Pawfinity License Agreement
PAWFINITY LICENSE AGREEMENT
ATTENTION! Carefully read the following terms and conditions that govern the Pawfinity software as a Service ("Service"). By using this Service and related hosted services, You (the "Licensee") are consenting to the terms of this agreement and accepting that they will be legally binding on You and any end user who may obtain this Service through You or Your company. If You do not agree to the terms of this agreement, You may not use the Service.
Throughout this document, "Service" refers to items written by Pawfinity (the "Licensor"), including, but not limited to, Pawfinity services, Pawfinity documentation, and/or all other files included in the Pawfinity software package. "You" or "Licensee" means the natural person or the entity that is agreeing to be bound by this agreement, and any employees and third party contractors that provide services to You. You shall be liable for any failure by such employees and third party contractors to comply with the terms of this agreement.
2. LICENSE. In consideration of payment of the license subscription fee for the use of the Service, You may use the Service in accordance with the following:
- Each registered business account may operate only one business entity
- Use the Pawfinity service for data input, backup, and storage.
- Rights not expressly granted by this section are reserved by Pawfinity
3. RESTRICTIONS ON USE. You may not:
- Permit other businesses to use the Service except under the terms listed herein;
- Allow access to our service by another software firm, developer, engineer, or other technical trade which can be considered a conflict of interest for our service. In the event that we identify activity of this manner, considered espionage, we reserve the right to immediately terminate your account access, without refund or prior notice, regardless of account status.
- Modify, translate, reverse engineer, decompile, disassemble (except to the extent applicable laws specifically prohibit such restriction) or create derivative works based on the Service;
- Attempt to gain unauthorized access to the hosted services, web servers, or related Pawfinity systems or networks;
- Use the Service or Pawfinity hosted services in any manner that is not in accordance with applicable documentation and all applicable laws and government regulations;
- Rent, lease, grant a security interest in or otherwise transfer rights to the Service; nor
- Remove any proprietary notices or labels displayed in the Service or on its output.
- Multi-owner public and private Corporations, S-Corporations, Franchise organizations, and any organization funded by or paying dividends to investors are all explicitly limited to one physical operating location PER-LICENSE. Individual franchisees owning more than one franchise location may be permitted to operate more than one location through a single PAWFINITY license with written permission.
4. OWNERSHIP. Title, ownership rights, and intellectual property rights in the Service shall remain in Pawfinity. The Service is protected by copyright laws and treaties. Title and related rights in the content which may accessed through the Service or hosted services is the property of the applicable content owner and may be protected by law. This license gives You no rights to such content except for data that You upload and store.
5. TERM. The Service and related hosted services are delivered electronically via a secure web site, and delivery is deemed complete when the Service is first made available to You. The license is effective until terminated. You may terminate the license at any time by canceling payment renewal of the Service license subscription fee however, no refunds will be distributed or service fee prorated for the remainder of the term. The license will terminate automatically if You fail to comply with the limitations described in this agreement or You fail to pay the license fee.
6. FREE TRIAL. A free trial of The Service is made available to verifiable pet-service businesses only. Free trial accounts are subject to identity verification. Any account failing reasonable standard verification will be denied access to the service. In the event that a business entity cannot be reasonably verified, the Licensee will be considered as suitable verification if they are able to produce sufficient evidence of applicable industry involvement. This free trial period is not guaranteed nor inherently applied to any new Licensee and may be revoked at any time without prior warning. The free trial carries no monetary value and cannot be refunded. Individuals acting as "consultants", developers, IT professionals, engineers, programmers, and any other technology related role or field are prohibited from free trial and general access to the system will be denied.
7. DISCLAIMER. The Service is provided "as is" and without warranty of any kind. No dealer, agent, or employee of Pawfinity is authorized to make any warranty regarding the Service. It is the sole responsibility of the client to access their paid account and take part in the service once a subscription has been initiated. PAWFINITY DOES NOT AND CANNOT WARRANT THE PERFORMANCE OR RESULTS YOU MAY OBTAIN BY USING THE SERVICE. THE LICENSOR AND ITS SUPPLIERS MAKE NO WARRANTY OR REPRESENTATION, EXPRESS OR IMPLIED, AS TO ANY OTHER MATTERS, INCLUDING NON-INFRINGEMENT OF THIRD PARTY RIGHTS OR MERCHANTABILITY, FITNESS OR SATISFACTORY QUALITY FOR ANY PARTICULAR PURPOSE. THE TERMS OF THIS SECTION SURVIVE THE TERMINATION OF THIS AGREEMENT IRRESPECTIVE OF THE CAUSE OF THE TERMINATION, BUT DO NOT IMPLY OR CREATE ANY CONTINUED RIGHT TO USE THE SERVICE AFTER TERMINATION OF THE AGREEMENT.
8. LIMITATION OF LIABILITY. UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY, TORT, CONTRACT, OR OTHERWISE SHALL PAWFINITY OR ITS SUPPLIERS OR RESELLERS BE LIABLE TO YOU OR ANY OTHER PERSON FOR ANY INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY CHARACTER INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF GOODWILL, WORK STOPPAGE, COMPUTER FAILURE OR MALFUNCTION, OR ALL OTHER COMMERCIAL DAMAGES OR LOSSES. IN NO EVENT WILL PAWFINITY BE LIABLE FOR ANY DAMAGES IN EXCESS OF THE AMOUNT PAWFINITY RECEIVED FROM YOU FOR A LICENSE TO USE THE SERVICE, EVEN IF PAWFINITY SHALL HAVE BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGES, OR FOR ANY CLAIM BY ANY OTHER PARTY. PAWFINITY AND ALL OTHER PARTIES INVOLVED IN THE DEVELOPMENT OF THE SERVICE ARE NOT RESPONSIBLE FOR ANY ERRORS, AND/OR FINANCIAL LOSSES, AND/OR PROBLEMS, AND/OR LOSS OF CLIENTS, AND/OR LOSS OF INFORMATION AND/OR DIFFICULTIES THE USERS OF THE SERVICE MAY EXPERIENCE AS A RESULT OF ITS USE. ALL CALCULATIONS THE SERVICE PERFORMS (INCLUDING, BUT NOT LIMITED TO CALCULATIONS RELATING TO TICKET/SALES INFORMATION, AND/OR TAXES, AND/OR CLIENTS, AND/OR TOTALS, AND/OR SERVICES, AND/OR PRODUCTS, ARE FOR REFERENCE ONLY. ALL CALCULATIONS SHOULD BE PERFORMED AND VERIFIED BY MEANS INDEPENDENT OF THE SERVICE.
Licensee assumes full responsibility for the selection and suitability of the Service, for its use, and for the results obtained from the Service program.
9. PRODUCT SUPPORT. Although Pawfinity intends to provide advisory support to customers following delivery of the Pawfinity System and license, the Licensor is not obligated to provide such support and customers and/or any other users of the Service are not guaranteed such support. The support policies and practices of Pawfinity are subject to change without notice or obligation. The Licensee is solely responsible for applying to its activities any customer support information provided by the Licensor and for any consequences thereof.
10. CODE OF CONDUCT. If a Licensee is determined to be acting in a manner which is determined to be of malicious intent or which may be considered harassment or abuse toward sales, support, or other Pawfinity staff, the account will qualify for immediate intervention, up to and including account termination. Pawfinity administration reserves the right to terminate the license without notice for any Code Of Conduct violation.
11. AUTOMATED CREDIT CARD CHARGE AUTHORIZATION. By checking "accept" below, you hereby authorize Pawfinity ("Pawfinity"), to initiate monthly credit card debit entries for payment and to initiate, if necessary, electronic credit entries and adjustments for any monthly credit card entries in error to your account and the credit card listed above to electronically debit and/or electronically credit the same to such account for the services You receive from Pawfinity. You agree to allow Pawfinity to electronically debit Your credit card for payment for Pawfinity services when due. This authorization is to remain in effect until revoked by You by contacting Pawfinity or utilizing the automated tools made available in the dashboard. You agree that Pawfinity shall be fully protected in drawing any such monthly credit card debit or credit. Pawfinity reserves the right to adjust monthly subscription rate and / or cancel the monthly credit card payment program entirely with or without expressed notification. You understand that if any such monthly credit card payment does not clear, and any amounts due to Pawfinity are not paid, the Pawfinity service may be subject to termination. Any Licensee initiating a false claim of unauthorized subscription charge or fee collection, also known as a "disputed charge", on a valid charge will be subject to account termination without the chance for future reinstatement.
12.1 SUBSCRIPTION. Subscription fees are paid on a recurring monthly or annual subscription term. Acceptable payment methods are credit and debit cards. Payment will be drafted on the same day or month of the year. By agreeing to these terms, you authorize Pawfinity to make automated payments, which may vary in amount from period to period, from the provided payment method(s) until the subscription is terminated persuant to section 12.5. We reserve the right to alter pricing of the subscription and any additional service offered therein. Notice of price change will be posted within the dashboard no less than 14 days before the action occurs.
12.2 RENEWAL. Unless either party cancels the subscription prior to the start of the next billing cycle, your subscription will automatically renew.
12.3 REFUNDS. Subscription fees and additional account services are not refundable. In the event of a cancellation or account suspension, access to the Service will continue until the end of the paid billing cycle where it will then self-terminate.
12.4 BILLING ADJUSTMENTS. In the event that a billing discrepancy is found, we reserve the right to determine how the billing discrepancy will be resolved which may include account credits, partial refunds, an account balance accrual, or other resolutions.
12.5 RIGHT TO CANCEL. All account suspensions and cancellations are handled by the Licensee from the ACCOUNT > BILLING > MANAGE ACCOUNT STATUS section of the dashboard. We do not manually cancel accounts by request via email or through the support center. The responsibility to follow up on a cancellation request sent via these methods falls on the Licensee, who will be expected confirm the account proper action has been taken.
13. AUTOMATED EMAIL COMMUNICATION. You hereby authorize Pawfinity ("Pawfinity"), to initiate automated email communications with each client of your business in which an account has been created, when said account includes a mailable email address, on behalf of your company and Pawfinity. Pawfinity will send an initial "welcome" email to establish a base communication with said client and inform them of the FOREVER FREE client account that has been created for them is available for their use. You understand that if you would prefer not to have the welcome email communication sent to your client, an email address should therefore not be added to the client profile. This statute includes the action of importing client information from a digital file as a means of client entry, in which the same welcome email will be sent to any client with a mail-able email address.
14. GOVERNING LAW. This license agreement, including its Limited Warranty provisions, shall be governed by the laws of the State of North Carolina. All disputes arising under this agreement shall be resolved in the applicable state or federal courts of North Carolina. The parties consent to the jurisdiction of such courts, agree to accept service of process by mail, and waive any jurisdictional or venue defenses otherwise available.
15. COMPANY PAGES. Licensee agrees to the creation of a company webpage, launched in the http://crm.pawfinity.com/[my-buiness-name] namespace by which end clients are able to find and interact with your company. This page will be indexed by global search engines and available during web searches for your business or terms related to the nature of your business. Licensee gives expressed permission to launch this page with the acceptance of these terms. The Service does not guarantee any level of placement in the search results for company pages.
16. INTEGRATION. This agreement constitutes the entire understanding of the parties and is intended as the final expression of their agreement.
17. RIGHT TO DISCONTINUE SERVICE. Pawfinity reserves the right to revoke access to the service for any Licensee found in violation of this agreement without regard to race, color, religion or belief, national, social or ethnic origin, sex, age, physical, mental or sensory disability, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family or parental status, or any other status protected by the laws or regulations in the locations where we operate.
"Service Provider" - Service providers consist of professional groomers, boarding kennel facility operators, trainers, and other pet pros servicing the end client (pet owner)
"Service Facilitator" - That's us! Also described as simply Pawfinity
"Client" - this is the pet parent / owner
"Data Incident" - a breach of Pawfinity's systems leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Client Personal Data on systems managed by or otherwise controlled by Pawfinity. "Data Incidents" do not include unsuccessful attempts or activities that do not compromise the security of Client Personal Data, including unsuccessful log-in attempts, pings, port scans, denial of service attacks, and other network attacks on firewalls or networked systems.
"Bot" - an automated program ranging from benign to malignant in purpose, often simply to collect data displayed online
1) CLIENT INFORMATION SHARED WITH US
BASIC ACCOUNT INFORMATION
You are not required to have an account to interact with the main pawfinity website or to view company pages. Pawfinity does not allow information from our site to be displayed on any 3rd party sites (such as external API or iframe).
We use Client contact information, such as email address or phone number, to authenticate their account and keep it, and our services secure, and to help prevent spam, fraud, and abuse. If a Client or Service provider provides us with a phone number, you agree to receive text messages from Pawfinity to that number as your country's laws allow. Clients can use the settings for email and mobile notifications to control notifications you receive from Pawfinity directly from the client dashboard here. You can also unsubscribe from a notification by following the instructions contained within the notification. When you create an account via online client application or through your Service Provider, you share private information including (some fields are optional):
Your full name
Pet info such as name, breed, and birthday
Pet medical records
Credit card information (stored with Stripe.com)
If you email us, we will keep the content of your message, your email address, and your contact information to respond to your request.
The following areas contain information which is publicly available:
The Pet Registry - a pet registry entry is made available only once requested by either your Service Provider, or via the client dashboard. The records listed here are not searchable and utilize random IDs which cannot be reasonably guessed or trolled by bots. Information contained in the pet registry is intended to be used to identify a lost pet and includes the pet's name, breed, age, and medical flags. Limited contact information is also made available to assist in rescuing a lost pet.
Company Pages - a micro website included with each Pawfinity subscription. This contains public information about a Service Provider.
DIRECT MESSAGES WITH SERVICE PROVIDERS
We provide certain features which allow communication between pet owners and Service Providers in which they are connected. For example, replies to automated notifications by pet owners will be displayed inside the business dashboard for the pet business you are communicating with. This reply will be visible to all employees of the business who have access to the account via secured login. When you communicate with others by sending or receiving Direct Messages, we will store and process your communications and information related to them. This includes link scanning for malicious content, link shortening to http://pawf.co URLs, detection of spam and prohibited images, and review of reported issues. We share the content of these direct messages only with the Service Provider you are communicating with.
Clients may provide payment information, including credit or debit card number, card expiration date, CVV code, and billing address, in order to store it for future purchases at your selected Service Providers, however, actual credit card numbers are stored remotely with a PCI-DSS compliant payment processor (Stripe.com). There is no charge to access or use the client dashboard. Neither the Pawfinity staff, nor the Service Provider has access to identifiable stored card information.
Service providers will be required to store a minimum of 1 card on file to collect monthly subscription payments, which is stored in the same manner.
HOW YOU CONTROL ACCESS TO YOUR DATA
Each owner of a Forever Free™ client account has the ability to connect or disconnect their information from a Service Provider at any time via the client dashboard, found here. Account deletion also takes place through this portal.
2) ADDITIONAL INFORMATION WE RECEIVE ABOUT YOU
We require information when signing in to our site to enhance security and prevent fraudulent usage. Information such as:
is collected and stored to validate your login session and prevent unauthorized account access. The ip address can be used to derive a general locality in which you are accessing your account.
INFORMATION PROVIDED WHEN YOU CONTACT US
We may collect Personal Information that you voluntarily provide when contacting us with a question or comment about our products and services. We generally collect one or more of the following types of Personal Information when you contact us with a question or comment or request information from us about our products and services:
COOKIES AND OTHER TRACKING TECHNOLOGIES WE USE
Learn more about cookies here http://www.whatarecookies.com/
HOW COOKIES ARE USED
measure ad performance
store your agreement to this privacy & data policy
assist in persistent logins and session management
A beacon is programming code that is designed to collect information about your interactions with the Site, such as the links you click on or an email you open. The code is temporarily downloaded onto your computer or device from our web server or a third-party service provider, is active only while you are connected to the Site, and is deactivated or deleted thereafter. Beacons can be found in the notification emails received from a Service Provider.
Google Privacy & Terms: https://policies.google.com/technologies/partner-sites
Pawfinity utilizes https://stripe.com payment processing service. If your Service Provider has activated this service, your credit card information will be stored on their PCI-DSS compliant servers. Sensitive credit card information, even for stored cards, is not available to Service Providers nor to Pawfinity.
Stripe EU-U.S. and Swiss-U.S. Privacy Shield Policy: https://stripe.com/privacy-shield-policy
We receive information when you view content on or otherwise interact with our services, which we refer to as "Log Data", even if you have not created an account. For example, when you visit our website, sign into our services, interact with our email notifications, or use your email address to verify your account, we may receive information about you. This Log Data includes information such as your IP address, browser type, operating system, the referring web page, pages visited, device information, search terms, and cookie information. We also receive Log Data when you click on, view, or interact with links on our services. We use Log Data to operate our services and ensure their secure, reliable, and robust performance. For example, we use Log Data to protect the security of accounts.
WHAT WE DO WITH THE INFORMATION WE COLLECT
We may use this Personal Information to administer your access to our service, verify your identity, and provide our products or services to you.
3) INFORMATION WE SHARE
CLIENT PERSONAL DATA SHARED WITH 3RD PARTIES
Pawfinity does not share personal information with 3rd parties other than with Service Providers which have been approved by the Client and what is necessary to process a credit card payment.
SERVICE PROVIDER PERSONAL DATA SHARED WITH 3RD PARTIES
Pawfinity does not currently share any information about Service Providers nor employees or agents thereof.
CONTROLING YOUR DATA
We share or disclose Client personal data with your consent or at your direction, such as when you fill out a client application for a particular Service Provider or when you submit an online appointment request. Keep in mind that we do not share your information without your permission and that we cannot control what happens to your data once it is in the hands of your Service Provider.
In special circumstances, we may share your payment information with payment service processors to process payments; prevent, detect, and investigate fraud or other prohibited activities; facilitate dispute resolution such as chargebacks or refunds; and for other purposes associated with the acceptance of credit and debit cards.
We share or disclose non-personal data, such as aggregated information like the number of times a page was visited with our 3rd party Google Analytics account in order to help track traffic patterns and other strategic business practice planning.
4) THE ROLE OF THE SERVICE FACILITATOR
It is our role as the Service Facilitator to:
Store and secure information sent to / through our service on behalf of the Service Provider
Offer means for Service Providers and clients to easily find, review, and remove personal data from the system
Continuous security monitoring, scanning, and updates which adhere to the specifications set forth by the PCI-DSS and GDPR regulations
Investigate disputes and data handling practices on behalf of clients when Service Providers fail to sufficiently handle data privacy complaints
Notify affected parties (both Service Providers and Clients) in the event of a data breach
5) THE ROLE OF THE SERVICE PROVIDER
SPECIAL CONSIDERATIONS FOR CLIENTS
Clients must keep in mind that, while we've entered into a data contract with each Service Provider which holds them to a high standard for proper data handling, as the Service Facilitator, Pawfinity does not and cannot directly control the activities of a Service Provider. If a Service Provider is found in continuous violation of our data policy standards, they will be penalized up to and including the termination of their account and the deletion of all data contained within.
It is the role fo the Service Provider to:
Obtain written agreements on this policy with each client to ensure their agreement to the policy
Adhere to best practices regarding the handling of personal data, including those set forth in the GDPR (EU Citizens only)
Resolve client data complaints, including assisting in the removal of personal data upon request
DATA HANDLING COMPLAINTS
Inquiries regarding issues with improper data handling should be directed at the Service Provider in which you are connected. If the Service Provider is unwilling or unable to properly address your request, you are encouraged to contact us here with details on your complaint. We will perform an investigation into the business practices of the Service Provider. If a Service Provider is found to be operating outside our data agreement, they will incur penalties beginning at warnings and leading ultimately to account cancellation (should the violations continue).
6) MANAGING YOUR PERSONAL INFORMATION WITH US
ACCESSING OR RECTIFYING YOUR PERSONAL DATA
If you have information stored on Pawfinity, we provide direct account access here, where you are able to correct, update, modify, or delete the personal data associated with your account. You may download your personal information by visiting Account > Manage Account > Data Export. This will generate a CSV file, which can be imported to any service as well as opened in popular spreadsheet programs.
CLIENT DATA DELETION
Due to the nature of our service, we do not set a time limit for the storage of client data. This will ultimately be determined by the Service Provider. Should you choose to, you can delete your data in the using the following methods:
Method 1) from our service by logging into your client dashboard here, and visiting Account > Manage Account > Delete Account
Method 2) you may request full account deletion through our automated public channel here
You will need to enter a valid email address and have access to the email account on file to use method 2. It is your responsibility to ensure the email address on file is valid and active. once deleted, this information will be removed from active access, and destroyed from backups within 7 days from the time of the deletion.
If you do not have / cannot access to your client account through the previously listed channels, your pet Service Provider will be able to remove your information from their business dashboard directly. Keep in mind that claimed client accounts can only be deleted through the client dashboard or automated removal request form.
Accounts are claimed after one of the following occurs:
logging in to your client dashboard
connecting to more than one Service Provider.
GENERAL DATA DELETION
Pawfinity data is stored and will remain in encrypted backups for 7 days following the deletion of client or Service Provider information, after which it is permanently deleted. While technically existent in the backup, we cannot reasonably recover specific information from these backups. We do not offer a service to retrieve information from our backups. Keep in mind that search engines and other third parties may still retain copies of your public information, such as company page data, even after you have deleted the information from our services or deactivated your account. We do not control the removal of this information.
Non-identifying, non-personal data is stored by Google Analytics for 26 months before being removed.
If you are intending to withdraw consent to our policies, you may do so by deleting your account and / or information stored on our service, and discontinuing use of our service immediately.
CLIENT DATA PORTABILITY
Pawfinity provides a means to download your personal client information by visiting the "My Profile" area of the client dashboard here, and clicking the Download link.
7) DATA SECURITY
We use reasonable and appropriate physical, electronic, and administrative safeguards including but not limited to Encryption in transit and at rest, firewalls, access control measures, and more to protect Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the nature of the Personal Data and the risks involved in processing that information. Our system security is scanned / tested at regular intervals and monitored constantly to ensure high-level security performance consistent with the guidelines for PCI-DSS and GDPR regulations.
8) NOTICE OF DATA INCIDENT
If Pawfinity becomes aware of a Data Incident, Pawfinity will notify clients of the Data Incident promptly and without undue delay, and promptly take reasonable steps to minimize harm and secure client Personal Data.
9) CHILDREN AND OUR SERVICES
Our services are not directed to children, and you may not use our services if you are under the age of 16. You must also be old enough to consent to the processing of your personal data in your country (in some countries we may allow your parent or guardian to do so on your behalf).
10) GLOBAL OPERATIONS AND PRIVACY
To bring you our services, we operate globally. Where the laws of your country allow you to do so, you authorize us to transfer, store, and use your data in the United States and any other country where we operate. In some of the countries to which we transfer personal data, the privacy and data protection laws and rules regarding when government authorities may access data may vary from those of your country.
When we transfer personal data outside of the European Union or EFTA States, we ensure an adequate level of protection for the rights of data subjects based on the adequacy of the receiving country's data protection laws, contractual obligations placed on the recipient of the data.
11) CHANGES IN POLICY
12) Contact Pawfinity
All data handling inquiries can be submitted through our contact form, found here. Pawfinity is based out of Raleigh, North Carolina in the United States Of America.
Pawfinity Data Processing Policy
Pawfinity and the counterparty agreeing to these terms ("Client") have entered into an agreement for the provision of the Processor Services (as amended from time to time, the "Agreement").
These Pawfinity Data Processing Terms (including the appendices, "Data Processing Terms") are entered into by Pawfinity and Client and supplement the Agreement. These Data Processing Terms will be effective, and replace any previously applicable terms relating to their subject matter (including any data processing amendment or data processing addendum relating to the Processor Services), from the Terms Effective Date.
If you are accepting these Data Processing Terms on behalf of Client, you warrant that: (a) you have full legal authority to bind Client to these Data Processing Terms; (b) you have read and understand these Data Processing Terms; and (c) you agree, on behalf of Client, to these Data Processing Terms. If you do not have the legal authority to bind Client, please do not accept these Data Processing Terms.
These Data Processing Terms reflect the parties' agreement on the terms governing the processing and security of Customer Personal Data in connection with the Data Protection Legislation.
2. Definitions and Interpretation
2.1 In these Data Processing Terms:
"Additional Product" means a product, service or application provided by Pawfinity or a third party that: (a) is not part of the Processor Services; and (b) is accessible for use within the user interface of the Processor Services or is otherwise integrated with the Processor Services.
"Customer Personal Data" means personal data that is processed by Pawfinity on behalf of Client in Pawfinity's provision of the Processor Services.
"Data Incident" means a breach of Pawfinity's security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Personal Data on systems managed by or otherwise controlled by Pawfinity. "Data Incidents" will not include unsuccessful attempts or activities that do not compromise the security of Customer Personal Data, including unsuccessful log-in attempts, pings, port scans, denial of service attacks, and other network attacks on firewalls or networked systems.
"Data Protection Legislation" means, as applicable: (a) the GDPR; and/or (b) the Federal Data Protection Act of 19 June 1992 (Switzerland).
"Data Subject Tool" means a tool (if any) made available by a Pawfinity Entity to data subjects that enables Pawfinity to respond directly and in a standardized manner to certain requests from data subjects in relation to Customer Personal Data (for example, online advertising settings or an opt-out browser plugin).
"EEA" means the European Economic Area.
"GDPR" means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
"Pawfinity" means the Pawfinity Entity that is party to the Agreement.
"Pawfinity Affiliate Subprocessors" has the meaning given in Section 11.1 (Consent to Subprocessor Engagement).
"Notification Email Address" means the email address (if any) designated by Client, via the user interface of the Processor Services or such other means provided by Pawfinity, to receive certain notifications from Pawfinity relating to these Data Processing Terms.
"Processor Services" means the applicable services listed at https://www.pawfinity.com/privacy-policy/ .
"Security Documentation" means any other security certifications or documentation that Pawfinity may make available in respect of the Processor Services.
"Security Measures" has the meaning given in Section 7.1.1 (Pawfinity's Security Measures).
"Subprocessors" means third parties authorized under these Data Processing Terms to have logical access to and process Customer Personal Data in order to provide parts of the Processor Services and any related technical support.
"Term" means the period from the Terms Effective Date until the end of Pawfinity's provision of the Processor Services under the Agreement.
"Terms Effective Date" means, as applicable:
(a) 25 May 2018, if Client clicked to accept or the parties otherwise agreed to these Data Processing Terms before or on such date; or
(b) the date on which Client clicked to accept or the parties otherwise agreed to these Data Processing Terms, if such date is after 25 May 2018.
"Third Party Subprocessors" has the meaning given in Section 11.1 (Consent to Subprocessor Engagement).
2.2 The terms "controller", "data subject", "personal data", "processing", "processor" and "supervisory authority" as used in these Data Processing Terms have the meanings given in the GDPR.
2.3 Any phrase introduced by the terms "including", "include" or any similar expression will be construed as illustrative and will not limit the sense of the words preceding those terms. Any examples in these Data Processing Terms are illustrative and not the sole examples of a particular concept.
2.4 Any reference to a legal framework, statute or other legislative enactment is a reference to it as amended or re-enacted from time to time.
3. Duration of these Data Processing Terms
These Data Processing Terms will take effect on the Terms Effective Date and, notwithstanding expiry of the Term, remain in effect until, and automatically expire upon, deletion of all Customer Personal Data by Pawfinity as described in these Data Processing Terms.
4. Application of these Data Processing Terms
4.1 Application of Data Protection Legislation. These Data Processing Terms will only apply to the extent that the Data Protection Legislation applies to the processing of Customer Personal Data, including if:
(a) the processing is in the context of the activities of an establishment of Client in the EEA; and/or
(b) Customer Personal Data is personal data relating to data subjects who are in the EEA and the processing relates to the offering to them of goods or services or the monitoring of their behavior in the EEA.
4.2 Application to Processor Services. These Data Processing Terms will only apply to the Processor Services for which the parties agreed to these Data Processing Terms (for example: (a) the Processor Services for which Client clicked to accept these Data Processing Terms; or (b) if the Agreement incorporates these Data Processing Terms by reference, the Processor Services that are the subject of the Agreement).
5. Processing of Data
5.1 Roles and Regulatory Compliance; Authorization.
5.1.1 Processor and Controller Responsibilities. The parties acknowledge and agree that:
(a) Appendix 1 describes the subject matter and details of the processing of Customer Personal Data;
(b) Pawfinity is a processor of Customer Personal Data under the Data Protection Legislation;
(c) Customer is a controller or processor, as applicable, of Customer Personal Data under the Data Protection Legislation; and
(d) each party will comply with the obligations applicable to it under the Data Protection Legislation with respect to the processing of Customer Personal Data.
5.1.2 Authorization. by Third Party Controller. If Client is a processor, Client warrants to Pawfinity that Client's instructions and actions with respect to Customer Personal Data, including its appointment of Pawfinity as another processor, have been authorized by the relevant controller.
5.2 Clients's Instructions. By entering into these Data Processing Terms, Clients instructs Pawfinity to process Customer Personal Data only in accordance with applicable law: (a) to provide the Processor Services and any related technical support; (b) as further specified via Clients's use of the Processor Services (including in the settings and other functionality of the Processor Services) and any related technical support; (c) as documented in the form of the Agreement, including these Data Processing Terms; and (d) as further documented in any other written instructions given by Clients and acknowledged by Pawfinity as constituting instructions for purposes of these Data Processing Terms.
5.3 Pawfinity's Compliance with Instructions. Pawfinity will comply with the instructions described in Section 5.2 (Client's Instructions) (including with regard to data transfers) unless EU or EU Member State law to which Pawfinity is subject requires other processing of Customer Personal Data by Pawfinity, in which case Pawfinity will inform Client (unless that law prohibits Pawfinity from doing so on important grounds of public interest).
5.4 Additional Products. If Client uses any Additional Product, the Processor Services may allow that Additional Product to access Customer Personal Data as required for the interoperation of the Additional Product with the Processor Services. For clarity, these Data Processing Terms do not apply to the processing of personal data in connection with the provision of any Additional Product used by Client, including personal data transmitted to or from that Additional Product.
6. Data Deletion
6.1 Deletion During Term.
6.1.1 Processor Services With Deletion Functionality. During the Term, if:
(a) the functionality of the Processor Services includes the option for Client to delete Customer Personal Data;
(b) Client uses the Processor Services to delete certain Customer Personal Data; and
(c) the deleted Customer Personal Data cannot be recovered by Client (for example, from the "trash"),
then Pawfinity will delete such Customer Personal Data from its systems as soon as reasonably practicable and within a maximum period of 180 days, unless EU or EU Member State law requires storage.
6.1.2 Processor Services Without Deletion Functionality. During the Term, if the functionality of the Processor Services does not include the option for Client to delete Customer Personal Data, then Pawfinity will comply with:
(a) any reasonable request from Client to facilitate such deletion, insofar as this is possible taking into account the nature and functionality of the Processor Services and unless EU or EU Member State law requires storage; and
(b) the data retention practices described at https://www.pawfinity.com/privacy-policy/
Pawfinity may charge a fee (based on Pawfinity's reasonable costs) for any data deletion under Section 6.1.2(a). Pawfinity will provide Client with further details of any applicable fee, and the basis of its calculation, in advance of any such data deletion.
6.2 Deletion on Term Expiry. On expiry of the Term, Client instructs Pawfinity to delete all Customer Personal Data (including existing copies) from Pawfinity's systems in accordance with applicable law. Pawfinity will comply with this instruction as soon as reasonably practicable and within a maximum period of 180 days, unless EU or EU Member State law requires storage.
7. Data Security
7.1 Pawfinity's Security Measures and Assistance.
7.1.1 Pawfinity's Security Measures. Pawfinity will implement and maintain technical and organizational measures to protect Customer Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access as described in Appendix 2 (the "Security Measures"). As described in Appendix 2, the Security Measures include measures: (a) to encrypt personal data; (b) to help ensure the ongoing confidentiality, integrity, availability and resilience of Pawfinity's systems and services; (c) to help restore timely access to personal data following an incident; and (d) for regular testing of effectiveness. Pawfinity may update or modify the Security Measures from time to time, provided that such updates and modifications do not result in the degradation of the overall security of the Processor Services.
7.1.2 Security Compliance by Pawfinity Staff. Pawfinity will take appropriate steps to ensure compliance with the Security Measures by its employees, contractors and Subprocessors to the extent applicable to their scope of performance, including ensuring that all persons authorized to process Customer Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
7.1.3 Pawfinity's Security Assistance. Client agrees that Pawfinity will (taking into account the nature of the processing of Customer Personal Data and the information available to Pawfinity) assist Client in ensuring compliance with any obligations of Client in respect of security of personal data and personal data breaches, including (if applicable) Clients's obligations pursuant to Articles 32 to 34 (inclusive) of the GDPR, by:
(a) implementing and maintaining the Security Measures in accordance with Section 7.1.1 (Pawfinity's Security Measures);
(b) complying with the terms of Section 7.2 (Data Incidents); and
(c) providing Client with the Security Documentation in accordance with Section 7.4.1 (Reviews of Security Documentation) and the information contained in these Data Processing Terms.
7.2 Data Incidents.
7.2.1 Incident Notification. If Pawfinity becomes aware of a Data Incident, Pawfinity will: (a) notify Client of the Data Incident promptly and without undue delay; and (b) promptly take reasonable steps to minimize harm and secure Customer Personal Data.
7.2.2 Details of Data Incident. Notifications made under Section 7.2.1 (Incident Notification) will describe, to the extent possible, details of the Data Incident, including steps taken to mitigate the potential risks and steps Pawfinity recommends Client take to address the Data Incident.
7.2.3 Delivery of Notification. Pawfinity will deliver its notification of any Data Incident to the Notification Email Address or, at Pawfinity's discretion (including if Client has not provided a Notification Email Address), by other direct communication (for example, by phone call). Client is solely responsible for providing the Notification Email Address and ensuring that the Notification Email Address is current and valid.
7.2.4 Third Party Notifications. Client is solely responsible for complying with incident notification laws applicable to Client and fulfilling any third party notification obligations related to any Data Incident. For example: Client will be responsible for contacting serviced clientele.
7.2.5 No Acknowledgement of Fault by Pawfinity. Pawfinity's notification of or response to a Data Incident under this Section 7.2 (Data Incidents) will not be construed as an acknowledgement by Pawfinity of any fault or liability with respect to the Data Incident.
7.3 Client's Security Responsibilities and Assessment.
7.3.1 Client's Security Responsibilities. Client agrees that, without prejudice to Pawfinity's obligations under Sections 7.1 (Pawfinity's Security Measures and Assistance) and 7.2 (Data Incidents):
(a) Client is solely responsible for its use of the Processor Services, including:
(i) making appropriate use of the Processor Services to ensure a level of security appropriate to the risk in respect of Client Personal Data; and
(ii) securing the account authentication credentials, systems and devices Client uses to access the Processor Services; and
(b) Pawfinity has no obligation to protect Customer Personal Data that Client elects to store or transfer outside of Pawfinity's and its Subprocessors' systems.
7.3.2 Client's Security Assessment. Client acknowledges and agrees that (taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing of Customer Personal Data as well as the risks to individuals) the Security Measures implemented and maintained by Pawfinity as set out in Section 7.1.1 (Pawfinity's Security Measures) provide a level of security appropriate to the risk in respect of Customer Personal Data.
7.4 Reviews and Audits of Compliance.
7.4.1 Reviews of Security Documentation. To demonstrate compliance by Pawfinity with its obligations under these Data Processing Terms, Pawfinity will make the Security Documentation available for review by Client.
7.4.2 Client's Audit Rights.
(a) Pawfinity will allow Client or a third party auditor appointed by Client to conduct audits (including inspections) to verify Pawfinity's compliance with its obligations under these Data Processing Terms in accordance with Section 7.4.3 (Additional Business Terms for Audits). Pawfinity will contribute to such audits as described in this Section 7.4 (Reviews and Audits of Compliance).
7.4.3 Additional Business Terms for Audits.
(a) Client will send any request for an audit under Section 7.4.2(a) to Pawfinity as described in Section 12.1 (Contacting Pawfinity).
(b) Following receipt by Pawfinity of a request under Section 7.4.3(a), Pawfinity and Client will discuss and agree in advance on the reasonable start date, scope and duration of, and security and confidentiality controls applicable to, any audit under Section 7.4.2(a).
(c) Pawfinity may charge a fee (based on Pawfinity's reasonable costs) for any audit under Section 7.4.2(a). Pawfinity will provide Client with further details of any applicable fee, and the basis of its calculation, in advance of any such audit. Client will be responsible for any fees charged by any third party auditor appointed by Client to execute any such audit.
(d) Pawfinity may object to any third party auditor appointed by Client to conduct any audit under Section 7.4.2(a) if the auditor is, in Pawfinity's reasonable opinion, not suitably qualified or independent, a competitor of Pawfinity or otherwise manifestly unsuitable. Any such objection by Pawfinity will require Client to appoint another auditor or conduct the audit itself.
(e) Nothing in these Data Processing Terms will require Pawfinity either to disclose to Client or its third party auditor, or to allow Client or its third party auditor to access:
(i) any data of any other customer of a Pawfinity Entity;
(ii) any Pawfinity Entity's internal accounting or financial information;
(iii) any trade secret of a Pawfinity Entity;
(iv) any information that, in Pawfinity's reasonable opinion, could: (A) compromise the security of any Pawfinity Entity's systems or premises; or (B) cause any Pawfinity Entity to breach its obligations under the Data Protection Legislation or its security and/or privacy obligations to Client or any third party; or
(v) any information that Client or its third party auditor seeks to access for any reason other than the good faith fulfillment of Client's obligations under the Data Protection Legislation.
8. Impact Assessments and Consultations
Client agrees that Pawfinity will (taking into account the nature of the processing and the information available to Pawfinity) assist Client in ensuring compliance with any obligations of Client in respect of data protection impact assessments and prior consultation, including (if applicable) Client's obligations pursuant to Articles 35 and 36 of the GDPR, by:
(a) providing the Security Documentation in accordance with Section 7.4.1 (Reviews of Security Documentation);
(b) providing the information contained in these Data Processing Terms; and
(c) providing or otherwise making available, in accordance with Pawfinity's standard practices, other materials concerning the nature of the Processor Services and the processing of Customer Personal Data (for example, help center materials).
9. Data Subject Rights
9.1 Responses to Data Subject Requests. If Pawfinity receives a request from a data subject in relation to Customer Personal Data, Pawfinity will:
(a) if the request is made via contact form, respond directly to the data subject's request in accordance with the standard functionality of that tool; or
(b) if the request is not made via a standard contact form, advise the data subject to submit his/her request to Client, and Client will be responsible for responding to such request.
9.2 Pawfinity's Data Subject Request Assistance. Customer agrees that Pawfinity will (taking into account the nature of the processing of Customer Personal Data and, if applicable, Article 11 of the GDPR) assist Customer in fulfilling any obligation of Customer to respond to requests by data subjects, including (if applicable) Client's obligation to respond to requests for exercising the data subject's rights laid down in Chapter III of the GDPR, by:
(a) providing the functionality of the Processor Services;
(b) complying with the commitments set out in Section 9.1 (Responses to Data Subject Requests); and
10. Data Transfers
10.1 Data Storage and Processing Facilities. Client agrees that Pawfinity may, subject to Section 10.2 (Transfers of Data Out of the EEA and Switzerland), store and process Customer Personal Data in the United States of America and any other country in which Pawfinity or any of its Subprocessors maintains facilities.
10.2 Transfers of Data Out of the EEA and Switzerland. Pawfinity will ensure that:
(a) Pawfinity holds to the standards set forth in the GDPR and international data storage best practices to ensure compliance for the storage and processing of Customer Personal Data
10.3 Data Center Information. Pawfinity's data center is currently located in the state of Virginia, USA
11.1 Consent to Subprocessor Engagement. Client specifically authorizes the engagement of Pawfinity's Affiliates as Subprocessors ("Pawfinity Affiliate Subprocessors"). In addition, Client generally authorizes the engagement of any other third parties as Subprocessors ("Third Party Subprocessors").
11.2 Information about Subprocessors. Information about Subprocessors is available at https://www.pawfinity.com/privacy-policy/ Section 2 .
11.3 Requirements for Subprocessor Engagement. When engaging any Subprocessor, Pawfinity will:
(a) ensure via a written contract that:
(i) the Subprocessor only accesses and uses Customer Personal Data to the extent required to perform the obligations subcontracted to it, and does so in accordance with the Agreement (including these Data Processing Terms); and
(ii) if the GDPR applies to the processing of Customer Personal Data, the data protection obligations set out in Article 28(3) of the GDPR are imposed on the Subprocessor; and
(b) the Subprocessor will remain fully liable for all obligations and all acts and omissions of, the Subprocessor.
11.4 Opportunity to Object to Subprocessor Changes.
(a) When any new Third Party Subprocessor is engaged during the Term, Pawfinity will, at least 30 days before the new Third Party Subprocessor processes any Customer Personal Data, inform Client of the engagement (including the name and location of the relevant subprocessor and the activities it will perform) by sending an email to the Notification Email Address, or via new brief posted in the dashboard at the discretion of Pawfinity.
(b) Client may object to any new Third Party Subprocessor by terminating the Agreement immediately upon written notice to Pawfinity, on condition that Client provides such notice within 90 days of being informed of the engagement of the new Third Party Subprocessor as described in Section 11.4(a). This termination right is Client's sole and exclusive remedy if Client objects to any new Third Party Subprocessor.
12. Contacting Pawfinity; Processing Records
12.1 Contacting Pawfinity. Client may contact Pawfinity in relation to the exercise of its rights under these Data Processing Terms via the methods described at https://www.pawfinity.com/privacy-policy/ Section 12 or via such other means as may be provided by Pawfinity from time to time.
12.2 Pawfinity's Processing Records. Client acknowledges that Pawfinity is required under the GDPR to: (a) collect and maintain records of certain information, including the name and contact details of each processor and/or controller on behalf of which Pawfinity is acting and (if applicable) of such processor's or controller's local representative and data protection officer; and (b) make such information available to the supervisory authorities. Accordingly, Client will, where requested and as applicable to Client, provide such information to Pawfinity via the dashboard Support Channel or via such other means as may be provided by Pawfinity, and will use such user interface or other means to ensure that all information provided is kept accurate and up-to-date.
If the Agreement is governed by the laws of:
(a) a state of the United States of America, then, notwithstanding anything else in the Agreement, the total liability of either party towards the other party under or in connection with these Data Processing Terms will be limited to the maximum monetary or payment-based amount at which that party's liability is capped under the Agreement (for clarity, any exclusion of indemnification claims from the Agreement's limitation of liability will not apply to indemnification claims under the Agreement relating to the Data Protection Legislation); or
(b) a jurisdiction that is not a state of the United States of America, then the liability of the parties under or in connection with these Data Processing Terms will be subject to the exclusions and limitations of liability in the Agreement.
14. Effect of these Data Processing Terms
If there is any conflict or inconsistency between the terms of these Data Processing Terms and the remainder of the Agreement, the terms of these Data Processing Terms will govern. Subject to the amendments in these Data Processing Terms, the Agreement remains in full force and effect.
15. Changes to these Data Processing Terms
15.1 Changes to URLs. From time to time, Pawfinity may change any URL referenced in these Data Processing Terms and the content at any such URL.
15.2 Notification of Changes. If Pawfinity intends to change these Data Processing Terms under Section 15.1, Pawfinity will inform Client at least 30 days (or such shorter period as may be required to comply with applicable law, applicable regulation, a court order or guidance issued by a governmental regulator or agency) before the change will take effect by either: (a) sending an email to the Notification Email Address; or (b) alerting Client via the user interface for the Processor Services (dashboard). If Client objects to any such change, Client may terminate the Agreement by giving written notice to Pawfinity within 90 days of being informed by Pawfinity of the change.
Appendix 1: Subject Matter and Details of the Data Processing
Pawfinity's provision of the Processor Services and any related technical support to Client.
Duration of the Processing
The Term plus the period from expiry of the Term until deletion of all Customer Personal Data by Pawfinity in accordance with these Data Processing Terms.
Nature and Purpose of the Processing
Pawfinity will process (including, as applicable to the Processor Services and the instructions described in Section 5.2 (Client's Instructions), collecting, recording, organizing, structuring, storing, altering, retrieving, using, disclosing, combining, erasing and destroying) Customer Personal Data for the purpose of providing the Processor Services and any related technical support to Client in accordance with these Data Processing Terms.
Scope Of Responsibility
Due to the nature of the data processing, Client agrees that Pawfinity acts in a limited capacity as a Service Facilitator as described in https://www.pawfinity.com/privacy-policy/ Section 4. The role of Pawfinity in data privacy compliance is limited in scope, focused around storage and security. The remainder of complaince rests with the Client, who is the primary data controller, and ultimately responsible for the proper use, storage, and handling of Customer Private Data.
Types of Personal Data
Customer Personal Data may include the types of personal data described at https://www.pawfinity.com/privacy-policy/ .
Categories of Data Subjects
Customer Personal Data will concern the following categories of data subjects:
data subjects about whom Pawfinity collects personal data in its provision of the Processor Services; and/or
data subjects about whom personal data is transferred to Pawfinity in connection with the Processor Services by, at the direction of, or on behalf of Client.
Depending on the nature of the Processor Services, these data subjects may include individuals: (a) to whom online service requests have, or will be, initiated; (b) who have visited specific Clients (service Providers, EG: groomers, kennels, ect) or associated applications in respect of which Pawfinity provides the Processor Services; and/or (c) who are customers or users of Client's products or services.
Appendix 2: Security Measures
As from the Terms Effective Date, Pawfinity will implement and maintain the Security Measures set out in this Appendix 2. Pawfinity may update or modify such Security Measures from time to time, provided that such updates and modifications do not result in the degradation of the overall security of the Processor Services.
1. Data Center & Network Security
(a) Data Centers.
Infrastructure. Pawfinity maintains it's systems in a single data center located in the state of Virginia, USA. Pawfinity stores all production data in a physically secure data center.
Redundancy. Infrastructure systems have been designed to eliminate single points of failure and minimize the impact of anticipated environmental risks. Redundant servers, load balancers, and other tools have been implemented to assist in improving the availability of data. The Processor Services are designed to allow Pawfinity to perform certain types of preventative and corrective maintenance without interruption. Maintenance of physical drives and server systems is coordinated and implemented by Amazon Web Services.
Power. The data center power management is handled by Amazon Web Services.
Server Operating Systems. Pawfinity servers use hardened operating systems which are customized for the unique server needs of the business. Data is stored using proprietary algorithms to augment data security and redundancy. Pawfinity employs a code review process to increase the security of the code used to provide the Processor Services and enhance the security products in production environments.
(b) Networks & Transmission.
Data Transmission. Data centers. are typically connected via high-speed private links to provide secure and fast data transfer between data centers. This is designed to prevent data from being read, copied, altered or removed without authorization. during electronic transfer or transport or while being recorded onto data storage media. Pawfinity transfers data via Internet standard protocols.
External Attack Surface. Pawfinity employs multiple layers of network devices and intrusion detection to protect its external attack surface. Pawfinity considers potential attack vectors and incorporates appropriate purpose built technologies into external facing systems.
Intrusion Detection. Intrusion detection is intended to provide insight into ongoing attack activities and provide adequate information to respond to incidents. Pawfinity's intrusion detection involves:
1. Tightly controlling the size and make-up of Pawfinity's attack surface through preventative measures;
2. Employing intelligent detection controls at data entry points; and
3. Employing technologies that notify our staff of certain dangerous situations.
Incident Response. Pawfinity monitors a variety of communication channels for security incidents, and Pawfinity's security personnel will react promptly to known incidents.
Encryption Technologies. Pawfinity makes HTTPS encryption (also referred to as SSL or TLS connection) available.
2. Access and Site Controls
(a) Site Controls.
On-site Data Center Security Operation. Pawfinity's data centers are maintained by Amazon Web Services.
Data Center Access Procedures. Amazon Web Services maintains formal access procedures for allowing physical access to the data centers.
On-site Data Center Security Devices. Amazon Web Services' data centers employ extensive security controls.
Information on Amazon Web Services' security practices can be found in the AWS documentation here https://d0.awsstatic.com/whitepapers/aws-security-whitepaper.pdf
(b) Access Control.
Infrastructure Security Personnel. Amazon Web Services has, and maintains, a security policy for its personnel. https://d0.awsstatic.com/whitepapers/aws-security-whitepaper.pdf
Access Control and Privilege Management. Clients' administrators and users must authenticate themselves via a central authentication system or via a single sign on system in order to use the Processor Services.
Internal Data Access Processes and Policies – Access Policy. Pawfinity's internal data access processes and policies are designed to prevent unauthorized persons and/or systems from gaining access to systems used to process personal data. Pawfinity aims to design its systems to: (i) only allow authorized persons to access data they are authorized to access; and (ii) ensure that personal data cannot be read, copied, altered or removed without authorization. during processing, use and after recording. The systems are designed to detect any inappropriate access. Pawfinity employs a centralized access management system to control personnel access to production servers, and only provides access to a limited number of authorized personnel. Pawfinity requires the use of unique user IDs, strong passwords, and carefully monitored access lists to minimize the potential for unauthorized account use. The granting or modification of access rights is based on: the authorized personnel's job responsibilities; job duty requirements necessary to perform authorized tasks; and a need to know basis. The granting or modification of access rights must also be in accordance with Pawfinity's internal data access policies and training. Approvals are controlled by management. Access to systems is logged to create an audit trail for accountability. Where passwords are employed for authentication (e.g. login to workstations), password policies that follow at least industry standard practices are implemented. These standards include restrictions on password reuse and sufficient password strength.
(a) Data Storage, Isolation & Authentication.
Pawfinity stores data in a single-tenant environment on servers owned by Amazon Web Services. Data, the Processor Services database, and file system architecture are located in the Virginia data center. Pawfinity logically isolates each customer's data.
(b) Decommissioned Disks and Disk Destruction Guidelines.
Information on this can be found in the AWS documentation here https://d0.awsstatic.com/whitepapers/aws-security-whitepaper.pdf
4. Personnel Security
Pawfinity personnel are required to conduct themselves in a manner consistent with the company's guidelines regarding confidentiality, business ethics, appropriate usage, and professional standards. Pawfinity conducts reasonably appropriate backgrounds checks to the extent legally permissible and in accordance with applicable local labor law and statutory regulations.
Personnel are required to execute a confidentiality agreement and must acknowledge receipt of, and compliance with, Pawfinity's confidentiality and privacy policies. Personnel are provided with security training. Personnel handling Customer Personal Data are required to complete additional requirements appropriate to their role. Pawfinity's personnel will not process Customer Personal Data without authorization.
5. Subprocessor Security
Before onboarding Subprocessors, Pawfinity conducts an audit of the security and privacy practices of Subprocessors to ensure Subprocessors provide a level of security and privacy appropriate to their access to data and the scope of the services they are engaged to provide. Once Pawfinity has assessed the risks presented by the Subprocessor then, subject always to the requirements set out in Section 11.3 (Requirements for Subprocessor Engagement), the Subprocessor is required to enter into appropriate security, confidentiality and privacy contract terms.