Data Processing Amendment
Last update 29.08.2019
Processing personal data in a secure, fair, and transparent way is extremely important to us at Bouncer Sp. z.o.o (LTD) (“we,” “us” or “our”). As part of this effort, we process personal data in accordance with the EU’s General Data Protection Regulation (“GDPR”) governing the handling of various types of personal data, and industry standards.
To better protect individuals’ personal data, we are providing these terms to govern us and your handling of personal data (the “Data Processing Amendment” or “DPA”). This DPA amends and supplements our Terms of Service.
Website – https://usebouncerprod.wpengine.com and any of its subdomains
Service or Services – all services, products and content available or through the Website, App and API, including, but not limited to verifying email addresses using Bouncer’s, App, API or Website
App – Bouncer’s Web Application made available to the Customers for the purpose using and configuring Bouncer’s services, including but not limited to verifying email addresses.
API – Application Programming Interface exposed for the purpose of connecting Bouncer’s services with other servers, applications or websites.
GDPR – General Data Protection Regulation (EU) 2016/679.
The terms of Commission, Controller, Data Subject, Member State, Personal Data, Personal Data Breach, Processing, Processor and Supervisory Authority shall have the same meaning as given in the General Data Protection Regulation and shall be understood accordingly.
In providing Service to the Customer, Bouncer may Process Personal Data relating to the Data Subject, on behalf of the Customer. The Customer acknowledges and confirms that he is the sole Controller of Personal Data and Bouncer is the Processor of Personal Data, which means that Bouncer Processes Personal Data on behalf of the Controller. Both parties agree to comply with the following provisions with respect to any Personal Data stored and/or otherwise Processed through Bouncer.
For an avoidance of a doubt, Bouncer and Customer agree that:
Bouncer provides Customer with whatever information it needs to ensure they both meet the obligations under GDPR.
- Customer is responsible for maintaining Data Subjects’ rights.
- Bouncer assists Controller allowing Data Subjects to exercise their rights.
- Bouncer ensures that people (Bouncer’s staff or contractors) accessing Personal Data are subject to a duty of confidence.
- Bouncer will keep all Personal Data confidential and not disclose such data to third parties unless it has been authorized by Customer or is required by law.
Bouncer will only process Personal Data on behalf of and only to the extent and in such a manner as it is necessary for the purpose of providing Services to Customer or as otherwise instructed by the Customer at any time. The Customer’s instructions shall be documented in the applicable order, support ticket, or other written communication. Bouncer shall inform the Customer whenever there is a reasonable ground that Customer’s instruction is contrary to applicable law and regulations.
Nature, purpose and subject of Data Processing
The purpose of processing is to identify whether an email address exists, whether it is possible to deliver an email to this address and to gather additional characteristics of the email address. This verification happens in an online, fully automated system. The subject matter of the contract is email verification.
Type of Personal Data
For the purpose of verifying an email address Bouncer requires the email address only, it is a contact data, however Customer may choose to also send additional personal data.
Categories of Data Subjects
Duration of Processing
Duration of Data Processing through App and API depends on the volume of emails to be verified in one request, from a fraction of a second up to 24 hours for large volumes of emails. Processing starts as soon as possible after the verification is initiated by the Customer. In terms of this agreement Customer may initiate Data Processing as long as Bouncer provides its Services.
Security of Processing
The data is processed automatically, without human interaction. If the Customer requests, or in certain maintenance cases, Bouncer has the right to review data and results of verification. In case the Bouncer needs to investigate a complaint, Bouncer might process or re-process data through its system. Bouncer makes sure that it’s staff and contractors are vetted and trained before allowing them to complete any review. This review happens in a safe environment, and all data are deleted after review.
All employees and contractors of Bouncer accessing Personal Data are required to sign a non-disclosure agreement.
Instructions and Logs
Customer must instruct Bouncer to process Personal Data. Bouncer will process as and when the Customer instructs. Bouncer provides a fully automated system where the Customer can initiate Data Processing via App and API (execution of any API methods is considered as such an initiation).
Bouncer keeps logs of all activities. Such as but not limited to requests for processing, receiving results both via App and API, the number of successful API calls.
Cross Border Transfer of Personal Data
Bouncer stores and processes Personal Data in cloud-based infrastructure stack – a hybrid of AWS cloud and OVH cloud solutions, both European Union based (AWS- Frankfurt region, OVH – France and UK), thus the data is not transferred outside the European Union.
Deletion of Personal Data
Bouncer stores Personal Data up to 60 days only (for the purpose of providing Customer ability to get the results of verification), after this period all Personal Data are anonymized and then are automatically and permanently deleted.
Additionally Customer may delete all data related to particular request at any time, using exposed API function.
Personal Data Breach
Data Protection Officer