Sign up as a Guardian360 Partner

  • Through this form you sign your company up to become a partner. Signing up is simple: enter your credentials hereunder, we use them to generate the agreement based on this agreement template. So in case you sign up, you agree with the terms and conditions as set out in that template.

  • Partners purchase services directly from Guardian360, unless it is agreed that the partner purchases services from a distributor.

  • We process your information in accordance with our privacy policy. Read our privacy policy on https://www.guardian360.net/privacy-and-cookie-policy/

  • PARTNER AGREEMENT

    For conclusion into online (version 1.5)

    THE SIGNATORIES

    The private limited liability company “Guardian360 B.V.”, having its registered office in ROTTERDAM at Schouwburgplein 30-34, hereby duly represented by Mr. J.M. Broekhof, hereafter referred to as “Guardian360”

    and

    Full company name : {Full company name:5}
    Registered office in: {Registered office in (Stad):3.3}, {Country:35}

    Address: {Registered office in (Straat + huisnummer):3.1}

    Post(al) code {Registered office in (Postcode):3.5}

    Hereby duly represented by: {Hereby duly represented by (Voorvoegsel):1.2} {Hereby duly represented by (Voornaam):1.3} {Hereby duly represented by (Achternaam):1.6}

    Hereafter referred to as:

    Partner

    Hereafter individually referred to as “Party”, and collectively as Parties

    WHEREAS:

    I. Guardian360 sells products and services, inter alia:

    • which constantly automatically scan in and around a specific network and/or web application(s) for weak spots and/or vulnerabilities in the network security and/or web application security;
    • which entail manually searching in and around a specific network and/or web application(s) for weak spots and/or vulnerabilities in the network security and/or web application security;
    • which contribute to the security awareness of persons;
    • which can be used to catch hackers within a network and/or web application;
    • which can detect deviations from standards and guidelines within a network and/or web application(s)

    II. Partner has an extensive network in which it can raise interest for the products and services of Guardian360;

    III. Parties record their cooperation in this agreement, hereafter referred to as “Partner Agreement”.

    DECLARE TO HAVE AGREED AS FOLLOWS

    Article 1. DEFINITIONS
    Words in this Agreement commencing with capital letters, have the meaning as set out in this article, regardless of whether the words are used in plural or singular form.

    1.1. Client: a client of Partner.

    1.2. Contract: the contract Partner enters into with its Client.

    1.3. Data Processing Terms : the data processing terms as set out in Schedule 1.

    1.4. Distributor: a distributor authorized by Guardian360, as it can be found on the website of Guardian360, which list can be updated by Guardian360 from time to time.

    1.5. End User: an actual user (natural person) of the functionality of the Services, which user can be attributed to Client.

    1.6. Guardian360 Platform: the web based platform, currently named “Lighthouse”, including any successors (regardless name), Guardian360 puts at the disposal of Partner, which allows Partner to, inter alia, Scanning IP-addresses, scanning URL’s, Deploy Hacker Alerts, Have insights in deviations form norms and regulations and perform Phishing Simulations.

    1.7. Image: an image for a virtual machine or for a container, which image contains Guardian360 software.

    1.8. NFR: Not For Resale, Services that are provided to the Partner with discount that can’t be sold to Clients;

    1.9. Object: a virtual or physical device which can be subjected to the Services.

    1.10. Partner Agreement: this partner agreement, Partner entered into online.

    1.11. Price List: the price list for the Services issued by Guardian360.

    1.12. Relations Environment: a part of the Guardian360 Platform in which Partner can administer its Clients and contact persons of Client.

    1.13. Services: all the services that Guardian360 is able to render now and in the future.

    1.14. Service Level Agreement: the service level agreement as set out in Schedule 2.

    1.15. Terms of Service: terms of service which are applicable to a Client or an End User, or to Partner in case Partner uses NFR subscriptions for itself.

    1.16. Schedule: a schedule to this Partner Agreement

    1.17. Writing: in writing or by e-mail.

    Article 2. APPOINTMENT
    2.1. Hereby Partner is appointed as “Guardian360 Sales Partner”. Any other levels are only agreed upon in a separate written agreement

    2.2. Partner hereby accepts the appointment as agreed upon in this Partner Agreement.

    2.3. For being a “Guardian360 Sales Partner” the requirements apply as set out in the document “Benefits & Conditions”, as set out in Schedule 3.

    2.4. The appointment is not exclusive and is not limited to any territory. This means that Guardian360 is allowed to enter into contracts with other Partners directly or indirectly through Distributors.

    2.5. The Partner is itself responsible for selling, finding and entering into Contracts with Client(s). Partner does this at its own risk and expense.

    2.6. Partner is not allowed to appoint distributors or (sub-)partners. Partner is not allowed to enter into agency agreements regarding the Services.

    2.7. Parties also enter into this Partner Agreement for the benefit of any subsidiaries of Partner. Therefore, subsidiaries of Partner do not have to enter into a separate agreement with Guardian360.

    2.8. Partner must use its own legal documentation to enter into Contracts with Clients.

    2.9. Partner is responsible for invoicing Clients.

    Article 3. GUARDIAN360 PLATFORM AND DELIVERY OF SERVICES
    3.1. It is the responsibility of Partner to: (i) create Clients, Services and Objects within its own Relations Environment; and (ii) enter Contract information. In case Contract information is entered into the Guardian360 Platform, the Guardian360 Platform asks for a start date and end date. Partner acknowledges that after the end date, Client and its End Users will not be able to make use of the Services and/or functionality of the Services (regarding the Objects) which were connected with that Contract.

    3.2. For all Services Partner is able to create in Guardian360 Platform, Partner is billed by the Distributor, in accordance with the Price List. The discount applies as agreed upon with Distributor. In case Partner sells Services and/or the functionality of Services to Clients, Partner is allowed to use its own prices and rates. Partner acquires the Services from Distributor. Guardian360 is not a party in the agreement regarding the Services Partner acquires through Distributor.

    3.3. During the term of this Partner Agreement, Guardian360 is entitled unilaterally to adjust the specifications of the Service(s).

    3.4. Partner is obliged to accept improved or new versions of the Service(s) or Guardian360 Platform. Guardian360 determines the version policy unilaterally.

    3.5. Any disruptions, failures or faults in the Service(s) or Guardian360 Platform or unavailability of the Service(s) or Guardian360 Platform shall be solved by Guardian360 according to the Service Level Agreement. Guardian360 cannot guarantee that disruptions, failures or faults can always be solved. Guardian360 is free to apply a work-around.

    3.6. Unless otherwise agreed in Writing, the use that the Partner makes of advice given by Guardian360 will always be at the expense and risk of the Partner.

    3.7. Guardian360 does not guarantee that the Service(s) will operate faultlessly and that all (security) threats will be identified by the Service(s).

    3.8. Guardian360 compiles the components of the Service(s) with due care to ensure that the Service(s) fulfil the (standardized) norms. However, Guardian360 does not guarantee that the Service(s) will at all times fulfil the (standardized) norms. In addition, the (standardized) norms can be replaced by other (standardized) norms. In the latter case, Guardian360 will try to make the Service(s) comply with the new (standardized) norms which replaced the old (standardized) norms, however, Guardian360 does not guarantee that this will take place within due time.

    3.9. Partner guarantees that: (i) the networks and equipment scanned by the Service(s) and/or which are subject to any testing and/or auditing are owned by Partner or its Client(s); or (ii) in case the under point (i) mentioned networks or equipment are not owned by Partner or its Client(s), that it has sufficient and proper consent(s) in place. Partner indemnifies Guardian360 against any claims of third parties relating to scanning with Service(s) of networks and equipment not owned by Partner or Client(s) or for which no sufficient and proper consents are in place.

    3.10. Partner herein grants Guardian360 authority to scan the networks and equipment of Partner or Clients, or subject it to tests and/or audits, with the Service(s) during the term of the Partner Agreement. Partner guarantees never to undertake any (legal) steps against Guardian360 or its staff for access to computer systems with Service(s), for instance, Partner should refrain from reporting to the police any computer trespassing by Guardian360 or its staff. The aforementioned guarantee does not apply if and insofar as the Guardian360 abuses the possibility to intrude into the computer systems of Partner or Client(s).

    3.11. Although the Service(s) have been designed by Guardian360 with great care, it might occur that the Service(s) damage (data) files or databases of Partner or Client(s), with the possible consequence that data and/or (web) applications of the Partner or Client(s) are unavailable. Guardian360 shall not be liable for damages as a result of this, except for a situation in which the damages are caused as a result of willful intent or conscious recklessness (In Dutch: “opzet of bewuste roekeloosheid”) of the top level management of Guardian360. It is therefore the responsibility of Partner or Client(s) to make periodic, at least daily, adequate backups of the data(bases) and applications to which the Service(s) might have access.

    Article 4. SUPPORT AND SERVICE LEVEL AGREEMENT
    4.1. Guardian360 renders its Services in accordance with the Service Level Agreement.

    4.2. The Service Level Agreement applies directly to the Partner. Partner is allowed to use its own service level agreement towards Clients.

    4.3. In case penalties or service credits are agreed upon in the Service Level Agreement, only the Partner is entitled to claim those penalties or services credits. Partner indemnifies Guardian360 for claims of Clients or End Users regarding not meeting the services levels of the Service Level Agreement.

    4.4. Partner is responsible for first line support, and Distributor is responsible for second line support, in case of questions of Clients.

    Article 5. INTELLECTUAL PROPERTY RIGHTS
    5.1. All intellectual property rights regarding Guardian360 Platform, the Image(s) and the Service(s), including accompanying (online) documentation remains vested in Guardian360 or its licensors.

    5.2. In case an Image is put at the disposal of Partner, it is granted a license regarding software of Guardian360 residing in the Image. The aforementioned license is granted non-exclusively, revocable, worldwide and for the term of the Partner Agreement. The license entails only that Partner is allowed to use the Image on a virtual machine in case an Object not accessible from the outside world, for instance in case it is behind a firewall. Partner is allowed to place the Image on a virtual machine or cloud provider of Client regardless location. The periodic price of the license is stated in the Price List. The Image may contain software of third parties and/or open source software. The license terms of the third parties apply directly towards Partner. The open source license terms regarding the aforementioned open source software directly apply towards Partner.

    Article 6. CONFIDENTIALITY
    Information and/or documentation is confidential in case it designated by the disclosing Party as such, or in case the receiving Party knows or may suspect that the information and/or documentation is confidential. Receiving Party is not allowed to disclose confidential information and/or documentation to third parties, unless there is permission of the disclosing Party In Writing. In this context third Parties also entail a parent, subsidiary or sister company, or any other company within the group of companies a Party is a member of pursuant to article 2:24b of the Dutch Civil Code.

    6.1. Parties and personnel of Parties, must only use the by other Party disclosed information, including the content of this Agreement, in accordance with this Agreement, and are not allowed to disclose the confidential information directly or indirectly to third parties, or give permission thereto, without prior permission of the disclosing Party In Writing. Parties, including the employees of the Parties, shall take all necessary precautions to protect confidential information against unauthorized use and disclosure.

    6.2. What is stated in this article does not apply in case a Party needs to disclose the confidential information pursuant to a court order or decision by the government.

    6.3. Confidential information means in any case: the business rules and algorithms underlying the products or services of Guardian360.

    6.4. The confidentiality obligation as set out in this article applies during the term of this Agreement as well as for a period of five (5) years after the termination of the Agreement, regardless of the reason for termination.

    6.5. In the event of violation by the Appointee, of the non-disclosure obligations as stated in this article, the Appointee shall forfeit immediately for Guardian360, without judicial intervention, a contractual penalty of € 10,000 (ten thousand euros) per event, and € 1,000 (one thousand euros) per day, as long as the violation continues, or at least, the cause of the violation has not been removed.

    Article 7. PROCESSING PERSONAL DATA
    7.1. For processing personal data, Partner and Distributor should enter into a data processing agreement.

    7.2. It is the responsibility of Partner to enter into a data processing agreement with Client which is in conformity with relevant laws and regulations regarding processing personal data.

    Article 8. DURATION AND TERMINATION
    8.1. This Partner Agreement enters into force as of per the moment the Partner Agreement is electronically signed by all Parties.

    8.2. This Partner Agreement is entered into for an indefinite period of time.

    8.3. Termination should be done In Writing. For both Parties a notice period of one (1) month applies. Termination must be done at the end of a calendar month.

    8.4. Any Party is entitled, without prejudice to the provisions of this Partner Agreement, to terminate this Agreement in whole or in part, with immediate effect, In Writing and without prior notice of default or notification:
    a. in case of an imputable failure of the other Party regarding one or more of its obligations and/or performance is impossible;
    b. in case it is clear for the terminating Party, that the other Party will not be able, or not willing, to fulfill its obligations;
    c. in case the other Party has applied for suspension of payments, is in suspension of payment, has filed for bankruptcy, is in a state of bankruptcy, liquidates its business or ceases its activities or is in any way insolvent
    d. the agreement between Distributor and Partner is terminated, regardless reason, save for the situation that Partner enters into an agreement with another Distributor of Guardian360;
    e. the distribution agreement between Distributor and Guardian360 is terminated, regardless reason, save for the situation that Partner enters into an agreement with another or replacement Distributor of Guardian360.

    8.5. After termination of this Partner Agreement, regardless reason, Partner is not allowed to acquire Services through Distributor, even when there is (still) an agreement in place between Partner and Distributor.

    Article 9. LIABILITY
    9.1. For an attributable shortcoming in the performance of this Partner Agreement (including any Services), Parties are liable for direct damages up to the amount that Guardian360 invoiced Partner under this Partner Agreement, excluding VAT, in the twelve (12) calendar months preceding the damage causing event, per event, with a maximum of € 25,000 (twenty-five thousand euros).

    9.2. The liability of Guardian360 for indirect damage, consequential loss, lost profit, missed savings, reduced goodwill, damage due to business interruption is excluded. Also excluded is the liability of Guardian360 due to mutilation, destruction or loss of data or documents.

    9.3. Previous limitations of liability lapse in case there is intent or conscious recklessness (in Dutch: “opzet of bewuste roekeoosheid”) of the top-level management of the breaching Party.

    Article 10. NO DISTRIBUTOR
    10.1. The following paragraphs of this article only apply in case no Distributor is in place.

    10.2. In case Guardian360 bills Partner, article 3.2 of this Partner Agreement is not applicable. In that case Partner is billed by Guardian360, in accordance with the Price List. Partner is in that case entitled to a 15% (fifteen percent) discount. In case Partner sells Services and/or the functionality of Services to Clients, Partner is allowed to use its own prices and rates. Partner acquires the Services directly from Guardian360.

    10.3. In case Partner adjusts the extent of the Service(s) upwards, for instance because more Objects are added to Guardian360 Platform, Guardian360 will charge for these additions the next calendar month.

    10.4. In case Partner adjusts the extent of the Service(s) downwards, for instance because there are fewer Objects in Guardian360 Platform, the reduction will be effected the next calendar month.

    10.5. Articles 10.1 and 10.3 of this Partner Agreement only apply in case of Service types which are billed by unit.

    10.6. Partner is responsible for first line support, and Guardian360 is responsible for second line support, in case of questions of Clients. In no case Clients or End Users are allowed to directly contact Guardian360, unless Guardian360 gave its consent. Article 4.4 does not apply.

    10.7. All prices are exclusive of value added tax (VAT) and other government levies that have been or are later imposed. Except where agreed otherwise, all prices are in euros in all cases.

    10.8. Guardian360 is entitled to adjust the prices and rates as stated in the Price List unilaterally.

    10.9. Default of a Client regarding a payment obligation, does not discharge Partner from its payment obligation regarding invoices issued by Guardian360.

    10.10. Guardian360 reserves the right to, in case there is a reason, to have an independent third party appointed, who has the task to investigate whether Partner fulfilled its (financial) obligations correctly under this Agreement. Partner hereby agrees it will cooperate in case of such an investigation, and will give the aforementioned third party access to the necessary documentation, without any reservation.

    10.11. Invoices issued by Guardian360 must be paid within 30 (thirty) days net.

    10.12. Article 7.1 does not apply. For processing personal data separate Data Processing Terms apply. In some cases, the Client will qualify Guardian360 as a (sub) processor. Guardian360 hereby states it is willing, upon request of Client agree upon additional agreements on top of the aforementioned basic data processing agreement, provided that those agreements will not impose obligations which are more strict than what is expected from (sub) processors based on the obligations pursuant to the relevant legislation (currently the General Data Protection Regulation). Guardian360 does not guarantee in advance that it can agree with all wishes and requirements of a Client in this regard.

    Article 11. OTHER STIPULATIONS
    11.1. European Union legislation provides consumers the right to withdrawal in case the consumer enters into an agreement online. Since Partner, by entering into the Partner Agreement, is acting in the course of a business of profession, the right of withdrawal does not apply.

    11.2. Parties hereby expressly agree that this Agreement does not construe an agency agreement.

    11.3. Parties are explicitly agreed upon the fact that this Partner Agreement does not construe an agency relationship in any way.

    11.4. Guardian360 is permitted to transfer the rights and obligations under this Partner Agreement to a third party without the consent of the other Party being required.

    11.5. This Partner Agreement is governed by the Laws of the Netherlands.

    11.6. Any disputes that may arise in connection with or in connection with this Partner Agreement will be submitted to the competent court in the district of Rotterdam, unless the dispute should be submitted to the sub-district court (in Dutch: “kantonrechter”) pursuant to the law, in this latter case the legal competence rules prevail.

    11.7. In case one or more provisions of this Partner Agreement are not legally valid, the relevant Partner Agreement will remain in force for the remainder. The Parties will consult on the provision (s) that are not legally valid, in order to make a replacement arrangement that is legally valid and as far as possible in line with the scope of the provision to be replaced.

    11.8. Headings and numbering of articles in this Partner Agreement are only intended to facilitate reference to articles and will not affect the interpretation of the relevant articles.

    11.9. This Partner Agreement replaces all other agreement regarding the topic(s) covered in this Agreement.

    -- ELECTRONIC SIGNATURS ON NEXT PAGE --

  • Thus agreed upon and recorded.


    GUARDIAN360 B.V.

    Rotterdam, The Netherlands

    DATE 03/28/2024



    Mr. J.M. Broekhof



    {Full company name:5}

    {Registered office in (Stad):3.3}, {Country:35}

    DATE 03/28/2024



    {Hereby duly represented by (Voorvoegsel):1.2} {Hereby duly represented by (Voornaam):1.3} {Hereby duly represented by (Achternaam):1.6}
    IP Address: 44.204.204.14

  • Schedule 1: Data Processing Terms

    Unless otherwise agreed by Parties the following terms apply on the processing of personal data by Guardian360. Words in these Data Processing Terms have the meaning as set out in these Data Processing Terms, regardless of whether the words are used in uppercase, lowercase, plural or singular form. These Data Processing Terms only apply in case there is no Distributor in place and the Services are directly acquired by Partner from Guardian360. In all other cases, Partner must enter into a data processing agreement with its Distributor.

    Article 1. Definitions
    1.1. Appendix: an appendix to these Data Processing Terms, which appendix forms an integral part of these Data Processing Terms

    1.2. Data Processing Terms: the terms as stated here (including the Appendices) which apply to the Partner Agreement as concluded between Partner and Guardian360 and these terms reflect the mutual rights and obligations with regard the processing of personal data;

    1.3. Controller, data breach, data subject, processor, third party, personal data and processing : These words in these Data Processing Terms have the same meaning as defined and described in Article 4 GDPR;

    1.4. GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

    1.5. Guardian360, Partner, Partner agreement, Client and Service: These words in these Data Processing Terms has the same meaning as defined and described in the partner agreement.

    1.6. Parties: Guardian360 and Partner jointly.

    Article 2. Applicability
    2.1. These Data Processing Terms apply to all personal data processed by Guardian360 in the context of the execution of the Partner Agreement or ensuing or related agreements.

    2.2. These Data Processing Terms set out the rules for processing personal data as referred to in article 28 paragraph 3 of the General Data Protection Regulation. These terms shall be hereinafter referred to as “Data Processing Terms”. The Data Processing Terms form an integral part of the Partner Agreement.

    2.3. In the context of the processing of personal data, Parties recognize and distinguish the following roles in accordance with the GDPR (including the associated responsibilities): the Partner is the controller or processor, Guardian360 is considered as processor or sub-processor, a third party contracted by Guardian360 that processes the personal data will be considered as a sub-processor or a sub-sub-processor.

    Article 3. Processing personal data
    3.1. Guardian360 processes the personal data of Partner, as recorded in Appendix 1, during carrying out the in the Partner Agreement agreed upon work duties and rendering the in the Partner Agreement agreed upon services only on behalf of Partner.

    3.2. Guardian360 is not allowed to process the personal data of Partner, or provide the personal data of Partner to third parties for its own purposes, other than agreed upon. Processing of personal data by Guardian360 will only take place at request and on instructions of Partner.

    3.3. Unless otherwise agreed or supplemented, Guardian360 processes the personal data in accordance with the purposes as determined and described in Appendix 1.

    3.4. In case Partner's instructions cannot be followed up within the framework of the work and services as agreed upon in the Partner Agreement, the Parties will discuss the (financial) consequences of following up the by Partner given instructions.

    3.5. Guardian360 will inform Partner if an instruction in the opinion of Guardian360 is in conflict with the applicable laws and regulations regarding the processing of personal data.

    3.6. In case the Partner Agreement is changed or amended in such a way that Appendix 1 needs amendments or changes, Guardian360 notifies Partner of such amendment or modification of Appendix 1.

    3.7. For the processing of personal data, Guardian360 puts technology and/or software at the disposal of Partner, which means can be used by Partner for the set purposes. Therefore, Partner determines itself the purposes and means.

    3.8. Partner shall ensure that the use of the technology and/or software intended for this purpose in such a way that it processes the personal data with the aforementioned means in accordance with the relevant legislation and/or regulation regarding data processing and the predetermined legitimate purposes for processing.

    3.9. If and insofar the Partner is obliged by law or (internal) regulations to involve a representative advisory board in the implementation of the Service, then it shall ensure that the relevant boards or persons are informed about the purpose and resources of the Service and are consulted adequately insofar as relevant in this context.

    Article 4. Retention periods
    4.1. Guardian360 shall not process personal data for longer than strictly necessary in the context of providing the Service and/or carrying out work and in accordance with the retention periods specified and determined by Partner.

    4.2. Unless Parties agreed upon retention periods, it will be considered that the processing of personal data is no longer necessary if the Partner Agreement has been terminated.

    4.3. After the personal data have been deleted and/or destroyed in accordance within the way and terms agreed upon with the Partner, Guardian360 cannot be held responsible and liable for the removal or destruction of the (personal) data.

    Article 5. Confidentiality
    5.1. Each of the Parties will take all reasonable measures in order to ensure the confidentiality of confidential information to the extent that this is possible in connection with the performance of the Partner Agreement.

    5.2. The personal data provided by Partner to Guardian360, will not be disclosed to third parties without prior approval of Partner, unless there is a written consent by the Partner, or unless it is necessary for the execution of the agreed upon activities and services, the performance of a legal obligation, a request from an authority, or judicial ruling.

    5.3. Guardian360 ensures that the personal data of Partner will only be disclosed to personnel of Guardian360 on need to know basis, and that the personal data will only be disclosed to personnel assigned with carrying out the in the Partner Agreement agreed upon work duties or with rendering in the Partner Agreement agreed upon services.

    Article 6. Technical and organizational measures
    6.1. Parties ensure that they will adhere to relevant legislation and regulation regarding processing personal data, in particular the GDPR.

    6.2. Guardian360 takes and implements appropriate technical and organizational measures to secure the personal data against any unlawful processing. These measures ensure, taking the current state of technology and the costs of implementing those measures into account, an adequate level of protection, considering the risks of processing, and the nature of, the personal data. The measures are also aimed at preventing unnecessary processing of personal data.

    6.3. In order to fulfill the aforementioned obligation Guardian360 is ISO 27001 certified. As long as Guardian360 processes personal data for Partner Guardian360 is obliged to remain ISO 27001 certified or – in case ISO 27001 will be followed up - to be certified and to remain in compliance with the official successor.

    6.4. Partner takes appropriate technical and organizational measures in accordance with GDPR to protect personal data against loss or against any form of unlawful processing. These measures ensure, taking into account the current state of the technology and the cost of implementation, a level of security appropriate to the risks represented by the processing and the nature of the personal data to be protected. The measures are also aimed at unnecessary collection and further processing of personal data. An example is: (i) business processes that comply with the relevant legislation in this area processing of personal data; (ii) authorization models where staff which has nothing has to do with certain personal data, does not have access to such data (iii); security of workstations; (iv) an adequate password policy. Partner must also ensure that they use an adequate policy in respect of (private) use of internet and e-mail in the workplace, stipulating that when using applications personal data can be logged.

    6.5. Partner will inform Guardian360 about the technical and organizational measures taken by itself as referred to in the aforementioned paragraph prior to start with the agreed upon work duties and services. It is the responsibility of Partner to inform Guardian360 timely about any new or amended policy regarding the technical and organizational measures which Partner is required to take pursuant to legislation and/or regulation and business practices.

    6.6. The Partner estimates itself and judges independently whether a Data Protection Impact Assessment (DPIA) as referred to in article 35 of the GDPR is required. In case Guardian360 deems that in a specific case a DPIA should be carried out, Guardian360 informs and requests Partner to carry out a DPIA.

    6.7. In case the Partner has carried out a Data Protection Impact Assessment (PIA) regarding processing personal data, Partner will, prior to starting with the agreed upon work duties and/or services, provide Guardian360 with a copy of the results and the measures that are taken or will be taken.

    Article 7. Audit
    7.1. For the duration of the applicability of these Data Processing Terms, Partner is entitled to audit the measures taken by Guardian360 by an independent auditor, provided that: (i) the audit was announced at least two (2) week in advance by Partner; (ii) the costs for the audit (including the independent auditor and the time of the staff of Guardian360 supporting the auditor, against the hourly rates of that specific staff) are borne by Partner; and (iii) the result will be discussed with Guardian360.

    7.2. Before Partner conducts an audit, Partner first consults and assesses the available (audit) reports present at Guardian360. If Partner after it take notice of the reports still considers that the consulted reports are insufficient, it will state in the request the reasons and arguments which -in his opinion- an audit still justified. An audit as referred to here can only be carried out under the cumulative conditions as mentioned in the aforementioned article.

    7.3. Guardian360 and Partner may as a result of the audit enter into consultation in order to implement further or additional measures and/or agree upon new terms.

    Article 8. Third parties – sub-processors
    8.1. Guardian360 may, in the course of executing the Partner Agreement, use sub-processors. Partner hereby grants Guardian360 general consent to enable sub-processors. The list of sub-processors is attached to these Data Processing Terms in Appendix 2. Guardian360 may at its own discretion and judgment change and/or extend the list. In case Guardian360 expands or changes the list with new sub-processors, Partner will be notified at least two (2) weeks prior to using the intended sub-contractor, and given the opportunity to object to the proposed new sub-processors within 14 business days.

    8.2. Guardian360 and Partner search for reasonable solutions to take the concerns of Partner away. In case Partner and Guardian360 cannot agree upon a workable solution, Partner is allowed to terminate the agreement in accordance with article 8.3 of the Partner Agreement.

    8.3. Guardian360 is not allowed, without consent of Partner, to transfer personal data outside of the E.U. / E.E.R. This does not apply for transfer to sub-processors as recorded in Appendix 2.

    8.4. Guardian360 enters -if and insofar as possible- into sub processing agreement with the aforementioned sub-processors.

    8.5. Guardian360 cannot warrants that it will be notified by sub-processor regarding changes of the sub-sub-processors.

    8.6. In case Guardian360 engages third parties with which Guardian360 cannot or barely can negotiate the conditions, then in the event of any damage Guardian360 cannot be held liable for more than it has been able to recover from those third parties.

    Article 9. Data breaches and rights of data subjects
    9.1. In case Guardian360 suspects or knows that personal data of Partner is compromised, due to a data or security breach, Guardian360 notifies Partner immediately, at least within forty-eight (48) hours.

    9.2. Partner assess itself whether it should notify data subjects and/or supervisory authorities. Partner is and remains responsible for the mandatory obligation to notify these actors.

    9.3. In case a data subject invokes his or her rights under the General Data Protection Regulation, it will forward the request to Partner. Partner will follow up the request of the data subject. Guardian360 may inform data subject about the forward, and will wait further instructions from Partner.

    9.4. Upon first request of Partner: (i) Guardian360 provides information requested by Partner with regard to the processing of personal data of Partner; and (ii) Guardian360 will support and be cooperative to Partner if and insofar necessary to fulfill its obligations under the applicable laws and regulations regarding the processing of personal data. The second sentence of article 1.3 mutatis mutandis also applies here.

    Article 10. Liability
    10.1. In case of an imputable failure to comply with these Data Processing Terms or any relevant legislation regarding processing of personal data by Guardian360, the liability of Guardian360 for damages is limited to what is agreed upon the Partner Agreement regarding limitation of liability. In case the cause of the damages is attributable to a third party as mentioned in paragraph 4.1, the liability of Guardian360 is limited to what it is able to actually recover from that third party.

    Article 11. Other stipulations
    11.1. Partner warrants that the contents, the agreed upon use and the assignment to process personal data as mentioned in these Data Processing Terms, is not unlawful and will not infringe any right of third parties. Partner indemnifies and holds Guardian360 harmless for all claims related hereto.

    11.2. These Data Processing Terms are applicable for the duration Guardian360 in the context of the Partner Agreement carries out work or renders Services for Partner. After the duration of the Partner Agreement, Guardian360 destroys the personal data of Partner, or, upon request of Partner, provides the personal data of Partner to Partner, prior to destroying the personal data. Upon first request of Partner, Guardian360 provides Partner a declaration stating that the personal data was destroyed.

    11.3. Partner is responsible for how it provides Guardian360 the personal data. Therefore, it is the responsibility of Partner to check whether the way of providing to Guardian360 complies with relevant legislation and/or (internal compliancy) regulation. Hereby the Partner will respect the applicable Guardian360 guidelines for data delivery. If the delivery by the Partner does not fit with the applicable guidelines of Guardian360, it has the right to refuse the way of delivery and/or demand a delivery that is complaint with the delivery guidelines of Guardian360. Partner indemnifies and holds Guardian360 harmless for all claims and/or damages in case the personal data is not provided to Guardian360 in accordance with the relevant legislation and/or (internal compliancy) regulation.

    11.4. These Data Processing Terms is governed by the Laws of the Netherlands.

    11.5. Guardian360 reserves the right to unilaterally amend this Data Processing Terms in its sole discretion. Any such amendment shall be effective immediately.

    11.6. Disputes arising out of or in connection with or as a result of these Data Processing Terms will be solely submitted to the court of Rotterdam, the Netherlands.

    11.7. These Data Processing Terms cannot be seen separately from the Partner Agreement. In case of conflicting wording between wat is stated in these Data Processing Terms and the Partner Agreement, what is stated in these Data Processing Terms prevails.

    11.8. These Data Processing Terms also apply to subsidiaries of Parties.

  • APPENDIX 1 | PROCESSED PERSONAL DATA AND PURPOSE OF PROCESSING PERSONAL DATA

    Description purposes and method of processing:

    In accordance with the provisions of the Partner Agreement Guardian360 shall solely process and use the personal data for:

    • Offering the Services of Guardian360
    • Ensure the security of the Guardian360 Service
    • Monitor the performance of the Service
    • Improving the Service. This includes analyzing the use of functionalities and parts of the Guardian360 services

    The ultimate goal of processing personal data is to provide the Guardian360 Service.

    Categories of data subjects:

    The following categories of persons will be involved in the processing of personal data:

    • Guardian360 staff
    • Clients of Partner who purchase the Guardian360 services
    • Employees of Partners
    • People who have contact with Guardian360, for example for technical support or project management

    Categories of personal data:

    • Name
    • Email address
    • Phone number
    • IP address
    • Browsing and click behaviour

    (Groups) authorized employees who process personal data:

    In the table below, the job roles and / or job groups that have access to certain Personal Data and afterwards indicate which processing operations they may perform with regard to the Personal Data.

    Function (Group)

    (Category) Personal data

    Type of processing

    Service-administrators

    All

    Database and software maintenance, incident management, problem solving

    Support staff

    Contact information, log data

    Consultation for debugging and diagnosis.

    Staff

    Contact details of Partner and Client contacts

    Regular communication (e-mail, telephone) with project involved from Partner and Guardian360. This is business communication that is a further release from the Guardian360 SaaS service.



    APPENDIX 2 | SUB-PROCESSORS

    Company

    Activity

    Inside or outside E.U. / E.E.A.

    Instrument used for export outside E.U. / E.E.A

    Intermax Cloudsourcing

    Hosting and application support

    Inside E.U.

    Bizway

    Hosting and application support

    Inside E.U.

    Google

    Hosting and application support

    Inside E.U.

  • Schedule 2: Service Level Agreement

    Subject

    Performance agreements

    Availability

    The Guardian360 Platform has an availability of 99.999%.

    This availability is calculated per year with the following equation:

    A = 100% * [1 – (t: T)]

    t = the number of minutes that the Guardian360 Platform was not available during the previous 12 months.

    T = the total number of minutes in a twelve-month period.

    Guardian360’s responsibilities concerning availability does not apply when:

    • Scheduled maintenance is being conducted;
    • The Guardian360 Platform is unavailable as a result of malfunction(s) to a third party’s telecommunication infrastructure;
    • The Guardian360 platform is unavailable as a result of unauthorised work done on Guardian360’s objects by the Client;
    • Force majeure.

    Scanning

    Scanning of IP-addresses will take place every day.

    Web scanning URL will take place every day.

    Timeliness of vulnerabilities

    At least once per day, the Guardian360 Platform will update the database of vulnerabilities it scans for.

    Guarantees pertaining to the detection of vulnerabilities

    Guardian360 cannot offer any guarantees pertaining to the number of vulnerabilities it detects, nor can the Client or Partner assume that the Guardian360 Platform will detect all vulnerabilities.

    Reimbursement
    If Guardian360 Partner should not achieve the Availability described in this attachment, Guardian360 will issue a Distributor or Partner credit note. For every cumulative hour or part of an hour of the platform’s unavailability, the pro-rata component of the monthly amount usually billed to the Partner (by the Distributor) for the Services provided will be credited. The monthly amount refers to the total fee of a single calendar month, excluding any additional costs billed after subsequent calculation.

  • Schedule 3: Benefits & conditions

    Benefits Sales Certified Advanced Premium
    Sales support by distributor Yes Yes Yes Yes
    Use Guardian360 marketing material   Yes Yes Yes
    Guardian360 services for own use (1)   Yes Yes Yes
    Custom webinars     Yes Yes
    Guardian360 leads based on a business plan       Yes
    Sales support by Guardian360 Partner Success Manager       Yes
    Discount (2) 10% 15% 25% 35%
     
    Conditions Sales Certified Advanced Premium
    Partner must be able to support their clients (3) Yes Yes Yes Yes
    Number of certified Guardian360 Sales Experts (GSE) 0 1 2 4
    Number of certified Guardian360 Technical Expert (GTE) 0 1 2 4
    Monthly funnel meeting       Yes
    MRR** N/A € 2.500 € 10.000 € 25.000

    This version of the Benefits & Conditions from is effective from 1 February 2023 and replaces all previous versions.

    1. Not For Resale license and only when the Partner meets all conditions related to their Partner status
    2. This is the amount purchased monthly at our distributors, also known as Sales In
    3. Partners must ensure that they are independently able to onboard clients, offer technical support to clients and consult clients