NUITEQ Stage Sweden - Transfer Impact Assessment
Version Date: November 15, 2022
Background
When a person visits NUITEQ Stage Sweden at https://NUITEQStage.se they are asked to agree to cookies according to NUITEQ Stage Sweden Cookie Policy (Cookie Policy).
A person who signs up for NUITEQ Stage Sweden also agrees to the NUITEQ Stage Sweden Terms of Service (Terms). The Terms include accepting the transfer of personal information for delivering the STAGE SERVICE requested using NUITEQ’s SUB-PROCESSORS according to the Terms.
Each transfer is subject to the NUITEQ Stage Sweden Data Processing Agreement (DPA), the NUITEQ Stage Sweden Transfer Impact Assessment (TIA) is shown in the Appendix.
Definitions
SUB-PROCESSOR(S) means all sub-processor(s) listed under the NUITEQ Stage Sweden section of https://nuiteq.com/sub-processors that are not listed as a WEB PROCESSOR. This includes but is not limited to MessageBird, Hubspot, Mailgun; the optional Google Ads, and Mixpanel.
WEB PROCESSOR(S) means the NUITEQ sub-processors that host the domain and sub-domains of https://NUITEQstage.se that collect personal information. This includes but is not limited to Cleura and Prismic.
SSO PROCESSOR(S) means the NUITEQ sub-processor that enables login or access to external cloud storage. This includes but is not limited to Google Drive, Microsoft OneDrive, Dropbox, and Nextcloud.
STAGE SERVICE means a service requested by the user including but not limited to a video and audio conference, access to cloud storage, completing an email contact form, and creating a Stage account.
To see details of all SUB-PROCESSORS and WEB PROCESSORS please visit https://nuiteq.com/sub-processors. To see details of our privacy policy and terms visit https://nuiteq.com/privacy.
APPENDIX
ANNEX I
- LIST OF PARTIES
MODULE ONE: Transfer controller to controller
- NUITEQ serves as both Transfer Controller and Data Controller
MODULE TWO: Transfer controller to processor
- NUITEQ serves as Transfer controller and SUB-PROCESSORS as Data Processor
MODULE THREE: Transfer processor to processor
- NUITEQ’s WEB PROCESSOR serves as Transfer Processor to the SUB-PROCESSOR
MODULE FOUR: Transfer processor to the controller
- WEB PROCESSOR serves as Transfer Processor to NUITEQ as Data Controller.
Data exporter(s): [Identity and contact details of the data exporter(s) and, where applicable, of its/their data protection officer and/or representative in the European Union]
- Name: NUITEQ
- Address: Laboratorgrand 11, SE-93177 Skelleftea, Sweden.
- Contact person’s name, position and contact details: Edward Tse, Privacy Officer, et@nuiteq.com
- Activities relevant to the data transferred under these Clauses: Technical Privacy Implementation
- Signature and date: Edward Tse, November 10, 2022
- Role (controller/processor): Data Controller
Data importer(s): [Identity and contact details of the data importer(s), including any contact person with responsibility for data protection]
- Name: NUITEQ
- Address: Laboratorgrand 11, SE-93177 Skelleftea, Sweden
- Contact person’s name, position and contact details: Edward Tse, Privacy Officer, et@nuiteq.com
- Activities relevant to the data transferred under these Clauses: Technical Privacy Implementation
- Signature and date: Edward Tse, November 10, 2022
- Role (controller/processor): Data Controller
- DESCRIPTION OF TRANSFER
MODULE ONE: Transfer controller to controller
- NUITEQ Stage Sweden receives a request to start a STAGE SERVICE, a STAGE SERVICE is started from the WEB PROCESSOR.
MODULE TWO: Transfer controller to processor
- The WEB PROCESSOR transfers encrypted data from memory to the SUB-PROCESSOR.
MODULE THREE: Transfer processor to processor
- The WEB PROCESSOR completes the encrypted transfer from memory to SUB-PROCESSOR.
MODULE FOUR: Transfer processor to the controller
- The SUB-PROCESSOR updates the STAGE SERVICE as requested. Data Control returns to NUITEQ.
Categories of data subjects whose personal data is transferred
- NUITEQ Stage Sweden Users
Categories of personal data transferred
- User Video
- User Audio
- User Login
- User History
- User Chat
Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitations, access restrictions (including access only for staff having followed specialized training), keeping a record of access to the data, restrictions for onward transfers or additional security measures.
- User Data is transferred between two servers that NUITEQ Controls.
The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis).
- The transfer is a one-off for the STAGE SERVICE the user chooses to participate in with awareness and consent that this data will be transferred outside of the European Union.
Nature of the processing
- To deliver the STAGE SERVICE requested.
Purpose(s) of the data transfer and further processing
- To deliver the STAGE SERVICE requested.
The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period
- Data is not retained.
For transfers to (sub-) processors, also specify the subject matter, nature and duration of the processing
- A copy of personal information is shared with the SUB-PROCESSOR.
- COMPETENT SUPERVISORY AUTHORITY
MODULE ONE: Transfer controller to controller
- NUITEQ Data Controller initiates via a user request a STAGE SERVICE. NUITEQ serves as Transfer Controller.
MODULE TWO: Transfer controller to processor
- NUITEQ serves as the Transfer Controller and uses the WEB PROCESSOR as the processor to transfer to the SUB-PROCESSOR.
MODULE THREE: Transfer processor to processor
- The WEB PROCESSOR finishes processing the transfer and the SUB-PROCESSOR processes the personal information needed to start the STAGE SERVICE.
Name: Integritetsskyddsmyndigheten (Swedish Authority for Privacy Protection)
Address: Integritetsskyddsmyndigheten, Box 8114, 104 20 Stockholm
E-mail: imy@imy.se
ANNEX II
TECHNICAL AND ORGANIZATIONAL MEASURES INCLUDING TECHNICAL AND ORGANIZATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA
MODULE ONE: Transfer controller to controller
- NUITEQ Data Controller initiates via a user request a STAGE SERVICE. NUITEQ serves as Transfer Controller.
MODULE TWO: Transfer controller to processor
- NUITEQ serves as the Transfer Controller and uses the WEB PROCESSOR as the processor to transfer to the SUB-PROCESSOR.
MODULE THREE: Transfer processor to processor
- The WEB PROCESSOR finishes processing the transfer and the SUB-PROCESSOR processes the transfer by starting the STAGE SERVICE.
EXPLANATORY NOTE:
Description of the technical and organizational measures implemented by the data importer(s) (including any relevant certifications) to ensure an appropriate level of security, taking into account the nature, scope, context and purpose of the processing, and the risks for the rights and freedoms of natural persons.
- Data encrypted at rest using AES-256
- Data encrypted in transit using SSL
- Security Officer - Johan Larsson
- Privacy Officer - Edward Tse
- Pseudonymisation of non-essential tracking for performance and marketing
- Regular monitoring for breaches, with automated notifications to senior technical staff
- Limited access to servers
- 2 Factor Authentication Company Policy
- Data Breach Notifications for stakeholders at https://nuiteq.com/breachnotifications
- Content Change form at https://nuiteq.com/contentchange/
- Data Processors listed in our Privacy Policy
- Tracking Cookies are detailed in our Cookie Policy
ANNEX III
SSO PROCESSORS
- Google Integration
- Microsoft Integration
- Dropbox Integration
- Nextcloud Integration
- A full list of sub-processors can be found at https://nuiteq.com/sub-processors
MODULE TWO: Transfer controller to processor
- NUITEQ opens the Single Sign-on (SSO) dialogue when the user makes an SSO or Cloud Drive request, the request is processed by the corresponding SSO PROCESSOR (e.g. Microsoft)
MODULE THREE: Transfer processor to processor
- After the request is complete the SSO PROCESSOR shares an email and authentication confirmation with the WEB PROCESSOR which begins the requested SSO or Cloud Drive access.
EXPLANATORY NOTE:
The data controller has authorized the use of the SSO PROCESSORS.
- Name: NUITEQ
- Address: Laboratorgrand 11, SE-93177 Skelleftea, Sweden
- Contact person’s name, position and contact details: Edward Tse, Privacy Officer, et@nuiteq.com
- Description of processing: User Login, Cloud Storage Access