ENTRUSTHING THE WEBSITE OWNER WITH PERSONAL DATA PROCESSING BY THE USER
Controller - the Registered User within the meaning of the Terms of Service of the Website https://www.LiveWebinar.com, the attachment to which is this document;
Processor - the Website Owner within the meaning of the Terms of Service of the Website https://www.LiveWebinar.com, the attachment to which is this document;
Agreement - the agreement on entrusting with personal data processing regulated herein.
The remaining capitalized terms have the meaning specified in the Terms of Service of the Website https://www.LiveWebinar.com, the attachment to which is this document.
The Controller represents that they are the controller of personal data of the Guests, which consists of data within the scope specified in attachment A below (hereinafter referred to as Personal data).
The parties represent that they have concluded the Website use agreement (hereinafter referred to as the Cooperation agreement). The performance of the Cooperation agreement by the Processor requires processing of the Personal data managed by the Controller.
Under this agreement the Controller entrusts the Processor with the Personal data processing, within the meaning of the REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (UE) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as the GDPR), within the scope specified in attachment A below and strictly and solely in order to perform Cooperation agreement.
The Processor represents that is aware of GDPR and applies the GDPR provisions, and also guarantees sufficiently that appropriate technical and organizational measures are implemented to meet GDPR requirements and protect the rights of persons to whom data is related.
The Processor has the right to perform operations of processing of the Personal data specified in
The Processor does not use services of the other processors without prior detailed or general consent of the Controller in written. In case of general consent in written the Processor informs the Controller on all and any intended changes related to adding or replacement of the other processors no later than at least 21 days before the day when the other processor plans to commence processing. Lack of explicit decision of the Controller at that day implies lack of consent of the Controller to use the other processor by the Processor.
After obtaining the relevant consent of the Controller specified in point 6 above the Processor has the right to use services of the other processor provided that the agreement on entrustment with
personal data processing is concluded on terms not less restrictive than this Agreement and GDPR provisions.
If the Processor use services of the other processor in order to perform particular processing activities on behalf of the Controller, this other processor is obliged to protect data in the same manner as in this Agreement, in particular shall guarantee sufficiently that appropriate technical and organizational measures are implemented to meet GDPR requirements. In case that this other processor does not meet their obligations to protect data, the full responsibility towards the Controller for meeting the obligations of this other processor lies with the Processor.
The Processor guarantees efficient performance of the Controller’s entitlements specified in this Agreement, GDPR provisions, other provisions of EU laws, members state’s law applied to the Processor or this processor and Polish law, towards the processor used by the Processor, and also efficient enforcement of the obligations specified in abovementioned sources of law and the Agreement.
The Processor hereby informs the Controller that the Processor uses the services of other processors which process the personal data of the Guests entrusted by the Controller. The Controller consents to the foregoing.
As of September 2021 we have employed the 2021 SCC's in our relationship with AMAZON. If you need to know more please visit: https://aws.amazon.com/blogs/security/new-standard-contractual-clauses-now-part-of-the-aws-gdpr-data-processing-addendum-for-customers/
Moreover the European Commission and the United States of America have reached an agreement in principle on a new Trans-Atlantic Data Privacy Framework, which will facilitate data flows and address the Schrems II decision of July 2020. For more please visit https://ec.europa.eu/commission/presscorner/detail/en/ip_22_2087
The Controller is solely responsible for:
meeting all obligations specified in personal data protection provisions of law applied to the Controller, in particular towards persons whose data processing is entrusted to the Processor;
choice of personal data range which is processed, and defining the aim and measures of processing.
Only the Controller is responsible for all and any consequences of non-performance of the obligations specified above by the Controller, including in the context of recourse liability towards the Processor.
The Processor is obliged and guarantees that the Processor shall not process the Personal data for the purposes and to the extent other than specified in this Agreement, subject to point 4(1) below.
The Processor shall process the Personal data, and also provide assistance in performance, and perform all and any obligations related to the Controller whatsoever, in accordance with general provisions of personal data protection laws, in particular with GDPR provisions, other European Union (EU) laws and Polish provisions of law.
The Processor is in particular obliged to and applies the following principles:
the Processor processes the Personal data solely at documented request of the Controller – which also relates to transferring Personal data to the other state or international organization
– unless this obligation is imposed on the Processor by the provision of EU law or member state’s law, which applies to the Processor; in this case no later than 21 days before commencing of such a processing the Processor informs the Controller in written form about this legal obligations, as far as the law does not prohibit to provide such an information for reasons of important public interest;
the Processor ensures that the persons authorized to process the Personal data are obliged to maintain confidentiality or are subject to statutory confidentiality provisions;
the Processor takes all and any measures required pursuant to Articles 30, 32, 35 and 36 of GDPR, by informing the Controller about the results on daily basis, while the result of the assessment specified in Articles 32, 35 and 36 of GDPR shall be submitted to the Controller for the first time before commencement of processing of the Personal data;
the Processor complies with the terms of service of the other processor specified in paragraph 1(6-9) above;
taking into consideration the nature of processing, the Processor ensures that the Controller, through appropriate technical and organizational measures, meets the obligation of replying at request of the person to whom data is related, concerning performance of their rights specified in chapter III of GDPR;
taking into consideration the nature of processing and information available, the Processor ensures that the Controller meets obligations specified in Articles 30–36 of GDPR;
the Processor submits to the Controller all requests and other communications from the person whose Personal data is considered in 12 hours as from its delivery, in an electronical form to the contact address of the Registered User, while the original documents in 3 days by mail to the address of the registered seat of the Controller;
the Processor replies in detail to requests of the Controller related to the performance of this Agreement by sending evidence for content of the reply in 3 days as of delivery of the written request or sending by the Controller the request in electronical form to the e-mail address [email protected];
after termination or expiry of this Agreement, and also earlier at any request of the Controller, the Processor cease to process the Personal data and, depending on the Controller’s decision, removes or returns all Personal data to the Controller or removes all of its existing copies, unless the EU law, member state’s law, which applies to the Processor, or Polish provisions of law require storage of the Personal data;
the Processor makes available to the Controller all and any information necessary to demonstrate that the obligations specified in Article 28 of GDPR are met and enables the Controller or an auditor authorized by the Controller to conduct audits, including inspections, at any time and without warning, and also contributes to their conduct in an effective manner.
With regard to the obligation specified in the paragraph above, the Processor informs the Controller without delay, if the Processor’s opinion is that the request received by the Processor breaches the provisions of GDPR or other EU regulations, member state’s laws which applies to the Processor or Polish personal data protection laws.
The Processor is also obliged to:
follow instructions and advice of the Controller related to range, purposes and measures related to Personal data processing;
apply technical and organizational measures which provide the full protection of processed Personal data, in particular protect data against unauthorised disclosure, takeover by an unauthorised person, damage or destruction;
admission of only persons that provide service of the IT system and devices being part of it, used for data processing, who are authorized by the Processor to process the Personal data;
keep records of persons engaged in the Personal data processing.
The Processor shall inform the Controller without delay on each breach of protection of entrusted Personal data, in electronical form to the contact address of the Registered User, not later than 12 hours as of delivery of the information on the breach. Personal data protection breach notice shall at least:
describe the nature of breach of the Personal data, including, where possible, specified category and estimated number of persons, to whom data is related, and category and estimated number of entries of the Personal data, to which the breach is related;
include name and surname and contact data of the data protection supervisor or data of other contact point where more information is available;
describe possible consequences of breach of the Personal data protection;
describe measures applied or proposed by the Processor in order to deal with breach of the Personal data protection, including, in relevant cases, measures aimed at minimalizing its possible negative consequences.
The Processor shall document all circumstances and collect all evidence, which help the Controller to explain the circumstances of the breach specified in point 5 above, including its nature, scale, consequences, time of event, persons responsible, injured persons etc. The Processor keeps records of the incidents, in which documents all breaches of personal data protection, including circumstances of breach of personal data protection, its consequences and taken countermeasures.
The Processor shall remedy deficiencies found during verifications, audits and inspections within the deadline indicated by the Controller not later than 7 days as of the date of such an indication.
The Processor makes available at its own expense to the Controller all information necessary to demonstrate that the obligations imposed on the Controllers by provisions of law are met, in deadlines which make the meeting of such obligations by the Controller possible.
The Processor is fully liable towards the Controller for non-performance of its obligations to protect data, including those imposed on the processor which service is used by the Processor in order to perform this Agreement. The Processor is liable in particular for making available or use of the Personal data contrary to the Agreement, and in particular for making available the Personal data entrusted for processing to unauthorized persons.
The Processor shall, without delay but not later than 3 days as of the date when the further described event happened, inform the Controller on any proceedings, in particular administrative or judicial, related to the Personal data processing by the Processor, on any administrative or judicial decision related to the Personal data processing directed towards the Processor, and also on all and any planned, as far as they are known, or pursued verifications and inspections related to the Personal data processing, in particular conducted by inspectors authorized by the supervisor authority.
The Processor shall on daily basis document the processes of the Personal data processing and the fact, range and grounds of the taken manner, performance of obligations imposed by the provisions of this Agreement, provisions of GDPR, other provisions of EU law, member state’s law which applies to the Processor and Polish regulations, in relation to personal data protection. The result of performance of documentation obligation, described in the previous sentence, the Processor submits at any request of the Controller, in written or electronical form, in accordance with the request of the Controller, in 3 days as of sending by the Controller the relevant request.
The Processor shall keep strictly confidential all and any information, data, materials, documents and the Personal data received from the Controller and data obtained in any other manner, intended or coincidental manner, in oral, written or electronical form, if they are connected with processing of the Personal data entrusted by the Controller (‘confidential data’).
The Processor represents that regarding the obligation of confidentiality in relation to confidential data, the data are not used, disclosed or made available without written consent of the Controller in other purpose than performance of the Agreement, unless necessity of disclosure of the held information arises from applicable provisions of law or the Agreement.
The parties shall make any effort to ensure that communication means used to receive, transmit or store confidential data guarantee protection of confidential data, including the Personal data entrusted for processing, against an unauthorized access in order to view its content.
This Agreement is concluded for a period necessary to perform the Cooperation agreement concluded between the Parties and expiries together with termination or expiry of the Cooperation agreement. In each case this Agreement is in force not longer than until the day when the purpose of processing
specified in §1(3) above is achieved.
The Agreement constitutes the integral part of the Cooperation agreement as its attachment.
To matters not regulated by the provisions of this agreement apply the general applicable provisions of Polish law, including GDPR.
THE RANGE OF GUESTS’ PERSONAL DATA
Presenter’s Website address;
Name and Surname;
Position and Companies’ name;
Name and version of the Browser;
Type of device;
Date and hour of entry and exit to and from a meeting;
Role of a participant of a meeting;
Activity of a browser tab;
Problem with connection;
Responses to requests;
Action confirming participation in a meeting and lack of this action;
Commencement and ending of transmitting;
Establishing connection and its summary;
Problem with connection;
Start playback of a video;
Stop playback of a video;
Change of playback position;
Ending of playback of a video;
Change of slide;
Ending of slideshow;
Start file viewer.
OPERATIONS OF PERSONAL DATA PROCESSING
Collecting through Internet;
Transmitting in an electronical form to the Collector;
Analysis and deduplication;