Data Protection Addendum

section-heading

This Data Protection Addendum ("Addendum"), dated September 09, 2023. You accept this Addendum, and effective as of the Addendum Effective Date (as defined below), forms part of the Terms of Service ("Terms") between (i) Mastersoft ERP Solutions Pvt Ltd and (ii) You ("Client"), each being a “Party” and together the “Parties”.

The Parties hereby agree that the terms and conditions set out below shall be added as an Addendum to the Terms and references in this Addendum to the Terms are to the Terms as amended by, and including, this Addendum.

1. Definitions

1.1 In this Addendum:
(a) "Addendum Effective Date" has the meaning given to it in section 2;
(b) "Affiliate" means an entity that owns or controls, is owned or controlled by or is or under common control or ownership with either Client or Mastersoft ERP Solutions Pvt Ltd (as the context allows), where control is defined as the possession, directly or indirectly, of the power to direct or cause the direction of the management and policies of an entity, whether through ownership of voting securities, by contract or otherwise;
(c) "Client Personal Data" means any Personal Data Processed by Mastersoft ERP Solutions Pvt Ltd (i) on behalf of Client (including for the sake of clarity, any Client Affiliate), or (ii) otherwise Processed by (Company Name), in each case pursuant to or in connection with instructions given by Client in writing, consistent with the Terms;
(d) "Controller to Processor SCCs" means the Standard Contractual Clauses (processors) for the purposes of Article 26(2) of Directive 95/46/EC set out in Decision 2010/87/EC as the same are revised or updated from time to time by the European Commission;
(e) "Data Protection Laws" means (i) Directive 95/46/EC and, from May 25, 2018, Regulation (EU) 2016/679 ("GDPR") together with applicable legislation implementing or supplementing the same or otherwise relating to the processing of Personal Data of natural persons, and (ii) to the extent not included in sub-clause (i), the Data Protection Act 1998 of the United Kingdom, as amended from time to time, and including any substantially similar legislation that replaces the DPA 1998;
(f) "Privacy Shield" means the EU-US Privacy Shield Framework; and
(g) "Services" means the services to be supplied by Mastersoft ERP Solutions Pvt Ltd to Client or Client Affiliates pursuant to the Terms.

1.2 The terms "Controller", "Data Subject", "Personal Data", "Personal Data Breach", "Process", "Processor" and “Supervisory Authority” have the same meanings as described in applicable Data Protection Laws and cognate terms shall be construed accordingly.

1.3 Capitalized terms not otherwise defined in this Addendum shall have the meanings ascribed to them in the Terms.

2. Formation of this Addendum

This Addendum is deemed agreed by the Parties, and comes into effect, on the “Addendum Effective Date”, being the later of (i) the date that this Addendum is accepted by Client; and (ii) September 04, 2023.

3. Roles of the Parties

The Parties acknowledge and agree that with regard to the Processing of Client Personal Data, and as more fully described in Annex 1 hereto, Client acts as a Controller or Processor, and Mastersoft ERP Solutions Pvt Ltd acts as a Processor or Other Processor (as defined in section 5.2.4 below).

The Parties expressly agree that Client shall be solely responsible for ensuring timely communications to Client’s Affiliates or the relevant Controller(s) who receive the Services, insofar as such communications may be required or useful in light of applicable Data Protection Laws to enable Client’s Affiliates or the relevant Controller(s) to comply with such Laws.

4. Transfers

Mastersoft ERP Solutions Pvt Ltd has implemented PIMS – Privacy Information Management System as per ISO 27701:2019 requirements for categories of Personal Data including Client Personal Data. Mastersoft ERP Solutions Pvt Ltd shall notify Client in writing without undue delay if it can no longer comply with its obligations under the Privacy Shield, and, in such a case, Mastersoft ERP Solutions Pvt Ltd will have the option of (i) promptly taking reasonable steps to remediate any non-compliance with applicable obligations under this Addendum, or (ii) engaging in a good faith dialogue with Client to determine a new data transfer mechanism to carry out the purposes of the Terms. Mastersoft ERP Solutions Pvt Ltd acts as a Processor with respect to Personal Data received pursuant to a data transfer covered by the Privacy Shield, and principles 1 (notice), 2 (choice), and 5b (retention) and related supplemental principles shall only apply to Mastersoft ERP Solutions Pvt Ltd to the extent that the Client has reasonably determined, after consultation with (Company Name), that Mastersoft ERP Solutions Pvt Ltd is the appropriate Party to implement the principle or related supplemental principle and Mastersoft ERP Solutions Pvt Ltd has agreed to implement measures to address those requirements. Anything additional implementation which is extremely specific and customized to clients’ requirements, only such cost will be borne by the client.

Mastersoft ERP Solutions Pvt Ltd shall inform Clients in a timely manner of the basis for PII transfers between jurisdictions and of any intended changes in this regard, so that Clients has the ability to object to such changes or to terminate the contract.

5. Precedence

The provisions of this Addendum are supplemental to the provisions of the Terms. In the event of any inconsistency between the provisions of this Addendum and the provisions of the Terms, the provisions of this Addendum shall prevail.

6. Indemnity

To the extent permissible by law, Client shall indemnify and hold harmless Mastersoft ERP Solutions Pvt Ltd against all (i) losses, (ii) third party claims, (iii) administrative fines and (iv) costs and expenses (including, without limitation, reasonable legal, investigatory and consultancy fees and expenses) reasonably incurred in relation to (i), (ii), or (iii), suffered by Mastersoft ERP Solutions Pvt Ltd and that arise from any breach by Client of this Addendum or of its obligations under applicable Data Protection Laws.

7. Severability

The Parties agree that, if any section or sub-section of this Addendum is held by any court or competent authority to be unlawful or unenforceable, it shall not invalidate or render unenforceable any other section of this Addendum.

Annex 1: Authorized Other Processors

Name of Other Processor Description of Processing Location of Other Processor
Microsoft Azure Running the Production environment including the Application and Databases IN
Google Workspace Email services IN
Microsoft 365 Email services IN
JIRA Project Management Tool IN
Gitlab Code version control IN

Contact Information for Data Protection Officer (DPO):
Name: Amit Barapatre
Email ID: dpo@iitms.co.in