Matterport Data Processing Addendum
Last updated: April 1, 2022
Matterport has pre-signed a copy of our Data Processing Addendum (“DPA”) and accompanying Standard Contractual Clauses (“SCCs”).
Key features of our DPA include:
- CCPA. We are dedicated to ensuring that our services continue to comply with the applicable provisions of the CCPA, and that our privacy and security measures are meeting or exceeding industry standard practices. To account for CCPA, our DPA includes: (a) definitions which are mapped to CCPA; (b) applicable access and deletion rights; and (c) warranties that Matterport will not sell our users’ personal information.
- GDPR and UK GDPR. Our DPA incorporates GDPR (and UK GDPR) focused data privacy protections, including: (a) data processing details, sub-processor disclosures, and other terms as required under Article 28; (b) the revised 2021 SCCs to permit lawful transfer of ‘personal data’ under Chapter 5; (c) the 2022 UK Addendum which maps definitions and other key provisions of the UK GDPR to the GDPR; and (d) the incorporation by reference of Matterport’s technical and organizational measures documentation.
- Standard Contractual Clauses. The SCCs are standardized contractual terms, recognized, and adopted by the European Commission, drafted to help ensure that any personal data leaving the EEA will be transferred in compliance with EU data-protection law. Matterport’s DPA offers customers the latest SCCs, issued by the European Commission on June 4, 2021, that make specific guarantees around transfers of personal data for in-scope Matterport’s services. We also include the Addendum issued by the UK Information Commissioner’s Office in accordance with s119A of the Data Protection Act 2018 on February 2, 2022, as it is revised under Section 18 of such addendum, effective March 21, 2022. The SCCs helps ensure that Matterport customers can freely move data from the EEA to the rest of the world.
- International Data Transfers and Supplemental Measures. Matterport has designed its privacy and security programs to ensure an appropriate level of data protection and has outlined the supplemental measures and safeguards for transfers of personal data outside of the European Union, European Economic Area, and the United Kingdom.