Policies and Terms

Data Processing Addendum

The processing of Personal Data in a secure and transparent way is important to us at CATS. Because of this, we are committed to processing Personal Data in accordance with the EU’s General Data Protection Regulation (“GDPR”).

This Data Processing Addendum (“DPA”) amends the Terms of Service agreement between CATS Software, Inc (“CATS”) and you as a customer.

Definitions

  • “Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
  • “Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
  • “Personal Data” means any information relating to an identified or identifiable natural person.
  • “GDPR” means the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
  • “Sub-processor” means a third party used by CATS to provide our service.
  • “Incident” means a breach of security of the Service or CATS systems used to Process Personal Data leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise Processed by CATS in the context of this DPA.
  • “You” or "Customer means the company that signs up to use CATS.
  • “Data Subject” means any individual about whom Personal Data may be processed under this DPA.

Processing of Personal Data

  1. Roles of each Party

    Each party acknowledges and agrees that with the regard to the processing of Personal Data, Customer is the Controller, CATS is the Processor and that CATS will engage Sub-processors pursuant to the requirements set forth in “Sub-processors” below.

  2. Customer Processing of Personal Data

    Customer shall process Personal Data in accordance with the requirements of the GDPR. Customer shall have sole responsibility for the accuracy, quality and legality of Personal Data and the means by which Customer acquired Personal Data.

Data Subject Request

As Controller, Customer is solely responsible for fulfilling a request by Data Subject to provide the Personal Data Processed by CATS. CATS will give best effort to notify You if any requests are made to CATS to provide Personal Data.

Sub-processors

Customer agrees that CATS may disclose Personal Data to its Sub-processors for the purposes of providing the CATS Service. Current Sub-Processors engaged by CATS are listed below.

Sub-processor Purpose
Amazon Web Services (AWS) Cloud infrastructure hosting
Clicky Business analytics
Google Business analytics
Mailgun Email sending
Nylas Email/calendar sync

Incident Management

In the event that CATS becomes aware of an Incident, CATS will notify you promptly and in any event no later than seventy-two (72) hours after CATS discovers the Incident. In the event of such a Incident, CATS shall provide you with a detailed description of the Incident and the type of Personal Data concerned, unless otherwise prohibited by law or otherwise instructed by a law enforcement or supervisory authority. Following such notification, CATS will take reasonable steps to mitigate the effects of the Incident and to minimize any damage resulting from the Incident. At your request, CATS will provide reasonable assistance and cooperation with respect to any notifications that you are legally required to send to affected Data Subjects and regulators. CATS may charge a reasonable fee for such requested assistance.

Liability and Indemnity

Each party indemnifies the other and holds them harmless against all claims, actions, third party claims, losses, damages and expenses incurred by the indemnified party and arising directly or indirectly out of or in connection with a breach of this DPA.

This DPA shall come into effect on May 25, 2018 and shall continue until changed or terminated.