Effective as of May 14 2024.
Scope of Agreement
Customer and Lingsoft have agreed in accordance with the terms and conditions of this Agreement that Lingsoft shall process personal data on behalf of the Customer. The Customer acts as the controller and Lingsoft acts as the processor of personal data.
Definitions
“Personal data” means any information relating to an identified or identifiable natural person or to any other personal data referred to in data protection legislation.
“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
“Processing” means any operation or set of operations that Lingsoft, as the processor, performs on behalf of the Customer, as the controller, under the agreement the parties have concluded in writing and that is performed on personal data or sets of personal data, whether or not by automated means, or to any other processing of personal data referred to in data protection legislation.
“Controller” means a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data, or to any other controller referred to in data protection legislation.
“Data protection legislation” means the General Data Protection Regulation (679/2016) of the European Union, any other applicable data protection provisions, and any regulations and instructions issued by the data protection authorities.
Nature and purpose of the processing
Lingsoft Language Management Central (LMC) provides automated writers’ tools and text analysis services for Customers and their end users. Nature and purpose of the data processing of the service is described in the document “Lingsoft Language Management Central – Data processing description”.
Type of Personal Data and Categories of Data Subjects
User personal data and user account – Lingsoft Language Management Central data includes a user account which is generally organization-wide, but can on customer request be specific to individual users. Personal data in the user account data is listed in the “Lingsoft Language Management Central – Privacy Statement”. It does not contain any personal ids such as personnel numbers, personal identity numbers or similar. The personal data stored in the user account is of low sensitivity.
Lingsoft Language Management Central content data – LMC may temporarily store content data that is used only if a critical error that affects the usability of the entire service needs to be investigated. This data is deleted regularly as described in the “Lingsoft Language Management Central – Data processing description”.
Lingsoft Language Management Central operation logs – Lingsoft Language Management Central operation log files collect operational data of the use of the system in order to monitor the use of the system and to help in error investigations. This data does not contain content data, it may contain data that show who is using the system and how. The collected log data does not contain personal data.
Applicable Data Security Measures
Lingsoft shall take any appropriate technical and organisational measures to combat and prevent unauthorised and unlawful processing of personal data and to prevent unintentional loss, change, destruction of or damage to personal data. Lingsoft Language Management Central Data measures for data security are described in the document “Lingsoft Language Management Central – Data protection description”.
Lingsoft shall notify the Customer in writing without undue delay of all data security violations targeted at personal data and of any other incidents that have jeopardised the data security of personal data processed on behalf of the Customer, or when Lingsoft has reason to believe that the data security may have been jeopardised. At the Customer’s request, Lingsoft shall provide the Customer with all relevant information related to a data security violation. Lingsoft shall also inform the Customer of the measures taken because of the data security violation. Unless otherwise provided by mandatory legislation obliging Lingsoft, the notification Lingsoft provides to the Customer on a data security violation shall include at least the following:
a description of the nature of the violation,
itemisation of the data at which the violation was targeted,
if the target of the violation includes personal data, a description of the categories of data subjects in question and the total number of the persons affected,
a description of the remedial actions that the supplier has taken or is going to take in order to prevent data security violations in the future,
a description of the consequences of the data security violation, and
a description of the actions the supplier has taken to minimise the adverse effects of the data protection breach.
Lingsoft shall document all violations of data security, comprising the facts relating to the violation, its effects and the remedial action taken.
Location of Personal Data
Personal data will not be transferred outside the European Union or the European Economic Area (EEA). However, if Lingsoft is obliged to transfer personal data outside the European Union or the European Economic Area (EEA) the transfer will be made using appropriate agreements between Lingsoft and the processor/transferee, such as the standard contractual clauses established by the European Commission.
Use of Third Parties in Data Processing
Unless otherwise agreed in writing, Lingsoft is entitled to use another data processor as its subcontractor in the processing of personal data. At the Customer’s written request, Lingsoft shall inform the Customer in writing of the subcontractors it uses.
When Lingsoft uses a subcontractor in the processing of personal data, the following terms and conditions are applicable:
the assignment is governed by a written agreement; and
the written agreement obliges the subcontractor to fulfill the same responsibilities and commitments that are applicable to Lingsoft under this Agreement and the data protection legislation.
Lingsoft is responsible for its subcontractors’ acts and omissions as its own acts and omissions towards the Customer.
Deleting and Returning Personal Data
Lingsoft shall retain, return or delete the personal data processed as described in the “Lingsoft Language Management Central – Data processing description”.
Rights and Obligations of Customer as Data Controller
As the controller, the Customer shall give written instructions how the personal data shall be processed by Lingsoft and the Customer shall make all necessary measures to ensure that the personal data to be transferred for processing complies with the data protection legislation.
At the Customer’s request, Lingsoft shall without delay provide the Customer with all necessary information the Customer may need for fulfilling the rights of the data subjects, including any access rights, or for complying with the requirements or instructions of the data protection authorities. Lingsoft shall, without delay, inform the Customer of all requirements and inquiries made by the data subjects, the Data Protection Ombudsman or other authorities. Lingsoft has the right to invoice the Customer for these tasks in accordance with the service agreement the parties have concluded or, if no price has been agreed, in accordance with Lingsoft’s general price-list.
The Customer or an auditor mandated by the Customer has the right to audit whether Lingsoft meets its obligations related to the processing of personal data in order to assess the compliance of Lingsoft and its subcontractors with the obligations set by this Agreement and Data protection legislation.
Limitation of Liability
Limitation of liability is as agreed in the service agreement. In addition it is agreed that neither party shall be liable for any indirect or consequential damage or loss it caused to the other party by breaching this Agreement. Indirect or consequential damage or loss includes but is not limited to loss of profits, loss of business, cover purchases, loss of turnover, loss of reputation, loss or interruption of production or loss of contracts.
The following annexes are an integral part of this Agreement
Lingsoft Language Management Central – Privacy Statement
Lingsoft Language Management Central – Data processing description
Lingsoft Language Management Central – Data protection description
The Order of Priority of documents relating to this Agreement
1. The service agreement between Lingsoft and the Customer
2. This Agreement
3. Lingsoft Language Management Central – Privacy Statement
4. Lingsoft Language Management Central – Data processing description
5. Lingsoft Language Management Central – Data protection description
Documents 4 and 5 can be requested from lmc_support@lingsoft.fi.