Data Protection Addendum changelog
New Version 2.6
Effective Date 30th November 2023.
Summary of changes:
We have
- Added a new definition of User Data in order to provide further clarity on each parties responsibilities in relation to
the data provide by you in your use of our Services. - Excluded User Data from the definition of Application Data.
- Corrected language to refer to Application Data rather than Customer Data which was not defined.
- Minor formatting and typo corrections.
New Version 2.5
Effective Date 10th January 2023.
Summary of changes:
We have
- Added an additional clause 18 to include provisions related to the California Consumer Privacy Act
New Version 2.4
Effective Date 3rd October 2022.
Summary of changes:
We have
- Updated our DPA to incorporate the UK Addendum to the EU Standard Contractual Clauses
- Made minor drafting changes
New Version 2.3
Effective Date 1st October 2021.
Summary of changes:
We have
- Updated our DPA to incorporate the new version of the Standard Contractual Clauses published by the European Commission on June 7th, 2021.
- Made minor drafting changes
New Version 2.2
Effective Date 14th January 2021.
Summary of changes:
We have
- Made minor drafting changes to ensure consistency with the updated MSA
New Version 2.1
Effective Date 1st October 2020.
Summary of changes:
We have
- Clarified how we use analytical data for the purposes of protecting and improving our services
- Updated our corporate address and the governing law clause
- Removed reference to the Privacy Shield
New Version 2.0
Effective Date 1st June 2020.
Summary of changes:
- We have added a clause that extends the applicability of the DPA, and if relevant the incorporated Standard Contractual Clauses, to all authorized affiliates of the Customer. An authorized affiliate means any of the customer’s affiliate(s) which is permitted to use our services pursuant to an agreement between the customer and OnceHub, but has not signed its own order form with OnceHub.
- We have clarified that the customer is responsible for complying with applicable data protection law in its use of our services
- We have added a clause to deal with the provisions of the California Consumer Privacy Act to specifically states that OnceHub shall not sell customer data for monetary or other valuable consideration.
- In relation to data incident notification we have stated that we will notify the customer via the email address of the administrator as recorded in our services by the customer no later than 48 hours after becoming aware of the data incident (previously stated as “without due delay”).
- We have included a clause whereby the customer provides OnceHub with a general consent to engage subprocessors conditional subject to specific processes listed in clause 11.1 and 11.2. customer can receive notification of new subprocessors through a new RSS feed and object to new subprocessors under clause 12.1
- We have clarified the process for exercising Customer’s audit eights under clause 13
- We have clarified that the limitation of liability clause as set out in the Master Services Agreement applies to the Data Protection Addendum as well. We have increased the ceiling for our liability cap to the total amount paid by you and your affiliates for our services giving rise to the liability in the 60 months preceding the first incident out of which the liability arose. This was previously set at 12 months.
- We have clarified that we will forward to our customers any data subject requests that we receive from data subjects that specifically identify the customer as the applicable controller
- We have included a new section that sets out additional clauses for the Standard Contractual Clauses to reflect the changes made to the clauses regarding the appointment and objection to subprocessors, the right of audit and various other provisions of the Addendum.
- We have specifically set out the required appendices to the Standard Contractual Clauses as an appendix to the Addendum.