On-demand live demo: Catch changes in your data before they impact your business

Platform

Data Quality & Observability

Detect anomalies anywhere in your data, in real time

Lineage

Get to the root cause and resolve issues quickly

Data asset insights

Discover data assets and understand how they are used

Discover the product for yourself

Take a tour
CustomersPricing

Learn more

Customer stories

Hear why customers choose Validio

Blog

Data news and feature updates

Reports & guides

The latest whitepapers, reports and guides

Events & webinars

Upcoming events and webinars, and past recordings

Heroes of Data

Join Heroes of Data - by the data community, for the data community

Data maturity quiz

Take the test to find out what your data maturity score is

Get help & Get started

Dema uses Validio to ensure the data quality for their prescriptive analytics

Watch the video
Get started for freeGet a demo

Data Processing Addendum

Latest updated: 2024-09-27

This Data Processing Addendum (DPA) is hereby incorporated by reference into and is part of the Agreement under which Validio AB provides the Service to the Customer specified in the Order, solely to the extent and for the purposes outlined herein. Except for the changes made by this DPA, the Agreement remains unchanged and in full force and effect. In the event of a conflict between the Agreement and this DPA, this DPA shall control.

DEFINITIONS

  1. Words and expressions defined in the Agreement shall have the same meaning herein.
  2. Applicable Privacy Law: means all relevant national, federal, state and other data protection or privacy laws, rules, regulations, and guidance that apply to the Processing of Customer Personal Data, including but not limited to the California Consumer Privacy Act, as amended by the California Privacy Rights Act and together with associated regulations (“CCPA”); the Virginia Consumer Data Protection Act (“VCDPA”); the Colorado Privacy Act and related regulations (“CPA”); the Utah Consumer Privacy Act (“UCPA”); and the Connecticut Act Concerning Personal Data Privacy and Online Monitoring (the “CPDPA”) and the General Data Protection Regulation ((EU) 2016/679) and the law of the European Union or any member state of the European Union to which Validio is subject, which relates to the protection of personal data.
  3. Customer Personal Data: any Customer Data which includes personal data that Validio processes in connection with the Agreement, in the capacity of a processor on behalf of the Customer.
  4. Purpose: the purposes for which the Customer Personal Data is processed, as set out in clause 2.1.

  1. DATA PROTECTION

    1.1 For the purposes of this DPA, the terms controller, processor, data subject, personal data, personal data breach, special categories of data and processing shall have the meaning given to them in the Applicable Privacy Law. 

    1.2 Both parties will comply with all applicable requirements of Applicable Privacy Law. The terms of this DPA are in addition to, and do not relieve, remove or replace, a party's obligations or rights under Applicable Privacy Law. 

    1.3 To the extent the Customer uploads or inputs any Customer Personal Data into the Service, the Parties have determined and acknowledge that the Customer shall act as a controller in respect of such data and Validio shall process such data as a processor on behalf of the Customer for the purpose of providing the Service. Should the determination in this clause 1.3 change, then each party shall work together in good faith to make any changes which are necessary to this DPA.

    1.4 As the Service is cloud based the parties acknowledge and agree that: a) Customer Personal Data is only processed by Validio if the Customer uploads it to or inputs it through the Service; and b) it is the responsibility of the Customer to inform Validio if Customer Data includes any Customer Personal Data by indicating this in the applicable Order or by notice in writing.

    1.5 Without prejudice to the generality of clause 1.2, the Customer will ensure that it has all necessary appropriate consents and notices in place to enable lawful transfer of the Customer Personal Data to Validio for the duration and purposes of the Agreement.
  2. DESCRIPTION OF PROCESSING 

    2.1 Purpose of processing. The purpose of the processing is to provide the Licensed Software and services in accordance with the terms of the Agreement.

    2.2 Nature of processing. Hosting of Customer Data, which may contain Customer Personal Data, as a result of the Customer uploading it to or inputting it through the Service at Customer’s sole discretion, for the provision of the Service by Validio and receipt of the Service by the Customer.

    2.3 Duration of processing. The duration of the processing shall be for the provision of the Service during the term specified in the applicable Order.

    2.4 Categories of data subjects.  Any categories of data subjects that the Customer includes in the Customer Personal Data at the Customer’s sole discretion including without limitation the Customers’ clients, employees, suppliers and end users.

    2.5 Categories of personal data. Any form of Customer Personal Data that the Customer uploads to or inputs through the Service at Customer’s sole discretion.  The inclusion of any special categories of personal data in the Customer Personal Data is not permitted and any use of the Service in respect of such data is at the Customer’s sole discretion and liability. 
  3. VALIDIO’S OBLIGATIONS

    3.1 Without prejudice to the generality of clause 1.2 Validio shall, in relation to Customer Personal Data:

    a) adhere to its obligations under Applicable Privacy Law ;

    b) Validio  acknowledges that it is a “service provider,” as defined by Applicable Privacy Law. 

    c) Validio will adhere to its obligations as service provider under Applicable Privacy Law and provide the same level of privacy protection that is required of Customer under Applicable Privacy Law. 

    d) Validio will not (i) “sell” Customer Personal Data, as such term is  defined in the CCPA, VCDPA, CPA, UCPA, CPDPA, or similar state laws; (ii) “share” Customer Personal Data, as such term is  defined in the CCPA; (iii) retain, use, or disclose the Customer Personal Data for any purpose other than for the specific business purpose of performing the Service, including retaining, using, or disclosing Customer Personal Data for a commercial purpose other than the business purposes specified in the Agreement, or as otherwise permitted by Applicable Privacy Law; (iv) retain, use, or disclose Customer Personal Data outside of the direct business relationship between Validio and Customer; (v) combine Customer Personal Data that Validio receives from, or on behalf of, Customer with personal information that it receives from, or on behalf of, another person or persons, or collects from its own interaction with a consumer, provided that Validio may combine personal information to perform a business purpose permitted by Applicable Privacy Law.

    e) process Customer Personal Data only on the documented instructions of the Customer, unless Validio is required by Applicable Privacy Law to otherwise process that Customer Personal Data. Where Validio is relying on Applicable Privacy Law as the basis for processing Customer Personal Data, Validio shall notify the Customer of this before performing the processing required by the Applicable Privacy Law unless the Applicable Privacy Law prohibits Validio from so notifying the Customer on important grounds of public interest. Validio shall inform the Customer if, in the opinion of Validio, the instructions of the Customer infringe Applicable Privacy Law;

    f) implement the technical and organisational measures to protect against unauthorised or unlawful processing of Customer Personal Data and against accidental loss or destruction of, or damage to, Customer Personal Data, which are appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures; 

    g) ensure that any personnel engaged and authorised by Validio to process Customer Personal Data have committed themselves to confidentiality or are under an appropriate statutory or other legal obligation of confidentiality; 

    h) assist the Customer insofar as this is possible (taking into account the nature of the processing and the information available to Validio), and at the Customer's cost and written request, in responding to any request from a data subject and in ensuring the Customer's compliance with its obligations under Applicable Privacy Law with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators;

    i) notify the Customer without undue delay on becoming aware of a personal data breach involving the Customer Personal Data and take reasonable steps to mitigate any damage resulting from such breach;

    j) at the written direction of the Customer, delete or return Customer Personal Data and copies thereof to the Customer on termination of the Agreement unless Validio is required by Applicable Privacy Law to continue to process that Customer Personal Data. For the purposes of this clause 3.1(f) Customer Personal Data shall be considered deleted where it is put beyond further use by Validio; and

    k) maintain records to demonstrate its compliance with this DPA and at the Customer’s sole expense and cost allow for reasonable audits by the Customer or the Customer's designated auditor, for this purpose, on reasonable written notice.
  4. SUBCONTRACTING

    4.1 The Customer hereby provides its prior, general authorisation for Validio to:

    a) appoint processors to process the Customer Personal Data, including those listed on its website, provided that Validio:

    i) shall ensure that the terms on which it appoints such processors comply with Applicable Privacy Law, and are consistent with the obligations imposed on Validio in this DPA;

    ii) shall remain responsible for the acts and omission of any such processor as if they were the acts and omissions of Validio; and

    iii) shall inform the Customer of any intended changes concerning the addition or replacement of the processors listed on its website either by providing no less that 14 days prior notice in writing by email or otherwise setting out details of the processor’s name and contact information, services to be provided to Validio and location of processing, thereby giving the Customer the opportunity to object to such changes provided that if the Customer objects to the changes and cannot demonstrate, to Validio's reasonable satisfaction, that the objection is due to an actual or likely breach of Applicable Privacy Laws, the Customer shall indemnify Validio for any losses, damages, costs (including reasonable legal fees) and expenses suffered by Validio in accommodating the objection.
  5. TRANSFERS

    The Customer hereby provides its prior, general authorisation for Validio to transfer Customer Personal Data outside of the European Economic Area (EEA) as required for the Purpose, provided that Validio shall ensure that all such transfers are effected in accordance with Applicable Privacy Law. For these purposes, the Customer shall promptly comply with any reasonable request of Validio, including any request to enter into standard data protection clauses adopted by the EU Commission from time to time.
  6. CCPA

    6.1 When only the CCPA applies to the Agreement:

    a) both parties will comply with all applicable requirements of the CCPA when collecting, using, retaining, or disclosing personal information.

    b) Validio certifies that it understands the the CCPA’s restrictions and prohibitions on selling personal information and retaining, using, or disclosing personal information outside of the parties’ business relationship, and Validio will comply with them.