Updated 11 July 2025
These Terms are an annex to and forms an inseparable part of the Agreement between the entity that has entered into the Agreement (“Customer”) and the Supermetrics entity listed in the Order Form (”Supermetrics”), regarding the Customer’s use of the Services as specified in the Order Form. For the avoidance of doubt, these Terms apply to any use of the Service, including where Customer does not sign an Order Form before accessing and using the Service.
1. Definitions
1.1 “Affiliate” means any legal entity in which either party directly or indirectly holds more than 50% of the legal entity’s shares or voting rights.
1.2 “Agreement” means the Order Form and all annexes incorporated into the Order Form including these Terms.
1.3 “Authorised Users” means the employees, agents and contractors of the Customer or its Affiliates who the Customer authorises to use the Services in accordance with the Agreement.
1.4 “Confidential Information” means all information provided by a party to this Agreement to the other party that is marked or designated as “confidential” or “proprietary” or would otherwise reasonably be deemed to be confidential, regardless of whether such information is in writing or verbal.
1.5 “Custom Connector(s)” means connectors built by Customer using the tools provided by Supermetrics via the Service to access Third-Party Platforms not in Supermetrics’ current connector offering.
1.6 “Customer Data” means all data, personal data or other information that Customer, or another party on Customer’s behalf, provides to Supermetrics for the purpose of providing the Service.
1.7 “Feedback” means, comments, suggestions, ideas, or other information provided by Customer in the form of email or other submissions to Supermetrics.
1.8 “Force Majeure Event” means an event which occurs due to circumstances beyond the reasonable control of either party.
1.9 “Marketing Agency Customer” means a Customer whose business is to provide marketing services to Marketing Agency Clients.
1.10 “Marketing Agency Client” means the customers of a Marketing Agency Customer who receives marketing services directly from the Marketing Agency Customer.
1.11 “Order Form” means the contract through which the Customer has purchased a license to use the Service.
1.12 “Registration Data” means information as may be promoted by registration forms provided by Supermetrics to enable an Authorised User to access the Service.
1.13 “Third-Party Platforms” means any platforms, websites or services provided by third-parties to the Customer from which Customer may gather data from, provide data to, analyse data with or generate data from through the Service.
1.14 “Service” means any standard, distinct, subscription-based, hosted, supported, and operated on-demand solution provided by Supermetrics under an Order Form.
2. The Service
2.1 The Service enables Customers to collect, manage, analyse and activate Customer Data and to link Third-Party Platforms as data sources into other Third-Party Platforms as data destinations using pre-built connectors or Custom Connectors.
2.2 To use the Service, Customer must ensure that they have obtained any necessary licenses or consents needed for its use of Third-Party Platforms. Customer is responsible for its contractual relationship with Third-Party Platforms. For the avoidance of doubt Supermetrics does not assume any liability for such Third-Party Platforms; including their actions, omissions or content.
2.3 The Service is provided only electronically through both user interfaces on Third-Party Platforms, for example through an add-in or add-on functionality, and through interfaces hosted by Supermetrics in the Service.
3. Account Registration
3.1 Customer may permit Authorised Users to use the Service. Customer is fully responsible for Authorised Users use of the Service and breaches of the Agreement caused by Authorised Users.
3.2 All Authorized Users must register to use the Service. Customer agrees to, and will cause all Authorized Users to:
3.2.1 provide accurate, current and complete Registration Data;
3.2.2 maintain the security of, and not share with any Third-Party, any logins, passwords, or other credentials that Customer or any Authorized User selects or that are provided to Customer or any Authorized User for use on the Service;
3.2.3 maintain and promptly update the Registration Data, and any other information Customer or any Authorized User provides to Supermetrics, and to keep all such information accurate, current, and complete; and
notify Supermetrics immediately of any unauthorized use of any Authorized User account or any other breach of security by emailing privacy@supermetrics.com.
4. Fees and Payment
4.1 In consideration of the Supermetrics’ provision of the Service, Customer shall pay the fees specified in the Order Form. If Customer’s subscription is automatically renewable as set forth in the Order Form, Supermetrics reserves the right to increase the fees by eight (8) % annually after the Subscription Term, which shall apply at each renewal date of subscription. Late payments shall incur a late fee of 1.5% per month, or the maximum amount permitted by applicable law, whichever is greater.
4.2 Customer is required to reimburse Supermetrics for any costs incurred in collecting late payments, including collection agency and attorneys’ fees. In addition, Supermetrics has the right to suspend Customer’s access to the Service until all outstanding payments of fees are made.
5. Access and Use Restrictions
5.1 Supermetrics hereby grants Customer the right to access and use the Service, subject to Customer’s compliance with the Agreement at all times, including timely payment of all applicable fees. Customer’s right to access and use the Service is, limited to internal business purposes, non-transferable, non-exclusive, and revocable. Customer must ensure that each Authorised User’s access credentials are not used by more than one person.
5.2 The following additional access rights are applicable to Marketing Agency Customer only:
5.2.1 Marketing Agency Customer may use the Service on behalf of Marketing Agency Clients pursuant to the Agreement.
5.2.2 Marketing Agency Customer may share reports generated by the Service with Marketing Agency Clients, provided that such reports may only be used by 5.2.3 Marketing Agency Customer for internal business purposes.
Marketing Agency Clients agree to only use such reports for their internal business purposes.
5.2.4 Marketing Agency Customer may not use the Service to transfer data to Marketing Agency Client’s data warehouse, data lake, or other data storage without a separate written agreement with Supermetrics.
5.3 Customer’s access and use of the Service is based on the Service client, data source, data destination and usage restrictions, including but not limited to the Fair Usage Policy (available at https://supermetrics.com/fair-usage-policy).
5.4 Without limiting the generality of the foregoing, Customer will not, will not attempt to, and will not permit or encourage any third-party to:
5.4.1 reverse engineer, disassemble, decompile, decode, or exploit the Service, or otherwise attempt to derive or gain improper access to any software component of the Service, in whole or in part;
5.4.2 modify or create derivative works of the Service, in whole or in part;
5.4.3 use the Service in any manner or for any purpose that infringes, misappropriates, or otherwise violates any intellectual property right or other right of any third-party;
5.4.4 interfere with or disrupt the integrity of the Service or any content or data contained therein or transmitted thereby;
5.4.5 access, monitor, or copy any content or information on the Service using any robot, spider, scraper, or other automated means or any manual process for any purpose without our express written permission;
5.4.6 violate the restrictions in any robot exclusion headers on the Service or bypass or circumvent other measures employed to prevent or limit access to the Service;
5.4.7 take any action that imposes, or may impose, in our discretion, an unreasonable or disproportionately large load on our infrastructure;
5.4.8 deep-link to any portion of the Service for any purpose without our express written permission;
5.4.9 “frame”, “mirror,” sell, resell, rent, or lease any portion of the Service or otherwise incorporate any part of the Service into any other website without our prior written authorization;
5.4.10 input any virus, malware, or other harmful code into the Service;
5.4.11 use the Service or any Supermetrics Confidential Information for benchmarking or competitive analysis with respect to competitive or related products or services or to develop, commercialize, license, or sell any product, service, or technology that could, directly or indirectly, compete with the Service; or
5.4.12 violate any applicable local, provincial national, or international law or regulation.
5.5 We may at any time suspend any Authorized User’s access to the Service or terminate the Agreement if we have reason to believe that Customer is not complying with the Agreement or Customer is otherwise abusing the Service. Further, if Customer’s use of the Service exceeds the use limits set out in the Fair Usage Policy, Supermetrics reserves the right to charge Customer for such exceeding use at the then current rate applied by Supermetrics, subject to Supermetrics’ prior written notice.
6. Third-Party Platforms, Data and Content
6.1 The offering of Third-Party Platforms from which data can be gathered from or provided to is determined by Supermetrics at its sole discretion. Supermetrics may, during the Term, change its Third-Party Platform offering at any time.
6.2 Supermetrics assumes no liability whatsoever for the data or other content collected from Third-Party Platforms, except as otherwise set out in the Agreement.
6.3 Customer is solely responsible for ascertaining that Customer has the right to use the Service for gathering and processing any such data by using the Service, and Customer must obtain any such consents and authorizations as may be needed from time to time in relation to such data or other content and their processing by using the Service.
6.4 Customer agrees to comply with any third-party terms and conditions applicable to their use of Third-Party Platforms in addition to the terms of the Agreement.
6.5 The Service may contain links to web pages and content of third-parties which do not form part of the Service. Supermetrics do not monitor, endorse, or adopt, or have any control over any third-party web pages or content and make no guarantee as to its accuracy or completeness.
7. Modifications to the Service
7.1 Customer acknowledges that Supermetrics may make modifications to the Service during the Term without prior notice; however, Supermetrics will use reasonable efforts to notify Customer of any material changes to the Service in advance. In the event of material changes to the Service, Supermetrics may provide further instructions to Customer with respect to any actions required to continue access and use the Service, if necessary.
7.2 If Customer believes that a change results in a material reduction in functionality provided by the Service, Customer should notify Supermetrics. If Supermetrics, acting within its reasonable discretion, agrees that such modification is a material reduction in the Service, the parties may mutually agree to a remedy for such reduction, for example by offering an alternative pre-built connector.
8. Subcontractors
8.1 Supermetrics may engage subcontractors to perform the Service under the Agreement, provided that Supermetrics remains fully liable for any actions of such subcontractors. Notwithstanding the foregoing, Supermetrics shall not be liable for the acts or omissions of any of its hosting service or data communication service providers, other than as required by Data Protection Laws.
9. Term and Termination
9.1 This Agreement shall continue in full force and effect during the term of the Agreement and renewal periods specified in the Order Form. Any renewal and notice requirements are set forth in the Order Form. Upon the termination or expiration of the Agreement, Customer must immediately stop using and remove any connections to the Service.
9.2 Supermetrics may immediately terminate this Agreement or terminate or suspend any Authorized User’s access or use of the Service in the following circumstances:
9.2.1 If Customer’s or any Authorized User’s continued use of the Service may, in Supermetrics’ discretion, result in material harm to Supermetrics, its subcontractors, affiliates, or another customer of the Service, Supermetrics may reasonably block or restrict Customer’s access to the Service;
9.2.2 if Customer or any Authorized User has (i) submitted information to the Service in violation of applicable law; (ii) created Custom Connectors for which Customer or any Authorized User has no rights or in violation of the terms of such service or (iii) otherwise used the Service in breach of these Terms, including the restrictions set forth in Section 5 above; or
9.2.3 any fees due by Customer remain unpaid fifteen (15) days after the applicable due date as set forth in the Agreement.
9.3 Either party may terminate the Agreement upon written notice to the other party if the other party:
9.3.1 commits a material breach of its obligations under the Agreement and does not remedy such breach within thirty (30) days of receiving notice of breach from the non-breaching party; or
9.3.2 enters into bankruptcy, becomes insolvent or makes an assignment for the benefit of creditors.
9.4 In the event of termination by Customer pursuant to Section 9.3, Customer shall be entitled, as its sole remedy, to a pro-rata refund in the amount of the unused portion of any prepaid fees for the terminated Service calculated as of the effective date of termination. In the event of termination by Supermetrics pursuant to Sections 9.2 or 9.3, Customer shall not be entitled to any refund of prepaid fees.
10. Feedback
10.1 Any Feedback is non-confidential and Customer hereby grants to Supermetrics and its subcontractors and Affiliates a nonexclusive, royalty-free, perpetual, irrevocable, and fully sublicensable right to use Feedback for any purpose without compensation or attribution to Customer.
11. Trademarks
11.1 The “Supermetrics” name, the Supermetrics logos, and any other product or service name or slogan contained on the Service are trademarks or registered trademarks of Supermetrics and its suppliers or licensors, and may not be copied, imitated or used, in whole or in part, without the prior written permission of the applicable trademark owner. All other trademarks, registered trademarks, product names and company names or logos mentioned on the Service are the property of their respective owners. Reference to any products, services, processes or other information, by trade name, trademark, manufacturer, supplier or otherwise, does not constitute or imply endorsement, sponsorship, or recommendation thereof by us, or vice versa.
11.2 Supermetrics may use Customer’s company name(s) and logo(s) for marketing purposes, including on the Supermetrics website and in press releases, promotional and sales literature, customer/prospect presentations, and customer lists.
12. Intellectual Property Rights
12.1 Supermetrics owns all right, title, and interest, including all intellectual property rights, in and to the Service, and any services available in connection with the Service. For the modifications Customer has made with Custom Connectors, Customer shall have non-exclusive, royalty free, worldwide right to use any such modifications for the sole purpose of using the Service. Any intellectual property rights pertaining to the Custom Connector modifications shall belong to Supermetrics.
12.2 Customer owns all right, title, and interest, including all intellectual property rights, in and to Customer Data.
12.3 Except for those rights expressly granted in these Terms, no other rights are granted, either express or implied, to Supermetrics or Customer and all other rights are hereby reserved.
13. Confidential information
13.1 The parties may not disclose to third-parties any Confidential Information disclosed by the other party or by third-parties, except as set out in the Agreement.
13.2 Each party may disclose the other party’s Confidential Information to its own or affiliate company’s employees, officers, representatives, subcontractors or advisers who need to know such information for the purposes of carrying out the party’s rights and obligations under this Agreement or defend a legal claim. Each party shall ensure that its own or affiliate company’s employees, officers, representatives, subcontractors or advisers to whom it discloses the other party’s Confidential Information have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
13.3 The parties agree not to disclose to any third-parties any information about pricing of the Service.
13.4 The parties may disclose Confidential Information by the order of any competent court, or government authority. All such disclosures must be covered by protective measures as to reasonably protect the interest of the owner of the Confidential Information. If legally and reasonably possible, the disclosing party must give prompt written notice to the owner of the Confidential Information before such disclosure occurs to allow the owner of the Confidential Information to prevent such disclosure through appropriate legal means. The receiving party must always inform the relevant authority that the Confidential Information is subject to a duty of confidentiality pursuant to the Agreement.
13.5 The obligations set out in this section 13 shall not apply to:
13.5.1 information that is publicly known or enters the public domain other than by breach this Agreement by the parties; or
13.5.2 information that the receiving party can prove was known to it before it was provided by the other party; or
13.5.3 information that has been provided to the receiving party by a third-party without any obligation of confidentiality being in force between them; or
13.5.4 information which the other party has developed independently without any use of or access to Confidential Information.
14. Processing of Personal Data
14.1 Supermetrics will process personal data contained in Customer Data as a data processor as set out in Annex 1 below.
15. Permitted Use
15.1 Where permitted by Data Privacy Laws, Supermetrics may use Customer Data or other data derived from the operation of the Service: (i) to detect security incidents; (ii) to protect against fraudulent or illegal activity; (iii) to improve, enhance and support the Service; and (iv) to determine which other service offerings may be relevant to the Customer and inform the Customer of such offerings.
15.2 Notwithstanding the termination of this Agreement and provided that the Customer Data is in aggregated form, Supermetrics may use Customer Data for its business purposes including to create public statistics, for example, to enable Customers to benchmark their performance against industry level statistics. In no event does the aggregated data include any personally identifiable information or company level data.
16. Disclaimer of Warranties
16.1 CUSTOMER’S USE OF THE SERVICE, INCLUDING, WITHOUT LIMITATION, CUSTOMER’S USE OF ANY CONTENT ACCESSIBLE THROUGH THE SERVICE AND CUSTOMER’S INTERACTIONS AND DEALINGS WITH ANY SERVICE USERS, IS AT CUSTOMER’S SOLE RISK. SUPERMETRICS DOES NOT WARRANT UNINTERRUPTED USE OR OPERATION OF THE SERVICE OR CUSTOMER’S ACCESS TO ANY CONTENT, INCLUDING BUT NOT LIMITED TO THIRD-PARTY PLATFORMS. NO ADVICE OR INFORMATION, WHETHER ORAL OR WRITTEN, OBTAINED BY CUSTOMER FROM THE SERVICE WILL CREATE ANY WARRANTY REGARDING SUPERMETRICS THAT IS NOT EXPRESSLY STATED IN THESE TERMS.
16.2 EXCEPT FOR ANY EXPRESS WARRANTIES INCLUDED HEREIN, WE DISCLAIM ALL WARRANTIES, TO THE MAXIMUM EXTENT PERMITTED BY LAW, EXPRESS OR IMPLIED, WITH RESPECT TO THE SERVICE, INCLUDING ANY WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, OR FITNESS FOR A PARTICULAR PURPOSE AND WE DO NOT WARRANT THE ACCURACY OF ANY DATA PROVIDED IN CONNECTION WITH THE SERVICE, OR THAT THE SERVICE IS FREE OF BUGS OR ERRORS.
17. Indemnification
17.1 Supermetrics will defend, indemnify and hold harmless Customer from and against any costs, damages, expenses, and liabilities (including, but not limited to, reasonable attorneys’ fees) arising out of or in relation to third-party claims or actions arising out of or relating to infringement of third-party copyrights or trademarks due to Customer’s use of the Service, except to the extent such claims or actions arise out of or are related to:
17.1.1 any modification or combination of the Service by Customer with any service not provided by Supermetrics;
17.1.2 any Third-Party Platforms, Custom Connectors, information, or data;
17.1.3 any access or use of the Services by Customer in violation of these Terms, including the restrictions set forth in Section 5; or
17.1.4 any data, information, or content provided by Customer; or
17.1.5 arising out of or relating to gross negligence, wilful misconduct, or fraud by Supermetrics.
17.2 Supermetrics’ indemnification obligation in this Section only applies under the condition that Customer has notified Supermetrics in writing of a claim or action within a reasonable time.
17.3 In case such third-party claim is made or is likely to be made, Supermetrics is responsible, at its own cost, for obtaining any necessary rights for Customer to continue to use the Service under the terms of the Agreement or replace or modify the infringing part of the Service to be non-infringing without decreasing functionality. If Supermetrics is unable to replace or modify the infringing part, then Supermetrics may terminate this Agreement upon written notice to Customer, in which case Customer shall be entitled, as its sole remedy, to a pro-rata refund in the amount of the unused portion of any prepaid fees for the terminated Service calculated as of the effective date of termination. Supermetrics liability, and Customer’s sole remedy, for infringement of intellectual property rights in the Service shall be limited to this Section 17.1.
17.4 Customer will defend, indemnify and hold harmless Supermetrics from and against any costs, damages, expenses, and liabilities (including, but not limited to, reasonable attorneys’ fees) arising out of or in relation to third-party claims or actions arising out of or relating to:
17.4.1 any breach by Customer or any Authorized User of the restrictions set forth in Section 5 above; or
17.4.2 any data, information, or content inputted into the Service or otherwise provided by Customer, including any actual or alleged infringement of third-party intellectual property rights or rights to privacy arising out of any such data, information, or content, including Customer Data and Custom Connectors; or
17.4.3 any of Customer’s products or services; or
17.4.4 any gross negligence, wilful misconduct, or fraud by Customer.
18. Limitation of Liability
18.1 NEITHER PARTY NOR ITS SUPPLIERS OR LICENSORS WILL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR EXEMPLARY DAMAGES, INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, GOODWILL, USE, DATA, OR OTHER INTANGIBLE LOSSES (EVEN IF SUCH PARTY OR ANY SUPPLIER OR LICENSOR HAS BEEN ADVISED OF THE POSSIBILITY OF THESE DAMAGES), ARISING OUT OF THIS AGREEMENT.
18.2 A PARTY’S MAXIMUM TOTAL LIABILITY TOWARDS THE OTHER PARTY AND ITS SUPPLIERS AND LICENSORS FOR ALL CLAIMS UNDER THESE TERMS OR OTHERWISE IN RELATION TO THE SERVICE, WHETHER IN CONTRACT, TORT, OR OTHERWISE, IS LIMITED TO 100% OF THE ANNUAL FEE FOR THE SERVICE PAID BY THE CUSTOMER DURING THE 12 MONTH PERIOD PRECEDING THE CAUSE FOR THE CLAIM. IN CASE OF A FREE TRIAL OR OTHER FREE USE PERIOD OF THE SERVICE, SUPERMETRICS SHALL HAVE NO LIABILITY, UNLESS SUCH EXCLUSION OF LIABILITY IS NOT ENFORCEABLE UNDER APPLICABLE LAW, IN WHICH CASE THE LIABILITY OF SUPERMETRICS IS LIMITED TO 100 EUROS.
18.3 Any limitations of liability under this section 18 shall not apply in the event of gross negligence, wilful misconduct, or fraud. Nothing in the Agreement shall limit or exclude liability that may not be excluded or limited by law.
19. Governing Law and Dispute Resolution
19.1 These Terms shall be governed and construed in accordance with the laws of Finland, without giving effect to principles of conflicts of law or to the Convention on Contracts for the International Sale of Goods. Any dispute, controversy or claim arising out of or relating to this contract, or the breach, termination or validity thereof, shall be finally settled by arbitration in accordance with the Arbitration Rules of Finland Chamber of Commerce in Helsinki, Finland, except for payment disputes, which shall be subject to the courts located in Helsinki, Finland. The number of arbitrators shall be three. The language of the arbitration shall be English.
20. Other Terms
20.1 Neither party will be responsible for any failure or delay in the performance of its obligations under this Agreement (except for any payment obligations) due to a Force Majeure Event.
20.2 Supermetrics’ failure to act in a particular circumstance does not waive its ability to act with respect to that circumstance or similar circumstances.
20.3 The parties acknowledge and agree that this Agreement does not create any agency, partnership, joint venture, employment, or fiduciary relationship between the Provider and the Customer. Neither party has the authority to bind the other party or to act on behalf of the other party in any capacity whatsoever.
20.4 Any provision of these Terms that is found to be invalid, unlawful, or unenforceable will be severed from these Terms, and the remaining provisions of these Terms will continue to be in full force and effect.
20.5 The section headings and titles in these Terms are for convenience only and have no legal or contractual effect.
20.6 Supermetrics has the right to assign this Agreement to its Affiliates. Customer may not assign this Agreement without Supermetrics’ permission, except to a successor entity in connection with a merger, consolidation, or sale of all or substantially all of a party’s assets to which this agreement relates.
20.7 Customer represents and warrants that it has the capacity to enter into the Agreement.
20.8 The Agreement constitutes the complete and exclusive statement of the agreement between the Parties in relation to the provision of the Service and the party’s business relationship. Terms and conditions of any Customer-issued purchase orders, questionnaires, declarations or any other documents will have no force and effect.
21. Notices
21.1 Any notices under or in relation to the Agreement shall be sent to the email or physical address provided by the parties in the Order Form.
21.2 By using the Service, Customer consents to receiving electronic communications from Supermetrics. These communications may include notices about Customer’s account and information concerning or related to the Service.
22. Early Access Service
22.1 Supermetrics may offer Customer access to the Early Access Program (“Early Access Service”). The Terms are applicable to the Early Access Service and will control for any provision not addressed in this Section. Customer acknowledges and agrees that:
22.1.1 the Early Access Service has not been commercially released for use and sale by Supermetrics; and
22.1.2 the Early Access Service may not operate properly, be in final form or fully functional; and
22.1.3 the Early Access Service may contain bugs, errors, and other problems; and
22.1.4 the information obtained using the Early Access Service may not be accurate and may not accurately correspond to information extracted from any source; and
22.1.5 Supermetrics is under no obligation to release a commercial version of the Early Access Service; and
22.1.6 any granted service levels or service credits are not applicable to the Early Access Service.
22.2 Supermetrics may at any time, in its sole discretion, discontinue or suspend the development of the Early Access Service without any obligation or liability to Customer. Customer acknowledges and agrees that the Early Access Service is made available on an “as is” basis. Customer assumes all risks and all costs associated with the use of the Early Access Service. As part of the Early Access Service Customer will be asked to provide Feedback regarding the use of the Early Access Service. Any such Feedback shall be subject to Section 10.
23. Custom Connectors
23.1 If Customer creates Custom Connectors, Customer shall be solely liable for accessing and maintaining such Custom Connector.
Customer must not create Custom Connectors that infringe, misappropriate, or otherwise violate any intellectual property right or other right of any third-party.
24. Third-Party AI Features
24.1 We may provide to you features of our Services that utilize third-party artificial intelligence technology (“Third-Party AI Features”). In addition to these Terms, delivery and your use of the Third-Party AI Features and Plugins (as defined in the AI Terms) are governed by our supplementary https://supermetrics.com/ai-terms (“AI Terms”) that forms an inseparable part of the Agreement between you and us. To the extent the Third-Party AI Features are not part of your subscription to our Services, the AI Terms are not part of the Agreement and do not apply to you.
Annex 1 – Data Processing Agreement (“DPA”)
1. Definitions
1.1 “CCPA” means the California Consumer Privacy Act of 2018.
1.2 “Data Privacy Laws” means any applicable data protection legislation with regard to the processing of Personal Data under the DPA.
1.3 “Data Subject” means an identified or identifiable natural person as defined by Data Protection Law.
1.4 “EU Standard Contractual Clauses” means the unchanged standard contractual clauses published by the European Commission, reference 2021/914, or any subsequent final version thereof.
1.5 “GDPR” means the General Data Protection Regulation (EU) 2016/679.
1.6 “Personal Data” means any information relating to a Data Subject that is protected by Data Protection Law, provided that it has been entered into the Service by Customer or its Authorised User or otherwise provided to Supermetrics to provide the Service.
1.7 “Subprocessor” means any third-party authorized by Supermetrics to process Personal Data as set out in this DPA.
1.8 “UK GDPR” means the GDPR as it forms part of the law of England and Wales by virtue of the European Union (Withdrawal) Act 2018.
2. Background
2.1 Applicability. This Data Processing Agreement (“DPA”) is an annex to and forms an inseparable part of the Agreement between the Customer and Supermetrics, regarding Customer’s use of the Service.
2.2 Nature and Purpose of Processing. The agreed Service delivery may include processing of Personal Data by Supermetrics and its Subprocessors , on behalf of the Customer, within the scope described in the Agreement. The purpose of this DPA is to set the terms and conditions governing such processing by Supermetrics on behalf of the Customer in compliance with the requirements set by Data Privacy Laws).
2.3 Scope of Processing. Supermetrics may only process Personal Data on behalf of the Customer for the provision of the Service set forth in the Agreement. Supermetrics may not otherwise process or use Personal Data for purposes other than those set forth in this DPA or as reasonably instructed by the Customer in writing where such instructions are consistent with the terms of the Agreement.
2.4 Third-Party Cloud Service Provider. In the event that it is agreed that Supermetrics’ cloud based service shall be delivered by a third-party provider (Amazon Web Services, Microsoft, Google or other) the parties acknowledge that any Personal Data processed within the cloud service shall be exclusively governed by the terms and conditions for the cloud service as stipulated and amended from time to time by the cloud service provider.
3. Term and Termination of this DPA
3.1 Term. This DPA shall become effective upon signing the Order Form by the both parties and shall remain in force during the validity of the Agreement and thereafter for as long as necessary for the finalization of the agreed processing of Personal Data.
4. Processing of Personal Data
4.1 Governance. For the sake of clarity, it is noted that in relation to the Personal Data processed under this DPA, Supermetrics acts as a data processor or second data processor (a so called sub-processor), and the Customer acts as a data controller or first data processor (to the extent Supermetrics process personal data for which a customer of the Customer is considered controller).
4.2 Details of Processing. The types of Personal Data and categories of Data Subjects are solely determined by Customer through its use of the Service and typically include the following:
Categories of Data Subjects
As determined by the Customer through their use of the Service or as otherwise provided by Customer to Supermetrics, Personal Data will typically concern the following categories of Data Subjects:
- Customer
- Customers Authorised Users
- Clients and/or Prospects of the Customer
Types of Personal Data
As determined by the Customer through their use of the Service or as otherwise provided by Customer to Supermetrics, Personal Data typically relates to the following categories of data:
- Online identifiers, such as cookie identifiers, internet protocol addresses and device identifiers; precise location data; client identifiers;
- Contact details, such as names, email addresses, phone numbers and addresses;
- Data relating to individuals provided to Supermetrics via the Services by (or at the direction of) the Customer, including to create and collaborate on reports, graphs and charts;
- Event data and CRM data relating to individuals provided to Supermetrics via the Services by (or at the direction of) the Customer, such as data about data subjects and the actions they take on or in relation to specific websites, apps, services or applications.
- Financial and transactional details such as accounting, sales, orders, invoices, payments and items purchased provided to Supermetrics by or at the direction of the Customer.
- Other personal data submitted to the Services by (or at the direction of) the Customer within the scope of the Agreement.
4.3 Customer Instructions. This DPA with the Agreement and Customer’s use of the Service constitutes the instructions in accordance with which any such Personal Data is processed.
4.3.1 Supermetrics shall not process Personal Data for any other purpose or otherwise deviate from the Customer’s instructions, unless required to do so by Data Privacy Laws to which Supermetrics is subject, in which case Supermetrics shall, to the extent legally permissible, inform the Customer of that legal requirement before carrying out such processing.
4.3.2 If Supermetrics believes an instruction from the Customer is in breach of applicable data protection legislation or otherwise lacks instructions which, in Supermetrics assessment, are necessary to perform the processing of Personal Data in accordance with this DPA or applicable data protection legislation, Supermetrics shall promptly inform the Customer thereof and await further necessary instructions.
5. Responsibilities of the Customer
5.1 Data Privacy Laws. The Customer is the owner of its Personal Data and is responsible for its accuracy, legality, integrity and content reliability. Customer shall, in its use of the Services, process Personal Data in accordance with the requirements of Data Privacy Laws and Customer will ensure that its instructions for the processing of Personal Data shall comply with Data Privacy Laws. Customer is responsible for ensuring that a valid legal basis exists for the processing of Personal Data, including obtaining the Data Subject’s consent where required under applicable data protection laws. Customer is solely liable for its compliance with Data Privacy Laws in its use of the Services. Customer must provide a written notification to Supermetrics without undue delay if it believes this DPA and Customer’s written instructions do not fulfil requirements of applicable Data Privacy Laws.
6. Assistance to the Customer
6.1 Cooperation. Supermetrics will assist the Customer in ensuring compliance with their obligations under Article 32 (security of processing), Article 33 (notification of personal data breaches to supervisory authorities), Article 34 (communication of personal data breach to data subjects), Article 35 (data protection impact assessments) and Article 36 (prior consultation), taking into account the nature of processing and the information available to the Supermetrics, by providing such documents as are generally available for the Service including applicable audit reports or certifications. Any assistance by Supermetrics outside the scope of the services agreed under the Agreement shall be charged by Supermetrics at the then current rate applied by Supermetrics.
6.2 Data Subject Requests. Supermetrics shall, taking into account the nature of the processing, assist the Customer by appropriate technical or organizational measures, in the fulfilment of the Customer’s obligations to respond to data subject requests relating to their exercise of their rights under Data Privacy Laws. In this respect, Supermetrics shall provide assistance only upon request by the Customer. Any request directed to Supermetrics by a Data Subject shall be referred by Supermetrics to the Customer without undue delay. Any assistance by Supermetrics outside the scope of the Services agreed under the Agreement shall be charged by Supermetrics at the then current rate applied by Supermetrics.
6.3 Personal Data Breach. Supermetrics shall notify the Customer about any personal data breaches concerning Personal Data without undue delay after having become aware of such personal data breach. To the extent possible, the notification shall include the following information:
6.3.1 description of the nature of the personal data breach including where possible the categories and approximate number of data subjects and personal data records concerned;
6.3.2 the name and contact details of Supermetrics data protection officer or other contacts where further information can be obtained;
6.3.3 description of the likely consequences of the personal data breach; and
6.3.4 description of the measures taken or proposed to be taken to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.
Where it is not possible for Supermetrics to provide the information as indicated in Section 6.3 at the same time as the notification of the personal data breach, the information may be provided in phases without undue delay.
7. Confidentiality and Security
7.1 Personnel. Supermetrics shall ensure that all persons authorized to process Personal Data are bound by an obligation of confidentiality with respect to such Personal Data, and only processes Personal Data as set out in this DPA.
7.2 Technical and Organisational Measures. Supermetrics shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk of processing, taking into account the state of the art, the costs of implementation, and the nature, scope, context and purposes of processing. This shall include, inter alia as appropriate, measures to:
7.2.1 implement and maintain technical and organizational measures for safeguarding the confidentiality, integrity, availability and resilience of systems and services processing Personal Data;
7.2.2 restore the availability and access to Personal Data in a timely manner in the event of an incident;
7.2.3 regularly test, assess and evaluate the effectiveness of technical and organizational measures for ensuring the security of the processing; and
7.2.4 pseudonymize and/or encrypt Personal Data.
7.3 Requests from Supervisory Authorities. On request, Supermetrics shall cooperate with a supervisory authority in the performance of its tasks and shall comply with decisions by the supervisory authority on security measures required to comply with the GDPR. If and to the extent the Customer or the supervisory authority instructs Supermetrics to perform any measure, activity or action outside the scope of the Services agreed to under the Agreement, then such instruction shall be considered a request for additional services pursuant to the Agreement and additional fees may apply.
8. Subprocessors
8.1 General Authorisation. Customer grants Supermetrics a general authorization by the Customer for Supermetrics’ use of Subprocessors. Supermetrics shall ensure that Subprocessors are bound by a written agreement that requires them to provide at least the level of data protection required by Supermetrics under this DPA. Supermetrics is responsible for the Subprocessor’s performance under the Agreement to the same extent it is responsible for its own performance.
8.2 Current Subprocessors. A list of sub-processors (including their name, country, processing activities and country/area where processing activities are carried out) is available at www.supermetrics.com/subprocessors or other location as designated by Supermetrics from time to time.
8.3 Changes to Subprocessors. Supermetrics shall inform the Customer of changes concerning its Subprocessors, including the identity and location of new or replaced Subprocessors by providing a notice on the Supermetrics website.
8.4 Objections to New Subprocessors. If the Customer has a reasonable objection to any new or replacement sub-processor, it shall notify Supermetrics of such objection in writing within ten (10) days of the notification. In case the Customer objects to the use of a specific sub-processor, the parties shall enter into good faith negotiations on how to resolve the issue. Such negotiations do not affect Supermetrics’ right to use the new Subprocessor. In case the negotiations do not solve the issue, and the Customer opposes Supermetrics’ use of a specific sub-processor either party shall, for a justified reason and as a final remedy, be entitled to terminate the relevant Agreement on thirty days’ written notice.
9. International Transfers.
9.1 Transfers. Supermetrics and its Subprocessors may transfer or process Personal Data outside of the jurisdiction Customer is based in.
9.2 EU/EEA Personal Data. For transfers of Personal Data subject to GDPR by Supermetrics to a Subprocessor outside the EU/EEA, Supermetrics shall ensure that transfer is only made to:
9.2.1 a country deemed by the Commission to have an adequate level of protection or
9.2.2 entities having entered the EU Standard Contractual Clauses, or
9.2.3 provided other appropriate safeguards as described in Article 46 of the GDPR.
9.3. UK Personal Data. For transfers of Personal Data subject to UK GDPR outside of the UK, the EU Standard Contractual Clauses as amended by the UK Addendum to the EU Standard Contractual Clauses issued by the Information Commissioner’s Office under section 119 (A) of the Data Protection Act 2018 shall apply.
9.4 Other Personal Data. For transfers of Personal Data subject to other Data Privacy Laws which require an adequacy means and such adequacy means may be met by the EU Standard Contractual Clauses, the EU Standard Contractual Clauses shall apply.
9.5 EU Standard Contractual Clauses and UK Addendum. In accordance with sections 9.2, 9.3 and 9.4 the Customer gives its consent to the transfers and authorizes Supermetrics to conclude the processor-to-processor module of the EU Standard Contractual Clauses and UK Addendum as applicable.
10. Retention of Personal Data
10.1 Return or Destroy. Supermetrics has no obligation to store Personal Data after the termination of the Agreement. Supermetrics will, promptly destroy in accordance with our data retention policy or return all Personal Data after the end of the provision of the Services relating to processing and destroy existing copies unless applicable legislation requires storage of the personal data.
11. Audit
11.1 Compliance. Supermetrics shall upon the Customer’s request make available to the Customer all information necessary to demonstrate compliance with the obligations laid down in this DPA.
11.2 Right to Audit. The Customer or an auditor authorized by the Customer (however, not a competitor of the Supermetrics) is entitled to audit the activities pursuant to the DPA only if:
11.2.1 the audit is requested by a data protection authority with binding authority over Customer; or
11.2.2 Supermetrics has not provided sufficient evidence to demonstrate compliance with its obligations laid down in this DPA by providing Customer with a copy of a third-party certification.
11.3 Scope of Audit. The Parties shall agree on the time of the auditing and other details ahead of time and at latest 60 days before the inspection. The auditing shall be carried out in a way that does not impede the obligations of Supermetrics or its Subprocessors in regard to third-parties. The representatives of the Customer and the auditor must sign conventional non-disclosure commitments. Customer will not exercise its audit rights more than once in any twenty-four (24) calendar month period, except if, and when, required by instruction of a competent supervisory authority.
11.4 Costs of Audit. The Customer shall be responsible for its own and Supermetrics' expenses caused by the auditing. If notable defects are evidenced during auditing, Supermetrics shall be liable for the costs incurred from remediating said defects.
12. CCPA
12.1 Definitions. To the extent that Personal Data is subject to CCPA, all references to "Personal Data", "processing", "Data Subject" shall have the same meaning as defined in the CCPA; “controller” shall mean “Business” and “processor or “data processor” shall mean “Service Provider”.
12.2 Sale. Supermetrics may not sell the Personal Data, as the term “sale” is defined under the CCPA.