Junglemap Data Processing Agreement
In connection with Customer’s use of Junglemap e-learning platform, personal data regarding Customer’s personnel (including name, email, organizational affiliation, course information, test results and other information regarding a person’s use of the e-learning platform) may be transferred to and registered in Supplier’s systems. Customer is the data controller and Supplier is the data processor with respect to the processing of such personal data under this Agreement.
Customer is responsible for ensuring that the Customer’s personnel registered on the e-learning platform have been informed of and given consent to their personal data being processed by Supplier as specified in this Agreement. Supplier shall only process personal data regarding Customer’s personnel as specified in this Agreement, and only to the extent reasonable and necessary in order to perform its obligations pursuant to the Agreement, or in order to develop and improve Supplier’s own services.
The Supplier undertakes to only process personal data in accordance with Act no. 38 of 15 June 2018 relating to the processing of personal data (the Personal Data Act) and the EU General Data Protection Regulation (GDPR), including obligations to execute any necessary technical and organizational measures to protect personal data from random or illegal destruction or from random loss, unauthorized alteration, sharing or access, especially when the processing covers transfer of information in a network, and from any other illegal processing. In case of any deviations and discrepancies of the Agreement, or breach of the GDPR or other provisions concerning the protection of personal data, the Supplier shall notify the Customer without undue delay, after which has the formal responsibility to notify the Data Protection Authority (Datatilsynet) and the data subject.
Supplier shall cooperate with Customer with respect to executing all reasonable technical and organizational measures in order to ensure that recorded personal data are correct and updated at all times. Customer is entitled to receive information from Supplier about existing security documentation and relevant security measures taken.
Customer may agree with Supplier that security audits shall be carried out. Customer shall be responsible for the costs of the security audits if the parties agree on carrying out security audits in addition to Supplier’s regular audits. Supplier shall cooperate with Customer in order to fulfil the data subjects’ right of access to information about himself/herself. Supplier shall ensure the deletion or correction of incorrect personal data on instruction from Customer.
Supplier shall initiate all reasonable measures in order to delete the information within a reasonable time according to the purposes for collecting or processing the information, unless there exists a legal basis for keeping the information indefinitely.
Supplier shall not give access to or disclose the information to third parties, unless it is necessary or permitted according to this Agreement, cf. the two following paragraphs, or permitted according to written consent from Customer.
Supplier uses business partners (“Partners”) in connection with distribution and marketing of Supplier’s e-learning platform. Customer is aware and accepts that personal data regarding Customer’s personnel may be transferred to and processed by Supplier’s Partners in the same manner, for the same purposes and with the same limitations as is applicable for Supplier’s processing in accordance with this Agreement (i.e. as sub-processors for Supplier).
Supplier’s e-learning platform runs on the servers of a third party supplier (currently Microsoft), and Customer is aware and accepts that personal data regarding Customer’s personnel will be transferred to and processed in the systems of the third party supplier for the purpose of performing the Agreement. All customer data is stored within the EU/EEA (Sweden, Norway, Netherlands, and Ireland). All customer data is encrypted in transit and at rest.
Supplier shall inform the Customer in advance of the third parties and the sub-suppliers which process personal data regarding Customer’s personnel.
Upon termination of the Agreement, Customer may demand that all personal data regarding Customer’s registered personnel is transferred to Customer in a standard table format (e.g. Excel) on a suitable medium of Supplier’s choice in exchange for coverage of any costs incurred by Supplier.