Data Processing Agreement for DESARROLLOS INFORMATICOS SHM S.L. Services (“DPA”)

1. DEFINITIONS

1.1 “Cloud Service” means any distinct, subscription-based, hosted, supported and operated on-demand solution as defined in the Agreement.

1.2 “Controller“means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data; for the purposes of this DPA, where Customer acts as processor for another controller, it shall in relation to DESARROLLOS INFORMATICOS SHM S.L. be deemed as additional and independent Controller with the respective controller rights and obligations under this DPA.

1.3 “Data Protection Law” means the applicable legislation protecting the fundamental rights and freedoms of natural persons and their right to privacy with regard to the processing of Personal Data under the Agreement.

1.4 “Data Subject” means an identified or identifiable natural person as defined by Data Protection Law.

1.5 “EEA” means the European Economic Area, namely the European Union Member States along with Iceland, Liechtenstein and Norway.

1.6 “GDPR” means the General Data Protection Regulation 2016/679.

1.7 “New SCC Relevant Transfer“means a transfer (or an onward transfer) to a Third Country of Personal Data that is either subject to GDPR or to applicable Data Protection Law and where any required adequacy means under GDPR or applicable Data Protection Law can be met by entering into the New Standard Contractual Clauses.

1.8“New Standard Contractual Clauses”means the unchanged standard contractual clauses, published by the European Commission, reference 2021/914 or any subsequent final version thereof as adopted by DESARROLLOS INFORMATICOS SHM S.L. To avoid doubt Modules 2 and 3 shall apply as set out in Section 8.3.

1.9 “Personal Data” means any information relating to a Data Subject. For the purposes of the DPA, it includes only personal data which is:

a) processed by DESARROLLOS INFORMATICOS SHM S.L. as part of the Cloud Service; or

b) supplied to or accessed by DESARROLLOS INFORMATICOS SHM S.L. or its Subprocessors in order to provide support under the applicable Agreement or in connection with DESARROLLOS INFORMATICOS SHM S.L. Services.

1.10 “Personal Data Breach” means cases of a confirmed:

a) accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or unauthorized third-party access to Personal Data; or

b) similar incident involving Personal Data, in each case for which a Controller is required under Data Protection Law to provide notice to competent data protection authorities or Data Subjects.

1.11 “Processor“means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller, be it directly as processor of a controller or indirectly as subprocessor of a processor which processes personal data on behalf of the controller.

1.12 “DESARROLLOS INFORMATICOS SHM S.L. Support” means support services as defined in the applicable Agreement.

1.13 “Schedule” means the numbered Appendix with respect to the Standard Contractual Clauses (2010) and the numbered Annex with respect to the New Standard Contractual Clauses.

1.14 “Services” means implementation services, consulting services and/or other related services as defined in the Agreement and may also be referred to in the Agreement as “Consulting Services” o “Professional Services“.

1.15 “Standard Contractual Clauses (2010) ” means the Standard Contractual Clauses (processors) published by the European Commission, reference 2010/87/EU.

1.16 “Subprocessor” or “sub-processor” means DESARROLLOS INFORMATICOS SHM S.L. Affiliates, and third parties engaged by DESARROLLOS INFORMATICOS SHM S.L. or DESARROLLOS INFORMATICOS SHM S.L.’s Affiliates in connection with the DESARROLLOS INFORMATICOS SHM S.L. Services which process Personal Data in accordance with this DPA.

1.17 “Third Country” means any country, organization or territory not acknowledged by the European Union under Article 45 of GDPR as a safe country with an adequate level of data protection.

2. SCOPE AND APPLICABILITY

2.1 Applicability

2.1.1 This document (“DPA“)is incorporated into and forms part of an Agreement between DESARROLLOS INFORMATICOS SHM S.L. and Customer about DESARROLLOS INFORMATICOS SHM S.L. Services. For the purpose of this DPA, DESARROLLOS INFORMATICOS SHM S.L. Services are defined as Cloud Service, Services or DESARROLLOS INFORMATICOS SHM S.L. Support in the Agreement and are subject to its terms.

2.1.2 This DPA sets forth the terms and conditions related to the processing of Personal Data by DESARROLLOS INFORMATICOS SHM S.L. and its Subprocessors in connection with delivering DESARROLLOS INFORMATICOS SHM S.L. Services.

2.1.3 This DPA does not apply to non-production environments of the DESARROLLOS INFORMATICOS SHM S.L. Services made available by DESARROLLOS INFORMATICOS SHM S.L. Customer shall not store Personal Data in such environments.

2.2 Structure

Schedules 1 and 2 are incorporated into this DPA. They set out the agreed subject-matter, the nature and purpose of the processing, the type of Personal Data, categories of data subjects and the applicable technical and organizational measures.

2.3 Governance

2.3.1 DESARROLLOS INFORMATICOS SHM S.L. acts as a Processor and Customer and those entities that Customer permits to use the DESARROLLOS INFORMATICOS SHM S.L. Services act as Controllers under the DPA.

2.3.2 Customer acts as a single point of contact and shall obtain any relevant authorizations, consents and permissions for the processing of Personal Data in accordance with this DPA, including, where applicable approval by Controllers to use DESARROLLOS INFORMATICOS SHM S.L. as a Processor. Where authorizations, consent, instructions or permissions are provided by Customer these are provided not only on behalf of the Customer but also on behalf of any other Controller. Where DESARROLLOS INFORMATICOS SHM S.L. informs or gives notice to Customer, such information or notice is deemed received by those Controllers permitted by Customer to use the DESARROLLOS INFORMATICOS SHM S.L. Services or furnish Personal Data. Customer shall forward such information and notices to the relevant Controllers.

2.4 Obligations

2.4.1 DESARROLLOS INFORMATICOS SHM S.L. will Process Personal Information during the term of the Services Agreement solely for the purpose of:

a) providing the Services in accordance with the Services Agreement and this Data Processing Agreement.

b) documented instructions from Customer. The Agreement (including this DPA) constitutes such documented instructions.

2.4.2 DESARROLLOS INFORMATICOS SHM S.L. will use reasonable efforts to follow any additional reasonable Customer instructions, as long as technically feasible. If DESARROLLOS INFORMATICOS SHM S.L. will not comply with an instruction or is of the opinion that an instruction infringes Data Protection Law, DESARROLLOS INFORMATICOS SHM S.L. will immediately notify Customer (e-mail permitted).

2.4.3 In particular and depending on the Services, DESARROLLOS INFORMATICOS SHM S.L. may Process Personal Information for hosting and storage; backup and disaster recovery; service change management; issue resolution; applying new product or system versions, patches, updates and upgrades; monitoring and testing system use and performance; IT security purposes including incident management; maintenance and performance of technical support systems and IT infrastructure; and migration, implementation, configuration and performance testing.

2.4.4 As part of the provision of the Services and depending on the Services, DESARROLLOS INFORMATICOS SHM S.L. may Process Personal Information about Your Individuals, including Your end users, employees, job applicants, contractors, collaborators, partners, suppliers, customers and clients.

2.4.5 Personal Information about Your Individuals may include, but is not limited to, personal contact information such as name, home address, home telephone or mobile number, fax number, email address, and passwords; information concerning family, lifestyle and social circumstances including age, date of birth, marital status, number of children and name(s) of spouse and/or children; employment details including employer name, job title and function, employment history, salary and other benefits, job performance and other capabilities, education/qualification, identification numbers, and business contact details; financial details; goods and services provided; unique IDs collected from mobile devices, network carriers or data providers; geolocation data; IP addresses and online behaviour and interest data.

2.4.6 Unless otherwise specified in the Services Agreement, You may not provide DESARROLLOS INFORMATICOS SHM S.L. with any data that imposes specific data security or data protection obligations on DESARROLLOS INFORMATICOS SHM S.L. in addition to or different from those specified in the Data Processing Agreement or Services Agreement.

2.5 Processing on Legal Requirement

DESARROLLOS INFORMATICOS SHM S.L. may also process Personal Data where required to do so by applicable law. In such a case, DESARROLLOS INFORMATICOS SHM S.L. shall inform Customer of that legal requirement before processing unless that law prohibits such information on important grounds of public interest.

2.6 Personnel

To process Personal Data, DESARROLLOS INFORMATICOS SHM S.L. and its Subprocessors shall only grant access to authorized personnel who have committed themselves to confidentiality. DESARROLLOS INFORMATICOS SHM S.L. and its Subprocessors will regularly train personnel having access to Personal Data in applicable data security and data privacy measures.

2.7 Cooperation

2.7.1 At Customer’s request, DESARROLLOS INFORMATICOS SHM S.L. will reasonably cooperate with Customer and Controllers in dealing with requests from Data Subjects or regulatory authorities regarding DESARROLLOS INFORMATICOS SHM S.L.’s processing of Personal Data or any Personal Data Breach. If DESARROLLOS INFORMATICOS SHM S.L. receives a request from a Data Subject in relation to the Personal Data processing hereunder, DESARROLLOS INFORMATICOS SHM S.L. will promptly notify Customer (where the Data Subject has provided information to identify the Customer) via e-mail and shall not respond to such request itself but instead ask the Data Subject to redirect its request to Customer.

2.7.2 DESARROLLOS INFORMATICOS SHM S.L. is a Service Provider in respect to Personal Information processed in performance of the Services. DESARROLLOS INFORMATICOS SHM S.L. will not: (a) Sell or Share any Personal Information; (b) retain, use, or disclose any Personal Information (i) for any purpose other than for the Business Purposes specified in the Services Agreement, including for any Commercial Purpose, or (ii) outside of the direct business relationship between DESARROLLOS INFORMATICOS SHM S.L. and You; or (c) combine Personal Information received from or on behalf of You with Personal Information received from or on behalf of any third party, or collected from DESARROLLOS INFORMATICOS SHM S.L. ’s own interaction with Individuals, except to perform a Business Purpose that is permitted by the CCPA and the Services Agreement.

2.7.3 DESARROLLOS INFORMATICOS SHM S.L. will notify You of its use of Subprocessors in accordance with Section 3 of this Data Protection Agreement; and ensure Subprocessors are subject to applicable written agreements per Section 3 of this Data Protection Agreement. The parties acknowledge that the Personal Information You disclose to DESARROLLOS INFORMATICOS SHM S.L. is provided only for the limited and specified Business Purposes set forth in the Services Agreement. DESARROLLOS INFORMATICOS SHM S.L. shall provide the same level of protection to Personal Information as required by the CCPA and as more fully set out in the Agreement. You may take such reasonable steps as may be necessary (a) to remediate DESARROLLOS INFORMATICOS SHM S.L. ’s unauthorized use of Personal Information, and (b) to ensure that Personal Information is used in accordance with the terms of this Data Processing Agreement by exercising Your rights under Section 7 of this Data Processing Agreement. DESARROLLOS INFORMATICOS SHM S.L. shall notify You if it makes a determination that it is not able to meet its obligations under the CCPA in connection with its provision of the Services.

3. SUBPROCESSORS AND DESARROLLOS INFORMATICOS SHM S.L. AFFILIATES AND THIRD PARTY SUBPROCESSORS

3.1 You provide DESARROLLOS INFORMATICOS SHM S.L. general written authorization (including in electronic form) to engage DESARROLLOS INFORMATICOS SHM S.L. Affiliates and Third Party Subprocessors as necessary to assist in the performance of the Services.

3.2 DESARROLLOS INFORMATICOS SHM S.L. is granted a general authorization to subcontract the processing of Personal Data to Subprocessors, provided that:

a) DESARROLLOS INFORMATICOS SHM S.L. or DESARROLLOS INFORMATICOS SHM S.L. SE on its behalf shall engage Subprocessors under a written (including in electronic form) contract consistent with the terms of this DPA in relation to the Subprocessor’s processing of Personal Data. DESARROLLOS INFORMATICOS SHM S.L. shall be liable for any breaches by the Subprocessor in accordance with the terms of the Agreement;

3.3 To the extent DESARROLLOS INFORMATICOS SHM S.L. engages such Third Party Subprocessors and/or DESARROLLOS INFORMATICOS SHM S.L. Affiliates, it requires that such entities are subject to the same level of data protection and security as DESARROLLOS INFORMATICOS SHM S.L. under the terms of this Data Processing Agreement and Applicable Data Protection Law. You will be entitled, upon written request, to receive copies of the relevant privacy and security terms of DESARROLLOS INFORMATICOS SHM S.L. ’s agreement with any Third Party Subprocessors and DESARROLLOS INFORMATICOS SHM S.L. Affiliates that may Process Personal Information. DESARROLLOS INFORMATICOS SHM S.L. remains responsible for the performance of the DESARROLLOS INFORMATICOS SHM S.L. Affiliates’ and Third Party Subprocessors’ obligations in compliance with the terms of the Services Agreement.

3.4 DESARROLLOS INFORMATICOS SHM S.L. maintains lists of DESARROLLOS INFORMATICOS SHM S.L. Affiliates and Third Party Subprocessors that may Process Personal Information. These lists include the following DESARROLLOS INFORMATICOS SHM S.L. Affiliates and Third Party Subprocessors which are responsible of the compliance of the applicable privacy policy:

  • Affiliate/Partner: In some cases, in order to be able to provide our services and manage our relationship with You as a Customer, your personal data may be transferred to a SHM Affiliate or Partner.
  • Amazon Web Services: All the data needed to provide proper service is hosted on Amazon’s Datacentre located within the European Union.
  • Getresponse: Your personal data (name and email exclusively) will be hosted on the cloud-based software Getresponse for email marketing purposes.
  • Reviso Software:Your personal data related to billing data will be incorporated to the cloud-based software Reviso.
  • Holded Software: Your personal data related to to billing data will be incorporated to the cloud-based software Holded.
  • Google Analytics: Google Inc. analytical web service which stores information in regards to visits made to our web page in order to analyse that data.
  • Stripe: Payment platform, stores cards information.
  • Pabbly Subscriptions: Subscriptions management

3.5 To receive notice of any intended changes to these lists of DESARROLLOS INFORMATICOS SHM S.L. Affiliates and Third Party Subprocessors, You can consult the updated lists on DESARROLLOS INFORMATICOS SHM S.L. website, or DESARROLLOS INFORMATICOS SHM S.L. may send them to you by e-mail as necessary.

3.6 Within thirty (30) calendar days of DESARROLLOS INFORMATICOS SHM S.L. providing such notice to You under the previous Section, You may object to the intended involvement of a Third Party Subprocessor or DESARROLLOS INFORMATICOS SHM S.L. Affiliate in the performance of the Services by sending an email to info@brickcontrol.com. You and DESARROLLOS INFORMATICOS SHM S.L. will work together in good faith to find a mutually acceptable resolution to address such objection, including but not limited to reviewing additional documentation supporting the Third Party Subprocessor’s or DESARROLLOS INFORMATICOS SHM S.L. Affiliate’s compliance with the Data Processing Agreement or Applicable Data Protection Law, or delivering the Services without the involvement of such Third Party Subprocessor. To the extent You and DESARROLLOS INFORMATICOS SHM S.L. do not reach a mutually acceptable resolution within a reasonable timeframe, You shall have the right to terminate the relevant Services (i) upon serving thirty (30) days prior notice; (ii) without liability to You or DESARROLLOS INFORMATICOS SHM S.L. and (iii) without relieving You from Your payment obligations under the Services Agreement up to the date of termination.

4. DATA EXPORT AND DELETION

4.1 Export and Retrieval

4.1.1 If and to the extent DESARROLLOS INFORMATICOS SHM S.L. hosts Personal Data in a Cloud Service, during the Subscription Term of such Cloud Service and subject to the Agreement, Customer can access its Personal Data at any time.

4.1.2 Customer can request at any time via support ticket a data export and retrieve its Personal Data in a structured, commonly used and machine-readable format.

4.2 Deletion

4.2.1 Before the Subscription Term of the Cloud Service expires, Customer shall formally request as indicated above, one final data export which constitutes a final return of Personal Data from the Cloud Service.

4.2.2 At the end of the Agreement, Customer hereby instructs DESARROLLOS INFORMATICOS SHM S.L. to delete the Personal Data remaining with DESARROLLOS INFORMATICOS SHM S.L. (if any) within a reasonable time period in line with Data Protection Law (not to exceed 6 months), unless applicable law requires retention.

5. INTERNATIONAL PROCESSING

5.1 Conditions for International Processing

5.1.1 DESARROLLOS INFORMATICOS SHM S.L. shall be entitled to process Personal Data, including by using Subprocessors, in accordance with this DPA outside the country in which the Customer is located as permitted under Data Protection Law.

5.1.2 For Cloud Services, Personal Information will be stored in the data centre region specified in DESARROLLOS INFORMATICOS SHM S.L. GDPR

5.1.3 Without prejudice to Section 5.1.2 above, DESARROLLOS INFORMATICOS SHM S.L. may Process Personal Information globally as necessary to perform the Services, such as for support, incident management or data recovery purposes.

5.1.4 To the extent such global access involves a transfer of Personal Information subject to cross-border transfer restrictions under Applicable European Data Protection Law to countries outside Europe not covered by an adequacy decision, such transfers are subject to the terms of Module 2 (Controller to Processor) of the “EU Standard Contractual Clauses” 2021/914 of 4 June 2021.

6. SECURITY AND CONFIDENTIALITY

DESARROLLOS INFORMATICOS SHM S.L. has implemented and will maintain appropriate technical and organizational security measures for the Processing of Personal Information designed to prevent accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Information. These security measures govern all areas of security applicable to the Services, including physical access, system access, data access, transmission and encryption, input, data backup, data segregation and security oversight, enforcement and other security controls and measures.

7. CERTIFICATIONS AND AUDITS

7.1 DESARROLLOS INFORMATICOS SHM S.L. Resources

DESARROLLOS INFORMATICOS SHM S.L. provides Audit Reports and Certifications free of charge, online or upon request. Additional verifications that require DESARROLLOS INFORMATICOS SHM S.L. resources are limited and subject to the following Sections.

7.2 Limitations

7.2.1 If You engage a third party auditor, the third party must be mutually agreed to by You and DESARROLLOS INFORMATICOS SHM S.L. (except if such third party is a Regulator). DESARROLLOS INFORMATICOS SHM S.L. will not unreasonably withhold its consent to a third party auditor requested by You. The third party must execute a written confidentiality agreement acceptable to DESARROLLOS INFORMATICOS SHM S.L. or otherwise be bound by a statutory or legal confidentiality obligation.

7.2.2 To request an audit, You must submit a detailed proposed audit plan to DESARROLLOS INFORMATICOS SHM S.L. at least two weeks in advance of the proposed audit date. The proposed audit plan must describe the proposed scope, duration, and start date of the audit. DESARROLLOS INFORMATICOS SHM S.L. will review the proposed audit plan and provide You with any concerns or questions. DESARROLLOS INFORMATICOS SHM S.L. will work cooperatively with You to agree on a final audit plan within a reasonable timeframe.

7.2.3 You may also request that DESARROLLOS INFORMATICOS SHM S.L. audit a Third Party Subprocessor or provide confirmation that such an audit has occurred (or, where available, obtain or assist You in obtaining a third-party audit report concerning the Third Party Subprocessor’s operations) to verify compliance with the Third Party Subprocessor’s obligations.

7.2.4 Customer or its independent third party auditor (reasonably acceptable to DESARROLLOS INFORMATICOS SHM S.L. excluding any third party auditor who is either a competitor of DESARROLLOS INFORMATICOS SHM S.L. or not suitably qualified) may be permitted to conduct an audit under Sections 7.3 and 7.4. Customer shall provide at least 60 days advance notice of any audit unless mandatory Data Protection Law or a competent data protection authority requires shorter notice.

7.2.5 The frequency (not to exceed once every 12 months), timeframe and scope of any audit shall be mutually agreed between the parties acting reasonably and in good faith. Customer audits shall be limited to remote audits where possible. Customer shall provide the results of any audit to DESARROLLOS INFORMATICOS SHM S.L. Customer shall bear the costs of any Customer initiated audit unless DESARROLLOS INFORMATICOS SHM S.L. after reviewing the audit plan, requests any specific alteration to be made which implies that the Customer incurs additional expenses that weren’t included in the fees that had been originally stipulated by the auditor. If that were the case, then the parties will negotiate in good faith the expenses bear.

7.3 Cloud Services Customer Audit

7.3.1 Customer may audit DESARROLLOS INFORMATICOS SHM S.L. ‘s control environment and IT security practices relevant to Personal Data processed by DESARROLLOS INFORMATICOS SHM S.L. , that require DESARROLLOS INFORMATICOS SHM S.L. resources equivalent to a maximum of 3 business days if:

a) a Personal Data Breach has occurred; or

b) an audit is formally requested by Customer’s data protection authority or provided under mandatory Data Protection Law.

7.4 DESARROLLOS INFORMATICOS SHM S.L. Support and Services Customer Audit

7.4.1 DESARROLLOS INFORMATICOS SHM S.L. Support and Services Customer Audit Customer may audit DESARROLLOS INFORMATICOS SHM S.L. ‘s service and support delivery centers and IT security practices relevant to Personal Data processed by DESARROLLOS INFORMATICOS SHM S.L. that require DESARROLLOS INFORMATICOS SHM S.L. resources equivalent to a maximum of 1 business day if:

a) a Personal Data Breach has occurred; or

b) an audit is formally requested by Customer’s data protection authority or provided under mandatory Data Protection Law.

7.5 Other Controller Audit

Any other Controller may assume Customer’s rights under this Section 7 only if it applies directly to the Controller and such audit is permitted and coordinated by Customer. Customer shall use all reasonable means to combine audits of multiple other Controllers to avoid multiple audits.

Schedule 1 Description of the Processing

This Schedule 1 applies to describe the Processing of Personal Data for the purposes of the Standard Contractual Clauses (2010), New Standard Contractual Clauses and applicable Data Protection Law.

1. A. LIST OF PARTIES

1.1. Under the Standard Contractual Clauses (2010)

1.1.1. Data Exporter

The data exporter is the Customer who has concluded the Agreement with DESARROLLOS INFORMATICOS SHM S.L. for the provision of DESARROLLOS INFORMATICOS SHM S.L. Services as further described under the relevant Agreement. The data exporter allows other Controllers to also use the DESARROLLOS INFORMATICOS SHM S.L. Service, these other Controllers are also data exporters.

1.1.2. Data Importer

1.1.2.1. In respect of Cloud Services

DESARROLLOS INFORMATICOS SHM S.L. and its Subprocessors that provide and support the Cloud Service are data importers under the Standard Contractual Clauses (2010).

1.1.2.2. In respect of other DESARROLLOS INFORMATICOS SHM S.L. Services

DESARROLLOS INFORMATICOS SHM S.L. and its Subprocessors provide the DESARROLLOS INFORMATICOS SHM S.L. Service as defined under the relevant Agreement concluded by the data exporter that includes Standard Contractual Clauses (2010) are data importers.

1.2. Under the New Standard Contractual Clauses

1.2.1. Module 2: Transfer Controller to Processor

Where DESARROLLOS INFORMATICOS SHM S.L. is located in a Third Country, Customer is the Controller and DESARROLLOS INFORMATICOS SHM S.L. is the Processor, then Customer is the data exporter and DESARROLLOS INFORMATICOS SHM S.L. is the data importer.

1.2.2. Module 3: Transfer Processor to Processor

Where DESARROLLOS INFORMATICOS SHM S.L. is located in a Third Country, Customer is a Processor and DESARROLLOS INFORMATICOS SHM S.L. is a Processor, then Customer is the data exporter and DESARROLLOS INFORMATICOS SHM S.L. is the data importer.

2. B. DESCRIPTION OF TRANSFER

2.1. Data Subjects

Unless provided otherwise by the data exporter, transferred Personal Data relates to the following categories of Data Subjects: employees, contractors, Business Partners or other individuals having Personal Data stored, transmitted to, made available to, accessed or otherwise processed by the data importer.

2.2. Data Categories

The transferred Personal Data concerns the following categories of data:

Customer determines the categories of data and/or data fields which could be transferred per DESARROLLOS INFORMATICOS SHM S.L. Service as stated in the relevant Agreement. For Cloud Services, Customer can configure the data fields during implementation of the Cloud Service or as otherwise provided by the Cloud Service. The transferred Personal Data typically relates to the following categories of data: name, phone numbers, e-mail address, address data, system access / usage / authorization data, company name, contract data, invoice data, plus any application specific data transferred or entered into the DESARROLLOS INFORMATICOS SHM S.L. Service by Authorized Users and may include financial data such as bank account data, credit or debit card data.

2.3. Special Data Categories (if agreed)

2.3.1. The transferred Personal Data may comprise special categories of personal data set out in the Agreement (“Sensitive Data”). DESARROLLOS INFORMATICOS SHM S.L. has taken Technical and Organizational Measures as set out in Schedule 2 to ensure a level of security appropriate to protect also Sensitive Data.

2.3.2. The transfer of Sensitive Data may trigger the application of the following additional restrictions or safeguards if necessary to take into consideration the nature of the data and the risk of varying likelihood and severity for the rights and freedoms of natural persons (if applicable):

a) training of personnel;

b) encryption of data in transit and at rest ;

c) system access logging and general data access logging.

2.3.3. In addition, the Cloud Services provide measures for handling of Sensitive Data as described in the Documentation.

2.4. Purposes of the data transfer and further processing; Nature of the processing

2.4.1. For Cloud Services

2.4.1.1. The transferred Personal Data is subject to the following basic processing activities:

a) use of Personal Data to set up, operate, monitor and provide the Cloud Service (including operational and technical Support);

b) continuous improvement of service features and functionalities provided as part of the Cloud Service including automation, transaction processing and machine learning;

c) provision of Consulting Services;

d) communication to Authorized Users;

e) storage of Personal Data in dedicated Data Centers (multi-tenant architecture);

f) release, development and upload of any fixes or upgrades to the Cloud Service;

g) back up and restoration of Personal Data stored in the Cloud Service;

h) computer processing of Personal Data, including data transmission, data retrieval, data access;

i) network access to allow Personal Data transfer;

j) monitoring, troubleshooting and administering the underlying Cloud Service infrastructure and database;

k) security monitoring, network-based intrusion detection support, penetration testing; and

l) execution of instructions of Customer in accordance with the Agreement.

2.4.1.2. The purpose of the transfer is to provide and support the Cloud Service. DESARROLLOS INFORMATICOS SHM S.L. and its Subprocessors may support the Cloud Service data centres remotely. DESARROLLOS INFORMATICOS SHM S.L. and its Subprocessors provide support when a Customer submits a support ticket as further set out in the Agreement.

2.4.2. For other DESARROLLOS INFORMATICOS SHM S.L. Services

The transferred Personal Data is subject to the basic processing activities as set out in the Agreement which may include:

a) accessing systems containing Personal Data in order to provide DESARROLLOS INFORMATICOS SHM S.L. Support and Services;

b) use of Personal Data to provide the DESARROLLOS INFORMATICOS SHM S.L. Service;

c) continuous improvement of service features and functionalities provided as part of the DESARROLLOS INFORMATICOS SHM S.L. Service including automation, transaction processing and machine learning;

d) storage of Personal Data;

e) computer processing of Personal Data for data transmission;

f) execution of instructions of Customer in accordance with the Agreement;

2.4.3. For DESARROLLOS INFORMATICOS SHM S.L. Support: DESARROLLOS INFORMATICOS SHM S.L. or its Subprocessors provide support when a Customer submits a support ticket because the Software is not available or not working as expected. They answer phone calls and perform basic troubleshooting, and handle support tickets in a tracking system.

2.4.4. For Services: DESARROLLOS INFORMATICOS SHM S.L. or its Subprocessors provide Services subject to the Order Form Services and the applicable Scope Document.

2.5. The purpose of the transfer is to provide and support the relevant DESARROLLOS INFORMATICOS SHM S.L. Service. DESARROLLOS INFORMATICOS SHM S.L. and its Subprocessors may provide or support the DESARROLLOS INFORMATICOS SHM S.L. Service remotely.

2.6. The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis):

Personal Data will be transferred on an ongoing basis for the duration of the Agreement.

2.7. The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period:

Personal Data will be retained by DESARROLLOS INFORMATICOS SHM S.L. as set out in Section 4 above.

2.8. For transfers to (sub-) processors, also specify subject matter, nature and duration of the processing:

DESARROLLOS INFORMATICOS SHM S.L. will transfer Personal Data to Subprocessors as stated in the applicable List of Subprocessors for the duration of the Agreement.

3. C. COMPETENT SUPERVISORY AUTHORITY

3.1. In respect of the New Standard Contractual Clauses:

3.1.1. Module 2: Transfer Controller to Processor

3.1.2. Module 3: Transfer Processor to Processor

3.2. Where Customer is the data exporter, the supervisory authority shall be the competent supervisory authority that has supervision over the Customer in accordance with Clause 13 of the New Standard Contractual Clauses.

Schedule 2 Technical and Organizational Measures

This Schedule 2 applies to describe the applicable technical and organizational measures for the purposes of the Standard Contractual Clauses (2010), New Standard Contractual Clauses and applicable Data Protection Law.

DESARROLLOS INFORMATICOS SHM S.L. will apply and maintain the Technical and Organizational Measures.

To the extent that the provisioning of the Cloud Service comprises New SCC Relevant Transfers, the Technical and Organizational Measures set out in Schedule 2 describe the measures and safeguards which have been taken to fully take into consideration the nature of the personal data and the risks involved. If local laws may affect the compliance with the clauses, this may trigger the application of additional safeguards applied during transmission and to the processing of the personal data in the country of destination (if applicable: encryption of data in transit, encryption of data at rest, anonymization, pseudonymization).

info@brickcontrol.com

+1 929 229 1249

Contact us

Support

Sign in

Follow us:

Our software

Product

Our technology

Integrations

Success Stories

Awards

Partners

Distributors

Affiliate program

Universities and training centers

Associated Companies

Help and Support

Support

Online courses

Personalized training

Consultancy

API - Web Services REST

TeamViewer connection 1

TeamViewer connection 2