數據資料處理協議 - SimplyBook.me 一站式線上預約排程解決方案

Data Subject Requests V. Sub-Processors VI. Data Transfers VII. Standard Contractual Clauses VIII. Additional Provisions IX. ThisdocumentistheDataProcessingAgreement(“DPA”)ofSimplyBook.meLtd,preparedpursuanttoArticle28oftheEUGeneralDataProtectionRegulation(“GDPR”).ItisalegallybindingagreementbetweenSimplyBook.meLtdandYou,theUseroftheSimplyBook.meSoftwareSolution. ItisrecommendedthatYoureadthisdocumentcarefully,togetherwithour: SimplyBook.meSoftwareSolution-TermsandConditions; SimplyBook.meSoftwareSolution-PrivacyPolicy; anyotherlegallybindingdocumentsignedbetweenYouandSimplyBook.meLtdfortheprovisionoftheSimplyBook.meSoftwareSolution; ourGDPRComplianceStatement; ourdocumentscontainedinthelatestversionofourSecurityPackage Note1 YoucandownloadandgetasignedcopyofthisDPA. Note2 YouunderstandthatwemaymakeanyreasonablechangestotheprovisionsbelowinordertoreflectchangesintheGDPRorotherrelevantlawsand/oridentitychangestoourbusinessoperationsandwewillnotifyyouforanymajorchanges. Note3 IfyouhaveanyquestionsaboutthisDPA,pleasecontactus [email protected]或[email protected] Version:2.2 Lastupdated:23/11/2021 Effectivedate:23/11/2021 I. 具體定義 II. ResponsibilitiesofYou III. ResponsibilitiesoftheCompany: IV. DataSubjectRequests V. Sub-Processors VI. DataTransfers VII. StandardContractualClauses VIII. AdditionalProvisions IX. PartiestotheDPA X. GeneralProvisions XI. Annexes I.具體定義 1.1.InadditiontothetermsdefinedelsewhereinthisAgreementandtheMainAgreement,forallthepurposesofthesubjectmatterhereof,thetermsincludedinAnnex1(the“Definitions”)hereinshallhavethemeaningssetforththerein. 1.2.ThePartiesmutuallyagreeandunderstandthatforthepurposesofthisAgreement,allthedefinitionsoftheEuropeanDataProtectionLawsareadopted. II.ResponsibilitiesofYou 2.1.InlinewiththeprovisionsofthisDPAandMainAgreement,YouareresponsibletocomplyasDataControllerwithallrequirementsapplicabletoyouroperationsunderapplicableDataProtectionLaws,fortheProcessingofPersonalData. 2.2.Youagreeandacknowledgethat,withoutprejudicetothegeneralityofthebelow;thatyouareresponsiblefor:(i)theaccuracy,qualityandlegalityofthePersonalDataprovidedbyYoutotheCompanyforthepurposesoftheServicesaswellasthemeansandmethodsofacquiringthat;(ii)compliancewithwithallnecessarytransparencyandlawfulnessrequirementsunderapplicableDataProtectionLaws,includingEuropeanDataProtectionLaws;(iii)forthecollectionanduseofthePersonalData,includingobtaininganynecessaryconsentsandauthorizations,particularlyforusebytheUserformarketingpurposes;(iv)ensuringthatYouhavetherighttotransferorprovideaccessto,thePersonalDatatousforProcessinginaccordancewiththetermsofthisDPAandMainAgreement;(v)ensuringthatYoucomplywithanylawsapplicabletoYou,includingbutnotlimitedtoDataProtectionLaws,foranyemailsorothercontentcreated,sentorotherwisemanagedthroughourServices. 2.3.YouherebyconfirmandagreetoinformtheCompanypromptlyandwithoutanyunduedelay,ifYouarenotabletocomplywithyourobligationsherein,andspecificallyundertheapplicableDataProtectionLaws. 2.4.YouherebyacknowledgeandunderstandthattheprovisionshereinandanyrelevantprovisionsoftheMainAgreementandanyadditionalwrittenrequestunderYourcapacityasaDataSubject;shallconstitutethecompleteandfinalInstructionsofYouasDataControllerforthepurposesofthisDPAforandinrelationtotheProcessingofYourPersonalData. 2.5.Youherebyacknowledge,understandandagreethat,anyadditionalInstructionsoutsidethescopeherein,shallrequireYourpriorwrittenrequest. III.ResponsibilitiesoftheCompany 3.1.TheCompanyshallonlyProcessPersonalDataforthepurposeofdescribedinthisDPAandinlinewithAnnex2herein(the“DetailsofProcessing”)orasotherwiseagreedwithinthescopeofyourlawfulInstructions,exceptwhereandtotheextentotherwiserequiredbytheDataProtectionLaws,includingbutnotlimitedtoEuropeanDataProtectionLawsandotherapplicablelawsandregulationsrelevanttotheParties. 3.2.TheCompanyshallnotbeheldresponsibleandliableforcompliancewithapplicableDataProtectionLawswhichapplysolelytoYouand/orYourindustryandarenotlegallyapplicabletoSimplyBook.meLtd’soperations. 3.3.TheCompanyshallnotifyYouimmediatelyandwithoutanyunduedelay,totheextentpermittedbylaw;whereitisdeemedthelatterisunabletoProcessPersonalDatainaccordancewiththeprovisionsofthisDPAandduetolegalrequirementsofapplicablelawsand/orregulations. 資安團隊 3.4.Byconsideringthestateofart,thecostsofimplementingandthenature,scope,contextandpurposesofProcessingofPersonalDatapursuanttotheprovisionsofthisDPA,aswellastheriskofvaryinglikelihoodandseverityfortherightsandfreedomsofnaturalpersons;theCompanyshallimplementandmaintainappropriatetechnicalandorganisationalmeasurestoensuretheappropriatelevelofsecuritytothatrisk,asperprovisionsofAnnex3herein(collectivelythe“SecurityMeasures”). 3.5.TheCompanyshallensurethattheSecurityMeasuresformpartofitsimplementedInformationSecurityManagementSystem(the“ISMS”),inlinewiththeISO/IEC27001:2013standardandissuedcertificatebyanaccreditedcertifyingbody. 3.6.Notwithstandinganyprovisiontothecontrary,theCompanymaymodifyorupdatetheSecurityMeasuresatourdiscretionprovidedthatsuchmodificationorupdatedoesnotresultinamaterialdegradationintheprotectionofferedbytheSecurityMeasuresand/orcomplywithrelevantlawsandlegalobligations. Confidentiality 3.7.TheCompanyherebyensuresthatanyworkerorappointedpersonauthorisedtoProcessPersonalDataforandonourbehalfissubjecttoappropriateconfidentialityobligations,contractualandstatutoryobligationswithrespecttothatPersonalData. Personaldatabreaches 3.8.TheCompanyherebyagreestonotifypromptandwithoutunduedelayoncebecomingawareofanyPersonalDataBreach,followingtheprovisionsofapplicableDataProtectionLawsandwherenecessaryprovideYouwithinformationasitbecomesknownorreasonablyrequestedbyYou. 3.9.TheCompanyherebyagreestopromptlyprovideYouwithsuchreasonableassistanceasnecessarytoenablenotifyingrelevantPersonalDataBreachestocompetentauthoritiesand/oraffectedDataSubjects,pursuanttotheapplicableDataProtectionLawsandsubjecttoyourwrittenrequest. Delectionorreturnofpersonaldata 3.10.TheCompanyherebyagreestodeleteorreturntoYouallPersonalDatarelatingtotheMainAgreementandthisDPA,includingbutnotlimitedtocopiesofPersonalDatawhichwasProcessedforthepurposeofthisDPA,onterminationorexpirationofServices,inlinewiththerelevantprovisionsoftheMainAgreement. 3.11.TherequirementhereinshallbeexercisedpursuanttoanyapplicablelawwhichmayrequiretoretainsomeorallPersonalData,subjecttoadditionalsecuritymeasuressuchasisolationandprotectionfromfurtherProcessing. IV.DataSubjectRequests 4.1.Youherebyacknowledge,agreeandacceptthattheCompanyshallprovideYouwithcontrolsintheSoftwareviawhichYoucanretrieve,correct,deleteorrestrictPersonalDatainordertoassistYouinconnectionwiththerequirementsofDataProtectionLaws. 4.2.TheCompanymay,subjecttoawrittenrequestbyYou,providereasonableassistanceforrespondingtoanyDataSubjectRequestsorrequestsfromDataProtectionAuthoritiesrelatingtotheProcessingofPersonalDataunderthisDPA,subjecttoanyreimbursementdeemednecessary. 4.3.Youundertakethewhole,exclusiveandsoleresponsibilitytorespondtoDataSubjectRequest(s)orothercommunicationregardingtheProcessingofPersonalDatafromindividual(s)whois/areidentifiedasYourclientandmaybeaddressedtotheCompany,subjecttopromptnotificationofsucharequestfromustoYou. V.Sub-Processors 5.1.Youherebyacknowledge,agree,acceptandauthorisetheappointmentoftheSub-ProcessorsfortheProcessofPersonalDatapursuanttothisDPAandMainAgreementincludedinAnnex4herein,theSub-Processors’List. 5.2.TheCompanyherebyensuresthatwhereaSub-Processorisappointed,therelevantlegalagreementtobeconcludedbetweenthoseshallincludeappropriatedataprotectiontermssubjecttoappropriateDataProtectionLawsandimposeatleastthesamelevelofprotectionforPersonalData,astheprovisionsofthisDPAandwheredeemednecessary,includethelastversionofStandardContractualClauses,asissuedbytheEuropeanCommission. 5.3.TheCompanyshallremainresponsibleforeachSub-Processor’scompliancewiththeobligationsofthisDPAandandforanyactsoromissionsofsuchSub-ProcessorthatcauseustobreachanyofitsobligationsunderthisDPA. VI.DataTransfers 6.1.Youherebyacknowledge,consentandauthorisetheCompany,subjecttoprovisionsherein;toperformnecessaryDataTransfersforinternalandexternalbusinessoperationstothirdpartiesidentifiedasSub-ProcessorshereinwhichmaybelocatedoutsidetheEUand/ortheEEA. 6.2.Pursuanttoclause6.1.above,bothPartiesherebyconfirmandagreethatanyDataTransferswillbeperformedsolelyforthepurposeoftheMainAgreement,thisDPAandanyadditionalwrittenInstructionscommunicatedfromYoutotheCompany,onlyforthesubjectmatter. 6.3.ThePartieherebymutuallyagreesthatpursuanttoclause6herein,theCompanyshallperformanyandallDataTransferssubjecttotheprovisionsofChapter5(Article44-50)oftheGDPRandalwaysincompliancewiththerequirementsofapplicableDataProtectionLawsforthedurationofthisDPAandtheMainAgreement. 6.4.Pursuanttoclause6.3above,theCompanyshallnotnotperformanyDataTransferofEuropeanDatatoanycountryorrecipientnotrecognisedasprovidinganadequatelevelofprotectionforPersonalData,inaccordancewiththeprovisionsoftheEuropeanDataProtectionLaws;unlesssuchmeasuresarefirsttakentoensurethetransferisincompliancewithapplicableEuropeanDataProtectionLaws. Adequatelevelofprotection 6.5.Pursuanttoclause6.4above,theCompanyshallnotauthoriseanyDataTransfertoacountrywhichisnotrecognizedasprovidinganadequatelevelofprotectionvia: 6.5.1.根據GDPR第45條，由歐盟委員會發佈的有效充分決定，將可能在歐盟委員會官網上進行說明（充分決定）；和/或 6.5.2.approvedandauthorisedBindingCorporateRules,subjecttoArticle47oftheGDPR;and/or 6.5.3.根據相關的歐盟數據保護法規及歐盟委員會的標準合約條款(SCC)的官網內容所示，結論及信賴已批准標準合約條款(SCC)。

6.6.ThePartiesherebyacknowledgeandagreethatSimplyBook.meshallnotrelyontheEU-USPrivacyShieldandrelatedprinciplesforthepurposesoftransferringPersonalDataandensureappropriatemeasuresaretakentocomplywithapplicableDataProtectionLawsasmaybeamendedfromtimetotime. VII.StandardContractualClausesfortheParties 7.1.ThePartiesherebyagreethatwheretheyshouldconcludeStandardContractualClausesforthepursuanttotheMainAgreementfortheprovisionofServicesandaspartofthisDPA,theprovisionsofAnnex5hereinshallapplyasmaybeautomaticallyamendedtoreflectanychangestotheEuropeanDataProtectionLaws. 7.2.PursuanttoClause7.1.thePartiesherebymutuallyunderstandandagreethattheCompanyundertakestherightsandobligationsoftheDataImporterandYoutherightsandobligationsoftheDataExporter,asdefinedintheStandardContractualClausesandthoseshallcomeintoeffectonthelaterofeitherPartybecomingapartytothemandthecommencementoftherelevantdatatransfer. 7.3.ThePartiesherebymutuallyagreethatwheretheStandardContractualClausesareapplicableandthereisaconflictwithanyprovisionofthisDPA,theStandardContractualClauseswillprevailtotheextentofsuchconflictforthesubjectmatter. VIII.AdditionalProvisions Europeandata 8.1.ThispartoftheDPAappliestoEuropeanDataforthepurposesoftheMainAgreement. 8.2.ThePartiesherebyagreethatwhenProcessingEuropeanDatainaccordancewiththeInstructions,YouaretheControllerofEuropeanDataandSimplyBook.meLtdistheProcessor. 8.3.SimplyBook.mereservestherighttoinformYouwhereInstructionsinfringesEuropeanDataProtectionLaws,asandwhenapplicable,withoutunduedelay. 8.4.TheCompanywillmakeanynecessarychangestoAnnex4regardingtheappointedSub-ProcessorsandgiveyoutheopportunitytobenotifiedviaemailinwhichcaseYouhavetheopportunitytoobjecttotheengagementonreasonablegroundsrelatingtothisDPAandwithin30(thirty)daysaftersuchnotification. 8.5.TheCompanyshall,totheextentthattherequiredinformationisreasonablyavailableandyoudonototherwisehaveaccesstotherequiredinformation;providereasonableassistancetoYouwithanyDataProtectionImpactAssessments(“DPIA”),andpriorconsultationswithSupervisoryAuthoritiesorothercompetentDataPrivacyAuthoritiestotheextentrequiredbyEuropeanDataProtectionLaws. 8.6.SimplyBook.meshallmakeallinformationreasonablynecessarytodemonstratecompliancewithprovisionsherein,availabletoYouandmayallowforauditsincludingbutnotlimitedtoinspections. 8.7.TheDataProcessorhasappointedaDataProtectionOfficer(“DPO”)inlinewiththeEuropeanDataProtectionLawsandcanbecontactedforthepurposesofthisDPAandMainAgreementviaemail:[email protected]. Otherdata 8.8.ThispartoftheDPAappliestoPersonalDataotherthanEuropeanData,undertheprovisionsofapplicableDataProtectionLaws. 8.9.ThePartiesagreethatSimplyBook.meLtdshallProcesssuchPersonalDatastrictlyinaccordancewithapplicableDataProtectionLawsandsolelyforthepurposesofprovidingtheServicesundertheprovisionsoftheMainAgreement. 8.10.ThePartiesshallenterintoanyadditionalagreementsrequiredbylawforthepurposecomplyingwiththeapplicableDataProtectionLaws. IX.PartiestotheDPA 9.1.WhenYousign-upandaccepttheSimplyBook.meOnlineSolutionTerms&ConditionsfortheSimplyBook.meSoftwareSolution,YouasaUseroftheSystementerintothisDPAonbehalfofYourselfandwhereapplicableandtotheextentpermittedbylawandapplicableDataProtectionLaws,inthenameandonbehalfofYourPermittedAffiliates,establishingaseparateDPAbetweenusandeachsuchPermittedAffiliatesubjecttotheAgreementandprovisionsherein. 9.2.YouherebyagreeandacknowledgethateachPermittedAffiliateagreestobeboundbytheobligationsofthisDPAandasapplicabletotheMainAgreement. 9.3.Youherebyagreeandacknowledgethattotheextentpermittedbylaw,forthepurposesofthisDPAandexceptasotherwiseprovidedherein,“User”,“You”and“Your”willincludeYouandsuchPermittedAffiliates. 9.4.ThelegalentityagreeingtothisDPAasUserrepresentsthatitisauthorizedtoagreetoandenterintothisDPAforandonbehalfofitselfand,asapplicable,eachofitsPermittedAffiliates. X.GeneralProvisions 10.1.ThisDPAwillremaininforcefromtheEffectiveDateanduntiltheDataControllerorDataProcessorterminatestheMainAgreement,inlinewithapplicableprovisions. 10.2.ThisDPAmaybeterminatedbyeitherpartywitha30(thirty)dayswrittennotice,pursuanttotheprovisionsoftheMainAgreementandbycancellingthesysteminsystemsettings. 10.3.NotwithstandinganythingelsetothecontraryinthisDPAandMainAgreement,SimplyBook.mereservestherighttomakeanyupdatesandamendmentstothisDPAsubjecttoanyadditionaltermsherein. 10.4.IfanyindividualprovisionsofthisDPAaredeterminedtobeinvalidorunenforceable,thevalidityandenforceabilityoftheotherprovisionsofthisDPAwillnotbeaffected. 10.5.Neitherpartymay,withoutthepriorwrittenconsentoftheotherpartyassign,transfer,charge,licenseorotherwisedealinordisposeofanycontractualrightsorobligationsunderthisAgreement. 10.6.ThePartiesandPermittedAffiliates'liabilityarisingoutoforrelatedtothisDPAinwholewhetherincontract,tortorunderanyothertheoryofliability,willbesubjecttothelimitationsandexclusionsofliabilitysetoutintheMainAgreement. 10.7.ThePartiesherebyagreeandacceptthechoiceofthejurisdictionindicatedintheMainAgreementinrespectofthisDPA. Annex1:Definitions ThisAnnex2:DetailsofProcessingformspartoftheDPA. “DataController”:meansthenaturalorlegalperson,publicauthority,agencyorotherbodywhich,aloneorjointlywithothers,determinesthepurposesandmeansoftheProcessingofPersonalData. “DataProtectionLaws”:meansallapplicableworldwidelegislationrelatingtodataprotectionandprivacywhichappliestotherespectivePartyintheroleofProcessingPersonalDatainquestionundertheAgreement,includingwithoutlimitation:(1)theEuropeanDataProtectionLaws;(2)theCaliforniaConsumerPrivacyActof2018(“CCPA”);(3)thedataprotectionandprivacylawsofAustraliaandSingapore;(4)andother;ineachcaseasamended,repealed,consolidatedorreplacedfromtimetotime. “DataSubject”:meanstheindividualtowhomPersonalDatarelates. “DataProcessor”:meansanaturalorlegalperson,publicauthority,agencyorotherbodywhichProcessesPersonalDataonbehalfoftheDataController. "Europe":meanstheEuropeanUnion,theEuropeanEconomicAreaand/ortheirmemberstates. “EuropeanData”:meansPersonalDatathatissubjecttotheprotectionofEuropeanDataProtectionLaws,definedbelow. "EuropeanDataProtectionLaws":meansdataprotectionlawsapplicableinEurope,including:(1)Regulation2016/679-theEUGeneralDataProtectionRegulation("GDPR");(2)Directive2002/58/EC-theDirectiveonprivacyandelectroniccommunications;(3)applicablenationalimplementationsof1and2pointsabove;(4)anyapplicablenationallegislationthatreplacesorconvertsindomesticlawtheGDPRoranyotherlawrelatingtodataandprivacyasaconsequenceoftheUnitedKingdomleavingtheEuropeanUnion;ineachcase,asmaybeamended,supersededorreplaced. “EU-USPrivacyShield”:theself-certificationprogramoperatedbytheU.S.DepartmentofCommerceandapprovedbytheEuropeanCommission,asmaybeamended,supersededorreplaced. “Instructions”:anywritten,documentedinstructionsissuedbytheDataControllertotheDataProcessor,anddirectingthesametoperformaspecificorgeneralactionwithregardtoPersonalData,including,butnotlimitedto,depersonalizing,blocking,deletion,makingavailable. "PermittedAffiliates":shallincludeanyofYourAffiliatesthatispermittedtoobtaintheServicesonyourbehalf,pursuanttotheMainAgreement,buthavenotsignedtheirownseparateagreementwithusandarenotusersandqualifyasaControllerofPersonalDataProcessedbyus,andcanbesubjecttoEuropeanDataProtectionLaws. “PersonalData”:meansanyinformationrelatingtoanidentifiedoridentifiableindividualwheresuchinformationiscontainedwithintheAccount(asdefinedintheMainAgreement)andisprotectedasotherpersonalinformationorpersonallyidentifiableinformationunderapplicableDataProtectionLaws. “PersonalDataBreach”:shallmeanabreachofsecurityleadingtotheaccidentalorunlawfuldestruction,loss,alteration,unauthorizeddisclosureof,oraccessto,PersonalDatatransmitted,storedorotherwiseProcessedbyusand/orourSub-ProcessorsinconnectionwiththeprovisionoftheServicesbutdoesnotincludeunsuccessfulattemptsoractivitiesthatdonotcompromisethesecurityofPersonalData,includingunsuccessfullog-inattempts,pings,portscans,denialofserviceattacks,andothernetworkattacksonfirewallsornetworkedsystems. “Processing”:shallmeananyoperationorsetofoperationswhichisperformedonPersonalData,encompassingthecollection,recording,organization,structuring,storage,adaptationoralteration,retrieval,consultation,use,disclosurebytransmission,disseminationorotherwisemakingavailable,alignmentorcombination,restrictionorerasureofPersonalDataandtheterms“Process”,“Processes”and“Processed”willbeconstruedaccordingly. “Services”:shallhavethesamemeaningasintheMainAgreement. “StandardContractualClauses”:meansthestandardcontractualclausesforDataProcessorsapprovedpursuanttotheEuropeanCommission’srelevantdecisionandasincludedinAnnex5hereinwhichformspartoftheAgreementandasmaybeamended,supersededorreplaced. “Sub-Processor”:meansanyDataProcessorengagedbyustoassistfulfillingourobligationswithrespecttotheprovisionoftheServicesundertheMainAgreementandmayincludethirdparties,excludinganyemployeeorconsultantofSimplyBook.meLtd. Annex2:Detailsofprocessing ThisAnnex2:DetailsofProcessingformspartoftheDPA. NatureandPurposesoftheProcess:theCompanywillProcessPersonalDataasrequiredforthepurposesofprovidingtheServices,pursuanttotheMainAgreementandasmayfurtherbespecifiedinadditionaldocumentationwhichformspartoftheMainAgreementandDPA. DurationoftheProcessing:subjecttoanyprovisionscontainedhereinspecifyingotherwise,ProcessingofPersonalDatashalloccurforthedurationoftheMainAgreement,unlessotherwiseagreedinwriting. CategoriesofDataSubjects:pursuanttotheprovisionsoftheMainAgreement,DataSubjectsshallincludeanytypeofUser’sclientsandthereforemayvarybythesystemusagefromtheDataController. CategoriesofPersonalData:pursuanttotheprovisionsoftheMainAgreement,categoriesofPersonalDatamayvaryinaccordancewiththeusageoftheSystemandmycoverthebelow: -nameandsurname -emailaddress -phonenumbers -informationthatisrequestedbytheDataControllerthroughtheusageofadditionalfields -informationthattheDataControllermakesascommentsonindividualbookingsthatrelatetoaperson -medicalrelatedpersonalinformation,concerningtheevaluationofpatientsasmaybeencryptedatrestontheDataProcessor’sserversattheDataController’schoice -informationonthestatusofbookings,whethertheyattended,orpaidforbooking -medicalrelatedinformationfieldonsubjectusedfornonmedicalinformationalpurposesbytheDataController -theDataController’scommentsonDataSubject‘sbookingsthatcanrelatetoservicesrequired,orpersonalinformationonthesubjectmatter;andtheaboveshallvarybythesystem -usagefromtheDataControllerandisnotabsolute. SpecialCategoriesofPersonalData(whereapplicable):mayincludeMedicalandHealthinformationwhichrelatetoSOAPinformationandmedicalhistories,providedthatthecustomfeatureisenabled;and/ortransactionalinformationaboutaUser’spurchasesand/orincome. ProcessingOperations:includethestandardisedinternalprocessesinwhichsystemusers’dataarecontinuouslyorsystematicallycollected,storedandusedfortheprovisionoftheServices,inlinewiththeMainAgreement.TheDataProcessorwillProcessPersonalDataonbehalfoftheDataControllerforthepurposeofusingtheAppointmentSchedulingSystemandacceptappointments,sendreminders,processpayments,sellproducts,makepromotionsandotherrelatedactivitiesallowedbyourcustomfeatures. Annex3:SecurityMeasures 1.ThisAnnex3SecurityMeasuresformspartoftheDPAandallcapitalisedterms,nototherwisedefinedherein,shallhavethesamemeaningsetforthintheMainAgreement. 2.ThemeasureshereinformpartoftheISMSwhichshallbemaintainedinaccordancewithbestpracticesandstandards. A.Accesscontrolandmanagement TheCompanyhastakeappropriatemeasurestopreventunauthorisedaccesstotheSystem,network,applicationsandeventuallyPersonalDatasuchas: ImplementationandmaintenanceofAccessControlPoliciesandProceduresaspartoftheinternalInformationSecurityManagementSystem(“ISMS”); Followingofaccessrulesbasedonthe“need-to-know”and“leastprivileged”; Restrictionprinciplesfordirectaccesstodatabases; 2FAauthenticationisusedbytheworkerswhenaccessingsystemforProcessingofPersonalData; 2FAsecureloginisavailablewith“GoogleAuthenticator”and“HIPAA”customfeaturesfortheUser; PasswordManagementisavailablewiththe“StrictPassword”customfeaturefortheUser. B.Encryption TheCompanyshalluseappropriateencryptiontechnologiestoprotectPersonalDataandwhereapplicablefordataintransit(forallcommunications,betweenend-usersandserver)andfordataatrest(availableforSOAPdataandmedicalhistorywith“SOAPwithDataEncryption”customfeature). C.Informationclassificationandhandling TheCompanyshallhaveinplaceanappropriateRecordofProcessingOperations,anAssetHandlingProcedureandanAcceptableUsePolicyallofwhichensurethatallinformation,includingPersonalDataareclassifiedinaccordancewithitscriticalityandsensitivitytounauthorisedaccess,disclosureormodification. D.Humanresourcessecurity TheCompanyhastakenreasonablemeasurestoensurethatitsemployeesandcontractors,whichhaveaccesstoPersonalDataareawareofandadheretothesecurityandprivacypoliciesandprocedures. Themeasuresinclude:(a)backgroundverificationchecks,suchascriminalrecordscheckingforallemployeesandcontractorswithaccesstoPersonalData;(b)conclusionofNon-DisclosureandConfidentialityAgreementandDataProcessingAgreementforallemployeesandcontractors;(c)participationintrainingandawarenessprogramsbyemployeesandcontractors,focusedontheprotectionofpersonaldata,privacyandsecurity. E.Operationalsecurity TheCompanyiscommittedtoensurethatcorrectandsecurefacilitiesfortheProcessingofPersonalDataby: controllingthechangestotheprocessingsystemsandfacilitiesbyimplementingandmaintainingproceduresinlinewiththeinternalChangeManagementPolicy; performingregularback-upsandtestofback-ups,byimplementingandmaintainingproceduresinlinewiththeinternalBack-UpPolicy; maintainingeventloggingwithrecordsofuseractivities,exceptions,errorsandinformationsecurityevents; ensureclocksynchronisationforallrelevantInformationProcessingSystems. F.Networksecurity TheCompanyhasimplementedaFirewallProtection,anIntrusionDetectionSystemandisregularlymonitoringtheNetworkActivity. G.Securedevelopment TheCompanyperformssoftwaredevelopmentandrelevantsupportprocessesaccordingtoadoptedsecuresystemengineeringprinciplessuchas: Securitybydesign; Securitytestingshallbeperformedforanychangesornewdevelopments; Development/testing/productionenvironmentsshallbeseparated. H.Supplierassessments TheCompanyperformsregularassessmentsofsupplierservicesandacknowledgestheresponsibilitytoinformtheDataControllerforanychangestotheprovisionofServicespursuanttotheMainAgreement. I.Businesscontinuityandincidentmanagement TheCompanyensuresaconsistentapproachtothemanagementofprivacyandsecurityincidents,includingcommunicationonsecuritybreachesandweaknessesvia: theBusinessContinuityandIncidentManagementProcedureswhichisdocumentedandtestedregularly; thePersonalDataBreachNotificationProcedurewhichisdocumentedandtestedregularly. J.Internalsecurityaudits TheCompanyperformsperiodicassessmentsofriskstoPersonalDataandreviewstheeffectivenessoftheimplementedsecuritypoliciesandprocedures. Annex4:SecurityMeasures 1.ReadthisAnnex4inconjunctionwithClause5andotherapplicableprovisionsoftheDPA. SUB-PROCESSOR PURPOSE LOCATION GoogleInc. Hosting&Infrastructure 美國 Facebook粉絲專頁 Hosting&Infrastructure 美國 LiveAgent Services&Support Europe OVH Hosting&Infrastructure UK,Canada,France&Singapore AmazonWebServicesInc. Hosting&Infrastructure Ireland Linode MailServer UK Nexmo(VonageHoldingsCorp.) Services&Support UK Sendinblue Services&Support France Hotjar 統計＆分析 France Piwik 統計＆分析 France TwilioInc. Services&Support 美國 PayPal PaymentProcessingProvider 美國 MaxMind,Inc. Services&Support 美國 Borgun PaymentProcessingProvider 冰島 SafeCharge PaymentProcessingProvider UK,USA,Canada eSignGenie Services-e-signature 美國 AccountableHQ Services-HIPAAComplianceSoftwareande-signature 美國 Annex5:Standardcontractualclauses 1.ThelatestversionoftheStandardContractualClausesavailableontheofficialwebsiteoftheEuropeanCommissionhereisimplementedandfollowedforthesubjectmatter. 2.TheSCCarepartofthisAgreement,totheextentapplicabletothePartiesinaccordancewiththeEuropeanDataProtectionLaws. 3.ForthepurposesofthisAgreementandthecontractualrelationshipoftheParties,ModuleTwo:TransferbetweenControllertoProcessorisadopted. GetthefullsignedversionofourDPA-thiswillcontainthefullversionofthelatestSCC-here. SimplyBook.meExplanatoryVideo SimplyBook.meExplanatoryVideo 選擇語系 English 臺灣話 Français 中文 Español 한국어 Deutsch 日本 Русский Português Brasil Italiano Nederlands Українська 登入 公司登入 忘記公司登入帳號 登入 登入方式Google 登入方式Facebook 登入方式Twitter 帳戶 登入 註冊 SimplyBook.me的各種使用範例！ 預約網站範本 探索豐富的預約網站範本，選擇您喜歡的內容，客製化品牌專屬官網！ AcceptBookingsviamultiplechannels 查看如何全方位整合預約排程，透過預約網站、Facebook、Instagram、Google我的商家、LINE官方帳號＆Booking.Page線上接單24小時不間斷！ 預約排程後台範例 查看經營者後台，讓您清楚了解如何有效管理預約排程！ 登入:admin 密碼:demo 經營者專屬App 查看我們操作影片，了解如何透過iOS&Android裝置管理每日預約排程 線上支援 歡迎與我們聯繫！ 需要更簡單的解決方案？ 別忘了，我們也提供更輕便的會議預約排程系統。

若您覺得SimplyBook.me預約功能過於全面，需要一個比較簡單的方案，歡迎查看更多相關資訊。

SimplyBook.me與SimplyMeet.me 繼續使用SimplyBook.me