Examinare Personal Data Assistants Agreement
Personal Data Responsible: "Customer" and
Personal Data Adviser: Examinare AB
Organization number: 556773-2598 Establishing country: Sweden.
The "Personal Data Counsel" refers to Examinare AB for the services listed in the Examinare AB Agreements signed on order. Personal Data Responsible refers to the Customer. This agreement also includes services signed on branded sites owned by Examinare AB, but trading under a branded name/trademark owned by Examinare AB.
Examinare's contact for general questions about the agreement and Examinare's processing of personal data can be found at https://oracle.examinare.biz/books/integrity-and-security
1.1 Both Parties confirm that the signatories have the power of attorney to enter into this Privacy Disclaimer ("Agreement"), which is an integral part of the Service Agreement signed between the Parties ("Service Agreement"). This Agreement governs the Processing of Personal Data in connection with any Service Agreement in force.
1.2 Examinare acts in accordance with Examinare's Privacy Statement, which is available at https://oracle.examinare.biz/books/integrity-and-security/page/privacy-policy
2.1 Definition of Personal Data, Specific Categories of Personal Data (Sensitive Personal Data),
Processing of Personal Data, Registered, Data Responsible and Personal Data Counselor is the same as used in applicable data protection legislation, including the General Data Protection Regulation (GDPR), as per this Agreement, and in Europe from 25 May 2018 and at any time applicable national supplementary legislation, together hereafter referred to as "Applicable Data Protection Act".
2.2 In this Annex, Personal Data Responsibility is referred to as the "Customer" or "Party", the Personal Data Assistant as "Examinare" or "Party" and collectively as the "Parties".
3.1 The agreement governs Examinare's Processing of Personal Data on behalf of the Customer and describes how Examinare will ensure data protection through technical and organizational measures under applicable data protection legislation.
3.2 The purpose of Examinare's Processing of Personal Data on behalf of the Customer is to fulfil obligations under the applicable Service Agreement for Services provided.
3.3 This Agreement takes precedence over any conflicting provisions regarding the Processing of Personal Data in Service Contracts or in any other agreement entered into between the Parties.
4 Examinare's duties
4.1 Examinare may only process Personal Data on behalf of and in accordance with Customer's documented instructions. By entering into this Agreement, the Customer Instructor instructs Examinare to process Personal Data as follows:
(i) only in accordance with applicable law; (ii) to fulfil all obligations under Service Agreements applicable to services provided; (iii) as further specified by Customer's normal use of Examinare's Services; and (iv) as specified in this Agreement.
4.2 Examinare has no reason to believe that there is legislation that prevents Examinare from following the instructions given above. Examinare will, after being aware of it, inform the Customer in the event, that the Customer's instructions or treatment, according to Examinare, violate applicable data protection legislation.
4.3 The categories of Registered and Personal Data covered by Treatment in this Agreement are set out in this document.
4.4 Examinare will ensure the confidentiality, integrity, and availability of Personal Data in accordance with Applicable Data Protection Act. Examinare will implement systematic, organizational and technical measures to ensure an appropriate level of security, taking into account the latest technology and implementation costs in relation to the risk involved in the Treatment, and the type of Personal Data to be protected.
4.5 Examinare will assist the Customer with appropriate technical and organizational measures as far as possible taking into consideration the Type of Treatment and the information available to Examinare in order to fulfil the Customer's obligations under applicable data protection legislation regarding requests from Registered and General Data Protection under the Data Protection Ordinance Articles 32-36.
4.6 If the Customer needs information about security measures, documentation or other information about how Examinare Handles Personal Data, and such requests involve more information than the standard information provided by Examinare in order to comply with data protection legislation as Personal Data Board, and this means more work for Examinare, Examinare may charge Customer for such additional services.
4.7 Examinare and their staff/partners/external consultants will ensure the confidentiality of Personal Data Processed under this Agreement. This condition also applies after the Agreement has expired.
4.8 Examinare will, by promptly and unnecessarily informing the Customer, enable the Customer to comply with the legal requirements that apply to information to relevant data protection authorities and Registered Personal Data Incidents.
4.9 Further, as far as practicable and legally, Examinare will inform Customer about;
(i) requests for disclosure of personal data obtained from a Registered (ii) inquiries from authorities, such as the Police, on the disclosure of personal data.
4.10 Examinare may not respond directly to requests from Registered without permission from the Customer. Examinare may not divulge content relating to the Agreement to authorities such as the Police, including Personal Data, with the exception of statutory provisions, such as court decisions or similar decisions.
4.11 Examinare do not have control over whether and how the Customer chooses to make use of any third-party integration through Examinare's API, through direct data connection or the like. Responsibility for such integrations with third parties is exclusively the sole responsibility of the Customer. Examinare is not responsible for any processing of Personal Data through such third party integration.
5 Customer Obligations
5.1 By signing this Agreement, Customer acknowledges that the Customer:
- when using the services provided by Examinare in accordance with the applicable Service Agreement for the Services provided, will Process Personal Data in accordance with the requirements of current data protection legislation.
- have a legal basis to process and disclose the relevant personal data to Examinare (including any sub-assistants used by Examinare)
- is solely responsible for the accuracy, integrity, content, reliability, and legality of the Personal Data submitted to Examinare.
- has fulfilled any mandatory requirements and obligations to notify or obtain permission from the relevant Personal Data Processing Authorities.
- has fulfilled its obligations to provide relevant information to the Registrar for the Processing of Personal Data in accordance with applicable Personal Data Law.
- agrees that Examinare has provided warranties regarding the implementation of technical and organizational security measures, that are sufficient to protect the integrity and personal data of the Registrar.
- when using the services provided by Examinare under the Service Agreement, will not transmit any Sensitive Personal Data, or data relating to convictions in criminal proceedings and infringements to Examinare. In the event of such transfer, Examinare may not be held liable for improper handling of these sensitive personal data.
- will maintain an updated record of the types and categories of Personal Data that are Treated.
6 Use of sub-boards and data transfer.
6.1 As part of the delivery of services to the Customer in accordance with the applicable Service Agreement for the services provided and this Agreement, Examinare may use subcontractors in the subcontracting role. Such subordinates may be sister companies of Examinare AB or external subcontractors (third parties) within or outside the EU. Examinare will ensure that contractual contractors agree to assume the responsibility that complies with the obligations stated in this Agreement.
6.2 Major subcontractors with access to Personal Data are published on Examinare's Privacy Page https://oracle.examinare.biz/books/integrity-and-security/page/privacy-policy, which have been accepted by the Customer as subcontractors. Examinare preserves the right to keep subcontractors that work as external "employees" hidden online because of personal integrity.
6.3 The Customer may at any time request a full overview and more detailed information about the subcontractors involved in the delivery of the Service under the Service Agreement.
6.4 If subcontractors are outside of the EU, Examinare will ensure that the transfer takes place in accordance with applicable personal data law. The Customer hereby grants Examinare the competence and authority to ensure the appropriate legal bases for the transfer of personal data outside the EU on behalf of the Client, for example by signing the EU Standard Contract Clauses or transferring Personal Data in accordance with the EU / US Privacy Shield.
6.5 The Customer will be notified prior to changes to subcontractors, who process Personal Data except for subcontractors that are working solely self-employed. If a new subcontractor apparently fails to comply with data protection legislation and the subcontractor still fails to comply with data protection legislation after Examinare has had the reasonable time to ensure that the subcontractor complies with the regulations, the Customer may terminate the Agreement. Such termination may include the right to terminate Service Agreement, in whole or in part, in accordance with the termination clauses contained in the respective Service Agreement. An important part of such assessments should be to what extent the Subcontractor's Processing of Personal Data is an essential part of the services provided under the Service Agreement. A change of subcontractor will not in itself be regarded as a breach of the Service Agreement.
6.6 By signing this Agreement, Customer agrees that Examinare uses subcontractors as described above.
7.1 Examinare is committed to providing a high level of security in its products and services. Examinare provides the level of security through organizational, technical and physical security measures, in accordance with the information security requirements described in Article 32 of the Data Protection Ordinance.
Furthermore, the internal data protection framework, Examinare AB, aims to protect the confidentiality, integrity, correctness, and access to Personal Data. The following measures are of particular importance in this regard:
- Classification of Personal Data to ensure the implementation of safety measures that correspond to risk assessment.
- Evaluation of the use of encryption and pseudonymization as risk-reducing factors.
- Limitation of access to Personal Data to those, who need access to fulfil the obligations of this Agreement or Service Agreement applicable to the Services provided.
- Use of systems that detect, restore, prevent and report personal data incidents.
- Implementation of safety analyses to assess the quality of current technical and organizational measures to protect Personal Data, taking into account the requirements of current data protection legislation.
8 Audit Rights
8.1 The Customer is entitled to carry out an annual audit of Examinare compliance with the terms of the Agreement. If the law requires, Customer may request revisions more often. As Examinare AB's services are multi-user environments, the Customer authorizes Examinare's empowers and self-employed subcontractors, for safety reasons, to decide that auditing should be performed by a neutral third party auditor chosen by Examinare. Audits may result in a cost to the Customer and will, in that case, be invoiced to the customer.
8.2 If the Customer does not accept the neutral third party auditor selected by Examinare AB, the Customer may, together with Examinare AB, elect another neutral third party auditor at own expense.
8.3 The Customer is responsible for any costs incurred in connection with the requested revisions. Examinare's assistance that exceeds the standard service provided by Examinare AB and/or Examinare's subcontractors to comply with applicable data protection laws will be charged.
9 Duration and termination
9.1 This Agreement is valid as long as Examinare Handles Personal Data on behalf of the Customer in accordance with the applicable Service Agreement.
9.2 The agreement terminates automatically, when the Service Agreement expires. Upon termination of the Agreement, Examinare will delete Personal Data Processed on behalf of the Customer, in accordance with the applicable clauses in the respective Service Agreement. Unless otherwise agreed in writing, the cost of such actions will be based on;
i) timetable for Examinare's time and ii) the complexity of the requested process.
9.3 Examinare may retain Personal Data after termination of the Agreement, to the extent required by law, with the same type of technical and organizational security measures as described in this Agreement.
10.1 Liability for breach of the terms of this agreement will be governed by liability clauses in the respective Service Agreement between the Parties. This also applies to possible violations committed by Examinare's subcontractors.
11 Applicable law and jurisdiction
11.1 This Agreement is subject to applicable law and the jurisdiction specified in the respective Service Agreement between the Parties.
12 Categories of Personal Data and Registered
12.1 As Examinare's services allow the Customer to treat arbitrary data within the services, it is not possible to generally report the categories of Registered and Personal Data covered by Treatment. This information is the responsibility of the Customer to register.
12.2 The Customer may not transfer any Sensitive Personal Data to Examinare. In the event of such transfer, Examinare may not be held liable for improper handling of these sensitive personal data. Sensitive Personal Data is defined in applicable Personal Data Law, i.e.:
- Race or ethnic origin, political opinions, religious or philosophical beliefs,
- information on health,
- information about a person's sexual life or sexual orientation,
- membership of a trade union,
- Genetic data or biometric data to uniquely identify a natural person
12.3 Nor may the Customer transfer personal data relating to convictions in criminal proceedings and offenses.
13 Overview of current subcontractors
13.1 Current subcontractors (excluding self-employed subcontractors working as consultants) of Examinare, who has access to the Customer's Personal Data can be found at:
14. Signature of Agreement
14.1 The Personal Data Assistants Agreement is included in all our contracts and terms of service and do not need to be signed. However, if the customer needs a signed copy of the approval to be saved according to their own internal regulations this agreement can be signed online at no cost by requesting it inside your customer zone login. Make sure your information is updated inside the Customer Zone before asking for the signature process. Only 1 request will be made per customer zone without cost.
14.2 The customer signs the agreement first and then the document is sent to our GDPR responsible part will sign (Within 4 working days). After signature the document will be sent as a pdf-version as a proof of acceptance to both parties.
14.3 The Customer approves for Examinare to store the signature digitally inside their systems and/or making it accessible to the Customer in Examinare Customer Zone or branded Customer Zone of Branded Services in Examinare's control and may share the signed document within the organization and external subcontractors upon request.
15.1 Disputes between Examinare and the Customer arising from this agreement shall in the first instance be solved directly between the parties. Has no resolution been reached within three (3) months from when a party gave notice to the matter in question the dispute shall be determined by Swedish court. The Kristianstad district court has exclusive jurisdiction.
The decision of the Kristianstad district court cannot be appealed.
Company reg. no.:
Examinare AB, Signature.
CEO, Examinare AB