In DecideAct we sign a data processing agreement (DPA) with all our customers, in which the rights of our customers concerning the protection of personal data are stated. As part of DecideAct‘s (the Data Processor’s) services to its Customers (Data Controllers), DecideAct processes data relating to employees of DecideAct‘s customers (DecideAct‘s users).
The DPA will for example inform you about:
- Personal data and data processing such as which data DecideAct processes on behalf of its customers, for which purpose and which activities the processing of the Personal Data includes.
- Instructions and confidentiality regarding handling of the user‘s data, such as notifying the customer without undue delay after becoming aware of a personal data breach and follow the procedures in Article 33 of the EU Regulation 2016/679 on General Data Protection (“GDPR”).
- Security to protect the Personal Data, the Data Processor must implement appropriate technical and organisational measures in such a manner that the processing meets the requirements set out in the GDPR. Such measures are determined and adjusted on a regular basis with due consideration for the current technical level, expenses, and the nature, scope, context and purposes of the processing and the risks to the rights of natural persons, cf. Article 32 of the GDPR.
- Sub-processors in accordance with Article 28 of the GDPR, e.g. regarding information requirements (including list of sub-processors) and integrations with third Party Services.
- Assistance to the Data Controller by DecideAct to ensure that all obligations under Art. 32-36 of the GDPR and other applicable data protection and information security legislation are met, i.e. security measures, notification of supervisory authorities, notification of individuals, preparation of data protection impact assessments and prior consultation of the supervisory authorities.
- Availability of information in order to demonstrate compliance, audits etc.
- And other information on how DecideAct ensures compliance of the EU Regulation 2016/679 on General Data Protection (“the GDPR”)
For detailed information on the rights of DecideAct‘s customers concerning the protection of personal data handling subject to the General Data Protection Regulation (the „GDPR“), please read the Data Processing Agreement which is annexed to DecideAct‘s Terms and Conditions.
In our Terms and Conditions, we also describe our data processor role and the personal data that we store.