Last updated: November 2, 2020
Regarding the engagement of COVVE VISUAL NETWORK LIMITED as Processor pursuant to Article 28 of Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as “GDPR”)
The Controller engages the Processor to provide the Service to the Controller.
Data may also be processed in order to comply with disclosure requirements arising by virtue of operation of law. In this case the Processor shall notify the Controller in advance about such requirements as set forth in paragraph 5 below.
The Processor will not access the data, unless this is necessary in order to improve the quality of the Service or where he is obliged to do so in order to comply with a legal obligation, or unless otherwise instructed to do so by the Controller.
The following categories of Data of the following categories of data subjects will be processed:
|Categories of data subjects||Categories of Data|
|Any person whose business card the Controller sends to the Processor for the purposes of scanning||Image of the person’s business card with all data mentioned therein such as name, company, job title, phone number and email.|
|Name||Place of processing||Purpose of Use|
Microsoft Azure is used for the hosting of the entire solution.
Logentires (by Rapid7) is used for managing server logs for the solution.
Cloudflare is a traffic optimization and distribution service which filters all the traffic to the servers.
To provide analysis services used in the process of scanning.
To provide storage for user backups
The Processor shall inform the Controller of any intended changes concerning the addition or replacement of other sub-processors, thereby giving the Controller the opportunity to object to such changes. The Controller may object to the addition or replacement of sub-processors within 7 days after the Processor’s notification of the intended change. If the Controller neither approves nor objects within such period, the respective sub-processor shall be deemed as approved. The Controller shall not unreasonably object to any intended change.
The Processor shall immediately inform the Controller if, in its opinion, an instruction infringes the GDPR or other European Union or Member State data protection provisions.