Scope and Purpose of Personal Data Processing
Last updated
Last updated
| Entity | Scope of Entrustment | Area | Certifications | Description |
|---|---|---|---|---|
The service provided by Cloudflare, Inc. to Vercom S.A. includes the Web Application Firewall (WAF). The incorporation of WAF into Vercom's services aims to enhance the security of services provided by Vercom to the company's clients.
Vercom has ensured appropriate provisions in the agreement, including, among others:
Inclusion of the Data Localization Suite (DLS) option for the WAF service – through DLS, information processed by Vercom as part of the services remains within the European Union;
Inclusion of the EU Customer Metadata Boundary option for the WAF service – ensuring that data processed by Vercom for Vercom's clients will not be transmitted outside the European Union.
Subject, Nature, and Purpose
The processing is carried out for the purpose of providing the Service to the Customer based on the Main Agreement and to fulfill Vercom's obligations arising from this Data Processing Agreement, particularly concerning the security of data, including ensuring their integrity and availability.
Duration of Processing
The data processing period will be the same as the period of providing the Services under the Main Agreement, with the understanding that the data processing agreement is in effect until the data is deleted in accordance with its provisions.
Categories of Individuals
The processed personal data pertains to the following categories of individuals: End Users – individuals who are recipients of electronic communication sent by the Customer based on the Main Agreement.
Special Categories of Personal Data
Special categories of personal data processed include the following categories: Not Applicable.
Approved Subcontractors for Processing
To provide services, Vercom collaborates with domestic telecommunications operators (for domestic SMS delivery) and international SMS service providers (for sending SMS messages abroad).
Beyond.pl sp. z o.o.,
11 Adama Kręglewskiego Street, 61-248 Poznań
Data Centers and Server Rooms (Colocation, Backup.
EAA
ISO27001
PCIDSS
SOC2
ISO14001
ANSI TIA 942 Rated4
EN50600 class4
The sole data center in the EU with the highest level of security confirmed by two independent entities: ANSI/TIA-942 Rated 4 certification and EN 50600 Class 4 standard for all server chambers.
NTT Global Data Centers EMEA GmbH Voltastraße 15, 65795 Hattersheim
Data Centers and Server Rooms (Colocation, Backup.
EAA
ISO 9001
ISO 22301
ISO 50001
ISO 27001 IT-GS (BSI)
PCI DSS
The facility meets the requirements of the international Tier III standard. This ensures a minimum resource availability of 99.999% and redundancy of key elements.
Cyber Folks S.A.
22 Roosevelta Street, 60-829 Poznań
Hosting Services
EAA
A backup of Vercom's corporate email, as well as files and databases from the company's websites, is executed and maintained as part of the hosting service provided by Cyber_folks for Vercom.
Amazon Web Services EMEA SARL 38 Avenue John F. Kennedy, LU-1855 Luxemburg, R.C.S., Luxemburg: B186284
Data Backup
EAA
Data processed as part of the Services is handled on servers owned by VERCOM. In the case of backups, the data is fully encrypted on our end and transferred to our backup servers in the CPD and/or on servers provided by third-party entities (such as Amazon) off-site in the cloud.
Cloudflare, Inc.,
USA 101 Townsend St, San Francisco, CA 94107, USA
Provider of solutions to enhance the security of services provided (WAF service).
EAA
If you do not want your data to be processed by Cloudflare, you can opt out of this option. MORE >>