Terms and Conditions

Terms and Conditions

Terms and Conditions

  • FIRST: PURPOSE OF THE DATA PROCESSING AGREEMENT: These clauses authorise the data processor, to process on behalf of the data controller, all personal data necessary to provide the service previously described.
  • SECOND: IDENTIFYING THE INFORMATION AFFECTED: To perform the services arising from compliance with the purpose of this processing contract, the data controller, provides the data processor, with the information described below:
    • EMPLOYEES, CLIENTS (name, address, telephone number, e-mail)
  • THIRD: TERM OF THE CONTRACT: The term of this agreement shall be extended to the term of the main contract.Upon termination of this contract, the data processor must erase/return to the controller/return to another processor appointed by the controller.
  • FOURTH: CONFIDENTIALITY: Each Party must keep this Agreement and information it receives about the other Party and its business in connection with this Agreement (“Confidential Information”) confidential and must not use or disclose that Confidential Information without the prior written consent of the other Party except to the extent that:

    (a) disclosure is required by law;

    (b) the relevant information is already in the public domain.

  • FIFTH: OBLIGATIONS OF THE DATA PROCESSOR: The data processor and all their employees undertake to:
    1. Use the personal data subject to processing, or those collected for inclusion, only for the purpose of this contract. In no case use data for personal purposes.
    1. Keep a written record of all categories of the processing operations carried out on behalf of the controller.
    1. Not disclose data to third parties, unless with express authorisation from the data controller, when legally acceptable.
    1. Maintain the duty of secrecy regarding the personal data accessed under this contract, even after its termination.
    1. Guarantee that individuals authorised to process personal data expressly undertake in writing to respect confidentiality and to comply with the relevant security measures, of which they must be duly informed.
    1. Keep documentation accrediting compliance with the obligation set forth above available for the controller The data processor, on behalf of the controller and within the period established, must resolve requests to exercise rights to access, rectification, erasure and opposition, restriction of processing, data portability and to not be subject to automated individual decisions, regarding data under this contract.
    1. Right to information The data processor must provide information on the data processing operations they will carry out at the time of collecting the data. The processor must agree upon the wording and format of the information provided with the controller before they start collecting data.
    1. Data security breach notificationsThe data processor shall notify the data controller, without undue delay, and in any case before the maximum period of 72 hours, and via e-mail with reading confirmation, of any breach they are aware of to the security of the personal data they hold, together with all relevant information to document and report the incident.
    1. Provide the controller with all the information necessary to demonstrate compliance with their obligations, as well as to conduct audits and inspections carried out by the controller or another auditor authorised by them.
    1. Destination of data Return personal data and, if appropriate, the media on which they are recorded, to the controller after completing the service. The return must include deleting all data from the computers used by the processor. However, the processor may store a copy with the data duly blocked while they may still be held liable for providing the service.
  • SIXTH: LIABILITY DISCLAIMER: The DATA PROCESSOR accepts no responsibility or liability whatsoever with regard to the origin of the information uploaded by the DATA CONTROLLER and specifically about its GPDR compliance collecting the personal data from the subjects.
  • SEVENTH: OBLIGATIONS OF THE DATA CONTROLLER: The data controller must:
    1. Provide the processor with the data referred to in clause 2 of this document.
    1. Conduct a data protection impact assessment for the processing operations to be carried out by the processor.
    1. Carry out any relevant prior consultations.
    1. Ensure that the processor complies with the GDPR prior to and during processing.
  • EIGHTH GENERAL PROVISIONS
    1. The non-requirement by any of the parties of any of their rights, in accordance with this contract, shall not be deemed to constitute a waiver of said rights in the future.
    1. The legal relationship that is established between the parties is governed by this single contract, being the only valid one between the parties and replacing any previous agreement or commitment regarding the same object, whether written or verbal, and only may be modified by an agreement signed by both parties.
    1. If it were to prove that any of the stipulations contained in this contract is null, illegal or unenforceable, the validity, legality and enforceability of the rest of the stipulations will not be affected or harmed by it.
    1. This agreement and the relations between the controller and the data processor do not constitute in any case a partnership, joint venture, agency or work contract between the parties.
    1. The headings of the different clauses are for informational purposes only, and will not affect, qualify or extend the interpretation of this agreement.