ENGLISH VERSION
THIS DATA PROCESSING AGREEMENT (“AGREEMENT”) IS A LEGAL AGREEMENT WHICH FORMS AN INTEGRAL PART OF AND APPLIES IN ADDITION TO THE EXISTING BIT SERVICES SERVICE AGREEMENT (“SERVICE AGREEMENT”) CONCLUDED BY AND BETWEEN THE CUSTOMER AND BIT SERVICES (BOTH AS DEFINED IN THE SERVICE AGREEMENT) IN CONNECTION WITH THE PROVISION OF SERVICES WHICH INCLUDES VARIOUS DATA PROCESSING SERVICES TO CUSTOMER (“SERVICES”).
Annex 1: Description of Bit Services’s processing activities
Details of the processing
Bit Services is a provider of software as a service for point of sale solutions for the retail and hospitality industry as well as the provider of an online platform that can be used for eCommerce purposes. Bit Services shall process Personal Data on behalf of the Customer to provide these services to the Customer pursuant to the Service Agreement and any additional purposes as instructed by Customer when using the Services.
Type of personal data
Depending on how the Customer chooses to use the Services, Bit Services may process the following types of personal data:
First name, Last name
Business Information (e-mail address, business address, registration number, tax registration number)
Contact information (e-mail address, home address, phone number)
Language
Gender
Date of Birth
IP Address
Geographical data
Business bank account details
Duration (retention terms)
Each type of personal data will be deleted upon receipt of an instruction thereto from the Customer
Categories of individuals whose data are processed
Persons who are using the Customer’s services.
Employees and other persons authorized by the Customer who have access to and use the Services.
(Sub-)processors
Customer hereby gives Bit Services permission to engage the following (sub-) processors on Bit Services’s behalf:
Type of Services | Name (sub-) processor | Description of processing | Country of establishment |
All Services | Dialogflow, Inc. | Storing of personal data received from the Customer to perform Customer support services | United States |
All Services | Google, LLC. | Analysis of non-personal data for statistical purposes. | United States |
All Services | Google, LLC. | Storing of personal data on cloud servers | United States |
All Services | Amazon Web Services, Inc | Storing of personal data on cloud servers | United States |
All Services | Pathwire, Inc. | Sending of email receipts on behalf of retailers to customers | United States |
All Services | WhatsApp Ireland, Ltd | Multiplatform messaging app used for our services. | United States |
All Services | Tanla Solutions, Inc | Cloud based Communications Platform as a Service | India |
Annex 2: Description of Bit Services’s Security Measures
Bit Services has taken appropriate and sufficient technical and organizational security measures to protect the Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular where processing involves a transmission of Personal Data over a network, and against all other unlawful forms of processing.
The following description provides an overview of the technical and organizational security measures implemented. Such measures shall include, but are not limited to :
Data Protection
Bit Services will process the Personal Data as a Data processor, only for the purpose of providing the Services in accordance with documented instruction from the Customer (provided that such instructions are commensurate with the functionalities of the Services), and as may be agreed to with you.
Bit Services implements and maintains appropriate technical and organizational measures to protect the Personal Data against unauthorized or unlawful processing and against accidental loss, destruction, damage, theft, alteration or disclosure.
Bit Services ensures that its personnel who access the Personal Data are subject to confidentiality obligations that restrict their ability to disclose the Personal Data.
In-transit: Bit Services makes HTTPS encryption available on every one of its login interfaces and on every customer site hosted on the Bit Services products. Bit Services’s HTTPS implementation uses industry standard algorithms and certificates.
At-rest: Bit Services stores user passwords following industry standard practices for security.
Access control
Preventing Unauthorized Product Access
Outsourced processing: Bit Services hosts its services on third party Hosting infrastructure in form of data centers and Infrastructure-as-a-Service (IaaS). Additionally, Bit Services maintains contractual relationships with vendors in order to provide the service in accordance with our Data Processing Agreement. Bit Services relies on contractual agreements, privacy policies, and vendor compliance programs in order to protect data processed or stored by these vendors.
Physical and environmental security: Bit Services hosts its product infrastructure with multi-tenant, outsourced infrastructure providers. The physical and environmental security controls are audited for SOC 2 Type II, ISO 27001 and PCI DSS compliance, among other certifications.
Authentication: Bit Services implemented a uniform password policy for its customer products. All users who needs to interact with the products via any interface must authenticate before accessing non-public customer data.
Authorization: Customer data is stored in multi-tenant storage systems accessible to Customers via only application user interfaces and application programming interfaces. Customers are not allowed direct access to the underlying application infrastructure. The authorization model in each of Bit Services’s product is designed to ensure that only the appropriately assigned individuals can access relevant features, views, and customization options. Authorization to data sets is performed through validating the user’s permissions against the attributes associated with each data set.
Preventing Unauthorized Product Use
Access controls: Network access control mechanisms are designed to prevent network traffic using unauthorized protocols from reaching the product infrastructure. The technical measures implemented differ between infrastructure providers and include Virtual Private Cloud (VPC) implementations, security group assignment, and traditional firewall rules.
Intrusion detection and prevention: Bit Services implemented a Web Application Firewall (WAF) solution to protect hosted customer websites and other internet-accessible applications. The WAF is designed to identify and prevent attacks against publicly available services.
Vulnerability scanning: Bit Services regularly scans its infrastructure and web services for known vulnerabilities and remediate on them in a timely manner.
Limitations of Privilege & Authorization Requirements
Product access: A subset of Bit Services’s employees have access to the products and to customer data via controlled interfaces. The intent of providing access to a subset of employees is to provide effective support, to troubleshoot potential problems, to detect and respond to security incidents and implement data security. Employees are granted access by role. Log-ins to data storage or processing systems are logged.
Database access: Customer data is accessible and manageable only by properly authorized staff. Direct database query access is restricted, and application access rights are established and enforced.
Incident Management Control
Detection: Bit Services designed its infrastructure to log extensive information about the system behavior, traffic received, system authentication, and other application requests. Internal systems aggregated log data and alert appropriate employees of malicious, unintended, or anomalous activities. Bit Services personnel, including security, operations, and support personnel are responsive to known incidents.
Response and tracking: Bit Services maintains a record of known security incidents that includes descriptions, dates and times of relevant activities, and incident remediation. Suspected and confirmed security incidents are investigated by security, operations or support personnel, and appropriate resolution steps are identified and documented. For any confirmed incidents, Bit Services will take appropriate steps to minimize product and Customer damage or unauthorized disclosure.
Communication: If Bit Services becomes aware of unlawful access to Customer data stored within its products, Bit Services will: Notify the affected Customers of the incident; Provide a description of the steps Bit Services is taking to resolve the incident; Provide status updates to the Customer contact, as it deems necessary or is legally required. Notification of incidents, if any, will be delivered to one or more of the Customer’s contacts in a form Bit Services selects, which may include via email or telephone.
For more detailed information on the latest state of art measures, please contact us directly.
Cookie | Duration | Description |
---|---|---|
cookielawinfo-checbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
cookielawinfo-checbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
cookielawinfo-checbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |