Data Processing Agreement

This agreement applies to our resellers, or anyone who resells our services and who stores customer data or personal information and thereby are responsible for data processing with us as data processor.

1. The agreement’s purpose
The purpose of the agreement is to regulate rights and obligations under the Personal Data Protection Act (Personal Data Act) EUROPEAN PARLIAMENT AND COUNCIL REGULATION (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free exchange of such data and repealing Directive 95/46 / EC (General Privacy Regulation) [GDPR]. The agreement shall ensure that personal data about the data subjects is not used unlawfully or is unjustly used. The agreement governs the use of personal data by the data processor on behalf of the controller, including collection, registration, compilation, storage, disclosure or combinations thereof.

2. Purposes
The purpose of the data processing agreement is to ensure that personal data is not lost: We store personal information that the customer chooses to provide to us in order to provide and invoice services for the customer.

These are:
Name, address, telephone and email address. Logs of website visits and ordering services for documentation of changes made. We back up all data every night and it is stored for 30 days. If data is deleted from the server, after 30 days we will overwrite the data stored in the backup.

3. Duties of data processors
The data processor must follow the procedures and instructions for the treatment that the controller has to decide at all times. The data processor is obliged to provide the controller with access to his / her safety documentation, and to assist, so that the controller can fulfill his / her own responsibility according to law and regulations. The controller is, unless otherwise agreed or required by law, the right to access and access the personal data processed and the systems used for this purpose. The data processor is obliged to provide the necessary assistance for this. The data processor has a duty of confidentiality regarding documentation and personal data that he or she can access according to. this agreement. This provision also applies after termination of the agreement.

Use of subcontractor
Sircon Norge AS as a data processor does not use subcontractors or others who are not employed by us. Everyone who performs assignments involving the use of the relevant personal data on behalf of the data processor must be familiar with the data processor’s contractual and legal obligations and fulfill the conditions according to these.

The data processor shall comply with the requirements for security measures that are required by the Personal Data Act and the Personal Data Regulations, including in particular Sections 13 – 15 of the Personal Data Act with regulations. The data processor must document routines and other measures to meet these requirements. The documentation must be available at the request of the treatment officer. Non-conformity reporting pursuant to Section 2-6 of the Personal Data Regulations shall be made by the data processor reporting the non-conformity to the controller. The controller is responsible for sending the non-conformity notification to the Norwegian Data Inspectorate.

Security audits
The controller shall agree with the data processor that regular security audits are carried out regularly for systems and the like covered by this agreement.

Duration of the agreement
The agreement is valid as long as the data processor processes personal data on behalf of the data controller. In the event of a breach of this agreement or the Personal Data Act, the controller may order the data processor to stop the further processing of the information with immediate effect. The agreement may be terminated by both parties with a mutual term of 3 months, cf. clause 8 of this agreement.

Upon termination
Upon termination of this agreement, the data processor is obliged to return all personal data received on behalf of the controller and covered by this agreement. The data processor shall erase or properly destroy all documents, data, floppy disks, CDs, etc., which contain information covered by the agreement. This also applies to any backups. Data Processor deletes and / or destroys data after termination of the agreement. The data processor will document in writing that deletion and / or destruction has been carried out in accordance with the agreement within a reasonable time after the termination of the agreement.

Notices under this Agreement shall be sent in writing to:

Choice of law and court
The agreement is governed by Norwegian law and the parties adopt Trondheim District Court as court.