Overview of PASERO's personal data handling

When visiting the website, PASERO-MI Ltd. collects Personal Data on its visitors and registered users. We don’t sell your Personal Data to anybody. Read this quick overview or go to the full privacy policy here:

Registration and billing

- To provision you the service
  • Personal data: name, email address, billing information
  • Third Parties used: Amazon Web Services, ProtonMail, online payment&accounting service provider, accountant
  • Retention: 8 years if required by law
  • find out more

Visitors and cookies

- For user experience & statistics
  • Personal data: IP, browser info, webpage usage information
  • Third Parties used: Amazon Web Services, Google Analytics
  • Retention: 90 days
  • find out more


- Personal data you might upload when using the service
  • Personal data: contract signatories and contacts, name and email address of users, e-mail address of your customers, free text within comments and descriptions
  • Third Parties used: Amazon Web Services
  • Retention: until you have an account
  • find out more

Rights and questions

  • Rights regarding Personal Data for Registered users
  • find out more

PASERO contact information

- if you have any questions
  • PASERO-MI Ltd.
  • H-1221 Budapest, Ady Endre ut 87, Hungary
  • privacy@pasero.me
  • find out more

Terms of Service

Last updated: 31st August 2020.

Official version of PASERO - TOS, always updated. We cut legalese as much as possible and simplified boilerplates for a shorter and agile read.

Some of our provisions are very specific to what we do. This document is a part of PASERO’s platform (available at pasero.me), which allows its customers to track their vendors, manage data processing agreements / addendums of many of the world's top online service providers, and notify their own customers of changes in subprocessors and service providers.

See PASERO-MI Ltd’s company data at Section 14.


Welcome to the PASERO platform (the "Platform", “PASERO”, or “Service”) provided by PASERO-MI Ltd (a.k.a. "we", "us", or the “Company”). We are excited to have You as user and member of the community. The following terms and conditions (collectively, these "Terms of Service" or “Terms”) apply to Your use of pasero.me (the "Website"), including any content, functionality and services offered on or via our Website. Please check out our Privacy Policy, that You can review here.

Please find our Data Protection Addendum below in Appendix 1. of present Terms of Service.

We want to keep our relationship with You as lean and informal as possible, but please read the Terms of Service carefully before You start using PASERO, because by using the Website You accept and agree to be bound and abide by these Terms of Service. Our Terms are linked on every page of the site, according to the industry standard, to be easily found.

Should You disagree with some of the provisions herein, You can either leave the Website (although we'll be sad to see You go!), or contact us at info@pasero.me. PASERO is all about collaborating for improving legal – privacy and data protection related - documents, and we'll be happy to hear Your comments and suggestions.


PASERO is a work in progress, meaning that a lot will change in the near future. We reserve the right to update the Website and these Terms of Service from time to time, at our discretion. We will make sure to announce any major change in a prominent way. Of course, this document is public on our Website, and You will be able to see the changes of any new version.

Your continued use of the Website following the publishing of updated Terms of Service means that You accept and agree to the changes.


PASERO is operated by PASERO-MI Ltd., a Hungarian group of privacy-oriented individuals with a goal to help out everybody who processes their data at know online service providers.

With the introduction of GDPR, CCPA, and other various data protection laws, companies who process personal data are required to be in compliance with the new provisions, to become more transparent, take more responsibility and protect the rights and freedoms of their customers (i.e. the “Data Subjects”).

PASERO is about privacy and providing council, advise, thorough privacy insight, and programs to its customers. During the course of our career as privacy professionals, we found that the most searched for, essential document to have, or at least needed to enhance data protection compliance, is the Data Processing Agreement within a service contract (from hereinafter: “DPA”).

We found that most data controllers and processors do have data processing agreement/addendum templates, but these are generally hard to find. Hence, we decided to help out everyone by decreasing the time spent with laborious searching of these documents.

Thus came PASERO.

On our Website, we track and collect all the major online service providers’ DPAs for our users to find and manage. We thus allow You to manage Your list of processors and service providers and easily make it available to Your customers.


As a kickoff, all of our visitors on our Website see our marketing landing page, where we provide information about our services. If You want to use the Platform, You have to register on the Website. After registration, there are multiple different license options available.

You may use our platform without payment after registration with limited features (non-paid license) or subscribe to our paid license to unlock additional features of the platform. For more information about the differences between the non-paid and paid licenses, please click here or contact us.

The license granted to You – either as a private person, or a company - for usage of the PASERO Platform is limited to a non-transferable, non-exclusive license and revocable right to use the platform as permitted by these Terms. This license can only be used by You or users You invite into Your account and does not allow You to distribute or make the license available over a network. You may not rent, lease, lend, sell, redistribute or sublicense Your license.

During registration, when creating an account (the “Account”) on our website, You will provide to us true, accurate, current, and complete information. You will update the information about Yourself promptly, and as necessary, to keep it current and accurate. You are responsible for any activity that occurs in Your account. You are not allowed to use our platform if You are under the age of 16. In which case, please do not register on our website.

The license period renews after the paid subscription period expires and each renewal date thereafter if You do not cancel the renewal as described below. PASERO notifies You in advance of the expiration date at least twice in e-mail, two weeks and 24 hours before the expiration date. Account will be charged for renewal within 24-hours prior to the end of the current period and auto-renewal may be cancelled by contacting us via email through account@pasero.me.

The paid license is effective until You either cancel Your payment, discontinue the renewal by cancelling Your subscription, or PASERO-MI Ltd. terminates this Agreement. You may cancel Your subscription (whether purchased through the website or via email) by contacting account@pasero.me. If the paid license is cancelled or expires, Your license becomes a non-paid license with the respective terms. You may terminate this Agreement by deleting Your account.

You may request a refund of the subscription fee if You cancel Your subscription in 14 days from the start of the first or renewed license period. PASERO-MI Ltd. may only cancel Your subscription without prior notification during the license period if You commit a material breach to these Terms (e.g. You fail to pay the license fee as determined by these Terms, You violate the rights to the Platform or third parties’ intellectual property rights) simultaneously informing You of the cancellation. PASERO will request You in case of non-material breach to comply with these Terms and may cancel Your subscription or terminate Your Agreement by deleting Your Account if You fail to follow instructions within 15 business days.

If Your subscription is cancelled during the remainder of a paid license period, You will not have the right to request refund, irrespective of You having a monthly or yearly license.


We are working hard on improving PASERO, but we can't guarantee that the Website will be up and running 24/7. We also reserve the right to suspend or restrict access to some features to users. In any case, we will not be liable if for any reason all or any part of the Website is unavailable at any time or for any period.

To access certain features of the Website, You must register by entering Your email and choosing a password as part of our security procedures. You must treat such information as confidential, not disclosing it to any third party and only using PASERO in person. There is a password reset procedure in case You forget Your password, but please notify us of any breach of security. We highly recommend choosing a strong and unique password, and that You log out from Your account at the end of every session.

It is a condition of Your use of the Website that all the information You provide on the Website is correct, current, and complete. In the future, You may be asked to provide certain registration details or other information. As custom for internet websites, we reserve the right to disable any user account at any time at our sole discretion for any or no reason, including, if in our opinion You have failed to comply with any provision of these Terms of Service.

We use HTTPS encrypted browsing for all users, but we cannot guarantee that all use will be secure. We also do not guarantee that the Website or any content provided on the Website is error free. We manage Your personal data according to our privacy policy.


The Website and its original content, features, and functionality (including look!) are owned by PASERO-MI Ltd. and are protected by Hungarian and international copyright, trademark, patent, trade secret and other intellectual property or proprietary rights laws.

This means that PASERO’s design, features, and original copy (e.g. our landing page) are covered by copyright. Your Content is subject to the very broad license below and the rules in Section 7.

All material- which includes, without limitation, information, data, text, photographs, videos, audio clips, written posts and comments, software, scripts, graphics, and interactive features - generated, provided, or otherwise made accessible on or through the Website – added, created, uploaded, submitted, distributed, or posted to the Website - by PASERO or publicly by users, both non-paying and paying users, is the sole responsibility of the person who originated such material.

“Content” means any files, documents, message logs, descriptions, and similar data that we maintain on Your or Your users’ behalf, as well as any other information You or Your users may upload to Your Account in connection with the Services. You represent that all Content provided by You is accurate, complete, up-to-date, and in compliance with all applicable laws, rules, regulations and these Terms of Service. You acknowledge that all Content, accessed by You using the Website, is at Your own risk and You will be solely responsible for any damage or loss to You or any other party resulting therefrom. We do not guarantee that any Content You access on or through the Website is or will continue to be accurate.

By submitting any material publicly through the Website, You hereby do and shall grant us a worldwide, non-exclusive, perpetual, royalty-free, fully paid, sublicensable and transferable license to use, edit, modify, reproduce, distribute, prepare derivative works of, display, perform, and otherwise fully exploit that material in connection with the Website and our (and our successors’ and assigns’) businesses, including without limitation for promoting and redistributing part or all of the Website (and derivative works thereof) in any media formats and through any media channels (including, without limitation, third party websites and feeds).

The Content You upload to Your Account shall be available only to You, to users You granted access to Your Content, and PASERO. To the Website’s other registered or non-registered users only Content made public by You, including through the use of the Platform's publish functionality, shall be available. We claim no intellectual property rights over Content. Your Content remains Yours and we will keep it confidential. However, by making parts of Your Content public, You agree to allow others to view, comment, edit and branch Your Content. You grant PASERO the right to use, copy, and analyze Your Content and prepare derivative work for the purposes of improving the Website, strictly in accordance with these Terms and the DPA.

Within Your Account You have the right to invite and grant users access to Your Content through the Website, and allow them to use, edit, modify, distribute, prepare derivative works of Your Content. For clarity, users invited by You shall have rights You grant to them, and it does not affect Your other ownership or license rights regarding Your Content and Account. You represent and warrant, that You will only invite users to Your account who are closely related to Your organization or enterprise, and You warrant that You have the authority to bind those users and You will be liable if Your users do not comply with these Terms.

We do not guarantee that all Content will be made available on the Website. We reserve the right to, but do not have any obligation to, remove, edit or modify any Content in our sole discretion, at any time, without notice to You provided that we have a reason to do so (including, but not limited to, upon receipt of claims or allegations from third parties or authorities relating to such Content or if we are concerned that You may have violated these Terms of Service), .

You are permitted to use the Website for Your personal, non-commercial use, or legitimate business purposes, provided that Your activities are lawful and in accordance with these Terms of Service. Prohibited uses include violation of laws and regulations, hacking the Website in any manner, or violating the Content Standards set below. No right, title, or interest in or to the Website or any content on the site is transferred to You, and all rights not expressly granted are reserved. Any use of the Website not expressly permitted by these Terms of Service is a breach of these Terms of Service and can lead to account termination.

We encourage Your feedback, in the form of reviews, comments, and suggestions, or recommendations for modifications, improvements, or changes to the Services or the Website that You may choose in Your sole discretion to provide us from time to time (“Feedback”). When You provide Feedback, You grant us, under all right, title and interest in and to the Feedback, a non-exclusive, royalty-free, worldwide, transferable, sub-licensable, irrevocable, perpetual license to use that Feedback or to incorporate it into the Website or other products or services.

The Website may contain materials specifically provided by us, our partners, or our users and such Content is protected by copyrights, trademarks, service marks, patents, trade secrets or other proprietary rights and laws. You shall abide by and maintain all copyright notices, information, and restrictions contained in any material accessed through the Website.


PASERO contains user generated materials, including Content, and also may contain message boards, personal web pages, forums, or other interactive features that allow You to upload, post, submit, publish, display, or transmit to other users materials on or through the Website. All materials and Content must be lawful, not spammy, and clear of virus or other malware.

More specifically, but without limiting the foregoing, it must comply with the following Content Standards:
  • Not contain any material which is defamatory, obscene, indecent, abusive, offensive, harassing, violent, hateful, inflammatory, or otherwise objectionable.
  • Not promote sexually explicit or pornographic material, violence, or discrimination based on race, sex, religion, nationality, disability, sexual orientation, or age.
  • Not infringe any patent, trademark, trade secret, copyright, or other intellectual property rights of any other person.
  • Not violate the legal rights (including the rights of publicity and privacy) of others or contain any material that could give rise to any civil or criminal liability under applicable laws or regulations or that otherwise may be in conflict with these Terms of Service.
  • Not be likely to deceive any person.
  • Not promote any illegal activity, or advocate, promote or assist any unlawful act.
  • Not cause annoyance, inconvenience, or needless anxiety or be likely to upset, embarrass, alarm, or annoy any other person.
  • Not be used to impersonate any person or to misrepresent Your identity or affiliation with any person or organization.
  • Not involve commercial activities or sales, such as contests, sweepstakes and other sales promotions, barter or advertising.
  • Not give the impression that they emanate from us or any other person or entity, if this is not the case.
  • Not used, if public, as test empty documents with no actual content, or typing exercises: please respect our community and help us minimize the clutter!

No material on the Website is intended to be legal advice nor form an attorney-client relationship, not among the users, nor between the users and PASERO. Use of the Website should never be understood to be replacing use of a qualified attorney, and PASERO's relationship to all documents and transactions completed using the Website is that of a trusted, disinterested third party.


We do not undertake to review all material - including Content - before it is posted on the Website by users and cannot ensure prompt removal of objectionable material after it has been posted. Accordingly, we assume no liability for any action or inaction regarding transmissions, communications or content provided by any user or third party.

In the unlikely event we receive a disclosure request from an authorized party, we reserve the right to disclose user identities when required to do so by the law, including in response to a law enforcement request supported by a valid court order. You waive and hold harmless the Company from any claims resulting from any action taken by the Company during or as a result of its investigations and from any actions taken as a consequence of investigations by either the Company or law enforcement authorities.

The notice should be addressed to legal@pasero.me, or via mail to Pasero-MI Kft., H-1221 Budapest, Ady Endre út 87.


Your use of PASERO is at Your sole risk. The Service is provided "as is" and "as available".

We disclaim all warranties of any kind, express or implied, including, without limitation, the warranties of merchantability, fitness for a particular purpose, and non-infringement. We are not liable for damages, direct or consequential, resulting from Your use of the Website, and You agree to defend, indemnify, and hold us harmless from any claims, losses, liability costs and expenses (including but not limited to attorney's fees) arising from Your violation of any third-party's rights.

You acknowledge that You have only a limited, non-exclusive, nontransferable license to use the Website. Because the Website is not error or bug free, You agree that You will use it carefully and avoid using it ways which might result in any loss of Your or any third party's property or information.


Either party may terminate the Agreement (by deleting the Account) if the other party breaches its material obligations and fails to cure within 30 days of receipt of written notice, or if the other party becomes insolvent or bankrupt, liquidated or is dissolved, or ceases substantially all of its business.

PASERO may delete Your Account after a written notice giving You thirty (30) days to respond if Your Account is inactive for more than two (2) years.

PASERO has no obligation to maintain Your Content after termination. Neither party will be liable for any damages resulting from termination of the Agreement, and termination will not affect any claim arising prior to the effective termination date.

The termination of the Agreement shall not affect the validity and effect of such provisions of the Agreement that shall remain effective according to their contractual purpose regardless of the termination of the Agreement, including, in particular, Sections 6 and 8.


We make no claims that the Website or any of its content is accessible, appropriate, or legal outside of Hungary. If You access the Website from outside Hungary, You do so on Your own initiative and are responsible for compliance with local laws.


These Terms of Service and any dispute or claim arising out of, or related to them, shall be governed by and construed in accordance with the internal laws of Hungary without giving effect to any choice or conflict of law provision or rule.

Any legal suit, action, or proceeding arising out of or related to these Terms of Service or the Website shall be instituted exclusively in the courts of Hungary.


Our failure to exercise or enforce any right or provision of the Terms of Service shall not constitute a waiver of such right or provision. The Terms of Service constitutes the entire agreement between You and PASERO and govern Your use of the Service, superseding any prior agreements (including, but not limited to, any prior versions of the Terms of Service). If any provision of these Terms of Service is held by a court of competent jurisdiction to be invalid, illegal, or unenforceable for any reason, such provision shall be eliminated or limited to the minimum extent such that the remaining provisions of the Terms of Service will continue in full force and effect.


We welcome any comments, questions, and communication at info@pasero.me.

We offer support (about our licenses and any relevant topic) through info@pasero.me. We will usually get back to You within 3 business days.


The service provider and operator of PASERO:
  • PASERO-MI Kft.
  • Headquarters: H-1221 Budapest, Hungary Ady Endre út 87.
  • Court of registry nr.: 01-09-359090
  • Contact email address: info@pasero.me

Appendix 1: Data Processing Addendum


PASERO-MI Kft (from hereinafter: “Pasero”) and Client entity that is party to the Terms of Service is party to this DPA. Client’s Authorized Affiliates will also be covered by this DPA, provided that Client shall remain the responsible for the acts and omissions of its Authorized Affiliates. For the avoidance of doubt, the Client entity that is the contracting party to the Agreement shall, on behalf of itself and its Authorized Affiliates: (a) remain responsible for coordinating, making, and receiving all communication with Pasero under this DPA; and (b) exercise any rights herein in a combined manner with Pasero under this DPA.


1.1. In this DPA the following terms shall have the meanings set out in this Paragraph 1.1, unless expressly stated otherwise:

(a) “Agreement” means every service contract, including the Terms of Service between Pasero and Client

(b) “Business Day” means any day which is not a Saturday, Sunday or public holiday, and on which the banks are open for business, in Budapest (Hungary).

(c) “Cessation Date” has the meaning given in Paragraph 2.8.

(d) “Data Protection Laws” means the EU General Data Protection Regulation 2016/679 (the “GDPR”) and any implementing legislation or legislation having equivalent effect in Hungary or other country member of the European Economic Area (references to “Articles” or “Chapters” of the GDPR shall be construed accordingly).

(e) “Data Subject Request” means the exercise by Data Subjects of their rights under, and in accordance with, Chapter III of the GDPR.

(f) “Data Subject” means the identified or identifiable natural person located in the European Economic Area to whom Client Personal Data relates.

(g) “Delete” means to remove or obliterate Personal Data such that it cannot be recovered or reconstructed, and “Deletion” shall be construed accordingly.

(h) “Client Personal Data” means any Personal Data Processed by or on behalf of Client

(i) “Personal Data” has the same meaning as in Data Protection Laws.

(j) “Personnel” means a person’s employees, agents, consultants or contractors.

(k) “Processing” has the same meaning as in the Data Protection Laws and means inter alia obtaining, recording, holding, alteration, manipulating, transmission, disclosure, erasure or destruction of data.

(l) “Sub-processor” means any third party appointed by or on behalf of Pasero to Process Client Personal Data.

(m) “DPA” means Data Protection Addendum.

(n) “Client” means users with paid or non-paid license as well.

(o) “Instructions” means the content of present DPA and the Terms of Service between the Client and Pasero. Parties agree that these two documents (including the provision of instructions via configuration tools such as managing the Client’s account on the platformPlatform) constitute as documented instructions regarding Pasero’s processing of Client Personal Data.

1.2. This DPA is made in accordance with Article 28 of the GDPR.

1.3. In this DPA:
  • (a) the terms, “Data Controller”, “Data Processor”, “Personal Data”, “Personal Data Breach”, “Process” (and its derivatives) and “Supervisory Authority” shall have the meaning ascribed to the corresponding terms in the Data Protection Laws;
  • (b) unless otherwise defined in this DPA, all capitalized terms shall have the meaning given to them in the Agreement.

1.4. Pasero warrants and represents that it is subject to the territorial scope of the Data Protection Laws as determined in accordance therewith. Pasero further agrees that to the extent that it is not in fact subject to the territorial scope of the Data Protection Laws, this DPA shall be deemed automatically void with effect from the Effective Date without requirement of notice.


2.1. Pasero warrants and undertakes
  • (a) to treat as confidential all Client Personal Data which may be derived form or obtained in the course of the contract or which may come into the possession of Pasero or any Personnel as a result of or in connection with the Services; and
  • (b) to provide all necessary precautions to ensure that all Client Personal Data is treated as confidential by Pasero or any Personnel; and
  • (c) to make sure Client Personal Data is only disclosed to persons specified by Client; and
  • (d) to allow access to any Client Personal Data provided by Client only to persons who are involved in the provision of Services; and

2.2. Pasero shall comply at all times with the Data Protection Laws and shall not perform its obligations under Services in such a way as to cause of any Client to breach any of its applicable obligations under the Data Protection Laws.

2.3. The parties agree that with regard to the Processing of Personal Data by Pasero on behalf of Client, Client is the Controller, Pasero is the Processor and that Pasero will engage Sub-processors as further detailed in Section 5 “Sub-processing” below.

2.4. Client represents and warrants on an ongoing basis – with regards to GDPR (6) – there is and will be throughout the term of the agreement a valid legal basis for Processing by Pasero of Client Personal Data in accordance with this DPA and the Agreement (including any and all instructions issued by Client from time to time in respect of such processing).

2.5. Taking into account the nature of the Processing, Pasero provides appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of the Client obligations, as reasonably understood by Client, to respond to requests to exercise Data Subject rights under the Data Protection Laws.

2.6. Pasero warrants and undertakes to:
  • (a) Process Client Personal Data only in accordance with Instructions from Client as needed for Services;
  • (b) Additional instructions outside the scope of the Instructions (if any) require prior written agreement between Pasero and Client, including agreement on any additional fees payable by Client to Pasero for carrying out such Instructions;
  • (c) Process Client Personal Data only to the extent, and in such manner, as is necessary for the purpose of Services, or as is required by law or any supervisory body and shall process such personal data in compliance with all applicable Data Protection Laws, regulations, orders, standards and other similar instruments;
2.7. Pasero shall notify Client promptly (but in any event within two (2) business days) should it:
  • (a) Receive notice of any complaint made to a Supervisory Authority or any finding by a Supervisory Authority in relation to its Processing of Client Personal Data;
  • (b) be under a legal obligation to process Client Personal Data, other than under the instructions of the Client. In which case it shall inform Client of the legal obligations, unless the law prohibits such information being shared on important grounds of public interest;
  • (c) receives any Data Subject Request on behalf of a Data Subject of Client Personal Data;
  • (d) become aware that in following the instructions of Client, it shall be breaching Data Protection Laws.

2.8. Subject to Paragraph 2.9, upon the date of cessation of any Services involving the Processing of Client Personal Data (the “Cessation Date”), Pasero shall immediately cease all Processing of the Client Personal Data for any purpose other than for storage unless.

2.9. To the fullest extent technically possible in the circumstances, within forty-five (45) Business Days after the Cessation Date, Pasero shall either (at its option):
  • (a) Delete; or
  • (b) irreversibly render Anonymized Data,
all Client Personal Data then within Pasero’s possession.

2.10. Client hereby acknowledges and agrees that, due to the nature of the Client Personal Data Processed by Pasero, return (as opposed to Deletion) of Client Personal Data is not a reasonably practicable option in the circumstances. Having regard to the foregoing, Client agrees that (for the purposes of Article 28(3)(g) of the GDPR) it is hereby deemed (at the Cessation Date) to have irrevocably selected Deletion, in preference of return, of the Client Personal Data.

2.11. Pasero and any Sub-processor may retain Client Personal Data where required by applicable law, for such period as may be required by such applicable law, provided that Pasero and any such Sub-processor shall ensure that such Client Personal Data is only Processed as necessary for the purpose(s) specified in the applicable law requiring its storage and for no other purpose.

2.12. Client acknowledges and agrees that Pasero shall be freely able to use and disclose Anonymized Data for Pasero’s own business purposes without restriction.

2.13. Pasero shall ensure that its personnel engaged in the Processing of Personal Data are (a) informed of the confidential nature of the Personal Data and have executed written confidentiality agreements; (b) have received appropriate training on their responsibilities, specifically pertaining to security and privacy measures; and (c) only have access to Personal Data to the extent reasonably determined to be necessary in order to perform any obligations, responsibilities, or duties as further specified in this DPA and the Agreement. Further, to the extent permitted by applicable law, Pasero shall ensure that the confidentiality obligations shall survive the termination of the personnel engagement.


3.1. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk (which may be of varying likelihood and severity) for the rights and freedoms of natural persons, Pasero shall in relation to Client Personal Data implement appropriate technical and organizational measures to ensure a level of security appropriate to that risk, including, as appropriate, the measures referred to in Article 32(1) of the GDPR.

3.2. In assessing the appropriate level of security, Pasero shall take account in particular of the risks presented by the Processing, in particular from a Personal Data Breach.

3.3. Pasero maintains security incident management policies and procedures and shall notify Client, without undue delay, of any breach of its security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Client Personal Data, transmitted, stored or otherwise Processed by Pasero or its Sub-processors of which Pasero becomes aware and which requires notification to be made to Client, a Supervisory Authority and/or Data Subject under Data Protection Laws and Regulations (a “Security Incident”). Security Incident(s) will not include unsuccessful attempts or activities that do not compromise the security of Client Personal Data, including unsuccessful log-in attempts, pings, port scans, denial of service attacks, and other network attacks on firewalls or networked systems. Notification provided under this Section 3 shall not be interpreted or construed as an admission of fault or liability by Pasero. Pasero shall make reasonable efforts to identify the cause of such Security Incident and take those steps as Pasero deems necessary and reasonable in order to remediate the cause of such a Security Incident to the extent the remediation is within Pasero’s reasonable control. Additionally, upon request, Pasero shall provide Client with relevant information about the Security Incident, as reasonably required to assist the Client in ensuring Client’s compliance with its own obligations under Data Protection Laws to notify any Supervisory Authority or Data Subject in the event of a Security Incident. The obligations herein shall not apply to incidents that are caused by Client or Client’s users or any non- Pasero products or services.

3.4. Pasero shall at Client’s sole cost and expense co-operate with Client and take such reasonable commercial steps as may be directed by Client to assist in the investigation, mitigation and remediation of each such Personal Data Breach.


4.1. Pasero shall provide on request all necessary information and assistance to Client in order for Client to verify Pasero’s compliance with its obligations under this Agreement and the Data Protection Laws. Client may request such information and/or assistance on material change, but maximum once a year.

4.2. Pasero shall make available to Client on request such information as Pasero (acting reasonably) considers appropriate in the circumstances to demonstrate its compliance with this DPA.

4.3. Subject to Paragraphs 4.5 and 4.6, in the event that Client (acting reasonably) is able to provide documentary evidence that the information made available by Pasero pursuant to Paragraph 4.2 is not sufficient in the circumstances to demonstrate Pasero’s compliance with this DPA, Pasero shall allow for and contribute to audits by Client or an auditor mandated by Client in relation to the Processing of the Client Personal Data by Pasero.

4.4. Client shall give Pasero reasonable notice of any audit or inspection to be conducted under Paragraph 4.5 (which shall in no event be less than fifteen (15) Business Days’ notice unless required by a Supervisory Authority pursuant to Paragraph 4.5(f)) and shall use its best efforts (and ensure that each of its mandated auditors uses its best efforts) to avoid causing any form of damage, and hereby indemnifies Pasero in respect of, any damage, injury or disruption to Pasero’s equipment, Personnel, data, and business (including any interference with the confidentiality or security of the data of Pasero’s other Clients or the availability of Pasero’s services to such other Clients) while its Personnel and/or its auditor’s Personnel (if applicable) are on those premises in the course of any on-premise inspection.

4.5. Pasero need not contribute to audits or inspection:

  • (a) to any individual unless he or she produces reasonable evidence of their identity and authority;
  • (b) to any auditor whom Pasero has not given its prior written approval (not to be unreasonably withheld);
  • (c) unless the auditor enters into a non-disclosure agreement with Pasero on terms acceptable to Pasero;
  • (d) where, and to the extent that, Pasero considers, acting reasonably, that to do so would result in interference with the confidentiality or security of the data of Pasero’s other Clients or the availability of Pasero services to such other Clients;
  • (e) outside normal business hours ; or
  • (f) on more than one occasion in any calendar year during the term of the Agreement, except for any additional audits or inspections which Client is required to carry out by Data Protection Laws or a Supervisory Authority, where Client has identified the relevant requirement in its notice to Pasero of the audit or inspection.

4.6. Client shall bear any third-party costs in connection with such inspection or audit and reimburse Pasero for all costs incurred by Pasero and time spent by Pasero (at Pasero’s then-current professional services rates) in connection with any such inspection or audit.


5.1. Client authorizes Pasero to appoint Sub-processors in accordance with this Paragraph 5.

5.2. Pasero may continue to use those Sub-processors already engaged by Pasero as at the date of this DPA, subject to Pasero meeting within a reasonable timeframe (or having already met) the obligations set out in Paragraph 5.4.

5.3. Pasero shall give Client prior written notice of the appointment of any new Sub-processor, including reasonable details of the Processing to be undertaken by the Sub-processor. Client may in good faith reasonably object to the use of a new Sub-processor by notifying Pasero promptly in writing (e-mail acceptable) within thirty (30) business days after Pasero’s notice. After the thirty business days have passed without You reaching out to us we consider it as an approval of our new Sub-processor. Client’s notice shall explain the Client’s good faith, reasonable grounds for the objection. Pasero and Client shall try to negotiate to remedy the situation, and come to a conclusion, that is acceptable for both parties. If the parties are unable to resolve the objection via negotiations, Pasero will use commercially reasonable efforts to make available to Client a change in the services or recommend a commercially reasonable change to Client’s use of the services to avoid Processing of Client Personal Data by the objected-to new Sub-processor without unreasonably burdening the Client.

5.4. With respect to each Sub-processor, Pasero shall ensure that the arrangement between Pasero and the Sub-processor is governed by a written contract including terms which offer at least an equivalent level of protection for Client Personal Data as those set out in this DPA (including those set out in Paragraph 3).

5.5 Pasero shall promptly forward any received instructions or requests from Client to the Sub-processor relating to the processing.


6.1. Pasero may transfer or authorize the transfer of Data to countries within the EU and/or the European Economic Area (EEA) and to countries that the European Commission has recognized as providing adequate protection – this includes sub-processors. If personal data processed under this Agreement is transferred from a country within the European Economic Area to a country outside the European Economic Area, Pasero shall ensure that the personal data are adequately protected. To achieve this, Pasero shall, unless agreed otherwise, rely on EU approved standard contractual clauses for the transfer of Client Personal Data.

6.2. Pasero shall only engage the Subprocessor after assessing the applicable law for the sub-processor and reasonably concluding that the applicable law does not conflict with Pasero’s obligations under the sub-processing agreement and applicable Data Protection Laws


7.1 Each party’s and all of its Affiliates’ liability, in the aggregate, arising out of or related to this DPA, and all DPAs between Authorized Affiliates and Pasero, whether in contract, tort or under any other theory of liability, is subject to the Terms of Service, and any reference to the liability of a party means the total liability of that party and all of its Affiliates under the Agreement and all DPAs together.