PARTNER AGREEMENT
For conclusion into online (version 1.5)
THE SIGNATORIES
The private limited liability company “Guardian360 B.V.”, having its registered office in ROTTERDAM at Schouwburgplein 30-34, hereby duly represented by Mr. J.M. Broekhof, hereafter referred to as “Guardian360”
and
Full company name : |
{Full company name:5} |
Registered office in: |
{Registered office in (Stad):3.3}, {Country:35}
|
Address: |
{Registered office in (Straat + huisnummer):3.1}
|
Post(al) code |
{Registered office in (Postcode):3.5}
|
Hereby duly represented by: |
{Hereby duly represented by (Voorvoegsel):1.2} {Hereby duly represented by (Voornaam):1.3} {Hereby duly represented by (Achternaam):1.6}
|
Hereafter referred to as: |
Partner |
Hereafter individually referred to as “Party”, and collectively as Parties
WHEREAS:
I. Guardian360 sells products and services, inter alia:
- which constantly automatically scan in and around a specific network and/or web application(s) for weak spots and/or vulnerabilities in the network security and/or web application security;
- which entail manually searching in and around a specific network and/or web application(s) for weak spots and/or vulnerabilities in the network security and/or web application security;
- which contribute to the security awareness of persons;
- which can be used to catch hackers within a network and/or web application;
- which can detect deviations from standards and guidelines within a network and/or web application(s)
II. Partner has an extensive network in which it can raise interest for the products and services of Guardian360;
III. Parties record their cooperation in this agreement, hereafter referred to as “Partner Agreement”.
DECLARE TO HAVE AGREED AS FOLLOWS
Article 1.
DEFINITIONS
Words in this Agreement commencing with capital letters, have the meaning
as set out in this article, regardless of whether the words are used in
plural or singular form.
1.1. Client: a client of Partner.
1.2. Contract: the contract Partner enters into with its Client.
1.3. Data Processing Terms
: the data processing terms as set out in Schedule 1.
1.4. Distributor: a distributor authorized by Guardian360, as it
can be found on the website of Guardian360, which list can be updated by
Guardian360 from time to time.
1.5. End User: an actual user (natural person) of the
functionality of the Services, which user can be attributed to Client.
1.6. Guardian360 Platform: the web based platform, currently named
“Lighthouse”, including any successors (regardless name), Guardian360 puts
at the disposal of Partner, which allows Partner to, inter alia, Scanning
IP-addresses, scanning URL’s, Deploy Hacker Alerts, Have insights in
deviations form norms and regulations and perform Phishing Simulations.
1.7. Image: an image for a virtual machine or for a container,
which image contains Guardian360 software.
1.8. NFR: Not For Resale, Services that are provided to the
Partner with discount that can’t be sold to Clients;
1.9. Object: a virtual or physical device which can be subjected
to the Services.
1.10. Partner Agreement: this partner agreement, Partner entered
into online.
1.11. Price List: the price list for the Services issued by
Guardian360.
1.12. Relations Environment: a part of the Guardian360 Platform in
which Partner can administer its Clients and contact persons of Client.
1.13. Services: all the services that Guardian360 is able to
render now and in the future.
1.14. Service Level Agreement: the service level agreement as set
out in Schedule 2.
1.15. Terms of Service: terms of service which are applicable to a
Client or an End User, or to Partner in case Partner uses NFR subscriptions
for itself.
1.16. Schedule: a schedule to this Partner Agreement
1.17. Writing: in writing or by e-mail.
Article 2.
APPOINTMENT
2.1. Hereby Partner is appointed as “Guardian360 Sales Partner”. Any
other levels are only agreed upon in a separate written agreement
2.2. Partner hereby accepts the appointment as agreed upon in this Partner
Agreement.
2.3. For being a “Guardian360 Sales Partner” the requirements apply as
set out in the document “Benefits & Conditions”, as set out in Schedule 3.
2.4. The appointment is not exclusive and is not limited to any territory.
This means that Guardian360 is allowed to enter into contracts with other
Partners directly or indirectly through Distributors.
2.5. The Partner is itself responsible for selling, finding and entering
into Contracts with Client(s). Partner does this at its own risk and
expense.
2.6. Partner is not allowed to appoint distributors or (sub-)partners.
Partner is not allowed to enter into agency agreements regarding the
Services.
2.7. Parties also enter into this Partner Agreement for the benefit of any
subsidiaries of Partner. Therefore, subsidiaries of Partner do not have to
enter into a separate agreement with Guardian360.
2.8. Partner must use its own legal documentation to enter into Contracts
with Clients.
2.9. Partner is responsible for invoicing Clients.
Article 3. GUARDIAN360 PLATFORM AND DELIVERY OF SERVICES
3.1. It is the responsibility of Partner to: (i) create Clients, Services
and Objects within its own Relations Environment; and (ii) enter Contract
information. In case Contract information is entered into the Guardian360
Platform, the Guardian360 Platform asks for a start date and end date.
Partner acknowledges that after the end date, Client and its End Users will
not be able to make use of the Services and/or functionality of the
Services (regarding the Objects) which were connected with that Contract.
3.2. For all Services Partner is able to create in Guardian360
Platform, Partner is billed by the Distributor, in accordance with the
Price List. The discount applies as agreed upon with Distributor. In
case Partner sells Services and/or the functionality of Services to
Clients, Partner is allowed to use its own prices and rates.
Partner acquires the Services from Distributor. Guardian360 is not a party
in the agreement regarding the Services Partner acquires through
Distributor.
3.3. During the term of this Partner Agreement, Guardian360 is entitled
unilaterally to adjust the specifications of the Service(s).
3.4. Partner is obliged to accept improved or new versions of the
Service(s) or Guardian360 Platform. Guardian360 determines the version
policy unilaterally.
3.5. Any disruptions, failures or faults in the Service(s) or Guardian360
Platform or unavailability of the Service(s) or Guardian360 Platform shall
be solved by Guardian360 according to the Service Level Agreement.
Guardian360 cannot guarantee that disruptions, failures or faults can
always be solved. Guardian360 is free to apply a work-around.
3.6. Unless otherwise agreed in Writing, the use that the Partner makes of
advice given by Guardian360 will always be at the expense and risk of the
Partner.
3.7. Guardian360 does not guarantee that the Service(s) will operate
faultlessly and that all (security) threats will be identified by the
Service(s).
3.8. Guardian360 compiles the components of the Service(s) with due care to
ensure that the Service(s) fulfil the (standardized) norms. However,
Guardian360 does not guarantee that the Service(s) will at all times fulfil
the (standardized) norms. In addition, the (standardized) norms can be
replaced by other (standardized) norms. In the latter case, Guardian360
will try to make the Service(s) comply with the new (standardized) norms
which replaced the old (standardized) norms, however, Guardian360 does not
guarantee that this will take place within due time.
3.9. Partner guarantees that: (i) the networks and equipment scanned by
the Service(s) and/or which are subject to any testing and/or auditing
are owned by Partner or its Client(s); or (ii) in case the under point
(i) mentioned networks or equipment are not owned by Partner or its
Client(s), that it has sufficient and proper consent(s) in place.
Partner indemnifies Guardian360 against any claims of third parties
relating to scanning with Service(s) of networks and equipment not
owned by Partner or Client(s) or for which no sufficient and proper
consents are in place.
3.10. Partner herein grants Guardian360 authority to scan the networks and
equipment of Partner or Clients, or subject it to tests and/or audits, with
the Service(s) during the term of the Partner Agreement. Partner guarantees
never to undertake any (legal) steps against Guardian360 or its staff for
access to computer systems with Service(s), for instance, Partner should
refrain from reporting to the police any computer trespassing by
Guardian360 or its staff. The aforementioned guarantee does not apply if
and insofar as the Guardian360 abuses the possibility to intrude into the
computer systems of Partner or Client(s).
3.11. Although the Service(s) have been designed by Guardian360 with great
care, it might occur that the Service(s) damage (data) files or databases
of Partner or Client(s), with the possible consequence that data and/or
(web) applications of the Partner or Client(s) are unavailable. Guardian360
shall not be liable for damages as a result of this, except for a situation
in which the damages are caused as a result of willful intent or conscious
recklessness (In Dutch: “opzet of bewuste roekeloosheid”) of the top level
management of Guardian360. It is therefore the responsibility of Partner or
Client(s) to make periodic, at least daily, adequate backups of the
data(bases) and applications to which the Service(s) might have access.
Article 4.
SUPPORT AND SERVICE LEVEL AGREEMENT
4.1. Guardian360 renders its Services in accordance with the Service Level
Agreement.
4.2. The Service Level Agreement applies directly to the Partner. Partner
is allowed to use its own service level agreement towards Clients.
4.3. In case penalties or service credits are agreed upon in the Service
Level Agreement, only the Partner is entitled to claim those penalties or
services credits. Partner indemnifies Guardian360 for claims of Clients or
End Users regarding not meeting the services levels of the Service Level
Agreement.
4.4. Partner is responsible for first line support, and Distributor is
responsible for second line support, in case of questions of Clients.
Article 5.
INTELLECTUAL PROPERTY RIGHTS
5.1. All intellectual property rights regarding Guardian360 Platform, the
Image(s) and the Service(s), including accompanying (online) documentation
remains vested in Guardian360 or its licensors.
5.2. In case an Image is put at the disposal of Partner, it is granted a
license regarding software of Guardian360 residing in the Image. The
aforementioned license is granted non-exclusively, revocable, worldwide and
for the term of the Partner Agreement. The license entails only that
Partner is allowed to use the Image on a virtual machine in case an Object
not accessible from the outside world, for instance in case it is behind a
firewall. Partner is allowed to place the Image on a virtual machine or
cloud provider of Client regardless location. The periodic price of the
license is stated in the Price List. The Image may contain software of
third parties and/or open source software. The license terms of the third
parties apply directly towards Partner. The open source license terms
regarding the aforementioned open source software directly apply towards
Partner.
Article 6.
CONFIDENTIALITY
Information and/or documentation is confidential in case it designated by
the disclosing Party as such, or in case the receiving Party knows or may
suspect that the information and/or documentation is confidential.
Receiving Party is not allowed to disclose confidential information and/or
documentation to third parties, unless there is permission of the
disclosing Party In Writing. In this context third Parties also entail a
parent, subsidiary or sister company, or any other company within the group
of companies a Party is a member of pursuant to article 2:24b of the Dutch
Civil Code.
6.1. Parties and personnel of Parties, must only use the by other Party
disclosed information, including the content of this Agreement, in
accordance with this Agreement, and are not allowed to disclose the
confidential information directly or indirectly to third parties, or give
permission thereto, without prior permission of the disclosing Party In
Writing. Parties, including the employees of the Parties, shall take all
necessary precautions to protect confidential information against
unauthorized use and disclosure.
6.2. What is stated in this article does not apply in case a Party needs to
disclose the confidential information pursuant to a court order or decision
by the government.
6.3. Confidential information means in any case: the business rules and
algorithms underlying the products or services of Guardian360.
6.4. The confidentiality obligation as set out in this article applies
during the term of this Agreement as well as for a period of five (5) years
after the termination of the Agreement, regardless of the reason for
termination.
6.5. In the event of violation by the Appointee, of the non-disclosure
obligations as stated in this article, the Appointee shall forfeit
immediately for Guardian360, without judicial intervention, a contractual
penalty of € 10,000 (ten thousand euros) per event, and € 1,000 (one
thousand euros) per day, as long as the violation continues, or at least,
the cause of the violation has not been removed.
Article 7.
PROCESSING PERSONAL DATA
7.1. For processing personal data, Partner and Distributor should enter
into a data processing agreement.
7.2. It is the responsibility of Partner to enter into a data processing
agreement with Client which is in conformity with relevant laws and
regulations regarding processing personal data.
Article 8.
DURATION AND TERMINATION
8.1. This Partner Agreement enters into force as of per the moment the
Partner Agreement is electronically signed by all Parties.
8.2. This Partner Agreement is entered into for an indefinite period of
time.
8.3. Termination should be done In Writing. For both Parties a notice
period of one (1) month applies. Termination must be done at the end of
a calendar month.
8.4. Any Party is entitled, without prejudice to the provisions of this
Partner Agreement, to terminate this Agreement in whole or in part, with
immediate effect, In Writing and without prior notice of default or
notification:
a. in case of an imputable failure of the other Party regarding one or more
of its obligations and/or performance is impossible;
b. in case it is clear for the terminating Party, that the other Party will
not be able, or not willing, to fulfill its obligations;
c. in case the other Party has applied for suspension of payments, is in
suspension of payment, has filed for bankruptcy, is in a state of
bankruptcy, liquidates its business or ceases its activities or is in any
way insolvent
d. the agreement between Distributor and Partner is terminated, regardless
reason, save for the situation that Partner enters into an agreement with
another Distributor of Guardian360;
e. the distribution agreement between Distributor and Guardian360 is
terminated, regardless reason, save for the situation that Partner enters
into an agreement with another or replacement Distributor of Guardian360.
8.5. After termination of this Partner Agreement, regardless reason,
Partner is not allowed to acquire Services through Distributor, even when
there is (still) an agreement in place between Partner and Distributor.
Article 9.
LIABILITY
9.1. For an attributable shortcoming in the performance of this Partner
Agreement (including any Services), Parties are liable for direct damages
up to the amount that Guardian360 invoiced Partner under this Partner
Agreement, excluding VAT, in the twelve (12) calendar months preceding the
damage causing event, per event, with a maximum of € 25,000 (twenty-five
thousand euros).
9.2. The liability of Guardian360 for indirect damage, consequential loss,
lost profit, missed savings, reduced goodwill, damage due to business
interruption is excluded. Also excluded is the liability of Guardian360 due
to mutilation, destruction or loss of data or documents.
9.3. Previous limitations of liability lapse in case there is intent or
conscious recklessness (in Dutch: “opzet of bewuste roekeoosheid”) of the
top-level management of the breaching Party.
Article 10.
NO DISTRIBUTOR
10.1. The following paragraphs of this article only apply in
case no Distributor is in place.
10.2. In case Guardian360 bills Partner, article 3.2 of this Partner
Agreement is not applicable. In that case Partner is billed by Guardian360,
in accordance with the Price List. Partner is in that case entitled to a
15% (fifteen percent) discount. In case Partner sells Services and/or the
functionality of Services to Clients, Partner is allowed to use its own
prices and rates. Partner acquires the Services directly from Guardian360.
10.3. In case Partner adjusts the extent of the Service(s) upwards, for
instance because more Objects are added to Guardian360 Platform,
Guardian360 will charge for these additions the next calendar month.
10.4. In case Partner adjusts the extent of the Service(s) downwards,
for instance because there are fewer Objects in Guardian360 Platform,
the reduction will be effected the next calendar month.
10.5. Articles 10.1 and 10.3 of this Partner Agreement only apply in case
of Service types which are billed by unit.
10.6. Partner is responsible for first line support, and Guardian360 is
responsible for second line support, in case of questions of Clients. In no
case Clients or End Users are allowed to directly contact Guardian360,
unless Guardian360 gave its consent. Article 4.4 does not apply.
10.7. All prices are exclusive of value added tax (VAT) and other
government levies that have been or are later imposed. Except where agreed
otherwise, all prices are in euros in all cases.
10.8. Guardian360 is entitled to adjust the prices and rates as stated in
the Price List unilaterally.
10.9. Default of a Client regarding a payment obligation, does not
discharge Partner from its payment obligation regarding invoices issued by
Guardian360.
10.10. Guardian360 reserves the right to, in case there is a reason, to
have an independent third party appointed, who has the task to investigate
whether Partner fulfilled its (financial) obligations correctly under this
Agreement. Partner hereby agrees it will cooperate in case of such an
investigation, and will give the aforementioned third party access to the
necessary documentation, without any reservation.
10.11. Invoices issued by Guardian360 must be paid within 30 (thirty) days
net.
10.12. Article 7.1 does not apply. For processing personal data separate
Data Processing Terms apply. In some cases, the Client will qualify
Guardian360 as a (sub) processor. Guardian360 hereby states it is willing,
upon request of Client agree upon additional agreements on top of the
aforementioned basic data processing agreement, provided that those
agreements will not impose obligations which are more strict than what is
expected from (sub) processors based on the obligations pursuant to the
relevant legislation (currently the General Data Protection Regulation).
Guardian360 does not guarantee in advance that it can agree with all wishes
and requirements of a Client in this regard.
Article 11.
OTHER STIPULATIONS
11.1. European Union legislation provides consumers the right to withdrawal
in case the consumer enters into an agreement online. Since Partner, by
entering into the Partner Agreement, is acting in the course of a business
of profession, the right of withdrawal does not apply.
11.2. Parties hereby expressly agree that this Agreement does not construe
an agency agreement.
11.3. Parties are explicitly agreed upon the fact that this Partner
Agreement does not construe an agency relationship in any way.
11.4. Guardian360 is permitted to transfer the rights and obligations under
this Partner Agreement to a third party without the consent of the other
Party being required.
11.5. This Partner Agreement is governed by the Laws of the Netherlands.
11.6. Any disputes that may arise in connection with or in connection with
this Partner Agreement will be submitted to the competent court in the
district of Rotterdam, unless the dispute should be submitted to the
sub-district court (in Dutch: “kantonrechter”) pursuant to the law, in this
latter case the legal competence rules prevail.
11.7. In case one or more provisions of this Partner Agreement are not
legally valid, the relevant Partner Agreement will remain in force for the
remainder. The Parties will consult on the provision (s) that are not
legally valid, in order to make a replacement arrangement that is legally
valid and as far as possible in line with the scope of the provision to be
replaced.
11.8. Headings and numbering of articles in this Partner Agreement are only
intended to facilitate reference to articles and will not affect the
interpretation of the relevant articles.
11.9. This Partner Agreement replaces all other agreement regarding the
topic(s) covered in this Agreement.
-- ELECTRONIC SIGNATURS ON NEXT PAGE --
Schedule 1: Data Processing Terms
Unless otherwise agreed by Parties the following terms apply on the
processing of personal data by Guardian360. Words in these Data Processing
Terms have the meaning as set out in these Data Processing Terms,
regardless of whether the words are used in uppercase, lowercase, plural or
singular form. These Data Processing Terms only apply in case there is no
Distributor in place and the Services are directly acquired by Partner from
Guardian360. In all other cases, Partner must enter into a data processing
agreement with its Distributor.
Article 1.
Definitions
1.1. Appendix: an appendix to these Data Processing Terms, which
appendix forms an integral part of these Data Processing Terms
1.2. Data Processing Terms: the terms as stated here (including
the Appendices) which apply to the Partner Agreement as concluded between
Partner and Guardian360 and these terms reflect the mutual rights and
obligations with regard the processing of personal data;
1.3.
Controller, data breach, data subject, processor, third party, personal
data and processing
: These words in these Data Processing Terms have the same meaning as
defined and described in Article 4 GDPR;
1.4. GDPR: Regulation (EU) 2016/679 of the European Parliament and
of the Council of 27 April 2016 on the protection of natural persons with
regard to the processing of personal data and on the free movement of such
data, and repealing Directive 95/46/EC.
1.5. Guardian360, Partner, Partner agreement, Client and Service:
These words in these Data Processing Terms has the same meaning as defined
and described in the partner agreement.
1.6. Parties: Guardian360 and Partner jointly.
Article 2.
Applicability
2.1. These Data Processing Terms apply to all personal data processed by
Guardian360 in the context of the execution of the Partner Agreement or
ensuing or related agreements.
2.2. These Data Processing Terms set out the rules for processing personal
data as referred to in article 28 paragraph 3 of the General Data
Protection Regulation. These terms shall be hereinafter referred to as
“Data Processing Terms”. The Data Processing Terms form an integral part of
the Partner Agreement.
2.3. In the context of the processing of personal data, Parties recognize
and distinguish the following roles in accordance with the GDPR (including
the associated responsibilities): the Partner is the controller or
processor, Guardian360 is considered as processor or sub-processor, a third
party contracted by Guardian360 that processes the personal data will be
considered as a sub-processor or a sub-sub-processor.
Article 3.
Processing personal data
3.1. Guardian360 processes the personal data of Partner, as recorded in Appendix 1, during carrying out the in the Partner
Agreement agreed upon work duties and rendering the in the Partner
Agreement agreed upon services only on behalf of Partner.
3.2. Guardian360 is not allowed to process the personal data of Partner, or
provide the personal data of Partner to third parties for its own purposes,
other than agreed upon. Processing of personal data by Guardian360 will
only take place at request and on instructions of Partner.
3.3. Unless otherwise agreed or supplemented, Guardian360 processes the
personal data in accordance with the purposes as determined and described
in Appendix 1.
3.4. In case Partner's instructions cannot be followed up within the
framework of the work and services as agreed upon in the Partner Agreement,
the Parties will discuss the (financial) consequences of following up the
by Partner given instructions.
3.5. Guardian360 will inform Partner if an instruction in the opinion of
Guardian360 is in conflict with the applicable laws and regulations
regarding the processing of personal data.
3.6. In case the Partner Agreement is changed or amended in such a way that Appendix 1 needs amendments or changes, Guardian360
notifies Partner of such amendment or modification of Appendix 1.
3.7. For the processing of personal data, Guardian360 puts technology
and/or software at the disposal of Partner, which means can be used by
Partner for the set purposes. Therefore, Partner determines itself the
purposes and means.
3.8. Partner shall ensure that the use of the technology and/or software
intended for this purpose in such a way that it processes the personal data
with the aforementioned means in accordance with the relevant legislation
and/or regulation regarding data processing and the predetermined
legitimate purposes for processing.
3.9. If and insofar the Partner is obliged by law or (internal) regulations
to involve a representative advisory board in the implementation of the
Service, then it shall ensure that the relevant boards or persons are
informed about the purpose and resources of the Service and are consulted
adequately insofar as relevant in this context.
Article 4.
Retention periods
4.1. Guardian360 shall not process personal data for longer than strictly
necessary in the context of providing the Service and/or carrying out work
and in accordance with the retention periods specified and determined by
Partner.
4.2. Unless Parties agreed upon retention periods, it will be considered
that the processing of personal data is no longer necessary if the Partner
Agreement has been terminated.
4.3. After the personal data have been deleted and/or destroyed in
accordance within the way and terms agreed upon with the Partner,
Guardian360 cannot be held responsible and liable for the removal or
destruction of the (personal) data.
Article 5.
Confidentiality
5.1. Each of the Parties will take all reasonable measures in order to
ensure the confidentiality of confidential information to the extent that
this is possible in connection with the performance of the Partner
Agreement.
5.2. The personal data provided by Partner to Guardian360, will not be
disclosed to third parties without prior approval of Partner, unless there
is a written consent by the Partner, or unless it is necessary for the
execution of the agreed upon activities and services, the performance of a
legal obligation, a request from an authority, or judicial ruling.
5.3. Guardian360 ensures that the personal data of Partner will only be
disclosed to personnel of Guardian360 on need to know basis, and that the
personal data will only be disclosed to personnel assigned with carrying
out the in the Partner Agreement agreed upon work duties or with rendering
in the Partner Agreement agreed upon services.
Article 6.
Technical and organizational measures
6.1. Parties ensure that they will adhere to relevant legislation and
regulation regarding processing personal data, in particular the GDPR.
6.2. Guardian360 takes and implements appropriate technical and
organizational measures to secure the personal data against any unlawful
processing. These measures ensure, taking the current state of technology
and the costs of implementing those measures into account, an adequate
level of protection, considering the risks of processing, and the nature
of, the personal data. The measures are also aimed at preventing
unnecessary processing of personal data.
6.3. In order to fulfill the aforementioned obligation Guardian360 is ISO
27001 certified. As long as Guardian360 processes personal data for Partner
Guardian360 is obliged to remain ISO 27001 certified or – in case ISO 27001
will be followed up - to be certified and to remain in compliance with the
official successor.
6.4. Partner takes appropriate technical and organizational measures in
accordance with GDPR to protect personal data against loss or against any
form of unlawful processing. These measures ensure, taking into account the
current state of the technology and the cost of implementation, a level of
security appropriate to the risks represented by the processing and the
nature of the personal data to be protected. The measures are also aimed at
unnecessary collection and further processing of personal data. An example
is: (i) business processes that comply with the relevant legislation in
this area processing of personal data; (ii) authorization models where
staff which has nothing has to do with certain personal data, does not have
access to such data (iii); security of workstations; (iv) an adequate
password policy. Partner must also ensure that they use an adequate policy
in respect of (private) use of internet and e-mail in the workplace,
stipulating that when using applications personal data can be logged.
6.5. Partner will inform Guardian360 about the technical and organizational
measures taken by itself as referred to in the aforementioned paragraph
prior to start with the agreed upon work duties and services. It is the
responsibility of Partner to inform Guardian360 timely about any new or
amended policy regarding the technical and organizational measures which
Partner is required to take pursuant to legislation and/or regulation and
business practices.
6.6. The Partner estimates itself and judges independently whether a Data
Protection Impact Assessment (DPIA) as referred to in article 35 of the
GDPR is required. In case Guardian360 deems that in a specific case a DPIA
should be carried out, Guardian360 informs and requests Partner to carry
out a DPIA.
6.7. In case the Partner has carried out a Data Protection Impact
Assessment (PIA) regarding processing personal data, Partner will, prior to
starting with the agreed upon work duties and/or services, provide
Guardian360 with a copy of the results and the measures that are taken or
will be taken.
Article 7.
Audit
7.1. For the duration of the applicability of these Data Processing Terms,
Partner is entitled to audit the measures taken by Guardian360 by an
independent auditor, provided that: (i) the audit was announced at least
two (2) week in advance by Partner; (ii) the costs for the audit (including
the independent auditor and the time of the staff of Guardian360 supporting
the auditor, against the hourly rates of that specific staff) are borne by
Partner; and (iii) the result will be discussed with Guardian360.
7.2. Before Partner conducts an audit, Partner first consults and assesses
the available (audit) reports present at Guardian360. If Partner after it
take notice of the reports still considers that the consulted reports are
insufficient, it will state in the request the reasons and arguments which
-in his opinion- an audit still justified. An audit as referred to here can
only be carried out under the cumulative conditions as mentioned in the
aforementioned article.
7.3. Guardian360 and Partner may as a result of the audit enter into
consultation in order to implement further or additional measures and/or
agree upon new terms.
Article 8.
Third parties – sub-processors
8.1. Guardian360 may, in the course of executing the Partner Agreement,
use sub-processors. Partner hereby grants Guardian360 general consent
to enable sub-processors. The list of sub-processors is attached to
these Data Processing Terms in Appendix 2. Guardian360
may at its own discretion and judgment change and/or extend the list.
In case Guardian360 expands or changes the list with new
sub-processors, Partner will be notified at least two (2) weeks prior
to using the intended sub-contractor, and given the opportunity to
object to the proposed new sub-processors within 14 business days.
8.2. Guardian360 and Partner search for reasonable solutions to take the
concerns of Partner away. In case Partner and Guardian360 cannot agree upon
a workable solution, Partner is allowed to terminate the agreement in
accordance with article 8.3 of the Partner Agreement.
8.3. Guardian360 is not allowed, without consent of Partner, to transfer
personal data outside of the E.U. / E.E.R. This does not apply for transfer
to sub-processors as recorded in Appendix 2.
8.4. Guardian360 enters -if and insofar as possible- into sub processing
agreement with the aforementioned sub-processors.
8.5. Guardian360 cannot warrants that it will be notified by sub-processor
regarding changes of the sub-sub-processors.
8.6. In case Guardian360 engages third parties with which Guardian360
cannot or barely can negotiate the conditions, then in the event of any
damage Guardian360 cannot be held liable for more than it has been able to
recover from those third parties.
Article 9.
Data breaches and rights of data subjects
9.1. In case Guardian360 suspects or knows that personal data of Partner is
compromised, due to a data or security breach, Guardian360 notifies Partner
immediately, at least within forty-eight (48) hours.
9.2. Partner assess itself whether it should notify data subjects and/or
supervisory authorities. Partner is and remains responsible for the
mandatory obligation to notify these actors.
9.3. In case a data subject invokes his or her rights under the General
Data Protection Regulation, it will forward the request to Partner. Partner
will follow up the request of the data subject. Guardian360 may inform data
subject about the forward, and will wait further instructions from Partner.
9.4. Upon first request of Partner: (i) Guardian360 provides information
requested by Partner with regard to the processing of personal data of
Partner; and (ii) Guardian360 will support and be cooperative to Partner if
and insofar necessary to fulfill its obligations under the applicable laws
and regulations regarding the processing of personal data. The second
sentence of article 1.3 mutatis mutandis also applies here.
Article 10.
Liability
10.1. In case of an imputable failure to comply with these Data Processing
Terms or any relevant legislation regarding processing of personal data by
Guardian360, the liability of Guardian360 for damages is limited to what is
agreed upon the Partner Agreement regarding limitation of liability. In
case the cause of the damages is attributable to a third party as mentioned
in paragraph 4.1, the liability of Guardian360 is limited to what it is
able to actually recover from that third party.
Article 11.
Other stipulations
11.1. Partner warrants that the contents, the agreed upon use and the
assignment to process personal data as mentioned in these Data Processing
Terms, is not unlawful and will not infringe any right of third parties.
Partner indemnifies and holds Guardian360 harmless for all claims related
hereto.
11.2. These Data Processing Terms are applicable for the duration
Guardian360 in the context of the Partner Agreement carries out work or
renders Services for Partner. After the duration of the Partner Agreement,
Guardian360 destroys the personal data of Partner, or, upon request of
Partner, provides the personal data of Partner to Partner, prior to
destroying the personal data. Upon first request of Partner, Guardian360
provides Partner a declaration stating that the personal data was
destroyed.
11.3. Partner is responsible for how it provides Guardian360 the personal
data. Therefore, it is the responsibility of Partner to check whether the
way of providing to Guardian360 complies with relevant legislation and/or
(internal compliancy) regulation. Hereby the Partner will respect the
applicable Guardian360 guidelines for data delivery. If the delivery by the
Partner does not fit with the applicable guidelines of Guardian360, it has
the right to refuse the way of delivery and/or demand a delivery that is
complaint with the delivery guidelines of Guardian360. Partner indemnifies
and holds Guardian360 harmless for all claims and/or damages in case the
personal data is not provided to Guardian360 in accordance with the
relevant legislation and/or (internal compliancy) regulation.
11.4. These Data Processing Terms is governed by the Laws of the
Netherlands.
11.5. Guardian360 reserves the right to unilaterally amend this Data
Processing Terms in its sole discretion. Any such amendment shall be
effective immediately.
11.6. Disputes arising out of or in connection with or as a result of these
Data Processing Terms will be solely submitted to the court of Rotterdam,
the Netherlands.
11.7. These Data Processing Terms cannot be seen separately from the
Partner Agreement. In case of conflicting wording between wat is stated in
these Data Processing Terms and the Partner Agreement, what is stated in
these Data Processing Terms prevails.
11.8. These Data Processing Terms also apply to subsidiaries of Parties.