This Reseller Data Processing Addendum (“DPA”) forms part of the Agreement executed between GoDaddy.com, LLC (inclusive of its affiliated entities if contemplated under the Agreement) (“GoDaddy”) and you (“Reseller”) for the purpose of selling GoDaddy’s product and services (“Services”) through GoDaddy’s Reseller Program, and shall govern with regard to the processing of any Personal Information by Reseller on behalf of GoDaddy. Reseller enters into this DPA on behalf of itself and, to the extent required under applicable Data Protection Laws and Regulations, in the name and on behalf of its authorized affiliates. All capitalized terms not defined herein shall have the meaning set forth in the Agreement. The terms “we”, “us” or “our” shall refer to GoDaddy. The terms “you”, “your”, or “Reseller” shall refer to any individual or entity who accepts this Agreement. Nothing in this Agreement shall be deemed to confer any third-party rights or benefits. This DPA shall become effective and binding as of the date of your electronic acceptance.
This DPA consists of two (2) distinct parts, which are applicable as explained below:
- Data Privacy and Security Standards and Requirements: Application of Data Privacy and Security Standards and Requirements. Applicable to all Resellers that have access to and process PII (as “herein defined”) within the nature and scope of their participation in the Reseller Program.
- Standard Contractual Clauses (and its Appendices 1 & 2): Application of Standard Contractual Clauses. The Standard Contractual Clauses will apply to Customer Data that is transferred outside the EEA, either directly or via onward transfer, to any country not recognized by the European Commission as providing an adequate level of protection for personal data (as described in the GDPR). The Standard Contractual Clauses will not apply to Customer Data that is not transferred, either directly or via onward transfer, outside the EEA. Notwithstanding the foregoing, the Standard Contractual Clauses will not apply where the data is transferred in accordance with a recognized compliance standard for the lawful transfer of personal data (as defined in the GDPR) outside the EEA, such as the EU-US and Swiss-U.S Privacy Shield Frameworks.
Data Privacy and Security SLA
1. Subject Matter and Scope
This Data Privacy and Security SLA (“Security SLA”) is attached and incorporated into the Agreement for the purpose of ensuring any PII (as defined below) collected or utilized by you is handled in a manner that is secure and otherwise in accordance with the terms of the Agreement, this Security SLA, and applicable laws and regulations.
2. Order of Precedence.
This Security SLA is incorporated into and forms part of the Agreement. For matters not addressed under this Security SLA, the terms of the Agreement apply. With respect to the rights and obligation of the parties vis-à-vis each other, in the event of a conflict between the terms of the Agreement and this Security SLA, the terms of this Security SLA will control. In the event of a conflict between the terms of the Security SLA and the Standard Contractual Clauses, the Standard Contractual Clauses will prevail.
3. Personal Information.
- “PII” or “Personal Information,” shall mean information in any medium or form of any kind pertaining to an identified or identifiable natural person or household; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, address, Social Security number or other identification number, e-mail address, telephone number, financial profile, credit card information, driver’s license number, or other information that can be reasonably linked to a particular person, computer, or device (e.g., information collected via tracking technologie