These LastPass Partner Program Terms (“Partner Terms”) are agreed to between the applicable LastPass entity set forth in the contracting entities table at https://www.lastpass.com/legal-center/contracting-entities (“LastPass,” “us,” or “we”) and the person or organization agreeing to these Partner Terms, on behalf of yourself and any Affiliates (“Partner” or “you”). Together, these Partner Terms, the applicable partner program terms or program addendum (the “Program Terms”), any applicable program guide(s) (“Program Guide(s)”), and any policies or supplemental documentation made available to you through our Partner Portal at https://partner.lastpass.com (the “Portal”) make up the partnership agreement (the “Agreement”) pursuant to which you are authorized to act as an official partner of LastPass. By accepting these Partner Terms, you represent that you are of legal age and have the authority to bind the Partner to the Agreement.
1. Participation Rights and Requirements.
a. Authorization.
The Program Terms set forth the LastPass service offerings (“Services”) that we make available to you. As used in the Agreement, “Affiliate” means any person or entity which directly or indirectly controls, is controlled by, or is under common control with a party and “Customer” means the person or entity ultimately using the Services, whether submitted as a Lead or identified in an Order (defined below). By agreeing to these Partner Terms and the Program Terms for one or more of the following partner program offerings (each a “Program”), we authorize you as follows, subject to the terms of the applicable Program Terms:
- (1) Reseller – as a Reseller, you are authorized to resell the Services to Customers; and
- (2) Managed Services Provider – as a Managed Services Provider, you are authorized to purchase, administrate and configure our Services on behalf of your client(s) as a managed services provider (“MSP”).
You understand and agree that LastPass may update the Agreement and any of the above authorizations at any time, for any reason, upon notice to you.
b. Referrals.
In addition to the rights granted in Section 1.a above, you are authorized to use the Portal to register opportunities for us to sell our Services to a potential Customer ("Leads"). For any Lead that we have validated and results in a Sale while the registration is valid, you will receive a one-time commission at the rate set forth in the Portal as of the registration date. Commissions are paid based on the total amount billed to the Customer. A "Sale" is any valid and active Lead you have registered that has resulted in a customer purchase agreement between us and a Customer. If a Customer fails to pay the amount we have billed after we have paid you a Commission, we will have overpaid you for that Customer and may invoice you for such overpayment.
c. Order and Lead Submission.
Any Orders or Leads you submit to us (each, as applicable) must be made through the Portal unless we specify otherwise, and submission may include providing required end user information to facilitate processing and setup. An "Order" means a purchase of Services by you from us via our standard order process for the purpose of acting as a partner under the Agreement. More details about the specific ordering process or system for a specific Program may be found in the Program Terms. We may update the process by which we accept or process Orders or Leads at any time upon reasonable notice to you. We will notify you when we have accepted an Order or Lead and we may reject them in our reasonable discretion. You will receive no credit, discount, or payments in connection with an Order or Lead you submit to us that we have rejected or for any order that a Customer opts to place directly with us.
d. Marketing; Non-Exclusivity.
During the Term, you may market and promote the Services, subject to the limitations set forth in the Agreement and other documentation, as applicable. Each party’s participation in any Program(s) are non-exclusive in nature. Either party may enter into agreements with third parties for services similar to those contemplated under these Partner Terms.
e. Representations.
You must accurately represent the Services and your relationship with us. You may only offer our Services to businesses and must ensure, where specified in the applicable Program Terms, that all Customers are presented with and agree to the LastPass End-User Terms of Service located at https://lastpass.com/legal-center/partner-sales-terms ("End-User Terms"). We may change our products, prices, or terms at any time upon notice to you and at our discretion.
f. Customer Support.
- Support Activities.
Except as stated in the applicable Program Terms or as otherwise agreed upon between the parties in writing, you are not permitted to provide technical support for the Services and should direct any Customer support requests to LastPass through its standard support processes (e.g., the LastPass Support site located at https://support.lastpass.com/home). - Not for Resale Licenses.
We may, in our discretion, provide you with a limited number of subscriptions to one or more of our Services. In that event, the Terms of Service at https://www.lastpass.com/legal-center/terms-of-service/business ("Terms of Service) will apply to such use.
2. Invoicing and Payment; Commissions; Taxes.
a. Invoicing and Payment.
If you are reselling the Services to Customers, you must invoice them directly for their use of the Services. You are obligated to pay us even if Customers do not pay you. We will invoice you for all accepted Orders you submit, which you pay within forty-five (45) days from the invoice date in the currency listed on the invoice. If you do not pay us, we may take actions to ensure ongoing service provision to the applicable Customer or end-user and/or to mitigate any losses, including suspending the Services to Customers or contacting the Customers directly, after giving you notice. We may charge any payment card on file for invoiced amounts, and we may take steps to update your payment card information (where permitted) to ensure that payment can be processed. Your credit card information and related personal data may be provided to third parties where required for payment processing, fraud prevention and export compliance purposes. You are responsible for any fees or overdraft charges incurred when we charge your card for payment. If your failure to pay an invoice is based on Customers’ failure to pay you, we will attempt in good faith to limit Service suspensions to the non-paying Customers based on your and, as applicable, their input. However, we reserve the right to suspend Services for any Customers based on your failure to pay us.
b. Discounts, Commissions, and Referral Fees.
The terms of any applicable discounts, Commissions, and/or Referral Fees for a specific Program are set forth in the applicable Program Terms.
c. Taxes and Withholding.
All advertised or negotiated Service pricing is exclusive of applicable taxes. You (on behalf of yourself or your Customers, as applicable) are responsible for all applicable sales, services, value-added, goods and services, withholding, tariffs, Universal Service Fund (where applicable) fees or any other similar fees or taxes, as may be applicable in the location in which the Services are being purchased (collectively, "Taxes and Fees") imposed by any government entity or collecting agency based on the Services, except those Taxes and Fees based on our net income, or Taxes and Fees for which you have provided (on behalf of yourself or your Customers, as applicable) an exemption certificate. Where we charge Taxes and Fees, we will do so on the basis of the total subscription costs before applying any applicable discounts.
3. Term; Termination.
a. Term and Termination.
The Agreement begins on the Effective Date set forth in the applicable Program Terms and will continue until either party gives the other party at least thirty (30) days advance written notice of its intent to terminate (the "Term"). Termination will not relieve either party of any obligation arising from any Order accepted or Lead validated prior to the date of termination, including but not limited to providing the Services to Customers pursuant to the then-current subscription term set forth in the Order, as applicable.
b. Effect of Termination.
Upon termination of the Agreement, you will promptly discontinue any marketing or promotion of the Services and each party will cease any reference to the other party as a partner or vendor, as applicable. Neither party is liable for any damages resulting from the valid termination of the Agreement or these Partner Terms; however, termination does not affect any claim arising prior to such termination.
4. Intellectual Property; Marks.
We and our licensors reserve all rights related to our Services that we have not expressly granted in the Agreement, including any modifications or derivatives thereof. Neither party will use or register any mark, trade name, domain name, or other identifier (collectively "Marks") of the other party or that is confusingly similar to the other party’s Marks. We may use your Marks to reference you as an authorized Partner. You may use our Marks in reference to our Services, but only as allowed in our "Branding Guidelines" available at https://www.lastpass.com/legal-center/trademark and any additional partner style guidelines we may make available in the Portal. You must cease or suspend use of our Marks in any marketing material immediately upon receipt of written notice that your use does not comply with the Branding Guidelines. Each party agrees not to modify, prepare derivative works of, or reverse engineer the products or services of the other party.
5. Confidentiality.
The parties may exchange Confidential Information under the Agreement. During the term of the Agreement and for three (3) years thereafter, each party will keep the Confidential Information it receives confidential and will not share or use it for any purpose other than to perform its obligations under the Agreement or as otherwise allowed in the Agreement. Either party may disclose Confidential Information to its own employees, representatives, or agents if they have a genuine need to know and are bound by similar nondisclosure restrictions. "Confidential Information"; includes sales data and plans, product roadmaps, non-public pricing information, security reports, and any other non-public information that should be understood, due to the circumstances of disclosure or the nature of the information, to be confidential and/or proprietary. Monetary damages may be insufficient if there is a breach or threatened breach of a party’s Confidential Information. If this happens, the disclosing party may seek injunctive relief or other equitable remedies.
6. Warranty; Disclaimer.
Each party warrants that: (i) it has the authority to enter into and perform the Agreement and these Partner Terms without breaching any third-party obligations; (ii) it will use personnel with the necessary skill and experience to meet the obligations set forth in the Agreement. TO THE EXTENT PERMITTED BY APPLICABLE LAW, LASTPASS DISCLAIMS ALL OTHER WARRANTIES AND CONDITIONS, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING ANY IMPLIED WARRANTIES OF MERCHANTABILITY, SATISFACTORY QUALITY, TITLE, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF CERTAIN WARRANTIES AND CONDITIONS, SO SOME OF THE ABOVE EXCLUSIONS MAY NOT APPLY.
7. Indemnification.
a. IP Infringement Indemnity.
We will defend, indemnify, and hold you harmless from and against all third-party claims, suits, costs and expenses (including reasonable attorneys' fees) arising from any third-party claim brought against you alleging that the Services infringe or misappropriate any registered copyright, registered trademark, patent, or other intellectual property right of any third party. In the event of such a claim, we may either, at our option: (1) procure your continuing right to undertake the activities contemplated by the Agreement; or (2) replace or modify the Services in a functionally equivalent manner so that they no longer infringe. If we determine that neither option (1) nor (2) is available or appropriate under the circumstances, we may terminate the licenses with respect to the Services subject to the infringement claim (in which case we shall refund the pro-rata pre-paid fees paid by you for the Services as soon as commercially practical and you shall pay any fees that may have been owed to us prior to termination, if any). We will have no obligation under this Section for any infringement if the claim arises from the combination or use of the Services with other products, services, or intellectual property and such infringement would have been avoided but for such combination or use. Further, we shall not have liability for damages incurred hereunder based on your sale of your own or third party products and services. This section states our sole and exclusive liability, and your sole and exclusive remedy, for the actual or alleged infringement of any third-party intellectual property rights.
b. Indemnification Procedures.
We are not obligated to indemnify you under this section unless you: (i) promptly notify us of any claim that has resulted in or is reasonably anticipated to result in damages and cooperate with us in defending the claim (provided that any failure or delay in providing notice shall not relieve our obligation to indemnify unless such failure or delay materially prejudices our ability to defend the claim); (ii) reasonably cooperate, at our expense, in the defense or settlement of the claim; (iii) provide us with full control and authority over the defense, including selection and retention of counsel, and settlement of the claim, except that: (x) any settlement requiring your to admit liability requires your prior written consent, not to be unreasonably withheld or delayed, and (y) you may join in the defense with your own counsel at your expense. You shall provide us with such information as you have regarding the claim (including copies of any summons, complaint or other pleading and any written claim, demand, invoice, billing or other document evidencing or asserting the same) and shall otherwise cooperate with and assist us with defending the claim.
8. LIMITATION OF LIABILITY.
EXCEPT FOR A PARTY’S GROSS NEGLIGENCE, WILLFUL MISCONDUCT, OR FRAUD, NEITHER PARTY IS LIABLE TO THE OTHER FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL OR INCIDENTAL LOSS, EXEMPLARY OR OTHER DAMAGES, HOWEVER CAUSED AND BASED ON ANY THEORY OF LIABILITY, WHETHER OR NOT SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. OUR TOTAL CUMULATIVE LIABILITY UNDER THE AGREEMENT AND THESE PARTNER TERMS IS LIMITED TO THE GREATER OF THE AMOUNT YOU PAID US OR THE AMOUNT WE PAID YOU (DEPENDING ON THE APPLICABLE PROGRAM) IN THE 12 MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE LIABILITY. ADDITIONALLY, WE HAVE NO LIABILITY FOR YOUR: (i) RESALE OR REFERRAL OF THE SERVICES AFTER ANY NOTICE THAT YOU SHOULD CEASE SUCH ACTIVITY DUE TO A THIRD PARTY CLAIM RELATED TO SUCH SERVICES; (ii) MODIFICATION OF THE SERVICES OTHER THAN AS REQUIRED BY US; OR (iii) CLAIMS ARISING FROM YOUR COMBINATION OF OUR SERVICES WITH ANY NON-LASTPASS PROGRAMS, SERVICES, DATA, HARDWARE, OR OTHER MATERIALS, IF SUCH CLAIM WOULD HAVE BEEN AVOIDED BY USE OF OUR STANDALONE SERVICES.
9. Audit.
You must maintain complete and accurate books and records consistent with industry standard practices and applicable law in such form and detail as necessary to establish your compliance with the terms of the Agreement and these Partner Terms. During the term of the Agreement and for a period of two (2) years thereafter, we may audit your records and controls with respect to your compliance with the Agreement and these Partner Terms. Any audit is subject to mutual agreement as to the date, time, and place.
10. Notices; Governing Law; Disputes.
We will send notices to you at an email address you have provided us, at the location of your headquarters, or for updates to the Services subject to a Program, by posting such change in the Portal. The LastPass entity you work with, the address to which you must send notices to us, and the governing law and venue for any dispute between you and us depend on your location, as stated at https://www.lastpass.com/legal-center/contracting-entities.
11. Compliance with Laws.
In performing the Agreement, each party will adhere to industry standards and comply with applicable laws, including anti-bribery regulations and any applicable export regulations and will not engage in any deceptive, misleading, illegal, or unethical practices. Additionally, Partner will not sell, sublicense, or otherwise export the Services to any locations subject to US export compliance restrictions.
a. Authorizations and Licenses.
Where applicable and necessary to resell, offer, or provide the Services as part of the applicable Program, it is your obligation to: (a) obtain and maintain all requisite licenses or authorizations you may require to resell or offer, on our behalf or otherwise, our products and services; and (b) take any such actions to keep any such licenses or authorizations in good standing, which may including filings and fees as may otherwise be required to resell or offer our products and services.
b. Regulatory and Law Enforcement Support.
You agree to cooperate with LastPass and provide support to us as reasonably requested in order to help us fulfil our legal and/or regulatory obligations owed to any law enforcement, regulatory entity, or other legal and/or governmental agency.
12. Data Protection.
a. We may provide you personal data (or personal information) to aid in your performance of the Agreement, and in such case, the Partner Data Protection Addendum attached and incorporated into these Partner Terms as Addendum 1 (“Partner DPA”) applies. We may update or modify the Partner DPA from time to time upon written notice to you and any updates or modifications will become effective within thirty (30) days following such notice, unless you provide us with written notice of your good faith objection to such updates.
b. You acknowledge that the Customer is the controller of any personal data (or personal information) that it may upload or input to its LastPass vault or services account in connection with its use of the Services and that if you interact with such data, you are a processor. You hereby warrant that you have proper authorization from Customer to engage in such processing.
13. General.
Neither party may assign the Agreement or these Partner Terms without the other party’s prior written consent, which may not be unreasonably withheld or delayed, except that either party may upon written notice assign the Agreement, in whole or in part, to an Affiliate or as part of a corporate reorganization, consolidation, merger, or sale of substantially all of its business or assets to which the Agreement relates. If any term of the Agreement is not enforceable, it will be removed and will not affect any other terms. Both parties are independent contractors and nothing in the Agreement creates a partnership, agency, fiduciary, or employment relationship between the parties. Failure to enforce any right under the Agreement will not waive that right. Unless otherwise specified, remedies are cumulative. Except for the payment of fees, no party is responsible for any delay or failure to perform under the Agreement due to events beyond its reasonable control (e.g., natural disasters, terrorist activities, activities of third-party service providers, labor disputes, and acts of government), but only while those conditions persist.
14. Entire Agreement; Signature.
The Agreement replaces any prior agreements or discussions on the subjects they address. The parties have no other agreement on these subjects. The parties accept electronic (including online) signatures as valid and binding. We may update the Agreement from time to time after giving you notice, which may include posting the updated terms online, and we will consider your continued participation in the Program agreement to the updated terms. If we update the commission terms of any commissionable Program, we will give you sixty (60) days’ notice, after which the updated commission terms will take effect, as may be set forth in more detail in the Agreement.
Last Updated: 9 January 2025
ADDENDUM 1
Partner DPA
1. DEFINITIONS
"Controller" means the entity which determines the purposes and means of the Processing of Personal Data, including, as applicable, any "Business"
"Data Protection Laws and Regulations" means all laws and regulations applicable to the Processing of Personal Data under the Agreement, including such laws and regulations of Brazil, the European Union, the European Economic Area and their member states, Switzerland, the United Kingdom and the United States and its states.
"Data Subject" means an identified or identifiable person to whom Personal Data relates as defined by Data Protection Laws and Regulations including a "Consumer" as the term is defined in other Data Protection Laws and Regulations.
"LastPass Data" means any files, messages, documents, recordings, chat logs, transcripts, and similar data that Partner maintains on LastPass' or its end-users' behalf, as well as any other information LastPass or its users may upload or provide to Partner in connection with the Services.
"Personal Data" means any information relating to: (i) an identified or identifiable natural person (e.g., a Data Subject or Consumer); and/or (ii) an identified or identifiable legal entity (e.g., a household) where such information is protected similarly by Data Protection Laws and Regulations.
"Processing" means any operation or set of operations which is performed on Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
"Processor" means any entity which Processes Personal Data on behalf of the Controller, including, as applicable, any "Service Provider"
"Sub-processor" means any Processor engaged by Partner to assist in fulfilling its obligations with respect to providing the Services pursuant to the Agreement or this Partner DPA.
2. PROCESSING OF PERSONAL DATA
2.1. Roles of the Parties. The Parties agree to comply with applicable Data Protection Laws and Regulations. The Parties agree that, for the purposes of this Partner DPA, LastPass is the Controller, Partner is the Processor, and Partner will engage Sub-processors solely as further detailed in Section 5 “Sub-processors” below.
2.2. LastPass’ Responsibilities. When acting as Controller, LastPass shall Process Personal Data in accordance with Data Protection Laws and Regulations, including maintaining lawful basis and rights to use and provide Personal Data, as part of LastPass Data. LastPass’ instructions for the Processing of Personal Data shall comply with Data Protection Laws and Regulations.
2.3. Partner’s Responsibilities. Partner shall: treat LastPass’ Personal Data in a confidential manner; only retain, use, disclose, and Process Personal Data for the sole benefit of LastPass and in accordance with LastPass’ documented instructions, which LastPass hereby gives for the following purposes: (i) Processing in accordance with the Partner Terms; and (ii) Processing to comply with other documented reasonable instructions provided by LastPass; as required under Article 28 of the Regulation (EU) 2016/679 of the European Parliament; immediately inform LastPass if, in its opinion, it believes that any instructions of LastPass conflict with or infringe the requirements or Partner can no longer meet its obligations of applicable Data Protection Laws and Regulations; and not sell or share (as defined by the California Consumer Privacy Act, Cal . Civ. Code § 1798.100 et seq., as amended) any LastPass Data or LastPass Personal Data.
2.4.Processing Details. The subject-matter and duration of the Processing, the nature and purpose of the Processing, the type of Personal Data and categories of Data Subjects Processed – including business purpose(s) of the Processing – under this DPA are specified in Schedule 1 (Description of Processing and the Transfer) to this DPA.
3. RIGHTS OF DATA SUBJECTS
Upon receipt of a data subject request, Partner shall promptly, and in no event more than forty-eight (48) hours after becoming aware, notify LastPass and direct such Data Subject to LastPass, unless otherwise legally prohibited from doing so.
4. PARTNER PERSONNEL
Partner shall ensure that its personnel engaged in the Processing of Personal Data are: (a) informed of the confidential nature of the Personal Data and have executed written confidentiality agreements; (b) have received appropriate training on their responsibilities, specifically pertaining to security and privacy measures; and (c) only have access to Personal Data to the extent reasonably determined to be necessary in order to perform any obligations, responsibilities, or duties as further specified in this Partner DPA and the Partner Terms. To the extent permitted by applicable law, Partner shall ensure that the confidentiality obligations specified in this Section 4 shall survive the termination of the personnel engagement.
5. SUB-PROCESSORS
5.1. Current Sub-processors and New Sub-Processors. LastPass provides general authorization to Partner for the use of Partner’s current Sub-processors, a list of which must be provided to LastPass upon reasonable request. Prior to engaging any new Sub-processors, Partner shall carry out appropriate due diligence on the Sub-processor and enter into a written agreement with each Sub-processor which requires the Sub-processor to implement appropriate technical and organizational measures containing the same level of data protection obligations as those specified herein and that will meet the requirements of applicable Data Protection Laws and Regulations. Before disclosing any LastPass Data, Partner should make available to LastPass, no less than thirty (30) days before making the Sub-processor change, an updated list of Sub-processors to privacy@lastpass.com. LastPass may in good faith object to Partner’s use of a new Sub-processor by notifying Partner within thirty (30) days of Partner’s notice to LastPass. If the Parties are unable to resolve such objection or Partner is otherwise unwilling to resolve or make available such change within a reasonable period of time, LastPass may terminate the Partner Terms by providing written notice to Partner.
5.2. Liability. Partner shall be liable for the acts and omissions of its Sub-processors to the same extent Partner would be liable if performing the applicable Sub-processor services directly under the terms of this DPA.
6. SECURITY
6.1. Protection of LastPass Data. Taking into account the state of the art, the costs of implementation and the nature, scope, context, and purposes of processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Partner shall implement and maintain appropriate technical and organizational measures for protection of the security, confidentiality, and integrity of LastPass Data. Partner shall regularly monitor compliance with these measures.
6.2. Third-Party Certifications and Audits. Partner shall make available to LastPass all information necessary to demonstrate compliance with its obligations under this Partner DPA and Data Protection Laws and Regulations. Should additional audit activities be deemed reasonably necessary, LastPass (either directly or through a qualified third-party auditor) may audit Partner’s privacy and security program relevant to the protection of LastPass Data. Before the commencement of any such audit, LastPass and Partner shall mutually agree upon the scope, timing, duration, and reimbursable costs (if any and solely to the extent permitted by applicable law) of the audit. When conducting any such audit, LastPass shall use commercially reasonable efforts to minimize interference with Partner’s business operations.
6.3. Data Protection Impact Assessment. Partner shall provide reasonable cooperation and assistance to LastPass in the event LastPass is required, pursuant to Data Protection Laws and Regulations, to perform a data protection impact assessment or a privacy impact assessment or conduct a prior consultation with a supervisory authority.
7. NOTIFICATIONS REGARDING LASTPASS DATA
Partner shall notify LastPass, without undue delay of any actual or suspected accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to LastPass Data, including any Personal Data therein, transmitted, stored or otherwise Processed by Partner or its Sub-processors (a “Security Incident”). Partner shall provide LastPass with relevant information about the Security Incident, as reasonably requested to assist LastPass in ensuring LastPass compliance with its own obligations under applicable Data Protection Laws and Regulations.
8. USE, DELETION, AND RETURN OF LASTPASS DATA
Following the termination or expiration of the Parter Terms or upon LastPass’ request, Partner shall delete or return LastPass Data, including any Personal Data therein and at LastPass’ discretion, unless European Union law or Member State law requires or permits further storage of such LastPass Data.
9. DATA TRANSFER
9.1. If, during the Partner Terms, LastPass Personal Data that is subject to a Data Protection Law or Regulation is transferred to a jurisdiction for processing which is deemed to be a third country without an adequate level of data protection within the meaning of Data Protection Laws and Regulations, the transfer mechanism(s) provided below shall apply to such transfers:
9.1.1. The European Commission’s Implementing Decision (EU) 2021/914 Standard Contractual Clauses (“SCCs”) shall apply in addition to this Partner DPA for any transfers of Personal Data from the European Union, the European Economic Area, Brazil, and/or their member states and/or Switzerland to countries which do not ensure an adequate level of data protection within the meaning of Data Protection Laws and Regulations of the foregoing territories. The Standard Contractual Clauses shall be structured as follows: (i) Module Two (Controller to Processor) terms shall apply and Modules One, Three, and Four shall be deleted in their entirety; (ii) Clause 7 shall be deleted in its entirety and the Parties may add additional entities to this DPA by executing an additional copy of this DPA; (iii) in Clause 9, Option 2 shall apply (as detailed in Section 5 of this DPA); (iv) the optional language in Clause 11 shall be deleted in its entirety; (v) in Clause 17, Option 1 shall apply and the SCCs shall be governed by Irish law; (vi) in Clause 18(b), disputes shall be resolved before the courts of Ireland; and (vii) the Annexes of the SCCs shall be populated with the information set out in the Partner DPA.
9.1.2. For Data Subjects who are residents of the United Kingdom, Partner shall, where applicable: (a) operate in accordance with its obligations under the Data Transfer Addendum to the SCCs, issued by the Information Commissioner under S119A Data Protection Act 2018, which is incorporated into this Partner DPA by reference; and (b) as required by applicable law, transfer and process Personal Data on the basis of the Standard Contractual Clauses, as modified in accordance with the UK Addendum. The UK Addendum shall be structured as follows: (1) Table 1 shall be populated by the information in Schedule 2 of the Partner DPA; (2) Table 2 shall be populated by the information in Section 9.1.1 of the Partner DPA with the exception that the IDTA will be governed by England and Wales; (3) Table 3 shall be populated by Schedules 1 and 2 of the Partner DPA; and (4) in Table 4, either the Importer or the Exporter may terminate this UK Addendum.
9.1.3. The SCCs will not apply to the data transfer if LastPass adopts an alternative, recognized compliance standard for lawful data transfers, such as the EU-US Data Privacy Framework.
9.2. To the extent that the Parties are relying on a specific statutory mechanism to normalize international data transfers and that mechanism is subsequently modified, revoked, or held in a court with applicable authority to be invalid, the Parties agree to cooperate in good faith to pursue an alternative mechanism (if available and required) to permit the continued transfer of Personal Data.
10. LEGAL EFFECT AND CONFLICT
In the event of a conflict between the terms of the Partner Terms and this Partner DPA, the terms of this Partner DPA will control. Where applicable and in the event of a conflict between the terms of the main body of this Partner DPA and the SCCs, the SCCs will prevail.
Schedule 1 – Description of Processing and the Transfer
Categories of Data Subjects
LastPass may submit Personal Data to the Services, the extent of which is determined and controlled by LastPass in its reasonable discretion, and which may include, but is not limited to Personal Data relating to the following categories of data subjects: prospects and Leads.
Categories of Personal Data Transferred
LastPass may submit Personal Data to the Services, the extent of which is determined and controlled by LastPass in its reasonable discretion, and which may include, but is not limited to the following categories of Personal Data: identifiers and contact information.
Sensitive Data Transferred (If Applicable)
N/A
Frequency of the Transfer
The frequency, type, nature, and purpose of the data transfer will be dependent upon LastPass’ individual use case (i.e., transfer frequency may be continuous and/or may be limited in time to a specific session or event).
Nature and Purpose of Processing
Partner will Process Personal Data, in its capacity as a Processor and consistent with the terms of this Partner DPA, solely pursuant to the Partner Terms and as may be further instructed by LastPass.
Retention of Personal Data
Partner will Process Personal Data, in its capacity as a Processor, solely for the duration of the Partner Term, unless otherwise instructed by LastPass or agreed upon in writing by and between the Parties.
Subject-Matter of the Processing
The objective and subject of the Processing of Personal Data by Partner, as a Processor, is providing services to LastPass as defined under the Partner Terms.
Schedule 2 – Provisions Related to the SCCs
Data Exporter
Name of the data exporting organization: LastPass Parent LP, on behalf of its U.S. affiliate, LastPass US LP
Address: 125 High Street, Suite 220, Boston, MA 02210, USA.
Contact Person’s Name, Position, and Contact Details: LastPass Privacy Team; tel.: 781-897 5580; email: privacy@lastpass.com
Activities Relevant to the Data Transferred Under the SCCs: The activities relevant to and/or the objective and subject of the Processing of Personal Data by LastPass, as a Controller, is provision and operation of its business.
Role: Data Controller
Competent Supervisory Authority: The competent supervisory authority pursuant to Clause 13 will be the Irish Data Protection Commission.
Data Importer
Name: Partner and its Authorized Affiliates established within the European Economic Area and/or Switzerland.
Address: The Partner’s address identified on the relevant order documentation or Order Form, as applicable.
Contact Person’s Name, Position, and Contact Details: Partner’s primary contact, position, and details as identified on the relevant documentation, as applicable.
Activities Relevant to the Data Transferred Under the SCCs: LastPass (data exporter) procures Partner’s (data importer) Services for the provision and operation of LastPass’ business.
Role: Data Processor
Last Updated: 9 January 2025