|SUBJECTS||This document is issued by Plasma Cloud Ltd. in favor of any customer person or organization, whatever its legal conformation, which makes use of the product1 called “PLASMA CLOUD CONSOLE” for the organization and management of its local area network (LAN).|
|ESSENTIAL PART||The document is an indissoluble integral part of the product indicated above.|
|PURPOSE||Strict compliance with the instructions contained in this document is a necessary condition to allow the use of the product to comply with the regulations on the protection of personal data in force in the European Union. Plasma Cloud Ltd. declines any responsibility in case of violation of the instructions.|
|MODIFICATIONS||Plasma Cloud Ltd. reserves the right to modify the document at any time, without the need for prior notice, by notifying the user as part of the contract.|
|INSTRUCTIONS TO EMPLOYEES AND AUXILIARS||It is the customer’s responsibility to communicate the content of the document to those who materially operate in the product environment, be they his partners, employees, suppliers, licensees, assignees, or effective users.|
|INTRODUCTION||The compliance of the product with the rules on the protection of personal data was assessed taking into account 1) the pre established purposes2 of data processings for which the product was designed (listed below) 2) the types of data necessary for the pursuit of pre established purposes 3) the context of foreseeable application of the product. Therefore, the actual use of the product for purposes other than those identified or the modification of the reference context, may determine the non-compliance of the product with the legislation.|
|PURPOSE||The product was created for the processing of personal data in relation to the pursuit of the following purposes: |
* organization and management of the local area network (LAN), control over the use of the network, solution of technical problems in the use of the network
* improvement of the efficiency and security of the network through the registrations and analysis of the activities
|EXCLUDED TREATMENTS||The product was not created for the execution of the following personal data processings:|
a- evaluative, scoring or profiling treatments of users or third parties
b- processing aimed at making automated decisions that produce legal effects on individuals
c- massive data processing aimed at monitoring the behavior of individuals
d- large-scale processing of extremely personal data (e.g. data of geolocation, electronic communication data, financial data and similar)
e- processing in the context of the employment relationship that allow remote control of the employees
f – processing involving the massive exchange of personal data between several controllers
g – processing involving interconnection, combination or comparison of information
h- processing of special categories of data (eg. health data) or relating to criminal convictions and offences interconnected with other personal data collected for other purposes
i-systematic processing of biometric data or genetic data
The user who intends to carry out the processing of personal data listed above using PLASMA CLOUD CONSOLE or using data extracted from PLASMA CLOUD CONSOLE, must separately adopt on its own the necessary measures for compliance with the law. In any case, the liability of PLASMA CLOUD Ltd. for non-agreed treatments is excluded.
|IMPACT ASSESSMENT||If the user makes use of PLASMA CLOUD CONSOLE to perform non-occasional treatments of data relating to vulnerable subjects (minors, disabled, elderly, mentally ill, patients, asylum seekers) as the owner, he is required to carry out the Impact Assessment required by art. 35 of EU Regulation 2016/679 (GDPR).|
|TYPES OF DATA||The data circulating in the system belong to the following types:|
* identification data and contact data for the administrators, operations of the administrators (the setting activities for the network and the changes in settings are registered and associated with their respective author)
* identification number of the terminal, (possibly) name of terminal’s user, details of connections to the network (date + hour, place, power of signal, quantity of data uploaded and downloaded, etc.)
* system log files
|CONTEXT||The product has been designed for the organization and management of local area networks (LANs) for corporate and (possibly) private use. The standards of security of the product have been implemented on the base of a regular corporation activity including also big organizations.|
Nevertheless, depending on the customer’s valuation, the level of security might be insufficient when the product is used in peculiar situations (because of the special kind of data to be processed or its danger level) such as military organizations and bodies, hospitals, judiciary offices, and in general organizations processing a high quantity of special data, or when the quantity of clients involved configures a “large scale” of data subjects.
|SPECIFIC INSTRUCTIONS||In order to maintain the level of compliance, the customer and its subsidiaries shall respect the following instruction when using the product:|
* the number of administrators must be limited as much as possible
* the credentials to accede the administrator’s account must be personal and not transferable in any case
* the customer must adopt a strict policy over the transfer and conservation of credentials, minimum length and complexity of password and periodical substitution of password
* the customer must adopt a policy or procedure for the immediate cancellation of the account when the administrator leaves the organization
* it is recommended to get informed about the local legislation over remote control of worker and employees and respect of their dignity and possibly increase the measures against related abuses
* it is strongly recommended to install a proper and efficient firewall to protect the access points and devices from external non authorized accesses
* it is recommended to give the administrators proper instructions about the proper use of the data collected through the PLASMA CLOUD CONSOLE according to the local legislation.
Last update of document: 14th October 2020
1 By product we mean the concrete realization of the project in all its phases: from IT tools (software) to the technological infrastructure (hardware), the organizational and / or procedural rules and related instructions.
2 The responsibility for defining the purposes of data processing falls under the legislation in force, on the data controller (therefore, in general, on the user and not on Plasma Cloud Ltd.). However we have designed and built the PLASMA CLOUD CONSOLE product in coherence with abstract purposes, which it has called “pre established purposes”. The user is free to independently establish his own purposes; however, as specified, using PLASMA CLOUD CONSOLE for purposes other than and not similar to those identified abstractly by PLASMA CLOUD Ltd. without further precautions may result in the user violating the rules on the protection of personal data (privacy).
Subject: Compliance document for PLASMA CLOUD CONSOLE product
Herewith PLASMA CLOUD LTD., developer and subject marketing the product1 named PLASMA CLOUD CONSOLE, hereby declares that the product in question, including the IT tools contained therein, has been produced in compliance with Regulation (EU) 2016/679 (“GDPR”), in particular in accordance with the provisions of art. 25 thereof (“Data protection by design and protection by default”).
It is a necessary condition for the permanence of such compliance that the user of the product strictly follows the indications contained in the attached document, called “Instructions for compliant use”, and in particular, respects and enforces the purposes of the project, the types of data processed and the context of application specified therein.
Compliance can only be maintained over time through a continuous or periodic review and control process, the activation of which falls under the responsibility of the user. In particular, the modification, even partial, of the legislation about protection of personal data, may determine the burden of revising and correcting partially or totally the product.
Hong Kong, 14th October 2020
Plasma Cloud Ltd.