1.2 Midway shall process Personal Data in accordance with applicable data protection laws and in respect of Data Subjects within the European Economic Area (“EEA”). Midway shall comply with requirements of European Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regards to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”).
1.5 Midway acts as a Data Controller and sets the purpose and means for processing the following data:
Personal Data of the Users who are themselves the clients of Midway and who transmit their Personal Data directly to Midway, such as freelancers and other individuals who register for CLAPS service independently (create CLAPS account for their own use).
Personal Data of individuals who subscribe for receiving commercial communication and other news and updates from CLAPS service, but who are not registered users of CLAPS Service.
1.6 When Midway processes Personal Data that has been transferred to Midway by the Clients, Midway acts as the Data Processor.
2.1 This section concerns Midway Clients that transfer Personal Data of end-users of the Service, such as personal data of Client’s employees, to Midway. In respect of such data, the Client sets the purpose and means of processing Personal Data, therefore the Client is the Data Controller.
2.2 Midway processes end-users’ Personal Data on behalf of the Client, and Midway only accesses the data for the purpose of rendering the Service, therefore Midway is the Data Processor.
Details of processing
2.4 When the Client creates accounts for end-users in its group the Client transfers the Personal Data of such end-users to Midway. In that way the Client instructs Midway to process Personal Data in order to provide Service to the Client pursuant to the agreement concluded between the Client and Midway.
2.6 Midway will always process all Personal Data on behalf of the Client following the Client’s instructions and in compliance with the applicable data protection laws and regulations including requirements of GDPR where applicable.
Type of personal data and categories of data subjects
2.7 Categories of data subjects whose Personal Data will be processed on behalf of the Client include the Client’s employees, representatives and other end-users that will be registered under the Client’s group account. The information about these individuals that may contain Personal Data are indicated in Paragraph 4.
2.8 Client represents that it has acquired all necessary consents and/or relies on other appropriate legal basis for the processing of Personal Data of end-users. Client confirms that end-users have been informed about the fact that their Personal Data is transferred to Midway as a Processor and other third parties used by Midway for the provision of Service.
Duration of the processing
2.9 Midway will process the aforementioned data for as long as Midway provides the Service to the Client and the Client has an active CLAPS account.
2.10 When an end-user’s account is deleted by the Client, Midway will process data of deleted accounts in the Client’s group for statistical and analytical interests of the Client. However, such data can be deleted at any time upon Client’s request.
2.11 After terminating contractual relationship between Midway and the Client, we may continue to store some Personal Data, but limited to the minimum amount required, as might be necessary for us to comply with legal obligations, to ensure reliable back-up systems, to resolve disputes between the Client and Midway, if any, to prevent fraud and abuse, to enforce Midway agreements, and/or to pursue legitimate interests of Midway or third parties.
Assistance to the controller
2.13 Taking into account the nature of the processing, Midway as a Data Processor will assist the Client with provision of technical or organizational measures, insofar as possible, for the fulfilment of the Client’s obligations as a Data Controller in relation to:
Return and deletion of data
2.14 Unless otherwise required by applicable law, Midway has no obligation to store the Client’s data after termination of the agreement with the Client and deletion of the Client’s account and all accounts associated with it.
2.15 At the choice of the Client, Midway will delete or return all the Personal Data to the Client after the end of the provision of Service relating to processing and shall delete existing copies, unless applicable law requires Midway to store such Personal Data.
3.1 Midway as a Controller shall process your Personal Data in order to provide you with the Service, to improve our Service, to solve any Service related issues you may have and to ensure that you receive the best customer experience possible.
3.2 Midway collects and processes your Personal Data including, but not limited for the following purposes:
3.3 Midway only collects and processes your Personal Data where we have lawful basis. Legal grounds for the processing of your Personal Data vary depending on the specific group of data and the purposes for processing it. Note that we may be processing the same Personal Data for several purposes simultaneously and, respectively, on more than one legal ground.
4.1 Midway collects, generates and receives information in a variety of ways when you use the Service. Some of this information constitutes Personal Data.
Information you provide upon creating your account
4.2 As a User of CLAPS Services you provide us with information containing your Personal Data. Upon registration and creating your profile you provide us with the following information:
4.3 Please note that some options within the Service allow our Users to voluntarily disclose their Personal Data such as personal email address, or any data that you enter into notes, as well as some special category data. Midway does not oblige Users to submit such data since it is not essential for provision of the Service, and Users are able to use the Service without providing us with the aforementioned data.
Information generated when using the Service
4.4 Some of the information processed by Midway is created by you using the Service, and this information may also contain Personal Data. Midway records the following information when you use the Service (devices with CLAPS service installed and running):
IP address, Device names, Device Serial Numbers, usernames for users that use the device, CLAPS service version, last connection date to the service, approximate location (based on public IP), operating system name and versions, security updates information, operating system security configuration (registry keys and values), software installed and paths.
4.5 When you are just the end-user and not the Client of the Service, the above-mentioned information is provided to Midway by the Client (e.g. your employer).
5.1 Upon visiting our website we may collect and process the following information that may contain your Personal Data:
5.2 When you subscribe to CLAPS blog, leave comments on blog entries, or submit a question to us, you are providing Midway with the following information that contains your Personal Data:
5.3 When you subscribe to our blog or newsletter we will process your e-mail address to send you informative materials, such as newsletters, advertisements and others. At any point in time you can unsubscribe from receiving the above-mentioned information in your e-mail footers.
6.1 Midway retains Personal Data of User account for as long as you maintain your CLAPS account or as otherwise necessary for Midway to provide you the Service.
6.2 Data created by you when using the Service (paragraph 4.4) is kept by Midway for 90 days.
6.3After you as a User terminate your relationship with us by deleting your CLAPS account or otherwise terminating the contract for CLPAS Service, we may continue to store certain information as reasonably necessary to comply with our legal obligations, to resolve disputes, if any, to prevent fraud and abuse, to enforce our agreement, and/or to protect our legitimate interests.
7.1 For Midway to be able to provide you with our Service, we work with third parties that provide us with different services we need in ordinary course of our business. Therefore, we share your Personal Data with such third-party service providers. They process your personal data on behalf of Midway.
7.2 The categories of recipients of your Personal Data include, hosting and server co-location service providers, communication and content delivery networks, data and cyber security service providers, billing and payment processing service providers, fraud detection and prevention service providers, web analytics, email distribution and monitoring service providers, session recording service, marketing service providers, legal and financial advisors, among others (“Third-Party Service Providers”).
7.3 Third-Party Service Providers only receive strict minimum amount of Personal Data as necessary for them to provide us with requested service. Midway shares Personal Data only with such Third-Party Service Providers that are able to demonstrate that they have implemented appropriate measures to ensure that Personal Data is processed in compliance with GDPR and other applicable laws and regulations.
7.4 In certain situations we might have a legal obligations to share your information with third parties. Such situation may arise when sharing your Personal Data with third party is required by law or when information is requested by public authorities.
7.6 Personal Data processed by Midway may be transferred to Third-Party Service Providers that are located outside of EEA. If Midway transfers Personal Data to a Third-Party Service Provider located outside of EEA, Midway will only send Personal Data to such recipients that have taken adequate data processing and protection requirements and that are able to ensure an adequate level of protection or have provided adequate guarantees.
8.1 Individuals located in certain countries, including the European Economic Area, have certain statutory rights in relation to their Personal Data. Subject to any exemptions provided by law, you may have the right to request access to your Personal Data to seek to update, delete or correct this data, to restrict or object to processing of your data, as well as right to portability of your Personal Data.
8.2 You can use these rights by logging into your CLAPS account or by getting in touch with Midway using the contact information provided below in Paragraph 12.
8.3 Furthermore, if you believe that Midway has unlawfully processed your Personal Data, you have the right to submit a complaint to Midway by using the contact information provided below, or you may submit complaint to a respective data protection supervisory authority in your country.
8.4 If you are an individual whose Personal Data has been provided to Midway by the Client (e.g. employee of the Client), please contact the Client to exercise your rights as a Data Subject stated above.
8.5 In case Midway receives complaint or request from individual, whose Personal Data has been provided to Midway by the Client, exercising his/her rights as a Data Subject, Midway will not respond to such complaint or request without prior written authorization by the Client.
9.1 Midway uses reasonable organizational, technical, and administrative measures to protect the confidentiality, integrity, and availability of Personal Data. We encourage Users, Clients and their end-users to take care of their own Personal Data as well as Personal Data in their possession and set strong passwords for CLAPS account, limit access to computer and browser by signing out after end of session, and as possible avoid providing Midway with any sensitive information, disclosure of which could cause substantial harm to Data Subject.
9.2 All of Midway’s authorized personnel involved in the processing of Personal Data provided to us have committed themselves to confidentiality obligations and shall not access or otherwise process Personal Data without authorization and if it’s not necessary for the purposes such data was obtained in the first place.
9.3 In the event a Personal Data breach occurs, we will notify you in compliance with the obligations set out in applicable laws and will provide reasonable assistance regarding the investigation of Personal Data breaches and the notification to the supervisory authorities and data subjects regarding such personal data breaches.
10.3 Such audits are allowed to be carried out by independent third party with good market reputation, provided that it has sufficient experience and competence to carry out data processing audits, and election of such auditor must be mutually agreed by both the Client and Midway.
10.4 The timing and other practicalities related to any such audit or inspection are determined by us and any such information and assistance are provided at exclusively the cost and expense of the Client, and we reserve the right to charge the Client for any additional work or other costs incurred by us in connection with the Client using such rights. The Client has rights to request the audit once every 2 years.
10.5 The auditor will have to sign confidentiality agreement which includes obligation not to disclose business information in its audit report, and the final report will also have to be provided to Midway.
Attn: Data Protection Officer
Charles Darwin street N°3. Pavilion Monorrail, 41092, Isla de la Cartuja, Sevilla. Spain
Effective as of January 29 2021