COMPETENT SUPERVISORY AUTHORITY MODULE TWO. Transfer controller to processor ● Ireland’s Data Protection Commissioner. ANNEX II TO THE STANDARD CONTRACTUAL CLAUSES TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA MODULE TWO: Transfer controller to processor Webflow has a SOC 2 certification and is dedicated to the continued validation of its security program. Specifically, Webflow implements the following security measures with respect to the Personal Data:
COMPETENT SUPERVISORY AUTHORITY MODULE TWO. Transfer controller to processor The supervisory authority mandated by Clause 13. If no supervisory authority is mandated by Clause 13, then the Irish Data Protection Commission (DPC), and if this is not possible, then as otherwise agreed by the parties consistent with the conditions set forth in Clause 13. ANNEX II TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA MODULE TWO: Transfer controller to processor Description of the technical and organisational measures implemented by the data importer(s) (including any relevant certifications) to ensure an appropriate level of security, taking into account the nature, scope, context and purpose of the processing, and the risks for the rights and freedoms of natural persons. Data importer shall implement and maintain appropriate technical and organisational measures that protect personal data in accordance with the DPSE. Pursuant to Clause 10(b), data importer will provide data exporter assistance with data subject requests in accordance with the DPSE. Supplier Data Processing Agreement (rev. 8.2021) ANNEX III Standard Data Protection Clauses to be issued by the Commissioner under S119A(1) Data Protection Act 2018 UK Addendum to the EU Commission Standard Contractual Clauses Date of this Addendum:
COMPETENT SUPERVISORY AUTHORITY MODULE TWO. Transfer Controller to Processor Identify the competent supervisory authority/ies in accordance with Clause 13
COMPETENT SUPERVISORY AUTHORITY MODULE TWO. Transfer controller to processor MODULE THREE: Transfer processor to processor See Section 7(b)(viii) of this DPA.
COMPETENT SUPERVISORY AUTHORITY MODULE TWO. Transfer controller to processor Identify the competent supervisory authority/ies in accordance with Clause 13: The data exporter's competent supervisory authority will be determined in accordance with the GDPR. ANNEX II TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA MODULE TWO: Transfer controller to processor Xxxx uses reasonable technical and organizational measures designed to protect the Service and Customer Content as described in the Security Policy. ANNEX III
COMPETENT SUPERVISORY AUTHORITY MODULE TWO. Transfer controller to processor Identify the competent supervisory authority/ies in accordance with Clause 13 (Customer to confirm on a case-by-case basis): … TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA MODULE TWO: Transfer controller to processor EXPLANATORY NOTE: The technical and organisational measures must be described in specific (and not generic) terms. See also the general comment on the first page of the Appendix, in particular on the need to clearly indicate which measures apply to each transfer/set of transfers. Description of the technical and organisational measures implemented by the data importer(s) (including any relevant certifications) to ensure an appropriate level of security, taking into account the nature, scope, context and purpose of the processing, and the risks for the rights and freedoms of natural persons. Please refer to Annex 3 to the DPA into which these Clauses are incorporated. For the purposes of Clause 10, the appropriate technical and organisational measures, taking into account the nature of the processing, by which the assistance in respect of data subject requests shall be provided, as well as the scope and the extent of the assistance required, is: provided via self-service functionality within the Services, which enables Customers’ users to (i) change certain Personal Data, such as name, username, email address and password; and (ii) to download an archive of certain Personal Data. The user can also contact Customer Support in the event that assistance is required in making use of this functionality. ANNEX III LIST OF SUB-PROCESSORS MODULE TWO: Transfer controller to processor EXPLANATORY NOTE:
COMPETENT SUPERVISORY AUTHORITY MODULE TWO. Transfer controller to processor MODULE THREE: Transfer processor to processor The member state of the Customer. ANNEX II - TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA MODULE TWO: Transfer controller to processor MODULE THREE: Transfer processor to processor Measures of encryption of personal data ● ChargeDesk only processes and stores personal data necessary to provide the Service. ● All data is encrypted in transit and at rest using state-of-the-art encryption protocols. ● ChargeDesk uses a minimum 256-bit key length for asymmetric encryption (2048-bit for RSA). ● Encryption keys are securely stored with limited organisational access. Measures for ensuring ongoing confidentiality, integrity, availability and resilience of processing systems and services ● ChargeDesk tests code for vulnerabilities. ● ChargeDesk employs code reviews for sensitive updates to increase the security of our code. ● Intrusion detection and prevention (IDS/IPS) is deployed in both production and staging environments. ● Production systems run on high-availability systems across multiple availability zones. ● Production data never leaves the production environment and is never used in testing or staging environments. ● We use a Reputation Management System which monitors access points to customer data and automatically blocks any threats it identifies. We use a ‘block first, ask questions later’ approach and all subsequent requests by a potential threat will also be blocked - only a manual review will lift a block. Measures for ensuring the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident ● ChargeDesk performs at least daily backups of production data. ● Automatic failover capability is deployed for production systems so that individual server failure does not disrupt the service. ● Business continuity plans contain all the information needed to get our business running again after an incident or crisis. Measures for user identification and authorisation ● All admin users are provided a unique login and ID. ● All admin functionality requires 2 factor authentication with frequent re-authentication when performing high security functions. ● Admin access is frequently reviewed and the principle of least-privilege is employed. Measures for the protection of data during transmission ● All data is encrypted in transit using state-...
COMPETENT SUPERVISORY AUTHORITY MODULE TWO. Transfer controller to processor Identify the competent supervisory authority/ies in accordance with Clause 13 The Irish Supervisory Authority - The Data Protection Commission, unless the data exporter notifies the data importer of an alternative competent supervisory authority from time to time in accordance with Section 11 of the DPA. ANNEX II TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA MODULE TWO: Transfer controller to processor Please see Schedule 2 of the DPA, which describes the technical and organizational security measures implemented by ASG.
COMPETENT SUPERVISORY AUTHORITY MODULE TWO. Transfer controller to processor The supervisory authority mandated by Clause 13. If no supervisory authority is mandated by Clause 13, then the Irish Data Protection Commission (DPC), and if this is not possible, then as otherwise agreed by the parties con - sistent with the conditions set forth in Clause 13. ANNEX II TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISA- TIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA See Exhibit A of the Addendum. ANNEX III Standard Data Protection Clauses to be issued by the Commissioner under S119A(1) Data Protec- tion Xxx 0000 UK Addendum to the EU Commission Standard Contractual Clauses Date of this Addendum:
COMPETENT SUPERVISORY AUTHORITY MODULE TWO. Transfer controller to processor Identify the competent supervisory authority/ies in accordance with Clause 13: Please see clause 8.2.2 of this DPA. ANNEX II TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA MODULE TWO: Transfer controller to processor As the data importer, Xxxx maintains appropriate technical and organizational measures for protection of the security, confidentiality and integrity of Personal Data uploaded to the Services, as applicable to the specific Services purchased by data exporter and any Personal Data limitations and restrictions provided in the Agreement, as described in this Annex.
