Data Processing Agreement
Last updated 24th April 2018.
Background and purpose:
For the purpose of fulfilling the agreement (hereinafter the "Main Agreement") with the Customer, WakeupData Aps will receive and process personal information about the Customer or Customer's employees.
In addition, WakeupData Aps may receive and, on behalf of the Customer, process personal information about Customer's customers.
This Agreement sets out the requirements for processing these personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 ("the Regulation").
WakeupData Aps's processing of personal information about the Customer and Customer's employees
Consent for processing personal data
WakeupData Aps uses personal data about Customer and Customer's employees in the form of names, addresses, email addresses, gender, date of birth, CVR number, phone numbers, purchase history and behavior. WakeupData Aps does not process sensitive personal information.
Customer agrees that the Customer has provided consent to transfer this personal information to WakeupData Aps pursuant to this Agreement.
Purpose of processing personal data
WakeupData Aps handles only personal data that is relevant, sufficient and necessary in relation to the purposes of the Master Agreement, in connection with WakeupData Aps's efforts to optimize Product Feeds, Competitor Analysis, Product Comparisons and Data integration activities.
The purpose of the Master Agreement is crucial to the type of personal data relevant to WakeupData Aps's processing and the extent of personal data WakeupData Aps handles.
The parties agree that WakeupData Aps has a legitimate interest in receiving and processing personal data for fulfilling these purposes.
If WakeupData Aps does not receive the relevant and necessary personal data, WakeupData Aps may fail to fulfill its obligations under the General Agreement.
If WakeupData ApS wishes to use personal data for a purpose other than those arising from the General Agreement, WakeupData Aps informs Customer of the new purpose and requests the Customer to obtain the consent of the registrant before WakeupData Aps commences processing. If WakeupData Aps has another legal basis for the new processing, WakeupData Aps informs the Customer about this.
If WakeupData Aps collects data about the Customer or Customer's employees other than employees or the Customer, WakeupData Aps will inform the Customer within 10 days after WakeupData Aps has obtained this data.
At the same time, WakeupData Aps discloses the purpose of the collection and the legal basis that allows WakeupData Aps to retrieve these personal data. The customer hereby passes the information to the employees concerned.
Minimizing, correcting and deleting data
Before WakeupData Aps processes personal data, WakeupData Aps examines the possibilities to minimize the amount of data. To the extent that it does not affect the ability to fulfill the purposes of the Master Agreement, WakeupData Aps will use data in anonymous or pseudonymized form.
WakeupData Aps checks that the personal data WakeupData Aps handled is not misleading or inaccurate. To ensure the quality of data, WakeupData Aps has adopted internal procedures for checking and updating personal data.
WakeupData Aps deletes personal data when it is no longer necessary for the purpose of the collection and processing of this data.
Disclosure of personal data
If WakeupData Aps passes personal data to third parties and these are not listed in the Main Agreement, WakeupData Aps collects Customer's consent and informs about the purposes for which these personal data will be used. The customer may object to this form of disclosure at any time. However, WakeupData Aps does not obtain consent if WakeupData Aps is legally required to disclose personal data.
WakeupData Aps only passes personal data to third-party partners with the Customer's consent. If WakeupData Aps passes personal data to third-party affiliates, WakeupData Aps has previously ensured that the data protection level of these countries complies with the requirements of this Agreement and that the transfer takes place in accordance with the requirements of the Regulation.
Right to know and objection
The registered person is entitled at any time to know what personal data WakeupData Aps is handling, where it was originated, and the purpose for WakeupData Aps to use it .
The registered person will be informed about how long WakeupData Aps stores personal data, who receives this data and to what extent this data is passed on to others. Access may, however, be limited for the protection of other people's privacy, business secrets and intellectual property rights.
The registrant has the right to object to WakeupData ApS's data processing at any time and has the right to restrict its use if personal data is no longer necessary in relation to the purpose for which they were obtained to retrieve personal data.
If the registrant thinks that the personal data WakeupData ApS handles is incorrect, the registered person has the right to have them corrected.
Both the Customer and the Registrar may at any time withdraw consent for processing personal data by contacting WakeupData ApS.
WakeupData ApS has established internal rules on information security with instructions and measures that protect the data subject's data against unauthorized access.
In case of security breaches that result in a high risk of the rights and freedoms of the data subject, WakeupData ApS will notify the Customer and / or the Registrar as soon as possible.
Right to complain
If the registrant believes that WakeupData ApS does not fulfill its obligations under the Personal Data Regulation, WakeupData ApS must be contacted. If, after WakeupData ApS has stated, the registered person continues to believe that his / her rights have been violated, the registrant may file a complaint against WakeupData ApS to Data Inspectorate, www.datatilsynet.dk.
WakeupData ApS's processing of personal information about the Customer's customers (Data Processing Agreement).
WakeupData ApS's obligations
The customer is the data controller for the personal information of the Customer's customers, which WakeupData ApS receives from the Customer and processes on behalf of the Customer. The Customer is responsible for the processing of the personal data transferred to WakeupData ApS by WakeupData ApS.
The parties agree that WakeupData ApS is the data processor for the personal data processed by WakeupData ApS on behalf of the Customer. WakeupData ApS has as data processor the obligations imposed on a data processor under the laws.
The parties agree that, in addition, WakeupData ApS's processing of personal data on behalf of the Customer is made in accordance with the General Agreement. Unless otherwise specified in the Master Agreement, WakeupData ApS specifically processes personal information about Customer's customers in order to assist the Customer in:
(i) tracking user behavior to ensure optimum user experience and communication
(ii) tracking in relation to advertising through 3rd party systems such as Google Adwords, Facebook and the like
(iii) It is further specified as part of this agreement that the party is aware of the current trading terms: https://www.wakeupdata.com/terms-of-use
WakeupData ApS is acting solely by documented instructions from the Customer, including as regards the transfer of personal data to a third country or international organization, unless required under EU law or the national law of the Member States to which WakeupData ApS is subject; In that case, WakeupData ApS informs Customer of this legal requirement before processing unless the law prohibits such notification for reasons of important social interests.
WakeupData ApS ensures that the persons authorized to process personal data and who access personal data only treat them on instructions from the Customer and that they have committed to confidentiality.
WakeupData ApS's assistance to the Customer
Considering the nature of the treatment, WakeupData ApS will, as far as possible, assist the Customer through appropriate technical and organizational measures fulfilling the Customer's obligation to respond to requests for the exercise of the rights of the data subjects.
WakeupData ApS, taking into account the nature of the processing and the information available to WakeupData ApS, assists the client in ensuring compliance with the obligations under the Regulation's Requirements for Treatment Security (Article 32), Personal Data Protection Breach for Data Protection (Article 33) , notification of breach of personal data protection to the data subject (Article 34), possible impact assessment on data protection (Article 35) and prior consultation of the Data Inspectorate (Article 36).
WakeupData ApS provides all information necessary to demonstrate compliance with this Agreement, available to the Customer, and allows and contributes to audits, including inspections made by the Customer or other auditor, authorized by the Customer.
WakeupData ApS's security measures
WakeupData ApS takes the necessary technical and organizational precautions that information is accidentally or illegally destroyed, lost or impaired and against the knowledge of the unauthorized person, misused or otherwise treated in violation of the laws.
Taking into account the current technical level, implementation costs and the nature, extent, consistency and purpose of the treatment concerned, as well as the risks of varying probability and seriousness of the rights and freedoms of the data subject, WakeupData ApS shall implement the following actions as appropriate:
(i) encryption of personal data,
(ii) ability to ensure continued confidentiality, integrity, availability and robustness of treatment systems and services;
(iii) ability to promptly restore availability and access to personal data in case of physical or technical event; and
(iv) ) a procedure for periodic testing and evaluation of the effectiveness of technical and organizational measures to ensure treatment safety.
During Data Processing
WakeupData ApS may not make use of any other data processor without prior specific or general written approval from the Customer. In the case of general written approval, WakeupData ApS shall notify the Customer of any planned changes regarding the addition or replacement of other data servers, thereby enabling the Customer to object to such changes. However, this does not apply to the 3rd party agreement concluded by the customer, where WakeupData ApS merely transmits data on behalf of the customer.
After the Customer's choice, WakeupData ApS deletes or returns all Personal Information to Customer after termination of the Customer Agreement and deletes existing copies unless the EU or national law of the Member States prescribes the retention of personal data.