數據資料處理協議 - SimplyBook.me 一站式線上預約排程解決方案
文章推薦指數: 80 %
Data Subject Requests V. Sub-Processors VI. Data Transfers VII. Standard Contractual Clauses VIII. Additional Provisions IX.
ThisdocumentistheDataProcessingAgreement(“DPA”)ofSimplyBook.meLtd,preparedpursuanttoArticle28oftheEUGeneralDataProtectionRegulation(“GDPR”).ItisalegallybindingagreementbetweenSimplyBook.meLtdandYou,theUseroftheSimplyBook.meSoftwareSolution.
ItisrecommendedthatYoureadthisdocumentcarefully,togetherwithour:
SimplyBook.meSoftwareSolution-TermsandConditions;
SimplyBook.meSoftwareSolution-PrivacyPolicy;
anyotherlegallybindingdocumentsignedbetweenYouandSimplyBook.meLtdfortheprovisionoftheSimplyBook.meSoftwareSolution;
ourGDPRComplianceStatement;
ourdocumentscontainedinthelatestversionofourSecurityPackage
Note1
YoucandownloadandgetasignedcopyofthisDPA.
Note2
YouunderstandthatwemaymakeanyreasonablechangestotheprovisionsbelowinordertoreflectchangesintheGDPRorotherrelevantlawsand/oridentitychangestoourbusinessoperationsandwewillnotifyyouforanymajorchanges.
Note3
IfyouhaveanyquestionsaboutthisDPA,pleasecontactus
[email protected]或[email protected]
Version:2.2
Lastupdated:23/11/2021
Effectivedate:23/11/2021
I.
具體定義
II.
ResponsibilitiesofYou
III.
ResponsibilitiesoftheCompany:
IV.
DataSubjectRequests
V.
Sub-Processors
VI.
DataTransfers
VII.
StandardContractualClauses
VIII.
AdditionalProvisions
IX.
PartiestotheDPA
X.
GeneralProvisions
XI.
Annexes
I.具體定義
1.1.InadditiontothetermsdefinedelsewhereinthisAgreementandtheMainAgreement,forallthepurposesofthesubjectmatterhereof,thetermsincludedinAnnex1(the“Definitions”)hereinshallhavethemeaningssetforththerein.
1.2.ThePartiesmutuallyagreeandunderstandthatforthepurposesofthisAgreement,allthedefinitionsoftheEuropeanDataProtectionLawsareadopted.
II.ResponsibilitiesofYou
2.1.InlinewiththeprovisionsofthisDPAandMainAgreement,YouareresponsibletocomplyasDataControllerwithallrequirementsapplicabletoyouroperationsunderapplicableDataProtectionLaws,fortheProcessingofPersonalData.
2.2.Youagreeandacknowledgethat,withoutprejudicetothegeneralityofthebelow;thatyouareresponsiblefor:(i)theaccuracy,qualityandlegalityofthePersonalDataprovidedbyYoutotheCompanyforthepurposesoftheServicesaswellasthemeansandmethodsofacquiringthat;(ii)compliancewithwithallnecessarytransparencyandlawfulnessrequirementsunderapplicableDataProtectionLaws,includingEuropeanDataProtectionLaws;(iii)forthecollectionanduseofthePersonalData,includingobtaininganynecessaryconsentsandauthorizations,particularlyforusebytheUserformarketingpurposes;(iv)ensuringthatYouhavetherighttotransferorprovideaccessto,thePersonalDatatousforProcessinginaccordancewiththetermsofthisDPAandMainAgreement;(v)ensuringthatYoucomplywithanylawsapplicabletoYou,includingbutnotlimitedtoDataProtectionLaws,foranyemailsorothercontentcreated,sentorotherwisemanagedthroughourServices.
2.3.YouherebyconfirmandagreetoinformtheCompanypromptlyandwithoutanyunduedelay,ifYouarenotabletocomplywithyourobligationsherein,andspecificallyundertheapplicableDataProtectionLaws.
2.4.YouherebyacknowledgeandunderstandthattheprovisionshereinandanyrelevantprovisionsoftheMainAgreementandanyadditionalwrittenrequestunderYourcapacityasaDataSubject;shallconstitutethecompleteandfinalInstructionsofYouasDataControllerforthepurposesofthisDPAforandinrelationtotheProcessingofYourPersonalData.
2.5.Youherebyacknowledge,understandandagreethat,anyadditionalInstructionsoutsidethescopeherein,shallrequireYourpriorwrittenrequest.
III.ResponsibilitiesoftheCompany
3.1.TheCompanyshallonlyProcessPersonalDataforthepurposeofdescribedinthisDPAandinlinewithAnnex2herein(the“DetailsofProcessing”)orasotherwiseagreedwithinthescopeofyourlawfulInstructions,exceptwhereandtotheextentotherwiserequiredbytheDataProtectionLaws,includingbutnotlimitedtoEuropeanDataProtectionLawsandotherapplicablelawsandregulationsrelevanttotheParties.
3.2.TheCompanyshallnotbeheldresponsibleandliableforcompliancewithapplicableDataProtectionLawswhichapplysolelytoYouand/orYourindustryandarenotlegallyapplicabletoSimplyBook.meLtd’soperations.
3.3.TheCompanyshallnotifyYouimmediatelyandwithoutanyunduedelay,totheextentpermittedbylaw;whereitisdeemedthelatterisunabletoProcessPersonalDatainaccordancewiththeprovisionsofthisDPAandduetolegalrequirementsofapplicablelawsand/orregulations.
資安團隊
3.4.Byconsideringthestateofart,thecostsofimplementingandthenature,scope,contextandpurposesofProcessingofPersonalDatapursuanttotheprovisionsofthisDPA,aswellastheriskofvaryinglikelihoodandseverityfortherightsandfreedomsofnaturalpersons;theCompanyshallimplementandmaintainappropriatetechnicalandorganisationalmeasurestoensuretheappropriatelevelofsecuritytothatrisk,asperprovisionsofAnnex3herein(collectivelythe“SecurityMeasures”).
3.5.TheCompanyshallensurethattheSecurityMeasuresformpartofitsimplementedInformationSecurityManagementSystem(the“ISMS”),inlinewiththeISO/IEC27001:2013standardandissuedcertificatebyanaccreditedcertifyingbody.
3.6.Notwithstandinganyprovisiontothecontrary,theCompanymaymodifyorupdatetheSecurityMeasuresatourdiscretionprovidedthatsuchmodificationorupdatedoesnotresultinamaterialdegradationintheprotectionofferedbytheSecurityMeasuresand/orcomplywithrelevantlawsandlegalobligations.
Confidentiality
3.7.TheCompanyherebyensuresthatanyworkerorappointedpersonauthorisedtoProcessPersonalDataforandonourbehalfissubjecttoappropriateconfidentialityobligations,contractualandstatutoryobligationswithrespecttothatPersonalData.
Personaldatabreaches
3.8.TheCompanyherebyagreestonotifypromptandwithoutunduedelayoncebecomingawareofanyPersonalDataBreach,followingtheprovisionsofapplicableDataProtectionLawsandwherenecessaryprovideYouwithinformationasitbecomesknownorreasonablyrequestedbyYou.
3.9.TheCompanyherebyagreestopromptlyprovideYouwithsuchreasonableassistanceasnecessarytoenablenotifyingrelevantPersonalDataBreachestocompetentauthoritiesand/oraffectedDataSubjects,pursuanttotheapplicableDataProtectionLawsandsubjecttoyourwrittenrequest.
Delectionorreturnofpersonaldata
3.10.TheCompanyherebyagreestodeleteorreturntoYouallPersonalDatarelatingtotheMainAgreementandthisDPA,includingbutnotlimitedtocopiesofPersonalDatawhichwasProcessedforthepurposeofthisDPA,onterminationorexpirationofServices,inlinewiththerelevantprovisionsoftheMainAgreement.
3.11.TherequirementhereinshallbeexercisedpursuanttoanyapplicablelawwhichmayrequiretoretainsomeorallPersonalData,subjecttoadditionalsecuritymeasuressuchasisolationandprotectionfromfurtherProcessing.
IV.DataSubjectRequests
4.1.Youherebyacknowledge,agreeandacceptthattheCompanyshallprovideYouwithcontrolsintheSoftwareviawhichYoucanretrieve,correct,deleteorrestrictPersonalDatainordertoassistYouinconnectionwiththerequirementsofDataProtectionLaws.
4.2.TheCompanymay,subjecttoawrittenrequestbyYou,providereasonableassistanceforrespondingtoanyDataSubjectRequestsorrequestsfromDataProtectionAuthoritiesrelatingtotheProcessingofPersonalDataunderthisDPA,subjecttoanyreimbursementdeemednecessary.
4.3.Youundertakethewhole,exclusiveandsoleresponsibilitytorespondtoDataSubjectRequest(s)orothercommunicationregardingtheProcessingofPersonalDatafromindividual(s)whois/areidentifiedasYourclientandmaybeaddressedtotheCompany,subjecttopromptnotificationofsucharequestfromustoYou.
V.Sub-Processors
5.1.Youherebyacknowledge,agree,acceptandauthorisetheappointmentoftheSub-ProcessorsfortheProcessofPersonalDatapursuanttothisDPAandMainAgreementincludedinAnnex4herein,theSub-Processors’List.
5.2.TheCompanyherebyensuresthatwhereaSub-Processorisappointed,therelevantlegalagreementtobeconcludedbetweenthoseshallincludeappropriatedataprotectiontermssubjecttoappropriateDataProtectionLawsandimposeatleastthesamelevelofprotectionforPersonalData,astheprovisionsofthisDPAandwheredeemednecessary,includethelastversionofStandardContractualClauses,asissuedbytheEuropeanCommission.
5.3.TheCompanyshallremainresponsibleforeachSub-Processor’scompliancewiththeobligationsofthisDPAandandforanyactsoromissionsofsuchSub-ProcessorthatcauseustobreachanyofitsobligationsunderthisDPA.
VI.DataTransfers
6.1.Youherebyacknowledge,consentandauthorisetheCompany,subjecttoprovisionsherein;toperformnecessaryDataTransfersforinternalandexternalbusinessoperationstothirdpartiesidentifiedasSub-ProcessorshereinwhichmaybelocatedoutsidetheEUand/ortheEEA.
6.2.Pursuanttoclause6.1.above,bothPartiesherebyconfirmandagreethatanyDataTransferswillbeperformedsolelyforthepurposeoftheMainAgreement,thisDPAandanyadditionalwrittenInstructionscommunicatedfromYoutotheCompany,onlyforthesubjectmatter.
6.3.ThePartieherebymutuallyagreesthatpursuanttoclause6herein,theCompanyshallperformanyandallDataTransferssubjecttotheprovisionsofChapter5(Article44-50)oftheGDPRandalwaysincompliancewiththerequirementsofapplicableDataProtectionLawsforthedurationofthisDPAandtheMainAgreement.
6.4.Pursuanttoclause6.3above,theCompanyshallnotnotperformanyDataTransferofEuropeanDatatoanycountryorrecipientnotrecognisedasprovidinganadequatelevelofprotectionforPersonalData,inaccordancewiththeprovisionsoftheEuropeanDataProtectionLaws;unlesssuchmeasuresarefirsttakentoensurethetransferisincompliancewithapplicableEuropeanDataProtectionLaws.
Adequatelevelofprotection
6.5.Pursuanttoclause6.4above,theCompanyshallnotauthoriseanyDataTransfertoacountrywhichisnotrecognizedasprovidinganadequatelevelofprotectionvia:
6.5.1.根據GDPR第45條,由歐盟委員會發佈的有效充分決定,將可能在歐盟委員會官網上進行說明(充分決定);和/或
6.5.2.approvedandauthorisedBindingCorporateRules,subjecttoArticle47oftheGDPR;and/or
6.5.3.根據相關的歐盟數據保護法規及歐盟委員會的標準合約條款(SCC)的官網內容所示,結論及信賴已批准標準合約條款(SCC)。
6.6.ThePartiesherebyacknowledgeandagreethatSimplyBook.meshallnotrelyontheEU-USPrivacyShieldandrelatedprinciplesforthepurposesoftransferringPersonalDataandensureappropriatemeasuresaretakentocomplywithapplicableDataProtectionLawsasmaybeamendedfromtimetotime.
VII.StandardContractualClausesfortheParties
7.1.ThePartiesherebyagreethatwheretheyshouldconcludeStandardContractualClausesforthepursuanttotheMainAgreementfortheprovisionofServicesandaspartofthisDPA,theprovisionsofAnnex5hereinshallapplyasmaybeautomaticallyamendedtoreflectanychangestotheEuropeanDataProtectionLaws.
7.2.PursuanttoClause7.1.thePartiesherebymutuallyunderstandandagreethattheCompanyundertakestherightsandobligationsoftheDataImporterandYoutherightsandobligationsoftheDataExporter,asdefinedintheStandardContractualClausesandthoseshallcomeintoeffectonthelaterofeitherPartybecomingapartytothemandthecommencementoftherelevantdatatransfer.
7.3.ThePartiesherebymutuallyagreethatwheretheStandardContractualClausesareapplicableandthereisaconflictwithanyprovisionofthisDPA,theStandardContractualClauseswillprevailtotheextentofsuchconflictforthesubjectmatter.
VIII.AdditionalProvisions
Europeandata
8.1.ThispartoftheDPAappliestoEuropeanDataforthepurposesoftheMainAgreement.
8.2.ThePartiesherebyagreethatwhenProcessingEuropeanDatainaccordancewiththeInstructions,YouaretheControllerofEuropeanDataandSimplyBook.meLtdistheProcessor.
8.3.SimplyBook.mereservestherighttoinformYouwhereInstructionsinfringesEuropeanDataProtectionLaws,asandwhenapplicable,withoutunduedelay.
8.4.TheCompanywillmakeanynecessarychangestoAnnex4regardingtheappointedSub-ProcessorsandgiveyoutheopportunitytobenotifiedviaemailinwhichcaseYouhavetheopportunitytoobjecttotheengagementonreasonablegroundsrelatingtothisDPAandwithin30(thirty)daysaftersuchnotification.
8.5.TheCompanyshall,totheextentthattherequiredinformationisreasonablyavailableandyoudonototherwisehaveaccesstotherequiredinformation;providereasonableassistancetoYouwithanyDataProtectionImpactAssessments(“DPIA”),andpriorconsultationswithSupervisoryAuthoritiesorothercompetentDataPrivacyAuthoritiestotheextentrequiredbyEuropeanDataProtectionLaws.
8.6.SimplyBook.meshallmakeallinformationreasonablynecessarytodemonstratecompliancewithprovisionsherein,availabletoYouandmayallowforauditsincludingbutnotlimitedtoinspections.
8.7.TheDataProcessorhasappointedaDataProtectionOfficer(“DPO”)inlinewiththeEuropeanDataProtectionLawsandcanbecontactedforthepurposesofthisDPAandMainAgreementviaemail:[email protected].
Otherdata
8.8.ThispartoftheDPAappliestoPersonalDataotherthanEuropeanData,undertheprovisionsofapplicableDataProtectionLaws.
8.9.ThePartiesagreethatSimplyBook.meLtdshallProcesssuchPersonalDatastrictlyinaccordancewithapplicableDataProtectionLawsandsolelyforthepurposesofprovidingtheServicesundertheprovisionsoftheMainAgreement.
8.10.ThePartiesshallenterintoanyadditionalagreementsrequiredbylawforthepurposecomplyingwiththeapplicableDataProtectionLaws.
IX.PartiestotheDPA
9.1.WhenYousign-upandaccepttheSimplyBook.meOnlineSolutionTerms&ConditionsfortheSimplyBook.meSoftwareSolution,YouasaUseroftheSystementerintothisDPAonbehalfofYourselfandwhereapplicableandtotheextentpermittedbylawandapplicableDataProtectionLaws,inthenameandonbehalfofYourPermittedAffiliates,establishingaseparateDPAbetweenusandeachsuchPermittedAffiliatesubjecttotheAgreementandprovisionsherein.
9.2.YouherebyagreeandacknowledgethateachPermittedAffiliateagreestobeboundbytheobligationsofthisDPAandasapplicabletotheMainAgreement.
9.3.Youherebyagreeandacknowledgethattotheextentpermittedbylaw,forthepurposesofthisDPAandexceptasotherwiseprovidedherein,“User”,“You”and“Your”willincludeYouandsuchPermittedAffiliates.
9.4.ThelegalentityagreeingtothisDPAasUserrepresentsthatitisauthorizedtoagreetoandenterintothisDPAforandonbehalfofitselfand,asapplicable,eachofitsPermittedAffiliates.
X.GeneralProvisions
10.1.ThisDPAwillremaininforcefromtheEffectiveDateanduntiltheDataControllerorDataProcessorterminatestheMainAgreement,inlinewithapplicableprovisions.
10.2.ThisDPAmaybeterminatedbyeitherpartywitha30(thirty)dayswrittennotice,pursuanttotheprovisionsoftheMainAgreementandbycancellingthesysteminsystemsettings.
10.3.NotwithstandinganythingelsetothecontraryinthisDPAandMainAgreement,SimplyBook.mereservestherighttomakeanyupdatesandamendmentstothisDPAsubjecttoanyadditionaltermsherein.
10.4.IfanyindividualprovisionsofthisDPAaredeterminedtobeinvalidorunenforceable,thevalidityandenforceabilityoftheotherprovisionsofthisDPAwillnotbeaffected.
10.5.Neitherpartymay,withoutthepriorwrittenconsentoftheotherpartyassign,transfer,charge,licenseorotherwisedealinordisposeofanycontractualrightsorobligationsunderthisAgreement.
10.6.ThePartiesandPermittedAffiliates'liabilityarisingoutoforrelatedtothisDPAinwholewhetherincontract,tortorunderanyothertheoryofliability,willbesubjecttothelimitationsandexclusionsofliabilitysetoutintheMainAgreement.
10.7.ThePartiesherebyagreeandacceptthechoiceofthejurisdictionindicatedintheMainAgreementinrespectofthisDPA.
Annex1:Definitions
ThisAnnex2:DetailsofProcessingformspartoftheDPA.
“DataController”:meansthenaturalorlegalperson,publicauthority,agencyorotherbodywhich,aloneorjointlywithothers,determinesthepurposesandmeansoftheProcessingofPersonalData.
“DataProtectionLaws”:meansallapplicableworldwidelegislationrelatingtodataprotectionandprivacywhichappliestotherespectivePartyintheroleofProcessingPersonalDatainquestionundertheAgreement,includingwithoutlimitation:(1)theEuropeanDataProtectionLaws;(2)theCaliforniaConsumerPrivacyActof2018(“CCPA”);(3)thedataprotectionandprivacylawsofAustraliaandSingapore;(4)andother;ineachcaseasamended,repealed,consolidatedorreplacedfromtimetotime.
“DataSubject”:meanstheindividualtowhomPersonalDatarelates.
“DataProcessor”:meansanaturalorlegalperson,publicauthority,agencyorotherbodywhichProcessesPersonalDataonbehalfoftheDataController.
"Europe":meanstheEuropeanUnion,theEuropeanEconomicAreaand/ortheirmemberstates.
“EuropeanData”:meansPersonalDatathatissubjecttotheprotectionofEuropeanDataProtectionLaws,definedbelow.
"EuropeanDataProtectionLaws":meansdataprotectionlawsapplicableinEurope,including:(1)Regulation2016/679-theEUGeneralDataProtectionRegulation("GDPR");(2)Directive2002/58/EC-theDirectiveonprivacyandelectroniccommunications;(3)applicablenationalimplementationsof1and2pointsabove;(4)anyapplicablenationallegislationthatreplacesorconvertsindomesticlawtheGDPRoranyotherlawrelatingtodataandprivacyasaconsequenceoftheUnitedKingdomleavingtheEuropeanUnion;ineachcase,asmaybeamended,supersededorreplaced.
“EU-USPrivacyShield”:theself-certificationprogramoperatedbytheU.S.DepartmentofCommerceandapprovedbytheEuropeanCommission,asmaybeamended,supersededorreplaced.
“Instructions”:anywritten,documentedinstructionsissuedbytheDataControllertotheDataProcessor,anddirectingthesametoperformaspecificorgeneralactionwithregardtoPersonalData,including,butnotlimitedto,depersonalizing,blocking,deletion,makingavailable.
"PermittedAffiliates":shallincludeanyofYourAffiliatesthatispermittedtoobtaintheServicesonyourbehalf,pursuanttotheMainAgreement,buthavenotsignedtheirownseparateagreementwithusandarenotusersandqualifyasaControllerofPersonalDataProcessedbyus,andcanbesubjecttoEuropeanDataProtectionLaws.
“PersonalData”:meansanyinformationrelatingtoanidentifiedoridentifiableindividualwheresuchinformationiscontainedwithintheAccount(asdefinedintheMainAgreement)andisprotectedasotherpersonalinformationorpersonallyidentifiableinformationunderapplicableDataProtectionLaws.
“PersonalDataBreach”:shallmeanabreachofsecurityleadingtotheaccidentalorunlawfuldestruction,loss,alteration,unauthorizeddisclosureof,oraccessto,PersonalDatatransmitted,storedorotherwiseProcessedbyusand/orourSub-ProcessorsinconnectionwiththeprovisionoftheServicesbutdoesnotincludeunsuccessfulattemptsoractivitiesthatdonotcompromisethesecurityofPersonalData,includingunsuccessfullog-inattempts,pings,portscans,denialofserviceattacks,andothernetworkattacksonfirewallsornetworkedsystems.
“Processing”:shallmeananyoperationorsetofoperationswhichisperformedonPersonalData,encompassingthecollection,recording,organization,structuring,storage,adaptationoralteration,retrieval,consultation,use,disclosurebytransmission,disseminationorotherwisemakingavailable,alignmentorcombination,restrictionorerasureofPersonalDataandtheterms“Process”,“Processes”and“Processed”willbeconstruedaccordingly.
“Services”:shallhavethesamemeaningasintheMainAgreement.
“StandardContractualClauses”:meansthestandardcontractualclausesforDataProcessorsapprovedpursuanttotheEuropeanCommission’srelevantdecisionandasincludedinAnnex5hereinwhichformspartoftheAgreementandasmaybeamended,supersededorreplaced.
“Sub-Processor”:meansanyDataProcessorengagedbyustoassistfulfillingourobligationswithrespecttotheprovisionoftheServicesundertheMainAgreementandmayincludethirdparties,excludinganyemployeeorconsultantofSimplyBook.meLtd.
Annex2:Detailsofprocessing
ThisAnnex2:DetailsofProcessingformspartoftheDPA.
NatureandPurposesoftheProcess:theCompanywillProcessPersonalDataasrequiredforthepurposesofprovidingtheServices,pursuanttotheMainAgreementandasmayfurtherbespecifiedinadditionaldocumentationwhichformspartoftheMainAgreementandDPA.
DurationoftheProcessing:subjecttoanyprovisionscontainedhereinspecifyingotherwise,ProcessingofPersonalDatashalloccurforthedurationoftheMainAgreement,unlessotherwiseagreedinwriting.
CategoriesofDataSubjects:pursuanttotheprovisionsoftheMainAgreement,DataSubjectsshallincludeanytypeofUser’sclientsandthereforemayvarybythesystemusagefromtheDataController.
CategoriesofPersonalData:pursuanttotheprovisionsoftheMainAgreement,categoriesofPersonalDatamayvaryinaccordancewiththeusageoftheSystemandmycoverthebelow:
-nameandsurname
-emailaddress
-phonenumbers
-informationthatisrequestedbytheDataControllerthroughtheusageofadditionalfields
-informationthattheDataControllermakesascommentsonindividualbookingsthatrelatetoaperson
-medicalrelatedpersonalinformation,concerningtheevaluationofpatientsasmaybeencryptedatrestontheDataProcessor’sserversattheDataController’schoice
-informationonthestatusofbookings,whethertheyattended,orpaidforbooking
-medicalrelatedinformationfieldonsubjectusedfornonmedicalinformationalpurposesbytheDataController
-theDataController’scommentsonDataSubject‘sbookingsthatcanrelatetoservicesrequired,orpersonalinformationonthesubjectmatter;andtheaboveshallvarybythesystem
-usagefromtheDataControllerandisnotabsolute.
SpecialCategoriesofPersonalData(whereapplicable):mayincludeMedicalandHealthinformationwhichrelatetoSOAPinformationandmedicalhistories,providedthatthecustomfeatureisenabled;and/ortransactionalinformationaboutaUser’spurchasesand/orincome.
ProcessingOperations:includethestandardisedinternalprocessesinwhichsystemusers’dataarecontinuouslyorsystematicallycollected,storedandusedfortheprovisionoftheServices,inlinewiththeMainAgreement.TheDataProcessorwillProcessPersonalDataonbehalfoftheDataControllerforthepurposeofusingtheAppointmentSchedulingSystemandacceptappointments,sendreminders,processpayments,sellproducts,makepromotionsandotherrelatedactivitiesallowedbyourcustomfeatures.
Annex3:SecurityMeasures
1.ThisAnnex3SecurityMeasuresformspartoftheDPAandallcapitalisedterms,nototherwisedefinedherein,shallhavethesamemeaningsetforthintheMainAgreement.
2.ThemeasureshereinformpartoftheISMSwhichshallbemaintainedinaccordancewithbestpracticesandstandards.
A.Accesscontrolandmanagement
TheCompanyhastakeappropriatemeasurestopreventunauthorisedaccesstotheSystem,network,applicationsandeventuallyPersonalDatasuchas:
ImplementationandmaintenanceofAccessControlPoliciesandProceduresaspartoftheinternalInformationSecurityManagementSystem(“ISMS”);
Followingofaccessrulesbasedonthe“need-to-know”and“leastprivileged”;
Restrictionprinciplesfordirectaccesstodatabases;
2FAauthenticationisusedbytheworkerswhenaccessingsystemforProcessingofPersonalData;
2FAsecureloginisavailablewith“GoogleAuthenticator”and“HIPAA”customfeaturesfortheUser;
PasswordManagementisavailablewiththe“StrictPassword”customfeaturefortheUser.
B.Encryption
TheCompanyshalluseappropriateencryptiontechnologiestoprotectPersonalDataandwhereapplicablefordataintransit(forallcommunications,betweenend-usersandserver)andfordataatrest(availableforSOAPdataandmedicalhistorywith“SOAPwithDataEncryption”customfeature).
C.Informationclassificationandhandling
TheCompanyshallhaveinplaceanappropriateRecordofProcessingOperations,anAssetHandlingProcedureandanAcceptableUsePolicyallofwhichensurethatallinformation,includingPersonalDataareclassifiedinaccordancewithitscriticalityandsensitivitytounauthorisedaccess,disclosureormodification.
D.Humanresourcessecurity
TheCompanyhastakenreasonablemeasurestoensurethatitsemployeesandcontractors,whichhaveaccesstoPersonalDataareawareofandadheretothesecurityandprivacypoliciesandprocedures.
Themeasuresinclude:(a)backgroundverificationchecks,suchascriminalrecordscheckingforallemployeesandcontractorswithaccesstoPersonalData;(b)conclusionofNon-DisclosureandConfidentialityAgreementandDataProcessingAgreementforallemployeesandcontractors;(c)participationintrainingandawarenessprogramsbyemployeesandcontractors,focusedontheprotectionofpersonaldata,privacyandsecurity.
E.Operationalsecurity
TheCompanyiscommittedtoensurethatcorrectandsecurefacilitiesfortheProcessingofPersonalDataby:
controllingthechangestotheprocessingsystemsandfacilitiesbyimplementingandmaintainingproceduresinlinewiththeinternalChangeManagementPolicy;
performingregularback-upsandtestofback-ups,byimplementingandmaintainingproceduresinlinewiththeinternalBack-UpPolicy;
maintainingeventloggingwithrecordsofuseractivities,exceptions,errorsandinformationsecurityevents;
ensureclocksynchronisationforallrelevantInformationProcessingSystems.
F.Networksecurity
TheCompanyhasimplementedaFirewallProtection,anIntrusionDetectionSystemandisregularlymonitoringtheNetworkActivity.
G.Securedevelopment
TheCompanyperformssoftwaredevelopmentandrelevantsupportprocessesaccordingtoadoptedsecuresystemengineeringprinciplessuchas:
Securitybydesign;
Securitytestingshallbeperformedforanychangesornewdevelopments;
Development/testing/productionenvironmentsshallbeseparated.
H.Supplierassessments
TheCompanyperformsregularassessmentsofsupplierservicesandacknowledgestheresponsibilitytoinformtheDataControllerforanychangestotheprovisionofServicespursuanttotheMainAgreement.
I.Businesscontinuityandincidentmanagement
TheCompanyensuresaconsistentapproachtothemanagementofprivacyandsecurityincidents,includingcommunicationonsecuritybreachesandweaknessesvia:
theBusinessContinuityandIncidentManagementProcedureswhichisdocumentedandtestedregularly;
thePersonalDataBreachNotificationProcedurewhichisdocumentedandtestedregularly.
J.Internalsecurityaudits
TheCompanyperformsperiodicassessmentsofriskstoPersonalDataandreviewstheeffectivenessoftheimplementedsecuritypoliciesandprocedures.
Annex4:SecurityMeasures
1.ReadthisAnnex4inconjunctionwithClause5andotherapplicableprovisionsoftheDPA.
SUB-PROCESSOR
PURPOSE
LOCATION
GoogleInc.
Hosting&Infrastructure
美國
Facebook粉絲專頁
Hosting&Infrastructure
美國
LiveAgent
Services&Support
Europe
OVH
Hosting&Infrastructure
UK,Canada,France&Singapore
AmazonWebServicesInc.
Hosting&Infrastructure
Ireland
Linode
MailServer
UK
Nexmo(VonageHoldingsCorp.)
Services&Support
UK
Sendinblue
Services&Support
France
Hotjar
統計&分析
France
Piwik
統計&分析
France
TwilioInc.
Services&Support
美國
PayPal
PaymentProcessingProvider
美國
MaxMind,Inc.
Services&Support
美國
Borgun
PaymentProcessingProvider
冰島
SafeCharge
PaymentProcessingProvider
UK,USA,Canada
eSignGenie
Services-e-signature
美國
AccountableHQ
Services-HIPAAComplianceSoftwareande-signature
美國
Annex5:Standardcontractualclauses
1.ThelatestversionoftheStandardContractualClausesavailableontheofficialwebsiteoftheEuropeanCommissionhereisimplementedandfollowedforthesubjectmatter.
2.TheSCCarepartofthisAgreement,totheextentapplicabletothePartiesinaccordancewiththeEuropeanDataProtectionLaws.
3.ForthepurposesofthisAgreementandthecontractualrelationshipoftheParties,ModuleTwo:TransferbetweenControllertoProcessorisadopted.
GetthefullsignedversionofourDPA-thiswillcontainthefullversionofthelatestSCC-here.
SimplyBook.meExplanatoryVideo
SimplyBook.meExplanatoryVideo
選擇語系
English
臺灣話
Français
中文
Español
한국어
Deutsch
日本
Русский
Português
Brasil
Italiano
Nederlands
Українська
登入
公司登入
忘記公司登入帳號
登入
登入方式Google
登入方式Facebook
登入方式Twitter
帳戶
登入
註冊
SimplyBook.me的各種使用範例!
預約網站範本
探索豐富的預約網站範本,選擇您喜歡的內容,客製化品牌專屬官網!
AcceptBookingsviamultiplechannels
查看如何全方位整合預約排程,透過預約網站、Facebook、Instagram、Google我的商家、LINE官方帳號&Booking.Page線上接單24小時不間斷!
預約排程後台範例
查看經營者後台,讓您清楚了解如何有效管理預約排程!
登入:admin
密碼:demo
經營者專屬App
查看我們操作影片,了解如何透過iOS&Android裝置管理每日預約排程
線上支援
歡迎與我們聯繫!
需要更簡單的解決方案?
別忘了,我們也提供更輕便的會議預約排程系統。
若您覺得SimplyBook.me預約功能過於全面,需要一個比較簡單的方案,歡迎查看更多相關資訊。
SimplyBook.me與SimplyMeet.me
繼續使用SimplyBook.me
延伸文章資訊
- 1Sub-Processors List - WhatsApp
For inquiries regarding the list of sub-processors that we engage to process business data, pleas...
- 2數據資料處理協議 - SimplyBook.me 一站式線上預約排程解決方案
Data Subject Requests V. Sub-Processors VI. Data Transfers VII. Standard Contractual Clauses VIII...
- 3Data Processing Addendum - Trend Micro
「資料處理附錄」(Data Processing Addendum,簡稱DPA) 之適用範圍為趨勢科技因 ... 或其他服務給客戶而成為客戶資料之處理者(processor) 或委外廠商(sub...
- 4personal-data-processing-agreement-for-sap-cloud-services ...
processing of Personal Data in accordance with this DPA, including, ... Personal Data is a sub-se...
- 5处理者-翻译为英语-例句中文 - Reverso Context
Data processors are not caught and compliance obligations only arise insofar as required by any c...