Please ensure Javascript is enabled for purposes of website accessibility

Tax.com

Data Processing Addendum Joseph DAlesandro September 5, 2023

DATA PROCESSING ADDENDUM

Last Updated: May 17, 2024

1. DEFINITIONS

2. SCOPE OF DPA AND ROLES OF THE PARTIES

3. COOPERATION

4. SECURITY

5. SUB-PROCESSORS

6. SECURITY INCIDENT NOTIFICATION

7. DATA EXPORT AND DELETION 

8. COMPLIANCE VERIFICATION AND AUDIT

9. DATA TRANSFERS

10. MISCELLANEOUS

SCHEDULE 1

ANNEX I to the Standard Contractual Clauses 

A. LIST OF PARTIES

Module Selection

Select Applicable SCC Module
Module One: Controller to Controller
Module Two: Controller to Processor
Module Three: Processor to Processor
Module Four: Processor to Controller

Data exporter(s):

B. Details of Data Processing

Categories of data subjects whose personal data is transferred:
The types of Customer Personal Data to be processed may include, but are not limited to: Data subjects relevant for the performance of the Online Services as set out in the Ryan Agreements including as may be set forth below:
  1. Prospects, customers, business partners, and vendors of Customer (who are natural persons)

  2. Employees or contact persons of Customer’s prospects, customers, business partners, and vendors

  3. Employees, agents, advisors, and freelancers of Customer (who are natural persons)
Categories of personal data transferred:
Personal data for the performance of the Online Services as set out in the Ryan Agreements may include:
  • Business contact information

  • IP Address and other automatically collected online data

  • Password/login information
Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialised training), keeping a record of access to the data, restrictions for onward transfers or additional security measures:
Ryan may Process Customer Personal Data, including “sensitive” or “special categories,” (but only in the category of health-related data if required for a particular Online Service) of Customer Personal Data as defined in the Applicable Data Privacy Laws such as necessary for Ryan to perform the contractual obligations under the Ryan Agreements.
The frequency of the transfer (e.g., whether the data is transferred on a one-off or continuous basis):
Subject to the Agreement, Ryan will Process the Customer Personal Data continuously and until deletion of all Customer Personal Data as described in this DPA.
Nature of the processing:
The performance of the Online Services pursuant to the Agreement.
Purpose(s) of the data transfer and further processing:
Data Importer shall process the Customer Personal Data as necessary to perform the Online Services pursuant to the Agreement.
The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period:
Subject to the terms of the Agreement and unless otherwise agreed in writing, Ryan shall process the Customer Personal Data for the duration of the Ryan Agreements.
For transfers to (sub-) processors, also specify subject matter, nature, and duration of the processing:
Same as above.
The identities of the sub-processors used in the provision of the Online Services and the subject matter which they process are listed here:
Sub-processors are used by Ryan as specified in the Ryan Agreements. Ryan shall maintain a list of Sub-processors used by Ryan to perform the Online Services. The list is set forth in Annex III.
In the case of specific authorizations of sub-processors, the identities of the sub-processors used in the provision of the Online Services, contact persons details, description of processing (including a clear delineation of responsibilities in case of several sub-processors), and the subject matter which they process are listed here:
N/A

SCHEDULE 2

ANNEX II to the Standard Contractual Clauses 

TECHNICAL AND ORGANIZATIONAL SECURITY MEASURES

SCHEDULE 3

ANNEX III to the Standard Contractual Clauses 

SUB-PROCESSORS

Name
Description
Location
Microsoft Azure
Cloud computing and storage; platform services
U.S., Canada, E.U
AWS
Cloud computing and storage
U.S.
Cloudera
Cloud Database Management
U.S.
Alteryx
Analytics Automation Platform
U.S.
Amplitude
Product Analytics
U.S.
Automation Anywhere
AI Data Analytics
U.S.
ExaVault, Inc.
Cloud file transfer (FTP) services
(PinPoint, FilePoint, ControlPoint, RatePoint)
LOB, Inc.
Digital Mailroom Management (TrackerPro)
U.S.
Mailgun
Direct Email
(PinPoint, FilePoint, ControlPoint, RatePoint)
U.S.
Twilio
A2P
(Owner Claims Portal)
U.S.