Processing Terms

These processor terms have been prepared by Dyzle® for the purpose of complying as a Processor with the provisions of the General Data Protection Regulation (AVG). This is a processor agreement within the meaning of Article 28 (3) AVG, which regulates in writing the rights and obligations with respect to the processing of personal data, including with respect to security.

In these processor terms and conditions, Client is the natural or legal person who commissions Dyzle Services B.V., or its affiliated entities, to perform specific processing activities on its behalf, hereinafter referred to as “Controller”.

In these processor terms and conditions, the Contractor Dyzle Services B.V., located at Transistorstraat 7, 1322 CJ in Almere, is the legal entity that will perform processing activities for the Client, hereinafter referred to as “Processor”.

Respondent and Processor are separately also referred to as “Party” or jointly as “Parties.”

Algemeen

The parties use the following definitions (in alphabetical order) in these processing conditions, in addition to the definitions from the AVG:

 

  1. General Terms and Conditions: the General Terms and Conditions of Processor, which apply in full to any agreement between Processor and Respondent, and from which General Terms and Conditions this Processor Agreement forms an inseparable part.
  2. Data Subject: The natural person to whom a Personal Data relates.
  3. Agreement: any agreement between the Client and Processor to perform work or provide services by Processor on behalf of the Client in accordance with the terms of the Assignment.
  4. Sub-Processor: The person who assists the Processor in the Processing of Personal Data.
  5. Controller: The processing controller according to the definition of the AVG, or client.
  6. Work: all work commissioned or performed by Processor on any other account. The foregoing applies in the broadest sense of the word and includes in any case the work as stated in the Assignment.

Applicability of processing conditions

  1. These processor terms and conditions shall apply to all data collected by Processor for Client in the context of the performance of the Contract with Client, as well as to all Work resulting from the Contract for Processor and the data to be collected in that context.
  2. The Responsible Party will, in the context of the execution of the assignment, provide Processor directly or indirectly with data that may qualify as personal data, which data Processor will process for the benefit of the Responsible Party.
  3. The data to be processed refers to data of users of the Dyzle portal and persons whose contact data must be recorded for the purpose of correct identification and control of placed sensors and services to be provided.
  4. Controller is responsible for the processing of the personal data. The Responsible Party guarantees that it may dispose of the personal data and may process them (or have them processed) and transfer them to the Processor in accordance with, among other things, Article 6 of the AVG.
  5. The purpose of the processing of personal data by Processor is to enable the functioning of the Dyzle portal and the provision of services by Dyzle. The following types of data may be processed:
    • First name
    • Surname
    • Gender
    • Function
    • Company name
    • (Business) address and place of business
    • (Mobile) phone number
    • Email
  6. These Processor Terms, like Processor’s General Terms, are part of the Agreement and all future agreements between the parties.

Scope of processing conditions

  1. By giving the order to perform Work, Respondent has instructed Processor to process Personal Data on behalf of Respondent in accordance with the provisions of these Processor Terms.
  2. Processor shall process the Personal Data only in accordance with these processor terms and conditions. Processor confirms not to process the Personal Data for other purposes.
  3. Control of the Personal Data never rests with Processor.
  4. The Responsible Party may issue additional, written instructions to Processor due to updates or changes in applicable personal data protection regulations.
  5. If instructions from Respondent to Processor violate any legal provisions on data protection, Processor shall report this to Respondent.
  6. Processor processes Personal Data only in the European Economic Area or where adequate safeguards are in place (including Privacy Shield) elsewhere.

Secrecy

  1. Processor and the persons employed by Processor or performing work for it, insofar as these persons have access to personal data, process the data only on the instructions of the Controller, subject to differing legal obligations.
  2. Processor and the persons employed by Processor or performing work for it, insofar as these persons have access to personal data, are obliged to maintain the confidentiality of the personal data of which they become aware, except insofar as any legal requirement obliges them to disclose or the need to disclose arises from a duty.

No further provision

  1. Processor will not share the data with or provide it to third parties unless Processor has obtained prior, written permission or instruction to do so from the Responsible Party or is required to do so under mandatory regulations. If Processor is required by mandatory law to share the data with or provide the data to third parties, Processor will inform the Responsible Party in writing, unless this is not permitted.

Security measures

  1. Taking into account the state of the art, the costs of implementation, as well as the nature, scope, context and purposes of processing and the risks to the rights and freedoms of individuals that vary in terms of probability and severity, Processor shall take appropriate technical and organizational measures to ensure a level of security appropriate to the risk. The security measures currently in place are:
    1. Logical access control through personalized user-id and password.
    2. Access control also determines to which parts of the Dyzle portal access is granted. This assigns privileges to specific individuals.
    3. There is constant attention to the dangers of ransomware and the need to keep one’s own login codes confidential.
    4. Sub-processor agreements are/are in place with third parties.
    5. ISO 27001 certified vendor for hosting the Dyzle portal.
    6. ICT facilities such as a firewall and backups have been implemented.
    7. Employment contracts have a confidentiality clause that remains in place after leaving employment.
  1. Processor shall ensure measures that comply with what is stipulated in Article 32 AVG.

Compliance monitoring

  1. Processor shall provide Information on the Processing of the Data by Processor or Sub-Processors at the latter’s request and for the latter’s account. Processor shall provide the requested information as soon as possible, but at the latest within five working days.
  2. Respondent shall have the right once a year and at its own expense to have an independent third party to be jointly appointed by Respondent and Processor conduct an inspection to verify Processor’s compliance with the obligations under the AVG and this Processor Agreement. Processor shall provide all reasonably necessary cooperation in this regard. Processor shall have the right to charge its costs associated with the inspection to Respondent.
  3. In the context of its obligation under paragraph 1 of this article, Processor shall in any case provide to Respondent or a third party engaged by Respondent for that purpose:
    • Provide all relevant information and documents;
    • Provide access to all relevant buildings, information systems and Data
  4. Respondent and Processor shall consult with each other as soon as possible after the completion of the report to address any risks and shortcomings. Processor shall, at the expense of the Responsible Party, take measures to bring the identified risks and shortcomings to a level acceptable to the Responsible Party or to remove them, respectively, unless the parties have agreed otherwise in writing.

Data breach

  1. As soon as possible after Processor learns of an incident or data breach that (partly) affects or may affect the data, Processor will notify the Data Subject via the Data Subject’s contact details known to Processor and will provide information about: the nature of the incident or data breach, the data affected, the identified and expected consequences of the incident or data breach on the data and the measures that Processor has taken and will take.
  2. The Respondent makes the assessment whether a notification is made to the Personal Data Authority or data subjects. Processor will support Respondent in notifications to data subjects and/or authorities.
  3. Processor has appropriate policies regarding data breaches.

Sub-processors

  1. Processor utilizes a number of Sub-Processors for the performance of its services, to which Processor hereby consents. These Sub-processors are currently:
  2. SMSpack, based in The Hague, for sending out SMS alerts and messages;
  3. Fenix Informatie Technologie B.V., located in Vlist, for sending out IVR (Interactive Voice Response) alerts and messages;
  4. BIT B.V., based in Ede, for hosting the Dyzle portal.
  5. Respondent hereby gives Processor general written consent to engage Sub-processors to process personal data, as well as to replace such Sub-processors.
  6. Processor shall ensure that the Sub-Processor is subject to these Processor Terms or to a Sub-Processor Agreement containing the same obligations as these Processor Terms.
  7. If the sub-processor engaged fails to fulfill its data protection obligations, the Processor shall always be liable for fulfilling obligations to the Controller.

Cooperation obligations and rights of data subjects

  1. Processor, taking into account the nature of the processing, shall assist the Controller by means of appropriate technical and organizational measures, as far as possible, in fulfilling its duty to respond to requests for the exercise of the data subject’s rights set forth in Chapter III AVG.
  2. Processor shall, if applicable and promptly after a request to do so by Respondent, provide proof of Processor’s accommodation of the data subject’s request. The costs of exercising a data subject’s rights shall be borne by Respondent.
  3. Processor shall, to the extent permitted by law, notify Respondent if Processor receives a request from data subject in connection with the rights provided to data subject by the Privacy Law and Regulations. Processor shall not comply with any request of a Data Subject without the consent of Respondent.

Liability

  1. Respondent warrants that the processing of Personal Data does not violate the rights of data subject(s) and is not unlawful.
  2. Processor shall not be liable for any damages resulting from Respondent’s failure to comply with the AVG or other laws and regulations. Respondent also indemnifies Processor for claims of third parties based on such damages. The indemnification applies not only to (material or immaterial) damages suffered by third parties, but also to the costs incurred by Processor and any fines imposed on Processor as a result of acts or omissions of Respondent.
  3. Processor’s liability arising out of or in connection with the Contract and these Processor Terms and Conditions shall be governed by the General Terms and Conditions, except that the total liability of Processor for all direct damages suffered by the Respondent and arising directly from a breach by the Processor or third parties in the performance of obligations under these Processor Terms and Conditions shall be limited to €100,000. Processor’s liability for indirect damages, consequential damages and penalties is excluded.

Duration and termination

  1. These processor terms are valid as long as Processor is commissioned by the Responsible Party to process data pursuant to the Contract between the Responsible Party and Processor. As long as Work is performed by Processor for the benefit of the Responsible Party, these Processor Terms shall apply to this relationship.
  2. Dyzle’s recording of personal data will stop only after the Client’s explicit request, even if the service has been terminated.

Nullity

  1. If one or more provisions of these processing conditions are void or destroyed, the remaining conditions shall remain fully applicable. If any provision of these processing conditions is not legally valid, the parties will negotiate the content of a new provision, which provision will approach the content of the original provision as closely as possible.

Applicable law and choice of forum

  1. These processing conditions are governed by Dutch law.
  2. All disputes in connection with the processing conditions or their implementation shall be submitted to the competent court of the District Court of Flevoland, place of session Almere.
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

Analytics

This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.

Keeping this cookie enabled helps us to improve our website.