Effective: 25 May 2018
This Data Processing Agreement has been entered into between EGNITION Pty Ltd (“we”, “us”, “our”) as a data processor and you as the data controller.
Processing of personal data
To the extent any of the data processed in connection with your use of the Service or Software constitutes personal data under the applicable legislation, you hereby authorise us to process such data (and any other data, regardless of whether they constitute personal data or not) on your behalf for the purposes of providing the Service or Software in accordance with the Terms, Policies and applicable legislation.
For the sake of clarity, it is noted that in relation to the personal data processed under this agreement, we act as the data processor and you act as the data controller.
We confirm that we will process your personal data & any personal data that we can collect through our Software in a lawful manner which meets requirements of the applicable legislation relating to the processing of personal data, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and that we will otherwise comply with the applicable legislation in relation to the processing of personal data.
Responsibilities of the data controller
Assistance to you as the data controller
We will assist you in providing any technical or organizational measures for the fulfillment of your obligations as the data controller in relation to possible requests for exercising the data subjects’ rights laid down in the applicable legislation. Taking into account the nature of the Service or Software, you further agree that we cannot commit to providing such assistance.
We will assist you in ensuring compliance with your obligations relating to the security of data processing, notifications of personal data breaches to the supervisory authorities and communications to data subjects and data protection impact assessments. We will notify you about any personal data breaches concerning your data as soon as possible and, where feasible, at the latest 48 hours after having become aware of such personal data breach.
Taking into account the nature of the data processing and the information available to us as the data processor, you agree that we may be unable to assist you in these matters.
Confidentiality and security
We confirm that our personnel involved in providing the Service or Software to you have committed to confidentiality obligations with regard to personal data (if any) processed in connection with the Service or Software. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons we confirm that we have taken such technical and organisational security measures which ensure a level of security appropriate to the risk.
You agree that we may engage third parties including other data processors in connection with the Service or Software and that such third parties may be located, and your data may be processed, outside the European Economic Area (including e.g. in the United States) subject to applicable legislation. If we transfer any personal data outside the European Economic Area, we ensure that the personal data is transferred in accordance with the applicable law, for example, by using appropriate European Union Standard Contractual Clauses.
If we engage another processor for carrying out processing activities on your behalf, at least the same data protection obligations as set out in this agreement, shall also apply to such sub-processor. If such sub-processor fails to fulfil its data protection obligations, we shall remain fully liable to you for the performance of the sub-processor’s obligations. We will inform you of any intended changes concerning the addition or replacement of sub-processors.
We may provide information regarding such third party data processors upon request, and always subject to our confidentiality obligations. If you do not approve our use of any third party processors, please stop using the Service or Software immediately.
Retention of your data
We have no obligation to store and we will not store any of your data after the termination of your account and/or subscription of the Service or Software unless otherwise agreed or required under applicable law. We will delete or return all personal data related to you after the end of the provision of services relating to processing.
You may have the right, in accordance with applicable legislation only, to receive information necessary to demonstrate compliance with the obligations laid down in this Data Processing Agreement and applicable legislation and, where and to the extent mandated under applicable legislation to do so, we may allow for, and contribute to, audits, including inspections, conducted by you in relation to personal data in relation to our Service provided to you only. The timing and other practicalities related to any such audit or inspection are determined by us and any such information and assistance are provided at exclusively your cost and expense, and we reserve the right to charge you for any additional work or other costs incurred by us in connection with you using such rights.
Please contact firstname.lastname@example.org if you need/would like a signed copy of this Data Processing Agreement.