Switch country/language: Deutschland (Deutsch) Switch country/language: United Kingdom (English) Switch country/language: Portugal (Português)
Basket

Home Page Data Processing Contract General Data Processing Contract

General Data Processing Contract

1. Introduction, Scope of Application, Definitions

  1. This contract regulates the rights and obligations of the Controller (client) and the Processor Viamodul (hereinafter referred to as “Parties”) regarding the processing of personal data on behalf of the Controller.
  2. This contract applies to all activities in which employees of the Processor or subcontractors commissioned by it (sub-processors) process personal data of the Controller on its behalf.
  3. The terms used in this contract shall be understood in accordance with the definitions of the EU General Data Protection Regulation (GDPR). Accordingly, the Controller is the “Controller” and the Processor is the “Processor”. Where “written form” is required, it refers to the written form in accordance with § 126 of the German Civil Code (BGB). Outside of these cases, declarations may be made in another form, provided that equivalent proof is guaranteed, in particular by e-mail.

2. Subject and Duration of Processing

2.1 Subject

The Processor undertakes the following processing operations: import and export of data from a website or store of the Controller.

The processing is based on the General Terms and Conditions and the Privacy Policy in force between the Parties (hereinafter “Main Contract”).

2.2 Duration

The processing begins with the acceptance of this contract and its provision and continues indefinitely until:

  • the termination of the commissioned service;
  • the termination of this contract by either Party.

 

3. Nature, Purpose and Scope of Data Processing

3.1 Nature of Processing

The processing has the following nature:

3.1.1 Transmission and Storage

The data provided and transmitted by the operator of the website or store are stored by the Processor after their receipt/transmission.

After the service is completed, the data will be deleted from the Processor’s data storage systems.

 

3.2 Purpose of Processing

The processing serves the purpose agreed between the Controller and the Processor.

 

3.3 Types of Data

The types of data include all data that the Controller transmits to the Processor or to which it grants access.

 

3.4 Categories of Data Subjects

All data transmitted by the Controller to the Processor or to which it grants access are subject to processing.

 

4. Obligations of the Processor

  1. The Processor limits the processing of personal data to the purposes for which it was commissioned by the Controller.
  2. The Processor confirms that it is familiar with the general legal provisions applicable to data protection and observes the principles of proper data processing.
  3. The Processor undertakes to maintain strict confidentiality in processing.
  4. Persons who may become aware of the data processed on behalf of the Controller must commit themselves in writing to confidentiality, unless they are already subject to a legally binding duty of secrecy.
  5. The Processor ensures that the persons involved in processing were instructed on the relevant data protection provisions and this contract before starting their activities. Appropriate training and awareness measures shall be repeated regularly. The Processor guarantees that the persons involved in processing on behalf of the Controller are continuously guided and supervised with regard to compliance with data protection requirements.

5. Data Security

  1. The data security measures described in Annex 1 are binding and define the minimum due from the Processor. The description must be sufficiently detailed so that a knowledgeable third party can unambiguously recognize the minimum required level. References to information not directly contained in this agreement or its annexes are not permitted.
  2. The security measures may be adjusted to technical and organizational developments, provided that the agreed level is not reduced. Necessary changes to maintain information security must be implemented without delay by the Processor and communicated immediately to the Controller. Substantial changes must be agreed upon by the Parties.
  3. If the security measures taken no longer meet the requirements of the Controller, the Controller may request the Processor to delete all transmitted data and block any access to the data.

6. Rules for Rectification, Deletion and Blocking of Data

  1. In the context of the service, the data processed will not be rectified, deleted or blocked by the Processor, as only a transmission of data takes place.
  2. The Controller may request the Processor to rectify, delete and block data.

7. Subcontracting

  1. The commissioning of subcontractors requires the express consent of the Controller, on a case-by-case basis. Exceptions apply to technical providers, such as data centers and support providers, provided they provide adequate evidence of data security or comply with the conditions set out in this contract.
  2. Consent is only possible if the subcontractor is contractually bound by data protection obligations at least equivalent to those of this contract. At the request of the Controller, the relevant contracts between the Processor and the subcontractor may be reviewed.

8. Rights and Obligations of the Controller

  1. The Controller alone is responsible for assessing the lawfulness of the commissioned processing and safeguarding the rights of data subjects.

9. Notification Obligations

  1. The Processor shall notify the Controller without delay of breaches of security of personal data processed on behalf of the Controller; substantiated suspicions must also be reported. Notification must be made no later than 24 hours after the Processor becomes aware of the relevant event.

10. Instructions

  1. The Controller reserves a broad right of instruction regarding processing on behalf.

11. Termination of Service

  1. Upon termination of the contractual relationship, the epages Mobile MBO account is exclusively and irrevocably deleted by the Controller, thus deleting all data processed on behalf or copies thereof.

12. Remuneration

There is no direct remuneration of the Processor by the Controller. Any separate remuneration or reimbursement of costs under this service must be agreed outside this contract.

13. Liability

  1. The correct transmission of data is the sole responsibility of the Controller, who is liable for compensating damages suffered by a person due to unlawful or incorrect data processing within the contractual relationship.

14. Final Provisions

  1. Both Parties are obliged to maintain confidentiality, even after termination of the contract, regarding all knowledge obtained in the context of the contractual relationship relating to trade secrets and data security measures of the other Party.

Place and Date of Last Update

Lisbon, 23-05-2024

All the services presented in this site are exclusively for professional purposes and the prices are presented without VAT.

COMPANY 6 LEGAL

about us

certified epages partner

Terms & Conditions

Private Policy

Alternative Dispute Resolution

Imprint

Contact form

Your Assessment

Online Complaint Book

MOST READ

New: epages Now Addons for Customized Functions and Design

Advanced epages Web Design

Web Design for Sage 50 Shop (epages)

Design for Mobile Version epages Shops

"Sign in" and "My Account" in Mobile Version

Design Gadgets for epages Shops

SEO Checkup for epages Shops

References epages Shops

Development & Integration

ADDRESS

Estrada da Ponte, nº 2

Quinta Grande - Alfragide

2610-141 Amadora (Lisbon)

Portugal - Google Map

Landline tel.: (+351) 214 067 846

DE mobile phone: (+49) (0)157 381 968 45

PT mobile phone: (+351) 936 810 645

WhatsApp Andreas (+351) 936 810 645

info@viamodul.eu