Sub-processor. For the purposes of this Agreement, the term “Sub-processor” (sometimes referred to as the “Subcontractor”) means a party other than LEA or Provider, who Provider uses for data collection, analytics, storage, or other service to operate and/or improve its software, and who has access to PII.
Sub-processor. 4.1 The Controller expressly authorizes the use of the services of sub-processors by the Processor in the performance of the Data Processing operations. The sub-processors listed in Annex ./1 shall be deemed to have been approved at the time of conclusion of the contract.
Sub-processor. 1. The Client hereby grants the Supplier general permission to involve third parties in the execution of the obligations under this Processing Agreement, to act on behalf of Supplier as well as to transfer all or part of the Processing Activities to Sub-processors (each a ‘Sub-Processor’).
Sub-processor any third Party appointed to process Personal Data on behalf of the Supplier related to this Contract.
Sub-processor. 3.1 Customer authorizes Reveal to use sub-Processors to carry out the Customer Data Processing activities on behalf of Customer that are strictly necessary for the performance of the Contract.
Sub-processor. The natural or legal person / processor, which is hired by the Processor to carry out processing activities on behalf of the Controller.
Sub-processor a data processor that is called in by the Processor and who declares that he is willing to provide Personal Data of the Processor under the conditions of a written sub-processing agreement;
Sub-processor. The Publisher acknowledges that the Company may transfer Personal Data to and otherwise interact with third party data processors (“Sub-Processor”). Publisher hereby, authorizes the Company to engage and appoint such Sub-Processors to Process Personal Data, as well as permits each Sub- Processor to appoint a Sub- Processor on its behalf. The Company may, continue to use those Sub- Processors already engaged by the Company (as detailed in Schedule 2) and the Company may, engage an additional or replace an existing Sub-Processor to process Personal Data provided that it notifies the Publisher. The Company shall, where it engages any Sub-Processor impose, through a legally binding contract between the Company and Sub-Processor, data protection obligations no less onerous than those set out in this DPA on the Sub-Processor, in particular providing sufficient guarantees to implement appropriate technical and organizational measures in such a manner that the processing will meet the requirements of the GDPR.
Sub-processor another processor, including but not limited to group companies, sister companies, subsidiaries and auxiliary suppliers, engaged by the Processor to support the performance of the Agreement.
Sub-processor. For transfers to Sub-processors, specify subject matter, nature and duration of the processing: as set out at xxxxx://xxx.xxxx.xx/sub-processors. SCHEDULE 2 Technical and Organisational Measures Description of the technical and organisational security measures implemented by the data importer / Heap (including any relevant certifications) to ensure an appropriate level of security, taking into account the nature, scope, context and purpose of the processing, as well as the risks for the rights and freedoms of natural persons. Pseudonymisation and Encryption, Art. 32 para 1 point a GDPR Pseudonymisation contains measures that enable one to process personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that this additional information is stored separately, and is subject to appropriate technical and organisational measures. Encryption contains measures that enable one to convert clearly legible information into an illegible string by means of a cryptographic process. ● The Heap system does not intrinsically capture directly identifying information; all data is highly pseudonymous behind opaque IDs. IP addresses are the most identifiable attributes, but they can be dropped through configuration. All actual direct identification is added to the system through customer opt-in enrichment mechanisms, like explicit API Identification calls, or optional third-party integrations. ● All data is end-to-end encrypted in-transit to Heap’s internet-facing APIs and the web application using TLS 1.2 or higher. Data at rest is secured with SSE-S3 using AES-256. The ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services, Art. 32 para 1 point b GDPR Confidentiality and integrity are ensured by the secure processing of personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage. Confidentiality and physical access control measures are designed to prevent unauthorised persons from gaining access to data processing systems with which personal data are processed or used. Heap uses AWS to host its service and relies on AWS to maintain physical security of its data centers. Heap does not host any production infrastructure outside AWS, notably including Heap offices. System/Electronic access control measures are designed to prevent data process...
