Loading...
Loading...
Your continued use of TheVoĉo ("Services") means you are herein consenting to the following data procedures expressed within this Data Processing Agreement ("DPA").
The Data Controller ("Customer") and the Data Processor ("TheVoĉo") are hereinafter referred to as the Party or jointly the Parties.
1.1 The terms used in this DPA shall be deemed to have the same meaning as in the applicable data-protection regulations and the practice developed at any given time regarding the applicable data-protection regulations. This means that definitions in this DPA may change during the term of the agreement. The above means that this DPA involves the following definitions:
The measure or combination of measures concerning Personal Data or sets of Personal Data, e.g. collection, registration, organization, structuring, storage, processing or alteration, creation, reading, use, surrender through transfer, dissemination or other provision, adjustment or consolidation, limitation, deletion or destruction.
The General Data Protection Regulation (EU) 2016/679 ('GDPR'), and other regulations with the relevant implementation statutes and the regulations in this area applying at any given time. Non-European Data Protection Legislation may also apply to the processing of Customer Personal Data.
The entity which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.
The entity which processes Personal Data on behalf of the Controller.
Any information relating to an identified or identifiable natural person.
Security incidents leading to unintentional or unlawful destruction, loss or alteration, or to unauthorized disclosure of or unauthorized access to the Personal Data that has been transferred, stored and otherwise been the subject of Processing.
Any personal-data processor engaged by the Data Processor or Data Controller that processes Personal Data on behalf of the Data Controller.
2.1 Parties' Roles. Customer, as Data Controller, appoints TheVoĉo as a Data Processor to process the Personal Data on Customer's behalf. The processing the Data Processor will perform on behalf of the Data Controller shall be regulated by this DPA.
2.2 Purpose Limitation. Data Processor shall process the Personal Data for the purposes described in Annex A, except where otherwise required by applicable law. Any additional processing required by Data Controller outside of the scope of the DPA will require prior written agreement between the parties, including agreement on any additional fees that Data Controller may be required to pay.
2.3 On the basis of the above, the Parties have entered into the following DPA.
Data Processor will maintain appropriate security measures to safeguard the security of Personal Data. Data Processor will maintain an information security and risk management program based on commercial best practices to preserve the confidentiality, integrity and accessibility of Personal Data with administrative, technical and physical measures conforming to generally recognized industry standards and practices. Data Processor shall implement appropriate technical and organizational measures to protect Personal Data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access.
Data Processor shall ensure that any personnel whom Data Processor authorizes to process Personal Data on its behalf is subject to confidentiality obligations with respect to that Personal Data. The undertaking to confidentiality shall continue after the termination of the above-entitled activities.
Data Processor will notify the Data Controller as soon as practicable after it becomes aware of any of any Personal Data Breach affecting any Personal Data. At the Data Controller's request, Processor will promptly provide the Data Controller with all reasonable assistance necessary to enable the Data Controller to notify relevant Personal Data Breaches to competent authorities and/or affected Data Subjects, if Data Controller is required to do so under the Data Protection Law.
Data Processor will provide reasonable assistance, including by appropriate technical and organizational measures and taking into account the nature of the Processing, to enable Data Controller to respond to any request from Data Subjects seeking to exercise their rights under the Data Protection Law with respect to Personal Data (including access, rectification, restriction, deletion or portability of Personal Data, as applicable), to the extent permitted by the law. If such request is made directly to Data Processor, Data Processor will promptly inform Data Controller and will advise Data Subjects to submit their request to the Data Controller. Data Controller shall be solely responsible for responding to any Data Subjects' requests. Data Controller shall reimburse Data Processor for the costs arising from this assistance.
Data Processor shall be entitled to engage Sub-processors to fulfil Data Processor's obligations only with Data Controller's written consent. The Data Processor shall inform the Data Controller of any intended changes concerning addition or replacement of any Sub-processors, and the Data Controller has the right to object to such changes. The Data Processor shall ensure that its data protection obligations set out in the DPA and in Applicable Data Protection Law are imposed to any Sub-processors by a written agreement. Any Sub-processor shall in particular provide sufficient guarantees to implement appropriate technical and organizational measures to comply with Applicable Data Protection Law, and provide the Data Controller and relevant supervisory authorities with access and information necessary to verify such compliance. The Data Processor shall remain fully liable to the Controller for the performance of any Sub-processor.
Within the scope of the DPA and in its use of the services, Data Controller shall be solely responsible for complying with the statutory requirements relating to data protection and privacy, in particular regarding the disclosure and transfer of Personal Data to the Data Processor and the Processing of Personal Data. Customer, as Data Controller, shall be responsible for ensuring that:
4.1 It has complied, and will continue to comply, with all Applicable Data Protection Law, including in any instructions it issued to TheVoĉo under this DPA.
4.2 It has, and will continue to have, the right to transfer, or provide access to, the Personal Data to TheVoĉo for processing in accordance with this DPA.
5.1 This DPA is valid until the Data Processor's processing of the Personal Data ceases.
5.2 Upon completion of processing, the Data Processor shall return the Personal Data to the Data Controller in a general and legible format, and shall thereafter delete the Personal Data from systems used for processing, unless this is incompatible with other mandatory legislation.
Customer will indemnify, keep indemnified and hold harmless TheVoĉo, its clients, officers, directors, employees, agents, and representatives (each an "Indemnified Party") from and against all third-party loss, harm, cost (including reasonable legal fees and expenses), expense and liability that an Indemnified Party may suffer or incur as a result of Customer's non-compliance with the requirements of this DPA.
These instructions form an integral part of the DPA and shall be adhered to by the Data Processor in the processing of Personal Data, unless expressly state otherwise in the DPA. The Data Controller may unilaterally change these instructions at a later date by notifying the Data Processor of the change in writing. Changes take effect no earlier than 3 calendar days after having been sent by the Data Controller. By accepting the DPA, the Data Controller Processor has confirmed the meaning of these instructions.
The purpose of the processing is:
The following types of Personal Data are processed:
The Personal Data processed is determined and controlled by the Data Controller in its sole discretion. As such, TheVoĉo has no control over the nature, volume and sensitivity of Personal Data processed through its Services by the Data Controller or its users.
Processing lasts for as long as the Data Processor represents the Data Controller. Upon termination of the Services, Personal Data can be deleted by resetting the P-Series Cloud Edition to factory default.
The Sub-processors are used for hosting of servers, and these Sub-processors operate with adequate level of protection for personal data and comply with Applicable Data Protection Law. The list of Sub-processors are as follows:
| Entity Name | Purpose | Entity Country |
|---|---|---|
| Google Cloud | Cloud Service Provider, Customer Portal, Website | Europe, Germany, Frankfurt (eu-west3) |
| Level 3 | Cloud Service Provider, PBX Hosting | Europe |
| Stripe Europe | Payment Processor | Europe, Ireland, Dublin |
Personal Data may be disclosed to:
On request, and in accordance with the law and official decisions, the Data Processor is obliged to disclose the data resulting from the decision, e.g. to the police.
In the event of a call to SOS Alarm, for example.
When placing calls to another operator, for example, certain Personal Data is registered with said operator.
Personal Data may also be disclosed to other companies and authorities after the Data Controller has given consent, and/or in order to discharge a specific part of the Service under an agreement.
Our team is here to help you understand our data protection practices.