top of page

Data Processing Agreement

Data Processing Agreement (DPA)


Performalise offers a Data Protection Agreement to meet the adequacy and security requirements of the European Parliament and Council of the European Union’s Data Protection Directive and the General Data Protection Regulation (GDPR).


What is GDPR, and is Performalise GDPR compliant?
The European Commission approved and adopted the General Data Protection Regulation (GDPR), the biggest change in data protection laws in Europe since the 1995 introduction of the European Union (EU) Data Protection Directive, also known as Directive 95/46/EC or simply the Directive. The GDPR aims to strengthen the security and protection of personal data in the EU and replaces the Directive and all local laws relating to it.
Performalise is fully compliant with the General Data Protection Regulation (GDPR). We are committed to our customer’s success, including compliance with the GDPR and EU Data Protection laws.


Under the EU GDPR, data transfers can only be made to Processors who agree to the following controls and obligations:  

  • The Processor must have adequate information security in place, taking into account the sensitivity of the data to be received; 

  • The data received remains the property of the Controller at all times unless ownership is explicitly shared or transferred by a written agreement. 

  • The Processor must not use sub Processors without advanced notification or consent of the Controller; sub Processors must have the equivalent security and privacy controls to those of the Processor. 

  • The Processor shall cooperate with the relevant Data Protection Authorities in the event of an enquiry; 

  • The Processor must keep all received information confidential; 

  • The Processor must report data breaches to the Controller without delay; 

  • The Processor may need to appoint a mandatory Data Protection Officer. The processor must do its due diligence in this matter and appoint a qualified individual, if appropriate; 

  • The Processor must keep records of all processing activities; 

  • The Processor must comply with EU trans-border data transfer rules; 

  • The Processor must help the Controller to comply with the data subjects' rights; 

  • The Processor must assist the Data Controller in managing the consequences of data breaches; 

  • The Processor must delete or return all personal data at the end of the contract at the choice of the Controller; and 

  • The Processor must inform the Controller if the processing instructions infringe GDPR. 

  • The processor must comply with security and privacy due diligence requirements placed on the Controller to validate the above. 

 

Is Performalise GDPR compliant?
Yes. We are fully compliant with the General Data Protection Regulation (GDPR). We are committed to our customer’s success, including compliance with the GDPR and EU Data Protection laws.

 

What is GDPR?‍
The European Commission approved and adopted the General Data Protection Regulation (GDPR), the biggest change in data protection laws in Europe since the 1995 introduction of the European Union (EU) Data Protection Directive, also known as Directive 95/46/EC or simply the Directive. The GDPR aims to strengthen the security and protection of personal data in the EU and replaces the Directive and all local laws relating to it.
‍ Where does Performalise send customer data?
We store data in data centres provided by Amazon Web Services (AWS) in the United States of America (see here for information on their security practices). Therefore, personal data will be transferred to the United States for purposes related to providing our products and services.


Will my data stay in a certain location (e.g., Europe)?
Our service features require that data be transferred to the U.S. In addition, our employees and contractors may need access to data stored in the EU from a non-EU country (e.g., U.S.) for technical and support-related reasons.  In all cases where data is transferred outside of the EU, Performalise commits to ensuring such transfers comply with applicable data transfer laws, including GDPR.

Data Processing Addendum (DPA)?
We understand that some of our customers will require that, where we are a processor of EU personal data, we execute additional terms that meet GDPR obligations concerning processing that EU personal data. Our Data Processing Addendum is available via contact_us@quantumofvalue.com.
 

Whom can I contact with questions regarding Performalise’s GDPR compliance?
To get answers to your questions, please email contact_us@quantumofvalue.com


Changes to this Policy
We may change this Policy from time to time. If we make any changes, we will notify you by revising the version and date at the top of this Privacy Policy, and, in some cases, where appropriate, we may provide you with additional notice (such as adding a statement to the login screen or sending you an email notification). Your continued use of our Services after the revised Policy has become effective indicates that you have read, understood, and agreed to the current version of this Policy.
 

Contact Information
Please contact us with any questions or comments about this Policy, your personal information, our use and disclosure practices, or your consent choices by email at contact_us@quantumofvalue.com

Dec 2022

bottom of page