{"id":4913,"date":"2026-03-02T10:27:54","date_gmt":"2026-03-02T10:27:54","guid":{"rendered":"https:\/\/wp.pietential.com\/?page_id=4913"},"modified":"2026-03-07T09:17:57","modified_gmt":"2026-03-07T03:47:57","slug":"data-protection-addendum","status":"publish","type":"page","link":"https:\/\/pietential.com\/es\/data-protection-addendum\/","title":{"rendered":"Data Protection Addendum"},"content":{"rendered":"\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Data Protection Addendum<\/h1>\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

This Data Protection Addendum (\u201cDPA\u201d) is made a part of your Subscriber Terms of Use (\u201cTerms\u201d), and governs solely to the extent that: (a) you, or any person (\u201cPerson\u201d) from whom Pietential collects Personal Data (defined below), is located in the European Economic Area (\u201cEEA\u201d), the United Kingdom (“UK”), Canada, or Australia; (b) you and\/or such Person is subject to Data Protection Laws (defined below); and (c) your access and use of the Pietential Platform involve the collection or processing of the Personal Data of an individual located in the EEA, the UK, Canada, or Australia. To the extent this DPA applies, and in consideration of the mutual obligations set out in this DPA, you and Pietential agree that this DPA is a binding part of the Terms.<\/p>

Except as modified in this DPA, the terms and conditions of the Terms shall remain in full force and effect. If there is any conflict between this DPA and the Terms regarding Pietential\u2019s privacy or security obligations, the provisions of this DPA shall control. Unless expressly defined in the DPA, all capitalized terms used herein will have the meaning assigned to them in the Terms.<\/p>

Purpose:<\/strong>\u00a0<\/strong>The purpose of compliance with Data Protection Laws concerning the processing of Personal Data on behalf of Pietential Platform users located in European Union (\u201cEU\u201d) Member States or members of the European Economic Area, the UK, Canada, and Australia, and incorporates (to the extent applicable) the terms of the EU Standard Contractual Clauses (\u201cSCCs\u201d). \u201cData Protection Law\u201d means, as applicable, the European General Data Protection Regulation (EU 2016\/679) (\u201cGDPR\u201d), including applicable laws implementing or supplementing the GDPR and as transposed into domestic legislation of Member States, as amended, replaced or superseded from time to time); the UK Data Protection Act of 2018, the Australian Privacy Principles and the Australian Privacy Act (1988); or the Canadian Federal Personal Information Protection and Electronic Documents Act. The terms P rocessor, Controller, processing (and process), personal data breach, data protection impact assessment and Personal Data shall have the meanings set out in Data Protection Laws. The term \u201c Personal Data\u201d includes: first and last name, email address, telephone number, mailing address, and other information necessary to identify an individual for purposes of assisting Pietential with providing use of the Pietential Platform.<\/p>

Context and Scope of Personal Data Processing:<\/strong>\u00a0<\/strong>In order to provide the Subscribers with access and use of the Pietential Platform, it may be necessary for Pietential to collect Personal Data of such an individual or an employee or other representative or user of the Subscriber (each, a \u201cCustomer Representative\u201d). Such data is collected when Customer Representatives provide their Personal Data directly to Pietential as an account holder, a designated point of contact between Subscriber and Pietential, or a user under the Subscriber account. That data is subsequently used by Pietential solely to provide access to the Pietential Platform and the Pietential Services under the Terms, or as may be necessary to assist with any requests regarding use and proper operation of the Pietential Platform.<\/p>

Obligations under Data Protection Laws:<\/strong><\/p>

a. Processing as a Controller. Generally, Pietential shall act as the Controller of the Personal Data of each Customer Representative. As a Controller, Pietential will comply with all data protection requirements under the Data Protection Laws applicable to the Personal Data. Without limiting the foregoing, as a controller of the Personal Data, Pietential shall be responsible for providing notifications to, and respond to inquiries and requests from, the Customer Representatives; provided, however, that to the extent necessary, the Subscriber shall reasonably cooperate with Pietential for the purpose of responding to requests by Customer Representatives or any government authorities and of generally complying with Pietential ‘s obligations under the Data Protection Laws. To the extent applicable, nothing herein relieves the Subscriber of their own obligations under the applicable Data Protection Laws. The parties are not entering a relationship of joint controllership.<\/p>

b. Processing as a Processor. In the event any personal data is processed by Pietential as a Processor, the parties shall specifically identify such personal data and the purposes of processing, as well as the measures undertaken to protect such data, by completing Appendix B (Controller-to-Processor). As a Processor, Pietential shall only process Personal Data in accordance with the Customer Representative\u2019s documented instructions. As required under Data Protection Laws, Pietential shall assist the Customer Representative, where appropriate, in ensuring compliance with the Customer Representative\u2019s obligations pursuant to Data Protection Laws, taking into account the nature and scope of Pietential\u2019s Personal Data processing, which may include providing commercially reasonable cooperation and assistance with: (a) data subject requests (see below); (b) notifications or communications regarding personal data breaches; (c) data protection impact assessments; and (d) prior consultations with supervisory authorities.<\/p>

With respect to any Personal Data processed by Pietential as a Processor pursuant to this DPA, Pietential shall: (a) in the event Pietential engages trusted third parties to process Personal Data (\u201cTrusted Parties\u201d), seek the prior specific or general written authorization of the Controller, which is hereby given in respect of any Trusted Parties expressly listed below (and in the case of general written authorization, the Processor shall inform the Controller of any intended changes concerning the addition or replacement of Trusted Parties, thereby giving the Controller the opportunity to object to such changes); (b) unless prohibited under applicable law, upon termination of the Services, at its option, either return or destroy the Personal Data (including all copies of it); (c) ensure that all persons authorized by Pietential to access the Personal Data on Pietential \u2019s behalf, are subject to obligations of confidentiality in accordance with confidentiality obligations set forth in the Terms; (d) remain fully liable to the Customer Representative or Subscriber for the failure of those persons authorized by Pietential to access the Personal Data on Pietential \u2019s behalf; and, (e) make available such information as may be necessary to demonstrate compliance with its obligations under Article 28 of the GDPR and will (at the Customer Representative\u2019s cost and expense) contribute to and allow for appropriate reasonable audits.<\/p>

The Trusted Parties currently engaged to process Personal Data on behalf of Pietential include the following:.<\/p>

Security:<\/strong>\u00a0<\/strong>Pietential limits its collection of Personal Data to only that which is relevant for purpose of providing the services under the Terms and retains Personal Data in a form that permits identification of data subjects (defined below) for no longer than is necessary to serve that purpose. Where no defined or legal retention period exists, the default standard retention period is six (6) years plus the year in which the record was created. Pietential shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data, taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.<\/p>

Data Subject Rights:<\/strong>\u00a0<\/strong>Within the scope of Data Protection Laws, Customer Representatives located in the EEA, the UK, Canada, or Australia (\u201cdata subjects\u201d) may have certain rights that they may exercise, based on jurisdiction, in relation to the processing of their Personal Data. Where applicable, these rights include: the right to access, correct, update, and delete that data subject\u2019s Personal Data, to withdraw any consent to processing, to opt out of communications, to restrict processing of Personal Data, and to make any claim or complaint in relation to their rights under Data Protection Laws, Pietential shall respond to and offer reasonable assistance in responding to data subjects\u2019 requests to exercise their data protection rights in accordance with applicable Data Protection Laws.<\/strong><\/p>

Cross Border Data Transfer Mechanisms<\/strong>\u00a0<\/strong>: To the extent your access and use of the Pietential Platform requires an onward transfer mechanism to lawfully transfer personal data from a jurisdiction to Pietential outside of that jurisdiction, the terms set forth in this section will apply. In the event your access and use of the Pietential Platform is covered by more than one transfer mechanism, the transfer of Personal Data will be subject to a single transfer mechanism in accordance with the following order of precedence: (a) the applicable SCCs as set forth in this section; and, if not applicable, then (b) other applicable data transfer mechanisms permitted under Data Protection Laws.<\/p>

EU Standard Contractual Clauses<\/strong><\/p>

a.<\/strong>\u00a0<\/strong>Controller-to-Controller<\/strong>\u00a0<\/strong>: Generally, and unless otherwise specifically identified in Appendix B (Controller to Processor) of this Addendum, all transfers of Personal Data from Subscriber to Pietential shall be deemed a controller-to-controller transfer and shall be made pursuant to Module 1 of the Standard Contractual Clauses adopted by the European Commission on June 4, 2021, as currently set out at in the Annex\u00a0here<\/span><\/a>(collectively, the \u201c Controller SCCs\u201d).<\/p>

b.<\/strong>\u00a0<\/strong>Controller-to-Processor:<\/strong>\u00a0<\/strong>Where Personal Data is transferred from Subscriber to Pietential on a controller-to-processor basis as specifically set forth in Appendix B (Controller to Processor) of this Addendum, the transfer shall be made pursuant to Module 2 of the Standard Contractual Clauses adopted by the European Commission on June 4, 2021, as currently set out in the Annex\u00a0here<\/span><\/a>(collectively, the \u201c Processor SCCs\u201d).<\/p>

The parties agree to observe the terms of the Processor SCCs without modification, except as to the following selections:<\/p>