1-800-461-0585 contact@nextdimensioninc.com Help Desk

Data Services Agreement

  • Home
  • Data Services Agreement

Master Services Agreement (“MSA”) Schedule B
MSA Addendum B – Data Services Agreement

This Schedule / Addendum supplements and forms part of the Master Service Agreement (“MSA”) entered into by Next Dimension Inc. and the “Customer” as named on the Master Service Agreement. All terms and conditions of the MSA section 2.4A. Customer Data shall remain in full force and effect except as expressly modified by this Addendum.

 

1. Purpose of the Addendum

This Addendum governs the collection, use, storage, and disclosure of Data shared between the Parties in connection with services provided under the MSA, in compliance with applicable laws, including but not limited to the Personal Information Protection and Electronic Documents Act (PIPEDA).

 

2. Definitions

2.1. “Data” refers to any information, including personal, confidential, proprietary, or sensitive information, collected, shared, or processed under this Addendum with the exclusion of Personal Health Information or Electronic Personal Health Information.

2.1.1 Data located within IT applications or systems may commonly include and is not limited to the following items;

  • Full Legal Name
  • Username or Login Credentials
  • Email Address(es)
  • Home Address(es)
  • Telephone Number(s) (e.g., Cell Phone, Home Phone)
  • IPv4 & IPv6 Address(es)
  • Equipment Device Identifiers (e.g., MAC Address, Serial Number)
  • Date of Birth
  • National Identification Numbers (e.g., SIN, DL, or Passport)
  • Payment Information (e.g., Credit Card Numbers, Banking Details)
  • Employment Details (e.g., Job Title, Department)
  • Location Data (e.g., GPS Coordinates, Physical Access Logs)
  • System Usage Logs (e.g., Timestamps, Access History)
  • Biometric Data (e.g., Fingerprints, Facial Recognition Data)
  • Photos or Video Footage (e.g., Uploaded Images, CCTV Recordings)

2.2. “Personal Information” (PI) refers to any information about an identifiable individual as defined under PIPEDA and applicable Ontario legislation.

2.3 “Personal Health Information” (PHI) refers to any information that can identify an individual and relates to their health or health care as defined in Ontario’s Personal Health Information Protection Act (PHIPA).  PHI may be physical, or electronic (ePHI).

2.3.1 “Custodian” is defined in PHIPA as a person or organization that has custody or control of personal health information (PHI) as part of their role as a Health Care Provider.

 

3. Obligations of the Parties

3.1. Next Dimensions Obligations:

  • Comply with all applicable Data protection laws and regulations.
  • Collect, use, and process Data only as specified in this Addendum or as instructed by the Customer.
  • Implement appropriate technical and organizational measures to safeguard the Data against unauthorized access, disclosure, alteration, or destruction.
  • Assist Customer in responding to any requests relating to PI or PHI in accordance with any applicable privacy legislation. .
  • Notify the Customer immediately of any suspected or actual breach involving PI or PHI, or access to systems that manage / monitor / document a system that contains PI or PHI.
  • Provide immediate support or assistance in containing any suspected breach of a system housing PI or PHI.
  • Post and maintain a Privacy Policy on the Next Dimension Website at the following URL – https://www.nextdimensioninc.com/privacy-policy/

 

3.1.2 Specific Next Dimension Obligations for Customers that are PHI Custodians

  • Comply with all applicable PHI protection laws and regulations provided by Customers acting as Custodians of PHI.
  • Instruct Next Dimension staff not to attempt to view, access, copy, delete, or restore any system, file, or database containing PHI / ePHI in the Customer’s possession, unless explicitly required as part of a technical support service provided by the Next Dimension and conducted under the direct supervision or instruction of an authorized representative from the Customer’s organization.
  • Restrict access for all support tools or documentation which may pertain to a system housing ePHI to only those required to support the Customer’s organization.
  • Participate in any law enforcement investigations that result from a breach of ePHI.

 

3.2. Customers Obligations:

  • Ensure that all Data provided to the Next Dimension is collected and disclosed in compliance with applicable laws.
  • Notify Next Dimension of any specific requirements or restrictions concerning the handling of the Data.
  • Notify Next Dimension of any key systems, files or Databases that may contain ePHI, or PI and that require special handling.
  • Ensure that any necessary consent is obtained from all Customers, staff members,  end users, or any other individuals whose Personal Information (PI), Personal Health information (PHI), or Data may be collected or stored by Next Dimension as part of the services provided under the MSA, and retain appropriate records regarding same.
  • Provide prompt notice of any changes in Data, PI or ePHI use requirements or applicable laws that apply to the Customer.

 

4. Data Use and Limitations

4.1. Next Dimension shall not use the Data for any purpose other than as specified in the MSA, this Addendum, or as required by law.

4.2. Notwithstanding the above, the Next Dimension may share Data with third parties with whom it has a commercial relationship, provided such sharing is necessary to fulfill deliverables as part of the services provided by Next Dimension to the Customer. Next Dimension shall ensure that any third party receiving such Data complies with obligations equivalent to those outlined in this Addendum.

 

5. Data Security

5.1. Next Dimension shall implement robust security measures, including and not limited to the following to protect the Customer Data they have on Next Dimension Internal Systems or SaaS applications hosted by a third party:

  • Encryption
  • Role Based Access Controls (RBAC)
  • Regularly scheduled vulnerability scanning
  • Periodic auditing of access logs
  • Antivirus Software or EDR/NGAV
  • Security information and event management (SIEM)
  • Multifactor authentication

5.2. Next Dimension shall notify the Customer promptly in the event of a Data breach, including details of the breach and measures taken to mitigate its effects.

 

6. Retention and Destruction of Data

6.1. Next Dimension shall retain Data only for as long as necessary to fulfill the purposes outlined in the MSA, this Addendum, or as required by law.

6.2. Upon termination of the MSA or upon the Customer’s request, Next Dimension shall either return or securely destroy all Data in its possession, and provide the Customer with confirmation of which method was used.

 

7. Confidentiality

7.1. Both Parties agree to treat all Data shared under this Addendum as confidential and to use it solely for the purposes outlined herein.

7.2. Neither Party shall disclose any confidential Data to third parties without prior written consent, except where required by law or as permitted under Section 4.2.

 

8.Term and Termination

8.1. This Addendum shall commence on the date specified on the MSA and remain in effect for the duration of the MSA unless terminated earlier by mutual written agreement of the Parties.