Introduction

This Data Processing Agreement (“DPA”) is an addendum to the Terms of Service between Esfera Marketing SL and you. The following clauses are applicable whenever your intended use of Seal Metrics triggers the application of the European Union's General Data Protection regulation (“GDPR”).

Definitions

"The Product" refers to Seal Metrics, an EU-based cloud-based software provided by Spain-based Esfera Marketing SL.

"We", "us", or "data processor" refers to Esfera Marketing SL.

"You" or "data controller" refers to the company or organization that enters into a contract to deploy the Product on one or many of its websites.

Instructions

We act solely as per your documented instructions, as detailed in following clauses: Subject Matter, Duration, Nature and Purpose, Categories, Special Categories, and Retention Period. This includes data transfers to a third country or international organization.

Subject Matter

Should you choose to use the Product in a a way that collects personal data about your website visitors, we will commit to process such data in way that ensures its confidentiality, integrity, and availability. 

In the absence of specific requests on the contrary (see below), such personal data will be limited to pseudonymized events pertaining to pages visited, referring websites, and generic campaign properties included in URL parameters. The Product is not designed to single out specific individuals, collect IP addresses or facilitate the creation of personal profiles.

For purposes of statistical comparison and benchmarking we may download Google Analytics reports from the accounts that you select during the configuration of the Product. We do this in compliance with the Google API Services User Data Policy, including its Limited Use requirement. 

If you have chosen to enable conversion tracking signals we will act on your behalf to share data with Google, which acts as an independent controller. In no case will SEAL Metrics become a data controller or joint data controller as a result of these instructions. 

Duration

This data processing agreement is in place for twelve months, and will be renewed each year provided that you remain our customer.

Nature and Purpose

The purpose of the processing falls within the scope of statistical analysis and digital analytics services intended to help a data controller better understand the manner in which its potential or current customers navigate its website. This is done in aggregate, and no individual is ever singled out in the pursuit of this specific purpose.

Should you choose to use the Product in a way that collects personal data about your website visitors, we will commit to process such data in a way that ensures its confidentiality, integrity, and availability. 

In the absence of specific requests on the contrary (see below), such personal data will be limited to pseudonymized events pertaining to pages visited, referring websites, and generic campaign properties included in URL parameters. The Product is not designed to single out specific individuals, collect IP addresses or facilitate the creation of personal profiles. 

If you have chosen to enable conversion tracking signals we will act on your behalf to share data with Google, which acts as an independent controller. In no case will SEAL Metrics become a data controller or joint data controller as a result of these instructions. The purpose of this additional processing is helping you understand the performance of your marketing expenditures across multiple channels.

Categories of Personal Data

This data processing agreement is in place because you have asked us to process website events that could be associated to pseudonymous or aggregated personal data signals such us: marketing campaign or origin (as a traffic source), most popular content, and most frequent customer journeys throughout your website.

Special Categories

You will not be collecting data, in aggregated or granular form, about a data subject's health, sex life, sexual orientation, racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership. As a result, the Product will not be storing or processing such data.

Retention Period

We will keep the data you collect for up to three months after the termination or cancellation of our contract. Event and traffic history older than five years will also be deleted from your active account unless expressly requested through an addendum to this data processing agreement.

Personnel

We will make sure that our team members are informed of the confidential nature of the data being processed, having received appropriate training on their responsibilities and having executed written confidentiality agreements.

We will also take commercially reasonable steps to ensure the reliability of any Seal Metrics personnel engaged in the processing of personal data. 

We will make sure that only the team members providing the service, or offering relevant customer support have access to the data being processed.

Technical and Organizational Measures

We have developed information security risk management policies to reasonably ensure the confidentiality, integrity, and availability of the data processed by the Product. These include subprocessor audits (see Subprocessors for further details), certifications, infrastructure, availability and disaster resistance, technical security controls, and admnistrative security controls.

In particular, the following are in place:

  • The Product provides end-to-end encryption using the Transport Layer Security (TLS) protocol version 1.2 or higher with a minimum of 128 bit encryption for personal data in transit.
  • Personal data within the Product is encrypted using, at a minimum, AES-256.
  • Our IT systems, as well as those of our subprocessors, are regularly monitored for vulnerabilities, as well as patched in a timely manner.
  • External points of connectivity in our chosen network architecture are protected by firewalls.
  • Network and database activity are logged and actively monitored for potential security events including intrusion.
  • User passwords are stored in a one-way hash.

Subprocessors

The SEAL Metrics platform is hosted in Ireland by Noraina Ltd.