Ricoh Logo
Languages

Schedule 1

This Schedule 1 specifies the obligations of the parties in relation to the Cloud-Services described in the DocuWare EULA ("EULA").

§ 1 Data Processing

  1. Subject-Matter, Nature and Term of the Data Processing. DocuWare processes personal data forwarded by the End User or Authorized Users solely on behalf of the End User. This Schedule 1 shall govern all issues between the End User and DocuWare concerning such processing. As used herein, personal data means information that personally identifies a natural person, including without limitation name, personal address, personal telephone number, personal e-mail address, government identifiers (such as a Social Security number, passport number or driver's license number), unique biometric identifiers, financial account numbers or health or medical treatment or payment information, as well as any other personal information that is regulated under applicable U.S. state and federal data privacy or data protection laws ("Privacy Laws").

§ 2 Obligations of the End User

  1. The End User shall have sole responsibility for the accuracy, quality, and legality of personal data and for the means by which the End User or Authorized User has acquired personal data.

  2. The End User may, not more than once in any calendar year, request from DocuWare reasonable written assurance of DocuWare’s compliance with this Schedule 1 DocuWare undertakes to provide the End User with the information reasonably required to respond to such request (e.g., a summary of any applicable audit reports on DocuWare's controls applicable to personal data received from End User). DocuWare shall be entitled to compensation for expenses resulting from instructions from the End User that exceed the legal requirements related to an audit or exceeds commercially reasonable audit assistance on the basis of the then-current hourly rates of DocuWare.

  3. The End User shall inform DocuWare immediately, if errors/irregularities are encountered in the audit results.

§ 3 Obligations of DocuWare

  1. DocuWare personnel engaged in the processing of personal data have received appropriate training on their responsibilities and are subject to obligations of confidentiality with DocuWare.

  2. DocuWare shall only process personal data on behalf of and in accordance with End User's instructions and shall treat personal data as confidential information. The End User instructs DocuWare to process personal data for the following purposes: (I) processing in accordance with the EULA and applicable orders placed by End User under the EULA, and (II) processing to comply with other reasonable instructions provided by the End User where such instructions are consistent with the terms of the EULA. DocuWare shall not use the data provided for data processing for other purposes and shall not store this data for a period longer than that specified by the End User or required by law.

  3. The data shall be processed exclusively within the territory of the USA, except when customer provides documents or data in a support case to DocuWare or as otherwise mutually agreed in writing by End User and DocuWare. Any other forwarding of data to a third country requires the prior consent of the End User and is subject to the parties' compliance with the special requirements of applicable data protection laws.

  4. DocuWare shall promptly notify the End User where DocuWare becomes aware of any unlawful access to any End User personal data stored on DocuWare's equipment or in DocuWare's facilities, or unauthorized access to such equipment or facilities resulting in loss, disclosure, or alteration of the End User's personal data. DocuWare will investigate the incident and provide the End User with information about the incident and take reasonable steps to mitigate the effects and to minimize any damage resulting from the incident. The End User agrees that DocuWare's obligation under this Section is not and will not be constructed as an acknowledgement by DocuWare of any fault or liability with respect to the incident or an obligation on the part of DocuWare to provide legal advice or otherwise to advise End User or monitor End User's legal obligations with respect to Privacy laws.

  5. Upon termination of the Cloud-Services DocuWare will keep any data produced in connection with the commission at least for further 60 days and will delete them no later than 90 days after the end-date of the EULA, and this Schedule 1 shall continue to apply within this period of time. The End User shall have the right to request an earlier deletion in writing. The End User hereby acknowledges agrees with these cancellation rules. Notwithstanding the foregoing, the End User is responsible for saving of all personal data provided to DocuWare throughout the duration of the term of the EULA. Documentation intended as proof of proper data processing shall be kept by DocuWare beyond the end of the EULA as may be required under laws applicable to DocuWare and DocuWare's data retention policies.

§ 4 Ricoh and Subcontractors

  1. The End User acknowledges and agrees, that DocuWare's affiliates and Ricoh, as well as third-party sub-contractors engaged by an affiliate or DocuWare itself (including Microsoft Azure) are permitted have access to personal data in connection with the provision of the Cloud-Services. Any of such sub­ contractors will be permitted to obtain personal data only to deliver service DocuWare has retained them to provide. DocuWare shall exercise the due care required by law by the selection of subcontractors. DocuWare may engage its own affiliated companies or other sub-contractors for the performance of the EULA without written consent of End User.

§ 5 Technical and Organizational Security Measures

  1. DocuWare shall maintain administrative, physical and technical safeguard for protection of the security, confidentiality and integrity of personal data.