Versione attuale. Ultimo aggiornamento il 07.02.2023.
La presente Appendice sull'elaborazione dei dati ("DPA") costituisce parte del Contratto di servizio stipulato tra l'utente e Smartcat e dei Termini di servizio disponibili su https://www.smartcat.com/terms/ o in qualsiasi altro luogo in cui i Termini di servizio potrebbero essere pubblicati di volta in volta, inseriti da te come Utente e Smartcat.
Lo scopo del presente DPA è riflettere l'accordo delle parti in merito al trattamento dei dati personali in conformità con i requisiti del Regolamento generale sulla protezione dei dati (GDPR) e di altre leggi sulla protezione dei dati (come tali termini sono definiti nel presente documento).
I termini e le definizioni utilizzati nel presente documento avranno lo stesso significato a loro attribuibile nei Termini di servizio, nel Contratto di servizio e nel GDPR, a meno che il contesto qui non suggerisca diversamente.
3. Processing of Your Personal Data
4. Personal Data in the Uploaded Content to Smartcat Platform
8. Scope of Instructions Given to Smartcat
10. International Data Transfers
13. Data Protection Impact Assessment
15. Your Warranties, Covenants and Undertakings
1.1. “Affiliates” means any entity that directly or indirectly controls, is controlled by, or is under common control with the Smartcat.
1.2. “Content” means any document, information, data, text, images, software, music, videos, sound, photographs, graphics, messages or other materials, including any text and/or oral communication, that a Customer wishes Smartcat to translate or process in the agreed way, provides it for translation/processing by way of uploading, assigning a task (hereinafter, “upload”) it on the Platform.
1.3. “Controller” means the entity which determines the purposes and means of the Processing of Personal Data.
1.4. “Customer” means a User of the Platform who is a party to a Service Contract.
1.5. “Data Protection Laws” means all applicable data protection, privacy and data security laws and regulations, including the UK General Data Protection Regulation (“UK GDPR”), the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 and its implementing regulations (collectively referred to herein as the “CCPA”) and any similar or equivalent applicable laws or regulations.
1.6. “Data Subject” means the identified or identifiable natural person to whom the Personal Data relates.
1.7. “EEA” means the European Economic Area.
1.8. “EU” means the European Union.
1.9. “General Data Protection Regulation” or “GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Counsel of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
1.10. “Personal Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.
1.11. “Personal Data” means any information relating to the Data Subject.
1.12. “Processing of Personal Data” / “Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
1.13. “Processor” means Smartcat which processes the Personal Data on behalf of the Controller.
1.14. “Security Measures” means any measures of the administrative, physical, and technical safeguards in the Smartcat’s information system. The list of Security Measures is mentioned in clause 6.1. of the DPA.
1.15. “Service Contract” means a customer agreement, located at https://www.smartcat.com/customer-agreement/, or paper version of the master services agreement executed between you and Smartcat.
1.16. “Service Task” has the meaning in the Service Contract.
1.17. “Services” means subscription, translation and related services, i.e., editing, post-editing, proofreading, interpreting, etc.
1.18. “Smartcat Platform” or “Platform” means Smartcat’s website and technology platform for translation workflow automation, which is located at https://www.smartcat.com/.
1.19. “Smartcat” means either Smartcat Platform Inc. – a legal entity registered under the laws of the United States of America; or Smartcat Europe B.V. – a legal entity registered in the Netherlands with registered address at Rouboslaan 36 B, 2252 TR, Voorschoten, the Netherlands, registration № 859832880. Which legal entity is going to be a contractual party to you depends on what further agreement you are becoming a party to.
1.20. “Standard Contract Clauses” or “SCC” means an agreement made using the relevant EU Standard Contractual Clauses as adopted by the EU Commission for the transfer of Personal Data to countries outside the EU/EEA.
1.21. “Sub-processor” means any entity or person appointed by or on behalf of the Processor to process Personal Data on behalf of the Processor.
1.22. “Subcontractor” means any individual freelancer or legal entity that is registered on the Platform as a supplier and wishes to perform the Service Task for the Customer.
1.23. “Supervisory authority” means an independent public authority.
1.24. “United Kingdom International Data Transfer Agreement or Addendum” or “UK IDTA” means either, as applicable, (a) the International Data Transfer Agreement when used under the UK GDPR, or (b) the International Data Transfer Addendum to the EU SCCs issued by the Commissioner under s119A (1) of the Data Protection Act 2018, version A1.0, in force from March 21, 2022.
1.25. “User” means a Customer or a Subcontractor (depending on the context) registered on the Platform.
2.1. You acknowledge that you are aware of the Data Protection Laws that may affect you when you receive or collect any Content from your Customers containing Personal Data and when you further upload that Content containing Personal Data on Smartcat Platform.
2.2. Smartcat is a “processor” within the meaning of article 4 of the GDPR.
3.1. This section includes certain details of the Processing of your Personal Data as required by Article 28(3) GDPR.
a) Subject matter and duration of the Processing of your Personal Data are set out in the Terms of Service, Service Contract and this DPA.
b) Nature and purpose of the Processing of your Personal Data: Provision of software as a service for language translation and related services.
c) Types of your Personal Data to be processed: Name, address, photo, contact data, professional life data, other Personal Data in the uploaded Content to the Smartcat Platform.
d) Categories of the Data Subjects to whom your Personal Data relates: Customers, co-workers and Data Subjects referred to in the uploaded Content to the Smartcat Platform.
3.2. Smartcat may process Personal Data provided to Smartcat and/or uploaded by you on Smartcat Platform pursuant to the Terms of Service and Service contract for the following purposes:
providing, supporting and improving Smartcat’s services, using appropriate technical and organizational security measures; and
for the purposes set forth in the Terms of Service and Service contract.
4.1 Riconosci e accetti che Smartcat potrebbe non essere a conoscenza della presenza di Dati Personali nei Contenuti da te caricati sulla Piattaforma Smartcat a meno che tu non informi esplicitamente Smartcat a riguardo. In questo caso, la responsabilità di proteggere tali Dati Personali rimane a te.
5.1. Smartcat shall take reasonable steps to ensure the reliability of any employee, agent or contractor who may have access to your Personal Data, ensuring in each case that access is strictly limited to those individuals who need to know the relevant Controller Personal Data in order for Smartcat to perform its obligations under the Terms of Service and the Service Contract.
5.2. Smartcat ensures that:
5.2.1. Employees, agents or contractors are subject to statutory obligations of confidentiality and confidentiality undertakings at least as restrictive as those described under this DPA.
5.2.2. Employees are thoroughly checked by our security team and can only use Personal Data when necessary as part of their work as well as their access is limited by authorization procedures and infrastructure, which does not allow employees with insufficient rights to access your Personal Data
5.2.3. All employees have completed appropriate training regarding Personal Data.
6.1. Security Measures:
Smartcat is SOC 2 Type II certified
Use of Tier IV data centers in the U.S., EU and China, run by AWS and Microsoft Azure, which are SOC-1, SOC-2, and SOC-3 compliant;
All passwords are stored in hashed and salted form (and several external authorized services are supported via OAuth 2.0);
All passwords in the production configuration files are encrypted and certificates required to decrypt configs are installed on the production machines by administrators and not accessible for engineers with lower levels of access;
Sub-processors are required to enter into appropriate security, confidentiality and privacy contract terms;
Smartcat maintains policies and procedures to detect, monitor, document and respond to actual or reasonably suspected security incidents;
Full list of Smartcat security measures is located at https://www.smartcat.com/smartcat-security-program/.
6.2. These Security Measures may be updated or modified provided that such updates and modifications do not result in the degradation of the overall security of Smartcat Platform.
7.1. To the extent the CCPA applies to the Processing governed by this DPA, the Processor acknowledges that Processor serves as a service provider or contractor, as applicable, with respect to Personal Data Processed by Processor hereunder. Processor acknowledges that Controller is only disclosing Personal Data to Processor for the service(s) identified in the Terms of Service or Service Contract (“Business Purpose”).
7.2. Processor further acknowledges and agrees that:
Processor shall only retain, use, or disclose such Personal Data for the Business Purpose (which means that Processor may not use Personal Information outside of the direct business relationship with Controller or combine Personal Information obtained from Controller with Personal Data that Processor may obtain from other sources);
Processor shall not sell or “share” (as such term is defined in the CCPA) Personal Data or otherwise use Personal Data for any other purpose unless expressly authorized under the CCPA;
Processor shall notify Controller as soon as possible if it determines that it can no longer meet its obligations under this section of the DPA; and
Controller shall have the right, upon notice, to take reasonable and appropriate steps to stop and remediate any unauthorized use of Personal Data by Processor.
8.1. This DPA, the Terms of Service and the Service Contract set out your complete and final instructions to Smartcat in relation to the Processing of your Content containing Personal Data and Processing outside the scope of these instructions (if any) shall require prior written agreement between you and Smartcat. Smartcat will not use or process the Personal Data for any other purpose other than the Terms of Service, this DPA and the Service Contract.
8.2. You understand that within the provision of Services by Smartcat, you may select Smartcat’s Subcontractors on the Smartcat Platform and grant them access to Personal Data in your uploaded to the Smartcat Platform Content (if such Personal Data is present in the uploaded Content) directly through the Platform by way of assigning respective Subcontractor to the Service Task. Subject to section 9.2. such assignment constitutes your authorization and consent to process Personal Data by the selected Subcontractor, who will act as the Sub-processor in the meaning of GDPR.
9.1. You acknowledge and agree that a) Smartcat’s Affiliates may be retained as Sub-processors and b) Smartcat and Smartcat’s Affiliates respectively may engage third party Sub-processors in connection with the provision of Services As a condition to permitting a third party Sub-processor to process Personal Data, Smartcat or a Smartcat Affiliate will enter into a written agreement with each Sub-processor containing data protection obligations that provide at least the same level of protection for Personal Data as those in this Agreement, to the extent applicable to the nature of the services provided by such Sub-processor.
9.2. You hereby authorize Smartcat to engage with the following Sub-processors with the understanding that if you entered into SCC, this authorization would constitute your prior written consent to the subcontracting by Smartcat of the Processing of Personal Data if such consent is required under the SCC.
Nome | Posizione | Scopo |
|---|---|---|
Amazzonia | UE - Dati personali di tutti gli Utenti Smartcat e Contenuti caricati da Clienti residenti in Europa e Africa. | Ospitando |
UE, USA | Traduzione automatica | |
Microsoft | UE, USA | Traduzione automatica |
DeepL | Unione Europea | Traduzione automatica |
Intento | Stati Uniti d'America | Traduzione automatica |
ModernoMT | Unione Europea | Traduzione automatica |
Yandex | Unione Europea | Traduzione automatica |
ABBIA | UE, USA | Servizi OCR |
Mercato Smartcat Subappaltatori/liberi professionisti (ad esempio traduttori, redattori, correttori di bozze) | A scelta del Titolare | Traduzione e servizi correlati |
9.3. Smartcat shall not engage any other Sub-processors than the Sub-processors indicated above, without your prior written consent.
9.4. Sub-processor only accesses and uses any Personal Data, provided to Smartcat and/or uploaded by you to Smartcat Platform, to the extent required to perform the obligations subcontracted to such Sub-processor.
9.5. Smartcat remains fully liable for all obligations subcontracted to, and all acts and omissions of Sub-processors.
10.1. As indicated above this DPA includes transfers of Personal Data out of the European Economic Area and the GDPR applies to the transfers of such data.
10.2. For the avoidance of doubt, if you reside in the European Union, your Content will be stored on the EU data center and will not leave the EU unless you assign a Service Task to a Subcontractor residing outside the EU, therefore your Content will become available to such non-EU Subcontractor.
10.3. The SCC are incorporated into this DPA and apply where the application of the SCC, as between the parties, is required under applicable European Data Protection Legislation for the transfer of personal data. The SCC shall be deemed completed as follows:
10.3.1. As mentioned above you act as a Controller and Smartcat acts as Processor with respect to your Personal Data, therefore Module 2 of the SCC applies.
10.3.2. Clause 7 (the optional docking clause) is not included.
10.3.3. Under Clause 9 (Use of sub-processors), the parties select Option 2 (General written authorization). The time period of the notification regarding any intended changes to the list of sub-processors is at least 24 hours in advance.
10.3.4. Under Clause 11 (Redress), the optional language will not apply.
10.3.5. Under Clause 17 (Governing law), the parties choose Option 1 and select the law of the Netherlands.
10.3.6. Under Clause 18 (Choice of forum and jurisdiction), the parties select the courts of the Netherlands.
10.3.7. Annexes I, II and III of the SCC are set forth in Appendix below.
10.4. Smartcat will, if specifically requested by you, enter as the data importer of the Personal Data into UK IDTA with you as the data exporter of such data, and that the transfers are made in accordance with such UK IDTA.
Taking into account the nature of the Processing, Smartcat shall assist you by implementing appropriate technical and organizational measures for the fulfillment of your obligations, as reasonably understood by you, to respond to requests to exercise Data Subject rights under the General Data Protection Regulation as well as any Data Protection Laws.
11.1. Smartcat shall promptly notify you if Smartcat receives a request from a Data Subject, any Supervisory authority under any Data Protection Law in respect of your Personal Data as well as to cooperate as requested by you in order to comply with any Data Protection Laws regarding your Personal Data.
11.2. If Smartcat receives any request from a Data Subject in relation to Personal Data, provided to Smartcat and/or uploaded by you to Smartcat Platform, subject to section 11.1., you will be responsible for responding to any such request including, where necessary, by using the functionality of Smartcat Platform.
12.1. Smartcat shall notify you without undue delay, but not later than forty-eight (48) hours after Smartcat becoming aware of a Personal Data Breach affecting your Personal Data, providing you with sufficient information to allow you to meet any obligations to report or inform Data Subjects of the Personal Data Breach under the Data Protection Laws. Smartcat shall cooperate with you and take reasonable commercial steps, including as directed by you to assist in the investigation, mitigation and remediation of each such Personal Data Breach.
12.2. Smartcat’s obligation to report or respond to a Breach of Personal Data incident is not and will not be construed as an acknowledgement by Smartcat of any fault or liability of Smartcat with respect to the Breach of Personal Data incident.
12.3. Smartcat hereby declares and you agree that an unsuccessful security incident will not be reported to you. An unsuccessful security incident is one that results in no unauthorized access to Personal Data or to any of Smartcat’s equipment or facilities storing Personal Data, and may include, without limitation, pings and other broadcast attacks on firewalls or edge servers, port scans, unsuccessful log-on attempts, denial of service attacks, packet sniffing or similar incidents.
13.1. Smartcat shall provide reasonable assistance to you with any data protection impact assessments, and prior consultations with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) in the Netherlands (“Supervising Authorities”) or other competent data privacy authorities, which you reasonably consider to be required by article 35 or 36 of the GDPR or equivalent provisions of any other Data Protection Law, in each case solely in relation to Processing of your Personal Data by and taking into account the nature of the Processing and information available to the Sub-processors.
13.2. Upon termination of the Terms of Service or Service Contract executed between you and Smartcat, Smartcat shall upon your request return to you all Personal Data that belongs to you and copies of such data or securely destroy them and reasonably demonstrate to you that Smartcat has taken such measures unless applicable law prevents Smartcat from returning or destroying all or part of your Personal Data.
14.1. Controller reserves the right to perform an audit related to Smartcat’s compliance to obligations set out in this DPA if required and appropriate, yet not without prior written notification to Smartcat, and without creating a business disturbance for Smartcat. Assessment may be performed by you and/or another auditor mandated by you and the information obtained during the assessment shall be treated with utmost confidentiality.
14.2. To request an audit you must submit a detailed audit plan to Smartcat at least thirty (30) days in advance of the proposed audit date, describing the proposed scope, duration, and start time of the audit. Following the receipt by Smartcat of a request for an audit, Smartcat and you will discuss and agree in advance on: (1) the reasonable start date, (2) scope and duration of and security and confidentiality controls applicable to any audit.
14.3. You will be responsible for any fees you incur, including any fees charged by any auditor appointed by you to execute any such audit.
14.4. Smartcat may object in writing to an auditor appointed by you if the auditor is in Smartcat’s reasonable opinion, not suitable, qualified or independent, a competitor of Smartcat, or otherwise unsuitable. Any such objection by Smartcat will require you to appoint another auditor or conduct the audit yourself.
15.1. You covenant and undertake to Smartcat:
to comply at all times with Data Protection Laws prescribed for data Controllers or data Processors (as the case may be) in respect of any Personal Data you provide to Smartcat and/or upload on Smartcat Platform pursuant to the Terms of Service and Service Contract;
if required by law to be a party to SCC or UK IDTA;
that you are solely responsible for complying with incident notification laws applicable to you and fulfilling any third party notification obligations related to any Breach of Personal Data, provided to Smartcat and/or uploaded by you on Smartcat Platform pursuant to the Terms of Service or Service Contract.
15.2. You warrant to Smartcat:
if GDPR applies to the Processing of Personal Data and you are a Processor, then your instructions and actions with respect to the Personal Data provided to Smartcat have been authorized by the relevant Controller;
that the Security Measures (as detailed above) implemented and maintained by Smartcat as set out herein provide a level of security appropriate to the risk in respect of the Content you provide to Smartcat and/or upload to Smartcat Platform pursuant to the Terms of Service and Service Contract.
16.1. Smartcat covenants and undertakes to you:
to comply at all times with Data Protection Laws in respect of any Personal Data provided to Smartcat and/or uploaded by you to Smartcat Platform pursuant to the Terms of Service or the Service Contract;
to process Personal Data (i) only for the purpose of providing, supporting and improving Smartcat’s services, using appropriate technical and organizational security measures; and (ii) for the purposes set forth in the Terms of Service or Service Contract;
to process Personal Data contained in any of your Content only in accordance with the written instructions from you (submitted via your User’s profile on Smartcat Platform or by e-mail);
to notify you as the User if, in Smartcat’s opinion, an instruction for the Processing of Personal Data given by you infringes applicable Data Protection Laws;
to inform you in writing if Smartcat cannot comply with the requirements under this DPA, in which case you as the User can terminate this DPA or take any other reasonable action, including suspending Personal Data Processing operations;
that Smartcat will, in a manner consistent with the functionality of Smartcat Platform, enable you to access, rectify and restrict Processing of Personal Data, provided to Smartcat and/or uploaded by you on Smartcat Platform pursuant to the Terms of Service and Service Contract;
upon your written request shall securely destroy or return such Personal Data, provided to Smartcat and/or uploaded by you on Smartcat Platform pursuant to the Terms of Service or Service Contract, to you within a maximum period of 30 days, unless applicable legislation or legal process prevents it from doing so.
17.1. This DPA and SCC shall remain in effect as long as the Terms of Service or Service Contract remain in effect.
17.2. Any and all liabilities of Smartcat under this DPA are, without exception, limited to the amount of limitation cap indicated in the Service Contract.
17.3. All notices required or permitted under this Agreement shall be in writing addressed to the respective parties and shall be delivered by hand or by registered or certified mail, postage prepaid or by electronic mail with confirmation of receipt.
17.4. This agreement and its annexes shall be governed by the laws of the Netherlands, excluding its conflicts-of-law rules, govern this Agreement.
17.5. Any breach of this DPA shall constitute a material breach of the Terms of Service and service contracts executed between you and Smartcat.
17.6. With regard to the subject matter of this DPA, in the event of inconsistencies between the provisions of this DPA and any other agreements between the parties, including but not limited to the Terms of Service, service contracts executed between you provisions of this DPA shall prevail with regard to the Parties’ data protection obligations for Personal Data of a Data Subject from a Member State of the EU.
17.7. Should any provision of this DPA be invalid or unenforceable, then the remainder of this DPA shall remain valid and in force. The invalid or unenforceable provision shall be either (i) amended as necessary to ensure its validity and enforceability, while preserving the parties’ intentions as closely as possible or, if this is not possible, (ii) construed in a manner as if the invalid or unenforceable part had never been contained therein.
17.8. We reserve the right at all times to remove or modify any part of this DPA unilaterally. We shall notify you by e-mail or via the Platform about the amended and restated DPA to ensure that you stay informed of any such amendments and restatements. Your use of the Platform after the date of notification or the effective date of changes indicated in the notification shall mean your acceptance of the amended and restated DPA, unless you accepted them otherwise earlier. In case you use a corporate account, only the administrator of that corporate account will be notified. The administrator of the corporate account and not Smartcat is solely responsible for further notification of changes to other members of the corporate account.
A. ELENCO DELLE PARTI
Esportatore di dati:
Cliente come definito nel contratto con il cliente
Attività relative ai dati trasferiti ai sensi delle presenti clausole: ottenere i servizi sulla piattaforma Smartcat dall'importatore di dati
Importatore di dati:
Smartcat come definito nella sezione 1 del DPA
Attività relative ai dati trasferiti ai sensi delle presenti clausole: Fornitura dei servizi sulla piattaforma Smartcat all'esportatore di dati
B. DESCRIZIONE DEL TRASFERIMENTO
Categorie di interessati i cui dati personali vengono trasferiti
Prospetti, clienti, partner commerciali e fornitori dell'esportatore di dati (che sono persone fisiche)
Dipendenti o persone di contatto di potenziali clienti, clienti, partner commerciali e fornitori dell'esportatore di dati
Dipendenti, agenti, consulenti, liberi professionisti dell'esportatore dei dati (che siano persone fisiche)
Utenti dell'esportatore di dati autorizzati dall'esportatore di dati all'utilizzo della Piattaforma Smartcat.
Categorie di dati personali trasferiti
I dati personali trasferiti riguardano a titolo esemplificativo ma non esaustivo le seguenti categorie di Dati Personali:
Dati personali
Informazioni di contatto
Dati sulla vita professionale
Informazioni divulgate (da terze parti, ad esempio agenzie di riferimento del credito o da elenchi pubblici).
Dati sensibili trasferiti (se applicabile) e restrizioni o garanzie applicate che tengono pienamente in considerazione la natura dei dati e i rischi connessi, come ad esempio una rigorosa limitazione delle finalità, restrizioni di accesso (incluso l'accesso solo per il personale che ha seguito una formazione specializzata), conservazione un record di accesso ai dati, restrizioni per i trasferimenti successivi o misure di sicurezza aggiuntive.
L'esportatore di dati può inviare a Smartcat categorie speciali di dati, la cui entità è determinata e controllata dall'esportatore di dati a sua esclusiva discrezione e che è per motivi di chiarezza Dati personali con informazioni che rivelano origine razziale o etnica, opinioni politiche, religione o convinzioni filosofiche, appartenenza sindacale, trattamento di dati relativi alla salute o alla vita sessuale.
L'importatore di dati determina il tipo e il livello di accesso concesso ai singoli dipendenti in base al "principio del privilegio minimo". Questo principio afferma che ai dipendenti viene concesso solo il livello di accesso assolutamente necessario per svolgere le loro funzioni lavorative ed è dettato dai requisiti aziendali e di sicurezza dell'importatore di dati. Permessi e diritti di accesso non espressamente concessi saranno, per impostazione predefinita, vietati.
La frequenza del trasferimento (ad es. se i dati vengono trasferiti su base singola o continua).
Su base continuativa, durante i Termini di servizio oi contratti di servizio stipulati tra l'Esportatore di dati e l'Importatore di dati rimangono in vigore.
Natura del trattamento
L'importatore di dati elaborerà i dati personali dell'esportatore di dati al fine di fornire servizi all'esportatore di dati in conformità con le disposizioni del DPA.
Scopo/i del trasferimento dei dati e dell'ulteriore trattamento
L'importatore di dati trasferirà ed elaborerà i dati personali dell'esportatore di dati allo scopo di fornire servizi all'esportatore di dati in conformità con le disposizioni del DPA.
Il periodo di conservazione dei dati personali previsto oppure, se non è possibile, i criteri utilizzati per determinare tale periodo
I dati personali dell'esportatore di dati saranno conservati per il tempo necessario a fornire i servizi ai sensi dei Termini di servizio validi o dei contratti di servizio stipulati tra l'esportatore di dati e l'importatore di dati. I Dati Personali dell'Esportatore di Dati saranno distrutti o restituiti all'Esportatore di Dati in conformità con le disposizioni del DPA.
Per i trasferimenti a (sub-) responsabili, specificare anche oggetto, natura e durata del trattamento
L'importatore di dati trasferirà i dati personali dell'esportatore di dati ai subincaricati ai sensi dell'articolo 9 del DPA.
C. AUTORITA' DI VIGILANZA COMPETENTE
L'autorità olandese per la protezione dei dati personali (Autoriteit Persoonsgegevens)
MISURE TECNICHE E ORGANIZZATIVE COMPRESE MISURE TECNICHE E ORGANIZZATIVE PER GARANTIRE LA SICUREZZA DEI DATI
L'importatore di dati manterrà garanzie amministrative, fisiche e tecniche per la protezione della sicurezza, riservatezza e integrità dei dati personali caricati sulla piattaforma Smartcat, come descritto nella documentazione applicabile ai servizi specifici acquistati dall'esportatore di dati e accessibili tramite https:/ /www.smartcat.com/ o altrimenti resi ragionevolmente disponibili dall'importatore di dati. L'importatore di dati non ridurrà materialmente la sicurezza complessiva dei Servizi durante la durata dei Termini di servizio o dei contratti di servizio stipulati tra l'esportatore di dati e l'importatore di dati.
Le misure di sicurezza sono specificate nella sezione 6 del DPA.
ELENCO DEI SUB-PROCESSORI
L'elenco dei sub-responsabili è specificato nella sezione 9 del DPA.