Roomchecking Data Processing Agreement
THIS DATA PROCESSING AGREEMENT, including the selected modules of the Model Clauses and Annexes (“DPA”) forms part of and is subject to the Roomchecking Terms of Service or other written or electronic agreement (“Main Agreement”) between Customer and Roomchecking, Inc. (Roomchecking,” “we,” “us,” “our”). Customer and Roomchecking may be referred to herein as a “party” and together as the “parties.”
In the course of providing the Services to Customer under the Main Agreement, Roomchecking may process Customer Personal Data (defined below) on behalf of Customer and the parties agree to comply with the following provisions with respect to any processing of Customer Personal Data by Roomchecking. This DPA shall not replace any comparable or additional rights relating to processing of Customer Personal Data contained in the Main Agreement.
Annex 1 - Details of Processing
Annex 2 - Security Measures
Annex 3 - List of Sub-Processors
Annex 4 -UK Addendum
“Affiliate” means an entity that directly or indirectly Controls, is Controlled by or is under common Control with an entity.
“Business Purpose” has the meaning attributed to French Law.
“Customer Personal Data” means any Customer Content that: (i) relates to an identified or identifiable natural person; or (ii) that is otherwise protected as “personal data” or “personal information” (as such terms are defined in applicable Data Protection Laws), that Roomchecking processes on behalf of Customer in the course of providing the Service.
“Control” means an ownership, voting or similar interest representing fifty percent (50%) or more of the total interests (as measured on a fully-diluted basis) then outstanding of the entity in question. The term “Controlled” will be construed accordingly.
“Data Protection Laws” means all data protection and privacy laws regulations applicable to a party and its processing of Personal Data under the Main Agreement, including, where applicable, GDPR (or in respect of the United Kingdom, any applicable national legislation that replaces or converts in domestic law the GDPR or any other law relating to data protection and privacy as a consequence of the United Kingdom leaving the European Union), implementations of the GDPR into national law, and the CCPA; in each case, as may be amended, superseded or replaced.
“EEA” means for the purposes of this DPA the European Economic Area, United Kingdom and Switzerland.
“GDPR” means Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data (General Data Protection Regulation).
“Model Clauses” means the selected and applicable modules, attached as Exhibit 1 to this DPA, from the Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council C/2021/3972).
“Security Incident” means any unauthorized or unlawful breach of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to Customer Personal Data, stored or otherwise processed by Roomchecking in connection with the provision of the Service. “Security Incident” shall not include unsuccessful attempts or activities that do not compromise the security of Customer Personal Data, including unsuccessful login attempts, pings, port scans, denial of services attacks, and other network attacks on firewalls or networked systems.
“Subprocessor” means any Processor having access to Customer Personal Data and engaged by Roomchecking to assist in fulfilling its obligations with respect to providing the Service pursuant to the Main Agreement or this DPA. Subprocessors may include third parties or Roomchecking Affiliates but shall exclude any employee, consultant or independent contractor of Roomchecking provided such individual is performing services in a capacity equivalent to those performed by employees.
“Controller”, “processor”, “processing” and “personal data” shall have the meanings given to them in Data Protection Laws or if not defined therein, the GDPR.
Roles and Scope of Processing
Processing Description. The type of personal data processed pursuant to this DPA and the subject matter, duration, nature and purpose of the processing, and the categories of data subjects, are as described in Annex 1 to the Model Clauses, in Exhibit 1 of this DPA.
Data Processing Roles. In respect of the parties’ rights and obligations under this DPA regarding the Customer Personal Data, the parties acknowledge and agree that Customer is the controller (where applicable Data Protection Laws recognizes such concept) and, with respect to the CCPA, a “business” as defined therein, and Roomchecking is the processor (where applicable Data Protection Laws recognizes such concept) and, with respect to the CCPA, a “service provider” as defined therein.
Compliance with Laws. Roomchecking shall process Customer Personal Data in accordance with this DPA and Data Protection Laws applicable to its role under this DPA. For the avoidance of doubt, Roomchecking is not responsible for complying with Data Protection Laws uniquely applicable to Customer by virtue of its business or industry, such as those generally applicable to online service providers.
Processing Instructions. Roomchecking shall process Customer Personal Data in accordance with Customer’s written lawful instructions and only for the following purposes: (i) processing to provide the Services in accordance with the Main Agreement; (ii) processing to perform any steps necessary for the performance of the Main Agreement; (iii) processing initiated by Authorized Users in their use of the Service; and (iv) processing to comply with other reasonable instructions provided by Customer (e.g. via email or support tickets) that are consistent with the terms of the Main Agreement and this DPA (individually and collectively, the “Permitted Purpose”). The parties agree that the Main Agreement (including this DPA) sets out Customer’s complete and final instructions to Roomchecking in relation to the processing of Customer Personal Data and processing outside the scope of these instructions (if any) shall require prior written agreement between Customer and Roomchecking.
Customer Responsibilities. Customer, as a controller or as a business, is responsible for: (i) the accuracy, quality, and legality of the Customer Personal Data, (ii) the means by which Customer acquired such Customer Personal Data; and (iii) the instructions it provides to Roomchecking regarding the processing of such Customer Personal Data. Customer shall ensure (i) that it has provided notice and obtained (or will obtain) all consents and rights necessary for Roomchecking to process Customer Personal Data pursuant to the Main Agreement and this DPA, (ii) its instructions are lawful and that the processing of Customer Personal Data in accordance with such instructions will not violate applicable Data Protection Laws, and (iii) where the CCPA applies, that the Customer Personal Data is provided to Roomchecking in order to perform the Service for a valid “Business Purpose” (as defined in CCPA) only.
Notification of New Subprocessors.
Roomchecking’s authorized Subprocessors are listed in to this Data Processing Agreement. Roomchecking shall provide Customer at least ten (10 days) written notice prior to authorizing any new Subprocessor to process Customer Personal Data.
Subprocessor Obligations. Roomchecking will enter into a written agreement with each Subprocessor imposing data protection obligations no less protective of Customer Personal Data as this DPA or the Data Protection Laws to the extent applicable to the nature of the services provided by such Subprocessor. Where a Subprocessor fails to fulfil its data protection obligations, Roomchecking shall remain fully liable to Customer for the performance of that Subprocessor’s data protection obligations.
Subprocessor Objection Right. If Customer objects on reasonable grounds relating to data protection to Roomchecking’s use of a new Subprocessor, then Customer shall promptly, and within ten (10) days following Roomchecking’s notification pursuant to Section 3.1 above, provide written notice of such objection to Roomchecking. In such event, the parties will discuss such concerns in good faith with a view to achieving resolution. If the parties cannot agree to a mutually acceptable resolution, Customer shall as its sole and exclusive remedy have the right to terminate the relevant affected portion(s) of the Service without liability to either party (but without prejudice to any fees incurred by Customer prior to suspension or termination). Upon termination by Customer pursuant to this Section, Roomchecking shall refund Customer any prepaid fees for the terminated portion(s) of the Service that were provided after the effective date of the termination.
Security Measures and Security Incident Response
Security Measures. Roomchecking has implemented and will maintain appropriate technical, and organizational security measures intended to protect Customer Personal Data from Security Incidents and to preserve the security and confidentiality of the Customer Personal Data in accordance with the security measures described in Annex 2 (“Security Measures”). Customer acknowledges that the Security Measures are subject to technical progress and development and that Roomchecking may update or modify the Security Measures from time to time, provided that such updates and modifications do not result in the degradation of the overall security of the Service provided to Customer.
Personnel. Roomchecking restricts its personnel from processing Customer Personal Data without authorization by Roomchecking as set forth in the Security Measures and shall ensure that any person who is authorized by Roomchecking to process Customer Personal Data is under an appropriate obligation of confidentiality.
Customer agrees that except as provided by this DPA, Customer is responsible for its secure use of the Service, including securing its account authentication credentials, protecting the security of Customer Personal Data transmitted via the systems it administers and maintains (i.e. email encryption), and taking any appropriate steps to securely encrypt or back up any Customer Personal Data uploaded to the Service.
Security Incident Response.
Upon becoming aware of a Security Incident, Roomchecking will notify Customer without undue delay and, in any case within seventy-two (72) hours after becoming aware. Roomchecking will provide information relating to the Security Incident to Customer promptly as it becomes known or as is reasonably requested by Customer to fulfil Customer’s obligations as controller. Roomchecking will also take appropriate and reasonable steps to contain, investigate, and mitigate any Security Incident.
Audit and Records.
Audit Rights. Roomchecking shall make available to Customer all information in Roomchecking’s possession or control and provide all assistance in connection with audits of Roomchecking’s premises, systems, and documentation as Customer may reasonably request to enable Customer to assess Roomchecking’s compliance with this DPA. Customer acknowledges and agrees that it shall exercise its audit rights under this DPA (including this Section 5 and where applicable, the Model Clauses) by instructing Roomchecking to comply with the audit measures described in the Security Measures and Section 5.2 below.
Where required under any applicable Data Protection Laws or where a data protection authority requires under applicable Data Protection Laws, Customer may, on giving at least thirty (30 days) prior written notice, request that Customer’s personnel or a third party (at Customer’s expense) conduct an audit of Roomchecking’s facilities, equipment, documents and electronic data relating to the processing of Customer Personal Data under the Main Agreement to the extent necessary to inspect and/or audit Roomchecking’s compliance with this DPA, provided that: (i) Customer shall not exercise this right more than once per calendar year; (ii) such additional audit enquiries shall not unreasonably impact in an adverse manner Roomchecking’s regular operations and do not prove to be incompatible with applicable Data Protection Laws or with the instructions of the relevant data protection authority; and (iii) before the commencement of such additional audit, the parties shall mutually agree upon the scope, timing, and duration of the audit, and (iv) at all times during the scope of the audit, Customer and any appointed third party will comply with Roomchecking’s policies, procedures, and reasonable instructions governing access to its systems and facilities, including limiting or prohibiting access to information that is confidential information. Without prejudice to the foregoing, Roomchecking will provide all assistance reasonably requested by Customer to accommodate Customer’s request.
Customer acknowledges and agrees that Roomchecking may transfer and process Customer Personal Data to and in the United States and other locations in which Roomchecking, its Affiliates, or its Subprocessors maintain data processing operations as more particularly described in the Subprocessor Site (defined above). Roomchecking shall ensure that such transfers are made in compliance with Data Protection Law and this DPA.
Return or Deletion of Data.
Promptly upon Customer’s request, or within one hundred eighty (180) days after the termination or expiration of the Main Agreement, Roomchecking shall delete or return Customer Personal Data in its possession or control. This requirement shall not apply to the extent Roomchecking is required by applicable law to retain some or all of the Customer Personal Data, or to Customer Personal Data it has archived on back-up systems, which Customer Personal Data Roomchecking shall securely isolate and protect from any further processing, except to the extent required by such laws.
Data Subject Rights Requests. Roomchecking shall, taking into account the nature of the processing, reasonably assist Customer in responding to any requests from individuals or applicable data protection authorities relating to the processing of Customer Personal Data under the Main Agreement. In the event that any such request is made to Roomchecking directly, Roomchecking will not respond to such communication directly (except to direct the data subject to contact Customer) without Customer’s prior authorization, unless legally compelled to do so. If Roomchecking is required to respond to such a request, Roomchecking will promptly notify Customer and provide it with a copy of the request unless legally prohibited from doing so.
Requests by Law Enforcement. As a matter of general practice, Roomchecking does not voluntarily provide government agencies or authorities (including law enforcement) with access to Customer Personal Data. If a government agency or authority (including law enforcement) sends Roomchecking a compulsory demand for Customer Personal Data (for example, through a subpoena, court order, search warrant, or other valid legal process), Roomchecking will: (i) inform the government agency that Roomchecking is a processor or service provider (as applicable of the Customer Personal Data) and (ii) attempt to redirect the law enforcement agency to request that Customer Personal Data directly from Customer. As part of this effort, Roomchecking may provide Customer’s basic contact information to the law enforcement agency. If compelled to disclose Customer Personal Data to a law enforcement agency, Roomchecking will give Customer reasonable notice of the demand to allow Customer to seek a protective order or other appropriate remedy unless Roomchecking is legally prohibited from doing so or it has a reasonable and good-faith belief that urgent access is necessary to prevent an imminent risk of serious harm to any individual, public safety, or Roomchecking’s property, product, or services. Roomchecking shall not provide access to the Customer Personal Data until the earlier of: (a) Customer provides authorization to Roomchecking; (b) Roomchecking is informed or affirmatively learns that a protective order or other appropriate remedy is being sought or has been issued; or (c) thirty (30) days have elapsed since notice of the compulsory request to Customer and Customer has not responded.
Data Protection Impact Assessments (DPIAs). To the extent required under Data Protection Laws applicable to the EEA, Roomchecking will provide requested information regarding the Service necessary to enable Customer to carry out data protection impact assessments and prior consultations with data protection authorities.
Scope. The terms in this Section 9 apply only if and to the extent Customer is established in the EEA or the Customer Personal Data is otherwise subject to Data Protection Laws applicable to the EEA.
Processing Instructions. Without prejudice to Section 2.4 (Customer Responsibilities), Roomchecking shall notify Customer in writing, unless prohibited from doing so under Data Protection Laws, if it becomes aware or believes that any processing instructions from Customer violates applicable Data Protection Laws.
Transfer Mechanism. To the extent that Roomchecking is a recipient of and processes any Customer Personal Data that originated from the EEA in a country that does not provide an adequate level of protection under applicable Data Protection Laws, the parties agree that Roomchecking shall abide by and process such Customer Personal Data in compliance with the Model Clauses, which are incorporated into and form an integral part of this DPA. For the purposes of the Model Clauses, the parties agree that: (i) Roomchecking is a “data importer” and Customer is the “data exporter” (notwithstanding that Customer may be an entity located outside the EEA); and (ii) it is not the intention of either party to contradict or restrict any of the provisions set forth in the Model Clauses and, accordingly, if and to the extent the Model Clauses conflict with any provision of the Main Agreement (including this DPA) the Model Clauses shall prevail to the extent of such conflict.
Model Clauses. For purposes of the Model Clauses, (i) in Clause 7, the optional Roomcheckinging clause will apply; (ii) in Clause 9 of Module Two, Option 2 will apply and the time period for prior notice of Sub-processor changes is identified in Section 3.2 of this DPA; (iii) in Clause 11, the optional language will not apply; (iv) in Clause 17, Option 1 will apply, and the 2021 Controller-to-Processor Clauses will be Lattice DPA 5 governed by Irish law; (v) in Clause 18(b), disputes shall be resolved before the courts of Ireland; (vi) Annex I shall be deemed completed with the information set out in Annex 1 (Details of Processing) of this DPA; and (vii) Annex II shall be deemed completed with the information set out in Annex 2 (Security Measures) (as applicable) of this DPA; and Annex 3 (Subprocessors) shall be deemed completed with the information set out in Annex 3 of this DPA.
Alternative Data Transfer Arrangements. To the extent Roomchecking adopts an alternative data export mechanism (including any new version of or successor to the Model Clauses adopted pursuant to Data Protection Laws) for the transfer of personal data (“Alternative Transfer Mechanism”), the Alternative Transfer Mechanism shall automatically apply instead of any applicable transfer mechanism described in this DPA (but only to the extent such Alternative Transfer Mechanism complies with Data Protection Laws applicable to the EEA and extends to territories to which Customer Personal Data is transferred).
UK Data Transfers. Roomchecking shall process Customer Data originating in the UK in accordance with terms set forth in Annex 4 to this Agreement.
Customer is responsible for coordinating all communications with Roomchecking on behalf of its Affiliates with regard to this DPA. Customer represents that it is authorized to issue instructions as well as make and receive any communications in relation to this DPA on behalf of its Affiliates.
Customer Affiliates may enforce the terms of this DPA directly against Roomchecking, subject to the following provisions:
Customer will bring any legal action, suit, claim, or proceeding which the Affiliate would other have it if were a party to the Main Agreement (each an “Affiliate Claim”) directly against Roomchecking on behalf of such Affiliate, except where Data Protection Laws to which the relevant Affiliate is subject require that the Affiliate bring or be a party to such Affiliate Claim; and for the purpose of any Affiliate Claim brought directly against Roomchecking by Customer on behalf of such Affiliate in accordance with this Section, any losses suffered by the relevant Affiliate may be deemed to be losses suffered by Customer.
Limitation of Liability
In no event shall any party limit its liability with respect to any individual’s data protection rights under this DPA or otherwise.
Any claim or remedies Customer or its Affiliates may have against Roomchecking and its respective employees, agents, or Subprocessors arising under or in connection with this DPA including: (i) for breach of this DPA; (ii) as a result of fines (administrative, regulatory or otherwise) imposed upon Customer; (iii) under GDPR (or UK GDPR), including any claims relating to damages paid to a data subject; and (iv) breach of its obligations under the Model Clauses, will be subject to any limitation and exclusion of liability provisions (including any agreed aggregate financial cap) that apply under the Main Agreement.
For the avoidance of doubt, Roomchecking and its Affiliates’ total overall liability for all claims from Customer and its Affiliates arising out of or related to the Main Agreement and each DPA shall apply in the aggregate for all claims under the Main Agreement and this DPA together, including by Customer and its Affiliates.
Roomchecking is prohibited from:
selling Customer Personal Data;
retaining, using, or disclosing Customer Personal Data for any purposes other than the specific purposes of performing the Service or as otherwise permitted under Main Agreement and this DPA, including retaining, using, or disclosing Customer Personal Data for a commercial purpose other than providing the Service; or
retaining using or disclosing Customer Personal Data outside the direct business relationship between Roomchecking and Customer.
Roomchecking hereby certifies that it understands the restrictions set out in Section 12.1 and will comply with them.
As between Customer and Roomchecking, this DPA is incorporated into and subject to the terms of the Main Agreement and shall be effective and remain in force for the term of the Main Agreement or the duration of the Service. In the event of any conflict between the terms of this DPA and the terms of the Main Agreement, the terms of this DPA shall prevail so far as the subject matter concerns the processing of Customer Personal Data.
Each party acknowledges that the other party may disclose the Model Clauses, this DPA, and any privacy related provisions in the Main Agreement to any regulator or supervisory authority upon request.
Notwithstanding anything to the contrary in the Main Agreement and without prejudice to Section 2.3, Roomchecking may periodically make modifications to this DPA as may be required to comply with Data Protection Laws.
This DPA does not confer any third-party beneficiary rights, it is intended for the benefit of the parties hereto, respective permitted successors and assigns only, and is not for the benefit of, nor may any provision hereof be enforced by, any other person.
Other than as required by the Model Clauses, the dispute mechanisms, including those related to venue and jurisdiction, set forth in the Main Agreement govern any dispute pertaining to this DPA.
DETAILS OF PROCESSING
A. LIST OF PARTIES
Name: The entity listed as “Customer” in the applicable Order Form and/or Main Agreement
Address: The address listed on any applicable Order Form.
Contact person’s name, position and contact details: The point of contact listed on any applicable Order Form or the Main Agreement.
Activities relevant to the data transferred under these Clauses: Receive Roomchecking Services as specified in the Main Agreement and Order Form.
Signature and date: By signing the Main Agreement or any Applicable Order Form, Customer hereby agrees to be bound by this Data Processing Agreement.
Role (controller/processor): Controller.
Name: Roomchecking SaS
Address: 137 rue Dalayrac, 94120 Fontenay sous bois
Contact person’s name, position and contact details: Jonathan Weizman, CEO, email@example.com
Activities relevant to the data transferred under these Clauses: Provide Roomchecking Services to Customer as specified in the Main Agreement and applicable Order Form.
Signature and date: By signing the Main Agreement or any Applicable Order Form, Roomchecking hereby agrees to be bound by this Data Processing Agreement.
Role (controller/processor): Processor
B. DESCRIPTION OF TRANSFER
Categories of data subjects whose personal data is transferred
Roomchecking Customers and Employees of Roomchecking Customers.
Categories of personal data transferred
Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialised training), keeping a record of access to the data, restrictions for onward transfers or additional security measures.
The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis).
Nature of the processing
Software as a Service for collaborative online workspaces.
Purpose(s) of the data transfer and further processing
To provide the Roomchecking Software as a Service to Customers.
The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period
From the Effective Date of the Main Agreement until its termination.
For transfers to (sub-) processors, also specify subject matter, nature and duration of the processing
From the Effective Date of the Main Agreement until its termination.
C. COMPETENT SUPERVISORY AUTHORITY
Identify the competent supervisory authority/ies in accordance with Clause 13
The supervisory authority of one of the Member States in which the data subjects whose personal data is transferred under these Clauses in relation to the offering of goods or services to them, or whose behaviour is monitored, are located shall act as competent supervisory authority.
The technical and organizational measures implemented by Roomchecking (including any relevant certifications) to ensure an appropriate level of security taking into account the nature, scope, context and purposes of the processing, and the risks for the rights and freedoms of natural persons, are as follows:
Encryption of personal data
- Data at rest encrypted using AES-256 algorithm.
- Employee laptops are encrypted using full disk AES-256 encryption.
- HTTPS encryption on every web login interface, using industry standard algorithms and certificates.
- Secure transmission of credentials using by default TLS 1.2.
- Access to operational environments requires use of secure protocols such as HTTPS.
- Data that resides in Microsoft Azure (Azure) encrypted at rest as stated in Azure' documentation and whitepapers. In particular, Azure instances and volumes are encrypted using AES-256. Encryption keys via Azure Key Management Service (KMS) are IAM role protected, and protected by Azure-provided HSM certified under FIPS 140-2.
Measures for ensuring the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident
- Strong access controls based on the use of the 'Principle of Least Privilege'.
- Differentiated rights system based on security groups and access control lists.
- Employee is granted only amount of access necessary to perform job functions.
- Unique accounts and role-based access within operational and corporate environments.
- Access to systems restricted by security groups and access-control lists.
- Authorization requests are tracked, logged and audited on a regular basis.
- Removal of access for employee upon termination or change of employment.
- Enforcement of Multi-factor Authentication (MFA) for access to critical and production resources.
- Strong and complex passwords required. Initial passwords must be changed after the first login.
- Passwords are never stored in clear-text and are encrypted in transit and at rest.
- Account provisioning and de-provisioning processes.
- Automatic account locking.
- Segregation of responsibilities and duties to reduce opportunities for unauthorized or unintentional modification or misuse.
- Confidentiality requirements imposed on employees.
- Mandatory security trainings for employees, which covers data privacy and governance, data protection, confidentiality, social engineering, password policies, and overall security responsibilities inside and outside of Roomchecking.
- Non-disclosure agreements with third parties.
- Separation of networks based on trust levels.
Processes for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures in order to ensure the security of the processing
Event reports are enabled and available to customers in their Roomchecking instance. These reports can be periodically downloaded.
User activity including logins, configuration changes, deletions and updates are written automatically to audit logs in operational systems.
Certain activities on Roomchecking are not available directly to customers such as timestamps, IPs, login/logouts, and errors. These logs are available only to authorized employees, stored off-system, and available for security investigations.
All logs can be accessed only by authorized Roomchecking employees and access controls are in place to prevent unauthorized access.
Write access to logging data is strictly prohibited. Logging facilities and log information are protected against tampering and unauthorized access through use of access controls and security measures.
Network segmentation and interconnections protected by firewalls.
Annual penetration testing for all components of the Roomchecking SaaS, including web and mobile applications.
Measures for user identification and authorisation
Access to operational and production environments is protected by use of unique user accounts, strong passwords, use of Multi-Factor Authentication (MFA), role-based access, and least privilege principle.
Authorization requests and provisioning is logged, tracked and audited.
Customer-generated OAuth tokens, are stored in an encrypted state.
Keys required for decryption of those secrets are stored in a secure, managed repository that employs industry-leading hardware security models that meet or exceed applicable regulatory and compliance obligations.
Access keys used by production Roomchecking applications are accessible only to authorized personnel. They are rotated (changed) as required (e.g., pursuant to a security advisory or personnel departure) and at least yearly.
User activity in operational environments including access, modification or deletion of data is being logged.
Web Application Firewall (WAF), in addition to the network-based firewalls.
Measures for the protection of Data during transmission
HTTPS encryption for data in transit (using TLS 1.2 or greater).
Measures for the protection of Data during storage
Roomchecking customer instances are logically separated and attempts to access data outside allowed domain boundaries are prevented and logged. Measures are in place to ensure executable uploads, code, or unauthorized actors are not permitted to access unauthorized data - including one customer accessing files of another customer.
Endpoint security software
System inputs recorded via log files
Access Control Lists (ACL)
Multi-factor Authentication (MFA)
Measures for ensuring events logging
A central Security Information and Event Management (SIEM) system and other product tools monitor security or activities
Measures for ensuring system configuration, including default configuration
Roomchecking has in place a Change Management Policy.
Roomchecking monitors changes to in-scope systems to ensure that changes follow the process and to mitigate the risk of un-detected changes to production. Changes are tracked in our change platform.
Access Control Policy and Procedures
Measures for ensuring data minimisation
Detailed privacy assessments are performed related to implementation of new products/services and processing of personal data by third parties.
Data collection is limited to the purposes of processing (or the data that the customer chooses to provide).
Security measures are in place to provide only the minimum amount of access necessary to perform required functions.
Data retention time limits restricted and
An automatic deletion has been implemented to enforce data retention time limits (see below on Measures for ensuring limited data retention).
All deleted customer data follows a similar retention schedule of a recoverable delete between 0-90 days and a permanent delete within 91- 180 days.
Restrict access to personal data to the parties involved in the processing in accordance with the “need to know” principle and according to the function behind the creation of differentiated access profiles.
Measures for ensuring Data quality
Applications are designed to reduce/prevent duplication. Many application level checks are in place to ensure data integrity.
QA team that helps to ensure these items are working as designed and implemented before reaching our production environment.
Measures for ensuring limited data retention
After termination of all subscriptions associated with an environment, customer data submitted to the Services is retained in inactive status within the Services for 60 days, after which it is securely overwritten or deleted from production within90 days (up to a max of 180 days) and from backups within 180 days.
All deleted customer data follows a similar retention schedule of a recoverable delete between 0-90 days and a permanent delete within 91- 180 days.
Measures for ensuring accountability
Customer Privacy Assessments are required when introducing any new product/service that involves processing of personal data.
Data protection impact assessments are part of any new processing initiative.
Measures for allowing Data portability and ensuring erasure
Ability to export data to JSON format
Cloud hosting and data storage