• Contentstack a Strong Performer in The Forrester Wave for Content Management Systems 2023Contentstack a Strong Performer in The Forrester Wave for CMS
    |
    Read the report
  • Marketplace
    Docs
  • |
    Marketplace
    |
    Docs
    |
    Login
    |

Top results

Documentation

Your guide to our headless CMS platform

Quickstart in 5 mins

Here’s a quick guide that explains how to create a basic ...

Contentstack Basics

Contentstack is a CMS backend for your digital properties ...

Gartner: drive seamless digital customer experiences ...

Disjointed customer experiences are a widespread marketing ...

What is Composable Architecture

Today’s consumers expect to interact with your business on...

Content Management API

Contentstack is a headless, API-first content management ...

Forrester report: make omnichannel real in B2B commerce

B2B commerce has been reshaped by B2C’s quick and ...

Popular resources

Blog

How to Get Your Technical Debt Under Control

Blog

5 First Priorities for Business Change

Blog

Why a composable CMS is right for you

Blog

How to choose an omnichannel marketing platform

Guides

What is a Headless CMS?

Blog

Creating a culture of empowerment

Top results

CLI

The Contentstack command-line interface (CLI) offers

Live preview

Live Preview allows content managers to preview content

JSON RTE

In the JSON Rich Text Editor, each paragraph is a block

Omnichannel content

Digital engagements usually happen across various platforms

Automation

Welcome to Contentstack Automation Hub, an automation

Workflows

Now that you have read through the workflow document

Popular resources

Contentstack
basics

See more

Quickstart
in 5 mins

See more

Starter
apps

See more

Content Delivery
APIs

See more

Content
Management APIs

See more

How-to
guides

See more
Contentstack Logo    Contentstack Icon Logo
Request demo
  • Platform
    Your platform, your stack, all the way
    • Front-end hosting
      Contentstack Launch - Launch experiences faster with fully integrated and automated front-end hosting
    • Full-stack automation
      Contentstack Automation Hub - Simplify the complex and automate the routine in your stack with clicks not code
    • Apps and integrations
      Contentstack Marketplace - 1-click integrations, recipes, App SDK, and more to build faster than ever
    • Headless CMS
      Contentstack Content Management System - The industry-best headless CMS hands down
    • security
      System and security stats
      Check out our systems stats, service availability, and security posture
    • payments
      Plans and pricing
      View our plans and pricing
    • calculate
      ROI Calculator
      See how your revenue stacks up with Contentstack
    • news
      Platform updates
      The latest on platform enhancements, roadmap and FAQs
    Designed for:
    The creative professional

    Finally a system that can move at the speed of your imagination.

    Read more
    The modern developer

    Build the tech stack that you've always dreamed of, on your terms.

    Read more
  • Solutions
    Start your composable journey today
    • What is composable?
      Find out why the future for digital experiences is composable
    • Why Contentstack
      Learn why your composable journey should start with Contentstack
    • Start your journey
      Check out our library of how-to content to help you on your way
    • Success stories
      Learn how businesses like yours have gone composable with great success
    ...
    shopping_cart

    For retail

    Innovate faster, nurture customer loyalty and boost sales with a scalable composable DXP

    See more

    ...
    ...

    From paper orders to e-commerce powerhouse Dawn Foods’ MACH journey

    Read Case Study

  • Resources
    CMS resources
    • workspaces
      Resources overview
      Content management resources
    • description
      Documentation
      Your guide to our headless CMS platform
    • edit_note
      Blog
      Headless CMS technology, tips, best practices, and how-tos
    • campaign
      Contentstack LIVE!
      Discover the latest composable tech strategies
    • school
      Contentstack Academy
      Master composable digital architectures confidently
    • podcasts
      Podcasts
      Composable business strategies and innovation from industry leaders
    • developer_guide
      CMS guides
      Comprehensive collection of articles on CMS
    • signpost
      Go Composable
      Learn how you can drive business forward and build better customer experiences
    • menu_book
      Glossary
      Definitions of terms related to headless CMS technology
    • handshake
      Community
      Discover our online community resources
    Forrester: The Total Economic Impact™ of Contentstack Headless CMS Platform

    The results tell the story. See how Contentstack customers save costs and boost business value in this commissioned study conducted by Forrester

    Read more
    Composable vs. monolithic: Which is right for you?

    Businesses are trying to create better customer experiences, so composable digital experience platforms (DXPs) are becoming more popular. But what are they?

    Read more
  • Customers
    Why customers love working with us
    • Customers overview
      Trusted by the world's top brands
    • Customer care
      See why customers love working with us
    • Contentstack Experience Awards
      Recognizing industry leaders demonstrating composable excellence
    • Case studies
      See how our customers achieve measurable impact
    • Customer support
      Get expert guidance and answers — fast
    ...
    ...

    LADbible Group cut editorial time in half and scaled with ease

    Read Case Study

    ...
    ...

    Burberry chooses headless CMS to enable speed and agility

    Read Case Study

  • Partners
    • Partners overview
      Learn about our partner ecosystem
    • Find a partner
      Best-in-class partners
    • Become a partner
      Join our partner ecosystem
    • Partner login
      Contentstack Partner Hub

    Contentstack’s partner program

    Contentstack’s partner program
  • Docs
    Documentation and learning
    • Documentation
      Your guide to our headless CMS platform
    • Quickstart in 5 minutes
      Create a basic webpage in Contentstack
    • For developers
      Developer's guide
    • For business teams
      Content manager's guide
    Understanding and Resolving CORS Error

    Cross-Origin Resource Sharing (CORS) is a mechanism or a protocol that allows devices on one domain to access resources residing on other domains.

    Read more
    Webhook

    A webhook is a user-defined HTTP callback. It's a mechanism that sends real-time info to any third-party app. Learn how to set up Contentstack Webhooks here!

    Read more
  • Company
    About Contentstack
    • Company overview
      Our vision, mission, and values
    • trophy
      Awards
      Industry awards and recognition
    • campaign
      News
      Contentstack in the News
    • description
      Press releases
      Contentstack News
    • event_available
      Events
      Check out our global industry events
    • favorite
      Social Responsibility
      Contentstack Corporate Social Responsibility
    • business_center
      Careers
      Join the Contentstack team
    • mail
      Contact us
      Let us know how we can help you
    ASICS chooses Contentstack to modernize and accelerate global online experience ...

    Contentstack, the Content Experience Platform (CXP) category leader, today announced the addition ...

    Read more
    Contentstack Expands Product Suite, Enters Front-End Hosting Market With New Fully-Integrated...

    Contentstack, the leading Composable Digital Experience provider, today announces its new Contentstack Launch ...

    Read more
LoginRequest demo
Login

Top results

Documentation

Your guide to our headless CMS platform

Quickstart in 5 mins

Here’s a quick guide that explains how to create a basic ...

Contentstack Basics

Contentstack is a CMS backend for your digital properties ...

Gartner: drive seamless digital customer experiences ...

Disjointed customer experiences are a widespread marketing ...

What is Composable Architecture

Today’s consumers expect to interact with your business on...

Content Management API

Contentstack is a headless, API-first content management ...

Forrester report: make omnichannel real in B2B commerce

B2B commerce has been reshaped by B2C’s quick and ...

Popular resources

Blog

How to Get Your Technical Debt Under Control

Blog

5 First Priorities for Business Change

Blog

Why a composable CMS is right for you

Blog

How to choose an omnichannel marketing platform

Guides

What is a Headless CMS?

Blog

Creating a culture of empowerment

Top results

CLI

The Contentstack command-line interface (CLI) offers

Live preview

Live Preview allows content managers to preview content

JSON RTE

In the JSON Rich Text Editor, each paragraph is a block

Omnichannel content

Digital engagements usually happen across various platforms

Automation

Welcome to Contentstack Automation Hub, an automation

Workflows

Now that you have read through the workflow document

Popular resources

Contentstack
basics

See more

Quickstart
in 5 mins

See more

Starter
apps

See more

Content Delivery
APIs

See more

Content
Management APIs

See more

How-to
guides

See more
  1. Contentstack
  2. Legal
  3. Data Processing Agreement US/CA

Data Processing Addendum (US and CA)

Legal / Data Processing Agreement US/CA
  • Master Agreement
    • Contentstack Master Agreement (US)
    • Contentstack Master Agreement (UK)
    • Contentstack Master Agreement (AU)
    • Contentstack Master Agreement (EMEA)
  • Partner Agreements
    • Technology Partner Agreement for US
    • Technology Partner Agreement for UK and EMEA
    • Solution Partner Agreement for US
    • Solution Partner Agreement for UK and EMEA
  • Privacy Policy
  • Standard Contractual Clauses
    • EU Standard Contractual Clauses - Processor to Processor
    • EU Standard Contractual Clauses - Controller to Processor
    • EU Standard Contractual Clauses - Controller to Controller
    • International Data Transfer Addendum
  • Services Description
  • Trust & Security
    • Cookie Policy
    • Data Processing Agreement US/CA
    • Data Processing Agreement EMEA/UK
    • Security Addendum
    • Data Transfer Risk Assessment
    • Privacy Notice for Employees and Contractors
    • Privacy Notice for Candidates and Potential Contractors
    • Sub-processors
  • Marketplace
    • Marketplace Terms of Service for Developers
    • Marketplace Terms of Service for Customers
    • EULA for Contentstack Proprietary Marketplace Apps
  • Community
    • Community Terms of Service
  • Terms of Service & DMCA Takedown Policy
  • External-Facing Services Policy
  • Supplementary Terms
  • Legacy Agreements
    • Use Policy (08/19/2022)
    • Fair Use Policy (12/18/21)
  • Master Agreement
    • Contentstack Master Agreement (US)
    • Contentstack Master Agreement (UK)
    • Contentstack Master Agreement (AU)
    • Contentstack Master Agreement (EMEA)
  • Partner Agreements
    • Technology Partner Agreement for US
    • Technology Partner Agreement for UK and EMEA
    • Solution Partner Agreement for US
    • Solution Partner Agreement for UK and EMEA
  • Privacy Policy
  • Standard Contractual Clauses
    • EU Standard Contractual Clauses - Processor to Processor
    • EU Standard Contractual Clauses - Controller to Processor
    • EU Standard Contractual Clauses - Controller to Controller
    • International Data Transfer Addendum
  • Services Description
  • Trust & Security
    • Cookie Policy
    • Data Processing Agreement US/CA
    • Data Processing Agreement EMEA/UK
    • Security Addendum
    • Data Transfer Risk Assessment
    • Privacy Notice for Employees and Contractors
    • Privacy Notice for Candidates and Potential Contractors
    • Sub-processors
  • Marketplace
    • Marketplace Terms of Service for Developers
    • Marketplace Terms of Service for Customers
    • EULA for Contentstack Proprietary Marketplace Apps
  • Community
    • Community Terms of Service
  • Terms of Service & DMCA Takedown Policy
  • External-Facing Services Policy
  • Supplementary Terms
  • Legacy Agreements
    • Use Policy (08/19/2022)
    • Fair Use Policy (12/18/21)

Last Updated: December 21, 2022

Sign the Online Version

This Data Processing Addendum (“DPA”) is incorporated into, is a supplement to and forms part of, the Contentstack Master Agreement or other written or electronic agreement between Contentstack Inc. (“Contentstack”) and the Customer (each such agreement, the “Agreement”) in relation to the provision of Services and in each case where Contentstack processes Personal Information as part of performing Services for Customer under the Agreement. 

By signing the Agreement, Customer enters into this DPA on behalf of itself and, to the extent required under applicable Data Protection Laws, in the name and on behalf of its Authorized Affiliates, if and to the extent Contentstack processes Customer Personal Information for which such Authorized Affiliates qualify as the Controller. For the purposes of this DPA only, and except where indicated otherwise, the term "Customer" shall include Customer and Authorized Affiliates. 

In the event of any conflict between this DPA and the Agreement, the provisions of this DPA shall prevail (but only to the extent of such conflict), regardless of whether any language in the Agreement purports to state that the Agreement is the controlling document. 

A. Definitions

Capitalized words and expressions used in this DPA which are not defined in this DPA shall bear the meaning set out in the Agreement. For the purpose of this DPA, the following terms shall have these meanings:

1."Affiliate” means an entity that owns or controls, is owned or controlled by, or is under common control or ownership with the applicable party, where control is defined as the possession, directly or indirectly, of the power to direct or cause the direction of the management and policies of an entity, whether through ownership of voting securities, by contract or otherwise.

2.“Authorized Affiliate” means any Customer Affiliate that is subject to Data Protection Laws and permitted to use the Services under the Agreement.

3.“Customer Personal Information” means Personal Information provided to Contentstack by or on behalf of Customer pursuant to the Agreement where Customer is a Business or Controller and Contentstack is Processor or a Service Processor but excluding in all cases Prohibited Data.

4.“Data Protection Laws” means, as applicable to Contentstack’s processing of Customer Personal Information, the California Consumer Privacy Act, the California Privacy Rights Act, the Colorado Privacy Act, the Connecticut Personal Data Privacy and Online Monitoring Act, the Virginia Consumer Data Protection Act and any other applicable United States or Canadian federal, state or local law, rule, regulation, decree, statute, or other enactment, order, mandate or resolution relating to data use, security, protection and/or privacy, that applies to Customer Personal Information accessed, generated, retained, or shared by the Parties under the Agreement or this DPA, and any implementing, derivative or related legislation, rule, and regulation as amended, extended, repealed and replaced, or re-enacted. 

5.“Data Security Breach” or “Personal Data Breach” shall mean any accidental or unlawful destruction, loss, or alteration of Customer Personal Information, or any unauthorized use or disclosure of, or access to, Customer Personal Information.

6.“Personal Information” means “Personal Information,” “Personal Data,” or any similar term as defined under Data Protection Laws. 

7.“Prohibited Data” means any data or information, including Personal Information transmitted to Contentstack through any Contentstack API or third party applications not licensed by Contentstack or otherwise uploaded into the Software, comprising: (i) payment card or other payment method data or confidential financial information; (ii) health information, including “Protected Health Information” as that term is defined under the United States Health Insurance Portability and Accountability Act; and (iii) “sensitive categories” of Personal Information as defined under Data Protection Laws including Sensitive Personal Information as defined under the CCPA or other similar state legislation in the US.

8.“Service Provider” means a “service provider” or “processor,” as such terms (or analogous variations thereof) are defined under Data Protection Laws, that process personal data or information on behalf of another company.

9.“User(s)” means a person Customer authorizes to use the Contentstack services for or on behalf of the Customer. 

10.“Business”, “Commercial Purpose” and “Consumer” and “Sell” each have the meanings set forth in Data Protection Laws.

11.“Sub-processor” means any third party appointed by or on behalf of Contentstack to process Customer Personal Information on behalf of Contentstack or any Contentstack Affiliate in connection with the Services, including any other Contentstack Affiliate.

B. Customer Personal Information

1. Contentstack agrees to use and process Customer Personal Information only on behalf of Customer, according to the Agreement, this DPA and any other written directions set forth by Customer (provided such directions are in compliance with Data Protection Laws) and agreed by Contentstack. Contentstack will use the same level of privacy protection for the Customer Personal Information as is required by Data Protection Laws. 

2. Contentstack acknowledges that it is a Service Provider, and as such Contentstack will not Sell, collect, retain, use or disclose Customer Personal Information of a Consumer, except as permitted by law, and only as necessary to perform the Business Purpose (as set out in Attachment 1 of this DPA) or for Contentstack to fulfil its obligations under the Agreement and this DPA. 

3. Contentstack will not process Customer Personal Information for any purpose other than the Business Purpose) except as otherwise expressly permitted by law or otherwise agreed in writing. Notwithstanding the foregoing, Contentstack may retain and use Customer Personal Information for internal use to build or improve the quality of the services provided under the Agreement, provided that Contentstack will not use Customer Personal Information to perform services on behalf of another business. 

4. Contentstack will not process Customer Personal Information outside of the direct business relationship between the Contentstack and Customer.

5. Contentstack will not combine Customer Personal Information with any other personal data or information it collects (directly or via any third party) other than as expressly permitted under Data Protection Law for Service Providers.

6. Contentstack certifies that it understands the requirements of being a Service Provider and will comply with Data Protection Laws and the restrictions contained herein with respect to such requirements. Contentstack will notify Customer without undue delay if it determines it can no longer meet its obligations under this DPA. Customer reserves the right, upon notice to Contentstack, to take reasonable and appropriate steps to stop and remediate unauthorized use of Customer Personal Information, and Contentstack will promptly comply with any such steps.

7. Contentstack shall maintain administrative, physical and technical safeguards for protection of the security, confidentiality and integrity of Customer Personal Information in accordance with requirements under Data Protection Laws, and as set forth at www.contentstack.com/securityaddendum. Contentstack will ensure that persons authorized by Contentstack to process any Customer Personal Information understand Contentstack’s obligation under this DPA.

8. If Customer discloses, or enables Contentstack to access, any Customer Personal Information that has been de-identified, then Contentstack will: (a) not attempt to re-identify any such data; and (b) use reasonable technical and organizational measures to prevent any re-identification of any such data or any inadvertent release of any such data.

9. Contentstack will make available to Customer on request information necessary to demonstrate compliance with this DPA and Data Protection Laws. Upon Customer’s written request at reasonable intervals during the Subscription Term and subject to the confidentiality obligations set forth in the Agreement, Contentstack shall provide a copy of its then most recent third-party audits or certifications, as applicable, or any summaries thereof or other information that Contentstack generally makes available to its customers at the time of such request evidencing Contentstack’s compliance with this DPA. To the extent required by applicable Data Protection Laws, Contentstack will allow for and contribute to audits, including but not limited to inspections, ongoing manual reviews, automated scans, regular assessments conducted by Customer (or another auditor mandated by Customer that is reasonably acceptable to Contentstack), in accordance with the terms of this Section 9. Any such audit must be tailored to what is reasonably necessary to verify Contentstack’s compliance with this DPA, and must occur during Contentstack’s normal business hours. In connection with any such audit, the auditor will: (a) observe reasonable on-site access and other restrictions reasonably imposed by Contentstack; (b) comply with reasonable and applicable on-site policies and procedures provided by Contentstack, and (c) not unreasonably interfere with Contentstack’s business activities. The results of the audit will be the confidential information of Contentstack. Unless otherwise required by a supervisory authority, Customer will provide no less than thirty (30) days' advance notice of its request for any such audit and will cooperate in good faith with Contentstack to schedule any such audit on a mutually agreed upon date and time (such agreement not to be unreasonably withheld by either party).

10. To the extent required by Data Protection Laws, Contentstack will provide governmental authorities with information and assistance reasonably necessary to investigate Data Security Breaches or Personal Data Breaches relating to Customer Personal Information or otherwise to demonstrate that the Services comply with Data Protection Laws to the extent that such inspections concern the processing of Customer Personal Information under the Agreement and this DPA.

11. Contentstack shall have the right to delete Customer Personal Information stored pursuant to the Agreement in the ordinary course of business, pursuant to its retention schedules. Contentstack shall, upon request, disclose its retention schedules that apply to Customer Personal Information to Customer. Contentstack’s obligations in relation to the return or destruction of Customer Personal Information following termination or expiry of the Agreement and all Order Forms are set out in section 7.6 of the Agreement. Upon the earlier of any request by Customer or immediately following termination of the Agreement, Contentstack will (or will enable Customer itself via the Services to) delete or return (and will delete existing copies of) all Customer Personal Information in its possession or control, unless retention of the Customer Personal Information is required by applicable law. If Contentstack believes retention is required by applicable law, Contentstack will notify Customer of such requirement and the data it will retain and for how long.

12. Customer shall have sole responsibility and liability for the accuracy, quality, and legality of Customer Personal Information, obtaining necessary consents (if necessary under Data Protection Laws), and the means by which Customer acquired Customer Personal Information before and after processing. Customer shall provide all required privacy notices and opt-out in accordance with Data Protection Laws. 

13. Customer shall promptly notify Contentstack of any change in the applicability of Data Protection Laws to Customer or Customer Personal Information that may affect the Agreement, this DPA and/or Contentstack's ability to perform its obligations thereunder or under this DPAand/or the Agreement. 

14. Customer shall serve as a single point of contact on behalf of all Customer Affiliates for Contentstack and be solely responsible for the internal coordination, review and submission of instructions or requests of Customer Affiliates that may be permitted by Customer under the terms of the Agreement to use the Services. Contentstack is discharged from any obligation to inform or notify such Customer Affiliates when Contentstack has provided applicable information or notice to Customer. Contentstack is entitled to refuse any requests or instructions provided directly by Customer Affiliates.

15. Customer represents that (i) it will not upload Prohibited Data into the Software; and ii) its Users will be located in the United States and Canada. Customer shall ensure that no Customer Personal Information provided to Contentstack for processing under this Agreement, Order Forms and this DPA is from individuals located in the European Economic Area, United Kingdom, Switzerland or any other country where the transfer of Personal Information outside of its borders is restricted by laws, rules or regulations or otherwise requiring standard contractual terms to permit such transfer or processing, or other mandatory provisions to be included. Customer agrees that it will be fully liable for any breach of this paragraph B.12.]

C. Consumer Requests and Data Processing Assistance

1.Contentstack will provide assistance to Customer as reasonably requested by Customer to facilitate Customer’s compliance with requirements under Data Protection Laws in connection with Contentstack’s processing of Customer Personal Information, to the extent Contentstack is legally required to do so, including but not limited to assisting with data protection impact assessments, audits, and consultations with regulatory bodies.

D. Consumer Requests

1. To the extent that Customer is required by Data Protection Laws to provide any individual(s) with access to, or reporting about the collection, use, disclosure and sale of, Customer Personal Information and Customer does not have access to the Customer Personal Information, Contentstack shall reasonably assist Customer with the collection of Customer Personal Information in its possession and provide the Customer Personal Information requested by Customer relating to such individual(s). Any requests from Customer for assistance with responding to an inquiry shall be submitted via email to [email protected]. 

2. Contentstack shall, to the extent legally permitted or required, and to the extent Contentstack has been able to identify that the request comes from a Consumer whose Customer Personal Information was submitted to the Software or Services, notify Customer if it receives a request from a Consumer in relation to the exercise of that person’s rights under Data Protection Laws. Contentstack shall not respond to any such Consumer request except as required under Data Protection Laws, and Contentstack shall (at Customer’s expense) provide Customer with reasonable cooperation and assistance in relation to its handling of a Consumer’s request according to Data Protection Laws, to the extent legally permitted and to the extent Customer cannot handle the request itself through its use of the Services or Software.

3. Contentstack may charge Customer for reasonable time and expenses associated with responding to requests sent to Contentstack by Customer under this Section. 

4. Contentstack will notify Customer without undue delay after becoming aware of a Personal Data Breach that requires notification under Data Protection Laws. In any such notice, Contentstack will include: (a) a description of the Personal Data Breach, (b) a summary of the incident that caused the Personal Data Breach and any ongoing risks that the Personal Data Breach poses, (c) a description of the measures proposed or taken by Contentstack to address the Personal Data Breach, (d) any other information required under Data Protection Laws, and (e) any other information reasonably requested by Customer relating to the Personal Data Breach. If and solely to the extent it is not possible to provide the above information at the same time, the information may be provided in phases without undue delay. Contentstack will provide reasonable assistance to Customer as may be necessary for Customer to satisfy any of its notification obligations imposed under Data Protection Laws in connection with any Personal Data Breach

E.Sub-Processors

1. Customer acknowledges, agrees, authorizes and herewith consents that: (i) Contentstack Affiliates may act as Sub-processors; and (ii) Contentstack and Contentstack Affiliates respectively may engage third-party Sub-processors in connection with the provision of the Services. A current list of Sub-processors (and the subject matter/nature and location of applicable processing) is available at www.contentstack.com/subprocessors.  To the extent required by Data Protection Laws, Customer will be notified of changes to this list via the Service and/or via a mechanism that Customer must be a subscriber to in order to receive notifications of new Sub-processors for each applicable Service. To the extent required by Data Protection Laws, Contentstack will only add a Subprocessor after providing Customer with reasonable prior notice and an opportunity to object.

2. To the extent required by Data Protection Laws, Contentstack will enter into written agreements with Sub-processors containing data protection obligations no less protective than those in this DPA with respect to the protection of Customer Personal Information to the extent applicable to the nature of the services provided by such Sub-processor. Customer agrees that: (i) copies of Contentstack’s data processing agreements with Sub-processors, provided to Customer by Contentstack upon request, will have confidential information and other business secrets removed by Contentstack beforehand; and (ii) such copies will be provided by Contentstack in a manner to be determined by Contentstack and subject to the confidentiality obligations set forth in the Agreement. Contentstack will remain liable for any acts or omissions of its Subprocessors.

F. Liability.

1. The liability and limitation of liability provisions set out in the Agreement shall apply to each party’s liability (including its Affiliates) to the other party under or in connection with this DPA. To the maximum extent permitted by Data Protection Laws, any reference in such provisionsto the liability of a party means the aggregate liability of that party and all of its Affiliates under the Agreement and all DPAs together.

2. Authorized Affiliates may only exercise any rights as a Business in respect to this DPA, through the Customer entity which has signed the Agreement. Any communications relating to any complaint, allegation or claim arising in connection with this DPA, may only be communicated to and discussed with Contentstack by the Customer entity that has signed the Agreement with Contentstack. This DPA does not establish direct rights of Authorized Affiliates regarding the provision of the Services, or any other obligations as detailed in the Agreement.

G. Governing Law

1. Except as required under Data Protection Laws: (i) the parties to this DPA hereby submit to the choice of jurisdiction stipulated in the Agreement with respect to any disputes or claims howsoever arising under this DPA, including disputes regarding its existence, validity or termination or the consequences of its nullity; and (ii) this DPA and all non-contractual or other obligations arising out of or in connection with it are governed by the laws of the country or territory stipulated for this purpose in the Agreement.‍

2. Changes in Data Protection Laws. Either party may propose variations to this DPA if and as they may apply to a particular Data Protection Law, which such party believes in good faith are required as a result of any change in, or decision of a competent authority under, that Data Protection Law. In the event of such a proposal, the parties agree to work together in good faith to implement mutually agreed changes. 

3. Legal Effect. This DPA shall only become legally binding between Customer and Contentstack when the DPA has been executed via digital signature or other legally binding mechanism such as (but not limited to) acceptance of this DPA electronically or in an Order Form.

Attachment 1 

Description of Processing

(a) Subject Matter, Nature and Business Purpose: Contentstack processes the Customer Personal Information to perform the Services on behalf of the Customer, including maintaining or servicing Customer’s accounts and as further described in the Agreement. 

(b) Types of Customer Personal Data: Consumers include the individuals about whom data is provided to Contentstack via the Services by (or at the discretion of) the Customer. This may include, but is not limited to, Personal Information relating to the Customer’s Users.

(c) Categories of Consumers: Customer may submit Personal Information to the Services, the extent of which is determined and controlled by Customer. Personal Information submitted to, stored on, or sent via the Services may include, without limitation, the following categories of data: first and last name, title, position, IP addresses, browser agents, postal addresses, email addresses, phone number, user names, browser and operating system identifiers, and any other Personal Information that Customer chooses to send to Contentstack during the course of Contentstack’s provision of the Services and technical support but cannot include Prohibited Data.

(d) Duration of Processing: The processing will continue for the duration of the term of the Agreement.

(e) Retention Period: The Personal Information will be retained for the period of time needed for Contentstack to provide the Services and complete its obligations under the Agreement.

Contentstack

Platform

  • Front-end hosting
  • Full-stack automation
  • Apps and integrations
  • Headless CMS
  • System and security stats
  • Supported platforms
  • Plans and pricing
  • ROI Calculator
  • RSS

Solutions

  • What is composable?
  • Why Contentstack?
  • Start your journey
  • Retail
  • Success stories
  • FAQs
  • Legal

Resources

  • Resources overview
  • Docs
  • Blog
  • Contentstack LIVE!
  • Contentstack Academy
  • Podcasts
  • CMS guides
  • Go Composable
  • Glossary
  • Community

Customers

  • Customers overview
  • Customer care
  • Experience Awards
  • Case studies
  • Customer support

Partners

  • Partners overview
  • Find a partner
  • Become a partner
  • Partner login

Company

  • About
  • Awards
  • News
  • Press
  • Events
  • Social Responsibility
  • Careers
  • Contact Us
  • RSS
  • icon-facebook2
  • icon-linkedin
  • icon-instagram
  • icon-twitter
  • icon-youtube
  • icon-github

Copyright © 2023 Contentstack Inc. All rights reserved.

Built with Contentstack. Hosted on Launch.

  • Legal
  • Terms
  • Privacy
  • Cookie Preferences

Built with Contentstack. Hosted on Launch.