PROCESSING AGREEMENT regarding the confidentiality and processing of personal data.
Yart Factory B.V. (hereinafter referred to as Point to Paper) With all assignments to Point to Paper, as of 25 May 2018 (the date of entry into force of the GDPR), the processing agreement below is deemed to have been added to the terms and conditions of that agreement and this processing agreement takes effect in full.
Client and Point to Paper, with its registered office in Waalwijk and hereinafter referred to as: contractor.
TAKING INTO ACCOUNT THAT:
- a. The Contractor performs work and/or services or services for the Client;
b. The Client will provide the Contractor with data for this purpose;
c. This information is confidential, or at least should be treated confidentially;
d. This data may contain personal data;
e. This data is necessary for the Contractor to perform a certain agreed work or services;
f. Parties wish to make agreements about this data.
Agree to the following:
ARTICLE 1. SUBJECT MATTER OF THE AGREEMENT
Subject of the agreement is
(i) the delivery of data by the Client to the Contractor,
(ii) making confidentiality agreements in this regard and
(iii) making further agreements if this data also contains personal data.
ARTICLE 2. CONFIDENTIALITY
2.a. The data obtained from the Client or on behalf of the Client will not be provided by the Contractor to third parties, unless written permission has been granted by the Client, or unless it is necessary for the performance of the agreed work.
2.b. The Contractor ensures that the data is only provided to personnel of the Parties on a need-to-know basis, and that the data is only provided to personnel charged with performing the agreed work or services.
2.c. During the period that the Contractor has the data referred to above, it must adequately secure the storage of the data. In any case in such a way that third parties/personnel who are not charged with the execution of agreed work or services do not have access to the data.
ARTICLE 3. PERSONAL DATA
3.a. If the data also concerns personal data, the following provisions of this article apply. The Contractor is regarded by the Parties as the “Processor”, and the Client as the “Controller”, as referred to in the General Data Protection Regulation (GDPR).
3.b. The Contractor will process the data on behalf of the Client in the context of the performance of the agreed work and services, whereby the Contractor is not permitted to process and/or provide the data obtained from the Client for its own purposes, other than agreed. .
3.c. Parties will ensure compliance with applicable laws and regulations, including in any case laws and regulations in the field of the protection of personal data, such as the General Data Protection Regulation (GDPR).
3.d. The Contractor implements appropriate technical and organizational measures to protect personal data against loss or against any form of unlawful processing. Taking into account the state of the art and the costs of implementation, these measures guarantee an appropriate level of security in view of the risks involved in the processing and the nature of the data to be protected. The measures are also aimed at preventing unnecessary collection and further processing of personal data.
3.e. The Client is at all times entitled to have the aforementioned measures tested by an independent expert during the execution of the agreement by means of an audit. The costs for this audit are for the Client.
3.f. The Contractor may make use of a third party in the context of this agreement, without the prior consent of the Client, on the condition that the Contractor establishes in writing similar agreements with the third party as contained in this agreement, for example by means of a sub-processor agreement.
3.g. The Contractor is not permitted to provide personal data outside the E.U./E.E.R. store and/or host.
3.h. If the Contractor suspects or has come to know that the Client's personal data has been or has been compromised (security breach or data leak), the Contractor will notify the Client of this without undue delay.
3.i. In the event that a data subject sends a request regarding, correction or removal to the Contractor, the Contractor will forward the request to the Client, and the Client will further handle the request. The Contractor may inform the parties involved thereof.
3.j. After termination of this processing agreement, the Contractor will return the personal data to the Client. The personal data that the Contractor processes will be destroyed after the expiry of the statutory retention period and/or at the request of the Client.
3.k. This processor agreement comes into effect on 25 May 2018. This agreement ends after and insofar as the Contractor has deleted or returned all personal data. Neither party can prematurely terminate this processor agreement.
3.l. Dutch law applies to this agreement. Disputes arising from this agreement will be submitted to the competent court in the district where the Client is established.
Although we make every effort to deliver a good product or service, it is possible that you are dissatisfied with the delivery. We kindly ask you to pass on your complaint to us. This can be done by e-mail, regular mail, telephone or via the contact form. We will review the complaint and try to resolve it to everyone's satisfaction.