Article 1 - Definitions and Interpretation
- Terms used in this Agreement shall have the meanings outlined in the General Data Protection Regulation (GDPR) or any subsequent legislation replacing or amending such regulation.
Article 2 - Data processing purpose and instructions
- The Data Processor shall process the email addresses of the Data Controller's employees solely for distributing promotional materials concerning the Software.
- No other use or dissemination of the email addresses will be permitted unless the Data Controller provides written consent.
Article 3 - Third-party sub-processors
- The Data Processor shall engage Mailchimp as a sub-processor.
Article 4 - Data security
- The Data Processor commits to implementing technical and organizational measures to ensure an appropriate level of security for the email addresses.
Article 5 - Data Breaches
- The Data Processor shall notify the Data Controller immediately upon becoming aware of a personal data breach.
- The Data Processor will cooperate with the Data Controller and take reasonable commercial steps to assist in the investigation, mitigation, and remediation of each such data breach.
Article 6 - Termination and data deletion
- Upon termination of this Agreement between the Data Controller and the Data Processor or upon the Data Controller's request, the Data Processor will delete all email addresses used solely for email marketing purposes from both NewU and Mailchimp.
- The Data Processor commits to deleting all relevant data two years post the termination of the collaboration between both parties.
- The Data Processor shall certify in writing to the Data Controller that it has done so, unless legislation imposed upon the Data Processor prevents it from returning or destroying all or part of the personal data.
Article 7 - Liability
- Both parties shall be liable for damages to third parties resulting from a breach of their obligations under GDPR unless specified otherwise.
- The Data Processor shall not be liable for damages resulting from the processing of personal data under the Data Controller's instructions.
- The Data Processor shall not be liable for any data breaches or any other violations occurring on or due to the systems or operations of "Mailchimp" or any other third-party sub-processor.
Article 8 - Duration and Termination
- This Data Processor Agreement shall enter into force when the Order Confirmation and Agreement is signed by both Parties.
- This Data Process Agreement shall terminate after The Data Processor has deleted all data of the Data Controller.
Article 9 - Governing Law
- This Agreement shall be governed by the laws of The Netherlands.
- All disputes between the Parties, which may arise as a result of this Data Processor Agreement, shall, in the first instance, be settled by the competent court of the District Court of Amsterdam.
Article 10 - Entire Agreement
- This Agreement embodies the entire understanding between the parties and supersedes all prior agreements, understandings, and communications, oral or written, relating to its subject matter.
RabbitQuest B.V. – 27/9/2023