This document is provided for information purposes only. It is not intended to provide legal advice, and Optable encourages clients to consult with their lawyers to understand their legal obligations.
We take the protection of Customer Data seriously, and our Data Processing Agreement describes the commitments we make to comply with applicable privacy laws.
We've prepared this FAQ to facilitate your understanding of Optable's data privacy program and our Data Processing Agreement.
General
Does Optable enter into a Data Processing Agreement ("DPA") with its Clients?
Our DPA details each party's responsibilities in processing personal data and is included in our Terms of Services for Clients available at https://terms.optable.co/#1.-definitions.
Does Optable enter into a DPA with Invited Persons ?
Yes, we enter in the same DPA with Invited Persons as we do with Clients.
What are Optable's and Client/Invited Person's respective roles under the DPA under the GDPR?
Based on our DPA, Optable acts as a Data Processor on behalf of our Clients and Invited Persons. As the data exporter/data controller under the DPA, you would be in the position to determine if you act as a Controller or Processor in relation to the data which you submit to Optable.
What types of personal data and categories of data subjects are processed as part of Optable's Managed Services?
Optable provides a cloud based data collaboration platform to our clients and their partners. Our clients and their partners determine the types of personal data and categories of data subjects they submit to the Optable Managed Services, depending on how they use the service.
Of note, Optable Data Processing Agreement explicitly forbids users from uploading Sensitive Information to the Managed Services.
Generally, the categories of data subjects include our client's customers or prospective customers, subscribers, users, and visitors.
The types of personal data may include contact data, identification data, user preference data, and browsing data.
Are customers permitted to carry out data privacy audits of Optable
Yes, in accordance with the Demonstrating Compliance & Audit Rights of our DPA, we agree to make all information necessary for you to demonstrate compliance with its obligations under Applicable Data Protection Legislation and allow for and contribute to audits, including inspections, conducted by you or your auditor. Upon request, we will supply (on a confidential basis) a summary copy of penetration testing report(s) to you so that you can verify our compliance with the DPA. In addition, at your written request, we will provide written responses (on a confidential basis) to all reasonable requests for information made by you necessary to confirm our compliance with our DPA (provided that you will not exercise this right more than once per calendar year unless you have reasonable grounds to suspect non-compliance with the DPA).
