Having regard to the provisions on the protection of personal data, including Article 28 of GDPR, the Parties enter into the following agreement:
For the purposes of this Agreement, the following terms shall have the following meanings:
1.1. Personal data – means any Administrator Data relating to an identified or identifiable natural person to the extent such information is protected as personal data under applicable regulations;
1.2. NOZBE – means the application used in the course of the Agreement by the Administrator, provided by the Processor, in which personal data entrusted by the Administrator are processed;
1.3. Regulations – means the personal data protection laws in force in Poland, in particular: Regulation (EU) 679/2016 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (OJ L 119 of 2016, p. 1) (hereinafter referred to as “GDPR”), and the Act of 10 May 2018 on personal data protection (Journal of Laws of 2018, item 1000) (hereinafter referred to as the “Act”);
1.4. Terms of Service – means the terms and conditions of using NOZBE available at nozbe.com/terms;
1.5. Entrustment Agreement – means this agreement including any of its amendments, annexes and attachments, provided that they are made in writing and signed by both Parties.
2. REPRESENTATIONS OF THE PARTIES
2.1. The Administrator declares that he is the administrator of personal data entrusted for processing to the Processor, and that he collects and processes personal data in accordance with the regulations.2.2. The Parties declare that the Entrustment Agreement was concluded for the purpose of fulfilling obligations specified in the regulations in connection with the use of NOZBE by the Administrator and accepting the Terms of Service by the Administrator.
3. SUBJECT MATTER OF THE AGREEMENT
3.1. The Administrator entrusts the Processor with personal data processing, and the Processor undertakes to process them in accordance with the regulations and Agreement for the sole purpose of using NOZBE by the Administrator.3.2. The Processor may process personal data only to the extent and for the purpose set out in the: Agreement, regulations and documented orders of the Administrator.
4. THE PURPOSE, SCOPE AND NATURE OF THE PROCESSING
4.1. The Processor may process in NOZBE personal data specified in the definition of personal data. The Processor shall use these data to perform, in particular, the following operations: storage or, upon receiving such order from the Administrator, deletion.
4.2. The Processor undertakes to process personal data in NOZBE on a permanent basis.
4.3. Personal data shall be processed by the Processor in electronic form in NOZBE.
4.4. The Processor will receive personal data from the Administrator.
5. PROCESSING ENTRUSTMENT RULES
5.1. When processing personal data entrusted to him, the Processor undertakes to secure them by applying appropriate technical and organizational measures ensuring an adequate level of security corresponding to the risks related to the processing of personal data, as referred to in Article 32 of the Regulation.
5.2. Pursuant to Article 28(3)(b) of GDPR, the Processor undertakes to preserve the secrecy of personal data entrusted to him by the Administrator.
5.3. The Processor ensures that the persons who have access to personal data preserve them and methods of their protection in secrecy. The obligation to preserve secrecy shall continue to apply after the completion of the Entrustment Agreement and ceasing employment at the Processor.
5.4. The Processor declares that, pursuant to the obligation to preserve the secrecy of entrusted data, they will not be used, disclosed or made available without the Administrator’s written consent for other purposes than the implementation of the cooperation agreement or those arising from the law.
5.5. The Parties shall make every effort to ensure that the means of communication they use to receive, transmit and store personal data guarantee protection against unauthorized access of third parties that are unauthorized to disclose, make available and become familiar with their content.
6. FURTHER OBLIGATIONS OF THE PROCESSOR
6.1. The Processor undertakes to assist the Administrator in fulfilling his obligations pursuant to Articles 32-36 of GDPR.
7. SUB-ENTRUSTMENT OF PROCESSING
7.1. The Processor may entrust personal data covered by the Entrustment Agreement for further processing by subcontractors in order to fulfill the Entrustment Agreement, i.e., ensure the safety of personal data and/or NOZBE.
7.2. The processing of entrusted data shall be done in accordance with the terms and conditions specified in the data entrustment agreement and the Terms of Service.
7.3. The subcontractor referred to in § 7 paragraph 1 of the Agreement shall provide the same assurances and comply with the same obligations as those imposed on the Processor in the Entrustment Agreement.
7.4. The Processor shall be fully liable towards the Administrator for failure to meet the data protection obligations imposed on the subcontractor and laid down in the Entrustment Agreement.
8.1. Each Party shall be responsible for damage caused to the other Party and to third parties in connection with the implementation of the Entrustment Agreement.
8.2. The Processor shall be liable for providing or using the personal data inconsistently with the Entrustment Agreement and, in particular, for providing unauthorized persons with access to the personal data entrusted for processing.
9. THE PROCESSOR’S AUDIT
9.1. Pursuant to Article 28(3)(h) of GDPR, the Administrator of data shall have the right to scrutinize whether the measures applied by the Processor in processing and securing entrusted personal data comply with the provisions of the Entrustment Agreement.
9.2. The Processor shall provide the Administrator with all information necessary to demonstrate compliance with the obligations set out in Article 28 of GDPR.
9.3. The Processor shall immediately notify the Administrator when he deems that an order received by him violates the regulations.
9.4. Having regard to the scope of the audit and costs associated with it, the Processor may charge the Administrator with a reasonable and justified fee in connection with the audit.
10. CEASING THE PROCESSING ENTRUSTMENT
10.1. After the end of the provision of services connected with the processing of personal data, the Processor, depending on the Administrator’s decision, shall either remove or return all personal data, and remove all of their existing copies on any storage media, which shall not affect the lawfulness of processing performed by the Processor during the term of the Entrustment Agreement.
11. FINAL PROVISIONS
11.1. The Entrustment Agreement is concluded for an unlimited period of time commencing on 25 May 2018.
11.2. Ending the use of NOZBE by deleting the account in NOZBE results in the termination of the Entrustment Agreement and deletion of personal data.
11.3. If any of the provisions of the Agreement proves invalid or unenforceable, such partial invalidity, illegality or unenforceability of a provision shall not affect the validity of the remaining provisions of the Agreement. The Parties shall undertake negotiations to replace invalid or unenforceable provisions of the Agreement with new provisions.
11.4. Any changes and additions to the content and provisions of the Entrustment Agreement require written form in order to be effective.
11.5. The Parties shall make every effort to ensure that the means of communication they use to receive, transmit and store confidential information guarantee the protection of confidential data including, in particular, personal data entrusted for processing, against the unauthorized access of third parties unauthorized to become familiar with their content.
11.6. The Parties are mutual administrators of the data specified in the introduction (recitals) of the Entrustment Agreement.
11.7. In matters ungoverned by the Agreement, the generally applicable regulations of the Polish law, including the provisions of the Civil Code, shall apply.
11.8. The Agreement has been prepared in two identical copies, one for each Party.