Data Protection Agreement

This DPA is activated when KEBS manages Personal Data for the Customer during the provision of Services as per the Agreement. This DPA replaces any prior DPAs or data protection clauses related to the Services. Undefined terms in this DPA are explained in the Agreement.

Both the Customer and KEBS act as separate Controllers for Participant Data. Both parties confirm they’ve followed the necessary protocols for collecting this data. In other scenarios, the Customer controls the Customer Data, and KEBS processes it.

The parties have an agreement where KEBS offers services to the Customer (referred to as the “Main Agreement”). This DPA outlines the data collection and processing terms related to the Service and is integrated into the Main Agreement.

This DPA clarifies KEBS and Customer’s commitments regarding personal data processing in relation to the Services in the Main Agreement. It’s always applicable to data processing under the Main Agreement.

Data processing relates to the Services in the Main Agreement. It involves:

• Subject: Data processing linked to the Services in the Main Agreement.
• Purpose: Managing access to KEBS’s platform and related online streaming for Customers and users.
• Duration: As long as the Main Agreement is active or as long as KEBS is allowed or needs to keep the data.
• Data Types:

User Data: Data from users when registering on KEBS’s platform.

System Data: Data from users when inputting system details.

• Affiliates: Entities related to KEBS in terms of control.
• Applicable Laws: All relevant data protection laws.
• Customer Data: Comprises User and System Data.
• KEBS Service: KEBS’s tech platform and services.

The Customer ensures all permissions are in place for lawful data transfer to KEBS. The Customer won’t ask KEBS to process data against Data Protection Legislation. If any claims arise against KEBS due to unlawful processing, the Customer will cover KEBS’s costs.

KEBS will:

• Process data based on the Customer’s written instructions.
• Implement security measures as outlined in https://kebs.com/trust-center/security.
• Ensure staff handling data maintain confidentiality.
• Assist the Customer in data protection obligations.
• Promptly notify the Customer in case of data breaches.
• Delete or return data upon DPA termination unless legally required to retain it.
• Maintain records to show compliance with this DPA.
• Allow audits by the Customer’s chosen auditor, with prior agreement on terms.

KEBS will inform the Customer if any instruction might violate Data Protection Legislation.