Yonda Data Processing Terms

Explore Yonda's data processing terms, outlining our GDPR and CCPA-compliant approach to handling personal data on behalf of clients. Learn about roles, responsibilities, and security measures.

1. Introduction and scope

This document sets forth the terms and conditions under which Yonda ("Processor") processes Personal Data on behalf of its clients ("Controller") pursuant to the services provided under the primary Agreement (the "Agreement"). These terms incorporate and supplement the requirements of all applicable data protection laws, including, where relevant, the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and similar regulatory frameworks.

2. Roles and Responsibilities

  • Controller: The client is the Controller and determines the purposes and means of the processing of Personal Data.
  • Processor: Yonda is the Processor and processes Personal Data only on behalf of the Controller and strictly in accordance with the documented instructions provided by the Controller, including the provisions of the Agreement and these terms.

3. Details of Processing

Category Description
Subject Matter/Scope The provision of the services defined in the Agreement.
Duration of Processing For the duration of the Agreement, unless otherwise instructed by the Controller.
Purpose of Processing To fulfil Yonda's obligations under the Agreement, including providing, maintaining, and enhancing the contracted services.
Categories of Data Subjects The Controller's end-users, customers, employees, and any other individuals whose Personal Data is provided to Yonda.
Categories of Personal Data Data may include, but is not limited to: identification data (names, contact info), financial data, service usage data, and other data necessary for the service provision.

4. Yonda's Obligations as Processor

Yonda warrants and agrees to:

4.1. Instruction Compliance

Process the Personal Data only on the documented instructions of the Controller, including with regard to transfers of Personal Data to a third country or an international organization, unless required to do so by applicable law.

4.2. Confidentiality

Ensure that persons authorized to process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

4.3. Security Measures

Implement and maintain appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including, but not limited to, measures to:

  • Protect against unauthorized or unlawful processing and against accidental loss, destruction, or damage.
  • Ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services.
  • Restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident.

4.4. Sub-Processing

Yonda shall not engage another sub-processor without prior specific or general written authorization of the Controller. Where Yonda engages a sub-processor, the contract with that sub-processor shall impose the same data protection obligations as set out in these terms.

4.5. Data Subject Requests

Promptly notify the Controller if it receives a request from a Data Subject exercising their rights (e.g., access, rectification, erasure). Yonda shall not respond to any such request unless explicitly authorized to do so by the Controller.

4.6. Assistance

Take into account the nature of the processing and the information available to Yonda, and assist the Controller in ensuring compliance with the Controller's obligations regarding:

  • Data Subject rights requests.
  • Security of processing.
  • Data protection impact assessments (DPIAs) and prior consultation with supervisory authorities.

4.7. Personal Data Breach

Notify the Controller without undue delay upon becoming aware of a Personal Data Breach affecting the Controller's data. Yonda will cooperate with the Controller to mitigate and remediate the breach.

4.8. Data Return and Deletion

Upon termination or expiry of the Agreement, Yonda shall, at the choice of the Controller, return or delete all Personal Data, and delete existing copies unless applicable law requires storage of the Personal Data.

We value your privacy
We use cookies to enhance your browsing experience, serve personalized ads or content, analyze our traffic. By clicking "Accept All", you consent to our use of cookies. Cookie policy
Manage cookie preferences
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.