Skip to content

Latest commit

 

History

History
62 lines (43 loc) · 6.43 KB

data_processing_agreement.md

File metadata and controls

62 lines (43 loc) · 6.43 KB
Raw

Data Processing Agreement

Parties

  1. Charper Bonaroo B.V., having its principal place of business at Kinderhuissingel 6-K 2013 AS in Haarlem, registered with the Chamber of Commerce under number 67186963, legally represented by ________________ (hereinafter Bonaroo)
  2. ____________________, having its principal place of business at _______________________________________, registered with the Chamber of Commerce under number ________, legally represented by ________________ (hereinafter _______).

Whereas

  • Parties have entered into an agreement, hereinafter referred to as the Main Agreement on the basis of which Bonaroo performs work and/or provides services, hereinafter collectively referred to as the Work
  • when performing the Work it is possible that Bonaroo processes Personal Data on behalf of ____________, whereby Bonaroo acts as processor and _________________________ as Data Controller
  • Personal data, Processor and Data Controller have the meaning as defined in the General Data Protection Regulation 2016/679/EU, hereinafter the Legislation
  • In view of the above considerations, the parties have agreed to enter into this Data Processing Agreement.

Parties agree as follows

  1. This Data Processing Agreement only applies to the processing of Personal Data in the context of the Main Agreement. This Dat Processing Agreement is an integral part of the Main Agreement and all provisions of the Main Agreement apply to this Data Processing Agreement.
  2. Bonaroo will only process the Personal Data in a manner and to the extent necessary for the performance of the Work, except where this is required to comply with a legal obligation applicable to Bonaroo, or to follow instructions from ___________. Under no circumstances will Bonaroo process the Personal Data for any other purpose. An overview of the type of personal data, the categories of data subjects and the purpose of the processing is included in Appendix 1.
  3. Bonaroo is not responsible for the accuracy, quality or legality of the Personal Data and the ways in which the Personal Data is obtained.
  4. Bonaroo will treat the Personal Data in the strictest confidence and will advise its employees, agents and/or Sub-processors involved in the processing of the Personal Data of the confidential nature of such Personal Data. Bonaroo ensures that all such persons or parties are bound by similar confidentiality obligations as stated in this Data Processing Agreement.
  5. Bonaroo will take technical and organizational measures for the security of the processing of the Personal Data. These measures include: measures to ensure that only employees can access the Personal Data for the purpose of the Work and measures to protect the Personal Data against unauthorized or unlawful processing, and against accidental loss, destruction or damage. Because security requirements are constantly changing and effective security requires frequent evaluation and improvement of outdated security measures, Bonaroo will continuously evaluate, supplement or improve these measures.
  6. _______ has the right to request Bonaroo to take reasonable additional security measures to protect the Personal Data. If an amendment to the Main Agreement is reasonable and necessary for the implementation of the security measures, the Parties will negotiate in good faith about an amendment to the Main Agreement.
  7. Transfer of Personal Data by Bonaroo to a country outside the European Economic Area can only take place if this is permitted under the Legislation. Bonaroo will always enter into all necessary agreements with regard to that transfer and meet all requirements as stated in the Legislation.
  8. Information obligation and incident management
    • Breach means a breach of security and/or confidentiality as set forth in this Data Processing Agreement, resulting in the destruction, loss, alteration, unauthorized disclosure of or access to the Personal Data.
    • Bonaroo will notify ___________ as soon as reasonably possible after the discovery of a Personal Data Breach. Bonaroo will cooperate with ________ and follow _______'s reasonable directions with respect to those incidents to enable __________ to investigate the incident. To the extent that such Infringement was caused by Bonaroo's failure to comply with the requirements of this Data Processing Agreement, Bonaroo will use reasonable efforts to identify the Infringement and take appropriate further action.
    • All notices under Section 8.a should be addressed to the following __________ contact person: ____________________. ___________ may request Bonaroo to change its notification contact by written request. The change will take effect upon written confirmation by ___________.
  9. Enabling Sub-Processors
    • Bonaroo acknowledges and agrees that it may outsource (part of) the processing of Personal Data to third parties only after written consent by ____________
    • Bonaroo ensures that these Sub-Processors are bound by similar confidentiality obligations to those contained in this Data Processing Agreement.
  10. Bonaroo will destroy all Personal Data or return it to ____________ at the written request of ___________.
  11. ________ indemnifies Bonaroo against all claims, claims from third parties, damages and costs that arise directly or indirectly from or are related to a violation of the Legislation by ________, or a failure to comply with the provisions in this Data Processing Agreement by _________.
  12. Duration and Termination
    • This Data Processing Agreement takes effect on the date of signature by both Parties and ends by operation of law when the Main Agreement is terminated or expires.
    • Termination or expiration of this Data Processing Agreement does not release the Parties from their confidentiality obligations.

In witness whereof

The Parties hereto have caused their duly authorized representatives to execute this Agreement.

Party: Charper Bonaroo B.V.

Done at: __________________

Signature: _______________________________


Party: ____________________

Done at: ____________________

Signature: _________________________


Appendix 1: Processing of Personal Data

The Personal Data that the parties expect to process: first name, last name, gender, postal code, date of birth, e-mail address, ________________________________.

The purpose of the processing: ____________________________________________________________________.

The categories of persons involved: ___________________________________________________________________________________.