Data Processing Agreement

(GDPR, Standard Contractual Clauses, Episerver Processor Binding Corporate Rules) – 17 July 2021

Introduction

The Data Processing Agreement (“DPA”) forms part of the Master Services Agreement or other written or electronic agreement between Episerver and Customer for the purchase of online services from Episerver (identified either as “Software Services” or otherwise in the applicable agreement, and hereinafter defined as “Software Services”) (the “Agreement”) to reflect the parties’ agreement with regard to the Processing of Personal Data.

By signing this Agreement, Customer enters into this DPA on behalf of itself and, to the extent required under applicable Data Protection Laws and Regulations, in the name and on behalf of its Authorized Affiliates, if and to the extent Episerver processes Personal Data for which such Authorized Affiliates qualify as the Controller. For the purposes of this DPA only, and except where indicated otherwise, the term "Customer" shall include Customer and Authorized Affiliates. All capitalized terms not defined herein shall have the meaning set forth in the Agreement, end-user services agreement (“EUSA”) and service level agreement (“SLA”).

In the course of providing the Software Services to Customer pursuant to the Agreement, Episerver may Process Personal Data on behalf of Customer and the Parties agree to comply with the following provisions with respect to any Personal Data, each acting reasonably and in good faith.

How to execute this DPA

1. This DPA consists of two parts: the main body of the DPA and Exhibits 1 (including Appendices 1 and 2), 2, 3, and 4.
2. If this DPA is attached to an Agreement or Order which is signed and executed, the DPA will become legally binding between the Parties as part of the Agreement or Order.
3. If this DPA was not attached to an Agreement or Order, please complete our DPA as outlined in the next step, upon execution of the DPA, it will be countersigned by Episerver Inc. as the data importer.
4. To complete this DPA when not attached to an Agreement or Order, Customer must:
   1. Take note that different Sub-processors apply to different Services on Page 19.
   2. Complete the information in the signature box and sign on Page 8.

How this DPA applies

If Customer entering into this DPA is a party to the Agreement, this DPA is an addendum to and forms part of the Agreement. In such case, the Episerver entity that is party to the Agreement is party to this DPA.

If Customer’s Affiliate entering into this DPA has executed an Order with Episerver or its Affiliate pursuant to the Agreement, but is not itself a party to the Agreement, this DPA is an addendum to that Order and applicable renewal Orders, and the Episerver entity that is party to such Order is party to this DPA.

If the Customer entity signing the DPA is not a party to an Order nor a Master Services Agreement directly with Episerver but is instead a customer indirectly via an authorized reseller of Episerver services, this DPA is not valid and is not legally binding. Such entity should contact the authorized reseller to discuss whether any amendment to its agreement with that reseller may be required.

This DPA shall not replace any additional terms relating to Processing of Customer Data contained in any Amendment(s) to Customer’s Agreement, however shall replace any existing standard data processing agreement between the Parties.

If an entity signing this DPA is neither a party to an Agreement nor an Order, this DPA is not valid and is not legally binding. Such entity should request that a Customer entity who is a party to the Agreement executes this DPA on their behalf.

**Note: If Customer is using Episerver Managed Services (formerly Everweb), this DPA is not valid and is not legally binding unless written confirmation from Episerver has been received stating that the minimum GDPR technical and organizational measures on Customer’s environment have been met.

After our DPO countersigns our DPA, a signed copy will be emailed to you.

Please click on the link to sign our DPA. Episerver Customer DPA

For your review you can see the DPA here.

For further information, please see the Episerver Trust Center here.

As always, we at Episerver take your privacy seriously.  Please find our privacy statement here.