Data Processing Addendum - If Else Cloud

This Data Processing Addendum (the Addendum) forms part of the If Else Cloud Terms of Use (and any ancillary or related documentation), as updated or amended from time to time (the Agreement), between you, the Customer (as defined below) and If Else Cloud. All capitalised terms not defined in this Addendum have the meaning set out in the Agreement.

This addendum only applies if and to the extent If Else Cloud processes personal data on behalf of a Customer that qualifies as a controller with respect to that personal data under the Applicable Data Protection Law (as defined below). If the Customer had entered into earlier data processing terms with If Else Cloud, those terms are replaced by this Addendum.

Data Protection

1. Definitions
   In this Addendum, the following terms have the following meanings:
   1. Controller, processor, data subject, personal data, processing (and process) and special categories of personal data have the meanings given in Applicable Data Protection Law.
   2. Applicable Data Protection Law means the EU General Data Protection Regulation (Regulation 2016/679) (the GDPR) and any applicable national laws made under the GDPR.
   3. The customer has the same meaning as ‘you’ in the If Else Cloud Terms of Use.
2. Relationship of the parties
   The Customer (the controller) appoints If Else Cloud as a processor to process the personal data described in Annex B (the Data) only on the controller’s documented instructions (and as per the terms set out in this Addendum) for the purposes described in the Agreement or as otherwise agreed in writing by the parties (the Permitted Purpose). Each party must comply with the obligations that apply to it under Applicable Data Protection Law.
3. Prohibited data
   Unless explicitly requested by If Else Cloud to do so, the Customer will not disclose (and will not permit any data subject to disclose) any special categories of personal data to If Else Cloud for processing.
4. International transfers
   If Else Cloud will not transfer the Data outside of the European Economic Area (EEA) unless it has taken such measures as are necessary to ensure the transfer is in compliance with Applicable Data Protection Law. Such measures may include (without limitation) transferring the Data to a recipient in a country that the European Commission has decided provides adequate protection for personal data (eg, New Zealand) or to a recipient that has executed standard contractual clauses adopted or approved by the European Commission.
5. Confidentiality of processing
   If Else Cloud will ensure that any person it authorizes to process the Data (an Authorised Person) will protect the Data in accordance with If Else Cloud’s confidentiality obligations under the Agreement.
6. Security 
   If Else Cloud will implement technical and organizational measures, as set out in Annex A, which may be amended and updated from time to time, to protect the Data
   1. From accidental or unlawful destruction, and
   2. Loss, alteration, unauthorized disclosure of, or access to the Data (a Security Incident).
7. Subcontracting
   The Customer consents to If Else Cloud engaging third-party subprocessors to process the Data for the Permitted Purpose provided that:
   1. If Else Cloud maintains an up-to-date list of its subprocessors, which is available at the end of this document, which it will update with details of any change in sub-processors at least 30 days prior to the change;
   2. If Else Cloud, prior to appoint any subprocessor, ensures to a reasonable degree, that the subprocessors protect the Data to the standard required by Applicable Data Protection Law; and
   3. If Else Cloud is not liable for any breach of this Addendum that is caused by an act, error or omission of its subprocessor. The Customer may object to If Else Cloud’s appointment or replacement of a subprocessor prior to its appointment or replacement, provided such objection is based on reasonable grounds relating to data protection. In such an event, If Else Cloud will either not appoint or replace the subprocessor or, if If Else Cloud determines at its sole discretion that this is not reasonably possible, the Customer may suspend or terminate the Agreement without penalty (without prejudice to any fees incurred by the Customer up to and including the date of suspension or termination).
8. Cooperation and data subjects' Rights
   If Else Cloud will provide reasonable and timely assistance to the Customer (at the Customer’s expense) to enable the Customer to respond to:
   1. Any request from a data subject to exercise any of its rights under the Applicable Data Protection Law; and
   2. Any other correspondence, enquiry or complaint received from a data subject, regulator or other third party in connection with the processing of the Data. If any such request, correspondence, enquiry or complaint is made directly to If Else Cloud, If Else Cloud will promptly inform the Customer, providing full details.
9. Data Protection Impact Assessment
   If Else Cloud believes or becomes aware that its processing of the Data is likely to result in a high risk to the data protection rights and freedoms of data subjects, it will inform the Customer and provide reasonable cooperation to the Customer in connection with any data protection impact assessment that may be required under Applicable Data Protection Law.
10. Security incidents
    If it becomes aware of a confirmed Security Incident, If Else Cloud will inform the Customer without undue delay and will provide reasonable information and cooperation to the Customer so that they can fulfil any data breach reporting obligations they may have under (and in accordance with the timescales required by) Applicable Data Protection Law.  If Else Cloud will further take reasonably necessary measures and actions to remedy or mitigate the effects of the Security Incident and keep the Customer informed of all material developments in connection with the Security Incident.
11. Deletion or return of Data
    If Else Cloud will retain the Data for a period of 7 years after a subscription is terminated in case the Customer later needs access to it. On the expiry of this period or on the Customer’s earlier request, If Else Cloud will delete or return the Data in a manner and form decided by If Else Cloud, acting reasonably.  This requirement will not apply to the extent that If Else Cloud is required by applicable law to retain some or all of the Data, or to Data it has archived on back-up systems, which Data If Else Cloud shall securely isolate and protect from any further processing.

If Else Cloud Data Subprocessors

We use a few different third-party subprocessors to help us provide our services to you. These subprocessors process data that you input into the services, which may include personal data. Here we’ve set out some info on who these subprocessors are and what services they provide. We can update the subprocessors in the future and will update this list. Please check back regularly.

If Else Cloud other URLs:

If Else Cloud - Privacy notice

If Else Cloud - Cookie notice

If Else Cloud - Support and Maintenance Plan

If Else Cloud – Terms and Conditions