Skip to Content

DORA Addendum

This DORA Addendum (the “Addendum”) supplements and is incorporated by reference into the LogicGate Master Service Agreement (“MSA”) between LogicGate and any Customer or Affiliates of the Customer (each as defined in the MSA) that orders or accesses any LogicGate offerings and which is a financial entity within the meaning of Article 2(1) DORA (such Customer and any of its Affiliates hereafter referred to as “FI Customer”). This Addendum implements the mandatory contractual provisions required by DORA as well as the associated regulatory technical standards required for the provision of the Services.

This Addendum is effective for the Term of the MSA provided that FI Customer remains a financial entity within the meaning of article 2(1) DORA. Terms defined in the LogicGate Master Service Agreement and applicable to the Service apply to this Addendum.

Customer may not:
1. Definitions

1.1. Capitalized terms used but not defined under clause 1.2 below, shall have the meaning given to them in (in order of prevalence) DORA or the MSA. References to clauses below are only to clauses of this Addendum.

1.2. The following definitions apply in this Addendum.

  • Data Protection Laws” means all data protection and privacy laws applicable to the Processing of Personal Data, and has under the Data Processing Addendum, including, without limitation, the GDPR.
  • FI Customer” means a Customer (as defined in the MSA), which is a financial entity within the meaning of article 2(1) DORA.
  • FI Customer Data” means Customer Data (as defined in the MSA) related to the FI Customer.
  • FI Customer Data Processing Locations” means the locations where FI Customer Data will be processed or stored, which locations are published on https://www.logicgate.com/subprocessors/.
  • FI Customer Service Locations” means the locations where LogicGate provides the Services to FI Customer published on https://www.logicgate.com/subprocessors.
  • Incident” means a single event or a series of linked events unplanned by LogicGate that compromises the security of its network and information systems, and have an adverse impact on (i) the availability, authenticity, integrity or confidentiality of FI Customer Data, or (ii) the Services. For avoidance of doubt, an Incident under this Addendum may also constitute a “Security Incident” as defined in the Data Processing Addendum, where FI Customer Data includes Personal Data.
  • Insolvency Event” in relation to a Party, means any of the following: (a) the appointment of an administrator (whether out of court or otherwise) against or for the winding up of the Party or an administration order or a winding up order is made against or a provisional liquidator appointed with respect to the Party, (b) an encumbrancer takes possession of all or any part of the business or assets of the Party, (c) the Party is unable to pay its debts as they fall due or the value of its assets is less than the amount of its liabilities or it suspends or threatens to suspend making payments with respect to all or any class of its debts, (d) the Party proposes or makes any composition or arrangement with, or any assignment for the benefit of, its creditors, or (e) anything analogous to any of the events described under (a) – (d) occurs under the laws of any applicable jurisdiction.
  • Regulator” means any regulatory authority which has responsibility for the supervision of insurance and/or reinsurance business and has jurisdiction over FI Customer.
  • Services” means one or more Services (as defined in the MSA) provided by LogicGate to the FI Customer.
  • Sub-processor” has the meaning given to it in the Data Processing Addendum.
2. Service Descriptions and Performance Monitoring

2.1. LogicGate acknowledges that the Services will be provided in the FI Customer Service Locations, FI Customer Data will only be processed and stored in the FI Customer Data Processing Locations.

2.2. LogicGate shall notify FI Customer at least 30 days in advance of planned location changes, except in emergency failover situations where LogicGate will notify FI Customer as soon as reasonably possible.

2.3. LogicGate shall notify FI Customer without undue delay and in any event within 48 hours on any development that might have a material impact on the LogicGate’s ability to effectively provide the Services in line with the terms and conditions of the MSA and/or LogicGate’s ability to comply with the requirements set out in this Addendum. Where an Incident constitutes a Security Incident under the Data Processing Addendum, the notification timelines in this Addendum shall apply for FI Customers.

3. Protection of FI Customer Data and operational resilience

3.1. The Parties acknowledge that the technical and organisational measures, information technology standards, tools and policies implemented by LogicGate are appropriate to ensure the protection, availability, authenticity, integrity and confidentiality of FI Customer Data (including personal and non-personal data) in accordance with applicable law, including Data Protections Laws and DORA and allow FI Customer to provide its services in compliance with applicable law, including Data Protections Laws and DORA. LogicGate shall maintain business continuity plans consistent with industry standards for SaaS providers.

3.2. In the event of an Insolvency Event of LogicGate or in the event of the termination of the MSA (regardless of the cause of termination), LogicGate shall provide to FI Customer or any incumbent supplier designated by FI Customer, any FI Customer Data (personal and non-personal) processed by LogicGate, in a standard export format (e.g., CSV, JSON) made available via LogicGate’s standard export tools, within 30 days.

3.3. When an Incident occurs, LogicGate shall as soon as reasonably possible inform FI Customer and upon request provide all necessary assistance to FI Customer. Support shall be provided for a period up to 10 hours annually. Any support in excess shall be charged at LogicGate’s then-current standard professional services rates. LogicGate will not incur costs exceeding $5,000 without prior written approval.

4. Cooperation with regulators

4.1. LogicGate shall fully cooperate with and fulfil any request from a Regulator or any person appointed by a Regulator to the extent such requests relate to the Services provided to FI Customer and subject to LogicGate’s confidentiality and security obligations.

5. Termination

5.1. Termination for material breach. Without prejudice to any termination provisions contained in the MSA, either party may terminate the MSA immediately, by notice in writing to the other party, where the other party is in material breach of any of its obligations under the MSA (including this Addendum) or under applicable law. Termination may occur if such breach is not capable of remedy or—where the breach is capable of remedy—if the breaching party fails to remedy the breach upon expiry of a remedy period notified in writing by the non-breaching party, which remedy period shall not be shorter than thirty (30) calendar days from the date the breaching party is notified of the breach in writing.

5.2. Termination required by Regulator. Upon a binding mandate given by a Regulator to terminate the MSA, FI Customer may terminate the MSA upon sixty (60) calendar days’ prior written notice unless a shorter notice period is required by the Regulator. FI Customer shall provide LogicGate with written evidence of the regulator mandate.

5.3. Conflicts. In the event of a conflict between this Addendum and the Master Services Agreement or Data Processing Addendum, this Addendum shall prevail solely to the extent required to comply with DORA. In all other respects, the Master Services Agreement and Data Processing Addendum shall control.

6. Training Participation.

Upon reasonable prior written request by FI Customer, no more than once in any calendar year, and subject to the availability of the relevant resources, LogicGate shall provide input for and reasonably participate in FI Customer’s ICT security awareness program and digital operational resilience training. Any costs associated with activities conducted by LogicGate shall be charged to FI Customer on a time and materials basis in accordance with the MSA.