Work with us

We’re always looking for ambitious businesses who understand the world is changing, and are driven to adapt and thrive. Take the next step and book a call with our team.

Work with us

We’re always looking for ambitious businesses who understand the world is changing, and are driven to adapt and thrive. Take the next step and book a call with our team.

Join Our Team

Are you a motivated individual, looking to challenge yourself and make a positive impact on the business world? Take a look at our vacancies.

HUBLE DATA PROCESSING ADDENDUM

VERSION 1.0, LAST MODIFIED: 23 JUNE 2021

BlueX@2x

1. INTRODUCTION AND APPLICATION

1.1. - This Data Processing Addendum and its annexures (“the DPA”) governs the use and protection of Personal Data by the Huble Digital Group (“us”, “Huble, “we”) while providing services to our customers. Our services include, HubSpot marketing, business, sales and services consulting, sales and services onboarding, web development and technical integration, SEO and paid media services (“the Services'').

1.2. - The DPA is integral to the Huble Services and forms part of any written agreement for the provision of such Services (“Principal Agreement'') concluded between Huble and the customers procuring our Services (''the Customer '').

1.3. - In case of any conflict or inconsistency with the terms of the Principal Agreement, this DPA will take precedence.

1.4. - The DPA is applicable for the duration of the Principal Agreement with surviving provisions applying as the applicable law and context dictates.

1.5. - Capitalised terms which are not defined herein have the meaning ascribed to them in the Principal Agreement.

2. DATA PROCESSING TERMS

2.1. - In the course of providing Services under the Principal Agreement, Huble may Process certain Personal Data on behalf of the Customer. Huble and the Customer agree to comply with this DPA in connection with such Personal Data.

3. DEFINITIONS AND INTERPRETATION

3.1. - “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control,” for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.

3.2. - “Controller”, “Data Subject”, “Personal Data Breach”, “Processor”, “Process/Processing”, and “Supervisory Authority” shall all have the same meaning as in the GDPR.

3.3. - “Data Protection Laws” means the data protection or privacy laws of any country in which the Customer’s Personal Data is Processed by the Customer or the Processor including but not limited to the GDPR, the POPI Act and the PDPA.

3.4. - “GDPR” means the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

3.5. - “Instruction” means the written, documented instruction, issued by the Customer as Controller or Processor to Huble as the Processor or Sub-processor, directing Huble to perform a specific action with regard to Personal Data (including, but not limited to, depersonalizing, blocking, deletion, making available).

3.6. - “Personal Data” means any information relating to an identified or identifiable individual where such information is contained within data and is protected similarly as personal data or personally identifiable information under applicable Data Protection Law.

3.7. - “PDPA” means the Singapore Personal Data Protection Act 26 of 2012;

3.8. - “POPIA” means the South African Protection of Personal Information Act 4 of 2012;

3.9. - “Sub-processor” means any entity engaged by Huble to Process Personal Data in connection with the Services.

3.10. - “Standard Contractual Clauses” means the agreement executed by and between Huble and Customer pursuant to the European Commission’s decision (C(2010)593) of 5 February 2010 on Standard Contractual Clauses for the transfer of Personal Data to Processors established in third countries which do not ensure an adequate level of data protection.

4. PROCESSING OF PERSONAL DATA

4.1. - The subject matter and duration of the Processing, nature and purpose of the Processing and types of Personal Data are set out in the Principal Agreement and/or in Appendix 1.

4.2. - Huble does not Process the Personal Data received from the Customer for its own purposes (whether commercial or personal). Rather, we Process such Personal Data on behalf of and according to Instructions received from the Customer.

4.3. - The Customer unconditionally acknowledges and accepts the legal duties imposed on it as a Controller in terms of the Data Protection Law and indemnifies Huble for any loss or harm (whether direct or consequential) which may arise as a result of its failure to comply with its obligations as Controller.

4.4. - If the Customer is a Processor with respect to the Personal Data, the Customer warrants that its instructions and actions with respect Processing Personal Data, including its appointment of Huble as a Sub-processor and the Standard Contractual Clauses have been authorized by the relevant Controller.

4.5. - In relation to the Personal Data, the parties will comply (and will ensure that any of its personnel comply and use commercially reasonable efforts to ensure that its Sub-processors comply), with Data Protection Laws. As between the parties, the Customer will have sole responsibility for the accuracy, quality, and legality of Personal Data and the means by which the Customer acquired such Personal Data.

5. CUSTOMER RESPONSIBILITY AND UNDERTAKINGS

5.1. - In its capacity as Controller, within the scope of the Principal Agreement, the Customer assumes absolute responsibility and warrants to Huble that it will at all times comply with its statutory obligations in terms of Data Protection Laws, including, without limitation, those laws regarding the disclosure and transfer of Personal Data to Huble and the Processing of Personal Data.

5.2. - Customer’s instructions for the Processing of Personal Data shall comply with the Data Protection Laws and the Customer indemnifies Huble to the greatest extent permissible in law for any direct loss occasioned by Huble acting as Processor on behalf of and/or on the instructions of the Data Controller with respect to the Processing of Personal Data pursuant to the Principal Agreement.

5.3. - The Customer shall at its sole expense, indemnify and hold Huble harmless against all liability, including legal costs, claims, civil actions, damages, indirect or consequential damages, or expenses incurred by Huble or for which Huble may become liable due to any failure by the Customer or its employees or agents whether authorised or not, to comply with the obligations under the Principal Agreement or Data Protection Law.

5.4. - The Customer warrants that the Principal Agreement sets out the Customer’s complete and final instruction to Huble in relation to the Processing of Personal Data and any additional instructions outside the scope of the Principal Agreement will require prior written agreement between the parties.

5.5. - The Customer shall inform Huble without undue delay and comprehensively about any errors or irregularities related to applicable Data Protection Laws.

5.6.- The Customer shall inform Huble and the appropriate supervisory authorities, without delay, if the processing includes special categories of Personal Data as contemplated by Data Protection Laws, including without limitation: financial, medical and health-related information, information regarding children, or any type of Processing of Personal Data that is afforded a higher level of protection under Data Protection Law.

5.7 - THE CUSTOMER WARRANTS THAT IT HAS IMPLEMENTED THE REQUIRED TECHNICAL AND ORGANISATIONAL MEASURES TO ADEQUATELY PROTECT PERSONAL DATA AGAINST ACCIDENTAL OR UNLAWFUL DESTRUCTION, LOSS, ALTERATION, UNAUTHORISED DISCLOSURE OF, OR ACCESS TO PERSONAL DATA IN COMPLIANCE WITH ITS OBLIGATIONS IN TERMS OF DATA PROTECTION LAW AND INDEMNIFIES HUBLE FOR ANY LOSS, CLAIMS, HARM OR DAMAGES WHETHER DIRECT OR INDIRECT OCCASIONED AS A RESULT OF HUBLE’S ENGAGEMENT IN TERMS OF THE AGREEMENT. THIS INDEMNITY WILL NOT APPLY TO LOSS, CLAIMS, HARM OR DAMAGES ATTRIBUTABLE TO GROSS NEGLIGENCE OR FAULT ON THE PART OF HUBLE

6. CUSTOMER INDEMNITIES

6.1. - If Huble are sued for something that the Customer has indemnified us for, the Customer will take our place in the lawsuit or be liable to reimburse us for any costs, damages and expenses including attorneys’ fees on the attorney and own Customer scale. This means that the Customer will be liable to pay Huble’s attorney’s fees finally awarded against us by a court or agreed to in a written settlement agreement, provided that:

   6.1.1. - Huble will notify the Customer in writing as soon as we become aware of the indemnified claim so it can take steps to contest it,

  6.1.2. - Customer may assume sole control of the defence of the claim or related settlement negotiations; and

  6.1.3. - Huble will provide, at Customer’s expense, all the assistance, information, and authority necessary to enable it to perform its obligations under this clause.

6.2. - The Customer must pay any amount due under clause 6.1 within 30 (thirty) days of written demand. If the Customer contests the amount, it must pay the amount into Huble’s attorney’s trust or give us security to cover the amount, until the dispute has been resolved.

7. OBLIGATIONS OF PROCESSOR

7.1. - Compliance with Instructions

  7.1.1. - The Parties acknowledge and agree that Customer is the Controller and Huble is the Processor of Personal Data.

  7.1.2. - Huble will collect, process, and use Personal Data only within the scope of the Customer’s instructions. If Huble believes that an instruction infringes any Data Protection Law, we will inform the Customer immediately.

  7.1.3. - If Huble is unable to Process Personal Data as per Customer’s instructions due to a legal requirement, we will:

    7.1.3.1. - promptly notify the Customer of that legal requirement before continuing with the Processing; and

    7.1.3.2. - cease all Processing (other than merely storing and maintaining the security of the affected Personal Data) until such time as the Customer issues new instructions with which we are able to comply.

  7.1.4. - If this provision is invoked, Huble will not be liable to the Customer under the Principal Agreement for any failure to perform until such time as the Customer issues new, lawful Instructions.

  7.1.5 - Huble will facilitate the Customer’s compliance obligations to implement security measures with respect to Personal Data (including if applicable, the Customer’s obligations pursuant to Articles 32 to 34 (inclusive) of the GDPR) by: (i) implementing and maintaining the security measures described in terms of our information security policies; (ii) complying with the terms of section 7.1.7 (Personal Data Breaches); and
(iii) providing the Customer with information in relation to the processing in accordance with section 10 (Audits).

  7.1.6. - Confidentiality: Huble will ensure that any personnel, whether they are employed or contracted as such, who are under our authority and whom we authorise to Process Personal Data are subject to confidentiality obligations with respect to that Personal Data. The undertaking of confidentiality shall continue after the termination of the processing activities to which the duty of confidentiality relates.

  7.1.7. - Personal Data Breaches: Huble will notify the Customer as soon as possible after becoming aware of any Personal Data Breach. At the Customer’s request, Huble will promptly provide the Customer with all reasonable assistance to enable the Customer to notify the competent Supervisory Authority/ies and/or affected Data Subjects about any relevant Personal Data Breaches if Customer is required to do so under the Data Protection Law.

7.2. - Data Subject Requests

  7.2.1. -  Huble will provide reasonable assistance including the implementation of reasonable and appropriate technical and organisational measures, to enable Customer to respond to any Data Subjects seeking to exercise their rights under the Data Protection Law (including their right to access, rectification, restriction, deletion or portability of Personal Data), to the extent permitted by the law. If such a request is made directly to Huble, we will promptly inform the Customer and will advise Data Subjects to submit their request to the Customer. The Customer shall be solely responsible for responding to any Data Subjects’ requests. The Customer shall reimburse Huble for any costs arising from this assistance.

7.3. Data Security

  7.3.1 -  Huble shall implement measures toward achieving the required technical and organisational measures to adequately protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data.

  7.3.2. - The Customer unconditionally assumes all risks associated with the Services pursuant to the Principal Agreement and has voluntarily assumed these risks with a full and unconditional indemnification in favour of Huble against financial loss or reputational harm resulting from any Personal Data Security Breach which may occur in course of providing the Services. This indemnification will not apply in the case of any Personal Data Breach which is caused directly by the gross negligence or wilful misconduct of Huble.

7.4. - Sub-Processors and Third-Party Hosting

  7.4.1 - Huble is entitled to engage sub-Processors to fulfil its obligations defined in the Principal Agreement only with the Customer’s written consent. For these purposes, the Customer consents to the engagement as sub-Processors of Huble’s Affiliates and the third parties listed in Appendix 2. For the avoidance of doubt, the above authorisation constitutes the Customer’s prior written consent to sub-Processing by Huble.

  7.4.2. - The Customer acknowledges and understands that in certain instances Huble may contract with a third-party hosting service provider (“Hosting Service Provider”) in order to host the Customer’s data, including Personal Data pursuant to the Principal Agreement (“Hosting Services”). As such, the terms of service of the Hosting Service Provider are applicable and are supplementary to the terms of the Principal Agreement.

   7.4.2.1. - The Customer indemnifies and holds Huble harmless against all losses it may suffer or actions against us as a result of:

    7.4.2.1.1. - the use of the Hosting Services, or any downtime, outage, degradation of the network, interruption in or unavailability of the Hosting Services. This includes software or hardware service, repairs, maintenance, upgrades, modification, alterations, replacement, or relocation of premises affecting the Hosting Services;

    7.4.2.1.2. - non-performance or unavailability of any of the Hosting Services given by an electronic communications network or service provider, including, line failure, or in any international services or remote mail servers;

    7.4.2.1.3. - non-performance or unavailability of external communications networks to which the Hosting Service Provider or the Huble network infrastructure is connected, and

    7.4.2.1.4. - repairs, maintenance, upgrades, modifications, alterations, or replacement of any hardware forming part of the Services, or any faults or defects in the hardware.

   7.4.3. - If Huble intends to instruct sub-Processors other than the companies listed in Appendix 2, we will notify the Customer in writing (email to the email address(es) on record in Huble ’s account information for the Customer is sufficient) and will give the Customer the opportunity to object to the engagement of the new sub-Processors within 30 (thirty) days of being notified, failing which Huble will be entitled to appoint the sub-Processor. The objection must be based on reasonable grounds (e.g., if the Customer proves that significant risks to the protection of its Personal Data exist at the sub-Processor). If Huble and Customer are unable to resolve such objections, either party may terminate the Principal Agreement in accordance with its provisions relating to termination.

   7.4.4. - Where Huble engages sub-Processors, Huble will enter into a contract with the sub-Processor that impose on the sub-Processor the same obligations that apply to Huble and the Controller under this DPA.

   7.4.5. - Where a sub-Processor is engaged, the Customer must be granted the right to monitor and inspect the sub-Processor’s activities in accordance with this DPA and the Data Protection Law, including to obtain information from Huble, upon written request, on the substance of the contract and the implementation of the data protection obligations under the sub-Processing contract, where necessary, by inspecting the relevant contract documents.

   7.4.6. - The provisions of this section shall mutually apply if Huble engages a sub-Processor in a country which does not provide an adequate level of protection for Personal Data. If, in the performance of this DPA, Huble transfers any Personal Data to a sub-Processor located outside of the EEA, Huble shall, in advance of any such transfer, ensure that it with execute Standard Contractual Clauses to achieve adequacy in respect of that Processing.

   7.4.7. - Deletion or Retrieval of Personal Data

    7.4.7.1. - Other than to the extent required to comply with Data Protection Law, following termination or expiry of the Principal Agreement, Huble will delete all Personal Data (including copies thereof) processed pursuant to the Principal Agreement. If Huble is unable to delete Personal Data for technical or other reasons, Huble will apply measures to ensure that Personal Data is blocked from any further Processing. The Customer shall, upon termination or expiration of the Principal Agreement and by way of issuing an Instruction, stipulate, within a period of time set by Huble, the reasonable measures to return Personal Data. Any additional cost arising in connection with the return or deletion of Personal Data shall be borne by the Customer.

    7.4.7.1. - The Customer shall provide a comprehensive retention schedule for all Personal Data prior to commencement of Processing.

8. AUDITS

8.1. - Either party may, prior to the commencement of Processing, at annual intervals hereafter, or where a security breach is reasonably suspected to have occurred, audit the technical and organisational measures taken by the other in terms of the Data Protection Laws. For such purpose, the parties may:

   8.1.1. - obtain information from each other,

   8.1.2. - request an attestation or certificate by an independent professional expert, or

   8.1.3. - upon reasonable and timely advance agreement, during regular business hours and without interrupting business operations, conduct an on-site inspection of the business operations or have the same conducted by a qualified third party which shall not be a competitor of either party.

8.2 Either party shall, upon written request, and within a reasonable period of time
provide the other with all information necessary for such audit, to the extent that such information is within the other party’s control and neither are precluded from disclosing it by applicable law, a duty of confidentiality, or any other obligation owed to a third party.

9. GENERAL PROVISIONS

9.1. - Huble may adapt and update this DPA from time to time to ensure that it aligns with its operating requirements, internal policies and Data Protection Laws. New versions will be published on our website and our Customers will be notified accordingly via email. Historical versions will also be made available to our Customers on request.

9.2. - Where individual provisions of this DPA are invalid or unenforceable, the validity and enforceability of the other provisions of this DPA shall not be affected.

APPENDIX 1: DETAILS OF PERSONAL DATA AND PROCESSING ACTIVITIES

1. - Categories of Data Subjects:

  1.1. - Customer contacts and other end users including the Customer’s employees, contractors, collaborators, customers, prospects, suppliers, and subcontractors.

  1.2 - Data Subjects also include individuals attempting to communicate with or transfer Personal Data to the Customer’s end users.

2. - Types of Personal Data:

  2.1. - Contact Information, the extent of which is determined and controlled by the Customer in its sole discretion;

  2.2. - Biographical data, demographic data, personal statements, personal interests, purchase history;

  2.3. - Employment details & history, employee performance data;

  2.4. - Details of goods or services provided to or for the benefit of individuals;

  2.5. - Navigational data, browsing history and cookies (including website usage information);

  2.6. - Email data, system usage data, application integration data, and other electronic data submitted, stored, sent, or received by end users via the HubSpot subscription service.

3. - Duration of the Processing

Until the earliest of (i) expiry/termination of the Principal Agreement, or (ii) the date upon which processing is no longer necessary for the purposes of either party performing its obligations under the Principal Agreement (to the extent applicable).

4. - Purpose of Processing

Processing necessary to provide the Service to Customer, pursuant to the Principal Agreement.

5. - Nature of Processing

The Processing of Personal Data in accordance with the instructions issued to Huble by the Customer pursuant to Huble providing the Services to the Customer in terms of the Principal Agreement.

APPENDIX 2: THIRD PARTY SUB PROCESSORS

Sub-Processor

Purpose

Location of Processing

HubSpot Inc

Marketing, Sales & Service processing

United States

Google LLC

Data Hosting

Europe

Huble Digital Ltd

Service & Support

United Kingdom

Huble Digital Inc

Services & Support

United States

Huble Digital Pte Ltd

Services & Support

Singapore

Huble Digital Pty Ltd

Services & Support

South Africa

Xero (NZ) Ltd

Financial Processing

United States