This processor agreement applies to all forms of processing of personal data carried out by KRB Communications, located at Anthonie Fokkerstraat 1D in Barneveld and Spaarneplein 2 in The Hague; the Processor, for the purpose of providing products and services to your company or organization; the Processor.
As a processor, Krb Communications bears responsibility for processing personal data. As a result of the regulations set forth in the General Data Protection Regulation (AVG), we are required to enter into this agreement. This processor agreement is an integral part of the arrangements between the Parties in the agreement(s) we enter into. In the unlikely event that the content of this Processor Agreement does not fully reflect provisions of the underlying agreement(s), the content of this Processor Agreement takes precedence over those provisions.
We have agreed with you to provide one or more of the following services for your organization
- build website/web store or internet application
- website/web store or internet application maintenance
- database management
- domain registration and/or web hosting
- email services
- supply of software
- developing magazine, brochure, leaflet or map
- Running an online marketing campaign through social media, search engines and websites
Personal data processing
As part of this agreement, we process personal data of recipients/visitors/users of your website/web store, Internet application, web hosting, e-mail and addressed mail.
It concerns the following personal data
- NAW data
- dates of birth, birthplace
- contact information (e-mail addresses and phone numbers)
- IBAN numbers
- IP addresses
Duration of processor agreement
The term of this processor agreement is equal to the term of the underlying agreement(s) with us. As long as our service relationship applies, this processor agreement also continues. Within the framework of the AVG, we are (jointly) responsible for the confidentiality and otherwise careful storage and/or processing of this data. By signing this agreement, we further affirm the following:
1 We are familiar with the AVG and other privacy laws and regulations, and we make every effort to comply with them. To this end, we have taken the (appropriate) organizational and technical measures that can reasonably be required of us, taking into account the interest to be protected, the state of the art and the costs of relevant security measures, if desired we will be happy to inform you further about how we have arranged and set up this.
2 The personal data in question will be processed only and no more extensively than necessary in connection with the performance of underlying agreement(s) that we have agreed in writing with you.
3 If the personal data is recorded by us:
a Personal data will not be kept longer than strictly necessary;
b Upon your request, we will give you access to the personal data in question;
c Upon your request (by e-mail), we will look up, modify or change the personal data in question;
d If the underlying agreement is terminated, we will destroy the relevant data (or return original, non-digital documents), subject to a retention obligation in accordance with laws or professional regulations applicable to us.
4 We may engage (deemed reliable) third parties (sub-processors) to perform certain work, for example, if these third parties have specialized knowledge or resources that we do not have in-house. If engaging third parties results in them having access to or even recording and/or otherwise processing personal data, we will agree (in writing) with those third parties that they will comply with all obligations as mentioned in this processor agreement.
5 We ensure confidentiality regarding the personal data; and require our employees and any third parties (such as external system administrators) who necessarily have access to the personal data to maintain confidentiality in writing.
6 We ensure that our employees have received proper and complete instruction on handling personal data and that they are familiar with the responsibilities and obligations of the AVG.
7 If there is a data breach* concerning the personal data in question, we will notify you immediately (even if we have reported this ourselves to the Personal Data Authority and any persons involved**. We aim to do this within 48 hours of discovering this data breach or being informed of it by our sub-processors. In doing so, we will provide you with the information that is reasonably necessary for you (if not we but you are formally the data controller for the proper retention and processing of the data) to make, if necessary, a proper and complete notification to the Personal Data Authority and any other data subject(s) under the Data Breach Notification Obligation. Notification may be verbal at first for reasons of speed, but will be confirmed by us immediately thereafter also in writing or by e-mail. We will also keep you informed of the measures taken by us in response to the data breach, and further of any new developments surrounding the incident.
8 We will only process personal data within the European Economic Area (EEA), unless we agree other written arrangements with you about this. Companies such as Google, Facebook, LinkedIn, Twitter, MailChimp, Active Campaign, SharpSpring also operate outside the EEA; services from these named parties are known to process data outside the European Economic Area.
9 We may deviate from the foregoing if and to the extent that we are required by law or regulation to act otherwise, for example, if we receive a binding request or order to this effect from a competent authority. If regulations allow us to notify you of this, we will do so as soon as possible; where possible, we will also consult with you about how and what personal data we will make available.
10 The foregoing provisions shall apply during but also (to the extent relevant) after any expiration of the underlying agreement.
11 We confirm that we will assist you and provide support in fulfilling all obligations around personal data security, around notification of any data breaches and around (other) obligations you have in connection with the AVG towards data subjects or regulators in relation to our services.
By filling in and saving the data of the controller, you confirm that you agree to the provisions or agreements stated herein. And copy of the stored agreement is kept by us in our database.
* A data breach is defined as follows: A security breach that results in the significant likelihood of serious adverse consequences, or that has serious adverse consequences for the protection of personal data.
** It is not always entirely clear who is primarily responsible for any notification(s) in the event of a data breach. In those cases, we will carefully coordinate with you the steps to follow.