Data Processing Addendum Agreement
This GDPR Data Processing Addendum (“DPA”) forms part of the End User License Agreement or Terms of Use available at www.intricare.net or such other location as the Terms of Use/EULA may be posted from time to time (as applicable, the “Agreement”), entered into by and between the (“Customer”) and Intricare Technologies, pursuant to which Customer has accessed Intricare Technologies’ Services as defined in the applicable Agreement. The purpose of this Data Processing Addendum Agreement is to reflect the parties’ agreement with regard to the processing of personal data in accordance with the requirements of General Data Protection Regulation as defined below.
The Data Processor Addendum Agreement will not apply where Intricare Technologies act as Data Controller
Definitions:
- Agreement: Means the agreement between Intricare Technologies and the Customer whether in any written or electronic form to provide Service to the Customers.
- Data Controller: Means the natural or legal entity that determines the purpose and means for processing data.
- Data Breach: A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed in connection with the provision of services to Customers by Intricare Technologies.
- Personal Data: Personal data is the information relating to an individual who can be directly or indirectly identified from that data. Identification can be through reference to the information itself, or in conjunction with any other information in our possession or likely to come into such possession.
- Data Processor: Means any natural or legal entity that processes the personal data on behalf of the data controller.
- Services: Any cloud services or customer support provided by Intricare Technologies to the Customers pursuant to this Agreement.
- Sub-Processor: Means any third-party service provider that Intricare Technologies may engage to process personal data of its Customers pursuant to this Agreement.
- Sub-Processor: Means any third-party service provider that Intricare Technologies may engage to process personal data of its Customers pursuant to this Agreement.
Objectives of Data Processing:
- Intricare Technologies undertakes to process personal data on behalf of the Customer in accordance with the conditions laid down in this Data Processing Addendum Agreement. The processing will be executed exclusively within the framework of the Agreement, and for all such purposes as may be agreed to subsequently.
- Intricare Technologies shall refrain from making use of the personal data for any purpose other than as specified by the Customer. The Customer will inform Intricare Technologies of any such purposes which are not contemplated in this Data Processing Addendum Agreement.
- All personal data processed on behalf of the Customer shall remain the property of the Customer and/or the relevant Data subjects.
Intricare Technologies obligations to process Personal Data:
- Intricare Technologies shall warrant compliance with the applicable data protection laws and regulations governing the protection of personal data, including the General Data Protection Regulations which takes effect from 25May, 2018.
- Intricare Technologies shall furnish to the Customer promptly on request, with details regarding the measures it has adopted to comply with its obligations under this Data Processing Addendum Agreement.
- The obligations arising under the terms of this Data Processing Addendum Agreement also apply to each Sub-Processor who processes personal data under the instruction of Intricare Technologies
Allocation of Responsibility:
- Intricare Technologies shall only be responsible for processing the personal data under this Data Processing Addendum Agreement, in accordance with the Customer’s instructions and under the (ultimate) responsibility of the Customer. Intricare Technologies is explicitly not responsible for other processing of personal data, including but not limited to processing for purposes that are not reported by the Customer to Intricare Technologies.
- Customer represents and warrants that it has express consent and/or a legal basis to process the relevant personal data. Furthermore, the Customer represents and warrants that the contents are not unlawful and do not infringe any rights of a third party. In this context, the Customer indemnifies Intricare Technologies of all claims and actions of third parties related to the processing of personal data without express consent and/or legal basis under this Data Processing Addendum Agreement.
Sub-Processors:
- Intricare Technologies is authorized within the framework of the Agreement to engage Sub-processors, with obtaining consent from the Customer. Upon request of the Customer, Intricare Technologies shall inform the Customer about the third party/parties engaged.
- Intricare Technologies shall in any event ensure that the Sub-processor will be obliged to agree in writing to the similar substantial duties that are agreed between the Customer and Intricare Technologies as set out in the Data Processing Addendum Agreement.
Duty to Report Security Incident:
- In the event of a data breach or a security incident, Intricare Technologies shall, to the best of its ability, notify the Customer thereof with undue delay, after which the Customer shall determine whether or not to inform the Data subjects and/or the relevant regulatory authority(ies). This duty to report applies irrespective of the impact of the leak.
- Intricare Technologies will endeavor that the furnished information is complete, correct and accurate.
- Under the GDPR or under any applicable law and/or regulation, Intricare Technologies shall cooperate in notifying the relevant authorities and/or Data subjects.
- The Customer remains the responsible party for any obligations in respect thereof.
Security:
- Intricare Technologies will endeavor to take adequate technical and organizational measures against loss or any form of unlawful processing (such as unauthorized disclosure, deterioration, alteration or disclosure of personal data) in connection with the processing of personal data under this Data Processing Addendum Agreement.
- Intricare Technologies will endeavor to ensure that the security measures are of a reasonable level, having regard to, the sensitivity of the personal data and the costs related to the security measures.
- The Customer at its own risk, will assure that the personal data is provided to Intricare Technologies only after all the necessary security measures have been taken.
Response to Data Subjects:
- Where a Data subject submits a request to Intricare Technologies to exercise any of its rights under the General Data Protection Regulation or any applicable law/regulation, Intricare Technologies will forward the request to the Customer and the request will then be dealt with by the Customer, Intricare Technologies will not respond directly to such request without obtaining the prior approval of the Customer. If Intricare Technologies is required to respond to the Data Subject Request directly, it will promptly notify the Customer of such request, unless Intricare Technologies is prohibited to do so under any applicable law/regulation.
Audit:
- In order to confirm compliance with this Data Processing Addendum Agreement, the Customer shall be at liberty to conduct an audit by assigning an independent third party who shall be obliged to observe confidentiality in this regard. Any such audit will follow Intricare Technologies reasonable security requirements and will not interfere unreasonably with Intricare Technologies business activities.
- The costs of the audit will be borne by the Customer.
Duration and Termination:
- This Data Processing Addendum Agreement is entered into for the duration set out in the Agreement, and in the absence thereof, for the duration of the cooperation between the Parties.
- The Data Processing Addendum Agreement may not be terminated in the interim.
- This Data Processing Addendum Agreement may only be amended by the Parties subject to mutual consent.
- Intricare Technologies shall provide its full cooperation in amending and adjusting this Data Processing Addendum Agreement in the event of new legislation.
Customer Requests:
Intricare Technologies shall comply with the applicable data protection laws and regulations. For the avoidance of doubt, we will:
- Provide support to Customer at their request to assess the impact of our services on their privacy (for example, through assisting Customer with a Data Protection Impact Assessment);
- Provide support to Customer in responding to requests from data subjects to exercise their rights under the EU General Data Protection Regulation (GDPR).
Transparency:
- Intricare Technologies has documented its processing and publishes this in the privacy notice. This can be found on the Intricare Technologies website, or provided at your request.
Miscellaneous:
In the case of any inconsistency between documents and the appendices thereto, the following order of priority will apply:
- the Agreement;
- this Data Processing Agreement;
- Additional conditions, where applicable.