The terms of this processing agreement apply when you use the online platform (hereinafter “Platform”) of The Linq Group BV. Before you can use the Platform, we request that you agree to the content of this processing agreement. In this processing agreement, we make agreements with you about who is responsible for the processing of personal data via the Platform.
In the context of this processing agreement, the following assumptions should be taken into account:
- The Linq Group BV offers the possibility to use an online SaaS service as part of the services provided by The Linq Group BV in the form of the Platform;
- When using the Platform, personal data of third parties (hereinafter referred to as “Personal Data”) may be entered, submitted and uploaded;
- When you enter, submit or upload Personal Data via the Platform, you are the one who determines the purpose of and the means for processing this Personal Data. In that case, you are the “Controller” and The Linq Group BV should be referred to as “Processor”;
- The Linq Group BV, as Processor, is prepared to process the Personal Data;
- The Processor will obtain the Personal Data under the responsibility of the Controller; and
- The Parties, with due observance of the provisions of the GDPR (as defined below), wish to lay down their rights and obligations in connection with the processing of the Personal Data by Processor.
The Controller and the Processor (collectively “Parties” and each individually “Party”) agree as follows:
Article 1. Definitions
In this processing agreement, the following terms are written with an initial capital letter and are defined as follows:
The General Data Protection Regulation. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC, including its implementing law, or the Personal Data Protection Act if this agreement is entered into before 25 May 2018.
The person to whom a Personal Data pertains.
Any situation in which Personal Data is inadvertently accessed, lost, destroyed, altered or processed unlawfully as a result of a security incident.
All services provided by the Processor to the Controller and any other form of cooperation, whereby the Processor processes Personal Data for which the Controller is responsible within the meaning of the GDPR, regardless of the legal nature of the agreement under which this takes place.
Data Protection Impact Assessment as referred to in the GDPR.
Personal Data Any data relating to an identified or identifiable natural person that the Processor obtains during or in connection with the execution of the Order.
Any party engaged by the Processor to process, on the instructions of the Processor, the Personal Data for which the Processor is authorised by this agreement by the Controller.
Article 2. The Data Subjects
- In order to execute the Assignment, the Processor processes Personal Data of the Data Subjects. The Data Subjects whose Personal Data are processed are:
a. LinkedIn-contact persons of the Controller
- The type of personal data that will be processed by the Processor under the processing agreement:
a. Name & address data
b. Contact details, including phone number and email address
Article 3. Execution processing
- The Processor undertakes to execute the Assignment for the Controller under the terms of this agreement and in accordance with the GDPR and/or other applicable laws and regulations.
- The Controller has and maintains full control over the Personal Data. The Processor shall process the Personal Data in a proper and careful manner.
- The Processor shall process the Personal Data exclusively for the purposes of the Assignment in accordance with the written instructions of the Controller, in accordance with the purposes and means determined by the Controller and with due observance of the retention periods determined by the Controller.
- The Controller hereby authorises the Processor to use one or more Sub-processors for the processing of Personal Data. If the Processor engages more or other Sub-processors for the processing of Personal Data, the Processor shall inform the Controller thereof in writing. An up-to-date overview of Sub-processors that are engaged by the Processor in the processing of Personal Data can be found at: https://www.linq.group/data-verwerking-partners.
- The Processor shall impose the same obligations on Subprocessors as the Controller has imposed on the Processor in this agreement.
- The Processor remains responsible towards the Controller for the correct fulfillment of this agreement
Article 4. Rights of Data subjects
- The Processor shall ensure that the Data Subject is able to exercise all his/her rights arising from the GDPR and/or other applicable laws and regulations.
- Further, upon the first request of the Controller, the Processor will as soon as possible, but no later than five working days after a request has been made, proceed to:
a. provide the necessary information;
b. correct, supplement, delete or block the Personal Data; and
c. the transfer of the Personal Data to the Controller or to a party designated by the Controller.
Article 5. Data Protection Impact Assessment
- The Processor supports and assists the Controller to comply with the execution of a DPIA, if the Controller is required to execute a DPIA.
- The Processor supports and assists the Controller with the implementation of new (security) measures that need to be taken as a result of a DPIA.
- The Processor shall only charge the Controller reasonable incurred costs for meeting these obligations.
- The Processor shall support and co-operate with the Controller regarding the implementation of new (security) measures that have to be taken as a result of other analyses and changes, such as changing (insights in) legislation.
Article 6. Security measures
- The Processor shall take all appropriate technical and organisational measures to adequately secure and keep the Personal Data secure against loss or any form of careless, incompetent or unlawful use or processing, taking into account the state of the technology.
- The Processor has in any case taken the following measures:
a. Encryption of digital files containing Personal Data.
b. Security of network connections via Secure Socket Layer (SSL) technology or similar technology that provides at least the same level of security.
c. Security of online accounts by means of passwords.
- The Processor guarantees that persons acting under its authority will only process the Personal Data lawfully and in accordance with this Agreement, the GDPR and/or other applicable laws and regulations.
- If the Processor fails to take appropriate technical and organisational security measures and subsequently fails to take appropriate measures within a reasonable period of time set by Processor, the Controller is entitled, without prejudice to its other rights under this agreement and/or under the law, to carry out these measures or have them carried out at the Processor’s expense.
- The Processor will immediately notify the Controller in detail of any Data Breach relating to the Personal Data. The Processor will do this at the latest within 24 hours after discovery of the Data Breach. The Processor will not charge any fee for this.
- Upon request of the Controller, the Processor shall provide the Controller with information on the measures taken to comply with the obligations under the GDPR and/or other applicable laws and regulations, this agreement and the other instructions of the Controller.
Article 7. Registers
- The Controller will keep a register of all the Personal Data they process. In this register, it shall in any case record their own name and contact details, the categories of Personal Data to be processed, the purposes of processing and the categories of Data Subjects.
- The Processor will keep a register of all Personal Data that it processes as a result of the Assignment for the Controller. In this register, it shall in any case record its name, contact details and the name of the Controller for whom it processes Personal Data, the categories of Personal Data it processes for the Controller and a description of the security measures taken.
Article 8. Transfer of personal data
- The Processor processes the Personal Data only in countries within the European Union. Transfer of the Personal Data to countries outside the European Union is not permitted.
- The Processor shall notify the Controller within which country or countries Personal Data is being processed. The Processor will also do this if the Personal Data enters a country as a result of a Data Breach or otherwise inadvertently.
Article 9. Confidentiality
- All Personal Data that the Processor receives and/or collects under this agreement is subject to an obligation of confidentiality towards third parties. The Processor and all persons employed by or working for Processor are obliged to maintain the confidentiality of the Personal Data.
- The Processor shall ensure that everyone working for the Processor is obliged to maintain confidentiality.
- This duty of confidentiality shall not apply if otherwise provided in this Agreement and/or to the extent that any statutory regulation or court ruling requires disclosure.
- The Processor shall immediately inform the Controller of any request for access, provision or other form of request and communication of the Personal Data in violation of the duty of confidentiality set out in this article. The Processor shall do this at the latest within 24 hours after the violation of confidentiality has been discovered.
Article 10. Duration and termination
- The Parties enter into this agreement for an indefinite period of time. This agreement will enter into force at the moment that the Controller makes use of the Platform for the first time and thereby agrees to the applicability of this Processing Agreement.
- This Processing Agreement ends by operation of law without any further notice of termination being required at the time of termination of the Assignment.
- If this Agreement ends or is dissolved, the provisions of this Agreement relating to confidentiality, liability, indemnification and all other provisions that are inherently intended to prevail even after termination or dissolution of this Agreement shall remain in force.
- The Parties may terminate this agreement with immediate effect by registered letter, in case of:
a. application for or granting suspension of payment to the other party;
b. filing for bankruptcy or declaration of bankruptcy by the other party; or
c. liquidation of the other party or permanent cessation of the other party’s business.
Article 11. Deletion
- The Processor will make all Personal Data available to the Controller at the first request of the Controller, but at the latest within ten working days after the end of this agreement or the Assignment.
- The Processor is obligated to completely and irrevocably delete all Personal Data at the first request of the Controller.
- As soon as it is established after the end of this agreement that the Controller is in possession of all Personal Data in a format accepted in writing by the Controller, the Processor shall delete all Personal Data completely and irrevocably within fourteen days.
- The Processor may deviate from the provisions of paragraphs 1 and 2 of this article to the extent that a statutory retention period would apply in respect of Personal Data or to the extent that this is necessary in order to prove to the Processor that its obligations have been fulfilled.
Article 12. Liability
The Processor shall be liable for and indemnifies the Controller for all damage caused by the Processor arising from the failure to comply with this agreement as well as in connection with the Processor’s violation of the GDPR and/or other applicable laws and regulations.
Article 13. Monitoring
- The Controller is entitled to check compliance with the provisions of this agreement no more than once a year. The Controller may carry out the check itself or have it carried out by an independent chartered accountant, registered computer scientist or other certified auditor, after having obtained permission from the Processor to do so.
- The Controller shall bear the costs of checking, with the exception of the costs of the Processor’s personnel supervising the check. If the check reveals that the Processor is materially in violation of this agreement, all costs shall be borne by the Processor, without prejudice to the other rights of the controller. If the Processor is in default, but the shortcoming is not material, the Processor will remedy the shortcoming as soon as possible.
- The Controller will notify the Processor in writing at least ten days before the start of the check, with a description of the parts that are subject to the check and the check process.
- If the Processor has its own compliance with this agreement verified by an independent certified party, the Processor shall provide the final results thereof to the Controller.
Article 14. Invalidity
If any provision of this agreement should prove to be invalid or non-binding, the Parties shall remain bound by the other provisions of this agreement. The Parties will replace the invalid or non-binding provision(s) by a provision that is binding and which has, as much as possible, the same purport as that of the provision(s) to be replaced, taking into account the purpose of this agreement.
Article 15. Miscellaneous
- This agreement can only be amended in writing by the Parties.
- The Processor shall not be entitled to suspend, settle or make the performance of its obligations under this agreement subject to any action or statement by the Controller. Failure of the Controller to comply with the Assignment or termination of the agreement on the basis of which the Assignment is executed shall in no way result in the non-fulfillment of the obligations of the Processor under this agreement.
- This agreement prevails over all other agreements between the Processor and the Controller.
Article 16. Applicable law and choice of forum
- This agreement, and all non-contractual rights and obligations arising therefrom, shall be governed in all respects by Dutch law.
- All disputes between the Parties that may arise as a result of this agreement, or of agreements resulting therefrom, will first be settled by the competent court of the District Court of Amsterdam.
Date last changed: 17 November 2021