Solutions

Platform


 

Applications


Personalized Partner Onboarding
Create automated and tailored training.

Pipeline Management
Sync deal registration and partner leads with CRM.

Certification Management
Build courses, lessons, and quizzes, code-free.

Market Development Funds
Hand requests, fulfillment, and ROI analysis.

Partner Business Planning
Share, create, and track goals together.

Tiering and Compliance
Incentivize partner performance, automate compliance management.

Reporting and Analytics
Know what drives mutual revenue.

Paid Media Marketing
Connect local partners with local leads via Google.

Impartner Marketplace
Bring lead generation for partners to your corporate website.

Referral Automation
Effortlessly generate more leads from more types of partners.

 

Experts Across Industries


Cyber Security

High Tech

Manufacturing

FinTech

Telecom

 

Our Integrations


Seamless integration with your existing tech stack.

Orchestration Studio

 

Privacy Policy
Privacy Policy

1. DEFINITIONS

“Affiliate” means any entity Controlling, Controlled by, or under common Control with a Party. 

Control” means direct or indirect ownership of more than fifty percent (50%) of the voting interests of an entity.  An entity shall be deemed an Affiliate only for so long as such Control exists.

“Customer Data” means all electronic data, content, or information submitted by Portal Users to Impartner in connection with Impartner’s provision of the Licensed Services or Support Services.

“DPA” means the data processing addendum attached hereto as Appendix A, and is incorporated into the Agreement by reference herein. 

“Documentation” means product descriptions found at https://impartner.com/packages-prm/, which may be updated from time to time by Impartner in its sole discretion. For clarity, as a SaaS provider with standard offerings, the Documentation is intended solely to provide objective criteria for the Parties to agree in advance what constitutes adequate delivery of the Licensed Services. Impartner’s products and services may change over time as Impartner improves its products and services, and the Documentation is not intended to restrict Impartner from so improving its Licensed Services.

“Impartner Materials” means materials made available by Impartner to Customer via the Licensed Services, Support Services, or customer success portal, and includes, without limitation, how-to guides, training content, and FAQs.  

“Implementation Services” means work performed by Impartner for initial installation and configuration of the Licensed Services in accordance with an Order Form. 

“Licensed Services” means the online, cloud-based software applications, modules and associated content and materials (including Impartner Materials incorporated therein) provided by Impartner to Customer as set forth in an Order Form, as well as any updates, upgrades, improvements, enhancements, integrations or customizations which Impartner may develop and make available to Customer in its sole discretion, but excluding Third-Party Applications.

“Order Form” means an order form, order form amendment, or order form renewal signed by the Parties that sets forth the pricing, Services, Use Limits, applications and modules selected by Customer, along with any Support Services.

“Partners” means Customer’s resellers, channel partners or other members of Customer’s partner networks that provide services and/or sell products or services on behalf of Customer.

“Personal Information” has the meaning ascribed to it under the California Consumer Privacy Act of 2018 (the “CCPA“), and specifically includes “Personal Data,” as defined by Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the “GDPR“).

“Portal Users” means employees or agents of Customer or a Partner who are authorized to access and use the Licensed Services, and who have been supplied user identifications and login credentials by Customer (“User Credentials”).

“Premier Support” means additional support services that supplement the Standard Support Services, purchased on an annual basis, that may include a dedicated Technical Account Manager, as further described in an Order Form.

“Professional Services” means billable, professional services related to custom functionality, training after implementation, integration with or fixes related to use of the Licensed Services with Third-Party Applications, as outlined in an Order Form that delineates the specific scope of services. 

“Standard Support Services” means Impartner’s support ticketing and response system for the Licensed Services’ standard product capabilities as further set forth in the service level agreement attached as Appendix B (the “Service Level Agreement”).  Standard Support Services are included as part of the Subscription Fees at no additional cost to Customer.

“Support Services” means all services offered to Customer other than the Licensed Services, and includes the Standard Support Services, Premiere Support, Implementation Services, and Professional Services.

“Third-Party Applications” means any services, software, products, applications, integrations and other features or offerings that are provided by Customer or obtained by Customer from a third party.

2. THE LICENSED SERVICES

2.1 Provision of the Licensed Services. Subject to Customer’s compliance with the terms and conditions of the Agreement (including payment of the applicable Fees (as defined below)), Impartner shall make the Licensed Services  available to Customer, Partners, and Portal Users for internal business purposes during the Term.

2.2 Affiliates.  A Customer may enter into an Order Form on behalf of itself and its Affiliates, if expressly stated in the applicable Order, and subject to the following conditions: (i) Customer has the authority to enter into the Agreement on behalf of its Affiliates; (ii) Customer remains responsible for its Affiliates’ compliance with the terms of the Agreement and any breach of the Agreement by a Customer Affiliate shall be deemed to be a breach by Customer; (iii) all use limits, as described in the Order Form, and other platform-related limitations of Customer arising from the Agreement shall be applied in the aggregate across Customer and all Customer Affiliates.  Notwithstanding the foregoing, Customer is solely entitled to a single instance of the Licensed Services, unless expressly set forth in an Order Form. If additional instances are required, for any reason, including for an Affiliate to have unique functionality independent from the Customer’s instance, additional implementation and/or subscription fees will apply, or the Affiliate may be required to enter into a separate Order Form.

2.3  Licensed Services Requirements.  Impartner may make changes (including updates or other improvements) to the Licensed Services, on the condition that such changes do not materially diminish the features or functionality of the Licensed Services or the commitments set forth in the Service Level Agreement. Customer acknowledges, however, that its purchase of the Licensed Services is for the current version of the Licensed Services, and not contingent on the delivery of any future functionality or features, nor dependent on any oral or written comments made by Impartner or its personnel regarding future functionality or features.

2.4 Third-Party Applications.  Impartner does not offer licenses to any Third-Party Applications. Customer is responsible for obtaining its own licenses to Third-Party Applications, and Customer agrees to comply with the applicable terms and conditions.  Impartner does not make any warranties with respect to any Third-Party Applications. Except for Impartner’s obligations related to Google Ads for Channel (if applicable) Customer maintains all obligations related to the implementation, customization, and exchange of data between Customer and any Third-Party Applications.

Third Party Applications may offer Customer the ability to share Customer Data with Third-Party Applications (for example, through a marketplace, via application program interfaces (each an “API,” or collectively, “APIs“), or otherwise).  In the event Customer utilizes Third Party Applications to access or process Customer Data, Customer assumes all risk and liability with such access and processing.  Impartner is not responsible for any disclosure, modification or deletion of Customer Data resulting from access by such Third Party Applications.  Impartner may treat any requests to access Customer Data by Third Party Applications as written instructions by Customer to access Customer Data, so long as such access requires authentication to Impartner’s platform using Customer’s login credentials to the Licensed Services. 

2.5 Google Ads for Channel. This Section applies if Customer purchases Impartner’s Google Ads for Channel.  Impartner will create a Google Ads account to establish and run Partners’ advertising campaigns (“Campaigns“) on the Partners’ behalf. Portal Users will not have access to Google Ads accounts that Impartner creates. All campaigns that run through Google Ads for Channel must comply with, and are subject to, the Google Ads Terms & Conditions. Impartner will not commence a Campaign until Impartner has received payment in full for that Campaign. Any fees paid for Google Ads ad campaigns will not count towards the limits of liability delineated in this Agreement. 

3. PERMITTED USE OF THE LICENSED SERVICES

3.1 Use of Licensed Services.  Customer shall: (i) not make the Licensed Services available to anyone other than those authorized under this Agreement; (ii) not use the Licensed Services in any manner that exceeds the scope of the applicable Order Form; (iii) use commercially reasonable efforts to prevent unauthorized access to or use of the Licensed Services; (iv) promptly notify Impartner of any unauthorized access or use of the Licensed Services, passwords, authentication credentials, or any unauthorized use, access, or disclosure of Customer Data; (v) comply, and cause its Portal Users to comply, with the Agreement, and be solely responsible for its Portal Users’ compliance with this Agreement; (vi) be solely responsible for all Customer Data, including the reliability, accuracy, completeness, timeliness, legality, and appropriateness of the Customer Data; (vii) secure and maintain any consents or permissions required to use the Customer Data as required by applicable law; (viii) ensure that the Customer Data does not infringe the rights of any third party, and is not otherwise obscene, threatening, defamatory, racially or ethically offensive, libelous, fraudulent or otherwise unlawful or tortious; (ix) not use the Licensed Services to send or store known viruses, worms, time bombs, Trojan horses, and other harmful, destructive, deceptive or malicious code, files, scripts, agents or programs; and (x) comply with all local, state, federal and foreign laws applicable to Customer’s use of the Licensed Services.  Customer may not provide user login credentials to any individuals or entities other than Third Party Applications.  In the event Customer shares its login credentials, and/or Customer Data with one or more Third Party Applications, Customer shall be responsible for all actions performed by the Third Party Applications, including API calls to share Customer Data with Third Party Applications, and any such API calls will be considered actions performed by Customer.

3.2 Restrictions. Customer shall not at any time, directly or indirectly, and shall not permit any Portal User to: (i) copy, modify or create derivative works based on the Licensed Services; (ii) rent, lease, lend, sell, license, sublicense, publish, frame, mirror or otherwise distribute any part of the Licensed Services; (iii) reverse engineer, disassemble, decompile, decode, adapt, or otherwise attempt to derive or gain access to the source code of the Licensed Services, in whole or in part; (iv) intentionally disable, interfere with, or disrupt the integrity or performance of the Licensed Services; or (v) access or use the Licensed Services in order to build (or assist others in building) a competitive product or service or in any manner beyond the scope of the authorization granted herein.

3.3  Two Factor Authentication. The Licensed Services support access using two-factor authentication (“2FA“), which is known to reduce the risk of unauthorized use of or access to the Licensed Services. Impartner strongly encourages Customer to use, and cause its Partners and Portal Users to use 2FA.  Impartner disclaims all responsibility for any damages, losses or liability to Customer, Partners, Portal Users, or any other affected individuals, where such damages, losses, or liability could have been prevented by the use of 2FA.

3.4  Service Suspension. Notwithstanding anything to the contrary in the Agreement, Impartner may suspend Customer’s and/or any Portal User’s access to any portion or all of the Licensed Services if: (i) any charge owing by Customer is thirty (30) days or more overdue, until such amounts are paid in full; (ii) Impartner reasonably determines that: (A) Customer’s or any Portal User’s use of the Licensed Services disrupts or poses a security risk to Impartner or to any other customer or vendor of Impartner; or (B) Customer, or any Portal User, is using the Licensed Services in breach of the Agreement or in violation of applicable law; (iii) Customer ceases to do business in the ordinary course, becomes insolvent or unable to pay debts as they become due, makes an assignment for the benefit of creditors or similar disposition of its assets, or becomes the subject of any bankruptcy, reorganization, liquidation, dissolution, or similar proceeding (each, a “Bankruptcy Event“); (iv) any vendor of Customer, or Google Ads (if Customer is buying  Google Ads for Channel), has denied Impartner’s access to, or use of, any Third-Party Applications needed to enable Customer’s access to or use of the Licensed Services; or (v) Impartner’s provision of the Licensed Services to Customer is or becomes prohibited by applicable law.  Any suspension described in subclause (i)-(v) is a “Service Suspension.” Impartner shall use commercially reasonable efforts to promptly provide written notice of any Service Suspension to Customer and to provide updates regarding resumption of access to the Licensed Services following any Service Suspension. Impartner shall use commercially reasonable efforts to resume providing access to the Licensed Services as soon as reasonably possible after the event giving rise to the Service Suspension is cured. Impartner will have no liability for any damage, liabilities, losses (including any loss of data or profits) that Customer may incur as a result of a Service Suspension.  Customer’s sole remedy for any Service Suspension made pursuant to 3.4(ii)-(v) shall be a pro rata refund of any pre-paid Fees. 

13. GENERAL PROVISIONS

13.1 Export Compliance; Sanctioned Countries. Each Party shall comply with the export laws and regulations of the United States and other applicable jurisdictions in providing and using the Licensed Services. Without limiting the foregoing, each Party represents that it is not named on any U.S. government list of persons or entities prohibited from receiving exports, and Customer shall not permit Portal Users to access or use the Licensed Services in violation of any U.S. export embargo, prohibition or restriction. Furthermore, Customer represents and warrants that (i) all Portal Users are prohibited from residing in, or operating from, any country that is sanctioned by either the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) or the United Nations Security Council (“Prohibited Countries“), and (ii) it will not knowingly permit any data pertaining to residents of any Prohibited Countries to be processed by the Licensed Services, including by prohibiting Portal Users from processing any such data via the Licensed Services.

13.2 Force Majeure. Except with respect to the payment of Fees hereunder, neither Party shall be liable to the other Party for a failure or delay in performing any obligation hereunder that is directly caused by conditions beyond that Party’s reasonable control, including acts of God, Pandemic (as defined below), war, terrorism, civil commotion, strikes, labor disputes and governmental actions or restriction (“Force Majeure Event“), provided the Party seeking to be excused from performance promptly notified the other Party of the Force Majeure Event, takes commercial reasonably action to mitigate the effects of the Force Majeure Event, and promptly resumes performance when the Force Majeure Event has subsided.  When a Party’s delay or non-performance continues for a period of thirty (30) days or more, the other Party may terminate the Agreement without penalty. Any prepaid amounts shall be refunded on a prorated basis.  “Pandemic” shall mean a global transmissible health emergency as declared by the World Health Organization that results in specific governmental restrictions that makes the performance of a party’s obligations under this Agreement illegal or impossible. 

13.3 Relationship of the Parties. The Parties are independent contractors. The Agreement does not create a partnership, franchise, joint venture, agency, fiduciary or employment relationship between them.

13.4 No Third-Party Beneficiaries. There are no third-party beneficiaries to the Agreement.

13.5 Notices. Except as otherwise specified in the Agreement, all notices, permissions and approvals hereunder shall be in writing and delivered to the addresses set forth on the first page of the Agreement and shall be deemed to have been given upon: (i) personal delivery, (ii) the second business day after overnight delivery, or (iii) receipt of acknowledgment by recipient if sent by email. Any legal notices sent to Impartner by email must additionally be sent to legal.notice@impartner.com, and any notices sent by email related to invoices or billing must additionally be sent to accounts.receivable@impartner.com.   

13.6 Waiver and Cumulative Remedies. No failure or delay by either Party in exercising any right under the Agreement shall constitute a waiver of that right. Other than as expressly stated herein, the remedies provided herein are in addition to, and not exclusive of, any other remedies of a Party at law or in equity.

13.7 Severability. If any provision of the Agreement is held by a court of competent jurisdiction to be contrary to law, the provision shall be modified by the court and interpreted so as best to accomplish the objectives of the original provision to the fullest extent permitted by law, and the remaining provisions of the Agreement shall remain in effect.

13.8 Assignment.  Neither Party may assign its rights or obligations under this Agreement without the other Party’s prior written consent. Notwithstanding the foregoing, either Party may assign its rights and obligations under this Agreement to an Affiliate as part of a reorganization, or to a purchaser of its business entity or substantially all of its assets or business to which rights and obligations pertain without the other Party’s consent, provided that: (a) the purchaser is not insolvent or otherwise unable to pay its debts as they become due; (b) the purchaser is not a competitor of the other Party; and (c) any assignee is bound hereby. Other than the foregoing, any attempt by either Party to transfer its rights or obligations under this Agreement will be void.

13.9 Governing Law; Venue. The Agreement, and any disputes arising out of or related hereto, shall be governed exclusively by the internal laws of the State of Utah, without regard to its conflicts of laws rules. The state and federal courts located in Salt Lake City, Utah shall have exclusive jurisdiction to adjudicate any dispute arising out of or relating to the Agreement. Each Party hereby consents to the exclusive jurisdiction of such courts.

13.10 Entire Agreement. The Agreement, including all Exhibits, constitutes the entire agreement between the Parties and supersedes all prior and contemporaneous agreements, proposals or representations, written or oral, concerning its subject matter. In the event of conflict between the documents comprising the Agreement, the order of precedence shall be: (i) DPA, if applicable, (ii) other Exhibits, (iii) Order Form, and then (iv) the MSA. No modification, amendment, or waiver of any provision of the Agreement shall be effective unless in writing that specifically references the Agreement and is signed by the Party against whom the modification, amendment or waiver is to be asserted. Notwithstanding any language to the contrary therein, no terms or conditions stated in any Customer purchase order or in any other Customer order documentation shall be incorporated into or form any part of the Agreement, and all such terms or conditions shall be null and void.

Introduction

  1. Customer is a Controller or Processor of certain Personal Data and wishes to appoint Impartner as a Processor or sub- processor to Process this Personal Data on Customer’s behalf.
  2. The parties have entered into this DPA to ensure that Impartner conducts such data Processing in accordance with Customer’s instructions and Applicable Data Protection Law requirements, and with full respect for the fundamental data protection rights of the Data Subjects whose Personal Data will be Processed.

Definitions

In this DPA, the following terms shall have the following meanings. Other capitalized terms used in this DPA are defined in the context in which they are used or shall have the meanings given such terms in the Order Form or Master Services Agreement.

Applicable Data Protection Law” shall mean: (i) Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation or “GDPR”) and any data protection laws in any European Union Member State including laws implementing such Regulation, (ii) the California Consumer Privacy Act of 2018 (“CCPA”), including any regulations promulgated thereunder, as amended from time to time; (iii) the UK GDPR, and (iv) any other applicable data protection law.

Controller” means the entity which determines the purposes and means of the Processing of Personal Data.

Data Subject” means the identified or identifiable person to whom Personal Data relates.

“EU Standard Contractual Clauses” / “EU SCCs” means Module Two of the standard contractual clauses for the transfer of Personal Data, in accordance with Applicable Data Protection Law, to Controllers and Processors established in Third Countries, the approved version of which is in force at the date of signature of this Agreement that are in the European Commission’s Decision 2021/914 of 4 June 2021, as such standard contractual clauses are available at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en, and as may be amended or replaced by the European Commission from time to time, and as further defined in clause 4 of this DPA.

Personal Data” means any information relating to (i) an identified or identifiable natural person and, (ii) an identified or identifiable legal entity (where such information is protected similarly as personal data or personally identifiable information under Applicable Data Protection Law), where for each (i) or (ii), such data is Customer Data.

Processing” (and “Process“) means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Processor” means the entity which Processes Personal Data on behalf of the Controller.

“Supervisory Authority(ies)” shall carry the meaning of that term in the GDPR.

UK Standard Contractual Clauses” / “UK SCCs” means the standard contractual clauses for controllers to processors approved by the UK Government, which at the date of this DPA is the UK International Data Transfer Agreement available at https://ico.org.uk/media/for-organisations/documents/4019538/international-data-transfer-agreement.pdf or the UK Addendum to the EU SCCs available at https://ico.org.uk/media/for-organisations/documents/4019539/international-data-transfer-addendum.pdf, as each may be amended or replaced by the Information Commissioner’s Office and/or UK Government from time to time.

DATA PROTECTION

  1. Relationship of the parties. Customer appoints Impartner as a Processor, or service provider, to Process the Personal Data that is the subject matter of the Agreement (the “Data“). Accordingly, the parties acknowledge and agree that with regard to the Processing of Personal Data, Customer is the Controller and Impartner is the Processor. Each party shall comply with the obligations that apply to it under Applicable Data Protection Law. Customer hereby represents and warrants that Customer complies with the requirements in the Applicable Data Protection Law in collecting and transferring the data to Impartner and permitting Impartner to act as a processor of the Data. Customer agrees that it will not disclose any special categories of personal information to Impartner.
  2. Purpose limitation. Customer hereby instructs Impartner to Process Personal Data and to transfer Personal Data to any country or territory as necessary for the provision of the Service and consistent with the Agreement. Customer’s instructions for the Processing of Personal Data shall comply with Applicable Data Protection Law. Customer shall have sole responsibility for the accuracy, quality, and legality of the Data and the means by which Customer acquires the Impartner shall Process the Data as a Processor only as necessary to perform its obligations under the Agreement, and in accordance with the documented instructions of Customer (the “Permitted Purpose“), except where otherwise required by any EU (or any EU Member State) or UK law applicable to Impartner, in which case Impartner shall to the extent permitted by Applicable Data Protection Law inform Customer of that legal requirement before the relevant Processing of that Data. In no event shall Impartner Process the Data for its own purposes or those of any third party except as set forth in the Agreement. Impartner shall also inform Customer if in its opinion an instruction of Customer infringes or violates Applicable Data Protection Law. Impartner shall not sell the Data, nor process, retain, use, or disclose the Data (i) for any purposes other than the Permitted Purpose, or (ii) outside of the direct business relationship between Impartner and Customer.
  3. Details of the Processing. Annex I to this DPA sets out certain information regarding Impartner’s Processing of the Data as required by Article 28(3) of the GDPR. Either party may make reasonable amendments to Annex I by written notice to the other party from time to time as such party reasonably considers necessary to meet those requirements. Nothing in Annex I (including as amended pursuant to this Section 3) confers any right or imposes any obligation on any party to this DPA.
  4. International transfers. Impartner shall not transfer any Personal Data of European Economic Area (“EEA“) / UK Data Subjects (nor permit such Personal Data to be transferred) outside of the EEA / UK unless (i) it has first obtained Customer’s prior written consent; and (ii) it takes such measures as are necessary to ensure the transfer is in compliance with Applicable Data Protection Law. Such measures may include (without limitation) transferring the Personal Data to a recipient in a country that the European Commission / UK authorities have decided provides adequate protection for Personal Data, or to a recipient that has achieved binding corporate rules authorization in accordance with Applicable Data Protection Law, or to a recipient that has executed the Standard Contractual Clauses adopted or approved by the European Commission or UK Government. Customer hereby consents to the transfer of Personal Data to Impartner in the United States and the parties agree that the EU / UK Standard Contractual Clauses will apply to any such transfer, as appropriate.

a. The EU SCCs shall be deemed incorporated in this Agreement as follows:

    • Clause 7 of the EU SCCs, the “Docking Clause (Optional)”, shall be deemed incorporated;
    • in Clause 9 of the EU SCCs, the Parties choose Option 2, ‘General Written Authorisation’, with a time period of 10 days;
    • the optional wording in Clause 11 of the EU SCCs shall be deemed not incorporated;
    • in Clause 17 of the EU SCCs, the Data Exporter and Data Importer agree that the EU SCCs shall be governed by the laws of the Netherlands and choose Option 1 to this effect;
    • in Clause 18 of the EU SCCs, the Data Exporter and Data Importer agree that any disputes shall be resolved by the courts of the Netherlands;
    • Annexes I.A, I.B, I.C, II and III of the EU SCCs shall be deemed completed with the information set out in Annex I, Annex II and Annex III to this DPA.

b. Where the UK SCCs apply (i.e., for transfers from UK to countries, which were not recognized as providing adequate protections by UK authorities), they will be deemed incorporated in accordance with Annex IV to this DPA.

  1. Confidentiality of Processing. Impartner shall ensure that any person that it authorizes to Process the Data (including Impartner’s staff, agents and subcontractors) (an “Authorized Person“) shall be subject to a strict duty of confidentiality (whether a contractual duty or a statutory duty) and shall not permit any person to Process the Data who is not under such a duty of confidentiality. Impartner shall ensure that all Authorized Persons Process the Data only as necessary for the Permitted Purpose.
  2. Security. Impartner shall implement appropriate technical and organizational measures to protect the Data from (i) accidental or unlawful destruction, and (ii) loss, alteration, unauthorized disclosure of, or access to the Data (a “Security Incident“). Such measures shall take into account the state of the art, the costs of implementation and the nature, scope, context and purpose of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons. Such measures may include those listed in Annex II to this DPA.
  3. Sub-processing.

7.1 Impartner may subcontract any processing of the Data to a third-party subcontractor (“Sub-Processor“) in accordance with Applicable Data Protection Law. A list of Impartner’s current authorized Sub-Processors (the “List“) will be made available to Customer, either attached hereto, at a link provided to Customer, via email or through another means made available to Customer.  Such List may be updated by Impartner from time to time.  Impartner may provide a mechanism to subscribe to notifications of new authorized Sub-Processors and Customer agrees to subscribe to such notifications where available.  At least ten (10) days before enabling any third party other than existing authorized Sub-Processors to access or participate in the processing of Personal Data, Impartner will add such third party to the List and notify Customer via email. Customer may object to such an engagement by informing Impartner within ten (10) days of receipt of the aforementioned notice by Customer, provided such objection is in writing and based on reasonable grounds relating to data protection. Customer acknowledges that certain sub-processors are essential to providing the Services and that objecting to the use of a sub-processor may prevent Impartner from offering the Services to Customer.

7.2 If Customer reasonably objects to an engagement in accordance with Section 7.1, and Impartner cannot provide a commercially reasonable alternative within a reasonable period of time, Customer may discontinue the use of the affected Service by providing written notice to Impartner.  Discontinuation shall not relieve Customer of any fees owed to Impartner under the Agreement.

7.3 If Customer does not object to the engagement of a third party in accordance with Section 7.1 within ten (10) days of notice by Impartner, that third party will be deemed an authorized Sub-Processor for the purposes of this DPA.

7.4 Impartner will enter into a written agreement with the authorized Sub-Processor imposing on the authorized Sub-Processor data protection obligations comparable to those imposed on Impartner under this Addendum with respect to the protection of Personal Data.  In case an authorized Sub-Processor fails to fulfill its data protection obligations under such written agreement with Impartner, Impartner will remain liable to Customer for the performance of the authorized Sub-Processor’s obligations under such agreement.

7.5 If Customer and Impartner have entered into Standard Contractual Clauses, (i) the above authorizations will constitute Customer’s prior written consent to the subcontracting by Impartner of the Processing of Personal Data if such consent is required under the Standard Contractual Clauses, and (ii) the parties agree that the copies of the agreements with Authorized Sub-Processors that must be provided by Impartner to Customer pursuant to Clause 5(j) of the UK SCCs or Clause 9(c) of the EU SCCs may have commercial information, or information unrelated to the Standard Contractual Clauses or their equivalent, removed by Impartner beforehand, and that such copies will be provided by Impartner only upon request by Customer.

  1. Cooperation and Data Subjects’ rights. Impartner shall provide all reasonable and timely assistance (including by appropriate technical and organizational measures) to Customer to enable Customer to respond to: (i) any request from a Data Subject to exercise any of its rights under Applicable Data Protection Law (including its rights of access, correction, objection, erasure and data portability, as applicable); and (ii) any other correspondence, inquiry or complaint received from a Data Subject, regulator or other third party in connection with the Processing of the Data. In the event that any such request, correspondence, inquiry or complaint is made directly to Impartner, Impartner shall promptly inform Customer. To the extent legally permitted, Customer shall be responsible for any costs arising from Impartner’s provision of the assistance described in this paragraph.  Communications pertaining to the foregoing shall be sent to dataprocessing@impartner.com.
  2. Data Protection Impact Assessment. If Impartner believes or becomes aware that its Processing of the Data is likely to result in a high risk to the data protection rights and freedoms of Data Subjects, it shall promptly inform Customer and provide Customer with all such reasonable and timely assistance as Customer may require in order to conduct a data protection impact assessment and, if necessary, consult with its relevant data protection authority.
  3. Security incidents. Upon becoming aware of a Security Incident, Impartner shall inform Customer without undue delay after becoming aware of the Security Incident, and shall provide all such timely information and cooperation as Customer may require in order for Customer to fulfil its data breach reporting obligations under (and in accordance with the timescales required by) Applicable Data Protection Law. Impartner shall further take all such measures and actions as are necessary to remedy or mitigate the effects of the Security Incident and shall keep Customer apprised of all developments in connection with the Security Incident.
  4. Deletion or return of Data. Upon termination or expiry of the Agreement, Impartner shall (at Customer’s election) destroy or return to Customer all Data (including all copies of the Data) in its possession or control (including any Data subcontracted to a third party for Processing). This requirement shall not apply to the extent that Impartner is required by any Applicable Data Protection Law to retain some or all of the Data.
  5. Audit. Impartner will submit to audits and inspections in relation to the Processing of Data, at Customer’s sole cost and expense, and will provide Customer with whatever information it needs to ensure that they are both meeting their obligations under Article 28 of GDPR. Customer agrees that its requests to audit Impartner may be satisfied by Impartner presenting up- to-date attestations, reports or extracts from independent bodies, including without limitation external or internal auditors, Impartner’s data protection officer, data protection or quality auditors or other mutually agreed to third parties) or certification by a regulatory body by way of an IT security or data protection audit. Customer shall not exercise its audit rights under this DPA more than once per year, and no such audit may be exercised in a manner that (i) disrupts Impartner’s normal business operations, or (ii) causes Impartner to breach any obligation of confidentiality to another customer or to any other third party, whether imposed by regulation or contract.
  6. Sub-processor Audits. Customer may not audit Impartner’s sub-processors without Impartner’s and Impartner’s sub- processor’s prior agreement. Customer agrees that its requests to audit sub-processors may be satisfied by Impartner or Impartner’s sub-processors presenting up-to-date attestations, reports or extracts from independent bodies, including without limitation external or internal auditors, Impartner’s data protection officer, the IT security department, data protection or quality auditors or other mutually agreed to third parties) or certification by way of an IT security or data protection audit. Onsite audits at sub-processors premises may be performed by Impartner or a mutually agreed to auditor under a confidentiality agreement acting on behalf of Customer.
  7. Limitation of Liability. Each party’s liability arising out of or related to this DPA, whether in contract, tort or under any other theory of liability, is subject to the ‘Limitation of Liability’ section of the Agreement.
  8. Processing for Statistical Purposes. Impartner may Process Data for statistical purposes following the termination or expiration of the Agreement. Any such Processing shall be subject to appropriate safeguards, such as those provided in GDPR Article 89 related to the rights and freedoms of Data Subject. Those measures may include, without limitation, pseudonymization or that the Processing does not permit the identification of Data Subjects.
  9. Miscellaneous:

a. Headings. Headings in this DPA are for convenience of reference only and will not constitute a part of or otherwise affect the meaning or interpretation of this DPA.

b. Entire Agreement. This DPA (including all schedules and appendices thereto) and the Agreement constitute the entire agreement between the parties relating to the subject matter of this DPA and supersede all prior agreements, understandings, negotiations and discussions of the parties in relation to the subject matter of this DPA.

c. Severability. The provisions of this DPA are severable. If any phrase, clause or provision is invalid or unenforceable in whole or in part, such invalidity or unenforceability will affect only such phrase, clause or provision, and the rest of this DPA will remain in full force and effect.

d. Notices. Any notice or other communication under this DPA given by either party to the other will be deemed to be properly given if given in writing and delivered (i) in person, (ii) by electronic mail to the email addresses agreed to between the parties, or (iii) in accordance with the Notice provision of the Agreement. Either party may from time to time change its address for notices under this Section by giving the other party notice of the change in accordance with this Section.

e. Third-party Rights. The provisions of this DPA will endure to the benefit of and will be binding upon the parties and their respective successors and assigns.

f. Counterparts. This DPA may be executed in counterparts, each of which will be deemed an original, but all of which together will constitute one and the same instrument. Execution of an Agreement incorporating the terms of this DPA shall be deemed to be execution of this DPA including all attachments.

g. Governing Law. This DPA will be governed by and construed in accordance with the governing law of the Agreement, without regard to its conflict of laws principles, except to the extent that Applicable Data Protection Law(s) require otherwise, in which event this DPA will be governed in accordance with Applicable Data Protection Law.

h. Signatures. This DPA has been signed on behalf of each of the parties by a duly authorized signatory.

ANNEX II: TECHNICAL AND ORGANISATIONAL MEASURES

Impartner’s Technical and Organisational Measures including Technical and Organisational Measures to Ensure the Security of the Data is available here.

ANNEX III: LIST OF SUB-PROCESSORS

The controller has authorised the use of sub-processors listed here.

ANNEX IV: UK ADDENDUM TO EU STANDARD CONTRACTUAL CLAUSES

Impartner’s UK Addendum to EU Standard Contractual Clauses is available here.

APPENDIX B: SERVICE LEVEL AGREEMENT

Impartner’s Service Level Agreement is available here.