Measures for allowing data portability and ensuring erasure. Encryption of Subscriber Data in transit across external untrusted networks when using Domo APIs and services utilizing industry standard cryptography and key management practices; • Where technically enforced, encryption of Subscriber Data and back-ups of Subscriber Data at rest utilizing industry standard cryptography and key management practices; • Encryption of authentication credentials at rest utilizing industry standard cryptography and key management practices. For transfers to Sub-processors, Domo, as processor, requires that its Sub-processors take appropriate technical and organizational measures to assist the controller and data exporter in protecting the security, confidentiality and integrity of Personal Data uploaded to the Services as follows:
Measures for allowing data portability and ensuring erasure. ○ Lxxxx does not have procedures to facilitate data portability requests from data subjects. Lixte does not have this level of data.
Measures for allowing data portability and ensuring erasure. Pleo will provide assistance to the Customer as may reasonably be required under Applicable Data Protection Laws to respond to requests from individuals to exercise their rights under Applicable Data Protection Laws (e.g., rights of data access, rectification, erasure, restriction, portability and objection). For transfers to (sub-) processors, also describe the specific technical and organisational measures to be taken by the (sub-) processor to be able to provide assistance to the controller and, for transfers from a processor to a sub-processor, to the data exporter When Pleo engages a sub-processor under this Agreement, Pleo and the sub-processor enter into an agreement with data protection terms substantially similar to those contained herein. Each sub-processor agreement must ensure that Pleo is able to meet its obligations to the Customer. In addition to implementing technical and organisational measures to protect personal data, sub-processors must a) notify Pleo in the event of a Security Incident so Pleo may notify the Customer; b) delete data when instructed by Pleo in accordance with the Customer’s instructions to Pleo; c) not engage additional sub-processors without authorization; d) not change the location where data is processed; or e) process data in a manner which conflicts with the Customer’s instructions to Pleo SCHEDULE 4 SUB-PROCESSORS LIST Last updated: On commencement of the Agreement, the data controller authorises the engagement of the following sub-processors: Entity Description Location Amazon Web Services Hosting services EU data center Enfuce Payment processing EU data center Hubspot Inc. Customer Relationship Management system US based Intercom Inc. Customer support system US based G-suite, Google Inc. Cloud computing / email domain provider US based Segment Inc. Analytics functionalities US based Slack Inc. Internal communication US based Pleo Financial Services A/S Processing for compliance with legal obligations (AMLD) and delivering the product EU Pleo Technologies LTD Provision of the Pleo services in the local market UK Pleo Technologies GmbH Provision of the Pleo services in the local market EU Pleo Technologies AB Provision of the Pleo services in the local market EU Pleo Technologies SL Provision of the Pleo services in the local market EU
Measures for allowing data portability and ensuring erasure. Encryption of Subscriber Personal Data in transit across external untrusted networks when using Domo APIs and services utilizing industry standard cryptography and key management practices; • Where technically enforced, encryption of Subscriber Personal Data and back-ups of Subscriber Personal Data at rest utilizing industry standard cryptography and key management practices; • Encryption of authentication credentials at rest utilizing industry standard cryptography and key management practices.
Measures for allowing data portability and ensuring erasure. The Processor must be able to support Controller to fulfil its obligations about data portability as described in GDPR. The Processor shall have documented and implemented procedures to ensure that all Processor storage media devices are securely erased or physically destroyed by using generally accepted methods (e.g. NIST SP 800-88 guidelines for Media Sanitization) for secure information removal. ………………………………….. ANNEX IV List of sub-processors The Processor has been authorised by Controller to use the followingsubprocessors. Additions and/or changes to this list are regulated in the DPA including Annex 1 clause 7.7 (a):
