SCOPE OF PROCESSING
The purpose(s) of the processing to be carried out by Company for Customer in respect of the Data include(s) the following:
To perform the Services pursuant to the MSA as further instructed by Customer.
PERSONAL DATA TO BE PROCESSED
The Data to be processed by Company on behalf of Customer includes the following categories of personal data:
Any Personal Data that the Customer decides to submit as part of its use of the Services which is determined and controlled by Customer is its sole discretion. However, Customer acknowledges that Company has no knowledge of the Personal Data that is received, stored, or transmitted using the Services by Customer.
The Data to be processed by Company on behalf of Customer relates to the following categories of data subjects:
Any Personal Data that the Customer decides to submit as part of its use of the Services which is determined and controlled by Customer is its sole discretion including Personal Data relating to the following data subjects: (i) prospects, customers and prior customers of the Customer, (ii) vendors of the Customer, (iii) employees, consultants, advisors, agents and officers of the Customer.
TECHNICAL AND ORGANIZATIONAL SECURITY MEASURES
Company has implemented the following technical and organizational security measures:
- Security– Company employs multi-level systems and processes to ensure that Customer’s Data remains secure.
- SSAE 16 Certified Data Centers– All of the data centers owned by Company are externally audited to ensure compliance with Standards for Attestation Engagements 16 (“SSAE 16”), which confirms that the facilities meet the strictest standards. The standard covers all aspects of data center management including, “processes, policies, procedures, personnel, and operational activities.”
- Firewalls– All of Company’s shared and dedicated server hosting plans sold by Company for use in e-commerce include the Advanced Policy Firewall (“APF”) stateful iptables based software firewall to protect our networks from outside intrusion.
- Regular Security Testing– We regularly subject our networks to external and internal penetration testing in order to verify network and server integrity.
- OS Security Management– Company proactively patches and upgrades all of our servers where Customer purchases Company’s “managed” services. In the event of a vulnerability being discovered, Company will immediately apply patches or implement solutions to protect Customer when possible.
A list of the Subprocessors used by Company to provide the Services to Customer is available upon request.