These PRODUCT TRAINING DATA TRANSFER TERMS & CONDITIONS (“Terms”) are incorporated into your Agreement with InterSystems.
The Parties enter into these Terms in order to permit the necessary and appropriate access to Personal Data by InterSystems, as a Controller, as defined below, of the Product Training System, as defined below, that resides within the European Economic Area (the “EEA”) from InterSystems locations, including the United States, for the purposes of providing support for any training, as requested by the Customer, which training relates to the use, operation, and administration of the InterSystems product or products in your Agreement.
In consideration of the mutual covenants and promises contained herein and other good and valuable consideration, the receipt and sufficiency of which is hereby acknowledged by the Parties hereto, the Parties agree as follows:
Capitalized terms used in these Terms have the meaning assigned in the Agreement unless otherwise defined herein. The terms of these Terms supersede any conflicting terms of the Agreement.
1.1. “Agreement” means the agreement between you and InterSystems regarding the licensing of InterSystems products, the activities for the support of InterSystems products, and/or the delivery of services to you by InterSystems.
1.2. “Controller” means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
1.3. “Data Protection Law” means all applicable laws or regulations in connection with privacy and the processing, collection, use, and protection of Personal Data in any jurisdiction applicable to your Agreement or the End User Personal Data, which may include the EEA Data Protection Law (defined below), Gramm-Leach-Bliley Act (US), Privacy Act (AU), Privacy Act 1993 (NZ), and U.S. state laws, including, but not limited to the California Consumer Privacy Act.
1.4. “Data Subject” means an identified or identifiable natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
1.5. “EEA Data Protection Law” means the GDPR and the e-Privacy Directive 2002/58/EC (as amended by Directive 2009/136/EC, and as amended and replaced from time to time) and their national implementing legislations; the Swiss Federal Data Protection Act (as amended and replaced from time to time); the UK Data Protection Act (as amended and replaced from time to time); and the Data Protection Acts of the EEA countries (as amended and replaced from time to time, whenever applicable).
1.6. “End User” means a person who accesses the training services provided to Customer under the Agreement.
1.7. “GDPR” means Regulation (EU) 2016/679.
1.8. “Personal Data” means any information relating to a Data Subject.
1.9. “Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
1.10. “Processor” means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the Controller.
1.11. “Product Training System” means the online learning management system operated by InterSystems to provide access to training materials related to InterSystems products.
2. Data Transfer. This section applies to the extent the parties Transfer Personal Data subject to Data Protection Law in the context of this Agreement.
2.1. Customer acknowledges and agrees to the following for the purposes of supporting the Product Training System under the Agreement:
2.1.1. The Product Training System shall be located in:
22.214.171.124. the EEA for customers located in Europe (including the EEA), Middle East, and African region;
126.96.36.199. Australia for customers located in the Asia Pacific region; or
188.8.131.52. the United States for customers located in the North, Central, and South American regions.
2.1.2. InterSystems may need to have personnel located at InterSystems locations, including in Australia and the United States, access Personal Data on the Product Training System related to the End Users; and
2.1.3. For the avoidance of doubt, the only Personal Data that is subject to these Terms is the Personal Data of End Users and the Product Training System shall not be used to Process nor shall Customer transfer to InterSystems any Customer Data, including, but not limited to Personal Data of the customers or patients of Customer under these Terms.
2.2. Customer shall at all times:
2.2.2. ensure that each End User grants his/her specific prior consent for InterSystems to transfer of his/her Personal Data to InterSystems in United States and for the processing by InterSystems of End User Personal Data for the purposes of the training services (if required by the Data Protection Law) in accordance with Article 14 GDPR and consistent with the InterSystems Privacy Statement ( www.InterSystems.com/Privacy-Policy);
2.2.3. secure any identification, passwords and other confidential information relating to the training services and shall notify InterSystems immediately of any known or suspected breach of security or unauthorised use of the Customer’s or Customer’s End User’s account, including loss, theft or unauthorised disclosure of any passwords or other security information;
2.2.4. ensure any Personal Data provided to InterSystems shall be the minimum necessary for the purposes of the training services; and
2.2.5. comply with all applicable domestic and international laws, rules and regulations (without limitation, laws governing data protection and privacy) as they relate to Customer and Customers’ End Users in connection with the Agreement, and without limiting the generality of the foregoing, Customer shall ensure full compliance with all data protection initiatives and similar laws relating to the collection, use and transmission of data.
2.3. InterSystems will only Process any Personal Data received for the purposes of supporting the online training under the Agreement:
2.3.2. for the purpose of carrying out its obligations under the Agreement and no other purpose;
2.3.3. in accordance with any instructions issued by the Customer from time to time;
2.3.4. otherwise in accordance with relevant privacy laws; and
2.3.5. will promptly comply with any request from the Customer requiring InterSystems to amend, transfer or delete the Personal Data.
3. Compliance. This section applies to the extent the Parties Process Personal Data subject to Data Protection Law in the context of this Agreement.
3.1. With regard to the Processing of Personal Data in the context of the Agreement, the Parties acknowledge and confirm that:
3.1.2. neither Party acts as a Processor on behalf of the other Party;
3.1.3. each Party is an independent Controller; and
3.1.4. these Terms does not create a joint Controllership or a Controller-Processor relationship between the Parties.
3.2. The Parties acknowledge and agree that the scope of each Party’s role as independent Controller is limited to the Processing of Personal Data for each Party’s own Processing purposes in the context of these Terms.
3.3. Each Party confirms and warrants that, in relation to the Processing of Personal Data for its own Processing purposes, including any Personal Data disclosures to the other Party, it acts as a Controller and it complies with applicable Data Protection Law.
© 2022 InterSystems Corporation - v.21.10.33