We are fully aware of the trust that you, and your association, place in us. We therefore see it as our responsibility to protect your privacy. This document gives you insight into what information we collect when you use our services, why we collect this information and how we process it. In this way you’ll understand exactly how we work. NLCollect B.V. processes your personal data in accordance with the General Data Protection Regulation of the European Union (EU 2016 / 679.13-14).
In order to provide the NLCollect B.V. services, NLCollect B.V. registers your name, e-mail address, home address, bank details, telephone number, payment amount, in-app communication, mail content and reservations. When you click on a deep link, which leads you to a page within our system, you can as well adjust your own data if they appear incomplete or incorrect. This data is used to provide the services of NLCollect B.V.
If you agree with this privacy statement, you agree that the above information is made available for inspection to NLCollect B.V., your association and the third parties as mentioned below. This information will only be used to collect amounts due to be recovered for the benefit of your association(s) and to communicate with you in this context.
The following processes will take place by ClubCollect ·
Data use by third parties
- Communicating regarding payments you need to fulfil (incl. payment requests and reminders);
- Facilitating payments through a secured website;
- Keeping track of completed payments and sending reminders;
- Informing clubs about payments;
- Offering the possibility to pay the membership fee in installments and sharing this information with a financing party if you wish to make use of the possibility to pay in installments.
- Inform clubs about adjustments of the member administration system.
- Register member data and associated subscriptions through a secures website;
- Facilitating functionalities within the member administration system ClubBase and applications of third parties including: Mailchimp, club websites , mobile club applications.
If you use NLCollect B.V. we will, in certain cases, use the (IT) services of third parties for operational or technical purposes, such as the hosting of servers. NLCollect B.V. monitors that these third parties manage the data in line with European privacy law (EU 2016 / 679.27), and has therefore made agreements about the adequate security of your data.
Looking into and correct data
You can always ask NLCollect B.V. for an overview of your data, and request that they be corrected (EU 2016 / 679.16) or removed (EU 2016 / 679.17) if the data is incorrect or irrelevant for the intended purposes. However, invoices cannot be deleted due to local regulations. You can send an e-mail to email@example.com, to which we will process your request within 5 to 10 working days.
If, due to your special personal situation, the membership fee collection of NLCollect B.V. causes objections to you, you can inform us in writing or by email at firstname.lastname@example.org stating the reasons for the objection. NLCollect will then consult with your club about an appropriate solution.
Security of your data
NLCollect B.V. has taken appropriate technical and organisational measures to prevent unauthorized access to and loss of your data (EU 2016 / 679.32). Among other things, the storage of the data is protected by encryption and the data that is exchanged between you and the web server is encrypted. Data relating to financial transactions is stored and archived within the EU in geographically separate locations so that all data can be reconstructed in the event of a system failure. The security of the systems is certified and regularly checked by specialized agencies. If there is a loss of data, NLCollect B.V. will inform the parties concerned within 72 hours (EU 2016 / 679.34).
Adjustments in privacy statement
Possible changes will be announced on the website of NLCollect B.V. and take effect 7 days after the announcement.
Questions and feedback
Version 2.8 (May 2018)
085 760 6666
Terms and Conditions
Data Processing Agreement
- These general terms and conditions apply to all offers from and agreements with NLCollect B.V., located in Amsterdam, registered under the Chamber of Commerce number 57468907.
- Your use of the software and the information, services and functionalities available through this software (collectively referred to as the “Software”) is governed by these terms and conditions.
- These terms are applicable to you and your club or organisation (the “User”) on the one hand NLCollect B.V. (the “Supplier“) on the other hand.
- In order to use the Software User must fully accept these terms and conditions, which User confirms to have read and understood upon acceptance thereof. User may only access or use the Software if he/she agree to these terms.
- Any usage of the Software automatically means that User has read, understood and accepted these terms and conditions.
- These terms and conditions shall supersede any and all prior agreements signed by User and (each of) the Supplier relating to the use of the Software and provision of related services.
- Supplier has the right to amend these terms at any time and to change, delete, discontinue or impose conditions on any aspect of the Software.
- Supplier will notify User of any changes to these terms by sending an email to the email address registered with User’s Account or by notifying User from within the application.
- The proposed change will come into effect one (1) month after the date of the change notice, unless User has given Supplier notice that User objects to the proposed changes before the changes come into effect, in which case Supplier reserves the right to terminate User’s access to the Software.
- User’s continued use of the Software constitutes User’s acceptance of and agreement to be bound by these changes without limitation, qualification or change.
- If at any time User determines that he/she does not accept these changes, User must stop using the Software.
Applicable law and disputes
- If any part of these terms is found by a court of competent jurisdiction to be invalid, unlawful or unenforceable then such part shall be severed from the remainder of the terms, which shall continue to be valid and enforceable to the fullest extent permitted by law.
- These terms shall be governed by and construed under and in accordance with the laws of the Netherlands.
- Any complaints about the Software or related services shall be addressed to Supplier in the first instance by contacting customer service.
- Any dispute arising out of or in connection with these terms shall be finally referred to and resolved by the courts of Amsterdam, the Netherlands. Before referring the dispute to court, User and Supplier will endeavour to resolve the dispute by amicable negotiations.
Functionalities and Partners
- The cloud-based Software allows User to manage the organization’s member administration and offers a variety of functionalities relating to club management. User can choose a variety of different modules (subject to additional pricing).
- The Contribution Module for instance – as part of the Software - provides the dispatch and receipt of invoices to/from User’s members (payment services) and related services, including the collection of payments on User’s behalf (through the foundation ClubCollect Payments Stichting, affiliated to NLCollect B.V., Chamber of Commerce registration number 61785083, hereinafter the “Foundation”).
- The E-money license and subscription services that require a financial services license are being provided by Docomo Digital Payment Services AG as a partner of Supplier (“Partner”). Supplier is registered as payment service agent of Partner.
Duration and Termination
- These terms and conditions shall apply as long as User uses the Software.
- User is entitled to terminate the use of the Software at any time via the appropriate settings page within the Software.
- Supplier has the right to suspend access to and use of the Software, in the event that User fails to fulfil its obligations under these terms and conditions or when Supplier determines that the suspension of all or a part of access to the Software is desirable based on objective and reasonable reasons. In the event Supplier suspends the usage of the Software subject to the above, Supplier shall notify User in advance of such suspension except in case of emergency, where Supplier may suspend access to the Software without notice.
- If Supplier believes that unauthorized or improper use is being made of the Software, it may, without notice and at its sole discretion, take such action as it deems appropriate, including disabling the Account.
- If the User fails - within 14 days after notification thereof - to remedy such breach, Supplier will be entitled to immediately terminate access to and use of the Software.
- If the Agreement terminates, User shall be obligated, at its own expense and risk, to cease any use of the Software by User itself and by its members.
- As of the termination date, User can no longer access any data available through the Software. All invoices already sent will either be retracted or collected pursuant to the provisions of these terms and conditions, as agreed between Parties. Any Payments received until and after termination date, will be transferred to User in accordance with the provisions of these terms and conditions. Any such collection and/or other services after termination date shall be subject to the charges as set forth in the Price Sheet.
- After the end of the relationship, for any reason, User can no longer derive any rights from these terms and conditions, without prejudice to the continuance of the rights and obligations of parties which by their nature shall continue after the end of the Agreement or as set otherwise herein.
Usage of software
- Supplier grants User the non-exclusive right to use the Software via Software-as-a-service (SaaS) as set forth in clause 9.
- Supplier creates a personal account for the User (“Account”).
- User must ensure that the information recorded on User’s Account is always accurate and up to date.
- Supplier reserves the right to change, amend and/or update the Software, its functionalities and services at all times.
- Supplier will use all reasonable means to provide the Software to User twenty-four (24) hours a day, seven (7) days a week, all year. Supplier may, however, suspend - at its reasonable discretion – access to the Software in the following cases: (i) to perform maintenance services; (ii) if required by law; or (iii) if User has failed to comply with User’s material obligations under these terms.
- User shall provide maintenance and support on the Software.
- User may contact us for maintenance and support on working days.
- Maintenance includes providing updates, including documentation, of the Software contain a qualitative (e.g. error fix) or functional improvement thereto.
- All orders consisting partly or in whole of custom work or maintenance that contains functional improvements, are subject to additional pricing to be set by Supplier. Any such custom work shall become an integral part of the Software and subject to the ownership rights of Supplier.
- The Supplier has the right to make modifications and/or additions to the Software, without prior notification. However, User shall always attempt to notify User of any changes with reasonable notice on the website, by email or through the application.
- If any such modification results in a new functionality or new features, Supplier shall notify User of the additional price involved (if any).
- If User discovers a malfunction, this should be reported to the Supplier immediately. After such notification, Supplier shall undertake reasonable efforts to repair the malfunction. Any repairs due to improper use of the Software or due to User’s breach of these terms and conditions shall be borne by User.
- While Supplier shall undertake reasonable efforts to make available (and regularly back-up) any data accessible through the Software on a continuous basis, it shall remain User’s responsibility to ensure he/she has a backup of all such data on its own servers.
- If User wishes to make use of the Contribution Module, the following section applies.
- Any related payment services are undertaken by our Partner. Supplier updates the Account of User at the time a Payment has been received on behalf of the User, via Partner and the Foundation.
- Supplier commits - and will ensure that the Foundation carries this out - to transfer Payments received, after possible deduction of prices and reversed payments due by the User.
- In order to fulfil any regulatory obligations as such financial service provider, Supplier may require (so-called KYC) information and documentation from User and his/her organisation, which User will provide promptly.
- The User remains at all times responsible and liable for uncollected payments, including reversed payments, during the term of the Agreement and after its termination (for whatever reason).
- Supplier no way guarantees that its activities result in successful recovery of all payments.
- The User ensures that - during the term and after the termination of the relationship - the balance at Supplier - at all times - shall remain positive or zero. If the collected (but not yet remitted) Payments are not sufficient to cover any reversed or non-received Payments, Supplier will inform the User and the User shall, within fourteen (14) days, transfer the funds, in order to replenish the balance. In case of non-observance of the User hereto, Supplier shall be entitled - in addition to any other claims - to pass on statutory interest (capped at 3-month Euribor + 5%) to the User.
- In the event of termination of the relationship, Supplier reserves the right - via the Foundation - to retain a portion of Payments received but not yet paid, to cover possible future reversals and other User requirements (such as payment of prices).
- Supplier has the right to (temporary) suspend (a part of) its functionalities offered under the Contribution Modules (which may include the withholding of collected Payments) in the event that: (i) Supplier reasonably suspects that fraud, money laundering and/or terrorism financing is taking place; (ii) the Supplier’s balance is negative for a period longer than thirty (30) days; or (iv) it is required by law, the Partner, banking partners or payment schemes. User shall be informed of such suspension without delay unless prohibited by law.
- User can choose to offer payments in installments to its members, whereby the User, at the beginning of the recovery period, shall receive in advance, from Supplier, all Payments in respect of installments. This will be provided with the support of the Partner as factoring partner. The User grants Supplier a limited power of attorney to carry out, on behalf of the User, all actions that are necessary for the receipt of the financing facility by the Partner. Any installments, received after the advance payment will be deducted from the advanced amount.
- Any risks, associated with the inability to collect payments of to set off with the financing facility, or disputes arising therefrom, remain the responsibility and liability of the User.
- In case the received payments shall be insufficient to cover the received financing, Supplier will inform the User thereof and, within fourteen (14) days after receipt of the notification, the User shall transfer the relevant amounts via Supplier to the Partner.
- Any dispute between the User and its members or any legal action against the User by its members, does not give User the right to defer repayment of the financed payment and the payment of the prices.
Prices and Debit Right
- The applicable prices are set forth in a separate pricing sheet as provided/made available to User. All prices are exclusive of VAT and any other levies imposed by the government.
- The amounts due will be charged inclusive of VAT and including any taxes due the government. Certain prices (and any reversed Payments) – as indicated by Supplier – will be deducted from any Payments which are due to User by Supplier or from its bank account.
- User – on behalf of the club/organization- hereby authorize the Supplier to deduct such prices and reversed Payments owed to Supplier, prior settlement, from any Payments collected on User’s behalf or – if such is not possible – from the bank account as provided by User, through a direct debit authorization.
- For all other prices not deducted, User will pay amounts due within 14 (fourteen) days after the invoice date, without being entitled to any deduction.
- While Supplier strives to limit any price changes as much as possible, Supplier has the right to change the prices, provided that it gives thirty (30) days notice. In the event that User does not object to the price change during such time period and User continues his/her use of the Software, User is deemed to have accepted the change.
- Supplier further has the right to impose any additional prices for new functionalities/modules as chosen by User with immediate effect.
Intellectual Property and Right of Use
- Supplier retains all right, title and interest in and to the Software, its features and functionalities and tools accessible through the Software, including all copyrights, patents, trade secrets, trademarks and other intellectual property rights.
- Supplier reserves all rights not expressly granted.
- These terms and conditions do not grant or imply any rights to User, other than as set forth in this clause.
- Supplier hereby grants, under the conditions as set forth herein, to User a non-exclusive, non-transferable right to use the Software available as necessary for the purpose thereof.
- The right of use is limited to the number of Users as agreed with the Supplier. User may use the Software only for lawful purposes and in accordance with these terms and conditions.
- User is not permitted to rent, license, transfer to third parties, copy, duplicate, reproduce, distribute, create derivative works of, reverse-engineer, permit use by third parties or modify the Software in any way whatsoever, personally or through third parties, without the prior written consent of the Supplier. User may not use the Software for any other purpose other than as set forth in these terms and conditions.
- User shall utilize the Software in compliance with the requirements and/or instructions that Supplier may specify.
- When using the Software, User may not: (i) use the Software and its services in a way that is against applicable laws, interferes with public order/morals or infringes any intellectual property rights or other rights of third parties; (ii) use the Software and its services in a way that could harm them or impair anyone else; (iii) undertake any act that causes or is likely to cause obstruction to the use or operations of the Software; and/or (iv) remove, modify, or tamper with any regulatory or legal notice or link that is incorporated into the Software.
- User acknowledges and agrees that he/she is an authorized User for his/her club or organisation and that User is authorized to undertake any and all actions through the Software functionalities on behalf of his/her club and Supplier may rely upon any of User’s actions to be deemed actions of User’s club/organization.
- Supplier shall not be liable for any damages caused by any actions of Users and User shall be responsible for any and all acts of Users, regardless whether they are authorized.
- User is entirely responsible for maintaining the confidentiality of his/her password and Account and for any and all activities that occur under User’s Account.
- User agrees to notify Supplier immediately of any unauthorized use of his/her Account or any other breach of security.
- Supplier will not be liable for any losses User incurs as a result of someone else using User’s password or Account, either with or without User’s knowledge. With respect to the access to and the use of the Software, User ensures that it has (and continues to have) equipment and programs at its disposal that meet the standards and/or requirements determined by the Supplier. User is not allowed to sell, rent, license or transfer the Software to a third party or allow use of thereof by a third party. User is also not allowed to modify the Software in any way. User must not use the Software for any purpose other than as set forth herein. User shall not make copies of the Software and shall not alter, amend or reverse engineer all or any part of the Software.
Confidentiality and Privacy
- The Supplier and User are committed toward each other to maintain the confidential nature of all data and information regarding each other’s organization, to which parties gain access through activities in each other’s service or through the Software. Data and information may only be used for the fulfillment of the agreement between parties.
- The Supplier has the right to mention the name and logo of on their websites and/or a reference list, and to make these available to third parties for their information.
- Supplier shall, as data processor, on behalf of the User, as data controller, process personal data of members of User. Parties are laying down their respective responsibilities in the attached data processing agreement, in compliance with the European General Data Protection Regulation. For the full Privacy Statement of NLCollect B.V. we refer to: https://www.clubcollect.com/en/legal/#ccprivacy
Disclaimer of Warranty
- Supplier shall not be liable for any damages incurred by User or third party as a result of any act by Supplier for the provisioning of the Software in compliance with the terms and conditions.
- Supplier will not be liable if for any reason all or any part of the Software is unavailable at any time or for any period. From time to time, Supplier may restrict access to (some parts of) the Software.
- User’s use of the software, its content and any services or items obtained through the software is at user’s own risk.
- Supplier makes no representations about the software, any services or tools obtained through the software, the suitability of the information contained in the documents for any purpose. The software, its content and any services are provided “As is” without warranty or representation of any kind, including – but not limited to - the completeness, security, reliability, quality, accuracy or availability of the software. Without limiting the foregoing, supplier does not represent or warrant that the software, its content or any services or items obtained through the software will be accurate, reliable, error-free or uninterrupted, that the software or the server that makes it available are free of viruses or other harmful components or that the software or any services or items obtained through the software will otherwise meet user’s needs or expectations. Supplier hereby disclaims all warranties of any kind, whether express or implied, statutory or otherwise, including but not limited to any warranties of merchantability, non-infringement and fitness for particular purpose.
- The foregoing does not affect any warranties which cannot be excluded or limited under applicable laws.
- While Supplier endeavours that the Software is normally available 24 hours a day, Supplier accept no liability if, for any reason, the Software is unavailable or User’s (inability to) use thereof.
- Provision of the Software may be suspended temporarily and without notice in the event of system failure, maintenance or repair, or for reasons beyond Supplier’s control.
- Supplier shall not be liable for any indirect or consequential losses including loss of profit or loss of reputation.
- Supplier’s aggregate liability in relation to losses that may arise out of, or are connected with these terms and conditions, either contractually or under tort (including negligence) or violation of applicable laws, or otherwise, shall not exceed the in that calendar year paid fees with a maximum of EUR 1,000. This limitation of liability does not apply in the event of fraud, willful misconduct or gross negligence by the Supplier.
- Any potential obligation to pay damages by Supplier shall expire after a term of two (2) years after the claim has arisen.
Supplier (Processor) and User (Controller) hereby confirm that:
- The Controller and Processor have entered into an agreement, hereinafter referred to as “the Agreement”;
- For the purpose of the Agreement, Processor will, on behalf of the Controller, process personal data (“Personal Data”);
- Parties have agreed on the way processor will handle the Personal Data, which arrangements are contemplated in this agreement, whereby parties have relied upon the definitions as used under the European Data Protection Regulation (GDPR); and
- This data processing agreement forms and integral part of the Agreement.
Supplier (Processor) and User (Controller) hereby agree as follows:
Article 1 Subject and Instructions
1.1.The Processor undertakes to process personal data on behalf of the Controller in accordance with the conditions laid down in this Data Processing Agreement and the Controller’s instructions. The instructions are detailed in this agreement and may be supplemented in writing (via email). Parties wish to, in light of GDPR, lay down the conditions for the processing of personal data. The personal data categories and purpose(s) of processing are set forth in Appendix A of this Data Processing Agreement. Processor may only process Personal Data on behalf of the Controller, for the purpose(s) as determined by the Controller under this agreement.
Article 2 Processing
2.1.The Controller has and maintains independent authority over the purpose and means of processing of the Personal Data.
Article 3 Subprocessors
2.2.The Processor guarantees that it has – prior to the entering into of this agreement – properly infom Controller of the services Processor provides, the to be performed Processing as described in this agreement. Controller authorizes Processor to collect all necessary personal data of the organisation’s members and to undertake all necessary actions in order for Processor to deliver the functionalities and related services of the Software, which will include at least: (i) member administration, (ii) contacting members via digital communication channels, email, phone or post, (iii) receiving information from members which members typically provide to Controller, (iv) receive Payments on behalf of Controller, and (v) processing of all information and Payments.
2.3.The Controller acknowledges and agrees that the personal data as made available through the Software, may be used, disclosed or processed by Processor and its affiliates for any or all of the following purposes: (i) to provide the services as part of the Software; (ii) to comply with applicable laws, a court order or other legal process; (iii) to administer and operate the Agreement, and to conduct, monitor and analyze Processor’s businesses; (iv) to market and sell to the Controller and its members products and services offered by Processor; (v) to obtain advice from professional advisors; (vi) to third party investors or potential investors in Processor or its respective affiliates in the event of the sale, disposal, merger or transfer of the business, or obtaining financing for Processor’s business, or negotiations in connection with that purpose.
2.4.The Controller and Processor will provide each other with all necessary information in order to ensure each party’s compliance with applicate data protection laws. In the event that the Processor feels that a processing instruction of the Controller is not in compliance with GDR, it will promptly notify the Controller thereof.
2.5.The Processor shall provide reasonable assistance to the Controller to comply within the applicable legal terms with any of Controller’s obligations under GDPR that relate to the right of data subjects such as: (i) a request for access, modification or erasure of Personal Data; (ii) the execution of data protection impact assessments, and prior consultations with competent authorities, and/or (iii) the fulfilment of requests from the Dutch Data Protection Authorities or any other governmental authority.
3.1.Processor shall refrain from transferring Personal Data to a third party, unless such transfer is in accordance with an instruction of the Controller or necessary for the compliance with a regulatory obligation applicable to Processor.
Article 4 Correct use of Personal Data
3.2.The Controller hereby consents to the use of Subprocessors by the Processor in order fort he execution of the Agreement. Processor shall ensure that substantially similar rights as contemplated under this agreement will rest on its Subprocessors.
3.3.Processor does not make use of any Subproessors located outside the European Economic Area (EEA). Processor uses - in certain cases - third parties for the hosting of servers or other IT related servers. This takes place via Amazon Web Services and her data centers based in Europe. Processor has made arrangements with above mentioned third parties to ensure proper security of your personal data in compliance with applicable data protection laws.
3.4.On first request, Processor will provide Controller with an overview of all Subprocessors.
3.5.Controller retains the right to withdraw any written approval to a Subprocessor, in the event that the Processor no longer complies with its obligations under this agreement or GDPR.
3.6.Processor shall remain responsible and liable for the acts and/or omissions of its subprocessors.
4.1.The Processor shall refrain from making use of the personal data for any purpose other than for the purpose of complying with its obligations under the Agreement. Processor will promptly inform the Controller in the event that the Processor has reasons to believe it can no longer comply with this data processing agreement.
Article 5 Confidentiality
4.2.An overview of the Personal Data and the use thereof is laid down in appendix 1 of this data processing agreement.
4.3.Processor shall refrain from providing access to the Personal Data to third parties that are not Subprocessors, unless such access is upon instruction by the Controller or when necessary for the Processor to comply with a legal obligation.
4.4.A complaint or request from a Data Subject or a request or investigation from the data protection authorities in relation to the Processing of Personal Data by the Processor shall be forward promptly to the Controller (unless not permitted under applicable laws). The Controller is responsible for the handling of any such requests.
5.1.Processor shall ensure that anyone involved in the Processing of the Personal Data, including its employees and representatives, treat the Personal Data confidential. Processor declares that everyone involved in the Processing has signed a non-disclosure agreement or provision.
Article 6 Security Measures
5.2.This duty of confidentiality will not apply in the event that the Controller has expressly authorised the furnishing of such information to third parties, where the furnishing of the information to third parties is reasonably necessary in view of the nature of the instructions and the implementation of this Data Processing Agreement, or if there is a legal obligation to make the information available to a third party.
6.1.The Processor will, for its own account, just like the Controller, take adequate technical and organisational measures against loss or any form of unlawful processing (such as unauthorised disclosure, deterioration, alteration, disclosure or destruction of personal data, either accidental or unlawful) in connection with the performance of processing personal data under this Data Processing Agreement. Technical measures include encryption and accounts protected with strong passwords, organisational measures include screening of new board members and closure of rooms and buildings/ secured access to locations and equipment.
Article 7 Destruction and Back-up
6.2.The in article 6.1 references measures should, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, ensure a level of security appropriate to that risk. When assessing the adequacy of the security levels, the processing risks, mainly as a consequence of any destruction, loss or unlawful processing, either accidental or unlawful shall be taken into account.
6.3.Processor shall periodically evaluate the security measures taken and improve or enhance them where necessary.
6.4.In order to confirm compliance with this Data Processing Agreement, the Controller shall be at liberty at its own cost (after discussion with the Processor and taking into account a reasonable notice period) to conduct an audit by assigning an independent third party who shall be obliged to observe confidentiality in this regard. Any such audit will follow the Processor’s reasonable security requirements, and will not interfere unreasonably with the Processor’s business activities. The Processor will be informed in writing about the audit results. In the event the audit concludes that the Processor does not comply with its obligations under the Agreement, this data processing agreement or the GDPR, the Processor will promptly take all necessary reasonable measures to ensure compliance. The associated costs thereof are borne by the Processor.
6.5.In the event of a data incident (the leaking or loss of personal data), the Processor shall, to the best of its ability, notify the Controller thereof within 48 hours. The Processor will endeavour to provide all necessary information concerning the data incident, including information around any potential developments relating to the data incident and the measures taken by the Processor to limit the data incident and to prevent re-occurrence. Processor shall provide all reasonably necessary assistance to controller in relation to the gaining of insights into the seriousness and (potential) consequences of the data incident. In particular, the Processor shall provide all information to the Controller that the latter deems necessary for the assessment whether or not the data incident must be reported to the relevant authorities and data subjects involved.
6.6.The Controller remains the responsible party for any statutory obligations in respect of data breach notification to the relevant authorities and data subjects involved. Processor shall refrain from any such reports, unless agreed otherwise in writing with the Controller.
7.1.Processor shall be required to fully and permanently remove all personal data on first request by the Controller, unless the Processor has a legal obligation to retain the personal data.
Article 8 Indemnification
7.2.The Processor shall delete or return personal data to the Controller in the event of cessation of the services related to the processing of personal data and delete any existing copies, except if EU law requires the Processor to retain such personal data. In the event that the Controller has possession of all personal data in an acceptable technical format after termination of the Agreement, the Processor will delete all personal data fully and permanently within 30 days after it has been confirmed that the Controller has all personal data in its possession.
7.3.In the event of termination of this data processing agreement, all obligations of Processor arising out of this processing agreement will remain in effect for as long as the Processor has access to personal data.
8.1.Processor is solely responsible and shall indemnify the Controller in full against any claims of third parties and all damages, fines, incurred costs, in connection thereto, that are caused by or connected with Processor’s failure to comply fully and/or timely with its obligations arising out of this agreement and any other obligations arising out of the GDPR, to the extent they have occurred in relation with Processor’s activities as Processor acting on behalf of the Controller.
Article 9 Audit
8.2.Processor is responsible for any acts and omissions of its employees or subcontractors (including but not limited to Subprocessors), as if they were the acts and omissions of Processor.
9.1.The Controller has the right to, at any time, after discussion with Processor and at its own costs, to audit the technical and organisational measures taken by Processor by an independent registered accountant, IT auditor or any other certified auditor.
Article 10 Term and Termination
9.2.An audit may not disrupt the business activities of the Processor unnecessarily.
9.3.Controller shall provide at least 30 days prior notice of its intent to audit the Processor, which notice shall include a description of which measures shall be audited and what the process shall entail.
10.1.This Data Processing Agreement is entered into for the duration set out in the Agreement.
Article 11 Applicable law
10.2.This data processing agreement shall terminate automatically in the event of termination of the Agreement.
10.3.In the event that the Controller is of the reasonable opinion that the Processor does not fulfil its obligations arising out of this agreement or the GDPR in full or in time, the Controller has the right to suspend the execution of this data processing agreement immediately and in the event that the Processor has not cured the breach within ten (10) days after notification of such suspension, the Controller may terminate this agreement immediately, either partially or fully.
10.4.The termination of this data processing agreement shall not relief parties of any of its obligations that arise out of this agreement and that are intended to remain in effect even after termination.
11.1.Any disputes arising out of this data processing agreement shall be handled in accordance with the laws of the Netherlands.
Personal Data Overview
11.2.In the event of a dispute between parties in relation to the interpretation or execution of this data processing agreement, parties shall undertake to reasonably negotiate a solution.
11.3.Disputes in relation to this data processing agreement shall be solely dealt with by the competent courts where the Controller is located, unless mandatory rules require otherwise. The procedure will take place in the Dutch language.
11.4.In the event of any discrepancy between the terms of the Agreement and this data processing agreement, the terms of this data processing agreement will prevail.
Processor processes the following personal data:
- First name
- Last name
- Postal address
- Phone number
- E-mail adress
- IBAN bank account details