When purchasing BigMile, a software as a service (SaaS) subscription agreement will be provided. Schedule 2 of this agreement contains the Data Processing Agreement. Schedule 4 of this agreement describes BigMile’s Security Policy. In accordance with our purpose and values, BigMile is committed to maintaining information security and minimizing exposure to risk as well as to ensure secure and resilient SaaS Products.

BigMile has implemented the following technical and organisational measures:
(a)    access control, by way of IT security systems and two-factor identification login procedures where possible;
(b)    the pseudonymisation and encryption of Personal Data;
(c)    the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
(d)    a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
When assessing whether the level of security is adequate, especially the risks regarding the processing of Personal Data will be taken into account, in particular accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data transmitted, stored or otherwise processed.
BigMile shall take measures to ensure that any natural person acting under the authority of BigMile who has access to Personal Data does not process this except on (indirect) instructions from Customer, unless he or she is required to do so by EU law or the laws of an EU member state.

Schedule 6 of the subscription agreement contains the Meta Data Guidelines and Meta Data limitations. As the overriding principle, it shall not be able to relate Meta Data to Personal Data, Customer related Confidential Information or Customer ID, to ensure compliance with the GDPR and applicable competition law.

Customer’s Data is contained in a data vault as Part of the Customer SaaS Environment to which BigMile has no access. From this Customer SaaS Environment data shall be extracted to the BigMile Meta Data Vault for e.g. analytical purposes or comparative benchmarking.

Personal Data or Customer related Confidential Information or Customer ID, shall not be extracted or processed, unless presented or converted in aggregated or anonymised form or at a statistical level, without BigMile having (subsequent) access or links to the source data.

The results will be captured as Meta Data.

To the extent the dataset of Customer is limited or unique, creating a potential conflict with the above Principle, the Customer shall inform BigMile thereof and the Parties will determine what form of Meta Data extraction will be in compliance with the GDPR and applicable competition law.

Yes, indeed.