This Data Processing Agreement (“DPA”) is an addendum to the Terms of Service between Esfera Marketing SL and you. The following clauses are applicable whenever your intended use of Seal Metrics triggers the application of the European Union's General Data Protection regulation (“GDPR”).
"The Product" refers to Seal Metrics, an EU-based cloud-based software provided by Spain-based Esfera Marketing SL.
"We", "us", or "data processor" refers to Esfera Marketing SL.
"You" or "data controller" refers to the company or organization that enters into a contract to deploy the Product on one or many of its websites.
We act solely as per your documented instructions, as detailed in following clauses: Subject Matter, Duration, Nature and Purpose, Categories, Special Categories, and Retention Period. This includes data transfers to a third country or international organization.
Should you choose to use the Product in a a way that collects personal data about your website visitors, we will commit to process such data in way that ensures its confidentiality, integrity, and availability.
At most, such personal data will be limited to pseudonymized events pertaining to pages visited, referring websites, and generic campaign properties included in URL parameters. The Product is not designed to single out specific individuals, collect IP addresses or facilitate the creation of personal profiles, and such uses are considered a breach of our Terms of Service and are excluded from this data processing agreement.
This data processing agreement is in place for twelve months, and will be renewed each year provided that you remain our customer.
The purpose of the processing falls within the scope of statistical analysis and digital analytics services intended to help a data controller better understand the manner in which its potential or current customers navigate its website. This is done in aggregate, and no individual is ever singled out in the pursuit of this specific purpose.
This data processing agreement is in place because you have asked us to process website events that could be associated to pseudonymous or aggregated personal data signals such us: marketing campaign or origin (as a traffic source), most popular content, and most frequent customer journeys throughout your website.
You will not be collecting data, in aggregated or granular form, about a data subject's health, sex life, sexual orientation, racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership. As a result, the Product will not be storing or processing such data.
We will keep the data you collect for up to three months after the termination or cancellation of our contract. Event and traffic history older than five years will also be deleted from your active account unless expressly requested through an addendum to this data processing agreement.
We will make sure that our team members are informed of the confidential nature of the data being processed, having received appropriate training on their responsibilities and having executed written confidentiality agreements.
We will also take commercially reasonable steps to ensure the reliability of any Seal Metrics personnel engaged in the processing of personal data.
We will make sure that only the team members providing the service, or offering relevant customer support have access to the data being processed.
We have developed information security risk management policies to reasonably ensure the confidentiality, integrity, and availability of the data processed by the Product. These include subprocessor audits (see Subprocessors for further details), certifications, infrastructure, availability and disaster resistance, technical security controls, and admnistrative security controls.
In particular, the following are in place:
SEAL Metrics is deployed on AWS' infrastructure (Ireland Data Center).