Published on: December 02, 2020.
We make a pre-signed Data Processing Addendum available for our Cloud Customers. The DPA helps meet onward transfer requirements under the GDPR.
If you have any questions about our DPA, please see our FAQ section. Click the link below to download the DPA and email a signed copy to [email protected]. Upon receipt of the validly completed DPA by Vtiger at this email address, this DPA will become legally binding.
This FAQ section is designed to help you develop a better understanding of the Vtiger DPA, and we have outlined the most common questions asked.
The information we present here may not take into account future changes in laws and regulations. We recommend you to consult with your legal counsel to familiarize yourself with the requirements that govern your specific situation.
If you have additional questions that are not answered in this FAQ section, please contact your Account Manager or open a case with the Vtiger support team by emailing to [email protected].
A Data Processing Agreement ("DPA") is a legally binding contract that states the rights and obligations of each party concerning the protection of personal data. Article 28(3) of the General Data Protection Regulation (“GDPR”) requires that controllers, processors and sub-processors must enter into written contracts or DPAs to share personal data.
If your company is subject to the GDPR and you are transmitting personal data to the Vtiger services for processing, then you should sign the DPA.
This DPA consists of:
Unfortunately, No. The Vtiger DPA is only applicable to our customers who subscribe to the Vtiger Cloud Services. This DPA is between a controller and a processor. When you subscribe to our Cloud Service, we’re the processors, and you’re the Controller.
If your company is subject to the GDPR, but doesn't have offices in the EU, still the DPA applies to your organization.
Yes, Vtiger's current DPA includes provisions to assist customers with their part of GDPR compliance.
You can download or request a DPA copy pre-signed by Vtiger. You can review the DPA, sign and return the DPA to [email protected]. You can find further information on the execution of the DPA in the Section “Instructions To Execute This DPA With Vtiger” in the opening preamble of the DPA. If your company already signed the DPA at the time of online subscription or while placing the order form, then you will not need to sign again or return the DPA.
The Vtiger DPA is specific to Vtiger Cloud services which interoperates with its Terms of Service and other relevant documentation seamlessly. Vtiger DPA covers the specific processes and procedures on certain notifications related to privacy, audits, security measures, and sub-processing activities.
Using your own organization's DPA is restricted to exceptional cases that need to be examined on a case by case basis.
The Vtiger DPA is an extension of our Terms of Service and reflects our compliance with GDPR requirements as applicable to our products. Just as with our standard Terms of Service, we're unable to make any changes to our DPA on a customer-by-customer basis.
Vtiger’s Data Processing Addendum incorporates the EU Controller to Processor Standard Contractual Clauses as a transfer mechanism for Customer Data.
Vtiger recommends consulting with your legal advisor to assess the potential impact that your decision not to sign the DPA may have on your particular situation.
Today, we store data in Amazon Web Services (AWS) data centres located in the United States, Germany, the European Union (Ireland and Frankfurt), Singapore, Australia, Japan, and India. Data is stored in the data centre closest to the location of the majority of users accessing it.
We have implemented organizational and technical safeguards to secure your data in compliance with GDPR requirements. You can find more details about Technical and Organizational Security Measures at https://www.vtiger.com/security-center/.
Upon termination, cancellation, expiration or other conclusions of the Agreement, Vtiger will return data upon request and delete all Customer Data following the procedures and timeframes specified under Data retention and deletion here.
A list of our sub-processors can be found on our Sub-Processors page.
Vtiger Subscription Service(Vtiger Privacy Guard) provides you with some controls to assist Data Subjects in exercising their rights under Data Protection Laws, including its obligations relating to responding to requests from Data Subjects ("Data Subject Requests").
To the extent that, if you're unable to address a Data Subject Request through the Subscription Service independently, then upon your written request, Vtiger shall provide you with reasonable assistance to respond to any Data Subject Requests. Or requests from data protection authorities relating to the Processing of Personal Data under the Agreement. You shall reimburse Vtiger for the commercially reasonable costs arising from this assistance.
If a Data Subject Request or other communication regarding the Processing of Personal Data under the Agreement is made directly to Vtiger, Vtiger will promptly inform you and will advise the Data Subject to submit their request to you directly. You shall be solely responsible for responding substantively to any such Data Subject Requests or communications involving Personal Data.
Vtiger maintains security incident management policies. Vtiger commits to notifying its customers without undue delay after becoming aware of the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Data processed by Vtiger or its Sub-processors.
Vtiger controls your information. If you have questions or concerns about how we handle your information, please direct your inquiry to Vtiger.
If you are a resident of the European Economic Area or the UK, please contact our representative below.
If you want to make use of your data subject rights, please visit this page.
Representative's Website: https://prighter.com Please add the following subject to all correspondence: ID-14874621.