Appendix A.1 – Information about the processing
Download as PDF
A.1.1. The purpose of the data processor's processing of personal data on behalf of the data controller
A.1.1.7 Security services
The purpose of the processing is the provision of security services to the data controller. The delivery includes e.g. managed or unmanaged Security Information and Event Management (SIEM), penetration testing or incident management after a security breach.
A.1.2 The data processor's processing of personal data on behalf of the data controller shall mainly pertain to (the nature of the processing)
A.1.2.7 Security services
The data processor carries out monitoring, setup, reporting, penetration testing, incident management after security breach, which are further specified in the Service Agreement concluded between the parties.
A.1.3. The processing includes the following types of personal data about data subjects
The nature of the processing activities provided by the Data Processor to the Data Controller does not make it possible to specify exactly which types of personal data are involved in the processing.
Unless the Data Controller specifies the exact types of personal data below, it is therefore agreed that the Data Processor shall process the types of personal data that the Data Controller stores in the systems and services provided by the Data Processor.
Types of personal data specified below:
A.1.4. The processing includes the following categories of data subjects
The nature of the processing activities provided by the Data Processor to the Data Controller does not make it possible to specify exactly which categories of data subjects are involved in the processing.
Unless the Data Controller specifies the exact categories of data subjects below, it is therefore agreed that the Data Processor shall process the categories of data subjects that the Data Controller processes in the systems and services provided by the Data Processor.
Categories of data subjects specified below: