Data Processing Agreement on the confidentiality and processing of personal data.
YFIP B.V. (hereinafter referred to as Yart Factory) With all orders to Yart Factory, the processor agreement referred to below will be deemed to have been added to the terms and conditions of that agreement as from May 25, 2018 (the date of the GDPR entry into force) and this processing agreement will become fully effective.
Client and Yart Factory, with its registered office in Waalwijk and hereinafter referred to as: contractor.
TAKING INTO ACCOUNT THAT:
a. The Contractor performs activities and / or services or services for the Client;
b. The Client will provide data to the Contractor for this purpose;
c. This information must be kept confidential, at least confidential;
d. These data may contain personal data;
e. These data are necessary for the Contractor to perform a certain agreed work or services;
f. Parties wish to make agreements about this data.
Agree to the following:
ARTICLE 1. SUBJECT OF THE AGREEMENT
Subject of the agreement is
(i) the delivery of data by the Client to the Contractor,
(ii) the making of secrecy agreements in this respect and
(iii) making further agreements if this data also contains personal data.
ARTICLE 2. CONFIDENTIALITY
2.a. The data obtained from the Client or on behalf of the Client will not be provided by the Contractor to third parties, unless permission has been granted by the Client in writing, or unless it is necessary for the performance of the agreed work.
2.b. The Contractor shall ensure that the information is provided to personnel of the Parties only on a need-to-know basis, and that the information is only provided to staff who are charged with carrying out the agreed work or services.
2.c. During the period that the Contractor has the information referred to above, it must adequately secure the storage of the data. In any case such that third parties / personnel not charged with the execution of agreed work or services, do not have access to the data. This storage must also comply with relevant regulations such as the General Data Protection Regulation (GDPR) if personal data is exchanged.
ARTICLE 3. PERSONAL DATA
3.a. If the data also concerns personal data, the following provisions of this article apply. The Contractor is regarded by the Parties as the “Processor” and the Client as the “Responsible Party” as referred to in the General Data Protection Regulation (GDPR).
3.b. In the context of the performance of the agreed work and services, the Contractor will process the data for the benefit of the Client, whereby the Contractor is not permitted to process the data obtained from the Client for its own purposes, other than agreed, and / or to provide it to third parties. .
3.c. Parties will ensure compliance with applicable laws and regulations, including in any case laws and regulations concerning the protection of personal data, such as the General Data Protection Regulation (GDPR).
3.d. Contractor implements appropriate technical and organizational measures to protect personal data against loss or against any form of unlawful processing. These measures ensure, taking into account the state of the art and the costs of implementation, an appropriate level of security in view of the risks involved in the processing and the nature of the data to be protected. The measures are also aimed at preventing unnecessary collection and further processing of personal data.
3.e.e The Client is entitled at all times during the execution of the agreement to have the aforementioned measures tested by an independent expert by means of an audit. The costs for this audit are for the Client.
3.f. In the context of this agreement, the Contractor may use a third party, without prior permission from the Client, on the condition that the Contractor establishes a similar agreement with the third party as contained in this agreement, for example by means of a sub-processor agreement.
3.g. The Contractor is not permitted to use personal data outside the E.U./E.E.R. save and / or host.
3.h. If the Contractor suspects, or has come to know, that the personal data of the Client have been compromised (security breach or data breach), or has been, the Contractor will report this to the Client without unreasonable delay.
3.i. In the event that a data subject sends a request to the Contractor with regard to, correction or removal, the Contractor will forward the request to the Client, and the Client will continue to process the request. Assignments
Although we do everything in our power to deliver a good product or service, it can happen that you are dissatisfied with the delivery. We kindly ask you to pass on your complaint to us. This can be done by e-mail, regular mail, by telephone or via the contact form. We will review the complaint and try to resolve it to everyone’s satisfaction.