How does AE Van de Vliet BV handle your data?
AE Van de Vliet BV pays the necessary attention to the safe storage and processing of personal data of customers and their employees. More information about this can be found in this processing agreement.
In the context of the agreement(s) for the services stated in the appendices, AE Van de Vliet BV, with registered office at Industriedijk 14, 2300 Turnhout (hereinafter referred to as Processor) processes personal data on behalf of the customer (hereinafter referred to as Controller).
AE Van de Vliet BV undertakes to implement the obligations under the General Data Protection Regulation and, as a processor, will respect the following provisions.
Article 1. Object of the agreement
The Processor processes personal data received from the Controller in the context of the service agreement. The Processor processes the personal data solely on the basis of the written instructions of the Controller. The nature and purpose of the processing is determined per legal entity in the various annexes to the Agreement.
Article 2. Rights and obligations of the processor
The Processor will only process the personal data that are strictly necessary for the service agreement and achieving the purpose of the processing.
The Processor will not make a copy of the personal data, unless with a view to a back-up or unless this is necessary for the execution of the service agreement between the Parties.
The Processor will keep the personal data during the service agreement and from the end of the service agreement for a period equal to the statutory retention period or the limitation period that is relevant for any legal claims. After this period, the Processor will, at the choice of the Controller, return the personal data to the Controller or delete the personal data, unless storage of the personal data is required by Union or Member State law.
The Processor will process the data within the European Economic Area and may transfer the data to a third country or an international organization if there are adequacy decisions, appropriate safeguards, binding corporate rules or derogations for specific situations.
The Processor expressly undertakes to require its staff to comply with the GDPR.
The Processor declares that all persons authorized to process personal data have committed themselves to observe confidentiality or are bound by an appropriate legal obligation of confidentiality.
The Processor will not communicate the personal data to third parties, unless to other processors under the conditions stipulated in 2.10 or if this is imposed by or pursuant to a law.
The Controller is aware that the Processor, in order to fulfill its contractual obligations and to provide the services purchased by the Controller, uses several sub-processors (e.g. for hosting a digital platform, printing pay slips and other documents, postal delivery , create payment files, etc.). Relying on these sub-processors is necessary and crucial for the efficient and effective service and therefore gives its consent.
The Controller gives general permission to the Processor to contract other sub-processors and/or to replace existing sub-processors. The Controller acknowledges that it has been informed about other sub-processors. The Processor will inform the Controller in advance about the employment of other sub-processors. The Processing Manager has the right to object for substantiated reasons.
The Processor will impose the same data protection obligations on the sub-processors it uses as those imposed on it in this agreement, in particular the obligation to provide adequate guarantees with regard to the application of appropriate technical and organizational measures to ensure that the processing complies with the GDPR.
The Processor remains fully liable if a sub-processor fails to fulfill its obligation with regard to the security of data.
The Processor shall take the necessary appropriate technical and organizational measures to ensure a level of security appropriate to the risk, to ensure that the processing meets the requirements of the GDPR and that the rights of the data subject are protected. The Processor will hereby protect the personal data against destruction, loss, falsification, unauthorized distribution or access and any other form of unlawful processing.
The Processor will, taking into account the nature of the processing, assist the Controller by means of appropriate technical and organizational measures, as far as possible, in fulfilling its duty to answer requests to exercise the rights of the data subject .
The Processor will, taking into account the nature of the processing and the information available to it, assist the Processing Manager in fulfilling the obligations related to the security of the processing and the notification of breaches to the supervisory authority .
The Processor will make available to the Controller all information necessary to demonstrate compliance with obligations under the GDPR on the part of the Processor and enable audits, including inspections, by the Controller or an auditor authorized by the Controller and contribute to it.
The Data Protection Officer of the Processor is Mrs. Marleen Vangeel, with office at Industriedijk 14, 2300 Turnhout (e-mail: email@example.com).
Article 3. Rights and obligations of the controller
The Controller takes all appropriate technical and organizational measures to ensure a security level appropriate to the risk.
The Controller will report any official request and any inspection from the Data Protection Authority to the Processor.
The Processor does not answer direct requests from the data subjects. The Processor refers the data subjects to the Controller. The Controller will guarantee all rights of data subjects.
The Processor is not liable for damage due to non-compliance with this agreement or the GDPR, except for fraud, serious or intentional error. The liability is in any case limited to the amounts invoiced to the Controller over a period of 12 months prior to the occurrence of the damage.
Article 5.Duration and end of the agreement and the processing
This agreement is concluded for an indefinite period and ends when the term specified in 2.3 ends.
Article 6. General provisions
All notices under the Agreement will be made to the addresses stated in the Agreement. The parties will notify the other party of any change of address.
The nullity of a provision of the present agreement does not affect the validity of the other provisions.
Belgian law applies to this agreement.
The parties agree to first and foremost strive for an amicable settlement in the event of any disputes, in an informal and as discreet manner as possible.
In the absence of an amicable settlement, all disputes regarding the agreement will be submitted exclusively to the courts of the judicial district of Antwerp, Turnhout department.
General Data Protection Regulation 2016/679 of the European Parliament of 27/04/2016 on the protection of natural persons with regard to the processing of personal data.