Entrustment and Further Entrustment of Personal Data Processing
How many subcontractors does the processor use and to what extent?
Depending on the service provided, the list of processors may vary. Details are regulated by the personal data processing agreement.
The list is available in the Personal Data Processing section.
What is the subject, nature, and purpose of processing personal data?
The processing is carried out to provide the Service to the Client based on the Main Agreement and to fulfill Vercom's obligations arising from this Data Processing Agreement, particularly concerning data security, including ensuring their integrity and availability.
What categories of individuals does the agreement cover?
The processed personal data concerns the following categories of individuals: End Users - individuals who are recipients of electronic communications sent by the Client based on the Main Agreement.
What types of special categories of personal data are covered by the agreement?
The processed special categories of personal data include the following categories: Not applicable.
Have all subcontractors used during the provision of services been checked to ensure an appropriate level of personal data protection?
Yes, subcontractors undergo an annual assessment.
Is there a record of suppliers to whom you entrust or further entrust the processing of personal data?
Yes, there is a detailed list of further processors used by Vercom S.A., last updated on 20_03_2023, as well as a Register of Processing Activities at VERCOM S.A.
Have internal regulations been prepared and implemented regarding the supervision and monitoring of personal data processing processes?
Yes. Periodic internal and external audits are conducted. Testing occurs at least once every 12 months or more frequently if necessary.
The last ISO 27001 audit took place from 01.09.2023 to 05.09.2023 and covered the entire organization and all required standards, including measuring the effectiveness of security measures. Compliance with ISO 27001 was verified. The ISO 27018 audit occurred on 09.09.2023, verifying compliance with ISO 27018. The latest internal audit covering the entire organization and all processes took place from 04.08.2023 to 17.08.2023, resulting in an audit report and Information Security Management System Performance Report at Vercom S.A.
Where are the data entrusted for processing stored?
All operations performed on personal data take place within an IT system. Data entrusted for processing are not stored on employees' computers. Vercom does not process personal data in paper form as part of its services. All personal data entrusted to us for processing are stored in an external data center that meets the highest security standards and undergoes multi-layered security measures.
How does the entity ensure separation of data entrusted to it by the Controller from data of other entities, including its own data?
Vercom uses logical separation of data in its systems provided as part of the services rendered.
Is the storage and processing of data carried out only within the EEA?
The main server environment within VERCOM's CPaaS is located within the EEA. All further processors handling personal data provide services covered by regionalization within PL, EU, or EEA territories. We do not process data outside of the EEA.
Do we have procedures regarding backups of the data we process?
According to the documented and implemented policy, backups are created daily. Backup copies are stored for 2 years and are encrypted. Backups are maintained only within the EEA in external data centers with the highest security standards, subject to multi-layered security measures.
Last updated