Information Security is not achieved by AskCody alone. The Customer (Controller) have a responsibility as well. The AskCody Platform and our services only live up to its standards and requirements if used accordingly to the SLA.
The Customers’ Responsibility for data processing
Being an AskCody Customer and having access to the AskCody Platform, the customer (controller) is responsible for the information they enter and input into the AskCody Platform, including the type of personal data.
- The Controller must ensure that the instructions are legal in relation to the data protection legislation at all times and that the instructions are appropriate in relation to the Contract and the data processing agreement concluded.
- The Controller is responsible for ensuring that administrators’ use of and the processing of personal data in the AskCody Platform are in accordance with the data protection legislation.
- The Controller manages the user rights in the AskCody Platform, including which people are granted administrator rights and which rights each administrator is granted.
- The Controller must not use the AskCody Platform for processing, including storage of sensitive personal data, and it is the Controller’s responsibility to ensure that no such data is entered or uploaded in the AskCody Platform.
- As regards return of data, AskCody integrates with the Customer’s Microsoft Exchange Server, Exchange Online tenant, and Active Directory leveraging the Controller’s core data that the Controller is already owning and being responsible for. Upon termination of contract or upon request to return Controllers’ data, the Controller already holds and owns the data in the AskCody Platform, and therefore AskCody cannot return data to the Controller, which the Controller already has.
It is solely the Customers’ responsibility to only include the type of Personal Data described, categories and subjects of data in meeting invitations since AskCody is not responsible for the content of a meeting, nor data inputted, types of personal data added to a meeting invitation, or possible sensitive data added as meeting attachments.
AskCody is therefore only responsible for the processing of Personal Data, not Sensitive Personal Data if such data is entered by the Customer into meeting information (invites, description, etc.).
AskCody does not have any control over how Customers operate their AskCody solution and if any other data types are added to the AskCody services. AskCody can only guide, help, and motivate the Customer to use the product as intended and in compliance with the Service Level Agreement and the Data Processing Agreement as entered between the Controller (Customer) and AskCody. The Information Security Policies and Rules are implemented to secure, that when the AskCody platform is used as intended, the AskCody Platform complies with applicable legislation and data law.