Laserfiche WebLink
E204 (Products and Services) <br />REV: 07-22-25 MI <br />February 14, 2025 <br />ATTACHMENT D <br />DATA PROCESSING ADDENDUM <br />Data Processing Addendum <br />This Data Processing Addendum ("Addendum") is effective on the first date that Customer provides to Esri <br />Personal Data (as defined below) subject to the applicable Privacy Law (as defined below) and forms part of the <br />Master Agreement or other written or electronic agreement ("Agreement") by and between the organization signing <br />or accepting below ("Customer") and Environmental Systems Research Institute, Inc. ("Esri"), and sets forth <br />the terms and conditions relating to the privacy, confidentiality, and security of Personal Data associated with Online <br />Services and subscription and maintenance services to be rendered by Esri to Customer pursuant to the Agreement. <br />All terms defined or used in the Agreement shall have the same meaning in this Addendum unless otherwise <br />specified. Terms used in this Addendum that are not defined herein or in the Agreement shall have the meaning set <br />forth in the applicable Privacy Law. <br />Whereas Customer may provide Esri, a company located in the United States, with access to Personal Data to act <br />as a Processor or Service Provider in connection with Online Services and subscription and maintenance services <br />performed by Esri for or on behalf of Customer pursuant to the Agreement; and <br />Whereas Customer requires that Esri preserve and maintain the privacy and security of such Personal Data as a <br />Processor according to the terms of this Addendum; <br />Now therefore, in consideration of the mutual covenants and agreements in this Addendum and the Agreement and <br />for other good and valuable consideration, the sufficiency of which is hereby acknowledged, Customer and Esri <br />agree as follows: <br />SECTION I DEFINITIONS <br />A."Privacy Laws" means the European Union (EU) General Data Protection Regulation (GDPR) 2016/679 of the <br />European Parliament and of the Council of 27 April 2016, the California Consumer Privacy Act of 2018 (CCPA) <br />(as amended by the California Privacy Rights Act [CPRA]), or other privacy laws applicable to Esri. <br />B. The terms "personal data," "data subject," "processing," "controller," "processor," and "supervisory authority" <br />as used in this Addendum have the meanings given in the GDPR. <br />C."Personal Data" means personal data, personal information, or personally identifiable information as defined <br />in applicable Privacy Laws about individuals located in the European Union; Switzerland; the United Kingdom; <br />California, USA; or other locations covered by Privacy Laws and may include, but not be limited to, the following: <br />(i) categories of data subjects: prospects, customers, business partners, and vendors; and (ii) types of personal <br />data: name, title, position, email address, and location. <br />D."Data Incident" means a breach of Esri's security leading to the accidental or unlawful destruction, loss, <br />alteration, unauthorized disclosure of, or access to Personal Data on systems managed or otherwise controlled <br />by Esri. Data Incidents will not include unsuccessful attempts or activities that do not compromise the security <br />of Personal Data, including unsuccessful login attempts, pings, port scans, denial-of-service attacks, and other <br />network attacks on firewalls or networked systems. <br />E."Data Privacy Framework" means the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to <br />the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF). <br />ATTY/AGR.2025.178/Environmental Systems Research Institute, Inc.(ESRI Agreement for Services) (Page 23 of 31)