GDPR og datasikkerhed

På denne side kan du læse mere om, hvad du skal forholde dig til i forhold til GDPR ved brug af Effecttracker. Alle brugere af Effecttracker skal tegne en databehandleraftale, som angiver rettigheder og pligter mellem dig som dataansvarlig og os som databehandlere.

Effecttrackers rolle i forhold til jer som virksomhed er primært at sikre en sikker opbevaring af jeres ufølsomme kundedata samt en sikker styring af jeres kommunikation, som er lagt i løsningen.

Effecttrackers rolle og ansvar kort beskrevet:

  • Vi lever af at indsamle, opbevare og berige virksomheders kundedata på vegne af virksomheden
  • Vi sikrer at kommunikation mellem forskellige personer valgt af virksomheden kan gennemføres fuldautomatiseret
  • Vi må ikke gøre noget med dine kundedata eller din kommunikation, som ikke er godkendt af din virksomhed
  • Vi har valgt ikke at anvende eksterne sporingskoder fra analysevirksomheder, som potentielt kan kigge med i jeres kundedata
  • Vi loader ingen cookies eller andre former for ekstern sporing, som kan bruges af 3. parter
  • Vi bruger kun 1. parts cookies fra Effecttrackers CMS system C1 - herunder:
    - En cookie husker at du er logget ind som licensejer
    - To andre cookies bruges til at debugge C1 og eksisterer kun hvis man har login til /composite/top.aspx - dvs. ingen 3. parts cookies.
  • Vi har valgt at placere data i et af Europas største datacentre via Composite Hosting - rehostet via Sentia Hosting
  • Vi har valgt at lægge ansvaret for håndtering af datasikkerhed og drift af løsningen hos Acto as. Der er indgået tre aftaler med Acto as.
  • Vi har valgt at etablere et testsite, hvor alle nye funktioner gennemgås og testes før release til livesitet
  • Vi har ikke noget ansvar for din håndtering af jeres kundedata

Licensbrugeres rolle og ansvar kort beskrevet
Når du anvender effecttracker, bør du forholde dig til den nye persondataforordning (GDRP). Du kan finde Dansk Industris vejledning her: http://di.dk/virksomhed/produktion/it/itsikkerhed/personoplysninger/pages/vejledningompersondataforordningen.aspx

Du er som licensejer ansvarlig for de kundedata, der kommer ind på din konto. Dvs. at du er ansvarlig for alle data og al kommunikation, der genereres i forbindelse med kundens henvendelse til jer. Dette indbefatter f.eks:

  • Din kunde kan have en ret til at blive glemt.
  • Du er ansvarlig for emails og indhold, der sendes til dine kunder og samarbejdspartnere.
  • Du er ansvarlig for at orientere din kunde om, hvad du gør med kundens data.
  • Din kunde skal godkende, hvis du ønsker at anvende data til andre formål end dem kunden har henvendt sig til dig omkring, som ikke har noget med det ønskede produkt eller ydelse at gøre.

Oversigt over hvor dine data kan ligge samt hvem, der har adgang til dem:

  1. Effecttracker Email API: Der sendes en email med kunders ønsker til en email konto, som kan læses af Effecttracker. Kundedata ligger i dette tilfælde uden for Effecttracker. Disse data kan tilgås af dig, Effecttracker + Acto samt evt. dit bureau. Du bør sikre dig at du har en procedure for, hvornår dine data slettes, da kunden har en ret til at blive glemt.

  2. I din Effecttracker konto ligger der forarbejdede data om kunderne, kundelister etc. Disse data kan tilgås af dig samt de personer, du har givet adgang til. Koden til kontoen kan ændres af dig via funktionen glemt password. Her har du adgang til at slette data. Du kan slette persondata en ad gangen - eller, hvis du vælger at slette en kampagne slettes alle data i kampagnen. Hvis du vælger at lukke din konto, skal du først slette alle dine kampagner, hvorefter kontoen kan lukkes.

  3. Emails sendt fra Effecttracker.com slettes hver 24. time. Disse mails kan søges frem af Acto samt Effecttracker. Hvis du ønsker at gemme sendte mails ud over de 24 timer, skal du gøre det lokalt hos dig selv.

  4. Sendgrid.com. Alle mails sendes ud gennem sendgrid. Det gør vi for at sikre, at mails ikke kategoriseres som spam samt for, at kunne bevise at mails er leveret til modtageren. Vi kan kun se, hvem mailen er sendt til i sendgrid. Vi kan ikke se indholdet. Det er kun Effecttracker og Acto, der har adgang til Sendgrid. Sendgrid er underlagt Privacy Data Shield.

  5. Google Maps. Hvis du har valgt at anvende en løsning, der bruger Google maps, udveksler Effecttracker adresser til Google Maps. Google Maps er underlagt Privacy Data Shield. Effecttracker udleverer ikke andre oplysninger end adresser til Google Maps.
Bilag A fra Databehandleraftalen: Underdatabehandlere
Følgende underdatabehandlere er godkendt på tidspunktet for indgåelse af denne licensaftale på de betingelser, der følger af databehandleraftalen og databeskyttelseslovgivningen:
Hostingleverandør og C1 CMS udbyder – (Hosting-aftalen er indsat som bilag til licensaftalen, og vist nederst på denne side)
Orckestra A/S
Adelgade 12, 1
1304 København K
CVR-nr 21744409

GDPR compliant underdatabehandlere, hvor databehandling kan ske uden for EU, som har tilsluttet sig Data Privacy Shield samarbejdet: (Læs evt. mere om Data privacy Shield her: https://www.privacyshield.gov/welcome)

Email validering – (Sikrer at sendte emails ikke kategoriseres som spam og dokumenterer at mailen er leveret)
Sendgrid.com
Denver, CO
1801 California Street
Suite 500
Denver, CO 80202

Afstandsmåling via Google Maps – (Bruges af nogle licensbrugere til at udregne kørselstid mellem to adresser)
Google LLC
1600 Amphitheatre Parkway
Mountain View, CA 94043
USA

Bilag B – Leverandør af IT udvikling
Ekstern IT afdeling, ansvarlig for sikkerhed og programmering (Er underlagt samme fortrolighed vedr. persondata som medarbejdere på Effecttracker.com)
Acto ApS Torveporten 2
2500 Valby
CVR-nr 36919914

Effecttracker HOSTING AGREEMENT (Copy from COMPOSITE HOSTING security level which we accepted and can guarantee)


READ THIS HOSTING AGREEMENT CAREFULLY BEFORE CLICKING THE “ACCEPT”/”CONFIRM” BUTTON. THIS AGREEMENT SHALL COMMENCE UPON THE CUSTOMER’S ACCEPTANCE OF THIS AGREEMENT BY CLICKING THE “ACCEPT”/”CONFIRM” BUTTON AND IS EFFECTIVE UNTIL TERMINATED IN ACCORDANCE WITH THIS CLAUSE.
THIS HOSTING AGREEMENT ("AGREEMENT") IS A LEGAL AGREEMENT BETWEEN YOU (EITHER AN INDIVIDUAL OR, IF PURCHASED OR OTHERWISE ACQUIRED BY OR FOR AN ENTITY, AN ENTITY) AS THE CUSTOMER REFFERED TO AS THE (“CUSTOMER” OR “YOU”) AND COMPOSITE A/S, NYGAARDSVEJ 16, DK-2100 COPENHAGEN. DENMARK REFFERED TO AS THE (“PROVIDER” OR “WE”)
IF YOU DO NOT AGREE TO BE BOUND BY THE TERMS AND CONDITIONS OF THIS AGREEMENT, YOU SHOULD CLICK THE “CANCEL” BUTTON.
This agreement replaces any previously agreed arrangements.

1.1 HOSTING PRODUCT
The hosting product related to this agreement is specified on the PROVIDER’s website and on the CUSTOMER’s invoice when purchasing.
Prices for extra storage, traffic, CPU etc. are set out on the PROVIDER’s website.

1.2 HOSTNG ENVIRONMENT
The hosting environment is located in a locked, cooled and fireproofed datacenter.

1.3 UPTIME GUARANTEE
The PROVIDER ensures that 24-hour access exists all days of the year to the CUSTOMER's server via the Internet.
The PROVIDER guarantees a 99% uptime during this timeframe.
A lack of availability of the hosting offering due to the following conditions shall NOT be calculated as downtime:
- Operational hindrances in the CUSTOMER’s systems
- Operational hindrances that the CUSTOMER is responsible for
- External disturbances (electrical, public datanets etc.)
- Noncritical issues, such as minor functionality errors.
- System shutdown, in accordance with planned and properly announced maintenance windows.

1.4 BACKUP
Daily backups are made of website files and data. The CUSTOMER can restore files from backups by contacting the PROVIDER.

1.5 MONITORING
The server is monitored 24x7x365 to verify that the web service is running and the server is pingable.

1.6 SUPPORT
Support requests in the form of helping to restart services are provided by the PROVIDER during normal office hours (09:00-16:00 CET).
The support is charged according to the prices set out on the PROVIDER’s website.

1.7 OPERATIONS
The PROVIDER provides a hosting setup available with a public IP address. All hardware is owned by the PROVIDER. The PROVIDER installs Windows Server and is responsible for the operation and maintenance of Windows and IIS. Relevant updates for Windows Server and other server software are made by the PROVIDER.

1.8 SECURITY
The PROVIDER is obliged to, by appropriate means, ensure that no unauthorized access to the CUSTOMER’s servers is made.

1.9 PRIVACY
The CUSTOMER is obliged to ensure that the transfer of data to the CUSTOMER’s systems does not conflict with the law regarding the handling of personal data according to Danish law.
The PROVIDER takes the necessary security precautions to ensure that the CUSTOMER’s data are not lost or degraded, or that they are disclosed to unauthorized persons, abused, or otherwise handled in discordance with the laws regarding the handling of personal data.

1.10 CONFIDENTIALITY
The PROVIDER and his employees must observe absolute silence with regard to any information relating to the CUSTOMER or third party relationship, on which the PROVIDER comes to the knowledge through this contractual relationship. This does not include information that is already publicly known or conditions intended to come to the knowledge of third parties. The CUSTOMER is imposed an equivalent obligation with respect to the PROVIDER’s information.

1.11 LIABILITY AND LIMITATION OF LIABILITY
The PROVIDER’s liability will be according to Danish law. The PROVIDER's liability does not include indirect losses of any kind, such as loss of profits, loss of goodwill or the like. There shall be no compensation for loss of or damage to data.
The PROVIDER is also not liable for deficiencies that do not relate to the solution, but to outside influences, including but not limited to, other programs, failure of communication lines, and a third party's abuse of the solution. The PROVIDER is also not responsible for the integration or interaction between the solution and the CUSTOMER or its other suppliers’ IT environment and organization.

1.12 TERMINATION AND BREACH OF CONTRACT
Either Party may at any time in writing, and with three months' prior notice to the end of a payment term, terminate this agreement.

1.13 PAYMENT CONDITIONS
Payment for hosting and Services shall be at prices and under terms stated on the PROVIDER’s website, as otherwise stated by Composite from time to time. All prices are exclusive of taxes (VAT or otherwise), which may or may not be added to the price, depending on applicable law and the legal residence of the Customer.
Payment shall always be made in advance for the entire subscription period unless specifically agreed otherwise.
BY ACCEPTING THIS AGREEMENT THE CUSTOMER ACCEPTS THAT THE PROVIDER DOES NOT REFUND ANY FEE IF THE HOSTING SERVICE IS ACTIVATED OR TAKEN INTO USE AND ONCE THE FEE PAYMENT IS MADE TO THE PROVIDER THE CUSTOMER WILL HAVE NO RECOURSE FOR RECEIVING A REFUND OF ANY PART OF THE HOSTING FEE.
Approximately every 6 months the PROVIDER will calculate the average usage (traffic, storage etc.) and adjust the fee according to the prices set out on the PROVIDER’s website.

1.14 FORCE MAJEURE
If this Agreement’s compliance is fully or partially prevented or significantly impeded by circumstances outside the control of the parties and the party not reasonably should have foreseen this at the conclusion of the contract or should have avoided or overcome, then duties are suspended to the extent relevant to the circumstances and for the time in which the circumstances are in effect.
1.15 GOVERNING LAW AND VENUE
This Agreement is governed by Danish law and any disputes relating to the Agreement shall be settled by the ordinary courts in the PROVIDER’s domicile.