Consumer Rights Management and GDPR Overview - Salesforce DMP
|
|
- Helen Nash
- 5 years ago
- Views:
Transcription
1 Consumer Rights Management and GDPR Overview - Salesforce DMP How Salesforce Accelerates Compliance & Customer-Centricity with GDPR Maxwell Anderson, Director Product Management Debra Kadner, Sr. Director Product Management
2 Agenda 01. Revisit Solution Components 02. Review Technical Options 03. Product Demo 04. Implementation Best Practices 05. Further Resources & Questions
3 Key Areas of Focus Four key areas of focus across Salesforce Marketing Cloud & Salesforce DMP Right to be Forgotten Consent Management Restriction of Processing Data Portability
4 Salesforce Commitment to you... We are not your legal counsel - but we are your trusted partner. -Ourcommitment to you is we are going to give you a toolkit that empowers you to make decisions about policy that meet the needs of your business and your customer.
5 Key GDPR Terms & Concepts
6 Physical Entities Overview Processing Internet User ( Data Subject aka consumer ) Processing AWS for Salesforce DMP ( Sub-Processor ) DMP Customer ( Controller ) You Processing Salesforce ( Processor ) Salesforce Data Subject : individual the Personal Data relates to (aka consumer) Controller : primarily responsible for Privacy compliance (aka DMP customer) Processor, Sub-processor : act upon instruction of Controller; also responsible for Privacy compliance Processing : any handling of Personal Data
7 Actions Overview Consumer Rights Management features introduce four new actions in the DMP Salesforce DMP Action Action Meaning Action Response Provide Consent (set) Used to set consent information for a given user input. Blacklists for downstream activities updated. Get Current Consent Status (get) Used to get consent information for a given user input. Consent settings provided to requester. Delete Data (remove) Used to request data deletion for a user. All data deleted in DMP, all consent settings set to false. Get User Data (portability) Used to request all data for a given user. Specific data feed created and delivered to customer via S3.
8 Methods Overview 5 methods exist to request Consumer Rights Management actions </> API SDK JS Tag File DMP UI
9 Action Impact Overview When an action is taken, what does it apply to? 1 Device Level Defaults 2 Bridge Key Level Actions Supported Action Request Customer ID / User ID / Bridge Key 3 Predictive CDIM Actions Not Supported Device 1 Targeting = YES Device 2 Targeting = YES Device 3 Targeting = YES
10 Action Impact Overview When an action is taken, what does it apply to? Device + Organization Organization Linking Supported Legal Standardization Requirements Customer responsible for ensuring legal standardization across organization / organizations.
11 Consent Management
12 Consent Flags Overview DMP functionality gated based on consent for 6 activities Salesforce DMP Term Interpretation Data Collection Collecting and storing events. Targeting Sending a device to a 3rd party for campaign execution or other uses. Analytics Any processing of data. Cross Device Using data to link one device to another. Sharing Data Sharing data or linkages with 3rd parties. Reidentification Taking data collected with a pseudonymous or anonymous key and merging it to a PII key.
13 Consent Management Basics 1. All devices in each organization must have a consent setting for all flags - null consent is not possible. 2. Customer responsible for obtaining consent and passing the consent to the DMP through one of the 5 methods. 3. Regardless of customer actions DMP functionality is gated based on consent settings for each device within each organization.
14 Understanding Consent Sources First Party Direct Consent: - Direct consent obtained directly from a consumer and passed to the DMP - Highest signal quality - Applies to - Files - SDK - API - UI
15 Understanding Consent Sources Second Party Indirect Consent: - Used when direct consent is absent - Inherited from customer defined configuration - Applies only to users in - ad_impression.gif heartbeat.gif DT 2.0 media_analytics.gif event.gif
16 Understanding Consent Sources Third Party Indirect Consent: - Used when second party and first party consent do not exist - Applies to all users from 3P data providers - Data providers contractually obligated to provide consented data for - Targeting Analytics
17 Understanding Consent Sources Industry Opt Out: - Addresses opt outs from NAI, DAA, and DMP Privacy Page - Applies across all organizations - Trumps any other consent source
18 Unknown Consent & Policy Regime Unknown consent is interpreted differently based on policy regime Policy Regime: A specific set of privacy policy regulations that apply for a specific device. ` GDPR Global Standard
19 Policy Regime Association Each device has an associated policy regime within each account, but how? All devices in account associated with a single Organizat ion Level policy regime. Each device in account associated based on geographic region OR customer designation. User Level
20 Unknown Consent - Policy Regime Based Defaults Consent defaults are assigned based on policy regime in absence of other signals GDPR Global Standard Data Collection: Data Collection: Targeting: Targeting: Analytics: Analytics: Cross Device: Cross Device: Data Sharing: Data Sharing: Reidentification: Reidentification:
21 Consent Resolution Hierarchy Consent is based on the most recent signal from the highest priority consent source Industry Opt Out Example 1: First Party Consent Used Priority First Party (Direct) Second Party (Indirect) 3rd Party (Indirect) Unknown Recency
22 Consent Resolution Hierarchy Consent is based on the most recent signal from the highest priority consent source Example 2: Second Party Consent Used Industry Opt Out Priority First Party (Direct) Second Party (Indirect) 3rd Party (Indirect) Unknown Recency
23 Consent Resolution Hierarchy Consent is based on the most recent signal from the highest priority consent source Example 3: Third Party Consent Used Industry Opt Out Priority First Party (Direct) Second Party (Indirect) 3rd Party (Indirect) Unknown Recency
24 Consent Resolution Hierarchy Consent is based on the most recent signal from the highest priority consent source Example 4: Opt Out Honored Industry Opt Out Priority First Party (Direct) Second Party (Indirect) 3rd Party (Indirect) Unknown Recency
25 Consent Conflicts Some consent signals have dependencies which can result in conflicting consent settings Conflict Example: Analytics Targeting, Cross Device, Data Sharing, and Reidentification all depend on positive analytics consent. Targeting Cross Device Data Sharing Reidentification A device cannot consent to targeting without consenting to analytics.
26 Consent Conflict Resolution Some consent signals have dependencies Analytics Analytics Positive R esolution Targeting Cross Device Data Sharing Reidentification Negative Resolution Targeting Cross Device Data Sharing Reidentification
27 Consent Backfill Overview Optional method for addressing day zero population fluctuations 1. All devices in account set to consent settings per designation in UI. This can be based on your interpretation of rights / consent from pre-gdpr worldview. 2. Helps ensure populations stay high while you work through consent implementations. Settings applied once, and never repeated again. 3. Customer responsible for defining with their legal team which approach makes sense.
28 Data Deletion & Portability
29 Data Deletion Overview - After requested ALL data in the DMP is deleted for that account - Data not deleted includes consent history (aka audit logs) and BK-KUID relationships - this is due to audit purposes
30 Data Portability Overview - After requested ALL relevant raw data in the DMP will be delivered to customer for the requesting user - Files delivered within 14 days - Customer responsible for delivering to the consumer / data subject
31 Method Overview
32 Methods Overview 5 methods exist to request Consumer Rights Management actions Considerations when determining the appropriate method Ease of implementation effort and maintenance (automated vs manual) Speed of processing consent signal (real time vs batch) Dependencies (requires existing DMP infrastructure or not) Real-time API SDK JS Tag DMP UI File Batch Manual Automated
33 Method: API, SDK, and JavaScript Consent Tag API, SDK and Consent Tags are the recommended method for passing consent signals where possible Ease of implementation Fastest processing of consent signal Recency rules inherently reflect the user preference Krux('ns:mynamespace', 'consent:set', { idt: 'device', dt: 'idfa', idv: '6D92078A BA4-AE5B E7DC', dc: true, al: true, tg: true, cd: true, sh: false, re: false }); Note: Consent Tags require DMP Control Tags on page
34 Method: Consent File File uploads are supported, but put ongoing burden on the organization to ensure timely delivery and proper file format Consent files uploaded to S3 Only records in valid format will be processed Data is processed daily, so requests are not registered until after processing is complete Recency will be determined by the record timestamp (if submitted) or the processing timestamp of the file device^kxcookie^abcdef123^set^global^dc=1&tg=1&al=1&cd=1&sh=0&re=1^ device^idfa^6d92078a ba4-ae5b e7dc^set^gdpr^dc=1&tg=0&al=0&cd=1&sh=0&re=0^ bk^ _sha256^f660ab912ec121d1b1e928a0bb4bc61b15f5ad44d5efdc4e1c92a25e99b8e44a^remove^^^
35 Method: DMP UI DMP UI requires manual administration, and recommended only for one-off cases This method is intended to support set, remove, and portability requests coming via other sources such as support tickets Manual recording of identifiers in UI is inherently error-prone Recency will be determined by when UI Administrator clicks Submit
36 Audit Logs Overview - All activities triggered (regardless of method) are stored in audit logs - Audit logs delivered to customer daily (S3) and can be used for troubleshooting or general auditing Device: idt^dt^idv^kuid^orguuid^consentsource^ts^{flags}^action^pr^prsrc^ip^reqid Bridge Key: idt^dt^idv^kuid^orguuid^consentsource^ts^{flags}^action^pr^prsrc^ip^reqid
37 UI Demo
38 Implementation Best Practices
39 Implementation Key Takeaway You MUST pass consent signals as functionality will be gated regardless.
40 General checklist and timing of activities May 25, 2018 Daily/Weekly INITIAL SETUP Define company approach and collect consent Define company approach to GDPR Setup and confirm organization configuration settings Select and implement UX for consent Connect consent experience to the Salesforce DMP Review SuperTag and mark applicable tags Ad hoc REVIEW & ADJUST Modify default settings/approach if required View Consent Reports to understand consent distribution Monitor populations within the DMP for population drop-offs Adjust configuration settings based on risk profile and population sizes ONGOING MAINTENANCE Revisit settings with changing business Link any new organizations during the DMP implementation phase Change Policy Regime Association based on new regulations Ensure SuperTags are marked correctly for data collection where applicable
41 Review/Confirm Default Settings INITIAL SETUP - Policy Regime Association = User Level, GDPR Conflict Overrides = Consent flags set to false to avoid conflicts Non-consented data collection via 2nd party sources will be deleted nightly 2nd Party Consent Defaults = data collection, analytics, targeting, cross device are true, data sharing and reidentification are false (same as Global Standard Policy Regime defaults)
42 Linking Organizations INITIAL SETUP How are organizations delineated and managed? Do organizations span different policy regimes? Is consent management centralized? BU 1 Example 1 Example 2 Parent Org Parent Org BU 2 BU 3a BU 3b Market 1 Market 2 Market 3 Market 4 Market 5
43 Defaults Determine Data Flow and Usability INITIAL SETUP Thoughtful implementation can mitigate collection risk Collection Filter Best Practices Policy Regime Association Consent Conflict Resolution 2nd Party Defaults User True All On Org & GDPR False All Off Reduce Unknown devices by getting consent, and using user level setting instead of organization level Deploy clearly-defined privacy page to reduce the likelihood of conflict Drive 1P traffic to explicitly obtain consent
44 Importance of Backfill Settings Vary by Implementation In the absence of backfill, devices will be considered to as unknown Setting Influence Segment Lookback Window Amount of Historical Data Return Visitor Status 180+ days Large Seldom 90 days Small Often Real-time segments and short-term windows don t rely on rich historical data Newer implementations have less historical data Frequent visitors provide quick opportunities to get consent post May 25 INITIAL SETUP
45 Select and Implement UX for Consent Requires coordination across legal, UX team, technical team, DMP Administrator INITIAL SETUP Determine consent model Create UX around consent Document mapping between privacy page and consent signals Determine process, SLA and audit records required for obtaining and passing consent For File and UI-based consent process, determine owner and process for passing consent </> API SDK Salesforce DMP Consumer Rights Management S3 UI
46 UX Implementation Considerations INITIAL SETUP Showing user current settings requires GET consent method 4 hour deltas between SET and GET showing the recent settings via API/SDK/JSTag Complete consent queries are required else default to false - consider implementing a save button with checks to avoid possible conflicts and partial sets Contemplate SLAs in defining UX
47 Specifying and Connecting Consent Model Determine the level of consent granularity that is appropriate for your business 1:1 Consent Model Example 1:Many Consent Model Example Hybrid Consent Model Example Please provide your consent to the terms and use of this website Please provide your consent Please provide your consent Data Collection Analytics Targeting Cross Device Data Sharing Reidentification dc: 1 al: 1 tg:1 cd:1 sh:0 re:0 I agree dc: 1 al: 1 tg:1 cd:1 sh:1 re:1 Interest-based advertising Cross-device ID Matching dc: 1 al: 1 tg:1 cd:0 sh:1 re:1 INITIAL SETUP
48 Ensure Process Covers All Consent Modes Define approach and determine consent model Document process, Consent mapping, Consent audit trails, and SLAs for offline requests INITIAL SETUP Maintain audit logs Build UX Implement API/SDK/JS and Connect to UX DMP ADMIN Train DMP Admin on Consent UI Fulfill requests via UI OFFLINE TECH ONLINE TECH UX LEGAL May 25, 2018 Establish S3 Access and File Specs Upload Files as requested
49 Stepping through implementation scenarios How setting defaults and implementation decisions affect data flow and population size What is your main source of traffic? (1P / 2P / 3P) Where does your traffic originate? (EU / Other) Are you planning on passing consent? (Y / N) You MUST pass consent signals as functionality will be gated regardless.
50 Scenario 1: Tight defaults, no consent integration Populations will be dramatically reduced Consent Source 1P Traffic Source EU & Other Policy Regime Level Organization Data Collection: Analytics: Targeting: Cross Device: Policy Regime GDPR Passing Consent N Backfill Set N Data Sharing: Reidentification: All traffic is treated like EU, and in the absence of consent, all flags are set to FALSE
51 Scenario 2: Standard defaults, no consent integration Data collection and use will vary based on organization traffic Conset Source 1P Traffic Source EU & Other Policy Regime Level User Data Collection: Analytics: Targeting: Cross Device: Policy Regime GDPR Passing Consent N Backfill Set N Data Sharing: Reidentification: 30% traffic originating outside EU will follow Global Standard consent flags
52 Scenario 3: Standard defaults, backfill, no consent integration Backfill settings defaults will influence data capture and use Consent Source 1P Traffic Source EU & Other Policy Regime Level User Data Collection: Analytics: Targeting: Cross Device: Policy Regime GDPR Passing Consent N Backfill Set Y Data Sharing: Reidentification: Backfilling allows for more devices to be counted for consent
53 Scenario 4: Establish backfill and pass consent Backfill and consent efforts allow for more opportunities for data capture and use Consent Source 1P Traffic Source EU & Other Policy Regime Level User Data Collection: Analytics: Targeting: Cross Device: Policy Regime GDPR Passing Consent Y Backfill Set Y Data Sharing: Reidentification: This assumes all devices came to 1st party property and ⅔ accept 1P consent across all flags
54 Scenario 5: Pass consent despite limited EU traffic Consent efforts in place, but EU unknown devices not appropriately treated Consent Source 1P & 2P Traffic Source EU & Other Policy Regime Level User Data Collection: Analytics: Targeting: Cross Device: Policy Regime Global Standard Passing Consent Y Backfill Set Y 2P traffic drives consent across some devices Data Sharing: Reidentification:
55 Scenario 6: Rely on defaults but may have legal implications 2nd party defaults drive consent, but EU unknown devices not appropriately treated Consent Source 1P & 2P Traffic Source EU & Other Policy Regime Level Org Data Collection: Analytics: Targeting: Cross Device: Policy Regime Global Standard Passing Consent N Backfill Set Y Data Sharing: Reidentification: New 1P devices are assigned Global Standard consent flags, irrespective of location
56 Review SuperTags for Data Collection INITIAL SETUP Train DMP SuperTag Administrator(s) on new SuperTag control Plan a tag audit and review process in advance of the May 25th timeline based on the number of tags your company is firing via SuperTag Update your tag deployment process to includes data collection reporting and verification Determine any additional audit trail you may want to maintain for inbound tag deployment requests
57 Monitor Reports and Populations Post-launch DMP population drop-offs may illuminate gaps in consent framework What is the consented population? Are the defaults correct? Is consent resolution appropriate? Are organization links constraining non-eu business? REVIEW ADJUST
58 Revisit Settings Based on Changes in Business Changes should be made ad hoc based on changing business needs New organizations may need to be linked Defaults may need to be adjusted SuperTags should be evaluated and audited Parent Org BU 1 BU 2 BU 3 Market 1? BU 3 Market 2 ONGOING
59 DATA INGESTION AUDIENCE ANALYTICS AND SEGMENTATION Build audience segment with 1st party data X X X X X
60
61 Data Rectification GDPR Article 16 The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
62 Data Subject Request The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to that personal data and certain other information, such as the purposes of the processing and the recipients of the personal data, among others. GDPR Article 15
63 Security GDPR Articles 32 The controller and the processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
64 International Transfers of Data GDPR Articles Any transfer of personal data which are undergoing processing or are intended for processing after transfer to a third country (i.e. outside of the European Economic Area) shall take place only if: - that country has received a decision from the European Commission that it is deemed to be adequate ; - there are appropriate legal safeguards in place (e.g. Binding Corporate Rules, Standard Contractual Clauses, etc.); or - there is an applicable derogation (e.g. consent, necessary for the performance of a contract)
DATA PROTECTION POLICY
DATA PROTECTION POLICY OVERVIEW KEY DETAILS Policy prepared by: Roger Dunn Approved by Board/committee on: 23/05/2018 Next review date: 20/05/2020 INTRODUCTION In order to operate, Lancaster and District
More informationHillgate Travel GDPR Response. Privacy Policy
Hillgate Travel GDPR Response Privacy Policy HILLGATE TRAVEL This document has been designed using the guidance procedures provided by the Information Commissioners Office (ICO) and in relation to the
More informationData Processing Addendum
Data Processing Addendum Based on the General Data Protection Regulation (GDPR) and European Commission Decision 2010/87/EU - Standard Contractual Clauses (Processors) This Data Processing Addendum ( DPA
More informationThe GDPR how to prepare MiFID II where are we now? Wednesday 21 February 2018
The GDPR how to prepare MiFID II where are we now? Wednesday 21 February 2018 GDPR so far The EU General Data Protection Regulation (Regulation (EU) 2016/679) comes into effect on 25 May 2018 Aims to protect:
More informationCustomer GDPR Data Processing Agreement
Customer GDPR Data Processing Agreement Version May 2018 This Customer Data Processing Agreement reflects the requirements of the European Data Protection Regulation ( GDPR ) as it comes into effect on May
More informationMichael R. Cohen CIPP/US, CIPP/E Gray Plant Mooty. Overview of the EU General Data Protection Regulation (GDPR)
Michael R. Cohen CIPP/US, CIPP/E Gray Plant Mooty Overview of the EU General Data Protection Regulation (GDPR) WHAT YOU NEED TO KNOW ABOUT THE EU GENERAL DATA PROTECTION REGULATION (GDPR) What is the GDPR?
More informationRigor, Inc. GDPR Data Processing Addendum
Rigor, Inc. GDPR Data Processing Addendum This GDPR Data Processing Addendum, including the Standard Contractual Clauses referenced herein ( DPA ), supplements any existing and currently valid Rigor license
More informationBINDING CORPORATE RULES
BINDING CORPORATE RULES CONTROLLER PRINCIPLES INTRODUCTION At Marsh & McLennan Companies (MMC), we respect and are committed to protecting the privacy, security and integrity of Personal Information 1
More informationData Processing Addendum
Data Processing Addendum This Data Processing Addendum (" DPA "), forms part of the Agreement or other written or electronic agreement between Pleo Technologies ApS (" Pleo ) and Customer for the purchase
More informationBudget FREQUENTLY ASKED QUESTIONS. August 7, Budget Configuration and Dashboard Information What is Budget?...1
Table of Contents Configuration and Dashboard Information... 1 1. What is?...1 2. What are the benefits of?...1 3. Who is for?...2 4. What data informs?...2 5. In what markets is available?...2 6. What
More informationHow To Guide X3 Bank Card Processing Sage Exchange
How To Guide X3 Bank Card Processing Sage Exchange Table of Contents Introduction... 2 Credit Card Parameters GESXA0... 3 Payment Types GESTPY... 6 Invoicing Method GESBPC... 6 Sales Order Processing -
More informationPrivacy Statement v 1.1
Privacy Statement v 1.1 Context and Overview This notice will take effect from 25/05/2018 Burke Insurances Ltd. is committed to protecting and respecting your privacy. It is the intention of this privacy
More informationGeneral Data Protection Regulation (GDPR) Data Protection Notice
General Data Protection Regulation (GDPR) Data Protection Notice Innovative Sensor Technology IST AG attaches great importance to the protection of your personal data. We therefore conduct our business
More informationBenefits Module Release Notes
Release Notes for 03/12/19 Modifying an Existing Quality of Life Event The functionality for an employee to modify an existing Qualifying Life Event (QLE) or choose to begin a new QLE will be released
More informationAmazon Elastic Compute Cloud
Amazon Elastic Compute Cloud An Introduction to Spot Instances API version 2011-05-01 May 26, 2011 Table of Contents Overview... 1 Tutorial #1: Choosing Your Maximum Price... 2 Core Concepts... 2 Step
More informationPrivacy Notice. Our Hastings Direct SmartMiles policy has a separate privacy notice which can be found here.
Privacy Notice Introduction Your privacy s important to us and we go to great lengths to protect it. This privacy notice tells you about the personal data we hold about you, so we can provide you with
More informationprivacy notice who is responsible for processing your personal data and who you can contact in this regard reasons for processing your data
privacy notice privacy notice This privacy notice provides an overview of how Pancyprian Insurance Ltd (the Company ) processes your personal data. Personal data refers to any information relating to you
More informationJOSTENS EUROPEAN PRIVACY POLICY
This website uses different types of cookies to enable, improve and monitor the use of our website. For more information see our cookie policy. By clicking accept or continuing to browse on our website,
More informationDEAL BY SEA LTD PRIVACY NOTICE
DEAL BY SEA LTD PRIVACY NOTICE 1. Scope All data subjects whose personal data is collected, in line with the requirements of the GDPR. 2. Responsibilities 2.1. The Data Protection Officer is responsible
More informationData Processing Appendix
Company Name* Execution Date *Company name indicated must conform to the name on customer s Master Subscription Agreement executed with SugarCRM. This Data Processing Appendix on the processing of personal
More informationPRIVACY POLICY OVERVIEW
PRIVACY POLICY OVERVIEW This Privacy Policy establishes rules to govern the collection, use and disclosure of personal information collected by Sylogist Ltd. and its affiliates (collectively the Company
More information07/21/2016 Blackbaud CRM 4.0 Revenue US 2016 Blackbaud, Inc. This publication, or any part thereof, may not be reproduced or transmitted in any form
Revenue Guide 07/21/2016 Blackbaud CRM 4.0 Revenue US 2016 Blackbaud, Inc. This publication, or any part thereof, may not be reproduced or transmitted in any form or by any means, electronic, or mechanical,
More informationON24 DATA PROCESSING ADDENDUM
ON24 DATA PROCESSING ADDENDUM This Data Processing Addendum ( Addendum ) is entered into by and between ON24 Inc., on behalf of itself and its Affiliates ( ON24 ), and Client, on behalf of itself and its
More informationPRIVACY NOTICE issued by DALE Accounting and Tax Services Ltd
PRIVACY NOTICE issued by DALE Accounting and Tax Services Ltd Introduction The Data Protection Act 2018 ( DPA 2018 ) and the General Data Protection Regulation ( GDPR ) impose certain legal obligations
More informationData protection Your privacy is important to us
Data protection Your privacy is important to us Who controls my personal information? This leaflet tells you how Zurich Assurance Ltd ( Zurich ), as data controller, will deal with your personal information.
More informationPrivacy Policy Statement
Privacy Policy Statement QuoteDevil is committed to protecting and respecting your privacy. It is the intention of this privacy policy statement to explain to you the information practices of QuoteDevil
More informationMan and Machine - Data Protection Policy
Man and Machine - Data Protection Policy 1. Introduction This Policy sets out the obligations of Man and Machine Ltd, whose registered office is at Unit 8 Thame 40, Jane Morbey Road, Thame, Oxfordshire,
More informationGDPR DATA PROCESSING ADDENDUM INSTRUCTIONS FOR JOSTLE CUSTOMERS
GDPR DATA PROCESSING ADDENDUM INSTRUCTIONS FOR JOSTLE CUSTOMERS WHO SHOULD EXECUTE THIS DPA: If you have determined that you qualify as a data controller under the GDPR, and need a data processing addendum
More informationAppendix Special Conditions for Public Cloud Computing Services Software and Services
Appendix Special Conditions for Public Cloud Computing Services Software and Services 23.3-5559-17 Page 2 (10) Contents 1 Applicability...3 2 Special Notes on Contract Documents...3 3 Framework Agreement
More informationDATA PROCESSING ADDENDUM (GDPR and EU Standard Contractual Clauses)
DATA PROCESSING ADDENDUM (GDPR and EU Standard Contractual Clauses) Rev. 1 May 2018 This Data Processing Addendum ( DPA ) forms part of the product or services agreement ( Agreement ) or other written
More informationCompensating Balances for Business Loans
2014-2015, Inc. or its affiliates. All rights reserved. This work is confidential and its use is strictly limited. Use is permitted only in accordance with the terms of the agreement under which it was
More informationData Protection Notice pursuant to the General Data Protection Regulation (GDPR)
Data Protection Notice pursuant to the General Data Protection Regulation (GDPR) The Endress+Hauser Group ( Endress+Hauser, we or us ) attaches great importance to the protection of your personal data.
More informationStreamline and integrate your claims processing
Increase flexibility Reduce costs Expedite claims Streamline and integrate your claims processing DXC Insurance RISKMASTERTM For corporate claims and self-insured organizations DXC Insurance RISKMASTER
More informationData protection information under the EU General Data Protection Regulation in Italy
Data protection information under the EU General Data Protection Regulation in Italy May, 2018 The following information provides an overview of how we process personal data and rights under data protection
More informationReal-time Driver Profiling & Risk Assessment for Usage-based Insurance with StreamAnalytix
Real-time Driver Profiling & Risk Assessment for Usage-based Insurance with StreamAnalytix The auto insurance industry is rising up to meet consumer expectations of personalization and flexibility in all
More informationImpact of the European General Data Protection Regulation on U.S. M&A
CLIENT MEMORANDUM Impact of the European General Data Protection Regulation on U.S. M&A March 26, 2018 The winds of change will shortly sweep across the data privacy landscape in the European Union ( E.U.
More information06/13/2017 Blackbaud Altru 4.96 Revenue US 2017 Blackbaud, Inc. This publication, or any part thereof, may not be reproduced or transmitted in any
Revenue Guide 06/13/2017 Blackbaud Altru 4.96 Revenue US 2017 Blackbaud, Inc. This publication, or any part thereof, may not be reproduced or transmitted in any form or by any means, electronic, or mechanical,
More informationGDPR Data Processing Addendum (DPA) Instructions for Area 1 Security Customers
Area 1 Security, Inc. 142 Stambaugh Street Redwood City, CA 94063 EU GDPR DPA GDPR Data Processing Addendum (DPA) Instructions for Area 1 Security Customers Who should execute this DPA: If you qualify
More informationPRIVACY NOTICE LAST UPDATED: SEPT. 2018
PRIVACY NOTICE LAST UPDATED: SEPT. 2018 HOW THE BANK USES YOUR PERSONAL DATA This privacy notice provides an overview of how Hellenic Bank Public Company Ltd (the Bank ) processes your personal data. Personal
More informationThe Controller and Processor Data Protection Binding Corporate Rules of BMC Software
The Controller and Processor Data Protection Binding Corporate Rules of BMC Software 4 August 2015 Table of Contents Introduction 2 PART I: BACKGROUND AND ACTIONS 3 PART II: BMC AS A CONTROLLER 5 PART
More informationData Processing Appendix
Data Processing Appendix This Data Processing Appendix (the Appendix ) is attached to and forms part of the Supplier General Terms and Conditions (the Agreement ) between Nebula Oy ( Supplier ) and customer
More informationOATS to CAT FAQ Mapping Exercise
OATS to CAT FAQ Mapping Exercise In order to assist industry members with the implementation of the Consolidated Audit Trail (CAT), FINRA and the Exchange SROs (the Participants ) have prepared the following
More informationGDPR CCPA LGPD. Protected information
Stricter data protection laws are on the rise. While only a couple of years ago, data protection legislations and requirements were frequently marginalized and the position of the data protection officer
More informationCLOUDINARY DATA PROCESSING ADDENDUM
CLOUDINARY DATA PROCESSING ADDENDUM This Data Processing Addendum ( DPA ) forms part of the agreement for the subscription by the Customer to the Cloudinary Service ("Subscription Agreement") between Cloudinary
More informationThe EU s General Data Protection Regulation enters into force on 25 May 2018
May 2018 The EU s General Data Protection Regulation enters into force on 25 May 2018 Keeping our customers data safe is nothing new to us. Protecting the information and the personal data that our customer
More informationAll Sorts UK Limited Data Protection Policy 17 th May 2018
All Sorts UK Limited Data Protection Policy 17 th May 2018 1. Introduction This Policy sets out the obligations of All Sorts UK Limited, a company registered in England under number 03534972, whose registered
More informationEpicor Tax Connect for Eclipse. Release 9.0.3
Epicor Tax Connect for Eclipse Release 9.0.3 Disclaimer This document is for informational purposes only and is subject to change without notice. This document and its contents, including the viewpoints,
More informationData Privacy Statement
1/7 Data Privacy Statement Bank J. Safra Sarasin Ltd ( Bank ) has issued this Data Privacy Statement in light of the Swiss Federal Act on Data Protection ( DPA ) and its upcoming revision as well as the
More informationYour Data Your Rights
Your Data Your Rights Introduction Here at Standard Bank we take your privacy seriously. When you provide us with information from which you can be identified or which renders you identifiable (your personal
More informationVersion Setup and User Manual. For Microsoft Dynamics 365 Business Central
Version 1.0.1.0 Setup and User Manual For Microsoft Dynamics 365 Business Central Last Update: October 26, 2018 Contents Description... 4 Features... 4 Cash Basis versus Accrual Basis Accounting... 4 Cash
More informationData Privacy Notice of Sumitomo Mitsui Banking Corporation, Brussels Branch ( SMBC )
Data Privacy Notice of Sumitomo Mitsui Banking Corporation, Brussels Branch ( SMBC ) 1 ABOUT THIS NOTICE 1.1 Company issuing this Notice Sumitomo Mitsui Banking Corporation Brussels Branch, Neo Building,
More informationABBOTT DIABETES CARE Effective Date: February 4, 2018
Abbott LibreView Patient Online Privacy Notice ABBOTT DIABETES CARE Effective Date: February 4, 2018 This Privacy Notice explains how we handle the personal information that you provide to us via the LibreView
More information2018 Australian privacy outlook
www.pwc.com.au 2018 Australian privacy outlook LegalTalk Alert Authors: Sylvia Ng, Steph Baker, Rohan Shukla 12 March 2018 Contents Notifiable Data Breaches Scheme EU General Data Protection Regulation
More informationDATA PROCESSING ADDENDUM
This Data Processing Addendum (the DPA ) forms part of Telia Bedriftsavtale or other written or electronic agreement between the Parties for the purchase of telecommunication services, and regulates any
More informationHOW TO EXECUTE THIS DPA:
DATA PROCESSING ADDENDUM (GDPR, and EU Standard Contractual Clauses) (Rev. April 20, 2018) This Data Processing Addendum ( DPA ) forms part of the Master Subscription Agreement or other written or electronic
More informationINVESTOR360 : ADDITIONAL ASSETS
INVESTOR360 : ADDITIONAL ASSETS The Additional Assets section displays a list of outside assets associated with the account, such as bank accounts, loans, and credit cards, as well as assets manually entered
More informationDATA PROTECTION POLICY. AtonLine Limited
20 Kyriakou Matsi Avenue, 4 th Floor CY-1082 Nicosia Cyprus Tel: +357 22 68 00 15 Fax: +357 22 68 00 16 Web: www.atonint.com DATA PROTECTION POLICY AtonLine Limited 2018 This Data Protection Policy is
More informationCyber ERM Proposal Form
Cyber ERM Proposal Form This document allows Chubb to gather the needed information to assess the risks related to the information systems of the prospective insured. Please note that completing this proposal
More informationImplementation Wizard
Implementation Wizard User Guide 125 N. Kickapoo Lincoln, Illinois 62656 integrity-data.com 888.786.6162 **Updated Documentation** visit our website to check for updated user guides. P a g e 1 32 Copyright
More informationPRIVACY POLICY: INSURANCE OPERATIONS
PRIVACY POLICY: INSURANCE OPERATIONS CAA South Central Ontario ( CAA, we, us, or our ) and its affiliated companies, including CAA Insurance Company ( CAA Insurance ), respect the privacy of your personal
More informationData Processing Addendum
Data Processing Addendum This Data Processing Addendum ( DPA ) forms part of the Agreement(s) and is entered by and between the Customer and the Service Provider on the Effective Date. For the avoidance
More informationTable of Contents. Genoa User Guide. Policy Setup Bridge User Guide Policy Setup
Table of Contents 0 Genoa User Guide Policy Setup 4.2.3 4.2.3 Bridge User Guide Policy Setup Table of Contents 0 Table of Contents TABLE OF CONTENTS... Searching For a Policy... 1 Searching for the Latest
More informationEU General Data Protection Regulation vs. Swiss Data Protection Act (in the Private Sector 1 )
EU General Data Protection Regulation vs. Swiss Data Protection Act (in the Private Sector 1 ) October 26, 2017 Version 4.01 David Rosenthal (david.rosenthal@homburger.ch) Updates and more infos: http://www.homburger.ch/dataprotection
More informationa publication of the health care compliance association SEPTEMBER 2018
hcca-info.org Compliance TODAY a publication of the health care compliance association SEPTEMBER 2018 Strengthening the relationship between DOJ attorneys and compliance professionals an interview with
More informationFull Stocktake 3 Partial Stocktake 4. Scanning/ Counting 7. Printing/ Reviewing Variances 9. Finalizing 10. Printing Stock Reports 11.
Stocktake The purpose of this Stocktake procedure is to check the physical stock quantities with the system stock on hand quantities. A Stock Valuation (Stock Analysis Report) may be run at anytime, without
More informationTRAVELTOKENS SALE PRIVACY POLICY Last updated:
TRAVELTOKENS SALE PRIVACY POLICY Last updated: 23.11.2017 STATUS AND ACCEPTANCE OF PRIVACY POLICY 1. This Privacy Policy (hereinafter referred to as the Policy ) sets forth the general rules of Participant
More informationSolar Eclipse Credit Card Authorization. Release 9.0.4
Solar Eclipse Credit Card Authorization Release 9.0.4 i Table Of Contents Disclaimer This document is for informational purposes only and is subject to change without notice. This document and its contents,
More informationGDPR Data Processing Addendum
GDPR Data Processing Addendum Effective Date 24 May 2018 This Data Processing Addendum for the GDPR (Addendum) is made as of the Effective Date by and between Fresh Relevance Ltd incorporated and registered
More informationDATA PROCESSING ADDENDUM (INCLUDING EU STANDARD CONTRACTUAL CLAUSES)
DATA PROCESSING ADDENDUM (INCLUDING EU STANDARD CONTRACTUAL CLAUSES) This Data Processing Addendum ( DPA ) shall become effective without any further action by the parties: (a) if Customer signing this
More informationDATA PROCESSING AGREEMENT
DATA PROCESSING AGREEMENT This Data Processing Agreement ( DPA or Agreement ), entered into by the CPI customer identified on the applicable CPI services agreement for CPI services ( Customer ) and the
More informationGDPR Essentials. To Meet the May 25th Deadline. FIA Webinar March 1, 2018
GDPR Essentials To Meet the May 25th Deadline FIA Webinar March 1, 2018 3/1/2018 1 Administrative Items The webinar will be recorded and posted to the FIA website following the conclusion of the live webinar.
More informationRevising policies and procedures under the new EU GDPR
Revising policies and procedures under the new EU GDPR Richard Campo, CISM GRC Consultant IT Governance Ltd 1 Sept 2016 www.itgovernance.co.uk TM Introduction Richard Campo GRC consultant Data protection
More informationGeneral Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) January 2018 Lockton Companies After several years of extensive negotiation, the European Union (EU) adopted the General Data Protection Regulation (GDPR) 1 on
More informationMargin Direct User Guide
Version 2.0 xx August 2016 Legal Notices No part of this document may be copied, reproduced or translated without the prior written consent of ION Trading UK Limited. ION Trading UK Limited 2016. All Rights
More informationQuestions & Answers (Q&A)
Questions & Answers (Q&A) This Q&A will help answer questions about enhancements made to the PremiumChoice Series 2 calculator and the n-link transfer process. Overview On 3 March 2014, we introduced PremiumChoice
More informationOracle CRL-Financials Enabled Projects
Oracle CRL-Financials Enabled Projects Concepts and Procedures Release 11i April 2000 Part No. A83646-01 Expenditures This topic group provides: A description of new or modified tasks A description of
More informationAmazing Charts PM Billing & Clearinghouse Portal
Amazing Charts PM Billing & Clearinghouse Portal Agenda Charge Review Charge Entry Applying Patient Payments Claims Management Claim Batches Claim Reports Resubmitting Claims Reviewing claim batches in
More informationPRIVACY POLICY FOR CUSTOMER, PROSPECT AND PARTNER REGISTER
Page 1 (8) PRIVACY POLICY FOR CUSTOMER, PROSPECT AND PARTNER REGISTER This privacy policy has been modified latest on: [May 2 nd, 2018] 1 DATA CONTROLLER Solibri Oy (Business ID 1058643-9) ( Solibri )
More informationAmgen Binding Corporate Rules (BCRs) Public Document
Amgen Binding Corporate Rules (BCRs) Public Document Introduction: Amgen is a biotechnology leader committed to serving patients with grievous illness. Binding Corporate Rules (BCRs) express Amgen s commitment
More informationShared: Budget. Setup Guide. Last Revised: April 13, Applies to these SAP Concur solutions:
Shared: Budget Setup Guide Applies to these SAP Concur solutions: Expense Professional/Premium edition Standard edition Travel Professional/Premium edition Standard edition Invoice Professional/Premium
More informationGDPR: The Most Frequently Asked Questions: Are the Standard Contractual Clauses Enough?
GDPR: The Most Frequently Asked Questions: Are the Enough? February 2, 2018 The European Union s General Data Protection Authors/Presenters Regulation ( GDPR ) is arguably the most comprehensive and complex
More informationCover option 2. The Interplay of HIPAA, Privacy and Data Security Principles, and Health Information Interoperability. Subtitle or Company Name
The Interplay of HIPAA, Privacy and Data Security Principles, and Health Information Interoperability Cover option 2 MedInnovation Boston Subtitle or Company Name June 25, 2018 Colin J. Zick Month Day,
More informationMember Circular March Implementation of the EU General Data Protection Regulation 2016/679 General Guidance to Members
Member Circular March 2018 Implementation of the EU General Data Protection Regulation 2016/679 General Guidance to Members Introduction Regulation (EU) 2016/679 containing the General Data Protection
More informationGDPR FOR PRIVATE EQUITY AND REAL ESTATE
GDPR FOR PRIVATE EQUITY AND REAL ESTATE Date: Friday, 3rd November 2017 Start time: 12:30GMT Panellists: Pat McIntyre GDPR Project Manager David Rowland Group Head of AML and Compliance Manager, Augentius
More informationBanks Sheridan Limited Data Protection Privacy Policy 19 May 2018
Banks Sheridan Limited Data Protection Privacy Policy 19 May 2018 1. Introduction This Policy sets out the obligations of Banks Sheridan Limited ( the Company ) regarding data protection and the rights
More informationDATA PROCESSING ADDENDUM
DATA PROCESSING ADDENDUM This Data Processing Addendum ( DPA ) forms part of the End User License and Services Agreement (the Agreement ) between Customer and Ivanti, to reflect the parties agreement about
More informationDATA PROCESSING AGREEMENT (GDPR, Privacy Shield, and Standard Contractual Clauses)
DATA PROCESSING AGREEMENT (GDPR, Privacy Shield, and Standard Contractual Clauses) This Data Processing Agreement ("DPA") forms part of the Master Services and Subscription Agreement between Customer and
More informationWHEDA-Connect Administrators and Users Manual
WHEDA-Connect Administrators and Users Manual Page left blank intentionally. WHEDA 1.0 Overview: WHEDA-Connect 1 Last Revised Date: October 16, 2017 Table of Contents 1.0 Overview: WHEDA-Connect... 3 2.0
More informationData Processing Agreement
Data Processing Agreement This Data Processing Agreement with EU Standard Contractual Clauses (Processors), (the DPA ) supplements the Dropbox Business Agreement between Dropbox, Inc. and Dropbox International
More informationTHE IMPACT OF THE CALIFORNIA CONSUMER PRIVACY ACT
THE IMPACT OF THE CALIFORNIA CONSUMER PRIVACY ACT WHO IS INTRAEDGE? PROVIDING TECH SOLUTIONS FOR DATA PROTECTION IS HEATING UP Source: https://www.dlapiperdataprotection.com/ WHAT IS THE CCPA? California
More informationOracle. Financials Cloud Implementing Tax. Release 13 (update 17D)
Oracle Financials Cloud Release 13 (update 17D) Release 13 (update 17D) Part Number E89160-01 Copyright 2011-2017, Oracle and/or its affiliates. All rights reserved. Authors: Mary Kalway, Asra Alim, Reshma
More informationDATA PROCESSING ADDENDUM
DATA PROCESSING ADDENDUM This Data Processing Addendum ( DPA ) forms part of the Master Purchase Agreement, Customer Agreement, Channel Partner Agreement, End User License Agreement or other written agreement
More informationEMPLOYEE PRIVACY STATEMENT
EMPLOYEE PRIVACY STATEMENT 1 INTRODUCTION This is SBM Offshore s Privacy Statement for employee data. This Privacy Statement provides information on the processing of personal data of the employees of
More informationGuidance: The new EU General Data Protection Regulation: Implications for Australia
Guidance: The new EU General Data Protection Regulation: Implications for Australia Introduction After years of negotiations, the new EU General Data Protection Regulation (GDPR) was passed in 2016, bringing
More informationUser guide for employers not using our system for assessment
For scheme administrators User guide for employers not using our system for assessment Workplace pensions CONTENTS Welcome... 6 Getting started... 8 The dashboard... 9 Import data... 10 How to import a
More informationThe GDPR Possible Impact on the Life Sciences and Healthcare Sectors
February 14, 2017 The GDPR Possible Impact on the Life Sciences and Healthcare Sectors Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016, (the GDPR ) came into force
More informationADDSECURES WAY OF PROCESSING PERSONAL DATA
Agreement Preface ADDSECURES WAY OF PROCESSING PERSONAL DATA For the processing of personal data that AddSecure performs on behalf of its customers, AddSecure becomes a Personal Data Processor. If you
More informationClaims System Overview
Claims System Overview 1 The Problem 2 Insurers cannot deliver a profitable Group Health business and yet carry all the risk. Over-payment of claims vs. underwriting rules Member identity fraud Claims
More informationPRIVACY NOTICE Use of Information Data Controller and Data Processor
PRIVACY NOTICE Please take time to read this document carefully as it contains details of the basis on which we will process (collect, use, share, transfer) and store your information. You should show
More informationKnow Your Customer Risk Assessment Guide. Release 2.0 May 2014
Know Your Customer Risk Assessment Guide Release 2.0 May 2014 Know Your Customer Risk Assessment Guide Release 2.0 May 2014 Document Control Number: 9MN12-62110023 Document Number: RA-14-KYC-0002-2.0-04
More information