DATA PROCESSING AGREEMENT

Processing of personal data (GDPR)

Star Information Systems AS (SIS) is the processing controller for registered personal data as described below. This is an overview of the client’s rights and a description of how SIS processes personal data.

Relationship with client

When a new client relationship is established, personal data is collected and registered. In addition, personal data is registered when a job resulting from the client relationship or an agreement with SIS is executed.

Purpose

SIS processes personal data that is required for the following purposes:

  • Preparation, administration and implementation of support and consultancy agreements with the client.
  • Preparation, administration and implementation of transaction and message handling (SIS Commerce, replication and the web-based approval service SIS Approval).
  • Execution of marketing and sales work associated with established and new client relationships.

Personal information may, for the stated purposes, and within the framework of the applicable regulations and the strict confidentiality rules applicable to SIS, including the confidentiality statement submitted by all employees and partners, be disclosed to and processed by subsidiaries within the SIS Group, or other companies with which the SIS Group cooperates.

Rights

Every client has the right to know what personal data is processed by SIS to be able to:
a) Get an overview of the information that is being processed.
b) Request that incorrect or incomplete information is corrected.
c) Request that personal data is deleted or that the use of personal data is restricted.
d) Protest if the client considers that personal data is being processed in violation of the purpose.
e) Require that personal data processed by SIS is disclosed to the client or to another processing controller. Disclosure requires that the personal data is processed in accordance with agreement or consent and that disclosure is technically possible (data portability).
Deletion assumes that the data is not required for other regulatory reasons, such as the duty of retention in connection with accounting, SOX regulations, other trace ability requirements or the like.

Data that is stored or processed

Support and operation of applications:
Name, phone number, e-mail address, company affiliation

SIS Commerce:
Name, phone number, e-mail address, office address, company affiliation

Replication:
User ID

Sales and Marketing:
Data registered in CRM: name, title, phone number, e-mail address, company, company phone number and address. Sales and Marketing-related transactions between SIS and the client.