Our Data
Pricing
Contact sales
Get started
HomeContacts Exhibit

Contacts Exhibit

Last updated: January 4, 2024

Contacts Feature Exhibit

Section A – Permitted Countries 

  1. Andorra
  2. Argentina
  3. Australia
  4. Austria
  5. Belgium
  6. Brazil
  7. Bulgaria
  8. Canada (commercial organizations)
  9. Chile
  10. China
  11. Colombia
  12. Croatia
  13. Cyprus
  14. Czechia
  15. Denmark
  16. Estonia
  17. Faroe Islands
  18. Finland
  19. France
  20. Germany
  21. Greece
  22. Guernsey
  23. Hong Kong
  24. Hungary
  25. India
  26. Indonesia
  27. Ireland
  28. Israel
  29. Isle of Man
  30. Italy
  31. Japan
  32. Jersey
  33. Latvia
  34. Lithuania
  35. Luxembourg
  36. Malta
  37. Mexico
  38. Netherlands
  39. New Zealand
  40. Philippines
  41. Poland
  42. Portugal
  43. Republic of Korea (South Korea)
  44. Romania
  45. Russia
  46. Singapore
  47. Slovakia
  48. Slovenia
  49. Spain
  50. Sweden
  51. Switzerland
  52. Turkey
  53. Ukraine
  54. United Arab Emirates
  55. United Kingdom
  56. United States
  57. Uruguay

Section B
DATA PROCESSING agreement (“DPA”)

This DPA forms part of the Purchase Order/Service Order Terms & Conditions (“Terms & Conditions”) entered into between Similarweb and Licensee.

  1. Definitions

DP Laws” means any applicable data protection and privacy laws relating to the protection of individuals with regards to the processing of personal data, including but not limited to (i) the General Data Protection Regulation (EU) 2016/679 (“GDPR”); (ii) the GDPR as transposed into the national laws of the United Kingdom (“UK GDPR”); (iii) Directive 2002/58/EC (“ePrivacy Directive”); (iv) the UK Data Protection Act 2018; (v) the California Consumer Privacy Act (“CCPA”); and (vi) any corresponding or equivalent laws or regulations including any amendment, supplement, update, modification to or re-enactment of such laws;

“controller”, “data subject”, “personal data”, “personal data breach”, “process/processing”, “sub-processor” and “supervisory authority” shall have the same meaning as in the DP Laws;

Legal Process” means any criminal, civil, or administrative subpoena, mandatory request, warrant or court order issued by a Public Body, including but not limited to subpoenas, warrants and orders authorized under local, regional, state, national and/or federal laws or regulations or any other laws applicable to Licensee in any Restricted Country;

Public Body” means any local, regional, state, national or federal law enforcement authority, regulator, government department, agency or court in any Restricted Country;

Restricted Country” means any country (i) which is not a member of the European Economic Area; or (ii) which has not been approved by the European Commission or the UK Government pursuant to Article 45 of the GDPR or the UK GDPR (as applicable), as ensuring an adequate level of data protection in relation to personal data;

“Restricted Transfer” means a transfer of personal data between the Parties which in the absence of the SCCs, would be unlawful under DP Laws; 

SCCs” means (i) the standard contractual clauses set out in Commission Implementing Decision (EU)2021/914 for the transfer of personal data to third countries pursuant to GDPR as updated, amended, replaced and superseded from time to time (“EU SCCs“); or (ii) the EU SCCs read in accordance with, and deemed amended by the UK IDTA; and

UK IDTA” means the International Data Transfer Addendum to the EU Commission Standard Contractual Clauses issued by the UK Information Commissioner under section 119A(1) Data Protection Act 2018.

2. The Parties acknowledge that each will be a separate and distinct independent controller in relation to the personal data contained within the Business Information which they process and the Parties shall each comply with their respective obligations under the DP Laws in respect of their processing of such personal data.

3. Licensee acknowledges, confirms and represents that it shall (i) process the personal data solely in accordance with the Terms & Conditions, for the purposes set out in Annex 1 (“Purpose) and in accordance with DP Laws; (ii) where applicable, provide necessary fair processing notices and obtain relevant permissions as required by DP Laws; (iii) have a lawful basis to process personal data for the Purpose; and (iv) implement appropriate technical and organisational security measures in relation to processing the personal data, which shall ensure a level of security appropriate to the risk and at a minimum shall include all the measures set out in Annex 2 of this DPA.

4. Data Processing

4.1. Licensee shall

(a) notify Similarweb as soon as reasonably practicable upon becoming aware of a personal data breach, not refer to Similarweb in any notification of such breach to a supervisory authority or third party unless required to do so by applicable EU or UK laws, and, where so required, provide a copy of any proposed notification to Similarweb and consider in good faith any comments made by Similarweb before notifying the personal data breach to any third parties;

(b) in the event of a personal data breach, take appropriate measures to address the personal data breach, including measures to mitigate its possible adverse effect;

(c) where applicable, designate a representative located in the EU (“EU Representative”) and/or the UK (“UK Representative”) and make available the EU Representative’s and the UK Representative’s contact details to Similarweb, in accordance with DP Laws;

5. Where Licensee engages sub-processors in an arrangement that involves a Restricted Transfer, Licensee shall ensure that an adequate safeguard is in place between the Licensee and the sub-processor to protect the transferred personal data in compliance with DP Laws. Licensee shall make available evidence of such safeguard to Similarweb on reasonable request.

6. Each Party will, on request, provide all assistance, information and cooperation reasonably necessary to enable the other Party to comply with DP Laws in relation to the personal data, in particular with respect to responding to requests by data subjects and/or supervisory authorities, and personal data breaches.

7. Restricted Transfers

7.1 If there are Restricted Transfers of personal data, the following terms shall apply. In each case, the data exporter is Similarweb and the data importer is the Licensee, and the description of the transfer (Annex I of the EU SCCs; Annex B of the UK SCCs) is as set out in Annex 1 to this DPA:

(a) With respect to Restricted Transfers subject to the EU GDPR, Module 1 of the EU SCCs shall apply and is hereby incorporated into this DPA by reference. Clause 7 and the optional language in clause 11(a) shall not apply, the Supervisory Authority for the purposes of clause 13(a) shall be the Federal Financial Supervisory Authority in Germany and the governing law and choice of forum and jurisdiction shall be that of the Federal Republic of Germany solely for the purposes of the EU SCCs, and the technical and organizational security measures shall be as set out in Annex 2.

(b) With respect to Restricted Transfers subject to the UK GDPR, the EU SCCs shall be read in accordance with, and deemed amended by, the provisions of Part 2 (Mandatory Clauses) of the UK IDTA, and the parties confirm that the information required for the purposes of Part 1 (Tables) of the UK IDTA is set out in the Annex to this DPA except that for the purposes of table 4 of Part 1 (Tables), the parties select the “exporter” option.

7.2 In the event that the SCCs are at any time no longer deemed to provide adequate protection for personal data so transferred, the parties shall enter into and/or adopt an alternative data transfer mechanism that effectively complies with DP Laws.

7.3 Licensee warrants that as of the effective date of this DPA, it has not been subject to any request for disclosure of personal data by a Public Body.

7.4 If Licensee receives a Legal Process requiring disclosure of personal data to a Public Body, Licensee shall: (i) promptly notify Similarweb, unless legally prohibited from doing so; (ii) redirect the Public Body issuing such Legal Process to request that personal data directly from Similarweb, to the extent possible; and (iii) where (ii) is not possible, challenge the Legal Process (where there are grounds for doing so) and minimize the amount of any personal data which Licensee is compelled to disclose.

8. Termination

8.1 The Parties agree that this DPA and the SCCs shall terminate automatically upon the termination of the Agreement or applicable Service Order or Purchase Order.

8.2 Without affecting any other right or remedy available to it, Similarweb may terminate this DPA with immediate effect by giving written notice to Licensee, should Licensee fail to materially comply with its obligations set out in this DPA.

9. General Terms

9.1 Any obligation imposed on the Parties under this DPA in relation to the processing of personal data shall survive any termination or expiration of the Agreement or applicable Service Order or Purchase Order.

9.2 Any breach of this DPA shall constitute a material breach of the Agreement or applicable Service Order or Purchase Order.

9.3 A person who is not a party to this DPA shall have no right to enforce any term of this DPA, save to the extent set out in the relevant SCCs. The rights of the Parties to rescind or vary this DPA are not subject to the consent of any other person.

9.4 The provisions of this DPA are supplemental to the Terms & Conditions under the Agreement or applicable Service Order or Purchase Order. In the event of inconsistencies between the provisions of this DPA and the Terms & Conditions of the Agreement or applicable Service Order or Purchase Order, the provisions of this DPA shall prevail.

ANNEX 1: DESCRIPTION OF THE PROCESSING – BUSINESS INFORMATION 

Part 1: List of Parties

Data exporter(s): Similarweb (as controller)

Data importer(s): Licensee (as controller)

Part 2: Description of Transfer

  1. Categories of data subjects whose personal data is transferred

Members of the public whose names and business contact information appear in various sources, including social networks, recruitment, and company websites, in connection with their affiliation with those companies and businesses.

  1. Categories of personal data transferred

First name, last name, verified email; telephone number and/or mobile number, company name, job title and industry.

  1. Sensitive data transferred (if applicable) and applicable restrictions or safeguards

Not applicable.

  1. The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis)

Personal data is transferred on a continuous basis.

  1. Nature of the processing

The personal data transferred will be subject to the following basic processing activities, in each case strictly to the extent relevant to and in accordance with the obligations of the Parties under the Terms & Conditions: (i) retrieval, consultation or use of the personal data and (ii) alignment, combination, blocking, erasure or destruction of the personal data.

  1. Purpose(s) of the data transfer and further processing

The Parties shall process the personal data for the purposes of sales prospecting and as set out in Section 9 of the Terms & Conditions.

  1. The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period

In line with the Parties’ data retention policies.

  1. The personal data transferred may be disclosed only to the following recipients or categories of recipient.

Employees and sub-processors of the importer only.

Part 3: Competent Supervisory Authority(ies)

Identify the competent supervisory authority(ies) in accordance with clause 13 of the EU Controller SCCs.

The Federal Financial Supervisory Authority in Germany.


Annex 2: TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA

Licensee shall implement appropriate technical and organisational measures, policies and controls (“Licensee Controls“) to maintain the effective security of all Licensee computer or network systems accessing, storing, transmitting, processing or otherwise supporting the processing of personal data in accordance with this DPA (“Licensee Systems“), and to ensure that such personal data is protected from accidental, unauthorized or unlawful processing, access, disclosure, loss, alteration, damage or destruction.

At a minimum, Licensee shall ensure compliance with the requirements described at: https://mvsp.dev/mvsp.en/index.html.  Licensee shall inform Similarweb in case of any material non-compliance with the requirements set out herein and will provide evidence of alternative or compensating controls implemented to protect personal data.