This DPA amends the Agreement between Kinsta and Client and addresses the rights and obligations of the parties with respect to data privacy under Applicable Law. We may update this DPA from time to time in our sole discretion.
Capitalized terms which are not defined herein shall have the meaning provided in the Agreement. In addition, the following defined terms apply solely with respect to this DPA.
The Personal Data that Kinsta processes for you as part of the Services is your Confidential Information covered by our confidentiality commitments stated in the Agreement. We make the additional commitments stated in this DPA as to the Personal Data.
We will not use, disclose, or Process the Personal Data except as permitted by the Agreement or your other written instructions, or as strictly necessary for our internal administrative purposes related to the provision of our Services. We will make available to you a list of any sub-processors we use in compliance with Applicable Law. We will require any sub-processors to contractually agree to terms at least as protective of your Personal Data as those stated in this DPA and the Agreement.
Each party will comply with Applicable Law as it relates to such party’s performance under the Agreement.
We will promptly notify you if we receive a request from a Data Subject to disclose, provide a copy, modify, block, or take any other action with respect to Personal Data pertaining to the Data Subject, unless notice is prohibited by Applicable Law; and, except to the extent required by Applicable Law, we will not independently take any action in response to a request from a Data Subject without your prior written instruction. We will cooperate with your reasonable requests for access to Personal Data and other information and assistance as necessary to respond to a request or complaint by a Data Subject.
In the event of a discovered or suspected Security Event, Kinsta shall provide notice without undue delay to Client’s technical and account contacts using those means established for routine account-related communications. Our notice shall include the following information to the extent it is reasonably available to Kinsta at the time of the notice, and Kinsta shall update its notice as additional information becomes reasonably available:
We will take those measures available, including measures reasonably requested by you, to address a vulnerability giving rise to a successful Security Event, both to mitigate the harm resulting from the Security Event and to prevent similar occurrences in the future. We will cooperate with your reasonable requests in connection with the investigation and analysis of the Security Event, including a request to use a third-party investigation and forensics service. Kinsta shall retain all information that could constitute evidence in a legal action arising from the Security Event and shall provide the information to you upon your request. Except to the extent required by law in the written and reasonable opinion of Kinsta’s legal counsel, or as reasonably required by our investigation of the Security Event or our other contractual obligations, we will not disclose to any third party the existence of a Security Event or suspected Security Event or any related investigation without Client’s prior written consent.
With regard to the Personal Data of others that you may provide to us, you hereby represent and warrant:
We will keep reasonable records to evidence our compliance with our obligations under this DPA and shall preserve such records for at least two (2) years from the date of the events reflected therein.