By entering into the Client Agreement (as defined below),Client acknowledges it has accepted and signed the Client Agreement, the Data Processing Agreement, and the additional documents which are incorporated therein by reference (collectively, the “Agreement”), and is legally bound thereby.
NTT subsidiaries are intended third-party beneficiaries of this section.
Categories of data subjects whose personal data is transferred
Data subjects include the data exporter’s
-users including employees, contractors, and Clients. NTT acknowledges that, depending on Client’s use of the Services, the data importer may process the personal data of any of the following types of data subjects:
Categories of personal data transferred
NTT acknowledges that, depending on Client’s use of the Services, the data importer may process the following types of Personal Data:
Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialised training), keeping a record of access to the data, restrictions for onward transfers or additional security measures.
No Sensitive Personal Data transferred. The data exporter shall not disclose (and shall not permit any individual to disclose) any Sensitive Personal Data to the data importer for processing.
The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis).
Personal data may be transferred on a continuous basis in order to provide the Services under the existing Client Agreement
Nature of the processing
The nature of processing personal data is for data importer to provide the Services under the existing Client Agreement.
Purpose(s) of the data transfer and further processing
The data importer will Process Personal Data, as necessary to perform the Services pursuant to the Client Agreement to the extent determined and controlled by the You in Your sole discretion. Further, We will also Process and enrich the Personal Data in the data importer’s systems to (i) improve, enhance, support and operate the Services and its availability; (ii) develop new products and services; (iii) compile statistical reports and insights into usage patterns.
The data importer may further transfer Personal Data to third-party service providers that host and maintain the data importer’s applications, backup, storage, payment processing, analytics and other services as specified in the section on sub-processors below. These third-party service providers may have access to or Process Personal Data for the purpose of providing these services to NTT.
The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period
See clause 14 of the DPA
For transfers to (sub-) processors, also specify subject matter, nature and duration of the processing
In accordance with the DPA, the data importer may engage sub-processors to provide some or all of the Services on data importer’s behalf or use any of current or future subsidiaries of NTT for the duration of the Client Agreement. Any such sub-processors will be permitted to obtain personal data only to provide some or all of the Services the data importer has engaged them to provide, and they are prohibited from using personal data for any other purpose.
A list of sub-processors engaged by NTT is available at [ link - sub-processors ].
Attachment B Technical and Organizational Measures
NTT maintains Technical and Organizational Measures (‘TOMs’) to ensure it processes and protects Personal Data in a responsible way, considering the types of Personal Data that NTT processes, industrystandards, the interests and rights of NTT’s employees, clients and communities, and the reasonable cost of implementation in accordance with clause 9 of the DPA and/or, as applicable, incorporated in the applicable SCCs and/or applicable Data Protection Laws. The TOMs maintained by NTT as referenced in this B are described at [ link – security (TOMs) ].