Data Processing Agreement
This Data Processing Agreement (this “DPA”) is incorporated into, and is subject to the terms and conditions of, the Agreement between the customer entity that is a party to the Agreement (“Customer”) and Fullstory, Inc. (“Fullstory”) and reflects the parties’ agreement with regard to the Processing of Customer Data. In the course of providing the Services to Customer pursuant to the Agreement, Fullstory may Process Customer Data (as defined below) on behalf of Customer and the parties agree to comply with the following provisions with respect to any Customer Data.
1.Definitions.
“Affiliate” means an entity that directly or indirectly controls, is controlled by or is under common control with an entity, where “control” means, for the purposes of this definition, an ownership, voting, or similar interest representing fifty percent (50%) or more of the total interests then outstanding of the entity in question.
“Agreement” means Fullstory’s Terms and Conditions available at https://www.fullstory.com/legal/terms-and-conditions, as updated from time to time, or other written or electronic agreement, which govern the provision of the Services to Customer, as such terms or agreement may be updated from time to time.
“Customer Data” means any Personal Data that Fullstory Processes on behalf of Customer via the Services, as more particularly described in this DPA.
“Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, or unauthorized disclosure of, or access to, Customer Data.
“Data Controller” means the natural or legal person, public authority, agency, or any other body which alone or jointly with others determines the purposes and means of the Processing of Personal Data.
“Data Processor” means any natural or legal person, public authority, agency, or any other body which Processes Personal Data on behalf of a Data Controller or on the instruction of another Data Processor acting on behalf of a Data Controller.
“Data Protection Laws” means all applicable laws and regulations relating to the processing of Personal Data and privacy that may exist in the relevant jurisdictions, including, where applicable, Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) (the “EU GDPR”); Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector; the Data Protection Act 2018 and the Data Protection, Privacy and Electronic Communications (Amendment Etc.) (EU Exit) Regulations 2019 (the “UK GDPR”); US Data Protection Laws; the Canadian Personal Information Protection and Electronic Documents Act (“PIPEDA”); the Brazilian General Data Protection Law (the “LGPD”); Federal Law no. 13,709/2018; the Privacy Act 1988 (Cth) of Australia, as amended (“Australian Privacy Law”); the Personal Data Protection Act 2012 (No. 26 of 2012) (the “PDPA”); the Swiss Data Protection Act (the “FADP”); and any other privacy laws or regulations applicable to the Processing of Customer Data under the Agreement .