Posted on: 2019-01-14 Last updated: 2019-03-29

About our Data Processing Addendum:

Who should execute this data processing addendum

If you qualify as a data controller under the GDPR, you may need a data processing addendum (DPA) in place with SurveyLegend that process personal data on your behalf. To make it easier, SurveyLegend have created this digitally signed “GDPR compliant DPA”.

How to execute this DPA

  1. This DPA is a supplementary agreement to SurveyLegend’s Terms and Privacy agreement.
  2. This DPA has been pre-signed on behalf of SurveyLegend AB.
  3. You can see a preview of this DPA further below on this page. However to complete this DPA, Customer must fill the information asked here in this page and digitally sign it.
  4. SurveyLegend AB will send copies of the completed and signed DPA, simultaneously to the email-address entered by the Customer in the self-signing form and also to [email protected], indicating the Customer’s legal name.
  5. Upon receipt of the validly completed DPA by SurveyLegend AB, this DPA will become legally binding for parties, and will remain valid as long as Customer has an active account at SurveyLegend.
To generate a digitally signed DPA, please fill in the form at the bottom of this page…

Data Processing Addendum (preview version)

This Data Processing Addendum (“DPA”) is effective as of (“{signing date}”) by and between SurveyLegend AB, a Sweden-based Customer (“SurveyLegend”) acting on its own behalf and as agent for each SurveyLegend Affiliate, and the undersigned customer of SurveyLegend {Customer’s Company Name}, a {Customer’s Country Name}-based organization acting on its own behalf and as agent for each Customer Affiliate (“Customer”) for Services provided by SurveyLegend. This DPA supplements any terms of use or agreement SurveyLegend AB’s Terms (available at www.surveylegend.com/terms-and-privacy), or other written or electronic agreement, by and between SurveyLegend and the Customer (the “Main Agreement”). All capitalized terms not defined herein shall have the meanings set forth in the Main Agreement. Each of Customer and SurveyLegend may be referred to herein as a “Party” and together as the “Parties”. In connection with the Service, the parties anticipate that SurveyLegend may process outside of the European Economic Area (“EEA”) and United Kingdom, certain Personal Data in respect of which the Customer or any member of the Customer Affiliate may be a data controller under applicable EU Data Protection Laws. The parties have agreed to enter into this DPA in order to ensure that adequate safeguards are put in place with respect to the protection of such Personal Data as required by EU Data Protection Laws.
    1. Definitions

      1. In this Addendum, the following terms shall have the meanings set out below and cognate terms shall be construed accordingly:
        1. Applicable Laws” means (a) European Union or Member State laws with respect to any Customer’s Data in respect of which any Customer Group Member is subject to EU Data Protection Laws; and (b) any other applicable law with respect to any Customer’s Data in respect of which any Customer Group Member is subject to any other Data Protection Laws;
        2. Customer Affiliate” means an entity that owns or controls, is owned or controlled by or is or under common control or ownership with Customer, where control is defined as the possession, directly or indirectly, of the power to direct or cause the direction of the management and policies of an entity, whether through ownership of voting securities, by contract or otherwise;
        3. Customer Group Member” means Customer or any Customer Affiliate;
        4. Contracted Processor” means SurveyLegend or a SurveyLegend’s Sub-processor;
        5. Customer’s Personal Data” means any Personal Data Processed by a Contracted Processor on behalf of a Customer Group Member in connection with the Services;
        6. Customer’s Respondent” means any Data Subject who provides data by opening or entering data into a questionnaire (survey, form, poll) created by the Customer and made available to them, using SurveyLegend’s Services;
        7. Customer’s Collected Data” means any data collected by a Contracted Processor from Customer’s Respondents, on behalf of the Customer in connection with the Services, which may or may not include Respondents’ Personal Data or Sensitive Personal Data;
        8. Customer’s Data” means Customer’s Personal Data and Customer’s Collected Data.
        9. Data Protection Laws” means EU Data Protection Laws and, to the extent applicable, the data protection or privacy laws of any other country;
        10. EEA” means the European Economic Area;
        11. EU Data Protection Laws” means EU Directive 95/46/EC, as transposed into domestic legislation of each Member State and as amended, replaced or superseded from time to time, including by the GDPR and laws implementing or supplementing the GDPR;
        12. GDPR” means EU General Data Protection Regulation 2016/679;
        13. Services” means the services and other activities to be supplied to or carried out by or on behalf of SurveyLegend for Customer Group Members;
        14. Sub-processor” means any person (including any third party and any SurveyLegend Affiliate, but excluding an employee of SurveyLegend or any of its subcontractors) appointed by or on behalf of SurveyLegend or any SurveyLegend Affiliate to Process Personal Data on behalf of any Customer Group Member in connection with the Services; and
        15. SurveyLegend Affiliate” means an entity that owns or controls, is owned or controlled by or is or under common control or ownership with SurveyLegend, where control is defined as the possession, directly or indirectly, of the power to direct or cause the direction of the management and policies of an entity, whether through ownership of voting securities, by contract or otherwise.
      2. The terms, “Commission”, “Controller”, “Data Subject”, “Member State”, “Personal Data”, “Sensitive Personal Data”, “Personal Data Breach”, “Processing”, “Processor” and “Supervisory Authority” shall have the same meaning as in the GDPR, and their cognate terms shall be construed accordingly.
      3. The word “include” shall be construed to mean include without limitation, and cognate terms shall be construed accordingly.

    1. Modifications

      SurveyLegend will carry out processing on behalf of the Customer, and therefore guarantees to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of the GDPR and ensure the protection of the rights of the data subject. SurveyLegend warrants and represents that, before any SurveyLegend Affiliate Processes any Customer’s Data on behalf of any Customer Group Member, SurveyLegend’s entry into this Addendum as agent for and on behalf of that SurveyLegend Affiliate will have been duly and effectively authorised (or subsequently ratified) by that SurveyLegend Affiliate.

    1. Processing of Customer’s Data

      1. Controller The control of Personal Data collected from Customer’s Respondents remains solely with Customer, and Customer will at all times remain the Controller for the purposes of Personal Data processed under the Main Agreement, and this Data Processing Agreement. Customer is responsible for compliance with its obligations as Controller under the GDPR and other applicable data protection laws, hereunder for justification of any transmission of Personal Data to SurveyLegend (including providing any required notices and obtaining any required consents), and for its decisions concerning the Processing and use of the data. In particular, Customer will:
        1. ensure that the information that they type in is correct and complete, and updated if Customer regards necessary;
        2. provide the information to Data Subject that is required under the GDPR;
        3. ensure that it has and maintains a lawful basis, as defined in the GDPR for processing of all Personal Data it performs during the term of this DPA towards Data Subject;
        4. ensure that persons authorised to process the Customer’s Collected Data have committed themselves to confidentiality:
        5. ensure where a Sub-Processor or Processor other than SurveyLegend is engaged, the same data protection obligations as set out in this Data Processing Agreement shall be imposed on that other processor by way of a contract;
        6. inform SurveyLegend without undue delay in the event (a) the legal basis for Customer’s data processing in accordance with the GDPR ceases to exists (e.g. withdrawal of consent by Data Subject), and (b) Customer obtains information that create suspicion of unauthorized access to or handling of Personal Data. Customer shall provide all relevant information.
      2. Processor SurveyLegend is the Processor for Personal Data processed on Controller’s behalf under the Main Agreement and this Data Processing Agreement. SurveyLegend is responsible for compliance with its obligations as Processor under the GDPR and other applicable data protection laws, hereunder to process data according to written instructions from Customer. In particular, SurveyLegend will:
        1. process Customer’s Data according to the Main Agreement, unless Processing is required by Applicable Laws to which the relevant Contracted Processor is subject, in which case SurveyLegend or the relevant SurveyLegend Affiliate shall to the extent permitted by Applicable Laws inform the relevant Customer Group Member of that legal requirement before the relevant Processing of that Personal Data;
        2. process Customer’s Personal Data on documented written instructions from the Customer if provided by the Customer;
        3. not transfer the Personal Data to a third country or an international organisation that does not ensure an adequate level of protection in accordance with GDPR Article 45, or within the safeguards defined in GDPR Article 46;
        4. ensure that persons authorised to process the Customer’s Data have committed themselves to confidentiality;
        5. ensure where a Sub-Processor is engaged, the same data protection obligations as set out in this Data Processing Agreement shall be imposed on that other processor by way of a contract;
        6. taking into account the nature of the processing, assist the Customer by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Customer’s obligation to respond to requests for exercising the Data Subject’s rights laid down in GDPR Chapter III;
        7. assist the Customer in ensuring compliance with the obligations pursuant to GDPR Articles 32 to 36 taking into account the nature of processing and the information available to the Processor;
        8. make available to the Customer all information necessary to demonstrate compliance with the obligations laid down in GDPR Article 28 and allow for audits by the Customer;
        9. immediately inform the Customer if, in SurveyLegend’s opinion, an instruction infringes the GDPR;
      3. In order to comply with the requirements of the GDPR, the parties must be informed of certain details related to the Personal Data that will be processed (ref. GDPR Article 28). The most up-to-date and detailed information about SurveyLegend’s data collection from its users, respondents, and site visitors is provided in the Main Agreement under the Privacy Policy section.
      4. SurveyLegend shall process Personal Data solely for the purpose of fulfilling of the Main Agreement with Customer, and shall not otherwise Process and use Personal Data for purposes other than those set forth in this DPA, the Agreement, or as instructed in writing by Customer.
      5. Access to the Personal Data of Customer’s Respondents may take place if:
        1. customer has support enquiries. If such support enquiries so require, SurveyLegend support personnel may access, extract, store and change information, including personal data.
        2. specific projects are defined in separate agreements. If such specific projects so require, SurveyLegend consultants, employees, or sub-processors may access, extract, store and change information, including personal data.
        3. In such cases, SurveyLegend consultants, employees, sub-processors, or support personnel agree to extract, store and change information, including personal data, no longer than needed to perform and complete their tasks; after that data which they individually have stored will be deleted.
      6. Sub-Processing
        1. Each Customer Group Member authorises SurveyLegend and each SurveyLegend Affiliate to appoint Sub-processors in accordance with this section and any restrictions in the Main Agreement.
        2. SurveyLegend and each SurveyLegend Affiliate may continue to use those Sub-processors already engaged by SurveyLegend or any SurveyLegend Affiliate as of the date of this DPA, subject to SurveyLegend and each SurveyLegend Affiliate in each case as soon as practicable meeting the obligations set out in section 3.4
        3. SurveyLegend shall give Customer prior written notice of the appointment of any new Sub-processor, including full details of the Processing to be undertaken by the Sub-processor.
          1. Depending on the impact of appointing a new Sub-processor, SurveyLegend will inform the Customers either via a public blog post on SurveyLegend’s blog https://www.surveylegend.com/blog/, or via direct email to the email address which is associated with the party who signs this NDA.
          2. If, within fourteen (7) calendar days of receipt of that notice, Customer notifies SurveyLegend in writing of any objections (on reasonable grounds) to the proposed appointment: (a) SurveyLegend shall work with Customer in good faith to make available a commercially reasonable change in the provision of the Services which avoids the use of that proposed Sub-processor; and (b) where such a change cannot be made within thirty (15) calendar days from SurveyLegend’s receipt of Customer’s notice, notwithstanding anything in the Main Agreement, Customer may by written notice to SurveyLegend with immediate effect terminate the Main Agreement. In such case, SurveyLegend shall not have any obligations to refund Customer’s payment for their subscription(s).
        4. With respect to each Sub-processor, SurveyLegend or the relevant SurveyLegend Affiliate shall:
          1. before the Sub-processor first Processes Customer’s Data (or, where relevant, in accordance with section 3.4), carry out adequate due diligence to ensure that the Sub-processor is capable of providing adequate protection for Customer’s Data;
          2. ensure that the arrangement between on the one hand (a) SurveyLegend, or (b) the relevant SurveyLegend Affiliate, or (c) the relevant intermediate Sub-processor; and on the other hand the Sub-processor, is governed by a written contract where applicable including terms which offer at least the same level of protection for Customer’s Data as those set out in this DPA and meet the requirements of article 28(3) of the GDPR;
          3. if that arrangement involves Transfer of Data to countries outside EEA, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) SurveyLegend, or (b) the relevant SurveyLegend Affiliate, or (c) the relevant intermediate Sub-processor; and on the other hand the Sub-processor; and
          4. provide to Customer for review such copies of the Contracted Processors’ agreements with Sub-processors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPA) as Customer may request from time to time.

    1. Technical and Organizational Measures

      When Processing Personal Data on behalf of Customer in connection with fulfilment of the Main Agreement, SurveyLegend shall ensure that it implements and maintains compliance with appropriate technical and organizational security measures for the Processing of such data. Accordingly, SurveyLegend will implement the technical and organizational measures, hereunder SurveyLegend’s Technical and Organizational Measures and SurveyLegend’s IT governance policy.

    1. SurveyLegend and SurveyLegend Affiliate Personnel

      SurveyLegend and each SurveyLegend Affiliate shall take reasonable steps to ensure the reliability of any employee, agent or contractor of any Contracted Processor who may have access to the Customer’s Data, ensuring in each case that access is strictly limited to those individuals who need to know the relevant Customer’s Data, as strictly necessary for the purposes of the Services and consistent with the Main Agreement, and to comply with Applicable Laws in the context of that individual’s duties to the Contracted Processor, ensuring that all such individuals are subject to confidentiality undertakings or professional or statutory obligations of confidentiality.

    1. Security of Processing

      1. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, SurveyLegend will implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including, as appropriate:
        1. the encryption of personal data;
        2. the ability to ensure the ongoing confidentiality, integrity,
        3. availability and resilience of processing systems and services
        4. the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident
        5. a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
      2. In assessing the appropriate level of security account shall be taken in particular of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed.
      3. SurveyLegend shall take steps to ensure that any natural person acting under SurveyLegend’s authority who has access to personal data does not process them except on written instructions from the controller or as agreed under the Main Agreement, unless he or she is required to do so by applicable EEA law.

    1. Data Subject Rights

      1. Taking into account the nature of the Processing, SurveyLegend and each SurveyLegend Affiliate shall assist each Customer Group Member by implementing appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Customer Group Members’ obligations, as reasonably understood by Customer, to respond to requests to exercise Data Subject rights under the Data Protection Laws. SurveyLegend shall:
        1. promptly notify Customer if any Contracted Processor receives a request from a Data Subject under any Data Protection Law in respect of Customer’s Data; and
        2. ensure that the Contracted Processor does not respond to that request except on the documented instructions of Customer or the relevant Customer Affiliate or as required by Applicable Laws to which the Contracted Processor is subject, in which case SurveyLegend shall to the extent permitted by Applicable Laws inform Customer of that legal requirement before the Contracted Processor responds to the request.
      2. SurveyLegend will at all times grant Customer, as agreed in the Main Agreement, electronic access to online software environment that holds Customer’s Personal Data, allowing Customer to delete, release, correct or block access to specific Personal Data, as Customer requires at all times.
        1. Customer may, to the extent permitted by applicable law, provide detailed written instructions to SurveyLegend to delete, release, correct or block access to Respondent Personal Data.
        2. If Customer requires SurveyLegend to perform such deletion, release, correction or blocking of access to data that Customer could itself have performed, Customer agrees to pay SurveyLegend’s then-current fees associated with such performance.
      3. SurveyLegend may not disclose or provide access to the Customer’s Personal Data or Customer’s Collected Data to third parties, unless required by applicable law. Should a request for such disclosure or access be directed to SurveyLegend, SurveyLegend shall forward this request to Customer.

    1. Incident Management and Personal Data Breach Notification

      SurveyLegend evaluates and responds to incidents that create suspicion of unauthorized access to or handling of Personal Data.
      1. SurveyLegend shall notify Customer without undue delay upon SurveyLegend or any Sub-processor becoming aware of a Personal Data Breach affecting Customer’s Data.
      2. SurveyLegend shall cooperate with Customer and each Customer Group Member within internal SurveyLegend lines of business, with the appropriate technical teams and, where necessary, with outside law enforcement to respond to the incident, and take such reasonable commercial steps to assist in the investigation, mitigation and remediation of each such Personal Data Breach.
      3. The goal of the incident response will be to restore the confidentiality, integrity, and availability of the software environment, and to establish root causes and remediation steps.
      4. SurveyLegend shall without delay, and no later than within 60 hours, upon becoming aware of an accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data processed by SurveyLegend, notify the Customer: Where the information is available for SurveyLegend, the notification shall at least:
        1. describe the nature of the personal data breach including where possible, the categories and approximate number of data subjects concerned and the categories and approximate number of personal data records concerned;
        2. communicate the name and contact details of the data protection officer or other contact point at the Data Processor where more information can be obtained;
        3. describe the likely consequences of the personal data breach;
        4. describe the measures taken or proposed to be taken by SurveyLegend and or Customer to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.
      5. To the extent required under the GDPR, and upon Customer’s request, SurveyLegend will assist Customer in its obligation to notify the supervisory authority of a personal data breach. If Customer requires SurveyLegend to provide such assistance, Customer agrees to pay SurveyLegend’s then- current fees associated with such assistance.

    1. Deletion of Customer’s Data

      SurveyLegend and each SurveyLegend Affiliate shall promptly and in any event within thirty (30) days after the date of termination of Services involving the Processing of Customer’s Data, delete such Customer’s Data and all copies thereof, so that they cannot be recovered or reconstructed.
      1. Data needed for accounting purposes will be kept for a certain amount of time, as described in the Main Agreement.
      2. Any email or live chat communication between SurveyLegend and Customer will remain undeleted, unless Customer deliberately requests for deletion of particular email threads, as described in the Main Agreement.

    1. Audit Rights

      1. Subject to sections [ 10.2 to 10.4 ], SurveyLegend and each SurveyLegend Affiliate shall make available to each Customer Group Member on request all information necessary to demonstrate compliance with this Addendum, and shall allow for and contribute to audits, including inspections, by any Customer Group Member or an auditor mandated by any Customer Group Member in relation to the Processing of the Customer’s Data by the Contracted Processors.
      2. Information and audit rights of the Customer Group Members only arise under section 10.1 to the extent that the Main Agreement does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection Law (including, where applicable, article 28(3)(h) of the GDPR).
      3. Customer or the relevant Customer Affiliate requesting an audit:
        1. shall reasonable notice to SurveyLegend or relevant SurveyLegend Affiliate of any audit or inspection to be conducted under section 10.1,
        2. shall bear all costs and reimburse the SurveyLegend’s efforts,
        3. shall not interfere with the SurveyLegend’s ordinary course of business, and shall keep confidential all trade secrets of the SurveyLegend and its Affiliates and Subcontractors in case of an audit.
        4. shall make (and ensure that each of its mandated auditors makes) reasonable endeavours to avoid causing (or, if it cannot avoid, to minimise) any damage, injury or disruption to the Contracted Processors’ premises, equipment, personnel and business while its personnel are on those premises in the course of such an audit or inspection.
      4. A Contracted Processor need not give access to its premises for the purposes of such an audit or inspection:
        1. to any individual unless he or she produces reasonable evidence of identity and authority;
        2. unless they execute a written confidentiality agreement acceptable to SurveyLegend before conducting the audit;
        3. outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer or the relevant Customer Affiliate undertaking an audit has given notice to SurveyLegend or the relevant SurveyLegend Affiliate that this is the case before attendance outside those hours begins; or
        4. for the purposes of more than (one) audit or inspection, in respect of each Contracted Processor, in any (calendar year), except for any additional audits or inspections which:
          1. Customer or the relevant Customer Affiliate undertaking an audit reasonably considers necessary because of genuine concerns as to SurveyLegend’s or the relevant SurveyLegend Affiliate’s compliance with this Addendum; or
          2. A Customer Group Member is required or requested to carry out by Data Protection Law, a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where Customer or the relevant Customer Affiliate undertaking an audit has identified its concerns or the relevant requirement or request in its notice to SurveyLegend or the relevant SurveyLegend Affiliate of the audit or inspection.

    1. Data transfer within EEA

      1. With respect to Personal Data stored by the SurveyLegend and it Affiliates in data centres in the European Economic Area (EEA), SurveyLegend shall ensure compliance as follows:
        1. for SurveyLegend Affiliates, SurveyLegend and other relevant entities have binding intra-company agreements requiring compliance with all applicable security and data privacy policies and standards, and
        2. for Sub processors, SurveyLegend Affiliates has entered into contracts with Sub processors which provide that the Sub processor will undertake data protection and confidentiality obligations consistent with SurveyLegend’s security standards.

    1. Data Transfer to countries outside EEA

      1. SurveyLegend will not transfer personal data outside the EEA, to any country or recipient: (a) not recognized by the European Commission as providing an adequate level of protection for personal data, or (b) not covered by a suitable safeguard recognized by the relevant authorities or courts as providing an adequate level of protection for personal data, including but not limited to Binding Corporate Rules, Binding Corporate Rules for Processors and EU Standard Model Clauses.
      2. If Customer, or a party on Customer’s behalf, will access Personal Data stored in SurveyLegend’s storage area in the EEA, or transfer Personal Data stored in SurveyLegend’s storage area in the EEA from, the EEA storage area, it is Customers responsibility to ensure that either the transfer of data takes place based on a adequacy decision by the European Commission as defined in GDPR Article 45, or appropriate safeguards defined in GDPR Article 46 are in place for such access or transfer.

    1. General Terms

      1. Governing law and jurisdiction
        1. Without prejudice to clauses 7 (Mediation and Jurisdiction) and 9 (Governing Law) of the Standard Contractual Clauses:
          1. the parties to this DPA hereby submit to the choice of jurisdiction stipulated in the Main Agreement with respect to any disputes or claims howsoever arising under this DPA, including disputes regarding its existence, validity or termination or the consequences of its nullity; and
          2. this DPA and all non-contractual or other obligations arising out of or in connection with it are governed by the laws of the country or territory stipulated for this purpose in the Main Agreement.
        2. Nothing in this DPA reduces SurveyLegend’s or any SurveyLegend Affiliate’s obligations under the Main Agreement in relation to the protection of Personal Data or permits SurveyLegend or any SurveyLegend Affiliate to Process (or permit the Processing of) Personal Data in a manner which is prohibited by the Main Agreement. In the event of any conflict or inconsistency between this DPA and the Standard Contractual Clauses, the Standard Contractual Clauses shall prevail.
        3. Subject to section 14.2, with regard to the subject matter of this DPA, in the event of inconsistencies between the provisions of this DPA and any other agreements between the parties, including the Main Agreement and including (except where explicitly agreed otherwise in writing, signed on behalf of the parties) agreements entered into or purported to be entered into after the date of this DPA, the provisions of this DPA shall prevail.
      2. Severance
        1. Should any provision of this DPA be invalid or unenforceable, then the remainder of this DPA shall remain valid and in force. The invalid or unenforceable provision shall be either:
          1. amended as necessary to ensure its validity and enforceability, while preserving the parties’ intentions as closely as possible or, if this is not possible,
          2. construed in a manner as if the invalid or unenforceable part had never been contained therein.

  1. Changes to this DPA

    1. SurveyLegend retains the rights to update and improve this DPA. In case such updates take place and only if changes have meaningful major impact on terms of this agreement:
      1. SurveyLegend will inform the Customer by sending an email to email address associated with the person who signs this DPA, and also by publishing a public blog post;
      2. SurveyLegend will provide a summary of the recent changes to make it easier for Customer to follow and take adequate steps if they consider required.
    2. Changes will be active no sooner than 7 calendar days from the day they are publicly posted.
    3. Customers can digitally sign the new version of this DPA, as soon as it is publicly announced.
    4. Otherwise, by continuing to use the services Customer indicates their agreement to be obligated by the updated terms.
IN WITNESS WHEREOF, this DPA is entered into and becomes a binding part of the Main Agreement with effect from the date first set out above. On behalf of the Customer Full Name: {This must be typed by you in the form on this page} Title: {This must be typed by you in the form on this page} Email: {This must be typed by you in the form on this page} Phone: {This must be typed by you in the form on this page} Account holder’s email: {This must be typed by you in the form on this page} Company: {This must be typed by you in the form on this page} Address: {This must be typed by you in the form on this page} Date: {This must be typed by you in the form on this page} On behalf of SurveyLegend AB Full Name: {This will be emailed to you} Title: {This will be emailed to you} Email: {This will be emailed to you} Address: {This will be emailed to you} Date: {This will be emailed to you}

How to sign this DPA

First make sure you are logged-in to your account. Then, click on the Sign this DPA button below. On the next page, you will see a form in which you provide correct and valid information about the person and company who is signing this DPA with us. Then an auto-generated and digitally signed copy of the DPA will be emailed to you.