DATA PROCESSING TERMS

Similar documents
Data Processing Clauses

Data Processing Agreement

Data Processing Agreement

Data Processing Agreement for Oracle Cloud Services

Data Processor Agreement

GDPR AMC SAAS AND HOSTED MODULES. UK version. AMC Consult A/S June 26, 2018 Version 1.10

Data Processing Agreement

Data Processing Agreement DPA

Eco Web Hosting Security and Data Processing Agreement

"PPS" is Private Practice Software as developed and produced by Rushcliff Ltd.

SHELTERMANAGER LTD CUSTOMER DATA PROCESSING AGREEMENT

Data Processing Agreement

DATA PROCESSING AGREEMENT

HPE DATA PRIVACY AND SECURITY

Data Protection. Code of Conduct for Cloud Infrastructure Service Providers

DATA PROCESSING AGREEMENT

Fabric Data Processing and Security Terms Last Modified: March 27, 2018

Data subject ( Customer or Data subject ): individual to whom personal data relates.

Data Processing Agreement

Data Processing Amendment to Google Apps Enterprise Agreement

German Data Processing Addendum MailChimp

PRIVACY POLICY PRIVACY POLICY

Within the meanings of applicable data protection law (in particular EU Regulation 2016/679, the GDPR ):

Google Ads Data Processing Terms

INFORMATION MEMORANDUM ON DATA PROCESSING

Customer EU Data Processing Addendum

Motorola Mobility Binding Corporate Rules (BCRs)

PRINCIPLES OF PROTECTION OF PERSONAL DATA (GDPR) WITH EFFICIENCY FROM

SDL Privacy Policy Cloud Services

Version 1/2018. GDPR Processor Security Controls

Security Annex for Firewalls Additional Terms for Firewall Service

Act CXII of 2011 on the right to information self-determination and freedom of information. Act ;

Data Protection Policy

1 About GfK and the Survey What are personal data? Use of personal data How we share personal data... 3

This Policy has been prepared with due regard to the General Data Protection Regulation (EU Regulation 2016/679) ( GDPR ).

Entrust SSL Web Server Certificate Subscription Agreement

General Terms & Conditions (GTC)

Privacy Policy. Data Controller - the entity that determines the purposes, conditions and means of the processing of personal data

Subject: Kier Group plc Data Protection Policy

ROYAL MAIL GROUP ADDRESS MANAGEMENT UNIT PAF DATA END USER TERMS ( End User Terms )

Mailbox Rental Terms and Conditions

GDPR compliance: some basics & practical to do list

Royal Mail Consultation: Changes to Postal Schemes to reflect new data protection legislation

More detailed information, including the information about your rights is available below.

Online Ad-hoc Privacy Notice

have concluded the following data processing agreement (hereinafter the Data Processing Agreement or this Agreement ):

Digital Signatures Act 1

Individual Agreement. commissioned processing

SIX Trade Repository AG

SCHOOL SUPPLIERS. What schools should be asking!

Privacy policy. Definitions and interpretation

The Role of the Data Protection Officer

GDPR Compliance. Clauses

Terms and Conditions for MPF e-statement/e-advice Service ( Terms and Conditions )

The Apple Store, Coombe Lodge, Blagdon BS40 7RG,

Part of the service for dedicated servers includes 24/7 technical support and the guarantee of HW repair within two hours of the customer s request.

DATA PROTECTION POLICY

EU GDPR - DATA PROCESSING ADDENDUM INSTRUCTIONS FOR CDNETWORKS CUSTOMERS

ACCOUNTING TECHNICIANS IRELAND DATA PROTECTION POLICY GENERAL DATA PROTECTION REGULATION

Identity of the controller: CHARVAT CTS a.s., ID No.: , with the registered office at Okrinek 53, Podebrady, Czech Republic, Postcode

USER CORPORATE RULES. These User Corporate Rules are available to Users at any time via a link accessible in the applicable Service Privacy Policy.

Terms and Conditions for External accounts Service

COMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September Table of Contents. 1. Scope, Purpose and Application to Employees 2

GDPR Processor Security Controls. GDPR Toolkit Version 1 Datagator Ltd

Data Subject Access Request Procedure. Page 1 KubeNet Data Subject Access Request Procedure KN-SOP

BHBIA New Data Protection Rules. Pharma Company Perspective. Guy Murray Director, Market Research & Analytics, GC&BI MR Operations and Compliance, MSD

OCTOSHAPE SDK AND CLIENT LICENSE AGREEMENT (SCLA)

Learning Management System - Privacy Policy

REGISTRAR AGREEMENT. Domain Name means a domain name allocated under the.eu Top Level Domain and its variants in other scripts.

What is cloud computing? The enterprise is liable as data controller. Various forms of cloud computing. Data controller

Data Processing Policy

Prohire Software Systems Limited ("Prohire")

CEM Benchmarking Privacy Policy

Rules for Commissioned Processing. (DDV Declaration of Conformity)

Website Privacy Policy

Integrity Notice. Fjärde AP-fonden (AP4)

GDPR: A QUICK OVERVIEW

PS Mailing Services Ltd Data Protection Policy May 2018

Plan a Pragmatic Approach to the new EU Data Privacy Regulation

Beta Testing Licence Agreement

Google Cloud & the General Data Protection Regulation (GDPR)

Personal Data Protection Policy

PRIVACY POLICY OF.LT DOMAIN

Keeper Data Processing Agreement

As set out in the Hong Kong ID card, or any relevant identification document referred to in 1(g) above.

Juniper Networks Data Subprocessing Agreement

PRIVACY POLICY. 1. Introduction

Islam21c.com Data Protection and Privacy Policy

EU GDPR & ISO Integrated Documentation Toolkit integrated-documentation-toolkit

UWC International Data Protection Policy

EU General Data Protection Regulation (GDPR) Achieving compliance

Service Level Agreement (SLA)

Part B of this Policy sets out the rights that all individuals have in relation to the collection and use of your personal information

TOOLBOX SUBSCRIPTION AGREEMENT FOR OPEN SOURCE PROJECTS

Blue Alligator Company Privacy Notice (Last updated 21 May 2018)

M T BUCKLEY & Co Chartered Accountants

CAPGEMINI BINDING CORPORATE RULES

Just-Property Ltd GDPR Client Data Register

Privacy Notice - Stora Enso s Supplier and Stakeholder Register. 1 Purpose

TERMS AND CONDITIONS OF USE FOR THE WEBSITE This version is valid as from 1 October 2013.

Transcription:

DATA PROCESSING TERMS Safetica Technologies s.r.o. These Data Processing Terms (hereinafter the Terms ) govern the rights and obligations between the Software User (hereinafter the User ) and Safetica Technologies s.r.o., a company incorporated under the laws of the Czech Republic with its registered seat at Laubova 1729/8, Vinohrady, Postcode 130 00 Prague 3, Company ID No.: 25848666, recorded in the Commercial Register held by the Municipal Court in Prague, File No. 117600 (hereinafter the Safetica ). The User and Safetica may jointly be referred to as the Parties or individually as a Party.

1. DEFINITIONS 1. 1. Definitions. Unless otherwise provided in the Terms, the meaning of capitalized words is stated in Annex A to the Terms. 2. TERMS 2. 1. Purpose of the Terms. The Terms govern the processing and security of User Personal Data. 3. ROLES AND DATA PROCESSING INSTRUCTIONS 3. 1. Roles and Regulatory Compliance; Authorization. 3.1. 1. Safetica s and User s Responsibilities. The Parties acknowledge and agree that: a. Safetica is a processor of User Personal Data; b. User is a controller or processor, as applicable, of User Personal Data; c. each Party will comply with the obligations applicable to it under the applicable law with respect to the processing of User Personal Data. 3.1. 2. Authorization by Third Party Controller. If User is a processor, User warrants to Safetica that User s instructions and actions with respect to User Personal Data, including its appointment of Safetica as another processor, have been authorized by the relevant controller. 3. 2. Data Processing Instructions. By entering into these Terms, User instructs Safetica to process User Personal Data only in accordance with applicable law: (a) to provide the Processor Services; (b) as further specified via User s use of the Processor Services; (c) as documented in the Agreement, including the Terms; and (d) as further documented in any other written instructions given by User and acknowledged by Safetica as constituting instructions for purposes of the Terms. 4. DURATION OF PERSONAL DATA PROCESSING 4. 1. Duration of Personal Data Processing. Processing of User Personal Data shall be performed for the duration of the Agreement plus the period until the deletion of all User Personal Data in accordance with the Terms. 5. NATURE AND PURPOSE OF PERSONAL DATA PROCESSING 5. 1. Nature and Purpose of Personal Data Processing. Safetica shall process User Personal Data through means of automated processing to provide the User with the Processor Services. 6. TYPES OF PERSONAL DATA 6. 1. Types of Personal Data. The User Personal Data may include the data collected by the Software (as described in the documentation, available on demand), system, application and web logs regarding the activity on the end station, on which is the Software installed, contact data of the User s co-workers, system and Software tuning information, data on the connection to the User and any other information necessary for fulfilling the purpose of the Processor Services. 2

7. CATEGORIES OF DATA SUBJECTS 7. 1. Categories of Data Subjects. User Personal Data will concern the following categories of data subjects: 7.1. 1. data subjects about whom Safetica collects personal data in its provision of Processor Services; and/or 7.1. 2. data subjects about whom personal data is transferred to Safetica in connection with Processor Services by, at the direction of, or on behalf of User. Depending on the nature of the Processor Services, these data subjects may include (a) User s employees or other User s co-workers, (b) members of User s bodies; (c) User s clients. 8. RIGHTS AND OBLIGATIONS OF THE PARTIES 8. 1. Mutual Notification Obligation. If any third person, particularly a data subject or supervisory authority, requests any Party to provide any information in relation to personal data processing under the Agreement or the Terms, or in this relation makes any claim or exercises any right against any Party, the Party undertakes to inform the other Party about such procedure without undue delay. 8. 2. User s Obligations. The User is liable for fulfilling all obligations in relation to User Personal Data processing, particularly for informing data subjects about User Personal Data processing, obtaining consent with User Personal Data processing if necessary, dealing with data subjects requests relating to the exercise of their rights (such as right to information, access, rectification, erasure, process limitation, right to object etc.). The User is further liable for fulfilling all notification obligations towards any supervisory authority relating to User Personal Data processing, especially for notifying the supervisory authority on any personal data breach. 8. 3. User s Security Assessment. User is solely responsible for reviewing the Terms and evaluating for itself whether the security measures, and Safetica s commitments hereunder meet User s needs, including with respect to any security obligations of User under the applicable law. 8. 4. User s Acknowledgement. User acknowledges and agrees that (considering the state of the art, the costs of implementation and the nature, scope, context, purposes and differently probable and differently serious risks to individuals) the security measures implemented and maintained by Safetica as set out in the Terms provide a level of security appropriate to the risk in respect of the User Personal Data. 8. 5. Data Subject Requests. For the duration of User Personal Data processing, if Safetica receives any request from a data subject in relation to User Personal Data, Safetica shall advise the data subject to submit its request to User and User will be responsible for responding to any such request. 8. 6. Safetica s Obligations. For the purpose of the User Personal Data protection Safetica undertakes, for the duration of processing User Personal Data under the Terms, that it: 8.6. 1. Shall take appropriate steps to ensure compliance with the security measures by its employees, contractors and suppliers to the extent applicable to their scope of performance, including ensuring that all persons authorized to process User Personal Data have committed themselves to confidentiality or are under appropriate statutory obligation of confidentiality; 8.6. 2. Shall implement and maintain technical and organizational measures to protect User Personal Data against any personal data breach described in Annex B to the Terms; 3

8.6. 3. Shall not engage another processor without prior authorization of the User, except for the Distributor, who have concluded the sublicense agreement with the User, cloud services providers ensuring data transfer between Parties, Safetica s service staff and service partners, who shall provide the User with support and maintenance services, Safetica s SW developers, and in case of engaging the abovementioned processors, Safetica shall ensure to obligate them to adhere to these Terms; 8.6. 4. In the scope appropriate to the nature of processing and available information, Safetica shall be supportive of the User with ensuring appropriate technical and organizational measures to secure the personal data, notifying personal data breach to any supervisory authority or data subject, assessing data protection impact and with prior consultations with the supervisory authority; 8.6. 5. Shall provide the User with necessary information, which can be fairly demanded from Safetica, to fulfil the User s obligation to react to the data subject s request to exercise its rights under the data protection legislation; 8.6. 6. Shall delete, upon the termination of the provision of Processor Services, User Personal Data, including all existing copies, unless European Union or Member State law requires its storage; 8.6. 7. Shall provide the User with all information necessary to demonstrate Safetica s compliance with the obligations stated in the Terms and allow for and contribute to audits, including inspections, conducted by the User or another auditor mandated by the User according to audit terms stipulated in Annex C to the Terms. 9. FINAL PROVISIONS 9. 1. Language. The Terms have been drawn up in Czech and English. In the case of any discrepancies, the Czech version shall prevail. All obligations of Safetica towards User related to the Terms shall be fulfilled in the Czech or English language, at Safetica s sole discretion. 9. 2. Severability. Should any of the provisions hereof be or become invalid, void, ineffective or unenforceable, this fact shall not affect the rest of the Terms. The Parties agree to replace any such invalid, ineffective, void or unenforceable provisions of the Terms with a provision that is valid, effective, not considered void, enforceable and with the same business and legal meaning within 14 (fourteen) days of receiving a request from the other Party. 9. 3. Reservation to Amend the Terms. In the event of changes to the applicable law or changes to the interpretation rules or practices for interpretation of the applicable law, Safetica may amend the Terms within a reasonable scope. The amendment of the Terms shall be reported by Safetica on its website and by e-mail to the last known e-mail address of the User used for the communication with Safetica. Unless rejected by the User within 1 (one) month since sending the notification to the User, the User is deemed to have adopted the amended Terms. Should the User reject the amended Terms within the aforementioned period, this fact shall constitute the termination of these Terms with a 2 (two) months termination period; during this period the last Terms accepted by both Parties shall apply. Termination of the Terms under this clause does not constitute termination of the Agreement; however, following the termination of the Terms if the Parties do not reach an agreement on new data processing terms as required by applicable law within a 2 (two) months period, any Party has the right to immediately terminate the Agreement by sending a written termination notice to the other Party effective as of the day of its delivery. 4

ANNEX A: DEFINITIONS Distributor A legal entity or natural person authorized to provide the User with a sublicense for the use of the Software. This person may be a distributor, partner, reseller or another person, that had been granted an appropriate licence from Safetica. A list of the main Distributors is published at https://www.safetica.com/partners. Provided that the third party is not found in this list, we recommend to enquire with Safetica whether the third party is or is not its Distributor. GDPR Is the Regulation (Eu) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). User Personal Data Is the personal data that is processed by Safetica on behalf of User while providing Processor Services to the User. Agreement An agreement concluded between the Parties which incorporates the Terms by referring to them, particularly SLA. Software The Software is Safetica s computer program named Safetica DLP, Safetica Auditor, Safetica Mobile, Safetica Office Control, Safetica Auditor Terminal Server, Safetica DLP Terminal Server, Safetica Professional Services, Safetica DLP MSP, Safetica Auditor MSP, Safetica Mobile MSP, Safetica Office Control MSP, Safetica Auditor Terminal Server MSP, Safetica DLP Terminal Server MSP, or Professional Services. User Is the commercial company, that have concluded the Agreement with Safetica. The terms controller, data subject, personal data, personal data breach, processing, processor and supervisory authority Have the meaning given to them in GDPR. Processor Services Are the services provided by Safetica to User under the Agreement and any related technical support which include personal data processing. 5

ANNEX B: SECURITY MEASURES As from the Terms effective date, Safetica will implement and maintain the security measures set out in this Annex B. Safetica may update or modify such security measures from time to time provided that such updates and modifications do not result in the degradation of the overall security of the processing. Risk-based principle. Safetica shall periodically review the risk of information security, in connection with personal data and important activities of User. Fulfilment of the Safetica s obligation to assure the data security is performed by the position of security manager, who acts within the Safetica s management. Organizational security. Safetica shall implement measures to secure the personal data against the human failure, particularly: Adopting and maintaining internal regulation and documentation on the internal security; Periodical co-workers training on the rules of dealing with personal data and the risk of information security; Ensuring that all employees, contractors, suppliers and other third persons with access to personal data have committed themselves to contractual liability. Adopting and maintaining processes relating to the work with the Safetica s key assets, particularly with User Personal Data. Technical measures. Safetica shall implement appropriate technical measures to secure the personal data, particularly: Antivirus protection against malware; Network security solution, combining firewalls, configuration of network features and other technologies; Tools to audit dealing with sensitive User Personal Data, that are configurated to automatically notify the incidents to a responsible person; Encryption of User s HDDs and external HDs; Data Loss Prevention (DLP) solution to enforce the rules of safe work with personal data and eliminating the risk of personal data breach; Important infrastructure and data backup. On-site security. To secure the personal data stored in written form and the IT devices, Safetica shall particularly implement: Personal data access processes and policies; Premises and on-site/digital repository security. 6

ANNEX C: RULES FOR AUDITS User must send any requests for the audit solely to the Safetica s email address dpo@safetica.com. Following receipt by Safetica of a request for audit, Safetica and User will discuss and agree in advance on: (i) the reasonable date(s) of and security and confidentiality controls applicable to any audit; and (ii) the reasonable commencing date, scope and duration of and security and confidentiality controls applicable to any audit. Safetica may charge a fee (based on its reasonable costs) for any audit requested by the User. Safetica shall provide User with further details of any applicable fee or the basis of its calculation, in advance of any such audit. User will be responsible for any fees charged by any auditor appointed by User to execute any such audit. Safetica may object in writing to an auditor appointed by User to conduct any audit, if the auditor is, in Safetica s reasonable opinion, not suitably qualified or independent, a competitor of Safetica, or otherwise manifestly unsuitable. Any such objection by Safetica will require User to appoint another auditor or to conduct the audit itself. 7

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback