Appendix A – Information about the processing
A.1 The purpose of the data processor’s processing of personal data on behalf of the data controller is
The purpose of the data processor’s processing of personal data on behalf of the data controller is so that the data controller can use the Application (CleanManager), which is owned and operated by the data processor, to manage and plan work on the data controller’s employees and customers.
A.2 The data processor’s processing of personal data on behalf of the data controller shall mainly pertain to (the nature of the processing)
Delivering, operating and further developing of the Application, including storing data and backup management.
Besides storing of data, the processing may also in – accordance with the data controllers instruction – include:
A.3 The processing includes the following types of personal data about data subjects
For employees: Name, address, phone no., email, CPR-no., bank statements, employment and termination date, emergency contact person, picture, time and place of meetings, employment contract, workplace assessments etc.
For customers: Name, billing and shipping address, phone no., email, CVR-no. and EAN-no., CPR-no., information on contact person (name, phone no. and email), contracts, work assessments etc.
The data processor does not support the recording of data related to the special categories of personal data, including health, race and ethnicity and personal data related to criminal conviction and offences.
A.4 Processing includes the following categories of data subject
The processing may include the following categories of data subjects insofar the data on these categories are entered into the Application:
The data controller’s current employees
The data controller’s terminated employees
The data controller’s potential customers and their contact persons
The data controller’s current customers and their contact persons
The data controller’s previous customers and their contact persons
Section III to V includes both private persons, enterprises and public organisations.
A.5 The data processor’s processing of personal data on behalf of the data controller may be performed when the Clauses commence. Processing has the following duration
The processing may be performed for the entire and continuous duration of the subscription period and 30 days after the termination of the subscription period.
There may be a duration of 20 days from the period of deletion until the data is deleted from the backup systems.