These Data Processing Terms and Conditions (“Data Processing Terms”) apply to the Processing of Personal Data by KYOCERA Document Solutions Europe B.V. or its Sales Companies, authorized dealers, distributors and resellers (“KYOCERA”) from which you, the Customer, purchased a licensed to use Kyocera Cloud Information Manager (“KCIM”, “Services”).
These Data Processing Terms serve as the binding contract within the meaning of Article 28 (3) GDPR and set out the subject-matter and duration of the Processing, the nature and purpose of the Processing, the type of Personal Data and Categories of Data Subjects and the obligations and rights of the Controller and is supplemented by the terms and conditions stated in the agreement between KYOCERA and Customer applicable to the Services (“Agreement”).
Customer acts as Controller and KYOCERA as Processor with respect to the Processing of Personal Data under the Agreement and these Data Processing Terms, or, as the case may be, Customer acts as a Processor for its end-customers and KYOCERA acts as sub-Processor of Customer acting on instruction of Customer vis-à-vis its end-customers.
The terms that have been identified in these Data Processing Terms by a capital letter have the following meaning (words in the singular include the plural and vice versa), or, if not stated below, have the meaning given to it in the GDPR:
1.1 “Customer” means the KYOCERA customer as identified in the Agreement.
1.2 “Data Protection Laws” means all laws and regulations, including but not limited to the GDPR, that are applicable to the Processing of Personal Data under the Agreement.
1.3 “GDPR” means General Data Protection Regulation, the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the Processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC.
1.4 “KYOCERA Affiliate” means a Sales Company of Kyocera Document Solutions Europe B.V. as listed in Annex 2 and a Sales Company’s and Kyocera Document Solutions Europe B.V.’s authorised dealers and distributors.
1.5 “Services” means the services to be performed by KYOCERA in accordance with, and as specified in the Agreement.
1.6 “Standard Contractual Clauses” means the contractual clauses as issued by the European Commission.
1.7 “Sub-Processor” means any Processor engaged by KYOCERA.
1.8 “TOMs” means the technical and organizational measures required pursuant to Article 32 GDPR.
2.1 Instructions. KYOCERA shall only Process Personal Data in accordance with Customer’s written instructions, which are the provision of Services as specified in the Agreement. Customer shall ensure that all instructions provided by Customer to KYOCERA pursuant to these Data Processing Terms and the Agreement will be in accordance with the Data Protection Laws. Customer shall have the sole responsibility for the accuracy, quality, and legality of Personal Data and the means by which Customer acquired Personal Data.
2.2 Details of Processing. Annex 1 to these Data Processing Terms sets out certain information regarding the Processing of Personal Data.
2.3 Compliance with Data Protection Laws. KYOCERA shall comply with applicable Data Protection Laws in the Processing of Personal Data.
2.4 Confidentiality. KYOCERA shall keep the Personal Data strictly confidential and shall not transmit, disseminate or otherwise transfer Personal Data to third parties unless agreed to under Section 3, on written instruction of Customer, for the purpose of the performance of the Agreement or unless required to do so by applicable laws to which KYOCERA is subject. In the latter case, KYOCERA shall inform Customer of that legal requirement before Processing, unless that law prohibits such information on important grounds of public interest, in which case KYOCERA shall inform Customer within 24 hours after KYOCERA knew or should have known of the legal requirement.
3.1 Appointment. Customer acknowledges and agrees that (a) KYOCERA Affiliates may be retained as Sub-Processors; and (b) KYOCERA and KYOCERA Affiliates respectively may engage third-party Sub-Processors in connection with the provision of Services. A list of appointed Sub-Processors is added in Annex 1 and may be amended from time-to-time at KYOCERA’s sole discretion, but providing at least two (2) weeks’ notice to Customer by publication of the proposed Sub-Processor(s) on the Kyocera website.
3.2 Sub-Processor obligations. For the purpose of sub-processing, KYOCERA shall enter into written agreements with its Sub-Processors, which agreements shall include as a minimum the same obligations as to which KYOCERA is bound to under these Data Processing Terms, and shall in particular include an obligation of the Sub-Processor to implement appropriate TOMs to meet the requirements of applicable Data Protection Laws.
3.3 Right to object new Sub-Processors. Customer may object to KYOCERA’s use of a new Sub-Processor by notifying KYOCERA promptly in writing, but in any case within two (2) weeks after publication of the proposed changes on the KYOCERA website [INSERT LINK TO KCIM DOCUMENTS]. In the event of a reasonable objection, KYOCERA shall work with Customer in good faith to make available a commercially reasonable change in the provision of the Services, which avoids the Processing of Personal data by that proposed Sub-Processor. If KYOCERA is unable to make available such change within a reasonable period of time, which shall not exceed thirty (30) days, Customer may terminate the Agreement with respect only to those Services, which cannot be provided by KYOCERA without the use of the proposed Sub-Processor by providing written notice to KYOCERA.
3.4 Liability. KYOCERA shall be liable for the acts and omissions of its Sub-Processors to the same extent KYOCERA would be liable if performing the services of each Sub-Processor directly under the term of these Data Processing Terms.
6.1 TOMs. Taking into account the nature of the Processing, KYOCERA shall assist Customer by appropriate TOMs, insofar as this is reasonably possible, for the fulfilment of Customer’s obligation to respond to a Data Subject Request under the GDPR or other applicable Data Protection Laws.
6.2 Data Subject Requests. KYOCERA shall, to the extent legally permitted, promptly notify Customer if it receives a Data Subject Request. To the extent Customer, in its use of the Services, does not have the ability to address a Data Subject Request, KYOCERA shall upon Customer’s request provide reasonable efforts to assist Customer in responding to such Data Subject Request to the extent KYOCERA is legally permitted to do so and the response to such Data Subject Request is required under the GDPR or other Data Protection Laws. To the extent legally permitted, Customer shall be responsible for any costs arising from KYOCERA’s provision of such assistance.
7.1 Notification. To the extent as permitted by law, KYOCERA shall promptly, after it becomes aware, notify Customer of any actual or reasonably suspected Personal Data Breach by KYOCERA or its Sub-Processor(s). The notification shall as a minimum include the information as stipulated in Article 28(3) of the GDPR.
7.2 Remedy. To the extent the Personal Data Breach is caused by a violation by KYOCERA or its Sub-Processors of the requirements of these Data Processing Terms, the Agreement or applicable Data Protection Laws, KYOCERA shall, taking into account the nature of the Personal Data Breach and the risk of varying likelihood and severity for the rights and freedoms of natural persons involved, at the instruction of Customer make all efforts to identify and remediate the cause of the Personal Data Breach, to mitigate the risks to the rights and freedoms of natural persons involved and to further assist Customer with any reasonable request in its compliance with Data Protection Laws on Personal Data Breaches.
7.3 Further assistance. To the extent that the Personal Data Breach is not caused by a violation by KYOCERA or its Sub-Processors of the requirements of these Data Processing Terms, the Agreement or applicable Data Protection Laws, KYOCERA shall provide all reasonable assistance, taking into account the nature of the Personal Data Breach and the risk of varying likelihood and severity for the rights and freedoms of natural persons involved, to Customer in Customer’s handling of the Personal Data Breach. Customer shall be responsible for any costs arising from KYOCERA’s provision of such assistance.
KYOCERA shall provide reasonable assistance to Customer with any data protection impact assessments, and prior consultations with Supervisory authorities, which Customer reasonably considers to be required of KYOCERA by Article 35 or 36 of the GDPR or equivalent provisions of any other Data Protection Law, in each case solely in relation to Processing of Personal Data by, and taking into account the nature of the Processing and information available to, KYOCERA.
9.1 Applicability. Where KYOCERA transfers personal data to Sub-Processors located outside the EU and where such transfers are not based on an adequacy decision pursuant to Article 45 GDPR, KYOCERA has ensured the conclusion Standard Contractual Clauses and, where necessary, supplementary measures to ensure an adequate level of data protection. Where the Sub-Processor that is subject to Standard Contractual Clauses has engaged other Sub-Processors, the Sub-Processor as indicated in the Standard Contractual Clauses has concluded Standard Contractual Clauses with such Sub-Processors where required. A copy of the applicable Standard Contractual Clauses may be retrieved using the contact details stated in Annex 2.
9.2 Conflict. In the event of any conflict or inconsistency between these Data Processing Terms and the Standard Contractual Clauses, the Standard Contractual Clauses shall prevail.
At the choice of Customer, KYOCERA shall delete or return the Personal Data to Customer after the provisioning of Services under the Agreement related to the Processing of Personal Data has ended.
Each Party and its Affiliates’ liability arising out of or related to these Data Processing Terms whether in contract, tort or under any other theory of liability, is subject to the liability limitations as agreed in the Agreement.
Except as amended by these Data Processing Terms, the Agreement remains in full force and effect. If there is a conflict between the Agreement and these Data Processing Terms, the terms and conditions of these Data Processing Terms shall prevail.
Annex 1 includes certain details of the Processing of Personal Data as required by Article 28(3) GDPR.
Subject Matter of the Processing:
The subject matter and duration of the Processing of the Personal Data
are set out in the Agreement and this Data Processing Agreement.
Nature and Purpose of the Processing:
KYOCERA processes Personal Data in the course of providing KCIM. The provision of KCIM includes that KYOCERA is hosting Customer’s Personal in the cloud. Further, in case Customer issues a support request, KYOCERA may have remote access to Customer’s Personal Data when providing requested support services.
Types of Personal Data to be Processed:
Category of Affected Data Subjects:
Annex 2: KYOCERA Document Solutions Europe B.V. Sales Companies
If KYOCERA Document Solutions is not located in the country where Customer is located, then these Data Processing Terms apply to KYOCERA Document Solutions Europe B.V.
KYOCERA Document Solutions Europe B.V.
Attn.: Data Protection Officer
2132 NP Hoofddorp
1) KYOCERA Document Solutions Belgium N.V., Sint-Martinusweg 199-201, 1930 Zaventem, Belgium, e: firstname.lastname@example.org
2) KYOCERA Document Solutions Danmark A/S, Ejby Industrivej 60, 2600 Glostrup, Danmark, e: email@example.com
3) KYOCERA Document Solutions Finland Oy, Atomitie 5, 00370 Helsinki, Finland, e: firstname.lastname@example.org
4) KYOCERA Document Solutions France S.A.S., Espace Technologique de Saint Aubin, Route de l’Orme, 91195 Gif sur Yvette Cedex, France, e: email@example.com
5) KYOCERA Document Solutions Deutschland GmbH, Otto-Hahn-Str. 12, 40670 Meerbusch, Germany, e: firstname.lastname@example.org
6) AKI GmbH, Berliner Pl. 9, 97080 Würzburg, Germany, e: email@example.com
7) KYOCERA Document Solutions Austria GmbH, Wienerbergstr. 11, Tower A/18th floor, 1100 Vienna, Austria, e: firstname.lastname@example.org
8) KYOCERA Document Solutions Italia S.p.A., Via Monfalcone, 15, 20132 Milano (MI), Italy, e: email@example.com
9) KYOCERA Document Solutions Nederland B.V., Beechavenue 25, 1119 RA Schiphol-Rijk, The Netherlands, e: firstname.lastname@example.org
10) KYOCERA Document Solutions Portugal Lda., Rua do Centro Cultural, 41 (Alvalade), 1700-106 Lisboa, Portugal, e: email@example.com
11) KYOCERA Document Solutions Russia L.L.C., Building 2, 51/4, Schepkina St., 129110 Moscow, Russian Federation, e: firstname.lastname@example.org
12) KYOCERA Document Solutions South Africa Holdings (Pty) Ltd., KYOCERA House, Hertford Office Park, 90 Bekker Road CNR, Allandale, Vorna Valley, 1682, Midrand, South
Africa, e: email@example.com
13) KYOCERA Document Solutions South Africa (Pty) Ltd., KYOCERA House, Hertford Office Park, 90 Bekker Road CNR, Allandale, Vorna Valley, 1682, Midrand, South Africa, e: firstname.lastname@example.org
14) KYOCERA Document Solutions España S.A., Edificio Kyocera, Avda. de Manacor No.2, 28290 Las Matas (Madrid), Spain, e: email@example.com
15) KYOCERA Document Solutions Nordic AB, Esbogatan 16B, 164 75 Kista, Sweden, e: firstname.lastname@example.org
16) KYOCERA Document Solutions Europe B.V. - Swiss Branch Office, Hohlstrasse 614, 8048 CH Zürich, Switzerland, e: email@example.com
17) KYOCERA Document Solutions (U.K.) Ltd., Eldon Court, 75-77 London Road, Reading, Berkshire RG1 5BS, United Kingdom, e: firstname.lastname@example.org
18) Midshire Communications Limited, Eldon Court, 75-77 London Road, Reading, Berkshire, England, RG1 5BS, e: email@example.com
19) KYOCERA Bilgitaş Turkey Doküman Çözümleri A.Şeldon , Gülbahar Mah. Otello Kamil Sok. No:6 34394 ŞİŞLİ, Istanbul, Turkey, e: firstname.lastname@example.org
20) Annodata Ltd., The Maylands Building, Maylands Avenue, Hemel Hempstead Industrial Estate, Hemel Hempstead, Hertfordshire HP2 7TG, e: email@example.com
21) ALOS Handels GmbH, Dieselstraße 17, 50859 Köln, Germany, e: firstname.lastname@example.org
22) ALOS Solution AG, Bachstrasse 29, 8912 Obfelden, Switzerland, e: email@example.com
23) Kyocera Document Solutions Czech , s.r.o., Harfa Office Park Českomoravská 2420/15, 9, 190 00, Prague, Czech Republic, e: firstname.lastname@example.org
24) Kyocera Document Solutions Czech – Slovak Branch Office, Rybnicna 40, Bratislava 831 06, Slovakia, e: email@example.com
25) Kyocera Document Solutions Middle East, Office 157, Building 17 behind Gloria Hotel,
P.O. Box 500817, Dubai, UAE, e: firstname.lastname@example.org