AGREE TO THE FOLLOWING:
The terms that are taken from Art. 4 of the General Data Protection Regulation (GDPR) and are used in this Data Processing Agreement have the same meaning. In addition, the following terms have the following meaning:
Details of the Processing of Personal Data:
Data Processing in short:
By clicking on our cookie banner the following information will be shared with CookieFirst:
1 Anonymizing IP addresses by removing the last octet of the address and replacing it with “0”.
2 Saving this data is needed to be able to show the banner in EU countries only and for CCPA-compliance by using GEO-templating
3 ibid, 2
The Processor has sub-contracted (part of) the processing of the Personal Data to the following Sub-Processors:
Location of processing activities
Purposes of processing
OVH BV, The Netherlands
Germany / France
Providing API for saving consent data.Providing hosting services for the Cookies First website and applicationsStorage of CDN log data
Artia International S.R.L. (IP-API)
Used by our API to determine country and region enhancing consent data and provide additional banner configurations based on country/region.
BunnyWay d.o.o., Slovenia
Provider of Content Delivery Network (CDN) ensuring global performance of the cookie banner.
Mailgun Technologies Inc., USA
Used by our system to send email notifications to customers. Used in registration processes, change password activities and marketing emails. No end user data is processed here.
Zendesk Inc, USA
Provider of support ticket system, No end user data is sent to this service. We only share your email and name when you send a support request. No end user data is processed here.
Technical and Organizational Measures concerning GDPR
This document outlines the technical and organizational measures taken by Digital Data Solutions BV to prevent loss of Personal Data or any form of unlawful processing, regarding Data from the Controller that is being saved to servers of Digital Data Solutions BV by using our software.
Data Management Policy
Digital Data Solutions BV classifies Data and information systems in accordance with legal requirements, sensitivity, and business criticality in order to ensure that information is given the appropriate level of protection. Data owners are responsible for identifying any additional requirements for specific Data or exceptions to standard handling requirements. Information systems and applications shall be classified according to the highest classification of Data that they store or process.
To help Digital Data Solutions BV and its employees easily understand requirements associated with different kinds of information, the company has created three classes of Data.
Highly sensitive Data requires the highest levels of protection; access is restricted to specific employees or departments, and these records can only be passed to others with approval from the Data owner, or a company executive. Examples include:
Digital Data Solutions BV proprietary information requiring thorough protection; access is restricted to employees with a “need-to-know” based on business requirements. This Data can only be distributed outside the company with approval. This is default for all company information unless stated otherwise. Examples include:
Documents intended for public consumption which can be freely distributed outside Digital Data Solutions BV. Examples include:
Confidential Data should be labeled “confidential” whenever paper copies are produced for distribution.
Confidential Data Handling
Confidential Data is subject to the following protection and handling requirements:
Restricted Data Handling
Restricted Data is subject to the following protection and handling requirements:
Public Data Handling
No special protection or handling controls are required for public Data. Public Data may be freely distributed.
This part briefly summarises the technical measures taken to ensure the Data is kept private and to prevent loss of Data.
SOC 1 Type II
SOC 2 Type II
Personal Data security
The Processor will at least take the following security measures:
Separation of Development, Staging and Production Environments
Development and staging environments shall be strictly segregated from production SaaS environments to reduce the risks of unauthorized access or changes to the operational environment. Confidential production customer Data must not be used in development or test environments without the express approval of the COO.
AS AGREED, AND SIGNED IN DUPLICATE:
Leave this empty:
Your legal name
Your email address
If you have questions about the contents of this document, you can email the document owner.
Document Name: DPA
Agree & Sign