Skip to main content
home_hero_1m

DPA — DIAMS

This Data Processing Agreement (the "DPA") sets out the terms and conditions for the processing of Personal Data related to the Services provided by the Dennemeyer entity identified in the Agreement referencing to this DPA to Customer identified in that Agreement (the “Agreement”).

  1. Definitions

    Agreed Purpose” is the provision of Services as agreed in the Agreement.

    “Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data, including personal information and private business operators.

    Data Discloser” means a Party that discloses Shared Personal Data to the other Party.

    Data Protection Legislation” means Japan´s Act on the Protection of Personal Information (Act No. 57 2003, the “APPI”) and any other legislation relating to personal data (to the extent applicable and all other legislation and regulatory requirements in force from time to time which apply to a Party relating to the use of Personal Data.

    “Data Subject” means an identified or identifiable natural person.

    Permitted Recipients” means the Parties to this Agreement, the employees of each Party, any Third Parties engaged in the performance of the Agreement.

    “Personal Data”, including Personal Information Databases (a computer-searchable or easily searchable collection of personal information) (Articles 2(4) and 2(6), APPI), means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

    “Personal Information Database” means a computer-searchable or easily searchable collection of personal information.

    “Personal Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

    “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

    Processing Activities” are those related to the provision of the Services including the implementation of the software, the Hosting Services, the maintenance and support services, and post termination support. Customer may provide Personal Data to Dennemeyer to be entered in DIAMS iQ and processed by Dennemeyer for the purpose of providing the Services agreed in the Agreement. If Customer entrusted Dennemeyer with IP Support Services, Dennemeyer additionally enters intellectual property right information in Customer’s DIAMS iQ installation via a remote connection.

    “Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

    Shared Personal Data” means the Personal Data to be shared between the Parties. Shared Personal Data shall be confined to the following categories of information relevant to the following categories of Data Subjects:

    Dennemeyer may process Personal Data of Users, as defined in the Agreement, as well as of Data Subjects referred to in intellectual property rights and other matters related to such intellectual property rights which are made subject to the Services under the Agreement or otherwise provided by Customer for the provision of these Services. This can be, for example, patent inventors, intellectual property rights owners and/or corresponding licensees. The type of Personal Data generally are name, family name, mailing address, business email address, telephone number and/or inventor remuneration information.

  2. Data Protection
    1. Shared Personal Data. This clause sets out the framework for the sharing of Personal Data between the Parties. Dennemeyer acknowledges that Customer (referred to in this clause as the Data Discloser) will regularly disclose to Dennemeyer Shared Personal Data collected by the Data Discloser for the Agreed Purposes.
    2. Customer´s obligations and Cross-Border Transfers
      1. Customer shall be solely responsible for the assessment of the lawfulness of its own processing activities and for ensuring the rights of Data Subjects as may apply to applicable laws.
      2. Customer shall provide Dennemeyer all necessary instructions in Writing.
      3. Customer acknowledges and consents, that Dennemeyer transfers Personal Data to sub processors (see Section 3 below) located in the European Economic Area (“EEA”), where the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”) applies. Both Parties acknowledge that the European Commission determined that the EEA provides the same level of protection for Personal Information as Japan.
    3. Dennemeyer´s obligations
      1. Dennemeyer shall process Personal Data entered into DIAMS in accordance with applicable laws, Customer’s instructions, and other contractual obligations set forth in the Agreement.
      2. Dennemeyer shall inform Customer if, in its opinion, an instruction infringes the APPI or other applicable data protection laws.
      3. Dennemeyer shall limit access to the Personal Data only to authorized and properly trained personnel bound by confidentiality obligations in accordance with this Agreement or that is subject to appropriate statutory obligations of confidentiality.
      4. If required by the applicable laws, Dennemeyer shall give notice to Customer of any Personal Data Breach affecting the Personal Data processed on behalf of Customer without undue delay after having become aware of it.
    4. Each Party shall:
      1. ensure that it has all necessary notices and consents in place to enable lawful transfer of the Shared Personal Data to the Permitted Recipients for the Agreed Purposes;
      2. Process the Shared Personal Data only for the Agreed Purpose;
      3. not disclose or allow access to the Shared Personal Data to anyone other than the Permitted Recipients (unless otherwise agreed In Writing);
      4. ensure that it has in place appropriate Technical and Organizational Measures (“TOMs”), to protect against unauthorized or unlawful Processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data. Customer has opted for a storage of data on Microsoft
      5. , which is a public cloud for which Dennemeyer cannot take responsibility. Microsoft’s security measures are detailed here (Microsoft´s DPIA for the use of Azure can be found here) and Customer hereby declares being satisfied with these measures and will not hold Dennemeyer responsible in case of security breaches affecting Microsoft Azure (unless solely caused by Dennemeyer).
  3. Appointment of sub-processors

    Sub-processors are external processors that process Personal Data on behalf of Dennemeyer in order to carry out certain activities commissioned by Customer. This is done in accordance with Customer´s instructions and in accordance with the terms of a Written contract between Dennemeyer and the sub-processor. Customer acknowledges and herewith provides a general authorization of the use of sub processors. Dennemeyer shall use only sub processors providing sufficient guarantees to implement appropriate technical and organizational measures and ensures that sub processors are bound by the same obligations set out in this DPA. Dennemeyer may change the sub processors from time to time subject to the same conditions of this Section. Customer shall send an email to dataprivacy@dennemeyer.com with the subject “Subscription to Sub Processor Notification” to subscribe to notifications of new sub processors. If Customer subscribes, Dennemeyer will provide notifications of any new sub processor before authorizing such new sub processor to process personal data in connection with this DPA. If Customer has a reasonable basis to object to a new sub processor, Customer shall notify Dennemeyer promptly in Writing, but not later than within 30 days after receipt of Dennemeyer´s notification. In case of objection, the Parties will discuss in good faith with a view to achieving a commercially reasonable solution. If no such solution can be agreed, Customer´s only remedy is a right to forthwith terminate the Agreement without liability of any kind to either Party.

    Dennemeyer maintains a current list of the names and locations of all sub-processors for the provision of Services. If Customer wants to receive the list of current sub-processors, a request can be sent to dataprivacy@dennemeyer.com at any time.

  4. Duration of the Processing

    The Processing Activities shall terminate the later of the following events (i) when the termination of the Agreement becomes effective (ii) when Services that are exceptionally provided after the termination are completed, or (iii) when any obligation or any right set forth in the Agreement that requires the use of Personal Data is completed or fulfilled.

 

Your message has been successfully sent.

We will contact you shortly.