Junglemap Data Processing Agreement
In connection with Customer’s use of Junglemap e-learning platform, personal data regarding Customer’s personnel (including name, email, organizational affiliation, course information, test results and other information regarding a person’s use of the e-learning platform) may be transferred to and registered in Supplier’s systems. Customer is the data controller and Supplier is the data processor with respect to the processing of such personal data under this Agreement.
Customer is responsible for ensuring that the Customer’s personnel registered on the e-learning platform have been informed of and given consent to their personal data being processed by Supplier as specified in this Agreement. Supplier shall only process personal data regarding Customer’s personnel as specified in this Agreement, and only to the extent reasonable and necessary in order to perform its obligations pursuant to the Agreement, or in order to develop and improve Supplier’s own services.
Supplier is under an obligation to at all times comply with applicable legislation regarding data protection, privacy and information security in the Personal Data Act with regulations, cf. the Personal Data Act sections 13 to 15. This includes obligations to execute any necessary technical and organizational measures to protect personal data from random or illegal destruction or from random loss, unauthorized alteration, sharing or access, especially when the processing covers transfer of information in a network, and from any other illegal processing. Any notices of deviations or discrepancies pursuant to the Personal Data Regulation section 2-6 shall be carried out by Supplier informing Customer, after which Customer has the formal responsibility to notify the Data Protection Authority (Datatilsynet) and the data subject.
Supplier shall cooperate with Customer with respect to executing all reasonable measures in order to ensure that recorded personal data are correct and updated at all times. Customer is entitled to receive information from Supplier about any existing security documentation and security measures taken, including information on security audits carried out by Supplier. Customer may agree with Supplier that security audits shall be carried out. Customer shall be responsible for the costs of the security audits if the parties agree on carrying out security audits in addition to Supplier’s regular audits. Supplier shall cooperate with Customer in order to fulfil the data subjects’ right of access to information about himself/herself. Supplier shall ensure the deletion or correction of incorrect personal data on instruction from Customer.
According to instructions from Customer, Supplier shall initiate all reasonable measures in order to delete the information within a reasonable time according to the purposes for collecting or processing the information, unless there exists a legal basis for keeping the information indefinitely.
Supplier shall not give access to or disclose the information to third parties, unless it is necessary or permitted according to this Agreement, cf. the two following paragraphs, or permitted according to written consent from Customer.
Supplier uses business partners (“Partners”) in connection with distribution and marketing of Supplier’s e-learning platform. Customer is aware and accepts that personal data regarding Customer’s personnel may be transferred to and processed by Supplier’s Partners in the same manner, for the same purposes and with the same limitations as is applicable for Supplier’s processing in accordance with this Agreement (i.e. as sub-processors for Supplier).
Supplier’s e-learning platform runs on the servers of a third party supplier (currently Microsoft), and Customer is aware and accepts that personal data regarding Customer’s personnel will be transferred to and processed in the systems of the third party supplier for the purpose of performing the Agreement. The third party supplier may also have access to the information from locations outside the European Economic Area (EEA). Supplier is responsible for entering into an agreement with the third party supplier ensuring that such transfer of personal data to locations outside the EEA is permitted pursuant to applicable legislation for such transfers in the EEA/EU at any time.
Supplier shall inform the Customer in advance of the third parties and the sub-suppliers which process personal data regarding Customer’s personnel.
Upon termination of the Agreement, Customer may demand that all personal data regarding Customer’s registered personnel is transferred to Customer in a standard table format (e.g. Excel) on a suitable medium of Supplier’s choice in exchange for coverage of any costs incurred by Supplier.