This Data Processing Agreement, including its Annexes ****(“DPA”), is entered into by RegAxis Technologies Pvt. Ltd. (d/b/a Runmerge) , a corporation having its principal place of business at NO.2F 02 A.J. SANKALPA ORCHID 7TH CROSS, KHANE ROAD HORAMAVU K CHANNASANDRA, Bengaluru Urban, KA 560043, India(“Company” or “Runmerge”), and Counterparty (defined below).
Runmerge provides its proprietary, Software-as-a-Service solution for integrating event tech, CRM, MDM, and accounting platforms (“Service(s)”) to Customers and End Customer (each as defined below). The provision of the Service involves the Processing of Personal Data subject to the Data Protection Laws, and the purpose of this DPA is to set forth the terms under which Runmerge Processes the Personal Data.
THIS DPA APPLIES BETWEEN THE PARTIES WHERE A REPRESENTATIVE OF COUNTERPARTY CLICKS A BOX INDICATING ACCEPTANCE, TRANSFERS PERSONAL DATA TO MERGE FOR PROCESSING BY MEANS OF THE SERVICE, OR OTHERWISE AFFIRMATIVELY INDICATES ACCEPTANCE OF THIS DPA. BY DOING SO, YOU: (A) AGREE TO THIS DPA ON BEHALF OF THE ORGANIZATION, COMPANY, OR OTHER LEGAL ENTITY FOR WHICH YOU ACT (“COUNTERPARTY”); AND (B) REPRESENT THAT YOU HAVE THE AUTHORITY TO BIND COUNTERPARTY AND ITS AFFILIATES TO THIS DPA. IF YOU DO NOT HAVE SUCH AUTHORITY, OR IF YOU DO NOT AGREE WITH THIS DPA, YOU MAY NOT DIRECTLY OR INDIRECTLY TRANSFER PERSONAL DATA TO MERGE. MERGE RESERVES THE RIGHT TO MODIFY OR UPDATE THE TERMS OF THIS DPA IN ITS DISCRETION, THE EFFECTIVE DATE OF WHICH WILL BE THE EARLIER OF (I) 30 DAYS FROM THE DATE OF SUCH UPDATE OR MODIFICATION AND (II) COUNTERPARTY’S CONTINUED TRANSFER OF PERSONAL DATA.
If Customer and Runmerge have executed a written data processing agreement governing the processing of personal data by means of the Service, then the terms of such signed data processing agreement between the parties will supersede this DPA.
In the provision of services by Runmerge involving Counterparty, the following roles (“Roles”) apply among the parties:
| Counterparty | Description | Data Processing Function(s) |
|---|---|---|
| Customer | Party that purchases a Subscription to the Service | For Customer Personal Data Processed by Runmerge, Customer is the Controller and Runmerge is a Processor |
| For End Customer Personal Data Processed by Runmerge, Customer is a Processor and Runmerge is a Processor and/or subprocessor | ||
| End Customer | The Customer’s customer that enables integration between the Service and Partner’s platform in order for Runmerge to Process the End Customer’s Personal Data for the benefit of the Customer | For End Customer Personal Data Processed by Runmerge, End Customer is the Controller; Customer is a Processor; and Runmerge is a Processor and/or subprocessor |
| Partner | Provider of a SaaS solution used by End Customer (e.g., typically in the event tech, CRM, or accounting space) | End Customer is the Controller; Partner is the Processor; Runmerge is the Processor to End Customer |
1. Definitions.
All capitalized terms used in this DPA will have the meanings given to them herein, in applicable Data Protection Laws, or as set forth in the applicable Agreement between Runmergeand the Counterparty.
“Agreement” means the applicable terms between Runmergeand Counterparty regarding use of or integration with the Service.
“Controller” means the entity or Business which solely or jointly with other entities determines the purposes and means of the Processing of Personal Data, and for the purposes of this DPA is as set forth in the Roles table above.
“Data Breach” means a breach of security leading to accidental or unlawful destruction, loss, or alteration, unauthorized disclosure of, or access to, Personal Data Processed by Runmerge on behalf of Counterparty.
"Data Protection Laws” means all applicable data protection and privacy laws, their implementing regulations, regulatory guidance, and secondary legislation, each as updated or replaced from time to time, including, as they may apply: (i) the General Data Protection Regulation ((EU) 2016/679) (the “GDPR”) and any applicable national implementing laws; (ii) the UK General Data Protection Regulation (“UK GDPR”) and the UK Data Protection Act 2018; (iii) U.S. legislation (e.g., the California Consumer Privacy Act and the California Privacy Rights Act); and (iv) any other laws that may be applicable.
“Data Subject” means the identified or identifiable person to whom the Personal Data relates, as defined in the applicable Data Protection Laws.
“EU Standard Contractual Clauses” or “SCCs” or “Clauses” means the terms available at https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32021D0914&from=EN and promulgated pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council 4 June.
“Personal Data” means any information relating to a Data Subject that is subject to the Data Protection Laws and that Runmerge Processes on behalf of Counterparty as described in Section 4 of this DPA.
“Processing” has the meaning given to it in the Data Protection Laws and “process”, “processes” and “processed” will be construed accordingly.
“Processor” means the entity or Service Provider which Processes Personal Data on behalf of the Controller, as defined in the applicable Data Protection Laws and for the purposes of this DPA is as set forth in the Roles table above.
2. Compliance With Laws.
Each party will comply with the Data Protection Laws as applicable to it.