For the purpose of the General Data Protection Regulation (679/2016/EU) and other applicable privacy legislation in force from time to time, we are a data controller.
In this Agreement the following expressions shall bear the meanings respectively assigned to them except to the extent that the context requires to the contrary:
Personal Data (or Data): any information regarding a natural person, a legal person, an institution or an association, which is, or can be, identified, even indirectly, by reference to any other information.
Usage Data: information collected automatically from this Application (or third party services employed in this Application), which can include: the IP addresses or domain names of the computers utilized by the Users who use this Application, the e-mail addresses, phone numbers, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server’s answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the User, the various time details per visit (e.g., the time spent on each page within the Application) and the details about the path followed within the Application with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User’s IT environment. In addition, device information such as make and model, and operating system version will be collected from this Application (or third party services employed in this Application).
User: (“User”, “you” or “your”) the individual using this Application, which must coincide with or be authorized by the Data Subject, to whom the Personal Data refers.
Data Subject: the natural person to whom the Personal Data refers.
Data Controller (“Owner”, “Liid OyY”, “we”, “our” or “us”): the natural person, legal person, public administration or any other body, association or organization with the right, also jointly with another Data Controller, to make decisions regarding the purposes, and the methods of processing of Personal Data and the means used, including the security measures concerning the operation and use of this Application. The Data Controller, unless otherwise specified, is the Owner of this Application.
This Application: the hardware or software tools, Salestrail and LIID for CRM, on iOS and Android operating systems, by which the Personal Data of the User is collected.
THE LEGAL BASES WE HAVE FOR PROCESSING YOUR INFORMATION
We process your personal information based on the contract we have entered into at the time you have either downloaded and installed this Application or when we have signed a separate legal agreement. Your location data is processed based on your consent.
THE INFORMATION WE COLLECT
When you download the App or use our Services, there are a number of ways in which you provide information and other data to us. For instance, the Personal Data may be freely provided by you or collected automatically when using this Application. This includes the following personal information: 1) your full name, 2) email address, 3) phone number 4) external username for your CRM system, 5) calendar name, 6) country code, 7) timezone 8) installation and last activity dates and times and 9) device information including operating system version. For operation and maintenance purposes, we and any third party services may collect files that record interaction with this Application (System logs) or use for this purpose other Personal Data (such as IP Address or phone number). To use certain application features (call logging, email logging, event logging) we need to collect certain information regarding these activities. These might include the following data about the events: timestamps, durations, email headers, call types, and so on.
By accessing the App or our Services, you confirm that you have been informed of us processing and collecting this data, on the terms and for the reasons which are explained below.
If you engage with a third-party app or website whose API we use such as Salesforce API, Microsoft Dynamics API, G-mail API or Microsoft Exchange EWS you may receive your information from that app or website.
Failure to provide the following Personal Data (CRM username, full name, phone number and email information) will make it impossible for this Application to provide its services.
We may also collect or receive information about you from our co-operation partners and resellers, fairs, exhibitions and events, public websites, professional social media networks and newspapers as well as any other source allowed by privacy regulation.
You are responsible for any Personal Data of third parties obtained, published or shared through this Application and confirm that you have a sufficient legal basis based on the applicable privacy legislation to use the Data.
DEVICE PERMISSIONS FOR PERSONAL DATA ACCESS
LIID OY requests certain permissions from you that allow us to access the User’s device Data as described below.
By default, you must grant us these permissions before the respective information can be accessed. Once the permission has been given, you can revoke it at any time. In order to revoke these permissions, you may refer to the device settings or contact us for support at firstname.lastname@example.org.
The exact procedure for controlling app permissions may be dependent on your device and software.
Please note that the revoking of such permissions might impact the proper functioning of this Application.
If you grant any of the permissions listed below, the respective Personal Data may be processed (i.e. accessed to, modified or removed) by this Application:
HOW YOUR INFORMATION IS USED
As is true of most websites and apps, it will be possible to gather information from your computer or device such as your full name, email address, contacts, phone call and email activity, calendar events, telephone number, the country of origin, IP address, location based data, unique address identifier, browser type, operating system, domain names of the computers utilized by the Users who use this Application, URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server’s answer (successful outcome, error, etc.), the various time details per visit (e.g., the time spent on each page within the Application), the details about the path followed within the Application with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User’s IT environment. For operation and maintenance purposes, we and any third party services may collect files that record interaction with this Application (System logs) or use for this purpose other Personal Data (such as IP Address or phone number). This information may be used:
Certain features of the App (such as uploading or downloading content) may need to access information on your device in order to work. If we can, we will ask you before the App accesses your device or information. You may also manage how the App accesses your device or information using privacy settings on your mobile device or by uninstalling the App.
HOW TO EDIT, DELETE OR ACCESS YOUR INFORMATION
Database access is limited only to trusted company employees with a secure certificate on the device they use to access the database. Only these persons have access to your data.
You have the right to ask for a copy of any personal information that we hold about you, to correct any inaccuracies and to update any out-of-date information. You can also ask us not to send you direct marketing communications (however please note that we may continue to send you service-related (i.e. non-marketing) communications).
As a data subject, you have a right, according to EU’s General Data Protection Regulation (applied from 25.5.2018) to object to the processing or request restricting the processing of your personal data. Additionally, you have a right to request your data to be delivered to you in a standard format, in case where the processing of data is based on your consent or a contract between us.
You also have a right to lodge a complaint with a data protection authority in your jurisdiction or with the power to investigate processing concerning your personal data.
If you wish to exercise any of these rights or wish to object to our use of your personal information, please write to us at email@example.com. In order to meet our costs in responding, we may charge you a reasonable fee which will not exceed the immediate costs of providing access.
SHARING YOUR INFORMATION
Except as described below, we will not share your information with any third parties.
We may disclose the information you provide us:
We may transfer the information you provide us:
to Microsoft Azure, which hosts some of our backend services and databases
The updated list of these parties may be requested from the Data Controller at any time.
We will never pass your information to a third party for them to use in their own direct marketing without your express consent.
STORAGE AND RETENTION TIMES
We store the personal data for as long as is necessary considering the purpose of the processing. For personal data used for customer purposes, this retention period is until you terminate our customer relationship by uninstalling this Application and such a time thereafter that we may address any claims and reclamations arising out of your use of our services (typically 3 years). Personal data used for marketing purposes is deleted or updated when it is discovered to be outdated or the data subject is deemed unresponsive to the marketing.
We regularly assess the need for data retention in light of the applicable legislation. In addition, we take reasonable measures to ensure that the personal data in the register is not incompatible, obsolete or inaccurate considering the purpose of the processing. We rectify or delete such information without delay.
The security of your personal information is important to us. All information you provide to us, EXCLUDING the content of calls, e-mails, the email subject or the recipient/sender, is stored on our secure cloud servers (IBM's Compose service, or Microsoft Azure, accessed securely via secure connection) in Europe to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data. Email subject, recipient and sender data will be temporarily stored in LIID OY’s logs for the purposes of troubleshooting errors. The Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated.
The Data is processed at the Data Controller’s operating offices and in any other places where the parties involved with the processing are located. For further information, please contact the Data Controller at firstname.lastname@example.org.
In order to track and improve user activity, we use Firebase, Appsflyer and Fabric analytics.
Any payment transactions will be processed via third party website using encrypted using SSL technology, the privacy policies for those third parties can be found at the following addresses:
We will retain your information for as long as your account is active or as needed to provide you services via the App or our Services. Once your account has been deleted, we will only retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. If you wish to delete your account or request that we no longer hold your personal information, send us a request of the removal of your Data or contact us at email@example.com.
DO NOT TRACK
We may contact you from time to time about LIID for CRM, including marketing messages relating to LIID for CRM. We will do this electronically, for example by email, text, notifications or other messages on your app or mobile device.
We may contact you with information about our products and services (and those of specially selected parties that may be of interest to you, in line with your marketing contact preferences provided to us) either through the App or by emailing us. All such communications will come from LIID OY.
You may tell us at any time if you do not wish to receive marketing messages from us by contacting us at firstname.lastname@example.org or by following any instructions we may include in the messages we send to you.
We do not support “Do Not Track” requests.
To determine whether the third party services Heroku (Salesforce) or Compose honour the “Do Not Track” requests, please read their respective privacy policies.
USE OF LOCATION DATA
The App may make use of location data sent from your mobile device. You can turn off this functionality at any time by turning off the location services settings for LIID FOR CRM on your mobile device. If you use these services, you consent to us and our partners’ and licensees’ transmission, collection, maintenance, processing and use of your location data and queries to provide and improve location-based and road traffic-based products and services. You may withdraw this consent at any time by turning off the location services setting on your mobile device or on LIID FOR CRM.
DATE OF LAST MODIFICATION 15 May 2018
This document (and the other documents it refers to) contains the terms and conditions on which you may download and use LIID for CRM (the “App”), whether as a guest or a registered user (the “Terms”, “Terms and Conditions”). The Terms are a legally binding contract between you and LIID OY. The contract sets out your rights and responsibilities when you use the services provided by LIID OY, which may include, but is not limited to, our mobile app, web application, website and any other services (collectively, the “Services”) so please read it carefully.
You will be deemed to have accepted these Terms when you download the App and/ or whenever you use any of our Services. If you disagree with any part of the Terms then you may not access the Service.
Salestrail is a mobile app operated by LIID OY (“LIID OY”, “we”, “our” or “us”). Our registered office address is Kalevankatu 36b, 00180 Helsinki, Finland and our email address is email@example.com. Our VAT registration number is FI25908445.
This app is designed for the automation of sales activity between mobile phone and CRM.
PERSONAL DATA PROCESSING AGREEMENT
You can find our Personal Data Processing Agreement from here.
CREATING AN ACCOUNT WITH SALESTRAIL
By installing the application and setting up your CRM credentials, you create an account on LIID for CRM to use some of the App’s services. Here are a few rules about creating and using accounts with LIID for CRM.
YOUR USE OF OUR SERVICES
You can access our Services via our App or our Website.
We allow access to our Services on a temporary basis and we reserve the right to withdraw, restrict or change our Services at any time and without notice. We will not be liable if for any reason the Services are unavailable at any time or if the content is changed or out of date.
You must treat as confidential any user identification code, password or other security feature in relation to the Services. If, in our opinion, you aren’t complying with the Terms, we have the right to disable any such code, password or feature at any time.
It is your responsibility that anyone who accesses the Services through your internet connection is aware of these terms and complies with them.
We grant you a limited, non-exclusive, non-transferable and revocable licence to use the Services—subject to the Terms and the following restrictions:
Some parts of the Service are billed on a subscription basis (“Subscription(s)”). You will be billed in advance on a recurring and periodic basis (“Billing Cycle”). Billing Cycles are set on a monthly basis unless separately agreed otherwise.
At the end of each Billing Cycle, your Subscription will automatically renew under the exact same conditions unless you cancel it or LIID OY cancels it. You may cancel your Subscription renewal either through your online account management page or by contacting LIID OY customer support team.
A valid payment method is required to process the payment for your Subscription. Subscriptions for purchases made through the in-app purchasing feature of the Application is handled by the operating system’s App Store, for iOS the Apple App Store, for Android Google Play Store, and subject to the terms of the respective App Store in question.
Purchases made directly through LIID OY are subject to the terms of a separate purchase contract, available by request from LIID OY customer service at firstname.lastname@example.org.
You are responsible for paying any fees or subscription payments that you owe to LIID OY. You are also solely responsible for collecting and/or paying any applicable taxes for any purchases or sales you make through our Services.
LIID OY may modify the Subscription fees for the in-app Subscriptions. Any such changes will follow the rules and guidelines of the relevant App Store, whose terms the user has to separately agree upon.
Your continued use of the Service after the Subscription fee change comes into effect constitutes your agreement to pay the modified Subscription fee amount.
Except when required by law or the rules of the App Store, paid Subscription fees by default are non-refundable.
INTELLECTUAL PROPERTY RIGHTS
Save as described elsewhere in the Terms, we are the owner or the licensee of all intellectual property rights in the Services such as the original content, features and functionality. The intellectual property rights are protected by copyright laws, trademark and treaties around the world. All such rights are reserved.
You must not use any part of the Services for commercial purposes without a licence from us or our licensors. You may not reproduce in any format (including on another website or mobile app) any aspect of the Services (including content, images, designs, look and feel) without our prior written consent.
If, in our opinion, you are in breach of these provisions, your right to use the Services will cease immediately and you must either return or destroy (as required by us) any copies of the materials you have made.
Content that you post using our Services is your content, and includes (but is not limited to) anything you post using our Services such as written content, personal information, sales contact information, usernames, profile pictures, photos, descriptions, reviews, comments, videos, etc (“Your Content”). LIID OY does not make any claim to Your Content, but by agreeing to these terms and conditions you grant us permission to use it in the course of our business.
ACCESSING THE SERVICES
Certain functions of the Services, will require an active internet connection. The connection can be WiFi, or provided by a mobile network provider, but LIID OY cannot take responsibility for the Services not working at full functionality if you do not have access to an active internet connection. In using the Services, you accept responsibility for any charges incurred for the cost of data for the duration of the connection while accessing the Services, or other third party charges, including roaming data charges. If you are not the bill payer for the device on which you’re accessing the Services, please be aware that we assume that you have received permission from the bill payer for using the Services.
UPDATES TO THE APP
The App is currently available on Android and iOS. The requirements for both systems (and for any additional systems we decide to extend the availability of the App to) may change, and you will need to download any necessary updates if you want to keep using the App. We do not promise to always update the App so that it is relevant to you and/ or works with the iOS and Android version that you have installed on your device. However, you agree to always accept updates to the App when offered to you.
LIMITATION OF LIABILITY
The Services are provided without any guarantees, conditions or warranties as to their accuracy or functionality. To the extent permitted by law, we hereby expressly exclude all conditions, warranties and other terms which might otherwise be implied by statute, common law or the law of equity.
In no event shall LIID OY, nor its directors, employees, partners, agents, suppliers, or affiliates, be liable for any indirect, incidental, special, consequential or punitive damages, including without limitation, loss of income or revenue; loss of business; loss of anticipated savings; loss of profits; loss of data; loss of use; loss of goodwill; or other intangible losses, wasted management or office time; and for any other loss or damage of any kind, however arising and whether caused by:
This does not affect any liability which cannot be excluded or limited under applicable law, including death and personal injury.
Any content made available on the Services (including links to other sites, apps and resources provided by third parties) are for information only, and we shall not be liable for any use of, or reliance on, such materials. You further acknowledge and agree that LIID OY shall not be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with use of or reliance on any such content, goods or services available on or through any such web sites or services.
It shall be your own responsibility to ensure that any products, services or information available through the Services meet your specific requirements.
We strongly advise you to read the terms and conditions and privacy policies of any third-party web sites or services that you visit.
You may terminate your account with LIID for CRM or delete the App at any time. If you wish to terminate your account, you may simply discontinue using the Service. Terminating your account will not affect the availability of some of your content and any outstanding payments owed to us will still be payable.
We may terminate or suspend your account (and any related accounts) and your access to the Services at any time, for any reason, and without advance notice or liability. If we do so, it is important to understand that you don’t have a contractual legal right to continue to use our Services. We may refuse access to anyone at any time for any reason.
Thus if you or we terminate your account, your right to use the Service will immediately cease and you may lose any information associated with your account, including any content created by you.
We reserve the right to change, suspend or discontinue any of the Services at anytime, for any reason. We will not be liable to you for the effect that any changes to the Services may have on you, including your income or your ability to generate revenue through the Services.
The Terms will remain in effect even after your access to the Services is terminated or your use of the Services ends.
Your use of the Service is at your sole risk. The Service is provided on an “AS IS” and “AS AVAILABLE” basis. The Service is provided without warranties of any kind, whether express or implied, including, but not limited to, implied warranties of merchantability, fitness for a particular purpose, non-infringement or course of performance.
LIID OY its subsidiaries, affiliates, and its licensors do not warrant that:
INDEMNIFICATION (OR WHAT HAPPENS IF YOU GET US SUED)
You agree to indemnify us from any legal claim or demand that arises from your actions, your use (or misuse) of the Services, your breach of the Terms or your account’s infringement of someone else’s rights.
These Terms, including all of the other documents that make up the Terms, supersede any other agreement between you and LIID OY regarding the Services. If any part of the Terms is found to be unenforceable, that part will be limited to the minimum extent necessary so that the Terms will otherwise remain in full force and effect. Our failure to enforce any part of the Terms is not a waiver of our right to later enforce that or any other part of the Terms.
We may amend or replace, at our sole discretion, the Terms at any time by amending this page. If we believe amendments or replacements are material, we will let you know i) via the Services, or ii) by an email or messages about the changes. We will use reasonable efforts to provide at least 30 days notice prior to any new terms taking effect. What constitutes a material change will be determined at our sole discretion.
You are responsible for reviewing and becoming familiar with any changes. Your use of the Services following the changes constitutes your acceptance of the updated Terms.
The Finnish courts will have exclusive jurisdiction over any claim arising from, or related to, the use of our App.
If you have any questions about the Terms, please email us at email@example.com.
Last updated: 18 May 2018
Upon your execution, this Authorization Form is a binding order for the products and services pursuant to the terms and fees set forth herein. You hereby agree to pay the Total Price, and authorize Liid Oy to charge the Total Price as per the Billing Schedule and upon renewal (as applicable). All prices are in US Dollars ($) and exclusive of any applicable taxes. By clicking on Checkout, you have agreed to be bound by all the terms and conditions published by Liid in “Liid General Terms and Conditions of Use”.
|1. Aplicability||This Processing specification form is an inseparable part of the Annex concerning Personal Data Processing. The Processing Specification Form specifies a processing assignment the Processor performs for the benefit of the Controller in the manner provided for in the Agreement and this Annex.|
The Processing shall concern the following services
Automation end enrichment of LiiD customer company's CRM data
|3. Geographical Location of Personal Data||
The Personal Data is Processed in the following counties or areas:
The Personal data is stored in Belgium and processed in Ireland.
|4. Sets of Data Subjects||
The Personal Data Processed concerns the following sets of Data Subjects:
LiiD customer company’s employees
LiiD Application Users
Contact persons of the LiiD customer’s clients
Consumer clients of the LiiD customer
|5. Types of Personal Data||
The Personal Data Processed in the service consists of the following types of Personal Data:
Global Version: Revised May 2018
This Personal Data Processing agreement (”Annex”) is an inseparable part of the General Terms and Conditions of Use entered into between Liid Oy (”Provider”) and you (”Customer”) at the time you have downloaded the Application titled “Liid for CRM” and accepted the aforementioned Terms and Conditions (”Agreement”).
The purpose of this Annex is to agree on the privacy and data protection of the Personal Data of the Controller in the services of the Provider. This Annex constitutes a written agreement in accordance with the EU General Data Protection Regulation (679/2016) (“Regulation”) concerning the processing of personal data. Those obligations and rights that are directly based on the EU General Data Protection Regulation shall enter into force only when the application of the EU General Data Protection begins on 25 May 2018.
If the terms concerning the Processing of Personal Data of the Annex and the Agreement are in conflict, the parties shall primarily apply the terms of this Annex.
In accordance with the EU General Data Protection Regulation, the terms below are defined as follows:
“Controller” shall mean the Customer or the Customer’s client, who shall define the purposes and methods of Personal Data Processing.
“Processor” shall mean the Provider, who shall Process Personal Data on behalf of the Controller based on the Agreement.
“Processing” or “Processing Activities” shall mean any operation or set of operation which is performed on Personal Data or sets of personal data using automated means or manually, such as data collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Personal Data” shall mean any information relating to an identified or identifiable natural person, hereafter ”Data Subject”; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Personal Data Breach” shall mean a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise Processed.
3. Data Protection and Processing Personal Data
The Provider shall process the Personal Data of the Controller on behalf of, and commissioned by the Customer, on the grounds of the Agreement. The Personal Data that the Provider Processes may relate to, e.g. employees or customers. The Customer or the Customer’s client shall be the Controller and the Provider shall be the Processor of the Personal Data Processed in the service. The parties undertake to abide by the legislation, decrees and authority orders and guidelines concerning Processing of Personal Data in force from time to time both in Finland and EU.
The Controller is entitled and obligated to define the purpose and methods of the Processing of Personal Data. The subject, character and purpose of Processing is defined in more detail in the Agreement. The types of Personal Data and sets of data subjects Processed in the services have been defined in the form specifying the Processing operations, Annex 1.
The Provider is entitled to Process the Personal Data and other data of the Controller only on the grounds of the Agreement, this Annex and according to the written guidelines of the Customer and only to the extent and in a manner, it is necessary in order to provide services. The Provider shall notify the Customer if any conflict with the data protection legislation of EU or Finland is detected in the guidelines and in such a case, the Provider may immediately decline and stop the application of the guidelines of the Customer.
The Provider shall maintain the service description or other record of the Processing Activities of the service in cases where it is required to do so by the EU General Data Protection Regulation. The Provider is entitled to collect anonymous and statistic data of the use of the services pursuant to the Agreement, that does not specify the Customer nor data subjects and uses it for analyzing and developing its services.
3.2 Deletion or Returning Data
After the expiry of the Agreement, the Provider shall return or delete, according to the guidelines of the Customer, all the personal data of the Controller and delete all duplicates, unless applicable legislation requires the retention of the Personal Data.
The Provider may use subcontractors for Processing the Controller’s Personal Data. The Provider is responsible for its subcontractor’s actions as for its own and shall draft written agreements with the subcontractors concerning the Processing of Personal Data. If requested, the Provider shall inform the Customer beforehand of subcontractors the Provider intends to use in processing the personal data pursuant to the Agreement. The Customer is entitled to oppose the use of a new subcontractor on reasonable grounds. If the Parties are unable to reach an agreement concerning the use of a new subcontractor, the Customer is entitled to terminate the Agreement with thirty (30) days’ notice, in so far as the change of subcontractor affects the Processing of Personal Data pursuant to the Agreement.
3.4 Provider’s Obligation to Provide Assistance
The Provider shall immediately forward all requests to inspect, rectify, erase or object to the Processing of Personal Data or other requests received from the Data Subjects, to the Customer. If requested by the Customer, the Provider shall support the Customer in fulfilling the requests of the Data Subjects.
The Provider is obligated, taking into account the nature of the Processing of Personal Data and the data available, to assist the Customer in ensuring that the Customer complies with its legal obligations. These obligations may include requirements related to data security, notifying of data breaches, data protection impact assessments as well as obligations regarding prior consultations. The Provider is obligated to assist the Customer only to the extent that applicable legislation obligates the Processor of Personal Data. Unless otherwise agreed, the Provider is entitled to invoice the expenses incurred from action pursuant to this section 3.4 according to the Provider’s valid price list.
The Provider shall forward all inquiries made by data protection authorities directly to the Customer and shall await further guidance from the Customer. Unless otherwise agreed, the Provider is not authorized to represent the Customer or act on behalf of the Customer in relation to the authorities supervising the Customer.
4. Processing Taking Place Outside EU/EAA
The Provider and its subcontractors may Process personal data outside the EU/EEA area. In case such transfers or Processing take place, the Provider ensures that the EU Commission standard contractual clauses 2010/87/EU concerning the transfer of Personal Data to outside the EU/EEA, or a similar legal safeguard approved by the Regulation, will apply to such transfer or Processing.
By signing this Annex the Customer grants a power of attorney to the Provider to represent the Customer in signing the contractual clauses on behalf of and in the name of the Customer. Furthermore, the Customer explicitly accepts that the Provider may also represent the subcontractor in question in relation to the contractual clauses.
The Customer or an auditor authorized by the Customer (however, not a competitor of the Provider) is entitled to audit the activities pursuant to the Annex. The Parties shall agree on the time of the auditing and other details ahead of time and at latest 14 days before the inspection. The auditing shall be carried out in a way that does not impede the obligations of the Provider or its subcontractors in regard to third parties. The representatives of the Customer and the auditor must sign conventional non-disclosure commitments.
The Customer shall be responsible for its own and the Provider’s expenses caused by the auditing. If notable defects are perceived during auditing, the Provider shall be liable for the costs incurred from the auditing.
6. Data Security
The Provider shall implement the appropriate technical and organizational measures to protect the Personal Data of the Controller, taking into account all the risks of Processing, especially the unintentional or illegal destruction, loss, alteration, unauthorized disclosures or access to Personal Data that has been transferred, saved or otherwise Processed. When organizing the security measures, the technical options and their costs shall be assessed in relation to the special risks of the Processing at hand and the sensitivity of the Personal Data Processed.
The Customer shall be obligated to ensure that the Provider is notified of all the circumstances concerning the Personal Data the Customer has delivered, such as risk assessments and the Processing of special sets of Data Subjects that affect the technical and organizational measures pursuant to this Annex. The Provider shall ensure that the personnel of the Provider or a subcontractor of the Provider shall abide by the appropriate non-disclosure commitments.
7. Data Breaches
The Provider must notify the Customer of all Personal Data Breaches without undue delay after receiving information of the breach or after a subcontractor of the Provider has received information of the breach.
If requested by the Customer, the Provider shall, without undue delay give the Customer all relevant information concerning the data breach. In so far as the information in question is available to the Provider, the Provider shall describe at least the following to the customer:
The Provider shall document and report the results of the inquiry and the implemented measures to the Customer.
The Customer shall be liable for the necessary notifications to the data protection authorities.
8. Other Provisions
If any tangible or intangible damage is caused to a person due to a breach against the EU General Data Protection Regulation or the Annex, the Provider shall be liable for the damage only in so far that it has not explicitly abided by the obligations directed to Personal Data Processors in the EU General Data Protection Regulation or this Annex.
Both parties are obligated to pay only the part of the damages or administrative fine that corresponds to the liability for damage confirmed in the final decision of a data protection authority or a court of law. In all cases the liability of the parties shall be determined pursuant to the Agreement.
The Provider shall notify the Customer in writing of all changes that may affect its ability or chances to abide by this Annex and the written guidance of the Customer. The Parties shall agree on all additions and amendments to this Annex writing.
This Annex shall enter into force after both parties have signed it. The Annex shall remain in force (i) as long as the Agreement is in force or (ii) the parties have obligations concerning personal data processing activities towards one another.
Those obligation that due to their nature are meant to survive the expiry of this Annex shall remain in force after the expiry of the Annex.
Annex – Data Processing Specification
This Processing specification form is an inseparable part of the Annex concerning Personal Data Processing. The Processing Specification Form specifies a processing assignment the Processor performs for the benefit of the Controller in the manner provided for in the Agreement and this Annex.
The Processing shall concern the following services of Automation and Enrichment of LiiD customer company’s CRM data.
3. Geographical Location of Personal Data
The Personal Data is processed both inside and outside the EU/EEA area, including but not limited to United States of America.
4. Sets of Data Subjects
The Personal Data Processed concerns the following sets of Data Subjects:
5. Types of Personal Data
Types of personal data processed may be e.g. customer data, and the supplier’s data, such as name, title, home address, telephone number, e-mail address, date of birth, gender, customer number, purchasing and service use history; as well as financial data; employee and personnel data; as well as IT-management data, such as system data concerning offered service, including technical identification, user names, location, contact information, and technical actions concerning offered services, such as system and application log data and security log data, premises and system surveillance data and data of data security breaches. Note the collection of social security numbers or background checks in this section.
The Personal Data Processed in the service consists of the following types of Personal Data:
If you have any questions about the Personal Data Processing Agreement, please email us at firstname.lastname@example.org.
Last updated: 18 May 2018