AVG-policy 2023v2
Article 2.2 General Terms and Conditions Fire-red B.V.
Considering that Fire-red B.V. & the undersigned both act as data controllers with regard to personal data such as initials, name, date of birth, place of birth, and email address of its participants/trainees and contacts in relation to its execution services for its clients and cooperating parties, and also with the undersigned. The principle of personal data of the individual or company information for our safety services as well as all “particulars” concerning the (personal) data of Fire-red B.V. or Fire-Control B.V. collected as a result of registration for participation or inventory meeting and execution of an assignment. All this data is processed via our recognized email addresses and in our software. Once Fire-red B.V. or Fire-Control B.V. engages “third” (sub)processors as “suppliers,” these are recognized by Fire-red B.V. or Fire-Control B.V. with a AVG supplier processor agreement, and therefore this processor also has access to the necessary (personal) data.
Agreed Points:
Both parties are aware of the Algemene Verordening Gegevensbescherming AVG, including the obligation to report data breaches, and will jointly strive to comply with all legal requirements. The processor will at least adhere to the following points:
• Parties comply with the Algemene Verordening Gegevensbescherming AVG. Insofar as the agreements between parties do not provide for legally required arrangements, parties agree to act in accordance with the applicable laws and regulations regarding the protection of (personal) data;
• (Sub-)Processor and those acting under its authority are obliged to keep confidential any personal data they become aware of;
• Personal data may only be processed according to the instructions of the controller;
• The (sub-)processor ensures proper and appropriate security of personal data. This is done by taking both technical and organizational measures; the processor has taken the following measures to protect personal data:
- Technical measures include firewalls, virus scanners, encryption, and accounts protected by strong passwords;
- Organizational measures include registering visitors, screening new employees, and securing premises and buildings/protected access to locations and equipment.
• The processor may only process personal data on behalf of the controller for the purpose established by the controller. The processor may not use the data for its own marketing activities and purposes. The processor may not transfer data to other parties unless instructed by the controller;
• The (sub-)processor may not process data outside the European Union;
• If a security incident is discovered that may have resulted in the leak or loss of personal data, the (sub-)processor must immediately (and in any case within 24 hours) notify the controller by phone and email, so that the controller can assess whether a report needs to be made to the DPA or the data subjects. The processor will then execute all instructions resulting from the investigation of the incident as quickly and efficiently as possible;
• The term of this processor agreement is equal to the term of the agreement/valid agreements between the parties or the expiration of validity with 2 months from the issued certification. If the processor’s services to the controller continue (even “tacitly”), this processor agreement will also continue unless written communication proves otherwise;
• The (sub-)processor must delete or return all personal data to the controller upon termination of services in the area of personal data processing and delete any remaining copies unless EU law or the law of the Member State requires the retention of such personal data;
• The (sub-)processor is required to cooperate with and execute requests from data subjects as referred to in Articles 15 to 22 of the AVG;
• The (sub-)processor must make all information related to this processor agreement available to the controller and allow and cooperate with audits and inspections by the controller or a mandated auditor. If an instruction, according to the processor and sub-processor, violates the regulation, EU law, or Member State law, the (sub)processor must immediately notify the controller;
• (Sub-)Processor is liable for damages resulting from violations of this processor agreement; see also the General Terms and Conditions of all involved (sub-)processors.
• A contract between the processor and all its sub-processors must impose the same obligations as those in this processor agreement and the confidentiality agreement. If the (sub-)processor fails to comply with its data protection obligations, the processor will be fully liable to the controller.
Fill in the fields below to agree to the AVG policy.
