• Change language
    Change country

    Data Processing Terms and Conditions

    Find out more about where Kyocera acts as a data processor on behalf of its customers.
    hands typing on a laptop

    These Data Processing Terms and Conditions (“Data Processing Terms”) apply to the Processing of Personal Data by KYOCERA Document Solutions Europe B.V. or its Sales Companies, authorized dealers, distributors and resellers (“KYOCERA”) from which you, the Customer, purchased a licensed to use Kyocera Cloud Information Manager (“KCIM”, “Services”).

    These Data Processing Terms serve as the binding contract within the meaning of Article 28 (3) GDPR and set out the subject-matter and duration of the Processing, the nature and purpose of the Processing, the type of Personal Data and Categories of Data Subjects and the obligations and rights of the Controller and is supplemented by the terms and conditions stated in the agreement between KYOCERA and Customer applicable to the Services (“Agreement”).

    Customer acts as Controller and KYOCERA as Processor with respect to the Processing of Personal Data under the Agreement and these Data Processing Terms, or, as the case may be, Customer acts as a Processor for its end-customers and KYOCERA acts as sub-Processor of Customer acting on instruction of Customer vis-à-vis its end-customers.


    Article 1 : Definitions

    The terms that have been identified in these Data Processing Terms by a capital letter have the following meaning (words in the singular include the plural and vice versa), or, if not stated below, have the meaning given to it in the GDPR:

    1.1 “Customer” means the KYOCERA customer as identified in the Agreement.

    1.2 “Data Protection Laws” means all laws and regulations, including but not limited to the GDPR, that are applicable to the Processing of Personal Data under the Agreement.

    1.3 “GDPR” means General Data Protection Regulation, the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the Processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC.

    1.4 “KYOCERA Affiliate” means a Sales Company of Kyocera Document Solutions Europe B.V. as listed in Annex 2 and a Sales Company’s and Kyocera Document Solutions Europe B.V.’s authorised dealers and distributors.

    1.5 “Services” means the services to be performed by KYOCERA in accordance with, and as specified in the Agreement.

    1.6 “Standard Contractual Clauses” means the contractual clauses as issued by the European Commission.

    1.7 “Sub-Processor” means any Processor engaged by KYOCERA.

    1.8 “TOMs” means the technical and organizational measures required pursuant to Article 32 GDPR.

    Article 2 : Personal Data Processing

    2.1 Instructions. KYOCERA shall only Process Personal Data in accordance with Customer’s written instructions, which are the provision of Services as specified in the Agreement. Customer shall ensure that all instructions provided by Customer to KYOCERA pursuant to these Data Processing Terms and the Agreement will be in accordance with the Data Protection Laws. Customer shall have the sole responsibility for the accuracy, quality, and legality of Personal Data and the means by which Customer acquired Personal Data.

    2.2 Details of Processing. Annex 1 to these Data Processing Terms sets out certain information regarding the Processing of Personal Data.

    2.3 Compliance with Data Protection Laws. KYOCERA shall comply with applicable Data Protection Laws in the Processing of Personal Data.

    2.4 Confidentiality. KYOCERA shall keep the Personal Data strictly confidential and shall not transmit, disseminate or otherwise transfer Personal Data to third parties unless agreed to under Section 3, on written instruction of Customer, for the purpose of the performance of the Agreement or unless required to do so by applicable laws to which KYOCERA is subject. In the latter case, KYOCERA shall inform Customer of that legal requirement before Processing, unless that law prohibits such information on important grounds of public interest, in which case KYOCERA shall inform Customer within 24 hours after KYOCERA knew or should have known of the legal requirement. 

    Article 3 : Sub-Processors

    3.1 Appointment. Customer acknowledges and agrees that (a) KYOCERA Affiliates may be retained as Sub-Processors; and (b) KYOCERA and KYOCERA Affiliates respectively may engage third-party Sub-Processors in connection with the provision of Services. A list of appointed Sub-Processors is added in Annex 1 and may be amended from time-to-time at KYOCERA’s sole discretion, but providing at least two (2) weeks’ notice to Customer by publication of the proposed Sub-Processor(s) on the Kyocera website.

    3.2 Sub-Processor obligations. For the purpose of sub-processing, KYOCERA shall enter into written agreements with its Sub-Processors, which agreements shall include as a minimum the same obligations as to which KYOCERA is bound to under these Data Processing Terms, and shall in particular include an obligation of the Sub-Processor to implement appropriate TOMs to meet the requirements of applicable Data Protection Laws.

    3.3 Right to object new Sub-Processors. Customer may object to KYOCERA’s use of a new Sub-Processor by notifying KYOCERA promptly in writing, but in any case within two (2) weeks after publication of the proposed changes on the KYOCERA website [INSERT LINK TO KCIM DOCUMENTS]. In the event of a reasonable objection, KYOCERA shall work with Customer in good faith to make available a commercially reasonable change in the provision of the Services, which avoids the Processing of Personal data by that proposed Sub-Processor. If KYOCERA is unable to make available such change within a reasonable period of time, which shall not exceed thirty (30) days, Customer may terminate the Agreement with respect only to those Services, which cannot be provided by KYOCERA without the use of the proposed Sub-Processor by providing written notice to KYOCERA.

    3.4 Liability. KYOCERA shall be liable for the acts and omissions of its Sub-Processors to the same extent KYOCERA would be liable if performing the services of each Sub-Processor directly under the term of these Data Processing Terms.

    Article 4 : KYOCERA personnel

    4.1 Confidentiality. KYOCERA ensures that its personnel engaged in the Processing of Personal Data under the Agreement are informed of the confidential nature of the Personal Data. KYOCERA also ensures that it has executed written confidentiality agreements with its personnel engaged in the Processing of Personal Data in regards to the Processing of that Personal Data. KYOCERA ensures that the confidentiality obligations under such written confidentiality agreements survive the termination of the personnel engagement.
    4.2 Reliability. KYOCERA shall take all reasonable steps to ensure the reliability of the KYOCERA personnel engaged in the Processing of Personal Data.
    4.3 Limitation of access. KYOCERA ensures that KYOCERA’s access to Personal Data is limited to those personnel performing Services in accordance with the Agreement.
    4.4 DPO. KYOCERA appointed a DPO, to the extent that the applicable Data Protection Laws require the appointment of a DPO. The KYOCERA DPO can be reached via the contact details as provided in Annex 2. 

    Article 5 : Data security and inspection

    5.1 Security. KYOCERA shall take all technical and organisational security measures which are reasonably required to ensure a level of security appropriate to the risk, having regard to the state of the art, the costs of implementation, the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons involved. An overview of the technical and organisational security measures is published on the Kyocera website on https://www.kyoceradocumentsolutions.eu/content/download-center/eu/non-product-related/smarter-workspaces/case-study/KCIM_Security_Whitepaper_pdf.download.pdf. To maintain an appropriate level of security, KYOCERA may regularly update this overview, without prior notice.
    5.2 Audit. KYOCERA shall allow Customer to conduct an audit of the technical and organisational security measures utilised by KYOCERA for the Processing of Personal Data (the “Audit”). The Audit may be conducted once per calendar year, or any number of times per year in case of reasonable suspicion of breach of these Data Processing Terms or at the instruction or request of an applicable Supervisory Authority, during the regular business hours of KYOCERA. Customer shall give KYOCERA reasonable notice of any Audit to be conducted under this Section 5.2 and shall ensure that each of its mandated Auditors takes reasonable endeavours to avoid causing or, if it cannot avoid, to minimise any damage, injury or disruption to KYOCERA's premises, equipment, personnel and business while its personnel are on those premises in the course of the Audit. The purpose of the Audit shall be to verify whether Personal Data is Processed by KYOCERA in accordance with these Data Processing Terms and the Agreement (“Purpose”). The Audit will be conducted by an auditor (“Auditor”), who is not a competitor of KYOCERA, selected by Customer who, in the reasonable judgment of Customer, is neutral and possesses the technical knowledge and skills required to conduct the Audit. Customer shall ensure that the auditor is held to maintain confidentiality with respect to its findings. Solely for the Purpose of the Audit, KYOCERA shall grant the Auditor access to its premises, relevant employees, systems and documents. 

    5.3 Audit costs. Customer shall pay for all costs, remunerations, fees and expenses in relation to the Audit, except for internal costs made by KYOCERA in relation to the Audit. If the Audit reveals any material non-compliance by KYOCERA, KYOCERA shall reimburse all actual and reasonable costs of Customer in relation to the Audit.
    5.4 Audit results. Customer shall provide KYOCERA with a copy of the report of the Auditor. In case the report reveals a default by KYOCERA in the performance of its obligations pursuant to this Agreement or a violation of applicable Personal Data Protection Laws, KYOCERA will promptly cure such default and/or omit the violation and provide Customer with confirmation thereof in writing.

    Article 6 : Data Subject Requests

    6.1 TOMs. Taking into account the nature of the Processing, KYOCERA shall assist Customer by appropriate TOMs, insofar as this is reasonably possible, for the fulfilment of Customer’s obligation to respond to a Data Subject Request under the GDPR or other applicable Data Protection Laws.

    6.2 Data Subject Requests. KYOCERA shall, to the extent legally permitted, promptly notify Customer if it receives a Data Subject Request. To the extent Customer, in its use of the Services, does not have the ability to address a Data Subject Request, KYOCERA shall upon Customer’s request provide reasonable efforts to assist Customer in responding to such Data Subject Request to the extent KYOCERA is legally permitted to do so and the response to such Data Subject Request is required under the GDPR or other Data Protection Laws. To the extent legally permitted, Customer shall be responsible for any costs arising from KYOCERA’s provision of such assistance.


    Article 7 : Personal Data Breach 

    7.1 Notification. To the extent as permitted by law, KYOCERA shall promptly, after it becomes aware, notify Customer of any actual or reasonably suspected Personal Data Breach by KYOCERA or its Sub-Processor(s). The notification shall as a minimum include the information as stipulated in Article 28(3) of the GDPR.

    7.2 Remedy. To the extent the Personal Data Breach is caused by a violation by KYOCERA or its Sub-Processors of the requirements of these Data Processing Terms, the Agreement or applicable Data Protection Laws, KYOCERA shall, taking into account the nature of the Personal Data Breach and the risk of varying likelihood and severity for the rights and freedoms of natural persons involved, at the instruction of Customer make all efforts to identify and remediate the cause of the Personal Data Breach, to mitigate the risks to the rights and freedoms of natural persons involved and to further assist Customer with any reasonable request in its compliance with Data Protection Laws on Personal Data Breaches.

    7.3 Further assistance. To the extent that the Personal Data Breach is not caused by a violation by KYOCERA or its Sub-Processors of the requirements of these Data Processing Terms, the Agreement or applicable Data Protection Laws, KYOCERA shall provide all reasonable assistance, taking into account the nature of the Personal Data Breach and the risk of varying likelihood and severity for the rights and freedoms of natural persons involved, to Customer in Customer’s handling of the Personal Data Breach. Customer shall be responsible for any costs arising from KYOCERA’s provision of such assistance.


    Article 8 : Data Protection Impact Assessments and Prior Consultation

    KYOCERA shall provide reasonable assistance to Customer with any data protection impact assessments, and prior consultations with Supervisory authorities, which Customer reasonably considers to be required of KYOCERA by Article 35 or 36 of the GDPR or equivalent provisions of any other Data Protection Law, in each case solely in relation to Processing of Personal Data by, and taking into account the nature of the Processing and information available to, KYOCERA.


    Article 9 : Standard Contractual Clauses

    9.1   Applicability. Where KYOCERA transfers personal data to Sub-Processors located outside the EU and where such transfers are not based on an adequacy decision pursuant to Article 45 GDPR, KYOCERA has ensured the conclusion Standard Contractual Clauses and, where necessary, supplementary measures to ensure an adequate level of data protection. Where the Sub-Processor that is subject to Standard Contractual Clauses has engaged other Sub-Processors, the Sub-Processor as indicated in the Standard Contractual Clauses has concluded Standard Contractual Clauses with such Sub-Processors where required. A copy of the applicable Standard Contractual Clauses may be retrieved using the contact details stated in Annex 2.

    9.2 Conflict. In the event of any conflict or inconsistency between these Data Processing Terms and the Standard Contractual Clauses, the Standard Contractual Clauses shall prevail. 


    Article 10 : Deletion and return

    At the choice of Customer, KYOCERA shall delete or return the Personal Data to Customer after the provisioning of Services under the Agreement related to the Processing of Personal Data has ended.


    Article 11 : Liability 

    Each Party and its Affiliates’ liability arising out of or related to these Data Processing Terms whether in contract, tort or under any other theory of liability, is subject to the liability limitations as agreed in the Agreement.  


    Article 12 : Preference over Agreement

    Except as amended by these Data Processing Terms, the Agreement remains in full force and effect. If there is a conflict between the Agreement and these Data Processing Terms, the terms and conditions of these Data Processing Terms shall prevail. 

    ANNEX 1:  

    Annex 1 includes certain details of the Processing of Personal Data as required by Article 28(3) GDPR.

    Name of the Service: Kyocera Cloud Information Manager

    Subject Matter of the Processing:
    The subject matter and duration of the Processing of the Personal Data
    are set out in the Agreement and this Data Processing Agreement.

    Nature and Purpose of the Processing:

    KYOCERA processes Personal Data in the course of providing KCIM. The provision of KCIM includes that KYOCERA is hosting Customer’s Personal in the cloud. Further, in case Customer issues a support request, KYOCERA may have remote access to Customer’s Personal Data when providing requested support services.

    Types of Personal Data to be Processed:

    • User name, email address, first name, last name, password
    • Uploaded files: Filename, content of the file, image, thumbnail preview of the image
    • Metadata of uploaded files: Document Class attributes (may include first name, last name, address, phone number, and email address)
    • File name
    • Creator/Editor (first name, last name, username)

    Category of Affected Data Subjects:

    • Data Controller’s (Customers’) employees


    • KYOCERA Document Solutions Inc., Japan
    • Google Cloud Japan G.K., Japan
    • KYOCERA Document Solutions Development America, Inc., USA
    • OPTIMAL SYSTEMS GmbH, Germany

    Annex 2: KYOCERA Document Solutions Europe B.V. Sales Companies

    If KYOCERA Document Solutions is not located in the country where Customer is located, then these Data Processing Terms apply to KYOCERA Document Solutions Europe B.V.

    KYOCERA Document Solutions Europe B.V.
    Attn.: Data Protection Officer
    Beechavenue 27
    2132 NP  Schiphol-Rijk
    The Netherlands
    e: privacy@deu.kyocera.com

    1) KYOCERA Document Solutions Belgium N.V., Sint-Martinusweg 199-201, 1930 Zaventem, Belgium, e: privacy@dbe.kyocera.com

    2) KYOCERA Document Solutions Danmark A/S, Ejby Industrivej 60, 2600 Glostrup, Danmark, e: privacy@ddk.kyocera.com

    3) KYOCERA Document Solutions Finland Oy, Atomitie 5, 00370 Helsinki, Finland, e: privacy@dfi.kyocera.com

    4) KYOCERA Document Solutions France S.A.S., Espace Technologique de Saint Aubin, Route de l’Orme, 91195 Gif sur Yvette Cedex, France, e: privacy@dfr.kyocera.com

    5) KYOCERA Document Solutions Deutschland GmbH, Otto-Hahn-Str. 12, 40670 Meerbusch, Germany, e: datenschutz@dde.kyocera.com

    6) AKI GmbH, Berliner Pl. 9, 97080 Würzburg, Germany, e: datenschutz@dde.kyocera.com

    7) KYOCERA Document Solutions Austria GmbH, Wienerbergstr. 11, Tower A/18th floor, 1100 Vienna, Austria, e: datenschutz@dat.kyocera.com

    8) KYOCERA Document Solutions Italia S.p.A., Via Monfalcone, 15, 20132 Milano (MI), Italy, e: privacy@dit.kyocera.com

    9) KYOCERA Document Solutions Nederland B.V., Beechavenue 25, 1119 RA Schiphol-Rijk, The Netherlands, e: privacy@dnl.kyocera.com

    10) KYOCERA Document Solutions Portugal Lda., Rua do Centro Cultural, 41 (Alvalade), 1700-106 Lisboa, Portugal, e: privacy@dpt.kyocera.com

    11) KYOCERA Document Solutions Russia L.L.C., Building 2, 51/4, Schepkina St., 129110 Moscow, Russian Federation, e: privacy@deu.kyocera.com

    12) KYOCERA Document Solutions South Africa Holdings (Pty) Ltd., KYOCERA House, Hertford Office Park, 90 Bekker Road CNR, Allandale, Vorna Valley, 1682, Midrand, South
    Africa, e: privacy@deu.kyocera.com

    13) KYOCERA Document Solutions South Africa (Pty) Ltd., KYOCERA House, Hertford Office Park, 90 Bekker Road CNR, Allandale, Vorna Valley, 1682, Midrand, South Africa, e: privacy@deu.kyocera.com

    14) KYOCERA Document Solutions España S.A., Edificio Kyocera, Avda. de Manacor No.2, 28290 Las Matas (Madrid), Spain, e: privacy@des.kyocera.com

    15) KYOCERA Document Solutions Nordic AB, Esbogatan 16B, 164 75 Kista, Sweden, e: privacy@dnr.kyocera.com

    16) KYOCERA Document Solutions Europe B.V. - Swiss Branch Office, Hohlstrasse 614, 8048 CH Zürich, Switzerland, e: privacy@deu.kyocera.com

    17) KYOCERA Document Solutions (U.K.) Ltd., Eldon Court, 75-77 London Road, Reading, Berkshire RG1 5BS, United Kingdom, e: privacy@duk.kyocera.com

    18) Midshire Communications Limited, Eldon Court, 75-77 London Road, Reading, Berkshire, England, RG1 5BS, e: privacy@duk.kyocera.com

    19) KYOCERA Bilgitaş Turkey Doküman Çözümleri A.Şeldon , Gülbahar Mah. Otello Kamil Sok. No:6 34394 ŞİŞLİ, Istanbul, Turkey, e: privacy@deu.kyocera.com

    20) Annodata Ltd., The Maylands Building, Maylands Avenue, Hemel Hempstead Industrial Estate, Hemel Hempstead, Hertfordshire HP2 7TG, e: privacy@duk.kyocera.com

    21) ALOS Handels GmbH, Dieselstraße 17, 50859 Köln, Germany, e: datenschutz@dde.kyocera.com

    22) ALOS Solution AG, Bachstrasse 29, 8912 Obfelden, Switzerland, e: datenschutz@dde.kyocera.com

    23) Kyocera Document Solutions Czech , s.r.o., Harfa Office Park Českomoravská 2420/15, 9, 190 00, Prague, Czech Republic, e: privacy@deu.kyocera.com

    24) Kyocera Document Solutions Czech – Slovak Branch Office,  Rybnicna 40, Bratislava 831 06, Slovakia, e: privacy@deu.kyocera.com

    25) Kyocera Document Solutions Middle East, Office 157, Building 17 behind Gloria Hotel,
    P.O. Box 500817, Dubai, UAE, e: privacy@deu.kyocera.com

    • KCIM Data Processing Terms and Conditions (KCIM-Data-Processing-Terms-and-Conditions.pdf)
      • 625 KB
      • PDF

    Cookies en uw privacy

    Wij gebruiken essentiële cookies voor eenvoudige en doeltreffende interactie met onze website, analyserende cookies zodat wij beter begrijpen hoe onze website wordt gebruikt, en marketing cookies om de reclame op u af te stemmen. In de Cookieverklaring vindt u meer informatie. Met de button 'Voorkeuren' kunt u uw cookievoorkeuren instellen of u kunt op 'Ik ga akkoord' klikken en alle cookies accepteren.


    Veld is verplicht

    Wij gebruiken cookies om ervoor te zorgen dat onze website goed werkt en soms om een dienst op uw verzoek te verrichten (zoals het beheer van uw cookievoorkeuren). Deze cookies zijn altijd actief, tenzij u uw browser zo instelt dat cookies geblokkeerd worden. Daardoor is het mogelijk dat sommige delen van de website niet werken zoals verwacht.

    Veld is verplicht

    Met deze cookies kunnen wij de werking van onze website meten en verbeteren.

    Veld is verplicht

    Deze cookies worden alleen geplaatst wanneer u toestemming daarvoor geeft. Wij gebruiken marketing cookies om bij te houden waarop u klikt en hoe u onze website gebruikt zodat wij op basis van uw interessegebied content en gepersonaliseerde reclame kunnen tonen.