Freshdesk Data Processing Agreement

(c) the data importer provides sufficient guarantees with regard to the technical and organisational security measures referred to in Annex 2 to this contract; 9.3 The Processor shall ensure that it has carefully selected the Sub-Processor, in particular with regard to the adequacy of the Processor`s GENERAL CONDITIONS. The Processor has entered into a written agreement with each Sub-Processor containing data protection obligations that are no less protective than those contained in the Agreement with respect to the protection of Service Data, to the extent applicable to the type of services provided by such Sub-Processor. In a next step, the system checks whether the applicant has been involved in activities related to the central helpdesk such as approvals, change requests, etc. If there is no central help desk activity, all related data such as tickets, notes, and chats will be deleted. Please also feel free to contact Interactio if you have any questions about this privacy policy or if you wish to exercise any of your legal rights. Our Data Protection Officer will respond to you within a reasonable time. You can contact us at dpo@interactio.io. (c) `data importer` means a processor who agrees to receive from the data exporter personal data to be processed after the transfer in accordance with its instructions and the provisions of the clauses on its behalf and which is not subject to the system of a third country which ensures adequate protection within the meaning of Regulation (EU) 2016/679; 2. Where a data subject is unable to assert a claim for compensation in accordance with paragraph 1 against the data exporter resulting from a breach by the data importer or its sub-processor of any of its obligations under Clause 3 or Clause 11 because the data exporter has effectively disappeared or ceased to exist before the law or has become insolvent, The data importer agrees that the data subject may assert a claim against the data importer as if he or she were the data exporter, unless a successor company has assumed all the legal obligations of the data exporter by contract or by operation of law, in which case the data subject may assert his or her rights against that body.

The data importer shall not invoke a breach of its obligations by a processor in order to avoid its own responsibilities. “GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. (d) promptly informs the Data Exporter of the following: 4.1 The Processor will not disclose Personal Data to third parties (including government agencies, courts or law enforcement agencies) except as provided in this Agreement or with the written consent of the Controller or necessary to comply with applicable mandatory laws. If the Processor is obliged to disclose personal data to a law enforcement authority or a third party, the Processor agrees to adequately inform the Controller of the access request before granting such access so that the Controller can obtain a protection order or other appropriate remedies. Where such disclosure is prohibited by law, the Processor shall take reasonable steps to protect the Personal Data from unreasonable disclosure, as if it were the Confidential Information requested by the Processor, and will promptly inform the Controller as soon as possible if and when such a legal prohibition no longer applies. (iii) the cost of complying with investigations conducted by a data protection authority or other competent regulatory authority. (f) where the transfer concerns special categories of data, the data subject has been or will be informed before or as soon as possible after the transfer that his or her data may be transferred to a third country which does not offer adequate protection within the meaning of Regulation (EU) 2016/679; 3.1 Deletion of information and destruction of electronic storage media. All electronic storage media containing personal data must be erased or demagnetized for physical destruction or disposal in a manner consistent with industry forensic standards such as NIST SP800-88 for media disinfection before leaving the controller`s workspaces, with the exception of encrypted personal data located on portable media to provide service to the controller. The processor retains commercially reasonable documented evidence of the deletion and destruction of data for infrastructure-level resources. (i) the processing services are performed by the sub-processor in accordance with clause 11; HAVE AGREED on the following contractual clauses (the clauses) in order to provide adequate safeguards with regard to the protection of the privacy and fundamental rights and freedoms of natural persons for the transfer of the personal data referred to in Annex 1 by the data exporter to the data importer.

. . .