Data privacy and security

Certain data from the Customer and / or the end users of the Customer may need to be processed in the Supplier-services to ensure, among other things, appropriate use and service level. Data can be uploaded, stored and used in the Supplier-services in connection with the intended use of the Supplier-services, including settings and location, by the Customer and / or its end users. The data may, without limitation, contain information about the name and organization of the members, customers, visitors, employees and contractors of the Customer.

Customer is responsible for processing all personal data of Customer's end users that are used in Supplier-services or otherwise made available to Supplier. Customer, in his role as data manager, is responsible for complying with applicable data privacy legislation and for obtaining the necessary permissions or other legal grounds for processing the personal data of the end user.

Supplier must ensure that the necessary technical and organizational measures are implemented in accordance with applicable data protection legislation to ensure the confidentiality and secure processing of all personal data disclosed, processed or used by Supplier. These measures may, where appropriate, include measures as described in Article 32 of the EU Data Protection Regulation.

Supplier also ensures that appropriate technical and organizational measures are in place to respond to requests from end users (data subjects) about their rights in accordance with applicable data protection legislation. The Supplier also assists the Client, to a reasonable extent, in fulfilling its obligations regarding data protection with regard to the personal data processed by the Supplier in the context of the Agreement. This may include, inter alia, assisting the Customer in responding to requests from data-subjects involved, or inquiries made by authorized data protection authorities.

Supplier is responsible for ensuring that its employees who process the personal data are aware of and are subject to appropriate confidentiality obligations. Henkelman also ensures that she has taken appropriate technical and organizational measures to respond to requests from end users (data subjects) about their rights in accordance with applicable data protection legislation. Supplier documents the technical and organizational measures it has implemented in accordance with applicable data protection legislation and agrees to provide the customer with a copy of that documentation, provided that providing such copies does not pose a risk to data security . The obligations of confidentiality remain valid as long as Supplier processes the personal data for the customer.

Supplier supervises compliance with the data protection regulation in its organization. Supplier agrees that the customer or an independent third party designated by the customer to conduct audits at Supplier's premises used for the delivery of the Supplier services, provided that the customer has a reasonable prior written notice about the intended audit. Supplier will provide reasonable assistance to the client in such audits and will provide the client with the information that is reasonably required to enable the client to fulfill its obligations as a data manager.