SocrateRM Data Processing Terms

1. General Terms

(a) To the extent that BITSoftware processes personal data:

(i) comprised in or related to video survey Requests and

(ii) content of, and information comprised in or related to BITSoftware’s services and products together BITSoftware Customer Personal Data, each party acknowledges and agrees that for the purpose of Data Protection Laws, the BITSoftware Customer is the controller of the BITSoftware Customer Personal Data and BITSoftware is the processor of the BITSoftware Customer Personal Data.

(b) The BITSoftware Customer shall comply with its obligations as controller of the BITSoftware Customer Personal Data (including, without limitation, any obligation under Data Protection Laws to obtain Contributor consent to the processing of BITSoftware Customer Personal Data) and shall be liable to BITSoftware for any failure of BITSoftware Customer to comply with any such obligations.

(c) BITSoftware shall implement appropriate technical and organisational measures to the intent that processing should meet the requirements of Data Protection Laws as to the protection of the rights of the data subject.

(d) The subject-matter and duration of the processing, the nature and purpose of the processing, the type of personal data, the categories of data subjects and the obligations and rights of the BITSoftware Customer in relation to the processing are as set out or implied in these BITSoftware Customer Data Processing Terms, the SocrateCloud Agreement, other BITSoftware products Agreements and the BITSoftware Privacy Policy.

(e) BITSoftware shall:

(i) process BITSoftware Customer Personal Data as permitted under or to comply with its obligations under these BITSoftware Customer Data Processing Terms (including in the provision of the BITSoftware service) and otherwise in accordance with the instructions of the BITSoftware Customer as stated in these BITSoftware Customer Data Processing Terms and the BITSoftware Agreement; and

(ii) assist the BITSoftware Customer at the BITSoftware Customer’s expense with undertaking an assessment of the impact of processing that BITSoftware Customer Personal Data, and with any consultations with a supervisory authority, if and to the extent an assessment or consultation is required to be carried out under Data Protection Laws.

(ii) assist the BITSoftware Customer at the BITSoftware Customer’s expense with undertaking an assessment of the impact of processing that BITSoftware Customer Personal Data, and with any consultations with a supervisory authority, if and to the extent an assessment or consultation is required to be carried out under Data Protection Laws.

2. Data Subject Rights

BITSoftware shall:

(a) implement technical and organisational measures intended to assist in the fulfilment of the BITSoftware Customer’s obligation to respond to requests by data subjects to exercise their rights of access, rectification or erasure, to restrict or object to processing of BITSoftware Customer Personal Data, or to data portability; and

(b) if a data subject makes a written request to BITSoftware to exercise any of the rights referred to in paragraph 2(a) above, forward the request to the BITSoftware Customer promptly and shall, upon the BITSoftware Customer’s reasonable written request, provide the BITSoftware Customer with such co-operation and assistance as is reasonably requested by the BITSoftware Customer in relation to that request with the object of assisting the BITSoftware Customer to respond to it.

3. Security measures

BITSoftware shall:

(a) taking into account the state of the art, the costs of implementation and the nature, scope, context and purpose of processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, implement and maintain appropriate technical and organisational measures intended to provide a level of security appropriate to the risk of unauthorised or unlawful processing of BITSoftware Customer Personal Data, and of accidental or unlawful loss, alteration, unauthorised disclosure or destruction of, or damage to, BITSoftware Customer Personal Data; and

(b) notify the BITSoftware Customer without undue delay after becoming aware of a personal data breach, and upon the BITSoftware Customer’s reasonable written request provide the BITSoftware Customer at the BITSoftware Customer’s expense with such co-operation and assistance as is reasonably requested by the BITSoftware Customer with the object of assisting the BITSoftware Customer to notify the personal data breach to the relevant supervisory authority and relevant data subject(s) (as applicable).

4. Sharing of BITSoftware Customer Personal Data

BITSoftware’s third party processors of BITSoftware Customer Personal Data (Subprocessors) are identified in the Schedule to these Customer Data Processing Terms.

BITSoftware shall:

(a) when engaging a new Subprocessor, inform the BITSoftware Customer of the engagement at least 30 days prior to the Subprocessor commencing the processing of BITSoftware Customer Personal Data, notifying the BITSoftware Customer of the identity of the Subprocessor and its role, by email to support@BITSoftware.com;

(b) be deemed to grant the BITSoftware Customer the right to object to such new Subprocessor by terminating the Agreement in accordance with clause 7c. of the Agreement (subject to the other provisions of that clause 7 and the Agreement), such right of termination being the BITSoftware Customer’s entire and exclusive remedy if it objects to a new Subprocessor.

(c) enter into a contract with each Subprocessor on terms appropriate to the requirements of Data Protection Laws; and

(d) ensure that its employees who have access to BITSoftware Customer Personal Data have committed to confidentiality obligations.

5. Transfers of BITSoftware Customer Personal Data

(a) Save as permitted pursuant to paragraph 4 above, BITSoftware shall not transfer BITSoftware Customer Personal Data to, or process BITSoftware Customer Personal Data in, any country outside the European Economic Area without the prior written consent of the BITSoftware Customer (such consent not to be unreasonably withheld or delayed) unless (and for so long as):

(i) there has been a European Community finding of adequacy pursuant to Article 25(6) of Directive 95/46/EC or, after 24 May 2018, Article 45 of the GDPR in respect of that country or territory;

(ii) the transfer is to the United States to an importing entity that is a certified member of the EU-US Privacy Shield; or

(iii) the BITSoftware Customer or BITSoftware and the relevant importing entity are party to a contract in relation to the export of BITSoftware Customer Personal Data meeting the then-current requirements of Data Protection Laws and these BITSoftware Customer Data Processing Terms.

(b) Where any mechanism for cross-border transfers of BITSoftware Customer Personal Data is found by a supervisory authority, court of competent jurisdiction or other governmental authority to be an invalid means of complying with the restrictions on transferring BITSoftware Customer Personal Data to a third country or territory as set out in Data Protection Laws, the parties shall act in good faith to agree the implementation of an alternative solution to enable the BITSoftware Customer to comply with the provisions of Data Protection Laws in respect of any such transfer.

6. Compliance

(a) BITSoftware shall at BITSoftware Customer’s expense:

(i) upon BITSoftware Customer’s written request provide all information reasonably required to demonstrate its compliance with Article 28 of the GDPR;

(ii) allow for and contribute to audits conducted by or on behalf of BITSoftware Customer relating to the processing of BITSoftware Customer Personal Data by BITSoftware;

(iii) provide all co-operation and assistance reasonably requested by BITSoftware Customer in connection with:

(A) assisting BITSoftware Customer in ensuring compliance with obligations under Articles 32 to 36 of the GDPR, taking into account the nature of BITSoftware’s processing and the information available to BITSoftware;

(B) the undertaking of any assessment by BITSoftware Customer of the impact of processing BITSoftware Customer Personal Data; and

(C) any consultations conducted by BITSoftware Customer with any supervisory authority under Data Protection Laws.

(b) The BITSoftware Customer shall:

(i) comply with all applicable laws (including Data Protection Laws), and rights of third parties, that relate to BITSoftware Customer Personal Data; and

(ii) comply with all of its obligations as Customer of Customer Personal Data; and

(iii) ensure that it is and shall remain entitled to authorise the processing by BITSoftware and other processors engaged by BITSoftware of Customer Personal Data in connection with the BITSoftware service.

7. Termination/expiry

(a) Unless expressly stated otherwise in these BITSoftware Customer Data Processing Terms, upon termination of  the BITSoftware Customer’s participation in the BITSoftware service, BITSoftware shall, and shall procure that each processor engaged by BITSoftware to process BITSoftware Customer Personal Data shall, cease as soon as is reasonably practicable to use the BITSoftware Customer Personal Data and delete the BITSoftware Customer Personal Data unless required or entitled to retain a copy in accordance with any law of the European Union or any member state of the European Union or permitted to retain or continue processing the BITSoftware Customer Personal Data under any provision of these BITSoftware Customer Data Processing Terms.

(b) On expiry of the BITSoftware Customer’s participation in the BITSoftware service these BITSoftware Customer Data Processing Terms shall survive and continue in full force and effect.

8. Definitions

In these BITSoftware Customer Data Processing Terms:

(a) Data Protection Laws include (i) Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the GDPR) and the Directive on Privacy and Electronic Communications (2002/58/EC), (ii) their successors or replacements, and (iii) any legislation implementing or modifying any of them in the Romania;

(b)  controller, data subject, personal data, personal data breach, processor and processing shall each bear the meanings given to them in the GDPR;

(c) Words and phrases defined in the BITSoftware Agreement or the BITSoftware Privacy Policy have the same meaning in these BITSoftware Customer Data Processing Terms

Schedule: Processors

The Customer confirms that the following general authorisations of processors are authorised for use by BITSoftware:

Hosting and Infrastructure Service providers, including:

Amazon Web Services

Amazon Web Services EMEA, Luxembourg

Cloud infrastructure, Storage, Data Processing

MongoDB

MongoDB Ltd, Dublin, Ireland

Storage and Data Processing

Google

Google Ltd Dublin, Ireland

Google Analytics

Intercom

Intercom, San Francisco, CA, USA

Chat and support services

Loggly

Loggly Inc, San Francisco, CA, USA

Application Logs management

Netopia

Netopia s.r.l., Bucuresti, Romania

Online Payment Service - mobilPay