This page is an annex to the Data Processing Agreement and details the processing activities that take place on the xyzt.ai platform.
- The categories of Personal Data subject to processing under the agreement are the following:
Personal data as uploaded by the Customer, which data may include (without being limitative) location data including geo-location (GPS location, triangulated location,…) with possible other attributes that might or might not include address information, identification information, and more.
2. Purpose of the Data Processing
The purpose of the data processing on the xyzt.ai platform consists of insight generation including hot spot analysis, trend analysis, change analysis, and more.
3. Processing Activities and Locations of Processing
The xyzt.ai platform stores, processes, and serves Customer data for visualizations and analysis purposes. Storage and processing is performed on Amazon AWS in the EU region.
There are no sub-processors.
5. Security Measures
Following security measures are in place to protect the Customer data. Physical access control: restriction of access rights to the office building to the minimum necessary. Logical access control. Use of unauthorized persons of data processing systems is prevented as follows. IT systems are only accessible by the CTO and Head of Software Engineering. Access is protected using strong passwords, two-factor authentication, and private-public-key-methods. Access control to data: Only the CTO and Head of Software Engineering have access to the Customer data and access is restricted to the bare minimum for support reasons. Data is stored on encrypted file systems. Data flow controls: Data transmission to and from the xyzt.ai platform is protected using encrypted communication protocols (TLS-based protocols). Availability control: Data is backed up using Amazon AWS backup functionality.