Change language
Change country

Data Processing Terms and Conditions

Find out more about where Kyocera acts as a data processor on behalf of its customers.
hands typing on a laptop

These Data Processing Terms and Conditions (“Data Processing Terms”) apply to the Processing of Personal Data by KYOCERA Document Solutions Europe Management B.V. or its Sales Companies, authorized dealers, distributors and resellers (“KYOCERA”) from which you, the Customer, purchased a licensed to use Kyocera Cloud Information Manager (“KCIM”, “Services”).

These Data Processing Terms serve as the binding contract within the meaning of Article 28 (3) GDPR and set out the subject-matter and duration of the Processing, the nature and purpose of the Processing, the type of Personal Data and Categories of Data Subjects and the obligations and rights of the Controller and is supplemented by the terms and conditions stated in the agreement between KYOCERA and Customer applicable to the Services (“Agreement”).

Customer acts as Controller and KYOCERA as Processor with respect to the Processing of Personal Data under the Agreement and these Data Processing Terms, or, as the case may be, Customer acts as a Processor for its end-customers and KYOCERA acts as sub-Processor of Customer acting on instruction of Customer vis-à-vis its end-customers.

 

Article 1 : Definitions

The terms that have been identified in these Data Processing Terms by a capital letter have the following meaning (words in the singular include the plural and vice versa), or, if not stated below, have the meaning given to it in the GDPR:

1.1 “Customer” means the KYOCERA customer as identified in the Agreement.

1.2 “Data Protection Laws” means all laws and regulations, including but not limited to the GDPR, that are applicable to the Processing of Personal Data under the Agreement.

1.3 “GDPR” means General Data Protection Regulation, the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the Processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC.

1.4 “KYOCERA Affiliate” means a Sales Company of Kyocera Document Solutions Europe Management B.V. as listed in Annex 2 and a Sales Company’s and Kyocera Document Solutions Europe Management B.V.’s authorised dealers and distributors.

1.5 “Services” means the services to be performed by KYOCERA in accordance with, and as specified in the Agreement.

1.6 “Standard Contractual Clauses” means the contractual clauses as issued by the European Commission.

1.7 “Sub-Processor” means any Processor engaged by KYOCERA.

1.8 “TOMs” means the technical and organizational measures required pursuant to Article 32 GDPR.

Article 2 : Personal Data Processing

2.1 Instructions. KYOCERA shall only Process Personal Data in accordance with Customer’s written instructions, which are the provision of Services as specified in the Agreement. Customer shall ensure that all instructions provided by Customer to KYOCERA pursuant to these Data Processing Terms and the Agreement will be in accordance with the Data Protection Laws. Customer shall have the sole responsibility for the accuracy, quality, and legality of Personal Data and the means by which Customer acquired Personal Data.

2.2 Details of Processing. Annex 1 to these Data Processing Terms sets out certain information regarding the Processing of Personal Data.

2.3 Compliance with Data Protection Laws. KYOCERA shall comply with applicable Data Protection Laws in the Processing of Personal Data.

2.4 Confidentiality. KYOCERA shall keep the Personal Data strictly confidential and shall not transmit, disseminate or otherwise transfer Personal Data to third parties unless agreed to under Section 3, on written instruction of Customer, for the purpose of the performance of the Agreement or unless required to do so by applicable laws to which KYOCERA is subject. In the latter case, KYOCERA shall inform Customer of that legal requirement before Processing, unless that law prohibits such information on important grounds of public interest, in which case KYOCERA shall inform Customer within 24 hours after KYOCERA knew or should have known of the legal requirement. 

Article 3 : Sub-Processors

3.1 Appointment. Customer acknowledges and agrees that (a) KYOCERA Affiliates may be retained as Sub-Processors; and (b) KYOCERA and KYOCERA Affiliates respectively may engage third-party Sub-Processors in connection with the provision of Services. A list of appointed Sub-Processors is added in Annex 1 and may be amended from time-to-time at KYOCERA’s sole discretion, but providing at least two (2) weeks’ notice to Customer by publication of the proposed Sub-Processor(s) on the Kyocera website.

3.2 Sub-Processor obligations. For the purpose of sub-processing, KYOCERA shall enter into written agreements with its Sub-Processors, which agreements shall include as a minimum the same obligations as to which KYOCERA is bound to under these Data Processing Terms, and shall in particular include an obligation of the Sub-Processor to implement appropriate TOMs to meet the requirements of applicable Data Protection Laws.

3.3 Right to object new Sub-Processors. Customer may object to KYOCERA’s use of a new Sub-Processor by notifying KYOCERA promptly in writing, but in any case within two (2) weeks after publication of the proposed changes on the KYOCERA website [INSERT LINK TO KCIM DOCUMENTS]. In the event of a reasonable objection, KYOCERA shall work with Customer in good faith to make available a commercially reasonable change in the provision of the Services, which avoids the Processing of Personal data by that proposed Sub-Processor. If KYOCERA is unable to make available such change within a reasonable period of time, which shall not exceed thirty (30) days, Customer may terminate the Agreement with respect only to those Services, which cannot be provided by KYOCERA without the use of the proposed Sub-Processor by providing written notice to KYOCERA.

3.4 Liability. KYOCERA shall be liable for the acts and omissions of its Sub-Processors to the same extent KYOCERA would be liable if performing the services of each Sub-Processor directly under the term of these Data Processing Terms.

Article 4 : KYOCERA personnel

4.1 Confidentiality. KYOCERA ensures that its personnel engaged in the Processing of Personal Data under the Agreement are informed of the confidential nature of the Personal Data. KYOCERA also ensures that it has executed written confidentiality agreements with its personnel engaged in the Processing of Personal Data in regards to the Processing of that Personal Data. KYOCERA ensures that the confidentiality obligations under such written confidentiality agreements survive the termination of the personnel engagement.
 
4.2 Reliability. KYOCERA shall take all reasonable steps to ensure the reliability of the KYOCERA personnel engaged in the Processing of Personal Data.
 
4.3 Limitation of access. KYOCERA ensures that KYOCERA’s access to Personal Data is limited to those personnel performing Services in accordance with the Agreement.
 
4.4 DPO. KYOCERA appointed a DPO, to the extent that the applicable Data Protection Laws require the appointment of a DPO. The KYOCERA DPO can be reached via the contact details as provided in Annex 2. 
 
 
 

Article 5 : Data security and inspection

5.1 Security. KYOCERA shall take all technical and organisational security measures which are reasonably required to ensure a level of security appropriate to the risk, having regard to the state of the art, the costs of implementation, the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons involved. An overview of the technical and organisational security measures is published on the Kyocera website on https://www.kyoceradocumentsolutions.eu/content/download-center/eu/non-product-related/smarter-workspaces/case-study/KCIM_Security_Whitepaper_pdf.download.pdf. To maintain an appropriate level of security, KYOCERA may regularly update this overview, without prior notice.
 
5.2 Audit. KYOCERA shall allow Customer to conduct an audit of the technical and organisational security measures utilised by KYOCERA for the Processing of Personal Data (the “Audit”). The Audit may be conducted once per calendar year, or any number of times per year in case of reasonable suspicion of breach of these Data Processing Terms or at the instruction or request of an applicable Supervisory Authority, during the regular business hours of KYOCERA. Customer shall give KYOCERA reasonable notice of any Audit to be conducted under this Section 5.2 and shall ensure that each of its mandated Auditors takes reasonable endeavours to avoid causing or, if it cannot avoid, to minimise any damage, injury or disruption to KYOCERA's premises, equipment, personnel and business while its personnel are on those premises in the course of the Audit. The purpose of the Audit shall be to verify whether Personal Data is Processed by KYOCERA in accordance with these Data Processing Terms and the Agreement (“Purpose”). The Audit will be conducted by an auditor (“Auditor”), who is not a competitor of KYOCERA, selected by Customer who, in the reasonable judgment of Customer, is neutral and possesses the technical knowledge and skills required to conduct the Audit. Customer shall ensure that the auditor is held to maintain confidentiality with respect to its findings. Solely for the Purpose of the Audit, KYOCERA shall grant the Auditor access to its premises, relevant employees, systems and documents. 

5.3 Audit costs. Customer shall pay for all costs, remunerations, fees and expenses in relation to the Audit, except for internal costs made by KYOCERA in relation to the Audit. If the Audit reveals any material non-compliance by KYOCERA, KYOCERA shall reimburse all actual and reasonable costs of Customer in relation to the Audit.
 
5.4 Audit results. Customer shall provide KYOCERA with a copy of the report of the Auditor. In case the report reveals a default by KYOCERA in the performance of its obligations pursuant to this Agreement or a violation of applicable Personal Data Protection Laws, KYOCERA will promptly cure such default and/or omit the violation and provide Customer with confirmation thereof in writing.
 
 
 

Article 6 : Data Subject Requests

6.1 TOMs. Taking into account the nature of the Processing, KYOCERA shall assist Customer by appropriate TOMs, insofar as this is reasonably possible, for the fulfilment of Customer’s obligation to respond to a Data Subject Request under the GDPR or other applicable Data Protection Laws.

6.2 Data Subject Requests. KYOCERA shall, to the extent legally permitted, promptly notify Customer if it receives a Data Subject Request. To the extent Customer, in its use of the Services, does not have the ability to address a Data Subject Request, KYOCERA shall upon Customer’s request provide reasonable efforts to assist Customer in responding to such Data Subject Request to the extent KYOCERA is legally permitted to do so and the response to such Data Subject Request is required under the GDPR or other Data Protection Laws. To the extent legally permitted, Customer shall be responsible for any costs arising from KYOCERA’s provision of such assistance.

 

Article 7 : Personal Data Breach 

7.1 Notification. To the extent as permitted by law, KYOCERA shall promptly, after it becomes aware, notify Customer of any actual or reasonably suspected Personal Data Breach by KYOCERA or its Sub-Processor(s). The notification shall as a minimum include the information as stipulated in Article 28(3) of the GDPR.

7.2 Remedy. To the extent the Personal Data Breach is caused by a violation by KYOCERA or its Sub-Processors of the requirements of these Data Processing Terms, the Agreement or applicable Data Protection Laws, KYOCERA shall, taking into account the nature of the Personal Data Breach and the risk of varying likelihood and severity for the rights and freedoms of natural persons involved, at the instruction of Customer make all efforts to identify and remediate the cause of the Personal Data Breach, to mitigate the risks to the rights and freedoms of natural persons involved and to further assist Customer with any reasonable request in its compliance with Data Protection Laws on Personal Data Breaches.

7.3 Further assistance. To the extent that the Personal Data Breach is not caused by a violation by KYOCERA or its Sub-Processors of the requirements of these Data Processing Terms, the Agreement or applicable Data Protection Laws, KYOCERA shall provide all reasonable assistance, taking into account the nature of the Personal Data Breach and the risk of varying likelihood and severity for the rights and freedoms of natural persons involved, to Customer in Customer’s handling of the Personal Data Breach. Customer shall be responsible for any costs arising from KYOCERA’s provision of such assistance.

 

Article 8 : Data Protection Impact Assessments and Prior Consultation

KYOCERA shall provide reasonable assistance to Customer with any data protection impact assessments, and prior consultations with Supervisory authorities, which Customer reasonably considers to be required of KYOCERA by Article 35 or 36 of the GDPR or equivalent provisions of any other Data Protection Law, in each case solely in relation to Processing of Personal Data by, and taking into account the nature of the Processing and information available to, KYOCERA.

 

Article 9 : Standard Contractual Clauses

9.1   Applicability. Where KYOCERA transfers personal data to Sub-Processors located outside the EU and where such transfers are not based on an adequacy decision pursuant to Article 45 GDPR, KYOCERA has ensured the conclusion Standard Contractual Clauses and, where necessary, supplementary measures to ensure an adequate level of data protection. Where the Sub-Processor that is subject to Standard Contractual Clauses has engaged other Sub-Processors, the Sub-Processor as indicated in the Standard Contractual Clauses has concluded Standard Contractual Clauses with such Sub-Processors where required. A copy of the applicable Standard Contractual Clauses may be retrieved using the contact details stated in Annex 2.

9.2 Conflict. In the event of any conflict or inconsistency between these Data Processing Terms and the Standard Contractual Clauses, the Standard Contractual Clauses shall prevail. 

 

Article 10 : Deletion and return

At the choice of Customer, KYOCERA shall delete or return the Personal Data to Customer after the provisioning of Services under the Agreement related to the Processing of Personal Data has ended.

 

Article 11 : Liability 

Each Party and its Affiliates’ liability arising out of or related to these Data Processing Terms whether in contract, tort or under any other theory of liability, is subject to the liability limitations as agreed in the Agreement.  

 

Article 12 : Preference over Agreement

Except as amended by these Data Processing Terms, the Agreement remains in full force and effect. If there is a conflict between the Agreement and these Data Processing Terms, the terms and conditions of these Data Processing Terms shall prevail. 

ANNEX 1:  

Annex 1 includes certain details of the Processing of Personal Data as required by Article 28(3) GDPR.


Name of the Service: Kyocera Cloud Information Manager


Subject Matter of the Processing:
The subject matter and duration of the Processing of the Personal Data
are set out in the Agreement and this Data Processing Agreement.

Nature and Purpose of the Processing:

KYOCERA processes Personal Data in the course of providing KCIM. The provision of KCIM includes that KYOCERA is hosting Customer’s Personal in the cloud. Further, in case Customer issues a support request, KYOCERA may have remote access to Customer’s Personal Data when providing requested support services.

Types of Personal Data to be Processed:

  • User name, email address, first name, last name, password
  • Uploaded files: Filename, content of the file, image, thumbnail preview of the image
  • Metadata of uploaded files: Document Class attributes (may include first name, last name, address, phone number, and email address)
  • File name
  • Creator/Editor (first name, last name, username)

Category of Affected Data Subjects:

  • Data Controller’s (Customers’) employees

Sub-Processors:

  • KYOCERA Document Solutions Inc., Japan
  • Google Cloud Japan G.K., Japan
  • KYOCERA Document Solutions Development America, Inc., USA
  • OPTIMAL SYSTEMS GmbH, Germany

Annex 2: KYOCERA Document Solutions Europe Management B.V. Sales Companies

If KYOCERA Document Solutions is not located in the country where Customer is located, then these Data Processing Terms apply to KYOCERA Document Solutions Europe Management B.V.

KYOCERA Document Solutions Europe Management B.V.
Attn.: Data Protection Officer
Beechavenue 27
2132 NP  Schiphol-Rijk
The Netherlands
e: privacy@deu.kyocera.com

1) KYOCERA Document Solutions Belgium N.V., Sint-Martinusweg 199-201, 1930 Zaventem, Belgium, e: privacy@dbe.kyocera.com

2) KYOCERA Document Solutions Danmark A/S, Ejby Industrivej 60, 2600 Glostrup, Danmark, e: privacy@ddk.kyocera.com

3) KYOCERA Document Solutions Finland Oy, Atomitie 5, 00370 Helsinki, Finland, e: privacy@dfi.kyocera.com

4) KYOCERA Document Solutions France S.A.S., Espace Technologique de Saint Aubin, Route de l’Orme, 91195 Gif sur Yvette Cedex, France, e: privacy@dfr.kyocera.com

5) KYOCERA Document Solutions Deutschland GmbH, Otto-Hahn-Str. 12, 40670 Meerbusch, Germany, e: datenschutz@dde.kyocera.com

6) AKI GmbH, Berliner Pl. 9, 97080 Würzburg, Germany, e: datenschutz@dde.kyocera.com

7) KYOCERA Document Solutions Austria GmbH, Wienerbergstr. 11, Tower A/18th floor, 1100 Vienna, Austria, e: datenschutz@dat.kyocera.com

8) KYOCERA Document Solutions Italia S.p.A., Via Monfalcone, 15, 20132 Milano (MI), Italy, e: privacy@dit.kyocera.com

9) KYOCERA Document Solutions Nederland B.V., Beechavenue 25, 1119 RA Schiphol-Rijk, The Netherlands, e: privacy@dnl.kyocera.com

10) KYOCERA Document Solutions Portugal Lda., Rua do Centro Cultural, 41 (Alvalade), 1700-106 Lisboa, Portugal, e: privacy@dpt.kyocera.com

11) KYOCERA Document Solutions Russia L.L.C., Building 2, 51/4, Schepkina St., 129110 Moscow, Russian Federation, e: privacy@deu.kyocera.com

12) KYOCERA Document Solutions South Africa Holdings (Pty) Ltd., KYOCERA House, Hertford Office Park, 90 Bekker Road CNR, Allandale, Vorna Valley, 1682, Midrand, South
Africa, e: privacy@deu.kyocera.com

13) KYOCERA Document Solutions South Africa (Pty) Ltd., KYOCERA House, Hertford Office Park, 90 Bekker Road CNR, Allandale, Vorna Valley, 1682, Midrand, South Africa, e: privacy@deu.kyocera.com

14) KYOCERA Document Solutions España S.A., Edificio Kyocera, Avda. de Manacor No.2, 28290 Las Matas (Madrid), Spain, e: privacy@des.kyocera.com

15) KYOCERA Document Solutions Nordic AB, Esbogatan 16B, 164 75 Kista, Sweden, e: privacy@dnr.kyocera.com

16) KYOCERA Document Solutions Europe Management B.V. - Swiss Branch Office, Hohlstrasse 614, 8048 CH Zürich, Switzerland, e: privacy@deu.kyocera.com

17) KYOCERA Document Solutions (U.K.) Ltd., Eldon Court, 75-77 London Road, Reading, Berkshire RG1 5BS, United Kingdom, e: privacy@duk.kyocera.com

18) Midshire Communications Limited, Eldon Court, 75-77 London Road, Reading, Berkshire, England, RG1 5BS, e: privacy@duk.kyocera.com

19) KYOCERA Bilgitaş Turkey Doküman Çözümleri A.Şeldon , Gülbahar Mah. Otello Kamil Sok. No:6 34394 ŞİŞLİ, Istanbul, Turkey, e: privacy@deu.kyocera.com

20) Annodata Ltd., The Maylands Building, Maylands Avenue, Hemel Hempstead Industrial Estate, Hemel Hempstead, Hertfordshire HP2 7TG, e: privacy@duk.kyocera.com

21) ALOS Handels GmbH, Dieselstraße 17, 50859 Köln, Germany, e: datenschutz@dde.kyocera.com

22) ALOS Solution AG, Bachstrasse 29, 8912 Obfelden, Switzerland, e: datenschutz@dde.kyocera.com

23) Kyocera Document Solutions Czech , s.r.o., Harfa Office Park Českomoravská 2420/15, 9, 190 00, Prague, Czech Republic, e: privacy@deu.kyocera.com

24) Kyocera Document Solutions Czech – Slovak Branch Office,  Rybnicna 40, Bratislava 831 06, Slovakia, e: privacy@deu.kyocera.com

25) Kyocera Document Solutions Middle East, Office 157, Building 17 behind Gloria Hotel,
P.O. Box 500817, Dubai, UAE, e: privacy@deu.kyocera.com

  • KCIM Data Processing Terms and Conditions (KCIM-Data-Processing-Terms-and-Conditions.pdf)
    • 625 KB
    • PDF

Cookies and your privacy

We use essential cookies to make interactions with our website easy and effective, statistical cookies for us to better understand how our website is used and marketing cookies to tailor advertising for you. You can select your cookie preferences using the 'Preferences' button below, or select 'I agree' to continue with all cookies.

Cookie preferences

Field is required

We use cookies to make sure that our website is working properly or, occasionally, to provide a service on your request (such as managing your cookie preferences). These cookies are always active unless you set your browser to block them, which may prevent some parts of the website from working as expected.

Field is required

These cookies allow us to measure and improve the performance of our website.

Field is required

These cookies are only placed in case you give your consent. We use Marketing cookies to follow how you click and visit our websites in order to show you content based on your interests and to show you personalised advertisement. Currently you do not accept these cookies. Please check this box if you would like to.