Data Processing Addendum

Last updated: September 28, 2017.

This Data Processing Addendum (“DPA“) forms part of the Terms of Service (“Terms of Service”) between Ltd. an Israeli corporation with a business office located at 1 Shenkar St. Herzlia, Israel and its Affiliates (“”) and the Customer whose details are indicated in the Order Form (“Customer”) as set forth in the signature block below, to reflect the parties’ agreement with regard to the Processing of Personal Data. All capitalized terms not defined herein will have the meaning set forth in the Terms of Service.


In the course of providing the Service to Customer pursuant to the Terms of Service, may Process Personal Data on behalf of Customer. agrees to comply with the following provisions with respect to Personal Data processed by as part of the Service for Customer.

1.1 “Affiliate” means any legal entity directly or indirectly controlling, controlled by or under common control with a party to the Terms of Service, where “control” means the ownership of a majority share of the voting stock, equity or voting interests of such entity.

1.2 “ Information Security Policy” means the information security documentation applicable to the specific Service purchased by Customer, as updated from time to time, and made available by upon request.

1.3 “Individual” means a natural person to whom Personal Data relates, also referred to as “Data Subject” pursuant to EU data protection Laws and regulations.

1.4 “Other Parties to the Call” – parties to Customer’s phone calls, video calls and online demos, other than Personnel.

1.5 “Personal Data” means data about an identified or identifiable Individual.

1.6 “Personnel” means the employees, agents, consultants and contractors of Customer and Customer’s Affiliates.

1.7 “Privacy Laws and Regulations” means all US federal and state privacy laws and regulations, Israeli privacy laws and regulations and data protection laws and regulations of the European Union, applicable to the Processing of Personal Data under the Terms of Service.

1.8 “Privacy Shield” means the EU-US Privacy Shield Framework, as administered by the U.S. Department of Commerce and approved by the European Commission pursuant to Decision C(2016)4176 of July 12, 2016.

1.9 “Privacy Shield Principles” mean the Privacy Shield Principles, as supplemented by the Supplemental Principles and contained in Annex II to the European Commission Decision C(2016)4176 of July 12, 2016, as may be amended, superseded or replaced.

1.10 “Process” or “Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.

1.11 “Service Notice” – means a clear written or recorded notice about the Service and Customer’s use thereof, which at a minimum provides that the Service is a speech analytics tool, it enables Customer to record, analyze and share for a limited period of time the recordings of phone calls, video calls and online demos (as applicable), including associated data and documentation (if applicable), and further includes information as required under the applicable law.


2.1 Scope and Roles. This DPA applies when Personal Data is Processed by as part of’s provision of Service, as further specified in the Terms of Service and the applicable Order Form. In this context, to the extent that EU Privacy Laws and Regulations apply to the Personal Data that processes for Customer under the Terms of Service, Customer is the Data Controller and and applicable Affiliates are the Data Processor under such laws and regulations.

2.2 Customer’s Processing of Personal Data. Customer’s instructions to to Process Personal Data will comply with Data Protection Laws and Regulations. Customer will have sole responsibility for the accuracy, quality, and legality of Personal Data, the means by which Customer acquired Personal Data, and Customer permissions to Process Personal Data pursuant to this DPA.

2.3 Instructions for’s Processing of Personal Data. will only Process Personal Data on behalf of and in accordance with Customer’s instructions. Customer instructs to Process Personal Data for the following purposes: (i) Processing in accordance with the Terms of Service and applicable Order Forms; and (ii) Processing to comply with other reasonable instructions provided by Customer where such instructions are consistent with the terms of the Terms of Service and comply with applicable Privacy Laws and Regulations. Processing outside the scope of this DPA (if any) will require prior written agreement between and Customer on additional instructions for processing, including agreement on any additional fees Customer will pay to for carrying out such instructions.

2.4 Processing for Legitimate Purposes. Notwithstanding, may Process Personal Information for legitimate business purposes, including archiving, back-up and disaster recovery, cyber security, operations, control, improvements and development of’s Service, fraud and service misuse prevention and legal and administrative proceedings.


3.1 Requests. will, to the extent legally permitted, promptly notify Customer if it receives a request from an Individual, who’s Personal Data is included in Customer’s Personal Data, or a request by the Individual’s legal guardians, to exercise the right to access, correct, amend or delete Personal Data related to the Individual, or to exercise such other personal right that the Individual is entitled to pursuant the applicable Privacy laws and Regulations.

3.2 Assistance. will provide Customer with commercially reasonable cooperation and assistance in relation to handling the Individual’s request, to the extent legally permitted and to the extent Customer does not have access to such Personal Data through its use of the Service. Except if not permitted under the applicable Privacy Laws and Regulations, Customer will reimburse with any costs and expenses related to’s provision of such assistance.


4.1 Limitation of Access. will ensure that’s access to Personal Data is limited to those personnel who require such access to perform the Terms of Service.

4.2 Confidentiality. will impose appropriate contractual obligations upon its personnel engaged in the Processing of Personal Data, including relevant obligations regarding confidentiality, data protection and data security. will ensure that its personnel engaged in the Processing of Personal Data are informed of the confidential nature of the Personal Data, have received appropriate training in their responsibilities, and have executed written confidentiality agreements. will ensure that such confidentiality agreements survive the termination of the employment or engagement of its personnel.


5.1 Affiliates. Some or all of’s obligations under the Terms of Service may be performed by Affiliates.

5.2 Agents. Customer acknowledges and agrees that: (i)’s Affiliates may retain Process Personal Data on’s behalf to perform the Service under the Terms of Service; and (ii) and’s Affiliates respectively may engage third-party service providers in the performance of the Service. All Affiliates and agents to whom transfers Personal Data to provide the Service have entered into written agreements with or other binding instruments that bind them by substantially the same material obligations under this DPA.

5.3 Liability. will be liable for the acts and omissions of its Affiliates and agents to the same extent would be liable if performing the Service of each Affiliate or agent directly under the terms of this DPA, except as otherwise set forth in the Terms of Service.

5.4 Consent. Customer consents to’s use of Affiliates and agents in the performance of the Service in accordance with the terms of this Section 5.


6.1 Ltd. complies with Israeli Privacy Laws and Regulations. Transfer of Personal Data related to EU Individuals to Israel is made in accordance the EU Commission decision 2011/61/EU of January 31, 2011, on the adequate protection of personal data by the State of Israel with regard to automated processing of personal data.

6.2 Inc. (a Ltd. Affiliate) self-certifies to and complies with the Privacy Shield and will maintain its self-certification to and compliance with the Privacy Shield throughout the terms of Terms of Service.

6.3 All Affiliates and agents to whom transfers Personal Data to provide the Service are certified to the Privacy Shield, or provide at least the same level of protection for the Personal Data as is required by the relevant principles of the Privacy Shield and comply with the requirements under the Privacy Shield for the onward transfer of Personal Data to agents.

6.4 If the Privacy Shield is revoked, or if or any of its Affiliates and agents are no longer able to continue complying with the Privacy Shield, then will take such measures to continue facilitating the lawful Processing of Personal Data related to EU Individuals by, and its Affiliates and agents.


7.1 Controls. will maintain administrative, physical and technical safeguards for the protection of the security, confidentiality and integrity of Customer’s Personal Data, pursuant to the Information Security Policy. regularly monitors compliance with these safeguards. will not materially decrease the overall security of the Service during the term of the Terms of Service.

7.2 Policies, Certifications and Audit Reports. uses external auditors to verify the adequacy of its security measures. The internal controls of the Service are subject to periodic testing by such auditors and are based on the Statement on Standards for Attestation Engagements (SSAE) No. 16 Service Organisation Control (SOC2) report. Upon Customer’s written request at reasonable intervals and subject to confidentiality limitations, will make available to Customer that is not a competitor (or to a third party auditor on Customer’s behalf, that is not a competitor and subject to the auditor’s execution of’s non-disclosure agreement), the then most recent version of the Information Security Policy summaries of third-party audit or certification reports commonly made available to Customers.


8.1 Breach prevention and management. will maintain security incident management policies and procedures and will, to the extent permitted by law, promptly notify Customer of any actual or reasonably suspected unauthorized access to, acquisition of, or disclosure of Customer Personal Data, by or its Affiliates or agents of which becomes aware (a “Security Incident”).

8.2 Remediation. To the extent that a Security Incident is caused by a violation of the requirements of this DPA by, will make reasonable efforts to identify and remediate the cause of such Security Incident.


Customer undertakes to provide adequate notices to Individuals about the Processing of their Personal Data pursuant to this DPA. To the extent required under the applicable Privacy Laws and Regulations, Customer will receive and document the appropriate consent from the Individuals to the Processing of their Personal Data under this DPA, provide a clear notice of’s Privacy Shield Privacy Policy, which is published at: privacy policy and receive and document the Individuals’ consent to the privacy policy.


10.1 Data Deletion. will return Customer Personal Data to Customer or delete such data in accordance with the procedures and timeframes specified in the’s data retention and destruction policies and procedures. At Customer’s request, will state in writing that it has completed the deletion of the Customer Personal data from its systems.

10.2 Data Retention. Notwithstanding, Customer acknowledges and agrees that may retain copies of Customer Personal Data as necessary in connection with its routine backup and archiving procedures and to ensure compliance with its legal obligations and its continuing obligations under the applicable law, including to retain data pursuant to legal requirements and to use such data to protect, its Affiliates, agents and any person on their behalf in court and administrative proceedings, and for investigations and inspections related to the use of’s services.

11. ANONYMIZED AND AGGREGATED DATA may process data based on extracts of Personal Data on an aggregated and non-identifiable forms, for’s legitimate business purposes, including for testing, development, controls and operations of the Service, and may share and retain such data at’s discretion.


Each party’s and its Affiliates’ liability arising out of or related to this DPA (whether in contract, tort or under any other theory of liability) is subject to the section ‘Limitation of Liability’ of the Terms of Service, and any reference in such section to the liability of a party means that party and its Affiliates in the aggregate.

13. TERM

This DPA will commence on the same date that the Terms of Service are effective, and will continue until the Terms of Service are expired or terminated, pursuant to the terms therein.


14.1’s compliance team is responsible to make sure that all relevant’s personnel adhere to this DPA.

14.2’s compliance team can be reached at:

Last updated: September 28, 2017.