Appendices
Customer related Data Subjects will be persons who relate to the fulfilment of one or more of the following functions comprising the Services, the extent of which is determined by Customer at its sole discretion:
- End Users authorised by Customer to use the Services
- Administrators authorised by Customer to use the Services
- Registrants, applicants, presenters, support staff, prospects, customers and business partners of Customer and Customer End Users (who are natural persons)
- Employees or contact persons of Customer registrants, applicants, presenters, support staff, prospects, customers and business partners
- Any other function forming part of the Services
Customer or its End Users may submit Customer Personal Data to the Service, the extent of which is determined by Customer at its sole discretion, and which may include, but is not limited to the following categories of Personal Data:
- First and last name
- Title
- Position
- Employer
- Contact information (company, email, phone, physical business address)
- ID data
- Professional life data
- Personal life data
- Connection data
- Localisation data
As of the Date of this Addendum, Aptree, when Processing Customer Personal Data on behalf of Data Controller in connection with the Service, Aptree shall implement and maintain the following technical and organisational security measures for the processing of such Customer Personal Data (“Security Standards”):
- 1.Physical Access Controls Aptree shall take reasonable measures to prevent physical access such as security personnel and secured buildings and factory premises, to prevent unauthorised persons from gaining access to Customer Personal Data, or ensure Third Parties operating data centres on its behalf are adhering to such controls.
- 2.System Access Controls Aptree shall take reasonable measures to prevent Customer Personal Data from being used without authorisation. These controls shall vary based on the nature of the Processing undertaken and may include, among other controls, authentication via passwords and/or two-factor authentication, documented authorisation processes, documented change management processes and/or logging of access on several levels.
- 3.Data Access Controls Aptree shall take reasonable measures to provide that Customer Personal Data is accessible and manageable only by properly authorised staff, direct database query access is restricted and application access rights are established and enforced to ensure that persons entitled to use a data processing system only have access to the Customer Personal Data to which they have privilege of access; and, that Customer Personal Data cannot be read, copied, modified or removed without authorisation in the course of Processing.
- 4.Transmission Controls Aptree shall take reasonable measures to ensure that it is possible to check and establish to which entities the transfer of Customer Personal Data by means of data transmission facilities is envisaged so Customer Personal Data cannot be read, copied, modified or removed without authorisation during electronic transmission or transport.
- 5.Input Controls Aptree shall take reasonable measures to provide that it is possible to check and establish whether and by whom Customer Personal Data has been entered into data processing systems, modified or removed. Aptree shall take reasonable measures to ensure that (i) the Customer Personal Data source is under control of the Data Controller; and (ii) Customer Personal Data integrated into the Service is managed by secured transmission from Data Controller.
- 6.Data Backup Backups of databases in the Service are taken on a regular basis, are secured and encrypted to ensure that Customer Personal Data is protected against accidental destruction or loss when hosted by Aptree.
- 7.Logical Separation Data from different Aptree subscriber environments is logically segregated on Aptree’s systems to ensure that Customer Personal Data that is collected for different purposes may be Processed separately.
Last modified 1yr ago