Skip to content
menu-toggle-new
menu-close-new
Login

Salesfuse Data Processing Addendum

Last Updated: July 30, 2023

This Data Processing Addendum (“DPA”) is a part of the Salesfuse’s Terms & Conditions, and sets forth the parties’ rights and obligations in respect of the processing of Company in relation to the Salesfuse Services, to the extent that the same is subject to Applicable Privacy and Data Protection Laws.

If there is any conflict between the terms of this DPA and the terms of the Agreement, the terms of this DPA shall prevail. If there is any conflict between the Standard Contractual Clauses and the terms of this DPA, the Standard Contractual Clauses shall prevail.

1. Definitions

1.1 Agreement” means subscription purchase, together with Salesfuse’s Terms & Conditions, available at https://Salesfuse.io/terms-and-conditions, unless there is a separately negotiated agreement for Salesfuse Services between you and Salesfuse, then “Agreement” means that agreement.

1.2 Applicable Privacy and Data Protection Laws” means collectively all local privacy and data protection laws, rules, and regulations that apply to the parties concerning the processing of Personal Data in connection with the Agreement, including, only to the extent applicable and when legally effective (including those that come into effect after the “Last Updated” date above): the California Consumer Privacy Act (including as amended by the California Privacy Rights Act of 2020) (“CCPA”); the European Union’s General Data Protection Regulation (“GDPR”)t; and the United Kingdom’s General Data Protection Regulation (“UK GDPR”).

1.3 “Company,” “you,” and “your” mean the Salesfuse customer that has entered into the Agreement for Salesfuse Services.

1.4 “Company User” means a Data Subject for whom Company initiates and administers a Salesfuse account, Data Subjects acting on behalf of Company to administer the Salesfuse Service, and users of the Linkedin platform (https://linkedin.com , further referred to as “LinkedIn”) whose data is being searched, collected and structured on Salesfuse Services.

1.5 “Company User Data” means the Personal Data of Company Users submitted to Salesfuse in connection with the Salesfuse Services.

1.6 “Controller” means the party that controls the purposes and means of processing, and shall include ‘controller’, ‘business’, and other similar terms under Applicable Privacy and Data Protection Laws.

1.7 “Data Subject” means ‘data subject’, ‘consumer’, or similar terms under Applicable Privacy and Data Protection Laws.

1.8 “Salesfuse Services” means the Salesfuse-branded online platform and other services provided by Salesfuse pursuant to subscription purchase, or other, by Company and that involves the transfer of Company User Data to Salesfuse.

1.9 “Personal Data” means all ‘personal data’, ‘personal information’, or similar terms under Applicable Privacy and Data Protection Laws.

1.10 “Processor” means a party that processes Personal Data on behalf of another party, and shall include ‘processor’, ‘service provider’, and other similar terms under Applicable Privacy and Data Protection Laws.

1.11 “Sensitive Data” means ‘sensitive personal information’, ‘sensitive data’, ‘special categories of personal data’, and Personal Data similarly classified under Applicable Privacy and Data Protection Laws.

1.12 “Standard Contractual Clauses” means the standard contractual clauses approved pursuant to the European Commission’s decision (EU) 2021/914 of 4 June 2021, populated in accordance with Section 8 of this DPA. For transfers of Personal Data subject to UK GDPR, the Standard Contractual Clauses also include the International Data Transfer Addendum to the EU Commission Standard Contractual Clauses (the “UK Addendum”), populated in accordance with Section 8 of this DPA.

1.13 “Salesfuse” means, for the purpose of this DPA, Salesfuse LLC, https://Salesfuse.io/ .

1.14 The terms “commercial purpose”, “personal data breach”, “process”, “sell”, “share”, and their cognates shall have the same meaning as under Applicable Privacy and Data Protection Laws.

 

2. Roles

2.1. To the extent Company User Data is subject to Applicable Privacy and Data Protection Laws, the parties agree that with respect to processing Company User Data in the provision of the Salesfuse Services, Company is the Controller, and Salesfuse is a Processor.

2.2. Company acknowledges and agrees that notwithstanding Section 2.1, Salesfuse and its affiliates may collect and process certain data directly from Data Subjects in their capacity as users of other Salesfuse Services. Though these Data Subjects may also be Company Users, Salesfuse acts as a Controller for Personal Data collected or submitted outside of the Salesfuse Services.

2.3. The parties agree and acknowledge that the subject matter and details of processing are set out in Annex I.

Terms of Processing by 

3.1. Salesfuse agrees that it will:

3.1.1. Process Company User Data only (a) for the provision of the Salesfuse Services to Company according to the written instructions set forth in the Agreement or as otherwise instructed by Company, and (b) as permitted as a Processor under Applicable Privacy and Data Protection Laws (collectively, the “Agreed Purposes”);

3.1.2. Ensure that anyone acting on its behalf will process Company User Data according to the provisions of this DPA and applicable data protection regulations, and is bound by an appropriate obligation of confidentiality;

3.1.3. Notify Company if Salesfuse becomes aware of any circumstance which would prevent it from fulfilling Company’s instructions under this DPA;

3.1.4. Notify Company if Salesfuse becomes aware that any applicable law or regulation prevents it from fulfilling the instructions received from Company and its obligations under this DPA;

3.1.5. Notify Company within the time period required by Applicable Privacy and Data Protection Laws if it determines it can no longer meet its obligations under Applicable Privacy and Data Protection Laws and allow Company to take reasonable and appropriate steps to stop and remediate unauthorized processing of Company User Data;

3.1.6. Upon Company’s request, provide information to reasonably enable Company to conduct and document data protection assessments; and

3.1.7. To the extent required under Applicable Privacy and Data Protection Laws, not more than once annually, allow and cooperate with reasonable assessments by Company or its designated assessor, to conduct an assessment of Salesfuse’s technical and organizational measures in support of the obligations under Applicable Privacy and Data Protection Laws using an appropriate and accepted control standard or framework and assessment procedure for such assessments, and subject to reasonable access and confidentiality restrictions. If Salesfuse engages its own assessor, it shall provide a summary report to Company upon request, which shall satisfy Salesfuse’s obligations under this Section 3.1.7.

3.2. Subject to Section 3.1.1., Salesfuse will not:

3.2.1. Sell or share the Company User Data;

3.2.2. Retain, use or disclose the Company User Data for any purpose other than the Agreed Purposes;

3.2.3. Retain, use or disclose the Company User Data outside of the direct business relationship between Company and Salesfuse; or

3.2.4. Combine Company User Data with Personal Data Salesfuse receives from other customers.

4. Terms of Processing by Company

4.1. Company agrees that it will:

4.1.1. Collect, use and process Company User Data in accordance with Applicable Privacy and Data Protection Laws, including obtaining any necessary consents, licenses, and approvals;

4.1.2. Have sole responsibility for the accuracy, quality, and legality of Company User Data and the means by which it was obtained; and

4.1.3. Not submit to Salesfuse or otherwise cause Salesfuse to Process any Sensitive Data. Without limiting Sections 4.1.1. and 4.1.2., Company acknowledges that Salesfuse will not assess the contents of Company User Data to identify information subject to any specific legal requirements.

Security & Compliance

5.1. Salesfuse shall implement reasonable technical, organizational and security measures to protect the privacy and security of the Company User Data.

5.2. Salesfuse shall assist Company, within reasonable timetables, by the appropriate measures and as reasonably possible (considering the nature of the processing and the information available to ), in complying with its obligations under Articles 32 to 36 of the GDPR.

5.3. Any storage and/or transfer of Company User Data by Company to any third party or platform other than Salesfuse shall be at the sole risk and responsibility of Company.

5.4. If Salesfuse becomes aware of any personal data breach affecting Company User Data, Salesfuse will, without undue delay, provide notification to Company in accordance with applicable regulations. Salesfuse’s notification of a personal data breach will not be deemed as an acknowledgment by Salesfuse of any fault or liability with respect to such an incident. In the event of a personal data breach, Company shall be obligated to take the measures required under applicable laws in connection with its Company User Data. Where requested, Salesfuse will assist Company with communicating with regulators regarding the personal data breach.

5.5. Upon reasonable written request, Salesfuse will make available to Company information necessary to demonstrate compliance with its obligations under this DPA and applicable law.

6. Sub-processors

6.1. Salesfuse is hereby generally authorized by Company to engage any sub-processor, provided that Salesfuse shall (i) ensure in each case that the sub-processor is bound by data protection obligations that are substantially the same as, and in any event no less onerous than those contained in this DPA; and (ii) subject to the terms of the Agreement (including but not limited to any limitations on liability agreed therein), remain fully liable to Company for the performance of that sub-processor’s obligations. For a list of current sub-processors, see Annex III.

6.2. Salesfuse shall notify Company of any intended changes concerning the addition or replacement of sub-processors, thereby giving Company the opportunity to object to such changes. Notice will be provided by email to the email address(es) submitted by Company. If Company objects to any sub-processing by Salesfuse, Company should immediately discontinue its use of the Salesfuse Services.

7. Individual Rights Requests

7.1. To the extent required under Applicable Privacy and Data Protection Laws, Salesfuse will take appropriate measures to assist Company in complying with its obligations under Applicable Privacy and Data Protection Laws in responding to Data Subject rights requests.

7.2. Salesfuse will notify Company when it receives a Data Subject rights request for erasure or access to information directed towards Company User Data. Company shall provide direction to Salesfuse regarding whether to fulfil such request.

8. International Transfers

8.1. Standard Contractual Clauses

8.1.1. Company understands and agrees that Salesfuse operates the Salesfuse Service primarily from the United States and as such, Company User Data will be transferred from Company’s location and/or the applicable Data Subject’s location to Salesfuse in the United States. Salesfuse will ensure such transfers are made in compliance with Applicable Privacy and Data Protection Law, including by relying on the Standard Contractual Clauses (Module 2: Transfer Controller to Processor), which are hereby incorporated into this DPA, and which are deemed to be completed, populated and incorporated as follows:

    • Clause 7: the optional clause is included;
    • Clause 11(a): the optional clause is disregarded;
    • Clause 13(a): For the competent supervisory authority;
    • Clause 17: the governing law shall be that of the United States; and
    • Clause 18: any dispute arising from the Standard Contractual Clauses shall be resolved by the courts in the State of Delaware applicable to agreements made and to be entirely performed within the State of Delaware, without regard to its conflict of law principles.

8.1.2. Company and Salesfuse agree that subscription purchase will constitute and have effect as signature of Annex IA and Annex II of the Standard Contractual Clauses in relation to any transfers falling within Section 8.1.1. that are required in relation to the Salesfuse Services, and which are set out in a relevant, fully and appropriately populated version Annex I, Annex II and Annex III (below) to the Standard Contractual Clauses together (where applicable) with an Addendum.

8.2. Supplementary Measures. If Salesfuse receives an order from any third party for compelled disclosure of Personal Data that has been transferred using the Standard Contractual Clauses, Salesfuse will:

8.2.1. Use every reasonable effort to redirect the third party to request the data directly from Company;

8.2.2. Promptly notify Company, unless prohibited by law;

8.2.3. Request a reasonable extension of time from the third party to allow Company to evaluate the request

If, after exhausting these steps, Salesfuse remains compelled to disclose Personal Data to a third party, Salesfuse will disclose only the minimum necessary to satisfy the request.

9. Term and Termination

9.1. This DPA shall be in effect for as long as Company uses any of the Salesfuse Services, provided however, that where Salesfuse is obligated, according to the terms of this DPA or any Salesfuse’s Terms & Conditions, to retain Company User Data following the termination or expiration of the Salesfuse Services, this DPA shall continue to be in effect for as long as Salesfuse holds such data.

9.2. Upon termination or expiration of the Agreement, and unless Salesfuse has a lawful basis to retain such Company User Data under Salesfuse’s Terms & Conditions, any agreement or applicable law, Salesfuse shall enable Company, through its admin account, to delete the Company User Data. If Company does not take any action to delete, Salesfuse will delete it when retention is no longer necessary for the purposes for which it was collected or required to be retained under applicable law.

9.3. Salesfuse shall have the right to amend and/or adjust any of the terms of this DPA as may be required from time-to-time, in order to comply with any applicable laws or regulations.

9.4. Any questions regarding this DPA or requests from Company to support the fulfilment of Data Subject rights requests should be addressed to info@Salesfuse.io. Salesfuse will attempt to resolve any complaints regarding the use of Company User Data in accordance with this DPA and Salesfuse’s Terms & Conditions.

9.5. In the event of inconsistency with the terms of this DPA and any other agreement between the parties, the terms of this DPA shall prevail.

Annex I: Details of the Processing

  1. List of Parties
Data exporter(s): Data Exporter is the Company identified in the associated Agreement.
Role (controller/processor): Controller
Data importer(s): Salesfuse, LLC
Address: 9716 Rea RD, St 149 Charlotte, NC 28217
Contact person’s name, position and contact details: B r i a n L a m b e r t, C E O, b l a m b e r t @ s a l e s f u s e .i o
Role (controller/processor): Processor
Activities relevant to the data transferred under these Clauses: In accordance with the Salesfuses’s Terms & Conditions, the associated Agreement agreed upon between Data Exporter and Data Importer.
Signature and date: The parties agree that subscription purchase constitutes signature of this Annex I. The date is according to the date of purchase.
  1. Description of Transfer
Subject matter: The subject matter of the data processing under this DPA is Company User Data.
Data subjects: The data subjects are Company Users.
Nature of the processing: Salesfuse processes Company User Data to provide the Salesfuse Services, including the provision of streamline services for marketing on the LinkedIn social network, which requires the processing of personal data of LinkedIn registered users by the Processor on behalf of the Controller
Duration: The duration of the processing is equal to the duration of Company’s use of the Salesfuse Services and associated agreement.
  1. Purpose of processing and Personal data categories
Purpose Category of personal data
To allow Controller to prepare and conduct LinkedIn marketing activities Profile photo, name, occupation, company, url, inbox messages, date and time of the message
To allow Controller to find people from its LinkedIn connections Profile link, profile picture, full name, status (contact / new contact / ex-contact / connection sent) type of connection (1st / 2nd / 3rd / group connections), occupation, tags, connected since, campaign assigned, filter words from profile
To allow Controller to automate interactions with LinkedIn contacts Inbox messages, connection status (contact / new contact / connect requested), message status (email required / no interaction / awaiting reply / replied) name of message recipient, date and time when the message was sent
To allow Controller to find people on LinkedIn Profile picture, name, occupation, company, url, post engagement, post author
To allow Controller to track the status of its connection requests on LinkedIn  Profile picture, name, occupation, tags, actions
To allow Controller to sort its LinkedIn connections  Name, campaign affiliation, tags, actions to be done
To allow Controller to integrate third-party tools LinkedIn Controller data from and a third-party tool: name, event, campaign, tags, target url, history, time delta, test
To allow Controller to import its LinkedIn contacts and blacklists to Processor’s platform Contact id, first name, last name, profile link, job title, company name, email, phone, address, image link, tags, contact status, conversation status, object urn, public identifier, profile link public identifier, message thread link, invited at, connected at
To allow Controller to analyse whether a LinkedIn contact responded to its message positively Conversation status (success / failure)
To allow Controller to export LinkedIn publicly available data found via Processor’s platform  First Name, Last Name, Campaign Name, Profile Url, Occupation, Current Company, Email, Phone, Country, Website, Twitter, Business Email, Last Step Execution, Status, Lead Tags, Lead Conversation, Is Connection Accepted Detected
To allow the Controller to analyse the efficiency of its social/marketing activities on LinkedIn Day-by-day (periodical) statistics, total statistics, communication statistics, campaign statistics, task statistics based on personal data listed above
  1. Competent Supervisory Authority

Annex II: Technical and Organizational Measures to Ensure the Security of the Data

 maintains internal Information Security and Privacy Policies. These policies include standards for information security management as required by the EU’s General Data Protection Regulation (GDPR) and other privacy or data security laws, regulations, or standards. The following spotlight controls demonstrate Salesfuse’s information security framework: 

  • Monitoring of API endpoints; 
  • Limitation and management of access rights to personal data; 
  • SSH protocol for accessing LinkedIn login data; 
  • Database encryption at-rest; 
  • VPN for accessing servers; 
  • Secure (https://) connection; 
  • Compliance with password protection and management, access control policies;
  • Usage of antivirus software and firewalls; 
  • Employees are aware of and trained on their respective data protection responsibilities; 
  • Regular back-ups of the data processed. 

Annex III: Sub-Processors

The Controller has provided a general authorization for use of sub-processors per Section 6.1 of the DPA. The Sub-processors currently engaged by Processor and authorized by Controller are:

Sub-Processor Function Corporate Location
Amazon Web Services, Inc Cloud infrastructure hosting and data warehouse provider United States