Schedule 2 to TOS

Policies

SCOPE OF PROCESSING

PROCESSING OPERATIONS/ACTIVITIES

The purpose(s) of the processing to be carried out by Company for Customer in respect of the Data include(s) the following:

To perform the Services pursuant to the MSA as further instructed by Customer.

PERSONAL DATA TO BE PROCESSED

The Data to be processed by Company on behalf of Customer includes the following categories of personal data:

Any Personal Data that the Customer decides to submit as part of its use of the Services which is determined and controlled by Customer is its sole discretion. However, Customer acknowledges that Company has no knowledge of the Personal Data that is received, stored, or transmitted using the Services by Customer.

DATA SUBJECTS

The Data to be processed by Company on behalf of Customer relates to the following categories of data subjects:

Any Personal Data that the Customer decides to submit as part of its use of the Services which is determined and controlled by Customer is its sole discretion including Personal Data relating to the following data subjects: (i) prospects, customers and prior customers of the Customer, (ii) vendors of the Customer, (iii) employees, consultants, advisors, agents and officers of the Customer.

TECHNICAL AND ORGANIZATIONAL SECURITY MEASURES

Company has implemented the following technical and organizational security measures:

  1.    Security– Company employs multi-level systems and processes to ensure that Customer’s Data remains secure.
  2.    SSAE 16 Certified Data Centers– All of the data centers owned by Company are externally audited to ensure compliance with Standards for Attestation Engagements 16 (“SSAE 16”), which confirms that the facilities meet the strictest standards. The standard covers all aspects of data center management including, “processes, policies, procedures, personnel, and operational activities.”
  3.    Regular Security Testing– We regularly subject our networks to external and internal penetration testing in order to verify network and server integrity.
  4.    Infrastructure Security Management– Company proactively patches and upgrades all of our underlying infrastructure where Customer’s environments reside. In the event of a vulnerability being discovered, Company will immediately apply patches or implement solutions to protect Company’s infrastructure from known vulnerabilities.

SUBPROCESSORS

A list of the Subprocessors used by Company to provide the Services to Customer is available upon request.