High class escortservice
According to the General Data Protection Regulation.
Article 1. Introductory provisions
The terms in this Processing Agreement that are defined in the AVG shall have the meanings set out therein.
Where this Processor Agreement refers to a provision of the Wbp, as of 25 May 2018 the corresponding provision of the General Data Protection Regulation (the ‘AVG’) is meant.
Processor is Gentle Dandy, Responsible is the client.
Article 2. Purposes of Processing
Under the terms of this Processing Agreement, Processor undertakes to process personal data on the instructions of Controller. Processing shall take place solely in the context of the performance of the Agreement and for purposes to be determined by further agreement.
Accountable shall determine which (types of) personal data it will have Processor process and which (categories of) data subjects these personal data relate to. Processor has no influence on this.
Processor shall not process the personal data for any purpose other than as determined by the Accountable. The Accountant shall inform the Processor of the processing purposes insofar as they are not already set out in the Processing Agreement.
The personal data to be processed on the instructions of the Accountable shall remain the property of the Accountable or the data subject(s) concerned.
The Accountant guarantees that the content, use and instruction to process personal data as referred to in the Processing Agreement are not unlawful and do not infringe any rights of third parties. In addition, the
In addition, the Respondent guarantees: that the processing of personal data falls under one of the exemptions under the AVG, or if this is not the case, that a notification has been made to the Authority for the Protection of Personal Data; and that from 25 May 2018, it will keep a register of the processing operations regulated under this Processing Agreement.
The Respondent shall indemnify the Processor against all claims and demands relating to non-compliance or incorrect compliance with the obligations set out in Article 2.5.
Article 3. Obligations of the Processor
With regard to the processing referred to in Article 2, the Processor shall ensure compliance with the conditions imposed on the processing of personal data by the Processor pursuant to the AVG.
The Processor shall inform the Accountant, at the latter’s first request, of the measures it has taken with regard to its obligations under this Processor Agreement and the Wbp and AVG.
The obligations of Processor arising from this Processing Agreement shall also apply to those who process personal data under the authority of Processor.
Article 4. Transfer of Personal Data
Processor may process the personal data in countries within the European Union.
Transfer to countries outside the European Union is only permitted in compliance with the applicable regulations of the AVG.
At the request of the Controller, the Processor shall inform the Controller of the country or countries concerned.
Article 5. Division of Responsibility
The permitted processing operations shall be carried out by the Processor within a (semi-)automated environment under the control of the Processor.
The Processor is only responsible for the processing of the personal data under this Processing Agreement in accordance with the instructions of the Accountable Party and under the explicit (final) responsibility of the Accountable Party.
Processor is not responsible for all other processing of personal data, including in any case the collection of personal data by the Accountable Party, processing for purposes not notified by the Accountable Party to Processor, processing by third parties or for other purposes.
Article 6. Commision of third parties or subcontractors
The responsible party shall consent to the processor’s commission of third parties for the processing of personal information/data under this Processing Agreement in accordance with the applicable laws and regulations regarding privacy.
Upon request, the processor shall inform the responsible party as soon as possible with regard to the third parties commissioned by the processor. The responsible party shall be entitled to object to any third party or parties commissioned by the processor.
The processor shall not object on unreasonable grounds and shall be required to provide reasons for its objection. If the responsible party objects to a third party commissioned by the processor, then the parties shall come together and endeavour to reach a solution.
The processor shall ensure that any third party or parties it commissions agree(s) in writing to undertake an obligation regarding protection of personal information/data which is at least as strict, on its face, as the obligation of the processor under the Processing Agreement.
The processor shall ensure proper compliance by the third party or parties with the obligations contained in article 6.4, and shall bear liability for errors and omissions committed by the third party or parties in the same fashion as if the processor had committed these errors or omission itself.
The maximum liability of the processor for damages as described in article 6.5 shall be limited to the amount agreed in the Agreement (with incorporation by reference of the General Conditions of the processor).
Article 7. Security
The processor shall take appropriate technical and organizational measures in respect of the processing of personal data to be carried out, against loss or against any form of unlawful processing (such as unauthorized access, impairment, alteration or transmission of the personal data).
Despite the fact that, in accordance with the first paragraph of this Article, the Processor must take appropriate security measures, Processor cannot fully guarantee that the security is effective under all circumstances. However, if there is a threat of – or an actual breach of – these security measures, Processor will do everything possible to limit the loss of personal data.
If there is no expressly described security in the Processing Agreement, the Processor shall ensure that the security meets a level that is not unreasonable, given the state of the art, the sensitivity of the personal data, and the costs involved in implementing the security.
The Controller shall only make personal data available to the Processor for processing if the Controller has ensured that the required security measures have been taken.
Article 8. Complicity
In the event of a data leak (which is understood to mean: a breach of the security of personal data that leads to a significant risk of adverse effects, or has adverse effects, on the protection of personal data, as referred to in Article 34a of the Personal Data Protection Act), Processor shall make an effort to notify the Account Holder as soon as possible, but in any event within 48 hours of the data leak becoming known to Processor.
The duty to report shall apply only if the leak has actually occurred and shall include, in any event, reporting the fact that there has been a data leak and, insofar as this information is available to Processor:
- what the (alleged) cause of the leak is;
- what the (currently known or expected) consequence is;
- what the (proposed) solution is;
- contact details for following up the report;
- the number of persons whose data has been leaked, or the minimum and maximum number of persons whose data has been leaked if an exact number is not known;
- A description of the group of persons whose data has been leaked;
- the type or types of personal data that have been leaked;
- the date on which the leak occurred, or the period within which the leak occurred if an exact date is not known
If no exact date is known;
- the date and time on which the leak became known to Processor or to a third party or subcontractor engaged by it;
- whether the data has been encrypted, hashed or otherwise made unintelligible or inaccessible to unauthorised persons;
- and what measures are planned and have already been taken to plug the leak and to limit the consequences of the leak.
The data controller decides for itself whether it will inform the relevant authorities and/or data subject(s) and is itself responsible for compliance with (statutory) notification obligations. If required by privacy laws and regulations, Processor shall cooperate in informing the relevant authorities or data subjects.
Article 9. Handling of requests from data subjects
If a data subject wishes to exercise one of their statutory rights and makes a request to that effect to the Processor, the Processor shall forward the request to the Accountable Party. The Processor shall then ensure that the request is dealt with. Processor may inform the data subject accordingly.
Where a data subject makes a request to Verantwoord to exercise one of their statutory rights, the Processor shall, if requested by the Accountant, cooperate as far as possible and to the extent that this is reasonable. The Processor may charge reasonable costs to the Accountant for this.
Article 10. Secrecy obligation
All personal data that Processor receives from the Accountable Party or that Processor collects itself under this Processing Agreement shall be subject to a duty of confidentiality in relation to third parties.
This duty of confidentiality does not apply insofar as Verantwoord has given express permission to provide the information to third parties, if providing the information to third parties is logically necessary for the performance of the Processing Agreement, or if there is a legal obligation to provide the information to a third party.
If Processor is legally obliged to provide information to a third party, Processor shall inform the Controller of this as soon as possible, insofar as this is permitted by law.
Article 11. Audit
The Accountant has the right to have audits carried out by an independent expert third party bound by secrecy to check the security requirements as agreed in Article 7 of the Processing Agreement.
The audit referred to in Article 11.1 shall only take place in the event of a concrete suspicion of misuse which has been demonstrated by the Accountable Party. The audit initiated by the Accountable shall take place two weeks after prior notification by the Accountable.
Processor will cooperate in the audit and make all information reasonably relevant for the audit, including supporting data such as system logs, and employees available as soon as possible and within a reasonable period, with a maximum period of two weeks being reasonable.
The findings as a result of the audit will be assessed by the Parties in mutual consultation and, as a result thereof, will or will not be implemented by one of the Parties or jointly by both Parties.
The costs of the audit will be borne by Responsible.
Article 12. Liability
For the liability of the Parties for damages as a result of an attributable failure in the performance of the Processing Agreement, or in tort or otherwise, the regulation regarding liability agreed in the Agreement (including the General Terms and Conditions of the Processor) shall apply.
Article 13. Duration and termination
This Processing Agreement is entered into for the term specified in the Agreement and, failing that, in any event for the duration of the cooperation between the Parties. This Processing Agreement cannot be terminated prematurely.
The Parties may only amend this Processing Agreement by mutual consent, but will cooperate fully in order to amend the Processing Agreement in line with any new or amended privacy legislation and regulations.
After termination of the Processor Agreement, Processor shall destroy all personal data present at its premises, unless Parties agree otherwise.