Privacy Policy

Attender Privacy Policy Statement

EU Standard Contractual Clauses

To the extent applicable, the parties will abide by the requirements of European Economic Area and Swiss

data protection law regarding the collection, use, transfer, retention, and other processing of Personal Data

from the European Economic Area and Switzerland. All transfers of Customer Data out of the European

Union, European Economic Area, and Switzerland will be governed by the Standard Contractual Clauses, as

designated by the European Commission, made available by the Publisher at the applicable URL for such

terms or as otherwise communicated to Customer.

Personal Data

Customer consents to the processing of Personal Data by Publisher and its Affiliates, and their respective

agents and Subcontractors, as provided in this Agreement. Before providing Personal Data to Publisher,

Customer will obtain all required consents from third parties (including Customer’s contacts, partners,

distributors, administrators, and employees) under applicable privacy and Data Protection Laws.

Processing of Personal Data GDPR

To the extent Publisher is a processor or subprocessor of Personal Data subject to the GDPR, the Standard

Contractual Clauses govern that processing and the parties also agree to the following terms in this

subsection (“Processing of Personal Data; GDPR”):

  1. Processor and Controller Roles and Responsibilities. Customer and Publisher agree that Customer

is the controller of Personal Data and Publisher is the processor of such data, except when (a)

Customer acts as a processor of Personal Data, in which case Publisher is a subprocessor or (b)

stated otherwise in any Offering-specific terms. Publisher will process Personal Data only on

documented instructions from Customer. In any instance where the GDPR applies and Customer is a

processor, Customer warrants to Publisher that Customer’s instructions, including appointment of

Processor as a processor or subprocessor, have been authorized by the relevant controller.

  1. Processing Details. The parties acknowledge and agree that:
  2. the subject-matter of the processing is limited to Personal Data within the scope of the GDPR; the duration of the processing will be for the duration of the Customer’s right to use the

Offering and until all Personal Data is deleted or returned in accordance with Customer

instructions or the terms of this Agreement;

  1. the nature and purpose of the processing will be to provide the Offering pursuant to this


  1. the types of Personal Data processed by the Offering include those expressly identified in

Article 4 of the GDPR; and

  1. the categories of data subjects are Customer’s representatives and end users, such as

employees, contractors, collaborators, and customers, and other data subjects whose

Personal Data is contained within any data made available to Publisher by Customer.

  1. Data Subject Rights; Assistance with Requests. Publisher will make information available to

Customer in a manner consistent with the functionality of the Offering and Publisher’s role as a

processor of Personal Data of data subjects and the ability to fulfill data subject requests to exercise

their rights under the GDPR. Publisher will comply with reasonable requests by Customer to assist

with Customer’s response to such a data subject request. If Publisher receives a request from

Customer’s data subject to exercise one or more of its rights under the GDPR in connection with an

Offering for which Publisher is a data processor or subprocessor, Publisher will redirect the data

subject to make its request directly to Customer. Customer will be responsible for responding to any

such request including, where necessary, by using the functionality of the Offering. Publisher will

comply with reasonable requests by Customer to assist with Customer’s response to such a data

subject request.

  1. Use of Subprocessors. Customer consents to Publisher using the subprocessors listed at the

applicable Publisher URL or as otherwise communicated to Customer. Publisher remains responsible

for its subprocessors’ compliance with the obligations herein. Publisher may update its list of

subprocessors from time to time, by providing Customer at least 14-days notice before providing any

new subprocessor with access to Personal Data. If Customer does not approve of any such changes,

Customer may terminate any subscription for the affected Offering without penalty by providing, prior

to expiration of the notice period, written notice of termination that includes an explanation of the

grounds for non-approval.

  1. Records of Processing Activities. Publisher will maintain all records required by Article – 4 – 30(2) of

the GDPR and, to the extent applicable to the processing of Personal Data on behalf of Customer,

make them available to Customer upon request.




  1. Confidential Information. “Confidential Information” is non-public information that is designated

“confidential” or that a reasonable person should understand is confidential, including, but not limited

to, Customer Data, the terms of this Agreement, and Customer’s account authentication credentials.

Confidential Information does not include information that: (1) becomes publicly available without a

breach of a confidentiality obligation; (2) the receiving party received lawfully from another source

without a confidentiality obligation; (3) is independently developed; or (4) is a comment or suggestion

volunteered about the other party’s business, products or services.

  1. Protection of Confidential Information. Each party will take reasonable steps to protect the other’s

Confidential Information and will use the other party’s Confidential Information only for purposes of the

parties’ business relationship. Neither party will disclose Confidential Information to third parties,

except to its Representatives, and then only on a need-to-know basis under nondisclosure obligations

at least as protective as this Agreement. Each party remains responsible for the use of Confidential

Information by its Representatives and, in the event of discovery of any unauthorized use or

disclosure, must promptly notify the other party.

  1. Disclosure required by law. A party may disclose the other’s Confidential Information if required by

law, but only after it notifies the other party (if legally permissible) to enable the other party to seek a

protective order.

  1. Duration of Confidentiality obligation. These obligations apply: (1) for Customer Data, until it is

deleted by Publisher; and (2) for all other Confidential Information, for a period of five years after a

party receives the Confidential Information.