Skip to main content Skip to main menu Skip to footer menu
Help Center
Sign in

Documents

Liana Technologies’ General Terms and Conditions for Processing Personal Data and Data Protection

1. Purpose and scope

1.1.

The European Union’s general data protection regulation (“GDPR”) will be applied starting May 25, 2018. The GDPR requires that data controllers and data processors agree in writing about processing personal data.

1.2.

This attachment defines the obligations of the parties as data processors and data controllers according to the data protection regulations. This attachment regarding processing of personal data shall automatically come into effect May 25, 2018 and the terms of this attachment shall be applied in conjunction with Liana Technologies’ general terms and conditions or another agreement made between the parties.

1.3.

These general terms and conditions for processing personal data shall be applied to the services provided by Liana Technologies to the customer where the customer is acting as a data controller and Liana Technologies is acting as a data processor who processes personal data on behalf of the customer

1.4.

The customer hereby authorizes Liana Technologies to process personal data in the scope required by the service provided by Liana Technologies. The purpose and nature of the personal data processed by Liana Technologies, as well as the information of data subjects and their grouping have been described separately in the service description or another document made between the parties. Liana Technologies may process personal data on behalf of the customer inter alia for providing and offering services for use for example by offering the customer a marketing and communication system. Personal data is processed for the aforementioned purpose, or another purpose separately agreed between the parties and for a duration in accordance with applicable law.

2. Liabilities and obligations of the parties

Each party shall be responsible for complying on their own part with the liabilities and obligations set forth in the applicable data protection legislation.

2.1.

As a controller, the customer is responsible for the following matters:

2.1.1.

Processing of personal data is always relevant for the customer’s operations, and the necessary approvals or consents have been received from the data subjects for collecting and processing personal data;

2.1.2.

The purpose for collecting personal data is defined;

2.1.3.

Processing of personal data has been planned in advance;

2.1.4.

Personal data collected for a specific purpose will not be used for any other purpose;

2.1.5.

Personal data is processed lawfully, with due care and good data processing standards, and otherwise in such a manner so that the rights of the data subject’s privacy of personal life and other privacy rights are not restricted without statutory provisions;

2.1.6.

Ensuring the protection of collected and processed personal data against unauthorized access to data, and the unauthorized or unlawful destruction, alteration, disclosure, transfer or other illegal processing of data. This safeguard obligation also covers taking care of date protection;

2.1.7

Ensuring that the customer as a controller, does not record or process personal data of children (under 16 years) or sensitive Personal Date without a separate agreement;

2.1.8

A register that is no longer necessary for customer’s operation will be erased unless the recorded information in it is specifically regulated or ordered to be stored;

2.1.9

Personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;

2.1.10

The register record compiled and maintained by the customer is available to anyone and that it includes the information required by Laws related to the obligations of keeping a register, purpose of processing personal data and the content of the register as well as information related to transferring and protection of personal data;

2.1.11

All other matters that in accordance with the applicable data protection legislation are the responsibility of the controller

2.2.

The customer shall ensure that it can prove it has complied with the responsibilities set forth above in sections 2.1.1-2.1.11 .

2.3.

As a data processor, Liana Technologies shall be responsible for the following matters:

2.3.1.

The maintenance, protection, and security of processing personal data, and storing the information on behalf of the customer, as well as implementing the data subject’s right to access personal data;

2.3.2.

Processing personal data only on documented instructions from the customer, including with regard to transfers of personal data to a third country or an international organization, unless required to do so by Union or Member State law to which Liana Technologies is subject; in such a case, Liana Technologies shall inform the customer of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest;

2.3.3.

Ensuring that persons authorized to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;

2.3.4.

Taking all measures required pursuant to Article 32 of the GDPR (incl. implementing appropriate technical and organizational measures to ensure a sufficient level of security);

2.3.5.

Taking into account the nature of the processing, assisting the customer by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of the customer’s obligation to respond to requests for exercising the data subject’s rights laid down in Chapter III of the GDPR (such as the data subject’s right to access their own personal data, the right to withdraw consent for collecting personal data and the right to erasure of personal data);

2.3.6.

Assisting the customer in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR (such as security of processing, notification of a personal data breach to the supervisory authority, communication of a personal data breach to the data subject, data protection impact assessment and possible prior consultation) taking into account the nature of processing and the information available to the processor;

2.3.7.

At the choice of the customer, deleting or returning all the personal data to the customer after the end of the provision of services relating to processing, and deleting existing copies unless Union or Member State law requires storage of the personal data;

2.4.

Liana Technologies undertakes not to use any subcontractors for the processing of personal data without the prior written consent of the customer. In case Liana Technologies uses with the consent of the customer, subcontractors, Liana Technologies undertakes that the subcontracting agreement will be done in writing and that the subcontractor undertakes to comply with the same data processing obligations to which Liana Technologies is agreed to be bound.

2.5.

Liana Technologies accepts the auditing of personal data processing to be done by the customer, and based on applicable law, an authority. The parties will agree on the details to be performed by the customer separately.

2.6.

Unless otherwise agreed between the parties, Liana Technologies shall be entitled to invoice the customer according to its price list for the work and actions done according to the customer’s written instructions. In addition, if Liana Technologies incurs costs due to complying with data protection requirements or assisting the customer, Liana Technologies shall have the right to invoice these costs.

3. Transferring personal data

3.1.

Liana Technologies shall not (and shall procure that any thirdparty service provider or subcontractor engaged in the providing of the services shall not) process or transfer personal data outside the European Union unless authorizes by specific prior written authorization of customer. Notwithstanding such authorization, Liana Technologies (incl. subcontractor) shall process personal data in compliance with the applicable data protection legislation.

4. Rights to personal data

4.1.

Except to the extent necessary to perform its obligations under the agreement, Liana Technologies shall keep personal data confidential and shall have no rights to personal data and shall not access, use, process, disclose, or transfer personal data (in part or in whole) to any third party during or after the term of the agreement (unless specifically agreed otherwise with customer in writing). Upon termination or expiry of the agreement, Liana Technologies shall provide customer with a complete and uptodate copy of all personal data (including any backup copies thereof) in such form as customer may reasonably request. Without prejudice to the foregoing obligation, upon termination or expiry of the agreement, Liana Technologies shall (and shall procure that its subcontractor shall) destroy all personal data in tangible form and delete all personal data from all computer hardware (including storage media) and software used by Liana Technologies to process the personal data and shall confirm in writing that this has been done.

5. Safeguards

5.1.

Liana Technologies shall implement and maintain at all times appropriate operational, managerial, physical and technical measures to protect the personal data against accidental, unauthorized or unlawful destruction, loss, alteration, disclosure or access so that all processing is in compliance with the applicable data protection legislation. Technical safeguards shall include uptodate virus protection of the data files containing personal data and backup copies of such files. Liana Technologies shall keep accurate records of all processing of personal data under the agreement and limit access to personal data to authorized and properly trained personnel with a welldefined “needtoknow” and who are bound by appropriate confidentiality obligations.

6. Limitation of liability

6.1.

The customer and Liana Technologies accept that any administrative fines or sanctions levied by a competent authority, and any claims made by a data subject based on this personal data processing attachment will be allocated between the parties in accordance with the obligations set for each party in the applicable data protection legislation. Therefore a party who has neglected to comply with an obligation in the data protection legislation is liable for the possible administrative fines or sanctions levied, or for any damages in accordance with the ruling of a competent authority or court.

6.2.

Liana Technologies shall not be liable for any indirect damages of any nature. The limitations of liability set forth in Liana Technologies’ general terms and condition shall apply to this attachment.

7. Confidentiality

7.1.

The parties undertake not to disclose to a third party any information concerning the other party or the other party’s business, which the other party has received in relation to this agreement. Each party shall however be entitled to disclose such information in a response to a valid order by a court of a governmental body or as otherwise is required by law.
 

Document in downloadable format:
Liana Technologies General Terms and Conditions for Processing Personal Data and Data Protection