DacuSign Envelope ID: 6BE73965-BAEF-4791-B930-DABA9714DC55
DARKTRACE
Appendix 2: Data Processing Agreement
1, DEFINITIONS. For the purposes of this DPA, the terms defined in this Appendix shall have the meanings as set forth in the
Agreement. Any terms not specifically defined by this DPA or the Agreement shall have the meaning given by GDPR.
2. SUBJECT MATTER OF THE DATA PROCESSING AGREEMENT
2.1 This Data Processing Agreement (“DP4”) applies to the processing of Customer Personal Data under the Agreement.
2.2 Customer will be the Data Controller and Darktrace will be the Data Precessor as defined under GDPR. Each Party agrees
that it shall comply with its obligations as a Data Controller and a Data Processor, respectively under the Data Privacy Laws
in exercising its rights and performing its obligations under this Agreement.
2.3 This DPA is an Appendix to the Agreement.
3. NATURE AND PURPOSE OF PROCESSING REGULATED DATA
3.1 The Data Processor shall process Personal Data in order to provide the Support Services as set forth in the Support
Services Datasheet.
3.2 In the event that the Data Controller has purchased Antigena Email, the additional data protection provisions of the
Antigena Email Schedule shall apply and be incorporated into this OPA.
4, TYPES AND CATEGORIES OF PERSONAL DATA
41 Categories of Data Subjects.
Employees inciuding volunteers, agents, temporary workers, independent contractors;
Contractors
- Customer clients, prospects
Suppliers, vendors
Advisors, consultants and other professional experts
Customer officers, directors
- And any other categories of Data Subjects that may be contained in the Data Controller's network.
4.2 Types of Personal Data:
- IP addresses
- Host names
- File names
- Email addresses
- And any other types of Personal Data that may be contained in the Data Controller's network.
5. RIGHTS AND OBLIGATIONS OF THE CONTROLLER
5.1 The Data Controller hereby instructs the Data Processor to take such steps in the processing of Personal Data as are
reasonably necessary for the performance of the Data Processor’s obligations under the Agreement, and agrees that such
instructions, comprising the terms of this DPA and the Agreement, constitute its full and complete instructions as to the
means by which Personal Data shall be processed by the Data Processor.
6. RIGHTS AND OBLIGATIONS OF THE PROCESSOR
6.1 The Data Processor shall only process Personal Data in accordance with the Data Controller's written instruction as
specified herein and shail not use Personal Data except to deliver the Offering and the Services as instructed by the
Agreement, unless such processing is required by Jaw to which the Data Processor is subject, in which case the Data
Processor shall, to the extent permitted by law, inform the Data Controller of that legal requirement prior to carrying
out the applicable processing.
6.2 The Data Processor shall immediately inform the Data Controller if, in the Data Processor’s reasonable opinion, an
instruction from the Data Controller infringes the Data Privacy Laws.
6.3 The Data Processor shall not transfer Personal Data outside the European Economic Area (“EEA”) without the prior
written consent of the Data Controller and not without procuring provision of adequate safeguards (as defined by the
European Commission from time to time);
6.4 In the event that the UK ceases to be a member of the European Union or ceases te be considered by the European
Commission to be an adequate country pursuant to Article 45 of GDPR, then the parties agree that Darktrace shall apply
the EU Model Clauses as set out at https://www.darktrace.com/en/resources/legal-customer-model-clauses.pdf, to
any relevant transfer of data and such EU Model Clauses shall be deemed incorporated from the date of first transfer.
6.5 The Data Processor shall take reasonable steps to ensure the reliability of its agents and employees who have access to
any Personal Data.
V01.04.2020 MCA SHRINKWRAP 13
