruction, loss or alteration or damage, unauthorized disclosure of, or access to, and the confidentiality and integrity of Personal Data, as detailed in the MSA and in the Trust Center of the OnceHub website.

Data importer will not materially decrease the overall security of the Services during a subscription term.