Last updated: May 25, 2018

Dear Converseon Customer:

This document is a “Data Processing Addendum” (“DPA”) for customers that are looking for one in reference to the “General Data Protection Regulation” (EU) 2016/679 (“GDPR”). It covers the Personal Data, as defined by the GDPR, that a customer stores with Converseon. The terms and principles in this DPA apply to all Converseon customers, regardless of where they reside. This DPA is an addendum and is incorporated by reference from the Converseon Terms of Service and the Converseon Privacy Policy found on the Converseon web site.

As the GDPR evolves and best practices are refined, Converseon reserves the right to update this DPA at any time. If there is something we view as a material change, we will notify our customers via email 30 days in advance of the change going into place.

GDPR COMPLIANCE

Converseon is compliant with the requirements set forth in the GDPR for a Data Processor. Our compliance with the GDPR includes, but is not limited to:

  • The use of Personal Data of an EU data subject solely for the performance of our services and as permitted by applicable law;
  • Taking appropriate measures to ensure the security of the Personal Data Converseon processes. This includes, but is not limited to – maintaining a Chief Security Officer and resourcing that position to effect high security standards for all Converseon services, deployment of generally accepted technical protections, frequent testing of our services, and training of all Converseon employees;
  • Ensuring that all Converseon personnel who have access to or process Personal Data, are subject to a duty of confidence;
  • Ensuring that no third party processes any Personal Data received from Converseon except in accordance with applicable GDPR requirements;
  • Servicing obligations in connection with subject access requests and other data subject rights under GDPR;
  • Retention of Personal Data after the termination of an account only for the period specified in our published privacy policy (which complies with GDPR requirements).
  • In the unlikely event of a system breach, we will expeditiously (within 72 hours) send you a notification email. A “system breach” does not include a customer account being accessed via valid credentials unless those credentials were exposed through some action or fault of Converseon or one of its sub-processors.

Customers who wish to provide personal information to Converseon by purchasing our products and services can access Converseon’s Data Processing Agreement to understand what information we collect, how we treat that data when you use our products and services, and what obligations Converseon assumes under Article 28 of the GDPR.

For further information on our compliance with the GDPR, or to request an executed copy of our Data Processing Agreement, please contact us at compliance@converseon.com.