Versions Compared

Old Version 3

changes.mady.by.user Adrian Wieczorek

Saved on

compared with

New Version Current

changes.mady.by.user Adrian Wieczorek

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Data Processor Agreement for WISOFT Add-on Customers

...



Align
alignjustify

This agreement (the “Data Processor Agreement”) regulates how “WISOFT” Adrian Wieczorek, ul. Milczańska 16g/5, 61-131 Poznan, Poland, registration number (REGON) 300696133, VAT No. PL7822231172 (the “Data Processor”) is processing the personal data on behalf of the customer (the “Data Controller”) and is attached as an addendum to the EULA in which the parties have agreed the terms for the Data Processor’s delivery of services to the Data Controller.

The Data Processor Agreement shall ensure that the Data Processor complies with the applicable data protection and privacy legislation (the “Applicable Law”), including in particular The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679).

The purpose of data processing is the provision of the Services by the Data Processor as specified in the EULA. In connection with the Data Processor’s delivery of the Services to the Data Controller, the Data Processor will process certain categories and types of the Data Controller’s personal data on behalf of the Data Controller.

As ”Personal data” we understand “any information relating to an identified or identifiable natural person” as defined in GDPR, article 4 (1) (1) (the ”Personal Data”). The categories and types of Personal Data processed by the Data Processor on behalf of the Data Controller are:

The Data Processor processes the following types of Personal Data in connection with its delivery of the Services under EULA:

  • email, IP address, license number, Atlassian user key, user language, user display name, user browser information (browser, version, locale, operating system, user agent, timezone).

The Data Processor processes personal data of the following categories of data subjects on behalf of the Customer:

  • Tech contacts, billing contacts, end-users (e.g. customer employees using our applications or contacting us via the support channel)

The Data Processor only performs processing activities necessary and relevant for provided Services. The categories and types of Personal Data processed by the Data Processor shall be updated whenever changes occur that require an update.

The Data Processor may only act and process the Personal Data in accordance with the documented instruction from the Data Controller (the “Instruction”), unless required by law to act without such instruction. The Instruction at the time of entering into this Data Processor Agreement (DPA) is that the Data Processor may only process the Personal Data with the purpose of delivering the Services as described in the EULA.

The Data Controller guarantees to process Personal Data in accordance with the requirements of Data Protection Laws and Regulations. The Data Controller will be solely responsible for the accuracy, quality, and legality of Personal Data and the means by which they were obtained.

...

Align
alignjustify

The Data Processor shall implement the appropriate technical and organizational measures as set out in this Agreement and in the Applicable Law, including GDPR, article 32. The security measures are subject to technical progress and development. The Data Processor may update or modify the security measures from time to time provided that such updates and modifications do not result in degradation of the overall security. The Data Processor shall provide documentation for the Data Processor’s security measures if requested by the Data Controller in writing. 

If the Data Processor’s assistance is necessary and relevant, the Data Processor shall assist the Data Controller in preparing data protection impact assessments in accordance with GDPR, article 35, along with any prior consultation in accordance with GDPR, article 36.

...

Align
alignjustify

The Data Processor shall give immediate notice to the Data Controller in the event of any breach which can lead to accidental or unlawful destruction, loss, alteration, unauthorized unauthorised disclosure of or access to personal data transmitted, stored or otherwise processed with reference to the Personal Data processed on behalf of the Data Controller (a “Personal Data Breach”).

The Data Processor shall make reasonable efforts to identify the cause of such a breach and take such steps as are deemed necessary to establish the cause, and to prevent such a breach from reoccurring.

...

Align
alignjustify

Ordinarily, the Data Processor will not transfer your data to countries outside the European Economic Area. In some cases, personal data will be saved on storage solutions that have servers outside the European Economic Area (EEA), [for example, Google Drive]. Only those storage solutions that provide secure services with adequate relevant safeguards will be employed.

...