Contractual Safeguards

Zoopsign requires its sub-processors to satisfy equivalent obligations as those required from Zoopsign (as a Data Processor) as set forth in Zoopsign’s Data Processing Agreement (“DPA”), including but not limited to the requirements to:

• Process Personal Data in accordance with data controller’s (i.e. Subscriber’s) documented instructions (as communicated in writing to the relevant subprocessor by Zoopsign);
• in connection with their subprocessing activities, use only personnel who are reliable and subject to a contractually binding obligation to observe data privacy and security, to the extent applicable, pursuant to applicable data protection laws;
• provide regular training in security and data protection to personnel to whom they grant access to Personal Data;
• implement and maintain appropriate technical and organizational measures (including measures consistent with those to which Zoopsign is contractually committed to adhere insofar as they are equally relevant to the subprocessor’s processing of Personal Data on Zoopsign’s behalf) and provide an annual certification that evidences compliance with this obligation. In the absence of such certification Zoopsign reserves the right to audit the subprocessor;
• promptly inform Zoopsign about any actual or potential security breach;
• and cooperate with Zoopsign in order to deal with requests from data controllers, data subjects or data protection authorities, as applicable.

This policy does not give Subscribers any additional rights or remedies and should not be construed as a binding agreement. The information herein is only provided to illustrate Zoopsign’s engagement process for sub-processors as well as to provide the actual list of third party sub-processors and content delivery networks used by Zoopsign as of the date of this policy (which Zoopsign may use in the delivery and support of its Services).

If you are a Zoopsign Subscriber and wish to enter into our DPA, please email us at info@zoopsign.com.

Process to Engage New Subprocessors

For all Subscribers who have executed Zoopsign’s standard DPA, Zoopsign will provide notice via this policy of updates to the list of sub-processors that are utilized or which Zoopsign proposes to utilize to deliver its Services. Zoopsign undertakes to keep this list updated regularly to enable its Subscribers to stay informed of the scope of subprocessing associated with the Zoopsign Services.

Pursuant to the DPA, a Subscriber can object in writing to the processing of its Personal Data by a new subprocessor within thirty (30) days after updating of this policy and shall describe its legitimate reasons to object. If a Subscriber does not object during such time period the new subprocessor(s) shall be deemed accepted.

If a Subscriber objects to the use of a subprocessor pursuant to the process provided under the DPA, Zoopsign shall have the right to cure the objection through one of the following options (to be selected at Zoopsign’s sole discretion):

• Zoopsign will cease to use the subprocessor with regard to Personal Data;
• Zoopsign will take the corrective steps requested by Subscriber in its objection (which remove Subscriber’s objection) and proceed to use the subprocessor to process Personal Data; or
• Zoopsign may cease to provide or Subscriber may agree not to use (temporarily or permanently) the particular aspect of a Zoopsign Service that would involve the use of the subprocessor to process Personal Data.

Termination rights, as applicable and agreed, are set forth exclusively in the DPA.

The following is an up-to-date list (as of the date of this policy) of the names and locations of Zoopsign sub-processors and content delivery networks: