GDPR confidentialityAstimp IT Solution SRL
CONFIDENTIALITY AGREEMENT
- THE CONTRACTING PARTIES
1.1. Company xxxxx S.R.L. with headquartered in XXXXXXXX, str. XXXXXXXX, nr. xx, tel./fax +40 xxx.xxx.xxx / +40 xxx.xxx.xxx, registered at the Trade Register under no. Jxx/xxx/20xx, CUI: xxxxxxxxx, bank account no. ROxxxxxxxxxxxxxxx open on XXXX BANK, represented by First Name Last Name, as administrator, hereinafter referred to as Beneficiary,
and
1.2. ASTIMP IT SOLUTIONS S.R.L., with headquartered in str. Ovidiu nr. 15, bl. LC5, sc. 1, ap. 1, 800084 Galați, jud. Galați, registered at the Trade Register under no. J17/391/2015, CUI: 34287108, bank account no. RO32BACX0000001662885000, open on UNICREDIT BANK SA, represented by Toma-Alexander STUHMULLER, as administrator, hereinafter referred to as Provider,
in order to facilitate as much as possible the discussions between the parties and for the parties to receive orally, visually or in writing, from each other certain commercial, financial and / or technical information under conditions that protect the confidentiality and ownership of such information,
agreed the following:
- THE MEANING OF SOME TERMS
2.1. „Confidential information” is all information or data (whether provided orally, visually, in writing or in any form or by any means) that is directly or indirectly disclosed at any time during the period in which this Agreement is in force, or made available to the Provider by the Beneficiary, regardless of whether the disclosure is written or verbal. Notwithstanding the general nature of the preceding definition, the term confidential information includes information contained in and / or found from evidence, letters, documents, projects, manuals, CD-ROMs, disks, disks, computer programs, technical and verification reports, proposals, financial and legal information; any information regarding the Beneficiary's operations, processes, procedures, plans, intentions, products and services, know-how, intellectual property and intellectual property rights, market opportunities, customers or other commercial business; any organizational, marketing, production plans (including new products and / or technology plans), business strategies, lists of partnerships and strategic partners, financial information (including information on the financial authorities and banks of the party concerned), technical information or other information, customer lists (current or potential customers), trade secrets, know-how, design and documentation of products, materials and means and amount, associated with trade or equivalent secrets, and accidental and / or information obtained by the goodwill of the clients of the Beneficiary in any form that is not already known to persons not connected with the Beneficiary, even if it is obtained free of charge or without considerable consumption of work, skill or money.
Notwithstanding the above definition, "confidential information" does not include that information that was publicly known or made public without violation of this Agreement or developed without using the information received below or obtained by legal methods and means at the time of disclosure that may be evidenced by a written report, sufficient to justify such an acquisition.
2.2. „The Provider” is the party that receives the confidential information, including any employee, officer, adviser, agent or third party acting on behalf of the Provider.
2.3. „The beneficiary” is the party that discloses the information, including any employee, officer, adviser, agent or third party acting on behalf of the beneficiary.
- PURPOSE OF THE AGREEMENT
3.1. The purpose of this Agreement is to ensure the confidentiality of all "confidential information" received by the Provider from the Beneficiary, regardless of the means and carriers through which they are transmitted and regardless of the form in which they are rendered, as indicated above.
- RIGHTS AND OBLIGATIONS OF THE PARTIES
4.1. The Provider agrees to and undertakes the following:
- The Provider shall not use any confidential information of the Beneficiary (or part thereof) for any purpose other than that of the execution of this Agreement;
- The Provider must keep the Beneficiary'sconfidential information fully secure and consider it exclusive by protecting it with the same diligence that the Providerapplies to its property and its secret of such importance, but in no case less than the reasonable, ordinary diligence;
- The Provider must not reveal, disclose, provide access, make public or available or allow access or other form of provision, directly or indirectly, in any form, certain confidential information to any third party or person, organization or individual, who does not it is authorized and / or presumed to have access to or know confidential information;
- The Provider shall use The Beneficiary's confidential information only for the purpose set out in this Agreement;
- The Provider shall not copy, reproduce or permit the confidential information to reach a third party, unless it is reasonably necessary for the purpose of this Agreement. Copies or reproductions are the property of The beneficiary and must be considered confidential in accordance with the terms of this Agreement;
- If it is necessary to disclose certain confidential information to a third party, The Provider must obtain the prior written consent of The beneficiary regarding that effect and conclude a non-disclosure agreement with the third party for the purpose of protecting such information;
- The Provider must oblige its staff members who can access such information to strictly comply with the obligations assumed by it;
- After the termination of the agreement the The Provider must, within 30 days, submit to The beneficiary all the confidential information and all the documentation, the materials and the means that can include such confidential information and any copies thereof;
- If The beneficiary requests it, The Provider shall without delay and at the request of The beneficiaryui, destroy at his expense all documents and other materials in his possession, keep or control (including any copies and reproductions thereof), and provide The beneficiary with a certificate of such destruction, signed by a responsible official.
4.2. If The Provider justifies a reasonable need to disclose confidential information by being obliged, within a legal, judicial or administrative procedure, The Provider must within a reasonable time notify The beneficiary in writing of this fact. Furthermore, The beneficiary despre acest fapt. Mai mult decât atât, The Provider must provide The beneficiary with any assistance that would enable The beneficiary to find a protection measure or aid to prevent or limit the disclosure of such confidential information.
4.3. Each party acknowledges and undertakes that, in no case, this Agreement can be interpreted in the sense in which it transfers ownership of the information from The beneficiary to The Provider. Such information should only be used in connection with the execution of the agreement.
- EXCEPTIONS TO CONFIDENTIAL INFORMATION
5.1. The confidentiality obligations of this Agreement do not apply to any confidential information of the The Beneficiary în măsura în care aceasta:
5.1.1. is publicly known otherwise than by breach of this Agreement by The Provider;
5.1.2. was independently developed by The Provider;
5.1.3. was already known to The Provider before being disclosed by The beneficiary and was unrestricted;
5.1.4. was subsequently received legally by a third party and is unrestricted;
5.1.5. The Provider was required to disclose such information by a court decision, or by a judicial, governmental or competent authority, provided that The Provider, as soon as possible after being asked to disclose, notifies The Beneficiary. The Provider is entitled to provide such confidential information to The Beneficiary as is necessary to comply with the respective decision or request;
5.1.6. The Beneficiary approved the disclosure of such confidential information by written consent.
5.2. The burden of proof of the exceptional situations mentioned in point 5.1. above is the responsibility of the party invoking them.
- DURATION
6.1. The date of entry into force of this Agreement is the date on which the last signature of the parties is applied.
6.2. This agreement is concluded for a period of 3 (three) years. It can be denounced for good reasons, by written notification, in compliance with a notice period of 30 calendar days.
6.3. The obligations of the parties set forth herein regarding confidential information continue and after the termination of the agreement for a period of 5 (five) years as of the date of its termination.
6.4. The commitments shown are also binding on any associates, subsidiaries or successors of the parties and will continue to take effect for as long as the Agreement is in force or until the permission to release or issue a press release regarding confidential information is specifically granted in writing by The Beneficiary.
- AUTHORISED PERSONAL
7.1 The Provider must limit the circulation and disclosure of confidential information within its organization to its directors, officers and employees or agents having a "need to know" for the purpose set out in this agreement (hereinafter "Authorised Person").
7.2. The Provider shall ensure that each authorized person is informed and subject to the confidentiality obligations set out in this agreement and is responsible for any breach of the confidentiality obligations provided by this agreement by such Authorized Persons and must apply such obligations at his own expense to the reasonable request of The beneficiary.
- THE RIGHT TO PROPERTY AND OTHERS
8.1. All confidential information provided by one party to the other under this Agreement shall in all cases be and remain the property of The beneficiary or its accreditors, as the case may be.
8.2. The parties agree that The Provider does not indirectly or otherwise acquire a right, title or license in connection with the confidential information disclosed to The Provider as a result of this Agreement, except as expressly set forth herein.
- COMMERCIAL LINKS
9.1. During the term of this Agreement, The Provider may not conclude or negotiate any business on his behalf or on behalf of a third party with a client or potential client of The beneficiary, when The beneficiary´s direct agreements with such a client are related to confidential information and are part of the ordinary activity carried out by The beneficiary.
- COMPENSATION
10.1. The disclosure of any confidential information to a third party, not expressly authorized in accordance with this Agreement, could cause The beneficiary a serious disadvantage and could cause material or other damage that is irreparable to The beneficiary´s business and therefore entitle The beneficiary to obtain an immediate remedy along with all other legal remedies.
10.2. Either party (the "guilty party") must fully compensate the other party for all losses, costs, damages and expenses (including legal fees) incurred by the other party as a result of any breach of this provision by the guilty party.
10.3. All information is provided "as is". The beneficiary does not provide guarantees, directly, indirectly or otherwise, regarding the accuracy, completeness or functionality.
- LAW AND DISPUTE SETTLEMENT
11.1. This non-disclosure agreement must be interpreted in accordance with the substantial Romanian law.
11.2. Any misunderstandings or disputes regarding this confidentiality agreement or execution agreements must be resolved amicably by the parties. An attempt to reach an agreement must be considered unsuccessful as soon as one party notifies the other in writing.
11.3. If the parties do not agree, the dispute will be settled by the competent courts in Bucharest.
- OTHER
12.1. This Agreement constitutes the entire agreement between the parties on the subject matter described herein and eliminates and supersedes any other written or verbal agreements or understandings relating to the subject matter.
12.2. Amendments or alterations to this agreement only take effect when they are made in writing and signed by the parties.
12.3. If a certain clause of this agreement would be legally ineffective, or, for legal reasons, inapplicable, the validity of these clauses will not be affected. In such a case, the parties must by mutual agreement replace the provision in question with another provision considered to be broadly equivalent in economic and contractual terms.
12.4. The failure or delay of either party, at any time, to exercise a right under a provision of this article, does not limit and does not operate as derogation therefrom, nor does the single or partial exercise preclude or limit any other exercise or its future exercise at any time.
12.5. This Agreement obliges and produces effects on the respective party and on its legal successors, as well as on the acquirers / assignees. If a party is subject to absorption, merger or other reorganization, that party must ensure that its rightful successor is also bound by this Agreement, as if it were a party to this Agreement. Subject to the foregoing, this Agreement and the rights and obligations cannot be assumed by a third party without the written approval of the other party.
- COMMUNICATION
13.1. Any communication between the parties regarding the performance of the contract must be sent in writing.
13.2. Any written document must be registered upon both transmission and receipt.
13.3. Communications between the parties may also be made by telephone, telex, fax or e-mail, provided that the receipt of the communication is confirmed in writing.
The parties guarantee that the appointed representatives, whose signatures are applied below, have been and are invested at the date of the conclusion of this contract with all the legal power to sign and execute this fact.
This Agreement was drafted and signed today, day.month.20xx in 2 (two) original copies, one for each party, both having the same probative force.
BENEFICIARY, The Provider,
General Data Protection Regulation - GDPR
1.1.Company xxxxx S.R.L. with headquartered in XXXXXXXX, str. XXXXXXXX, nr. xx, tel./fax +40 xxx.xxx.xxx / +40 xxx.xxx.xxx, registered at the Trade Register under no. Jxx/xxx/20xx, CUI: xxxxxxxxx, bank account no. ROxxxxxxxxxxxxxxx open on XXXX BANK, represented by First Name Last Name, as administrator, hereinafter referred to as Beneficiary,
and
1.2.ASTIMP IT SOLUTIONS S.R.L., with headquartered in str. Ovidiu nr. 15, bl. LC5, sc. 1, ap. 1, 800084 Galați, jud. Galați, registered at the Trade Register under no. J17/391/2015, CUI: 34287108, bank account no. RO32BACX0000001662885000, open on UNICREDIT BANK SA, represented by Toma-Alexander STUHMULLER, as administrator, hereinafter referred to as Provider,
in order to facilitate as much as possible the discussions between the parties and for the parties to receive orally, visually or in writing, from each other certain commercial, financial and / or technical information under conditions that protect the confidentiality and ownership of such information,
agreed the following:
- THE MEANING OF SOME TERMS
2.1. „Confidential information” is all information or data (whether provided orally, visually, in writing or in any form or by any means) that is directly or indirectly disclosed at any time during the period in which this Agreement is in force, or made available to the Provider by the Beneficiary, regardless of whether the disclosure is written or verbal. Notwithstanding the general nature of the preceding definition, the term confidential information includes information contained in and / or found from evidence, letters, documents, projects, manuals, CD-ROMs, disks, disks, computer programs, technical and verification reports, proposals, financial and legal information; any information regarding the Beneficiary's operations, processes, procedures, plans, intentions, products and services, know-how, intellectual property and intellectual property rights, market opportunities, customers or other commercial business; any organizational, marketing, production plans (including new products and / or technology plans), business strategies, lists of partnerships and strategic partners, financial information (including information on the financial authorities and banks of the party concerned), technical information or other information, customer lists (current or potential customers), trade secrets, know-how, design and documentation of products, materials and means and amount, associated with trade or equivalent secrets, and accidental and / or information obtained by the goodwill of the clients of the Beneficiary in any form that is not already known to persons not connected with the Beneficiary, even if it is obtained free of charge or without considerable consumption of work, skill or money.
Notwithstanding the above definition, "confidential information" does not include that information that was publicly known or made public without violation of this Agreement or developed without using the information received below or obtained by legal methods and means at the time of disclosure that may be evidenced by a written report, sufficient to justify such an acquisition.
2.2. „The Provider” is the party that receives the confidential information, including any employee, officer, adviser, agent or third party acting on behalf of the Provider.
2.3. „The beneficiary” is the party that discloses the information, including any employee, officer, adviser, agent or third party acting on behalf of the beneficiary.
- The subject matter of the contract arises from the Main Agreement. In particular, this includes
- The duration of the contract shall correspond to the term of the Main Agreement. After completing the data processing services, the Contractor shall erase or return all personal data at the option of the Client unless legal regulations stipulate the storage of such data. The Contractor shall once again separately confirm the erasure at the request of the
- The type and purpose of the processing arise from the Main Agreement. Personal data processed on behalf of the Client includes (type of data):
- The data of the following persons is affected by the data processing (categories of persons):
- The Client shall remain solely responsible for the processing of
- The instructions shall be initially defined and documented in the Main Agreement and this Agreement. The Client may modify, replace or supplement the initial instructions at a later point in time with separate instructions (individual instruction). The individual instruction shall fall within the scope of the contract and also be documented. If an individual instruction is given verbally due to extreme urgency, it shall be promptly confirmed in documented form. In this respect, instruction means every stipulation that is related to a specific data protection- related handling of the data processed according to this Agreement (e.g. erasure, anonymisation and rectification of data or the restriction of data processing).
- If the Contractor believes that an instruction violates legal regulations, the Contractor shall immediately inform the Client. In this respect, the Contractor shall be entitled to suspend the implementation of the instruction until it is modified or confirmed by the Client in documented form. If the Contractor determines the purposes and means of processing violating the instructions of the Client, the Contractor shall be responsible with regard to this processing.
- The data processing shall be performed in the Member States of the European Union (EU). The transfer of the processed data to a third country shall require the consent of the Client, which may be withheld only for important reasons. In particular, if the third country does not offer an adequate level of protection or the legal requirements for the transfer of data to the respective country are not met this shall constitute a reason for withholding consent. The Contractor shall be responsible if there are doubts in this
- The Client shall not make anyone subject to decisions based on automated processing including profiling within the context of data processing which produces legal effects concerning the data subject or similarly significantly affects the data subject. By the same token, the Client shall not have data processed on its behalf for an offer that is directly made to a child (e.g. services specifically directed at children).
- The contact person at the Client for the performance of this contract is:
- The contact person at the Contractor for the performance of this contract is:
- The parties may change their contact persons at any time. It is possible to designate multiple contact persons who are individually authorised to issue and receive instructions. If the contact person of one party is temporarily unavailable, the respective party shall change the contact person at least for the duration of such unavailability. Changing a contact person shall be documented in
- If one of the parties is not established in the EU, it shall designate a representative in writing. This representative shall represent the party in relation to its statutory data protection-related regulations in the EU. The representative shall be established in one of the Member States of the EU in which the persons subject to the data processing are located. Such a representative shall be designated as a contact person in this Agreement. The designation shall indicate that this is a representative according to the
- This Agreement shall not constitute an obligation to designate a data protection officer. Both parties are aware that a data protection officer shall be designated according to the legal regulations if a) the core activity of the respective party involves the performance of processing operations that require extensive regular and systematic monitoring, b) generally at least ten employees are constantly occupied with the automated processing of personal data, or c) the data is processed in a business-like manner for the purpose of data transfer or market and opinion
- The designated data protection officer of the Client is:Mr Suditu Andrei, Astimp IT Solution SRL, Ovidiu nr.15 bl.LC5 sc.1
- The designated data protection officer of the Contractor is:
- The provision for changing the contact person applies correspondingly to the data protection officer. The contact person may also at the same time be the data protection officer. If a party subsequently designates a data protection officer, it shall immediately notify the other party in documented form. The data protection officer of the Client shall be entitled to give instructions and the data protection officer of the Contractor shall be entitled to receive
- The data protection officer shall be involved by the respective other party in all issues concerning the protection of personal data and monitor the compliance with data protection regulations. The parties may consult the data protection officer of the other respective party in all issues concerning the processing of personal data according to this
- The Contractor shall ensure that persons authorised to process personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality. This shall in particular apply to persons subject to the supervision of the Contractor (employees) who have access to the processed data. At the same time, the Contractor shall ensure that its employees process this data only according to the instructions of the Client insofar as they are not obligated to other processing according to legal regulations. The obligation to ensure discretion and confidentiality shall remain after the end of the
- The Contractor shall assist the Client in the fulfilment of its obligation to respond to requests for exercising the data subject’s legal rights vis-à-vis the Client. If a data subject contacts the Contractor, the Contractor shall immediately forward the request of the data subject to the Client. The Contractor shall not respond to any request of data subjects without the instruction of the Client. Furthermore, the parties shall assist each other taking into account the nature of the processing and their respectively available information in the compliance with their legal obligations concerning data protection. In particular, this shall apply to the obligation to ensure the security of processing, notify the supervisory authorityand the data subjects of a data protection breach, perform a data
- The parties shall provide all necessary information to prove compliance with data protection obligations stipulated in this Agreement on request. The same shall apply to information needed for proving compliance with required legal regulations for data processing. Furthermore, the Contractor shall facilitate reviews including inspections that are performed by the Client or an auditor commissioned by the Client. The Contractor may object to an auditor that is in direct competition with the Contractor. The Client shall make an appointment in good time in advance for inspections at the establishment of the Contractor. The Client or auditor shall commit to confidentiality prior to the audit. This shall not apply if it is excluded that the Client and/or auditor comes into contact with information other than the information processed according to this Agreement. The Contractor shall assist the audit where necessary. The proof of measures that not only relate to the specific contract may also be provided by audit certificates or reports by an independent body such as an external auditor or data protection auditor. The same shall apply to authorised or otherwise appropriate certifications by an independent
- If the Contractor becomes aware of a breach of security of personal data that is processed on its behalf, the Contractor shall immediately notify the Client. The same shall apply if the data processed by the Contractor is subject to seizure or confiscation, insolvency proceedings or similar measures. In case of imminent danger, the Contractor shall be entitled and obligated to point out that the responsibility for the affected data lies with the Client. The parties shall implement appropriate measures for the protection of the data and for minimising possible adverse effects, in particular also for the data subjects, and assist each other with the documentation. The parties shall also inform each other about measures that a supervisory authority has taken in connection with the processing insofar as this is
- The Contractor shall take appropriate technical and organisational measures so that the processing is performed in accordance with legal requirements and the protection of the data subjects’ rights is ensured. The Contractor shall thereby consider the state of technology, implementation costs and the type, scope, circumstances and purposes of processing as well as the different probabilities of occurrence and severity of the risk to the rights and freedoms of natural persons. Overall, the technical and organisational measures of the Contractor shall ensure a level of protection that is appropriate to the risk
- Details on the measures implemented may be found in the Appendix to this Agreement. The Client acknowledges that these measures are sufficient according to the state of technology. The Contractor shall regularly review the compliance and effectiveness of the technical and organisational measures to ensure the security of the processing and update them where necessary. During the review, the Contractor shall consider the risks concerning the processing, in particular due to destruction, loss or alteration, whether unintended or unlawful, or unauthorised disclosure of or unauthorised access to personal data that is transferred, stored or processed in any other way. The Contractor shall comply with the level of protection stipulated by this Agreement when updating. Significant changes that result from the updating of the measures shall be documented by the
- The Contractor currently uses the processors (subcontractors). Documentation is required if a subcontractor is processing data in a third country. At the same time, it is necessary to document what constitutes the appropriate level of protection for data processing by the subcontractor. In this respect, the Client agrees to the data transfer to a third
- The Contractor shall be entitled to involve additional subcontractors or replace the used subcontractors by other subcontractors. The Contractor shall inform the Client in advance about any intended change with regard to adding or replacing a subcontractor. This gives the Client the opportunity to object to the intended change. The objection shall be raised within a cut-off period of six weeks after receiving notification about the intended change. Both the notification and the objection shall be made in writing, with the Contractor once again making the Client aware of the cut-off period in the notification. If the Client raises an objection to the change without an important reason, the Contractor shall be entitled to early cancellation of this Agreement as well as the Main Agreement with a notice period of six
- The Contractor shall impose the same data protection obligations on
- Third parties which the Contractor uses for ancillary services to support the performance of the contract shall not be considered subcontractors. These include telecommunication, postal, maintenance and audit services. The Contractor shall also take measures in this respect to ensure an appropriate level of protection proportionate to the risk (e.g. confidentiality obligation, monitoring or encryption).
- The Contractor shall perform the implementation of the instructions that are defined in the Main Contract and ensure compliance with general, technical and organisational measures according to this Agreement without charging costs to the Client. In this respect, the services of the Contractor shall already be covered by the compensation pursuant to the Main Contract. The same shall apply to individual instructions that the Client may and actually does implement on its own according to the Main Agreement (e.g. erasure of data through a web interface) via the processing system of the
- The costs for the implementation of individual instructions and other requirements, however, shall be the responsibility of the Client. In particular, this shall include assisting in responding to requests of data subjects and compliance with other obligations to which the Client is subject, the return and destruction of data insofar as this goes beyond deletion in the system of the Contractor, making information available insofar as this is not primarily in the interest of the Contractor and facilitating and contributing to reviews including
- On request, the Contractor shall provide the Client with a cost estimate in advance. Costs also include an appropriate compensation for services rendered. Different cost provisions in the Main Contract or a price list included in the Main Contract related to data protection measures shall override this cost Likewise, the costs for measuresrequired due to the fault of one party shall be borne by this party. Partial culpability of the respective other party shall be considered, however.
- Even if single provisions are legally invalid, this Agreement shall remain binding in its remaining parts. Statutory provisions shall apply in place of the invalid provisions. This Agreement shall not apply to the processing of non-personal data. This Agreement shall also not apply if the parties categorised such data as personal by mistake or because of an incorrect interpretation of the law. As long as there are doubts concerning whether the data is personal, the data labelled as such shall be handled as if it were personal as a precautionary measure. The provisions of the Main Agreement shall apply solely to non-personal
- The laws of the Romania shall apply. Any provision on the place of jurisdiction and limitation of liability in the Main Agreement shall also apply to this Agreement without limiting the legal rights of the data
- Modifications, supplements to and cancellation of this Agreement shall be made in documented form. Documented form within the meaning of this Agreement means at least text form. At the request of one party, any declaration made in text form shall be confirmed in writing.
Preliminary remarks
On 15/10/2018, the parties concluded an agreement on the use of Servers(Main Agreement). The provisions of the Main Agreement include the processing of data by the Contractor on behalf of the Client. This data may also include personal data. Personal data means any information relating to an identified or identifiable natural person (data subject). Insofar as the processing of personal data by the Contractor on behalf of the Client is concerned (data processing for third parties), this Agreement shall serve as a supplement to the Main Agreement. In this respect, deviating provisions of this Agreement take precedence over the provisions of the Main Agreement. The parties shall observe data protection regulations, in particular the regulations of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) when processing data.
The GDPR shall apply as of 25 May 2018. Insofar as the parties have already entered into a data processing agreement (DPA), this Agreement shall supersede the DPA once the GDPR applies.
Section 1 Subject matter and duration
the provisioning of servers racks incl. power supply and Internet connection in the data centre of Astimp IT Solution SRL.
Personal data processed according to this Agreement shall include data that the Contractor has collected on behalf of the Client or has been transferred from the Client to the Contractor for data processing. The Client shall ensure that the transferred data or data collected on its behalf does not reveal racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership. The data shall also not be related to criminal convictions or offences, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning the sex life or sexual orientation of such a person.
Section 2 Content of the contract
– IP Adresses
insofar as the data subject may be identified by such data.
The Contractor shall not process the data for other than the contractual purposes. In particular, the Contractor shall not transfer the data to third parties outside the contract. The Contractor shall make copies (e.g. backup copies) only for the contractual processing of the data.
– users who access the Client’s infrastructure via the Internet.
personal data that is effected on its behalf. The Contractor shall therefore process this data only at the instruction of the Client, insofar as the Contractor is not obligated to perform other processing according to the legal regulations. The Contractor shall notify the Client about such other processing, however, insofar as such notification is not prohibited due to important public interests. The responsibility of the Client is concerned especially with the lawful data processing according to the contract and as instructed, as well as ensuring compliance with principles of processing personal data and that this compliance can be proven.
Section 3 Contact persons
Ms Name , funtion, Adress:xxxxx Phone : xxxxxxxxxxx, Email: email@email.com
The contact person is simultaneously the person who is authorised to give data protection- related instructions to the Contractor according to this Agreement.
Mr Stuhlmuller Toma-Alexander, Ovidiu nr.15 bl.LC5 sc.1 ap.1, 800084 Galati, Romania, Phone .: +40 758 02 75 40, Email: office@astimp.ro
The contact person is simultaneously the person who is authorised to receive data protection-related instructions from the Client according to this Agreement.
Section 4 Data protection officer
ap.1, 800084 Galati, Romania, Phone .: +40 758 02 75 40, Email: noc@dedicatserver.ro
Mr Suditu Andrei, Astimp IT Solution SRL, Ovidiu nr.15 bl.LC5 sc.1
ap.1, 800084 Galati, Romania, Phone .: +40 758 02 75 40, Email: noc@dedicatserver.ro
Section 5 Rights and obligations
protection impact assessment, consult the supervisory authority and prepare a record of processing activities.
Section 6 Technical and organisational measures
These measures shall include for example: a) the pseudonymisation and
encryption of personal data, b) the ability to ensure the confidentiality, integrity and capacity of the systems and services in connection with the processing in the long term, c) the ability quickly to restore the availability of personal data and access to it following a physical or technical incident. The data processed on behalf of the Client shall be separated technically and organisationally from other data whenever possible.
Section 7 Subcontractors
the subcontractors stipulated in this Agreement between the two parties. In particular, the subcontractor shall implement appropriate technical and organisational measures in such a way that the processing is performed according to the data protection regulations. If a subcontractor fails to comply with its data protection obligations, the Contractor shall be liable for the compliance with the obligations of the respective subcontractor. The Contractor shall transfer data processed on behalf of the Client to a subcontractor only when the requirements according this Agreement are met.
Section 8 Costs
Section 9 Final provisions
City, day/month/20xx |
Galati, 15/10/20xx Contractor represented by: Stuhlmüller Toma-Alexander First name and surname |
|
Client represented by: First name and surname |
Signature(*) and company seal if applicable Signature(*) and company seal if applicable
* This Agreement requires the written form, which may also be in an electronic format.