DATA PROCESSING AGREEMENT
Informind DATA PROCESSING AGREEMENT
111 64 Stockholm
Phone: +8 128 28 538
1.1 Informind AB supplies a full-service solution comprised of web analytics tools that allow the Client to gain insight into the users (individuals and companies) that visit and use the Client’s websites and online social media.
1.2 The Client wishes to use Informind AB’ system. For this purpose, Informind AB shall receive non-sensitive personal data, including names, postal addresses, e-mail addresses and phone numbers.
1.3 This Agreement describes Informind AB’ and the Client’s obligations with a view to meeting the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 regarding Data Processing Agreements (known as GDPR).
1.4 The Parties have entered this Agreement in connection with the Parties’ entering into an agreement regarding the Client's use of the Informind AB product, Informind (”the General Agreement”). This and the General Agreement are interdependent and cannot be terminated separately. However, if this Agreement is replaced by another valid data processing agreement, there is no reason to terminate the General Agreement.
2. OBJECTIVES AND THE PARTIES’ STATUS
2.1 By agreement with the Client, Informind AB shall process personal data for the Client with a view to meeting the objectives stated in section 1. Informind AB may therefore solely process personal data that is necessary in order to supply the services stipulated in the General Agreement.
2.2 The Client is the Data Controller responsible for the personal data submitted to Informind AB. The Client is responsible for ensuring that Informind AB is permitted to process any personal data that is submitted to Informind AB.
2.3 The Parties agree that Informind AB is the Data Processor responsible for processing the personal data on the Client’s behalf. As Data Processor, Informind AB has the obligations assigned to a Data Processor in pursuance of the GDPR.
3. Informind AB’ CONTRACTUAL OBLIGATIONS
3.1 Informind AB shall process the personal data only on documented instructions from the Client, including with regard to transfers of personal data to a third country or an international organization, unless required to do so by EU or Swedish law; in such a case, Informind AB shall inform the Client of that legal requirement before processing, unless the law prohibits such information on important grounds of public interest.
3.2 Informind AB shall ensure that any person who acts under the authority of Informind AB and has access to personal data shall not process those data except on instructions from Informind AB and that such a person has committed himself/herself to confidentiality.
4. TECHNICAL AND ORGANIZATIONAL SECURITY MEASURES
4.1 Informind AB shall take technical and organizational measures to prevent accidental or unlawful destruction, publication, loss, impairment, or unauthorized disclosure, misuse or other use in contravention of legal requirements. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, Informind AB shall, where relevant, implement the following measures (this list is not exhaustive): (i) the pseudonymization and encryption of personal data, (ii) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services, (iii) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident, and (iv) a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.
4.2 Informind AB shall immediately inform the Client of a personal data breach of data processed on the Client's behalf.
5. DATA SUBPROCESSORS
5.1 Informind AB may not avail itself of the services of a Data Subprocessor except with the prior specific or general consent of the Client in writing. If general written consent is issued, Informind AB shall notify the Client of the planned engagement of additional or replacement of Subprocessors and thereby give the Client an opportunity to object to such changes.
5.2 If Informind AB transfers the processing of personal data for which the Client is responsible to a Data Subprocessor, Informind AB shall enter a Data Processing Agreement with the Data Subprocessor to ensure that the Data Subprocessor is subject to the same obligations as Informind AB is subject to in pursuance of this Agreement.
6. Informind AB’ SUPPORT
6.1 Taking into account the nature of processing, Informind AB shall as far as possible, assist the Client by implementing appropriate technical and organizational measures to ensure that the Client complies with his obligations with regard to responding to requests to exercise the rights of natural persons.
6.2 Taking into account the nature of the processing and the data available to Informind AB, Informind AB shall assist the Client in adhering to the latter’s obligations established in the GDPR area.
6.3 Informind AB shall provide the Client with all the information required to prove compliance with this Agreement and shall allow for and contribute to audits, including inspections, conducted by the Client or another auditor mandated by the Client.
6.4 Informind AB reserves the right to charge the Client per hour for any work done in connection with sections 6.1-6.3.
7. DATA ERASURE
7.1 Once cooperation with the Client is terminated, Informind AB shall, at the Client’s discretion, either erase or return all personal data and any copies thereof to the Client unless EU Member State law stipulates that such personal data must be stored.