This Data Processing Addendum (“DPA”) supplements the SonarQube Server Terms and Conditions, the SonarQube Cloud Terms of Service, or other agreement in place between Customer and SonarSource (the “Agreement”) covering Customer’s use of SonarQube Server, SonarQube Cloud, and Sonar Commercial Support (the “Products”). Capitalized terms not defined in this DPA have the meanings set forth in the relevant Agreement.
1. Definitions.
- “Affiliate” means an entity that, directly or indirectly, owns or controls, is owned or is controlled by or is under common ownership or control with a party, where “ownership” means the beneficial ownership of more than fifty percent (50%) of an entity’s voting equity securities or other equivalent voting interests and “control” means the power to direct the management or affairs of an entity.
- “Applicable Data Protection Law” means all data protection laws and regulations applicable to the Processing of Personal Data under the Agreement, and may include the additional definitions provided for in Schedule 2 herein.
- “Account Data” means Personal Data relating to Customer’s relationship with SonarSource, including: (i) Users’ account information (e.g. first and last name, email address); (ii) billing and contact information of individuals associated with Customer’s SonarSource account (e.g. billing address, first and last name, email address); (iii) Users’ device and connection information (e.g. IP address); and (iv) content/description of technical support requests (excluding attachments).
- “Controller” means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data.
- “Customer” means the customer entity or individual that is the contracting party to the Agreement.
- “Customer Data” means (i) any data Customer inputs into the Products, including without limitation any source code or other materials relating to Customer’s software projects and (ii) any materials or attachments provided by Customer or its Users in any technical support requests.
- “Customer Personal Data”' means any Personal Data contained in Customer Data that SonarSource Processes under the Agreement solely on behalf of Customer, and excludes Account Data, Results Data, and Usage Data.
- “Personal Data” means any information that relates to an identified or identifiable natural person, or which otherwise constitutes “personal data”, “personal information”, “personally identifiable information” or similar terms as defined in Applicable Data Protection Law.
- “Processing” (and “Process”) means any operation or set of operations that is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
- “Processor” means the entity that Processes Personal Data on behalf of the Controller.
- “Results Data” means any Personal Data relating to the customer-specific results that are generated by the Products processing Customer Data and available to Customer and/or Users via the Products.