Precisely Data Processing Addendum FAQs
Last Updated: October 2024
We respect your privacy and are committed to safeguarding customer personal data that we collect and otherwise process in connection with the provision of products and services to you. We acknowledge you may have questions about our Precisely Data Processing Addendum (“DPA”) that we offer to our customers. To help you develop a better understanding of the Precisely DPA, we have created this FAQ document to answer some of the most common questions we are asked by our Customers. Capitalized terms used in this FAQ have the same meaning set out in our DPA.
| General | 2 |
| Does Precisely make a DPA available to its Customers? | 2 |
| Why can’t my organization use its own DPA? | 2 |
| What is the scope of the DPA? | 2 |
| Does the DPA apply to my organization if we don’t have offices in Europe? | 2 |
| What are Precisely and the Customer’s respective roles under the DPA? | 2 |
| Data Subject Requests | 3 |
| How does Precisely handle requests from Data Subjects? | 3 |
| Sub-processors | 3 |
| Does Precisely use Sub-processors? | 3 |
| Technical and Organizational Measures | 3 |
| What security measures are in place to protect Customer Data? | 3 |
1. General
a. Does Precisely make a DPA available to its Customers?
Yes, Precisely offers a DPA to its Customers available here, and in our Trust Center. The DPA is an agreement that sets out the legal framework under which Precisely Processes Customer Data and Personal Data. The DPA covers Precisely’s On-Prem and SaaS products and solutions. The DPA is an addendum to the applicable product terms between Precisely and its Customers.
b. Why can’t my organization use its own DPA?
The Precisely DPA is specific to Precisely’s products and services and covers our processes and practices in relation to these. For example, the DPA covers our processes around privacy related notifications, audits, certifications, security measures, and sub-processing activities, all of which are aligned to the way in which Precisely’s products and services work. The Precisely DPA is also drafted to seamlessly interoperate with the applicable Precisely product and service terms. We’ve also learned from experience that the DPA review process can be significantly streamlined by using our DPA which aligns with applicable data protection laws/industry standards and Precisely policies, processes and obligations. This is especially the case since the language in the DPA reflects revisions that we would have to make to a Customer’s document to reflect our business model, products and services. Furthermore, based on our extensive benchmarking, the DPA is consistent with other global tech, data, and SaaS companies and contain reasonable and balanced terms which the majority of our Customers have found to be acceptable.
c. What is the scope of the DPA?
Although the DPA uses certain terminology from specific laws, for example, “Controller” and “Processor” from the GDPR, it covers our Customers globally and sets out applicable legal obligations and commitments related to the processing of Customer Data and Personal Data in a global context.
d. Does the DPA apply to my organization if we don’t have offices in Europe?
Yes, the majority of the DPA applies to Customers regardless of their connection to the European Union (“EU”), European Economic Area (“EEA”), Switzerland and the United Kingdom (“UK”) (together, “Europe”). Many of the commitments in the DPA are privacy-related obligations that apply globally as well as in relation to European-specific privacy regulations.
e. What are Precisely and the Customer’s respective roles under the DPA?
Precisely acts as a data Processor with respect to Personal Data made available or submitted by a Customer for Precisely to provide its products and services to the Customer. Precisely Processes such Personal Data only in accordance with the Customer’s documented instructions. The Customer ordinarily acts as a Controller of such Personal Data. This is set out in the DPA.
2. Data Subject/Privacy Rights Requests
How does Precisely handle requests from Data Subjects?
If Precisely receives a Data Subject/Privacy Rights Request from a Customer’s client or end user in respect of Personal Data for which Precisely acts as a Processor, Precisely will, to the extent legally permitted, ask the Data Subject to contact the Customer directly about the request. Precisely will also, in accordance with the commitments set out in our DPA, notify the Customer although we will not further respond to the Data Subject Request without the Customer’s prior consent.
3. Sub-processors
Does Precisely use Sub-processors?
An effective and efficient performance of Precisely’s services to Customer requires the use of Sub-processors. These Sub-processors can include Affiliates of Precisely as well as third party organizations. Precisely’s use of Sub-processors may require the transfer of Customer Data to Sub-processors for purposes like hosting Customer Data, providing customer support, and ensuring the services are working to our Customers’ expectations. As described in the DPA, Precisely takes responsibility for the actions of its Sub-processors.
Up-to-date information about the identities and the locations of Sub-processors can be found in the applicable list of Precisely Sub-processors available here and in our Trust Center.
4. Technical and Organizational Measures
What security measures are in place to protect Customer Data?
Precisely maintains appropriate technical and organizational measures to protect Customer Data, as set forth in the Precisely DPA and our Trust Center.
These FAQs are provided for informational purposes only. It is not intended to provide legal advice. Precisely urges its customers to consult with their own legal advisors to familiarize themselves with the requirements that govern their specific use case. This information is provided as of the date of the document publication and may not account for updates after the date of publication. For further information on our Precisely’s privacy practice, please see our Global Privacy Notice.