Need to Move From Blueface?
Make the switch to us for a seamless and hassle-free transition, ensuring best-in-class service and support.
Call: 1800 91 1800
Make the switch to us for a seamless and hassle-free transition, ensuring best-in-class service and support.
Call: 1800 91 1800
This Data Processing Agreement (“DPA”) is made as of the Effective Date by and between in2tel and Customer (each a “party”, together with the “parties”), pursuant to the Service Agreement for the provision and use of in2pbx (“Services”).
This DPA is supplemental to the Service Agreement and sets out the terms that apply when Personal Data is processed by in2tel under the Service Agreement on behalf of the Customer.
Other capitalized terms used but not defined in this DPA have the same meanings as set out in the Service Agreement.
Service Agreement: means the Agreement between Customer and in2tel or in2tel’s distributors/resellers, whether written or electronic, for the provision and user of in2pbx (“Services”), and any attachments thereto.
Processing: the measure or combination of measures concerning Personal Data or sets of Personal Data, e.g. collection, registration, organization, structuring, storage, processing or alteration, creation, reading, use, surrender through transfer, dissemination or other provision, adjustment or consolidation, limitation, deletion or destruction.
Applicable Data Protection Law: the General Data Protection Regulation (EU) 2016/679 (‘GDPR’), and other regulations with the relevant implementation statutes and the regulations in this area applying at any given time. Non-European Data Protection Legislation may also apply to the processing of Customer Personal Data.
Data Controller: the entity which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.
Data Processor: an entity which processes Personal Data on behalf of the Controller.
Personal Data: any information relating to an identified or identifiable natural person;
Personal Data Breach: security incidents leading to unintentional or unlawful destruction, loss or alteration, or to unauthorized disclosure of or unauthorized access to the Personal Data that has been transferred, stored and otherwise been the subject of Processing.
Sub-processor: any personal-data processor engaged by the Data Processor that processes Personal Data on behalf of the Data Controller.
Based on the above, the Parties have entered into the following DPA.
The provisions of this Section 3.5 shall mutually apply if the Data Processor engages a Sub-processor in a country outside the European Economic Area (“EEA”) not recognized by the European Commission as providing an adequate level of protection for personal data. If in the performance of this DPA, in2tel transfers any Personal Data to a Sub-processor located outside of the EEA, in2tel shall, in advance of any such transfer, ensure that a legal mechanism to achieve adequacy in respect of that processing is in place.
Within the scope of the DPA and in its use of the services, Data Controller shall be solely responsible for complying with the statutory requirements relating to data protection and privacy, in particular regarding the disclosure and transfer of Personal Data to the Data Processor and the Processing of Personal Data. Customer, as Data Controller, shall be responsible for ensuring that:
Customer will indemnify, keep indemnified and hold harmless in2tel, its clients, officers, directors, employees, agents, and representatives (each an “Indemnified Party”) from and against all third-party loss, harm, cost (including reasonable legal fees and expenses), expense and liability that an Indemnified Party may suffer or incur as a result of Customer’s non-compliance with the requirements of this DPA.
These instructions form an integral part of the DPA and shall be adhered to by the Data Processor in the processing of Personal Data unless expressly stated otherwise in the DPA. The Data Controller may unilaterally change these instructions at a later date by notifying the Data Processor of the change in writing.
Changes take effect no earlier than 3 calendar days after having been sent by the Data Controller. By accepting the DPA, the Data Controller Processor has confirmed the meaning of these instructions.
Purpose
The purpose of the processing is
1) to deliver communication and collaboration services in accordance with the agreement entered into by the Parties (“Service Agreement”) and services delivered (“Services”)
2) to support the Services with which the customer is supplied
Type of Processing
Registration of user data, storage of Personal Data, storage of use of the Services, statistical analyses, and troubleshooting.
Type of Personal Data
The following types of Personal Data are processed:
Duration of Processing
Processing lasts for as long as the Data Processor represents the Data Controller. Upon termination of the Service Agreement, Personal Data is deleted from active systems immediately.
Sub-processors
The Sub-processors are used for hosting servers, and these Sub-processors operate with an adequate level of protection for personal data and comply with Applicable Data Protection Law. The list of Sub-processors is as follows:
Entity Name | Purpose | Entity Country |
Alibaba Cloud | Cloud Service Provider | China |
Amazon Web Services, Inc. | Cloud Service Provider | United States |
Google, Inc. | Cloud Service Provider | United States |
Any other customer-assigned local data centre | Cloud Service Provider | – |
Netease, Inc. | Instance Messaging Services | China |
Disclosure of Personal Data
Personal Data may be disclosed to:
On request, and in accordance with the law and official decisions, the Data Processor is obliged to disclose the data resulting from the decision, e.g. to the police.
In the event of a call to SOS Alarm, for example.
When placing calls to another operator, for example, certain Personal Data is registered with the said operator.
Personal Data may also be disclosed to other companies and authorities after the Data Controller has given consent, and/or in order to discharge a specific part of the Services under an agreement.