Data Protection Agreement Azure

2.1 Data transfer control (no unauthorized reading, copying, editing or deletion of data during electronic transfer or transport): the personal data of the main service is protected from unauthorized copying on data media. No data can be accessed outside the main service, except for staff who have received registration information assigned to staff by the data protection delegate. Access to data outside the Microsoft Azure environment is limited by the combination of BLOCKing IP addresses and employee notification information. Access to the IP address is controlled exclusively by the data protection controller and the IP address is only recorded for FastTrack Software mergers. Access to production data is used exclusively for customer support. Microsoft extends the RGPD terms to all generally available enterprise software customers, which are licensed by us or our affiliates in accordance with Microsoft`s licensing conditions and will apply from May 25, 2018, regardless of the corresponding version of enterprise software, provided that Microsoft is a processor or subprocesser of personal data associated with that software and that Microsoft continues to offer or support it. You can find support details in the Microsoft Lifecyle Directive under 2.1 This agreement and related instructions include all types of personal data described in Schedule 1 of the agreement. 1.3 Internal Access Control (authorizations for users` rights to access and modify data; No unauthorized reading, copying, editing or deletion of data in the system: all staff access to devices in facilities is required by Active Directory accounts. Passwords are changed in strength for all employees every 30 days. Accounts are controlled exclusively by the data protection delegate and working with other people`s access data is strictly prohibited. Accounts are granted strictly on the basis of “know to know.” No employee has access to more data than the job description warrants. 1.4.2 Inventory data: current user`s email address, phone number, current account name 1.4 Isolation Control ( Isolated processing of data collected for various purposes): there is no data collected in the Microsoft Azure production environment, with the exception of external backup.

5.3 The person in charge of the processing is immediately informed of all inspections and measures carried out by the supervisory authority, as they relate to this agreement. The same is true where the data processor is investigated or participates in an investigation by a competent authority for civil or criminal law offences, administrative provisions or regulations relating to the processing of personal data related to the processing of this agreement. 13.1 Copies or duplicates of the data should never be produced without the knowledge of the processing manager, with the exception of backup copies, as long as they are necessary to ensure the proper processing of the data, as well as the data necessary to meet the legal data retention requirements. 2.2 Personal data processed in accordance with this agreement is processed at any time by the data processor or subcontractors in accordance with the EU General Data Protection Regulation described in Sections 3 and 4.