Privacy Policy
Your privacy is very important to us, below explains the information we collect from you, what we do with that information and our information security policy. This Data Privacy Policy regulates the processing of personal data on behalf of the customer (the ‘Data Controller’) by Ultimate Digital Web Solutions(the ‘Data Processor’) and is attached in the Ultimate Digital Web Solutions subscription agreement (the ‘Main Agreement’), in which the parties have agreed the terms for the Data Processor’s delivery of services to the Data Controller (the ‘Main Services’).
Legislation
The Privacy Policy shall ensure that the Data Processor complies with the applicable data protection and privacy legislation (the ‘Applicable Law’), including in particular: The European Parliament and the Council’s Directive 95/46/EF of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data as implemented in Danish law with, among others, the Act on Processing of Personal Data (Act No. 429 of 31 May 2000). The European Parliament and the Council’s Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data that entered into force on 24 May 2016 and will be applicable on 25 May 2018 (‘GDPR’). Irrespective of the general use and reference to GDPR in this Privacy Policy, the parties are not obliged to comply with GDPR before 25 May 2018.
Processing of personal data
In connection with the Data Processor’s delivery of the Main Services to the Data Controller, the Data Processor will process certain categories and types of the Data Controller’s personal data on behalf of the Data Controller. ‘Personal data’ include ‘any information relating to an identified or identifiable natural person’ as defined in GDPR, article 4 (1) (1) (the ‘Personal Data’). The categories and types of Personal Data processed by the Data Processor on behalf of the Data Controller are listed in sub-appendix A. The Data Processor only performs processing activities that are necessary and relevant to perform the Main Services. The parties shall update sub-appendix A whenever changes occur that necessitates an update. The Data Processor shall have and maintain a register of processing activities in accordance with GDPR, article 32 (2). The Data Processor processes personal data about the Data Controller and the Data Controller’s employees in connection with the Data Processor’s sale, marketing and product development. These personal data are not comprised by this Data Processor Agreement, because the Data Processor is data controller for said personal data, and reference is made to the Data Processor’s data protection and privacy policy available at the Data Processor’s website.
Instruction
The Data Processor may only act and process the Personal Data in accordance with the documented instruction from the Data Controller (the ‘Instruction’). The Instruction at the time of entering into this Data Processor Agreement is that the Data Processor may only process the Personal Data with the purpose of delivering the Main Services as described in the Main Agreement. The Data Controller guarantees that the Personal Data transferred to the Data Processor is processed by the Data Controller in accordance with the Applicable Law, including the legislative requirements regarding lawfulness of processing. The Data Processor shall give notice without undue delay if the Data Processor considers the at-the-time-being Instruction to be in conflict with the Applicable Law.
The Data Processor’s obligations
Confidentiality
The Data Processor shall treat all the Personal Data as strictly confidential information. The Personal Data may not be copied, transferred or otherwise processed in conflict with the Instruction, unless the Data Controller in writing has agreed hereto. The Data Processor’s employees shall be subject to an obligation of confidentiality that ensures that the employees shall treat all the Personal Data under this Data Processor Agreement with strict confidentiality. Security The Data Processor shall implement the appropriate technical and organizational measures as set out in this Agreement and in the Applicable Law, including in accordance with GDPR, article 32. The Data Processor shall ensure that access to the Personal Data is restricted to only the employees to whom it is necessary and relevant to process the Personal Data in order for the Data Processor to perform its obligations under the Main Agreement and this Data Processor Agreement. The Data Processor shall also ensure that the Data Processor’s employees working processing the Personal Data only processes the Personal Data in accordance with the Instruction. The Data Processor shall provide documentation for the Data Processor’s security measures if requested by the Data Controller in writing. Data protection impact assessments and prior consultation If the Data Processor’s assistance is necessary and relevant, the Data Processor shall assist the Data Controller in preparing data protection impact assessments in accordance with GDPR, article 35, along with any prior consultation in accordance with GDPR, article 36. Rights of the data subjects If the Data Controller receives a request from a data subject for the exercise of the data subject’s rights under the Applicable Law and the correct and legitimate reply to such a request necessitates the Data Processor’s assistance, the Data Processor shall assist the Data Controller by providing the necessary information and documentation. The Data Processor shall be given reasonable time to assist the Data Controller with such requests in accordance with the Applicable Law. If the Data Processor receives a request from a data subject for the exercise of the data subject’s rights under the Applicable Law and such request is related to the Personal Data of the Data Controller, the Data Processor must immediately forward the request to the Data Controller.
Personal Data Breaches.
The Data Processor shall give immediate notice to the Data Controller if a breach of the data security occurs, especially a breach that can lead to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to the personal data being transmitted, stored or otherwise processed. The Data Processor shall have and maintain a register of all Personal Data Breaches. The register shall at a minimum include the following: A description of the nature of the Personal Data Breach, including, if possible, the categories and the approximate number of affected Data Subjects and the categories and the approximate number of affected registrations of personal data. A description of the likely as well as actually occurred consequences of the Personal Data Breach. A description of the measures that the Data Processor has taken or proposes to take to address the Personal Data Breach, including, where appropriate, measures taken to mitigate its adverse effects. The register of Personal Data Breaches shall be provided to the Data Controller in copy if so, requested in writing by the Data Controller or the relevant Data Protection Agency.
Documentation of compliance
The Data Processor shall after the Data Controller’s written request hereof provide documentation substantiating that:
(i) the Data Processor complies with its obligations under this Data Processor Agreement and the Instruction; and
(ii) the Data Processor complies with the Applicable Law in respect of the processing of the Data Controller’s Personal Data. The Data Processor’s documentation of compliance shall be provided upon request within reasonable time. Location of the Personal Data. The Data Processor will transfer, process and store Personal Data outside of the EEA to wherever the Data Processor operates for the purpose of providing the Main Services. Any transfer of the Personal Data to any third countries or international organizations in the future shall only be done to the extent such transfer is permitted and done in accordance with the Applicable Law.
The Data Controller obligations
The Data Controller agrees that: it shall comply with its obligations as a Data Controller under the Data Protection Laws in respect of its processing of Personal Data and any processing instructions it issues to the Data Processor; and it has provided notice and obtained (or shall obtain) all consents and rights necessary under the Data Protection Laws for the Data Processor to process Personal Data and provide the Main Services pursuant to the Agreement and this DPA.
Sub-Processors
The Data Processor is given general authorization to engage third-parties to process the Personal Data (‘Sub-Processors’) without obtaining any further written, specific authorization from the Data Controller. The Data Processor shall conclude a written sub-processor agreement with any Sub-Processors. Such an agreement shall at minimum provide the same data protection obligations as the ones applicable to the Data Processor, including the obligations under this Data Processor Agreement. The Data Processor shall on an ongoing basis monitor and control its Sub-Processors’ compliance with the Applicable Law.
Remuneration and costs
The Data Processor is entitled to remuneration for any time and material used to adapt and change the processing activities in order to comply with any changes to the Data Controller’s Instruction, including implementation costs and additional costs required to deliver the Main Services due to the change in the Instruction. The Data Processor is exempted from liability for non-performance with the Main Agreement if the performance of the obligations under the Main Agreement would be in conflict with any changed Instruction or if contractual delivery in accordance with the changed Instruction is impossible. This could for instance be the case; if the changes to the Instruction cannot technically, practically or legally be implemented; where the Data Controller explicitly requires that the changes to the Instruction shall be applicable before the changes can be implemented; and in the period of time until the Main Agreements is changed to reflect the new Instruction and commercial terms hereof. If changes to the Applicable Law, including new guidance or courts practice, result in additional costs to the Data Processor, the Data Controller shall indemnify the Data Processor of such documented costs.
Breach and liability
In the event of a security leak and/or the leaking of data, the Data Processor shall, to the best of its ability, notify the Data Controller thereof without undue delay, after which the Data Controller shall determine whether or not to inform the data subjects and/or the relevant regulatory authority(ies). This duty to report applies irrespective of the impact of the leak. The Data Processor will endeavor that the furnished information is complete, correct and accurate. If required by law and/or regulation, the Data Processor shall cooperate by notifying the relevant authorities and/or data subjects. The Data Controller remains the responsible party for any statutory obligations in respect thereof. The duty to report includes in any event the duty to report the fact that a leak has occurred, including details regarding: the (suspected) cause of the leak; the (currently known and/or anticipated) consequences thereof; the (proposed) solution; the measures that have already been taken. The limitation of liability does not apply to the following: Losses as a consequence of the other party’s gross negligence or willful misconduct. A party’s expenses and resources used to perform the other party’s obligations, including payment obligations, towards a relevant data protection agency or any other authority.
Duration
The Data processor Agreement shall remain in force until the Main Agreement is terminated in line with Ultimate Digital Web Solution’s terms and conditions.
Personal Data
The Data Processor processes the following types of Personal Data in connection with its delivery of the Main Services: Ordinary contact information on relevant employees from the Data Controller. Users of the Main Services: names, telephone numbers, emails, addresses and IPs. Personal data provided by the users in connection with their use of the Main Services.
Categories of data subjects
The Data Processor processes Personal Data about the following categories of data subjects on behalf of the Data Controller: Customers End-users
Legal Disclaimer
We reserve the right to disclose your personally identifiable information as required by law and when we believe that disclosure is necessary to protect our rights and/or to comply with a judicial proceeding, court order, or legal process served on our Web site.
Security
The security of your personal information is important to us. We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however we have taken every step possible to make your information safe. This website is protected by Secure Sockets Layer (SSL) to protect your information. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.
Termination
The Data Processor’s authorization to process Personal Data on behalf of the Data Controller shall be annulled at the termination of this Data Processor Agreement. The Data Processor shall continue to process the Personal Data after the termination of the Data Processor Agreement to the extent it is necessary and required under the Applicable Law. In the same period, the Data Processor is entitled to include the Personal Data in the Data Processor’s backup. At the termination of this Data Processor Agreement, the Data Processor and its Sub-Processors shall return the Personal Data processed under this Data Processor Agreement to the Data Controller, provided that the Data Controller is not already in possession of the Personal Data.
Changes To This Privacy Statement
If we decide to change our privacy policy, we will post those changes to this privacy statement and other places we deem appropriate so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. We reserve the right to modify this privacy statement at any time, so please review it frequently. If we make material changes to this policy, we will notify you here. For more information please do not hesitate to send your questions via our contact form.
User Content
You may be able to upload, store, publish, display and distribute information, text, photos, videos and other content on or through the Services (collectively, ‘User Content’). User Content includes any content posted by you or by users of any of your websites hosted through the Services (‘User Websites’). You are solely responsible for any and all User Content and any transactions or other activities conducted on or through User Websites. By posting or distributing User Content on or through the Services, you represent and warrant to Ultimate Digital Web Solutions that
(i) you have all the necessary rights to post or distribute such User Content, and
(ii) (ii) you are posting or distribution of such User Content does not infringe or violate the rights of any third party.
(iii) Solely for purposes of providing the Services, you hereby grant to Ultimate Digital Web Solutions a non-exclusive, royalty-free, worldwide right and license to:
a. use, reproduce, publicly perform, publicly display, modify, translate, excerpt (in whole or in part), publish and distribute User Content; and
b. make archival or back-up copies of User Content and User Websites. Except for the rights expressly granted herein, Ultimate Digital Web Solutions does not acquire any right, title or interest in or to the User Content, all of which shall remain solely with you.
Ultimate Digital Web Solutions exercises no control over, and accepts no responsibility for, User Content or the content of any information passing through Ultimate Digital Web Solution ’s computers, network hubs and points of presence or the Internet. Ultimate Digital Web Solutions does not monitor User Content. However, you acknowledge and agree that Ultimate Digital Web Solutions may, but is not obligated to, immediately take any corrective action in Ultimate Digital Web Solution ’s sole discretion, including without limitation removal of all or a portion of the User Content or User Websites, and suspend or terminate any and all Services without refund if you violate the terms of this Agreement. You hereby agree that Ultimate Digital Web Solutions shall have no liability due to any corrective action that Ultimate Digital Web Solutions may take.
Account Security and Ultimate Digital Web Solutions Systems.
It is your responsibility to ensure that scripts/programs installed under your account are secure and permissions of directories are set properly, regardless of the installation method. When at all possible, set permissions on most directories to 755 or as restrictive as possible. Users are ultimately responsible for all actions taken under their account. This includes the compromise of credentials such as user name and password. You are required to use a secure password. If a weak password is used, your account may be suspended until you agree to use a more secure password. Audits may be done to prevent weak passwords from being used. If an audit is performed, and your password is found to be weak, we will notify you and allow time for you to change or update your password before suspending your account.
The Services, including all related equipment, networks and network devices are provided only for authorized customer use. Ultimate Digital Web Solutions may, but is not obligated to, monitor our systems, including without limitation, to ensure that use is authorized, to facilitate protection against unauthorized access, and to verify security procedures, survivability, and operational security. During monitoring, information may be examined, recorded, copied and used for authorized purposes. By using the Services, you consent to monitoring for these purposes.
Any account found connecting to a third-party network or system without authorization from the third party is subject to suspension. Access to networks or systems outside of your direct control requires the express written consent of the third party. Ultimate Digital Web Solutions may, at our discretion, request documentation to prove that your access to a third-party network or system is authorized.
Any account which causes us to receive an abuse report may be terminated and/or have access to services suspended. If you do not remove malicious content from your account after being notified by Ultimate Digital Web Solutions of an issue, we reserve the right to leave access to services disabled.
Ultimate Digital Web Solutions reserves the right to migrate your account from one data center to another in order to comply with applicable data center policies, local law or for technical or other reasons without notice.
HIPAA Disclaimer.
We are not ‘HIPAA compliant.’ You are solely responsible for any applicable compliance with federal or state laws governing the privacy and security of personal data, including medical or other sensitive data. You acknowledge that the Services may not be appropriate for the storage or control of access to sensitive data, such as information about children or medical or health information. Ultimate Digital Web Solutions does not control or monitor the information or data you store on, or transmit through, the Services. We specifically disclaim any representation or warranty that the Services, as offered, comply with the federal Health Insurance Portability and Accountability Act (‘HIPAA’). Customers requiring secure storage of ‘protected health information’ as defined under HIPAA are expressly prohibited from using the Services for such purposes. Storing and permitting access to ‘protected health information’ is a material violation of this Agreement, and grounds for immediate account termination. We do not sign ‘Business Associate Agreements’ and you agree that Ultimate Digital Web Solutions is not a Business Associate or subcontractor or agent of yours pursuant to HIPAA. If you have questions about the security of your data, you should contact ultimatedigitalwebsolutions@gmail.com
Compatibility with the Services
You agree to cooperate fully with Ultimate Digital Web Solutions in connection with Ultimate Digital Web Solution ’s provision of the Services. It is solely your responsibility to provide any equipment or software that may be necessary for your use of the Services. To the extent that the performance of any of our obligations under this Agreement may depend upon your performance of your obligations, Ultimate Digital Web Solutions is not responsible for any delays due to your failure to timely perform your obligations.
You are solely responsible for ensuring that all User Content and User Websites are compatible with the hardware and software used by Ultimate Digital Web Solutions to provide the Services, which may be changed by Ultimate Digital Web Solutions from time to time in our sole discretion.
You are solely responsible for backing-up all User Content, including but not limited to, any User Websites. Ultimate Digital Web Solutions does not warrant that we back-up any User Content, and you agree to accept the risk of loss of any and all User Content.
Disclosure to Law Enforcement
Ultimate Digital Web Solutions may disclose User information to law enforcement agencies without further consent or notification to the User upon lawful request from such agencies. We cooperate fully with law enforcement agencies.