Data Processing Addendum
This Data Processing Addendum (“DPA”) is part of the Master Services Agreement or other written agreement between Snow Growth Marketing Inc. (“Enrolla,” “we,” “us,” or “our”) and the Customer (“Customer,” “you,” or “your”) for the use of the Enrolla services (the “Agreement”).
This DPA applies to the extent Enrolla processes Personal Data on your behalf in the course of providing the Services.
1. Definitions
2. Scope of Processing
Enrolla processes Personal Data solely to provide the Services in accordance with the Agreement, including:
- Hosting and serving the Enrolla platform;
- Managing user accounts and authentication;
- Providing program recommendations and insights;
- Delivering support and communications.
Enrolla does not sell Personal Data or use it for marketing purposes unrelated to the Services.
3. Roles of the Parties
- Customer acts as the Data Controller (or equivalent).
- Enrolla acts as the Data Processor on behalf of Customer.
Each party agrees to comply with applicable data protection laws in their respective roles.
4. Security Measures
Enrolla implements appropriate technical and organizational measures to protect Personal Data, including:
- Data encryption in transit and at rest;
- Access control and authentication;
- Regular vulnerability and penetration testing;
- Staff confidentiality and security training.
5. Subprocessors
Enrolla may engage Subprocessors to support the delivery of Services. A current list is available upon request. Enrolla will:
- Ensure Subprocessors are bound by written agreements with data protection obligations at least as protective as this DPA;
- Notify Customer of any material changes to Subprocessors;
- Remain liable for Subprocessor actions.
6. Data Subject Rights
Where legally required, Enrolla will assist Customer in fulfilling requests from individuals exercising their rights under applicable laws, including:
- Access, correction, deletion, or portability of their Personal Data;
- Objections to or restrictions on processing.
Customer is responsible for verifying requests and providing instructions to Enrolla.
7. Data Transfers
Enrolla shall assist Customer in responding to data subject requests.
8. Data Breach Notification
In the event of a Personal Data Breach, Enrolla will:
- Notify Customer without undue delay after becoming aware;
- Provide available details of the breach, including the nature, scope, and any mitigation efforts;
- Cooperate with Customer to meet regulatory obligations.
9. Audit Rights
Upon reasonable request and subject to confidentiality, Enrolla will provide documentation or certifications to demonstrate compliance with this DPA. Customer may request a third-party audit (at its own expense) no more than once per year, unless legally required.
10. Return or Deletion of Data
Upon termination of the Agreement, Enrolla will delete or return Customer’s Personal Data, unless retention is required by law. Secure deletion will be completed within a commercially reasonable period.
11. Miscellaneous
This DPA is governed by the laws specified in the Agreement. In case of conflict between the DPA and the Agreement, the DPA controls to the extent of the conflict regarding data protection matters.
12. Contact Us
For questions or requests related to this agreement:
Email:support@enrolla.com