Data Processor Agreement

This is the Data Processor Agreement ("Data Processor Agreement") of RabbitQuest B.V. ("RabbitQuest" or "NewU"), a company with address Buitenplein 67, 1181ZE, Amstelveen, and registered in the Trade Register of the Chamber of Commerce under number 75177307, hereafter called “Data Processor” and a Client of RabbitQuest B.V., hereinafter referred to as the "Data Controller".

Definitions

  • A Customer/Client: Any legal entity with whom NewU enters and/or has entered into a legal relationship regarding the provision of its License.
  • Data processor: An entity that processes data on behalf of a data controller based on specific instructions without having primary responsibility for or control over the purposes and means of that processing. In this case the Data Processor is NewU.
  • Data Controller: An entity that determines the purposes and means of the processing of personal data, bearing the primary responsibility for the collection, handling, and protection of such data.
  • Mailchimp: A marketing automation platform and email marketing service primarily used for sending newsletters, email campaigns, and automating marketing communications for businesses.
  • Software: All software provided by RabbitQuest In the form of a web application, a native application for Users, and a website for managing a portion of the Software.
  • Order Confirmation: The confirmation from the Client to NewU to enter into an Agreement regarding the Services this will be recorded in an Agreement.
  • Agreement: Any agreement between the Parties relating to NewU's Software.

Article 1 - Definitions and Interpretation

  1. Terms used in this Agreement shall have the meanings outlined in the General Data Protection Regulation (GDPR) or any subsequent legislation replacing or amending such regulation.

Article 2 - Data processing purpose and instructions

  1. The Data Processor shall process the email addresses of the Data Controller's employees solely for distributing promotional materials concerning the Software.
  2. No other use or dissemination of the email addresses will be permitted unless the Data Controller provides written consent.

Article 3 - Third-party sub-processors

  1. The Data Processor shall engage Mailchimp as a sub-processor.

Article 4 - Data security

  1. The Data Processor commits to implementing technical and organizational measures to ensure an appropriate level of security for the email addresses.

Article 5 - Data Breaches

  1. The Data Processor shall notify the Data Controller immediately upon becoming aware of a personal data breach.
  2. The Data Processor will cooperate with the Data Controller and take reasonable commercial steps to assist in the investigation, mitigation, and remediation of each such data breach.

Article 6 - Termination and data deletion

  1. Upon termination of this Agreement between the Data Controller and the Data Processor or upon the Data Controller's request, the Data Processor will delete all email addresses used solely for email marketing purposes from both NewU and Mailchimp.
  2. For clarity: email addresses associated with user accounts will be retained; for those email addresses the Retention Policy as specified in the Privacy Policy is applicable. Those email addresses do not fall under the scope of this Agreement.
  3. The Data Processor commits to deleting all relevant data two years post the termination of the collaboration between both parties.
  4. The Data Processor shall certify in writing to the Data Controller that it has done so, unless legislation imposed upon the Data Processor prevents it from returning or destroying all or part of the personal data.

Article 7 - Liability

  1. Both parties shall be liable for damages to third parties resulting from a breach of their obligations under GDPR unless specified otherwise.
  2. The Data Processor shall not be liable for damages resulting from the processing of personal data under the Data Controller's instructions.
  3. The Data Processor shall not be liable for any data breaches or any other violations occurring on or due to the systems or operations of "Mailchimp" or any other third-party sub-processor.

Article 8 - Duration and Termination

  1. This Data Processor Agreement shall enter into force when the Order Confirmation and Agreement is signed by both Parties.
  2. This Data Process Agreement shall terminate after The Data Processor has deleted all data of the Data Controller.

Article 9 - Governing Law

  1. This Agreement shall be governed by the laws of The Netherlands.
  2. All disputes between the Parties, which may arise as a result of this Data Processor Agreement, shall, in the first instance, be settled by the competent court of the District Court of Amsterdam.

Article 10 - Entire Agreement

  1. This Agreement embodies the entire understanding between the parties and supersedes all prior agreements, understandings, and communications, oral or written, relating to its subject matter.

RabbitQuest B.V. – 27/9/2023