Terms and Conditions

From 1Archive help
Jump to: navigation, search

DATA PROCESSING AGREEMENT BETWEEN


UP NXT nv AND ONEA Licenseholder


CONSIDERED THAT

The use of the ONEA Service is subject to a License Agreement between UP-nxt n.v. and the License Holder;

the License Agreement is subject to the Acceptance of the Terms Of Service;

the Terms Of Service refer to this Data Processing Agreement

by using the Service, users granted by the Licence Holder could provide Onea with Personal Data and instruct Onea, who accepts under the terms and conditions of this Agreement, to process this Personal Data;

this Agreement acts under the regulation with the intent to strengthen and unify data protection for individuals within the European Union (EU), which replaces the data protection directive (95/46/EC) from 1995; THEREFORE

Based on the article 28 of the EC GDPR directive 2016/679, this “Data Processing Agreement” will be effective as from 25 May 2018 between:

(1) Onea n.v. incorporated under the laws of Belgium with its registered seat at Kortrijksesteenweg 1146, 9000 Gent, hereinafter to be referred to as “Processor”;

and

(2) The Onea Licenseholder, hereinafter to be referred to as “Controller”;

Controller and Onea are hereinafter jointly referred to as the “Parties” and individually as the “Party”.

IT IS HEREBY AGREED AS FOLLOWS:


1. Definitions

Terms defined in the License Agreement between Onea and the Controller shall have the same meaning when used in this Data Processing Agreement.

In addition, the definitions below apply in this Data Processing Agreement:

GDPR: Is a regulation with the intent to strengthen and unify data protection for individuals within the European Union (EU), Which replaces the data protection directive (95/46/EC) from 1995 Personal Data: Means personal data as defined in the GDPR that Onea processes on behalf of Controller in connection with the Agreement.

Unless otherwise specified, all references to the GDPR shall be understood to be references to the applicable local equivalent which implements said reference into local law. Data Subject:

Is an identifiable natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person Data Breach: means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data


2. Subject and Term

The objective of this Data Processing Agreement is to describe the measures that Onea (as a Processor) has undertaken in relation with the Agreement. This Data Processing Agreement forms an integral part of the Agreement hereof. This Data Processing Agreement shall be deemed to take effect from the Effective Date and shall continue in full force and effect until the termination of the Agreement.


3. Scope of the work

The purpose for the collection, processing and use of the Personal Data provided by the Controller is to provide the services as described in License Agreement, which forms an integral part hereof. The processing and use of the Personal Data takes place in a member state of the European Economic area. Any data transfer of processing to a third country shall be subject to the prior approval of the Controller.

The processing of the Personal Data by Onea shall take place within the framework of this Data Processing Agreement and only to the extent that Controller has instructed Onea to do so in relation with the Agreement. Onea processes the Personal Data on behalf of Controller. Modifications to the processing of Personal Data under the Agreement are subject to mutual agreement.

Onea shall not use the Personal Data for any other purpose as described in this Data Processing Agreement.

Type of data

By using the Onea Service, the Controller instructs Onea to collect, process and store data that might be subject to this Data Processing Agreement

4. Technical and organisational measures based on the EU General Data Protection Regulation

Onea ensures the implementation of the technical and organizational measures in accordance with the requirements of the GDPR directive 2016/679

Onea ensures in particular that it has implemented the appropriate measures to:

a. Prevent unauthorized persons from gaining access to data processing systems with which personal data are processed or used; b. Prevent data processing systems from being used without authorization; c. Ensure that persons entitled to use a data processing system have access only to the Personal Data to which they have a right of access, and that personal data cannot be read, copied, modified or removed without authorization during processing or use and after storage; d. Ensure that personal data cannot be read, copied, modified or removed without authorization during electronic transmission or transport, and that it is impossible to check and establish to which bodies the transfer of personal data by means of data transmission facilities is envisaged; e. Ensure that it is possible to check and establish whether and by whom personal data has been input into data processing systems, modified or removed; f. Ensure that, for commissioned processing of personal data, the Personal Data is processed strictly in accordance with the instructions of the Controller (job control).

Onea agrees and warrants that the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the Personal Data to be protected having regard to the state of the art and the cost of their implementation.

Onea further agrees and warrants that the processing of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law and does not violate the relevant provisions.


5. Processor’s obligations

Under this Data Processing Agreement, Onea ensures to:

a. process the Personal Data only on behalf of the Controller and in compliance with its instructions; b. ensure that only appropriately trained personnel shall have access to the Personal Data; c. provide Controller with such cooperation (including access to its facilities) as the Controller may reasonably request; d. implement such technical and organizational measures to protect the Personal Data as required by the GDPR; e. notify the Controller immediately of any monitoring activities and measures undertaken by the relevant authority that supervises the applicable data protection legislation; f. Support Controller regarding Controller’s obligations to provide information about the collection, processing or usage of Personal Data to a data subject; g. Ensure that the Personal Data is not in any way used, manipulated, distributed, copied or processed for any other purpose than for the fulfilment of the contractual obligations as explicitly agreed upon and arising from this Data Processing Agreement; h. Instantly notify the controller in case a data breach has occurred.


6. Sub-processing

Onea has written and signed contracts with its sub-processors.

The addition or removal of a sub-processor will not negatively affect the level of security within the agreement to less than that which existed at the time of signing this Data Processing Agreement.

Where the sub-processor fails to fulfil its data protection obligations under such written agreement Onea shall remain fully liable to the Controller for the performance of the sub- processor's obligations under such agreement.

7. Controller’s rights and obligations

All Data Subject rights will be addressed to the Controller. Onea has the right to refuse the execution of any data subject request which is directly addressed to Onea.Any request from a data subject directly to Onea, shall be directed to Controller.


Onea shall deal properly and within reasonable time with all inquiries from the Controller relating to its processing of the personal data subject to this Data Processing Agreement.

Rectification, deletion and blocking of data: upon instruction by the Controller, Onea shall correct, rectify or block the Personal Data within reasonable time after instruction


8. Information

Onea will notify the Controller about:

(i) any legally binding request for disclosure of the Personal Data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation; (ii) any accidental, unauthorised access, or other event that constitutes a personal data breach; and (iii) any request received directly from the Personal Data subjects without responding to that request, unless it has been otherwise authorised to do so.

Onea shall indemnify Controller for claims of any third party that arises as a result of Processor’s non-compliance with its obligations under this Agreement and the applicable local laws and legislation of the countries where the Personal Data is processed and regulations regarding data protection and privacy.


9. Principal’s authority to issue instructions

Onea shall not assign this Data Processing Agreement without the prior written consent of the Controller. Where Onea assigns this Data Processing Agreement, with the consent of the Controller, it shall do so only by way of a written agreement with the assignee which imposes the same obligations on the assignee as are imposed on Onea under this Data Processing Agreement.


10. Consequences of termination

The parties agree that on the termination of the provision of the services, Onea and the sub-processor shall, at the choice of the Controller, return all the personal data transferred including any data storage media supplied to Onea, and the copies thereof to the Controller or shall destroy all the personal data and certify to the Controller that it has done so, unless legislation imposed upon Onea prevents it from returning or destroying all or part of the personal data transferred. In that case, Onea warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.


11. Confidentiality

Any information of whatever kind (whether technical, commercial, financial, operational or otherwise) and in whatever form (whether oral, written, recorded or otherwise), including Personal Data, (hereafter referred to as “Confidential Information”) which may be disclosed in any form or matter by one Party to the other Party, with respect to, or as a result of this Data Processing Agreement, shall be deemed to be of a confidential nature. Data relating to Controller’s customers database, procedures and knowledge shall be considered as private and confidential information.



12. Other

This Data Processing Agreement is governed by the law that governs the Agreement. Also for the jurisdiction reference is made to the appropriate Section of the Agreement.


For and on behalf of:

UP-nxt n.v.

Name: Tom Van Acker Function: General Manager Date: Date 25/05/2018

Retrieved from "https://help.onea.be/index.php?title=Terms_and_Conditions&oldid=2326"