Unloc Privacy Policy and Data Processing

Valid from: March 17, 2024

‍

1. Preamble

This Agreement sets out the main principles for the processing of personal data and forms an integral part of the existing service agreement between the parties (the “Agreement”).

References to the term “Data Processor Agreement” refer to this Agreement Document and the following Appendices:

• Appendix A — Overview of services, processing, personal data and data subjects
• Appendix B — Approved sub-processors
• Appendix C — Overview of technical and organizational measures

‍

2. Purpose of the Data Processing Agreement

The purpose of the Data Processor Agreement is to regulate the rights and obligations under applicable data protection legislation relating to the processing of personal data by the data processor on behalf of the controller.

“Data Protection Legislation” refers to the EU General Data Protection Regulation 2016/679 (“GDPR”) and national privacy regulations in the country where the controller is established, including laws implementing or supplementing the GDPR.

The Data Processing Agreement shall ensure that personal data are processed in accordance with data protection legislation and are not used illegally or come into the possession of unauthorized parties.

‍

3. Scope of Treatment

3.1 General

The controller determines the purposes and means of processing personal data.

The data processor, its sub-processors and other persons acting under the authority of the data processor and having access to the personal data shall process the personal data only on behalf of the controller and in accordance with the Agreement and the controller's documented instructions, unless otherwise provided for in applicable law.

The Data Processor shall immediately inform the Data Controller if, in the opinion of the Data Processor, an instruction violates data protection legislation.

‍

3.2 Purpose and Scope of Processing

The Data Processor Agreement applies to the processing of personal data by the Data Processor on behalf of the Data Controller in connection with the Data Processor's provision of the “Services” as described in Appendix 1, Section 1.

The nature and purpose of the processing, including operations and activities, are specified in Appendix 1, Section 2.

3.3 Categories of Personal Data and Data Subjects

The processing involves the processing of categories of personal data as specified in Appendix 1, Section 3, and such data subjects as specified in Annex 1, Section 4.

‍

4. Obligations of the Controller

The controller guarantees that the personal data are processed for legitimate and objective purposes and that the data processor does not process more personal data than is necessary to fulfill such purposes.

The controller is responsible for ensuring that there is a valid legal basis for the processing at the time of transfer of the personal data to the data processor, including that any consent is given explicitly, voluntarily, unambiguously and on an informed basis.

The controller also guarantees that the data subjects have been provided with sufficient information regarding the processing of their personal data.

‍

5. Confidentiality

The Data Processor, its sub-processors and other persons acting under the authority of the Data Processor and having access to the Personal Data are subject to confidentiality and shall comply with professional confidentiality with respect to the processing of personal data and security documentation in accordance with applicable data protection legislation.

For complete and up-to-date information, please visit the official page: https://unloc.app/no/privacy-policy.