Protecting and Safeguarding Your Information
Information security and privacy are forefront concerns for InterSystems when interacting with our customers, partners, or other parties. To that end, InterSystems does not maintain accounts on or directly access your systems or environments. Importantly, our support advisors across all of our products will work with you to understand your issue and not request to use your data or to view your system unless actually and truly needed for any problem solving, which occurs only in the rarest of circumstances. Most times, the information that we need to resolve an issue relates to system or database settings, error reports or displays, or object script code, rather than the data itself. If we do need to view your data or the specific operation of the product on your systems, we would arrange with you for secure “over the shoulder” access, using Webex or some other secure screen sharing option (we make available SecureLink if you do not have an option) with the focus on never having independent or direct access to your systems or data. Our goal is to keep your data with you while solving your issue.
Information Sharing Terms
Our product support processes look to facilitate these protected and secure interactions with you through the following Information Sharing Terms that apply when you disclose or communicate information to InterSystems Corporation and its subsidiaries (“InterSystems”). These Information Sharing Terms permit us to enable protections and to facilitate safeguards necessary to address confidentiality and data protection requirements.
Accordingly, you agree that:
“Your Information” means any Personal Information or Confidential Information that you disclose to InterSystems. Personal Information refers to information that is related to an identified or identifiable individual and can include: (1) Non-public Personal Information; (2) Non-public Information; (3) Personal Data and Sensitive Personal Data; (4) Personal Information; (5) Personally Identifiable Information; (6) Personally Identifying Information; (7) Protected Health Information; and (8) Sensitive Personal Information. “Confidential Information” refers to confidential information under any agreement with InterSystems, including information such as business or proprietary information or data from your systems (including your customer data that is not Personal Information).
- You will only provide Your Information to InterSystems when strictly required for the purposes relevant to the specific product support that InterSystems provides to you and in full compliance with the applicable data protection laws and regulations as well as these Information Sharing Terms.
- You will provide only the minimum necessary amount or quantity of Your Information relevant to the specific product support that InterSystems provides to you and will ensure that InterSystems is authorized to receive Your Information. You are required to obtain all necessary consents and approvals.
- You will not ask or require InterSystems to process Your Information in any manner that you could not do yourself under applicable laws and regulations, including applicable data protection laws and regulations, or that would violate your contractual obligations regarding Your Information.
- You represent and warrant that you may process Your Information, either under contract or law, in the manner you authorize InterSystems to process Your Information relevant to the specific product support that InterSystems provides to you.
- You will be responsible for using administrative, physical, and technical safeguards at all times during the transmission of Your Information to InterSystems to maintain and ensure the confidentiality, privacy, and security of Your Information in accordance with the standards and requirements of any applicable data protection laws and regulations until such time as Your Information is received by InterSystems.
- You will take precautions to avoid compromising the security of Your Information during any sharing with InterSystems and will use secure and/or encrypted channels to communicate any passwords used for access to Your Information by using a mode of communication separate and distinct from the secure transmission of Your Information and not sending any passwords or access token in an email message or in an action message though WRC Direct or iService (see below).
- You will supply files and/or material containing Your Information related to support issues by using the following administrative procedures and safeguards:
- WRC Direct: When receiving support from the InterSystems Worldwide Response Center, you will access WRC Direct at https://wrc.intersystems.com and when transferring Your Information, you will enable the “Elevated Security” option to note the presence of protected information. Attachments with “Elevated Security” enabled will only be accessed by InterSystems staff directly involved with a support case.
- iService:When receiving product support from the InterSystems TrakCare Response Center, you will access iService at https://iservice.intersystems.com.
- Although under most circumstances while providing product support, InterSystems does not act as either a business associate or a data processor, for those times when the access or use of Your Information means otherwise:
- To the extent you are a Supported Account regarding InterSystems products and must provide InterSystems with Protected Health Information in a form and manner that would mean that InterSystems acts as a business associate, the Support Business Associate Agreement Addendum shall apply and prior to transmitting Your Information, you will submit the appropriate Rules of Engagement Form to InterSystems. Supported Account means End User, Application Partner, Implementation Partner, Solution Partner, System Integrator, or any party with which InterSystems is interacting in the context of these Information Sharing Terms.
- To the extent you are an End User of InterSystems products and must provide InterSystems with Personal Data in a form and manner that would mean that InterSystems acts as a UK/EU/EEA data processor, the End User Data Processing Agreement Addendum shall apply and prior to transmitting Your Information, you will submit the appropriate Rules of Engagement Form to InterSystems.
International Data Transfers
To address the rare instance in which a Supported Account, which is either a data controller or data processor in the EU, would need to provide InterSystems Personal Data and InterSystems would need to involve other parts of InterSystems that are not located in the EU, InterSystems has established intra-entity Standard Contractual Clauses in order to allow our EU entities to legally transfer Personal Data to our non-EU entities:
- EU Standard Contractual Clauses (Controller-to-Controller) www.InterSystems.com/ISCEUSCC
- EU Standard Contractual Clauses (Processor-to-Processor) www.InterSystems.com/ISCEUSCCP
To facilitate restricted transfers of Personal Data, under UK data protection laws, from the UK to a non-adequate third country:
- UK International Data Transfer Agreement: www.InterSystems.com/ISCUKIDTA