1. Definitions and interpretation
1.1. In addition to the definitions in the Agreement, the following words and expressions have the meanings stated below in the Data Processing Agreement, unless the context requires otherwise. For the sake of clarity and readability of this Data Processing Agreement, some definitions are repeated from the General Terms and Conditions.
the agreement comprises of the Order Form, the General Terms and Conditions and the Data Processing Agreement and any schedules and amendments hereto.
means appendices to this Data Processing Agreement.
the Customer as defined in the Agreement and in accordance with the definition in the applicable Data Protection Law.
the legal entity that has entered into the Agreement with Auditdata as described in the Agreement on the terms and conditions set forth in the Agreement.
General Terms and Conditions
the general terms and conditions which is part of the Agreement.
means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status.
Data Protection Law
the legislation, as amended, protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the Processing of Personal Data applicable to a Controller in the EEA country where the Controller is established.
an identified or identifiable natural person (an identifiable person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person).
Data Processing Agreement
this agreement with Appendices.
the European Economic Area.
the order form between Auditdata and Customer concerning Auditdata’s delivery of Strato Clinic Management System Software and related Software Services entered into online through Auditdata’s website.
any information relating to an identified or identifiable natural person.
Personal Data Breach
a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise processed.
any operation or set of operations which is performed upon Personal Data or on sets of Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Auditdata and in accordance with the definition in the applicable Data Protection Law.
2. Purpose and background
2.1. Auditdata and Customer has entered into the Agreement under which Auditdata provides the cloud-based clinic management software system named “Strato” (defined as the “Software” in the Agreement) and certain related Software Services to Customer. As part of the provision of services Auditdata Process Personal Data, notably in the form of Health Data that may be linked to specific natural persons (Data Subject), for which the Customer is Controller.
2.2. In additions to the terms and conditions set forth in the General Terms and Conditions, the Data Processing Agreement sets out the terms and conditions which apply to Auditdata’s Processing of Personal Data.
3.1. The Data Processing Agreement applies to any Processing of Personal Data performed by Auditdata in connection with the performance of its services to the Customer.
3.2. The categories of Data Subjects, Personal Data and Processing Operations are set out in Appendix A (Categories of Data Subjects, Personal Data and Processing Operations).
4. Obligations of the processor
4.1. Auditdata will perform the Processing in accordance with Data Protection Law. Notably, Auditdata will:
- process Personal Data only on documented instructions from the Customer as specified in the Agreement and for the purposes set out in Appendix A (Categories of Data Subjects, Personal Data and Processing Operations);
- ensure that persons authorized to Process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
- implement appropriate technical and organizational measures to protect Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, and against all other unlawful forms of Processing, including the requirements with respect to such measures under the Danish Act on Processing of Personal Data (in Danish: “persondataloven”);
- only subcontract with sub-processors in accordance with the requirements of clause 6;
- immediately inform the Customer if, in its opinion, an instruction infringes Data Protection Law;
- assist the Customer by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of the Customer’s obligation to respond to requests for exercising the Data Subject’s non-exclusive rights to access, rectification and erasure, as these are stated in the Data Protection Law;
- at the choice of the Customer delete or return all the Personal Data to the Customer after the end of the provision of services relating to Processing within the period stated in the currently applicable Microsoft Online Service Terms as amended from time to time (“Microsoft OST”) which may be accessed as set out in Schedule 3.1 (Microsoft OST).
- make available to the Customer all information necessary to demonstrate compliance with the Data Protection Law, e.g. annual audit certificate from Auditdata’s third party accountants,
- in connection with clause 1 h), if legally and technically possible allow for and contribute to audits, including inspections conducted by the Customer or another mandated by the Customer as set out in clause 7.
4.2. Auditdata will indemnify the Customer from any loss directly resulting from Auditdata’s failure to comply with its obligations hereunder. Auditdata’s liability for failure to comply with its obligations under the Agreement, including the Data Processing Agreement, is, however, capped and disclaimed according to the provisions of the General Terms and Conditions.
4.3. The Customer warrants that Auditdata’s strict compliance with any instruction from the Customer with respect to the Processing of Personal Data, shall not result in a violation of applicable Data Protection Law. In this context, Customer will indemnify Auditdata for any loss suffered as a result of Auditdata relying on and complying with Customer’s non-compliant instructions.
4.4. Auditdata shall inform the Customer without undue delay if Auditdata becomes aware of any Personal Data Breach.
4.5. Auditdata shall be entitled to charge the Customer separately for any costs (including internal resources at Auditdata’s standard rates) that Auditdata may incur in relation to assistance under clause 1.f), g) and i).
5. Obligations of the Controller
5.1. The Customer will be solely responsible and liable for its compliance with applicable law as Controller. The Customer will before using the Software and related Software Services under the Agreement in a way that includes Processing of Personal Data ensure that it complies with all Data Protection Law, e.g. in relation to the provision of required information/notification to and/or approvals from Data Subjects and/or regulatory authorities related to the Processing.
5.2. The Customer will promptly notify Auditdata if it becomes aware that Processing of the Customer’s Personal Data may be contrary to Data Protection Law.
5.3. The Customer will indemnify Auditdata from any loss resulting from the Customer’s failure to comply with its obligations hereunder.
6.1. By signing the Agreement, the Customer authorizes Auditdata to engage sub-processors, including without limitation Microsoft and other sub-processors as stated in Appendix A, clause 3, to perform Processing of Personal Data, provided that Auditdata enters into a written agreement with each sub-processor.
6.2. Auditdata will inform the Customer by email about any intended addition or replacement of a sub-processor in advance allowing the Customer/Data Subject the opportunity to object and/or render its informed consent, such not to be unreasonably withheld. Customer cannot object without a bona fide, reasonable and objective reason. If the Customer object to any addition or replacement of a sub-processor, and such objection is based on a bona fide, reasonable and objective reason, Auditdata is entitled to (i) terminate the Agreement with immediate effect by written notice and (ii) to invoice Customer the payment for any services already rendered under the Agreement.
7.1. Auditdata will if possible allow for and contribute to audits at Auditdata facilities, including inspections, conducted by the Customer or another auditor mandated by the Customer subject to a reasonable prior written notice from Customer to Auditdata of at least 90 days, unless mandatory law requires otherwise.
7.2. The written notice shall include a proposed audit plan. If part of the requested audit scope is covered by the scope of an audit report by a qualified third-party auditor within the last 12 months, Auditdata may request the Customer to consider whether it could rely on such report instead of an audit. Auditdata will be entitled to choose the date and time of the audit to minimize business disruption and may combine the audit with audits from other customers.
7.3. At the request of Customer according to Clause 1 and 7.2, the Customer (or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality appointed by the Customer) will be entitled to perform audits of Auditdata’s facilities and security practices directly related to the Processing of Personal Data under the Agreement in order to monitor compliance with the Data Processing Agreement, however, subject to Clause 7.7. Unless a supervisory authority requires otherwise, such audit shall be limited to 1 audit per 24 months’ period.
7.4. Any audit shall be conducted in accordance with Auditdata’s internal policies and all participants shall be subject to written confidentiality obligations no less restrictive than as set out in the General Terms and Conditions. To the extent allowed under applicable law, the Customer shall deliver to Auditdata a copy of the audit report and Auditdata shall be entitled to use such report free of charge in relation to other customers.
7.5. The Customer may use the information obtained during any audit, including any audit report, only for the purpose of meeting its audit obligations under Data Protection Law. For the avoidance of doubt, Customer is not allowed to disclose to the public any parts of the audit report, without prior written consent from Auditdata, unless required by mandatory law.
7.6. The Customer will bear any costs related to audits and Auditdata shall be entitled to charge the Customer separately for any cost (including internal resources at Auditdata’s standard rates) Auditdata may incur in relation to its assistance with such audits.
7.7. Customer or another auditor mandated by the Customer subject to confidentiality is allowed to conduct audits with Auditdata’s sub-processor, Microsoft, to the extent this is possible according to the terms and conditions in the then currently valid and applicable version of the Microsoft OST. Audit at Microsoft shall always be conducted in accordance with Microsoft OST and applicable Microsoft internal policies. The now current version of Microsoft OST may be accessed as set out in appendix C (Microsoft Online Service Terms). Customer can at any time request the latest version of the Microsoft Online Service Terms from Auditdata. On request, Auditdata will deliver the latest version within reasonable time.
8. Term and termination
8.1. The Data Processing Agreement will take effect from the date of the last signature on the Agreement and will continue in force until Auditdata no longer Process Personal Data on behalf of the Customer.
9. Auditdata’s rights to changes due to changes in mandatory law
9.1. If there are changes in mandatory Data Protection Law, Auditdata is entitled to change the Data Processing Agreement accordingly. If the Customer objects to the change in the Data Processing Agreement, Auditdata is entitled to (i) terminate the Agreement with immediate effect by written notice and (ii) to invoice Customer the payment for the remaining part of the Term as specified in the Agreement.
10. Governing law and disputes
10.1. The Data Processing Agreement is governed by and will be interpreted in accordance with Danish law. However, the conflict of laws rules must be disregarded to the extent that such rules are non-mandatory.
10.2. Any dispute arising out of the Data Processing Agreement, including any dispute concerning the existence or validity of the Data Processing Agreement shall be brought before the Danish courts.
Appendix A to Data Processing Agreement
Categories of Data Subjects, Personal Data and Processing Operations
In connection with Auditdata’s provision of services and hosting the Personal Data on behalf of the Customer, the Customer gives Auditdata the instruction and grants consent to Process the following Personal Data for the purposes set out below:
1. General description of the data processing activities and purposes
Processing activity 1: Auditdata processes the Personal Data of the Customer for the purpose of ensuring the functionality of Strato – Easy Clinic Management system. The Personal Data are stored during the Term of the Agreement and upon termination returned or deleted within the period stated in the Microsoft OST which may be accessed as set out in Schedule 3.1 (Microsoft OST) after Auditdata receives a written account cancellation from the Customer. Auditdata will to the best of its ability return or delete the personal data within 180 days.
2. Specification of personal data categories and purpose
The Personal Data categories may be adjusted from time to time, to the extent that the processing of Personal Data and the purposes thereof continue to fall under the general description.
Data subjects: Persons who are registered in connection with (i) hearing tests, including but limited to hearing impaired patients, and (ii) the provision of other services.
Category: Various Personal Data regarding Data subjects, as further
Category: Health Information, as further specified below
Personal Data Description
Gender Gender of the client
Title Any title; some clients prefer their title included in letters etc.
Name of the clients are used to ensure that the identification of the client can take place.
DOB Date of birth
Social security Number Social security number
Address Line 1 Address data of the client.
Address Line 2
Address Line 3
Comment Please note that only Personal Data which is relevant for the purpose of using the Strato – Easy Clinic Management system may be inserted in order to ensure compliance with Personal Data Law.
Email Email address.
Home Phone Phone numbers to ensure that the shop can contact the client by phone.
Insurance Group Any insurance group
Insurance Any Insurance
Insurance Policy The specific insurance policy (may fully or partly pay for the hearing instruments)
Primary Office Any preferred shop
Primary Acoustician / audiologist Any preferred Acoustician / Audiologist
Physician / G.P. The client’s Physician / G.P.
ENT The client’s ENT.
Referral The Strato user can enter any Referral
Other 1 Text field for any comments. Please note that only Personal Data which is relevant for the purpose of using the Strato – Easy Clinic Management system may be inserted in order to ensure compliance with Personal Data Law
Other 2 Text field for any comments. Please note that only Personal Data which is relevant for the purpose of using the Strato – Easy Clinic Management system may be inserted in order to ensure compliance with Personal Data Law
Custom fields The Strato administrator can define addition fields, relevant for his shop
Client Status Status of the client; e.g. active; inactive; deceased
Client number A client number assigned by the program (can be used as identifier – anonymous identifier)
Client picture The Strato user can insert a picture of the client (may be relevant to recognize the client e.g. in a waiting room).
Sensitive Personal Data Description
Audiogram Hearing loss measurement (data not created in Strato)
Hearing Instrument Fitting data Any journal data; free text entered by Strato user; typically, by the Audiologist (data not created in Strato, but by NOAH module)
REM/HIT measurements Data for programming the hearing instrument in accordance with the hearing loss measurement and applied fitting activities (data not created in Strato, but by NOAH module)
Questionnaire data Any questionnaire data; e.g. how was the client able to handle different situations before and after having got a HI (data not created in Strato, but by NOAH module)
3. Specification of personal data categories and purpose
Who at Auditdata has access to Personal Data?
- Strato product Development, Operations and Support staff.
Which external parties (outside Auditdata) have access to all or part of the Personal Data (sub-processors)?
- Microsoft Windows Azure (The purpose of engaging Microsoft is to utilize the Microsoft Azure hosting and storage facilities to provide the cloud-based services to Customer).
- Auditdata’s notified body auditor of ISO 27001 certification in accordance with the information systems audit policy.
Appendix B to the Data Processing Agreement
Auditdata will implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk of the processing. These measures include but are not limited to:
- The pseudonymization and encryption of Personal Data
- The ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services.
- The ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident.
- A process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.
Description of technical and organizational security measures:
Auditdata’s Information Security Management System (ISMS) is certified by DNV/GL as notified body, certificate available on www.auditdata.com, in accordance with ISO 27001:2013 Information Security Management System standard, covering the following technical and organizational security measures, but not limited to:
Auditdata’s personnel will not process Customer’s Personal Data without authorization and only when this is necessary to fulfil the purpose of the Processing. Personnel are obligated to maintain the confidentiality of any Personal Data and this obligation continues even after their engagement ends.
2. Data Privacy Contact
The Information Security Officer of the data importer can be reached at the following address:
Attn: Chief Security Officer
Dalbergstrøget 5-7, 2.
2630 Taastrup, Denmark
3. Technical and Organization Measures
a) General practices. Auditdata has implemented and will maintain for Auditdata Products and Services appropriate technical and organizational measures, internal controls, and information security routines intended to protect Personal Data, as defined in the Agreement, against accidental loss, destruction, or alteration; unauthorized disclosure or access; or unlawful destruction as set forth in the subsections below. The Customer is wholly responsible for implementing and maintaining security within any applications or virtual machines that Customer uses with the Auditdata Products and Services.
i) Domain: organization of information security.
- Security ownership. Auditdata has appointed a security officer responsible for coordinating and monitoring the security rules and procedures.
- Security roles and responsibilities. Auditdata’s personnel with access to Customer Data are subject to confidentiality obligations.
- Risk management program. Auditdata performed a risk assessment before processing the Personal Data or launching the Auditdata Products or Services.
- Auditdata retains its security documents pursuant to its retention requirements after they are no longer in effect.
ii) Domain: Asset management.
1. Asset inventory. Auditdata maintains an inventory of all media on which Personal Data is stored. Access to the inventories of such media is restricted to Auditdata’s personnel authorized by the management authorization process to have such access.
2. Asset handling.
- Auditdata restricts access to Personal Data. The Customer may implement encryption of Personal Data within its application.
- Auditdata imposes restrictions on printing Personal Data and has procedures for disposing of printed materials that contain Personal Data.
- Auditdata’s personnel must obtain its authorization prior to storing Personal Data on portable devices, remotely accessing Personal Data, or processing Personal Data outside its facilities. This includes removing media (e.g., USB sticks and CD ROMs) and documents containing Personal Data from Auditdata’s facilities.
iii) Domain: Human resources security
1. Security training.
- Auditdata informs its personnel about relevant security procedures and their respective roles. Auditdata also informs its personnel of possible consequences of breaching the security rules and procedures.
- Auditdata will only use anonymous data in training.
iv) Domain: Physical and environmental security
- Physical access to facilities. Auditdata (including subcontractors) limits access to facilities where information systems that process Personal Data are located to identified authorized individuals.
- Physical access to components. Auditdata maintains records of the incoming and outgoing media containing Personal Data, including the kind of media, the authorized sender/recipients, date and time, the number of media and the types of Personal Data they contain.
- Protection from disruptions. Auditdata uses a variety of industry standard systems to protect against loss of data due to power supply failure or line interference.
- Component disposal. Auditdata uses industry standard processes to delete Personal Data when it is no longer needed.
v) Domain: Communications and operations management.
- Operational policy. Auditdata maintains security documents describing its security measures and the relevant procedures and responsibilities of its personnel who have access to Personal Data.
- Data recovery procedures. The data center operating the Auditdata products and services include replication features that facilitate recovery of Personal Data in the event a particular machine or cluster within an Auditdata data center fails. The Auditdata products and services include a regular data backup procedure in addition to the data center replication. Auditdata is obligated to take back-up of data stored within the Software according to Auditdata’s back-up and data recovery procedure which is described below. If Customer wants additional safety measures, then Customer is responsible for taking additional steps to provide added fault tolerance, such as creating historical backups of Personal Data, storing backups of Personal Data off the platform etc.
Auditdata back-up and data recovery procedure:
- On an ongoing basis, but in no case less frequently than once a week (unless no Personal Data has been updated during that period), Auditdata maintains multiple copies of Personal Data from which Personal Data can be recovered. The weekly back-up is kept for at least twelve months.
- Auditdata stores copies of Personal Data and data recovery procedures in a different place from where the primary computer equipment processing the Personal Data is located.
- Auditdata has specific procedures in place governing access to copies of Personal Data.
- Auditdata reviews and test data recovery procedures at least every twelfth months.
- Auditdata logs data restoration efforts, including the description of the restored data, and where applicable, the person responsible and which data (if any) had to be input manually in the data recovery process.
- Personal Data not covered by Auditdata Operations SLA’s (e.g. temporary databases or data files for migration or trouble shooting etc.) is specifically chosen to not be covered by backup procedures, to reduce risk of non-compliance to data retention requirements.
- Malicious software. Auditdata has anti-malware controls to help avoid malicious software gaining unauthorized access to Personal Data, including malicious software originating from public networks.
- Data beyond boundaries.
- Auditdata provides encrypting Personal Data transmitted to and from its data centers over public networks. Auditdata uses encryption for replication of non-public Personal Data between its data centers.
- Auditdata restricts access to Personal Data in media leaving its facilities (e.g., through encryption).
- Event logging. Auditdata logs, or enables the data exporter to log, access and use of information systems containing Personal Data, registering the access ID, time, authorization granted or denied, and relevant activity.
vi) Domain: Access control.
- Access policy. Auditdata maintains a record of security privileges of individuals having access to Personal Data.
- Access authorization.
- Auditdata maintains and updates a record of personnel authorized to access its systems that contain Personal Data.
- Auditdata deactivates authentication credentials that have not been used for a period of time not to exceed twelfth months.
- Auditdata identifies those personnel who may grant, alter or cancel authorized access to data and resources.
- Auditdata ensures that where more than one individual has access to systems containing Personal Data, the individuals have separate identifiers/log-ins.
- Least privilege.
- Technical support personnel are only permitted to have access to Personal Data when needed.
- Auditdata restricts access to Personal Data to only those individuals who require such access to perform their job function.
- Integrity and confidentiality. Auditdata instructs its personnel to disable administrative sessions when leaving premises its controls or when computers are otherwise left unattended.
- Auditdata uses industry standard practices to identify and authenticate users who attempt to access information systems.
- Where authentication mechanisms are based on passwords, Auditdata requires that the passwords are renewed regularly.
- Where authentication mechanisms are based on passwords, Auditdata requires the password to be at least eight characters long.
- Auditdata ensures that de-activated or expired identifiers are not granted to other individuals.
- Auditdata monitors or enables the data exporter to monitor repeated attempts to gain access to Personal Data using an invalid password.
- Auditdata maintains industry standard procedures to deactivate passwords that have been corrupted or inadvertently disclosed.
- Auditdata uses industry standard password protection practices, including practices designed to maintain the confidentiality and integrity of passwords when they are assigned and distributed, and during storage.
- Network design. Auditdata has controls to avoid individuals assuming access rights they have not been assigned to gain access to Personal Data they are not authorized to access.
vii) Domain: Information security incident management
- Incident response process. Auditdata maintains a record of security breaches with a description of the breach, the time period, the consequences of the breach, the name of the reporter, and to whom the breach was reported, and the procedure for recovering data.
- Service Monitoring. Auditdata security personnel verify logs at least every six months to propose remediation efforts if necessary.
viii) Domain: Business Continuity Management
- Domain: Business Continuity Management.
- Auditdata maintains emergency and contingency plans for the facilities in which its information systems that process Personal Data are located.
- Auditdata’s redundant storage and its procedures for recovering data are designed to attempt to reconstruct Personal Data to its last replicated state from before the time it was lost, unless it has been specifically decided to not keep data under backup, for data retention requirements compliance.
The security measures described in this Appendix B are Auditdata’s only responsibility with respect to the security of Personal Data.
Appendix C to the Data Processing Agreement
Customer can find the latest and applicable version of Microsoft OST at www.microsoft.com/en-us/licensing/product-licensing/products.aspx or any other webpage Microsoft designates in its place.