“The Data controller”: The Client
”The Data Processor”: Eazyproject A/S, Stændertorvet 4 1. sal, 4000 Roskilde, CVR-nr. 27660606
“Data Processing Agreement”: This agreement with any appendices and any later changes or additions
“Sub-Data Processor”: Any Data Processor such as the Data Processor, with the consent of the Data Controller, processes personal data of the Data Controller
“Sub-Processor Agreement”: An agreement between the Data Processor and the Sub-Processor for the processing of data belonging to the Data Controller.
The Data Processing Agreement is an integral part of the parties’ contractual relations, which deals with the storage of data for project management and time registration in the EazyProject system. Data is stored on servers located in data centers with primary location in Glostrup, Ballerup and Taastrup.
3.1 The Data Processor guarantees that the Data Protection Act (Act No 502 of 23 May 2018) implementing the Personal Data Regulation (Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016), and – where relevant – that Order 528 of June 15, 2000 on security measures for the protection of personal data processed by the public administration will be complied with.
3.2 The Data Processor further guarantees that any. later changes of The Data Protection Act, the Personal Data Regulation and / or Executive Order No. 528 of 15 June 2000 will be complied with.
4.1 The Data Processor acts solely on the instructions of the Data Controller, Appendix A, and is therefore not responsible for the data that the Data Controller enters into the system is legally obtained under the Personal Data Act, the Act replacing this or the Personal Data Regulation or that the rules for processing information, including disclosure, in the Personal Data Act, Law replacing this or the Personal Data Regulation is complied with.
4.2 The Data Processor may not make decisions relating to the personal data that the Data Controller has left to the Data Processor, and for example, the Data Processor cannot, without the prior consent of the Data Controller, delete, disclose or disclose personal data to a third party.
4.3 However, the Data Processor is entitled to disclose information in the following cases without the consent of the Data Controller:
5.1 The Data Processor makes the following statements regarding the processing of personal data for the Data Controller:
6.1 At the request of the Data Controller, the Data Processor will provide sufficient information for the Data Controller to check whether the above technical and organizational security measures have been taken or not.
6.2 Each year, the Data Processor will submit a statement to the Data Controller documenting that the Data Processor and any sub-processors meet the requirements of the Data Processing Agreement for security measures. The statement will be prepared on behalf of the Data Processor by an independent third party.
6.3 If the Data Controller wishes to inspect the parts of the Data Processor or any other data. under sub-processor systems and facilities relating to the data controller’s data, the data processor must give the data controller access to conduct this inspection. However, it is a prerequisite for this inspection that the Data Controller must submit to the Data Processor a description of the systems and data that the Data Controller wishes to view 14 days prior to the inspection. It is a prerequisite that the desired inspection can be carried out in such a way that the Data Processor may. subcomputers can maintain normal operation and if this fails to do so the request for inspection may be rejected.
The Data Controller will bear all costs for the requested inspection itself.
6.4 To the extent that the Data Processor’s possible sub-data processor, such as Google, Microsoft or other similar worldwide corporations does not give access to an inspection, this must be accepted by the Data Controller.
6.5 The Data Processor will, as soon as possible, forward any request regarding the data subjects’ rights to the Data Controller, in addition the Data Processor will assist the Data Controller in responding to any request regarding the data subject’s rights.
6.6 In the event that the Data Processor is met with a third party claim on the basis of the Data Processor’s processing of personal data pursuant to the Data Processor Agreement, the Data Processor will submit this requirement to the Data Controller without undue delay.
6.7 The Data Processor will inform the Data Controller in writing immediately after becoming aware of any disruptions, suspected data breach rules or other irregularities in the processing of personal data. In the case of data breaches, the information must contain as a minimum information on the nature of the breach detected, the categories of persons (data subjects) covered and the number, and the measures taken by the Data Processor in connection with the breach that was found. The Data Processor is required to provide reasonable assistance to the Data Protection Officer in connection with notifications of security breaches to the Data Inspectorate and the data subjects.
7.1 The Data Controller grants the Data Processor consent to the use of sub-data processors, provided that the conditions set out in the Agreement are met.
7.2 Appendix B shows the sub-processor (s) The data processor uses at the conclusion of the agreement. If the Data Processor plans to change the sub-processor / sub-processor, the Data Processor will notify the Data Controller at 5 weeks’ notice. If the Data Controller does not object, the new sub-processor (s) shall be considered as approved by the Data Controller.
7.3 If the Data Processor, with the consent of the Data Controller, discloses personal data covered by the Data Processing Agreement to a third party in order for a third party to process the data on behalf of the Data Processor, the Data Processor must enter into an agreement between the Data Processor and a third party – a sub-processor agreement in the Data Processor agreement with the sub processor. .
7.4 In the event that the Data Processor enters into a Sub-Processor Agreement with a foreign Sub-Processor, the Processor will ensure that this Sub-Processor Agreement states that the Data Protection Officer’s country’s data protection law applies to the foreign Sub-Processor. If the receiving Sub-Processor is established within the EU, the Processor shall ensure that the said Sub-Processor Agreement specifies that the receiving EU Member State’s specific regulatory requirements regarding Data Processor must be complied with.
7.5 The data processor will not use sub-data controllers established outside the EU without explicit consent.
8.1 The Agreement enters into force when both parties have signed the Agreement
8.2 In the event of termination of the agreement regarding project management and time registration in the system EazyProject terminates this agreement at the same time. However, the Data Processor is required by the Data Processor Agreement as long as the Data Processor processes personal data on behalf of the Data Controller.
8.3 Upon termination of the Agreement, the Data Processor will immediately return all personal data processed on behalf of the Data Controller or if the Data Controller gives written instructions in this regard to delete the information.
9.1 The Data Processing Agreement is governed by Danish law and any conflict arising from the agreement must be dealt with by the Court in Roskilde.
In connection with the Data Processor processing the Personal Data on behalf of the Data Controller, the Data Controller gives instructions on the Processing of the following Personal Data for the following purposes:
The categories of the data subjects may be adjusted from time to time, to the extent that such Processing and Purpose may be included in the general description.
(i) Data subjects: Employees, including former employees
Description of the categories of Personal Information associated with each category of the Registered.
(i) Name, Standard Time, All Absence (maternity leave, sick leave, walk-off, etc.),
Salary / employee no., Vacation (holiday-free, day of care, etc.) Working hours (used hours worked by assignments), employee expenses (allowance)
The following persons at the Data Processor have access to the Personal Data:
If cooperation is terminated, the Customer’s system and data will be deleted.
Backup of data will be included as part of the total system backup and will be able to be restored for payment and only at the request of the Data Controller for up to one year after the termination of cooperation. Backup data is stored for up to one year.
Sub-Processors Processing Personal Data covered by the Agreement and scope and purpose:
Company name, CVR no. address, contact information and contact information on any DPO (if applicable).
Scope and purpose of the Treatment.
Sentia Danmark A/S, Cvr. 10008123,
Lyskær 3, 2730 Herlev. Kennet La Cour
Networking, Physical servers, Backup, Internet connection, Operation of basic software / system