Last Modified: April 17, 2023
For the purpose of this DPA, the following terms shall have the following meaning. In case of any doubt or differences with the terms defined in the Data Protection Legislation, the definitions stipulated in the relevant Data Protection Legislation shall prevail.
“Controller” means the natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data carried out under its authority, for the purposes of the Consultancy Agreement and the DPA, being the Customer.
“Data Protection Legislation” means the GDPR together with any other (data protection) laws resulting from the GDPR and/or all other applicable laws of any country with regard to the protection of Personal Data or privacy.
“Data Subject” means an identified or identifiable natural person to whom the Personal Data relates. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person. The relevant categories of Data Subjects are identified in this DPA.
“GDPR” means the Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
“Apryse” means Apryse Software Inc, with a registered office at 500-838 West Hastings Street Vancouver, BC, V6C 0A6 Canada.
“Personal Data” means any information relating to a Data Subject within the meaning of Article 4, 1) GDPR. The relevant categories of Personal Data that are provided to Apryse by, or on behalf of, the Customer, are identified in this DPA.
“Personal Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise Processed in connection with the Agreement and the provision of the Services.
“Processing”, “Process(es)” or “Processed” means any operation or set of operation which is performed upon Personal Data or on sets of Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Processor” means a natural or legal person, public authority, agency or any other body which is authorised to process Personal Data on behalf of the Customer, being Apryse.
“Security Measures” means the technical and organizational measures within the meaning of Article 32 GDPR aiming at protecting Personal Data against accidental or unlawful destruction or loss, as well as against non-authorised access, alteration or transmission.
“SCCs”: means the Standard Contractual Clauses issued pursuant to Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council, located at http://data.europa.eu/eli/dec_impl/2021/914/oj.
“Sub-processor” means any Processor engaged as a sub-processor or subcontractor by Apryse and processes Personal Data for, on behalf of and in accordance with the instructions of Apryse.
“Supervisory Authority” means an independent public authority which is established by a Member State pursuant to Article 51 GDPR.
“Third Party” means any party who is not a Data Subject, Controller, Processor or Sub-processor under this DPA or a person who is authorised to process Personal Data under the direct authority of the Customer or Apryse.
Security Measures
Apryse shall implement and maintain all appropriate Security Measures to ensure a level of security to the risks in accordance with Article 32 GDPR. The Customer may request Apryse to provide an updated description of the implemented Security Measures
Data exporter(s):
The exporter (Controller) is Customer and Customer’s contact details and signature are as provided in the Agreement and the DPA.
Data importer(s):
The importer (Processor) is Apryse and Apryse’s contact details and signature are as provided in the Agreement and the DPA.
Categories of data subjects whose personal data is transferred:
Any data subjects whose Personal Data is contained in Customer data being used in the Services, as set out in the Agreement which describes the provision of Services to Customer, which may include Customer’s authorized users, representatives, and end users, including, without limitation, Customer’s employees, contractors, partners, suppliers, customers, and clients.
Categories of personal data transferred:
Any Personal Data that is provided by Customer to Apryse in connection with the Agreement, as described further in the DPA, including, without limitation, contact information such as name, address, telephone or mobile number, email address, and passwords.
Sensitive data transferred (if applicable): N/A.
The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis):
On a continuous basis as needed to provide the Services to Customer for the term of the Agreement.
Nature of the processing:
The nature of the Processing is set out in the Agreement between the parties.
Purpose(s) of the data transfer and further processing:
The purposes of the data transfer are for Apryse to provide the Services pursuant to the Agreement.
The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period:
The data will be retained for the time period needed to accomplish the purposes of Processing, unless otherwise required by applicable law.
Convertir desde PDF
Convertir a PDF
Editar