Data Processing Addendum

This Data Processing Addendum applies to any content that Customer or any of Customer’s authorized users upload to Customer’s Castle One account (“Content”).

The parties agree as follows:

  1. Castle One is prohibited from retaining, using, collecting or disclosing Content for any purpose except to perform the Services requested by Customer pursuant to any applicable Agreement, with Customer’s express consent, or as elsewhere provided in this Addendum;
  2. Castle One will not sell any Content;
  3. If it is necessary for Castle One to access or view Content for any reason, Castle One will notify Customer by sending an email to Customer’s email account on file prior to accessing Content;
  4. Castle One will promptly and irrevocably delete or destroy all copies of Content upon Customer’s request or as provided in any applicable Agreement;
  5. Customer is responsible for complying with all applicable laws in the collection, use, processing, transfer, disclosure or other handling of personal information or other data contained within Content. If any Content is subject to any heightened requirements under applicable law, Customer is responsible for: (1) informing Castle One of any applicable laws; and (2) informing Castle One of its obligations as a Service Provider of Content under applicable law. Customer agrees to indemnify and hold harmless Castle One, including reasonable attorneys’ fees, in the event Customer fails to do so and/or if Customer has failed to fulfill its data handling obligations under applicable law;
  6. Castle One will promptly (and in any case, within five days) notify Customer of requests from individuals who are exercising their data privacy rights under applicable law and shall assist Customer responding to such requests;
  7. Customer authorizes Castle One to disclose Content to, or allow access to Content by, third parties solely: (i) for the purposes of fulfilling its obligations under this Agreement; (ii) when required to do so by law; (iii) when Castle One believes in good faith that disclosure is reasonably necessary to protect the property or rights of Castle One, third parties, or the public at large; or (iv) if Castle One buys or sells assets to be used by the acquiror in accordance with this DPA. Castle One agrees to impose obligations comparable to those contained in this DPA on any third party prior to disclosing Content;
  8. Castle One has in place reasonable technical, organizational, and physical safeguards that protect Content against unauthorized loss or destruction of Content;
  9. In the event of a data breach that is not caused by the actions or inactions of Customer, Castle One shall handle the costs of notifying any individuals or government agencies that are required to be notified under applicable law and shall have no other liability or obligation. Customer shall cover the full costs of a data breach that is caused by any action or inaction of Customer or its employees;
  10. This DPA supplements and does not replace any existing obligations on Castle One related to the privacy and security of Content. The obligations of this DPA shall survive for as long as Castle One holds or processes Content.

Subscribe to our newsletter

Hear from us once a month with product updates and company news.

© 2021 Castle One. All rights reserved.