Contact
Book a Demo

Data Processing Addendum

This Data Processing Addendum (“DPA“) is incorporated by reference into the applicable master agreement, terms of use, subscription agreement or other written or electronic agreement governing the provision of remote monitoring and management SaaS services (“Services“) between Experda (the “Processor” or “Service Provider”) and The Client (the “Client“) (collectively, the “Agreement“).

This DPA is specifically tailored for a Remote Monitoring and Management (RMM) SaaS platform providing monitoring, alerting, diagnostics, automation and management of customer IT infrastructure, including servers, endpoints, virtual machines and cloud environments.

1.   BACKGROUND AND SCOPE

In order to provide the Services, the Processor Processes Personal Data on behalf of the Client. This DPA sets out the Parties’ obligations in accordance with applicable Data Protection Laws, including Article 28 GDPR.

By using the Services, the Client instructs the Processor to Process Personal Data strictly for the purposes described herein and represents that it has full authority to bind the Client to this DPA.

2.   DEFINITIONS

Capitalized terms not defined herein shall have the meanings given in the Agreement or under applicable Data Protection Laws.

  • “Data Protection Laws” means the GDPR, UK GDPR, Israeli Privacy Protection Law, CCPA/CPRA (where applicable), and any other applicable privacy laws.
  • “Personal Data” means any information relating to an identified or identifiable natural person Processed via the RMM Services.
  • “RMM Data” means telemetry, logs, alerts, system metadata, device identifiers, IP addresses, usernames, and administrative contact details Processed through the Services.
  • “Sub-processor” means any third party engaged by the Processor to Process Personal Data on behalf of the Client

3.   ROLES OF THE PARTIES

3.1  Controller and Processor Roles

  • The Client acts as the Data Controller with respect to Personal Data contained within the monitored environment.
  • The Processor acts as a Data Processor when Processing RMM Data on behalf of the Client for service delivery.

3.2  Independent Controller Activities

Notwithstanding the above, the Processor acts as an independent Data Controller with respect to:

  • Account administration and billing data;
  • Platform user management (admin users);
  • Product telemetry and analytics used to improve and secure the Services;
  • Security monitoring and fraud prevention relating to the Processor’s own systems.

Such Processing is governed by the Processor’s Privacy Policy.

4.   DETAILS OF PROCESSING

The details of the Processing are described in Schedule 1 (Details of Processing) and form an integral part of this DPA.

5.   CLIENT OBLIGATIONS

The Client shall:

  • Ensure it has a lawful basis to Process Personal Data via the Services;
  • Ensure transparency toward Data Subjects regarding use of RMM monitoring tools;
  • Avoid Processing Special Categories of Data unless strictly necessary and lawfully permitted;
  • Configure the Services in accordance with data minimization

6.   PROCESSOR OBLIGATIONS

The Processor shall:

  • Process Personal Data only on documented instructions from the Client;
  • Not access content data except as technically necessary to provide the Services or provide support;
  • Ensure personnel are bound by confidentiality obligations;
  • Implement appropriate technical and organizational security

If an instruction violates Data Protection Laws, the Processor shall notify the Client.

7.   SECURITY MEASURES

The Processor implements security measures appropriate for RMM Services, including:

  • Encryption of data in transit and at rest;
  • Role-based access controls (RBAC);
  • Multi-factor authentication for administrative access;
  • Logical tenant segregation;
  • Continuous logging and audit trails;
  • Incident response and breach management

Further details may be provided in a Security Whitepaper or Trust Center.

8.   DATA SUBJECT RIGHTS

If the Processor receives a request from a Data Subject, it shall promptly notify the Client. The Processor shall provide reasonable assistance to enable the Client to respond to such requests.

Where the Processor acts as an independent Controller, requests shall be handled in accordance with its Privacy Policy.

9.   SUB-PROCESSORS

9.1  Authorization

The Client grants general authorization for the Processor to engage Sub-processors for the provision of the Services.

9.2  Transparency

The Processor shall maintain an up-to-date list of Sub- processors and notify the Client of material changes.

9.3  Flow-Down Obligations

The Processor shall ensure Sub-processors are bound by obligations no less protective than those in this DPA.

10.   PERSONAL DATA BREACH

The Processor shall notify the Client without undue delay and, where feasible 72 hours after becoming aware of a Personal Data Breach affecting RMM Data, and shall provide reasonable assistance in mitigation and remediation.

11.   DATA RETENTION AND DELETION

Upon termination of the Services, the Processor shall delete or return Personal Data at the Client’s choice, unless retention is required by law.

Operational logs may be retained for limited periods for security, auditing and compliance purposes.

12.   INTERNATIONAL DATA TRANSFERS

Where Personal Data is transferred outside the EEA, UK or Switzerland, appropriate safeguards shall apply, including Standard Contractual Clauses (Module 2 – Controller to Processor).

12.   AUDIT AND COMPLIANCE

The Processor shall make available information reasonably necessary to demonstrate compliance with this DPA, subject to confidentiality and proportionality.

14.   LIABILITY

Liability under this DPA shall be subject to the limitations set forth in the Agreement, to the extent permitted by law.

15.   TERM

This DPA shall remain in effect for the duration of the Agreement.

SCHEDULE 1 – DETAILS OF PROCESSING

Subject Matter: Remote monitoring, management and alerting of IT infrastructure. Provision of Professional Services, including 24/7 Database Administration (DBA) as a Service, technical support, and consulting.

Nature of Processing: Collection, storage, analysis and transmission of system and device data. access to Client database environments for the purposes of troubleshooting, performance tuning, and incident resolution. Temporary processing of query logs and execution plans which may incidentally contain Personal Data during maintenance, migration, or optimization tasks

Purpose: Service delivery, diagnostics, alerting, security monitoring and troubleshooting. Database optimization, schema management, disaster recovery planning, and active remediation of service disruptions

Types of Personal Data:

  • Server name
  • User name
  • Databases name
  • System samples
  • System queries

Categories of Data Subjects: 

  • WMI (Server configuration)
  • SQL & DMV’s (samples of the SQL Server)

Duration: For the term of the Agreement and as configured by the Client.

Contact us

Fill out your details. 

We’ll get back to you soon.


    Contact Sales

    Fill out your details. 

    We’ll get back to you soon.

    Request a Proposal.

    Fill out your details. 

    We’ll get back to you soon.

    Request a demo

    Fill out your details. 

    We’ll get back to you soon.

    With Experda, database teams trade manual work with automations and replace clunky operations with streamlined workflows.

    Need professional DBA services?

    Fill out your details. 

    We’ll get back to you soon.

    With Experda, database teams trade manual work with automations and replace clunky operations with streamlined workflows.

    Need professional BI services?

    Fill out your details. 

    We’ll get back to you soon.

    Get help from Experda

    Fill out your details. 

    We’ll get back to you soon.

    Request a demo

    Fill out your details. 

    We’ll get back to you soon.

    This website uses cookies to remember you and improve your experience. To find out more see our Privacy Policy.

    Accept