Data Processing Agreement
This Data Processing Agreement ("Agreement") is entered into between Global Netflow Tecnologia Ltda., Global Netflow LLC, or Lead Connector ("Processor") and the client ("Controller") (collectively referred to as the "Parties") as part of the services provided by the Processor to the Controller. This Agreement sets forth the terms and conditions regarding the processing of personal data on behalf of the Controller.
Definitions
1.1. "Personal Data" means any information related to an identified or identifiable natural person that is processed by the Processor on behalf of the Controller.
1.2. "Data Subject" refers to the individual to whom the Personal Data relates.
1.3. "LGPD" means the General Data Protection Law, the personal data protection law of Brazil.
1.4. "Controller," "Processor," "Data Subject," "Personal Data," "Personal Data Breach," "Process," and "Processing" shall have the meanings ascribed to them in the applicable data protection laws.
1.5. "Customer Personal Data" means any information related to an identified or identifiable natural person that (i) is contained in the Customer Data provided under the terms of the Agreement and (ii) is protected as personal data or personal information under the applicable data protection laws.
1.6. "Data Protection Laws" mean all applicable laws worldwide related to data protection and privacy that apply to the respective party in the role of processing personal data under the Agreement, including, without limitation, European Data Protection Laws, LGPD, and other United States laws; in each case, as amended, repealed, consolidated, or replaced from time to time.
1.7. "Europe" means the European Union, the European Economic Area, and/or their member states, Switzerland, and the United Kingdom.
1.8. "European Data" means Personal Data that is subject to the protection of European Data Protection Laws.
1.9. "European Data Protection Laws" mean the applicable data protection laws in Europe, including: (i) Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR); (ii) Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector; and (iii) the applicable national implementations of the GDPR and Directive 2002/58/EC; or (iii) the GDPR as part of the domestic law of the United Kingdom by virtue of Section 3 of the European Union (Withdrawal) Act 2018 ("UK GDPR"); and (iv) the Swiss Federal Act on Data Protection of 19 June 1992, and its Ordinance ("Swiss DPA"), in each case, as they may be amended, replaced, or superseded.
1.10. "GDPR" means the General Data Protection Regulation (EU) 2016/679, and its retained version in the United Kingdom;
1.11. "Standard Contractual Clauses" mean the standard contractual clauses attached to European Commission Decision (EU) 2021/914 of 4 June 2021, currently available at
, as they may be amended, replaced, or superseded;
1.12. "UK Addendum" means the International Data Transfer Addendum issued by the Information Commissioner's Office of the United Kingdom pursuant to section 119A(1) of the Data Protection Act 2018, currently available at
, as it may be amended, replaced, or superseded.
Compliance. Both parties shall comply with all applicable requirements of data protection laws. This schedule is in addition and does not exempt, remove, or replace the obligations or rights of a party under data protection laws.Controller/Processor. The parties have determined that, for the purposes of data protection laws, Global Netflow Tecnologia Ltda. shall process Customer Personal Data as a processor on behalf of the Customer. The Customer may be a Controller or Processor.Consents. The Customer shall ensure that it has all necessary consents and appropriate notices to enable the lawful transfer of Customer Personal Data to Global Netflow Tecnologia Ltda. and the lawful collection of such data by the Customer using the services of Global Netflow Tecnologia Ltda. during the term and purposes of the Agreement and DPA, and shall indemnify Global Netflow Tecnologia Ltda. for all losses and damages (including fines) arising from a failure to do so.Nature, Scope, Purpose of Processing, and Data Subjects. Annex A sets forth the scope, nature, and purpose of the processing of Customer Personal Data by Global Netflow Tecnologia Ltda., the duration of the processing, the types of Customer Personal Data, and the categories of Data Subjects.Customer's Instructions. Global Netflow Tecnologia Ltda. shall process Customer Personal Data only in accordance with the documented instructions of the Customer, unless Global Netflow Tecnologia Ltda. is required by any applicable laws to process such Customer Personal Data otherwise. The Agreement and DPA shall be considered as the Customer's instructions; the parties may agree on additional instructions. Global Netflow Tecnologia Ltda. shall inform the Customer if, in Global Netflow Tecnologia Ltda.'s opinion, the Customer's instructions violate data protection laws.Global Netflow Tecnologia Ltda.'s Obligations. Global Netflow Tecnologia Ltda. shall:
a. Implement and maintain appropriate technical and organizational measures to protect Customer Personal Data against Personal Data Breaches, as described in Annex B of this DPA ("Security Measures"). Notwithstanding any contrary provision, Global Netflow Tecnologia Ltda. may modify or update the Security Measures at its discretion, provided that such modification or update does not result in a material degradation of the protection provided by the Security Measures.
b. Ensure that any person authorized by Global Netflow Tecnologia Ltda. to process Customer Personal Data is committed to confidentiality or is subject to an appropriate legal obligation of confidentiality.
c. Assist the Customer, to the extent possible (taking into account the nature of the Processing and the information available to Global Netflow Tecnologia Ltda.), and at the Customer's cost and upon written request, in responding to any request from a Data Subject and in ensuring the Customer's compliance with its obligations under data protection laws, regarding security, breach notifications, impact assessments, and consultations with supervisory or regulatory authorities.
d. Notify the Customer without undue delay upon becoming aware of a Personal Data Breach involving Customer Personal Data.
e. Upon the written direction of the Customer, delete or return Customer Personal Data and copies thereof to the Customer at the end of the Agreement, unless Global Netflow Tecnologia Ltda. is required by any applicable law to continue processing such Customer Personal Data. For purposes of this paragraph, Customer Personal Data shall be considered deleted when it is put beyond any further use by Global Netflow Tecnologia Ltda.
f. In the case of European Data, assist the Customer in ensuring compliance with Articles 32 to 36 of the GDPR; make available all reasonably necessary information to demonstrate compliance with this DPA to the Customer and allow and contribute reasonably to audits, including inspections conducted by the Customer to assess compliance with this DPA, as required by data protection laws; and make available all reasonably necessary information to demonstrate compliance with the requirements of Article 28 of the GDPR for Processors; and
g. Maintain records to demonstrate its compliance with this paragraph.
Service Provider. The parties agree that, if the CCPA applies, the Customer is a "business," and Global Netflow Tecnologia Ltda. is a "service provider" as defined by the CCPA. Global Netflow Tecnologia Ltda. shall not retain, use, or disclose California Personal Information collected under the Agreement for any purpose other than to perform the Agreement or as permitted by the CCPA; and (b) Global Netflow Tecnologia Ltda. shall not retain, use, or disclose California Personal Information collected under this Agreement outside of the direct business relationship between Global Netflow Tecnologia Ltda. and the Customer, except as permitted by the CCPA. Global Netflow Tecnologia Ltda. shall not "sell" or "share" California Personal Information, as defined in the CCPA, nor combine California Personal Information with personal information obtained from other sources other than the Customer, except to the extent necessary to perform the Agreement. The Customer may request, and Global Netflow Tecnologia Ltda. shall provide, periodically reasonable evidence of compliance with this Section 8.Subprocessors. The Customer hereby authorizes Global Netflow Tecnologia Ltda. in advance and on a general basis to appoint Subprocessors to process Customer Personal Data, provided that Global Netflow Tecnologia Ltda. ensures that the terms upon which it appoints such subprocessors are in compliance with Data Protection Laws and are consistent with the obligations imposed on Global Netflow Tecnologia Ltda. under this paragraph; and shall remain responsible for the acts and omissions of any of its subprocessors as if they were the acts and omissions of Global Netflow Tecnologia Ltda. Global Netflow Tecnologia Ltda. has currently appointed the third parties listed in Annex C of this DPA as Subprocessors. Global Netflow Tecnologia Ltda. shall notify the Customer in the event it adds or replaces any Subprocessors listed in Annex C with at least 30 days' advance notice of such changes, should the Customer opt to receive such emails, by contacting Global Netflow Tecnologia Ltda. Global Netflow Tecnologia Ltda. shall include substantially similar protections for Customer Personal Data as set forth in the DPA.
Regenerate response
Brazilian Data: Transfer Mechanisms and Standard Contractual Clauses.
a. Global Netflow Tecnologia Ltda. shall not transfer Brazilian data to any country or recipient that does not provide an adequate level of protection for personal data as established by applicable data protection laws in Brazil, unless it adopts all necessary measures to ensure that the transfer complies with said laws. These measures may include, among others, transferring such personal data to a recipient covered by an adequate framework or other legally appropriate transfer mechanism recognized by competent authorities as providing an adequate level of protection for personal data, or to a recipient that has adopted appropriate standard contractual clauses as adopted or approved in accordance with applicable data protection laws in Brazil.
b. The customer acknowledges that, in the context of the service provision, Global Netflow Tecnologia Ltda. may be a recipient of Brazilian data in the United States or other countries. Subject to the following provisions, the parties agree that the standard contractual clauses shall be incorporated by reference and shall form an integral part of the contract as follows:
Transfers from the European Union (EU). With respect to Brazilian data subject to the General Data Protection Regulation (GDPR) of the European Union: (i) the customer is the "data exporter," and Global Netflow Tecnologia Ltda. is the "data importer"; (ii) the terms of Module Two shall apply to the extent the customer is the data controller of Brazilian data, and the terms of Module Three shall apply to the extent the customer is the data processor of Brazilian data; (iii) in Clause 7, the optional local law provision shall apply; (iv) in Clause 9, Option 2 shall apply, and any changes to subprocessors shall be notified in accordance with the "Subprocessors" section of this agreement; (v) in Clause 11, the optional language shall be excluded; (vi) in Clauses 17 and 18, the parties agree that the applicable law and forum for disputes under the standard contractual clauses shall be determined in accordance with the laws of Brazil; (vii) the annexes of the standard contractual clauses shall be deemed completed with the information set forth in the annexes of this agreement; and (viii) in the event of any conflict between the terms of the standard contractual clauses and any provision of this agreement, the standard contractual clauses shall prevail to the extent of such conflict.
Transfers to Other Countries. In the case of transfers of Brazilian data to countries other than the European Union, Global Netflow Tecnologia Ltda. shall take necessary measures to ensure compliance with applicable data protection laws in Brazil. Such measures may include entering into contracts or agreements that ensure adequate protection of Brazilian data, as required by applicable laws.
c. If Global Netflow Tecnologia Ltda. is unable to fulfill its obligations under the standard contractual clauses or is in breach of any warranty provided under the standard contractual clauses, the customer shall provide reasonable notice to Global Netflow Tecnologia Ltda. to allow it to rectify the non-compliance. The customer agrees to reasonably cooperate with Global Netflow Tecnologia Ltda. to identify any additional safeguards that may be implemented to correct such non-compliance. In the event that Global Netflow Tecnologia Ltda. is unable or fails to rectify the non-compliance, the customer may suspend or terminate the transfer of Brazilian data in accordance with the contract, without any liability to either party, except for fees incurred by the customer before the suspension or termination.
11. Amendments. Notwithstanding any other provision in the Agreement, Global Netflow Tecnologia Ltda. reserves the right to make any updates and changes to this DPA, including to address changes in data protection laws and revise the security provisions in this DPA, provided that Global Netflow Tecnologia Ltda. does not substantially reduce the overall level of security provided to customer's personal data.
ANNEX A - Details of Processing
A. List of Parties
Data Exporter:
Name: You, as defined in the Terms of Service of Global Netflow Tecnologia Ltda.
Address: Your address as specified in your Account on the Platform
Name, position, and contact information of the responsible person: Your contact information as specified in your Account on the Platform
Relevant activities regarding the transferred data under these Clauses: Execution of the Agreement between the parties as Controller.
Function (controller/processor): Controller or Processor
Data Importer:
Name: Global Netflow llc
Address: 12345 Lake city way ne 2033 seattle- WA 98125 - US
Name, position, and contact information of the responsible person: THIAGO F M OLIVEIRA, Founder
Relevant activities regarding the transferred data under these Clauses: Execution of the Agreement between the parties.
Function (controller/processor): Processor
B. Description of the Transfer
Categories of data subjects whose personal data is transferred: Customers and potential customers of the customers.
Categories of personal data transferred: Personal data inputted and collected as decided by the Customer, including name, age, date of birth, phone number, email address, social media profiles.
Sensitive data transferred and restrictions or safeguards applied: The parties do not anticipate the transfer of sensitive data.
Frequency of the transfer: Variable during the term of the Agreement.
Subject matter and nature of the processing: Global Netflow Tecnologia Ltda. will provide the Services to the Customer under the Agreement between the parties. The Customer will use the Services to collect and process the personal data of its customers and potential customers for the purpose of managing and conducting marketing activities, which may be targeted to its customers and potential customers.
The processing will involve the collection, storage, recording, contacting, and management of personal data, particularly for the purposes of executing marketing campaigns, providing marketing services, and overall marketing management.
Purpose of the transfer and additional processing: Global Netflow Tecnologia Ltda. will process the personal data as necessary to provide the Service under the Agreement, as specified further in an order form and as instructed by the Customer in using the Service.
Retention period of the personal data: Duration of the period in which the Customer accesses and uses Global Netflow Tecnologia Ltda.'s platform under the Service Agreement.
C. Competent Supervisory Authority:
For the purposes of the Standard Contractual Clauses, the competent supervisory authority will be determined in accordance with the data transfer mechanisms established in this DPA
Measures for pseudonymization and encryption of personal data:
All personal data at rest is encrypted with AES 256 CBC.All personal data in transit is encrypted with TLS V1.2+.
Measures to ensure the confidentiality, integrity, availability, and resilience of processing systems and services:
The Processor has endpoint protection in its APIs.The Processor has uptime monitors to help ensure availability and alert the Processor in case of downtime.The Processor has implemented access control measures, such as user-based authentication and subaccount-based authentication.The Processor uses managed services (AWS, GoogleCloud) to help ensure integrity.
Measures to ensure the ability to restore availability and access to personal data in case of physical or technical incident:
Personal data is backed up in AWS and GoogleCloud with a granularity of 5 minutes to allow the Processor to restore personal data in case of an incident.
Measures for user identification and authorization:
The Processor uses encrypted signed tokens and role-based authorizations, as well as password protection.
Measures for data protection during transmission:
SSL certificates and HTTPS are used during the transmission of personal data. Protected with TLS v1.2+.
Measures for data protection during storage:
Personal data is encrypted at rest with AES-256 CBC encryption.
Measures to ensure the physical security of the locations where personal data is processed:
The Processor uses managed services to ensure the physical security of server locations. All personal data is stored in AWS and GoogleCloud, with the physical security described in the AWS and GoogleCloud Terms and Conditions, respectively.
Measures to ensure the recording of events:
The Processor logs all user actions and audit logs. GoogleCloud ops is used for application and infrastructure monitoring. Additionally, the Processor uses AWS CloudWatch.
Measures to ensure system configuration, including default configuration:
The Processor has settings stored in version control. All containers are created from standardized images hosted by AWS and GoogleCloud. Updates and upgrades are performed automatically and managed by GoogleCloud. Patching of any vulnerabilities is managed by GoogleCloud according to their standard policies.
Measures for governance and internal IT and IT security management:
The Processor uses a third-party vendor (iWerk) for internal IT and IT security.
Measures for certification/assurance of processes and products:
The Processor receives the Compliance Group's HIPAA Seal of Compliance Certificate.
Measures to ensure data minimization:
The Processor establishes the minimum data requirement. Users can choose not to enter personal data in optional fields.
Measures to ensure data quality:
The Processor allows customers to update relevant personal data to the most recent date and uses two-factor authentication. Application monitoring is conducted by GoogleCloud and custom monitors.
Measures to ensure limited data retention:
Data retention can be configured for specific individuals by the customer administrator.
Measures to ensure accountability:
The Processor's access to personal data is restricted based on rules.
Measures to enable data portability and ensure deletion:
Customers can download their personal data from the Service. They can request a copy or deletion of their personal data upon separation. The Processor uses support tickets to ensure compliance with the above.
Specific technical and organizational measures to be adopted by the Data Importer to provide assistance to the Data Exporter:
Self-Service:
Customers can download their personal data from within the Service.Customer administrators can set data retention for terminated employees.
Customer and Product Support:
Frequently Asked Questions (FAQs) are available.Support tickets can be opened for specific inquiries not covered by the customer/product support materials on the Service Provider's website.
ANNEX C - Subprocessors:
Authorized Subprocessor Name: Google LLC/Google Cloud ServicesAddress: 1600 Amphitheatre Parkway, Mountain View, California 94043, United StatesContact Information: legal-notices@google.comDescription of Processing: Data storage; support for the execution of this ContractCountry where Subprocessing will be carried out: United StatesAuthorized Subprocessor Name: Amazon Web Services, Inc.Address: 410 Terry Avenue North, Seattle, WA 98109-5210, United StatesContact Information: 206.266.7010Description of Processing: Data storage; support for the execution of this ContractCountry where Subprocessing will be carried out: United States
"Our business is to help you expand your business!"
Explore
Contato
manager@globalnetflow.com
Seg-Sex: 9AM-6PM
🇧🇷 +55 (11) 3230-0211
Avenida Paulista 1106
Sala 01 andar 16- São Paulo-SP
🇺🇸 +1 (404) 777-0463
12345 Lake City Way Ne Suite 2033 - Seattle - Washington - United States
© 2023 Global Netlfow - - All Rights Reserved. Todo os direiros reservados
'%3e%3cg id='Final-Copy-2_2_' transform='translate(1275.000000, 200.000000)'%3e%3cpath class='st0' d='M7.4,12.8h6.8l3.1-11.6H7.4C4.2,1.2,1.6,3.8,1.6,7S4.2,12.8,7.4,12.8z'/%3e%3c/g%3e%3c/g%3e%3c/g%3e%3cg id='final---dec.11-2020'%3e%3cg id='_x30_208-our-toggle' transform='translate(-1275.000000, -200.000000)'%3e%3cg id='Final-Copy-2' transform='translate(1275.000000, 200.000000)'%3e%3cpath class='st1' d='M22.6,0H7.4c-3.9,0-7,3.1-7,7s3.1,7,7,7h15.2c3.9,0,7-3.1,7-7S26.4,0,22.6,0z M1.6,7c0-3.2,2.6-5.8,5.8-5.8 h9.9l-3.1,11.6H7.4C4.2,12.8,1.6,10.2,1.6,7z'/%3e%3cpath id='x' class='st2' d='M24.6,4c0.2,0.2,0.2,0.6,0,0.8l0,0L22.5,7l2.2,2.2c0.2,0.2,0.2,0.6,0,0.8c-0.2,0.2-0.6,0.2-0.8,0 l0,0l-2.2-2.2L19.5,10c-0.2,0.2-0.6,0.2-0.8,0c-0.2-0.2-0.2-0.6,0-0.8l0,0L20.8,7l-2.2-2.2c-0.2-0.2-0.2-0.6,0-0.8 c0.2-0.2,0.6-0.2,0.8,0l0,0l2.2,2.2L23.8,4C24,3.8,24.4,3.8,24.6,4z'/%3e%3cpath id='y' class='st3' d='M12.7,4.1c0.2,0.2,0.3,0.6,0.1,0.8l0,0L8.6,9.8C8.5,9.9,8.4,10,8.3,10c-0.2,0.1-0.5,0.1-0.7-0.1l0,0 L5.4,7.7c-0.2-0.2-0.2-0.6,0-0.8c0.2-0.2,0.6-0.2,0.8,0l0,0L8,8.6l3.8-4.5C12,3.9,12.4,3.9,12.7,4.1z'/%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/svg%3e)
Suas opções de privacidade