In order to fulfill the requirements of the applicable data protection laws, concerning TeamViewer US, until further notice, agree on the following regulations concerning commissioned (data) processing which supplement the Terms of Service. The details of the data processing are described in Annex 1.
2. RIGHTS AND OBLIGATIONS OF TeamViewer US
2.1 Compliance with Applicable Laws. The obligations of TeamViewer US shall arise from this Agreement and the applicable laws. The applicable laws shall particularly include the General Data Protection Regulation ("GDPR").
2.2 Processing on Instructions Only. TeamViewer US shall only process personal data within the scope of General Data Protection Regulation (“GDPR”) and on documented instructions from the Customer mutually agreed by the parties in the Terms of Service. Customer may issue additional instructions to the extent required in order to comply with the applicable data protection laws, including with regard to transfers of personal data to a third country or an international organization, unless required to do so by Union or Member State law to which TeamViewer US is subject; in such a case, TeamViewer US shall inform the Customer of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest. TeamViewer US shall ensure that this also applies for any persons granted access to personal data.
2.3 Obligation of Confidentiality. TeamViewer US shall ensure and provide verification upon request that those persons authorized to process personal data have committed themselves to confidentiality, unless they are subject to a statutory obligation of confidentiality.
2.4 Security Measures Pursuant to Art. 32 GDPR
2.4.1 Principle. TeamViewer US declares that it will implement the necessary measures for the security of processing according to Art. 32 of the GDPR (collectively, the "Security Measures").
2.4.2 Scope. For the concrete commissioned processing, a level of security appropriate to the risk for the rights and freedoms of the natural persons who are the subject of the processing shall be guaranteed. In this regard, the protection objectives of Art. 32(1) of the GDPR, especially the confidentiality, integrity, availability and resilience of the processing systems and services in terms of the nature, scope, context and purposes of the processing shall be taken into account in such a way that any risks shall be mitigated permanently through appropriate security measures.
2.4.3 Data Protection Concept. The data protection concept describes in detail the selection of security measures. Please contact us at firstname.lastname@example.org to receive a copy of our security measures.
2.4.4 Procedure for Reviewing. The data protection concept describes the procedures for regularly reviewing, assessing and evaluating the effectiveness of the security measures. Please contact us at email@example.com to receive a copy of our security measures.
2.4.5 Changes. The Security Measures are subject to technical progress and further developments. TeamViewer US shall be permitted in principle to implement alternative adequate measures. The level of security may thereby not fall below the level existing prior to this Agreement based on the Security Measures already implemented or to be implemented.
2.5 Engagement of Additional Processors. The obligations of TeamViewer US engaging additional processors ("Subcontractors") are regulated in clause 3.
2.6 Assistance with Safeguarding the Rights of Data Subjects. TeamViewer US shall assist the Customer by appropriate technical and organizational measures, insofar as this is possible, in fulfilling its obligations to respond to rights to access, rectification, deletion or blocking according to requests for exercising the data subject’s rights laid down in Chapter III of the GDPR. If a data subject should directly contact TeamViewer US for the purposes of exercising the data subject’s rights, TeamViewer US shall forward this request to the Customer at latest within one month after receiving the request. Additional request for assistance with User Rights shall be borne by the Customer.
2.7 Assistance with Ensuring Compliance. Considering the nature of processing and the information available to TeamViewer US, TeamViewer US shall assist the Customer in ensuring compliance with the obligations pursuant to Art. 32 – 36 GDPR, with respect to the security of the processing, data protection impact assessments and consultation of supervisory authorities. Additional request for assistance with User Rights shall be borne by the Customer.
2.8 Deletion and Return at the End of Processing. At the choice of the Customer, TeamViewer US shall delete or return the personal data that is the object of the commissioned data processing, unless the law of the European Union or a Member State to which TeamViewer US is subject requires storage of the personal data. Additional request for assistance with User Rights shall be borne by the Customer.
2.9 Information to Demonstrate Compliance with Data Protection Obligations and Inspections. TeamViewer US shall make available to the Customer all information necessary to demonstrate compliance with the obligations resulting from clauses 2 and 3. In the event of any failure to provide such information or audit reports, TeamViewer US will regularly, at least every 18 months, conduct internal audits and make the audit reports available for the customers upon their requests. TeamViewer US allows for and contributes to additional audits, including inspections, conducted by the Customer or another auditor mandated by the Customer; the costs for such additional audits shall be borne by the Customer (rates will be discussed upon request) except in case TeamViewer US internal audits results give substantial rise to concerns of non-compliance.
2.10 Obligation to Notify Doubts About Instructions. TeamViewer US shall immediately inform the Customer if, in its opinion, the execution of an instruction could infringe any applicable data protection laws.
2.11 Obligation to Notify Breaches. If TeamViewer US detects any breaches of applicable data protection laws, this Agreement, instructions of the Customer relating to the data processing, or instructions of the data protection officer, TeamViewer US shall notify the Customer without undue delay.
2.12 Designation of a Data Protection Officer. TeamViewer US has designated a data protection officer, who can be reached at firstname.lastname@example.org.
2.13 Disclosure or Publication of Appropriate or Suitable Safeguards for Transfers to a Third Country. TeamViewer US agrees to disclose or publish information on the appropriate or suitable safeguards that have been used to make a transfer to a third country to the extent that this is required under Art. 13(1) f) or 14(1) f) of the GDPR in order to inform the data subject.
3.1 Subcontractors Engaged Upon Conclusion of the Agreement. TeamViewer US has engaged a number of Subcontractors, and a list is available upon request. The Customer shall treat the list of Subcontractors as a confidential business secret and shall not disclose it to third parties.
3.2 Additional Subcontractors. If TeamViewer US would like to engage additional or different Subcontractors to render the contractually agreed services, such Subcontractors shall be selected using the due care required by law. TeamViewer US shall give the data exporter prior notice of the appointment of any new Subcontractors 15 days in advance. The Customer may object against the instruction of the new Subcontractors on reasonable grounds. In case an understanding cannot be reached, TeamViewer US is entitled to terminate the Terms of Service with 2 weeks notice.
3.3 Obligations of Subcontractors
3.3.1 Structuring Contracts According to the Requirements of the Agreement. TeamViewer US shall structure the contracts with Subcontractors in such a way that they comply with the requirements of the applicable data protection laws and this Agreement.
3.3.2 Engagement of Additional or Different Subcontractors. TeamViewer US shall obligate any Subcontractors to commit in particular to refraining from engaging any additional or other Subcontractors to process personal data without complying with sec.3.2.
3.3.3 Checking Safeguards of Subcontractors. TeamViewer US will examine whether sufficient safeguards will be provided to implement appropriate technical and organizational measures in such a way that the applicable data protection laws and this Agreement are complied with.
Annex 1: Details of the Data Processing According to GDPR Data Processing
Agreement. TeamViewer US will examine whether sufficient safeguards will be provided to implement appropriate technical and organizational measures in such a way that the applicable data protection laws and this Agreement are complied with.
1. Object. The object of the data processing arises from the Terms of Service.
2. Duration. The duration of the data processing shall depend on the term of the Terms of Service.
3. Nature and Purpose of the Processing. TeamViewer US shall process all personal data solely for the purposes of enabling the use of the products and services provided under the Terms of Service and according to documented instructions on behalf of the Customer.
4. Type of Personal Data. The following types of personal data shall be processed:
4.1 Customer Information
4.1.1 First name, name and country of the Customer;
4.1.2 Contact information such as company name, email and phone number;
4.1.3 Payment details - Credit card info, billing address;
4.2 User Information. Personally identifiable information collected and processed to enable product operation functionality:
- IP address
- Date and time of the request
- Time zone difference from Greenwich Mean Time (GMT)
- Content of the request (specific site)
- Access status / HTTP status code
- Volume of data transmitted each time
- Website from which the request comes
- Operating system and its interface
- Language and version of the browser software
- The country of origin for the visitor