Code42's (now part of Mimecast) Incydr Service Processing Details
Capitalized terms used herein shall have the meanings ascribed to them in the data processing terms entered into between Mimecast and its customers.
A. LIST OF PARTIES
Data exporter(s) – Controller [Identity and contact details of the data exporter(s), including any contact person with responsibility for data protection, including, where applicable, of its/their data protection officer and/or representative in the European Union]
Name: The relevant Customer entity, as identified in the relevant ordering document, who, acting as Data Controller, transfers the Personal Data to Mimecast
Address: Addresses are specified in the relevant ordering document
Contact details: Customer contact details are specified in the relevant ordering document
Activities relevant to the data transferred: See section B (Description of Transfer) below.
Role (controller/processor): Controller
Data importer(s) - Processor [Identity and contact details of the data importer(s), including any contact person with responsibility for data protection]
Name: The relevant Mimecast Entity, as identified in the relevant ordering document, who, acting as Data Processor, agrees to receive Personal Data from the Data exporter
Address: Addresses are identified in the relevant ordering document
Contact person’s name, position, and contact details: Michael Paisley, Data Protection Officer, DPO@mimecast.com
Activities relevant to the data transferred: See section B (Description of Transfer) below.
Role (controller/processor): Processor
B. DESCRIPTION OF TRANSFER
Categories of Data subjects
Personal Data stored and processed in the provision of Mimecast Services may include data related to the following categories of Data Subjects:
data exporter’s employees, consultants, contractors, agents, prospects, customers, vendors, business partners and users authorized to use the Services; employees or contacts of third parties data exporter conducts business with.
Categories of Personal Data transferred
The Personal Data processed concern the following categories:
- Personal details (e.g., names, user names, passwords, email addresses and/or IP addresses);
- Personal Data derived from the use of the Services such as records and business intelligence information;
- depending on the data exporter’s endpoint environment and naming conventions, data transferred may include personal data, such as that possibly found in a computer name, user name or file name.
Sensitive data transferred (if appropriate)
The Personal Data Processed concern the following special categories of data: No sensitive data or special categories of data are intended to be Processed but may be contained in the content of or attachments to email and/or other messages. The extent of Personal Data processed through the Services are determined and controlled by the Customer.
Frequency of the transfer (e.g., whether the data is transferred on a one-off or continuous basis)
Continuous and ongoing
Nature and Purpose of the Processing
The Personal Data will be processed for purposes of providing the Services in accordance with Data Controller’s Instructions.
Support. Technical support, issue diagnosis and error correction to ensure the efficient and proper running of the systems and to identify, analyze and resolve technical issues both generally in the provision of the Services and specifically in answer to a customer query. This operation relates to all aspects of Personal Data Processed but will be limited to metadata where possible by the nature of any request.
Data Protection. The Services are designed to detect and identify data loss events by collecting and analyzing data pertaining to the modification and movement of computer files. This includes browser upload activity, connected device activity, machine-generated file activity and metadata about other file transfer methods (“File Activity Metadata”). Data Controller determines the types of data that exists on its systems, and because Data Controller’s endpoint environment is unique in configurations and naming conventions, File Activity Metadata could potentially include Personal Data.
Development and Improvement of Services. Mimecast analyzes and characterizes File Activity Metadata and Usage Data to develop and improve the functionality of the Services. The output of this analysis (“Service Data”) is owned by Mimecast and does not contain Customer Data or Personal Data. Mimecast does not share Service Data with any third parties for their own use.
Although not Personal Data, Mimecast also processes certain data derived from the Services, including feature usage, technical performance metrics and product configuration (“Usage Data”). Mimecast owns all Usage Data.
Duration of the Processing
The Customer Data Processed by Data Processor will be Processed for the duration of the Agreement.