This article describes the standard terms that apply when Available processes personal data on behalf of the customer.
Introduction
This data processing agreement ("the Agreement") governs Available's processing of personal data on behalf of the customer. The customer is the data controller, and Available is the data processor.
Purpose and duration
The processing takes place solely in order to deliver the services that the customer has agreed with Available, and lasts for as long as the service relationship exists or as required to fulfil statutory obligations.
Standard instructions
The customer instructs Available to process personal data when it is necessary in order to deliver, operate and support the services. This includes, among other things:
- Access to the customer's systems and data for support, troubleshooting and operation
- Configuration and ongoing maintenance of the solution
- Security monitoring, backup and recovery
- Handling of enquiries and agreed communication
- Logging and documentation of service delivery
Available may only access and process information to the extent necessary to perform the agreed services and in accordance with the customer's instructions. Any new or changed instructions must be in writing.
Confidentiality
Available ensures that employees and any sub-processors are subject to confidentiality and only have access to data when it is necessary to perform their work tasks.
Security measures
Available implements appropriate technical and organisational security measures to protect personal data against unauthorised access, alteration, disclosure or destruction.
Sub-processors
Available may use sub-processors to deliver parts of the service. The customer accepts the use of sub-processors, provided that Available enters into a data processing agreement with them that provides a corresponding level of protection. Available informs the customer of significant changes to sub-processors.
Transfer to third countries
Personal data is not transferred to countries outside the EU/EEA without an appropriate transfer basis, such as the EU's standard contractual clauses.
Assistance to the customer
Available assists the customer in fulfilling its obligations under the GDPR, including handling data subjects' rights, security breaches and carrying out necessary risk assessments.
Personal data breaches
Available notifies the customer without undue delay in the event of a personal data breach and provides relevant information for the customer's handling of the incident.
Audit and documentation
The customer may, with reasonable notice, request documentation of compliance with the Agreement or carry out an audit. Audits must be planned in collaboration and must not unduly disrupt operations.
Return and deletion
On termination of the collaboration, Available deletes or returns all personal data at the customer's choice, unless retention is required by law.
Contact
If you have questions about the data processing agreement, you can contact us via:
Appendix 1: Subject matter of the processing
This appendix describes the nature and scope of the processing:
- Purpose: Delivery, operation, support and maintenance of Zendesk solutions and related services
- Data subjects: The customer's employees, agents, end users and other contacts in Zendesk
- Categories of personal data: Contact details, user and agent data, ticket content, support history, system logging and other data entered in the customer's Zendesk environment
- Processing activities: Access, storage, display, alteration, deletion, troubleshooting and configuration