Skip to Navigation
Introduction
This Digital Operational Resilience Addendum (the “Addendum“) forms an integral part of the Terms of Services available at https://mailtrap.io/terms/ and any incorporated documents, as amended from time to time (the “Terms of Services“), entered into by and between the Customer and Mailtrap (collectively, the “Parties” and each, a “Party“).
This Addendum applies to the Customer’s use of Mailtrap Services under the Terms of Services to the extent the Customer is a regulated entity subject to applicable regulations, including the Digital Operational Resilience Act (DORA), as further defined below.
1. Definition
1.1. Applicable Law: Refers to the Digital Operational Resilience Act (DORA), its implementing regulations, and any other laws, rules, or regulatory guidelines applicable to the Customer’s digital operational resilience.
1.2. Critical Services: Refers to the services provided by Mailtrap that are deemed essential to ensuring the Customer’s operational resilience and cybersecurity.
1.3. Resilience Measures: Refers to the processes, practices, and technical or organizational controls implemented by Mailtrap to comply with DORA and ensure the operational continuity and security of Critical Services.
1.4. Significant Incident: Refers to any cybersecurity breach, Critical Services interruption, or other event that may materially impact the availability, confidentiality, or integrity of Critical Services.
Capitalized terms used but not defined in this Addendum shall have the meanings assigned to them in the Terms of Services.
2. Scope of Addendum
This Addendum governs all Critical Services provided by Mailtrap to the Customer under the Terms of Services. In the event of any conflict between the provisions of this Addendum and the Terms of Services, the provisions of this Addendum shall prevail, solely to the extent of the conflict.
3. Mailtrap obligations
3.1. Operational Resilience
Mailtrap agrees to implement and maintain appropriate Resilience Measures to ensure the uninterrupted delivery of Critical Services. These measures shall include, but are not limited to:
- Business Continuity and Disaster Recovery (BCDR) Planning: Comprehensive plans to mitigate service disruptions.
- Cybersecurity Risk Management: Ongoing risk assessments and management practices to address emerging threats.
- Regular Testing: Routine testing of systems, controls, and processes to ensure resilience.
Incident Response Protocols: Procedures to detect, respond to, and recover from Significant Incidents.
3.2. Reporting Obligations
Mailtrap shall promptly notify the Customer of any Significant Incident and provide timely updates, including:
- Nature of the incident.
- Immediate measures were taken to mitigate the incident.
- Ongoing steps to prevent recurrence.
4. Testing and Monitoring
4.1. Regular Testing
Mailtrap shall conduct regular testing of its Resilience Measures, including penetration testing, vulnerability assessments, and other controls, as required by DORA or other Applicable Laws.
4.2. Testing Summaries
Upon reasonable written request, Mailtrap shall provide the Customer with summaries of penetration testing results to demonstrate compliance with applicable resilience requirements.
5. Subcontractors
5.1. Subcontractor List
An up-to-date list of Mailtrap’s subcontractors and their locations is available at https://mailtrap.io/sub-processors/. This list will be maintained and updated as necessary.
6. Recordkeeping and Audits
6.1. Record Maintenance
Mailtrap shall maintain comprehensive records of all activities, controls, and incidents related to the delivery of Critical Services.
6.2. Customer Audits
Mailtrap agrees to cooperate with reasonable audit requests from the Customer to verify compliance with this Addendum and DORA. Audits shall:
- Be conducted no more than once annually, except in the event of a Significant Incident or regulatory requirement.
- Be carried out with reasonable notice, but no less than 30 (thirty) calendar days prior to the desirable date of audit, and during Mailtrap’s standard business hours.
- Be subject to appropriate confidentiality obligations.
Audit costs shall be borne by the Customer unless otherwise agreed in writing.
7. Incident Reporting and Response
7.1. Significant Incident Notification
Mailtrap shall promptly notify the Customer in writing upon identifying any Significant Incident.
7.2. Collaboration
Mailtrap shall work collaboratively with the Customer to address and resolve any Significant Incident.
8. Termination Rights
8.1. Termination for Material Breach
The Customer may terminate the Terms of Services or any Critical Services governed by this Addendum if Mailtrap or any its subcontractors or sub-processors materially breaches its obligations under this Addendum and fails to remedy such breach within thirty (30) days of receiving written notice.
9. Limitation of Liability
In no event, the total liability of Mailtrap under this Addendum shall not exceed the liability cap set forth in the Terms of Services.
10. Governing Law and Dispute Resolution
This Addendum shall be governed by and construed in accordance with the governing law specified in the Terms of Services. Disputes arising from this Addendum shall be resolved in accordance with the dispute resolution provisions of the Terms of Services.
11. Miscellaneous
11.1. Amendments
Mailtrap reserves the right to update and change this Addendum at any time. When such changes are made, we will publish the latest version of the Addendum on our website and update the Last Updated date on the top left corner. By continuing to use or log in to the Service after the Addendum has changed, You indicate Your agreement to the revised Addendum. If You do not agree to these changes, You can stop using the Service at any time.
11.2. Severability
If any provision of this Addendum is found to be invalid or unenforceable, the remaining provisions shall remain in full force and effect.
11.3. Entire Agreement
This Addendum, together with the Terms of Services, constitutes the entire agreement between the Parties regarding digital operational resilience.
