DATA PROCESSING AGREEMENT
This Data Processing Agreement (the “Agreement”) applies to the processing of Personal Data (as defined below) by Divante Sp. z o.o., with its registered office in Poland, at Dmowskiego Street 17, 50-203 Wrocław, registered by the District Court of Wrocław Fabryczna, VI Department of the National Court Register (Krajowy Rejestr Sądowy), under entry number KRS 0000313348, NIP [taxpayer ID] 8951930748, REGON 020832512, share capital: 58,000 PLN (“Meetsales”) and you as a Client of Meetsales ́s services (hereinafter “Client”) (Meetsales and Client hereinafter individually also referred to as a “Party” and together as the “Parties”).
The subject of this Agreement is the collection and processing of Personal Data (as defined below) in connection with certain online Software as a Service services (“Services”) provided by the Meetsales to the Client as specified in a separate agreement (hereinafter the “Main Agreement”).
The Controller appoints Meetsales as a processor to process Personal Data (as defined below) for the purposes described in this Preamble and the Main Agreement, or as otherwise agreed in writing by the parties (the “Permitted Purpose”).
Each party shall comply with the obligations that apply to it under Applicable Data Protection Law.
The Personal Data processing in connection with the performance of the agreement in relation to the Services shall be subject to Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (“Regulation”). Under the Main Agreement, Client as Personal Data Controller entrusts to Meetsales as the Personal Data Processor the processing of the following scope of personal data („Personal Data”): (i) nature and purpose of the processing – provision of Services specified in the Main Agreement; (ii) categories of data subjects – data subjects include Client, Client's representatives and end-users including employees, contractors, collaborators, and Client's Clients. Data subjects may also include individuals attempting to communicate or transfer personal information to users of Services. The data subjects exclusively determine the content of data submitted to Meetsales. Due to a full autonomy of data subjects regarding data entered to the system, Meetsales shall not be liable for the content entered to the system regardless if it constitutes personal data or not; (iii) type of personal data –email, first name and last name, address, title, contact details, username, chat history, financial information (credit card details, account details, payment information); employment details (employer, job title) and other data in an electronic form provided in the context of Services; (iv) area where personal data will be processed: EEA/EU.
Meetsales processes Personal Data solely for the purpose of performing the Main Agreement, to the extent necessary to perform it and only during its term. Meetsales is obliged to process personal data in accordance with the Regulation, other applicable provisions of law and the Agreement.
Meetsales in connection of Personal Data processing is obliged to: (i) apply all technical and organizational measures adequate to the risk level securing the Personal Data in accordance with the principles specified in Article 32 of the Regulation; (ii) assist the Client in fulfilling the obligations set forth in Articles 32–36 of the Regulation, while taking into account the nature of processing and information available to Meetsales; (iii) process the Personal Data only on documented instructions from Client, unless required to do so by the applicable EU or local law; in such a case, the Meetsales informs the Client of such a legal requirement before processing, unless that law prohibits such information on important grounds of public interest; (iv) assist the Client by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of the obligation to respond to requests for exercising the data subject’s rights laid down in Chapter III of the Regulation; (v) ensure that persons authorized to process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality; (vi) after the termination of the Agreement, depending on the Client’s request – delete or return the Personal Data and remove copies thereof, unless the mandatory provisions of law provide otherwise.
For the purpose of the appointment of Sub-processors, Client hereby gives the Processor a consent to engage Sub-Processors in connection with the provision of the Services, including without limitation for the Processing of Personal Data on behalf of Client. When requested by the Client, the Meetsales shall make available to Client an up-to-date list of all Sub-processors used for the Processing of Client Personal Data. The list of Sub-processors that are currently authorized by Meetsales to access Personal Data may be listed on a website maintained by Meetsales. At least 10 days before Meetsales authorizes and permits any new Sub-processors to access Client Personal Data, Meetsales will update the applicable website. Client may object in writing to Meetsales’s appointment of a new Sub-processor within five (5) calendar days of such notice, provided that such objection is based on reasonable grounds relating to data protection; otherwise Client shall be deemed to have accepted the respective Sub-processor to Process Client Personal Data. If Client legitimately object to the appointment of new Sub-Processor, the parties shall discuss such concerns in good faith with a view to achieving resolution provided, however, that if this is not possible, Client may suspend or terminate the Agreement (without prejudice to any fees incurred by Client prior to suspension or termination).
Meetsales will provide Client with the information necessary for the performance of its duties related to entrusting the processing of Personal Data. Meetsales will enable the Client to carry out audits, including inspections, of the outsourcing of the processing of Personal Data and will ensure cooperation in this respect. Each Party will incur its own costs of the audit, regardless of its result.
Meetsales may authorize persons acting on its behalf, including sub-processors, to process Personal Data on the Client’s behalf, which includes issuing Personal Data processing instructions to these entities on the Client’s behalf.
Meetsales will not transfer Personal Data outside the EEA, unless it obtains Client’s separate permit in this respect, which the Client will not unreasonably withhold, and such transfer will be effected in accordance with the provisions of the Regulation. In any event, the transfer will be effected solely for the purpose of performing the Main Agreement.
Irrespective of the other provisions of the Agreement, the Meetsales’s liability related to the processing of Personal Data under the Agreement is limited to the amount of ten thousand (10,000) USD, unless the mandatory provisions of law provide otherwise.
The Parties undertake to provide their representatives and persons employed by them (irrespective of the legal grounds for employment e.g. civil law contracts), whose personal data will be disclosed to the other Party of the Agreement and the Main Agreement as the data administrator in connection with the conclusion and implementation of the Agreement and the Main Agreement, with the information known to the disclosing Party and indicated in Article 14 of GDPR.
The current version of this Agreement was adopted on and it applies from 18.09.20202.