Data Protection Agreement

(Revision February 2019)

(A) IDEXX Europe B.V. or an Affiliate of IDEXX Europe B.V. (as applicable, “IDEXX”) and the user of one of more of the services described on Exhibit A of this Data Protection Agreement (“Customer”) have entered into an Agreement for IDEXX to provide such services. In the context of the Agreement, IDEXX will process Personal Data on behalf of and for the benefit of Customer as data processor;

(B) In addition, if described in the Schedules to this Data Protection Agreement with respect to a particular IDEXX service, IDEXX will process Personal Data in the context of the Agreement also as (joint) controller, where it (jointly) determines the purposes and the means of the processing of the Personal Data;

(C) The arrangements between the Parties relating to the processing of Personal Data are laid down in this Data Protection Agreement in accordance with applicable law;

(D) IDEXX and Customer will collectively be referred to as "Parties", or separately as "Party",

 

1 Relationship to the Agreement

1.1 This Data Protection Agreement is an annex to the Agreement referenced on Exhibit A and sets aside any (oral and/or written) arrangements of an earlier date relating to the processing of Personal Data between Customer acting as data controller, and IDEXX acting as data processor or (joint) controller in respect of the Personal Data, if applicable.

1.2 Unless explicitly stipulated otherwise in this Data Protection Agreement, in case of discrepancies between the provisions of the Agreement, the privacy policy referred to in the Agreement and this Data Protection Agreement, the following ranking order applies:

1. Data Protection Agreement;
2. Agreement;
3. The privacy policy referred to in the Agreement; and
4. Any other relevant agreement or other arrangement that applies between Parties.

 

2 Structure of this Data Protection Agreement

2.1 Part A contains the definitions and general part on the processing of personal data in the context of this Data Protection Agreement. This part applies to both the situation where IDEXX acts as data processor as where it acts as data controller in relation to the Personal Data.

2.2 Part B contains provisions that only apply to the situation where IDEXX acts as data processor in relation to the Personal Data.

2.3 Part C contains provisions that only apply to the situation where IDEXX acts as data controller in relation to the Personal Data, if applicable as noted in the Schedules hereto.

2.4 Part D contains the concluding provisions. This part applies to both the situation where IDEXX acts as data processor and where it acts as data controller in relation to the Personal Data.

 

PART A - General

3 Definitions

3.1 All definitions included in the Agreement shall also apply to this Data Protection Agreement, unless stipulated otherwise in this Data Protection Agreement. In addition, thereto, the following definitions apply to this Data Protection Agreement:

3.2 Affiliate: any person or entity (“Person”) controlling, controlled by or under common control with another Person. For these purposes, "control" shall refer to (i) the possession, directly or indirectly, of the power to direct the management or policies of the subject entity, whether through the ownership of voting securities, by contract, or otherwise, or (ii) the ownership, directly or indirectly, of at least fifty percent (50%) of the voting securities or other ownership interest of the subject entity, or in the event such entity resides in a country where such level of ownership is not permitted, the maximum percentage ownership therein allowed;

3.3 Data Breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise processed;

3.4 Data Protection Agreement: this data protection agreement, and any alteration, substitution, update or later versions thereof;

3.5 Data Processing System: system that is used for processing the Personal Data by IDEXX or its subcontractors;

3.6 Data Subject: the person to whom the Personal Data relate;

3.7 Employees: the employees and other persons engaged by IDEXX for the performance of the Agreement;

3.8 Governmental Authority: a competent governmental authority;

3.9 Non-EEA Entity: any entity engaged by IDEXX as subcontractor, incorporated and/or processing the Personal Data controlled by Customer in a country outside the European Economic Area and/or not being a country that has been deemed to provide an adequate level of data protection by way of decision of the European Commission and/or that has not adhered to the EU-US Privacy Shield;

3.10 Personal Data: any data relating to an identified or identifiable living natural person;

 

4 Subject of this Data Protection Agreement

4.1 IDEXX will process Personal Data on behalf of and for the benefit of Customer as data processor. In addition, if applicable as noted in the Schedules hereto, IDEXX will process Personal Data as (joint) controller next to Customer, where it (jointly) determines the purposes and the means of the processing of the Personal Data;

4.2 This Data Protection Agreement is agreed upon on behalf and for the benefit of IDEXX and its Affiliates. Where IDEXX is referenced in this Data Protection Agreement, it shall also mean any Affiliate of IDEXX. IDEXX is entitled to enforce this Data Protection Agreement for itself and also on behalf of any of its Affiliates. Furthermore, Affiliates of IDEXX are entitled to enforce this Data Protection Agreement as if these Affiliates are parties to this Data Protection Agreement.

 

5 Processing of the Personal Data

5.1 The Schedules to this Data Protection Agreement contain a description of the processing activities. Parties shall maintain an adequately protected written or electronic record of all categories of processing activities carried out in line with the applicable law, insofar such record is not yet covered by this Data Protection Agreement.

5.2 Customer warrants that it processes or shall have processed the Personal Data in accordance with the applicable law. Customer shall upon first request of IDEXX promptly provide all relevant information requested to IDEXX in writing, which may include in electronic form. IDEXX is not responsible or liable for compliance with Customer's obligations under the applicable law, including without limitation Customer’s obligations to its own customers or clients, such as Customer’s obligation to inform its customer or clients of recipients of their Personal Data.

5.3 Taking into account the nature of the data processing and the information available to Parties, Parties shall provide each other with all necessary assistance in complying with the obligations that rest upon the Parties under the applicable law, in particular the obligations in relation to the security of Personal Data, Data Breach notification duties, information duty and the execution of data protection impact assessments, including prior consultation of the relevant Governmental Authority.

 

PART B - Data Processor

6 Processing of the Personal Data as data processor

6.1 IDEXX shall only process Personal Data on behalf of Customer and in accordance with the documented instructions that Customer may provide, including with regards to transfers of Personal Data to a third country. IDEXX shall immediately inform Customer if, in its opinion, any of the instructions of Customer infringes the applicable law. IDEXX shall have no independent say in relation to the Personal Data that it processes. IDEXX shall not process the Personal Data for its own or any third party's benefit or purposes, or for other purposes, unless otherwise required by the applicable law.

6.2 The Schedules list the (groups of) Employees of IDEXX and/or other persons engaged by IDEXX that may have access to the Personal Data and describes the types of Personal Data and the data processing activities these persons are allowed to perform; other processing activities are explicitly prohibited. IDEXX shall ensure that such persons have committed themselves to confidentiality to the extent these persons are not bound by an appropriate statutory confidentiality obligation. IDEXX shall ensure that these Employees or other persons engaged by it comply with all the obligations laid down in this Data Protection Agreement and the Agreement.

 

7 Subcontractors

7.1 IDEXX may engage subcontractors (sub-data processors). Information about IDEXX’s subcontractors, including their function and locations, is available at idexx.eu/gdpr (as may be updated by IDEXX from time to time). IDEXX shall inform Customer in a manner determined by IDEXX of any intended changes concerning the addition or replacement of such subcontractors. Customer may object to any new subcontractor by terminating the Agreement upon written notice to IDEXX, provided that Customer provides such notice to IDEXX within 60 days of IDEXX informing Customer of the engagement of the subcontractor. This termination right is Customer’s sole and exclusive remedy if Customer objects to any new subcontractor.

7.2 In case of subcontracting for personal data processing activities, (a) IDEXX shall conclude and enforce a written sub data processing agreement with such subcontractor with privacy and data security obligations that are at least as stringent as those set forth in this Data Protection Agreement; and (b) IDEXX shall remain responsible and liable for fulfillment of its obligations under the Agreement, this Data Protection Agreement, and applicable law.

 

8 Security Measures

8.1 IDEXX shall implement appropriate technical and organizational security measures to ensure an appropriate level of security in relation to the Personal Data, inter alia in view of controller's obligation to respond to requests of Data Subjects that exercise their rights. The technical and organizational security measures to be implemented by IDEXX, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, are described on the Security Appendix. IDEXX may update or modify its security measures from time to time, provided that such updates and modifications do not result in a reduction of the overall security of the services.

8.2 IDEXX shall regularly assess its technical and organizational security measures, and update them where necessary. At Customer’s written request, IDEXX will provide Customer a confidential report summarizing IDEXX’s assessment of its security measures.

 

9 Reporting of Data Breaches

9.1 IDEXX shall maintain adequate procedures designed to detect and respond to all Data Breaches in accordance with the applicable law.

9.2 The obligation of IDEXX to notify Customer of a Data Breach and to take action in relation to a Data Breach does not lead to an acknowledgment of any defect or liability on the side of IDEXX in relation to that Data Breach.

9.3 As soon as IDEXX detects a Data Breach of which Customer was not yet informed, IDEXX shall inform Customer without undue delay thereof in a manner determined by IDEXX. IDEXX shall inform the Customer contact provided by Customer in connection with the services.

9.4 When Customer itself is aware of a Data Breach relevant for the provision of the Services by IDEXX, Customer shall inform IDEXX without undue delay thereof, including which measures have been or will be taken by Customer.

9.5 Upon detection of a Data Breach by IDEXX, IDEXX shall provide all reasonable feedback to Customer about the possible impact of the Data Breach on Customer and the affected Data Subjects. The feedback includes a description of the nature and extent of the Data Breach, the measures planned and already taken to prevent damage.

9.6 On request of Customer, IDEXX will also provide reasonably needed assistance in composing the relevant documentation in relation to the Data Breach. Customer will however remain responsible for the obligation to keep an internal overview of Data Breaches that have occurred.

9.7 If Customer requests IDEXX to inform the affected Data Subject(s) and/or the competent Governmental Authority on the Data Breach, IDEXX shall only do so upon receiving a written and full instruction of Customer. This does not lead to any responsibility or liability for IDEXX in relation to the (notification of) the Data Breach.

 

10 Audit rights of Customer

10.1 Customer may at its own expenses and upon prior consultation with IDEXX perform an audit on the Data Processing System to examine whether the reasonable technical and organizational security measures that have been taken in relation to the Personal Data processed in the context of this Data Protection Agreement are in line with the measures described in article 8.

10.2 IDEXX shall make available to Customer all information reasonably necessary to demonstrate compliance with Customer's obligations to conclude a data processing agreement in line with the relevant requirements in this respect under the applicable law, and allow for and contribute to audits, including inspections, conducted by Customer or an auditor mandated by Customer. In consultation with IDEXX, Customer may engage a third party (expert) to perform its audit rights, provided that such third party will be bound by a confidentiality obligation.

10.3 The execution of an audit by Customer or on behalf of Customer shall not cause any delay in the business activities of IDEXX or any of its subcontractors.

 

11 Audit rights of Customer

11.1 IDEXX may transfer and store Personal Data to and in its locations in the United States. IDEXX certifies to and complies with the EU-US Privacy Shield and the transfer of Personal Data to IDEXX’s locations in the United States falls within the scope of such certification.

11.2 If IDEXX intends to transfer the Personal Data to a Non-EEA Entity, IDEXX shall inform Customer of such intention. IDEXX hereby informs Customer of such intention to the extent that the subcontractors referenced in Article 7 of this Data Protection Agreement are Non-EEA Entities.

11.3 The transfer to a Non-EEA Entity may be legitimized based upon the EU-US Privacy Shield, where it concerns a transfer to a US entity that is self-certified to the EU-US Privacy Shield, and the transfer falls within the scope of such certification.

11.4 As the case may be, the transfer to a Non-EEA Entity may instead also be legitimized based upon the unchanged EU-recommended controller-to-processor Standard Contractual Clauses. These Standard Contractual Clauses without optional clauses shall be deemed incorporated by reference herein and apply between Customer and the Non-EEA Entity, if and to the extent Personal Data to which the data protection laws of a member state of the EEA applies are transferred from the EEA to a Non-EEA Entity. The applicable Standard Contractual Clauses incorporated herein in accordance with this article, is agreed in the name and on behalf of the Non-EEA Entity by IDEXX acting as the Non-EEA Entity's attorney.

11.5 Nothing in (the body of) the Agreement or this Data Protection Agreement shall be construed to prevail over any conflicting clause of the Standard Contractual Clauses. Customer acknowledges it has had the opportunity to review the Standard Contractual Clauses or to request a full copy from IDEXX.

12 Requests of Data Subjects IDEXX shall provide all reasonable assistance to facilitate that Customer is able to comply with its obligations as data controller if a Data Subject exercises any of its rights under the applicable law.

 

PART C - Data Controller

13 IDEXX acting as (joint) data controller

In so far IDEXX determines the purposes and the means of the processing of Personal Data or (jointly) with Customer, IDEXX will then act as (joint) data controller in respect of such data processing activities as described in the applicable Schedule.

14 Information Duties towards Data Subjects and Rights of the Data Subjects

14.1 In the event of joint data controllership, Customer will inform the Data Subjects regarding the processing of their Personal Data and the essence of the arrangement between the Parties hereof in accordance with the instructions (to be) provided by IDEXX. Customer warrants that it will inform the Data Subjects as per IDEXX’s instructions and shall immediately provide IDEXX with all requested information in writing in this regard.

14.2 Parties shall also fully cooperate with each other so that both Parties can live up to their statutory obligations as data controller if a Data Subject exercises its rights under the applicable law.

14.3 Parties acknowledge that irrespective of the terms of the Data Protection Agreement, the Data Subjects may not be deprived of exercising their rights under the applicable law towards Parties.

 

PART D - General

15 Costs

15.1 The costs IDEXX may incur in performing its obligations under this Data Protection Agreement (for example, providing assistance to Customer in responding to data subject requests) may result in IDEXX charging Customer for additional work. If this is the case, IDEXX will inform Customer thereof.

16 Indemnity

16.1 Customer shall fully indemnify IDEXX against any claim by a third party, including by any of the Data Subjects, imposed against IDEXX as result of a breach of the applicable law, which can be attributed to Customer or any of its employees or contractors.

17 Term and Termination

17.1 This Data Protection Agreement enters into force on the date that IDEXX first processes the Personal Data on behalf of Customer in the performance of the Agreement.

17.2 This Data Protection Agreement shall remain in effect for the duration of the Agreement. In the event the Agreement ends, this Data Protection Agreement ends as well by operation of law, without further legal action

17.3 Unless there is a minimum statutory period applicable to IDEXX’s retention of Personal Data, IDEXX shall upon termination of this Data Protection Agreement or on such earlier date that Customer determines the Personal Data or any part of it is no longer required to provide the Services, ensure at the choice of Customer that (i) the Personal Data will be returned or provided to Customer, or (ii) the Personal Data will be destroyed, on Customer's request in writing, which may include in electronic form. Such return or destruction shall occur within 90 days of such termination or of Customer’s request, as applicable.

17.4 IDEXX commits to ensure that it shall immediately cease and desist all processing of (the relevant) Personal Data upon providing, returning or destroying the Personal Data.

17.5 Any obligation arising from this Data Protection Agreement that by nature has post-contractual effect shall continue to be in effect after the termination of this Data Protection Agreement.

 

18 Deviations and Renegotiation

18.1 Deviations from and additions to this Data Protection Agreement shall only be valid if they have been expressly agreed in writing, including in electronic form.

18.2 Customer shall promptly inform IDEXX on any changes that are or could be relevant for the Agreement and the processing of the Personal Data.

18.3 Parties are entitled to renegotiate this Data Protection Agreement, if this would reasonably result from a change in circumstances.

18.4 If this Data Protection Agreement is translated into several languages, the English text shall be deemed authentic for the purpose of the interpretation or in the event of conflict or inconsistency between the various translations.

Exhibit A

IDEXXServices Covered by this Data Protection Agreement	Agreement	Schedules that apply
VetConnect PLUS	VetConnect PLUS Terms of Service	Schedule A
SmartService	SmartService Agreement	Schedule B
SmartFlow	SmartFlow Terms and Conditions of Sale (EU)	Schedule C

Schedule A: VetConnect PLUS

Description of the Services: VetConnect PLUS

I	Description of the processing activities for which IDEXX acts as data processor	1.	Online laboratory and in-clinic diagnostics results reporting and presentation in a combined format, laboratory ordering, clinic initiating consultation requests, presentation of electronic images, and printing and sharing (including via email) summaries and diagnostics results with pet owners. Providing Customer with analysis of performance or utilization of the service, either on standalone basis by Customer, or in comparison with other de-identified clinics. Monitoring, troubleshooting, and diagnosing the service. Backing up and storing Customer’s data.
		2.	Any future features, modules and add-ons as described on idexx.com, as updated from time to time.
II	Description of the processing activities for which IDEXX acts as (joint) data controller	1.	Performing aggregated, pseudonymised market analysis using raw data not directly identifiable to a natural person provided through the Services to anticipate Customers’ needs, gain know-how which will benefit veterinary practices in general, and to provide professional services and medical education to the veterinary industry. Analysis of utilization of the service for improved user experience, product enhancements and product improvement.

I Detailing for processing activities for which IDEXX acts as data processor – VetConnect PLUS

Purposes of the data processing activities	Duration of the data processing	Categories of Data Subjects	(Types of) Personal Data processed by IDEXX	(Groups of) Employees of or other persons engaged by IDEXX who have or may have access to the Personal Data	Data processing activities that these persons may perform with the Personal Data
Software	As described in Article 17, the minimum statutory period applicable to IDEXX’s retention of Personal Data.	Customer, Customer’s employees, pet owners	First and Last name; email address; clinic name, email address, and physical address	A Software engineering group   B Development Operations   C Sales group   D Medical Consulting group	A & B: Collection Recording Organization Structuring Storage Adaptation/Alteration Retrieval Consultation Use Disclosure by transmission Dissemination Restriction Erasure/destruction Monitoring/troubleshooting Alignment/combination
					Analysis/Segmentation C & D: Retrieval Consultation Use Disclosure by transmission Dissemination Monitoring/ Troubleshooting
Customer Services	As described in Article 17, the minimum statutory period applicable to IDEXX’s retention of Personal Data .	Customer, Customer’s employees, pet owners	First and Last name; email address; clinic name, email address, and physical address	A Training B Customer Support	A & B: Collection Organization Structuring Storage Adaptation/Alteration Retrieval Consultation Use Disclosure by transmission Dissemination Restriction Erasure/destruction Monitoring/troubleshooting Analysis/Segmentation

 

II Detailing for processing activities for which IDEXX acts as joint data controller – VetConnect PLUS

Purposes of the data processing activities	Duration of the data processing	Categories of Data Subjects	(Types of) Personal Data processed by IDEXX	The data controller and its respective duties towards the Data Subjects
Market Analysis*	Raw data is, immediately after it has been analyzed, transformed into aggregated data. Aggregated data is retained for the applicable minimum statutory retention period.	Customer	Raw data, not directly identifiable to a natural person, such as: Customer (clinic) name, disease, breed and age of a pet. Aggregated data, obtained from analysis performed on the raw data, such as correlations between specific breeds and diseases.	IDEXX is joint controller for the market analysis it performs on the Personal Data. In this respect, data subjects may exercise their rights under the Applicable Law towards IDEXX, such as their right to access, rectification, erasure, restriction, data portability and objection.

*This data processing activity describes the moment in time when the aggregated data, not directly identifiable to a natural person, has not been anonymized yet. After this processing activity takes place, the aggregated data is anonymized

Schedule B: SmartService

Description of the Services: SmartService

I	Description of the processing activities for which IDEXX acts as data processor	1.	Diagnosis of performance issues, troubleshooting, remote monitoring, predictive analysis, and service on Customer’s IDEXX diagnostic equipment and the devices connected to it. Upgrades of IDEXX equipment software and the software within connected devices. The foregoing processing activities may occur remotely through device relationship management software, or on equipment or storage devices returned to IDEXX for repair or refurbishment. Providing Customer with analysis of performance or utilization of the service, either on standalone basis by Customer, or in comparison with other de-identified clinics. Monitoring, troubleshooting, and diagnosing the service. Backing up and storing Customer’s data.
		2.	Any future features, modules and add-ons as described on idexx.com, as updated from time to time.
II	Description of the processing activities for which IDEXX acts as (joint) data controller	1.	Performing aggregated, pseudonymised market analysis using raw data not directly identifiable to a natural person provided through the Services to anticipate Customers’ needs, gain know-how which will benefit veterinary practices in general, and to provide professional services and medical education to the veterinary industry.. Analysis of utilization of the service for improved user experience, product enhancements and product improvement.

I Detailing for processing activities for which IDEXX acts as data processor – SmartService

Purposes of the data processing activities	Duration of the data processing	Categories of Data Subjects	(Types of) Personal Data processed by IDEXX	(Groups of) Employees of or other persons engaged by IDEXX who have or may have access to the Personal Data	Data processing activities that these persons may perform with the Personal Data
Troubleshooting	As described in Article 17, the minimum statutory period applicable to IDEXX’s retention of Personal Data	Customer, Customer’s employees, pet owner	Pet owner first and last name; clinic employee first and name	A Software engineering group B Development Operations C Sales group D Medical Consulting group E.Customer Service	A&B: Collection Recording Organization Structuring Storage Adaptation/Alteration Retrieval Consultation Use Disclosure by transmission Dissemination Restriction Erasure/destruction Monitoring/ Troubleshooting C, D & E: Retrieval Consultation Use Disclosure by transmission Dissemination Monitoring/troubleshooting

 

II Detailing for processing activities for which IDEXX acts as joint data controller – SmartService

Purposes of the data processing activities	Duration of the data processing	Categories of Data Subjects	(Types of) Personal Data processed by IDEXX	The data controller and its respective duties towards the Data Subjects
Market Analysis*	Raw data is, immediately after it has been analyzed, transformed into aggregated data. Aggregated data is retained for the applicable minimum statutory retention period.	Pet owner, Customer	Raw data, not directly identifiable to a natural person, extracted from IDEXX instrument, such as: breed, age of a pet, diagnostic results Aggregated data, obtained from analysis performed on the raw data, such as correlations between specific breeds and diagnostic results.	IDEXX is joint controller for the market analysis it performs on the Personal Data. In this respect, data subjects may exercise their rights under the Applicable Law towards IDEXX, such as their right to access, rectification, erasure, restriction, data portability and objection.

*This data processing activity describes the moment in time when the aggregated data, not directly identifiable to a natural person, has not been anonymized yet. After this processing activity takes place, the aggregated data is anonymized.

Schedule C: SmartFlow

Description of the Services: SmartFlow

I	Description of the processing activities for which IDEXX acts as data processor	1.	Online medical treatment recording and presentation, treatment ordering, clinic patient creation requests, digital forms, presentation of electronic images, and printing and sharing (including via email) summaries and complete medical records of patients. Providing Customer with analysis of performance or utilization of their business and the use of the SmartFlow service, either on standalone basis by Customer, or in comparison with other de-identified clinics. Monitoring, troubleshooting, and diagnosing the service. Backing up and storing Customer’s data.
		2.	Any future features, modules and add-ons as described on idexx.com, as updated from time to time.
II	Description of the processing activities for which IDEXX acts as (joint) data controller	1.	Performing aggregated, pseudonymised market analysis using raw data not directly identifiable to a natural person provided through the Services to anticipate Customers’ needs, gain know-how which will benefit veterinary practices in general, and to provide professional services and medical education to the veterinary industry. Analysis of utilization of the service for improved user experience, product enhancements and product improvement.

I Detailing for processing activities for which IDEXX acts as data processor – SmartFlow

Software	As described in Article 17, the minimum statutory period applicable to IDEXX’s retention of Personal Data.	Customer, Customer’s employees, pet owners	First and Last name; email address; clinic name, email address, and physical address	A Software engineering group B Development Operations C Sales group D Medical Consulting group	A & B: Collection Recording Organization Structuring Storage Adaptation/Alteration Retrieval Consultation Use Disclosure by transmission Dissemination Restriction Erasure/destruction Monitoring/troubleshooting Alignment/combination Analysis/Segmentation
					C & D: Retrieval Consultation Use Disclosure by transmission Dissemination Monitoring/ Troubleshooting
Customer Services	As described in Article 17, the minimum statutory period applicable to IDEXX’s retention of Personal Data.	Customer, Customer’s employees, pet owners	First and Last name; email address; clinic name, email address, and physical address	A Training B Customer Support	A & B: Collection Organization Structuring Storage Adaptation/Alteration Retrieval Consultation Use Disclosure by transmission Dissemination Restriction Erasure/destruction Monitoring/troubleshooting Analysis/Segmentation

 

II Detailing for processing activities for which IDEXX acts as joint data controller – SmartService

Purposes of the data processing activities	Duration of the data processing	Categories of Data Subjects	(Types of) Personal Data processed by IDEXX	The data controller and its respective duties towards the Data Subjects
Market Analysis*	Raw data is, immediately after it has been analyzed, transformed into aggregated data. Aggregated data is retained for the applicable minimum statutory retention period.	Pet owner, Customer	Raw data, not directly identifiable to a natural person, such as: Customer (clinic) name, disease, breed and age of a pet. Aggregated data, obtained from analysis performed on the raw data, such as correlations between specific breeds and diseases.	IDEXX is joint controller for the market analysis it performs on the Personal Data. In this respect, data subjects may exercise their rights under the Applicable Law towards IDEXX, such as their right to access, rectification, erasure, restriction, data portability and objection.

*This data processing activity describes the moment in time when the aggregated data, not directly identifiable to a natural person, has not been anonymized yet. After this processing activity takes place, the aggregated data is anonymized.

Security Appendix

Physical Access Control

Measures to ensure that unauthorized persons will not have physical access to systems used to process Personal Data.

• security guards, doormen
• electronic access control system using proximity access cards
• video surveillance (IP cameras)
• security checks for visitors
   

System Access Control

Measures to prevent data processing systems from being used without authorization:

• password guidelines (including complexity, minimum length, password reuse and minimum password age)
• automatic log-out or password-protected screensaver after certain time period without user activity
• access authentication and authorization
• firewall, anti-virus protection
• intrusion detection/intrusion prevention
• logging of access
   

Data Access Control

Measures to ensure that persons authorized to use data processing systems have access only to those data they are authorized to access, and that Personal Data cannot be read, copied, altered or removed without authorization during processing, use and after:

• access control concept (access rights limited by profiles and roles)
• documentation of access rights
• approval and assignment of access rights through authorized personnel only
   

Data Transfer Control

Measures to ensure that Personal Data cannot be read, copied, altered or removed without authorization during electronic transfer or transport or while being recorded onto data storage media, and that it is possible to ascertain and check which bodies are to be transferred Personal Data using data transmission facilities:

• transport encryption (TLS or VPN)
   

Data Entry Control

Measures to ensure that it is possible after the fact to check and ascertain whether Personal Data have been entered into, altered or removed from data processing systems and if so, by whom:

• Data is essential read only for reporting purposes once stored in the IDEXX data center
   

Control of Processors

Measures to ensure that Personal Data processed on behalf of others is processed strictly in compliance with the Controller’s instructions:

• written data processing agreements (required)
   

Availability Control

Measures to ensure that Personal Data are protected against accidental destruction or loss:

• backup in separate location
• business continuity/disaster recovery concept
• uninterruptable power supply (UPS)
• dedicated data center generator with multiple fuel supply contracts
• fire protection & suppression system
• water detection
• redundant air conditioning system
   

Separation of Data

Measures to ensure that data collected for different purposes can be processed separately:

• clear logical separation of data from data of other Controllers (dedicated data universe)