A decision issued by the European Commission under Article 25 EC Data Protection Directive that a country or region or a category of recipients in such country or region is deemed to provide an "adequate" level of data protection.
Applicable Data Controller Law
APPLICABLE DATA CONTROLLER LAW means the provisions of mandatory law of a country containing rules for the protection of individuals with regard to the Processing of Personal Information including security requirements for and the free movement of such Personal Information as applicable to ZaapIT in its capacity as the Data Controller of Personal Information.
ARCHIVE shall mean a collection of CSB Information that is no longer necessary to achieve the purposes for which the CSB Information originally was collected or that is no longer used for general business activities, but is used only for historical, scientific or statistical purposes, dispute resolution, investigations or general archiving purposes. An Archive includes any data set that can no longer be accessed by any Employee other than the system administrator.
ARTICLE shall mean an article in this CSB Privacy Code.
Binding Corporate Rules
BUSINESS DEVELOPMENT shall mean the tasks and processes aimed at developing and implementing growth opportunities within and between ZaapIT and Business Partners.
BUSINESS PARTNER shall mean any Third Party, other than a Customer or Supplier, that has or has had a business relationship or strategic alliance with ZaapIT (e.g., joint marketing partner, joint venture or joint development partner, investor).
BUSINESS PURPOSE shall mean a purpose for Processing CSB Information as specified in Article 2 or 3 or for Processing Sensitive Information as specified in Article 4 or 3.
Chief Privacy Officer
CHIEF PRIVACY OFFICER shall mean the officer as referred to in Article 13.1.
CHILDREN shall mean Individuals under thirteen (13) years of age.
COMPETENT DPA shall have the meaning set forth in Article 16.2 above.
CSB INFORMATION shall have the meaning set forth in Article 1.1 above
CSB Privacy Code
CSB PRIVACY CODE shall mean this Privacy Code for Customer, Supplier and Business Partner Information.
CUSTOMER shall mean any person, private organisation, or government body that purchases, may purchase or has purchased a ZaapIT product or service.
CUSTOMER SERVICES shall mean the services provided by ZaapIT to Customers to support ZaapIT products and services offered to or in use with their employees or customers (e.g., ZaapIT’s digital transaction management platform and related services). These services may include the maintenance, upgrade, replacement, inspection and related support activities aimed at facilitating continued and sustained use of ZaapIT products and services.
DATA CONTROLLER shall mean the entity or natural person which alone or jointly with others determines the purposes and means of the Processing of Personal Information.
Data Protection Impact Assessment (DPIA)
DATA PROTECTION IMPACT ASSESSMENT (DPIA) shall mean a procedure to conduct and document a prior assessment of the impact which a given Processing may have on the protection of CSB Information, where such Processing is likely to result in a high risk for the rights and freedoms of Individuals, in particular where new technologies are used.
A DPIA shall contain:
i. a description of:
i. the scope and context of the Processing;
ii. the Business Purposes for which CSB Information is Processed;
iii. the specific purposes for which Sensitive Information is Processed;
iv. categories of CSB Information recipients, including recipients not covered by an Adequacy Decision;
v. CSB Information storage periods;
ii. an assessment of:
i. the necessity and proportionality of the Processing;
ii. the risks to the privacy rights of Individuals; and
iii. the measures to mitigate these risks, including safeguards, security measures and other mechanisms (such as privacy-by-design) to ensure the protection of CSB Information.
Data Protection Law
DATA PROTECTION LAW shall mean the provisions of mandatory law of an EEA country / UK country / IL country containing rules for the protection of individuals with regard to the Processing of Personal Information including security requirements for and the free movement of such Personal Information.
Data Security Breach
DATA SECURITY BREACH shall mean the unauthorized acquisition, access, use or disclosure of unencrypted CSB Information that compromises the security or privacy of such information to the extent the compromise poses a high risk of financial, reputational, or other harm to the Individual. A Data Security Breach is deemed not to have occurred where there has been an unintentional acquisition, access or use of unencrypted CSB Information by an employee of ZaapIT or Third Party Processor or an individual acting under their respective authority, if:
i. the acquisition, access, or use of CSB Information was made in good faith and within the course and scope of the employment or professional relationship of such employee or other individual; and
ii. the CSB Information is not further acquired, accessed, used or disclosed by any person.
DIVESTED ENTITY shall mean the divestment by ZaapIT of a Group Company or business by means of:
i. a sale of shares that results in the divested Group Company no longer qualifying as a Group Company; and/or
ii. a demerger, sale of assets, or any other manner or form.
ZaapIT shall mean ZaapIT AS LTD. and its Group Companies.
ZaapIT, INC. shall mean ZaapIT AS LTD.
DPA shall mean any data protection authority of one of the countries of the EEA / UK / IL.
EEA or EUROPEAN ECONOMIC AREA shall mean all Member States of the European Union, plus Norway, Iceland and Liechtenstein, and for purposes of this Privacy Code, Switzerland.
EFFECTIVE DATE shall mean the date on which this CSB Privacy Code becomes effective as set forth in Article 1.7.
EMPLOYEE shall mean the following individuals:
i. an employee, job applicant or former employee of ZaapIT including temporary workers working under the direct supervision of ZaapIT (e.g., independent contractors and trainees). This term does not include people working at ZaapIT as consultants or employees of Third Parties providing services to ZaapIT;
ii. a (former) executive or non-executive director of ZaapIT or (former) member of the supervisory board or similar body to ZaapIT.
GROUP COMPANY shall mean ZaapIT Inc. and any company or legal entity of which ZaapIT Inc., directly or indirectly owns more than 50% of the issued share capital, has 50% or more of the voting power at general meetings of shareholders, has the power to appoint a majority of the directors, or otherwise directs the activities of such other legal entity; however, any such company or legal entity shall be deemed a Group Company only as long as a liaison and/or relationship exists.
INDIVIDUAL shall mean any individual (employee of or any person working for) Customer, Supplier or Business Partner and any other individual whose CSB Information ZaapIT processes in the context of the provision of its services.
INTERNAL PROCESSOR shall mean any Group Company that Processes CSB Information as a Data Processor on behalf of another Group Company acting as the Data Controller.
LOCAL FOR LOCAL PROCESSING shall have the meaning set forth in Article 1.2 above.
ORGANIZATIONAL UNIT shall mean each business unit and staff function of ZaapIT.
OVERRIDING INTEREST shall mean the pressing interests set forth in Article 12.1 based on which the obligations of ZaapIT or rights of Individuals set forth in Article 12.2 and 12.3 may, under specific circumstances, be overridden if this pressing interest outweighs the interest of the Individual.
PERSONAL INFORMATION shall mean any information relating to an identified or identifiable Individual.
PRIVACY CODE shall mean this Privacy Code for CSB Information.
PRIVACY LEAD shall mean a Privacy Lead appointed by the Chief Privacy Officer pursuant to Article 13.3.
Processing shall mean any operation that is performed on CSB Information, whether or not by automatic means, such as collection, recording, storage, organization, alteration, use, disclosure (including the granting of remote access), transmission or deletion of CSB Information.
PROCESSOR CONTRACT shall mean any contract for the Processing of CSB Information entered into by ZaapIT and a Third Party Processor.
RESPONSIBLE EXECUTIVE shall mean the lowest-level ZaapIT business executive or the non-executive general manager of a ZaapIT business function/unit who has primary budgetary ownership of the relevant Processing.
SECONDARY PURPOSE shall have the meaning ascribed to that term in Article 3.1.
Security & Privacy Council
Security & PRIVACY COUNCIL shall mean the council referred to in Article 13.2.
SENSITIVE INFORMATION shall mean CSB Information that reveals an Individual's racial or ethnic origin, political opinions or membership in political parties or similar organizations, religious or philosophical beliefs, membership in a professional or trade organization or union, physical or mental health including any opinion thereof, disabilities, genetic CSB Information, biometric CSB Information, addictions, sex life, criminal convictions or offenses, or social security numbers issued by the government.
STAFF shall mean all Employees and other persons who Process CSB Information as part of their respective duties or responsibilities as employees or individuals under the direct authority of ZaapIT using ZaapIT information technology systems or working primarily from ZaapIT's premises.
SUPPLIER shall mean any Third Party that provides goods or services to ZaapIT (e.g., an agent, consultant or vendor), including Third Party Processors.
SUPPLIER SERVICES shall mean the goods or services provided by Supplier under an agreement with ZaapIT.
THIRD PARTY shall mean any person or entity (e.g., an organization or government authority) outside ZaapIT.
Third Party Controller
THIRD PARTY CONTROLLER shall mean a Third Party that Processes CSB Information and determines the purposes and means of the Processing.
Third Party Processor
THIRD PARTY PROCESSOR shall mean a Third Party that Processes CSB Information on behalf of ZaapIT that is not under the direct authority of ZaapIT.