GDPR AMC SAAS AND HOSTED MODULES. UK version. AMC Consult A/S June 26, 2018 Version 1.10

Size: px
Start display at page:

Download "GDPR AMC SAAS AND HOSTED MODULES. UK version. AMC Consult A/S June 26, 2018 Version 1.10"

Transcription

1 GDPR AMC SAAS AND HOSTED MODULES UK version AMC Consult A/S June 26, 2018 Version 1.10

2 INDEX 1 Signatures General Definitions Scoping In scope Responsibilities of the data processor Responsibilities of the data controller Using Sub processors and data transfer Security Access to audit Duration and termination General terms Changes Liability Law and jurisdiction Force majeure Definitions of personal data Categories of none sensitive personal data processed under the agreement Categories of none sensitive personal data Categories of Sensitive Personal Data which are processed under this agreement GDPR for SAAS and Hosted Modules at AMC 2

3 1 SIGNATURES AMC-Consult A/S Signature: Date: Signed by: Peter Makki, CEO Company (Name) Signature: Date: Signed by: (Name / Title in capital letters) Company contact person(s) Contact 1: 1: Contact 2: 2: (Please use capital letters) GDPR for SAAS and Hosted Modules at AMC 3

4 2 GENERAL AMC hereby makes data processing agreement that is the basis for processing personal data when you are an AMC customer. The parties are hereinafter referred to as customer the "Data Controller" and AMC as the "Data Processor" and "Party" or "Parties". If you use the AMC software, the controller will be responsible for the processing of personal data in the application. The data processor will process personal data on behalf of the data Controller. To ensure that the parties comply with their obligations in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council ("GDPR"), the Parties have entered into data processing agreements ("the Agreement") which provides instructions from the controller to data processor, thus regulating the processing of personal data by the data processor on behalf of the controller. Both Parties confirm that they are authorized to sign the Agreement. The processor as well processes Personal Data in accordance with the AMC s privacy policy. It applies to the entire Agreement and in the relationship between the Data Controller and the Data Processor that claims arising from the GDPR described in this agreement and which do not comply with current legislation will not apply until 25 May 2018, where the GDPR applies. GDPR for SAAS and Hosted Modules at AMC 4

5 3 DEFINITIONS The definition of personal information, special categories of Data (Sensitive Information), processing, the data subject, the Data controller and Data processor is the same as the relevant privacy legislation, including GDPR. The agreement governs the Data Processor's Processing of Personal Data on behalf of the Data Controller and describes how the Data Processor will help protect privacy on behalf of the Data Controller and its Data Subjects through the technical and organizational measures required under the applicable data protection legislation, including the GDPR from 25. May The purpose of the Data Processor's Processing of Personal Data on behalf of the Data Controller is to ensure the Data Controller's use of the Application and the fulfillment of this Agreement. The agreement takes precedence over other conflicting provisions relating to the processing of personal data as regards terms of use of the Application or in any other agreement between the Parties. The agreement is valid as long as the Data Controller subscribes to the AMC SAAS, and the Data Processor must therefore process Personal Data on behalf of the Data Controller. However, the agreement does not take precedence if the Parties have concluded another data processing agreement, stating that the data processing agreement takes precedence over this Agreement. GDPR for SAAS and Hosted Modules at AMC 5

6 4 SCOPING 4.1 IN SCOPE Unless you are using AMC modules on prem the GDPR agreement is in scope. GDPR for SAAS and Hosted Modules at AMC 6

7 5 RESPONSIBILITIES OF THE DATA PROCESSOR The data processor must process personal data only on behalf of and on the basis of the data controller's instructions. By concluding this Agreement, the responsible entity accountable for data processing, commissions the processing of personal data in the following ways: * in accordance with applicable law * to fulfill the obligations arising from the subscription terms for the Application * in a manner more defined by the normal use of the Application by the Data Controller * as described in this Agreement As part of providing the Application, the Data Processor is obliged at all times to provide the Data Controller with good and competitive solutions that accompany the development. The data processor can offer better solutions that are tailored to the needs of the Data Controller by registering how the Data Controller and its representatives use the Application. This makes the Data Processor in order to make a better version of the Application and generally provide better services and provide more relevant communication to the Data Controller and its representatives. The goal is for Data Controller to solve as many challenges as possible in one place. To the extent that personal data from the Application form part of this work, they are processed in accordance with this Agreement and applicable law and may be shared with companies in the AMC for this purpose. The Data Controller has no reason to believe that applicable law prevents the Data Controller from following the instructions reproduced above. If this becomes aware, the Data Processor shall provide the Data Controller a notice of instructions or other Processing Activities performed by the Data Controller, which, in the view of the Data Processor, violates the applicable data protection legislation. The Categories of Registered and Personal Data Processed under this Agreement are described in chapter 5. Taking into account the available technology and the cost of implementation, as well as the scope, context and purpose of the Process, the Data Processor is required to take all reasonable measures, including technical and organizational, to ensure a sufficient level of security in relation to the risk and the category of Personal Data to be protected. Data Processor will assist the controller with appropriate technical and organizational measures as possible and taking into account the nature and category of information that GDPR for SAAS and Hosted Modules at AMC 7

8 is available for Data processor, in order to ensure compliance with the obligations of the controller in accordance with applicable Data protection legislation, including assistance in relation to the fulfilment of the requests by data subjects and general compliance with the provisions of the GDPR Articles The Data Processor shall notify the Data Controller without undue delay via a contact person specified in the Data Processing Agreement if the Data Processor becomes aware of a security shortage. In addition, the Data Processor shall, as far as possible and legally, inform the Data Controller if: * A request for insight into Personal Information is received directly from the Data Subject * A request for insight into Personal Data is received directly from government agencies, including the police. The Data Processor may not respond to such requests from data subject, unless authorized by the Data Controller to do so. The data processor will also not disclose information about this Agreement to governmental authorities such as the police, including Personal Data unless the Data Processor is required by law, such as a court order or similar. If the Data Controller requires information or assistance regarding security, documentation or information about how the Data Processor Processes Personal Data generally and such request contains information that goes beyond what is required by applicable Data Protection Law, the Data Processor may require payment for such additional services. The data processor and its employees shall ensure confidentiality in relation to Personal Data processed under the Agreement. This provision shall also apply after termination of the Agreement. GDPR for SAAS and Hosted Modules at AMC 8

9 6 RESPONSIBILITIES OF THE DATA CONTROLLER The Data Controller confirms after conclusion of this contract that: * The Data Controller shall use the application provided by the Data Processor to only process personal data in accordance with the requirements of the applicable Data protection law. * The Data controller has a legal basis to process and disclose personal data to a Data processor (including Sub processor which Data Processor uses). * The Data Controller is responsible for the accuracy, the integrity, credibility and the lawfulness of the personal data processed by the data processor. * The Data Controller has fulfilled all mandatory requirements and duties in relation to notification to, or obtaining permission from, the relevant public authorities as regards the Processing of Personal Data. * The Data Controller has fulfilled his disclosure obligations to the Data Subject regarding the processing of Personal Data in accordance with applicable data protection legislation. * The controller agrees that Data Processor have given the appropriate assurances in respect of the implementation of the technical and organizational security measures to safeguard the data subjects ' rights and their personal data. * When using the Application, the Data Controller shall not process Sensitive Information, unless specified in chapter 12 to this Agreement. * The Data Controller must have an updated list of the categories of Personal Data it treats, especially if such treatment differs from the categories of information listed in chapter 12. GDPR for SAAS and Hosted Modules at AMC 9

10 7 USING SUB PROCESSORS AND DATA TRANSFER As part of the operation of the Application, the Data Processor uses subcontractors ("Sub processors"). Such Sub processors may be other companies within the AMC group to which AMC is a part or third-party supplier within and outside the EU / EEA. The data provider's subcontractors will be listed on AMC website in a list of Sub processors. (Currently there is no, but there may be some in the future. Be aware that some banks the data controller may transfer payment files to can contain information mentioned in the chapter 12) The data processor must ensure that its Sub processor is subject to the corresponding obligations and requirements described in the Agreement. All use of Sub processors is also subject to the AMC Privacy Statement. This agreement constitutes the controller prior general and specific written approval of the Data Processor's Use of Sub processors. If a Sub processor or Personal Data is respectively established outside or is stored outside of the EU / EEA, the Data Processor provides authorization to ensure a sufficient basis for transferring Personal Data to a third country on behalf of the Data Controller, using the EU Commission Standard Contracts. The Data controller must be informed before the Data Processor replaces its Sub processor. However, the Data Controller is only entitled to protest against a new Sub processor who processes Personal Data on behalf of the Data Controller if it does not process data in accordance with applicable data protection legislation. In such a situation, the Data Processor shall demonstrate compliance by giving the Data Controller access to the Data Processor's data protection assessment by the Data Processor. If there is still disagreement about the use of the Sub processor, the Data controller may terminate its subscription to the Application, including with a shorter notice than usual, to ensure that the Data Controller's Personal Information is not processed by the appropriate Sub processor. GDPR for SAAS and Hosted Modules at AMC 10

11 8 SECURITY The data processor is required to ensure a high level of security in its products and services, which is ensured by relevant organizational, technical and physical security measures required by information about security measures as described in article 32 GDPR. In addition, the AMC internal data protection policies aim at ensuring confidentiality, integrity, resilience and access to Personal Data. The following measures are particularly important: * Classification of Personal Data to ensure implementation of security measures relevant to risk assessments. * Assessment of encryption and pseudonymizing as risk mitigating factors * Assessment of anonymizing as risk mitigating factors * Limit access to personal data to the relevant persons to comply with the requirements and obligations of the agreement or in accordance with the parties ' agreement on the use of the application. * Operation and implementation of systems that can detect, restore, respond and report events related to Personal Data. * Identify the security structure and how to transfer Personal Data between the Parties. * Carry out assessment of own security level in order to ensure that the current technical and organizational measures are adequate for the protection of personal data in accordance with article 32 on the security of processing as well as GDPR article 25. GDPR for SAAS and Hosted Modules at AMC 11

12 9 ACCESS TO AUDIT The Data Controller is entitled to initiate a review of the Data Processor's obligations under the Agreement once a year. If the Data Controller is required to do so under applicable legislation, audits may be repeated more often. The Data controller must provide a detailed audit plan with a description of the scope, duration and start date at least four weeks prior to the proposed start date. It must be decided jointly between the Parties if a third party is to conduct the audit. However, the Data Controller may allow the Data Processor to conduct the security review by a neutral third party after the Data Processor's choice, if it is a processing environment where multiple data controller data is used. If the proposed scope of the audit follows an ISAE, ISO or similar certification report conducted by a qualified third-party auditor within the previous twelve months and the Data Processor confirms that there have been no material changes in the measures under review, it shall Data controllers accept this review instead of requesting a new review of the measures already covered. In any case, audits must take place during normal office hours on the relevant facility in accordance with the Data Processor policies and may not unreasonably interfere with the Data Processor's usual commercial activities. The Data Controller is responsible for all costs in connection with the request for audit. The Data processor s assistance in connection therewith, which exceeds the regular service, are billed separately. GDPR for SAAS and Hosted Modules at AMC 12

13 10 DURATION AND TERMINATION The agreement is valid as long as the Data Processor Processes Personal Data on behalf of the Data Controller in connection with the Data Controller's use of the Application. This Agreement will automatically terminate at the end of the Data Controller's termination period in relation to Application Subscription. Upon termination of the subscription, the Data Processor will delete all Personal Data that the Data Processor has processed on behalf of the Data controller under the Agreement. If the Data Controller requests data retrieval assistance, the associated costs shall be covered by the Data controller and will be based on: * hourly rates for the Data Processor's time spent * the complexity of the requested process and * the chosen format. The Data Processor is entitled to retain Personal Data after termination of the Agreement to the extent required by applicable law, which in such case will be in accordance with the technical and organizational safeguards described in the Agreement. GDPR for SAAS and Hosted Modules at AMC 13

14 11 GENERAL TERMS 11.1 CHANGES Changes to the Agreement must be enclosed in a separate amendment to the Agreement. If any of the provisions of the Agreement are invalid, this will not affect the remaining provisions. The parties shall replace invalid provisions with a legal provision that reflects the purpose of the invalid provision LIABILITY Liability for actions contrary to the provisions of this Agreement is governed by liability stated in the General Terms for Supply of Software and Consultancy Services Agreement found here. This also applies to any violation by the Data Processor Sub processors LAW AND JURISDICTION Law and jurisdiction is governed by the General Terms for Supply of Software and Consultancy Services Agreement found here FORCE MAJEURE Force majeure is governed by the General Terms for Supply of Software and Consultancy Services Agreement found here. GDPR for SAAS and Hosted Modules at AMC 14

15 12 DEFINITIONS OF PERSONAL DATA 12.1 CATEGORIES OF NONE SENSITIVE PERSONAL DATA PROCESSED UNDER THE AGREEMENT 1. Categories of Data Subjects 2. The Data Controller s end users 3. The Data Controller s staff (salary payments) 12.2 CATEGORIES OF NONE SENSITIVE PERSONAL DATA 1. Name 2. Title 3. Phone number Address 6. Bank account number (only for personal bank transfers) 12.3 CATEGORIES OF SENSITIVE PERSONAL DATA WHICH ARE PROCESSED UNDER THIS AGREEMENT Data processor on behalf of the Data controller must deal with one or more of the following information about: 1. CPR number via nem konto (only for easy account transfers in DK) GDPR for SAAS and Hosted Modules at AMC 15

Data Processing Agreement

Data Processing Agreement In accordance with the European Parliament- and Council s Directive (EU) 2016/679 of 27th April 2016 (hereinafter GDPR) on the protection of physical persons in connection with the processing of personal

More information

Data Processing Agreement

Data Processing Agreement Data Processing Agreement Merchant (the "Data Controller") and Nets (the "Data Processor") (separately referred to as a Party and collectively the Parties ) have concluded this DATA PROCESSING AGREEMENT

More information

Data Processing Clauses

Data Processing Clauses Data Processing Clauses The examples of processing clauses below are proposed pending the adoption of standard contractual clauses within the meaning of Article 28.8 of general data protection regulation.

More information

Data Processor Agreement

Data Processor Agreement Data Processor Agreement Data Controller: Customer located within the EU (the Data Controller ) and Data Processor: European Representative Company: ONE.COM (B-one FZ-LLC) One.com A/S Reg.no. Reg.no. 19.958

More information

Data Processing Agreement

Data Processing Agreement Data Processing Agreement Addendum to the Main Contract between Simonsen Chartering Aps Christiansmindevej 74 CBR no.: 20702206 (hereinafter referred to as the Shipping Company ) and 3 rd party processing

More information

DATA PROCESSING TERMS

DATA PROCESSING TERMS DATA PROCESSING TERMS Safetica Technologies s.r.o. These Data Processing Terms (hereinafter the Terms ) govern the rights and obligations between the Software User (hereinafter the User ) and Safetica

More information

"PPS" is Private Practice Software as developed and produced by Rushcliff Ltd.

PPS is Private Practice Software as developed and produced by Rushcliff Ltd. Rushcliff Ltd Data Processing Agreement This Data Processing Agreement ( DPA ) forms part of the main terms of use of PPS, PPS Express, PPS Online booking, any other Rushcliff products or services and

More information

Data Processing Agreement for Oracle Cloud Services

Data Processing Agreement for Oracle Cloud Services Data Processing Agreement for Oracle Cloud Services Version January 12, 2018 1. Scope, Order of Precedence and Term 1.1 This data processing agreement (the Data Processing Agreement ) applies to Oracle

More information

SHELTERMANAGER LTD CUSTOMER DATA PROCESSING AGREEMENT

SHELTERMANAGER LTD CUSTOMER DATA PROCESSING AGREEMENT SHELTERMANAGER LTD CUSTOMER DATA PROCESSING AGREEMENT AGREEMENT DATED [ ] BETWEEN: (1) SHELTERMANAGER LTD and (2) [ ] ( The Customer ) BACKGROUND (A) (B) (C) This Agreement is to ensure there is in place

More information

Data Processing Agreement DPA

Data Processing Agreement DPA Data Processing Agreement DPA between Clinic Org. no. «Controller». and Calpro AS Org. nr. 966 291 281. «Processor» If the parties have executed a Data Management Agreement, the Date Management Agreement

More information

Data Processing Agreement

Data Processing Agreement Data Processing Agreement This Data Processing Agreement ( the Agreement or DPA ) constitutes the obligations for TwentyThree ApS Sortedam Dossering 5D 2200 Copenhagen N Denmark (hereinafter The Data Processor

More information

DATA PROCESSING AGREEMENT

DATA PROCESSING AGREEMENT DATA PROCESSING AGREEMENT This Data Processing Agreement ( DPA ) is entered into between: A. The company stated in the Subscription Agreement (as defined below) ( Data Controller ) and B. Umbraco A/S Haubergsvej

More information

Data Protection. Code of Conduct for Cloud Infrastructure Service Providers

Data Protection. Code of Conduct for Cloud Infrastructure Service Providers Data Protection Code of Conduct for Cloud Infrastructure Service Providers 27 JANUARY 2017 Introduction... 3 1 Structure of the Code... 5 2 Purpose... 6 3 Scope... 7 4 Data Protection Requirements... 9

More information

DATA PROTECTION POLICY THE HOLST GROUP

DATA PROTECTION POLICY THE HOLST GROUP DATA PROTECTION POLICY THE HOLST GROUP INTRODUCTION The purpose of this document is to provide a concise policy regarding the data protection obligations of The Holst Group. The Holst Group is a data controller

More information

Data Processing Agreement

Data Processing Agreement Data Processing Agreement between The Data Controller Name Address Postcode and city Country and The Data Processor Idha Sweden AB Norra vägen 28 856 50 Sundsvall Sweden] Page 1 of 15 1 Content 2 Data

More information

German Data Processing Addendum MailChimp

German Data Processing Addendum MailChimp Customer EU Data Processing Addendum This Data Processing Addendum ("DPA"), forms part of the Agreement between The Rocket Science Group LLC d/b/a MailChimp ("MailChimp") and CK Coaching Köln ("Customer")

More information

HPE DATA PRIVACY AND SECURITY

HPE DATA PRIVACY AND SECURITY ARUBA, a Hewlett Packard Enterprise company, product services ( Services ) This Data Privacy and Security Agreement ("DPSA") Schedule governs the privacy and security of Personal Data by HPE in connection

More information

Individual Agreement. commissioned processing

Individual Agreement. commissioned processing Individual Agreement commissioned processing (in the following: AGREEMENT) Between 1. - Address owner / Controller - and 2. - Service provider / Processor - As of: 09/2017, Page 2 of 12 The following provisions

More information

Emsi Privacy Shield Policy

Emsi Privacy Shield Policy Emsi Privacy Shield Policy Scope The Emsi Privacy Shield Policy ( Policy ) applies to the collection and processing of Personal Data that Emsi obtains from Data Subjects located in the European Union (

More information

DATA PROCESSING AGREEMENT

DATA PROCESSING AGREEMENT DATA PROCESSING AGREEMENT HIRINGBOSS HOLDINGS PTE LTD This DPA is entered into between the Controller and the Processor and is incorporated into and governed by the terms of the Agreement. 1. Definitions

More information

BHBIA New Data Protection Rules. Pharma Company Perspective. Guy Murray Director, Market Research & Analytics, GC&BI MR Operations and Compliance, MSD

BHBIA New Data Protection Rules. Pharma Company Perspective. Guy Murray Director, Market Research & Analytics, GC&BI MR Operations and Compliance, MSD BHBIA New Data Protection Rules Pharma Company Perspective Guy Murray Director, Market Research & Analytics, GC&BI MR Operations and Compliance, MSD Pharma Company Perspective Data Controllers Responsibilities

More information

Customer EU Data Processing Addendum

Customer EU Data Processing Addendum From: MailChimp Legal Team To: TC - Info - Heart of the City Subject: MailChimp Data Processing Addendum Date: 10 May 2018 13:15:11 Attachments: ATT00001.png Customer EU Data Processing Addendum This Data

More information

Within the meanings of applicable data protection law (in particular EU Regulation 2016/679, the GDPR ):

Within the meanings of applicable data protection law (in particular EU Regulation 2016/679, the GDPR ): Privacy Policy Introduction Ikano S.A. ( Ikano ) respects your privacy and is committed to protect your Personal Data by being compliant with this privacy policy ( Policy ). In addition to Ikano, this

More information

Bend Mailing Services, LLC, dba BMS Technologies ( us, we, or our ) operates the website (the Service ).

Bend Mailing Services, LLC, dba BMS Technologies ( us, we, or our ) operates the   website (the Service ). Privacy Policy online-billpay.com Effective date: May 18, 2018 Bend Mailing Services, LLC, dba BMS Technologies ( us, we, or our ) operates the https://www.online-billpay.com/ website (the Service ). This

More information

Eco Web Hosting Security and Data Processing Agreement

Eco Web Hosting Security and Data Processing Agreement 1 of 7 24-May-18, 11:50 AM Eco Web Hosting Security and Data Processing Agreement Updated 19th May 2018 1. Introduction 1.1 The customer agreeing to these terms ( The Customer ), and Eco Web Hosting, have

More information

PS Mailing Services Ltd Data Protection Policy May 2018

PS Mailing Services Ltd Data Protection Policy May 2018 PS Mailing Services Ltd Data Protection Policy May 2018 PS Mailing Services Limited is a registered data controller: ICO registration no. Z9106387 (www.ico.org.uk 1. Introduction 1.1. Background We collect

More information

Workday s Robust Privacy Program

Workday s Robust Privacy Program Workday s Robust Privacy Program Workday s Robust Privacy Program Introduction Workday is a leading provider of enterprise cloud applications for human resources and finance. Founded in 2005 by Dave Duffield

More information

Q&A for Citco Fund Services clients The General Data Protection Regulation ( GDPR )

Q&A for Citco Fund Services clients The General Data Protection Regulation ( GDPR ) Q&A for Citco Fund Services clients The General Data Protection Regulation ( GDPR ) May 2018 Document Classification Public Q&A for Citco Fund Services clients in relation to The General Data Protection

More information

TERMS AND CONDITIONS FOR THE USE OF THE WEBSITE AND PRIVACY POLICY

TERMS AND CONDITIONS FOR THE USE OF THE WEBSITE AND PRIVACY POLICY TERMS AND CONDITIONS FOR THE USE OF THE WEBSITE AND PRIVACY POLICY Trademarks-Intellectual Property Rights Xtrade BLZ (hereinafter called the Company or we or us) is the owner of the Copyright in the pages

More information

PRIVACY POLICY PRIVACY POLICY

PRIVACY POLICY PRIVACY POLICY PRIVACY POLICY 1 A. GENERAL PART 1.1. COLLECTION AND PROCESSING OF USER DATA Within the scope of the availability of the website hosted in www.alpinushotel.com and of the services and communications made

More information

Version 1/2018. GDPR Processor Security Controls

Version 1/2018. GDPR Processor Security Controls Version 1/2018 GDPR Processor Security Controls Guidance Purpose of this document This document describes the information security controls that are in place by an organisation acting as a processor in

More information

CD STRENGTH LLC. A MASSACHUSETTS, USA BASED COMPANY

CD STRENGTH LLC. A MASSACHUSETTS, USA BASED COMPANY CD STRENGTH LLC. A MASSACHUSETTS, USA BASED COMPANY PRIVACY POLICY This Privacy Policy will be effective as of May 23, 2018 for all new users and users in EU and EEA member countries. For all other users,

More information

UWTSD Group Data Protection Policy

UWTSD Group Data Protection Policy UWTSD Group Data Protection Policy Contents Clause Page 1. Policy statement... 1 2. About this policy... 1 3. Definition of data protection terms... 1 4. Data protection principles..3 5. Fair and lawful

More information

GDPR Processor Security Controls. GDPR Toolkit Version 1 Datagator Ltd

GDPR Processor Security Controls. GDPR Toolkit Version 1 Datagator Ltd GDPR Processor Security Controls GDPR Toolkit Version 1 Datagator Ltd Implementation Guidance (The header page and this section must be removed from final version of the document) Purpose of this document

More information

IBM Sterling B2B Services File Transfer Service

IBM Sterling B2B Services File Transfer Service Service Description IBM Sterling B2B Services File Transfer Service This Service Description describes the Cloud Service IBM provides to Client. Client means the company and its authorized users and recipients

More information

Rules for Commissioned Processing. (DDV Declaration of Conformity)

Rules for Commissioned Processing. (DDV Declaration of Conformity) Rules for Commissioned Processing (DDV Declaration of Conformity) Service provider (in the following Service Provider) Representative Street name and number Postal code, place E-mail address Website Version:

More information

Secure Messaging Mobile App Privacy Policy. Privacy Policy Highlights

Secure Messaging Mobile App Privacy Policy. Privacy Policy Highlights Secure Messaging Mobile App Privacy Policy Privacy Policy Highlights For ease of review, Everbridge provides these Privacy Policy highlights, which cover certain aspects of our Privacy Policy. Please review

More information

1 About GfK and the Survey What are personal data? Use of personal data How we share personal data... 3

1 About GfK and the Survey What are personal data? Use of personal data How we share personal data... 3 Privacy Notice For ad-hoc CAWI (without target list) V1.0 June 4, 2018 Contents 1 About GfK and the Survey... 2 2 What are personal data?... 2 3 Use of personal data... 2 4 How we share personal data...

More information

Fabric Data Processing and Security Terms Last Modified: March 27, 2018

Fabric Data Processing and Security Terms Last Modified: March 27, 2018 Fabric Data Processing and Security Terms Last Modified: March 27, 2018 The customer agreeing to these terms ( Customer ), and Google LLC (formerly known as Google Inc.), Google Ireland Limited, Google

More information

It applies to personal information for individuals that are external to us such as donors, clients and suppliers (you, your).

It applies to personal information for individuals that are external to us such as donors, clients and suppliers (you, your). Our Privacy Policy 1 Purpose Mission Australia is required by law to comply with the Privacy Act 1988 (Cth) (the Act), including the Australian Privacy Principles (APPs). We take our privacy obligations

More information

Data Processing Amendment to Google Apps Enterprise Agreement

Data Processing Amendment to Google Apps Enterprise Agreement Data Processing Amendment to Google Apps Enterprise Agreement The Customer agreeing to these terms ( Customer ) and Google Inc., Google Ireland, or Google Asia Pacific Pte. Ltd. (as applicable, Google

More information

Website Privacy Policy

Website Privacy Policy Website Privacy Policy 1 Introduction This Policy applies to the following companies: Navios Ship Management Inc, Navios Tankers Management Inc., Navios Corporation, Navios Containers Management Inc.,

More information

Plan a Pragmatic Approach to the new EU Data Privacy Regulation

Plan a Pragmatic Approach to the new EU Data Privacy Regulation AmChamDenmark event: EU Compliant & Cyber Resistant Plan a Pragmatic Approach to the new EU Data Privacy Regulation Janus Friis Bindslev, Partner Cyber Risk Services, Deloitte 4 February 2016 Agenda General

More information

EU GDPR & ISO Integrated Documentation Toolkit https://advisera.com/eugdpracademy/eu-gdpr-iso integrated-documentation-toolkit

EU GDPR & ISO Integrated Documentation Toolkit https://advisera.com/eugdpracademy/eu-gdpr-iso integrated-documentation-toolkit EU GDPR & https://advisera.com/eugdpracademy/eu-gdpr-iso-27001-integrated-documentation-toolkit Note: The documentation should preferably be implemented in the order in which it is listed here. The order

More information

Privacy Policy. Data Controller - the entity that determines the purposes, conditions and means of the processing of personal data

Privacy Policy. Data Controller - the entity that determines the purposes, conditions and means of the processing of personal data Privacy Policy Datacenter.com (referred to as we, us, our, Datacenter or the Company ) is committed to protecting your privacy and handling your data in an open and transparent manner. The personal data

More information

ACCOUNTING TECHNICIANS IRELAND DATA PROTECTION POLICY GENERAL DATA PROTECTION REGULATION

ACCOUNTING TECHNICIANS IRELAND DATA PROTECTION POLICY GENERAL DATA PROTECTION REGULATION ACCOUNTING TECHNICIANS IRELAND DATA PROTECTION POLICY GENERAL DATA PROTECTION REGULATION Document Control Owner: Distribution List: Data Protection Officer Relevant individuals who access, use, store or

More information

Building Information Modeling and Digital Data Exhibit

Building Information Modeling and Digital Data Exhibit Document E203 2013 Building Information Modeling and Digital Data Exhibit This Exhibit dated the day of in the year is incorporated into the agreement (the Agreement ) between the Parties for the following

More information

have concluded the following data processing agreement (hereinafter the Data Processing Agreement or this Agreement ):

have concluded the following data processing agreement (hereinafter the Data Processing Agreement or this Agreement ): DATA PROCESSING AGRE EMENT Between [Firm] [Address] [Postal code and city] [VAT no. ] (hereinafter the Data Controller ) and TimeLog A/S Vesterbrogade 149, building. 4, 1. 1620 Copenhagen V VAT no. 25

More information

HF Markets SA (Pty) Ltd Protection of Personal Information Policy

HF Markets SA (Pty) Ltd Protection of Personal Information Policy Protection of Personal Information Policy Protection of Personal Information Policy This privacy statement covers the website www.hotforex.co.za, and all its related subdomains that are registered and

More information

PRIVACY POLICY FOR THE LIDC 2018 INTERNATIONAL CONGRESS

PRIVACY POLICY FOR THE LIDC 2018 INTERNATIONAL CONGRESS PRIVACY POLICY FOR THE LIDC 2018 INTERNATIONAL CONGRESS This privacy policy ("Privacy Policy") is intended for natural person participants, speakers and their accompanying persons and contact persons whose

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Data Protection Policy Version 3.00 May 2018 For more information, please contact: Technical Team T: 01903 228100 / 01903 550242 E: info@24x.com Page 1 The Data Protection Law...

More information

BUZCOIN TOKENS SALE PRIVACY POLICY. Last updated:

BUZCOIN TOKENS SALE PRIVACY POLICY. Last updated: BUZCOIN TOKENS SALE PRIVACY POLICY Last updated: 20.10.2018 STATUS AND ACCEPTANCE OF PRIVACY POLICY 1. This Privacy Policy (hereinafter referred to as the Policy ) sets forth the general rules of Participant

More information

General Data Protection Regulation (GDPR)

General Data Protection Regulation (GDPR) BCD Travel s Response to the EU General Data Protection Regulation (GDPR) November 2017 Page 1 Response to the EU GDPR Copyright 2017 by BCD Travel N.V. All rights reserved. November 2017 Copyright 2017

More information

Reference Offer for Wholesale Roaming Access

Reference Offer for Wholesale Roaming Access Reference Offer for Wholesale Roaming Access Published on the grounds of Article 3 of Regulation (EU) No 531/2012 of the European Parliament and the Council of 13 June 2012 Whereas, Regulation (EU) No

More information

MASTERCARD PRICELESS SPECIALS INDIA PRIVACY POLICY

MASTERCARD PRICELESS SPECIALS INDIA PRIVACY POLICY Effective Date: 12 September 2017 MASTERCARD PRICELESS SPECIALS INDIA PRIVACY POLICY Mastercard respects your privacy. This Privacy Policy describes how we process personal data, the types of personal

More information

DATA PROCESSING ADDENDUM

DATA PROCESSING ADDENDUM DATA PROCESSING ADDENDUM DATA PROCESSING ADDENDUM This Data Processing Addendum (this Addendum ) is executed by and between Paragon Internet Group Limited t/a Tsohost ( Tsohost ) and you ( Customer ) and

More information

Data Protection and GDPR

Data Protection and GDPR Data Protection and GDPR At DPDgroup UK Ltd (DPD & DPD Local) we take data protection seriously and have updated all our relevant policies and documents to ensure we meet the requirements of GDPR. We have

More information

Online Ad-hoc Privacy Notice

Online Ad-hoc Privacy Notice Online Ad-hoc Privacy Notice Last revised: 24 May 2018 Table of contents 1 About us and our Surveys... 2 2 What is personal data?... 2 3 Use of personal data... 2 3.1 Categories of personal data that are

More information

DATA MANAGEMENT POLICY

DATA MANAGEMENT POLICY DATA MANAGEMENT POLICY About personal data management in Fishinda application Applicable from May 25, 2018 until revocation Your personal information is used to ensure you the usage of the services provided

More information

EU Data Protection Agreement

EU Data Protection Agreement EU Data Protection Agreement This Data Protection Agreement ("Agreement") is entered into by and between TechTarget, Inc., a Delaware corporation with a principle place of business at 275 Grove Street,

More information

Vistra International Expansion Limited PRIVACY NOTICE

Vistra International Expansion Limited PRIVACY NOTICE Effective Date: from 25 May 2018 Vistra International Expansion Limited PRIVACY NOTICE This Privacy Notice explains how particular companies in the Vistra Group collect, use and disclose your personal

More information

1. Right of access. Last Approval Date: May 2018

1. Right of access. Last Approval Date: May 2018 Page 1 of 5 I. PURPOSE The European Union s General Data Protection Regulation (GDPR) provides greater data protection for individuals in the European Union (EU). This comprehensive regulation, effective

More information

General Data Protection Regulation

General Data Protection Regulation General Data Protection Regulation Workshare Ltd ( Workshare ) is a service provider with customers in many countries and takes the protection of customers data very seriously. In order to provide an enhanced

More information

PPR TOKENS SALE PRIVACY POLICY. Last updated:

PPR TOKENS SALE PRIVACY POLICY. Last updated: PPR TOKENS SALE PRIVACY POLICY Last updated: 05.03.2018 STATUS AND ACCEPTANCE OF PRIVACY POLICY 1. This Privacy Policy (hereinafter referred to as the Policy ) sets forth the general rules of Participant

More information

This Policy has been prepared with due regard to the General Data Protection Regulation (EU Regulation 2016/679) ( GDPR ).

This Policy has been prepared with due regard to the General Data Protection Regulation (EU Regulation 2016/679) ( GDPR ). PRIVACY POLICY Data Protection Policy 1. Introduction This Data Protection Policy (this Policy ) sets out how Brital Foods Limited ( we, us, our ) handle the Personal Data we Process in the course of our

More information

EU-US PRIVACY SHIELD POLICY (Updated April 11, 2018)

EU-US PRIVACY SHIELD POLICY (Updated April 11, 2018) EU-US PRIVACY SHIELD POLICY (Updated April 11, 2018) Network TwentyOne International, Inc. located at 7320 McGinnis Ferry Road, Suwanee, Georgia USA 30024 ( N21, we, our, or us ) have the following EU-US

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY DATA PROTECTION POLICY Introduction The purpose of this document is to provide a concise policy regarding the data protection obligations of Youth Work Ireland. Youth Work Ireland is a data controller

More information

Learning Management System - Privacy Policy

Learning Management System - Privacy Policy We recognize that visitors to our Learning Management System (LMS) may be concerned about what happens to information they provide when they make use of the system. We also recognize that education and

More information

Saba Hosted Customer Privacy Policy

Saba Hosted Customer Privacy Policy Saba Hosted Customer Privacy Policy Last Revised 23 May 2018 1. Introduction Saba is committed to protecting information which can be used to directly or indirectly identify an individual ( personal data

More information

Disclosure text - PDS (PKI Disclosure Statement) for electronic signature and authentication certificates

Disclosure text - PDS (PKI Disclosure Statement) for electronic signature and authentication certificates Disclosure text - PDS (PKI Disclosure Statement) for electronic signature and authentication certificates Index INDEX... 2 1. DISCLOSURE TEXT APPLICABLE TO NATURAL PERSON CERTIFICATES ISSUED ON QSCD...

More information

Shaw Privacy Policy. 1- Our commitment to you

Shaw Privacy Policy. 1- Our commitment to you Privacy Policy last revised on: Sept 16, 2016 Shaw Privacy Policy If you have any questions regarding Shaw s Privacy Policy please contact: privacy@shaw.ca or use the contact information shown on any of

More information

PRIVACY POLICY OF THE WEB SITE

PRIVACY POLICY OF THE WEB SITE PRIVACY POLICY OF THE ERANOS FOUNDATION Introductory remarks The Eranos Foundation respects your privacy! Privacy policy EU Norm 2016-769 GDPR 1 We do not sell or distribute any information that we acquire

More information

Subject: Kier Group plc Data Protection Policy

Subject: Kier Group plc Data Protection Policy Kier Group plc Data Protection Policy Subject: Kier Group plc Data Protection Policy Author: Compliance Document type: Policy Authorised by: Kier General Counsel & Company Secretary Version 3 Effective

More information

PRIVACY POLICY. What personal data we collect and why we collect it IN ORDER TO: (Date of last update: 1 st January 2019)

PRIVACY POLICY. What personal data we collect and why we collect it IN ORDER TO: (Date of last update: 1 st January 2019) PRIVACY POLICY (Date of last update: 1 st January 2019) For the purpose of the Data Protection Act 1998 (the Act) and from the 25 May 2018, the EU General Data Protection Regulation 2016/679 (the GDPR),

More information

Chapter 1. Purpose, definitions and application

Chapter 1. Purpose, definitions and application Regulation on toll service provision for tolls and ferry tickets (the Toll service provider Regulation) Legal authority: Laid down by Royal Decree on dd.mm.yyyy pursuant to the Act of 21 June 1963 no.

More information

Privacy Statement for Use of the Trust Service of Swisscom IT Services Finance S.E., Austria

Privacy Statement for Use of the Trust Service of Swisscom IT Services Finance S.E., Austria Privacy Statement for Use of the Trust Service of Swisscom IT Services Finance S.E., Austria General Privacy is a matter of trust, and your trust is important to us. Handling personal data in a responsible

More information

Privacy Policy. Effective date: 21 May 2018

Privacy Policy. Effective date: 21 May 2018 Privacy Policy Effective date: 21 May 2018 We at Meetingbird know you care about how your personal information is used and shared, and we take your privacy seriously. Please read the following to learn

More information

By accessing your Congressional Federal Credit Union account(s) electronically with the use of Online Banking through a personal computer or any other

By accessing your Congressional Federal Credit Union account(s) electronically with the use of Online Banking through a personal computer or any other CONGRESSIONAL FEDERAL CREDIT UNION ELECTRONIC CORRESPONDENCE DISCLOSURE & AGREEMENT Please read this information carefully and print a copy and/or retain this information electronically for your records.

More information

TIA. Privacy Policy and Cookie Policy 5/25/18

TIA. Privacy Policy and Cookie Policy 5/25/18 TIA Privacy Policy and Cookie Policy 5/25/18 Background: TIA understands that your privacy is important to you and that you care about how your information is used and shared online. We respect and value

More information

DISCLOSURE ON THE PROCESSING OF PERSONAL DATA LAST REVISION DATE: 25 MAY 2018

DISCLOSURE ON THE PROCESSING OF PERSONAL DATA LAST REVISION DATE: 25 MAY 2018 DISCLOSURE ON THE PROCESSING OF PERSONAL DATA LAST REVISION DATE: 25 MAY 2018 Introduction This disclosure on the processing of personal data (hereinafter, the "Disclosure") is provided pursuant to Art.

More information

VERSION 1.3 MAY 1, 2018 SNOWFLY PRIVACY POLICY SNOWFLY PERFORMANCE INC. P.O. BOX 95254, SOUTH JORDAN, UT

VERSION 1.3 MAY 1, 2018 SNOWFLY PRIVACY POLICY SNOWFLY PERFORMANCE INC. P.O. BOX 95254, SOUTH JORDAN, UT VERSION 1.3 MAY 1, 2018 SNOWFLY PRIVACY POLICY SNOWFLY PERFORMANCE INC. P.O. BOX 95254, SOUTH JORDAN, UT 84095-9998 SNOWFLY PRIVACY POLICY This Privacy Policy describes Snowfly s practices regarding the

More information

VISTRA (CYPRUS) LTD. PRIVACY NOTICE

VISTRA (CYPRUS) LTD. PRIVACY NOTICE Effective Date: from 25 May 2018 VISTRA (CYPRUS) LTD. PRIVACY NOTICE This Privacy Notice explains how particular companies in the Vistra Group collect, use and disclose your personal data, and your rights

More information

PRIVACY POLICY. 1. Introduction

PRIVACY POLICY. 1. Introduction PRIVACY POLICY 1. Introduction 1.1. The Pinewood Studios Group is committed to protecting and respecting your privacy. This privacy policy (together with our Website Terms of Use and Cookies Policy) (Privacy

More information

Beam Suntory Privacy Policy WEBSITE PRIVACY NOTICE

Beam Suntory Privacy Policy WEBSITE PRIVACY NOTICE Beam Suntory Privacy Policy WEBSITE PRIVACY NOTICE Beam Suntory ("we"; "us"; "our") respects your privacy and is committed to protecting your personal information at all times in everything we do. We are

More information

VSC-PCTS2003 TEST SUITE TIME-LIMITED LICENSE AGREEMENT

VSC-PCTS2003 TEST SUITE TIME-LIMITED LICENSE AGREEMENT VSC-PCTS2003 TEST SUITE TIME-LIMITED LICENSE AGREEMENT Notes These notes are intended to help prospective licensees complete the attached Test Suite Time-Limited License Agreement. If you wish to execute

More information

_isms_27001_fnd_en_sample_set01_v2, Group A

_isms_27001_fnd_en_sample_set01_v2, Group A 1) What is correct with respect to the PDCA cycle? a) PDCA describes the characteristics of information to be maintained in the context of information security. (0%) b) The structure of the ISO/IEC 27001

More information

COMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September Table of Contents. 1. Scope, Purpose and Application to Employees 2

COMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September Table of Contents. 1. Scope, Purpose and Application to Employees 2 COMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September 2018 Table of Contents 1. Scope, Purpose and Application to Employees 2 2. Reference Documents 2 3. Definitions 3 4. Data Protection Principles

More information

Deloitte Audit and Assurance Tools

Deloitte Audit and Assurance Tools Deloitte Audit and Assurance Tools Privacy Statement Last updated: 26 September 2017 Introduction This Privacy Statement applies to our various audit and assurance tools and other related online tools

More information

VISTRA NETHERLANDS PRIVACY NOTICE

VISTRA NETHERLANDS PRIVACY NOTICE Effective Date: from 25 May 2018 VISTRA NETHERLANDS PRIVACY NOTICE This Privacy Notice explains how particular companies in the Vistra Group collect, use and disclose your personal data, and your rights

More information

Privacy Statement for Use of the Certification Service of Swisscom (sales name: "All-in Signing Service")

Privacy Statement for Use of the Certification Service of Swisscom (sales name: All-in Signing Service) Swisscom (sales name: "All-in Signing Service") General Privacy is a matter of trust, and your trust is important to us. Handling personal data in a responsible and legally compliant manner is a top priority

More information

PERSONAL DATA PROTECTION POLICY

PERSONAL DATA PROTECTION POLICY PERSONAL DATA PROTECTION POLICY With a view to protecting the privacy and data of its contacts (users of its website, contacts made at professional meetings, or through records, projects, partnerships,

More information

African Theatre Association (AfTA) PRIVACY POLICY

African Theatre Association (AfTA) PRIVACY POLICY African Theatre Association (AfTA) PRIVACY POLICY 1. Our Privacy Pledge We store your personal data safely. We won't share your details with anyone else. You can change your preferences or opt out from

More information

Introductory guide to data sharing. lewissilkin.com

Introductory guide to data sharing. lewissilkin.com Introductory guide to data sharing lewissilkin.com Executive Summary Most organisations carry out some form of data sharing, whether it be data sharing between organisations within the group or with external

More information

ADIENT VENDOR SECURITY STANDARD

ADIENT VENDOR SECURITY STANDARD Contents 1. Scope and General Considerations... 1 2. Definitions... 1 3. Governance... 2 3.1 Personnel... 2 3.2 Sub-Contractors... 2 3.3. Development of Applications... 2 4. Technical and Organizational

More information

EU Data Protection Agreement

EU Data Protection Agreement EU Data Protection Agreement This Data Protection Agreement ("Agreement") is entered into by and between TechTarget, Inc., a Delaware corporation with a principle place of business at 275 Grove Street,

More information

Do you handle EU residents personal data? The GDPR update is coming May 25, Are you ready?

Do you handle EU residents personal data? The GDPR update is coming May 25, Are you ready? European Union (EU) General Data Protection Regulation (GDPR) Do you handle EU residents personal data? The GDPR update is coming May 25, 2018. Are you ready? What do you need to do? Governance and Accountability

More information

Digital Signatures Act 1

Digital Signatures Act 1 Issuer: Riigikogu Type: act In force from: 01.07.2014 In force until: 25.10.2016 Translation published: 08.07.2014 Digital Signatures Act 1 Amended by the following acts Passed 08.03.2000 RT I 2000, 26,

More information

DATA PROTECTION AND PRIVACY POLICY

DATA PROTECTION AND PRIVACY POLICY DATA PROTECTION AND PRIVACY POLICY Data Protection Act London Capital Group (Cyprus) Limited (LCG) may process information relating to you, including holding such information in a manual format or electronic

More information

CAPGEMINI BINDING CORPORATE RULES

CAPGEMINI BINDING CORPORATE RULES CAPGEMINI BINDING CORPORATE RULES Introduction As one of the world s foremost providers of consulting, technology and outsourcing services to a wide array of clients around the world, Capgemini is committed

More information

SURGICAL REVIEW CORPORATION Privacy Policy

SURGICAL REVIEW CORPORATION Privacy Policy SURGICAL REVIEW CORPORATION Privacy Policy Your privacy is very important to us. Please read below to see how Surgical Review Corporation ( SRC ) handles information. SRC respects your privacy and shares

More information