Reveknew
Data Processing Terms

These Data Processing Terms form part of the Subscription Service Agreement (“Agreement”) between Amatsii and you and apply when we process Personal Data on your behalf when you use Reveknew. These Data Processing Terms do not apply where we are the Controller.

 

Terms not defined here have the meanings in the Agreement or as defined herein or an equivalent term in Data Protection Legislation. These Data Processing Terms take precedence over any other terms of the Agreement concerning the Processing of Personal Data.

 

These terms apply automatically when your organization accepts the Subscription Service Agreement. However, for your convenience, you may sign these Data Processing Terms and return a copy to us at dataprotection@amatsii.com.

​​

1. Subject of the Data Processing Terms

In the use of Reveknew, Amastii handles personal data to which Customer acts as the Controller in terms of Data Protection Legislation (“Customer Personal Data”). These Data Processing Terms specify the data protection rights and obligations of the Parties in connection with Amatsii’s processing of Customer Personal Data.

​

2. Data Processing

2.1 Scope of Processing

Amastii shall process the Customer Personal Data on behalf of Customer and in accordance with the instructions of the Customer, such instructions being only as permitted under the Agreement and applicable Data Protection Legislation. The Parties agree that the Customer is the Controller and Amatsii is the Processor as defined under the Data Protection Legislation.

​

2.2 Extent of Processing

2.2.1. Details of Extend of Processing

The processing of Customer Personal Data by Amatsii occurs in the manner and the scope and for the purpose specified in Appendix 1; the processing relates to the types of personal data and categories of data subjects and involves the processing operations specified in Appendix 1.

​

2.2.2. Legal Responsibility

The Parties agree that the sole responsibility for the lawfulness of processing Customer Personal Data in accordance with the instructions lies with Customer.

​

2.3 Duration of Processing

The duration of processing corresponds to the term of the Agreement

 

3. Responsibilities of Processor

To the extent that Amatsii shall Process Personal Data on behalf of Customer, Amatsii shall ensure:

​

3. 1 Confidentiality

Amatsii shall ensure that all personnel who have access to and/or Process Customer Personal Data are obliged to keep it confidential.

​

3.2 Security of Processing

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Amatsii shall in relation to the Customer Personal Data implement appropriate technical and organizational measures to ensure a level of security appropriate to that risk.

​

The current set of technical and organizational measures in place can be provided on request.

​​

3.3. Reviews and Audits of Compliance

Amastii will maintain complete and accurate records and information to demonstrate Amatsii's compliance with this Data Processing Terms and allow for audits by Customer or Customer's designated auditor

​

4. Engagement of Sub-processors

Customer consents to Amatsii appointing any third-party processors of Customer Personal Data, subject to the following:

​

4.1 Prior Notice for Engagement of Subprocessors

Amatsii shall provide Customer with reasonable prior written notice of an intention to appoint any such third-party processor.

​

4.2 Right to Object to Engagement of Subprocessors

Customer has the right to object to the appointment of any such third-party processor by termination of the Agreement (save for if Customer has not responded within 10 working days of any notice being provided under paragraph 4.1, Customer consent will be assumed).

​

4.3 Current Subprocessors

Notwithstanding paragraphs 4.1 and 4.2, Customer consents to the appointment of the third-party processors of Personal Data listed in Appendix 1 (as applicable on the Effective Date)

​

4.4 Subprocessor contracts with equivalent terms

Amatsii has (in the case of paragraph 4.3) or Amatsii will (in the case of paragraph 4.1 and 4.2) enter into a written agreement with any third-party processor which contains equivalent terms as contained in this Data Processing Terms and reflects the requirements of the Data Protection Legislation

​

4.5 Liability for Subprocessors

Where Amatsii appoints any third-party processors, Amatsii shall remain fully liable for all acts or omissions of any third-party processor appointed by Amatsii (excepted as exempted under the Agreement).

​

5. Data Subject Rights

​

5.1 Data Subject Request Assistance

During the Term, Amastii shall assist Customer (at Customer cost) in responding to any request from a Data Subject and/or in ensuring compliance with Customer obligations under the Data Protection Legislation concerning security, breach notifications, impact assessments and consultations with supervisory authorities or regulators;

​

5.2 Responsibility for Request

During the Term, if Amatsii receives a request from a data subject that relates to Customer Personal Data and identifies Customer, Amatsii will:

a. advise the data subject to submit their request to the Customer;

b. promptly notify the Customer; and

c. not otherwise respond to that data subject’s request without authorization from the Customer.

​

5.3 Access; Rectification; Restricted Processing

Amatsii shall, within the limits of what is reasonable and necessary (and at reasonable cost to Customer if so deemed), enable Customer to correct, delete or restrict the further processing of Customer Personal Data, or at the instruction of Customer correct, block or restrict further processing by itself, if and to the extent that this is impossible for Customer.

​

6. Data Breach

Amatsii will notify Customer without undue delay on becoming aware of any Personal Data Breach (as described in Section 5 of the Customer Terms)

​

7. Deletion and Return of Customer Data

​

7.1. Deletion

Amatsii shall delete the Customer Personal Data promptly after the termination of this DPA unless Amatsii is obligated by law to further store the Customer Personal Data.

​

7.2. Return of Customer Data

Amatsii shall provide a means for Customer to export the Customer Personal Data during the use of Reveknew and after termination. On termination, Customer can within 30 days export the Customer Personal Data.

7.3. Processing Records

Amatsii may keep documentation, which serves as evidence of the orderly and accurate processing of Customer Personal Data, also after the termination of the Data Processing Terms.

​

8. General

In case of conflicts between this DPA and other arrangements between the Parties, in particular the Agreement, the provisions of this DPA shall prevail.

​​​​​​​