General conditions
These are the general terms and conditions of RealPro.es a product of Studio Eveline / Eveline van den Boom based in Mijas, Spain.
These general terms and conditions apply to any agreement for the provision of services concluded between Supplier and the natural or legal persons who purchase the services (hereinafter referred to as "Customer").
Supplier and Customer are hereinafter jointly referred to as "Parties" and individually as the "Party".
Personal data may be processed as part of Supplier's services. The processor agreement applicable to such processing is set out in Annex 1 and forms an integral part of these general terms and conditions.
Article 1. Definitions
All capitalised terms in these general terms and conditions, both singular and plural, shall have the meaning ascribed to them in this article.
1.1. Account: any user interface with which Customer, after entering login data, can manage and configure (certain aspects of) the Services, as well as the configuration(s) and the files stored for and by Customer itself.
1.2. Website: the website of Supplier, accessible via the domain mentioned in the opening words of these General Terms and Conditions.
1.3. General Terms and Conditions: the provisions contained in this document.
1.4. Consumer: Customer acting as a natural person, not in the exercise of his profession or business.
1.5. Services: the products and/or services to be provided by Supplier to Customer pursuant to an Agreement.
1.6. Intellectual Property Rights: all intellectual property rights and related rights, including but not limited to copyrights, database rights, rights to domain names, trade name rights, trademark rights, design rights, neighbouring rights, patent rights, as well as rights to know-how.
1.7. Customer Data: any data stored by Customer (or the end users of the Services) through or using the Services, or otherwise made available to Supplier by Customer (or the end users of the Services).
1.8. Materials: all works, such as websites and (web) applications, software, house styles, logos, folders, brochures, leaflets, lettering, advertisements, marketing and/or communication plans, concepts, images, texts, sketches, documentation, advice, reports and other products of the mind, as well as preparatory material thereof and (whether or not encoded) files or data carriers on which the Materials are located.
1.9. Agreement: any agreement between Supplier and Customer pursuant to which Supplier provides Services to Customer and of which these General Terms and Conditions and any appendices form an inseparable part.
1.10. Overview of Additional Conditions: the online overview of conditions of third parties which, in addition to these General Conditions, apply additionally to certain Services. The overview and the relevant conditions can be consulted and downloaded at https://realpro.es/terms.
1.11. Service Level Agreement: any further agreement concluded between Parties in which arrangements are made about the quality of the Services provided, which is linked to concrete and measurable key performance indicators.
1.12. Increased Risk Applications: applications where an error in the Services may lead to death or serious injury, serious environmental damage or loss of (personal) data with very high consequential damage. Examples of Elevated Risk Applications are: transport systems where an error may result in trains derailing or aircraft crashing; medical systems where an error may result in a patient not receiving treatment or receiving the wrong treatment; systems on which a substantial part of the population depends for the allocation of crucial government services, such as DigiD; systems in which (a large amount of) medical data or other special categories of data within the meaning of the General Data Protection Regulation (hereinafter: "AVG"), or otherwise very sensitive data are stored.
1.13. Processor Agreement: any further agreement concluded between the Parties in which arrangements are made regarding the handling and security of personal data, which in such case replaces Annex 1 to these General Terms and Conditions.
1.14. Working Days: the days from Monday up to and including Friday, with the exception of official Dutch holidays and other days of which Supplier has indicated in advance to be closed.
1.15. Working Hours: the Supplier's opening hours on Working Days, as indicated on the Website.
Article 2. Applicability and ranking
2.1. These General Terms and Conditions shall apply to any offer or quotation made by Supplier in respect of Services and shall form an integral part of any Agreement for the provision thereof. This expressly also applies to any future quotations, offers or Agreements under which these General Terms and Conditions have not been reissued to Customer.
2.2. Provisions or conditions set by Customer or other further agreements between Supplier and Customer that deviate from or do not appear in these General Terms and Conditions shall only be binding on Supplier if and insofar as they have been expressly accepted by Supplier in writing.
2.3. Any general (purchase) conditions of Customer are explicitly not applicable.
2.4. Provisions pertaining to specific Services, if applicable, take precedence over general provisions pertaining to all Services in the event of contradictions.
2.5. Third party products and/or services may be part of the Services. If that is the case, (the use of) those products and/or services are additionally subject to the (general) terms and conditions of the third party in question, overruling any deviating terms and conditions in these General Terms and Conditions. Customer can consult and download all additional conditions via the Overview Additional Conditions.
2.6. In the event of contradictions between the applicable documents, the following order of precedence shall apply. Otherwise, the documents shall apply in addition to each other.
a. Agreement;
b. Service Level Agreement (if applicable);
c. Additional terms and conditions (if applicable);
d. General Terms and Conditions;
e. Processor Agreement (if applicable).
2.7. These General Terms and Conditions replace all previously agreed (general) terms and conditions for the provision of Services. This also applies to Agreements already in force.
Article 3. Conclusion of Agreement
3.1. Customer can request the Services directly from the Website. Customer can also request an offer without any obligation. The Agreement arises at the moment of sending the e-mail (automatically generated or otherwise) from the Supplier confirming the acceptance of the request or the confirmation of the acceptance of the offer by the Customer. This moment also counts as the commencement date for the Services, unless otherwise agreed in writing.
3.2. Notwithstanding the provisions of article 6:225 paragraph 2 of the Civil Code, Supplier shall not be bound by a deviating acceptance of an offer of Supplier made by a potential Customer.
3.3. Supplier is not bound to accept a request or acceptance. Ground for refusal shall constitute, for example, but not exclusively:
a. the absence of required information or documents necessary for the conclusion of the Agreement, including at least a copy of a valid, lawful means of identification, in case of representation, sufficient proof of representative authority, such as an extract from the Chamber of Commerce or lawfully signed authorisation;
b. errors in the quotation issued;
c. legal incapacity of Customer.
3.4. If an application or acceptance is rejected by Supplier, Supplier shall in principle notify Customer thereof in writing or electronically within fourteen (14) days after receipt of the application or acceptance. Refusal or no response by Supplier shall never lead to liability for damage, directly or indirectly resulting therefrom.
3.5. If Customer is a Consumer, Customer has the possibility of dissolving the Agreement in writing and free of charge for a period of fourteen (14) days from the moment the Agreement was concluded. Customer can exercise its right of withdrawal by sending an unambiguous statement to Supplier within the cooling-off period. For this purpose, Customer can use the model withdrawal form (findable on the Website), but this is not mandatory.
3.6. The right of withdrawal does not apply to Agreements to provide Services, after performance of the Agreement, if:
a. the performance has started with the express prior consent of Customer; and
b. Customer has declared to waive its right of rescission as soon as Supplier has fulfilled the Agreement.
Article 4. Performance of Agreement
4.1. After the conclusion of the Agreement, Supplier shall make every effort to fulfil it to the best of its ability and with due care and skill.
4.2. Delivery periods stated by the Supplier are always indicative in nature, except where and insofar as explicitly provided otherwise in writing.
4.3. Customer shall provide Supplier with all support necessary and desirable to enable correct and timely delivery of the Services. In any event, Customer shall provide Supplier with all data and other information which Supplier indicates are necessary, or which Customer should reasonably understand are necessary for the performance of the Agreement. The period within which Supplier shall perform the Agreement shall not commence until all requested and required data have been received by Supplier.
4.4. Customer shall give Supplier all reasonable cooperation in the performance of Agreement. Customer shall provide Supplier and employees of Supplier who perform work at Customer's office or work on Customer's systems for the delivery of Services with all necessary support for the performance of their work.
4.5. If Customer knows or can suspect that Supplier will have to take certain (additional) measures to be able to comply with its obligations, Customer shall inform Supplier immediately. This obligation applies for instance if Customer knows or should foresee that an extraordinary peak in load on the systems of Supplier will occur, which in all probability could cause unavailability of the Services. After warning, Supplier shall make every effort to prevent unavailability of the Services. Unless otherwise expressly agreed in writing, all reasonable additional costs incurred in doing so may be charged to Customer.
4.6. If and to the extent required for a proper execution of the Agreement, Supplier is entitled to have certain activities performed by third parties. Any related unexpected additional costs shall only be for Customer's account if agreed in writing in advance. These General Terms and Conditions also apply to the work performed by these third parties as subcontractors within the framework of the Agreement, with due observance of the provisions of Article 2.5.
4.7. All changes in the Agreement and all additional non-agreed work, either at the Customer's request or as a result of the fact that a different performance is necessary due to any circumstances whatsoever, shall be considered as additional work when additional costs are involved. This is therefore subject to the procedure laid down in Article 15 (Additional work).
Article 5. Accounts
5.1. If such is part of the Services, Supplier shall provide Customer with access to an Account after conclusion of the Agreement by providing login details, or by giving Customer the opportunity to create his own login details.
5.2. All Accounts and associated login details are strictly confidential and may not be shared with third parties.
5.3. Any action that takes place via the Customer's Account or an Account created by the Customer is deemed to have taken place under the responsibility and at the risk of the Customer. If login details of an Account are lost or leaked, or if the Customer suspects or should reasonably suspect or know that abuse of an Account is taking place, the Customer must immediately take all measures necessary and desirable to prevent or stop abuse.
These measures may consist of, for instance, changing the login details or blocking the Account. The Customer must also immediately report this to the Supplier, so that the Supplier can take any additional measures.
Article 6. Intellectual property rights
6.1. By using the Services, Customer is prohibited from violating Dutch or other laws or regulations applicable to Customer or Supplier or from infringing the rights of others.
6.2. It is prohibited (whether lawful or not) to offer or distribute any materials using the Services that:
a. contain or reference malicious content (such as viruses, malware or other harmful software);
b. infringe any third party rights (such as Intellectual Property Rights), or are unmistakably libellous, defamatory, offensive, discriminatory or hateful;
c. contain information about (or that may assist in) violating the rights of third parties, such as hacking tools or computer crime explanations intended to (induce) the reader to commit criminal acts and not to be able to defend themselves against them;
d. violate the privacy of third parties, including in any case but not limited to the processing of personal data of third parties without consent or any other basis; or
e. contain hyperlinks, torrents or references with (locations of) materials that infringe Intellectual Property Rights.
6.3. The Customer is only allowed to distribute (unsolicited) commercial, charitable or idealistic communication using the Services in compliance with the applicable laws and regulations.
6.4. The distribution of pornographic Materials via the Services is permitted insofar as this does not constitute a nuisance or other violation of these General Terms and Conditions and only insofar as this possibility is not excluded in the Agreement.
6.5. Customer shall refrain from obstructing other customers or internet users or causing damage to systems or networks of Supplier or other customers. Customer is prohibited from starting up processes or programmes, whether or not via the systems of Supplier, which Customer knows or can reasonably suspect will hinder or damage Supplier, its customers or internet users.
6.6. Customer indemnifies Supplier and shall hold Supplier harmless against any form of claim, charge or lawsuit from a third party in connection with (the content of) the data traffic or the Material posted on or distributed via the Service by Customer, Customer's customers and or other third parties.
6.7. If in the opinion of Supplier any hindrance, damage or other danger arises for the functioning of the computer systems or the network of Supplier or third parties and/or of the services via the Internet, in particular due to excessive sending of e-mail or other data, denial-of-service attacks, poorly secured systems or activities of viruses, Trojans and similar software, Supplier is entitled to take all measures it reasonably considers necessary to avert or prevent this danger. Supplier may recover the costs reasonably necessary associated with these measures from Customer, if and insofar as Customer can be blamed for the cause.
6.8. Unless otherwise agreed in writing, Customer may not use the Services for Increased Risk Applications.
6.9. If Customer requires any licence or other permission from government bodies or third parties for the specific use he gives or intends to give to the Services, Customer must himself take care to obtain such. Customer warrants to Supplier that it holds all licences and/or consents necessary for Customer's use of the Services.
Article 7. Notice and takedown
7.1. If a third party points out to Supplier or if Supplier itself observes that, with the use of the Services, certain materials are stored or distributed that infringe third-party rights or are otherwise unlawful or in violation of laws and regulations or the Agreement, Supplier shall notify Customer of the complaint or violation as soon as possible.
7.2. Supplier shall give Customer the opportunity to respond to the complaint within a reasonable time and, if necessary, take measures. If Customer fails to do so, Supplier may itself take all reasonable measures to end the violation. This may result in certain data being removed or made inaccessible, or access to the Services being blocked in whole or in part. In urgent cases (e.g. when Supplier receives reports regarding the possible presence of child pornography) Supplier may take immediate action, without alerting Customer. If Customer is a Consumer, immediate intervention by the Supplier is only possible in the form of removal or blocking of the unlawful materials. However, in that case the legal (suspension) rights of Supplier shall continue to apply in full.
7.3. If there are any potentially punishable materials, the Supplier is entitled to report this. Supplier may hereby hand over the relevant materials and all relevant information about Customer and third parties (including customers of Customer) to the competent authorities and perform all other acts that these authorities request Supplier to perform as part of the investigation.
7.4. Supplier shall not be liable for any damage suffered by Customer, its customers or end users as a result of a shutdown of the Services or removal of materials under the procedure described in this article.
7.5. Supplier is entitled to hand over the name, address and other identifying data of Customer or the relevant end user to a third party who complains that Customer is infringing its rights, provided that the applicable legal or jurisprudential requirements for this are met.
7.6. Customer shall indemnify Supplier against any claims by third parties based on the assertion that the materials stored or distributed using the Services infringe its rights or are otherwise unlawful.
Article 8. Domain names and IP addresses
8.1. If and insofar as the Services (also) concern the provision and/or management of domain names and/or IP addresses, the provisions of this Article 8 apply.
8.2. When providing or managing domain names, Supplier acts as an intermediary between Customer and the supplier of the domain name registration and domain name management services. Customer explicitly authorises Supplier to do so, as well as the other actions described in this Article 8.
Supplier has no influence on the distribution process of domain names. Supplier has no obligation to guarantee the continuity or existence of a registered domain.
8.3. Availability, application, assignment and possible use of a domain name or IP address depend on and are subject to the applicable rules and procedures of the relevant registering authorities, such as the Stichting Internet Domeinregistratie Nederland in the case of .nl domain names and Réseaux IP Européens (RIPE) in the case of IP addresses. The Supplier gives no guarantee that an application will also be honoured. The relevant authority decides on the granting.
8.4. Customer must comply with the rules set by registering authorities for application, allocation or use of a domain name. The various domains are managed by different, mostly national organisations. All these organisations have their own (general) conditions regarding the registration of the relevant domains and sub-level domains, as well as their own regulations regarding domain name disputes. If domain names are the subject of the Agreement, the additional conditions of, inter alia, each relevant gTLD (general Top Level Domain) and ccTLD (country code Top Level Domain) will apply. The relevant additional conditions can be accessed via the Additional Conditions Overview.
8.5. The Customer can only ascertain the fact of registration from the Supplier's confirmation stating that the requested domain name or IP address has been registered. An invoice for registration costs does not constitute confirmation of registration.
8.6. Customer shall always inform Supplier immediately, but in any case within 5 calendar days, and in writing of any changes regarding the domain holder's details.
8.7. When using domain names and IP addresses, Customer shall observe all laws and regulations and all conditions set by the registering authorities. The use is made entirely under the responsibility of Customer. Customer indemnifies and holds Supplier harmless for all damages related to (the use of) a domain name or IP address on behalf of or by Customer. Supplier is not liable for the loss by Customer of its right(s) to a domain name (e.g. in the event of termination by Customer itself or by decisions in domain name disputes) or for the fact that the domain name is applied for and/or obtained by a third party in the interim and Customer is not entitled to a replacement domain name or restitution in those cases, except in the event of intent or deliberate recklessness on the part of Supplier.
8.8. Notwithstanding the provisions of Article 8.2, the Supplier is entitled to make the domain name or IP address inaccessible or unusable, or (if applicable) to place it in its own name (or have it placed in its own name) if the Customer demonstrably fails to comply with the Agreement, but only after expiry of a reasonable term for compliance set in a written notice of default.
8.9. The IP addresses made available to Customer remain under the control of Supplier or its suppliers and, unless otherwise agreed in writing, cannot be taken with them on any termination of the Agreement. Multiple Customers of Supplier may operate under a given IP address. Supplier shall at all times be entitled to change the IP address or assign another address to Customer.
8.10. In the event of termination of the Agreement due to default of Customer, Supplier, despite its mediating role, is entitled to terminate a domain name of Customer, without being liable in any way for resulting damages.
Article 9. SSL/TLS certificates
9.1. If and insofar as the Services (also) relate to the provision and/or management of SSL/TLS certificates, the provisions of this Article 9 shall apply.
9.2. The application and award procedure of SSL/TLS Certificates is subject to the rules and procedures of the Certificate Authority issuing the SSL/TLS Certificate. The relevant certificate authority decides on the award of the SSL/TLS certificate and will carry out any checks deemed necessary for this purpose. The Supplier only fulfils a mediating role in the application procedure and does not guarantee that an application will be honoured.
9.3. The SSL/TLS certificate is valid for the agreed period, unless it is withdrawn prematurely. Supplier (despite its intermediary role) and the relevant supplier may immediately revoke the SSL/TLS Certificate if:
a. it appears that Customer has provided incorrect information for the purpose of obtaining the SSL/TLS certificate; or
b. in the opinion of Supplier and/or the relevant supplier, the reliability of the SSL/TLS Certificate has been compromised.
c. Customer shall comply with all applicable laws and regulations and all conditions set by the Certificate Authority when using the SSL/TLS Certificate.
9.4. Customer shall comply with all applicable laws and regulations and all conditions set by the Certificate Authority when using the SSL/TLS Certificate. Supplier shall refer to these conditions during the ordering procedure.
9.5. If the SSL/TLS certificate is revoked, the Customer is not entitled to a replacement SSL/TLS certificate or a refund of the costs for the SSL/TLS certificate by Supplier, unless the revocation is due to an attributable shortcoming of Supplier. In such a case, Supplier shall provide a new SSL/TLS certificate to replace the original SSL/TLS certificate for the remaining period. In other cases, Customer may have to rely on the terms and conditions of the relevant certificate authority.
9.6. Unless otherwise agreed in writing, Supplier shall make reasonable efforts to inform Customer before the SSL/TLS Certificate expires and needs to be renewed. However, it always remains the Customer's own responsibility to renew SSL/TLS certificates on time.
Article 10. Installation and configuration of software
10.1. Unless otherwise agreed in writing, Customer is responsible for the installation and configuration of the Services. Supplier may charge Customer for any support in this regard.
10.2. Except and to the extent that this follows from the nature of the Service (e.g. in the case of non-managed virtual private servers), Customer does not have the right to independently make adjustments or to install software within Services managed by Supplier (such as but not limited to online workstations and virtual private servers) without written permission from Supplier.
10.3. If and to the extent that the Services (also) involve the installation and/or configuration of software, Clause 10.4 shall apply.
10.4. If Customer wishes to implement a modification to the software independently, this shall be entirely at Customer's own risk and responsibility, unless Customer has reported the desired modification to Supplier in advance and Supplier has approved it in writing. Supplier may attach conditions to this approval.
Article 11. Dedicated hosting
11.1. If and insofar as the Services (also) relate to dedicated hosting, the provisions of this Article 11 shall apply.
11.2. Supplier shall make its own hardware available to Customer in the case of dedicated hosting. The storage space and capacity of the hardware are therefore not shared with other customers of Supplier. The hardware is and remains the property of Supplier.
11.3. Customer has no right of access to the server room, unless he is explicitly responsible under the Agreement for the installation and/or maintenance relating to the hardware and access is necessary in light thereof. Access to the server rooms is subject to the provisions laid down in Article 13.
11.4. Supplier is entitled to assign other hardware to Customer, provided that the replacement hardware reasonably meets the requirements that applied to the original hardware. Supplier shall in such a case make a plan of action in advance with Customer for the planned move, except in urgent cases.
Article 12. Colocation
12.1. If and insofar as the Services (also) relate to colocation, the provisions of this Article 12 shall apply.
12.2. Supplier shall only make a server room, network and power supplies available to Customer within the framework of colocation. Customer shall provide its own hardware.
12.3. Customer has no right of access to the server room, unless he is explicitly responsible under the Agreement for the installation and/or maintenance relating to the hardware and access is necessary in light thereof. Access to the server rooms is subject to the provisions laid down in Article 13.
12.4. Supplier may move Customer's hardware to another room in the data centre or to another data centre, provided that the replacement room reasonably meets the requirements that also applied to the original room. Supplier and Customer shall fix a time for the relocation in consultation, on the understanding that Supplier will always be given the opportunity by Customer to carry out the relocation within 14 days after the consultation. If, on the basis of the Agreement, Customer is itself responsible for the maintenance of the hardware, Customer shall move the hardware within a reasonable period not exceeding fourteen (14) days after a request issued by Supplier to that effect. In urgent cases, Supplier may move the server itself in all cases.
12.5. Both Parties shall bear their own costs associated with the relocation referred to in the previous paragraph.
12.6. Customer guarantees that the hardware will not cause any damage to the server room, the third-party hardware placed therein or the cabling installed therein, or disrupt or affect the operation thereof.
12.7. Supplier has the right to move, disable or remove the hardware if it deems this necessary in its professional opinion, without being liable in any way for resulting damage.
12.8. Customer is obliged to adequately insure and keep the hardware insured. At Supplier's first request, Customer shall provide the policy for the insurance taken out by Customer.
12.9. If Customer fails to comply with the Agreement, Supplier has the right to retain the hardware until Customer has fulfilled all its payment obligations.
Article 13. Access to the server room
13.1. Customer is only granted access to the server room if this explicitly follows from the Agreement and is necessary for installing, maintaining and/or moving hardware. Customer is obliged to follow all conditions and reasonable instructions set by Supplier and/or the relevant third party when entering the server room.
13.2. Customer shall only have the hardware maintained by sufficiently skilled and competent personnel. It is not permitted to grant access to the server room to third parties (such as customers of Customer), unless Supplier has given its written consent.
13.3. Customer shall perform the installation and maintenance work on the hardware as efficiently as possible without causing inconvenience to Supplier or others.
13.4. The cabling in the server room (including in any case cabling in shared racks and under the floors) shall only be installed by Supplier. Only the cabling in private racks shall be provided by Customer.
13.5. It is explicitly not allowed to make changes to the server room unless Supplier has given written permission. If Customer has made changes without written permission, Supplier has the right to demand restoration of the server room or to carry out restoration itself or have it carried out at the expense and risk of Customer.
13.6. Supplier is entitled at any time to enter the server room to check Customer's compliance with the regulations described above and any additional conditions, procedures and instructions.
13.7. Upon relocation of the hardware or termination of the Agreement, Customer shall return the server room as provided by Supplier at the start of the Agreement.
13.8. If Customer fails to comply with the Agreement, Supplier shall be entitled to deny Customer access to the server room. If Customer is a Consumer, this provision shall only apply if Customer is in default.
Article 14. Forwarding of Services
14.1. Unless Customer is a Consumer and if it appears from the nature of a Service concerned that it is intended for redelivery and/or insofar as the Agreement (also) explicitly provides for redelivery of Services, the provisions of this Article 14 shall apply.
14.2. The Customer is permitted to resupply the Services. Customer may only do so in combination with or as part of Customer's own products or services and without explicitly disclosing the name of Supplier as a supplier or subcontractor (for example through the services descriptions or advertisements) (hereinafter: "White-Label" reselling), unless otherwise agreed in writing. Customer shall indemnify Supplier and hold Supplier harmless from all claims by its Customer. Supplier may also act in full in the event of violations of these General Terms and Conditions by that Customer.
14.3. Unless otherwise agreed in writing, in the case of reselling, Customer shall act in its own name and at its own expense and risk. Customer is explicitly not allowed to conclude agreements for or on behalf of Supplier or to create the impression that he is acting as an agent or representative of Supplier.
14.4. In the event of resupply, Customer is itself responsible for providing support regarding the resupplied Services of Supplier to its customers.
14.5. Customer must impose at least the same obligations on its customers as those applied by Supplier with respect to the Services. Supplier may require Customer to provide evidence of this. In the case of redelivery of Services in the context of domain name registration, Customer must, if requested by Supplier, allow inspection of the order confirmations relating to the registration of domain names for the benefit of Customer's customers.
14.6. Non-payment or late payment by customers to Customer shall not release Customer from its payment obligations to Supplier.
14.7. Customer may, if it has been agreed that the redelivery will take place other than in a White-Label manner, only communicate in a businesslike manner that it makes use of the Services and may not otherwise make use of trade names, brand names, logos or other distinguishing marks of Supplier without having received explicit permission to do so. Customer shall always strictly follow any instructions of Supplier regarding the use of such distinguishing marks.
14.8. Supplier shall primarily contact customers of Customer through Customer. However, in urgent cases, such as in the event of (imminent) damage or nuisance to third parties due to activities of the Customer concerned, Supplier is entitled to contact Customer's customers directly, unless otherwise agreed in writing.
14.9. Customer is at all times fully liable to Supplier for what its customers do or fail to do through the Services provided by Supplier. Customer shall indemnify Supplier against any claims by third parties in this respect.
14.10. In the event of termination or dissolution of the Agreement for breach of contract by Customer, Supplier has the right to approach Customer's customers and make an offer to continue the Services itself or to have the Services continued by another reseller. At the first request of Supplier, Customer shall provide all (contact) details required for this purpose.
Article 15. Additional work
15.1. Customer may at any time request Supplier to perform work outside the Agreement (or requests for "additional work"). However, Supplier is not obliged to comply with such requests.
15.2. In the event of additional work, Supplier shall inform Customer in advance of the associated (estimated) costs and shall only perform the additional work after Customer's approval. However, the above does not apply to additional work that is necessary within the framework of the already agreed Services. Such additional work may be performed on the basis of subsequent calculation without Customer's consent.
15.3 Supplier shall always base the performance of additional work on the agreed rates, or in the absence thereof on the usual rates. Supplier may require that an additional agreement be concluded for the performance of the additional work.
Article 16. Storage and data limits
16.1. Supplier may place a limit on the capacity (e.g. the amount of data traffic, processing capacity, memory, storage or power) that Customer may or can actually use in the context of the Services.
16.2. If exceeded, Supplier is entitled to charge additional costs or (after written warning) to limit or reduce the use of the Services to the permitted capacity.
16.3. If a certain limit or capacity applies to the Services, it may be adjusted upwards or downwards in consultation with Supplier. An increase or upgrade of the Services may be implemented with immediate effect, however, a reduction or downgrade may only be implemented by the date of the first renewal of the Agreement and thereafter by the end of each month, subject to a notification period of one (1) month.
16.4 Any data traffic credit granted to Customer is not transferable to a subsequent month, another Agreement or another Customer of Supplier.
16.5. Supplier is not liable for the consequences of not being able to send, receive, store or change data or the incorrect functioning of the Services if Customer exceeds an agreed limit (e.g. the amount of data traffic, processing capacity, memory, storage or power).
Article 17. Fair use
17.1. If no capacity limit (e.g. the amount of data traffic, processing capacity, memory, storage or power) has been set for the Services, a "fair use" policy applies to the relevant Services.
17.2. Supplier may specify further details of the fair use policy, which in that case will be made available to Customer in writing or can be consulted via the Website. Supplier reserves the right to amend or supplement the policy in the interim and shall in such case inform Customer in advance in writing.
17.3. In the absence of an explicitly defined fair use policy, this shall be understood to mean that Customer may use a maximum of twice the capacity used by other customers of Supplier purchasing the same or similar Services under similar circumstances.
17.4. If the use of the Services exceeds the fair use policy, Supplier is entitled to limit or block the Services or offer Customer an alternative Service. In case of an excess, Supplier is not responsible for the non-functioning or incorrect functioning of the Services.
Article 18. Availability, maintenance and support
18.1. Supplier shall make every effort to realise good quality and uninterrupted availability of Services and associated systems and networks and to realise access to data stored by Customer with them. However, Supplier offers no guarantees on quality or availability, unless otherwise agreed in the offer by means of a Service Level Agreement (SLA) designated as such.
18.2. The performance of maintenance work, whether or not as part of the Services provided, may result in the Services being temporarily unavailable or limited in use. If the Supplier anticipates that certain maintenance will result in full or partial unavailability, the Supplier shall make every effort to carry out the work at times when the use of the Services is limited.
18.3. Supplier shall endeavour to give at least two Working Days' notice of scheduled maintenance work, whether or not as part of the Services provided. However, emergency maintenance may be performed at any time, even without prior notice to Customer.
18.4 The Supplier shall keep itself available to provide a reasonable level of remote customer support, during Business Hours, to the extent the applicable SLA does not provide otherwise. Requests for support from Customer that cannot be handled easily, such in the opinion of Supplier, shall be regarded as "additional work". These requests are therefore subject to the procedure as laid down in Article 15.
18.5. Supplier shall make every effort to respond to every support request as quickly as possible, but does not give any guarantees in this respect - unless otherwise agreed in the Service Level Agreement (SLA).
18.6. If and to the extent that the Services (also) relate to the maintenance of software by Supplier, the provisions of Clauses 18.7 to 18.9 apply.
18.7. Supplier shall make every effort to keep the software used in the Service up to date. In doing so, however, the Supplier is in turn dependent on its supplier(s). The Supplier is entitled not to install certain updates or patches if, in its opinion, this will not benefit the proper provision of the Service.
18.8. Supplier shall endeavour to adjust the software from time to time to improve its functionality and to rectify errors. In case of new functionality or changes that may substantially change the functioning of the software, Supplier shall make an effort to inform Customer in advance.
18.9. Supplier shall endeavour to add changes and new functionality requested by Customer to the software. However, Supplier is always entitled to refuse such a request if, in its opinion, it is not feasible or may impede proper operation, manageability or availability of the software.
Article 19. Backups
19.1. Unless otherwise agreed, there is no obligation on the Supplier to make backup copies (backups). Supplier may itself choose to make backups. These back-ups will then be made in case of a failure on the part of Supplier. Customer may additionally agree with Supplier that it purchases Services in the context of making backups and making them available to Customer for a fee. Only in that case shall the other provisions of this article apply.
19.2. All efforts as delivered by Supplier within the framework of the backups for the benefit of Customer and at Customer's request, shall be delivered against additional compensation. Insofar as the Parties have not agreed otherwise, the fee shall be calculated on the basis of the hourly rate applied by Supplier at that time.
19.3. With regard to the back-ups, Customer shall at all times be responsible for the correctness of the data and any recovery (and prior check) of the back-ups. The back-ups may be destroyed at any time after termination of the Agreement. It is at all times the responsibility of Customer to request a backup copy upon termination.
Article 20. Intellectual property
20.1. All Intellectual Property Rights to all Materials developed or made available by Supplier under the Agreement are vested exclusively in Supplier or its licensors.
20.2. Customer shall only acquire the user rights and powers explicitly granted in these General Terms and Conditions, the Agreement or otherwise in writing and Customer shall not otherwise reproduce or disclose these Materials.
The foregoing shall be an exception if it is unmistakable that Customer has been inadvertently omitted to expressly grant such a right. Delivery of source code of Materials is, however, at all times only mandatory if explicitly agreed or as a result of mandatory law.
20.3. Unless and insofar as agreed otherwise in writing, Customer is not allowed to remove or change any indication concerning Intellectual Property Rights from the Materials of Supplier or its licensors, including indications concerning the confidential nature and secrecy of the Materials of Supplier or its licensors.
20.4. The Supplier is permitted to take technical measures to protect its Materials. If Supplier has secured these Materials by means of technical protection, Customer will not be permitted to remove or evade this protection, except if and insofar as mandatory law provides otherwise.
Article 21. Customer Data
21.1. All rights to Customer Data, including any Intellectual Property Rights attached thereto, are vested in Customer. Supplier shall make no ownership claims on these.
21.2. Customer hereby grants Supplier a limited right of use to use the Customer Data during the term of the Agreement insofar as this is necessary for the provision of the Services.
21.3. Unless otherwise agreed in writing, Supplier is not obliged to load and/or migrate Customer Data as part of the Services. Supplier may charge Customer separately for support in this respect.
21.4. If and insofar as the Customer Data consists of personal data, the agreements as laid down in Schedule 1 shall apply.
21.5. If the Agreement ends, regardless of the reason for termination, Supplier shall destroy or delete the Customer Data as soon as possible, however with due observance of the provisions of Article 28 (Exit arrangement).
Article 22. Prices
22.1. Unless an amount is explicitly stated otherwise, all prices quoted by Supplier are exclusive of turnover tax and other levies imposed by the government.
If a price is based on information provided by Customer and such information turns out to be incorrect, Supplier shall be entitled to adjust the prices accordingly, even after the Agreement has been concluded.
22.3. Supplier is entitled to increase the prices used in this Agreement annually, by a maximum percentage of 5% or on the basis of the relevant price index of Statistics Netherlands, without this resulting in an opportunity for Customer to terminate the Agreement. Prices may furthermore be increased by Supplier at any time in the interim if the rates of suppliers, such as, but not limited to, suppliers of electricity, electronic communication services, domain name registrations, IP addresses, data centres, software and (public) cloud solutions increase, without this resulting in an option for Customer to terminate the Agreement.
22.4. Contrary to the previous paragraphs of this article, Customer, if he is a Consumer, has the right to terminate the Agreement if the prices are increased within three months after the conclusion of the Agreement.
22.5. Price changes that do not take place under Article 22.3 are subject to the same conditions and procedures as changes to the Services and to these General Terms and Conditions. If Supplier wishes to reduce the applicable prices, Supplier is entitled to implement this reduction immediately, without the possibility of cancellation by Customer.
Article 23. Payment
23.1. Supplier shall invoice Customer for the amounts owed by Customer. In doing so Supplier may issue electronic invoices. Supplier is entitled to charge periodically due amounts prior to the delivery of the Services.
23.2. The payment term of an invoice is 14 days after invoice date, unless otherwise agreed in writing.
23.3. If Customer has not paid in full after the payment term, he is automatically in default without notice of default being required.
23.4. Without prejudice to the above, all costs related to the collection of outstanding debts - both judicial and extrajudicial (including the costs for lawyers, bailiffs and collection agencies) - shall be for the Customer's account without notice of default being required.
23.5. Recourse by Customer to suspension or set-off is not permitted.
23.6. The provisions included in Article 23.3 up to and including Article 23.5 do not apply if and insofar as Customer is a Consumer.
23.7. If Customer is in default, this shall have the following consequences:
a. statutory interest shall be due on the outstanding amount;
b. the websites and other Materials hosted for Customer may be made inaccessible without further warning until the outstanding amounts, interest and the like have been paid.
23.8. All Supplier's claims shall be immediately due and payable if Customer is declared bankrupt, Customer applies for or is granted suspension of payments, Customer's operations are terminated or Customer's business is liquidated.
Article 24. Liability
24.1. Supplier shall not be liable within the framework of the realisation or performance of the Agreement except in the cases mentioned below, and at most up to the limits stated therein.
24.2. The total liability of Supplier for direct damage suffered by Customer as a result of an attributable shortcoming in the performance by Supplier of its obligations under the Agreement, explicitly also including any shortcoming in the performance of a guarantee obligation agreed on with Customer, or as a result of an unlawful act by Supplier, its employees or third parties engaged by it, shall be limited per event or a series of related events to an amount equal to the total of the fees (exclusive of VAT) paid by Customer under the Agreement in the last six (6) months. However, in no case shall the total compensation for direct damage exceed ten thousand (10,000) euros (excluding VAT).
24.3. Supplier's liability for imputable failure in the performance of the Agreement shall only arise if Customer immediately and properly gives Supplier notice of default in writing, setting a reasonable term to remedy the failure, and Supplier continues to fail imputably in the performance of its obligations even after that term. The notice of default must contain as detailed a description of the failure as possible, so that Supplier is able to respond adequately. The notice of default must be received by Supplier within 30 days after discovery of the damage.
24.4. The Supplier is explicitly not liable for indirect damage, including but not limited to consequential damage, loss of profit, image damage, missed savings and damage due to business interruption.
24.5. The exclusions and limitations referred to in this Clause 24 shall lapse if and insofar as the damage is the result of intent or conscious recklessness of the Supplier's management.
24.6. Any limitation of liability included in these General Terms and Conditions does not apply towards Consumers. Towards Consumers, the legal provisions concerning liability apply.
24.7. Customer is liable towards Supplier for damage caused by a fault or shortcoming attributable to him. Customer indemnifies Supplier against claims relating to non-compliance with the Agreement when using the Services by or with the consent of Customer. This indemnification shall also apply with respect to persons who, although not employees of Customer, nevertheless used the Services under the responsibility or with the consent of Customer.
Article 25. Force majeure
25.1 Supplier shall not be obliged to fulfil the Agreement if fulfilment is prevented due to force majeure. Any liquidity problems on the part of Customer explicitly do not qualify as force majeure.
25.2 Force majeure of Supplier shall mean any circumstance independent of the will of Supplier as a result of which the fulfilment of its obligations vis-à-vis Customer is prevented in full or in part or as a result of which the fulfilment of such obligations cannot reasonably be required from Supplier, regardless of whether such circumstance could be foreseen at the time of entering into the Agreement. Such circumstances shall in any case include:
a. state of emergency (such as extreme weather conditions, fire and lightning strikes);
b. breakdowns in telecommunications infrastructure and the Internet beyond the Supplier's control, including, for example, breakdowns in the registries of IANA, RIPE or SIDN, or (d)dos attacks;
c. a disruption in the (power) infrastructure of third parties outside the data centre;
d. shortcomings of suppliers of the Supplier, which the Supplier could not foresee and for which the Supplier cannot hold its supplier liable, for example because the supplier in question (also) suffered force majeure;
e. defectiveness of items, equipment, software or Materials which Customer has prescribed Supplier to use;
f. government measures;
g. unavailability of staff members (due to illness or otherwise);
h. general transport problems;
i. natural disasters; and
j. strikes, wars, terrorist attacks and internal disturbances.
25.3. In case of force majeure, Customer is not entitled to any (damage) compensation.
25.4. If a force majeure situation lasts longer than three months, either Party has the right to terminate the Agreement in writing, without any obligation to pay damages to the other Party.
Article 26. Confidentiality
26.1. The Parties shall keep confidential any information which they provide to each other before, during or after the performance of the Agreement if such information is marked as confidential or if the receiving Party knows or should reasonably suspect that the information was intended to be confidential. The Parties shall also impose this obligation on their employees as well as third parties engaged by them for the performance of the Agreement.
26.2 The receiving Party shall ensure that Confidential Information receives the same level of protection against unauthorised access or use as its own Confidential Information, but at least a reasonable level of protection
26.3. The duty to keep confidential information confidential does not apply if and to the extent that the receiving Party can prove that it:
a. was already in the possession of the receiving Party before the date of disclosure;
b. is available from a third party without that third party breaching any duty of confidentiality to the providing Party by providing it;
c. is available from public sources, such as newspapers, patent databases, publicly accessible websites or services;
d. has been developed independently and without the use of any information from the providing Party by the receiving Party.
26.4. If a Party receives an order to release Confidential Information from a competent authority, it has the right to do so. However, the providing Party shall be informed of the order as soon as possible (in advance), unless this is not permitted. If the disclosing Party indicates that it wishes to take measures against the order (e.g. through summary proceedings), the receiving Party shall wait with release until this has been decided, to the extent this is legally possible.
26.5. The obligation of confidentiality shall continue even after termination of the Agreement for whatever reason, and for as long as the providing Party can reasonably claim the confidentiality of the information.
Article 27. Duration and termination
27.1. Unless otherwise agreed in writing, the initial term of the Agreement shall be one (1) year. The Parties are not allowed to terminate the Agreement prematurely, except for the cases for which an exception is explicitly made in these General Terms and Conditions or in other parts of the Agreement.
27.2. If Customer is not a Consumer, the Agreement shall be automatically and tacitly renewed after expiry each time for additional periods equal to the initial term, unless a Party is notified in writing by the other Party at least one (1) month before expiry of its desire not to renew the Agreement.
27.3. If Customer is a Consumer, the Agreement shall be converted into an indefinite term Agreement after the expiry of the initial term. In that case, the Customer may terminate the Agreement for an indefinite term at any time in writing after conversion, subject to a period of one (1) month.
27.4. The Supplier is entitled to suspend the Agreement with immediate effect (in full or in part) or to terminate or dissolve the Agreement (in full or in part) if:
a. Customer fails to fulfil the obligations under the Agreement or fails to do so on time and does not remedy the shortcomings within a reasonable period after notice of default. However, a prior notice of default is not necessary in cases where the default occurs by operation of law;
b. Customer files for bankruptcy or is declared bankrupt, applies for a moratorium or is granted a moratorium, Customer's company is liquidated or its business activities are discontinued;
c. due to delays on the part of Customer, Supplier can no longer be required to fulfil the Agreement under the originally agreed conditions; or
d. circumstances occur as a result of which compliance with the Agreement becomes impossible or as a result of which Supplier cannot reasonably be required to maintain the Agreement unamended.
27.5. The right to suspension in the aforementioned cases applies to all Agreements concluded with Customer simultaneously, even if Customer is in default with respect to one Agreement only, and without prejudice to Supplier's right to compensation for damage, lost profits and interest.
27.6. In the event of dissolution of the Agreement, amounts already invoiced for performances performed shall remain due, without any obligation to undo. In the event of dissolution by Customer, Customer may only dissolve that part of the Agreement which has not yet been performed by Supplier.
27.7. If Supplier suspends performance of its obligations, it retains its claims under the law and the Agreement, including the claim to payment for the Services that have been suspended. This does not apply if Customer is a Consumer. In that case, the statutory rights of suspension apply.
27.8. If a dissolution is imputable to Customer, Supplier is entitled to compensation for the damage caused directly and indirectly as a result.
27.9. If the Agreement is terminated or dissolved, Supplier's claims on Customer shall be immediately due and payable.
27.10. If Customer can deactivate, disable or remove certain (parts of) Services itself, Customer is responsible for carrying this out before the date on which the Agreement ends. If Customer fails to do so, Supplier may charge for keeping the Services available and the Agreement shall be deemed to have been extended for the period that the Services are in use. Only at the express request of Customer will Supplier deactivate, disable or remove the relevant Services.
Article 28. Exit arrangement
28.1. If the Agreement is terminated, Supplier shall make every effort to provide reasonable support in the migration or transfer to another Service or another ICT supplier, by means of unlocking relevant data and providing access to the parts of the Service(s) to be migrated.
Any associated costs shall be borne entirely by Customer. Supplier shall under no circumstances take care of the actual transfer or migration to the new supplier. This remains the responsibility of Customer.
28.2. If Customer wishes to make use of the exit support referred to in the previous paragraph, Customer must submit a written request to Supplier for this no later than the date on which the Agreement ends.
28.3. Supplier shall only be obliged to provide the aforementioned cooperation for Customer's migration or transfer if all amounts due by Customer and any other obligations under the Agreement have been paid or fulfilled in full.
28.4. Customer shall not have access to any configurations made by Supplier. Under no circumstances will the configurations be provided by Supplier if the Agreement is terminated. They will be deleted by Supplier. Customer is not entitled to a refund of the installation and configuration costs.
28.5. Deletion of data stored for Customer is done with special precautions to make the deletion, as much as reasonably possible, irreversible.
Article 29. Modification
29.1. Supplier reserves the right to amend or supplement the Services and these General Terms and Conditions. Amendments shall also apply with regard to Agreements already concluded subject to a period of one (1) month after the announcement of the amendment. Amendments shall be announced in writing.
29.2. If Customer does not wish to accept a modification, Customer may object in writing within fourteen (14) days after the announcement. If Supplier decides to implement the amendment despite Customer's objection, Customer may terminate the Agreement in writing by and at the latest until the date on which the amendment takes effect.
29.3. The procedure described above does not apply to amendments of minor importance, amendments based on the law and amendments for the benefit of Customer. Such amendments may be implemented by Supplier unilaterally and with immediate effect.
Article 30. Choice of law and forum
30.1. Spanish law shall apply to the Agreement. If Customer is a Consumer he shall also enjoy the protection of the mandatory provisions of the law applicable where the Consumer is domiciled.
30.2. Unless otherwise prescribed by the rules of mandatory law, all disputes that may arise as a result of the Agreement shall be submitted to the competent Spanish court for the district in which the Supplier is located.
Article 31. Other provisions
31.1. If any provision of the Agreement is found to be null and void, this shall not affect the validity of the Agreement as a whole. The parties will in that case determine (a) new provision(s) to replace it, which will give shape to the intention of the original Agreement and General Conditions as much as is legally possible.
31.2. Information and communications, including price indications, on the Website are subject to programming and typing errors. In case of any inconsistency between the Website and the Agreement, the Agreement shall prevail.
31.3. The log files and other records, electronic or otherwise, of the Supplier constitute full evidence of the Supplier's statements and the version of any (electronic) communication received or stored by the Supplier shall be deemed authentic, subject to evidence to the contrary to be provided by Customer. This provision does not apply if Customer is a Consumer.
31.4. The parties shall always inform each other immediately in writing of any changes in name, postal address, e-mail address, telephone number and, if requested, bank or giro account number.
31.5. Where the Agreement refers to "in writing", this shall also include e-mail and, if the Services include access to a customer portal where the Parties can exchange messages, that customer portal, provided that the identity of the sender and the integrity of the e-mail messages or the messages within the customer portal have been sufficiently established.
31.6. All legal claims of Customer under the Agreement shall - subject to provisions of mandatory law - expire after one year, counting from the day on which performance of obligations under the Agreement existing between the Parties became due and payable. This provision does not affect the regular limitation period of the Supplier's claims.
31.7. Each Party shall only be entitled to transfer its rights and obligations under the Agreement to a third party with the prior written consent of the other Party. However, such consent is not required in the event of a corporate takeover or acquisition of the majority of the shares of the relevant Party.
Annex 1 | Processing of personal data
This Annex is inseparable from the Agreement concluded between the Parties. All terms written with an initial capital letter have, both in singular and plural, the meaning set out in the General Terms and Conditions. However, Supplier shall be referred to as "Processor" and Customer as "Controller", regardless of whether Customer is itself a processor towards its customers. Where definitions are used that correspond to the definitions in the General Data Protection Regulation (hereinafter "AVG"), these definitions will have the same meaning. The content of this Annex will be referred to hereinafter as "Processor Agreement".
Article 1. Purposes of processing
1.1. Processor undertakes to process personal data on behalf of the Controller under the terms of this Processor Agreement. Processing will only take place in the context of the performance of the Agreement, plus those purposes reasonably related thereto or determined by further agreement.
1.2. Processor shall make every effort, in the context of the aforementioned activities, to process with care the personal data made available by or through the Processing Responsible Party.
1.3. Processor primarily provides hosting services. Processing personal data is an incidental part of this. Indeed, in principle, Processor will not access the personal data. In this context, it may be considered that Processor stores data on Processor's systems. As a result, in many cases Processor automatically processes all categories of personal data and all categories of data subjects that Processor stores through the hosting services.
Article 2. Obligations of Processor
2.1. Processor shall process data on behalf of Processor for the purposes referred to in Article 1. Processor shall not process the personal data for its own purposes.
2.2. Processor shall act in accordance with the AVG when processing personal data.
2.3. Processor shall notify Processor immediately if, in its opinion, instructions are contrary to the applicable legislation regarding the processing of personal data or are otherwise unreasonable.
2.4. Processor shall, where reasonably within its control, provide assistance to Processor in fulfilling its legal obligations. This includes providing assistance in fulfilling its obligations under Articles 32 to 36 of the AVG, such as providing assistance in carrying out a Data Protection Impact Assessment ("DPIA") and prior consultation in the event of high-risk processing. Processor may charge the costs incurred for this purpose to Processor.
2.5. Processor guarantees that the content, use and commissioning of the processing of the personal data as referred to in the Processor Agreement are not unlawful and do not infringe any third-party right, and indemnifies Processor against all claims and demands related thereto.
Article 3. Transfer of personal data
3.1. Processor may process the Personal Data in countries within the European Economic Area ("EEA"). In addition, Processor may transfer the Personal Data to a country outside the EEA, provided that such country ensures an adequate level of protection and Processor complies with its other obligations under this Processor Agreement and the AVG.
3.2. Processor shall notify Processed Party at its first request which country or countries are concerned. Processor warrants that an adequate level of protection is in place for countries outside the EEA.
Article 4. Engaging sub-processors
4.1. Processor may use sub-processors in the context of the Processor Agreement.
4.2. The sub-processors engaged by Processor at the time of entering into this Processor Agreement are listed in Schedule 1A. The Processor has the right to object to any, new or to be changed sub-processor(s), in writing and within two weeks after sending the notice on this matter from Processor, giving reasons in writing. If Processed Party objects, the Parties will enter into consultations to reach a solution.
4.3. Schedule 1A also contains the identity and place of business of the sub-processor(s) already engaged.
4.4. Processor shall impose on the sub-processors engaged corresponding obligations as agreed between Processor and Processor.
Article 5. Duty of confidentiality
5.1. Processor is obliged to maintain the confidentiality of the personal data provided to Processor by the Processing Responsible Party. Processor shall ensure that the persons authorised to process the personal data are contractually obliged to maintain the confidentiality of the personal data of which they have knowledge. Article 6. Duty to report data breaches
6.1. Processor shall notify Processor without unreasonable delay of a personal data breach as referred to in Article 4 paragraph 12 of the AVG (hereinafter: "Data Breach"). In doing so, Processor shall take reasonable measures to mitigate the consequences of the Data Breach and prevent further and future Data Breaches.
6.2. Processor shall provide assistance to Processed Party, taking into account the nature of the processing and the information available to it, regarding (new developments regarding) the Data Breach.
6.3. The notification to the Processing Responsible Party will include, to the extent known at that time, at least:
a. the nature of the Data Breach;
b. the (expected) consequences of the Data Breach;
c. which categories of personal data have been affected by the Data Breach;
d. whether and how the personal data affected were secured;
e. the (proposed) measures to mitigate the consequences of the Data Breach or to prevent further Data Breaches;
f. the categories of data subjects;
g. the (estimated) number of data subjects; and
h. any different contact details for following up the report.
Article 7. Rights of data subjects
7.1. In case a data subject makes a request to Processor to exercise his/her statutory rights under Chapter III of the AVG, Processor shall forward the request to Processor and inform the data subject thereof. Processor shall then further handle the request independently.
7.2. In the event that a data subject makes a request to Processor to exercise one of their legal rights, Processor shall, if Processor so requires, cooperate to the extent possible and reasonable. Processor may charge Processed Party reasonable costs for this.
Article 8. Security measures
8.1. Processor shall make every effort to take appropriate technical and organisational measures to secure the personal data processed for the Processing Party against loss or against any form of unlawful processing.
8.2. Upon request, Processor will provide an overview of the security measures. In any case, Processor has taken the following measures:
a. Logical access control, using passwords or keys.
b. Physical access security measures.
8.3. Processor does not warrant that security is effective in all circumstances. Processor shall endeavour to have the security meet a level that is not unreasonable, given the state of the art, the sensitivity of the personal data and the costs associated with implementing the security.
8.4. Processor shall only make personal data available to Processor for processing if it has satisfied itself that the required security measures have been taken. Processor is responsible for compliance with the measures agreed by the Parties.
Article 9. Control
9.1. Processing Responsible Party has the right to have the compliance of Processor's obligations in this Processing Agreement audited. The Processing Responsible Party may have this checked up to once a year by an independent third party bound by confidentiality, in the event of a reasonable, communicated and well-founded suspicion of breach of this Processing Agreement in writing.
9.2. If an audit by an independent third party has already been carried out in a year, Processor may suffice, contrary to what is regulated in the previous paragraph, to provide access to the relevant parts of the report, if an audit of Processor's compliance with its obligations in the Processor Agreement is requested again within the same year.
9.3. Processor and Controller shall jointly decide on the date, time and scope of the audit.
9.4. The reasonable costs for cooperating in the audit shall be borne by the Processor, it being understood that the costs for the independent third party to be hired will always be borne by the Processor.
9.5. The audit and its results will be kept confidential by the Controller.
Article 10. Termination of Processor Agreement
10.1. Upon termination of the Processor Agreement, Processor shall without unreasonable delay, at the request and expense of Processor:
a. return the personal data as located on the infrastructure (under management) of Processor to Processor; or
b. delete the personal data as soon as possible.