ANNEX 1: DETAILS OF PROCESSING OF PERSONAL DATA

This Annex 1 includes certain details of the Processing of Personal Data as required by GDPR Article 28 (3) and must be filled out and submitted by the Controller to the Processor, prior to the Processor’s processing of any Personal Data on behalf of the Controller.

Subject matter and duration of the Processing of the Personal Data

The subject matter and duration of the Processing of the Personal Data are set out in the Terms of Use and this Addendum.

The nature and purpose of the Processing of the Personal Data

[Customer to fill in:

Example 1: The Purpose of the processing is that the Controller may connect the data they have stored in the Services automatically and thereby further enrich and share data across the Controller’s different systems

And/or

Example 2: The purpose of the processing is to give access to the Data Subjects’ Personal Data in a secure and simple way.

Include any additional description here]

The categories of Personal Data to be Processed on behalf of the Controller

[Customer to fill in:

Include list of categories of Personal Data

Note that the following only are examples of categories:

Transaction Information          

-  Card information

-  History of transactions

Communication Information

-  Name (full name/part of name)

-  Adress

-  Email

Authentication Information

-   Login

-   Personal number] 

The categories of Data Subject to whom the Personal Data relates

[Customer to fill in:

Include categories of data subjects here

Note that the following only are examples of categories:

Employees

Customers

Potential Customers]

The obligations and rights of the Controller

The obligations and rights of the Controller are set out in the Terms of Use and this Addendum.