DATA PROCESSING AGREEMENT

Last Updated: December 4, 2023

1. AGREEMENT

1.1. Subject Matter of the Agreement

This Data Processing Agreement is concluded between SE Ranking (hereinafter, the Processor) and an individual/legal entity that is using functional features of the Processor’s SEO tool (hereafter, the Services) and that is assigning the Processor to process personal data on his/her behalf (hereafter, the Controller).

The Processor shall be one of the following legal entities belonging to SE Ranking company group:

Seranking Ltd. with an address at 8 Gainsborough Road, Forest House Business Centre, Office 2, London, England E11 1HT (hereafter, the UK Branch);

OR

SER Acquisition with an address at PO Box 19801, C/O the Corporation Trust Company, 1209 Orange Street, City of Wilmington, County Of New Castle, Delaware, United States (hereafter, the US Branch).

The Processor under current Data Processing Agreement is defined under the following rules:

  1. If the Controller pays fees under the Processor’s Terms of Services in GBP and EUR, the Processor is the UK Branch;
  2. Starting from May 2023, if the Controller pays fees under the Processor’s Terms of Services in USD, the Processor is the US Branch;
  3. Starting from August 2023, if the Controller pays fees under the Processor’s Terms of Services in any other currency other than EUR and/or GBP, the Processor is the US Branch.

The Processor will process personal data on behalf of the Controller within all the services provided in the context of the Processor’s SEO tool functionality usage. 

1.2. Term of this Agreement 

The Agreement will be valid as long as the Controller is having a registered account in the Processor’s SEO tool. 

1.3. Types of Personal Data processed

The processing activities in the context of the present agreement will affect the following personal data and its categories:

  1. SEO data: projects, user settings, back-links, editor content, researches, marketing details, lead generator details, report builder details, IP address;
  2. Analytics data: geolocation, IP address, browser details, operating system details, device details, user ID, URL access details, application interactions.

1.4. Data Processing Purposes

The Processor shall process personal data on behalf of the Controller only for the purposes of providing the Controller with the Services functionality. Any new purposes of the data processing activities shall be provided to the Processor in the form of respective written instructions.

1.5. Affected Data Subjects

The following groups of individuals will be affected by processing activities in the context of the present agreement:

  1. the Controller’s customers.
  2. any individual whose personal data are uploaded to the Processor’s SEO tool.

1.6. Technical and Organizational Measures

The Processor shall apply all necessary technical and organizational measures to protect personal data on behalf of the Controller. Such measures should be implemented taking into account the state of the art in the cybersecurity sphere as well as the costs of implementation of such measures. In any case the Processor guarantees the compliance of its technical and organizational measures with applicable privacy and data protection regulations.


2. CONTROLLER’S INSTRUCTIONS

2.1. The Processor processes personal data on behalf of the Controller. The Controller is responsible for maintaining compliance with data protection regulations. 

2.2. During the processing of personal data, the Processor is obligated to follow only the instructions of the Controller. Such instructions must be given in writing or by electronic mail. Outside the scope of these instructions, the Processor may not use the data provided to it for processing either for its own purposes or for the purposes of third parties. The Processor shall adjust, delete or block the data processed in the order in accordance with the Controller's instructions. If the Processor is of the opinion that instructions of the Controller are in breach of the applicable data protection regulations, it must notify the Controller accordingly without delay.

 

3. PROCESSOR’S OBLIGATIONS

3.1. The Processor shall assist the Controller in satisfying the data subjects' rights to access, rectification, restriction of processing, objection, erasure, and data portability regarding their personal data. If a data subject contacts the Processor directly regarding the rights listed above, the Processor shall forward this request to the Controller without delay.

3.2. The Processor undertakes to provide data protection training for its employees entrusted with the processing of the data provided by the Controller, and to impose on such employees an obligation to observe data secrecy (compliance with the confidentiality of personal data).

3.3. The Processor shall provide the Controller with the contact details of the contact partners for data protection and information security. If the Processor is subject to a statutory obligation to appoint a data protection officer, it shall appoint such an officer in writing and shall send the Controller their name(s) and contact details.

3.4. Upon request, the Processor shall provide the Controller with the information necessary to enable the Controller to satisfy notification obligations, maintain records of processing activities, or perform a data protection impact assessment. 

3.5. Each party to the present agreement shall be liable towards the other party for damage or losses incurred as a result of culpable violations of the present agreement or applicable data protection regulations. If both parties are at fault, they shall be liable according to their respective share of culpability.

3.6. The Controller may at any time instruct the immediate erasure of the data processed under the present agreement. Irrespective of this, the Processor is under obligation to surrender the data in a generally readable format at any time, at the request of the Controller. Once the term of the present agreement has ended, the Processor shall be obliged to surrender the data processed under the present agreement in a generally readable format or to delete it, at the Controller's discretion. In case of erasure, it must be ensured that the data cannot be reconstructed. The Processor shall prove to the Controller and confirm in writing, including in electronic form, that all of the data, copies and storage media have been returned and deleted. If binding legal requirements do not allow the erasure of certain data or categories of data, the Processor must inform the Controller about such requirements.

 

4. PROCESSOR’S SUB-PROCESSORS

4.1. If the Processor engages sub-contractors, it must first obtain the prior consent of the Controller in writing, including in electronic form. The contractual arrangements between the Processor and the subcontractor or freelancer must be structured in such a way that they correspond with the agreements concluded here between the Controller and the Processor. In particular, the Processor must ensure that the Controller can also perform checks relating to the subcontractors or freelancers in accordance with section 6 of the present agreement. The Controller is entitled to receive information from the Processor concerning the essential contractual provisions and the implementation of the obligations arising from the present agreement – if necessary also by inspecting the relevant contractual documents. 

4.2. The Controller is deemed to have consented to the involvement of the subcontractors and functions listed in the Processor list. The Processor must ensure that the subcontractors comply with the technical and organizational requirements specified in the present agreement in the same way as the Processor itself.

4.3. If subcontractors are replaced or added during the term of the present agreement, the Processor must first obtain the consent of the Controller in writing, including in electronic form. If the Processor intends to involve subcontractors other than those agreed on, it shall notify the Controller via communication features of the Processor’s Services. If the Controller does not object within 10 calendar days after Processor’s notification, the new sub-processor is deemed to be agreed on by the Controller as prescribed by the current provisions.

 

5. SECURITY OF PROCESSING

5.1. The Processor undertakes to use state-of-the-art technology to safeguard all of the Controller's information and data at all times by implementing technical and organizational measures that are appropriate to the risk associated with the processing. This includes protection against unauthorized access, unauthorized or accidental modification, destruction or loss, unauthorized transfer, other unauthorized processing or any other form of misuse. Section 1.2 notwithstanding, the obligation to protect the information and data shall apply for as long as the Processor stores said data and information, or otherwise processes it or has it processed by subcontractors.

5.2. The Processor must establish an Information Security Management System. Considering the risks, the Processor must determine what measures it needs to implement, regularly review them, and amend them. The Processor must document and substantiate both the risks and the measures implemented.

5.3. Compliance with approved codes of conduct or an approved certification procedure may be included as factors for substantiating technical and organizational measures. Certifications of the information security management system may also be included as a factor for substantiating the use of technical and organizational measures. However, such substantiation does not replace examination in individual cases. If such substantiation is used as a factor it must be appended to the present agreement.

5.5. The Processor may only grant authorization to access the Controller's data to its own employees in accordance with the authorization concept, and to the extent required for the task in question in connection with the execution of the present agreement. The Processor undertakes not to disclose the access authorizations assigned to it for the use of the system to any unauthorized persons.

5.6. If the Processor is granted access to the IT systems of the Controller or its subcontractors, the Processor undertakes to only access the data and information required.

5.7. The Processor must notify the Controller's contract management function in writing, including in electronic form, about significant changes to the technical and organizational measures described in the current agreement via any prescribed communication channels. In the event of any foreseeable reduction in the effectiveness of the security, the consent of the controller must be obtained in writing before the change is carried out.

 

6. CHECKS

6.1.  The Controller or its representative have the right to carry out checks on compliance with the requirements of the present agreement. The Processor shall provide the desired information and, at the request of the Controller and within a reasonable period, submit documentary evidence that it has met its obligations by completing a questionnaire supplied by the Controller or by confirming in writing that the measures agreed on in the current agreement are appropriate and up-to-date.

6.2. Subject to advance notice, the Controller or its representative shall be granted access to the offices and IT systems in/on which the Controller's data is processed so that the implementation of the present agreement and the appropriateness of the technical and organizational security measures can be verified.

6.3. The Processor must inform the Controller without delay of any control procedures by supervisory authorities, which take place in its company or the IT infrastructure used by it, and which involve the processing of the Controller's personal data. In the event of impending access to data of the Controller in the context of seizure, confiscation, judicial inquiries or other official measures, which are carried out at the Processor, or in the context of insolvency proceedings or other measures of third parties, the Processor shall inform the Controller accordingly without delay. 

6.4. In the context of section 6.3, the Processor shall inform all parties involved in any such action without delay that the power of disposal over the data subject to the present agreement lies with the Controller, and shall not transfer any data to third parties or allow third parties to access the data without the Controller's consent. If the Processor is sworn to secrecy in the event of a check, access or other measure in relation to the Controller's data by a party authorized to access the data, it must exercise due diligence on behalf of the Controller and will take any opportunity to take action against the measures and the confidentiality obligations.

 

7. REPORTING OF DATA BREACHES

7.1. The Processor must report any data protection security breaches (unintentional or unauthorized destruction, loss, amendment, disclosure or access involving personal data processed under the present agreement) or violation of client confidentiality to the Controller without delay in order to give the Controller the opportunity to report the incident to the relevant authorities within 72 hours. 

7.2.  In consultation with the Controller, the Processor shall initiate all steps necessary to clarify the matter and remedy the security incident without delay, and provide the Controller all information necessary to document the event and potentially submit a report to the relevant supervisory authority.

 

8. NON-DISCLOSURE

8.1. The Processor undertakes to treat as confidential all information - including but not limited to technical and commercial information, plans, findings, intelligence, designs, and documents - that becomes known to it or that it receives from the Controller in connection with the present agreement. That includes, not to disclose this information to third parties, to protect it from third-party access, to use it only for the purposes of the present agreement, and to disclose it only to employees who are themselves under an obligation to observe confidentiality, unless otherwise agreed in writing between the parties.

8.2. This confidentiality obligation shall not apply in respect of information

  1. That can be proven to have been known to the Processor before the present agreement came into effect
  2. That can be proven to have been lawfully obtained by the Processor from a third party without being subject to a confidentiality obligation
  3. That is already in the public domain or that enters into the public domain without any infringement of the obligations contained in the present agreement
  4. That can be proven to have been developed by the Processor during the course of its own independent work.

8.3. If the Controller is a financial services company that is subject to bank/client confidentiality requirements, the Processor undertakes to comply with the same requirements.

8.4. The Processor undertakes to impose on its employees to whom this information is disclosed the same obligations that it entered into above unless said employees are already subject to an equivalent confidentiality obligation by virtue of their employment contracts.

8.5. If any development results that are capable of being protected by intellectual property rights are reported, the parties reserve all rights in respect of any such property rights subsequently applied for or granted.

8.6. The confidentiality obligations in respect of information that has been made available during the term of the present agreement shall continue to apply for a period of five years after the present agreement has ended.

 

9. DATA PROCESSING IN A THIRD COUNTRY

9.1. If the Processor or its subcontractor process personal data emanating from the EU outside the European Economic Area (EU member states plus Iceland, Liechtenstein and Norway) or outside a country recognized by the European Commission as having an adequate level of data protection, or if the Processor or its subcontractor access EU-sourced personal data from outside the countries specified above, additional legal safeguards ensuring adequate level of data protection shall be applied.

9.2. The adequate level of data protection with respect to processing in third countries can be ensured by the application of the EU's standard contractual clauses (Annex A) or any other additional legal safeguard available on the basis of applicable privacy and data protection laws. 

9.3. Provisions of section 9 also apply to the situations where personal data emanating from countries not included to European Economic Area (EU member states plus Iceland, Liechtenstein and Norway) or from a country recognized by the European Commission as having an adequate level of data protection are transferred to the Processor located in European Economic Area or in a country recognized by the European Commission as having an adequate level of data protection. 

trustpilot
4.5 rating

4.2

g2-crowd
5.0 rating

4.8

get-app
5.0 rating

4.7

capterra
5.0 rating

4.7

なぜ私達が150ヵ国以上の多様な企業に採用されるのか? 利用者の声をご覧ください
Florian Bierschenk
Online Marketing Manager at charly.education
小規模事業向け優良SEOツール

以前はSistrixやAhrefs、Searchmetricsといったツールを活用していて、SE Rankingについては知りませんでした。小規模かつ素早くSEOに取り組むには、これまでのツールではコストが高過ぎた為、試しにSE Rankingを使ってみました。非常に満足しています。補充してそこからサービス活用の為に支払いできる残高機能が気に入っています。それ程使用頻度の高くない機能を活用する時は、柔軟に必要に応じて支払い、使用しない時は費用が発生しないで済みます。

Bram van den Heuvel
CEO at Brijn Webproducts BV
顧客のデータ取得に優れたSEOツール

自動レポート機能が一番気に入っています。顧客向けに幅広くカスタマイズでき、独自のレポートスタイルに調整する事もできます。手動で多くのレポートを調整する必要無く、とても簡単にレポートを設定できます。また、SE Ranking内のツールは、素早い分析や必要に応じて詳しく調査する際に最適です。

Giannis Koutsopoulos
CEO at AboutHotelier
企業で活用できる最高のSEOツール

SE Rankingは私達の会社でこれまで活用してきた中で最高のSEOプラットフォームです。プラットフォームはユーザーフレンドリーで優れたインターフェイスを提供しています。利用できる機能も豊富です。検索順位計測から、被リンク監視、キーワードリサーチ、競合分析、サイトSEO検査までウェブサイトの最適化に必要な機能が全て1クリックでアクセスできます。加えて、あらゆる質問や不明点があった場合に、ライブサポートチームが直接対応して支援してくれます。

Jan B.
Owner at JB Online Marketing
素晴らしい価格で本当の価値を

わかりやすい検索順位、サイト検査ツールの素早いチェック、そして被リンクチェッカーはとても便利でたくさん活用しています。そして見込み客が入力フォームに記入した際に自動的に無料チェックを実施できるリードジェネレータも活用しています。ダッシュボードは優れた見栄えで順位やトラフィックの変化を提供しています。マーケティングプランはシンプルですが、最初にウェブサイトですべき方向性を示し、完了したタスクをチェックで管理する事ができ、効率的です。

Nirina M. Razanamparany
Software Engineer | Co-Founder at Code & Scale
完璧なSEOツール

このツールは機能豊富です: キーワードプランニングや順位計測、被リンク分析、競合調査等… この価格帯でこれら全ての機能を提供しているSEOソフトウェアはとても僅かしかありません。にも関わらず、顧客体験も優れています。UIはわかりやすく直感的で、SE Ranking の人々はとても親切で、親身に手助けしてくれます。

Joe David
Founder & Marketing Consultant at Rochallor Digital
活用した中で最も総合的なSEOツール

私は競合分析ツールが気に入っています。ツールは有料・オーガニック検索データを提供してくれて、私の顧客の為に必要な修正を行いや直接的な競合に勝つ方法を模索する為のアイデアを与えてくれます。その他、トラフィックの予測値のデータも確認でき、顧客にキャンペーンの収益見込みを示すのに役立ちます。そしてマーケティングプランを活用して、顧客の成果を上げる為に改善が必要な項目を把握しています。

Harm Hendriks
Owner at Premium Online
私達マーケティング代行に完璧にフィット

多くのツールを試しましたが(10年以上の経験) SE Ranking が他のツールと比べて際立っていると感じます。なぜなら私達の顧客に必要な全ての兼ね備えているからです。顧客向けには検索順位と、それらの順位における収益見込みのみを提供しています。ツール自体は技術面の詳細な分析とマーケティングプランツールを提供している為、目標を設定して月次の活動チェックリストに沿って進める事ができます。その上ホワイトレーベル機能で独自ブランドとして提供できます。

John Sammon
Founder and CEO at Sixth City Marketing
SE Ranking は私達のビジネスの効率化と成果向上の手助けとなりました

過去に他の様々なツールを活用してきましたが、それらのツールよりもSE Rankingは、私達エージェンシーと顧客にとって価値のある最新のデータと情報を提供しています。SE Rankingはインターフェイスを閉じたりする必要なく数クリックで履歴データにアクセスする事ができます。日々の順位更新から現在の検索ボリューム傾向まで、顧客の戦略策定に必要不可欠な様々な角度からのデータが用意され、SE Rankingの継続的なシステム更新によって、顧客の成功の為にデータを活用する事ができます。

代表取締役 渡邊 明人 様
from 有限会社コスミックエンジン

まずセットアップが非常に簡単ですぐにスタートすることが出来ます。多機能、高機能でさまざまなツールをまたがって調べる必要がなく、Web戦略やコンテンツを企画、設計する上で、非常に有用な情報を効率的に提供してくれます。
レポートの自動メール送信などチーム内での情報共有もしやすいので、コンテンツマーケティングの運用に自信を持って取り組む事が可能になります。

代表取締役 今野 裕朗 様
from 株式会社錦屋

SE Rankingを使い始めて2カ月ほど経ちます。
まだすべての機能を使いこなしているわけではありませんが、管理しているウェブサイトをグループ化して効率よく全体をチェックできるようになりました。
また狙いたいキーワードの順位チェックは、とても便利です。
常に順位の変動をグラフで確認することができます。一目で変動がわかるので、いち早く対策が打てるようになりました。
ツールの中にある被リンクチェッカーも大変役に立ちます。
被リンクもSEO対策では、重要な位置づけになるのでチェックは欠かせません。
レポート作成機能もあるので、コンサルでは時間をかけずに質の高いレポートを作成できるようになりました。
今後はもっと活用していきたいと思います。
このツールに出会えてよかったです。

1
/
Load more reviews
1,000,000+ 人以上の利用者数
あなたも導入企業の一社に
2週間の無料トライアル