Bot Manager Resources

Outsourcing Obligations Addendum

Contact Us

  1. Vendor (as defined in the Agreement as defined below, acting as the "Processor" or "Vendor") shall comply with the following terms and conditions, set forth in this addendum ("Addendum") in respect of personal information, as defined in the Data Protection Laws ("PII"), accessed, collected or processed by or provided to the Vendor in connection with the lead generation services ("Services") provided by Processor to Radware Ltd. and/or Radware Inc. as the case may be (including their affiliates, "Company"). These terms and conditions are deemed accepted by the Parties prior to any service delivery, upon signing the Purchase Order.

    Data Protection Laws” means any and all applicable data protection and privacy laws including but not limited to, where applicable, Regulation (EU) 2016/679 regarding the Personal Data Protection (“GDPR”), and the Israeli Protection of Privacy Law, 5741-1981 (together with all regulations and guidelines issued under it, including without limitation, Protection of Privacy Regulations (Information Security), 2017, “PPL” and “Information Security Regulations” respectively).

    This Addendum establish the Parties responsibilities regarding the protection of PII which may be processed pursuant to the performance of an agreement/order between them (“Agreement”), and in accordance with the applicable legal requirements concerning PII protection. The Parties agree that, under this Addendum, the Company acts as a controller and the Processor acts as a processor.

  2. This Addendum sets forth the general rights and obligations of the parties, while the specific information and details regarding PII processing (i.e., purpose, duration, nature and purpose of each processing, type of PII and data subjects) is detailed ad hoc and/or in the Agreement. Any amendment to the processing details may only be made based on a written instruction from the Company.
  3. The PII is proprietary to the Company. Processor shall have no right, title or interest to the PII, and may not possess or process the PII except as provided herein.
  4. Processor warrants and represents, it will only process Company’s information including PII, made available by the Company or otherwise processed by Vendor on behalf of the Company, including collection, storage and distribution of prospect customers (“Leads”) information, in compliance with all Data Protection Laws and as set forth in Company’s privacy policy available at Radware Privacy Policy. Without derogating the foregoing, whenever relevant Processor shall, at all times when providing the Services to the Company, comply with section 30A of the Israeli Communications Law (Telecommunications and Broadcasting), 1982.
  5. Processor further warrants and represents, that (i) it shall share Leads’ PII only subject to receipt of applicable consent from data subjects and complying with applicable Data Protection Laws; (ii) it shall obtain and maintain at all times written consent from the Leads or other sources of PII, to allow their information to be provided to Company and Company’s business partners and to be contacted for promotional purposes, including the receipt of Company’s materials, Company’s marketing of its content, products and services and approaching the Leads via an e-mail, telemarketing and/or SMS either directly or through third parties contractors of the Company.
  6. Processor shall inform Company of any data subject rights request, related to a Lead or other data subject information provided to the Company, including without limitation to delete its PII, to be forgotten or otherwise restrict processing of its PII or exercising their rights under the Data Protection Laws. Processor shall promptly notify Company by email immediately upon such Lead’s requests, and shall immediately implement such requests, or shall assist the Company with extracting, deleting or performing any other operations on the PII, or, where possible, provide the Company the ability to perform any of the aforementioned actions on the PII. Processor shall provide commercially reasonable and timely assistance to the Company to enable the Company to respond to: (i) any request from a data subject exercising its rights under the Data Protection Laws; and (ii) any other enquiry or complaint received from a data subject or a supervisory authority in connection with the processing of the PII.
  7. Processor shall take all precautions in ensuring that the PII is accessed only by the Authorized Personnel (hereinafter defined) and shall ensure it has all necessary appropriate consents, notices and approvals are in place to enable lawful collecting, processing and transferring the PII to Company for the following purposes (the “Purposes”): providing Company with the Services, for receiving Company’s commercial materials and for engaging by Company for marketing purposes. Processor shall ensure that only the following types of PII shall be processed herein solely as follows: name and contract information of Leads, such data may include company email address, company phone number and address. Without derogating the foregoing, any use, transfer of the PII for any reason other than the strict fulfillment of the Purposes is prohibited and shall be deemed a material breach of this Addendum. Processor will be restricted to those systems and/or applications specifically permitted by the Company. "Authorized Personnel" shall mean any one of the Processor's employees who was properly authorized in accordance with an adequate security protocol.

  8. The Processor will notify the Company without delay if it considers that a Company’s instruction or any implementation of an instruction received from the Company breaches or may breach the Data Protection Laws.

    The Processor shall maintain the records required under the relevant Data Protection Laws for the PII and, to the extent applicable to the processing of PII on behalf of Company, make them available to the Company upon request.

  9. The Processor shall provide the Company with a list of all relevant subprocessors that will process company information. Processor undertakes not to use any sub processor without obtaining Company’s prior written approval. The Vendor has entered or will enter into a written agreement with each subprocessor containing PII obligations substantially similar to those in this Addendum . Engaging a Subprocessor will not relieve Processor’s responsibility to the Company.
  10. Without derogating from the foregoing, Processor will ensure that any of its employees who have access to the PII or to any part of the systems, software and/or facilities where the PII is hosted ("Processor Employees") are bound by a confidentiality undertaking prior to allowing them any such access.
  11. Processor shall ensure that the precautions hereunder will be enforced including monitoring and enforcement on a regular basis; shall train and update the Authorized Personnel in respect of the scope of the Purpose, use of the PII, and limitations and documentation of access as required by this Addendum, and shall provide the Company at its request with reports of Processor's compliance with the guidelines and the safeguarding measures it is enforcing for protection of the PII;
  12. In the event of a breach of the security or integrity of the PII, Processor will immediately notify Company and will take remedial measures, including without limitation, all reasonable measures to restore the security of the PII and limit unauthorized or illegal dissemination of the PII or any part thereof. For the avoidance of doubt, probable cause to suspect a data security incident triggers notification of data security incident pursuant to this Section. Processor will immediately provide the Company, as soon as possible, all relevant information relating to the data security incident and will cooperate with it and any competent authority as required under Data Protection laws.
  13. Processor shall maintain documentation regarding compliance with the requirements of this Addendum, including without limitation investigation of any complaints or investigation of possible breaches of this Addendum, which will be presented to the Company upon request and/or to a competent authorities or third parties as required by Data Protection Laws or this Addendum.
  14. Without limiting or derogating from Processor's liabilities, obligations or indemnities otherwise assumed by Processor under this Addendum or any Data Protection Laws, rule, regulation, standard, and/or guideline, Processor shall insure, at its own cost and expense, in amounts sufficient to cover its liability under this Addendum, professional liability insurance covering, among things, the errors and omissions of Processor under these data security obligations, as set forth in written confirmation of such insurance which will be provided to the other party by Processor.
  15. Processor shall maintain the PII in protected facilities which shall reasonably prevent the risk of trespass (electronic or physical) and other unauthorized access, and which adequately protects the PII.
  16. Processor shall not, in any manner, collect, process, or use any information and/or databases in which PII is stored for unauthorized or illegal purposes or in an illegal manner.
  17. Processor shall coordinate and permit periodic security audits by the Company or its designee to ensure compliance with this Addendum and Data Protection Laws, rules, regulations, standards, and/or guidelines, including without limitation access to data terminals and computers where PII may be accessed, electronic monitoring and compliance measures, and access to Processor’s relevant work logs, as appropriate, and executed agreements between Processor and the Leads.
  18. Processor shall assist and support Company in Company's compliance with its obligations to grant data subjects access to their PII and to process requests to correct or update their PII.
  19. Processor shall maintain and keep the PII only for the period during which it provides services to the Company or as required by law, and, upon fulfillment of the Purposes or termination of the services for any reason or at Company’s request, shall permanently delete all PII and any supporting metadata or, at the Company’s discretion, return it to Company. Processor will report to the Company upon deleting such data as soon as possible. To the extent there is a requirement by law obligating Processor to keep and maintain the PII, this Addendum shall remain in effect with respect to the protection of the PII and the auditing and inspection rights of Company.
  20. Processor undertakes to implement adequate technical and organizational measures to ensure a level of security adequate to the risk, taking into account, among other things, the type of processing, the purposes pursued, the context and specific circumstances in which the processing takes place. Without derogating from the foregoing, Processor will at all times implement security mechanisms in the highest standards accepted in the market at the relevant time and in accordance with applicable information security regulations, and in any case mechanisms that are not at a lesser level than necessary to deal with the risks inherent in the processing of PII.
  21. Customer will retain a copy of event logs as may be necessary for compliance with Information Security Regulations for at least 24 months, also on Costumer’s behalf, and shall enable the Company to retain those event logs if requested.
  22. In the event that the Agreement is with Radware Ltd - Processor will not export PII out of Israel or the EEA except with Company’s permission, and in compliance with the provisions of the Israeli Protection of Privacy Regulations (transfer of information to databases outside the borders of the country), 2001 and the provisions of the GDPR.
  23. Processor will not transfer information from the European Economic Area to the Company in Israel unless it complies with Israeli Protection of Privacy Regulations (Information Transferred to Israel from the European Economic Area), 2023 and the provisions of the GDPR.

  24. In limited cases where the Vendor provides the Company with Leads that the Vendor has independently collected for its own purposes (“Vendor-Originated Leads”), the Vendor and the Company shall act as independent Controllers with respect to such data. The Vendor represents and warrants that: (i) all Vendor-Originated Leads’ PII shared with the Company is collected and transferred in full compliance with all applicable laws, including Data Protection Laws, and Section 30A of the Israeli Communications Law (Telecommunications and Broadcasting), 1982; (ii) it shall obtain and maintain consent from the Vendor-Originated Leads or other sources of PII, where legally required to allow their information to be provided to Company and Company’s business partners and to be contacted for promotional purposes, including the receipt of Company’s materials, Company’s marketing of its content, products and services and approaching the Leads via an e-mail, telemarketing and/or SMS either directly or through third parties contractors of the Company (iii) the Vendor remains solely responsible for all its Controller obligations, including responding to data subject rights requests and regulatory inquiries; and (iv) the Company shall not be deemed a joint Controller or Processor for any Vendor-Originated Leads data prior to or after the transfer.

    This arrangement does not affect the Vendor’s role as a Processor for data processed on behalf of the Company under this Agreement (if applicable).

  25. Vendor shall indemnify and hold Company and its business partners harmless from and against any claims, lawsuits, judgments, liabilities, damages, losses and costs, including reasonable attorneys' fees, resulting from or caused by Vendor’s failure to comply with its undertakings set forth herein.
  26. This Addendum will be in force for so long as the Vendor processes, or has access to, any PII of the Company, or is providing Company with Vendor-Originated Leads.
  27. In any case of a contradiction between the provisions of this Addendum and other agreement between the parties, the provisions of this Addendum will prevail.
  28. If the Agreement is made with Radware Ltd.: Israeli law applies to this Addendum, and the jurisdiction shall rest exclusively with the courts in Tel Aviv-Jaffa, Israel. If the Agreement is made with Radware Inc.: the laws of the State of New York, U.S.A. applies to this Addendum, and the jurisdiction shall rest exclusively with the courts in New York, New York.

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Contact Us Now

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Locations
Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program

Get Social

Connect with experts and join the conversation about Radware technologies.

Blog
Security Research Center
CyberPedia

Close

What are you looking for?