A reminder of key privacy law concepts:
Q: What is personal data?
A: Broadly speaking, any information that may identify an individual. Good examples are name, email address (business and/or personal), IP address, phone number (business and/or personal), location, or health data.
Q: What is processing?
A: Processing may include storing, moving, reading, accessing - almost any activity concerning personal data will be defined as processing.
Q: Who is a data subject?
A: Any person whose personal data is being processed.
Q: What is a sub-processor?
A: When a supply chain partner engages a subcontractor to assist in the delivery of the Partner’s services, that subcontractor becomes a sub-processor for privacy law purposes. Accordingly, the partner is required to contract with its sub-processor on specific terms mandated by privacy laws.
Q: What are ForgeRock’s obligations towards its supply chain partners?
A: Privacy compliance is at the core of ForgeRock’s business model and is considered to be an essential part of everyday business. Additionally, ForgeRock is obliged to (a) impose specific terms on all supply chain partners who are in scope of global privacy laws and (b) undertake due diligence on key supply chain partners to establish whether their organisation is privacy law compliant.