Komprise General Data Protection Regulation (“GDPR”) Compliant Terms

 

How They Work

We understand that the GDPR has created a large workload for Komprise customers. We therefore are proactively offering GDPR compliant terms to all our customers as standard for all new business (“Komprise Data Processing Terms”) and where possible incorporating them automatically into our existing customer contracts. Most customers will not have to actively amend their existing contracts to benefit from the Komprise Data Processing Terms.

What Data Processing Does Komprise Do?

We are a processor of our customers’ information:

  • When we provide Hosted Services, (such as Komprise)
  • When our customers provide personal data to us during a support case; and

Please note that in the context of our on-premise solutions, there is no processing of personal data by Komprise on behalf of customers.

What Terms is Komprise Providing?

The Komprise Data Processing Terms comply with all the provisions of Article 28 of the GDPR and contain a Data Transfer Agreement on the terms of the Standard Contractual Clauses approved by the EU Commission (“Data Transfer Agreement”) to cover any transfers of personal data outside the European Economic Area (“EEA”) and Switzerland that may occur during service provision. You will find these behind the “GDPR Compliant Terms and Conditions” tab at www.komprise.com/privacy. Komprise in the US is the data importer for all services where there is a data transfer to a country outside the EEA and Switzerland.

For customers contracting with Komprise in the US, there is no need for an agency arrangement as the Komprise contracting party and the data importer within the Komprise group are the same. The Data Transfer Agreement is an annex to the Komprise Data Processing Terms.

The Komprise Processing Terms refer to standard annexes which give details of the data processing and the security provisions that apply. The security annexes are based on the EU Commission’s standard form.

How is Komprise Incorporating the Komprise Data Processing Terms into Customer Relationships?

Our standard contractual documents contain “bridge” wording that incorporates the wording of the Komprise Data Processing Terms into the contract.

For Hosted Services, the bridge wording is in the Services Description. Our customers who are on our standard terms have agreed contractually to accept updates to our Services Description. Therefore, customers that have not amended this wording will automatically get the benefit of the Komprise Data Processing Terms. Those customers that amended this wording to prevent changes to the Services Description applying automatically will need to ask for an amendment. We can do this quickly and easily by adding the bridge wording to your contract. To action this, please contact your account manager or if you do not have one, the Komprise Privacy Program Office at privacy@komprise.com.

For Support Services, the bridge wording is in the Komprise Support Certificate, which confirms the terms on which Komprise supplies support. This is standard for all customers, without exception. The Komprise Data Processing Agreement will apply from your next renewal date. Those customers that do not have a renewal date prior to the 25th May 2018 will need to ask for an amendment. We can do this quickly and easily by adding the bridge wording to your contract. To action this, please contact your account manager or if you do not have one, the Komprise Privacy Program Office at privacy@komprise.com.

Any Other Questions?

If you have any questions, please contact the Komprise Privacy Program Office at privacy@komprise.com. We will be happy to help you.