Data Protection Addendum changelog
New Version 2.0
Effective Date 1st June 2020.
Summary of changes:
- We have added a clause that extends the applicability of the DPA, and if relevant the incorporated Standard Contractual Clauses, to all authorized affiliates of the Customer. An authorized affiliate means any of the customer’s affiliate(s) which is permitted to use our services pursuant to an agreement between the customer and OnceHub, but has not signed its own order form with OnceHub.
- We have clarified that the customer is responsible for complying with applicable data protection law in its use of our services
- We have added a clause to deal with the provisions of the California Consumer Privacy Act to specifically states that OnceHub shall not sell customer data for monetary or other valuable consideration.
- In relation to data incident notification we have stated that we will notify the customer via the email address of the administrator as recorded in our services by the customer no later than 48 hours after becoming aware of the data incident (previously stated as “without due delay”).
- We have included a clause whereby the customer provides OnceHub with a general consent to engage subprocessors conditional subject to specific processes listed in clause 11.1 and 11.2. customer can receive notification of new subprocessors through a new RSS feed and object to new subprocessors under clause 12.1
- We have clarified the process for exercising Customer’s audit eights under clause 13
- We have clarified that the limitation of liability clause as set out in the Master Services Agreement applies to the Data Protection Addendum as well. We have increased the ceiling for our liability cap to the total amount paid by you and your affiliates for our services giving rise to the liability in the 60 months preceding the first incident out of which the liability arose. This was previously set at 12 months.
- We have clarified that we will forward to our customers any data subject requests that we receive from data subjects that specifically identify the customer as the applicable controller
- We have included a new section that sets out additional clauses for the Standard Contractual Clauses to reflect the changes made to the clauses regarding the appointment and objection to subprocessors, the right of audit and various other provisions of the Addendum.
- We have specifically set out the required appendices to the Standard Contractual Clauses as an appendix to the Addendum.