Data Processing Addendum

We’ve updated our Data Processing Addendum. Please review it carefully. These updated terms will not apply to existing Customers until their next subscription renewal. For those customers that have executed negotiated agreements with Crossbeam, the agreement will be amended to include these updated terms at the next renewal period.

Updated August 29, 2024

This Data Processing Addendum (“Addendum”) supplements the current version of the Master Cloud Agreement or other written or electronic terms of service or subscription agreement between Customer and Crossbeam, Inc. or the Crossbeam affiliate indicated in the applicable Agreement (collectively, “Crossbeam”), each a “Party” and collectively the “Parties.” This Addendum applies to and takes precedence over that document and any associated contractual document between the Parties, such as a master services agreement, an order form, statement of work or data protection addendum thereunder (collectively, the “Agreement”), to the extent of any conflict.  All capitalized terms not defined in this Addendum shall have the meanings set forth in the Agreement.

Customer and Crossbeam agree as follows:

ANNEX I

  1. LIST OF PARTIES

    Data exporter(s): [Identity and contact details of the data exporter(s) and, where applicable, of its/their data protection officer and/or representative in the European Union]

    The data exporter is: each of the Customer and/or Customer affiliates operating in the countries which comprise the European Economic Area, UK and/or Switzerland and/or Customer and/or Customer Affiliates in any other country to the extent the GDPR applies.

    • Contact person’s name, position and contact details: Contact details set forth on the applicable Order Form or account registration
    • Activities relevant to the data transferred under these Clauses: Provision of the Subscription Services

    Data importer(s): [Identity and contact details of the data importer(s), including any contact person with responsibility for data protection]

    • 1. Name: Crossbeam, Inc.
    • Address: 30 S 15th St Ste 1550, PMB 15987, Philadelphia, Pennsylvania 19102-4826, United States
    • Contact person’s name, position and contact details: … Amy Rose, General Counsel, legal@crossbeam.com
    • Activities relevant to the data transferred under these Clauses: the data importer Processes Personal Data provided by the data exporter on behalf of the data exporter in connection with providing the Services to the data exporter as further described in section B of this Annex and in the Agreement.
  2. DESCRIPTION OF TRANSFER

    Categories of data subjects whose personal data is transferred

    • Customer business contacts and customer employees

    Categories of personal data transferred

    • Business contact information, IP addresses and log data

    Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialised training), keeping a record of access to the data, restrictions for onward transfers or additional security measures.

    • None

    The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis).

    • Continuous

    Purpose(s) of the data transfer and further processing; Nature of the processing

    • Personal Data is subject to the following basic Processing activities:
      1. use of Personal Data to set up, operate, monitor, provide and support the Services (including operational and technical support), as further described in the Agreement;
      2. communication to Users;
      3. storage of Personal Data in dedicated data centers (multi-tenant architecture);
      4. release, development and upload of any fixes or upgrades to the Services;
      5. back up and restoration of Personal Data stored in the Services;
      6. continuous improvement of Services features and functionalities provided as part of the Services including automation and machine learning;
      7. computer processing of Personal Data, including data transmission, data retrieval, data access;
      8. aggregating and anonymising Personal Data so that it no longer can be used to identify any natural person, business or Customer.
      9. network access to allow Personal Data transfer;
      10. monitoring, troubleshooting and administering the underlying Service infrastructure and databases;
      11. security monitoring, network-based intrusion detection support, penetration testing; and
      12. execution of instructions from Customer in accordance with the Agreement.

    The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period

    • Personal Data will be retained for the length of the Agreement or in accordance with applicable Data Protection Laws.

    For transfers to (sub-) processors, also specify subject matter, nature and duration of the processing

    • Subprocessors shall Process Personal Data for purposes of assisting Crossbeam in providing the Services to Customer under the Agreement and shall continue to Process Personal Data for the length of the applicable Agreement governing provision of the Services or as otherwise required under applicable Data Protection laws.
  3. COMPETENT SUPERVISORY AUTHORITY

    Identify the competent supervisory authority/ies in accordance with Clause 13

    • Same as Clause 13 above, and where possible, the Irish Data Protection Authority.

ANNEX II – TECHNICAL AND ORGANISATIONAL MEASURES

Crossbeam’s Security Measures describe Crossbeam’s technical and organizational measures designed to secure the Personal Data Crossbeam processes.

ANNEX III – STANDARD CONTRACTUAL CLAUSE PROVISIONS