FREE ELECTRONIC LIBRARY - Thesis, dissertations, books

Pages:   || 2 |

«Data Processing Agreement for Oracle Cloud Services Version November 3, 2015 1. Scope and order of precedence This agreement (the “Data Processing ...»

-- [ Page 1 ] --

Data Processing Agreement for Oracle Cloud Services

Version November 3, 2015

1. Scope and order of precedence

This agreement (the “Data Processing Agreement”) applies to Oracle’s Processing of Personal Data

provided to Oracle by Customer as part of Oracle’s provision of Cloud Services (“Cloud Services”), as

further specified in (i) the applicable Oracle master agreement and (ii) the Oracle Cloud Ordering

Document between Customer and Oracle, and all documents, addenda, schedules and exhibits incorporated therein (collectively the “Agreement”) by and between the Customer entity and Oracle subsidiary listed in the order for Cloud Services.

This Data Processing Agreement is subject to the terms of the Agreement and is incorporated into the Agreement. Except as expressly stated otherwise, in the event of any conflict between the terms of the Agreement and the terms of this Data Processing Agreement, the relevant terms of this Data Processing Agreement shall take precedence. This Data Processing Agreement shall be effective for the Services Period of any Oracle Cloud order placed under the Agreement.

2. Definitions “Customer” or “you” means the Customer that has executed the order for Cloud Services.

“Oracle” or “Processor” means the Oracle subsidiary listed in the order for Cloud Services.

“Oracle Affiliates” mean the subsidiaries of Oracle Corporation that may assist in the performance of the Cloud Services.

“Model Clauses” means the standard contractual clauses annexed to the EU Commission Decision 2010/87/EU of 5 February 2010 for the Transfer of Personal Data to Processors established in Third Countries under the Directive (defined below).

“Personal Data” means any information relating to an identified or identifiable natural person that Customer or its end users provide to Oracle as part of the Cloud Services; an identified or identifiable natural person (a “data subject”) is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his/her physical, physiological, mental, economic, cultural or social identity.

“Process” or “Processing” means any operation or set of operations which is performed by Oracle as part of the Cloud Services upon Personal Data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.

“Subprocessor” means a third party subcontractor engaged by Oracle which, as part of the subcontractor’s role of delivering the Cloud Services, will Process Personal Data of the Customer.

“The Directive” means Directive 95/46/EC of the European Parliament and of the Council of October 24, 1995, as amended, on the protection of individuals with regard to the Processing of Personal Data and on the free movement of such data.

Other terms have the definitions provided for them in the Agreement or as otherwise specified below.

3. Categories of Personal Data and purpose of the Personal Data Processing In order to execute the Agreement, and in particular to perform the Cloud Services on behalf of

Customer, Customer authorizes and requests that Oracle Process the following Personal Data:

Categories of Personal Data: Personal Data may include, among other information, personal contact information such as name, home address, home telephone or mobile number, fax number, email address, and passwords; information concerning family, lifestyle and social circumstances including age, date of birth, marital status, number of children and name(s) of spouse and/or children; employment details including employer name, job title and function, employment history, salary and other benefits, job performance and other capabilities, education/qualification, identification numbers, social security details and business contact details; financial details; and goods and services provided.

Categories of Data Subjects: Data subjects may include Customer’s representatives and end users, such as employees, job applicants, contractors, collaborators, partners, and customers of the Customer. Data subjects also may include individuals attempting to communicate or transfer Personal Data to users of the Cloud Services.

Oracle will Process Personal Data solely for the provision of the Cloud Services, and will not otherwise (i) Process or use Personal Data for purposes other than those set forth in the Agreement or as instructed by Customer, or (ii) disclose such Personal Data to third parties other than Oracle Affiliates or Subprocessors for the aforementioned purposes or as required by law.

4. Customer’s Instructions

During the Services Period of any order for Cloud Services, Customer may provide instructions to Oracle in addition to those specified in the Agreement with regard to processing of Personal Data.

Oracle will comply with all such instructions without additional charge to the extent necessary for Oracle to comply with laws applicable to Oracle as a data processor in the performance of the Cloud Services;

the parties will negotiate in good faith with respect to any other change in the Cloud Services and/or fees resulting from such instructions.

5. Controller of Data

The control of Personal Data remains with Customer, and as between Customer and Oracle, Customer will at all times remain the data controller for the purposes of the Cloud Services, the Agreement, and this Data Processing Agreement. Customer is responsible for compliance with its obligations as data controller under data protection laws, in particular for justification of any transmission of Personal Data to Oracle (including providing any required notices and obtaining any required consents), and for its decisions and actions concerning the Processing and use of the data.

6. Rights of Data Subject

Oracle will grant Customer electronic access to Customer’s Cloud Services environment that holds Personal Data to permit Customer to delete, release, correct or block access to specific Personal Data or, if that is not practicable and to the extent permitted by applicable law, follow Customer’s detailed written instructions to delete, release, correct or block access to Personal Data held in Customer’s Cloud Services environment. Customer agrees to pay Oracle’s reasonable fees associated with the performance of any such deletion, release, correction or blocking of access to Personal Data. Oracle will pass on to the Customer any requests of an individual data subject to delete, release, correct or block Personal Data Processed under the Agreement.

7. Cross Border and Onward Data Transfer

Oracle treats all Personal Data in a manner consistent with the requirements of the Agreement and this Data Processing Agreement in all locations globally. Oracle’s information policies, standards and governance practices are managed on a global basis.

To the extent Personal Data originating from the EEA or Switzerland is transferred to Oracle, Oracle Affiliates or Subprocessors located in countries outside the EEA or Switzerland that have not received a binding adequacy decision by the European Commission pursuant to Articles 25(6) and 31(2) of the Directive or by a competent national data protection authority, such transfers are managed as follows.

Transfers from Customer to Oracle or Oracle Affiliates are made subject to the terms of this Data Processing Agreement and (i) the Model Clauses, with Customer acting as the “data exporter” and Oracle and/or the Oracle Affiliate(s) acting as the “data importer(s)” (as those terms are defined in the Model Clauses); or (ii) other appropriate transfer mechanisms that provide an adequate level of protection in compliance with the applicable requirements of Articles 25 and 26 of the Directive. The terms of this Data Processing Agreement shall be read in conjunction with the Model Clauses or other appropriate transfer mechanism referred to in the prior sentence.

For transfers from Oracle to Oracle Affiliates, Oracle shall ensure that such transfers are subject to (i) the terms of the Oracle intra-company agreement entered into between Oracle Corporation and the Oracle Affiliates, which requires all transfers of Personal Data to be made in compliance with the Model Clauses and with all applicable Oracle security and data privacy policies and standards; or (ii) other appropriate transfer mechanisms that provide an adequate level of protection in compliance with the applicable requirements of Articles 25 and 26 of the Directive.

For transfers from Oracle or Oracle Affiliates to Subprocessors, Oracle requires the Subprocessor to execute Model Clauses incorporating security and other data privacy requirements consistent with those of this Data Processing Agreement.

8. Affiliates and Subprocessors Some or all of Oracle’s obligations under the Agreement may be performed by Oracle Affiliates. Oracle and the Oracle Affiliates have entered into the intra-company agreement specified above, under which the Oracle Affiliates Processing Personal Data adopt safeguards consistent with those of Oracle.

Oracle is responsible for its compliance and the Oracle Affiliates' compliance with this requirement.

Oracle also may engage Subprocessors to assist in the provision of the Cloud Services. Oracle maintains a list of Subprocessors that may Process the Personal Data of Oracle’s Cloud Service customers and will provide a copy of that list to Customer upon request.

All Subprocessors are required to abide by substantially the same obligations as Oracle under this Data Processing Agreement as applicable to their performance of the Cloud Services. Customer may request that Oracle audit the Subprocessor or provide confirmation that such an audit has occurred (or, where available, obtain or assist customer in obtaining a third-party audit report concerning Subprocessor’s operations) to ensure compliance with such obligations. Customer also will be entitled, upon written request, to receive copies of the relevant terms of Oracle’s agreement with Subprocessors that may Process Personal Data, unless the agreement contains confidential information, in which case Oracle may provide a redacted version of the agreement.

Oracle remains responsible at all times for compliance with the terms of the Agreement and this Data Processing Agreement by Oracle Affiliates and Subprocessors.

Customer consents to Oracle’s use of Oracle Affiliates and Subprocessors in the performance of the Cloud Services in accordance with the terms of Sections 7 and 8 above.

9. Technical and Organizational Measures When Processing Personal Data on behalf of Customer in connection with the Cloud Services, Oracle has implemented and will maintain appropriate technical and organizational security measures for the Processing of such data, including the measures specified in this Section to the extent applicable to the Oracle’s Processing of Personal Data. These measures are intended to protect Personal Data against accidental or unauthorized loss, destruction, alteration, disclosure or access, and against all other unlawful forms of processing. Additional information concerning such measures, including the specific security measures and practices for the particular Cloud Services ordered by Customer, may be specified in the Agreement.

9.1 Physical Access Control. Oracle employs measures designed to prevent unauthorized persons from gaining access to data processing systems in which Personal Data is processed, such as the use of security personnel, secured buildings and data center premises.

9.2 System Access Control. The following may, among other controls, be applied depending upon the particular Cloud Services ordered: authentication via passwords and/or two-factor authentication, documented authorization processes, documented change management processes, and logging of access on several levels. For Cloud Services hosted @Oracle: (i) log-ins to Cloud Services Environments by Oracle employees and Subprocessors are logged; (ii) logical access to the data centers is restricted and protected by firewall/VLAN; and (iii) intrusion detection systems, centralized logging and alerting, and firewalls are used.

9.3 Data Access Control. Personal Data is accessible and manageable only by properly authorized staff, direct database query access is restricted, and application access rights are established and enforced.

In addition to the access control rules set forth in Sections 9.1 – 9.3 above, Oracle implements an access policy under which Customer controls access to its Cloud Services environment and to Personal Data and other data by its authorized personnel.

9.4 Transmission Control. Except as otherwise specified for the Cloud Services (including within the ordering document or the applicable service specifications), transfers of data outside the Cloud Service environment are encrypted. Some Cloud Services, such as social media services, may be configurable to permit access to sites that require unencrypted communications. The content of communications (including sender and recipient addresses) sent through some email or messaging services may not be encrypted. Customer is solely responsible for the results of its decision to use unencrypted communications or transmissions.

9.5 Input Control. The Personal Data source is under the control of the Customer, and Personal Data integration into the system, is managed by secured file transfer (i.e., via web services or entered into the application) from the Customer. Note that some Cloud Services permit Customers to use unencrypted file transfer protocols. In such cases, Customer is solely responsible for its decision to use such unencrypted field transfer protocols.

9.6 Data Backup. For Cloud Services hosted @Oracle: back-ups are taken on a regular basis; backups are secured using a combination of technical and physical controls, depending on the particular Cloud Service.

9.7 Data Segregation. Personal Data from different Oracle customers’ environments is logically segregated on Oracle’s systems.

Pages:   || 2 |

Similar works:

«Chinese Librarianship: an International Electronic Journal, 37. URL: www.iclc.us/cliej/cl37IOF.pdf Deviant Behaviors in Library Use: A Case Study of Three Universities in Nigeria Ikuomola Adediran Daniel Adekunle Ajasin University Nigeria diranreal@yahoo.com Okunola Rashidi Akanji University of Ibadan Nigeria mayeloyecaliphate@yahoo.com Fabunmi Samuel Olabode Adekunle Ajasin University Nigeria olabode.fabunmi@aaua.edu.ng ABSTRACT: Research on library deviance in Nigeria has largely relied on...»

«Project Developer’s Guidebook to VCS REDD Methodologies Version 2.0 February 2013 Acknowledgements We wish to thank Agustin Silvani, who conceived the idea for this guidebook and led the process of its development, and his colleagues at Conservation International, Stavros Papageorgiou, Jenny Hewson, Sean Griffin, Fabiano Godoy, Natasha Calderwood, and Toby Janson-Smith, for their close review of drafts and invaluable feedback. The funding for this product was made possible through a generous...»

«Andrews University Seminary Studies, Summer 1991, Vol. 29, No. 2, 117-126 Copyright @ 1991 by Andrews University Press. JESUS, THE SON OF DAVID TERENCE Y. MULLINS Philadelphia, PA 19129 In 2 Sam 5:410 David's conquest of Jerusalem and his making it the city of David are described. The great taunt which his enemies, the Jebusites, the natives of the land, hurled at him was, You will not come in here, but the blind and the lame will ward you off (5:6). David conquered the city (v. 7), after which...»

«Guidelines on Protocol Practice Department of Protocol Ministry of Foreign Affairs of the Kingdom of Thailand Guidelines on Protocol Practice Department of Protocol Ministry of Foreign Affairs of the Kingdom of Thailand i Foreword This guideline on protocol practice is designed for the use of Diplomatic Missions, Consular Posts, United Nations Specialized Agencies, and International Organizations accredited to Thailand, which are entitled to enjoy immunities and privileges in performing their...»

«MiFID Supervisory Briefings Best Execution Ref. CESR/08-735 The Committee of European Securities Regulators CESR is an independent Committee of European Securities Regulators. The role of the Committee is to: • Improve co-ordination among securities regulators;• Act as an advisory group to assist the European Commission, in particular in its preparation of draft implementing measures in the field of securities;• Work to ensure more consistent and timely day-to-day implementation of...»

«Tab This is a final public hearing to create a Gulf Reef Fish Data Reporting System, which would require private recreational anglers to report their intention to harvest or attempt to harvest reef fish species such as red snapper, gag grouper, and amberjack in the Gulf of Mexico. This data reporting system would be used to collect more accurate, precise, and timely catch and effort estimates for key recreational reef fish fisheries off Florida’s Gulf coast. The proposed Gulf Reef Fish Data...»

«PART TWO GLORIOUS REVOLUTION November 1688 February 1689/90 William of Orange lands James 11 is overthrown Locke returns to England with the new Queen Edward appointed Auditor to the Queen M Passebon takes over as tutor Edward selected M.P. for Taunton William arriving at Brixham On 1 November William's fleet set sail from Holland, helped by a “protestant wind” that veered to the East, driving the Dutch along the Channel and keeping James’s naval forces trapped in the Thames estuary. He...»

«Marianne Tråvén THE INVENTORY OF GUSTAV III AS A SOURCE FOR THE WORK OF THE COSTUME WORKSHOP OF THE ROYAL OPERA IN STOCKHOLM BETWEEN 1773 AND 1792   The Swedish King Gustav III, also known as the ‘theatre king’, founded the Swedish Opera Company in 1773. The early productions of the Swedish Opera, between 1773 and 1782, were played at the so called ‘Bollhuset’, a sports house with a tennis court by the castle quickly refurbished to house Gustav III’s pet project. It had been used...»

«Bangladesh ICT Case Study ICT EDUCATION CASE STUDY ASPBAE RESEARCH ON INFORMATION AND COMMUNICATION TECHNOLOGY (BANGLADESH) By Mohammad Ali, Dhaka Ahsania Mission Asian South Pacific Bureau of Adult Education (ASPBAE) ASPBAE Research on Information and Community Technology Bangladesh ICT Case Study ASPBAE RESEARCH ON INFORMATION AND COMMUNICATION TECHNOLOGY By Mohammad Ali, Dhaka Ahsania Mission The challenge Bangladesh faces is how to become a learning society and to ensure that its citizens...»

«Grade 1 Core Knowledge Language Arts® • New York Edition • Skills Strand Unit 5 Reader Kate’s Book THIS BOOK IS THE PROPERTY OF: STATE Book No. PROVINCE Enter information in spaces COUNTY to the left as PARISH instructed. SCHOOL DISTRICT OTHER CONDITION Year ISSUED TO ISSUED RETURNED Used PUPILS to whom this textbook is issued must not write on any page or mark any part of it in any way, consumable textbooks excepted. 1. Teachers should see that the pupil’s name is clearly written in...»

«DoD Financial Management Regulation Volume 8, Chapter 5 + August 1999 CHAPTER 5 LEAVE 0501 GENERAL REQUIREMENTS  050101. Eligibility. The type, amount, and nature of leave benefits are dependent on the type and length of employment, military status, and other eligibility requirements. See DoD 1400.25-M, subchapter 630 (reference (u)), 5 U.S.C., chapter 63 (reference (b)), and 5 C.F.R., Part 630 (reference (l)). 050102. Objectives. The leave objectives to be met by payroll operations and...»

«©Vierteljahrshefte für Zeitgeschichte WALTER BUSSMANN KURSK-OREL-DNJEPR Erlebnisse und Erfahrungen im Stab des XXXXVI. Panzerkorps während des „Unternehmens Zitadelle Spätestens mit dem Auslaufen der Operation „Zitadelle im Juli 1943 der Deckname steht für die letzte Großoffensive der Wehrmacht an der Ostfront hatte die deutsche Seite die Initiative endgültig an die Rote Armee abgegeben. Nachdem diese Operation aus der Perspektive der höchsten militärischen Führung erschöpfend...»

<<  HOME   |    CONTACTS
2016 www.dis.xlibx.info - Thesis, dissertations, books

Materials of this site are available for review, all rights belong to their respective owners.
If you do not agree with the fact that your material is placed on this site, please, email us, we will within 1-2 business days delete him.