门禁控制云应用程序
数据处理协议
引言
您是与西班牙公司 Salto Systems, S.L. 签订合同的客户,后者通过“Salto KS 钥匙即服务”平台提供名为“Salto KS 钥匙即服务”的 SaaS 服务(分别称为“KS 服务”和“平台”),但须遵守不时适用的“Salto KS 钥匙即服务”的一般服务条款和条件(“一般条件”)。
此外,Salto Systems, S.L. 和/或 Salto Systems, S.L. 的子公司可能需要提供与此类 KS 服务和/或相关锁硬件有关的技术支持服务(“技术支持服务”)。KS 服务和技术支持服务在下文中统称为“服务”。
为了向您提供服务,Salto Systems, S.L. 和与您所在地理区域相对应的 Salto Systems, S.L. 子公司需要代表您访问和处理个人数据。Salto Systems, S.L. 和相应的 Salto Systems, S.L. 子公司各自作为此类个人数据的数据处理者,您作为此类个人数据的数据控制者。
因此,Salto Systems, S.L. 和位 于欧洲经济区(以下简称“EEA”)内的相应 Salto Systems, S.L. 子公司有义务根据《欧洲通用数据保护条例)(“GDPR”)与客户签订数据处理协议。
因此,本数据处理协议(“DPA”)由 (a) 订阅 KS 服务的客户(“客户”或“数据控制者”)、(b) Salto Systems, S.L.(“Salto HQ”)和 (c) 与客户所在地理区域相应的 Salto HQ 子公司(其具体数据和身份可在 https://www.saltosystems.com/en/quick-links/salto-systems-offices/ 上查阅)(“Salto 子公司”)正式签订。Salto HQ 和 Salto 子公司也共同和单独称为“Salto”或“数据处理者”。
如果您是仅从事个人或家庭活动的自然人,则适用于您的 DPA 内容为 A 部分的内容。对于所有其他情况,适用于您的 DPA 内容应为 B 部分中规定的内容。
双方承认,非欧洲法律也可能适用于对个人数据的处理。除本 DPA 中特别指明的范围外,无论适用于数据处理的数据保护法律有何规定,本 DPA 的内容均应适用。
通过接受一般条件,双方特此依据适用法律的要求订立,并且客户特此接受并同意本 DPA。
A 部分:适用于完全从事个人或家庭活动的自然人
本 DPA 自客户接受之日起生效,并在 KS 服务明确终止之前持续有效。就本 DPA 而言,KS 服务应被视为在以下日期中最早到达的日期终止:
- KS 服务期限已根据可能不时适用的一般条件终止(例如客户不续订 KS 服务时),且客户已向 Salto 明确书面通知其未来不再续订 KS 服务的意图时,或;
- KS 服务期限已根据可能不时适用的一般条件终止(例如客户未续订 KS 服务时),并且客户在 6 个月的期限届满后仍未续订 KS 服务期限时。
本 DPA 包含对所提供服务的详细描述。Salto 将开展的数据处理活动仅限对于提供客户选择的服务所严格必要的活动。
Salto 只能为了提供客户选择的服务而处理个人数据。在此意义上,Salto 应遵守欧盟《通用数据保护条例》(GDPR) 第 28 条规定的义务。具体而言,在不影响 GDPR 所规定其他义务的情况下,Salto 作为数据处理者必须遵守以下义务:
- 个人数据处理仅用于提供平台、KS 服务和技术支持服务的目的,并遵循客户的指示。
- 除非客户事先明确授权,否则不得将个人数据传输给第三方。
- 对 Salto 为提供服务而访问的个人数据保密,即使在本 DPA 期限届满后。
- 在 Salto 获知个人数据泄露时,通过客户在平台上所留电子邮件地址及时通知客户,并提供有关事件记录和沟通的所有相关信息。
- 按照 GDPR 第 32 条之规定处理个人数据,实施适当的安全措施,遵守并采取必要的技术和组织安全措施,以确保其有权访问的个人数据的机密性、保密性和完整性。
- 在 KS 服务明确终止后,Salto 应销毁个人数据,并在适用情况下销毁包含此类个人数据的任何副本、文件或支持材料。在任何情况下,Salto 都可在因执行约定服务而产生的责任时效期限内存储封锁的个人数据副本。在这种情况下,Salto 保证不会处理此类数据,但 Salto 在所属时效期限内必须向公共行政机构、法官和法院提供数据的除外。
客户向 Salto 授予允许委托其他数据处理者处理个人数据的一般授权。
此外,客户还授予允许相关分处理者进一步分包给其他分处理者的一般授权。
客户声明其已达到法定年龄,并已获正式授权将数据主体的个人数据上传到平台(包括但不限于关于儿童个人数据的任何特别同意),并允许 Salto 根据本 DPA 的规定访问此类个人数据以进行处理。
Salto 明确确认已任命一名数据保护官。为此,如果客户希望联系该数据保护官,请使用以下电子邮件地址:privacy@saltosystems.com
在本 DPA 框架内发送给客户的任何通信,均应通过电子邮件发送至平台中指明的系统所有人的电子邮件地址,或通过平台或 Salto KS 移动应用程序发送,或通过要求回执的信件发送至平台中指明的系统所有人地址。
为使 Salto 能够提供平台和 KS 服务以及技术支持服务,客户接受并保证向 Salto 提供必要的数据,以便后者提供服务。本 DPA 双方将对因其违反承担的义务而可能产生的直接损害负责,并且在这种情况下,必须承担此类违约可能给对方造成的损害赔偿责任。任何一方在本 DPA 项下向对方承担的最大责任总额,以不时适用的一般条件中约定的每次事件最大责任为限。
本 DPA 双方一致同意,就 DPA 的解释和/或履行可能产生的任何纠纷或分歧,应由 Salto HQ 根据西班牙法律 设立注册办公地址的司法管辖区法院解决,并明确放弃双方可能主张的任何其他司法管辖区。
B 部分:适用于法人实体或非从事个人或家庭活动的自然人
1. DPA 的标的事项
1.1. 本 DPA 的标的事项是 Salto HQ 和 Salto 子公司作为数据处理者,依据 GDPR 第 28 条和第 29 条以及适用的当地数据保护法律规定的义务,在约束双方的主要合同关系中根据数据控制者的指示,代表数据控制者进行数据处理。
1.2. 个人数据。为履行服务,数据控制者应向数据处理者提供有关以下类别和数据主体的个人数据:系统所有人创建的用户姓名、电子邮件地址、手机号码、国家/地区、用户照片(可选)、地址(可选)和语言(可选)(以下简称“个人数据”)。
1.3. 数据处理。数据处理将包括:
a. Salto HQ 托管和访问客户上传到平台的个人数据以及包含此类个人数据的数据库,以便提供 KS 服务、维护平台和提供技术支持服务(“处理 1”)。
b. Salto 子公司访问包含个人数据的全部或部分数据库,以便应客户的要求提供技术支持服务(“处理 2”)。
1.4. 期限。本 DPA 自客户接受之日起生效,并在 KS 服务明确终止之前持续有效。就本 DPA 而言,KS 服务应被视为在以下日期中最早到达的日期终止:
a. KS 服务期限已根据可能不时适用的一般条件终止(例如数据控制者不续订 KS 服务时),且数据控制者已向 Salto 明确书面通知其未来不再续订 KS 服务的
意图时,或;
b. KS 服务期限已根据可能不时适用的一般条件终止(例如数据控制者不续订 KS 服务时),并且数据控制者在 6 个月的期限届满后仍未续订 KS 服务期限时。双方同意,在技术支持服务终止和 KS 服务明确终止时,第 2.5 条的规定适用于个人数据的销毁。
2. 数据处理者的义务
2.1. 一般义务。每个数据处理者都承担下列义务:
2.1.1. 仅在对于服务的履行有必要时,根据可能不时适用的一般条件的规定,使用个人数据处理标的事项以及数据处理者可能收集的数据。在任何情况下,数据处理者均不得将个人数据用于其自身目的。
2.1.2. 当数据处理者或其工作人员发现违反 GDPR 或其他适用的当地数据保护法律的情况时,应立即通知数据控制者。
2.1.3. 按照数据控制者的指示处理个人数据,前述指示必须以书面形式传输至以下电子邮件地址:privacy@saltosystems.com。
如果数据处理者认为数据控制者的指示违反了 EEA 或任何 EEA 成员国在数据保护方面的任何法律规定,则必须立即以书面形式通知数据控制者。如果发生经证实的违规行为,数据处理者可暂停执行指示,直至指示的可接受性得到澄清为止。
2.1.4. 确保任何代表数据处理者或代表数据控制者行事并有权访问个人数据的人,仅根据数据控制者的指示处理此类数据,但为了遵守 EEA 或任何 EEA 成员国的任何法律规定或任何其他适用法律而必须相应处理的除外。
2.1.5. 根据 GDPR 第 32 条实施技术和组织安全措施,为此,数据处理者承诺评估其执行的数据处理活动所产生的潜在风险,并考虑用于提供服务的手段(技术、资源等)以及可能影响安全的其他情况。
2.1.6. 根据 GDPR 第 32 至 36 条或适用的当地数据保护法规,协助数据控制者 确保遵守有关处理安全的义务、向相应监管机构和受影响的数据主体发出个人数据泄露通知、数据保护影响评估和事先咨询,同时考虑处理的性质和数据处理者可获得的信息。
根据本 DPA 向客户发出的通知将发送至在平台注册的系统所有人电子邮件地址。客户自行负责确保此类电子邮件地址最新、有效。
2.1.7. 必要时,根据 GDPR 第 30 条代表数据控制者保存处理活动记录。
2.1.8. 向数据控制者提供所有必要的信息,以证明其遵守了义务。双方应自行商定数据处理者证明遵守其法律义务的条款。
应数据控制者的要求,数据处理者将向数据控制者提供充分的证据,证明已根据本 DPA、收到的指示以及 EEA 或任何 EEA 成员国有关数据保护的法律规定,实施了技术和组织措施。
2.1.9. 允许数据控制者或数据控制者委托的其他审计师进行审计并提供协助,包括检查。
2.1.10. 对数据处理者为提供服务而访问的个人数据保密,即使在本 DPA 的期限届满后亦不例外。数据处理者承诺对所接收的数据、文件和信息或数据处理者因提供服务而获知的数据、文件和信息严格保密,并采取保护措施,防止任何未经授权的使用或未经授权的第三方检查。
如果未经授权的第三方访问或检查了相应的保密数据、文件和信息以 及在服务内执行的工作结果,数据处理者将立即书面通知数据控制者。在这种情况下,数据处理者还将向数据控制者告知此类第三方的名称。
2.1.11. 确保仅授权承诺保密或承担适当法定保密义务,并且由于其工作职责的性质,为了提供服务而绝对有必要访问相关数据的员工或合作伙伴访问个人数据。
数据处理者保证,授权人员已接受有关个人数据保护的正式培训,已被告知数据处理活动的类型和目的,并已明确书面同意遵守与之相适应的安全措施。
2.1.12. 为了提供服务,Salto 可能会委托位于 EEA 之外的某些第三方服务提供商处理个人数据。对于这种情况,Salto 应要求服务提供商遵守有约束力的合同规定的,旨在保护个人数据的措施,但经欧盟委员会确定,接收方所在国家/地区可提供充分个人数据保护的除外。
2.2. 外包
2.2.1. 数据控制者向数据处理者授予允许委托其他数据处理者处理个人数据的一般授权。此外,数据控制者还授予允许相关分数据处理者进一步分包给其他分数据处理者的一般授权。目前接受委托负责处理个人数据的分数据处理者列于附录 1 中。当数据处理者委托其他公司时,数据处理者应通知数据控制者,相关分数据控制者自通知之日起自动纳入该附录,而无需更新该附录。
2.2.2. 当数据处理者委托其他数据处理者代表数据控制者执行特定的处理活动时,数据处理者有义务根据本 DPA 中预见的条款签署分数据处理协议。
2.2.3. 分数据处理者被视为数据处理者,除依据数据控制者的指示和本 DPA 的条款外,不得处理个人数据。数据处理者应规范新的合同关系,以便分数据处理者履行相同的数据保护义务(指示、安全措施、职责等)以及关于数据处理和数据主体权利和自由的相同正式要求。
2.3. 权利的行使
2.3.1. 如果数据主体向数据处理者提出行使查阅权、更正权、删除权、要求不受仅基于自动处理的决策约束的权利、限制处理权、反对处理权和数据可携带性权利等,数据处理者应按照平台中包含的地址,通过电子邮件将此类情况通知数据控制者。数据处理者应尽可能根据处理的性质,通过适当的技术和组织措施协助数据控制者履行数据控制者的义务,以回应数据主体行使 GDPR 第三章或适用的当地数据保护法规中赋予的权利的要求。
2.3.2. 具体而言,平台可能包含可让数据主体删除其平台帐户的选项。在这种情况下,应通过电子邮件或发送到其平台帐户的通知,从而向数据控制者通知数据主体的要求,以及应将相关用户资料和数据从平台中不可更改地删除或匿名化处理的日期。数据控制者有权在上述日期之前从平台下载数据,以便遵守数据控制者的数据保留期要求。
2.4. 安全措施
2.4.1. 根据确定的数据处理活动,并根据数据处理者开展的风险分析,数据处理者承诺按照 GDPR 第 32 条实施适当的安全措施。
2.4.2. 双方可决定在本 DPA 的附录中指定双方实施和商定的安全措施。
2.5. 服务的终止
2.5.1. 对于处理 1:在 KS 服务明确终止后(在满足本 DPA 第 1.4 条规定的前提下),数据处理者应销毁个人数据,并在适用的情况下销毁包含此类个人数据的任何副本、文件或支持材料。因此,在KS 服务期限已根据可能不时适用的一般条件终止后(例如数据控制者不续订 KS 服务时),如果数据控制者未另行明确书面指明,数据处理者应将数据库和其中包含的个人数据保存 6 个月,以便于客户重新激活 KS 服务。
如果数据控制者在此 6 个月期限届满后仍未重新激活 KS 服务,或如果数据控制者提前明确书面要求,则 KS 服务应被视为已明确终止,然后数据处理者应销毁个人数据,并在适用的情况下销毁包含此类个人数据的任何副本、文件或支持材料。
在任何情况下,数据处理者都可在因执行约定服务而产生的责任时效期限内存储封锁的个人数据副本。在这种情况下,数据处理者保证不会处理此类数据,但数据处理者在所属时效期限内必须向公共行政机构、法官和法院提供数据的除外。
2.5.2. 对于处理 2:在履行每项具体的技术支持服务后(即解决需要提供技术支持服务的具体事件后),Salto 应立即(不得超过三 (3) 个日历日)销毁个人数据或访问此类个人数据的任何密码,并且(如适用)销毁包含此类个人数据的任何副本、文件或支持材料。
2.6. 个人数据泄露
2.6.1.如果发生个人数据泄露,数据处理者应在获知个人数据泄露后,通过平台数据控制者指定的电子邮件地址,立即通知数据控制者,并提供有关事件记录和沟通的所有相关信息,不得无故拖延。
2.7.数据保护官
2.7.1. 数据控制者明确确认已任命一名数据保护官。为此,如果客户希望联系该数据保护官,请使用以下电子邮件地址:privacy@saltosystems.com
2.7.2. 数据处理者的数据保护官必须确保(包括但不限于)数据处理者遵守所有相关的 EEA 或 EEA 成员国的数据保护规定,并在数据处理者与数据控制者之间的合同关系方面执行这些规定。
2.7.3. 如果数据保护官发现数据处理者的这一关系存在任何异常,必须以书面形式通知数据控制者,不得无故拖延。对于这种 情况,数据处理者的数据保护官应明确免于对数据控制者遵守保密义务。
3. 数据控制者的义务。
如果数据控制者位于 EEA 内,数据控制者接受并保证:
3.1. 向数据处理者提供必要的数据,以便其提供服务。
3.2. 遵守 GDPR 中规定的有关个人数据处理的所有义务,并确保数据控制者在处理之前和整个处理过程中完全遵守 GDPR。(包括但不限于)数据控制者特此声明,在将任何个人数据上传至平台和/或以其他方式允许数据处理者访问任何个人数据之前,其将履行一切法律手续和要求,并获得适用法律要求的所有同意,以便收集个人数据(包括但不限于,处理儿童个人数据所要求的任何特别同意(如适用))以及允许数据处理者访问此类个人数据,以及由数据处理者根据本 DPA 的规定处理此类个人数据。
3.3. 监督个人数据的处理。
如果数据控制者位于 EEA 之外,数据控制者接受并保证:
3.4. 向数据处理者提供必要的数据,以便其提供服务。
3.5. 遵守适用数据保护法律中规定的所有义务。(包括但不限于)数据控制者特此声明,在将任何个人数据上传至平台和/或以其他方式允许数据处理者访问任何个人数据之前,其将履行一切法律手续和要求,并获得适用法律要求的所有同意,以便收集个人数据(包括但不限于,处理儿童个人数据所要求的任何特别同意(如适用))以及允许数据处理者访问此类个人数据,以及由数据处理者根据本 DPA 的规定处理此类个人数据。
3.6. 监督个人数据的处理。
4. 责任
本 DPA 的双方将对因违反其承担的义务而可能产生的直接损害负责,在这种情况下,必须承担此类违约可能对对方造成的损害的赔偿。任何一方在本 DPA 项下对对方的最大责任总额将限于一般条件中不时适用的每项事件的最大责任。
5. 其他规定
5.1.对本 DPA 的任何变更和增补必须经双方接受,并以书面形式作出,方可生效。
5.2. 本 DPA 已纳入并补充一般条件。此外,它还部分修订并取代了一般条件中违反或有悖于本 DPA 内容的规定(如有)。为免生疑义,一般条件的剩余条款继续有效。
5.3. 在本 DPA 框架内,数据处理者和数据控制者之间要发送的任何通信均应按照以下规则进行:
a. 如果发送给 Salto HQ 或 Salto 子公司:应通过电子邮件发送至电子邮件地址 privacy@saltosystems.com,或邮寄至以下地址并要求回执:
SALTO SYSTEMS, S.L.(收件人:数据保护官)
Arkotz 9, Polígono Lanbarren
Oiartzun(西班牙吉普兹科阿省)
b. 如果发送给客户:应通过电子邮件发送至平台中指明的系统所有人的电子邮件地址,或通过平台或 Salto KS 移动应用程序发送,或通过要求回执的信件发送至平台中指明的系统所有人地址。
但是,与提供技术支持服务相关的任何特定通信,均可发送给负责解决问题的员工。
6. 适用法律和管辖权
6.1. 本 DPA 双方一致同意,就 DPA 的解释和/或履行可能产生的任何纠纷或分歧,应由 Salto HQ 根据西班牙法律设立注册办公地址的司法管辖区法院解决,并明确放弃双方可能主张的任何其他司法管辖区。
附录 1:个人数据分处理者
根据本 DPA 第 2.2.1 条之规定,数据处理者声明,并且数据控制者承认并接受,在本 DPA 日期,代表数据控制者处理个人数据的公司如下:
处理 1:
- Clay Solutions, B.V.(Salto 集团公司)。
- Clay Solutions, B.V. 已将平台托管服务分包给 Microsoft Ireland Operations Limited 和 Qweb Internet Services B.V.
- Qweb Internet Services B.V. 已将平台托管服务分包给 Dataplace B.V.
处理 2:
- Salto HQ。
- Clay Solutions, B.V.(Salto 集团公司)。
4. Limitation of liability
4.1. Each Party’s liability is subject to the Liability section in Salto’s Terms of Service, as permitted by applicable law.
5. Relationship of the Parties
5.1. To the extent Salto has access to User Data, Salto will process it as Processor, whereas the Client may act as Controller or Processor of the User Data. When the Client acts as Processor, Salto will be sub-Processor.
5.2. Notwithstanding the foregoing, Salto will act as Controller with regards to Client Account Data and other specific data as detailed for each type of Services in the Privacy Policy. This Processing shall be done in accordance to and as informed in the Privacy Policy.
6. Salto as Processor
6.1. Purpose of the Processing: The Personal Data processed by Salto on behalf of the Client shall be processed only to carry out the provision of the Services in accordance with the Agreement, which may entail, where requested by the Client in accordance to the Terms of Service, technical support activities. Where the Processor deems necessary to process Personal Data for a different purpose, it shall obtain the previous written authorisation from the Client. Where such authorisation is not obtained, the processing shall not take place.
6.2. Description of the Processing: Salto will process Personal Data in accordance to the specifications included as Schedule 1, including the nature and purpose of the Processing, the Processing activities, the duration of the Processing, the types of Personal Data and categories of Data Subjects.
6.3. Obligations of the Client: Client is responsible for ensuring that it complies with Applicable Data Protection Law in its use of the Services and its own Processing of Personal Data, and that it has the right to provide access to Personal Data to Salto for Processing in accordance with the Agreement and this DPA. Client is responsible for the accuracy of the Personal Data provided to Salto.
6.4. Client’s instructions: The Processor undertakes to process User Data in accordance with Client’s instructions as set forth in the Agreement, and as otherwise necessary to provide the Services to Client, and where it is required to do so to comply with applicable law. Additional instructions outside the abovementioned shall be agreed by the Parties in writing. The Client shall ensure Salto that any Processing carried out under its instructions is compliant with applicable laws and regulations. Salto undertakes to inform Client if it becomes aware or reasonably believes that the instructions given by Client infringe applicable laws.
6.5. Confidentiality: Salto ensures that its employees engaged in the Processing of User Data under the Agreement are informed and are bound by confidentiality obligations.
6.6. Security measures: Salto guarantees the implementation of appropriate technical and organisational measures in order to achieve a level of security adequate to the risk, taking into account the state of the art, the cost of implementation and the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for rights and freedoms of natural persons posed by the processing.
In assessing the appropriate level of security, Salto takes into account the risks that are presented by the Processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data transmitted, stored or otherwise processed, or unauthorised communication or access to said data.
Schedule 2 includes additional information about Salto’s technical and organisational security measures to protect User Data.
6.7. Subcontracting: The Client expressly authorises to Salto to subcontract the companies which form part of Salto’s Group and in this respect to provide them with access to the Personal Data as needed for the rendering of all or part of the Services, including maintenance and technical support services under Client’s request.
Additionally, the Client expressly authorises the Processor to engage onward sub-processors (hereinafter, “Sub-processors”), subject to the following provisions:
- Salto has a list of its Sub-processors available here. Salto shall keep this list updated, and include any new Sub-processor at least thirty (30) days before engaging with it. Salto may provide Client with a mechanism to subscribe to notifications of new Sub-processors. The Client may reasonably object to any new Sub-processor in the thirty (30) days period from the update of the list. In the event that the Client reasonably objects to a new Sub-processor, either Client or Salto may terminate the portion of the Agreement related to the Services that are not possibly provided without the objected-to new Sub-processor.
- Salto undertakes that all Sub-processors are contractually bound by the same or equivalent data protection obligations as those established in this DPA for the Processor.
- Salto shall remain fully liable to the Client for the performance of the Sub-processor's obligations.
6.8. Data Subject Rights: Taking into account the nature of the processing, Salto will assist the Client by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Client’s obligation to respond to requests for exercising the data subject's data protection rights. In the event that a Data Subject makes a request directly to Salto in relation to User Data, Salto will forward it without undue delay to the Client to the email address registered in the Platform.
6.9. Assistance: Taking into account the nature of processing and the information available to Salto, Salto shall provide reasonable cooperation to the Client in relation to related data protection impact assessments, and consultations with Supervisory Authorities required in compliance with data protection regulations.
6.10. Return or deletion of User Data: Salto shall delete or return all the Personal Data processed on its behalf to the Client, at the choice of the latter, after the end of the provision of Services, and delete all existing copies unless storage of the personal data is required by law. As part of the Services, once the term of the provision of the services consisting of electronic locking solutions for doors and access controls has elapsed, Salto will keep the Personal Data blocked for a period of one (1) month in order to enable reactivation of said services.
6.11. Audits: Salto will, upon the Client’s request and at its expense, make available at reasonable intervals and in no event more than once (1) every year, the information necessary to demonstrate compliance with applicable data protection obligations, as well as allow for audits. Client shall provide Salto with at least two (2) months’ prior written notice of any intended audit. This audit may be conducted either by Client or by an independent auditor appointed by Client bound by reasonable confidentiality restrictions, which in no event shall be, or shall act on behalf of, a competitor of Salto. The scope of the audit shall be limited to Salto’s systems, processes, and documentation relevant to the Processing on behalf of the Client, and the reports and results of the audit will be confidential information of Salto. Upon the end of the audit, the Client shall inform Salto of any perceived non-compliance or security concerns detected in the audit.
6.12. Security Incident: Salto undertakes to notify the Client, via email to email address registered in the Platform by the Client, without undue delay after becoming aware of any unauthorized or unlawful access to, or acquisition, alteration, use, disclosure, or destruction of User Data (hereinafter, “Security Incident”). Salto will provide reasonable assistance to Client in the event that Client is required under Applicable Data Protection Law to notify a regulatory authority or any data subjects impacted by a Security Incident.
6.13. Transfers of Personal Data: In certain cases, the Processing of personal data may be carried out outside the European Economic Area (EEA), in particular:
- When the Client is accessing to the Platform from a country located out of the EEA;
- When the Client is subscribed to 24/7 technical support services, which implies that technicians located in some countries located out of the EEA are involved in the incident resolution; and
- In relation to the processing carried out the by Sub-processors identified below.
In the case mentioned above, transfers of User Data from the EEA to outside the EEA (either directly or via onward transfer) will be done on the basis of adequacy decisions by the European Commission. To the extent that the territories to where the User Data is transferred do not have adequate standards of data protection as determined by the European Commission, the Parties agree that the Standard Contractual Clauses will apply and will be deemed entered into (and incorporated into this DPA by this reference) and completed as indicated hereafter:
(i) Module Three (Processor to Processor) of the SCC will apply where Client is a processor of User Data outside the EEA, and Salto acts as sub-processor and processes User Data in the EEA.
(ii) Module Four (Processor to Controller) of the SCC will apply where Client processes as Controller User Data outside the EEA, and Salto is a processor which processes User Data in the EEA.
In relation to each Module of the Standard Contractual Clauses, where applicable:
- Clause 7: the optional docking clause will not apply.
- Clause 9: Option 2 shall apply, with the notice period established under Clause 6.7 to this DPA.
- Clause 11: the optional section regarding the lodging of complaints with independent resolution bodies by data subjects shall not apply;
- Clause 17: Option 1 will apply, and the Standard Contractual Clauses will be governed by Spanish law;
- Clause 18 (b): any dispute arising from the Standard Contractual Clauses shall be resolved before the courts of Spain;
- Annex I, Part A:
- Data Exporter: Salto.
- Contact details: privacy@saltosystems.com
- Data Exporter Role: The Data Exporter’s role is set forth in Section 4 (Relationship of the Parties) of this DPA.
- Signature and Date: By entering into the Agreement, Data Exporter is deemed to have signed these SCC incorporated herein, including their Annexes, as of the date of acceptance of the Agreement.
- Data Importer: Client
- Contact details: The email address provided by the Client to sign up to the Service will be considered the contact email to this effect.
- Data Importer Role: The Data Importer’s role is set forth in Section 2 of this DPA.
- Signature and Date: By entering into the Agreement, Data Importer is deemed to have signed these SCC incorporated herein, including their Annexes, as of the Effective Date of the Agreement.
- Annex I, Part B:
- The categories of data subject, sensitive data transferred, nature of the processing, purpose of the processing, and the period for which the personal data will be retained are described in Schedule 1 of this DPA.
- The frequency of the transfer is on a continuous basis for the duration of the Agreement for the provision of the services consisting of electronic locking solutions for doors and access controls, and for maintenance and technical support services the transfer is on a one-off basis.
- Transfers to sub-processors, the subject matter, nature, and duration of the processing are listed at https://saltosystems.com/en/legal-data/software-terms/access-control-cloud-applications/list-of-sub-pocessors/.
- Annex I, Part C: The Spanish Data Protection authority (Agencia Española de Protección de Datos) will be the competent supervisory authority.
- Annex II: Schedule 2 of this DPA.
The Client agrees to notify Salto if it receives a legally binding request from a public authority, including judicial authorities, under the laws of the country of destination for the disclosure of personal data transferred pursuant to the SCC. Such notification must be done at least 48 hours in advance, and in any event before any disclosure takes place, and it shall include information about the personal data requested, the requesting authority, the legal basis for the request and the response provided.
In the event of any conflict between the Standard Contractual Clauses, and any other terms in the Agreement, or the Privacy Policy, the provisions of the Standard Contractual Clauses will prevail.
6.14. Jurisdiction Specific Terms: To the extent Salto processes Personal Data originating from and protected by Applicable Data Protection Law in one of the jurisdictions listed in Schedule 3 of this DPA, the terms specified in this Schedule 3 with respect to the applicable jurisdiction(s) will apply in addition to the terms of this DPA.
SCHEDULE 1 | Details of Processing
A. Access Control Cloud Applications
- Nature and Purpose of the Processing
Salto will process personal data as necessary to provide the Services under the Agreement. In this sense, Salto will process User Data as Processor pursuant the Client’s instructions as foreseen in Section 6.4 of this DPA.
Specifically, when the Client contracts Access Control Cloud Applications, Salto will process personal data with the following purposes:
- For the enrolment of the end user in the application.
- To carry out the access control services (including by means of facial recognition technologies if the functionalities of Salto XS4 Face has been contracted).To provide the necessary maintenance and technical support services.
- When the Client is using the Services via a Third Party’s Platform and/or has activated the integration between the Platform and the Third Party’s Platform, for receiving and transmitting the User Data from and to the Third Party’s Platform.
- If the Client uses the Services via a Third Party’s Platform and/or has activated the integration between the Platform and the Third Party’s Platform, to receive and transmit the User Data to and from the Third Party’s Platform.
- Processing Activities
Collection, recording, conservation, transmission to the Client and erasure or destruction of personal data, to the extent necessary for the adequate provision of the Services.
If the Client uses the Services via a Third Party’s Platform and/or has activated the integration between the Platform and the Third Party’s Platform, the processing activities will also include the transmission and collection of the User Data to and from the Third Party’s Platform. In this case, the Client acknowledges that the provider of the Third Party’s Platform will act as an unaffiliated, independent service provider and data processor processing the User Data on behalf of the Client and following its instructions. For the avoidance of doubt, Salto is not responsible for the privacy, security or integrity of such data processed within the Third Party’s Platform. This data communication is done by Salto on behalf of the Client, which is responsible of complying with the applicable legal requirements of the processing as Controller or Processor.
- Duration of the Processing
Salto will process User Data on behalf of Client for the duration of the Services as established in the Agreement. As part of the Services, once the term of the provision of the services consisting of electronic locking solutions for doors and access controls has elapsed, Salto will keep the Personal Data blocked for a period of one (1) month in order to enable reactivation of said services.
With regard to the provision of maintenance and technical support services, the User Data that may be accessed by Salto will only be processed for the time necessary to solve the issue.
Once the Agreement has terminated, Salto may retain a copy of the Personal Data duly blocked for the period of prescription of related infractions. Once this period has elapsed, Salto will erase all copies of the Personal Data.
- Categories of Data Subjects
User Data: Client’s end users.
- Categories of Personal Data
- Identification data
- Contact details
- Access permits
- Record of access
- Profile picture (optional)
- Sensitive Data or Special Categories of Data
Salto does not process special categories data on behalf of the Client as the processing related to facial recognition, if any, takes place locally (without Salto’s involvement in the processing).
B. Space System integrated with Salto XS4 Face
-
Nature and Purpose of the Processing
Salto will process personal data as necessary to provide the Services under the Agreement. In this sense, Salto will process User Data as Processor pursuant the Client’s instructions as foreseen in Section 6.4 of this DPA.
Specifically, when the Client contracts Salto XS4 Face for using the facial recognition technology integrated with the Space System, Salto will process personal data with the following purposes:
-
For the management of Client’s Subscriptions and users of the Salto XS4 Face console (i.e. site administrators).
-
For the enrolment of the end user.
-
To provide the necessary maintenance and technical support services.
-
Processing Activities
Collection, use, transmission to the Client and erasure or destruction of personal data, to the extent necessary for the adequate provision of the Services
-
Duration of the Processing
Salto will process User Data on behalf of Client for the duration of the Services as established in the Agreement. As part of the Services, once the term of the provision of the services consisting of access control powered by facial recognition technology has elapsed, SALTO will keep the Personal Data blocked for a period of three (3) months in order to enable reactivation of said services.
With regard to the provision of maintenance and technical support services, the User Data that may be accessed by Salto will only be processed for the time necessary to solve the issue.
Once the Agreement has terminated, Salto may retain a copy of the Personal Data duly blocked for the period of prescription of related infractions. Once this period has elapsed, Salto will erase all copies of the Personal Data.
-
Categories of Data Subjects
User Data: Client’s end users and system administrators.
-
Categories of Personal Data
-
Contact details: email address system administrators and end users.
-
Name of system administrators.
-
Sensitive Data or Special Categories of Data
Salto does not process special categories of data on behalf of the Client as the processing related to facial recognition, if any, takes place locally (without Salto’s involvement in the processing).
SCHEDULE 2 | Technical and Organisational Security Measures
The technical and organisational measures applying are described in the dedicated website section.
SCHEDULE 3 | Jurisdiction Specific Terms
To the extent Salto processes Personal Data originating from and protected by Applicable Data Protection Law in one of the jurisdictions listed in Schedule 3 of this DPA, the terms specified in this Schedule 3 with respect to the applicable jurisdiction(s) will apply in addition to the terms of this DPA.
- California
- The definition of Applicable Data Protection Law includes the California Consumer Privacy Act (CCPA).
- The definition of Personal Data includes “Personal Information” as defined under Applicable Data Protection Law.
- The definition of Data Subject includes “Consumer” as defined under Applicable Data Protection Law. Any data subject rights, as described in Section 6.8 (Data Subject Rights) of this DPA, apply to Consumer rights.
- The definition of Controller includes “Business” as defined under Applicable Data Protection Law.
- The definition of Processor includes “Service Provider” as defined under Applicable Data Protection Law.
- Salto will process, retain, use, and disclose personal data only as necessary to provide the Services under the Agreement, which constitutes a business purpose.
- Salto will not sell User Data.
- Salto will not retain, use, or disclose User Data for any commercial purpose other than the provision of the Services.
- Salto will not retain, use, or disclose User Data outside of the scope of the Agreement.
- Salto certifies that its Sub-processors, as described in Section 6.7 of this DPA, are Service Providers under Applicable Data Protection Law, and that prior to its contracting they are properly evaluated.
- Switzerland
- The definition of Applicable Data Protection Law includes the Federal Act on Data Protection 1992 (FADP).
- The definition of Personal Data includes personal data pertaining to legal entities.
- United Kingdom
- The definition of Applicable Data Protection Law includes UK General Data Protection Regulation (UK GDPR).
- In relation to Section 6.3 of the DPA, where the Controller is established in the UK and Salto transfers User Data from the UK to outside the UK (either directly or via onward transfer) to countries without adequacy regulations, such transfer shall be covered by the SCC together with the being the International Data Transfer Addendum or Approved Addendum, being the template Addendum B.1.0 issued by the ICO and laid before Parliament in accordance with s119A of the Data Protection Act 2018 on 28 January 2022 (hereinafter, the “IDTA”), which are incorporated to this DPA by reference.
- In relation to the IDTA:
- Tables 1 and 2 are completed with clause 6.13 of this DPA.
- In relation to Table 2, personal data received from the Importer is not combined with personal data collected by the Exporter
- Table 4: The Exporter.
- Australia
- The definition of Applicable Data Protection Law includes the Australian Federal Privacy Act 1988 and Australian Privacy Principles.
Last update: December 2024
© Salto Systems, S.L., 2024. All rights reserved.