DATA PROCESSING AGREEMENT

Last Updated: December 4, 2023

1. AGREEMENT

1.1. Subject Matter of the Agreement

This Data Processing Agreement is concluded between SE Ranking (hereinafter, the Processor) and an individual/legal entity that is using functional features of the Processor’s SEO tool (hereafter, the Services) and that is assigning the Processor to process personal data on his/her behalf (hereafter, the Controller).

The Processor shall be one of the following legal entities belonging to SE Ranking company group:

SERanking Ltd. with an address at Suite 209 15 Ingestre Place, London, England, W1F 0DU (hereafter, the UK Branch);

OR

SER Acquisition with an address at PO Box 19801, C/O the Corporation Trust Company, 1209 Orange Street, City of Wilmington, County Of New Castle, Delaware, United States (hereafter, the US Branch).

The Processor under current Data Processing Agreement is defined under the following rules:

  1. If the Controller pays fees under the Processor’s Terms of Services in GBP and EUR, the Processor is the UK Branch;
  2. Starting from May 2023, if the Controller pays fees under the Processor’s Terms of Services in USD, the Processor is the US Branch;
  3. Starting from August 2023, if the Controller pays fees under the Processor’s Terms of Services in any other currency other than EUR and/or GBP, the Processor is the US Branch.

The Processor will process personal data on behalf of the Controller within all the services provided in the context of the Processor’s SEO tool functionality usage. 

1.2. Term of this Agreement 

The Agreement will be valid as long as the Controller is having a registered account in the Processor’s SEO tool. 

1.3. Types of Personal Data processed

The processing activities in the context of the present agreement will affect the following personal data and its categories:

  1. SEO data: projects, user settings, back-links, editor content, researches, marketing details, lead generator details, report builder details, IP address;
  2. Analytics data: geolocation, IP address, browser details, operating system details, device details, user ID, URL access details, application interactions.

1.4. Data Processing Purposes

The Processor shall process personal data on behalf of the Controller only for the purposes of providing the Controller with the Services functionality. Any new purposes of the data processing activities shall be provided to the Processor in the form of respective written instructions.

1.5. Affected Data Subjects

The following groups of individuals will be affected by processing activities in the context of the present agreement:

  1. the Controller’s customers.
  2. any individual whose personal data are uploaded to the Processor’s SEO tool.

1.6. Technical and Organizational Measures

The Processor shall apply all necessary technical and organizational measures to protect personal data on behalf of the Controller. Such measures should be implemented taking into account the state of the art in the cybersecurity sphere as well as the costs of implementation of such measures. In any case the Processor guarantees the compliance of its technical and organizational measures with applicable privacy and data protection regulations.


2. CONTROLLER’S INSTRUCTIONS

2.1. The Processor processes personal data on behalf of the Controller. The Controller is responsible for maintaining compliance with data protection regulations. 

2.2. During the processing of personal data, the Processor is obligated to follow only the instructions of the Controller. Such instructions must be given in writing or by electronic mail. Outside the scope of these instructions, the Processor may not use the data provided to it for processing either for its own purposes or for the purposes of third parties. The Processor shall adjust, delete or block the data processed in the order in accordance with the Controller's instructions. If the Processor is of the opinion that instructions of the Controller are in breach of the applicable data protection regulations, it must notify the Controller accordingly without delay.

 

3. PROCESSOR’S OBLIGATIONS

3.1. The Processor shall assist the Controller in satisfying the data subjects' rights to access, rectification, restriction of processing, objection, erasure, and data portability regarding their personal data. If a data subject contacts the Processor directly regarding the rights listed above, the Processor shall forward this request to the Controller without delay.

3.2. The Processor undertakes to provide data protection training for its employees entrusted with the processing of the data provided by the Controller, and to impose on such employees an obligation to observe data secrecy (compliance with the confidentiality of personal data).

3.3. The Processor shall provide the Controller with the contact details of the contact partners for data protection and information security. If the Processor is subject to a statutory obligation to appoint a data protection officer, it shall appoint such an officer in writing and shall send the Controller their name(s) and contact details.

3.4. Upon request, the Processor shall provide the Controller with the information necessary to enable the Controller to satisfy notification obligations, maintain records of processing activities, or perform a data protection impact assessment. 

3.5. Each party to the present agreement shall be liable towards the other party for damage or losses incurred as a result of culpable violations of the present agreement or applicable data protection regulations. If both parties are at fault, they shall be liable according to their respective share of culpability.

3.6. The Controller may at any time instruct the immediate erasure of the data processed under the present agreement. Irrespective of this, the Processor is under obligation to surrender the data in a generally readable format at any time, at the request of the Controller. Once the term of the present agreement has ended, the Processor shall be obliged to surrender the data processed under the present agreement in a generally readable format or to delete it, at the Controller's discretion. In case of erasure, it must be ensured that the data cannot be reconstructed. The Processor shall prove to the Controller and confirm in writing, including in electronic form, that all of the data, copies and storage media have been returned and deleted. If binding legal requirements do not allow the erasure of certain data or categories of data, the Processor must inform the Controller about such requirements.

 

4. PROCESSOR’S SUB-PROCESSORS

4.1. If the Processor engages sub-contractors, it must first obtain the prior consent of the Controller in writing, including in electronic form. The contractual arrangements between the Processor and the subcontractor or freelancer must be structured in such a way that they correspond with the agreements concluded here between the Controller and the Processor. In particular, the Processor must ensure that the Controller can also perform checks relating to the subcontractors or freelancers in accordance with section 6 of the present agreement. The Controller is entitled to receive information from the Processor concerning the essential contractual provisions and the implementation of the obligations arising from the present agreement – if necessary also by inspecting the relevant contractual documents. 

4.2. The Controller is deemed to have consented to the involvement of the subcontractors and functions listed in the Processor list. The Processor must ensure that the subcontractors comply with the technical and organizational requirements specified in the present agreement in the same way as the Processor itself.

4.3. If subcontractors are replaced or added during the term of the present agreement, the Processor must first obtain the consent of the Controller in writing, including in electronic form. If the Processor intends to involve subcontractors other than those agreed on, it shall notify the Controller via communication features of the Processor’s Services. If the Controller does not object within 10 calendar days after Processor’s notification, the new sub-processor is deemed to be agreed on by the Controller as prescribed by the current provisions.

 

5. SECURITY OF PROCESSING

5.1. The Processor undertakes to use state-of-the-art technology to safeguard all of the Controller's information and data at all times by implementing technical and organizational measures that are appropriate to the risk associated with the processing. This includes protection against unauthorized access, unauthorized or accidental modification, destruction or loss, unauthorized transfer, other unauthorized processing or any other form of misuse. Section 1.2 notwithstanding, the obligation to protect the information and data shall apply for as long as the Processor stores said data and information, or otherwise processes it or has it processed by subcontractors.

5.2. The Processor must establish an Information Security Management System. Considering the risks, the Processor must determine what measures it needs to implement, regularly review them, and amend them. The Processor must document and substantiate both the risks and the measures implemented.

5.3. Compliance with approved codes of conduct or an approved certification procedure may be included as factors for substantiating technical and organizational measures. Certifications of the information security management system may also be included as a factor for substantiating the use of technical and organizational measures. However, such substantiation does not replace examination in individual cases. If such substantiation is used as a factor it must be appended to the present agreement.

5.5. The Processor may only grant authorization to access the Controller's data to its own employees in accordance with the authorization concept, and to the extent required for the task in question in connection with the execution of the present agreement. The Processor undertakes not to disclose the access authorizations assigned to it for the use of the system to any unauthorized persons.

5.6. If the Processor is granted access to the IT systems of the Controller or its subcontractors, the Processor undertakes to only access the data and information required.

5.7. The Processor must notify the Controller's contract management function in writing, including in electronic form, about significant changes to the technical and organizational measures described in the current agreement via any prescribed communication channels. In the event of any foreseeable reduction in the effectiveness of the security, the consent of the controller must be obtained in writing before the change is carried out.

 

6. CHECKS

6.1.  The Controller or its representative have the right to carry out checks on compliance with the requirements of the present agreement. The Processor shall provide the desired information and, at the request of the Controller and within a reasonable period, submit documentary evidence that it has met its obligations by completing a questionnaire supplied by the Controller or by confirming in writing that the measures agreed on in the current agreement are appropriate and up-to-date.

6.2. Subject to advance notice, the Controller or its representative shall be granted access to the offices and IT systems in/on which the Controller's data is processed so that the implementation of the present agreement and the appropriateness of the technical and organizational security measures can be verified.

6.3. The Processor must inform the Controller without delay of any control procedures by supervisory authorities, which take place in its company or the IT infrastructure used by it, and which involve the processing of the Controller's personal data. In the event of impending access to data of the Controller in the context of seizure, confiscation, judicial inquiries or other official measures, which are carried out at the Processor, or in the context of insolvency proceedings or other measures of third parties, the Processor shall inform the Controller accordingly without delay. 

6.4. In the context of section 6.3, the Processor shall inform all parties involved in any such action without delay that the power of disposal over the data subject to the present agreement lies with the Controller, and shall not transfer any data to third parties or allow third parties to access the data without the Controller's consent. If the Processor is sworn to secrecy in the event of a check, access or other measure in relation to the Controller's data by a party authorized to access the data, it must exercise due diligence on behalf of the Controller and will take any opportunity to take action against the measures and the confidentiality obligations.

 

7. REPORTING OF DATA BREACHES

7.1. The Processor must report any data protection security breaches (unintentional or unauthorized destruction, loss, amendment, disclosure or access involving personal data processed under the present agreement) or violation of client confidentiality to the Controller without delay in order to give the Controller the opportunity to report the incident to the relevant authorities within 72 hours. 

7.2.  In consultation with the Controller, the Processor shall initiate all steps necessary to clarify the matter and remedy the security incident without delay, and provide the Controller all information necessary to document the event and potentially submit a report to the relevant supervisory authority.

 

8. NON-DISCLOSURE

8.1. The Processor undertakes to treat as confidential all information - including but not limited to technical and commercial information, plans, findings, intelligence, designs, and documents - that becomes known to it or that it receives from the Controller in connection with the present agreement. That includes, not to disclose this information to third parties, to protect it from third-party access, to use it only for the purposes of the present agreement, and to disclose it only to employees who are themselves under an obligation to observe confidentiality, unless otherwise agreed in writing between the parties.

8.2. This confidentiality obligation shall not apply in respect of information

  1. That can be proven to have been known to the Processor before the present agreement came into effect
  2. That can be proven to have been lawfully obtained by the Processor from a third party without being subject to a confidentiality obligation
  3. That is already in the public domain or that enters into the public domain without any infringement of the obligations contained in the present agreement
  4. That can be proven to have been developed by the Processor during the course of its own independent work.

8.3. If the Controller is a financial services company that is subject to bank/client confidentiality requirements, the Processor undertakes to comply with the same requirements.

8.4. The Processor undertakes to impose on its employees to whom this information is disclosed the same obligations that it entered into above unless said employees are already subject to an equivalent confidentiality obligation by virtue of their employment contracts.

8.5. If any development results that are capable of being protected by intellectual property rights are reported, the parties reserve all rights in respect of any such property rights subsequently applied for or granted.

8.6. The confidentiality obligations in respect of information that has been made available during the term of the present agreement shall continue to apply for a period of five years after the present agreement has ended.

 

9. DATA PROCESSING IN A THIRD COUNTRY

9.1. If the Processor or its subcontractor process personal data emanating from the EU outside the European Economic Area (EU member states plus Iceland, Liechtenstein and Norway) or outside a country recognized by the European Commission as having an adequate level of data protection, or if the Processor or its subcontractor access EU-sourced personal data from outside the countries specified above, additional legal safeguards ensuring adequate level of data protection shall be applied.

9.2. The adequate level of data protection with respect to processing in third countries can be ensured by the application of the EU's standard contractual clauses (Annex A) or any other additional legal safeguard available on the basis of applicable privacy and data protection laws. 

9.3. Provisions of section 9 also apply to the situations where personal data emanating from countries not included to European Economic Area (EU member states plus Iceland, Liechtenstein and Norway) or from a country recognized by the European Commission as having an adequate level of data protection are transferred to the Processor located in European Economic Area or in a country recognized by the European Commission as having an adequate level of data protection. 

trustpilot
4,5 rating

4.2

g2-crowd
5,0 rating

4.8

get-app
5,0 rating

4.7

capterra
5,0 rating

4.6

¿Por qué las empresas de más de 150 países eligen SE Ranking? LEER LOS TESTIMONIOS
Florian Bierschenk
Online Marketing Manager en charly.education
Una buena herramienta SEO para negocios pequeños

Estaba acostumbrado a trabajar con herramientas como Sistrix, Ahrefs o Searchmetrics y no conocía SE Ranking antes. Pero esas herramientas implican un gasto muy grande para una introducción en el SEO así que decidí probar SE Ranking y estoy bastante satisfecho. Me gusta la habilidad de pagar por algunas herramientas con créditos, ya que no las utilizo muy a menudo, lo que me proporciona mayor flexibilidad para usarlas cuando tengo la necesidad y no estar pagando cuando no las estoy utilizando.

Bram van den Heuvel
CEO at Brijn Webproducts BV
Una herramienta SEO excelente para hacer un seguimiento de los clientes

Lo que más me gusta son los informes automáticos. Son muy personalizables y por supuesto tienen la posibilidad de ser estilizados a tu propio gusto. Esto nos facilita mucho la labor ya que no tenemos que hacerlo de manera manual. Además de eso las herramientas de SE Ranking son geniales para una análisis rápido y detallado, donde lo necesites.

Giannis Koutsopoulos
CEO de AboutHotelier
La mejor herramienta SEO que una empresa puede tener

SE Ranking es la mejor plataforma SEO que nuestra empresa ha usado hasta ahora. La interfaz de la plataforma muy buena y amigable para el usuario. Las opciones disponibles son muchas. Desde rastreo de posiciones, monitores de backlinks, investigación de palabras clave, hasta la investigación de la competencia y auditoría web, todo lo que necesitamos para optimizar nuestro sitio está al alcance de un click. También, para cualquier pregunta o lo que necesitemos, el equipo de soporte nos ha respondido y ayudado de manera muy rápida.

Jan B.
Dueño de JB Online Marketing
Valor real a un precio muy buen

Da una visión muy clara de los ranking y posiciones, herramienta de auditoría web para un escaneo rápido y el comprobador de backlinks son muy útiles. Los utilizo mucho así como el generador de leads para hacer un escaneo gratuito de clientes potenciales automático cuando rellenan el formulario. El dashboard te da una buena idea del cambio en el tráfico y las posiciones. El plan de marketing es simple pero te da unas pistas de qué hacer al comienzo de una web. Puedes rellenar las casillas cuando acabas una tarea, funciona muy bien.

Nirina M. Razanamparany
Software Engineer | Co-Founder en Code & Scale
Una herramienta SEO muy completa

La herramienta es muy completa: planes y rastreos de keywords, analisi de backlinks, investigación de la competencia… Muy pocas plataformas SEO ofrecen todas estas funciones en este rango de precios. Aun así, la experiencia de usuario es óptima: la interfaz es muy clara e intuitiva y las personas en SE Ranking son muy amables, empaticas y ayudan cuando hace falta.

Joe David
Founder & Marketing Consultant en Rochallor Digital
La herramienta SEO más comprensiva que he utilizado

Me gusta la herramienta de análisis de la competencia, proporciona datos sobre el tráfico orgánico y de pago, lo cual me da una idea de cómo alcanzar y superar a la competencia de mis clientes. También proporciona datos del tráfico potencial, lo cual ayuda a mostrar a los clientes las mejoras de la campaña. Y con el plan de marketing se que es lo que hay que mejorar para obtener resultados para mis clientes.

Harm Hendriks
Dueño de Premium Online
Una elección perfecta para una agencia de marketing

Después de usarlo mucho (10+ años de experiencia) SE Ranking destaca de la competencia ya que combina todo lo que necesitamos para nuestros clientes. Proporcionamos a nuestros clientes los ranking, así como el tráfico potencial (y los ingresos) de esos ranking cuando alcanzan el TOP3  en Google. La herramienta nos permite proporcionar al cliente un análisis detallado del estado técnico y el plan de marketing, pudiendo fijar los objetivos y seguir una lista de las actividades mensuales por hacer.Y además de todo esto es totalmente personalizable con la marca blanca.

John Sammon
Fundador y CEO en Sixth City Marketing
SE Ranking ha ayudado a nuestro negocio a incrementar la eficiencia y eficacia

Hemos usado otras herramientas en el pasado, pero SE Ranking ofrece más datos e información más actuales, lo que beneficia a nuestra agencia y nuestros clientes. SE Ranking nos permite acceder a datos históricos con uno pocos clicks si tener que salir de la interfaz. Desde actualizaciones diaria de las posiciones hasta volúmenes de búsquedas actuales, hay un montón de aspectos esenciales para formular una estrategia para el cliente, y con el sistema de SE Ranking en continua actualización somos capaces de usar estos datos y ayudar a nuestros clientes a llegar a la cima.

1
/
Load more reviews
Únete a más de 1,000,000+ usuarios
Estás en buena compañía
Empezar prueba gratuita de 14 días