גלובוס, לוגו, שינוע ושילוח, לוגיסטיקה

Data Processing Agreement (DPA)

  1. Definitions
    Terms in this agreement will be interpreted in accordance with the relevant regulations:
  • Applicable Data Protection Laws” – any legislation, regulation or official standard, local or international, applicable to the processing of personal data, in particular the European GDPR Regulation.
  • Personal Data” – any data or information, whether directly or indirectly, that can be linked to an identified or identifiable natural person.
  • The “Data Controller” – the entity that determines the purposes, means and scope of the processing operations, and is responsible towards the data subjects.
  • Data Processor” – an entity that processes the information in the service of the data controller, in accordance with the instructions and restrictions provided to him.
  • Sub-processor” – any additional entity employed by the Data Processor to perform processing operations in the Controller Service.
  • EEA (the European Economic Area)” – includes all European Union countries as well as Norway, Liechtenstein and Iceland, which maintain uniform legislation in the field of data protection.
  • “SCC (Standard Contractual Clauses)” – a legal mechanism approved by the European Commission for the transfer of personal data outside the EEA, while maintaining an adequate level of protection.
  1. Background
    When implementing the services included in the framework agreement, Globus may act as the data controller or data processor, depending on the nature of the information and the service. When the services are provided to private Globus’s customers, it will be the controller, and the provider will be the processor. When it comes to Globus’s corporate customers, it will serve as a processor, and the provider will be a sub-processor. The provider undertakes to comply with all applicable legal and regulatory provisions in accordance with its status.
  2. Data processing
    The provider undertakes to process personal data solely for the purpose of providing the services defined in the framework agreement. All processing will be carried out in accordance with Globus’s written instructions, and in a manner that complies with the provisions of the data protection laws. The Provider will cooperate with Globus in responding to data subject requests, including requests to access, correct, or delete information.
  3. Using sub-processors
    The provider may not transfer personal information or allow it to be processed by a third party (sub-processor) unless it has received express written permission to do so from Globus. Any engagement with a sub-processor will require terms equivalent to those in this agreement. The provider will be fully liable for any actions of a sub-processor on its behalf.
  4. Transfer of information outside the EEA
    Any transfer of personal data to a country that is not part of the EEA will be subject to Globus’s prior approval and the signing of a valid SCC, or any other legal mechanism that complies with the provisions of the GDPR. The provider will maintain documentation for each such transfer and ensure appropriate measures to maintain the privacy of the information.
  5. Information security measures
    The provider will take appropriate technical and organizational measures to maintain the integrity, confidentiality and availability of the information. These measures will include, inter alia: information encryption, role-based access control, permissions management, periodic backups, multi-factor authentication, system monitoring, and a written internal information security policy.
  6. Information security incident notification
    In the event of a security breach or unauthorized access to personal data, the provider will immediately report it in writing to Globus. The report will include the circumstances of the incident, data that was compromised, possible risks, and steps taken. The provider will cooperate with Globus in any investigation or reporting to the authorities.
  7. Right to audit
    Globus may conduct periodic audits to examine the provider’s compliance with the provisions of this agreement. The provider will provide access to information, procedures and infrastructure for the purpose of conducting the audit. Any findings revealed during the audit will be corrected by the provider in a reasonable time and with transparency.
  8. Termination of the contractual engagement
    Upon termination of the agreement for any reason, the provider will act in accordance with Globus’s instructions to delete the personal data or return it. These actions will be documented in a written statement. Globus reserves the right to examine and monitor the implementation of this provision.
  9. Compensation and liability
    The provider will be fully liable for any damage caused as a result of a breach of this Agreement or the Privacy Protection Provisions, including actions of sub-processors on its behalf. Financial and other terms will be determined in accordance with the framework agreement.
No items found

שירותים נוספים