app.pactsafe.com Open in urlscan Pro
15.197.251.96  Public Scan

Form analysis
0 forms found in the DOM

Text Content

ACTION REQUIRED: Coinbase Data Security Exhibit Please confirm your identity
before reviewing the contract
Email
Name


Title
Company
Continue to Contract Not the right person to accept? Delegate Acceptance.

You need to complete 0 required fields. Reject Start
By clicking “Agree”, you are indicating that you understand and agree to Data
Security Exhibit (DLA Piper (Canada) LLP with Coinbase, Inc.). Reject Agree




ACTION REQUIRED: COINBASE DATA SECURITY EXHIBIT

Download

ACTION REQUIRED_ Coinbase Data Security Exhibit


Thumbnails

Document Outline

Attachments




Previous

Next
Highlight all Match case

Previous


Next

of 7

Zoom Out


Zoom In

Default Zoom Actual Size Fit Page Fit Width 25% 50% 75% 100% 125% 150% 200% 400%
800% Find

Toggle Sidebar

Presentation Mode

Open

Print

Download

Current View


Options

Coinbase Data and Security Exhibit
This Data and Security Exhibit (“
DSE
”) establishes minimum data processing and security requirements for
DLA Piper (Canada) LLP
(“
Vendor
”). Upon execution, this DSE is hereby incorporated into the Agreement
between
Coinbase Risk Strategies Pte, Ltd.
(or an affiliate of
Coinbase Risk Strategies Pte, Ltd.
, as
applicable) (“
Coinbase
” or “
Company
”) and Vendor (the “
Agreement
”). The DSE is effective upon the later
of the effective date of the Agreement and the effective date of the amendment
incorporating the DSE into
the Agreement.
1.
Definitions
Initially capitalized terms that appear in this DSE are used with the meanings
set forth below. Capitalized
terms not defined within this DSE shall have the meanings conferred to them in
the Agreement or the Data
Processing Addendum (“DPA”), as applicable.
In the case of any conflict or inconsistency between the
provisions of this DSE and the Agreement or the DPA with respect to the subject
matter herein, the terms
and provisions of this DSE shall control.
(A)
“
Coinbase System(s)
” means all hardware, software, infrastructure, networks, systems,
applications, platform, databases, computers, cloud environments, or other
equivalent
technologies that are owned, hosted, or managed by or on behalf of Coinbase.
(B)
“
Covered Data
” means, in any form, all Personal Data and other Coinbase confidential
information
or data that Vendor Processes in connection with the Agreement.
(C)
“
Safeguards
” means reasonable organizational, physical, technical, and administrative
controls
for Covered Data and Vendor Systems which are designed to ensure the
confidentiality, integrity,
availability of such Covered Data, the Services, and Vendor Systems and to
prevent Security
Incidents in relation to the foregoing.
(D)
“Security Contact”
means a specific or generic email inbox which is monitored by the Vendor
responsible for monitoring for Security Incidents.
(E)
“
Security Incident
” means an occurrence that actually or potentially jeopardizes the
confidentiality, integrity, or availability of Coinbase Systems or the Covered
Data or that constitutes
a violation or imminent threat of violation of security policies, security
procedures
, or acceptable
use policies.
(F)
“
Security Risk Assessment Artifacts
” means security due diligence questionnaires, third
-
party
security assessments, Vendor’s security policies and standards, penetration test
results, security
audit reports or security certifications, which may include but are not limited
to ISO 27001, PCI
DSS, SOC II, and III, SysTrust, Web Trust, or perimeter certifications.
(G)
“
Services
” for the purposes of this DSE means the development, launch, maintenance,
support
and improvement of Vendor Systems in accordance with the Agreement.
(H)
“
Vendor Parties
” means the Vendor, Vendor employees, subcontractors (i.e., any person or
entity, including any Vendor affiliate, engaged by Vendor in connection with
performing the
Services), and agents.
(I)
“
Vendor Systems
” means all hardware, software, infrastructure, networks, systems, applications,
platform, databases, computers, cloud environments, that are owned, controlled,
or operated by
or on behalf of Vendor or other equivalent technologies that Vendor owns, hosts
or manages in
order to provide the in
-
scope services to Coinbase and in order to meet all obligations set forth in
the Agreement, or that process or store Covered Data.
2.
Security
Governance


2
(A)
Security Program: Vendor will maintain a documented Information Security Program
that outlines
the program’s function, staffing of dedicated security personnel, management and
maintaining of
security operations, and commitment to protect the confidentialit
y, integrity, and availability of the
Vendor Systems.
(B)
Security Policy Governance:
i)
Vendor shall implement and maintain Safeguards. Such Safeguards shall, at a
minimum, be
commensurate with the type and amount of Covered Data processed by Vendor and
the nature
of the Services, shall meet or exceed industry standard security control framew
orks, and shall
apply to Covered Data and Coinbase Systems. Vendor represents and warrants that
it has
implemented and it shall maintain such Safeguards and a written information
security program
documenting such Safeguards.
ii)
Data Classification and Retention: Vendor will maintain a documented data
classification policy
with definitions and associated controls and restrictions by data
classification. Vendor will
maintain a documented data retention policy with defined time peri
ods and associated controls
in alignment with applicable local law and regulatory requirements as well as
Coinbase
requirements. Vendor shall delete Covered Data upon Agreement termination and
ensure all
data is destroyed in accordance with NIST SP 800
-
88
.
3.
Security Risk Management
(A)
Security Compliance:
i)
Required Artifacts: Vendor will maintain SOC 2 Type 2 audits and/or ISO
-
27001 certifications
during the term of the Agreement. Vendor will provide such certification and
associated
compliance reports to Coinbase during a security audit and will include all
relevant dates,
statement of applicability or attestation of the Vendor Systems in scope, all
Safeguard in scope
and tested, and all identified Safeguard, gaps or risks.
(B)
Security Risk Assessment: In addition to the audit rights set forth in the
Agreement and the DPA,
Vendor agrees, on an annual basis the timing of which is at Coinbase’s
discretion, to permit
Coinbase to audit Vendor’s Safeguards for Covered Data and Vendor
Systems which are
designed to ensure the Integrity of such Covered Data and the Vendor Systems.
Such security
audit shall include but may not be limited to submission of the Security Risk
Assessment Artifacts.
For avoidance of doubt, the parties acknowled
ge and agree as follows with respect to audits:
i)
Coinbase shall not be limited to audit rights after a Security Incident or after
any material
change to the Services.
ii)
Vendor shall provide Coinbase with all applicable Security Risk Assessment
Artifacts to
validate that Vendor has complied with its obligations under this DSE.
iii)
Vendor shall cooperate with Coinbase on any remediation planning requests to
correct material
risks or nonconformance to industry standard security controls frameworks
identified through
a security audit performed by Coinbase.
iv)
Coinbase may share Security Risk Assessment Artifacts and the results of any
Coinbase
security audit of Vendor with Coinbase regulators, relevant partners, or
institutional clients in
their assessment of Coinbase third party security risk management.
(C)
Vendor agrees that its responses and security controls attestation contained
with the Security Risk
Assessment Artifacts are and will be accurate and truthful. Any responses and
controls that are
degraded or removed without prior notification to Coinbase r
epresents a material breach of the







More Information Less Information
Close


Enter the password to open this PDF file:


Cancel Submit
File name:

-

File size:

-


Title:

-

Author:

-

Subject:

-

Keywords:

-

Creation Date:

-

Modification Date:

-

Creator:

-


PDF Producer:

-

PDF Version:

-

Page Count:

-

Close
Preparing document for printing...
0%
Cancel

By clicking “Agree”, you are indicating that you understand and agree to Data
Security Exhibit (DLA Piper (Canada) LLP with Coinbase, Inc.).


YOU'RE ALL SET

You'll receive an email confirming your acceptance shortly. Download Record

You just accepted an agreement using Clickwrap for CLM. What is clickwrap?


ACCEPTANCE OF THIS CONTRACT WAS DELEGATED SUCCESSFULLY.

The delegated signer should receive an email notification shortly.

Powered by Ironclad — The digital contracting platform loved by modern legal
teams.
Privacy Policy   |   Terms of Service

Rotate screen to sign
Type
Draw

Change Font

Done Signing Clear

Rotate screen to sign
Type

Change Font

Finished Clear


DELEGATE ACCEPTANCE

Email
Confirm Cancel


PLEASE ENTER YOUR SIGNATURE CODE


Signature Code
* Can't find your code? Resend Code Agree Cancel


CONFIRM REJECTION

Are you sure you want to reject ACTION REQUIRED: Coinbase Data Security Exhibit?
It will be void and inaccessible to all signers.
Reject Cancel

Today Clear

AT :
AM
PM

Done Cancel
What would you like to download?
Contract Record Download a record of this agreement with a cover page that shows
all parties.


Powered by Ironclad © 2013-2024 Ironclad, Inc.