Privacy Policy
The Parties:
Admers
and
The Client
1. BACKGROUND
- Admers supplies a full-service solution comprised of web analytics tools that allow the Client to gain insight into the users (individuals and companies) that visit and use the Client’s websites and online social media.
- The Client wishes to use Admers’ system. For this purpose, Admers shall receive non-sensitive personal data, including names and e-mail addresses.
- This Agreement describes Admers’ and the Client’s obligations with a view to meeting the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 regarding Data Processing Agreements (known as GDPR).
- The Parties have entered this Agreement in connection with the Parties’ entering into an agreement regarding the Client’s use of the Admers product, Admers App (”the General Agreement”). This and the General Agreement are interdependent and cannot be terminated separately. However, if this Agreement is replaced by another valid data processing agreement, there is no reason to terminate the General Agreement.
2. OBJECTIVES AND THE PARTIES’ STATUS
- By agreement with the Client, Admers shall process personal data for the Client with a view to meeting the objectives stated in section 1. Admers may therefore solely process personal data that is necessary in order to supply the services stipulated in the General Agreement.
- The Client is the Data Controller responsible for the personal data submitted to Admers. The Client is responsible for ensuring that Admers is permitted to process any personal data that is submitted to Admers.
- The Parties agree that Admers is the Data Processor responsible for processing the personal data on the Client’s behalf. As Data Processor, Admers has the obligations assigned to a Data Processor in pursuance of the GDPR.
3. Admers’ CONTRACTUAL OBLIGATIONS
- Admers shall process the personal data only on documented instructions from the Client, including with regard to transfers of personal data to a third country or an international organisation, unless required to do so by EU or Danish law; in such a case, Admers shall inform the Client of that legal requirement before processing, unless the law prohibits such information on important grounds of public interest.
- Admers shall ensure that any person who acts under the authority of Admers and has access to personal data shall not process those data except on instructions from Admers and that such a person has committed himself/herself to confidentiality.
4. TECHNICAL AND ORGANISATIONAL SECURITY MEASURES
- Admers shall take technical and organisational measures to prevent accidental or unlawful destruction, publication, loss, impairment, or unauthorised disclosure, misuse or other use in contravention of legal requirements. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, Admers shall, where relevant, implement the following measures (this list is not exhaustive): (i) the pseudonymisation and encryption of personal data, (ii) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services, (iii) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident, and (iv) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
- Admers shall immediately inform the Client of a personal data breach of data processed on the Client’s behalf.
5. DATA SUBPROCESSORS
- Admers may not avail itself of the services of a Data Subprocessor except with the prior specific or general consent of the Client in writing. If general written consent is issued, Admers shall notify the Client of the planned engagement of additional or replacement of Subprocessors and thereby give the Client an opportunity to object to such changes.
- If Admers transfers the processing of personal data for which the Client is responsible to a Data Subprocessor, Admers shall enter a Data Processing Agreement with the Data Subprocessor to ensure that the Data Subprocessor is subject to the same obligations as Admers is subject to in pursuance of this Agreement.
6. Admers’ SUPPORT
- Taking into account the nature of processing, Admers shall as far as possible assist the Client by implementing appropriate technical and organisational measures to ensure that the Client complies with his obligations with regard to responding to requests to exercise the rights of natural persons.
- Taking into account the nature of the processing and the data available to Admers, Admers shall assist the Client in adhering to the latter’s obligations established in the GDPR regarding security of processing (Article 32).
- Admers shall provide the Client with all the information required to prove compliance with this Agreement and shall allow for and contribute to audits, including inspections, conducted by the Client or another auditor mandated by the Client.
- Admers reserves the right to charge the Client per hour for any work done in connection with sections 6.1-6.3.
7. DATA ERASURE
- Once cooperation with the Client is terminated, Admers shall, at the Client’s discretion, either erase or return all personal data and any copies thereof to the Client unless EU Member State law stipulates that such personal data must be stored.
8. USE OF GOOGLE USER DATA
- Admers’s use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
- Admers will not transfer user data to third parties without express permission from The Client.
- Admers will retrieve and store Google user data such as associated Google Analytics and Google Ad accounts, Google Analytics Report Data and Google Ads Report Data to generate and display reports to The Client.