Litaba pata
1 Ownbackup Supplemental Data Processing Addendum
2 Tlhahisoleseding ya Sehlahiswa
3 Litaelo tsa Tšebeliso ea Sehlahisoa
4 TLALETSOE MITAELO TSA TŠEBELETSO EA DATA
5 Lenane la Hajoale la Sub-processor
6 SaaS Services Applicable to Personal Data Processing
7 Lintlha tsa Ts'ebetso
8 OwnBackup Security Controls 3.3
9 Selelekela
10 Litokisetso tsa Europe
11 Litokomane / Lisebelisoa
11.1 Litšupiso

Ownbackup-LOGO

Ownbackup Supplemental Data Processing Addendum

Ownbackup-Supplemental-Data-Processing-Addendum-PRODUCT

Tlhahisoleseding ya Sehlahiswa

The product is a Supplemental Data Processing Addendum (DPA) provided by OwnBackup. It is used in conjunction with the SaaS Services provided by OwnBackup to process Personal Data on behalf of the Customer.

Litlhaloso Tsa Sehlooho

  • Molaoli: The entity that determines the purposes and means of processing Personal Data.
  • Moreki: The entity named above and its Affiliates.
  • Taba ea Lintlha: The identified or identifiable person to whom Personal Data relates.
  • Europe: Refers to the European Union, the European Economic Area, Switzerland, and the United Kingdom.
  • GDPR: The General Data Protection Regulation, which is a regulation on data protection and privacy for all individuals within the European Union and the European Economic Area.

Litaelo tsa Tšebeliso ea Sehlahisoa

  1. This Supplemental DPA consists of two parts: the main body of the Supplemental DPA, and Schedules 1, 2, 3, 4, and 5.
  2. The Supplemental DPA has already been pre-signed on behalf of OwnBackup.
  3. Ho tlatsa Supplemental DPA, latela mehato ena:
    • Tlatsa Karolo ea Lebitso la Bareki le Aterese ea Bareki leqepheng la 2.
    • Tlatsa tlhahisoleseding e lebokoseng la mosaeno ebe o saena leqepheng la 3.
    • Verify that the information on Schedule 3 (Details of the Processing) accurately reflects the subjects and categories of data to be processed.
    • Send the completed and signed Supplemental DPA to OwnBackup at privacy@ownbackup.com.
  4. Upon OwnBackup’s receipt of the validly completed Supplemental DPA at the provided email address, the Supplemental DPA will become legally binding.
  5. The signature of the Supplemental DPA on page 3 constitutes acceptance of the Standard Contractual Clauses and the UK Addendum, both incorporated by reference.
  6. In case of any conflict or inconsistency between this Supplemental DPA and any other agreement between Customer and OwnBackup, the terms of this Supplemental DPA shall prevail.

TLALETSOE MITAELO TSA TŠEBELETSO EA DATA

MOKHOA OA HO SEBETSA DPA ENA:

  1. This Supplemental DPA consists Of two parts: the main body Of the Supplemental DPA, and Schedules 1, 2, 3, 4 and 5.
  2. This Supplemental DPA has been pre-signed on behalf Of OwnBackup.
  3. TO complete this Supplemental DPA, Customer must:
    • a.Complete the Customer Name and Customer Address Section on page 2.
    • b. Complete the information in the signature box and sign on page 3.
    • c. Verify that the information on Schedule 3 (MDetails Of the Processing”) accurately reflects the subjects and categories Of data to be processed
    • d. Send the completed and signed Supplemental DPA to OwnBackup at lekunutu@ownbackup.com.

Upon OwnBackup’s receipt Of the validly completed Supplemental DPA at this email address, this Supplemental DPA will become legally binding. Signature Of this Supplemental DPA on page 3 shall be deemed to constitute signature and acceptance Of the Standard Contractual Clauses (including their Appendices) and the UK Addendum, both incorporated herein by reference.

KAMOO DPA ENA E SEBETSANG KATENG

  • If the Customer entity signing this Supplemental DPA is a party to the Agreement, this Supplemental DPA is an addendum to and forms part Of the Agreement or Existing DPA. In such case, the OwnBackup entity that is party to the Agreement or Existing DPA is party to this DPA.
  • If the Customer entity signing this Supplemental DPA has executed an Order Form with OwnBackup or its Affiliate pursuant to the Agreement or Existing DPA, but is not itself a party to the Agreement Or Existing DPA, this Supplemental DPA is an addendum to that Order Form and applicable renewal Order Forms, and the OwnBackup entity that is party to such Order Form is party to this Supplemental DPA.
  • Haeba setheo sa Bareki se saenang Tlatsetso ena ea DPA e se karolo ea Foromo ea Taelo kapa Tumellano kapa DPA e Teng Teng, DPA ena ea Tlatsetso ha e sebetse ebile ha e tlamehe ho ea ka molao. Setheo se joalo se lokela ho kopa hore setheo sa Bareki seo e leng karolo ea Tumellano kapa DPA e Teng e Phethahetse DPA ena ea Tlatsetso.
  • If the Customer entity signing the Supplemental DPA is not a party to an Order Form nor a Master Subscription Agreement or Existing DPA directly with OwnBackup, but is instead a customer indirectly via an authorized reseller Of OwnBackup services, this Supplemental DPA is not valid and is not legally binding. Such entity should contact the authorized reseller to discuss whether an amendment to its agreement with that reseller is required.
  • In the event Of any conflict or inconsistency between this Supplemental DPA and any other agreement between Customer and OwnBackup (including, without limitation, the Agreement or Existing DPA), the terms Of this Supplemental DPA shall control and prevail.

KEKELETSO EA TŠEBELETSO EA DATA

Lebitso moreki:
Aterese ea Moreki:
Letsatsi la DPA le teng:

This Supplemental Data Processing Addendum, including its Schedules and Appendices, (“Supplemental DPA”) forms part Of the existing Data Processing Addendum identified above (“Existing DPA”) between OwnBackup Inc. (“OwnBackup”) and the Customer. Combined this Supplemental DPA and the Existing DPA shall form the complete data processing agreement (the “DPA”) to document the parties’ agreement regarding the Processing Of Personal Data. If such Customer entity and OwnBackup have not entered into an Agreement, then this DPA is void and Of no legal effect. The Customer entity named above enters into this Supplemental DPA for itself and, if any Of its Affiliates act as Controllers Of Personal Data, on behalf Of those Authorized Affiliates. All capitalized terms not defined herein shall have the meaning set forth in the Agreement. In the course of providing the SaaS Services to Customer under the Agreement, OwnBackup may Process Personal Data on behalf Of Customer. The parties agree to the following supplemental terms with respect to such Processing.

TLHALOSO

  • “CCPA” means the California Consumer Privacy Act, Cal. Civ. Code S 1798.100 et. seq., as amended by the California Privacy Rights Act Of 2020 and together with any implementing regulations.
  • “Controller” means the entity which determines the purposes and means Of the Processing Of Personal Data and is deemed to also refer to a “business” as defined in the CCPA.
  • “Moreki” e bolela setheo se boletsoeng ka holimo le Litho tsa sona.
  • “Data Protection Laws and Regulations” means all laws and regulations Of the European Union and its member states, the European Economic Area and its member states, the United Kingdom, Switzerland, the United States, Canada, New Zealand, and Australia, and their respective political subdivisions, applicable to the Processing Of Personal Data. These include, but are not limited to, the following, to the extent applicable: the GDPR, UK Data Protection Law, the CCPA, the Virginia Consumer Data Protection Act (“VCDPA”), the Colorado Privacy Act and related regulations (“CPA”), the Utah Consumer Privacy Act (“UCPA”), and the Connecticut Act Concerning Personal Data Privacy and Online Monitoring (the “CPDPA”)
  • "Taba ea Boitsebiso" e bolela motho ea tsejoang kapa ea tsejoang eo Boitsebiso ba Botho bo amanang le eena 'me bo kenyelletsa "moreki" joalokaha ho hlalositsoe Melaong le Melaong ea Tšireletso ea Boitsebiso.
  • “Europe” means the European Union, the European Economic Area, Switzerland, and the United Kingdom. Additional provisions applicable to transfers Of Personal Data from Europe are contained in Schedule 5. In the event that Schedule 5 is removed, Customer warrants that it shall not process Personal Data subject to the Data Protection Laws and Regulations Of Europe.
  • “GDPR” means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection Of natural persons with regard to the processing of personal data and on the free movement Of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
  • “OwnBackup Group” means OwnBackup and its Affiliates engaged in the Processing Of Personal Data.
  • “Personal Data” means any information relating to (i) an identified or identifiable natural person and, (ii) an identified Or identifiable legal entity (where such information is protected similarly as personal data, personal information, or personally identifiable information under applicable Data Protection Laws and Regulations), where for each (i) or (ii), such data is Customer Data.
  • "Litšebeletso tsa Personal Data Processing" li bolela Litšebeletso tsa SaaS tse thathamisitsoeng ho Schedule 2, tseo OwnBackup e ka sebetsanang le Boitsebiso ba Botho.
  • “Processing” means any operation or set Of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment ur combination, restriction, erasure or destruction.
  • “Processor” means the entity which Processes Personal Data on behalf Of the Controller, including as applicable any “service provider” as that term is defined by the CCPA.
  • “Standard Contractual Clauses” means the Annex to the European Commission’s implementing decision (EU) 2021/914 https://eur-lex.europa.eu/eli/decimpl/2021/914/0i) Of 4 June 2021 on Standard Contractual Clauses for the transfer Of personal data to processors established in third countries pursuant to Regulation (EU) 2016/679 Of the European Parliament and of the Council Of the European Union and subject to required amendments for the United Kingdom and Switzerland further described in Schedule 5.
  • “Sub-processor” means any Processor engaged by OwnBackup, by a member Of the OwnBackup Group or by another Sub-processor.
  • “Supervisory Authority” means a governmental or government-chartered regulatory body having binding legal authority over the Customer.
  • “UK Addendum” means the United Kingdom International Data Transfer Addendum to the EU Commission Standard Contractual Clauses (available as Of 21 March 2022 at https://ico.org.uk/for-organisations/guide-to-data-protection/ guide-to-the-general-data-protection-regulation-gdpr/international-data-transfer-agreement-and-guidance/), completed as described in Schedule 5.
  • “UK Data Protection Law” means Regulation 2016/679 of the European Parliament and Of the Council on the protection Of natural persons with regard to the processing Of personal data and on the free movement Of such data as it forms part Of the law Of England and Wales, Scotland and Northern Ireland by virtue Of section 3 Of the European Union (Withdrawal) Act 2018, as may be amended from time to time by the Data Protection Laws and Regulations Of the United Kingdom.

TAELO YA PUSELETSO

  • a. With the exception Of the Standard Contractual Clauses incorporated herein, which shall take precedence, in the event Of any inconsistency between this Supplemental DPA and the Existing DPA, the terms Of the Existing DPA shall prevail.

MOELI MOTHO

  • a. TO the extent permitted by Data Protection Laws and Regulations, each party’s and all Of its Affiliates’ liability, taken together in the aggregate, arising out Of or related to this Supplemental DPA, whether in contract, tort or under any other theory Of liability, is subject to the “Liability Limit” clauses, and such other clauses that exclude or limit liability, Of the Agreement, and any reference in such clauses to the liability Of a party means the aggregate liability Of that party and all Of its Affiliates.

LIPHETOHO FETISISA MEKHOA

  • a. In the event that a current transfer mechanism relied upon by the parties for the facilitation Of transfers Of Personal Data to one or more countries that do not ensure an adequate level Of data protection within the meaning of the Data Protection Laws and Regulations is invalidated, amended, or replaced the parties will work in good faith to enact such alternative transfer mechanism to enable the continued Processing Of Personal Data contemplated by the Agreement. The use Of such an alternative transfer mechanism shall be subject to each party’s fulfillment Of all legal requirements for the use Of such a transfer mechanism.

Batho ba tekenetseng ba nang le tumello ea mekha ba phethile Tumellano ena ka nepo, ho kenyeletsoa le Mananeo a sebetsang, Lihlomathiso, le Lihlomathiso tse kenyellelitsoeng mona.

Ownbackup-Supplemental-Data-Processing-Addendum-FIG-1

Lethathamo la Mananeo

  • Kemiso ea 1: Lethathamo la Hajoale la Sub-Processor
  • Kemiso ea 2: Litšebeletso tsa SaaS tse sebetsang ho Ts'ebetso ea Boitsebiso ba Botho
  • Kemiso ea 3: Lintlha tsa Ts'ebetso
  • Kemiso ea 4: OwnBackup Security Controls
  • Kemiso ea 5: Litokisetso tsa Europe

Lenaneo 1

Lenane la Hajoale la Sub-processor

Sub-Processor Lebitso Aterese ea Sub-processor Mofuta oa Ts'ebetso Nako ea ts'ebetso Sebaka sa Ts'ebetso
OwnBackup Limited 3 Aluf Kalman Magen StZ, Tel Aviv 6107075, Israel Tšehetso le tlhokomelo ea bareki Bakeng sa nako ea Tumellano. Iseraele
Amazon Web Services, Inc.* 410 Terry Avenue North, Seattle, Washington 98109, USA Ho amohela ts'ebeliso le polokelo ea data Bakeng sa nako ea Tumellano. United States, Canada, Jeremane, United Kingdom, kapa Australia
Microsoft Corporation (Azure)* E 'ngoe ea Microsoft Way, Redmond, Washington 98052, USA Ho amohela ts'ebeliso le polokelo ea data Bakeng sa nako ea Tumellano. Netherlands kapa United States
Elasticsearch, Inc.**  

800 West El Camino Real, Suite 350, Thaba View, California 94040, USA

 Indexing le ho batla Bakeng sa nako ea Tumellano. Netherlands kapa United States
  • Moreki a ka khetha Amazon Web Litšebeletso kapa Microsoft (Azure) le Sebaka sa eona se lakatsehang sa Ts'ebetso nakong ea tlhophiso ea pele ea Bareki ea Litšebeletso tsa SaaS.
  • Applies only to OwnBackup Archive customers that choose to deploy in the Microsoft (Azure) Cloud.

Lenaneo 2

SaaS Services Applicable to Personal Data Processing

  • OwnBackup Enterprise bakeng sa Salesforce
  • OwnBackup Unlimited for Salesforce
  • OwnBackup Governance Plus bakeng sa Salesforce
  • OwnBackup Archive
  • Ipehele Litaolo tsa Linotlolo tsa Hao
  • Lehlabathe la ho jala

Lenaneo 3

Lintlha tsa Ts'ebetso

Data Exporter

  • Lebitso le Feletseng la Semolao: Lebitso la Moreki joalo ka ha ho boletsoe ka holimo
  • Aterese e kholo: Aterese ea Bareki joalo ka ha ho boletsoe ka holimo
  • Ikopanye: Haeba ho sa fanoe ka tsela e 'ngoe ena e tla ba lebitso la mantlha akhaonteng ea Moreki.
  • Imeile ea ho Ikopanya: Haeba e sa fanoe ka tsela e 'ngoe ena e tla ba aterese ea mantlha ea lengolo-tsoibila akhaonteng ea Moreki.

Data Importer

  • Lebitso le felletseng la Molao: OwnBackup Inc.
  • Aterese e kholo: 940 Sylvan Ave, Englewood Cliffs, NJ 07632, USA
  • Ikopanye: Ofisiri ea Lekunutu
  • Imeile ea Khokahano: lekunutu@ownbackup.com

Tlhaho le Morero oa Ts'ebetso

  • OwnBackup e tla sebetsana le Lintlha tsa Botho ha ho hlokahala ho etsa Litšebeletso tsa SaaS ho latela Tumellano le Litaelo, le joalo ka ha Moreki a laetsoe ka tšebeliso ea eona ea Litšebeletso tsa SaaS.

Nako ea ts'ebetso

  • OwnBackup e tla sebetsana le Lintlha tsa Botho bakeng sa nako eohle ea Tumellano, ntle le haeba ho lumellanoe ka mokhoa o mong ka mongolo.

Ho boloka

  • OwnBackup e tla boloka Lintlha tsa Botho ho Litšebeletso tsa SaaS bakeng sa nako eohle ea Tumellano, ntle le haeba ho lumellanoe ka mokhoa o mong ka mongolo, ho latela nako e telele ea ho boloka e boletsoeng ho Tokomane.

Khafetsa ea Phetiso

  • Joalo ka ha ho khethiloe ke Moreki ka ts'ebeliso ea bona ea Litšebeletso tsa SaaS.

Ho fetisetsoa ho Sub-processor(s)

  • Joalo ka ha ho hlokahala ho etsa Litšebeletso tsa SaaS ho latela Tumellano le Litaelo, le joalo ka ha ho hlalositsoe ho Shejule 1.

Lihlopha tsa Lihlooho tsa Boitsebiso
Moreki a ka fana ka Lintlha tsa Botho ho Litšebeletso tsa SaaS, tseo boholo ba tsona li laoloang le ho laoloa ke Moreki ka boikhethelo ba hae, 'me e ka kenyelletsang empa e sa felle ho Lintlha tsa Botho tse amanang le likarolo tse latelang tsa litaba tsa data:

  • Litebello, bareki, balekane ba khoebo le barekisi ba Bareki (bao e leng batho ba tlhaho)
  • Basebetsi kapa batho bao ho kopanang le bona ba menyetla ea Moreki, bareki, balekane ba khoebo le barekisi
  • Basebetsi, baemeli, baeletsi, basebetsi ba ikemetseng ba Bareki (bao e leng batho ba tlhaho) Basebelisi ba bareki ba lumelletsoeng ke Moreki ho sebelisa Litšebeletso tsa SaaS.

Mofuta oa Boitsebiso ba Motho
Moreki a ka fana ka Lintlha tsa Botho ho Lits'ebeletso tsa SaaS, tseo boholo ba tsona bo laoloang le ho laoloa ke Moreki ka boikhethelo ba bona, mme bo ka kenyelletsang empa bo sa felle feela mefuteng e latelang ea Lintlha tsa Botho:

  • Lebitso la pele le fane
  • Sehlooho
  • Boemo
  • Mohiri
  • Lintlha tsa puisano (k'hamphani, lengolo-tsoibila, mohala, aterese ea khoebo)
  • Lintlha tsa ID
  • Lintlha tsa bophelo ba setsebi
  • Lintlha tsa bophelo ba motho
  • Lintlha tsa sebaka

Likarolo tse khethehileng tsa data (haeba ho loketse)
Customer may submit special categories of Personal Data to the SaaS Services, the extent of which is determined and controlled by Customer in its sole discretion, and which for the sake of clarity could include the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person or data concerning health. See the measures in Schedule 4 for how OwnBackup protects special categories of data and other personal data

Lenaneo 4

OwnBackup Security Controls 3.3

Selelekela

  • Lisebelisoa tsa OwnBackup-as-a-service (SaaS Services) li entsoe ho tloha qalong ho nahanoa ka tšireletso. Litšebeletso tsa SaaS li entsoe ka mefuta e fapaneng ea taolo ea ts'ireletso ho pholletsa le mekhahlelo e mengata ho sebetsana le mefuta e mengata ea likotsi tsa ts'ireletso. Litaolo tsena tsa ts'ireletso li ka fetoha; leha ho le joalo, liphetoho leha e le life li tla boloka kapa li ntlafatse boemo ba tšireletso ka kakaretso.
  • Litlhaloso tsa taolo e ka tlase li sebetsa ho ts'ebetsong ea SaaS Service ho Amazon ka bobeli Web Litšebeletso (AWS) le li-platform tsa Microsoft Azure (Azure) (hammoho li bitsoa Cloud Service Providers, kapa CSPs), ntle le ha ho boletsoe karolong ea Encryption e ka tlase. Litlhaloso tsena tsa litaolo ha li sebetse ho software ea RevCult ntle le ha ho fanoe ka tlas'a "Secure Software Development" ka tlase.

Litlhahlobo le Litifikeiti

  • Litšebeletso tsa SaaS li tiisitsoe tlas'a ISO/IEC 27001: 2013 (Sistimi ea Ts'ireletso ea Boitsebiso) le ISO/IEC 27701:2019 (Sistimi ea Tsamaiso ea Lekunutu).
  • OwnBackup undergoes an annual SOC2 Type II audit under SSAE-18 to independently verify the effectiveness of its information security practices, policies, procedures, and operations for the following Trust Services Criteria: Security, Availability, Confidentiality, and Processing Integrity.
  • OwnBackup utilizes global CSP regions for its computing and storage for the SaaS Services. AWS and Azure are top-tier facilities with several accreditations, including SOC1 – SSAE-18, SOC2, SOC3, ISO 27001, and HIPAA.

Web Litaolo tsa Tšireletso ea Kopo

  • Ho fihlella ha bareki ho Litšebeletso tsa SaaS ho etsoa feela ka HTTPS (TLS1.2+), ho theha khokahanyo ea data nakong ea leeto lipakeng tsa mosebelisi oa ho qetela le ts'ebeliso le lipakeng tsa OwnBackup le mohloli oa data oa motho oa boraro (mohlala, Salesforce).
  • Batsamaisi ba SaaS Service ba moreki ba ka fana le ho fana ka litšebeletso tsa basebelisi ba SaaS Service le phihlello e amanang le eona ha ho hlokahala.
  • Litšebeletso tsa SaaS li fana ka taolo ea phihlello e thehiloeng ho karolo ho nolofalletsa bareki ho laola tumello ea mekhatlo e mengata.
  • Batsamaisi ba SaaS Service ba bareki ba ka fihlella litsela tsa tlhahlobo ho kenyelletsa lebitso la mosebelisi, ketso, linakoamp, le libaka tsa aterese tsa IP tsa mohloli. Audit logs e ka ba viewed le ho romelloa kantle ho naha ke mookameli oa SaaS Service oa moreki o keneng ho SaaS Services hammoho le ka SaaS Services API.
  • Access to the SaaS Services can be restricted by the source IP address.
  • The SaaS Services allow customers to enable multi-factor authentication for accessing SaaS Service accounts utilizing time-based one-time passwords.
  • Litšebeletso tsa SaaS li lumella bareki ho lumella ho saena ha motho a le mong ka SAML 2.0 bafani ba boitsebiso.
  • Litšebeletso tsa SaaS li lumella bareki ho nolofalletsa maano a password a ka sebelisoang ho thusa ho hokahanya li-password tsa SaaS Service le maano a khoebo.

Koetliso
OwnBackup e fana ka likhetho tse latelang tsa SaaS Service bakeng sa encryption ea data nakong ea phomolo:
Nyehelo e tloaelehileng.

  • Lintlha li patiloe ho sebelisoa encryption ea AES-256-server-side ka sistimi ea bohlokoa ea taolo e netefalitsoeng tlasa FIPS 140-2.
  • Enfelopo ea enfelopo e sebelisoa hoo senotlolo sa master se se keng sa tloha ho Hardware Security Module (HSM).
  • Linotlolo tsa encryption li fetotsoe ka tlase ho lilemo tse ling le tse ling tse peli.

Advanced Key Management (AKM) kgetho.

  • Lintlha li patiloe ka har'a sets'oants'o sa polokelo ea lintho tse nang le senotlolo se fanoeng ke moreki (CMK).
  • AKM e lumella ho bolokoa ha senotlolo nakong e tlang le ho e potoloha ka senotlolo se seng sa encryption.
  • Moreki a ka hlakola linotlolo tsa master encryption, e leng se bakang ho se fihlellehe hanghang ha data.

Tlisa khetho ea hau ea Key Management System (KMS) (e fumaneha ho AWS feela).

  • Linotlolo tsa encryption li entsoe ka akhaonto ea moreki, e rekiloeng ka thoko ho sebelisoa AWS KMS.
  • Moreki o hlalosa leano la senotlolo le lumellang ak'haonte ea bareki ea SaaS Service ho AWS ho fumana senotlolo ho tsoa ho AWS KMS ea moreki.
  • Lintlha li patiloe ka har'a sets'oants'o sa polokelo ea lintho tse inehetseng tse laoloang ke OwnBackup, 'me li lokiselitsoe ho sebelisa senotlolo sa moreki sa encryption.
  • The customer may instantly revoke access to the encrypted data by revoking OwnBackup’s access to the encryption key, without interacting with OwnBackup.
  • Basebeletsi ba OwnBackup ha ba na monyetla oa ho fumana linotlolo tsa encryption ka nako efe kapa efe mme ha ba fihlele KMS ka kotloloho.
  • Mesebetsi eohle ea mantlha ea ts'ebeliso e kentsoe ho KMS ea moreki, ho kenyeletsoa le ho khutlisa senotlolo ke polokelo ea ntho e inehetseng.

Puisano e tsamaeang lipakeng tsa Litšebeletso tsa SaaS le mohloli oa data oa motho oa boraro (mohlala, Salesforce) e sebelisa HTTPS e nang le TLS 1.2+ le OAuth 2.0.

Marang-rang

  • Litšebeletso tsa SaaS li sebelisa litsamaiso tsa marang-rang tsa CSP ho thibela ho kena le ho tsoa ha marang-rang.
  • Lihlopha tsa ts'ireletso tse ikemetseng li hiriloe ho fokotsa ho kena ha marang-rang le ho fetela ho li-endpoints tse lumelletsoeng.
  • Litšebeletso tsa SaaS li sebelisa meralo ea marang-rang e nang le marang-rang a mangata, ho kenyeletsoa maruo a mangata a arohaneng a Amazon Virtual Private Clouds (VPCs) kapa Azure Virtual Networks (VNets), e phahamisang poraefete, DMZs, le libaka tse sa tšepahaleng ka har'a meaho ea CSP.
  •  Ho AWS, lithibelo tsa VPC S3 Endpoint li sebelisoa sebakeng se seng le se seng ho lumella ho fihlella feela ho tsoa ho li-VPC tse lumelletsoeng.

Tlhokomelo le Tlhahlobo

  • Litsamaiso tsa SaaS Service le marang-rang li behiloe leihlo bakeng sa liketsahalo tsa ts'ireletso, bophelo bo botle ba tsamaiso, ho se tloaelehe ha marang-rang, le ho fumaneha.
  • Litšebeletso tsa SaaS li sebelisa mokhoa oa ho lemoha ho kenella (IDS) ho beha leihlo mesebetsi ea marang-rang le ho hlokomelisa OwnBackup ka boitšoaro bo belaetsang.
  • Litšebeletso tsa SaaS li sebelisoa web li-firewalls (WAFs) bakeng sa batho bohle web ditshebeletso.
  • OwnBackup logs application, marang-rang, basebelisi, le liketsahalo tsa sistimi e sebetsang ho seva sa lehae sa syslog le SIEM e ikhethileng sebakeng. Li-log tsena li hlahlobjoa ka botsona ebe li boele li hlahisoeviewed bakeng sa mosebetsi o belaetsang le ditshoso. Maemo afe kapa afe a sa tsitsang a eketseha ka moo ho loketseng.
  • OwnBackup e sebelisa lits'ebetso tsa tlhahisoleseling le ts'ireletso ea liketsahalo (SIEM) tse fanang ka tlhahlobo e tsoelang pele ea ts'ireletso ea marang-rang a SaaS Services le tikoloho ea ts'ireletso, tlhokomeliso ea mosebelisi, taelo le taolo (C&C) tlhaselo ea tlhaselo, tlhahlobo ea ts'okelo e ikemetseng, le tlaleho ea matšoao a ho sekisetsa (IOC). ). Bokhoni bona kaofela bo tsamaisoa ke basebetsi ba ts'ireletso le ts'ebetso ba OwnBackup.
  • Sehlopha sa karabo ea liketsahalo tsa OwnBackup se beha leihlo "security@ownbackup.com alias" mme se arabela ho latela Leano la Karabelo la Ketsahalo ea khamphani (IRP) ha ho loketse.

Ho Ikhetholla Pakeng Tsa Liakhaonto

  • Litšebeletso tsa SaaS li sebelisa Linux sandboxing ho arola lintlha tsa li-account tsa bareki nakong ea ts'ebetso. Sena se thusa ho etsa bonnete ba hore ho na le phoso efe kapa efe (mohlalaample, ka lebaka la bothata ba ts'ireletso kapa software bug) e lula e le ka har'a akhaonto e le 'ngoe ea OwnBackup.
  • Phihlello ea data ea bahiri e laoloa ke basebelisi ba IAM ba ikhethang ba nang le data tagging e hanelang basebelisi ba sa lumelloeng ho fumana data ea mohiri.

Pholiso ea Likoluoa

  • OwnBackup e sebelisa polokelo ea ntho ea CSP ho boloka data e patiloeng ea bareki libakeng tse ngata tse fumanehang.
  • Bakeng sa lintlha tsa bareki tse bolokiloeng polokelong ea ntho, OwnBackup e sebelisa phetolelo ea ntho e nang le botsofali bo itekanetseng ho tšehetsa ho lateloa ha OwnBackup ea ho hlaphoheloa ha likoluoa ​​le maano a ho boloka. Bakeng sa lintho tsena, litsamaiso tsa OwnBackup li etselitsoe ho ts'ehetsa sepheo sa ho hlaphoheloa (RPO) sa lihora tse 0 (ke hore, bokhoni ba ho khutlisetsa mofuta ofe kapa ofe oa ntho efe kapa efe joalo ka ha e ne e le teng matsatsing a 14 a fetileng).
  • Phoso efe kapa efe e hlokahalang ea mohlala oa komporo e finyelloa ka ho aha mohlala ho ipapisitsoe le othomathike ea taolo ea tlhophiso ea OwnBackup.
  • Leano la OwnBackup's Recovery Recovery le etselitsoe ho ts'ehetsa sepheo sa nako ea ho hlaphoheloa ea lihora tse 4 (RTO).

Taolo ea Kotsi

  • OwnBackup e sebetsa nako le nako web litlhahlobo tsa ts'oaetso ea ts'ebeliso, tlhahlobo ea khoutu e tsitsitseng, le litlhahlobo tse matla tsa kantle e le karolo ea lenaneo la eona la ho beha leihlo le tsoelang pele ho thusa ho netefatsa hore litsamaiso tsa ts'ireletso ea ts'ebeliso li sebelisoa ka nepo le ho sebetsa ka nepo.
  • Nakoana ka selemo, OwnBackup e hira bahlahlobi ba ikemetseng ba motho oa boraro ho etsa marang-rang le web ditekolo tsa bofokodi. Bokahohle ba liphuputso tsena tsa kantle bo kenyelletsa boikamahanyo khahlanong le Open Web Morero oa Tšireletso ea Kopo (OWASP) Top 10 Web Vulnerabilities (www.owasp.org).
  • Liphetho tsa tlhahlobo ea ho ba kotsing li kenyelelitsoe ho OwnBackup software development lifecycle (SDLC) ho lokisa bofokoli bo bonoang. Bofokoli bo itseng bo behiloe pele 'me bo kentsoe ho OwnBackup ea ka hare ea litekete hore e lateloe ka tharollo.

Karabelo ea ketsahalo

  • In the event of a potential security breach, the OwnBackup Incident Response Team will perform an assessment of the situation and develop appropriate mitigation strategies. If a potential breach is confirmed, OwnBackup will immediately act to mitigate the breach and preserve forensic evidence, and will notify impacted customers’ primary points of contact without undue delay to brief them on the situation and provide resolution status updates.

Sireletsehile Ntlafatso ea Software

  • OwnBackup e sebelisa mekhoa e sireletsehileng ea nts'etsopele bakeng sa lits'ebetso tsa software tsa OwnBackup le RevCult nakong eohle ea bophelo ba nts'etsopele ea software. Mekhoa ena e kenyelletsa tlhahlobo ea static code, Salesforce security review bakeng sa lits'ebetso tsa RevCult le lits'ebetso tsa OwnBackup tse kentsoeng maemong a bareki ba Salesforce, peer review ea liphetoho tsa khoutu, ho thibela phihlello ea polokelo ea khoutu ea mohloli ho ipapisitsoe le molao-motheo oa ho ba le monyetla o fokolang, le phihlello ea polokelo ea khoutu ea mohloli le liphetoho.

Sehlopha sa Tšireletso se inehetseng

  • OwnBackup e na le sehlopha se inehetseng sa ts'ireletso se nang le lilemo tse fetang 100 tsa boiphihlelo bo kopaneng ba ts'ireletso ea tlhaiso-leseling. Ho feta moo, litho tsa sehlopha li boloka mangolo a mangata a amoheloang ke indasteri, ho kenyelletsa empa a sa felle feela ho CISM, CISSP, le ISO 27001 Lead Auditors.

Lekunutu le Tšireletso ea Boitsebiso

  • OwnBackup e fana ka tšehetso ea lehae bakeng sa likopo tsa phihlello ea litaba, joalo ka tokelo ea ho hlakola (tokelo ea ho lebaloa) le ho se tsebahale, ho ts'ehetsa ho tsamaellana le melaoana ea lekunutu ea data, ho kenyeletsoa le General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act. (HIPAA), le California Consumer Privacy Act (CCPA). OwnBackup e boetse e fana ka Sehlomathiso sa Ts'ebetso ea Lintlha ho sebetsana le melao ea lekunutu le ts'ireletso ea data, ho kenyeletsoa le litlhokahalo tsa molao bakeng sa phetisetso ea data ea machabeng.

Litlhahlobo tsa ka morao

  •  OwnBackup e etsa tlhahlobo ea morao-rao, ho kenyeletsoa le boemo ba botlokotsebe, ba basebetsi ba eona ba ka bang le phihlello ea data ea bareki, ho ipapisitsoe le libaka tsa bolulo tsa mohiruoa nakong ea lilemo tse supileng tse fetileng, ho latela molao o sebetsang.

Inshorense
OwnBackup e boloka, bonyane, tšireletso ea inshorense e latelang: (a) inshorense ea matšeliso ea basebetsi ho latela melao eohle e sebetsang; (b) inshorense ea melato ea koloi bakeng sa likoloi tseo e seng tsa tsona le tse hiriloeng, tse nang le moeli o le mong o kopaneng oa $1,000,000; (c) inshorense ea mekoloto e akaretsang ea khoebo (mokoloto oa sechaba) e nang le moeli o le mong oa $1,000,000 ketsahalong e 'ngoe le e 'ngoe le $2,000,000 kakaretso ea kakaretso ea kakaretso; (d) inshorense ea liphoso le tse sieo (tefello ea litsebi) e nang le moeli oa $20,000,000 ka ketsahalo le kakaretso ea $20,000,000, ho kenyeletsoa likarolo tsa mantlha le tse feteletseng, ho kenyelletsa le boikarabello ba cyber, thekenoloji le lits'ebeletso tsa profeshenale, lihlahisoa tsa theknoloji, data le ts'ireletso ea marang-rang, karabelo ea tlolo ea molao, taolo. tšireletso le likotlo, bosholu ba marang-rang le mekoloto ea ho khutlisa data; le (e) inshorense ea ho se tšepahale / tlōlo ea molao e koahelang $5,000,000. OwnBackup e tla fana ka bopaki ho Moreki ba inshorense e joalo ha o e kopa.

Lenaneo 5

Litokisetso tsa Europe

Kemiso ena e tla sebetsa feela phetisong ea Lintlha tsa Botho (ho kenyeletsoa le phetisetso e tsoelang pele) ho tsoa Europe hoo, ntle le ts'ebeliso ea lipehelo tsena, ho ka etsang hore Moreki kapa OwnBackup e tlole Melao le Melao ea Ts'ireletso ea Lintlha.

Mokhoa oa ho fetisoa bakeng sa ho fetisoa ha data.

  • a) Melawana e Tloaelehileng ea Contractual e sebetsa ho phetiso efe kapa efe ea Lintlha tsa Botho tlas'a Tlatsetso ena ea DPA ho tloha Europe ho ea linaheng tse sa netefatseng boemo bo lekaneng ba ts'ireletso ea data ka har'a moelelo oa Melao le Melao ea Ts'ireletso ea Lintlha tsa libaka tse joalo, ho isa tekanyong eo phetiso e joalo. li tlas'a Melao le Melao ea Tšireletso ea Boitsebiso. OwnBackup e kena Melaong e Tloaelehileng ea Konteraka e le morekisi oa data. Lipehelo tsa tlatsetso tse Shejulung ena li sebetsa le phetisong e joalo ea data.

Phetisetso e Tlas'a Melao e Tloaelehileng ea Konteraka.

  • a) Bareki ba Koaheletsoeng ke Melao e Tloaelehileng ea Konteraka. Melao e Tloaelehileng ea Konteraka le lipehelo tsa tlatsetso tse boletsoeng Shejuleng ena li sebetsa ho (i) Moreki, ho isa boholeng boo Moreki a leng tlas'a Melao le Melao ea Tšireletso ea Boitsebiso ea Europe le, (ii) Likamano tsa eona Tse Fetisitsoeng. Ka sepheo sa Melaoana e Tloaelehileng ea Konteraka le Lenane lena, mekhatlo e joalo ke "baromeli ba data."
  • b) Limojule. Mekha e lumellana hore moo ho ka sebelisoang li-module tsa boikhethelo ka har'a Melao e Tloaelehileng ea Konteraka, ho tla sebelisoa feela tse ngotsoeng "MODULE TWO: Transfer controller to processor".
  • c) Litaelo. Mekha e lumela hore tšebeliso ea Moreki ea Litšebeletso tsa Ts'ebetso ea Lintlha tsa Botho ho latela Tumellano le DPA e Teng e nkuoa e le litaelo tsa Moreki ho sebetsana le Lintlha tsa Botho ka sepheo sa Temana ea 8.1 ea Melaoana e Tloaelehileng ea Konteraka.
  • d) Khiro ea li-Sub-processors tse Ncha le Lenane la Basebelisi ba Hona Joale. Ho latela KGETHO 2 ho Clause 9(a) ea Melao e Tloaelehileng ea Konteraka, Moreki o lumela hore OwnBackup e ka sebelisa Sub-processors tse ncha joalo ka ha ho hlalositsoe ho DPA e Teng le hore OwnBackup's Affiliates e ka bolokoa e le Subprocessors, le hore OwnBackup le OwnBackup's Affiliates ba ka sebelisana le karolo ea boraro. -party Sub-processors mabapi le phano ea Litšebeletso tsa Ts'ebetso ea Lintlha. Lethathamo la hajoale la Sub-processors joalo ka ha le kenyellelitsoe joalo ka Shejule ea 1.
  • Litumellano tsa Sub-processor. Mekha e lumellana hore phetisetso ea data ho Sub-processors e ka itšetleha ka mokhoa oa phetisetso ntle le Melaoana e Tloaelehileng ea Konteraka (bakeng sa mohlala.ample, melaoana e tlamang ea mekhatlo), le hore litumellano tsa OwnBackup le Basebelisi ba joalo ba ka se kenyelletse kapa ba bonahatsa Melao e Tloaelehileng ea Konteraka, ho sa tsotellehe hore na ho na le eng e hananang le polelo ea 9(b) ea Melaoana e Tloaelehileng ea Konteraka. Leha ho le joalo, tumellano efe kapa efe e joalo le Sub-processor e tla ba le litlamo tsa ts'ireletso ea data tse seng tlase ho ts'ireletso ho feta tse ho Tlatsetso ena ea DPA mabapi le ts'ireletso ea Lintlha tsa Bareki, ho isa moo ho sebetsang litšebeletso tse fanoang ke Sub-processor e joalo. Likhopi tsa litumellano tsa Sub-processor tse tlamehang ho fanoa ke OwnBackup ho Moreki ho latela Clause 9(c) of the Standard Contractual Clauses li tla fanoa ke OwnBackup feela ka kopo e ngotsoeng ea Moreki 'me e ka ba le tlhaiso-leseling eohle ea khoebo, kapa likarolo tse sa amaneng le Melao e Tloaelehileng ea Konteraka kapa tse lekanang le tsona, li tlositsoe ke OwnBackup esale pele.
  • f) Liphuputso le Litifikeiti. Mekha e lumellana hore lihlahlobo tse hlalositsoeng ho Clause 8.9 le Clause 13(b) of the Standard Contractual Clauses li tla etsoa ho latela lipehelo tsa DPA e Teng.
  • g) Ho Hlakola Lintlha. Mekha e lumellana hore ho hlakoloa kapa ho khutlisoa ha data ho hlalositsoe ke Clause 8.5 kapa Clause 16(d) of the Standard Contractual Clauses ho tla etsoa ho latela lipehelo tsa DPA e Teng le netefatso efe kapa efe ea ho hlakola e tla fanoa ke OwnBackup feela holim'a Customer's. kopo.
  • h) Bajalefa ba Mokha oa Boraro. Mekha e lumellana hore ho ipapisitsoe le mofuta oa Litšebeletso tsa SaaS, Moreki o tla fana ka thuso eohle e hlokahalang ho lumella OwnBackup ho fihlela boitlamo ba eona ho lihlooho tsa data tlasa Clause 3 of the Standard Contractual Clauses.
  • Tlhahlobo ea Tšusumetso. Ho latela Clause 14 ea Melaoana e Tloaelehileng ea Konteraka, mekha e entse tlhahlobo, ho latela maemo a ikhethileng a phetisetso, melao le litloaelo tsa naha eo e eang ho eona, hammoho le konteraka e khethehileng ea tlatsetso, ea mokhatlo le ea tekheniki. Litšireletso tse sebetsang, 'me, ho latela lintlha tseo ba neng ba li tseba ka nako eo, ba entse qeto ea hore melao le mekhoa ea naha eo u eang ho eona ha e thibele ba amehang ho phethahatsa boitlamo ba mokha o mong le o mong tlas'a Melaoana e Tloaelehileng ea Konteraka.
  • j) Molao oa Tsamaiso le Foramo. Mekha e lumellana, mabapi le KGETHO 2 ho Temana ea 17, hore haeba Setho sa EU seo morekisi oa data a thehiloeng ho sona se sa lumelle litokelo tsa mojalefa oa mokha oa boraro, Melaoana e Tloaelehileng ea Konteraka e tla laoloa ke molao oa Ireland. Ho latela Temana ea 18, likhohlano tse amanang le Melaoana e Tloaelehileng ea Contractual li tla rarolloa ke makhotla a boletsoeng Tumellanong, ntle le haeba lekhotla le joalo le se Sebakeng sa Litho tsa EU, moo foramo ea likhohlano tse joalo e tla ba makhotla a Ireland. .
  • k) Annexes. For purposes of execution of the Standard Contractual Clauses, Schedule 3: Details of the Processing shall be incorporated as ANNEX IA and IB, Schedule 4: OwnBackup Security Controls (which may be updated from time to time at https://www.ownbackup.com/trust/) e tla kenyelletsoa e le ANNEX II, le Kemiso ea 1: Lethathamo la Hajoale la Sub-Processor (joalo ka ha le ka ntlafatsoa nako le nako https://www.ownbackup.com/legal/sub-p/) e tla kenyelletsoa e le SEHLOOHO III.
  • l) Tlhaloso. Lipehelo tsa Kemiso ena li reretsoe ho hlakisa eseng ho fetola Melaoana e Tloaelehileng ea Konteraka. Ha ho ka ba le khohlano kapa ho se lumellane lipakeng tsa sehlopha sa Lethathamo lena le Melaoana e Tloaelehileng ea Konteraka, ho tla ba le Melao e Tloaelehileng ea Konteraka.

Lipehelo li sebetsa ho Phetisetso e tsoang Switzerland
The parties agree that for purposes of the applicabilityof the Standard Contractual Clauses to facilitate transfers of Personal Data from Switzerland the following additional provisions shall apply: (i) Any references to Regulation (EU) 2016/679 shall be interpreted to reference the corresponding provisions of the Swiss Federal Act on Data Protection and other data protection laws of Switzerland (“Swiss Data Protection Laws”), (ii) Any references to “Member State” or “EU Member State” or “EU” shall be interpreted to reference Switzerland, and (iii) Any references to Supervisory Authority, shall interpreted to refer to the Swiss Federal Data Protection and Information Commissioner.

Provisions applicable transfers from the United Kingdom.
Mekha e lumellana hore Sehlomathiso sa UK se sebetsa phetisong ea Lintlha tsa Botho tse laoloang ke Molao oa Ts'ireletso ea Lintlha tsa UK mme e tla nkuoa e phethiloe ka tsela e latelang (ka mantsoe a capitalized a sa hlalosoang kae kapa kae a nang le tlhaloso e behiloeng UK Addendum):

  • a) Table 1: The parties, their details, and their contacts are those set forth in Schedule 3.
  • b) Lethathamo la 2: “Litekanyetso tse Amoheletsoeng tsa Konteraka ea Maemo a EU” e tla ba Melaoana e Tloaelehileng ea Konteraka joalokaha e hlalositsoe Shejule ena ea 5.
  • c) Table 3: Annexes I(A), I(B), and II are completed as set forth in section 2(k) of this Schedule 5.
  • d) Table 4: OwnBackup may exercise the optional early termination right described in Section 19 of the UK Addendum.

Litokomane / Lisebelisoa

Ownbackup Supplemental Data Processing Addendum [pdf] Litaelo
Keketso ea Tlatsetso ea Ts'ebetso ea Lintlha, Sehlomathiso sa Ts'ebetso ea Lintlha, Sehlomathiso

Litšupiso

Tlohela maikutlo

Aterese ea hau ea lengolo-tsoibila e ke ke ea phatlalatsoa. Libaka tse hlokahalang li tšoailoe *