Executed in compliance with the data processing legislation, including but not limited to the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter “GDPR“).
1.1. The terms "Provider", "Client", "Service", "Service Period" have the same meaning as defined in the Business Terms and Conditions and the terms "Controller", "Processor", "Personal Data", "Processing", and "Appropriate Technical and Organizational Measures", are used in the sense defined by the Principles of Personal Data Protection.
1.2. This Personal Data Processing Agreement defines the method of the Client´s customer personal data processing in compliance with the personal data processing legislation, including but not limited to the GDPR.
1.3. The Provider is the Processor of the Client´s customer personal data and the Client is the Controller or these data.
1.4. The Provider is not entitled to process the personal data in contradiction to or in excess of the framework defined by these terms without direct specific consent of the Client. This consent may be granted by the Client for example by checking the relevant item in the Service form, by email or in any other communication with the Provider.
2.1. The Provider hereby agrees to process personal data for the Client for the purpose of the Service provision in the form of “SaaS“ (Software as a Service) within the scope of common personal data and throughout the Service Period. Processing of the special category of personal data pursuant to Art. 9 of GDPR within the framework oft he Service is prohibited.
2.2. The Processor hereby agrees to process the following types of personal data concerning the following categories of Data Subjects:
2.3. The Client shall enter the following personal data if its customers in the Service within the following scope:
3.1. Personal data are processed for the purpose of all activities needed for provision of the Services in the form of Saas (Software as a Service) (including support etc.).
3.2. The Provider hereby agrees to process personal data for the Client within the scope and for the purpose specified in Art. 3.1 hereof. In the context of the processing the Provider shall collect the personal data, store them on information carriers, sort, forward, save and delete them in automated as well as manual manner for the activity to correspond to the purpose of the personal data processing.
3.3. The Client grants to the Provider a general permit to use a sub-processor for the purpose. The Provider shall bind its sub-processors with the same personal data protection liability as is defined herein. The Provider´s sub-processors include: Google LLC, with registered seat at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
3.4. If the Client seeks information about future changes in the list of sub-processors a request can be sent to firstname.lastname@example.org. The Provider shall inform the Clients requesting so within fourteen (14) days before the change takes effect. The Client may object against the change within this deadline. Legitimate objections must include documented violation of the principles of personal data protection by the sub-processor.
3.5. In serious cases involving threatening of data security or Service operation he Provider shall be entitled to change the sub-processor without prior notification of the Client. In such case the Provider shall be liable to notify the change to the Client ex post and the right of the Client for filing a legitimate objection shall not be affected.
3.6. The Provider hereby agrees to adopt measures preventing unauthorized or inadvertent access to the personal data, their alteration, destruction or loss, unauthorized transfers, processing and other misuses of the personal data. The Provider hereby agrees to secure the personal data processing by the following means, including but not limited to:
3.7. The Provider is entitled to use the data provided by the Client for the following purposes: for internal use by the Provider and for processing and publication in accumulated anonymous form (such as for the purpose of various studies, statistical reports, info graphics, case studies etc.).
4.1. The Client shall be entitled any time to export data in machine readable formats in any manner permitted by the Service.
5.1. Data provided by the Client for processing by the Provider´s Service shall be deleted in thirty (30) days.
5.2. In thirty (30) days from the account deletion the Provider shall also delete Client´s data from the Service backups.
5.3. The Service logs which may include Client account activity records shall be deleted by the Provider in one (1) year from the account deletion.
6.1. The Client hereby agrees to inform the Provider without delay about all facts known to the Client which might negatively affect due and timely fulfillment of the liability following from this agreement and to provide the necessary assistance to the Provider for the purpose of facilitation of fulfillment hereof.
7.1. This agreement is executed for a limited period from its effectiveness date to the date of the Service termination for any reason.
7.2. This agreement comes to force and effect on 25 May 2018.