AMENDMENT TO ADD THE MODEL CLAUSES DATA PROCESSING ADDENDUM Signature Page
EX-10.1 2 reselleramendmentoct2015.htm EX-10.1 Exhibit
Salesforce.com, Inc. Reseller
AMENDMENT TO ADD THE MODEL CLAUSES DATA PROCESSING ADDENDUM
Signature Page
Reseller Full Legal Name | Salesforce.org, a nonprofit public benefit corporation having its principal place of business at 50 Fremont Street, Suite 300, San Francisco, California 94105 |
This Amendment (this “Amendment”) is made and entered in by and between salesforce.com, inc., a Delaware corporation having its principal place of business at The Landmark @ One Market, Suite 300, San Francisco, California 94105 (“SFDC” or “Salesforce”) and the Reseller named above and amends that certain Reseller Agreement between Salesforce and Reseller dated as of August 1, 2015, as previously amended (the “Agreement”). This Amendment is effective as of the later of the dates beneath the Parties’ signatures below (“Amendment Effective Date”), provided, however, that the dates of the Parties’ signatures are not separated by a period of time greater than ten (10) business days. If such period is greater than ten (10) business days then this Amendment shall be deemed null and void and to be of no effect. Capitalized terms not defined herein shall have the meanings given to them in the Agreement.
The Parties, by their respective authorized signatories, have duly executed this Amendment as of the Amendment Effective Date.
Salesforce.com, Inc. Reseller
By: /s/ Mark J. Hawkins By: /s/ Shanti Ariker
Name: Mark J. Hawkins Name: Shanti Ariker
Title: CFO Title: VP, Global General Counsel
Date: 10/9/2015 Date: 10/13/2015
This Amendment consists of this Signature Page and the following Recitals and Amendment Terms & Conditions, as well as the Model Clauses Data Processing Agreement (Reseller) attached hereto and incorporated by reference herein.
Salesforce Confidential
AMENDMENT TO ADD MODEL CLAUSES DPA Page 1 of 1
Recitals
WHEREAS, Salesforce and Reseller desire to amend the Agreement to add the attached Model Clauses Data Processing Addendum.
WHEREAS, other than as expressly modified in this Amendment, the Parties desire for the terms of the Agreement to remain unchanged and continue in full force and effect.
NOW, THEREFORE, in consideration of the mutual promises set forth herein and in the Agreement, and for other good and valuable consideration the receipt and sufficiency of which is hereby acknowledged, the Parties hereby agree as follows:
Amendment Terms & Conditions
1. | New Attachment. The Model Clauses Data Processing Addendum (Reseller) attached hereto is added as new attachment to the Agreement. |
2. | Scope of Model Clauses Data Processing Addendum (Reseller). The Parties agree that the Model Clauses Data Processing Addendum (Reseller) applies only to the Processing of Personal Data by Salesforce in the course of providing the Resold Services. The Model Clauses Data Processing Addendum (Reseller) applies only to Personal Data that is transferred from the European Economic Area (EEA) to outside the EEA, either directly or via onward transfer, to any country or recipient: (i) not recognized by the European Commission as providing an adequate level of protection for personal data (as described in the EU Data Protection Directive), and (ii) not covered by a suitable framework recognized by the relevant authorities or courts as providing an adequate level of protection for personal data, including but not limited to Binding Corporate Rules for Processors. |
3. | Effect of Amendment. Subject to the above modifications, the Agreement remains in full force and effect. |
4. | Entire Agreement. The terms and conditions herein contained constitute the entire agreement between the Parties with respect to the subject matter of this Amendment and supersede any previous and contemporaneous agreements and understandings, whether oral or written, between the Parties hereto with respect to the subject matter hereof. |
5. | Counterparts. This Amendment may be executed in one or more counterparts, including facsimiles or scanned copies sent via email or otherwise, each of which will be deemed to be a duplicate original, but all of which, taken together, will be deemed to constitute a single instrument. |
(End of Amendment Terms & Conditions)
Salesforce Confidential
AMENDMENT TO ADD MODEL CLAUSES DPA Page 2 of 2
MODEL CLAUSES DATA PROCESSING ADDENDUM (RESELLER)
This Model Clauses Data Processing Addendum (the “DPA” or the “Model Clauses DPA”) is made part of the Agreement between Reseller and Salesforce to reflect the Parties’ agreement with regard to the Processing of Customer Data, including Personal Data, in accordance with the requirements of Data Protection Laws and Regulations. All capitalized terms not defined herein shall have the meaning set forth in the Agreement.
This Model Clauses DPA is between the following Parties:
(1) | salesforce.com, inc., The Landmark, One Market, Suite 300, San Francisco, California 94105 USA, a company incorporated under the laws of the state of Delaware, USA (“Salesforce” or “Sub-Processor”); |
AND
(2) | (i) Salesforce.org, a nonprofit public benefit corporation having its principal place of business at 50 Fremont Street, Suite 300, San Francisco, California 94105, and (ii) solely for the purpose of meeting applicable requirements of Data Protection Laws, Salesforce.org EMEA Limited, (each the “Reseller” and each the “Processor” for purposes of this DPA) |
This DPA shall not replace any additional rights relating to Processing of Customer Data previously negotiated by Reseller in the Agreement (including any existing data processing addendum to the Agreement).
This DPA shall apply only to Salesforce online services that Reseller is permitted to resell under the Agreement and that are branded by Salesforce as Sales Cloud, Service Cloud, Communities, Force.com and Chatter (“Resold Services”).
1 | BACKGROUND |
(A) | Salesforce is a provider of enterprise cloud computing solutions and provides technology services to organizations (including the Pass-Through Customers). |
(B) | Pursuant to EU Commission Decision 2010/87/EU, Reseller and the Pass-Through Customers may have entered into a data transfer agreement based on the Standard Contractual Clauses (“Data Transfer Agreement”) under which the Pass-Through Customers, as Controller, has agreed to transfer, and Reseller, as Processor, has agreed to receive, the Pass-Through Customers Personal Data intended for processing on the Pass-Through Customers’s behalf in accordance with the Data Transfer Agreement. |
(C) | In accordance with Clause 11 of the Data Transfer Agreement and to safeguard the applicable Pass-Through Customers’s Personal Data (as defined below), the Parties have agreed to enter into this DPA. |
(D) | For clarity, this DPA only applies to Pass-Through Customers Personal Data submitted to Salesforce’s systems by or for Pass-Through Customers as Customer Data (as defined in the Agreement) while such Customer Data is resident on Salesforce’s systems. The Pass-Through Customers Personal Data transferred will be processed under this DPA by Salesforce, Salesforce’s Affiliates (as defined in Clause 8 of this DPA) and non-Salesforce Affiliate sub-processors for the duration of the Agreement. |
Salesforce Confidential
AMENDMENT TO ADD MODEL CLAUSES DPA Page 3 of 3
2 | DEFINITIONS AND INTERPRETATION |
2.1 | In this DPA the following words and phrases shall have the following meanings, unless inconsistent with the context or as otherwise specified: |
“Data Protection Laws and Regulations” means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established.
“Personal Data”, “Special Categories of Data”, “process/processing”, “Controller”, “Processor”, “Data Subject”, and “Supervisory Authority” shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data;
“Pass-Through Customers” means a Pass-Through Customers as a Controller, who transfers the Pass-Through Customers Personal Data to Reseller, as Processor;
“Pass-Through Customer Personal Data” means any information relating to an identified or identifiable person where such data is submitted by or for Pass-Through Customers to Sub-Processor’s systems as Customer Data which is accessible to the Pass-Through Customers while resident on Sub-Processor’s systems.
“Salesforce Group” means Salesforce and its Affiliates engaged in the Processing of Personal Data.
“Technical and Organizational Security Measures” means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.
2.2 | The headings used in this DPA are used for convenience only and are not to be considered in construing or interpreting this DPA. All references in this DPA to “Clauses” or “Schedules” shall, unless otherwise provided, refer to Clauses hereof or Schedules to this DPA, respectively. |
2.3 | Capitalized terms not defined in this DPA shall have the meanings given to them in the Agreement. |
3 | DETAILS OF THE PROCESSING |
3.1 | The details of the processing are specified in Schedule 1, which forms an integral part of this DPA. |
3.2 | Application. This Model Clauses Data Processing Addendum (Reseller) applies only to the Processing of Personal Data by Salesforce in the course of providing the Resold Services. The Model Clauses Data Processing Addendum (Reseller) applies only to Personal Data that is transferred from the European Economic Area (EEA) to outside the EEA, either directly or via onward transfer, to any country or recipient: (i) not recognized by the European Commission as providing an adequate level of protection for personal data (as described in the EU Data Protection Directive), and (ii) not covered by a suitable framework recognized by the relevant authorities or courts as providing an adequate level of protection for personal data, including but not limited to Binding Corporate Rules for Processors. |
Salesforce Confidential
AMENDMENT TO ADD MODEL CLAUSES DPA Page 4 of 4
4 | OBLIGATIONS OF THE SUB-PROCESSOR |
4.1 | The Sub-Processor agrees and warrants that it will: |
(i) | process the Pass-Through Customers Personal Data only on behalf of the Pass-Through Customers and in compliance with Reseller’s (and/or Pass-Through Customers’s) instructions, including but not limited to the Agreement and this DPA; if it cannot provide such compliance for whatever reasons, it agrees to promptly inform Reseller of its inability to comply, in which case Reseller is entitled to suspend the processing of the Pass-Through Customers Personal Data permitted pursuant to the Agreement and/or terminate the DPA; |
(ii) | process Pass-Through Customers Personal Data on behalf of and in accordance with Reseller and/or Pass-Through Customers’s, as the case may be, instructions as set forth in the Agreement and this DPA. Reseller and Pass-Through Customers instruct Sub-Processor to Process Pass-Through Customers Personal Data for the following purposes: (a) processing in accordance with the Agreement and applicable Service Order(s); and (b) processing initiated by the Pass-Through Customers’s Users (as defined in the Agreement). For clarity, as set forth in the Agreement, the Sub-Processor shall not disclose Pass-Through Customers Personal Data except as expressly permitted in writing by the Pass-Through Customers (or Reseller on Pass-Through Customers’s behalf) or where required by law, in which case to the extent permitted by law, the Sub-Processor shall provide the Reseller and/or Pass-Through Customers with prior notice of any such compelled disclosure; |
(iii) | it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from Reseller (and/or Pass-Through Customers) and its obligations under this DPA; in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by this DPA, it will promptly notify the change to Reseller as soon as it is aware, in which case Reseller is entitled to suspend the processing of the Pass-Through Customers Personal Data permitted pursuant to the Agreement and/or terminate the DPA; |
(iv) | it has implemented the Technical and Organizational Security Measures specified in Schedule 2 before processing the Pass-Through Customers Personal Data; |
(v) | it will promptly notify Reseller about: |
(a) | any legally binding request for disclosure of the Pass-Through Customers Personal Data by a law enforcement authority or administrative or court order unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation; |
(b) | any accidental or unauthorized access to, or use of disclosure of the Pass-Through Customers Personal Data; and |
(c) | any request received directly from the Data Subjects, without responding to that request, unless it has been otherwise authorized to do so; |
AND
(vi) | it will deal promptly and properly with all inquiries from Reseller relating to its processing of the Pass-Through Customers Personal Data and to abide by the advice of the Supervisory |
Salesforce Confidential
AMENDMENT TO ADD MODEL CLAUSES DPA Page 5 of 5
Authority in consultation with Reseller (as legally permitted), with regard to the processing of the Pass-Through Customers Personal Data.
4.2 | Audit. |
4.2.1 | Audit Report. Sub-Processor uses external auditors to verify the adequacy of its Technical and Organizational Security Measures, including the physical security of the data centers from which Sub-Processor provides the Resold Services. This audit: (a) will be performed at least annually; (b) will be performed according to ISO 27001 standards or such other alternative standards that are substantially equivalent to ISO 27001; (c) will be performed by independent, third-party security inspection professional(s) in possession of professional qualifications and bound by a duty of confidentiality to Salesforce, at Sub-Processor’s selection and expense; (d) will result in the generation of an audit report (“Audit Report”) (e.g. in a Service Organization Controls 2 (SOC-2) report or its equivalent); and (e) may be performed for other purposes in addition to satisfying this Clause 4.2.1 (e.g. as part of Sub-Processor’s regular internal security procedures or to satisfy other contractual obligations). |
At Reseller’s request, including in connection with a request from a Supervisory Authority, Sub-Processor will provide Reseller with a copy of the Audit Report signed by the third-party auditor so that Reseller can reasonably verify Sub-Processor’s compliance with the Technical and Organizational Security Measures under this DPA. The Audit Report is Confidential Information (as defined in the Agreement). Reseller may share a summary of the results of the Audit Report with a Supervisory Authority and/or Pass-Through Customers provided such summary is treated as Confidential Information.
4.2.2 | On-Site Audit Right. In addition, subject to the restrictions in Clause 4.2.3 below, Sub-Processor shall allow Reseller to audit Sub-Processor, or an Salesforce Affiliate engaged in the Processing of Personal Data, for compliance with the Technical and Organizational Security Measures set forth in Schedule 2 of this DPA in the following limited circumstances: |
(a) | Following any notice from Sub-Processor to Reseller of an actual or reasonably suspected unauthorized disclosure of Pass-Through Customers Personal Data submitted to the Resold Services, Reseller shall have the right to conduct, with reasonable prior written notice, either itself or through a third-party independent contractor selected by Reseller at Reseller’s expense, an on-site audit of Sub-Processor’s or the applicable Salesforce Affiliate’s systems, policies and procedures relevant to the security and integrity of Pass-Through Customers Personal Data submitted to the Resold Services; and |
(b) | Reseller may conduct, either itself or through a third-party independent contractor selected by Reseller at Reseller’s expense, an on-site audit of Sub-Processor’s or the applicable Salesforce Affiliate’s systems, policies and procedures relevant to the security and integrity of Pass-Through Customers Personal Data submitted to the Resold Services, provided that such audit may be conducted only one time per year, with at least three week’s advance written request. |
4.2.3 | On-Site Audit Restrictions. The audit rights set forth in Clause 4.2.2 above are subject to the following restrictions: |
Salesforce Confidential
AMENDMENT TO ADD MODEL CLAUSES DPA Page 6 of 6
(i) | Reseller must promptly provide Sub-Processor with information regarding any non-compliance discovered during the course of an audit. |
(ii) | Audits shall be conducted during reasonable times and shall be of reasonable duration and shall not unreasonably interfere with Sub-Processor’s day-to-day operations. In the event that Reseller conducts an audit through a third-party independent contractor, such independent contractor shall be required to enter into a non-disclosure agreement containing confidentiality provisions substantially similar to those set forth in the Agreement to protect Sub-Processor’s proprietary information. Additionally, such independent contractor must not be a competitor of Sub-Processor. |
(iii) | If an audit requires the equivalent of more than one business day of time expended by Sub-Processor or a Sub-Processor Affiliate employee, Reseller agrees to reimburse Sub-Processor for any additional time expended at Sub-Processor’s then current professional services rates. Reseller may share a summary of the results of its audit or inspection with a Pass-Through Customers, provided that prior to sharing such summary, the Pass-Through Customers has entered into a non-disclosure agreement containing confidentiality provisions substantially similar to those set forth in the Agreement to protect Sub-Processor’s proprietary information. |
5 | CONFIDENTIALITY |
5.1 | The Sub-Processor agrees that it shall maintain the Pass-Through Customers Personal Data in confidence. In particular, the Sub-Processor agrees that, except with the prior written consent of Reseller and/or the Pass-Through Customers, it shall not make any use of any Customer Personal Data otherwise than in connection with the provision of the Resold Services and, subject to Clause 4.1(ii), shall not disclose any Customer Personal Data to any third-party. |
5.2 | The Sub-Processor agrees and acknowledges that Reseller may make available a copy of this DPA to the Pass-Through Customers or the Supervisory Authority for informational purposes; however Reseller shall remove any commercial information contained in this DPA. For the avoidance of doubt, this DPA is Confidential Information (as defined in the Agreement). |
5.3 | The Sub-Processor further agrees and acknowledges that Reseller may make available to the Data Subject for informational purposes, on request, a copy of this DPA; however Reseller shall remove any commercial information contained in this DPA, with the exception of Schedule 2, which shall be replaced by a summary description of the security measures in those cases where the Data Subject is unable to obtain a copy from the Customer. For the avoidance of doubt, this DPA is Confidential Information (as defined in the Agreement). |
6 | COOPERATION WITH SUPERVISORY AUTHORITIES |
6.1 | The Parties agree that the Supervisory Authority has the right to conduct an audit of the Sub-Processor, which has the same scope and is subject to the same conditions as would apply to an audit of the Pass-Through Customers under the data protection laws applicable to the Pass-Through Customers. |
6.2 | The Sub-Processor shall promptly inform Reseller about the existence of legislation applicable to it preventing the conduct of an audit of the Sub-Processor pursuant to Clause 6.1, in which case |
Salesforce Confidential
AMENDMENT TO ADD MODEL CLAUSES DPA Page 7 of 7
Reseller may suspend the processing of the Pass-Through Customers Personal Data permitted pursuant to the Agreement and/or terminate this DPA.
7 | LIABILITY AND THIRD-PARTY BENEFICIARY CLAUSE |
7.1 | The Data Subject can enforce against the Sub-Processor this Clause 7.1, Clause 7.2 and 7.3, Clause 4.1 (i)-(vi), Clause 5.3, Clause 6.1 Clause 8, Clause 9.2 and 9.3, Clause 10, Clause 12.2 and Clause 13 as a third party beneficiary. |
7.2 | If a Data Subject, who has suffered damage as a result of any breach by the Sub-Processor of any of its obligations under this DPA, is not able to bring a claim against the Pass-Through Customers or Reseller arising out of such breach because both the Pass-Through Customers and Reseller have factually disappeared or ceased to exist in law or have become insolvent, the Sub-Processor agrees that the Data Subject may issue a claim against the Sub-Processor with regard to its own processing operations under this DPA as if it were the Pass-Through Customers or Reseller (unless any successor entity has assumed the entire legal obligations of the Pass-Through Customers or Reseller by contract or by operation of law, in which case the Data Subject can enforce its rights against such entity). The liability of the Sub-Processor to the Data Subject as described in this Clause 7.2 shall be limited to its own processing operations under this DPA. |
7.3 | The Parties do not object to a Data Subject being represented by an association or other body if the Data Subject so expressly wishes and if permitted by national law. |
8 | FURTHER SUB-PROCESSORS |
8.1 | Pursuant to Clause 5(h) of the Data Transfer Agreement, Reseller acknowledges and expressly agrees that Sub-Processor is entitled to retain its Affiliates (“Salesforce Affiliates”) as further sub-processors for Sub-Processor and that Sub-Processor or Salesforce Affiliates respectively may engage third-party service providers as sub-processors that may provide customer support, including processing of Pass-Through Customers Personal Data, in connection with the Resold Services. |
8.2 | Sub-processors. Salesforce shall make available to Reseller a current list of sub-processors for the Resold Services with the identities of those Sub-processors (“Sub-processor List”). Salesforce shall provide Reseller with a mechanism to subscribe to updates to the Sub-processor List and shall provide such updates before authorizing any new Sub-processor(s) to Process Personal Data in connection with the provision of the Resold Services. |
8.3 | Objection Right for new Sub-processors. If Reseller has a reasonable basis to object to Salesforce’s use of a new Sub-processor, Reseller shall notify Salesforce promptly in writing within 10 business days after receipt of Salesforce’s notice. |
In the event Reseller objects to a new Sub-processor(s) and that objection is not unreasonable Salesforce will use reasonable efforts to make available to Reseller a change in the affected Resold Services or recommend a commercially reasonable change Reseller’s configuration or use of the affected Resold Services to avoid processing of Personal Data by the objected-to new Sub processor without unreasonably burdening Reseller. If Salesforce is unable to make available such change within a reasonable period of time, which shall not exceed sixty (60) days, Reseller may terminate the applicable Service Order(s) in respect only to those Resold Services which cannot be provided by Salesforce without the use of the objected-to new Sub-processor, by providing written notice
Salesforce Confidential
AMENDMENT TO ADD MODEL CLAUSES DPA Page 8 of 8
to Reseller. Reseller shall receive a refund of any prepaid fees for the period following the effective date of termination in respect of such terminated Resold Services.
8.4 | All sub-processors will be subject to data protection obligations at least equivalent to those contained in this DPA under a written agreement, and such sub-processors shall be obliged to comply with applicable Data Protection Laws and Regulations. Where the sub-processor fails to fulfil its data protection obligations under such written agreement Salesforce shall remain fully liable to the data exporter for the performance of the sub-processor's obligations under such agreement. |
8.5 | Sub-Processor shall audit third-party sub-processors that are not Salesforce Affiliates at least once per year to ensure they have appropriate physical, technical, organizational, and administrative controls in place. Upon Reseller’s reasonable request at reasonable intervals, Salesforce shall provide Reseller with an executive summary of the most recent audits of such third-party sub-processors. Salesforce Affiliates that are sub-processors are audited at least once per year pursuant to salesforce.com, inc.’s ISO 27001 certification. |
8.6 | Upon Reseller’s request, Salesforce agrees to promptly make available to Reseller a copy of an applicable sub-processor data processing agreement executed in relation to this DPA, provided that Salesforce may remove any commercial information contained in such agreement. Reseller may make available a summary of the agreement, or the agreement if required, to the Pass-Through Customers provided that such summary, or the agreement if required, is treated as Confidential Information, including that the Pass-Through Customers has entered into a non-disclosure agreement containing confidentiality provisions substantially similar to those set forth in the Agreement to protect Salesforce’s Confidential Information. |
9 | TERM AND TERMINATION |
9.1 | This DPA shall continue in full force and effect until the Agreement has been terminated or expires, it being understood, however, that the Sub-Processor's provision of data-processing services for the Pass-Through Customers pursuant to its obligations under the Agreement shall be terminated upon instruction of Reseller or upon termination of the processing of Pass-Through Customers Personal Data by Reseller for the Pass-Through Customers pursuant to the Data Transfer Agreement. |
9.2 | Upon request by Pass-Through Customers made within 30 days following termination of the provision of data-processing services for the Pass-Through Customers, the Sub-Processor will return all Pass-Through Customers Personal Data to Pass-Through Customers, unless prohibited from returning or destroying all or part of the Pass-Through Customers Personal Data by applicable law, including, but not limited to, a litigation hold, or unless otherwise required by an agreement between Pass-Through Customers and Sub-Processor. In that case the Sub-Processor warrants that it will guarantee the confidentiality of the Pass-Through Customers Personal Data and will not actively process the Pass-Through Customers Personal Data anymore except as required by applicable law or permitted by the applicable agreement between Pass-Through Customers and Sub-Processor. |
The Sub-Processor shall provide such Pass-Through Customers Personal Data via a downloadable file in comma separated value (.csv) format and attachments in their native format. Pass-Through Customers Personal Data submitted to the Resold Services is retained in inactive status within the
Salesforce Confidential
AMENDMENT TO ADD MODEL CLAUSES DPA Page 9 of 9
Resold Services for 180 days and a transition period of up to 30 days, after which it is securely overwritten or deleted. Pass-Through Customers Personal Data submitted to the Resold Services (including Pass-Through Customers Personal Data retained in inactive status) will be stored on backup media for an additional 90 days after it is securely overwritten or deleted from the Resold Services. This process is subject to applicable legal requirements. Without limiting the ability for the Pass-Through Customers to request return of its Pass-Through Customers Personal Data, the Sub-Processor reserves the right to reduce the number of days it retains such data after contract termination. Upon request, the Sub-Processor will provide Reseller with a certification of destruction as required under Clause 12.1 of the Data Transfer Agreement.
9.3 | The Pass-Through Customers Personal Data is destroyed through an automated technical process. This process is audited according to Clause 4.2. |
10 | VARIATION |
Any amendment, waiver or variation of this DPA shall not be binding on the Parties unless set out in writing, expressed to amend this DPA and signed by or on behalf of each of the Parties.
11 | SEVERABILITY AND WAIVER |
If any provision of this DPA is held to be illegal, invalid or otherwise unenforceable, such provision will be enforced to the extent possible consistent with the stated intention of the Parties, or if incapable of such enforcement, will be deemed to be severed and deleted from this DPA, while the remainder of this DPA will continue in full force and effect. The waiver by either Party of any default or breach of this DPA will not constitute a waiver of any other or subsequent default or breach.
12 | GOVERNING LAW |
12.1 | Subject to Clause 12.2 below, this DPA shall be governed by, and construed in accordance with the laws of California. The state and federal Courts of the City and County of San Francisco, California shall have the non-exclusive jurisdiction to hear and determine any suit, action or proceedings relating to or arising in connection with this DPA. |
12.2 | The provisions of this DPA relating to data protection aspects of processing of Pass-Through Customers Personal Data shall exclusively be governed by the law of the Member State in which the Pass-Through Customers is established. |
13 | MEDIATION |
13.1 | The Sub-Processor agrees that if the Data Subject invokes against it third-party beneficiary rights and/or claims compensation for damages under this DPA, the Sub-Processor will accept the decision of the Data Subject: |
(i) | to refer the dispute to mediation, by an independent person or, where applicable, by the Supervisory Authority; or |
Salesforce Confidential
AMENDMENT TO ADD MODEL CLAUSES DPA Page 10 of 10
(ii) | to refer the dispute to the courts in the Member State in which the Pass-Through Customers is established. |
13.2 | The Parties agree that the choice made by the Data Subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law. |
Salesforce Confidential
AMENDMENT TO ADD MODEL CLAUSES DPA Page 11 of 11
SCHEDULE 1
DETAILS OF THE PROCESSING
Data subjects
Pass-Through Customers Personal Data submitted to Salesforce’s systems by or for Pass-Through Customers as Customer Data which is accessible to the Pass-Through Customers while resident on Salesforce’s systems may relate (the extent of which is determined and controlled by the Customer in its sole discretion) to and may include, but is not limited, to the following examples:
• | prospects, customers, business partners and vendors of Pass-Through Customers (who are natural persons) |
• | employees or contact persons of Pass-Through Customers's prospects, customers, business partners and vendors |
• | employees, agents, advisors and freelancers of Pass-Through Customers (who are natural persons) |
• | users of Pass-Through Customers authorized by Pass-Through Customers to use the Resold Services |
Categories of data
Pass-Through Customers Personal Data submitted to Salesforce’s systems by or for Pass-Through Customers as Customer Data which is accessible to the Pass-Through Customers while resident on Salesforce’s systems may concern any or all of the categories of Personal Data, the extent of which is determined and controlled by the Pass-Through Customers in its sole discretion, and which may include, but is not limited to the following examples:
• | First, middle and last name |
• | Title |
• | Position |
• | Employer |
• | Contact information (email addresses, phone numbers, physical address information) |
Special Categories of Data
Pass-Through Customers may submit special categories of data to the Resold Services, the extent of which is determined and controlled by the Pass-Through Customers in its sole discretion, and which is for the sake of clarity personal data with information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and the processing of data concerning health or sex life.
Processing Operations
The Personal Data transferred will be subject to the following basic processing activities:
Salesforce Confidential
AMENDMENT TO ADD MODEL CLAUSES DPA Page 12 of 12
As set forth in the Agreement, Salesforce shall process Personal Data for the following purposes: (a) to provide the Resold Services in accordance with the Agreement, to prevent or address service or technical problems, or upon Reseller and/or Pass-Through Customers’s request in connection with a customer support matter; and (b) processing initiated by Users in their use of the Resold Services.
Salesforce Confidential
AMENDMENT TO ADD MODEL CLAUSES DPA Page 13 of 13
SCHEDULE 2
SECURITY MEASURES
Capitalized terms used in this Schedule 2 but not defined in this Schedule 2 have the meaning given in the Agreement
1. | Access control to premises and facilities to prevent unauthorized persons from gaining access to data processing systems for processing or using Personal Data, Salesforce’s production data centers have an access system that controls access to the data center. This system permits only authorized personnel to have access to secure areas. The facility is secured by around-the-clock guards, biometric access screening, and escort-controlled access. |
2. | Access control to systems to prevent data processing systems from being used without authorization. |
In providing the Resold Services, Salesforce implements the following controls:
• | Unique User identifiers (User IDs) to ensure that activities can be attributed to the responsible individual. |
• | User passwords are stored using a one-way hashing algorithm (SHA-256) and are never transmitted unencrypted. |
• | Access to the Resold Services require a valid User ID and password combination, which are encrypted via SSL while in transmission. Following a successful authentication, a random session ID is generated and stored in the User’s browser to preserve and track session state. |
• | Controls to ensure generated initial passwords must be reset on first use. |
The Resold Services provide the following functionality that may be implemented by Reseller in its use of the Resold Services:
• | Controls to revoke access after several consecutive failed login attempts. |
• | Controls on the number of invalid login requests before locking out a User. |
• | Controls to force a User password to expire after a period of use. |
• | Controls to terminate a User session after a period of inactivity. |
• | Password history controls to limit password reuse. |
• | Password length controls |
• | Password complexity requirement (requires letters and numbers). |
• | Verification question before resetting password. |
• | The ability to accept logins to the Resold Services from only certain IP address ranges. |
• | The ability to restrict logins to the Resold Services to specific time periods (Developer Edition, Enterprise Edition, and Unlimited Edition only). |
• | Ability to delegate user authentication or federate authentication via SAML. |
3. | Access control to data to ensure that persons authorized to use a data processing system have access only to those data they are authorized to access, and that Personal Data cannot be read, copied, altered, or removed without authorization during use and after recording. |
• | Reseller and/or Pass-Through Customers may implement a granular sharing model and User permission profiles to limit data accessible to different Users. |
• | Reseller and/or Pass-Through Customers, as applicable, may create custom fields that are encrypted at rest and are only visible to Users that have been granted the “View Encrypted Data” permission by Reseller or Pass-Through Customers’s, as applicable, designated system administrators. |
Salesforce Confidential
AMENDMENT TO ADD MODEL CLAUSES DPA Page 14 of 14
4. | Disclosure control to ensure that Personal Data cannot be read, copied, altered, or removed without authorization during electronic transfer or transfer or transport or while being recorded onto data storage media, and that it is possible to check and establish to which parties Personal Data are to be transferred by means of data transmission facilities. |
• | Salesforce uses industry accepted encryption products to protect Customer Data and communications during transmissions between Reseller and/or Pass-Through Customers’s network and the Reseller Services, including minimum 128-bit VeriSign SSL Certification and minimum 2048-bit RSA public keys. |
5. | Input control to ensure that it is possible to after-the-fact check and establish whether Personal Data has been entered into, altered, or removed from data processing systems, and if so, by whom. |
In providing the Resold Services, Salesforce implements the following controls:
• | User access log entries will be maintained, containing date, time, User ID, URL executed or entity ID operated on, operation performed (viewed, edited, etc.) and source IP address. Note that source IP address might not be available if NAT (Network Access Translation) or PAT (Port Address Translation) is used by Reseller and/or Pass-Through Customers or its ISP. |
• | If there is a suspicion of inappropriate access, Salesforce can provide Reseller log entry records to assist in forensic analysis. This service will be provided to Reseller on a time and materials basis. |
The Resold Services provide the following functionality that may be implemented by Reseller and/or Pass-Through Customers in its use of the Resold Services:
• | Certain administrative changes to the Resold Services (such as password changes and adding custom fields) are tracked in an area known as the “Setup Audit Log” and are available for viewing by Pass-Through Customers’s designated system administrator(s). Pass-Through Customers may download and store this data locally. |
• | Successful and failed login attempts for Pass-Through Customers’s instance(s) of the Services are tracked in an area known as the “Login History” and are available for viewing by Pass-Through Customers’s designated system administrator(s). Pass-Through Customers may download and store this data locally. |
• | Pass-Through Customers may implement functionality known as “Set History Tracking” to track the history of specific objects or fields within the Customer’s instance(s) of the Resold Services. All entries include the date, time, nature of the change, and the User who made the change. |
6. | Job control to ensure that personal data processed on behalf of others are processed strictly in compliance with the Data Controller’s instructions. |
• | As set forth in the DPA, Salesforce shall process Personal Data in accordance with the instructions of Reseller and/or Pass-Through Customers, including to provide the Resold Services as set forth in the Agreement and as instructed by Users in their use of the Resold Services. |
7. | Availability control to ensure that Personal Data are protected against accidental destruction or loss. |
• | Disaster recovery. Salesforce can utilize disaster recovery facilities that are geographically remote from primary data centers, along with required hardware, software, and Internet connectivity, in the event Salesforce production facilities at the primary data center were to be rendered unavailable. Salesforce has disaster recovery plans in place and tests them at least once per year. Salesforce will discuss results of these tests with Reseller on request. |
Salesforce Confidential
AMENDMENT TO ADD MODEL CLAUSES DPA Page 15 of 15
• | Reliability and Backup. All networking components, SSL accelerators, load balancers, Web servers, and application servers are configured in a redundant configuration. All Customer Data is stored on a primary database server that is clustered with a backup database server for redundancy. All Customer Data is stored on carrier-class disk storage RAID disks and multiple data paths. All Customer Data, up to the last committed transaction, is automatically backed up on a regular basis. Any backup tapes are verified for integrity stored in an offsite facility in a secure, fire-resistant location. |
• | Viruses. The Resold Services will not introduce any viruses to Reseller’s systems; however, the Resold Services do not scan for viruses that could be included in attachments or other Customer Data uploaded into the Resold Services by Reseller and/or Pass-Through Customers. Any such uploaded attachments will not be executed in the Resold Services and therefore will not damage or compromise the Resold Services. |
8. | Segregation control to ensure that data collected for different purposes can be processed separately. |
In providing the Resold Services, Salesforce implements the following controls:
• | Strong logical separation of Customer Data, which is achieved via Reseller and/or Pass-Through Customers-specific “Organization IDs” that permit only Users to view related Customer Data. |
The Resold Services provide the following functionality, which may be implemented by Pass-Through Customers in its use of the Resold Services:
• | Pass-Through Customers may implement a granular sharing model and User permission profiles to limit data accessible to different Users. |
Salesforce Confidential
AMENDMENT TO ADD MODEL CLAUSES DPA Page 16 of 16