Terms of service

ANNEX DATA PROCESSING

As part of our services, we may process personal data on behalf of clients, consisting of any information on the basis of which a natural person is identifiable.

As a processor, we may be responsible for the processing of personal data, whether or not carried out by automated means, consisting, inter alia, of the collection, recording, organization, structuring, storage, updating or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction of data.

As the controller, the client is responsible for determining the purpose and means of processing personal data, and must implement the necessary safeguards for processing them.

 

1. Processing

We process personal data only to the extent necessary within the framework of the execution of our agreement with the customer. The processing of personal data is always done in a proper and careful manner, in accordance with applicable privacy laws and only upon written instructions from the customer. The customer guarantees that the instructions given are in accordance with the applicable privacy legislation.

We are entitled to use professional partners who process personal data on our behalf for the processing of personal data. Our partners will in turn take the necessary technical and organizational measures to protect this personal data.

Our liability within the framework of data processing is limited according to the provisions contained in article [●] of the General Terms and Conditions.

2. Security

We apply at least the usual technical and organizational security measures that can reasonably be expected of us to secure personal data against destruction, loss, alteration, forgery, dissemination or unauthorized access. The customer himself is responsible for taking appropriate security measures with respect to the use of personal data by the customer.

Personal data will only be transferred to a partner in a country outside the European Economic Area if that country ensures an adequate level of protection for your personal data. Before sharing personal data with a partner in the United States of America, we require a separate processing agreement or certification according to the Privacy Shield Framework (www.privacyshield.gov).

As soon as we become aware of a data breach, we will notify the customer within a reasonable time to enable them to comply with the notification requirement under privacy laws. This notification will include a description of the data breach, the nature of the breach, when the data breach occurred, as well as an indication of the technical measures we have taken to stop the breach and prevent future breaches.

3. Assistance

To the extent possible, we assist the client as a data controller by making information available in fulfilling its legal obligations under privacy legislation, including:

observing the rights of each data subject whose personal data are processed;
conducting a data protection impact assessment to assess the impact of processing activities on the protection of personal data;
performing an audit, insofar as all costs in this regard are borne by the customer.
We will notify the customer of requests made directly to us by a data subject in connection with the processing of personal data for which the customer is a data controller.

4. Confidentiality

We undertake to keep all personal data of a confidential nature confidential, even after the termination of the agreement with the customer. Our employees who have access to this personal data are also bound by this confidentiality and must refrain from copying, transmitting, transferring or otherwise distributing personal data to third parties.

This commitment does not prevent the use of personal data in the context of our services, insofar as the disclosure is necessary to comply with legal requirements or court proceedings, or insofar as this information is publicly available.

5. Duration

Our commitments based on this Data Processing Schedule shall remain in force for as long as we have access to the personal data in question. Upon termination of the contract with the customer, the customer himself is responsible for exporting the personal data.

As soon as the retention of personal data is no longer necessary for the performance of the contract, we will delete it within a reasonable period of time, unless its retention is necessary to prove to the customer the fulfillment of our commitments, to comply with legal requirements, or within the framework of usual retention mechanisms that are reasonably limited in time (backups).