Lūdzu, atjauniniet savu pārlūkprogrammu

Izskatās, ka Jūsu pārlūkprogramma vairs netiek atbalstīta. Lūdzu, atjauniniet pārlūkprogrammu, lai iegūtu drošāku un efektīvāku pārlūkošanas pieredzi.


Lūdzu, izmantojiet vienu no šīm pārlūkprogrammām:

Itella LatviaItella Latvia

Annex concerning the processing of personal data

1. Introduction

This annex concerning the processing of personal data (”Annex”) is an inseparable part of the Agreement between Itella Estonia OÜ or Itella Logistics SIA or Itella Logistics UAB (as the case may be)  (“Service Provider”) and the customer using services (Smartship and/or warehousing as applicable) “Customer” and “Services”. This Annex concerns the processing of personal data in connection with the said Services.

The purpose of this Annex is to ensure the necessary level of privacy and data security of the personal data of the Customer (“Customer Data”) processed by the Service Provider. This Annex defines the principles and terms of privacy and data security related to personal data, that the Service Provider agrees to comply with.

In this Annex the parties agree upon personal data processing for and on behalf of the Customer whereby the Customer is the data controller and this Annex prevails any other terms for the data processing for the Services. This Annex may be updated from time to time.

2. General requirements for privacy and data security

The Service Provider shall have documented processes in its operations. The Service Provider shall have sufficient expertise and resources to carry out the privacy and data security measures defined in this Annex.

3. Data protection and processing personal data

The Service Provider processes the Customer Data on behalf of the Customer for the Services. Personal data means information relating to an identified or identifiable natural person (hereafter referred to as “Data Subject”). Personal data may be e.g. the data identifiable to employees, customers or other persons. The Customer is the controller of the Customer Data and the Service Provider is the processor of the same.

The Parties agree to abide by the legislation, regulations and official decrees of the country of the Service Provider and the European Union.

As the controller, the Customer is responsible for ensuring that it has the necessary rights and has acquired the necessary consent to process Customer Data. The Customer is responsible for drafting e.g. a privacy statement and keeping it accessible as well as informing the Data Subjects.

The Service Provider has the right to process Customer Data in accordance with the Agreement, this Annex and the written guidance of the Customer and insofar as it is necessary to deliver the Service.

The Service Provider shall have the right to use a subcontractor in the processing of the Customer Data in accordance with currently valid data protection legislation.

The Service Provider informs the Customer (e.g. in web site) of any changes to the subcontractors that it uses if it may affect the processing of Customer Data for the Services. Within thirty (30) days of having received the announcement of the change of subcontractor, the Customer may inform the Service Provider in writing that it opposes the appointment of one or several of the subcontractors stated in the announcement, in which case the Service Provider can notify the Customer of a price change that corresponds to the change in data processing costs that the Service Provider incurs due to the Customer opposing the use of a subcontractor. The Service Provider may alternatively terminate the agreement to expire no earlier than thirty (30) days from the date on which the Service Provider sent the written notice to the Customer. If the Customer does not indicate that it opposes the use of the subcontractors it has been notified of pursuant to this section, the Customer is considered to have accepted the use of the subcontractors in question.

The Service Provider reserves the right to announce changes to its data protection practices and subcontractors on its website or through other electronic means.

The Service Provider shall ensure that its subcontractors will adhere to the terms of this Annex. The Service Provider shall regularly supervise the actions of its subcontractors.

Personal data may be processed, when needed, for example due to reasons relating to information systems, in countries outside the European Union or the European Economic Area in accordance with the data transfer methods set forth in the legislation.

The Service Provider must without undue delay forward all relevant requests to inspect, rectify, erase, ban the processing of data or other requests received from the Data Subjects to the Customer. At the Customer’s request, the Service Provider must support the Customer to carry out the requests of the Data Subjects. The Service Provider shall be entitled to invoice reasonable costs from the Customer that are incurred by fulfilling these requests.

The Service Provider shall direct all inquiries by the data protection authorities to the Customer and shall wait for further instruction from the Customer.

Service Provider is obligated to prove, at Customer’s request, that it adheres to the terms of this Annex. By giving a prior 30 days’ written notice, Customer or a third-party auditor (not being a competitor of the Service Provider) on behalf of Customer may inspect Service Provider’s compliance with this Annex. The Service Provider shall rectify the detected infringements and shortcomings without delay. Each Party shall carry its own costs caused by the audits.

4. Data security

The Service Provider shall ensure an appropriate level of security by implementing technical and organizational measures set forth by applicable data protection laws. In implementing the data security measures the nature, scope, context and purposes of processing as well as the risks is taken into account. E.g. the following rules must be adhered to when processing data:

1) The personnel of the Service Provider and its subcontractors shall commit to maintain the confidentiality of the Customer Data.

2) The systems and communications used to process the Customer Data shall be protected by appropriate and up-to-date data security solutions in accordance with the prevalent industry standards.

3) The Customer Data shall not be used for Service Provider’s own business or other purposes of its own.

5. Managing data security incidents

The Service Provider shall notify the Customer without undue delay of data security incidents as per legislation.

The Service Provider shall investigate causes for the breach and take appropriate actions to end the breach. The Service Provider will document the results of the investigation and the actions taken.

6. Liability and remuneration

Service Provider’s maximum and total liability under this Annex and during the term of the Agreement for evidenced direct damages due to breach of this Annex shall not exceed twenty percent (20 %) of the amount billed for the respective service during the previous four months when the breach of the provisions in this Annex occurred. Parties shall not be liable for any indirect or consequential damages.

Service Provider has the right to be compensated for costs due to additional or changed instructions issued by the Customer and for any assistance requested by the Customer for the purpose of fulfilling the Customer’s obligations under applicable data protection legislation.

Appendix

Smartship service

Subcontractors

  • nShift Oy

Scope of personal data

The Service Provider processes the following Customer Data on behalf of Customer:

Categories of data subjects:

  • Customer employee/personnel information, when sending or receiving a delivery by using the Service
  • Customer’s customer information

Types of personal data: name, address, email address, phone and fax number and door code of data subject.

Other terms

If the Customer has not used the Smartship order channel in the last thirteen (13) months, Service Provider shall notify the Customer that all personal and other customer data may be deleted within 2 months. The Service Provider shall reasonably support Customer as may be requested by the Customer in transferring the data of the Customer.

Warehousing

Subcontractors: N/A

Scope of personal data

The Service Provider processes the following Customer Data on behalf of Customer:

Categories of data subjects: Customer employee/personnel, customer’s customers

Types of personal data: name, address, e-mail address, phone number