DATA PROCESSING AGREEMENT
Last Updated: December 4, 2023
1. AGREEMENT
1.1. Subject Matter of the Agreement
This Data Processing Agreement is concluded between SE Ranking (hereinafter, the Processor) and an individual/legal entity that is using functional features of the Processor’s SEO tool (hereafter, the Services) and that is assigning the Processor to process personal data on his/her behalf (hereafter, the Controller).
The Processor shall be one of the following legal entities belonging to SE Ranking company group:
SERanking Ltd. with an address at Suite 209 15 Ingestre Place, London, England, W1F 0DU (hereafter, the UK Branch);
OR
SER Acquisition with an address at PO Box 19801, C/O the Corporation Trust Company, 1209 Orange Street, City of Wilmington, County Of New Castle, Delaware, United States (hereafter, the US Branch).
The Processor under current Data Processing Agreement is defined under the following rules:
- If the Controller pays fees under the Processor’s Terms of Services in GBP and EUR, the Processor is the UK Branch;
- Starting from May 2023, if the Controller pays fees under the Processor’s Terms of Services in USD, the Processor is the US Branch;
- Starting from August 2023, if the Controller pays fees under the Processor’s Terms of Services in any other currency other than EUR and/or GBP, the Processor is the US Branch.
The Processor will process personal data on behalf of the Controller within all the services provided in the context of the Processor’s SEO tool functionality usage.
1.2. Term of this Agreement
The Agreement will be valid as long as the Controller is having a registered account in the Processor’s SEO tool.
1.3. Types of Personal Data processed
The processing activities in the context of the present agreement will affect the following personal data and its categories:
- SEO data: projects, user settings, back-links, editor content, researches, marketing details, lead generator details, report builder details, IP address;
- Analytics data: geolocation, IP address, browser details, operating system details, device details, user ID, URL access details, application interactions.
1.4. Data Processing Purposes
The Processor shall process personal data on behalf of the Controller only for the purposes of providing the Controller with the Services functionality. Any new purposes of the data processing activities shall be provided to the Processor in the form of respective written instructions.
1.5. Affected Data Subjects
The following groups of individuals will be affected by processing activities in the context of the present agreement:
- the Controller’s customers.
- any individual whose personal data are uploaded to the Processor’s SEO tool.
1.6. Technical and Organizational Measures
The Processor shall apply all necessary technical and organizational measures to protect personal data on behalf of the Controller. Such measures should be implemented taking into account the state of the art in the cybersecurity sphere as well as the costs of implementation of such measures. In any case the Processor guarantees the compliance of its technical and organizational measures with applicable privacy and data protection regulations.
2. CONTROLLER’S INSTRUCTIONS
2.1. The Processor processes personal data on behalf of the Controller. The Controller is responsible for maintaining compliance with data protection regulations.
2.2. During the processing of personal data, the Processor is obligated to follow only the instructions of the Controller. Such instructions must be given in writing or by electronic mail. Outside the scope of these instructions, the Processor may not use the data provided to it for processing either for its own purposes or for the purposes of third parties. The Processor shall adjust, delete or block the data processed in the order in accordance with the Controller's instructions. If the Processor is of the opinion that instructions of the Controller are in breach of the applicable data protection regulations, it must notify the Controller accordingly without delay.
3. PROCESSOR’S OBLIGATIONS
3.1. The Processor shall assist the Controller in satisfying the data subjects' rights to access, rectification, restriction of processing, objection, erasure, and data portability regarding their personal data. If a data subject contacts the Processor directly regarding the rights listed above, the Processor shall forward this request to the Controller without delay.
3.2. The Processor undertakes to provide data protection training for its employees entrusted with the processing of the data provided by the Controller, and to impose on such employees an obligation to observe data secrecy (compliance with the confidentiality of personal data).
3.3. The Processor shall provide the Controller with the contact details of the contact partners for data protection and information security. If the Processor is subject to a statutory obligation to appoint a data protection officer, it shall appoint such an officer in writing and shall send the Controller their name(s) and contact details.
3.4. Upon request, the Processor shall provide the Controller with the information necessary to enable the Controller to satisfy notification obligations, maintain records of processing activities, or perform a data protection impact assessment.
3.5. Each party to the present agreement shall be liable towards the other party for damage or losses incurred as a result of culpable violations of the present agreement or applicable data protection regulations. If both parties are at fault, they shall be liable according to their respective share of culpability.
3.6. The Controller may at any time instruct the immediate erasure of the data processed under the present agreement. Irrespective of this, the Processor is under obligation to surrender the data in a generally readable format at any time, at the request of the Controller. Once the term of the present agreement has ended, the Processor shall be obliged to surrender the data processed under the present agreement in a generally readable format or to delete it, at the Controller's discretion. In case of erasure, it must be ensured that the data cannot be reconstructed. The Processor shall prove to the Controller and confirm in writing, including in electronic form, that all of the data, copies and storage media have been returned and deleted. If binding legal requirements do not allow the erasure of certain data or categories of data, the Processor must inform the Controller about such requirements.
4. PROCESSOR’S SUB-PROCESSORS
4.1. If the Processor engages sub-contractors, it must first obtain the prior consent of the Controller in writing, including in electronic form. The contractual arrangements between the Processor and the subcontractor or freelancer must be structured in such a way that they correspond with the agreements concluded here between the Controller and the Processor. In particular, the Processor must ensure that the Controller can also perform checks relating to the subcontractors or freelancers in accordance with section 6 of the present agreement. The Controller is entitled to receive information from the Processor concerning the essential contractual provisions and the implementation of the obligations arising from the present agreement – if necessary also by inspecting the relevant contractual documents.
4.2. The Controller is deemed to have consented to the involvement of the subcontractors and functions listed in the Processor list. The Processor must ensure that the subcontractors comply with the technical and organizational requirements specified in the present agreement in the same way as the Processor itself.
4.3. If subcontractors are replaced or added during the term of the present agreement, the Processor must first obtain the consent of the Controller in writing, including in electronic form. If the Processor intends to involve subcontractors other than those agreed on, it shall notify the Controller via communication features of the Processor’s Services. If the Controller does not object within 10 calendar days after Processor’s notification, the new sub-processor is deemed to be agreed on by the Controller as prescribed by the current provisions.
5. SECURITY OF PROCESSING
5.1. The Processor undertakes to use state-of-the-art technology to safeguard all of the Controller's information and data at all times by implementing technical and organizational measures that are appropriate to the risk associated with the processing. This includes protection against unauthorized access, unauthorized or accidental modification, destruction or loss, unauthorized transfer, other unauthorized processing or any other form of misuse. Section 1.2 notwithstanding, the obligation to protect the information and data shall apply for as long as the Processor stores said data and information, or otherwise processes it or has it processed by subcontractors.
5.2. The Processor must establish an Information Security Management System. Considering the risks, the Processor must determine what measures it needs to implement, regularly review them, and amend them. The Processor must document and substantiate both the risks and the measures implemented.
5.3. Compliance with approved codes of conduct or an approved certification procedure may be included as factors for substantiating technical and organizational measures. Certifications of the information security management system may also be included as a factor for substantiating the use of technical and organizational measures. However, such substantiation does not replace examination in individual cases. If such substantiation is used as a factor it must be appended to the present agreement.
5.5. The Processor may only grant authorization to access the Controller's data to its own employees in accordance with the authorization concept, and to the extent required for the task in question in connection with the execution of the present agreement. The Processor undertakes not to disclose the access authorizations assigned to it for the use of the system to any unauthorized persons.
5.6. If the Processor is granted access to the IT systems of the Controller or its subcontractors, the Processor undertakes to only access the data and information required.
5.7. The Processor must notify the Controller's contract management function in writing, including in electronic form, about significant changes to the technical and organizational measures described in the current agreement via any prescribed communication channels. In the event of any foreseeable reduction in the effectiveness of the security, the consent of the controller must be obtained in writing before the change is carried out.
6. CHECKS
6.1. The Controller or its representative have the right to carry out checks on compliance with the requirements of the present agreement. The Processor shall provide the desired information and, at the request of the Controller and within a reasonable period, submit documentary evidence that it has met its obligations by completing a questionnaire supplied by the Controller or by confirming in writing that the measures agreed on in the current agreement are appropriate and up-to-date.
6.2. Subject to advance notice, the Controller or its representative shall be granted access to the offices and IT systems in/on which the Controller's data is processed so that the implementation of the present agreement and the appropriateness of the technical and organizational security measures can be verified.
6.3. The Processor must inform the Controller without delay of any control procedures by supervisory authorities, which take place in its company or the IT infrastructure used by it, and which involve the processing of the Controller's personal data. In the event of impending access to data of the Controller in the context of seizure, confiscation, judicial inquiries or other official measures, which are carried out at the Processor, or in the context of insolvency proceedings or other measures of third parties, the Processor shall inform the Controller accordingly without delay.
6.4. In the context of section 6.3, the Processor shall inform all parties involved in any such action without delay that the power of disposal over the data subject to the present agreement lies with the Controller, and shall not transfer any data to third parties or allow third parties to access the data without the Controller's consent. If the Processor is sworn to secrecy in the event of a check, access or other measure in relation to the Controller's data by a party authorized to access the data, it must exercise due diligence on behalf of the Controller and will take any opportunity to take action against the measures and the confidentiality obligations.
7. REPORTING OF DATA BREACHES
7.1. The Processor must report any data protection security breaches (unintentional or unauthorized destruction, loss, amendment, disclosure or access involving personal data processed under the present agreement) or violation of client confidentiality to the Controller without delay in order to give the Controller the opportunity to report the incident to the relevant authorities within 72 hours.
7.2. In consultation with the Controller, the Processor shall initiate all steps necessary to clarify the matter and remedy the security incident without delay, and provide the Controller all information necessary to document the event and potentially submit a report to the relevant supervisory authority.
8. NON-DISCLOSURE
8.1. The Processor undertakes to treat as confidential all information - including but not limited to technical and commercial information, plans, findings, intelligence, designs, and documents - that becomes known to it or that it receives from the Controller in connection with the present agreement. That includes, not to disclose this information to third parties, to protect it from third-party access, to use it only for the purposes of the present agreement, and to disclose it only to employees who are themselves under an obligation to observe confidentiality, unless otherwise agreed in writing between the parties.
8.2. This confidentiality obligation shall not apply in respect of information
- That can be proven to have been known to the Processor before the present agreement came into effect
- That can be proven to have been lawfully obtained by the Processor from a third party without being subject to a confidentiality obligation
- That is already in the public domain or that enters into the public domain without any infringement of the obligations contained in the present agreement
- That can be proven to have been developed by the Processor during the course of its own independent work.
8.3. If the Controller is a financial services company that is subject to bank/client confidentiality requirements, the Processor undertakes to comply with the same requirements.
8.4. The Processor undertakes to impose on its employees to whom this information is disclosed the same obligations that it entered into above unless said employees are already subject to an equivalent confidentiality obligation by virtue of their employment contracts.
8.5. If any development results that are capable of being protected by intellectual property rights are reported, the parties reserve all rights in respect of any such property rights subsequently applied for or granted.
8.6. The confidentiality obligations in respect of information that has been made available during the term of the present agreement shall continue to apply for a period of five years after the present agreement has ended.
9. DATA PROCESSING IN A THIRD COUNTRY
9.1. If the Processor or its subcontractor process personal data emanating from the EU outside the European Economic Area (EU member states plus Iceland, Liechtenstein and Norway) or outside a country recognized by the European Commission as having an adequate level of data protection, or if the Processor or its subcontractor access EU-sourced personal data from outside the countries specified above, additional legal safeguards ensuring adequate level of data protection shall be applied.
9.2. The adequate level of data protection with respect to processing in third countries can be ensured by the application of the EU's standard contractual clauses (Annex A) or any other additional legal safeguard available on the basis of applicable privacy and data protection laws.
9.3. Provisions of section 9 also apply to the situations where personal data emanating from countries not included to European Economic Area (EU member states plus Iceland, Liechtenstein and Norway) or from a country recognized by the European Commission as having an adequate level of data protection are transferred to the Processor located in European Economic Area or in a country recognized by the European Commission as having an adequate level of data protection.
4.2
4.8
4.7
4.6
Avant, j’utilisais des outils comme Sistrix, Ahrefs, ou Searchmetrics, et je ne connaissais pas SE Ranking. Mais ces outils coûtaient beaucoup d’argent alors que je commençais à peine à me mettre au SEO. Je me suis donc lancé et je suis plutôt satisfait. J’aime le fait de pouvoir payer pour certains services à l’aide de crédits, étant donné que je ne les utilise pas si souvent que ça. Cela me permet de les utiliser de manière plus souple, seulement quand j’en ai besoin, et qu’ils ne me coûtent pas d’argent quand je ne les utilise pas.
Ce que je préfère, ce sont les rapports automatiques. Ils sont vraiment paramétrables jusqu’à l’échelle du client, et bien sûr, vous pourrez les personnaliser. C’est beaucoup plus simple pour nous, on n’a plus à le faire manuellement. En plus de tout cela, les outils de SE Ranking sont super tant pour des analyses rapides que pour approfondir là où vous le souhaitez.
SE Ranking est la meilleure plateforme seo que notre entreprise ait utilisé jusqu’à maintenant. L’interface de la plateforme est super et facile à utiliser. Il y a beaucoup d’options disponibles. Que l’on veuille suivre nos classements, surveiller nos liens retours, des mots-clés, analyser les performances de nos concurrents ou faire un audit de notre site web, tout ce dont on a besoin pour optimiser notre site est à portée de clic. Et si vous avez des questions ou n’importe quoi d’autre, leur équipe d’assistance en direct m’a répondu et m’a aidé instantanément.
Une vue d’ensemble claire sur les classements et les positionnements, un outil d’audit de site pour une analyse rapide et un vérificateur de liens retours, tout ça est très utile. Je l’utilise beaucoup, et j’utilise aussi le générateur de leads pour avoir accès à des analyses gratuites de clients potentiels, qui se lance gratuitement quand on remplit le formulaire. Le tableau de bord vous donne un bon aperçu sur les changements dans votre trafic et vos positionnements. La stratégie marketing est un peu simple, mais elle vous donnera une idée de ce que vous devez faire en premier sur votre site, et vous pourrez aussi cocher les cases lorsque vous aurez terminé une tâche, ça fonctionne bien
L’outil est très complet : planification et suivi de mots-clés, analyse de liens retours, recherche concurrentielle… Peu de logiciels de SEO fournissent toutes ces options pour ce prix. Mais l’expérience client est optimale : l’UI est claire et intuitive, et les gens de chez SE Ranking sont vraiment gentils, serviables, et ils comprennent bien ce dont vous avez besoin.
J’aime beaucoup l’outil d’analyse concurrentielle, cela vous donne des données payantes et organiques, ce qui me donne une idée plus claire des classements à rattraper et de comment faire pour dépasser mes concurrents immédiats selon ma clientèle. Il vous donne aussi des données sur le trafic potentiel, ce qui vous aidera à montrer à vos clients les possibles gains de votre campagne. Et avec la stratégie marketing, je sais ce que je dois améliorer pour obtenir des résultats auprès de mes clients.
Après avoir essayé beaucoup de choses (plus de 10 ans d’expérience), SE ranking s’est vraiment démarqué par rapport aux autres, parce qu’elle combine tout ce dont nous avons besoin pour nos clients. Nous fournissons à nos clients leurs classements, mais aussi leur trafic (et profit) potentiel de ces classements lorsqu’ils arrivent dans le top 3 sur Google. Ils nous permettent de fournir à nos clients une analyse approfondie de choses techniques, mais aussi une stratégie marketing qui nous permet de définir des objectifs et de suivre une checklist des activités tous les mois. Et pour couronner le tout, tout est entièrement en marque blanche.
Nous avons utilisé d’autres outils dans le passé, mais SE Ranking propose plus de données et d’informations actualisées, ce qui bénéficie à notre agence et à nos clients. SE Ranking nous permet d’accéder à des données historiques en seulement quelques clics sans jamais devoir quitter l’interface. Qu’il s’agisse d’actualisations quotidiennes de classements ou de tendances générales de volume de recherche, il y a de nombreux aspects qui nous sont essentiels lors de la formulation de stratégies pour des clients, et grâce au système de SE Ranking qui est mis à jour de façon continue, on peut utiliser ces données pour aider nos clients à réussir.
Il fait tous les travaux de base incroyablement bien et de manière fiable, sans tracas. Audit de site, suivi de mots clés, analyse de trafic, analyse concurrentielle… Chaque étape de la configuration et du reporting est intuitive, et sont accompagnés de conseils clairs et utiles. Et les rares fois où j’ai eu le moindre problème, leur support client est rapide, serviable et efficace (le meilleur du marché !). Tout cela fait que c’est une plate-forme simple et performante pour un expert comme moi, mais également parfaite pour tous ceux qui se familiarisent encore avec le référencement naturel. 100% recommandé.
