Privacy Policy

Privacy Policy

“Privacy Policy” means all information provided by a party to other party, whether orally or in writing, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure, and excluding any information that was or has become publicly available without the receiving party’s actions or inactions. EmpMonitor confidential information ludes, without limitation, the Service’s features, functionality and performance and your view of the Service. Your Confidential Information ludes, without limitation, the Content.

Each party will hold the other party’s Confidential Information in strict confidence, use it only subject to the terms of this Agreement, allow its use only by the receiving party’s employees and consultants who have signed in advance a confidentiality agreement containing terms similar to this Agreement and on a need-to-know basis and pursuant to the terms of this Agreement, not make the other party’s Confidential Information available to any third party unless to the extent required by applicable law, implement adequate security measures to ensure against unauthorized access to, use or copying of the other party’s Confidential Information, and notify the other party in writing of any misuse of misappropriation of the other party’s Confidential Information of which the receiving party may become aware; in each case without derogating from the terms of the EmpMonitor Privacy Policy.

Privacy & Cybersecurity Indemnification

You agree that the EmpMonitor Services and Platform are used to process information and Personal Data that you provide on an individual basis or by way of a transfer by a business entity under these Terms, and for purposes of these Terms you are designated the data Controller and EmpMonitor is designated as Processor as those terms in defined in the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council (“GDPR”). You further agree and acknowledge your obligations as the data Controller under the Personal Data Processing Addendum set forth below. To the fullest extent permitted by law for all Personal Data that you collect, process via the Services or maintain on the Platform, you shall indemnify and hold EmpMonitor, and their respective officers, directors, trustees, shareholders, employees, and agents (each an “Indemnified Party”), harmless from and against any and all damages and liabilities or third party claims against any Indemnified Party, for loss, cost, damage, or expense of every kind and nature (including, without limitation, penalties imposed by law, regulations, rules by any regulatory authority, court costs, expenses, and reasonable attorneys’ fees) to the extent arising out of, relating to privacy and cybersecurity requirements, including without limitation, failure to comply with Articles 5 to 21, and 32 to 37 of the GDPR, or resulting from, in whole or in part, the breach or non-compliance with this Agreement or the omission, negligence, gross negligence or willful misconduct by you or any of your representatives.

Data Processing Addendum

In addition to the terms stated in between EmpMonitor and the Customer for subscriptions to the EmpMonitor Services and Platform, this Personal Data Processing Addendum (“PDPA”) covers personal data processing, privacy, and cyber security duties. By agreeing to these Terms, Customer acknowledges that its Authorized Affiliates qualify as the “Controller” as defined under General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council (“GDPR”) to the extent that EmpMonitor processes Personal Data in connection with Customer’s subscription to Platform. All capitalized terms not defined in this PDPA shall have the meaning set forth in the Terms. In the course of providing the Services to Customer pursuant to the Terms, EmpMonitor may Process Personal Data on behalf of Customer and the Parties agree to comply with the following provisions with respect to any Personal Data.

• Integration

This PDPA shall not replace shall not replace any equivalent or extra rights related to the processing of customer data that are included in the Terms.

• Processing Of Personal Data

Roles of the parties

The parties acknowledge and agree that with regard to the Processing of Personal Data, Customer is the Controller, EmpMonitor is the Processor and that EmpMonitor or members of the EmpMonitor Group will engage Sub-processors in accordance with the conditions outlined in Section 5 “Sub-processors” below.

Customer’s processing of personal data

The Customer shall, in its use of the Services, Process Personal Data in accordance with the requirements of Data Protection Laws and Regulations. For the avoidance of doubt, the Customer’s instructions for the processing of Personal Data must adhere to all applicable Laws and Regulations on Data Protection. The correctness, excellence, legality, and method by which the Customer obtained Personal Data shall be solely the responsibility of the Customer.

EmpMonitor’s processing of personal data

EmpMonitor shall treat Personal Data as Confidential Information and shall only Process Personal Data on behalf of and in accordance with Customer’s documented instructions for the following purposes: (i) Processing in accordance with the Terms and applicable order form(s); (ii) Processing initiated by Users in their use of the Services; and (iii) Processing to comply with other documented reasonable instructions provided by Customer (e.g., via email) where such instructions are consistent with the terms of the Agreement.

Processing details

The provision of the Services in accordance with the Terms is the subject-matter of EmpMonitor’s processing of personal data. The length of the Processing, the nature and purpose of the Processing, the categories of Data Subjects Processed under this PDPA, and the kinds of Personal Data are further described above.

• Rights Of Data Subjects

Data subject request

EmpMonitor shall, to the extent legally permitted, promptly notify Customer if EmpMonitor receives a request from a Data Subject to exercise the Data Subject’s right of access, right to rectification, restriction of Processing, erasure (“right to be forgotten”), data portability, object to the Processing, or its right not to be subject to an automated individual decision making (“Data Subject Request”). Taking into account the nature of the Processing, EmpMonitor shall assist Customer by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of Customer’s obligation to respond to a Data Subject Request under Data Protection Laws and Regulations. In addition, to the extent Customer, in its use of the Services, does not have the ability to address a Data Subject Request, EmpMonitor shall upon Customer’s request provide commercially reasonable efforts to assist Customer in responding to such Data Subject Request, to the extent EmpMonitor is legally permitted to do so and the response to such Data Subject Request is required under Data Protection Laws and Regulations. To the extent legally permitted, Customer shall be responsible for any costs arising from EmpMonitor’s provision of such assistance.

• Empmonitor Personnel

Confidentiality

EmpMonitor shall ensure that its personnel engaged in the Processing of Personal Data are informed of the confidential nature of the Personal Data, have received appropriate training on their responsibilities and have executed written confidentiality agreements. The EmpMonitor shall ensure that such confidentiality obligations survive the termination of the personnel engagement.

Reliability

EmpMonitor shall take commercially reasonable steps to ensure the reliability of any EmpMonitor personnel engaged in the Processing of Personal Data.

Limitation of access

EmpMonitor shall ensure that EmpMonitor’s access to Personal Data is limited to those personnel performing Services in accordance with the Agreement.

Security

Customers shall be responsible for obtaining and maintaining any equipment and ancillary services needed to connect to, access or otherwise use the Services, including, without limitation, modems, hardware, servers, software, operating systems, networking, web servers and the like (collectively, “Equipment”). Customer shall also be responsible for maintaining the security of the Equipment, Customer account, passwords (including but not limited to administrative and user passwords) and files, and for all uses of the Customer account or the Equipment with or without Customer’s knowledge or consent.

EmpMonitor will maintain reasonable physical and technical safeguards to prevent unauthorized disclosure of or access to Content, in accordance with industry standards. EmpMonitor will notify you if it becomes aware of unauthorized access to Content. EmpMonitor will not access, view or process Content except (a) as provided for in this Agreement and in EmpMonitor privacy policy (“Privacy Policy”); (b) as authorized or instructed by you, (c) as required to perform its obligations under this Agreement; or (d) as required by applicable law. EmpMonitor has no other obligations with respect to Content.

Customer Data Incident Management And Notification

EmpMonitor maintains security incident management policies and procedures specified in the Security, Privacy and Architecture Documentation and shall, notify Customer without undue delay after becoming aware of the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Data, including Personal Data, transmitted, stored or otherwise Processed by EmpMonitor or its Sub-processors of which EmpMonitor becomes aware (a “Customer Data Incident”). EmpMonitor shall make reasonable efforts to identify the cause of such Customer Data Incident and take those steps as EmpMonitor deems necessary and reasonable in order to remediate the cause of such a Customer Data Incident to the extent the remediation is within EmpMonitor’s reasonable control. The obligations herein shall not apply to incidents that are caused by Customer or Customer’s Users.

Return And Deletion Of Customer Data

EmpMonitor shall return Customer Data to Customer and, to the extent allowed by applicable law, delete Customer Data in accordance with the procedures and timeframes specified in the Security and Privacy Documentation.

• European Specific Provisions

GDPR

With effect from May 25, 2018, EmpMonitor will process personal data in compliance with GDPR regulations that are specifically relevant to EmpMonitor’s provision of its Services.

Data Protection Impact Assessment (DPIA)

‍With effect from 25 May 2018, upon Customer’s request, EmpMonitor shall provide customer with reasonable cooperation and assistance necessary to fulfill customer’s obligation under the GDPR to carry out a data protection impact assessment related to customer’s use of the services, to the extent customer does not otherwise have access to the relevant information, and to the extent such information is made available to EmpMonitor.
.

Privacy Policy

“Privacy Policy” means all information provided by a party to other party, whether orally or in writing, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure, and excluding any information that was or has become publicly available without the receiving party’s actions or inactions. EmpMonitor confidential information ludes, without limitation, the Service’s features, functionality and performance and your view of the Service. Your Confidential Information ludes, without limitation, the Content.

Each party will hold the other party’s Confidential Information in strict confidence, use it only subject to the terms of this Agreement, allow its use only by the receiving party’s employees and consultants who have signed in advance a confidentiality agreement containing terms similar to this Agreement and on a need-to-know basis and pursuant to the terms of this Agreement, not make the other party’s Confidential Information available to any third party unless to the extent required by applicable law, implement adequate security measures to ensure against unauthorized access to, use or copying of the other party’s Confidential Information, and notify the other party in writing of any misuse of misappropriation of the other party’s Confidential Information of which the receiving party may become aware; in each case without derogating from the terms of the EmpMonitor Privacy Policy.

Privacy & Cybersecurity Indemnification

You agree that the EmpMonitor Services and Platform are used to process information and Personal Data that you provide on an individual basis or by way of a transfer by a business entity under these Terms, and for purposes of these Terms you are designated the data Controller and EmpMonitor is designated as Processor as those terms in defined in the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council (“GDPR”). You further agree and acknowledge your obligations as the data Controller under the Personal Data Processing Addendum set forth below. To the fullest extent permitted by law for all Personal Data that you collect, process via the Services or maintain on the Platform, you shall indemnify and hold EmpMonitor, and their respective officers, directors, trustees, shareholders, employees, and agents (each an “Indemnified Party”), harmless from and against any and all damages and liabilities or third party claims against any Indemnified Party, for loss, cost, damage, or expense of every kind and nature (including, without limitation, penalties imposed by law, regulations, rules by any regulatory authority, court costs, expenses, and reasonable attorneys’ fees) to the extent arising out of, relating to privacy and cybersecurity requirements, including without limitation, failure to comply with Articles 5 to 21, and 32 to 37 of the GDPR, or resulting from, in whole or in part, the breach or non-compliance with this Agreement or the omission, negligence, gross negligence or willful misconduct by you or any of your representatives.

Data Processing Addendum

In addition to the terms stated in between EmpMonitor and the Customer for subscriptions to the EmpMonitor Services and Platform, this Personal Data Processing Addendum (“PDPA”) covers personal data processing, privacy, and cyber security duties. By agreeing to these Terms, Customer acknowledges that its Authorized Affiliates qualify as the “Controller” as defined under General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council (“GDPR”) to the extent that EmpMonitor processes Personal Data in connection with Customer’s subscription to Platform. All capitalized terms not defined in this PDPA shall have the meaning set forth in the Terms. In the course of providing the Services to Customer pursuant to the Terms, EmpMonitor may Process Personal Data on behalf of Customer and the Parties agree to comply with the following provisions with respect to any Personal Data.

• Integration

This PDPA shall not replace shall not replace any equivalent or extra rights related to the processing of customer data that are included in the Terms.

• Processing Of Personal Data

Roles of the parties

The parties acknowledge and agree that with regard to the Processing of Personal Data, Customer is the Controller, EmpMonitor is the Processor and that EmpMonitor or members of the EmpMonitor Group will engage Sub-processors in accordance with the conditions outlined in Section 5 “Sub-processors” below.

Customer’s processing of personal data

The Customer shall, in its use of the Services, Process Personal Data in accordance with the requirements of Data Protection Laws and Regulations. For the avoidance of doubt, the Customer’s instructions for the processing of Personal Data must adhere to all applicable Laws and Regulations on Data Protection. The correctness, excellence, legality, and method by which the Customer obtained Personal Data shall be solely the responsibility of the Customer.

EmpMonitor’s processing of personal data

EmpMonitor shall treat Personal Data as Confidential Information and shall only Process Personal Data on behalf of and in accordance with Customer’s documented instructions for the following purposes: (i) Processing in accordance with the Terms and applicable order form(s); (ii) Processing initiated by Users in their use of the Services; and (iii) Processing to comply with other documented reasonable instructions provided by Customer (e.g., via email) where such instructions are consistent with the terms of the Agreement.

Processing details

The provision of the Services in accordance with the Terms is the subject-matter of EmpMonitor’s processing of personal data. The length of the Processing, the nature and purpose of the Processing, the categories of Data Subjects Processed under this PDPA, and the kinds of Personal Data are further described above.

• Rights Of Data Subjects

Data subject request

EmpMonitor shall, to the extent legally permitted, promptly notify Customer if EmpMonitor receives a request from a Data Subject to exercise the Data Subject’s right of access, right to rectification, restriction of Processing, erasure (“right to be forgotten”), data portability, object to the Processing, or its right not to be subject to an automated individual decision making (“Data Subject Request”). Taking into account the nature of the Processing, EmpMonitor shall assist Customer by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of Customer’s obligation to respond to a Data Subject Request under Data Protection Laws and Regulations. In addition, to the extent Customer, in its use of the Services, does not have the ability to address a Data Subject Request, EmpMonitor shall upon Customer’s request provide commercially reasonable efforts to assist Customer in responding to such Data Subject Request, to the extent EmpMonitor is legally permitted to do so and the response to such Data Subject Request is required under Data Protection Laws and Regulations. To the extent legally permitted, Customer shall be responsible for any costs arising from EmpMonitor’s provision of such assistance.

• Empmonitor Personnel

Confidentiality

EmpMonitor shall ensure that its personnel engaged in the Processing of Personal Data are informed of the confidential nature of the Personal Data, have received appropriate training on their responsibilities and have executed written confidentiality agreements. The EmpMonitor shall ensure that such confidentiality obligations survive the termination of the personnel engagement.

Reliability

EmpMonitor shall take commercially reasonable steps to ensure the reliability of any EmpMonitor personnel engaged in the Processing of Personal Data.

Limitation of access

EmpMonitor shall ensure that EmpMonitor’s access to Personal Data is limited to those personnel performing Services in accordance with the Agreement.

Security

Customers shall be responsible for obtaining and maintaining any equipment and ancillary services needed to connect to, access or otherwise use the Services, including, without limitation, modems, hardware, servers, software, operating systems, networking, web servers and the like (collectively, “Equipment”). Customer shall also be responsible for maintaining the security of the Equipment, Customer account, passwords (including but not limited to administrative and user passwords) and files, and for all uses of the Customer account or the Equipment with or without Customer’s knowledge or consent.

EmpMonitor will maintain reasonable physical and technical safeguards to prevent unauthorized disclosure of or access to Content, in accordance with industry standards. EmpMonitor will notify you if it becomes aware of unauthorized access to Content. EmpMonitor will not access, view or process Content except (a) as provided for in this Agreement and in EmpMonitor privacy policy (“Privacy Policy”); (b) as authorized or instructed by you, (c) as required to perform its obligations under this Agreement; or (d) as required by applicable law. EmpMonitor has no other obligations with respect to Content.

Customer Data Incident Management And Notification

EmpMonitor maintains security incident management policies and procedures specified in the Security, Privacy and Architecture Documentation and shall, notify Customer without undue delay after becoming aware of the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Data, including Personal Data, transmitted, stored or otherwise Processed by EmpMonitor or its Sub-processors of which EmpMonitor becomes aware (a “Customer Data Incident”). EmpMonitor shall make reasonable efforts to identify the cause of such Customer Data Incident and take those steps as EmpMonitor deems necessary and reasonable in order to remediate the cause of such a Customer Data Incident to the extent the remediation is within EmpMonitor’s reasonable control. The obligations herein shall not apply to incidents that are caused by Customer or Customer’s Users.

Return And Deletion Of Customer Data

EmpMonitor shall return Customer Data to Customer and, to the extent allowed by applicable law, delete Customer Data in accordance with the procedures and timeframes specified in the Security and Privacy Documentation.

• European Specific Provisions

GDPR

With effect from May 25, 2018, EmpMonitor will process personal data in compliance with GDPR regulations that are specifically relevant to EmpMonitor’s provision of its Services.

Data Protection Impact Assessment (DPIA)

‍With effect from 25 May 2018, upon Customer’s request, EmpMonitor shall provide customer with reasonable cooperation and assistance necessary to fulfill customer’s obligation under the GDPR to carry out a data protection impact assessment related to customer’s use of the services, to the extent customer does not otherwise have access to the relevant information, and to the extent such information is made available to EmpMonitor.
.