MORS Privacy Policy the Processing of Personal Data and Legal Basis for the Register Data

Purpose of the Processing

Registers have been set up solely for the purpose of performance of the Agreement between Supplier’s MORS software service and the Customer. One register includes personal data of the Customer’s registered MORS software services users, and another register comprises of the data the Customer provides Supplier’s software to process, or the data the software processes when Supplier provides support services for Customer.

Supplier does not process Customer’s data for any other purposes than what is agreed upon in the original Agreement between Supplier and Customer, and only to the extent it is necessary for the fulfilment of services defined in the original Agreement.

Nature of Personal data

Content of Data Register of the software service users includes user ID and optionally name, e-mail address and phone number. User permissions are maintained by Customer’s system administrator.

Data registers the Customer provides Supplier’s software to process include data related to Customer’s customer financial agreements. The data provided to be processed by the software is required to be anonymised.

Regular sources of information

All data, both user data and data processed in the software service and in context of support services, is provided by the Customer.

Data Storage Period and Principles

Data processed by the software service is stored in Microsoft Azure Cloud for the duration of the contract. Data processed in support services is stored during the period of the development or service assignment, after which the data is deleted. Supplier maintains technical infrastructure and organisational measures to protect the Customer’s personal data and information security policy to ensure data security.

Disclosure or Hand-over of Information

Personal data is not handed over to third parties by Supplier or used for any other purposes than for the execution of Customer contract.

Rights of data subjects

The persons included in the registers are entitled to check their information in the register. Data subjects are entitled to demand correction of an incorrect piece of information in the register. Data subjects have also the right to have the controller delete the personal data concerning the data subject in certain situations and request to transmit this data to another controller.

Supplier does not reply directly to requests by Customer’s personnel or customers regarding the above rights, as all registers are controlled by Customer. Supplier notifies Customer promptly if such request is received. Supplier assists, when possible, Customer to meet the obligations in case of a request. Customer’s personnel registered as a user in the software or customer should primarily contact the contact person for data privacy at Customer organisation.

Personal Data Breach

In the case of a personal data breach, Supplier informs Customer without undue delay after becoming aware of a personal data breach.