Terms and conditions of Garden Connect.
1.1 These Terms and Conditions shall apply to the provision of Services by the Service Provider to the Client.
1.2 In the event of conflict between these Terms and Conditions and any other terms and conditions (of the Client or otherwise), the former shall prevail unless expressly otherwise agreed by the Service Provider in writing.
2. Definitions and Interpretation
2.1 In these Terms and Conditions, unless the context otherwise requires, the following expressions have the following meanings:
“Agreement” means an agreement between the Service Provider and the Client entered into by the same which shall incorporate, and be subject to, these Terms and Conditions;
“Client” means any individual, firm or corporate body (which expression shall, where the context so admits, include its successors and assigns) which purchases services from the Service Provider;
“Commencement Date” means the commencement date for the Agreement as set out in the same;
“Fees” means the fees payable by the Client under Clause 4 in accordance with the Terms of Payment;
“Services” means the Services to be provided by the Service Provider to the Client as set out in the Agreement;
“Service Provider” means Garden Connect LTD and
“Terms of Payment” means the terms of payment of Fees as set out in the Agreement
2.2 Unless the context otherwise requires, each reference in these Terms and Conditions to:
2.2.1 “writing”, and any cognate expression, includes a reference to any communication effected by electronic or facsimile transmission or similar means;
2.2.2 a statute or a provision of a statute is a reference to that statute or provision as amended or re-enacted at the relevant time;
2.2.3 “these Terms and Conditions” is a reference to these Terms and Conditions and any Schedules as amended or supplemented at the relevant time;
2.2.4 a Schedule is a schedule to these Terms and Conditions; and
2.2.5 a Clause or paragraph is a reference to a Clause of these Terms and Conditions (other than the Schedules) or a paragraph of the relevant Schedule.
2.2.6 a “Party” or the “Parties” refer to the parties to these Terms and Conditions.
2.3 The headings used in these Terms and Conditions are for convenience only and shall have no effect upon the interpretation of these Terms and Conditions.
2.4 Words imparting the singular number shall include the plural and vice versa.
3. the Services
3.1 With effect from the Commencement Date the Service Provider shall, in consideration of the Fees being paid in accordance with the Terms of Payment, provide the Services to the Client.
3.2 the Service Provider will use reasonable care and skill to perform the Services.
3.3 the Service Provider shall use all reasonable endeavours to complete its obligations under the Agreement and time shall be of the essence in the performance of these obligations.
4.1 The Client agrees to pay the Fees in accordance with the Terms of Payment.
4.2 In addition the Service Provider shall be entitled to recover from the Client his reasonable incidental expenses for materials used and for third party goods and services supplied in connection with the provision of the Services.
4.3 The Client will pay the Service Provider for any additional services provided by the Service Provider that are not specified in the Agreement in accordance with the Service Provider’s then current, applicable daily rate in effect at the time of the performance or such other rate as may be agreed. Any charge for additional services will be supplemental to the amounts that may be due for expenses.
4.4 All sums payable by either Party pursuant to the Agreement are exclusive of any value added or other tax (except corporation tax) or other taxes on profit, for which that Party shall be additionally liable.
5.1 All payments required to be made pursuant to the Agreement by either Party shall be made when due, and paid by Direct Debit or other arrangement as agreed with the Service Provider. Payment will be made in the appropriate currency related to the country the Services are provided in, in cleared funds to the Service Provider’s bank as detailed on each invoice, without any set-off, withholding or deduction except such amount (if any) of tax as that Party is required to deduct or withhold by law.
5.2 The time of payment shall be of the essence. If the Client fails to make any payment on the due date then the Service Provider shall, without prejudice to any right which the Service Provider may have pursuant to any statutory provision in force from time to time, have the right to charge the Client interest on a daily basis at an agreed amount, or to withhold services with immediate effect.
6.1 Both the Service Provider and the Client shall undertake that, except as provided by sub-Clause 6.2 or as authorised in writing by the other Party, it shall at all times during the continuance of the Agreement;
6.1.1 keep confidential all Confidential Information;
6.1.2 not disclose any Confidential Information to any other party;
6.1.3 not use any Confidential Information for any purpose other than as contemplated by the Agreement;
6.1.4 not make any copies of, record in any way or part with possession of any Confidential Information; and
6.1.5 ensure that (as applicable) none of its directors, officers, employees, agents or advisers does any act which, if done by that Party, would be a breach of the provisions of sub-Clauses 6.1.1 to 6.1.4.
6.2 Subject to sub-Clause 6.3, either Party may disclose any Confidential Information to:
6.2.1 any of their sub-contractors or suppliers;
6.2.2 any governmental or other authority or regulatory body; or
6.2.3 any of their employees or officers or those of any party described in sub-Clauses 6.2.1 or 6.2.2;
6.3 Disclosure under sub-Clause 6.2 may be made only to the extent that is necessary for the purposes contemplated by the Agreement, or as required by law. In each case the disclosing Party must first inform the recipient that the Confidential Information is confidential. Unless the recipient is a body described in sub-Clause 6.2.2 or is an authorised employee or officer of such a body, the disclosing Party must obtain and submit to the other Party a written undertaking from the recipient to keep the Confidential Information confidential and to use it only for the purposes for which the disclosure is made.
6.4 Either Party may use any Confidential Information for any purpose, or disclose it to any other party, where that Confidential Information is or becomes public knowledge through no fault of that Party.
6.5 When using or disclosing Confidential Information under sub-Clause 6.4, the disclosing Party must ensure that it does not disclose any part of that Confidential Information which is not public knowledge.
6.6 The provisions of this Clause 6 shall continue in force in accordance with their terms, notwithstanding the termination of the Agreement for any reason.
7. Variation and Amendments
7.1 If the Client wishes to vary any details of the Agreement he must notify the Service Provider in writing as soon as possible. the Service Provider shall endeavour to make any required changes and any additional costs thereby incurred shall be invoiced to the Client.
7.2 If, due to circumstances beyond the Service Provider’s control, it has to make any change in the arrangements relating to the provision of the Services it shall notify the Client immediately. the Service Provider shall endeavour to keep such changes to a minimum and shall seek to offer the Client arrangements as close to the original as is reasonably possible in the circumstances.
8.1 Either Party may terminate the Agreement by giving written notice to the other Party if:
8.1.1 any sum owing to that Party by the other Party under any of the provisions of the Agreement is not paid within 7 days of the due date for payment;
8.1.2 the other Party commits any other breach of any of the provisions of the Agreement and, if the breach is capable of remedy, fails to remedy it within 7 days after being given written notice giving full particulars of the breach and requiring it to be remedied;
8.1.3 an encumbrancer takes possession, or where the other Party is a company, a receiver is appointed, of any of the property or assets of that other Party;
8.1.4 the other Party makes any voluntary arrangement with its creditors or, being a company, becomes subject to an administration order (within the meaning of the Insolvency Act 1986);
8.1.5 the other Party, being an individual or firm, has a bankruptcy order made against it or, being a company, goes into liquidation (except for the purposes of bona fide amalgamation or re-construction and in such a manner that the company resulting therefrom effectively agrees to be bound by or assume the obligations imposed on that other Party under this Agreement);
8.1.6 anything analogous to any of the foregoing under the law of any jurisdiction occurs in relation to the other Party;
8.1.7 the other Party ceases, or threatens to cease, to carry on business; or
8.1.8 control of the other Party is acquired by any person or connected persons not having control of that other Party on the date of the Agreement. For the purposes of this Clause 8, “control” and “connected persons” shall have the meanings ascribed thereto by Sections 1124 and 1122 respectively of the Corporation Tax Act 2010.
8.2 For the purposes of sub-Clause 8.1.2, a breach shall be considered capable of remedy if the Party in breach can comply with the provision in question in all respects.
8.3 In the event of termination under sub-Clause 8.1 the Service Provider shall retain any sums already paid to it by the Client without prejudice to any other rights the Service Provider may have whether at law or otherwise.
Either Party may sub-contract the performance of any of its obligations under the Agreement without the prior written consent of the other Party. Where either Party sub-contracts the performance of any of its obligations under the Agreement to any person with the prior consent of the other Party, the sub-contracting Party shall be responsible for every act or omission of the sub-contractor as if it were an act or omission of the sub-contracting Party itself.
10. Liability and Indemnity
10.1 Except in respect of death or personal injury caused by the Service Provider’s negligence, the Service Provider will not by reason of any representation, implied warranty, condition or other term, or any duty at common law or under the express terms contained herein, be liable for any loss of profit or any indirect, special or consequential loss, damage, costs, expenses or other claims (whether caused by the Service Provider’s servants or agents or otherwise) in connection with the performance of its obligations under the Agreement or with the use by the Client of the Services supplied.
10.2 The Client shall indemnify the Service Provider against all damages, costs, claims and expenses suffered by the Service Provider arising from loss or damage to any equipment (including that of third parties) caused by the Client, or his agents or employees.
10.3 the Service Provider shall not be liable to the Client or be deemed to be in breach of the Agreement by reason of any delay in performing, or any failure to perform, any of the Service Provider’s obligations if the delay or failure was due to any cause beyond the Service Provider’s reasonable control.
11. Intelectual propery
11.1 the Service Provider retains the rights and privileges that accrue to it based on the Copyright Act and other intellectual legislation and regulations. the Service Provider has the right to use the increased knowledge on its part from the execution of the agreement for other purposes, in so far as no strictly confidential information of the Client is communicated to third parties here.
11.2 the Service Provider provides delivered goods and services, which include but are not limited to websites, web shops, digital newsletters, newsletter systems, and other related services which are delivered to the Client based on a periodic subscription, merely on loan to Client and will never relinquish ownership of intellectual property, source codes, texts, pictures, images, technical descriptions, functional designs, specifications and other related matters. After termination of the agreement, every claim from the Client to all delivered goods and services will lapse and the Client will not be authorised to continue the use of (parts of) the delivered goods and services.
12.1 In the case of the provision of services from the Service Provider (also) serves to provide services regarding storage and/or transfer of materials (supplied by the Client) to third parties, such as in case of webhosting services and/or e-mail services the provisions in this article will further apply.
12.2 The Client will not publish or offer any information through (the servers of) the Service Provider. This will particularly, but not exclusively include information offered without consent from the copyright holder(s), information which may be humiliating, threatening, insulting, racist, incitement to hatred, or discriminating, information containing child pornography and information that violates the privacy of third parties or constitutes some form of stalking, also hyperlinks, torrents or other references to such information on websites of third parties, wherever in the world (even when the information is legal in the jurisdiction in question).
12.3 The Service Provider uses a complaints procedure which will enable third parties (to be referred to hereinafter as: "Informants") to file a complaint that in their opinion, constitutes such a violation. In case a complaint, in the opinion of the Service Provider is justified, the Service Provider will be entitled to remove the material or make it inaccessible. In such a case, the Service Provider will also be entitled to submit the personal information of the Client to the relevant authorities. the Service Provider will inform the Client of the progress of this procedure.
12.4 In case of information which may be illegal, the Service Provider will be entitled to report this. In this case the Service Provider may hand over all relevant information of the Client to the competent authorities and perform all other acts requested from the Service Provider by said authorities in the framework of the investigation.
12.5 In case of (valid) complaints about the information offered by the Client, the Service Provider will be entitled to terminate and/or end the agreement.
12.6 The client indemnifies the Service Provider for all damages resulting from the above. the Service Provider will not be liable for any damage whatsoever that the Client suffers due to intervention by the Service Provider in the framework of this complaints procedure, not even when the complaint shows to be unjustified and/or the information shows not to be in violation of law.
12.7 The client will refrain from impeding other clients and or internet users or from damaging the servers. The client will be prohibited from start up processes or programmes, whether either or not via the server, of which Client knows or may reasonably suspect that this will impede or cause damage to the Service Provider, other Clients or internet users. the Service Provider will inform Client of any measures that may be taken.
12.8 Client will comply with the generally accepted rules of conduct on the internet as laid down in RFC1855 (ftp://ftp.ripe.net/rfc/rfc1855.txt) and future adjustments of this.
12.9 Without consent from the Service Provider, the Client will be prohibited from handing over the user name or user names and password or passwords provided by the Service Provider to third parties.
12.10 the Service Provider may set a maximum to the amount of storage space or data communications per month that the Client is allowed to use in the framework of the Service provided by the Service Provider. In case of transgression of this maximum, the Service Provider will be authorised to charge an extra amount in accordance with the amounts for extra data communications stated on the website of the Service Provider. There is no liability for inability to send, receive, save or change data if an agreed limit for storage space or data communications has been reached.
12.11 The Client will herewith grant the Service Provider an unrestricted licence to distribute, store, pass on or copy all material circulated by Client through the systems of the Service Provider in any way deemed appropriate by the Service Provider, however, exclusively in so far as this is reasonably necessary for the benefit of the compliance with the agreement by the Service Provider.
12.12 In case the Service provision to Client based on the agreement also comprises making back-ups of data of Client, with due observance of the periods agreed upon between parties in writing, and in absence of this, once a week Garden Connect make a full back-up of the data from Client in its possession. the Service Provider will keep the back-up during a term to be agreed upon between parties and if arrangements in this regard are lacking, during the usual terms at the Service Provider. the Service Provider will handle the back-up properly and keep it with due care and diligence.
12.13 Apart from the obligations arising from the law, damage arising from incompetence or failure to act in accordance with the above provisions will be at the expense of Client.
12.14 Service provider processes the registration and implementation of SSL certificates on behalf of client. Service provider is using Comodo certificates. Client accepts that the Service provider is just a middleman in the process of issuing these certificates and is not responsible nor liable for any damage caused by using SSL certificates.
12.15 Client accepts the requirements as stated on www.comodoca.com/en-us/legal and will make sure he complies to them during the lifetime of the certificate. Client will check these documents regularly.
13. Domain names and IP-adresses
13.1 Domain names and IP-addresses
13.2 In case the Service provision from the Service Provider is (also) meant for the Service Provider to mediate on behalf of Client for obtaining a domain name and/or IP-address, the provisions of this article will further apply.
13.3 Application, granting and possible use of a domain name and/or IP-address are dependent on and subject to prevalent rules and procedures of the relevant registering authorities, including Nominet. The relevant authority will decide on granting the domain name and/or IP-address. the Service Provider will play only a mediating role in the application and provides no warranties for the application to be honoured.
13.4 Client may solely from the confirmation via e-mail from the Service Provider, containing notification that the requested domain name has been registered, be informed of the fact of registration. An invoice for registration costs is no confirmation of registration.
13.5 The Client indemnifies the Service Provider and keeps it free from all damages in connection with (the use of) a domain name on behalf of or by Client.
13.6 The Service Provider is not liable for the loss by Client of its right(s) to a domain name or for the fact that in the interim the domain name is applied for and/or obtained by a third party, except for in case of wilful intent or gross negligence on the part of the Service Provider.
13.7 In the case where the Service Provider registers a domain name in its name on behalf of the Client, the Service Provider will cooperate in case of requests from Client for moving, transferring or cancelling this domain name.
13.8 The Client must conform to the rules set by the registering authorities for application, granting or use of a domain name and/or IP-address.
13.9 The Service Provider has the right to make the domain name and/or IP-address inadmissible or unfit for use, or put it (or have it put) in its own name when Client remains demonstrably in default in complying with the Agreement, however, solely and exclusively after lapse of a reasonable term for compliance set in a written notice of default.
13.10 In case of termination of the Agreement for breach of contract by Client, the Service Provider will be entitled to discontinue the domain name and/or IP-address or else put it (or have it put) in its own name.
14.1 In a case where the Client and third parties communicate with the aid of electronic devices, such as via e-mail, websites web shop and other forms of data communication, both parties will ensure there is adequate protection against viruses. the Service Provider will make a reasonable effort to secure its systems against loss and/or any form of unlawful use and for this it will implement fitting technical and organizational measures, among other things taking due account of the state of the art. the Service Provider will not be liable towards Client for any damage resulting from the transfer of viruses and/or other irregularities in the electronic communication, nor for messages which have not been received or which are damaged.
14.2 Client must secure its own computer system in such a way that third parties cannot be granted unauthorized access.
15. Internet services, newsletters and support
15.1 In the case where the Service provision from the Service Provider (also) means that the Service Provider provides internet services, develops websites or provides a platform to send digital newsletters for Client, the provisions in this article will further apply.
15.2 the Service Provider does not warrant that the websites and systems operate properly, coherent with all types of new web browsers and internet browsers and any other software. the Service Provider also does not warrant proper operation of the website in coherence with all types of equipment.
15.3 The Client must observe the strict letter of the law and regulations in the field of e-mail marketing and declares to comply with this through the use of the systems.
15.4 In a case where the Service provision to the Service Provider based on the agreement also comprises support to the Client or (end) users of the Service, the Service Provider will advise via telephone or e-mail on the use and operation of the software referred to in the agreement and on the use of the Service. the Service Provider may attach conditions to the qualifications and the number of contact persons that qualify for support. the Service Provider deals with properly founded requests for support within a reasonable term. the Service Provider will not warrant correctness, completeness or timeliness of reactions or support offered. Unless otherwise agreed upon in writing, support will only be rendered on work days during the usual office hours of the Service Provider.
16.1 All visitor's numbers, displays and/or impressions set forth by the Service Provider will only serve as an indication and provide no warranties and impose no obligations whatsoever in respect of the performances to be delivered.
16.2 The Client is not allowed to grant rights to third parties regarding advertisements purchased by the Client, unless this is done with the explicit consent from the Service Provider. In this case, "third parties" will explicitly not mean a subsidiary of the Client.
16.3 the Service Provider is also at all-time entitled to refuse placing advertisements in case of technical objections, rejection of the content, the nature, the meaning or the form of the advertisement in question and also, for reasons of a principle nature in connection with the edition or other compelling reasons on the part of the Service Provider.
16.4 Advertisements may not contain expressions that are in violation of the law or other regulations, public order or public morality, nor may the contents infringe the (intellectual property) rights of third parties. The Client indemnifies the Service Provider both judicially and extra-judicially for claims from relevant third parties and all damages suffered or to be suffered by the Service Provider as a result of, or in connection with this.
16.5 the Service Provider will by no means be liable for the damage arising from services and/or products offered by the Client in advertisements or on its website.
16.6 The advertising material must be submitted to the the Service Provider in time. the Service Provider is entitled to not handle or place advertising material which is not submitted in time, notwithstanding the obligation of the Client to pay an amount, which in the opinion of the Service Provider is reasonable and which will not exceed the full amount involved in the advertisement (agreement) in question.
16.7 The Client warrants that digitally submitted advertisement material is safe and does not contain Trojans, worms or other programmes which may in any way cause damage to the computer systems, computer programmes or the websites of the Service Provider.
16.8 The Client also warrants that upon submitting advertisement material online it will not us equipment and/or software which may disrupt the regular operation of the websites of the Service Provider, nor to send data which because of their size and/or properties may disproportionately burden the infrastructure of the websites of the Service Provider.
16.9 the Service Provider does not warrant the quality of the representation of the advertisement on a website, possible deviations, differences in colour and other flaws that may occur.
17. Product database
17.1 the Service Provider offers no warranties regarding the correctness, completeness and topicality of the (product) information it supplies or makes available. The Client is expected to inspect this (product) information for correctness, completeness and topicality itself, prior to its use and/or publication.
17.2 the Service Provider may use images, pictures, descriptions and other information in its product database, in which rights of third parties are vested. Client will not be entitled to distribute, multiply and/or exploit the product information in any way whatsoever, without explicit written consent from the Service Provider.
17.3 The Client indemnifies the Service Provider from all claims from a third party regarding images, pictures, descriptions and other information made available by the Service Provider by way of its product database.
18. Force Majeure
Neither the Client nor the Service Provider shall be liable for any failure or delay in performing their obligations under the Agreement where such failure or delay results from any cause that is beyond the reasonable control of that Party. Such causes include, but are not limited to: power failure, Internet Service Provider failure, industrial action, hacking of servers of the Service Provider, civil unrest, fire, flood, storms, earthquakes, acts of terrorism, acts of war, governmental action or any other event that is beyond the control of the Party in question.
19.1 No waiver by the Service Provider of any breach of the Agreement by the Client shall be considered as a waiver of any subsequent breach of the same or any other provision. A waiver of any term, provision or condition of the Agreement shall be effective only if given in writing and signed by the waiving Party and then only in the instance and for the purpose for which the waiver is given.
19.2 No failure or delay on the part of any Party in exercising any right, power or privilege under the Agreement shall operate as a waiver of, nor shall any single or partial exercise of any such right, power or privilege preclude, any other or further exercise of any other right, power or privilege.
The Parties agree that, in the event that one or more of the provisions of these Terms and Conditions are found to be unlawful, invalid or otherwise unenforceable, that / those provisions shall be deemed severed from the remainder of these Terms and Conditions (and the Agreement, as appropriate). The remainder of these Terms and Conditions shall be valid and enforceable.
The Service Provider reserves all copyright and any other rights (if any) which may subsist in the products of, or in connection with, the provision of the Services or facilities. the Service Provider reserves the right to take such actions as may be appropriate to restrain or prevent infringement of such copyright.
22.1 All notices under the Agreement shall be in writing and be deemed duly given if signed by, or on behalf of, a duly authorised officer of the Party giving the notice.
22.2 Notices shall be deemed to have been duly given:
22.2.1 when delivered, if delivered by courier or other messenger (including registered mail) during normal business hours of the recipient; or
22.2.2 when sent, if transmitted by fax or e-mail and a successful transmission report or return receipt is generated; or
22.2.3 on the fifth business day following mailing, if mailed by national ordinary mail, postage prepaid; or
22.2.4 on the tenth business day following mailing, if mailed by airmail, postage prepaid.
in each case addressed to the most recent address, e-mail address, or facsimile number notified to the other Party.
22.3 Service of any document for the purposes of any legal proceedings concerning or arising out of the Agreement shall be effected by either Party by causing such document to be delivered to the other Party at its registered or principal office, or to such other address as may be notified to one Party by the other Party in writing from time to time.
23.1 The Client warrants he's aware of the GDPR legislation which is active from the 25th of May 2018 and states he understands the impact of this on his own website, webshops and other online marketing channels.
23.2 The Client states he agrees with the Processing Agreement provided by Garden Connect. See below or download here.
23.3 The Client warrants he has to make sure he complies with GDPR and it's his own responsibility to comply.
23.4 Whenever the Service Provider provides information about GDPR (or any legislation), Client understands this is considered to be general advice and not a legally binding advice. The Client will consult a lawyer should he wish to have legal advice.
24. Law and Jurisdiction
24.1 These Terms and Conditions and the Agreement (including any non-contractual matters and obligations arising therefrom or associated therewith) shall be governed by, and construed in accordance with, the laws of England and Wales.
24.2 Any dispute, controversy, proceedings or claim between the Parties relating to these Terms and Conditions or the Agreement (including any non-contractual matters and obligations arising therefrom or associated therewith) shall fall within the jurisdiction of the courts of England and Wales.
PROCESSING AGREEMENT GDPR
This processing agreement applies to all forms of processing of personal data that Garden Connect ltd, registered with Companies House, under number 07009875, (hereinafter: the “Processor”), performs on behalf of a counter party to whom it provides services (hereinafter: “Processing Officer”), hereinafter collectively referred to as: the “Parties”.
Artikel 1 Purposes of processing
The processor agrees to process personal data on the instructions of the Processing Officer, under the conditions of this Processing Agreement Processing will only take place in the context of the processing of orders and payments for products or services of the Processing Officer, the storage of data from the Processing Officer in the 'cloud', and associated on-line services, the provision and management of the on-line Customer Relation Management package. and/or on-line Content Management System of Processor for the Processing Officer, maintaining telephone contact with clients of Processing Officer for handling complaints and providing service, conducting Public Relations and Marketing Activities for the Processing Officer, sending newsletters commissioned by the Processing Officer, management of the customer administration of the Processing Officer, customer card-related information, making purchasing, customer and behavioural analysis, plus those purposes that are reasonably related or that were further agreed to mutually.
The personal data processed by the Processor in the context of the activities referred to in the previous paragraph and the categories of the involved of which they originate, are listed in annex 1. The Processor will not process the personal data for any other purpose than as determined by the Processing Officer. The Processing Officer will inform the Processor of the processing purposes insofar as these have not yet been listed in this Processing Agreement. The Processor may, however, use the personal data for quality purposes, such as surveying the data subjects or conducting scientific or statistical studies into the quality of its services.
The personal data to be processed on behalf of the Processing Officer remain the property of the Processing Officer and/or the relevant involved parties.
Artikel 2 Obligations of the Processor
With regard to the processing operations referred to in article 1, the Processor will ensure compliance with the applicable laws and regulations, including in any case the laws and regulations relating to the protection of personal data, such as the Personal Data Protection Act, and per 25 May 2018 the General Data Protection Regulation.
The Processor will inform the Processing Officer, on its first request, of the measures it has taken with regard to its obligations under this Processing Agreement.
The obligations of the Processor arising from this Processing Agreement also apply to those who process personal data under the authority of the Processor, including but not limited to employees, in the broadest sense of the word.
The Processor will immediately inform the Processing Officer if, in its opinion, an instruction of the Processing Officer is in conflict with the legislation referred to in paragraph 1.
The Processing Officer is deemed to take note of its rights and obligations regarding the processing of personal data and to act accordingly.
The Processor will, insofar as this is within its power, assist the Processing Officer in the implementation of a data protection impact assessment (DPIA).
Artikel 3 Transfer of personal data
The Processor may process the personal data in countries within the European Union. Transfer to countries outside the European Union is not permitted if countries and/or companies do not comply with the GDPR guidelines and don't fall under the Privacy Shield directive.
Artikel 4 Distribution of responsibility
The authorized processing operations will be carried out by employees of the Processor, within an automated environment.
The Processor is solely responsible for the processing of the personal data under this Processing Agreement, in accordance with the instructions of the Processing Officer and under the express (final) responsibility of the Processing Officer. The Processor is expressly not responsible for the other processing of personal data, including in any case, but not limited to, the collection of the personal data by the Processing Officer, processing for purposes not reported by the Processing Officer to the Processor, processing by third parties and/or for other purposes.
The Processing Officer guarantees that the content, the use and the instructions for the processing of the personal data as referred to in this Processing Agreement are not unlawful and do not infringe any third party right.
Artikel 5 Engaging external parties or subcontractors
The Processor may engage external parties in the context of this Processing Agreement, provided that prior written permission is obtained from the Processing Officer;
The Processing Officer may object if the use of a specific indicated external party is unacceptable.
The Processor will in any case ensure that these external parties take on at least the same obligations, in writing, as agreed between the Processing Officer and the Processor.
The Processor guarantees the correct compliance with the obligations arising from this Processing Agreement by these external parties and, in the event of errors by these external parties, is itself liable for all damages as if they had committed the error(s) themselves.
Artikel 6 Security
The Processor will make reasonable efforts to take sufficient technical and organizational measures with regard to the processing of personal data, against loss or any form of unlawful processing (such as unauthorised disclosure, violation, modification or provision of personal data). These measures are tailored to the risk of processing. An overview of these measures and the policy on them are included in Annex 2.
The Processor does not guarantee that the security is effective under all circumstances. If an explicitly described security measure is missing in the Processing Agreement, the Processor will endeavour to ensure that the security meets a reasonable level, in view of the state of the art, the sensitivity of the personal data and the costs associated with the security.
The Processing Officer will only make personal data available to the Processor for processing if it has ensured that the required security measures have been taken. The Processing Officer is responsible for compliance with the measures agreed by the Parties.
Artikel 7 Security incidents and data leaks
In the event of a possible data leak, the Processor will inform the Processing Officer within 24 hours after discovery of the data leak, or as soon as possible after the Processor has been informed about this by a sub-processor, as included in Annex 3, so that the Processing Officer can report this, if necessary, to the supervisor.
The Processor shall keep the Processing Officer informed of new developments surrounding the data leak and the measures taken to limit the size of the data leak, and put a stop to it, and to prevent a similar incident in the future.
The responsibility for report a data leak to the supervisor and, if necessary, informing the data subject(s) about the data leak, is entirely on the Processing Officer. The Processor shall cooperate, where necessary, with the adequate information of those involved.
Possible costs incurred to resolve the data leak and to prevent it in the future will be borne by the party who incurs the costs.
Artikel 8 Handling requests from those involved
In the event that a data subject submits a request for the execution of his/her legal rights to the Processor, the Processor will forward the request to the Processing Officer, and the Processing Officer will further process the request. The Processor may inform the involved of this.
Artikel 9 Confidentiality
All personal data that the Processor receives from the Processing Officer and/or collects itself in the context of this Processing Agreement, is subject to a confidentiality obligation towards external parties. The Processor will not use this information for any purpose other than for which it was obtained, even when it is converted into such a form, that it is not traceable to the involved.
This confidentiality obligation does not apply insofar as the Processing Officer has given explicit permission for information to be provided to external parties, if the provision of information to external parties is logically necessary in view of the nature of the assignment and the implementation of this Processing Agreement, or if there is a legal obligation to provide information to an external party.
Artikel 10 Audit
The Processing Officer has the right to have audits carried out by an independent external party who is bound to confidentiality in order to check compliance with the security requirements, compliance with the general rules regarding the processing of personal data, and everything directly related to this.
This audit may take place with a concrete suspicion of abuse of personal data.
The Processor will cooperate in the audit and provide all information reasonably relevant for the audit, including supporting data such as system logs, and make employees available as soon as possible.
The findings resulting from the audit carried out will be assessed by the Processor and may be implemented by the Processor at the discretion of the Processor, as the Processor deems fit.
The costs of the audit will be borne by the Processing Officer.
Artikel 11 Liability and penalties
The liability of the Processor for damage as a result of an attributable shortcoming in the performance of the Processing Agreement, or in tort or otherwise, is excluded. Insofar as the aforementioned liability can not be excluded, this per event (a series of consecutive events counts as one event) is limited to the compensation of direct damage, to a maximum of the amount of the fees received by the Processor for the activities under this Processing Agreement for the month preceding the event causing the damage. The liability of the Processor for direct damage will in total never exceed £ 5 000.00.
Under direct damage is exclusively understood to mean all damage consisting of:
damage directly caused to property ("property damage");
reasonable and demonstrable costs to remind the Processor to perform the Processing Agreement (again) properly;
reasonable expenses to determine the cause and the extent of the damage, for as far as related to the direct damage as intended here;
reasonable and demonstrable costs incurred by the Processing Officer to prevent or limit the direct damage as referred to in this article.
The liability of the Processor for indirect damages is excluded. Indirect damage is understood to mean all damage that is not direct damage and therefore in any case, but not limited to, consequential damage, loss of profit, reputation damage, missed savings, loss of goodwill, loss due to business stagnation, damage due to failure to determine marketing objectives, damage related to the use of data or data files prescribed by the Processing Officer, or loss, mutilation or destruction of data or data files.
The exclusions and limitations referred to in this article shall lapse if and insofar as the damage is the result of intent or deliberate recklessness on the part of the Processor or its management.
Unless compliance is permanently impossible, the liability of a Party due to an attributable failure to fulfil an obligation from the Framework agreement shall only arise if the Processing Officer informs the Processor forthwith, in writing, with a reasonable deadline for remedying the failure, and the Processor continues to be in default in the fulfilment of its obligation after that term. The notice of default must contain an as complete and as detailed a description as possible of the shortcoming, so that the Processor is given the opportunity to respond adequately.
Any claim for compensation by the Processing Officer against Processor, that has not been specified and explicitly reported, shall expire by the mere expiration of six (6) months after the claim arose.
In the event of q violation of the Processor Agreement, the Processor will forfeit an immediately due and payable fine of £ 1 000.00 per violation and £ 50.00 per day that the violation persists, to the Processing Officer.
Artikel 12 Duration and termination
This Processing Agreement is concluded by the signing of the Parties and on the date of the last signing.
This Processing Agreement is entered into for the duration stipulated in the main agreement between the Parties and, in the absence thereof, in any case for the duration of the cooperation.
As soon as the Processing Agreement has been terminated, for whatever reason and in any way whatsoever, the Processor will return all personal data that it holds, in the original or copy form, to the Processing Officer, and/or this original personal data and any copies thereof within 12 months, or upon request of the Processing Manager, remove and/or destroy it in a careful and safe manner.
The Processor is entitled to revise this agreement from time to time. It will notify the Processing Officer of the changes at least three months in advance. The Processing Officer may terminate the agreement at the end of these three months if it does not agree with these changes.
After termination of this Processing Agreement, obligations that by their nature are intended to continue beyond the end of the agreement will continue to exist, including the reporting of data leaks and the duty of confidentiality.
Artikel 13 Final stipulations
The provisions from this Processing Agreement take precedence over the provisions in possible General Terms and Conditions of the Processor, unless a provision in the General Terms and Conditions is explicitly referred to.
The nullity of any provision in this Processor Agreement does not affect the validity of the other provisions. Annulled or voidable provisions shall be replaced by the Parties, in mutual consultation, with new provisions to be determined, whereby the purpose and intent of the invalid, annulled or destructible provision shall be observed to the extent possible. The Processing Agreement and the implementation thereof are governed by Dutch law.
All disputes that may arise between the Parties in connection with the Processing Agreement shall be submitted to the competent court in the district in which the Processor is established.
Annex 1: Specification personal data and persons involved
In the context of Article 1.1 of the Processing Agreement, the Processor will process the following (special) personal data on behalf of the Processing Officer:
• Address data
• Telephone number
• E-mail address
• Visit behaviour
• IP address
• Social media accounts
• Birth dates
• Financial details
• Information filled in on the website and/or web shop and/or app
• Purchase and transaction data
• Information linked to customer and loyalty cards
Of the categories of involved persons:
• Account holders
• Website visitors
• Possible clients
• Pass holders
• App users
• Store, business or event visitors
• Participants in contests
The Processing Officer guarantees that the personal data and categories of data subjects described in this Annex 1 are complete and correct, and indemnifies the Processor against any defects and claims that result from an incorrect representation by the Processing Officer.
Annex 2: Overview with security measures
The Processor has the following technical and organizational measures to protect the personal data against loss or unlawful processing:
TECHNICAL SAFETY MEASURES
- Up to date virus scan on all laptops by means of Symantec Endpoint Protection or similar software
- Limiting the use of USB sticks for data storage and data exchange
- Protection of portable devices like tablets and telephones by means of access codes
- Dual verification on critical systems and software where data storage has taken place
- Dual verification of software on which users log in
- Dual verification on laptops by means of a boot login and user account per employee
- Physical protection of laptops within the work environment of the Processor
- Encrypted saving of passwords and log-in details of the Processing Officer if necessary
- Where possible encrypting communication with third party software (including but not exclusively API link)
ORGANIZATIONAL SAFETY MEASURES
- Clean desk policy
- Do not leave your laptop unattended without protection
- Never leave your laptop in the car
- Preventing the storage of documents on staff devices and regular cleaning up of old data on these
- Careful removal and destruction of old devices
Annex 3: information to be provided Iin the event of a data leak
The Processor will provide all information that the Processing Officer considers necessary to be able to assess the incident. In doing so, the Processor will at least provide the following information to the Processing Officer:
- what the (alleged) cause of the infringement is;
- what the (as yet known and/or expected) consequence is;
- what the (proposed) solution is;
- contact details for follow-up of the report;
- number of persons whose data are involved in the infringement (if no exact number is known: the minimum and maximum number of persons whose data are involved in the infringement);
- a description of the group of persons whose data are involved in the infringement;
- the type or types of personal data involved in the infringement;
- the date on which the infringement took place (if no exact date is known: the period in which the infringement occurred);
- the date and time at which the infringement became known to the Processor or to an external party or sub-processor engaged by it;
- whether the data is encrypted, hashed, or is otherwise incomprehensible or inaccessible to unauthorized persons;
- what measures have already been taken to end the infringement and to limit the consequences of the infringement?