DATA PROCESSING AGREEMENT
.
This Data Processing Agreement ("APD") is the basis of the relationship between you, the client, as data controller and VideoMapping.Pro, the service provider, as data processor under data protection legislation, more specifically, the General Data Protection Regulation ("RGPD").
This is an important agreement that forms the contractual basis for us to process the data on your behalf. Explain how your data can be processed and its purpose. We process your personal data only as required and according to your instructions, as described in this agreement.
Due to our volume of clients, it would be impossible to enter into individually signed agreements with all of our users. It is also our wish that, by facilitating the conclusion of this agreement (APD), it is ensured that the acceptance of the new Terms, in compliance with the RGPD, takes less time as an owner who owes his main occupation to a business.
This APD assures you that we, as your data processor, comply with the requirements stipulated in the GDPR. In addition, you can be sure that we maintain the necessary agreements with third parties. Your company details are automatically filled in in your account when you accept the Terms and Conditions and the Privacy Policy, including this APD. Your data will always represent the most up-to-date information that you have provided us. The APD is listed below for your information.
Data Processing Agreement
Come in:
Name of the client (“the client” or “data controller”, hereinafter) [This information will be filled in automatically once you have completed the registration]
Y
"Video Mapping Producciones, SL", with CIF: B87571725, address at Av de Tenerife, 2, Centro Empresarial Marpe, Block 2, Planta 3, San Sebastian de los Reyes, 28703 ("VideoMapping.Pro®" or "data processor ", onwards)
each one a "part"; together "the parties",
HAVE AGREED to the terms of this Data Processing Agreement (hereinafter "APD" or "Agreement") on protection of personal data with respect to the processing of personal data when the client acts as data controller and VideoMapping.Pro® as processor of data to fulfill the service obligations described in the service agreement (detailed below). As part of the fulfillment of these service obligations, VideoMapping.Pro® will process certain personal data on behalf of the data controller, in accordance with the terms of this contract. Each party agrees and will ensure that the terms of this contract are also fully applicable to its subsidiaries, which may be involved in personal data processing operations for the project defined in the service agreement. Specifically, VideoMapping.Pro® will ensure that all sub-processors operate within the same terms as this Agreement when processing customer personal data.
Introduction and definitions:
Personal data is defined as any information relating to a data subject by which he can be identified in particular, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier or one or plus specific factors of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural or legal person (when applicable).
All other definitions mentioned in this document, including the terms data controller and data processor, are determined by the corresponding data protection laws, including the EU General Data Protection Regulation 2016/679 of April 27, 2016 (hereinafter, "RGPD").
Sensitive personal data is not considered processed under the application service offered by the data processor and is therefore excluded from the terms of this Agreement. .
By subscribing to use the VideoMapping.Pro® program and accepting the Terms and Conditions, including the Privacy Policy and this APD, the parties agree under all national data protection laws and under the GDPR that this Agreement governs the relationship between the data controller and data processor, determining the processing of personal data by VideoMapping.Pro® of customer data. This Agreement takes precedence, unless it has been superseded by another signed APD that communicates its primacy over this Agreement.
The purpose of VideoMapping.Pro® processing of personal data for the client is to ensure the full use of the service by the client and to allow this Agreement to be fulfilled. VideoMapping.Pro® will ensure that sufficient security of personal data is maintained at all times.
Both parties confirm their authority to sign the Agreement by doing so.
Data processor responsibilities:
The data processor must process all personal data on behalf of the data controller and follow his instructions. By entering into this Agreement, VideoMapping.Pro® (and any sub-processor with which the data processor has a legal agreement to offer the services) is instructed to process the customer's personal data as follows:
i) In accordance with all national and European laws; ii) fulfill its obligations under the terms of the service application; iii) as instructed by the data controller; iv) as described in this Agreement.
As part that provides the application, the data processor is required to always provide the customer with the appropriate solutions to accompany the continuous development of their business through the use of the service. The data processor tracks how the customer uses the application to make the best suggestions, provide relevant services at all times, and commit to send the most accurate communications in order to achieve ease of use and customer satisfaction. Insofar as the application's processing of personal data is part of this, it is processed only in accordance with this APD and applicable law and is shared only when necessary to provide a better customer experience.
Taking into account the available technology and the cost of implementation, as well as the scope, context and purpose of the processing, the data processor is required to take all reasonable measures, including technical and organizational measures, to ensure a sufficient level of security in relation to the risk and category of personal data to be protected. The data processor shall assist the data controller with the appropriate technical and organizational measures as necessary and taking into account the nature of the processing and the category of information available to the data processor to ensure compliance with the obligations of the data controller. under the applicable data protection laws.
The data processor will notify the data controller without undue delay if the data processor becomes aware of a security breach.
In addition, the data processor must, as far as possible and legally, inform the data controller if a request for data (request for data access) is made by the bodies that must provide it. The data processor will respond to such requests once the data controller authorizes it to do so. The data processor will also not disclose information about this Agreement unless the data processor is required by law to do so, such as by court order.
If the data controller requires information or assistance regarding data security, documentation or information on how the data processor processes personal data in general, it may request this information from the processor.
The data processor, its employees and any affiliate or partner will ensure confidentiality in relation to personal data processed under the Agreement. This provision continues to apply after the termination of the Agreement, regardless of the cause of its termination.
Responsibilities of the data controller:
The data controller confirms, by signing this Agreement, that, by using the application, you will be able to freely process your data in accordance with all legal data protection requirements, including the GDPR. The controller gives his explicit consent to the processing of his personal data at all times when using the service.
The data controller may revoke this consent at any time, but doing so terminates the current Agreement and the data processor will no longer be able to offer the service.
The client has a legal basis to process personal data with the data processor (including sub-processors) with the use of VideoMapping.Pro® services.
The data controller is responsible at all times for the accuracy, completeness, content and reliability of the personal data processed by the data processor. You have both fulfilled all the mandatory requirements in relation to notification or obtaining permission from the relevant public authorities regarding the processing of personal data. In addition, both have fulfilled their disclosure obligations with the relevant authorities regarding the processing of personal data in accordance with all applicable data protection legislation.
The data controller must have an accurate list of the categories of personal data that it processes, particularly if such processing differs from the categories listed by the data processor in Annex A.
Agreement for the transfer of data and the use of subcontractors:
To provide the service to the data controller, the data processor uses subcontractors. These subcontractors can be external suppliers both within and outside the EU / EEA. The data processor ensures that all subcontractors comply with the obligations and requirements of this Agreement; specifically, that your level of data protection meets the standard required by the relevant data protection laws. If a jurisdiction is outside the EU / EEA and is not on the list approved by the European Commission of satisfactory data protection levels under the GDPR, then a specific agreement is established between VideoMapping.Pro® and said subcontractor to ensure that it will maintain all personal data in accordance with the requirements of current EU data protection laws.
This Agreement constitutes the specific and explicit prior consent of the data controller for the use by the data processor of data processor subcontractors, which may sometimes be outside the EU / EEA or territories approved by the European Commission.
The data controller may revoke this consent at any time, but doing so terminates the term of the Agreement and the data processor will no longer be able to offer the service.
If a deputy director is established or personal data is stored outside EU / EEA or European Commission approved territories, the data processor has a responsibility to ensure a satisfactory basis for transferring personal data to a third country on behalf of the data controller. , including the use of standard European Commission contracts or specific measures that have been previously approved by the European Commission.
The data controller must be informed before the data processor replaces its subcontractors. The data controller may object to a new sub-processor that processes your personal data on behalf of the data processor, but only if the sub-processor does not process the data in accordance with current data protection legislation. The data processor can demonstrate compliance by providing the data controller with access to the data protection assessment performed by the data processor.
If the data controller still objects to the use of the subcontractor, you can terminate your subscription to the service, without the usual required notice period, and then ensure that the unwanted subcontractor does not process your personal data.
Duration of the Agreement:
The Agreement remains valid as long as the data processor processes personal data with the use of the service application data processor and unless it is superseded by another signed APD communicating its primacy over this Agreement.
Termination of the Agreement:
After the termination of any subscription, when the Agreement ends, the data processor will delete all personal data, except those that it is required to keep according to the applicable legal requirements and in such case it will be kept in accordance with the technical and organizational guarantees.
The data controller has full ability to retrieve all your personal data from the service application. If the data controller requests assistance with data recovery, the associated costs will be determined by mutual agreement between the parties and will be based on the complexity of the requested process and the time to complete it in the chosen format.
Changes to the Agreement:
Changes to the Agreement must be attached in a separate annex to the Agreement. If any of the provisions of the Agreement are held invalid, this does not affect the remaining provisions. The parties will replace the invalid provisions with a legal provision that reflects the purpose of the invalid provision.
Audits:
The data controller has the right to initiate a review of the data processor's obligations under the agreement once a year. If the data processor is required to do so in accordance with applicable law, the audits may be repeated once a year. A detailed audit plan describing the scope, duration, and start date must be provided at least four weeks before the proposed start date. The parties decide together whether a third party should perform the audit. However, the data controller may allow the data processor to have the security review performed by a neutral third party at the choice of the data processor, if it is a processing environment where data from multiple data controllers is processed.
If the proposed scope of the audit follows an ISAE, ISO or similar certification report performed, within the previous twelve months, by a qualified third party auditor and the data processor confirms that there have been no major changes to the measures under review, this will satisfy any request received within that period. Audits cannot unreasonably interfere with the normal activities of the data processor. The data controller is responsible for all costs associated with your audit review request.
Responsibilities and jurisdictions:
Liability for actions arising from non-compliance with the provisions of this Agreement is governed by the liability and indemnification provisions in the subscription terms in section 13. This also applies to any violation by the data processor sub-processors.
This Agreement is governed by the courts of the Kingdom of Spain, which will have exclusive jurisdiction to determine any dispute over it.
Annex A. Categories of personal information and categories of usual processing
A. Categories of personal information (the list is not exhaustive):
Name.
Direction.
Telephone numbers.
Email addresses.
Addresses).
Any account number and / or bank details.
B. Common processing categories (the list is not exhaustive):
Employees of the data controller.
Data controller contacts (phone / email / addresses / etc.).
The data controller's clients.
The banking information of the data controller.
Your clients' employees.
Your clients' contacts (phone / email / addresses / etc.).
Your clients' clients.
Banking information of your clients' clients.
All Rights Reserved © 2010-2020 -RegisteredTrademark M3725316 VideoMapping.Pro ® - Video Mapping Producciones SL