Skip to main content
home_hero_1m

DPA — Octimine

This Data Processing Agreement (the "DPA") sets out the terms and conditions for the processing of Personal Data related to the services provided by the Dennemeyer entity identified on the applicable Quotation to Customer identified in that Quotation.

The terms used in this DPA shall have the same meaning as in the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data (hereinafter "GDPR").

 

  1. Processing Activities; Categories of Data Subjects; Type of Personal Data
    1. “Processing Activities” are those related to the provision of the Services.
    2. Pursuant to this DPA Dennemeyer processes personal data of Users and Data Subjects referred to in intellectual property rights data and matters related to such intellectual property rights searched or managed with the Software otherwise provided by Customer for the purpose of the use of the Software. This can be for example patent inventors, intellectual property rights owners, licensees. The type of Personal Data processed are defined by customer and generally include name, family name, mailing address, business email address, telephone number and inventor remuneration information.
  2. Customer’s obligations
    1. Customer shall be solely responsible for the assessment of the lawfulness of its own processing activities and for ensuring the exercise of the rights of the Data Subjects set forth in Section 12 to 22 of the GDPR.
    2. Customer shall provide Dennemeyer with all necessary instructions in Writing.
  3. Dennemeyer’s obligations
    1. Dennemeyer shall process Personal Data subject to the Services in accordance with the Agreement, with this DPA, with Customer’s instructions and with any applicable laws.
    2. Dennemeyer shall inform Customer if, in its opinion, an instruction infringes the GDPR or other Union or Member State’s data protection provisions.
    3. Upon Written request and as far as reasonably possible, Dennemeyer shall provide Customer with the information necessary to demonstrate compliance with Section 28 of the GDPR.
    4. Dennemeyer shall assist Customer, insofar as this is possible, for the fulfilment of Customers’ obligations to respond to Data Subjects’ requests for exercising their rights. Dennemeyer shall promptly inform Customer of any such request directly received by the Data Subject.
    5. Dennemeyer shall contribute to Customer’s audits to check Dennemeyer’s compliance with Section 28 of the GDPR. Customer shall give Dennemeyer fifteen days’ Written notice of its intention to perform an audit. Any audit is performed at Customer’s costs and in compliance with Dennemeyer’s IT security policies. Dennemeyer shall cooperate to the extent possible in compliance with Dennemeyer’s confidentiality and IT security obligations to Third Parties. Customer may appoint Third Parties for the performance of the audit subject to the condition that it is bound by confidentiality obligations not less restrictive than those agreed herein.
    6. Dennemeyer shall limit access to the Personal Data only to authorised and properly trained personnel bound by confidentiality obligations in accordance with this DPA or that is subject to appropriate statutory obligations of confidentiality.
    7. If required by the applicable laws, Dennemeyer shall give notice to Customer of any Personal Data Breach pursuant to Section 33 of the GDPR affecting the Personal Data processed on behalf of Customer without undue delay after becoming aware of it.
    8. Dennemeyer shall return or delete all the Personal Data after the end of the Processing Activities except if Union or Member State’s law requires further storage of the Personal Data.
  4. Appointment of sub processors
    Sub-processors are external processors that process Personal Data on behalf of Dennemeyer in order to carry out certain activities commissioned by Customer. This is done in accordance with Customer´s instructions and in accordance with the terms of a Written contract between Dennemeyer and the sub-processor. Customer acknowledges and herewith provides a general authorization of the use of sub processors. Dennemeyer shall use only sub processors providing sufficient guarantees to implement appropriate technical and organizational measures and ensures that sub processors are bound by the same obligations set out in this DPA. Dennemeyer may change the sub processors from time to time subject to the same conditions of this Section and Dennemeyer will provide Customer with written notice of the addition of any new sub processor or replacement of an existing sub processor at any time during the term of the Agreement, provided that Customer signs up here to a mailing list made available by Dennemeyer through which such notices will be delivered by e-mail. If Customer has a reasonable basis to object to Dennemeyer use of a new or replacement sub processor, Customer will notify Dennemeyer promptly in writing and in any event within 30 days after receipt of such notices. In case of objection, the Parties will discuss in good faith with a view to achieving a commercially reasonable solution. If no such solution can be agreed, Customer´s only remedy is a right to forthwith terminate the Agreement without liability of any kind to either Party. Dennemeyer maintains a current list of the names and locations of all sub-processors for the provision of Services. If Customer wants to receive the list of current sub-processors, a request can be sent to dataprivacy(at)dennemeyer(dot)com at any time.
  5. Technical and organizational measures
    1. Dennemeyer shall implement and maintain during the term of this Agreement appropriate technical and organizational measures in such a manner that processing will meet the requirements of the GDPR and ensure the protection of the rights of the Data Subjects, and in particular:
      • Measures to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
      • Measures to ensure the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
      • a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.
    2. Dennemeyer has the right to amend such measures from time to time under the condition that it implements measures not less stringent than those required by the GDPR.
  6. Transfer of Personal Data
    Customer acknowledges and consents that Dennemeyer transfers Personal Data to sub processors located outside of the European Union. Dennemeyer ensures that such sub processors ensure the same degree of safeguard of Personal Data provided in the European Union by entering into standard data protection clauses adopted by the Commission. Dennemeyer shall ensure their compliance with the GDPR and this DPA.
  7. Duration of Processing Activities
    The Processing Activities shall terminate the later of the following events (i) when the termination of the Agreement becomes effective (ii) when Services that are exceptionally provided after the termination are completed, or (iii) when any obligation or any right set forth in the Agreement that require the use of Personal Data is completed or fulfilled.

 

[Document version: v20210721]

 

Your message has been successfully sent.

We will contact you shortly.