I. SERVICES PERSONAL INFORMATION DATA PROCESSING TERMS

Abilists treats all Services Personal Information in accordance with the terms of Sections I and III of this Policy and Your order for Services.

In the event of any conflict between the terms of this Services Privacy Policy and any privacy terms incorporated into Your order for Services, including an Abilists Data Processing Agreement, the relevant privacy terms of Your order for Services shall take precedence.

1. Performance of the Services

Abilists may process Services Personal Information for the processing activities necessary to perform the Services, including for testing and applying new product or system versions, patches, updates and upgrades, and resolving bugs and other issues You have reported to Abilists.

2. Customer instructions

You are the controller of the Services Personal Information processed by Abilists to perform the Services. Abilists will process your Services Personal Information as specified in Your Services order and Your documented additional written instructions to the extent necessary for Abilists to (i) comply with its processor obligations under applicable data protection law or (ii) assist You to comply with Your controller obligations under applicable data protection law relevant to Your use of the Services. Abilists will promptly inform You if, in our reasonable opinion, Your instruction infringes applicable data protection law. Additional fees may apply.

3. Rights of individuals

You control access to Your Services Personal Information by Your end users, and Your end users should direct any requests related to their Services Personal Information to You. To the extent such access is not available to You, Abilists will provide reasonable assistance with requests from individuals to access, delete or erase, restrict, rectify, receive and transmit, block access to or object to processing of Services Personal Information on Abilists systems(API).

4. Security and confidentiality

Abilists has implemented and will maintain technical and organizational measures designed to prevent accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Services Personal Information. These measures, which are generally aligned with the ISO/IEC 27001:2013 standard, govern all areas of security applicable to the Services, including physical access, system access, data access, transmission, input, security oversight, and enforcement.

Abilists employees are required to maintain the confidentiality of personal information. Employees' obligations include written confidentiality agreements, regular training on information protection, and compliance with company policies concerning protection of confidential information.

Including regarding data retention and deletion, available for review.

5. Incident Management and data breach notification.

Abilists promptly evaluates and responds to incidents that create suspicion of or indicate unauthorized access to or handling of Services Personal Information.

If Abilists becomes aware and determines that an incident involving Services Personal Information qualifies as a breach of security leading to the misappropriation or accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Services Personal Information transmitted, stored or otherwise processed on Abilists systems(API) that compromises the security, confidentiality or integrity of such Services Personal Information, Abilists will report such breach to You without undue delay.

As information regarding the breach is collected or otherwise reasonably becomes available to Abilists and to the extent permitted by law, Abilists will provide You with additional relevant information concerning the breach reasonably known or available to Abilists.

6. Subprocessors

To the extent Abilists engages third party subprocessors to have access to Services Personal Information in order to assist in the provision of Services, such subprocessors shall be subject to the same level of data protection and security as Abilists under the terms of Your order for Services. Abilists is responsible for its subprocessors’ compliance with the terms of Your order for Services.

Abilists maintains lists of Abilists Affiliates and subprocessors that may process Services Personal Information. Additional information is available to You via Abilists Help (http://www.abilists.com/home/help)

7. Cross-border data transfers

Abilists may transfer, access and store Services Personal Data globally as necessary to perform the Services.

To the extent such global access involves a transfer of Services Personal Information originating from the European Economic Area and the United Kingdom (“EEA”) and/or Switzerland to Abilists affiliates or third party subprocessors located in countries outside the EEA or Switzerland that have not received a binding adequacy decision by the European Commission or by a competent national EEA data protection authority, such transfers are subject to binding and appropriate transfer mechanisms that provide an adequate level of protection in compliance with applicable data protection law, such as EU Model Clauses.

8. Deletion or return of Services Personal Information

Except as otherwise specified in an order for services or required by law, upon termination of services or at your request, Abilists will delete your production customer data located on Abilists computers in a manner designed to ensure that they cannot reasonably be accessed or read, unless there is a legal obligation imposed on Abilists preventing it from deleting all or part of the data. You may consult with your Abilists services contact for additional information on data deletion prior to service completion.

II. SYSTEMS OPERATIONS DATA PROCESSING TERMS

1. Responsibility and purposes for processing personal information

Abilists Corporation and its affiliated entities are responsible for processing personal information that may be incidentally contained in Systems Operations Data in accordance with Sections II and III of this Policy. Please select a region and country to view the registered address and contact details of the Abilists entity or entities located in each country.

We may collect or generate Systems Operations Data for the following purposes:


For personal information contained in Systems Operations Data collected in the EU, our legal basis for processing such information is our legitimate interest in performing, maintaining and securing our products and services and operating our business in an efficient and appropriate manner. Personal information may also be processed based on our legal obligations or legitimate interest to comply with such legal obligations.

2. Sharing personal information

Personal information contained in Systems Operations Data may be shared throughout Abilists's global organization. A list of Abilists entities is available as indicated above.

We may also share such personal information with the following third parties:


When third parties are given access to personal information contained in Systems Operations Data, we will take the appropriate contractual, technical and organisational measures to ensure, for example, that personal information is only processed to the extent that such processing is necessary, consistent with this Privacy Policy and in accordance with applicable law.

3. Cross-border data transfers

If personal information contained in Systems Operations Data is transferred to an Abilists recipient in a country that does not provide an adequate level of protection for personal information, Abilists will take measures designed to adequately protect information about Users, such as ensuring that such transfers are subject to the terms of the EU Model Clauses.

4. Security

Abilists has implemented appropriate technical, physical and organisational measures in accordance with the Abilists Corporate Security Practices designed to protect personal information against accidental or unlawful destruction or accidental loss, damage, alteration, unauthorised disclosure or access as well as all other forms of unlawful processing (including, but not limited to, unnecessary collection) or further processing.

5. User choices

To the extent provided under applicable laws, Users may request to access, correct, update or delete personal information contained in Systems Operations Data in certain cases, or otherwise exercise their choices with regard to their personal information by filling out an inquiry form.

III. COMMUNICATIONS AND NOTIFICATIONS TO CUSTOMERS AND USERS

1. Legal requirements.

Abilists may be required to provide access to Services Personal Information and to personal information contained in Systems Operations Data as required by law, such as to comply with a subpoena or other legal process, when we believe in good faith that disclosure is necessary to protect our rights, protect Your or a User’s safety or the safety of others, investigate fraud, or respond to government requests, including public and government authorities outside Your or a User’s country of residence, for national security and/or law enforcement purposes.

Abilists will promptly inform You of requests to provide access to Services Personal Information, unless otherwise required by law.

2. Global Data Protection Officer

Abilists has appointed a Data Protection Officer. If You or a User believe that personal information has been used in a way that is not consistent with this Privacy Policy, or if You or a User have further questions, comments or suggestions related to Abilists’s handling of Services Personal Information or personal information contained in Systems Operations Data, please contact the Data Protection Officer by filling out an inquiry form.

Written inquiries to the Data Protection Officer may be addressed to:

3. Dispute resolution or filing a complaint

If You or a User have any complaints regarding our compliance with our privacy and security practices, please contact us first. We will investigate and attempt to resolve any complaints and disputes regarding our privacy practices.

Users that have an unresolved privacy or data use concern that we have not addressed satisfactorily, can contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

Under certain conditions, specified on the Privacy Shield website, Users may invoke binding arbitration when other dispute resolution procedures have been exhausted. Users also have the right to file a complaint with a competent data protection authority if they are a resident of a European Union member state.

4. Changes to this Services Privacy Policy

This Privacy Policy was last updated on March 7, 2019. However, the Services Privacy Policy can change over time, for example to comply with legal requirements or to meet changing business needs. The most up-to-date version can be found on this website. In cases of material changes, we will also inform you in another appropriate way (for example via a pop-up notice or statement of changes on our website) prior to the changes becoming effective.