Data Processing Addendum
Dear Pro Backup customer,
This document is an "data processing addendum" ("DPA") for customers that are looking for a "processor agreement" in reference to the "General Data Protection Regulation" (EU) 2016/679 ("GDPR").
Moreover, this document can not be seen as legal advice, but simply as our interpretation of the regulations.
Personal data that a customer stores at Pro Backup
This DPA covers the personal data, as defined by the AVG, which a customer stores (using CrashPlan software) at Pro Backup. The terms and principles in this DPA apply to all Pro Backup customers, regardless of where they are located.
The processing of personal data by Pro Backup as "controller" is outside the scope of this DPA.
Right to update this DPA
As the GDPR evolves and best practices are refined, Pro Backup reserves the right to update this DPA at any time. If there is something we view as a material change, we will notify our customers via email 30 days in advance of the change going into place.
Despite Pro Backup meets the requirements set forth in the GDPR for a data processor. Our compliance with the GDPR includes, but is not limited to:
- The use of personal data solely for the performance of our services and as permitted by applicable law;
- Taking appropriate measures to ensure the security of the Pro Backup processes for personal data. This includes, but is not limited to: the use of generally accepted technical protections and the training of employees;
- Ensure that all Pro Backup personnel who access or process personal data are subject to confidentiality;
- Ensure that third parties do not process personal data received from Pro Backup except in accordance with applicable GDPR requirements;
- Maintaining obligations in connection with requests for inspection and other rights of data subjects under the GDPR;
- In the unlikely event of a system breach, we will send you a notification by e-mail (within 72 hours) and we can, in our sole discretion, update our status page. A "system breach" does not imply that a customer account is accessed through valid credentials, unless those credentials were exposed through some action or fault of Pro Backup or one of its sub-processors.
Is it always necessary to have a separate processor agreement?
No, it is important that agreements are made between the parties about the processing of personal data and that these agreements are recorded in writing in one way or another. This does not have to be in a separate document, but can also be done very well in the general conditions… — https://www.nederlandict.nl/news/de-avg-uitgelegd-deel-9-verwerkersovereenkomst/