Between. address (which you used when signing the Main Contract with Shore) - the "Principal" - and

Similar documents
Template Commission pursuant to Section 11 BDSG

EUROPEAN COMMISSION DIRECTORATE-GENERAL JUSTICE. Directorate C: Fundamental rights and Union citizenship Unit C.3: Data protection

DATA PROCESSING AGREEMENT. between [Customer] (the "Controller") and LINK Mobility (the "Processor")

EU GDPR - DATA PROCESSING ADDENDUM INSTRUCTIONS FOR CDNETWORKS CUSTOMERS

SUPPLIER DATA PROCESSING AGREEMENT

DATA PROCESSING AGREEMENT. (1) You or your organization or entity as The Data Controller ( The Client or The Data Controller ); and

Annex 1: Standard Contractual Clauses (processors)

YOOCHOOSE GmbH Terms and Conditions Subject Matter

FUJITSU Cloud Service K5: Data Protection Addendum

General Terms and Conditions for SaaS ( SaaS Terms ) of Deutsche Post Adress GmbH & Co. KG, Am Anger 33, Gütersloh, Germany

DATA PROCESSING ADDENDUM. 1.1 The User and When I Work, Inc. ("WIW") have entered into the Terms of Service, for the provision of the Service.

PERSONAL DATA PROCESSING AGREEMENT

General Terms and Conditions Day Ahead. of innogy Gas Storage NWE GmbH, Flamingoweg 1, Dortmund (hereinafter, "igsnwe")

Software Support Terms and Conditions

Certified Translation from German. Licence Agreement. 1. Subject-matter of the Agreement

OTrack Data Processing Terms

Assumption of TOBT Responsibility and Usage Agreement HAM CSA

Attachment 1. Commission Decision C(2010)593 Standard Contractual Clauses (processors)

Appendix 1 Data Processing Agreement

DocuSign Envelope ID: D3C1EE91-4BC9-4BA9-B2CF-C0DE318DB461

The Parties to the contract are komro GmbH (hereinafter referred to as komro ), Am Innreit 2, Rosenheim, and the respective User.

QUALITY ASSURANCE AGREEMENT Production of packaging and/or services for the pharmaceutical industry

March 2016 INVESTOR TERMS OF SERVICE

SUBSIDIARY LEGISLATION DATA PROTECTION (PROCESSING OF PERSONAL DATA IN THE POLICE SECTOR) REGULATIONS

Eurex Liquidity Provider Agreement (LPA) v.1.1

Delivery and Payment Conditions of (valid from 01 January 2012) Salzgitter Bauelemente GmbH

Conditions for Processing Banking Transactions via the Corporate Banking Portal and HBCI/FinTS Service

General terms and conditions

Personal Data Protection Act

Data processing agreement

Data Processing Agreement. <<Health Service Provider>> The National Message Broker Service known as Healthlink

General Rules on the Processing of Personal Data SCHEDULE 1 DATA TRANSFER AGREEMENT (Data Controller to Data Controller transfers)...

Exhibit MC - Standard Contractual Clauses (processors)

Data Processing Agreement

Siemens SCM STAR Portal Terms of Use for Suppliers

ARRANGEMENT OF SECTIONS PART I PRELIMINARY

General Contractual Terms and Conditions for the Sale of Standard Software of the company Engelmann Sensor GmbH

EUROPEAN COMMISSION DIRECTORATE-GENERAL JUSTICE

OPICO LIMITED STANDARD TERMS AND CONDITIONS OF SALE

SCHEDULE 1 DATA TRANSFER AGREEMENT (Data Controller to Data Controller transfers)... 16

The Rental Exchange. Contribution Agreement for Rental Exchange Database. A world of insight

BASECONE DATA PROCESSING AGREEMENT (BASECONE AS PROCESSOR)

Conditions for Processing Banking Transactions via the Corporate Banking Portal

LFMI MEDIA SERVICES LIMITED T/A RUE POINT MEDIA

LAW OF THE REPUBLIC OF ARMENIA ON PROTECTION OF PERSONAL DATA CHAPTER 1 GENERAL PROVISIONS

General Terms and Conditions for the Provision of Services and Work of FAG Aerospace GmbH & Co. KG

Electronic Document and Electronic Signature Act Published SG 34/6 April 2001, effective 7 October 2001, amended SG 112/29 December 2001, effective 5

E-Channels Customer Master Agreement - HSBCnet (Business) Customer Details. Full Customer (Company) Name: Address: Emirate: Postal Code / PO Box:

Customer Data Annual Privacy Agreement

TERMS AND CONDITIONS OF USE OF THE ELECTRONIC EXCHANGE SYSTEM. external experts in the context of EU funding programmes.

General Business Conditions Commerzbank AG DIFC Branch

DBS ELECTRONIC BANKING SERVICES TERMS AND CONDITIONS

CONSULTANCY SERVICES AGREEMENT

Working document 01/2014 on Draft Ad hoc contractual clauses EU data processor to non-eu sub-processor"

Standard Terms and Conditions of Lufthansa Technik Logistik GmbH and of Lufthansa Technik Logistik Services GmbH (Version 11/11)

SSLI \6.0 v1.0

CHAPTER 308B ELECTRONIC TRANSACTIONS

VIETNAM LAWS ONLINE DATABASE License Agreement Multi-user (Special)

Brussels, 16 May 2006 (Case ) 1. Procedure

Meisterplan Software as a Service Terms and Conditions (hereinafter referred to as Terms of Service )

Data Protection Transfer Agreement. Reference Number: CORP_142-a01 Policy

End User License Agreement

DocuSign Envelope ID: 93578C7C-0B BEE9-0536AB6EDE32

Table of Content. Acronym of the Project Consortium Agreement, version., YYYY-MM-DD

EUROPEAN COMMISSION DIRECTORATE-GENERAL JUSTICE. Commission Decision C(2010)593 Standard Contractual Clauses (processors)

General Terms and Conditions of Sale and Delivery of ECKART GmbH

DATA SHARING AND PROCESSING

Meisterplan Software as a Service Terms and Conditions (hereinafter referred to as Terms of Service )

Data Distribution Agreement of BME Market Data

General Terms and Conditions of Sale and Delivery of ERC Emissions-Reduzierungs-Concepte GmbH ( ERC )

IDL Solutions Licence Agreement

Telekom Austria Group Standard Data Processing Agreement

Interest Balancing Test Assessment regarding data processing for the purpose of the exercise of legal claims

Software Licensing Agreement (Loan)

General Terms and Conditions. General Terms and Conditions WILAmed GmbH, Kammerstein, Germany. 4. Delivery, Passing of the Risk

Forest Stewardship Council

Purchasing Terms and Conditions

PeachCourt Document Access User Agreement Terms of Use

Data Processing Agreement

MARITEC-X MARINE AND MARITIME RESEARCH, INNOVATION, TECHNOLOGY CENTRE OF EXCELLENCE. Consortium Agreement

(a) Unless otherwise expressly stated to the contrary, terms used herein shall bear the following meanings:

Terms of Business

ONLINE TRADING AGREEMENT

1. This is the Country Addendum (Vietnam) to the UOB Business Internet Banking Service Agreement (the Agreement ).

HONG KONG DEALER ELECTRONIC SERVICE AGREEMENT

Terms and Conditions Belfius via SWIFT

Standard Terms and Conditions for Sales and Deliveries of SPECTRO Analytical Instruments GmbH (SPECTRO)

European Union HORIZON 2020 PROGRAMME. Strategic Research Cluster Space Robotics Technologies. Collaboration Agreement

c. References herein to the singular includes the plural and vice versa; and

CHAPTER I. Definitions

DATA PROCESSING AGREEMENT

36 month Software User Licence Agreement

GENERAL TERMS AND CONDITIONS OF PAESSLER AG

ARTICLE 29 DATA PROTECTION WORKING PARTY

Standard terms and conditions

Consolidated text PROJET DE LOI ENTITLED. The Data Protection (Bailiwick of Guernsey) Law, 2001 [CONSOLIDATED TEXT] NOTE

UGANDA REVENUE AUTHORITY TERMS AND CONDITIONS FOR WEB PORTAL USE

Data Protection Act 1998

BINDING CORPORATE RULES PRIVACY policy. Telekom Albania. Çaste që na lidhin.

Act CXII of on the Right of Informational Self-Determination and on Freedom of Information 1 CHAPTER I GENERAL PROVISIONS. 1.

Transcription:

Data protection and data security regulation for commission-based relationships according to Section 11 of the German Federal Data Protection Act (BDSG) Between (1) Name or company Street and house number Postal code and place Email address (which you used when signing the Main Contract with Shore) - the "Principal" - and (2) Shore GmbH, Seidlstrasse 23, 80335 Munich, - the "Agent" - 1. SUBJECT MATTER OF THIS AGREEMENT 1.1 The Agent shall make business software available to the Principal for use over the Internet ("Software") and render further related services in connection with said Software (jointly the "Services"). The Agent's business software consists of particular service modules (e.g. Shore Business Cloud, Shore Cash or Shore Web) which the Principal can order individually or combined with other Service Modules via the order form or the Agent's websites. The Software is operated in data centres run by the Agent and made available to the Principal in the booked scope for use over the Internet (also known as "Software as a Service model"). It is possible that the Agent may come into contact with personal data of the Principal as a result. This Commissioned Data Processing Agreement (Auftragsdatenverarbeitungsvertrag, "ADV") deals with the regulations on data protection and data security in contractual relationships deemed necessary in accordance with Section 11 BDSG. The ADV shall supplement the regulations of the order form that the Principal has signed, the General Terms and Conditions of the Agent and the service specifications on the Agent's website relating to the respective booked Service Module (available at https://www.shore.com/en/pricing) (the order form, the General Terms and Conditions and the service specifications are jointly referred to as the "Main Contract"). As of: February 2017

- 2-1.2 The commission shall include the following: (a) Subject matter of the commission: Provision of a business software consisting of various Service Modules for use over the Internet; and rendering of related supplementary technical support services. (b) Extent, type and purpose of the collection, processing or use of data: The Agent shall process and use personal data of the Principal solely within the scope of the technical provision and delivery of the Services as well as in connection with support services, technical maintenance and troubleshooting of the Software. Besides storing data for the Principal, no arrangements have been made for the collection, processing or use of such data by the Agent through the technical processing procedures initiated by the Principal within the scope of using the Services. However, the Agent shall be entitled to use the Principal's data also beyond the term of the commission in aggregated or statistical form for error analysis and further development of the functions of the Software or for benchmarking provided that the data is used solely in anonymised form (i.e., any reference to specific persons is ruled out). Individual details on the extent, type and purpose of the collection and use of personal data are contained in the stipulations of the Main Contract. (c) Type of data: All data which is generated within the scope of use of the Software (e.g. booking requests or appointments, chat content), and which the Principal and/or end customer enters into the Software or makes available to the Agent for import (e.g. name, mobile phone number, email address, sex or other features specified by the Principal). (d) Parties concerned: End customers of the Principal Employees, directors, representatives and vicarious agents of the Principal 1.3 The Principal can request that this ADV is supplemented with an annex which specifies the type of data as well as the parties concerned in greater detail. 2. RIGHTS AND OBLIGATIONS OF THE PRINCIPAL 2.1 The Principal shall be solely responsible for assessing the legitimacy of the data processing, data collection, and data use as well as for the safeguarding of the rights of the parties concerned. 2.2 The Principal shall place all orders in writing. Any changes to the subject of the processing and procedural changes must be jointly agreed and defined in accordance with section 1.2 of this ADV.

- 3-2.3 The Principal issues instructions by using the Software and Services. It shall also have the right (in particular taking into account the agreed range of Services) to issue supplementary instructions to the Agent within the scope of the provisions of this ADV and the Main Contract. (a) The Principal must immediately confirm verbal instructions in writing. Unless otherwise agreed, the person authorised to give instructions on behalf of the Principal shall be the signatory to this Agreement. The recipient of the instructions for the Agent shall serve as the data protection officer laid down in Section 4 of this ADV. (b) If there said person is replaced or will be unavailable for an extended period, the contractual partner must be informed immediately about the successor or the representative in writing. If instructions amend, annul or supplement the specifications in Section 1.2 of this ADV, they shall only be admissible if a corresponding new specification is agreed by both contractual parties. 2.4 The Principal shall inform the Agent without delay if it detects any errors or irregularities during the examination of the data delivery. 2.5 The Principal undertakes to treat all business secrets and data safety measures of the Agent it becomes aware of within the scope of the contractual relationship as confidential. 3. RIGHTS AND OBLIGATIONS OF THE AGENT 3.1 The Agent shall process personal data solely within the scope of the agreements concluded and in accordance with the Principal's instructions. 3.2 The Agent shall use the data handed over to it for processing solely for the purposes specified in Section 1.2 of this ADV, and shall not pass the data on to third parties. Copies or duplicates shall not be created, apart from those necessary for backup purposes, without the Principal's knowledge. 3.3 The Agent shall make the necessary arrangements to ensure the rectification, deletion and blockage of personal data on the instructions of the Principal, due to legal requirements and at request of the responsible supervisory authorities, provided that the Principal is unable to do so itself by using the Services. 3.4 The Agent shall immediately inform the Principal if it believes that an instruction issued by the Principal violates statutory regulations. The Agent shall be entitled to suspend performance of the corresponding instruction until it is confirmed or amended by the responsible person at the Principal. 3.5 The Agent shall enable proper data protection checks and monitoring by the responsible regulatory authority. 3.6 The Agent agrees that the Principal shall be entitled to check its compliance with the rules on data protection and the contractual agreements in the required scope at its own expense, in particular by gathering information and inspecting the stored data and the data processing programme on the Agent's premises. The Agent has to tolerate the checks and to provide the Principal with an adequate level of support. The checks shall take place after reasonable prior notification by the Principal, and must be carried out during normal business hours. The Principal shall arrange the check with the Agent and ensure that its operations are not unreasonably impacted.

- 4-3.7 The Agent will provide the Principal with a reasonable level of support during the preparation of the procedure index. It must provide the Principal with the required information upon request, provided that said information is not already available to the Principal or can be obtained by using the Services. 3.8 After completing the contractual work, the Agent must hand over and/or delete all of the Principal's personal data stored in its system upon request of the Principal. It must confirm the deletion of said data in writing to the Principal upon request. 3.9 The Agent shall be entitled to the engage a subcontractor without the consent of the Principal. In the process, the Agent shall ensure that the following conditions are met: (a) (b) (c) (d) The Agent shall conclude an ADV with the subcontractor which guarantees the same level of protection as the contract entered into with the Principal, in particular with regard to technical and organisational security measures. The Principal may exercise its control rights vis-a-vis the subcontractor in principle. The Principal shall receive information about the subcontractor and the data protection-related contractual conditions of the sub ADV if it so requests. An appropriate level of data protection shall be ensured in relation to subcontractors outside the EU/EEA. 4. DATA PROTECTION OFFICER OF THE AGENT Mr Dr. Evelyne Sørensen, Potsdamer Strasse 3, 80802 Munich, Germany Email: soerensen@activemind.de has been appointed as the Agent's data protection officer. If the data protection officer changes, this must be communicated to the Principal. 5. DATA CONFIDENTIALITY 5.1 The Agent undertakes to maintain data confidentiality in accordance with Section 5 BDSG during the processing of the personal data. 5.2 The Agent shall in particular familiarise the employees involved in carrying out the work with the data protection provisions which are relevant for them and obligate them in writing to comply with the data confidentiality provisions of Section 5 BDSG. The Agent shall monitor the observance of the statutory data protection regulations. 5.3 In data protection terms, the Agent shall act as the "Commissioned data processor". The Agent shall not be permitted to use the data for its own purposes, pass it on or disclose it to third parties (with the exception of any subcontractors in accordance with Section 3.9 of this ADV) as long as no effective consent to the contrary has been given by the Principal. However, the Agent shall also be entitled to use the Principal's data, as laid down in Section 1.2(b), beyond the term of the commission in aggregated or statistical form for error analysis and further development of the Software functions, or for benchmarking purposes. 5.4 The Agent undertakes in particular to observe the following principles:

- 5 - (a) (b) (c) Any end customer data entered by the Principal or its employees or the end customers themselves in the CRM (e.g. email, name, address, other information), provided by the Principal to the Agent for import (e.g. data exports from other systems), as well as any such data generated in the CRM (e.g. booking requests, appointments, chat content) (collectively "Customer Data") shall correspond to the Principal. The Agent may not link the Customer Data provided by the Principal with other information which is not connected to the Principal's use of the Services. The data shall not be passed on to third parties (with the exception of subcontractors in accordance with Section 3.9 of this ADV). Accordingly, it is possible to delete all of the Principal's Customer Data upon request at any time. If one of the Principal's end customers has also booked an appointment with another company which uses the Agent's Services, and the Agent thus also manages the data for this company, such data will be processed separately from the Principal's data and no link shall be made. 6. DATA PROTECTION MEASURES 6.1 The Agent shall take suitable technical and organisational precautionary measures in accordance with Section 9 BDSG and the annex to Section 9 BDSG. It shall set up its in-house operational organisation so that it meets the particular requirements of data protection and any personal data is protected from unauthorised access, misuse and loss. The data protection concept of the Agent enclosed as an attachment shall be binding. 6.2 The Agent must carry out regular checks of the proper implementation of its corresponding technical and organisational measures. 6.3 The technical and organisational measures laid down in the Annex can be adjusted to the further technical and organisational development, provided that the general security level is not diminished. 6.4 The Agent shall immediately inform the Principal about errors having an impact on data protection, violations against data protection regulations or stipulations contained in the commission by the Agent or by people employed by the Agent, as well as in the event of data protection violations or irregularities which occur during the processing of the Principal's personal data. 7. TERM This ADV shall come into force when it has been signed by both parties and shall apply until the Main Contract ends. 8. LIMITATIONS OF LIABILITY 8.1 The Agent shall be liable to the Principal for wilful acts or gross negligence and in the case of fraud pursuant to the statutory provisions. In the event of minor negligence, the Agent shall only be liable for damages which result from a violation of a material contractual duty which jeopardises the fulfilment of the purpose of this Agreement, or from a violation of duties which are essential prerequisites for the proper execution of this ADV and the fulfilment of which the Principal must be able to rely on.

- 6-8.2 The liability of the Agent for minor negligence in accordance with Section 8.1 above shall be limited to the amount of damage foreseeable upon conclusion of this ADV which is to be typically expected with its conclusion. 8.3 These limitations of liability shall apply to all claims for damages regardless of their alleged legal basis, with the exception of claims for damages resulting from the German Product Liability Law (Produkthaftungsgesetz), injuries caused to the life, limb or health of a person, as well as the violation of a guarantee (in this case, the limitations of liability contained in the guarantee shall apply). The limitations of liability specified above shall also apply for any claims for damages against the directors, managers, employees or agents of the Agent. 9. MISCELLANEOUS 9.1 If other agreements contain different or contradictory information to that of the ADV at the time the ADV is concluded, the content of this ADV shall take precedence. If there is any conflict between the Main Contract and this ADV, this ADV shall take precedence. 9.2 Changes to this ADV must be made in writing; this shall also apply to changes to the requirement of the written form insofar provided that the same has not been annulled as a result of an expressly individual agreement between the parties. 9.3 This ADV shall be governed by German law. The place of jurisdiction shall be Munich. Shore GmbH Place, date Place, date Signature, stamp of the Principal Signature, stamp of the Agent

- 7 - Annex Description of the technical and organisational measures of Shore GmbH 1. Control of access to premises and facilities Entrances are adequately secured (doors, door locks, windows and electronic door openers) Opening and closure of the rooms at the beginning or end of work, monitoring of keys (incl. written confirmation of key issuance) Monitoring facilities (alarm system, video monitoring) Electronic access control system Security in the event of home-based work/telework 2. Control of access to systems Measures undertaken by the Agent: Firewall, virus protection Suitable user identification and password procedures Automatic blocking of the screens with password protection in the event that computers sit idle Setup of a dedicated user master record per user Encryption of data carriers 3. Control of access to data Definition of an authorisation concept and access rights (both for users as well as for administrators) Protection against unauthorised internal and external access, encryption, firewall Type and number of data carriers documented (incl. data carrier management) Full deletion of used data carriers before providing them to new users or passing them on Disposal of erroneous print-outs and obsolete data carriers 4. Transmission control Passing-on of data in anonymised or pseudo-anonymised form

- 8 - Transport security through reliable messengers or transport companies 5. Input control Documentation of the entry, change and deletion of data Allocation of rights to enter, change and delete data on the basis of an authorisation concept 6. Commissioned work control Careful selection of subcontractors, criteria for the selection of subcontractors Formal commissioning Ensuring destruction of data after the commission ends 7. Availability control Fire protection facilities (fire extinguishers, smoke and fire detectors), smoking ban, water-protection appliance Virus protection/firewall Emergency plan 8. Separation control Rules to ensure separate storing, changing, deletion and transmission of data with different contractual purposes (separate data processing systems for different processing purposes) Internal multi-tenancy capability Role separation Definition of database rights & encryption of data sets

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback