GDPR Data Processing and Security Terms

Effective date: October 25^th, 2022.

By use of High Pulse Media Inc. services, DBA Nautilus (Also We, Us and Company) you instruct Nautilus to process any personal data you provide to Nautilus in alignment with Nautilus Service Agreement and Privacy Policy and agree to the processing of any personal data that Nautilus provides to you in connection with the services. Customer also specifically authorizes the engagement of Nautilus Affiliates as Sub-processors. In addition, Customer generally authorizes the engagement of any other third parties as Sub-processors.

Definitions

Controller (data exporter): Customer, being a Nautilus Customer or Affiliate per Nautilus Privacy Policy.

Processor (data importer): High Pulse Media Inc. DBA Nautilus, 30 Brackenwood Ave., Richmond Hill, ON, L4S 2P5, Canada

Supervisory Authority: The competent supervisory authority shall be the supervisory authority within the Member Province / State in which the data exporter and data importer are established in regard to a specific data transfer.

Customer Obligations

By use of Nautilus services you agree to comply with data protection, security and other obligations with respect to any and all personal data by adhering to the Nautilus Service Agreement and Anti-Spam policies, and Privacy Policy along with all local data protection laws to which you are subject. Nautilus will inform you if, in Nautilus opinion, you have violated any data processing obligation.

Details of Data Processing

Subject Matter: All Nautilus services, Customer provided data, and related technical support to Customer, including all publicly available information that is transmitted or retrieved from sub-processors of Nautilus.

Duration of the Processing: As identified in the Nautilus Service Agreement.

Nature and Purpose of the Processing: Nautilus provides an email service, automation and marketing platform and other related services as identified in our Privacy Policy.

Categories of Data: As outlined in our Privacy Policy (“I Am A Nautilus Affiliate.”, “I Am A Subscriber To An Email List Managed Through Nautilus.”, “I Am A Nautilus Customer.”)

Data Subjects: Personal data submitted, stored, sent or received via Nautilus services that may concern the Customer or Subscribers of the Customer.

Data Security

Nautilus takes all reasonable technical and organizational measures to commit to confidentiality of your data. The following information highlights our efforts to secure your trust in us with your data.

Use of encryption while data is being transmitted to or procured from our systems and while stored in our data centres
Continual automated and manual monitoring of the confidentiality, integrity, availability, and resilience of our systems
Emergency Preparedness to restore availability of our services in the event of a physical or technical incident
Routine backups in the event of data loss or corruption
Regular risk assessments of all systems both internally and externally
DDoS detection and mitigation in place for all data centres
Promoting Responsible Disclosure

Account Security

Continuous automated and manual monitoring for fraud and abuse on all Nautilus accounts
Secure notifications to customers for sensitive account actions like password resets
Tiered account access is available to limit billing and other sensitive information disclosure

Personnel Security

Taking commercially reasonable steps to ensure employees and those acting on Nautilus behalf maintain confidentiality of personal data including continual security awareness training and annual attestation
All Nautilus employees are background checked prior to employment
Privacy confirmations of all sub-processors engaged in providing Nautilus services to maintain and provide at least the same level of protection for the personal data and the same rights of data subject as Nautilus.
Secured physical access to all data centres including keycards, alarms, and video camera recording

Customer Response

Providing written responses to all reasonable requests for information made by customers and their subscribers
In the event of a personal data breach, reasonably assisting customers with data security audits, including inspections, conducted by the customer, auditors, law enforcement, or other supervisory authorities
Providing notice to customers regarding personal data breaches without undue delay
Reasonably assisting customers with their obligations to Supervisory Authority Data Protection Impact Assessments and Prior Consultation taking into account the nature of processing and data involved

Security Certifications

Maintaining Privacy-Shield certification by completing an annual third-party review
Maintaining Payment Card Industry (PCI) Security certification by completing an annual compliance review

Data Rights

Right to be informed: You or your subscribers can ask about personal data, how it is used, and why it is being used at any time.
Right of access: As outlined in our Privacy Policy (Access to Personal Information).
Right of rectification: You or your subscribers can update (or request updates to) personal information at any time.
Right of erasure: You may cancel your Nautilus account at any time and may additionally request that Nautilus erase your personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data. Your subscribers may also request that you or Nautilus do the same for their personal data. Nautilus reserves the right to keep the minimum amount of information that helps us prevent fraud to keep your deliverability the highest it can be.
Right to restrict processing: You may put your account on hold at any time which restricts the sending of email. Your data will still be processed for other actions such as billing and by our sub-processors. You may backup and deactivate a list to verify subscriber data and reactivate within 30 days. You may cancel your account to restrict all data processing of your data and your subscribers and reactivate your account as long as we have not yet deleted your information according to our retention policies.
Right to data portability: You may export any of your lists, or selected information within any list, at any time while your account is active by accessing your Nautilus account.
Right to object: You may unsubscribe from any of Nautilus emails at any time. Your subscribers may unsubscribe from your emails at any time.
Nautilus does not discriminate against a customer, price services differently, or reduce quality of service based on exercising of the above data rights.

Sub-processors

You may opt-in to be informed of sub-processor additions excluding those on our list of sub-processors below by contacting us. If you object to any sub-processor addition, you may cancel your account within 5 days of the notification provided that such objection is based on reasonable grounds relating to data protection. You may independently contact any of these sub-processors directly to have your information erased that they store about you. This may include information you provided to AWeber or information AWeber procured from the sub-processor.

Sub Processor	Nature, Purpose, Duration of Processing	Data Security	Purpose
Airtable	Airtable Privacy	Airtable Security	Business Analytics
Amazon	AWS Privacy	AWS Security	Cloud Infrastructure Hosting
Appcues	Appcues Data Processing Addendum	Appcues Security	Customer Walkthroughs and Surveys
Clearbit	Clearbit Privacy	Clearbit Security	Customer Intelligence
First Data	First Data Privacy and Security		Customer Billing
Chase Paymentech	Merchant Services Privacy	Chase Security	Customer Billing
Fullstory	Fullstory Privacy	Fullstory Security	Customer Support
Google	Google Privacy	Google Security	Business Analytics
Kissmetrics	Kissmetrics Privacy	Kissmetrics Security	Business Analytics
LiveChatInc	LiveChat Privacy	LiveChat Security	Customer Support
Lob	Lob Privacy	Lob Security	Address Validation
PayPal	PayPal Data Protection Agreement	PayPal Safety and Security	Billing and Payments
Podsights	Podsights Security and Privacy		Business Analytics
Sift Science	Sift Privacy and Security		Security
Alchemer (Survey Gizmo)	Alchemer Privacy and Data Security		Customer Surveys
Twilio	Twilio Privacy	Twilio Security	Customer Support
Typeform	Typeform Privacy and Security		Customer Support and Surveys
VWO	VWO Privacy	VWO Security	A/B Testing
Zendesk	Zendesk Privacy	Zendesk Security	Customer Support