Data Processing Agreement
| Navn | Tjeneste | Formål | Jurisdiktion | Privatlivspolitik |
|---|---|---|---|---|
| CookieConsent™ (AWORK CMP) | Samtykkestyring (Consent Management) | Overholdelse af GDPR og dokumentation af samtykke | EU | Privatlivspolitik |
| Hetzner Online GmbH | Serverhosting og datastyring | Primær hostingpartner - data lagres krypteret på ISO 27001-certificerede servere i Falkenstein, Tyskland (EU) | EU | Privatlivspolitik |
| Cloudflare Inc. | CDN & sikkerhed | Optimering, hjemmesidesikkerhed og indlæsningstid | EU, USA, Singapore, Australien, UAE | Privatlivspolitik |
| Google Ireland Limited | Google Analytics | Analyse og marketing | EU, USA, Singapore, Chile, Taiwan | Privatlivspolitik |
| Google Ireland Limited | Google Fonts | Visning og levering af skrifttyper | EU, USA, Singapore, Taiwan, Chile | Privatlivspolitik |
| Google LLC | Google Maps | Kortintegration og visning af geografisk placering | EU, USA, Singapore, Taiwan, Chile | Privatlivspolitik |
| Google Ireland Limited | Google Tag Manager | Tagadministration og scriptstyring | EU, USA, Singapore, Taiwan, Chile | Privatlivspolitik |
Agreement on data processing
This data processing agreement forms the basis for how AWORK ONE handles personal data on behalf of our customers. The agreement comes into force when the customer registers as a user of our services.
This data processing agreement is established in accordance with Article 28, paragraph 3 of Regulation (EU) 2016/679 of the European Parliament and of the Council (“GDPR”) to regulate Awork One’s processing of personal data on behalf of you as a customer.
The agreement is concluded between:
Data controller:
[Company name, address and CVR number]
Contact person:
[Contact person and contact information]
Data processor:
AWORK ONE v/ AWORK INNOVATE A/S
Queen Olgas Road 2, 1st Floor
2000 Frederiksberg
CVR: 34725845
In the following, the parties are referred to as “the data controller” and “the data processor” respectively. Collectively, they are referred to as the “parties”.
1. Purpose and basis
1.1 Concepts such as “personal data,” “special categories of personal data,” “data processing,” “the data subject,” “data controller” and “data processor” must be understood in accordance with the definitions in the GDPR.
1.2 This agreement aims to ensure compliance with applicable data protection legislation and document the data controller’s instructions to the data processor. The processing of personal data is carried out to support the data controller’s use of Awork One’s software solution, as described in more detail in our terms and conditions.
1.3 This agreement specifies the parties’ responsibilities and obligations when processing personal data, where Awork One acts on behalf of the data controller.
1.4 The agreement takes precedence in the event of a conflict with other conditions relating to the processing of personal data between the parties. The agreement applies as long as the data controller uses Awork One’s software.
1.5 Nothing in this Agreement shall exempt the Data Processor from the duties imposed under applicable data protection law.
2. Duties and rights of the data controller
2.1 The data controller must ensure that all processing of personal data in connection with the use of Awork One’s software solution takes place in accordance with GDPR article 24 and other relevant EU or national legislation and this agreement.
2.2 The data controller has the exclusive right to make decisions about the purposes and means for the processing of personal data, including what is processed and entered in the AWORK ONE’s system.
2.3 It is the responsibility of the data controller to ensure that there is a legal basis for the processing and sharing of personal data carried out by the data processor, including to any subcontractors used by the data processor and is specified in the overview in force at any time.
2.4 The data controller is responsible for ensuring that the personal data processed by the data processor is precise, reliable and legally collected.
2.5 The data controller must ensure that all necessary permits and notification requirements for relevant authorities are met in relation to the processing of personal data.
2.6 It is the responsibility of the data controller to inform the data subjects about the processing of their personal data in accordance with applicable data protection legislation.
2.7 The data controller declares that AWORK ONE has implemented appropriate technical and organizational security measures to protect the data subjects’ rights and data.
3. Processing in accordance with instructions
3.1 The data processor may only process personal data in accordance with documented instructions from the data controller, unless otherwise required in accordance with EU or national legislation. By entering into this agreement, the data controller instructs the data processor to process personal data in the following ways:
3.1.1 in accordance with applicable legislation;
3.1.2 to fulfill obligations under Awork One’s conditions for use of the system;
3.1.3 as described in more detail in this Agreement.
3.2 If an instruction from the data controller is deemed to be in breach of applicable data protection legislation, the data processor must immediately notify the data controller.
4. Safety of treatment
4.1 The data processor must maintain a high level of security by implementing relevant organizational, technical and physical security measures.
4.2 Access to personal data may only be granted to persons subject to confidentiality obligations and only to the extent necessary to fulfill this agreement. The confidentiality obligation also applies after the end of the agreement.
4.3 AWORK ONE has introduced several security measures which include:
4.3.1 Carrying out regular risk assessments to ensure that technical and organizational measures are sufficient;
4.3.2 Encryption of personal data by transmission over the Internet;
4.3.3 Training of employees in data protection and IT security;
4.3.4 Limitation of access to personal data to only the relevant persons;
4.3.5 Control systems to identify and report security breaches;
4.3.6 Continuous tests of systems and procedures to maintain safety.
5. Using Sub-Data Processors
5.1 This agreement constitutes the general written authorization of the data controller for the use of sub-processors, including both within and outside the EU/EEA – provided that the transfer is made with the necessary guarantees in accordance with GDPR Chapter V (e.g. the EU Commission’s standard contractual clauses). Today, AWORK ONE only uses data processors with server locations in the EU/EEA, and if the server location changes, the data controller is informed in advance.
5.2 AWORK ONE ensures that sub-processors comply with the same obligations as those specified in this agreement. The data controller must be informed at least 30 days before a new sub-processor is put into use, with the right to object if data protection legislation is not complied with. If no agreement can be reached, the data controller can cancel his subscription at short notice.
6. Transfer to third countries
6.1 Any transfer of personal data to a third country or an international organization must be based on a valid transfer basis, such as EU standard contractual clauses (SCC’s).
7. Assistance to the data controller
7.1 The data processor assists the data controller in ensuring compliance with the data protection regulation, including processing security, notification of data breaches and compliance with the data subjects’ rights.
7.2 The data processor may not answer inquiries from data subjects without permission from the data controller, and does not pass on information without a legal obligation.
8. Data breach notification
8.1 The data processor must immediately notify the data controller of security breaches involving personal data so that the data controller can fulfill his obligations in relation to the data protection regulation.
9. Returning and deleting data
9.1 Upon termination of the subscription, the data controller can have his data delivered. The data processor will then delete or anonymize all personal data in accordance with applicable regulations.
10. REVIEW AND INSPECTION
10.1 The data controller has the right to audit the data processor’s compliance with this agreement. AWORK ONE will cooperate with any audits and provide necessary documentation.
11. The duration of the agreement
11.1 This Agreement is valid as long as AWORK ONE processes personal data on behalf of the data controller.
12. Changes to the Agreement
12.1 Changes to this Agreement will be notified 30 days before entry into force. Continued use of Awork One’s services after changes is considered acceptance of the new terms.
13. Responsibilities
13.1 Liability in connection with violation of this agreement is regulated by AWORK ONE’s general terms and conditions.
14. Choice of law and venue
14.1 This agreement is subject to Danish law, and any dispute must be settled by the Court in Helsingør.
Appendix A – Categories of personal data
A. Personal data that can be processed includes, among other things:
- Name
- Title
- phone number
- Address
- other relevant information.
Appendix B – Sub-processors
AWORK ONE uses several sub-data processors to provide our services. We make sure to have valid agreements with all sub-processors to secure your data in the best possible way.
Contact us on support@aworkone.dk, if you have any questions about our use of sub-processors.