Akeyless Vault - Privileged Access Management Software
Akeyless Vault
like icon
comment icon
share icon
Introduction

Last updated: December 2022 This Data Processing Agreement (“DPA”) is governed and hereby attached to the Master Service Agreement, Terms of Service, or any other agreement (“Agreement”) executed by and between Akeyless Security Ltd (“Akeyless”) and the Customer

All capitalized terms not defined herein shall have the meaning set forth in the Agreement

WHEREAS, Akeyless is the developer and operator of a cloud-based SaaS solution enabling (“Akeyless Technology”) enterprises and organizations to secure and manage authorizations, access, and permissions to IT and Cloud environments, all as agreed by the parties in the Agreement (“Service(s)”); WHEREAS, the Services may require Akeyless to Process or have access to Personal Data (as such terms are defined below) on the Customer’s behalf subject to the terms and conditions of this DPA; and WHEREAS, the Parties desire to supplement this DPA to achieve compliance with the UK, EU, Swiss, United States and other data protection laws and agree on the following:

  • DEFINITIONS “Adequate Country” is a country that received an adequacy decision from the European Commission
  • “CCPA” means the California Consumer Privacy Act (Cal
  • Civ
  • Code §§ 1798
  • 100 – 1798
    1. of 2018, as may be amended as well as all regulations promulgated thereunder from time to time
  • “Customer Data” means Customer Content (as defined in the Agreement) and any Personal Data uploaded or processed during the use of the Services, all as detailed in Annex I attached herein
  • The terms “Personal Data”, “Controller”, “Processor”, “Data Subject”, “Processing” (and “Process“), “Personal Data Breach”, “Special Categories of Personal Data” and “Supervisory Authority”, shall all have the same meanings as ascribed to them in the EU Data Protection Law
  • The terms “Business”, “Business Purpose”, “Consumer”, “Service Provider,” “Sale” and “Sell” shall have the same meaning as ascribed to them in the CCPA
  • “Data Subject” shall also mean and refer to “Consumer”, as such term defined in the CCPA, “Personal Data” shall include “Personal Information” under this DPA
  • “Data Protection Law” means any and all applicable privacy and data protection laws and regulations (including, where applicable, EU Data Protection Law, UK Data Protection Laws, Swiss Data Protection Laws, Israeli Law and the CCPA) as may be amended or superseded from time to time
  • “EEA” means the European Economic Area
  • “EU Data Protection Law” means the (i) EU General Data Protection Regulation (Regulation 2016/679) (“GDPR”); (ii) Regulation 2018/1725; (iii) the EU e-Privacy Directive (Directive 2002/58/EC), as amended (e-Privacy Law); (iv) any national data protection laws made under, pursuant to, replacing or succeeding (i) and (ii); (v) any legislation replacing or updating any of the foregoing; and (vi) any judicial or administrative interpretation of any of the above, including any binding guidance, guidelines, codes of practice, approved codes of conduct or approved certification mechanisms issued by any relevant Supervisory Authority
  • “Israeli Law” means Israeli Privacy Protection Law, 5741-1981, the regulations promulgated pursuant thereto, including the Israeli Privacy Protection Regulations (Data Security), 5777-2017 and other related privacy regulations
  • “Security Incident” means any accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data (including Customer Data)
  • Any Personal Data Breach will comprise a Security Incident
  • “Standard Contractual Clauses” or “SCC” mean the standard contractual clauses for the transfer of  Personal Data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council adopted by the European Commission Decision 2021/914 of 4 June 2021, which may be found here: Standard Contractual Clauses
  • “Swiss Data Protection Laws” or “FADP” shall mean (i) Swiss Federal Data Protection Act (dated June 19, 1992, as of March 1, 2019) (“FDPA”); (ii) The Ordinance on the Federal Act on Data Protection (“FODP“); (iii) any national data protection laws made under, pursuant to, replacing or succeeding and any legislation replacing or updating any of the foregoing
  • “Swiss SCC” shall mean the applicable standard data protection clauses issued, approved or recognized by the Swiss Federal Data Protection and Information Commissioner
  • ”UK Data Protection Laws” shall mean the Data Protection Act 2018 (DPA 2018), as amended, and EU General Data Protection Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, as incorporated into UK law as the UK GDPR, as amended, and any other applicable UK data protection laws, or regulatory Codes of Conduct or other guidance that may be issued from time to time
  • ”UK GDPR” shall mean the GDPR as it forms part of domestic law in the United Kingdom by virtue of section 3 of the European Union (Withdrawal) Act 2018 (including as further amended or modified by the laws of the United Kingdom or a part of the United Kingdom from time to time)
  • “UK Standard Contractual Clauses” or “UK SCC” means the UK “International Data Transfer Addendum to The European Commission Standard Contractual Clauses” available at https://ico
  • org
  • uk/media/for-organisations/documents/4019539/international-data-transfer-addendum
  • pdf as adopted, amended or updated by the UK Information Commissioner Office (“ICO”), Parliament or Secretary of State

*Akeyless Vault is an unified platform for Secrets Management and Zero Trust Access

description

  • “Adequate Country” is a country that received an adequacy decision from the European Commission
  • “CCPA” means the California Consumer Privacy Act (Cal
  • Civ
  • Code §§ 1798
  • 100 – 1798
    1. of 2018, as may be amended as well as all regulations promulgated thereunder from time to time
  • “Customer Data” means Customer Content (as defined in the Agreement) and any Personal Data uploaded or processed during the use of the Services, all as detailed in Annex I attached herein
  • The terms “Personal Data”, “Controller”, “Processor”, “Data Subject”, “Processing” (and “Process“), “Personal Data Breach”, “Special Categories of Personal Data” and “Supervisory Authority”, shall all have the same meanings as ascribed to them in the EU Data Protection Law
  • The terms “Business”, “Business Purpose”, “Consumer”, “Service Provider,” “Sale” and “Sell” shall have the same meaning as ascribed to them in the CCPA
  • “Data Subject” shall also mean and refer to “Consumer”, as such term defined in the CCPA, “Personal Data” shall include “Personal Information” under this DPA
  • “Data Protection Law” means any and all applicable privacy and data protection laws and regulations (including, where applicable, EU Data Protection Law, UK Data Protection Laws, Swiss Data Protection Laws, Israeli Law and the CCPA) as may be amended or superseded from time to time
  • “EEA” means the European Economic Area
  • “EU Data Protection Law” means the (i) EU General Data Protection Regulation (Regulation 2016/679) (“GDPR”); (ii) Regulation 2018/1725; (iii) the EU e-Privacy Directive (Directive 2002/58/EC), as amended (e-Privacy Law); (iv) any national data protection laws made under, pursuant to, replacing or succeeding (i) and (ii); (v) any legislation replacing or updating any of the foregoing; and (vi) any judicial or administrative interpretation of any of the above, including any binding guidance, guidelines, codes of practice, approved codes of conduct or approved certification mechanisms issued by any relevant Supervisory Authority
  • “Israeli Law” means Israeli Privacy Protection Law, 5741-1981, the regulations promulgated pursuant thereto, including the Israeli Privacy Protection Regulations (Data Security), 5777-2017 and other related privacy regulations
  • “Security Incident” means any accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data (including Customer Data)
  • Any Personal Data Breach will comprise a Security Incident
  • “Standard Contractual Clauses” or “SCC” mean the standard contractual clauses for the transfer of  Personal Data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council adopted by the European Commission Decision 2021/914 of 4 June 2021, which may be found here: Standard Contractual Clauses
  • “Swiss Data Protection Laws” or “FADP” shall mean (i) Swiss Federal Data Protection Act (dated June 19, 1992, as of March 1, 2019) (“FDPA”); (ii) The Ordinance on the Federal Act on Data Protection (“FODP“); (iii) any national data protection laws made under, pursuant to, replacing or succeeding and any legislation replacing or updating any of the foregoing
  • “Swiss SCC” shall mean the applicable standard data protection clauses issued, approved or recognized by the Swiss Federal Data Protection and Information Commissioner
  • ”UK Data Protection Laws” shall mean the Data Protection Act 2018 (DPA 2018), as amended, and EU General Data Protection Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, as incorporated into UK law as the UK GDPR, as amended, and any other applicable UK data protection laws, or regulatory Codes of Conduct or other guidance that may be issued from time to time
  • ”UK GDPR” shall mean the GDPR as it forms part of domestic law in the United Kingdom by virtue of section 3 of the European Union (Withdrawal) Act 2018 (including as further amended or modified by the laws of the United Kingdom or a part of the United Kingdom from time to time)
  • “UK Standard Contractual Clauses” or “UK SCC” means the UK “International Data Transfer Addendum to The European Commission Standard Contractual Clauses” available at https://ico
  • org
  • uk/media/for-organisations/documents/4019539/international-data-transfer-addendum
  • pdf as adopted, amended or updated by the UK Information Commissioner Office (“ICO”), Parliament or Secretary of State

Any other terms that are not defined herein shall have the meaning provided under the Agreement or applicable Law A reference to any term or section of CCPA, UK Data Protection Laws or GDPR means the version as amended Any references to the GDPR in this DPA shall mean the GDPR or UK GDPR depending on the applicable Law

  • ROLES AND DETAILS OF PROCESSING The parties agree and acknowledge that under the performance of their obligations set forth in the Agreement, and with respect to the Processing of Customer Data, Akeyless is acting as a Data Processor and Customer is acting as a Data Controller
  • Each party shall be individually and separately responsible for complying with the obligations that apply to such party under applicable Data Protection Law
  • The subject matter and duration of the Processing carried out by the Processor on behalf of the Controller, the nature and purpose of the Processing, the type of Personal Data and categories of Data Subjects are described in Annex I attached hereto
  • CCPA specification are further detailed in Annex VII
  • The parties agree and acknowledge that under the performance of their obligations set forth in the Agreement, and with respect to the Processing of Customer Data, Akeyless is acting as a Data Processor and Customer is acting as a Data Controller
  • Each party shall be individually and separately responsible for complying with the obligations that apply to such party under applicable Data Protection Law
  • The subject matter and duration of the Processing carried out by the Processor on behalf of the Controller, the nature and purpose of the Processing, the type of Personal Data and categories of Data Subjects are described in Annex I attached hereto
  • CCPA specification are further detailed in Annex VII
  • REPRESENTATIONS AND WARRANTIES Akeyless represents and warrants that it shall Process Customer Data, on behalf of the Customer (subject to Article 28 of the GDPR), solely for the purpose of providing the Service, all in accordance with Customer’s written instructions under the Agreement and this DPA
  • Notwithstanding the above, in the event Akeyless is required under applicable laws, including Data Protection Law or any union or member state regulation, to Process Customer Data other than as instructed by Customer, Akeyless shall make its best efforts to inform the Customer of such requirement prior to Processing such Customer Data, unless prohibited under applicable law
  • Akeyless shall provide reasonable cooperation and assistance to the Customer in ensuring compliance with its obligation to carry out data protection impact assessments with respect to the Processing of its Customer Data and to consult with the Supervisory Authority (as applicable)
  • Where applicable, Akeyless shall assist the Customer in ensuring that Personal Data Processed is accurate and up to date, by informing the Customer without delay if it becomes aware of the fact that the Personal Data it is Processing is inaccurate or has become outdated
  • Akeyless shall take reasonable steps to ensure: (i) the reliability of its staff and any other person acting under its supervision who may come into contact with, or otherwise have access to and Process Customer Data; (ii) that persons authorized to process the Customer Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality; and (iii) that such personnel are aware of their responsibilities under this DPA and any applicable Data Protection Laws
  • Notwithstanding the above, in the event the Customer is an Israeli establishment or Customer Data includes processing of Israeli data subjects, or in any event that the Israeli Law shall apply, the parties hereby undertake that they comply with the aforesaid regulations as well as comply with the DPA
  • Akeyless represents and warrants that it shall Process Customer Data, on behalf of the Customer (subject to Article 28 of the GDPR), solely for the purpose of providing the Service, all in accordance with Customer’s written instructions under the Agreement and this DPA
  • Notwithstanding the above, in the event Akeyless is required under applicable laws, including Data Protection Law or any union or member state regulation, to Process Customer Data other than as instructed by Customer, Akeyless shall make its best efforts to inform the Customer of such requirement prior to Processing such Customer Data, unless prohibited under applicable law
  • Akeyless shall provide reasonable cooperation and assistance to the Customer in ensuring compliance with its obligation to carry out data protection impact assessments with respect to the Processing of its Customer Data and to consult with the Supervisory Authority (as applicable)
  • Where applicable, Akeyless shall assist the Customer in ensuring that Personal Data Processed is accurate and up to date, by informing the Customer without delay if it becomes aware of the fact that the Personal Data it is Processing is inaccurate or has become outdated
  • Akeyless shall take reasonable steps to ensure: (i) the reliability of its staff and any other person acting under its supervision who may come into contact with, or otherwise have access to and Process Customer Data; (ii) that persons authorized to process the Customer Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality; and (iii) that such personnel are aware of their responsibilities under this DPA and any applicable Data Protection Laws
  • Notwithstanding the above, in the event the Customer is an Israeli establishment or Customer Data includes processing of Israeli data subjects, or in any event that the Israeli Law shall apply, the parties hereby undertake that they comply with the aforesaid regulations as well as comply with the DPA
  • DATA SUBJECTS RIGHTS AND REQUEST  It is agreed that where Akeyless receives a request from a Data Subject or an applicable authority in respect of Customer Data, where applicable, Akeyless will direct the Data Subject or the applicable authority to the Customer in order to enable the Customer to respond directly to the Data Subject’s or the applicable authority’s request, unless otherwise required under applicable laws
  • Parties shall provide each other with commercially reasonable cooperation and assistance in relation to the handling of a Data Subject’s or applicable authority’s request, to the extent permitted under Data Protection Law
  • It is agreed that where Akeyless receives a request from a Data Subject or an applicable authority in respect of Customer Data, where applicable, Akeyless will direct the Data Subject or the applicable authority to the Customer in order to enable the Customer to respond directly to the Data Subject’s or the applicable authority’s request, unless otherwise required under applicable laws
  • Parties shall provide each other with commercially reasonable cooperation and assistance in relation to the handling of a Data Subject’s or applicable authority’s request, to the extent permitted under Data Protection Law
  • SUB-PROCESSING The Customer acknowledges that Akeyless may transfer Customer Data to and otherwise interact with third party data Processors (“Sub-Processor”)
  • The Customer hereby authorizes Akeyless to engage and appoint such Sub-Processors as listed in Annex III, to Process Customer Data, as well as permits each Sub-Processor to appoint a Sub-Processor on its behalf
  • Akeyless may continue to use those Sub-Processors already engaged by Akeyless, as listed in Annex III, or to engage an additional or replace an existing Sub-Processors to process Customer Data, subject to the provision of a thirty (30) day prior notice of its intention to do so to the Customer
  • In case the Customer has not objected to the adding or replacing of a Sub-Processor within five (5) days of Akeyless’ notice, such Sub-Processor shall be considered approved by the Customer
  • In the event the Customer objects to the adding or replacing of a Sub-Processor, Akeyless may, under Akeyless’ sole discretion, suggest the engagement of a different Sub-Processor for the same course of services, or otherwise terminate the Agreement
  • Akeyless shall, where it engages any Sub-Processor, impose, through a legally binding contract between Akeyless and the Sub-Processor, data protection obligations similar to those set out in this DPA
  • Akeyless shall ensure that such contract will require the Sub-Processor to provide sufficient guarantees to implement appropriate technical and organizational measures in such a manner that the Processing will meet the requirements of Data Protection Law
  • Akeyless shall remain responsible to the Customer for the performance of the Sub-Processor’s obligations in accordance with this DPA
  • Akeyless shall notify the Customer of any failure by the Sub-Processor to fulfill its contractual obligations

Akeyless Vault alternative Privileged Access Management Software
IBM Security Privileged Identity Manager
114 views
IBM Security Privileged Identity Manager
Application Control
106 views
Application Control
Access Director
104 views
WALLIX Bastion
106 views
WALLIX Bastion
Topicus KeyHub
104 views
Topicus KeyHub
Instasafe Secure Access
106 views
Instasafe Secure Access
Ekran System
4642 views
Ekran System FULL CYCLE INSIDER RISK MANAGEMENT
Skills and Features
Gallery/Videos/Images
Review Akeyless Vault Claim Akeyless Vault Listing
Contacts
Visit Akeyless Vault website
Statistics
Count Viewed: 104
Licencing: enquire