



[sfdosfdcamendmenttoad_image1.jpg]


AMENDMENT TO ADD THE MODEL CLAUSES DATA PROCESSING ADDENDUM


Signature Page


Reseller Full Legal Name
   Salesforce.org, a nonprofit public benefit corporation having its principal
place of business at 50 Fremont Street, Suite 300, San Francisco, California
94105



This Amendment (this “Amendment”) is made and entered in by and between
salesforce.com, inc., a Delaware corporation having its principal place of
business at The Landmark @ One Market, Suite 300, San Francisco, California
94105 (“SFDC” or “Salesforce”) and the Reseller named above and amends that
certain Reseller Agreement between Salesforce and Reseller dated as of August 1,
2015, as previously amended (the “Agreement”). This Amendment is effective as of
the later of the dates beneath the Parties’ signatures below (“Amendment
Effective Date”), provided, however, that the dates of the Parties’ signatures
are not separated by a period of time greater than ten (10) business days. If
such period is greater than ten (10) business days then this Amendment shall be
deemed null and void and to be of no effect. Capitalized terms not defined
herein shall have the meanings given to them in the Agreement.
The Parties, by their respective authorized signatories, have duly executed this
Amendment as of the Amendment Effective Date.


Salesforce.com, Inc.     Reseller


By: /s/ Mark J. Hawkins        By: /s/ Shanti Ariker    


Name: Mark J. Hawkins        Name: Shanti Ariker    


Title: CFO        Title: VP, Global General Counsel    


Date: 10/9/2015        Date: 10/13/2015    




This Amendment consists of this Signature Page and the following Recitals and
Amendment Terms & Conditions, as well as the Model Clauses Data Processing
Agreement (Reseller) attached hereto and incorporated by reference herein.



Salesforce Confidential

--------------------------------------------------------------------------------

AMENDMENT TO ADD MODEL CLAUSES DPA    Page 1 of 1

--------------------------------------------------------------------------------





Recitals
WHEREAS, Salesforce and Reseller desire to amend the Agreement to add the
attached Model Clauses Data Processing Addendum.
WHEREAS, other than as expressly modified in this Amendment, the Parties desire
for the terms of the Agreement to remain unchanged and continue in full force
and effect.
NOW, THEREFORE, in consideration of the mutual promises set forth herein and in
the Agreement, and for other good and valuable consideration the receipt and
sufficiency of which is hereby acknowledged, the Parties hereby agree as
follows:
Amendment Terms & Conditions
1.
New Attachment. The Model Clauses Data Processing Addendum (Reseller) attached
hereto is added as new attachment to the Agreement.

2.
Scope of Model Clauses Data Processing Addendum (Reseller). The Parties agree
that the Model Clauses Data Processing Addendum (Reseller) applies only to the
Processing of Personal Data by Salesforce in the course of providing the Resold
Services. The Model Clauses Data Processing Addendum (Reseller) applies only to
Personal Data that is transferred from the European Economic Area (EEA) to
outside the EEA, either directly or via onward transfer, to any country or
recipient: (i) not recognized by the European Commission as providing an
adequate level of protection for personal data (as described in the EU Data
Protection Directive), and (ii) not covered by a suitable framework recognized
by the relevant authorities or courts as providing an adequate level of
protection for personal data, including but not limited to Binding Corporate
Rules for Processors.

3.
Effect of Amendment. Subject to the above modifications, the Agreement remains
in full force and effect.

4.
Entire Agreement. The terms and conditions herein contained constitute the
entire agreement between the Parties with respect to the subject matter of this
Amendment and supersede any previous and contemporaneous agreements and
understandings, whether oral or written, between the Parties hereto with respect
to the subject matter hereof.

5.
Counterparts. This Amendment may be executed in one or more counterparts,
including facsimiles or scanned copies sent via email or otherwise, each of
which will be deemed to be a duplicate original, but all of which, taken
together, will be deemed to constitute a single instrument.

(End of Amendment Terms & Conditions)



Salesforce Confidential

--------------------------------------------------------------------------------

AMENDMENT TO ADD MODEL CLAUSES DPA    Page 2 of 2

--------------------------------------------------------------------------------





MODEL CLAUSES DATA PROCESSING ADDENDUM (RESELLER)


This Model Clauses Data Processing Addendum (the “DPA” or the “Model Clauses
DPA”) is made part of the Agreement between Reseller and Salesforce to reflect
the Parties’ agreement with regard to the Processing of Customer Data, including
Personal Data, in accordance with the requirements of Data Protection Laws and
Regulations.  All capitalized terms not defined herein shall have the meaning
set forth in the Agreement.
This Model Clauses DPA is between the following Parties:
(1)
salesforce.com, inc., The Landmark, One Market, Suite 300, San Francisco,
California 94105 USA, a company incorporated under the laws of the state of
Delaware, USA (“Salesforce” or “Sub-Processor”);

AND
(2)
(i) Salesforce.org, a nonprofit public benefit corporation having its principal
place of business at 50 Fremont Street, Suite 300, San Francisco, California
94105, and (ii) solely for the purpose of meeting applicable requirements of
Data Protection Laws, Salesforce.org EMEA Limited, (each the “Reseller” and each
the “Processor” for purposes of this DPA)

This DPA shall not replace any additional rights relating to Processing of
Customer Data previously negotiated by Reseller in the Agreement (including any
existing data processing addendum to the Agreement).
This DPA shall apply only to Salesforce online services that Reseller is
permitted to resell under the Agreement and that are branded by Salesforce as
Sales Cloud, Service Cloud, Communities, Force.com and Chatter (“Resold
Services”).
1
BACKGROUND

(A)
Salesforce is a provider of enterprise cloud computing solutions and provides
technology services to organizations (including the Pass-Through Customers).

(B)
Pursuant to EU Commission Decision 2010/87/EU, Reseller and the Pass-Through
Customers may have entered into a data transfer agreement based on the Standard
Contractual Clauses (“Data Transfer Agreement”) under which the Pass-Through
Customers, as Controller, has agreed to transfer, and Reseller, as Processor,
has agreed to receive, the Pass-Through Customers Personal Data intended for
processing on the Pass-Through Customers’s behalf in accordance with the Data
Transfer Agreement.

(C)
In accordance with Clause 11 of the Data Transfer Agreement and to safeguard the
applicable Pass-Through Customers’s Personal Data (as defined below), the
Parties have agreed to enter into this DPA.

(D)
For clarity, this DPA only applies to Pass-Through Customers Personal Data
submitted to Salesforce’s systems by or for Pass-Through Customers as Customer
Data (as defined in the Agreement) while such Customer Data is resident on
Salesforce’s systems. The Pass-Through Customers Personal Data transferred will
be processed under this DPA by Salesforce, Salesforce’s Affiliates (as defined
in Clause 8 of this DPA) and non-Salesforce Affiliate sub-processors for the
duration of the Agreement.




Salesforce Confidential

--------------------------------------------------------------------------------

AMENDMENT TO ADD MODEL CLAUSES DPA    Page 3 of 3

--------------------------------------------------------------------------------



2
DEFINITIONS AND INTERPRETATION

2.1
In this DPA the following words and phrases shall have the following meanings,
unless inconsistent with the context or as otherwise specified:

“Data Protection Laws and Regulations” means the legislation protecting the
fundamental rights and freedoms of individuals and, in particular, their right
to privacy with respect to the processing of personal data applicable to a data
controller in the Member State in which the data exporter is established.
“Personal Data”, “Special Categories of Data”, “process/processing”,
“Controller”, “Processor”, “Data Subject”, and “Supervisory Authority” shall
have the same meaning as in Directive 95/46/EC of the European Parliament and of
the Council of 24 October 1995 on the protection of individuals with regard to
the processing of personal data and on the free movement of such data;
“Pass-Through Customers” means a Pass-Through Customers as a Controller, who
transfers the Pass-Through Customers Personal Data to Reseller, as Processor;
“Pass-Through Customer Personal Data” means any information relating to an
identified or identifiable person where such data is submitted by or for
Pass-Through Customers to Sub-Processor’s systems as Customer Data which is
accessible to the Pass-Through Customers while resident on Sub-Processor’s
systems.
“Salesforce Group” means Salesforce and its Affiliates engaged in the Processing
of Personal Data.
“Technical and Organizational Security Measures” means those measures aimed at
protecting personal data against accidental or unlawful destruction or
accidental loss, alteration, unauthorized disclosure or access, in particular
where the processing involves the transmission of data over a network, and
against all other unlawful forms of processing.
2.2
The headings used in this DPA are used for convenience only and are not to be
considered in construing or interpreting this DPA. All references in this DPA to
“Clauses” or “Schedules” shall, unless otherwise provided, refer to Clauses
hereof or Schedules to this DPA, respectively.

2.3
Capitalized terms not defined in this DPA shall have the meanings given to them
in the Agreement.

3
DETAILS OF THE PROCESSING

3.1
The details of the processing are specified in Schedule 1, which forms an
integral part of this DPA.

3.2
Application. This Model Clauses Data Processing Addendum (Reseller) applies only
to the Processing of Personal Data by Salesforce in the course of providing the
Resold Services. The Model Clauses Data Processing Addendum (Reseller) applies
only to Personal Data that is transferred from the European Economic Area (EEA)
to outside the EEA, either directly or via onward transfer, to any country or
recipient: (i) not recognized by the European Commission as providing an
adequate level of protection for personal data (as described in the EU Data
Protection Directive), and (ii) not covered by a suitable framework recognized
by the relevant authorities or courts as providing an adequate level of
protection for personal data, including but not limited to Binding Corporate
Rules for Processors.




Salesforce Confidential

--------------------------------------------------------------------------------

AMENDMENT TO ADD MODEL CLAUSES DPA    Page 4 of 4

--------------------------------------------------------------------------------



4
OBLIGATIONS OF THE SUB-PROCESSOR

4.1
The Sub-Processor agrees and warrants that it will:

(i)
process the Pass-Through Customers Personal Data only on behalf of the
Pass-Through Customers and in compliance with Reseller’s (and/or Pass-Through
Customers’s) instructions, including but not limited to the Agreement and this
DPA; if it cannot provide such compliance for whatever reasons, it agrees to
promptly inform Reseller of its inability to comply, in which case Reseller is
entitled to suspend the processing of the Pass-Through Customers Personal Data
permitted pursuant to the Agreement and/or terminate the DPA;

(ii)
process Pass-Through Customers Personal Data on behalf of and in accordance with
Reseller and/or Pass-Through Customers’s, as the case may be, instructions as
set forth in the Agreement and this DPA. Reseller and Pass-Through Customers
instruct Sub-Processor to Process Pass-Through Customers Personal Data for the
following purposes: (a) processing in accordance with the Agreement and
applicable Service Order(s); and (b) processing initiated by the Pass-Through
Customers’s Users (as defined in the Agreement). For clarity, as set forth in
the Agreement, the Sub-Processor shall not disclose Pass-Through Customers
Personal Data except as expressly permitted in writing by the Pass-Through
Customers (or Reseller on Pass-Through Customers’s behalf) or where required by
law, in which case to the extent permitted by law, the Sub-Processor shall
provide the Reseller and/or Pass-Through Customers with prior notice of any such
compelled disclosure;

(iii)
it has no reason to believe that the legislation applicable to it prevents it
from fulfilling the instructions received from Reseller (and/or Pass-Through
Customers) and its obligations under this DPA; in the event of a change in this
legislation which is likely to have a substantial adverse effect on the
warranties and obligations provided by this DPA, it will promptly notify the
change to Reseller as soon as it is aware, in which case Reseller is entitled to
suspend the processing of the Pass-Through Customers Personal Data permitted
pursuant to the Agreement and/or terminate the DPA;

(iv)
it has implemented the Technical and Organizational Security Measures specified
in Schedule 2 before processing the Pass-Through Customers Personal Data;

(v)
it will promptly notify Reseller about:

(a)
any legally binding request for disclosure of the Pass-Through Customers
Personal Data by a law enforcement authority or administrative or court order
unless otherwise prohibited, such as a prohibition under criminal law to
preserve the confidentiality of a law enforcement investigation;

(b)
any accidental or unauthorized access to, or use of disclosure of the
Pass-Through Customers Personal Data; and

(c)
any request received directly from the Data Subjects, without responding to that
request, unless it has been otherwise authorized to do so;

AND
(vi)
it will deal promptly and properly with all inquiries from Reseller relating to
its processing of the Pass-Through Customers Personal Data and to abide by the
advice of the Supervisory




Salesforce Confidential

--------------------------------------------------------------------------------

AMENDMENT TO ADD MODEL CLAUSES DPA    Page 5 of 5

--------------------------------------------------------------------------------



Authority in consultation with Reseller (as legally permitted), with regard to
the processing of the Pass-Through Customers Personal Data.
4.2
Audit.

4.2.1
Audit Report. Sub-Processor uses external auditors to verify the adequacy of its
Technical and Organizational Security Measures, including the physical security
of the data centers from which Sub-Processor provides the Resold Services. This
audit: (a) will be performed at least annually; (b) will be performed according
to ISO 27001 standards or such other alternative standards that are
substantially equivalent to ISO 27001; (c) will be performed by independent,
third-party security inspection professional(s) in possession of professional
qualifications and bound by a duty of confidentiality to Salesforce, at
Sub-Processor’s selection and expense; (d) will result in the generation of an
audit report (“Audit Report”) (e.g. in a Service Organization Controls 2 (SOC-2)
report or its equivalent); and (e) may be performed for other purposes in
addition to satisfying this Clause 4.2.1 (e.g. as part of Sub-Processor’s
regular internal security procedures or to satisfy other contractual
obligations).

At Reseller’s request, including in connection with a request from a Supervisory
Authority, Sub-Processor will provide Reseller with a copy of the Audit Report
signed by the third-party auditor so that Reseller can reasonably verify
Sub-Processor’s compliance with the Technical and Organizational Security
Measures under this DPA. The Audit Report is Confidential Information (as
defined in the Agreement). Reseller may share a summary of the results of the
Audit Report with a Supervisory Authority and/or Pass-Through Customers provided
such summary is treated as Confidential Information.
4.2.2
On-Site Audit Right. In addition, subject to the restrictions in Clause 4.2.3
below, Sub-Processor shall allow Reseller to audit Sub-Processor, or an
Salesforce Affiliate engaged in the Processing of Personal Data, for compliance
with the Technical and Organizational Security Measures set forth in Schedule 2
of this DPA in the following limited circumstances:

(a)
Following any notice from Sub-Processor to Reseller of an actual or reasonably
suspected unauthorized disclosure of Pass-Through Customers Personal Data
submitted to the Resold Services, Reseller shall have the right to conduct, with
reasonable prior written notice, either itself or through a third-party
independent contractor selected by Reseller at Reseller’s expense, an on-site
audit of Sub-Processor’s or the applicable Salesforce Affiliate’s systems,
policies and procedures relevant to the security and integrity of Pass-Through
Customers Personal Data submitted to the Resold Services; and

(b)
Reseller may conduct, either itself or through a third-party independent
contractor selected by Reseller at Reseller’s expense, an on-site audit of
Sub-Processor’s or the applicable Salesforce Affiliate’s systems, policies and
procedures relevant to the security and integrity of Pass-Through Customers
Personal Data submitted to the Resold Services, provided that such audit may be
conducted only one time per year, with at least three week’s advance written
request.

4.2.3
On-Site Audit Restrictions. The audit rights set forth in Clause 4.2.2 above are
subject to the following restrictions:




Salesforce Confidential

--------------------------------------------------------------------------------

AMENDMENT TO ADD MODEL CLAUSES DPA    Page 6 of 6

--------------------------------------------------------------------------------



(i)
Reseller must promptly provide Sub-Processor with information regarding any
non-compliance discovered during the course of an audit.

(ii)
Audits shall be conducted during reasonable times and shall be of reasonable
duration and shall not unreasonably interfere with Sub-Processor’s day-to-day
operations. In the event that Reseller conducts an audit through a third-party
independent contractor, such independent contractor shall be required to enter
into a non-disclosure agreement containing confidentiality provisions
substantially similar to those set forth in the Agreement to protect
Sub-Processor’s proprietary information. Additionally, such independent
contractor must not be a competitor of Sub-Processor.

(iii)
If an audit requires the equivalent of more than one business day of time
expended by Sub-Processor or a Sub-Processor Affiliate employee, Reseller agrees
to reimburse Sub-Processor for any additional time expended at Sub-Processor’s
then current professional services rates. Reseller may share a summary of the
results of its audit or inspection with a Pass-Through Customers, provided that
prior to sharing such summary, the Pass-Through Customers has entered into a
non-disclosure agreement containing confidentiality provisions substantially
similar to those set forth in the Agreement to protect Sub-Processor’s
proprietary information.

5
CONFIDENTIALITY

5.1
The Sub-Processor agrees that it shall maintain the Pass-Through Customers
Personal Data in confidence. In particular, the Sub-Processor agrees that,
except with the prior written consent of Reseller and/or the Pass-Through
Customers, it shall not make any use of any Customer Personal Data otherwise
than in connection with the provision of the Resold Services and, subject to
Clause 4.1(ii), shall not disclose any Customer Personal Data to any
third-party.

5.2
The Sub-Processor agrees and acknowledges that Reseller may make available a
copy of this DPA to the Pass-Through Customers or the Supervisory Authority for
informational purposes; however Reseller shall remove any commercial information
contained in this DPA. For the avoidance of doubt, this DPA is Confidential
Information (as defined in the Agreement).

5.3
The Sub-Processor further agrees and acknowledges that Reseller may make
available to the Data Subject for informational purposes, on request, a copy of
this DPA; however Reseller shall remove any commercial information contained in
this DPA, with the exception of Schedule 2, which shall be replaced by a summary
description of the security measures in those cases where the Data Subject is
unable to obtain a copy from the Customer. For the avoidance of doubt, this DPA
is Confidential Information (as defined in the Agreement).

6
COOPERATION WITH SUPERVISORY AUTHORITIES

6.1
The Parties agree that the Supervisory Authority has the right to conduct an
audit of the Sub-Processor, which has the same scope and is subject to the same
conditions as would apply to an audit of the Pass-Through Customers under the
data protection laws applicable to the Pass-Through Customers.

6.2
The Sub-Processor shall promptly inform Reseller about the existence of
legislation applicable to it preventing the conduct of an audit of the
Sub-Processor pursuant to Clause 6.1, in which case




Salesforce Confidential

--------------------------------------------------------------------------------

AMENDMENT TO ADD MODEL CLAUSES DPA    Page 7 of 7

--------------------------------------------------------------------------------



Reseller may suspend the processing of the Pass-Through Customers Personal Data
permitted pursuant to the Agreement and/or terminate this DPA.
7
LIABILITY AND THIRD-PARTY BENEFICIARY CLAUSE

7.1
The Data Subject can enforce against the Sub-Processor this Clause 7.1, Clause
7.2 and 7.3, Clause 4.1 (i)-(vi), Clause 5.3, Clause 6.1 Clause 8, Clause 9.2
and 9.3, Clause 10, Clause 12.2 and Clause 13 as a third party beneficiary.

7.2
If a Data Subject, who has suffered damage as a result of any breach by the
Sub-Processor of any of its obligations under this DPA, is not able to bring a
claim against the Pass-Through Customers or Reseller arising out of such breach
because both the Pass-Through Customers and Reseller have factually disappeared
or ceased to exist in law or have become insolvent, the Sub-Processor agrees
that the Data Subject may issue a claim against the Sub-Processor with regard to
its own processing operations under this DPA as if it were the Pass-Through
Customers or Reseller (unless any successor entity has assumed the entire legal
obligations of the Pass-Through Customers or Reseller by contract or by
operation of law, in which case the Data Subject can enforce its rights against
such entity). The liability of the Sub-Processor to the Data Subject as
described in this Clause 7.2 shall be limited to its own processing operations
under this DPA.

7.3
The Parties do not object to a Data Subject being represented by an association
or other body if the Data Subject so expressly wishes and if permitted by
national law.

8
FURTHER SUB-PROCESSORS

8.1
Pursuant to Clause 5(h) of the Data Transfer Agreement, Reseller acknowledges
and expressly agrees that Sub-Processor is entitled to retain its Affiliates
(“Salesforce Affiliates”) as further sub-processors for Sub-Processor and that
Sub-Processor or Salesforce Affiliates respectively may engage third-party
service providers as sub-processors that may provide customer support, including
processing of Pass-Through Customers Personal Data, in connection with the
Resold Services.

8.2
Sub-processors. Salesforce shall make available to Reseller a current list of
sub-processors for the Resold Services with the identities of those
Sub-processors (“Sub-processor List”). Salesforce shall provide Reseller with a
mechanism to subscribe to updates to the Sub-processor List and shall provide
such updates before authorizing any new Sub-processor(s) to Process Personal
Data in connection with the provision of the Resold Services.

8.3
Objection Right for new Sub-processors.  If Reseller has a reasonable basis to
object to Salesforce’s use of a new Sub-processor, Reseller shall notify
Salesforce promptly in writing within 10 business days after receipt of
Salesforce’s notice.

In the event Reseller objects to a new Sub-processor(s) and that objection is
not unreasonable Salesforce will use reasonable efforts to make available to
Reseller a change in the affected Resold Services or recommend a commercially
reasonable change Reseller’s configuration or use of the affected Resold
Services to avoid processing of Personal Data by the objected-to new Sub
processor without unreasonably burdening Reseller. If Salesforce is unable to
make available such change within a reasonable period of time, which shall not
exceed sixty (60) days, Reseller may terminate the applicable Service Order(s)
in respect only to those Resold Services which cannot be provided by Salesforce
without the use of the objected-to new Sub-processor, by providing written
notice



Salesforce Confidential

--------------------------------------------------------------------------------

AMENDMENT TO ADD MODEL CLAUSES DPA    Page 8 of 8

--------------------------------------------------------------------------------



to Reseller. Reseller shall receive a refund of any prepaid fees for the period
following the effective date of termination in respect of such terminated Resold
Services.
8.4
All sub-processors will be subject to data protection obligations at least
equivalent to those contained in this DPA under a written agreement, and such
sub-processors shall be obliged to comply with applicable Data Protection Laws
and Regulations. Where the sub-processor fails to fulfil its data protection
obligations under such written agreement Salesforce shall remain fully liable to
the data exporter for the performance of the sub-processor's obligations under
such agreement.

8.5
Sub-Processor shall audit third-party sub-processors that are not Salesforce
Affiliates at least once per year to ensure they have appropriate physical,
technical, organizational, and administrative controls in place. Upon Reseller’s
reasonable request at reasonable intervals, Salesforce shall provide Reseller
with an executive summary of the most recent audits of such third-party
sub-processors. Salesforce Affiliates that are sub-processors are audited at
least once per year pursuant to salesforce.com, inc.’s ISO 27001 certification.

8.6
Upon Reseller’s request, Salesforce agrees to promptly make available to
Reseller a copy of an applicable sub-processor data processing agreement
executed in relation to this DPA, provided that Salesforce may remove any
commercial information contained in such agreement. Reseller may make available
a summary of the agreement, or the agreement if required, to the Pass-Through
Customers provided that such summary, or the agreement if required, is treated
as Confidential Information, including that the Pass-Through Customers has
entered into a non-disclosure agreement containing confidentiality provisions
substantially similar to those set forth in the Agreement to protect
Salesforce’s Confidential Information.

9
TERM AND TERMINATION

9.1
This DPA shall continue in full force and effect until the Agreement has been
terminated or expires, it being understood, however, that the Sub-Processor's
provision of data-processing services for the Pass-Through Customers pursuant to
its obligations under the Agreement shall be terminated upon instruction of
Reseller or upon termination of the processing of Pass-Through Customers
Personal Data by Reseller for the Pass-Through Customers pursuant to the Data
Transfer Agreement.

9.2
Upon request by Pass-Through Customers made within 30 days following termination
of the provision of data-processing services for the Pass-Through Customers, the
Sub-Processor will return all Pass-Through Customers Personal Data to
Pass-Through Customers, unless prohibited from returning or destroying all or
part of the Pass-Through Customers Personal Data by applicable law, including,
but not limited to, a litigation hold, or unless otherwise required by an
agreement between Pass-Through Customers and Sub-Processor. In that case the
Sub-Processor warrants that it will guarantee the confidentiality of the
Pass-Through Customers Personal Data and will not actively process the
Pass-Through Customers Personal Data anymore except as required by applicable
law or permitted by the applicable agreement between Pass-Through Customers and
Sub-Processor.

The Sub-Processor shall provide such Pass-Through Customers Personal Data via a
downloadable file in comma separated value (.csv) format and attachments in
their native format. Pass-Through Customers Personal Data submitted to the
Resold Services is retained in inactive status within the



Salesforce Confidential

--------------------------------------------------------------------------------

AMENDMENT TO ADD MODEL CLAUSES DPA    Page 9 of 9

--------------------------------------------------------------------------------



Resold Services for 180 days and a transition period of up to 30 days, after
which it is securely overwritten or deleted. Pass-Through Customers Personal
Data submitted to the Resold Services (including Pass-Through Customers Personal
Data retained in inactive status) will be stored on backup media for an
additional 90 days after it is securely overwritten or deleted from the Resold
Services. This process is subject to applicable legal requirements. Without
limiting the ability for the Pass-Through Customers to request return of its
Pass-Through Customers Personal Data, the Sub-Processor reserves the right to
reduce the number of days it retains such data after contract termination. Upon
request, the Sub-Processor will provide Reseller with a certification of
destruction as required under Clause 12.1 of the Data Transfer Agreement.
9.3
The Pass-Through Customers Personal Data is destroyed through an automated
technical process. This process is audited according to Clause 4.2.

10
VARIATION

Any amendment, waiver or variation of this DPA shall not be binding on the
Parties unless set out in writing, expressed to amend this DPA and signed by or
on behalf of each of the Parties.
11
SEVERABILITY AND WAIVER

If any provision of this DPA is held to be illegal, invalid or otherwise
unenforceable, such provision will be enforced to the extent possible consistent
with the stated intention of the Parties, or if incapable of such enforcement,
will be deemed to be severed and deleted from this DPA, while the remainder of
this DPA will continue in full force and effect. The waiver by either Party of
any default or breach of this DPA will not constitute a waiver of any other or
subsequent default or breach.
12
GOVERNING LAW

12.1
Subject to Clause 12.2 below, this DPA shall be governed by, and construed in
accordance with the laws of California. The state and federal Courts of the City
and County of San Francisco, California shall have the non-exclusive
jurisdiction to hear and determine any suit, action or proceedings relating to
or arising in connection with this DPA.

12.2
The provisions of this DPA relating to data protection aspects of processing of
Pass-Through Customers Personal Data shall exclusively be governed by the law of
the Member State in which the Pass-Through Customers is established.

13
MEDIATION

13.1
The Sub-Processor agrees that if the Data Subject invokes against it third-party
beneficiary rights and/or claims compensation for damages under this DPA, the
Sub-Processor will accept the decision of the Data Subject:

(i)
to refer the dispute to mediation, by an independent person or, where
applicable, by the Supervisory Authority; or




Salesforce Confidential

--------------------------------------------------------------------------------

AMENDMENT TO ADD MODEL CLAUSES DPA    Page 10 of 10

--------------------------------------------------------------------------------



(ii)
to refer the dispute to the courts in the Member State in which the Pass-Through
Customers is established.

13.2
The Parties agree that the choice made by the Data Subject will not prejudice
its substantive or procedural rights to seek remedies in accordance with other
provisions of national or international law.




Salesforce Confidential

--------------------------------------------------------------------------------

AMENDMENT TO ADD MODEL CLAUSES DPA    Page 11 of 11

--------------------------------------------------------------------------------





SCHEDULE 1
DETAILS OF THE PROCESSING
Data subjects
Pass-Through Customers Personal Data submitted to Salesforce’s systems by or for
Pass-Through Customers as Customer Data which is accessible to the Pass-Through
Customers while resident on Salesforce’s systems may relate (the extent of which
is determined and controlled by the Customer in its sole discretion) to and may
include, but is not limited, to the following examples:
•
prospects, customers, business partners and vendors of Pass-Through Customers
(who are natural persons)

•
employees or contact persons of Pass-Through Customers's prospects, customers,
business partners and vendors

•
employees, agents, advisors and freelancers of Pass-Through Customers (who are
natural persons)

•
users of Pass-Through Customers authorized by Pass-Through Customers to use the
Resold Services

Categories of data
Pass-Through Customers Personal Data submitted to Salesforce’s systems by or for
Pass-Through Customers as Customer Data which is accessible to the Pass-Through
Customers while resident on Salesforce’s systems may concern any or all of the
categories of Personal Data, the extent of which is determined and controlled by
the Pass-Through Customers in its sole discretion, and which may include, but is
not limited to the following examples:
•
First, middle and last name

•
Title

•
Position

•
Employer

•
Contact information (email addresses, phone numbers, physical address
information)

Special Categories of Data
Pass-Through Customers may submit special categories of data to the Resold
Services, the extent of which is determined and controlled by the Pass-Through
Customers in its sole discretion, and which is for the sake of clarity personal
data with information revealing racial or ethnic origin, political opinions,
religious or philosophical beliefs, trade-union membership, and the processing
of data concerning health or sex life.
Processing Operations
The Personal Data transferred will be subject to the following basic processing
activities:



Salesforce Confidential

--------------------------------------------------------------------------------

AMENDMENT TO ADD MODEL CLAUSES DPA    Page 12 of 12

--------------------------------------------------------------------------------



As set forth in the Agreement, Salesforce shall process Personal Data for the
following purposes: (a) to provide the Resold Services in accordance with the
Agreement, to prevent or address service or technical problems, or upon Reseller
and/or Pass-Through Customers’s request in connection with a customer support
matter; and (b) processing initiated by Users in their use of the Resold
Services.  



Salesforce Confidential

--------------------------------------------------------------------------------

AMENDMENT TO ADD MODEL CLAUSES DPA    Page 13 of 13

--------------------------------------------------------------------------------



SCHEDULE 2
SECURITY MEASURES
Capitalized terms used in this Schedule 2 but not defined in this Schedule 2
have the meaning given in the Agreement
1.
Access control to premises and facilities to prevent unauthorized persons from
gaining access to data processing systems for processing or using Personal Data,
Salesforce’s production data centers have an access system that controls access
to the data center. This system permits only authorized personnel to have access
to secure areas. The facility is secured by around-the-clock guards, biometric
access screening, and escort-controlled access.

2.
Access control to systems to prevent data processing systems from being used
without authorization.

In providing the Resold Services, Salesforce implements the following controls:
•
Unique User identifiers (User IDs) to ensure that activities can be attributed
to the responsible individual.

•
User passwords are stored using a one-way hashing algorithm (SHA-256) and are
never transmitted unencrypted.

•
Access to the Resold Services require a valid User ID and password combination,
which are encrypted via SSL while in transmission. Following a successful
authentication, a random session ID is generated and stored in the User’s
browser to preserve and track session state.

•
Controls to ensure generated initial passwords must be reset on first use.

The Resold Services provide the following functionality that may be implemented
by Reseller in its use of the Resold Services:
•
Controls to revoke access after several consecutive failed login attempts.

•
Controls on the number of invalid login requests before locking out a User.

•
Controls to force a User password to expire after a period of use.

•
Controls to terminate a User session after a period of inactivity.

•
Password history controls to limit password reuse.

•
Password length controls

•
Password complexity requirement (requires letters and numbers).

•
Verification question before resetting password.

•
The ability to accept logins to the Resold Services from only certain IP address
ranges.

•
The ability to restrict logins to the Resold Services to specific time periods
(Developer Edition, Enterprise Edition, and Unlimited Edition only).

•
Ability to delegate user authentication or federate authentication via SAML.

3.
Access control to data to ensure that persons authorized to use a data
processing system have access only to those data they are authorized to access,
and that Personal Data cannot be read, copied, altered, or removed without
authorization during use and after recording.

•
Reseller and/or Pass-Through Customers may implement a granular sharing model
and User permission profiles to limit data accessible to different Users.

•
Reseller and/or Pass-Through Customers, as applicable, may create custom fields
that are encrypted at rest and are only visible to Users that have been granted
the “View Encrypted Data” permission by Reseller or Pass-Through Customers’s, as
applicable, designated system administrators.




Salesforce Confidential

--------------------------------------------------------------------------------

AMENDMENT TO ADD MODEL CLAUSES DPA    Page 14 of 14

--------------------------------------------------------------------------------



4.
Disclosure control to ensure that Personal Data cannot be read, copied, altered,
or removed without authorization during electronic transfer or transfer or
transport or while being recorded onto data storage media, and that it is
possible to check and establish to which parties Personal Data are to be
transferred by means of data transmission facilities.

•
Salesforce uses industry accepted encryption products to protect Customer Data
and communications during transmissions between Reseller and/or Pass-Through
Customers’s network and the Reseller Services, including minimum 128-bit
VeriSign SSL Certification and minimum 2048-bit RSA public keys.

5.
Input control to ensure that it is possible to after-the-fact check and
establish whether Personal Data has been entered into, altered, or removed from
data processing systems, and if so, by whom.

In providing the Resold Services, Salesforce implements the following controls:
•
User access log entries will be maintained, containing date, time, User ID, URL
executed or entity ID operated on, operation performed (viewed, edited, etc.)
and source IP address. Note that source IP address might not be available if NAT
(Network Access Translation) or PAT (Port Address Translation) is used by
Reseller and/or Pass-Through Customers or its ISP.

•
If there is a suspicion of inappropriate access, Salesforce can provide Reseller
log entry records to assist in forensic analysis. This service will be provided
to Reseller on a time and materials basis.

The Resold Services provide the following functionality that may be implemented
by Reseller and/or Pass-Through Customers in its use of the Resold Services:
•
Certain administrative changes to the Resold Services (such as password changes
and adding custom fields) are tracked in an area known as the “Setup Audit Log”
and are available for viewing by Pass-Through Customers’s designated system
administrator(s). Pass-Through Customers may download and store this data
locally.

•
Successful and failed login attempts for Pass-Through Customers’s instance(s) of
the Services are tracked in an area known as the “Login History” and are
available for viewing by Pass-Through Customers’s designated system
administrator(s). Pass-Through Customers may download and store this data
locally.

•
Pass-Through Customers may implement functionality known as “Set History
Tracking” to track the history of specific objects or fields within the
Customer’s instance(s) of the Resold Services. All entries include the date,
time, nature of the change, and the User who made the change.

6.
Job control to ensure that personal data processed on behalf of others are
processed strictly in compliance with the Data Controller’s instructions.

•
As set forth in the DPA, Salesforce shall process Personal Data in accordance
with the instructions of Reseller and/or Pass-Through Customers, including to
provide the Resold Services as set forth in the Agreement and as instructed by
Users in their use of the Resold Services.

7.
Availability control to ensure that Personal Data are protected against
accidental destruction or loss.

•
Disaster recovery. Salesforce can utilize disaster recovery facilities that are
geographically remote from primary data centers, along with required hardware,
software, and Internet connectivity, in the event Salesforce production
facilities at the primary data center were to be rendered unavailable.
Salesforce has disaster recovery plans in place and tests them at least once per
year. Salesforce will discuss results of these tests with Reseller on request.




Salesforce Confidential

--------------------------------------------------------------------------------

AMENDMENT TO ADD MODEL CLAUSES DPA    Page 15 of 15

--------------------------------------------------------------------------------



•
Reliability and Backup. All networking components, SSL accelerators, load
balancers, Web servers, and application servers are configured in a redundant
configuration. All Customer Data is stored on a primary database server that is
clustered with a backup database server for redundancy. All Customer Data is
stored on carrier-class disk storage RAID disks and multiple data paths. All
Customer Data, up to the last committed transaction, is automatically backed up
on a regular basis. Any backup tapes are verified for integrity stored in an
offsite facility in a secure, fire-resistant location.

•
Viruses. The Resold Services will not introduce any viruses to Reseller’s
systems; however, the Resold Services do not scan for viruses that could be
included in attachments or other Customer Data uploaded into the Resold Services
by Reseller and/or Pass-Through Customers. Any such uploaded attachments will
not be executed in the Resold Services and therefore will not damage or
compromise the Resold Services.

8.
Segregation control to ensure that data collected for different purposes can be
processed separately.

In providing the Resold Services, Salesforce implements the following controls:
•
Strong logical separation of Customer Data, which is achieved via Reseller
and/or Pass-Through Customers-specific “Organization IDs” that permit only Users
to view related Customer Data.

The Resold Services provide the following functionality, which may be
implemented by Pass-Through Customers in its use of the Resold Services:
•
Pass-Through Customers may implement a granular sharing model and User
permission profiles to limit data accessible to different Users.




Salesforce Confidential

--------------------------------------------------------------------------------

AMENDMENT TO ADD MODEL CLAUSES DPA    Page 16 of 16