Movers Processors Agreement

Van Riemsdijk | Top Movers processing agreement

Processor Agreement

This Processor Agreement applies to all forms of processing of personal data that van Riemsdijk Verhuizingen BV., registered with the Chamber of Commerce under number 34113975, (hereinafter: Processor) performs for the benefit of an opposing party ({{customer}}) to whom it provides services (hereinafter: Processor). Together, Processor and Processor are referred to as the "Parties".


In this Processor Agreement, the following terms shall have the following meanings:
1. Personal Data: Any data relating to an identified or identifiable natural person;
2. Processing or Processing: any operation or set of operations involving personal data, including in any case the collection, recording, organization, storage, updating, alteration, retrieval, consultation, use, provision by means of transmission, dissemination or any other form of making available, bringing together, linking, as well as blocking, erasure or destruction of data;
3. Sub-processor: any party engaged by Processor to Process Personal Data on behalf of Processor, without being subject to the direct authority of Processor.
4. Data Breach: a breach of security of Personal Data that accidentally or unlawfully results in - or where it cannot reasonably be excluded that it may result in - the destruction, loss, alteration or unauthorized disclosure of or unauthorized access to Personal Data transmitted, stored or otherwise processed;
5. Data Subject: the person to whom a Personal Data relates;
6. AP: the Personal Data Authority, the independent administrative body appointed by law in the Netherlands as supervisor for the supervision of the Processing of Personal Data;
7. Processor Agreement: this processor agreement.
8. Personal Data Overview: Specification of personal data of data subjects.

1. Purposes of processing.

1.1. Processor undertakes under the terms of this Processor Agreement to provide and process personal data on behalf of Processor. Processing will only take place in the context of Processor's services to Processor and related online services, plus those purposes that are reasonably related thereto or determined by further agreement in the General Terms and Conditions to which Processor has agreed and the Privacy Statement.
1.2. The personal data processed by Processor as part of the activities referred to in the preceding paragraph and the categories of data subjects from whom they originate are listed in Personal Data Summary.
1.3. Processor and Processing Controller shall not process the personal data for any other purpose and keep it longer than stated in Processor's Privacy Policy and Terms and Conditions. Controller shall inform Processor of the processing purposes to the extent they are not already mentioned in this Processor Agreement.
1.4. Personal data to be Processed on behalf of Processor shall remain the property of Processor and/or the relevant data subjects. The exception is the data used for purposes shown in the Privacy Policy by Processor.

2. Obligations of Processor

2.1. With respect to the processing mentioned in Article 1, Processor shall ensure compliance with applicable laws and regulations.
2.2. Processor shall inform Processor, upon its first request to do so, of the measures taken by it regarding its obligations under this Processor Agreement.
2.3. The obligations of Processor arising from this Processor Agreement also apply to those who process personal data under the authority of Processor, including but not limited to employees, in the broadest sense.
2.4. The Processor shall immediately notify the Processor if, in its opinion, an instruction of the Processor violates applicable law.

3. Transfer of personal data

3.1. Processor is entitled to process Personal Data in countries within the European Economic Area (EEA), the United States, Ukraine, the United Kingdom and Switzerland. Transfer to other countries will only take place with the prior express written consent of Processor. Transfers to third countries outside the EEA will be subject to appropriate safeguards.

4. Distribution of responsibility

4.1. Processor and Controller guarantee that the content, use and commissioning of the processing of the personal data referred to in this processor agreement are not unlawful and do not infringe any third-party right.
4.2. Processor is solely responsible for the Processing of Personal Data under this Processor Agreement, in accordance with the instructions of Processor and under the express (ultimate) responsibility of Processor.

5. Sub processors

5.1. Processor has the option of using Sub processors, servers and/or hosting parties in the performance of its services. In the case of van Riemsdijk | Top Movers this is:

- Optima Media (server)
- Optima Media (web management)

Upon request, the information about Sub processors can be requested by Processor. Processors can only refuse if legitimate reasons are given. Processor remains the point of contact for Data Subject at all times.
5.2. In any case, Processor shall ensure that these third parties assume in writing at least the same duties as agreed upon between Processor and Processor.
5.3. Processor guarantees that these third parties will properly comply with the obligations of this Processor Agreement and, in the event of errors by these third parties, shall itself be liable for all damages as if it had committed the error(s) itself.

6. Security

6.1. The Parties recognize that ensuring an appropriate level of security may continually force the implementation of additional security measures. Processor shall take the required appropriate technical and organizational measures to ensure a level of security appropriate to the risk so that the Processing complies with Applicable Laws and the rights of Data Subjects are safeguarded.
6.2. Processor maintains an appropriate level of protection, taking into account the state of the art, the cost of implementation and the nature, scope, context and purposes of the Processing.

7. Duty to report

7.1 If Processor determines a Data Breach, it shall notify Data Subject without delay and at the latest within 48 hours and after the determination. This notification shall describe or communicate at least the following:.
- The nature of the personal data breach, where possible indicating the categories of data subjects and the Personal Data in question;
- The likely consequences of the Data Breach related to personal data;
- The measures taken by the Processor to address the Data Breach, including, where applicable, the measures to mitigate any adverse effects.
7.2. Processor shall also inform Processor after a notification based on the previous article about the developments regarding the established Data Breach.
7.3. Processor must assess whether to inform the AP and/or the Data Subject about the Data Breach and is responsible for doing so.

8. Handling requests from Data Subjects.

8.1. In the event that a data subject makes a request to Processor to exercise his/her legal rights, Processor shall forward the request to Processor. Processor and Processor are obliged to both comply with their obligations of GDPR imposed by the AP including rights of access, correction, objection and oblivion. Processor must inform data subjects accordingly.
8.2. To the extent possible, Processor shall assist Processor to respond to requests from government agencies.
8.3. For the implementation of Article 8.1 and 8.2, the costs incurred by Processor shall be reimbursed by Processor, unless otherwise agreed.

9. Confidentiality

9.1. Processor is bound by a duty of confidentiality with respect to the Personal Data processed on behalf of Processor. This duty of confidentiality applies in full to Processor's employees and any Sub processors. Even after the termination of the Processor Agreement, the duty of confidentiality continues. Processor is bound by the duties contained in the General Terms and Conditions and the Privacy Statement.
9.2. This duty of confidentiality does not apply to the extent that Processor has given express consent to provide the information to third parties, if the provision of the information to third parties is logically necessary given the nature of the assignment provided and the performance of this Processor Agreement, or if there is a legal obligation to provide the information to a third party.

10. Audit

10.1. Processor shall have the right to conduct audits to verify compliance with security requirements, compliance with the general rules around Processing Personal Data, misuse of personal data by Processor's employees, compliance with all points in the Processor Agreement, and anything directly related thereto.
10.2. This audit may take place once a year.
10.3. Processor shall cooperate with the audit and provide all information reasonably relevant to the audit, including supporting data such as system logs, and employees as timely as possible.
10.4. The findings resulting from the audit conducted will be reviewed by the Parties in mutual consultation and, as a result, may or may not be implemented by either or both Parties jointly.
10.5. The cost of the audit shall be borne by Controller.

11. Liability

11.1. The liability of Processor for damages resulting from an attributable failure to perform the Processor Agreement, or in tort or otherwise, is excluded. Insofar as the aforementioned liability cannot be excluded, it is limited per event (a series of consecutive events counts as a single event) to compensation for direct damage, up to a maximum of the amount of the fees received by Processor for the work under this Processor Agreement for the month preceding the event causing damage. Processor's liability for direct damages shall never exceed €1000 in total.
11.2. Direct damages shall mean exclusively all damages consisting of:
- damage directly inflicted on tangible property ("property damage");
- reasonable and demonstrable costs to compel the Processor to (re)comply properly with the Processor Agreement;
- reasonable costs to determine the cause and extent of the damage insofar as related to direct damage as referred to herein; and
- reasonable and demonstrable costs incurred by Processor to prevent or limit the direct damage referred to in this article.
11.3. Processor's liability for indirect damages is excluded. Indirect damages are defined as all damages that are not direct damages and therefore in any case, but not limited to, consequential damages, lost profits, missed savings, reduced goodwill, damages due to business interruption, damages due to the failure to determine marketing purposes, damages related to the use of data or data files prescribed by Processor, or loss, mutilation or destruction of data or data files.
11.4. The exclusions and limitations referred to in this Article shall lapse if and to the extent that the damage results from intentional or deliberate recklessness on the part of Processor or its management.
11.5. Unless performance by Processor is permanently impossible, Processor's liability for attributable failure in the performance of the Contract shall arise only if Processor promptly gives Processor written notice of default, setting a reasonable deadline for remedying the failure, and Processor continues to fail imputably in the performance of its obligations even after that deadline. The notice of default must contain as complete and detailed a description of the failure as possible, so that Processor is given the opportunity to respond adequately.
11.6. Any claim for damages by Processor against Processor that has not been specified and explicitly reported shall expire by the mere lapse of twelve (12) months from the occurrence of the claim.

12. Duration and termination

12.1. This Processor Agreement shall enter into force upon the Controller's digital agreement.
12.2. The parties cannot terminate the Processor Agreement in the interim.
12.3. Processor is entitled to revise this Agreement from time to time. It shall give at least three months' notice of the changes to Processor. Processor may terminate by the end of these three months if it cannot agree to the changes.

13. Applicable law and dispute resolution.

13.1. The Processor Agreement and its performance shall be governed by Dutch law. Any disputes that may arise between the Parties in connection with the Processor Agreement shall be brought before the competent court for the district in which Processor is located.
13.2. This Agreement supersedes any prior or existing agreements between the Parties regarding the processing of Personal Data. This Processor Agreement may only be amended in writing, upon joint signature by the Parties.

Personal Data Overview

Personal data

Processor shall, within the scope of Article 1.1 of the Processor Agreement, process the following (special) personal data on behalf of Processor:
- NAW data
- Phone number
- E-mail address
- Visitor behavior (e.g., page and click behavior);
- IP address
- Unique credentials (for example, order number or customer number)
- Interests, preferences, categories, special needs regarding the moving product.

Of the categories involved:
- Customers
- Website visitors

Controller warrants that the personal data and categories of data subjects described in this Personal Data Summary are complete and accurate. Processor shall notify Processor of any discrepancies from Personal Data Summary and indemnify Processor for any defects and claims resulting from an incorrect representation