Data Processing Agreement
The parties agree as follows:
1. Definitions
„Data Controller“ means the entity that determines the purposes and means of processing Personal Data.
„Data Subject“ means the Customer whose Personal Data is processed by the Data Controller.
„Personal Data“ means all Customer Data that Wirtech acquires during the provision of the Services under the Agreement, relating to an identified or identifiable natural person to the extent that such information is protected as personal data under the Protection Act of applicable data.
„Data Protection Laws“ means all laws and regulations on the protection of Personal Data and Privacy applicable to the processing of Personal Data under this Agreement.
„EU Data Protection Act“: (i) Regulation 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of Personal Data and on the free movement of such data (General Data Protection Regulation ) („GDPR“); and (ii) Directive 2002/58 / EC concerning the processing of personal data and the protection of privacy in the electronic communications sector and related national implementations (in any case, how it can be modified or replaced).
„Processing“ has the meaning given in the GDPR and „process“, „processes“ and „elaborate“ must be interpreted accordingly.
„Security Incident“ means any unauthorized or illegal violation of security that leads to the destruction, loss, alteration, unauthorized disclosure or access to accidental or illicit personal data.
„Services“ means any product or service provided by Wirtech to the Customer in accordance with and as specifically described in the Agreement.
2. Scope of application and applicability of this DPA
2.1 This DPA applies where and only to the extent Wirtech processes Customer’s Personal Data during the provision of the Services and such Personal Data is subject to data protection laws of the European Union, the United Kingdom and the Countries of European Economic Area. The parties undertake to comply with the terms and conditions expressed in this DPA in relation to such Personal Data.
2.2 Processing of Personal Data by Wirtech. As Data Controller, Wirtech processes Personal Data only for the following purposes: (i) processing for the execution of the Services in accordance with the Contract; (ii) processing for the execution of any procedure necessary for the execution of the Contract.
2.3 Nature of data. Wirtech processes customer data. Such data may contain special categories of data, depending on how the Services are used by the Customer. Customer Data may be subject to the following process activities: (i) storage and other processing necessary to provide, maintain and improve the Services provided to Customer; (ii) provide technical assistance to the Customer; and (iii) disclosure as required by law or otherwise established in the Contract.
2.4 Data of Wirtech. Notwithstanding the provisions of the Contract (including this DPA), the Customer acknowledges that Wirtech will have the right to use and disclose the data relating to and / or obtained in connection with the operation, support and/or use of the Services for its legitimate business purposes, such as invoicing, account management, technical support, product development, sales and marketing. To the extent that such data is considered Personal Data under data protection laws, Wirtech is the Data Controller of such data and, accordingly, processes such data in accordance with data protection laws.
3. Security
3.1 Security measures. Wirtech will implement and maintain appropriate technical and organizational security measures to protect personal data from security incidents and to preserve the security and confidentiality of Personal Data, in accordance with Wirtech’s security standards described in Annex A („Security Measures“ „).
3.2 Confidentiality of processing. Wirtech will ensure that any person authorized by Wirtech to process Personal Data (including its personnel, agents and subcontractors) is subject to an appropriate confidentiality obligation (be it a contractual or legal obligation).
3.3 Response to security incidents. Once aware of a security incident, Wirtech will inform the Customer without undue delay and will promptly provide information related to the security incident at the time it becomes known or requested by the Customer.
3.4 Updates to security measures. Customer acknowledges that Security Measures are subject to technical progress and development and that Wirtech may update or modify Security Measures from time to time provided that such updates and changes do not result in the degradation of the overall security of the Services purchased by Customer .
4. Security reports
4.1 Wirtech will keep records of its security standards. Upon written request of the Customer, provided that the Customer does not exercise this right more than once a year, Wirtech will provide (in confidence) the documentation reasonably requested by the Customer to verify the conformity of Wirtech with this DPA.
5. International transfers
5.1 Processing Locations. Wirtech stores and processes all Customer Personal Data in data centres located inside the European Union, the United Kingdom and the European Economic Area. Wirtech shall implement appropriate safeguards to protect Personal Data, wherever it is processed, in accordance with the requirements of Data Protection Laws.
6. Return or Delation of Data
6.1 Upon deactivation of the Services, all Personal Data shall be deleted, save that this requirement shall not apply to the extent Wirtech is required by applicable law to retain some or all of the Personal Data, that will archived on back-up systems and that Wirtech will securely isolate and protect from any further processing, except to the extent required by applicable law.
7. Cooperation
7.1 To the extent that Customer is unable to independently access the relevant Personal Data within the Services, Wirtech shall (at Customer’s expense) taking into account the nature of the processing, provide reasonable cooperation to assist Customer by appropriate technical and organizational measures to respond to any requests from individuals or applicable data protection authorities relating to the processing of Personal Data under the Agreement.
8. Miscellaneous
8.1 Except for the changes made by this DPA, the User Terms of Service (“Agreement”) remains unchanged and in full force and effect. If there is any conflict between this DPA and the Agreement, this DPA shall prevail to the extent of that conflict.
8.2 This DPA is a part of and incorporated into the Agreement.
8.3 This DPA shall be governed by and construed in accordance with governing law and jurisdiction provisions in the Agreement, unless required otherwise by Data Protection Laws.
Wirtech, Ltd.
Name: Luciano Rodaro
Title: Director