This Addendum is effective as of 17 January 2025 (“Effective Date”) and is made by and between Pipedrive (meaning the legal entity with which Client has a contractual relationship according to the Terms of Service) (“Pipedrive”) and Client, who is subject to DORA. This Addendum forms part of the Terms for the provision of Pipedrive Services. Capitalised terms used in this Addendum shall have the meaning given to them in the Terms unless otherwise defined herein or where the context otherwise requires.
In consideration of the parties’ mutual rights and obligations, the parties have entered into this Addendum for the purpose of amending the Terms to include the contractual provisions required by DORA. The parties agree as follows:
“DORA” means the Digital Operational Resilience Act (Regulation (EU) 2022/2554).
“ESAs” means the European Supervisory Authorities comprising the European Securities and Market Authority (ESMA), the European Banking Authority (EBA) and the European Insurance and Occupational Pensions Authority (EIOPA).
“ICT-Related Incident” has the meaning given to it in DORA.
“ICT Services” means the services provided by Pipedrive to Client as part of the Pipedrive Services that constitute ICT services, as that term is defined in DORA.
“Implementing Technical Standards” means the implementing technical standards developed by the ESAs, which supplement DORA, adopted by the European Commission in accordance with Article 15 of Regulation (EU) No. 1093/2010, (EU) No. 1094/2010 and (EU) No. 1095/2010.
“Insolvency Event” means: (a) if a party is unable to pay its debts as they fall due, or is deemed to be unable to pay its debts as they fall due, within the meaning of the applicable Law in the relevant jurisdiction; (b) the passing by a party of a resolution for its winding-up (except in connection with a bona fide solvent amalgamation or reconstruction) or the making by a court of competent jurisdiction of an order for the winding-up of a party or the dissolution of that party; (c) a party is struck off the register of companies in the jurisdiction where it was incorporated; or (d) anything analogous to the foregoing events occurs in any applicable jurisdiction.
“Law” means all applicable laws including DORA, Regulatory Technical Standards, Implementing Technical Standards, statute, common law, statutory instrument, delegated acts and all binding orders or requirements of any court or other competent authority (including the ESAs and any applicable Resolution Authority).
“Locations” has the meaning given to it in clause 2.1(b).
“Regulatory Technical Standards” means the regulatory technical standards developed by the ESAs, which supplement DORA, adopted by the European Commission as delegated acts in accordance with Articles 10 to 14 of Regulation (EU) No. 1093/2010, (EU) No. 1094/2010 and (EU) No. 1095/2010.
“Resolution Authority” means an authority designated by an EU Member State as a resolution authority in accordance with Directive 2014/59/EU (and any transposition of same by an EU Member State).
“Service Levels” means the service levels, performance targets and other performance metrics that apply to the Services.
“Terms” has the same meaning as is given to it in the Terms of Service.
“Terms of Service” means the terms of service available at https://www.pipedrive.com/en/terms-of-service.
2.1 Details of the ICT Services. Each party acknowledges that this Addendum sets out its rights and obligations towards the other party, where required by DORA, in connection with the provision by Pipedrive of the ICT Services to Client. The parties also acknowledge that:
a clear and complete description of the ICT Services provided by Pipedrive is set out in the Terms;
the location(s), namely the regions or countries, from where the ICT Services will be provided by Pipedrive (or its subcontractors) and where the Client Data will be processed including the storage location (“Locations”) are set out in https://www.pipedrive.com/en/subprocessors. Pipedrive shall provide Client with reasonable advance notice before changing any of the Locations; and
the Service Levels are set out in Section 5.1 of the Terms of Service.
2.2 Protection of Client Data. In the provision of the ICT Services to Client, Pipedrive shall implement and maintain technical and organisational measures in connection with the availability, authenticity, integrity and confidentiality of the Client Data as set out in the Terms.
2.3 Access, Recovery and Return of Client Data. Client acknowledges that Client may access, recover and retrieve the Client Data in an easily-accessible format by submitting a request to the Client, including if any one or more of the following occurs:
Pipedrive suffers an Insolvency Event;
Pipedrive discontinues its business operations or any part thereof that is relevant to the ICT Services; or
the termination or expiry of the Terms.
2.4 Assistance with ICT Incidents. Pipedrive shall provide Client with reasonable assistance when an ICT-Related Incident which relates to or may otherwise affect the ICT Services occurs. Client shall pay Pipedrive for such assistance at Pipedrive’s applicable professional rates.
2.5 Co-operation. Pipedrive shall fully co-operate with any competent authority of Client and any Resolution Authority of Client, including any persons appointed by any such authority. Client shall pay Pipedrive for its costs in providing such assistance and Pipedrive shall duly notify the Client of those costs.
2.6 Notice and termination. In addition to any termination rights set out in the Terms, Client may terminate the Terms and its receipt of the Pipedrive Services on 30 days’ written notice to Pipedrive, if any one or more of the following events occurs:
if Pipedrive significantly breaches the Law or Terms, where such breach has not been cured within 30 days of receipt of a notice from Client requiring it to cure such breach and specifically referring to this clause;
if circumstances are identified, whether as part of the monitoring of ICT third-party risk or otherwise, which Client, acting reasonably, deems capable of materially adversely altering the performance of the ICT Services provided by Pipedrive under the Terms, including material changes that affect the arrangement or the situation of Pipedrive;
if there are evidenced weaknesses regarding Pipedrive’s overall ICT risk management including, in particular, with respect to ensuring the availability, authenticity, integrity and confidentiality of the Client Data; or
if the ESAs (or other applicable competent authority) can no longer effectively supervise Pipedrive as a result of conditions of, or circumstances relating to, the Terms.
For the avoidance of doubt, clause 13.3 of the Terms of Service shall apply upon termination of the Terms pursuant to this clause.
2.7 Security Awareness Programmes and Digital Operational Resilience Training. Pipedrive has implemented an ICT security awareness programme and provides digital operational resilience training to its relevant personnel. If and to the extent that the Client wishes for Pipedrive to attend, participate in and complete Client’s ICT security awareness programme or digital operational resilience training, Pipedrive shall do so provided that the Client pays Pipedrive’s costs, as notified to it.
3.1 Save as otherwise expressly amended by this Addendum, the Terms shall continue in full force and effect. To the extent that there is a conflict or inconsistency between the terms of this Addendum and the Terms, such conflict or inconsistency shall be resolved by giving precedence to this Addendum.
3.2 This Addendum and the Terms (and any other appendices hereto or contractual documents referred to) comprise the full contract between the parties with respect to their subject matter.
3.3 This Addendum shall be governed by and construed in accordance with the laws that govern the Terms of Service.