Data Handling Agreement
- September 16, 2021
2.1 Push processes and transfers all personal data of the customer via servers managed by Push. Push can replicate data across multiple storage systems. 2.2 Subject to paragraph 2.3, as soon as it no longer needs the Customer`s personal data to fulfill its obligations to the Customer and its legal requirements, Push will securely delete the Customer`s personal data. This deletion is done in accordance with guidelines issued from time to time by the UK Information Commissioner, which may allow data to be placed as an alternative to physical erasure “except outside of use”. 2.3 After termination of the contract, Push deletes the customer`s personal data, either securely in accordance with paragraph 2.2 or at the customer`s choice (which must be provided by written notification before the termination of the contract) so that the customer can recover the customer`s personal data, provided that the customer`s personal data is recovered by the customer within four weeks of the termination of the contract. 2.4 If Push deems it appropriate, it will use cryptography covering the data during transmission and/or at rest. The customer authorises the transfer of data from the EU to such destinations outside the EU or access to EU data from these purposes outside the EU, provided that one of these measures has been taken. Notwithstanding the foregoing, the Standard Contractual Clauses do not apply and have no legal effect where DigitalOcean applies, during the term of this DPA, another appropriate security feature or means for the transmission of EU data described in this section. 9.1 Push currently uses the data center services provided by Amazon Web Services (AWS) for the provision of its services, AWS security standards can be found here aws.amazon.com/security/ 9.2 Each year, Push verifies and evaluates the security audit reports provided by AWS to ensure that they meet an acceptable standard.
The Customer, as defined in HubSpot`s Terms of Service for Customers (the “Data Exporter”),) Our Data Protection Authority gives a number of guarantees to companies that entrust us with personal data. For example, the ProtonMail data processing agreement promises the use of technical security measures, such as encryption. B, as set out in Article 32 of the GDPR. It also provides adequate assistance to controllers in carrying out a data protection impact assessment. 6. The processing of personal data by the processor shall take place at the following sites, including the name of the country or countries of processing: (e) immediately and correctly process all requests from the data exporter relating to the processing of the personal data transmitted and follow the advice of the supervisory authority with regard to the processing of the transmitted data; (C) The Parties shall endeavour to implement an IT agreement in accordance with the requirements of the existing legal framework on data processing and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data, on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation). . . .