III. APPLICATION OF EU DATA PROTECTION LAWS
«Automated Decisions» are defined as decisions about individuals that are based solely on the automated processing of data and that produce legal effects that significantly affect the individuals involved.
«Controller» means a person or organization which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.
«Employee» means any current, former or prospective employee, temporary worker, intern or other non-permanent employee of Netwrix or any current or prospective subsidiary or affiliate of Netwrix.
«European Economic Area («EEA»)» means the following countries: Austria, Belgium, Bulgaria, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Republic of Ireland, Italy, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, The Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, the UK.
«Personal Data» means any information relating to an identified or identifiable natural person («data subject»); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity and includes information, that (i) relates to an identified or identifiable Customer, Employee or Supplier’s representative; (ii) can be linked to that Customer, Employee or Supplier’s representative; (iii) is transferred to Netwrix in the U.S. from the EEA or Switzerland, and (iv) is recorded in any form.
«Privacy Officer» means the individual officer designated by Netwrix as the initial point of contact for inquiries, complaints, or questions regarding privacy matters. The Privacy Officer is identified at the end of this Policy.
«Processing» is defined as any action that is performed on Personal Data, whether in whole or in part by automated means, such as collecting, modifying, using, disclosing, or deleting such data. This Policy does not cover data rendered anonymous or where pseudonyms are used that do not allow for, directly or indirectly, the identification of an individual. The use of pseudonyms involves the replacement of names or other identifiers with substitutes, so that identification of individual persons is either impossible or at least rendered considerably more difficult. This Policy shall apply again if the protections offered through anonymization no longer apply.
«Sensitive Personal Data» means Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership or concerning health or sex, and the commission or alleged commission of any offense, any proceedings for any offense committed or alleged to have been committed by the individual or the disposal of such proceedings, or the sentence of any court in such proceedings.
«Supplier» means any supplier, vendor or other third party located in the USA and/or the EEA or Switzerland that provides services or products to Netwrix.
This Policy is designed to provide compliance with all relevant applicable data protection laws in the EEA, and in particular the General Data Protection Regulation («GDPR»). Netwrix will handle Personal Data in accordance with local law at the place where the Personal Data is processed.
IV. PRINCIPLES FOR PROCESSING PERSONAL DATA
Netwrix respects the privacy of Data Subjects and is committed to protecting Personal Data. Netwrix will observe the following principles when processing Personal Data:
- Data will be processed fairly and in accordance with applicable law.
- Data will be collected for specified, legitimate purposes and not processed further in ways incompatible with those purposes.
- Data will be relevant to and not excessive for the purposes for which they are collected and used. For example data may be rendered anonymous if deemed reasonable, feasible and appropriate, depending on the nature of the data and the risks associated with the intended uses.