Platform Partner Terms of Service
Last modified on: 10 March 2022
You can download these Terms of Service here.
These general license terms (“Terms”) apply to the agreement (“Agreement”) between Framework Spaces B.V., with its registered and principal place of business at Singel 542, 1017 AZ in Amsterdam, registered with the Dutch Chamber of Commerce under number 83001093 (“Affic”) and any customer of Affic that matches workspaces of third parties to its customers (“Platform Partner”).
These Terms also contain a Data Processing Agreement (‘DPA’) that is included in Annex 1.
Hereinafter Affic and Platform Partner are collectively referred to as the 'Parties' and individually also as the ‘Party’;
Take the following into consideration:
A. Affic has developed technologies and services that enable sellers of workspace (Platform Partners) to connect with workspace locations (locations partners) to request and book workspaces and related workspace services;
B. Platform Partner matches supply and demand for workspaces and facilitates the requests and/or bookings of workspaces by its customers (“Users”) at location partners.
C. In return for payment, Affic offers Platform Partner access to the developed API and/or the Affic platform built by Affic and will offer related services (the “Services”) as further described on the website and in the ordering process of Affic;
D. Platform Partner desires to obtain a license to use the Services only for its own organisation;
E. Affic is willing to grant Platform Partner such a license under the terms and conditions set forth in these Terms.
Declare to have agreed as follows:
1. These Terms apply to all agreements, offers, quotations, orders, and other agreements sent by Affic to Platform Partner and/or entered into between and by Affic and Platform Partner.
2. Deviations from these Terms are only valid if and insofar as they have been expressly agreed in writing between Affic and Platform Partner. Deviations shall only apply to the specific agreement to which they have been agreed.
3. General purchase or other general terms and conditions the Platform Partner may use are not applicable to the legal relationship between Affic and Platform Partner and are hereby explicitly rejected by Affic.
4. If and insofar as specific provisions concluded between Parties conflict with these Terms, the specific provisions shall prevail.
5. The natural person accepting these Terms on behalf of Platform Partner guarantees that he or she is entitled to represent and to bind Platform Partner to these Terms.
1. Subject to payment of the license fees as described on the website and in the ordering process of Affic by Platform Partner, and for the term of this Agreement, Affic hereby grants to Platform Partner a non-exclusive, worldwide, non-transferable, revocable and non-sublicensable right to access and use:
a. the Services as described on the website and in the ordering process of Affic and;
b. any information about workspaces obtained from location partners including but not limited to up-to-date information about availability, images, descriptions, services and price information;
for the purposes of processing the requests and/or bookings of workspace by Users and other related services such as developing applications, making API calls in compliance with the API guidelines and display the data received via the Services.
2. Platform Partner is only permitted to use the Services in and for its own organisation. Parent companies and subsidiaries of Platform Partner do not form part of Platform Partner’s own organisation.
3. Parties hereby grant each other a worldwide, royalty-free, sublicensable and non-exclusive right to use each other’s company name, tradenames, trademarks, logo’s, brands or images to store and display in order to perform the Services and execute this Agreement or for advertising purposes in order to refer to each other’s company as a partner.
1. Before using the Services, Platform Partner must register with Affic and create an account. By creating an account and/or using any of the Services, Platform Partner agrees to be bound by the terms of the Agreement.
2. Access to the Services will be granted by means of e-mail authentication. After verification by Affic, the Platform Partner will be granted access to the Services without undue delay.
4. Intellectual property rights
1. Platform Partner agrees and acknowledges that Affic (or its licensors) are the sole and exclusive owners of all rights, title and interest (including, without limitation, patents, copyrights, database rights, trademarks, trade secrets, and all other industrial and intellectual property rights) in and to the Services and any documentation provided by Affic. This is included but not limited to the underlying software, structure, designs, algorithms and functionalities, the Affic website(s) and accompanying artwork, web design, lay-out and website texts.
2. Affic retains all rights, title and interest in and to any and all existing and future intellectual property rights and all rights related to it, including the licensed intellectual property rights with regard to the Services.
3. Platform Partner (or its licensor, such as location partners) remains the owner of (all intellectual property rights relating to) the information made available by Platform Partner and its Users for the use of the Services.
5. Rights and obligations of Platform Partner
1. If Platform Partner has chosen for option where actual reservations for workspaces are made through the Services thus and makes transactions via the Services, Platform Partner agrees to promote and sell, to the best of its ability, workspaces via the Services, at the price set between Platform Partner and Location Partner.
2. Platform Partner is responsible for the acquirement and maintenance of the equipment necessary to access and use the Services, including devices and internet connections.
3. Platform Partner shall timely inform Affic of any changes within its organisation or other changes that may affect the use of the Services.
4. Platform Partner shall comply with any instructions provided by Affic for the use of the Services, including these Terms, and shall ensure that its employees and Users do the same.
5. Platform Partner is responsible for any use - including unauthorised use - by Users of the Services, and will act and behave in accordance with what may be expected of a responsible and careful Internet user. Therefore, when accessing or using the Services, Platform Partner agrees not to - or permit any User or third party to - or attempt to:
a. modify, translate, adapt, arrange or create derivative works of the Services or any parts thereof;
b. decompile, disassemble or reverse engineer, or determine any source code, algorithms, methods, or techniques of the Services;
c. interfere with, damage, or disrupt the operation or any security-related features of the Services;
d. gain unauthorized access to, or restrict or inhibit use by other users of the Services;
e. pose a security risk to the Services or any User(s);
f. use the Services, or any feature thereof in a way that could or does violate any law or the rights any natural person or third party or expose Affic to legal liability;
g. copy and/or use trademarks, domain names, trade names, logos, copyrights or any other information protected by (intellectual property) rights of others, unless Platform Partner has been given prior explicit consent to do so;
h. remove, change or obscure any copyright, trademark or patent notices that appear within the Services and any end-user documentation made available to Platform Partner.
i. upload, or publish in any other way, materials which Platform Partner is not allowed to make public by applicable laws or which violate applicable laws, including but not limited to uploading and sharing of (personal) information that belongs to another person or third party; and
j. provide Affic with information, enter or share information via the Services, that Platform Partner know is false, fraudulent, deceptive, inaccurate, misleading.
6. In case of (any suspicion of) infringement or violation of this Agreement, any intellectual property rights, any other right of Affic or any third party, abuse or unauthorised use of the Services, by Platform Partner or User, Affic is entitled to (temporarily) suspend and disable any license or Platform Partner’s (access to) the Services.
6. Rights and obligations of Affic
1. Affic has outsourced the hosting of the Services to a hosting provider. Agreements have been made with this hosting provider about the availability of the Services and the response and resolution times in case of any problems.
2. Although Affic will make all reasonable efforts in this respect, Affic does not warrant that:
a. the Services will always be, accessible and available, or will work error-free and uninterrupted at all times;
b. all information provided by Affic, including all information in the Services, will always be accurate, complete or up-to-date;
c. data transmission will be correct and undamaged at all times, this includes the sharing of (information on) about, but not limited to, the availability, pricing, and services at the offered workspaces.
d. the quality of any Service, data, or any other information obtained through the use of the Services, will meet the expectations of Platform Partner or Users, or are fit for any particular purpose; and
e. all errors that may occur in the Services will be fixed.
3. Affic reserves the right to revise, modify, discontinue or change any facet of the Services at any time without providing prior notification to Platform Partner. In the event Platform Partner does not agree to the change(s), Platform Partner may terminate the Agreement by providing notice in accordance with clause 13.
4. Without prior notice to Platform Partner, Affic is entitled to (temporarily) suspend the use of the Services or to restrict the use to the extent that this is necessary for reasonably required immediate maintenance or for necessary immediate adjustments or improvements to the Services (e.g., in the event of a security breach). Affic will however endeavour to provide a reasonable notice of scheduled repairs and maintenance to Platform Partner.
5. Affic reserves the right to monitor, review, retain and/or disclose any information of Platform Partner and its Users as necessary to satisfy any applicable law, regulation, legal process or request by governmental authorities, as well as to disclose the company details of Platform Partner to any person or third party stating that materials or any other information provided by Platform Partner or User via the Services constitute a violation of its rights.
6. Affic may further suspend - at its reasonable discretion - the Services or limit the duration of the Services if required by law or industry rules or if Platform Partner has failed to comply with material obligations under the Agreement.
Affic shall use reasonable commercial efforts to make the Services available to Platform Partner for the duration of the Agreement and to make technical customer support available during office hours (9.30 a.m. to 5.30 p.m. CET). Affic will respond to Platform Partner within a reasonable time and will use its reasonable efforts to solve the problem.
8. Data protection and privacy
1. Affic qualifies as a controller within the meaning of article 4 paragraph 7 of the General Data Protection Regulation (“GDPR”) regarding the processing of personal data from employees of Platform Partner or locations partners. Detailed information on how Affic deals with the protection and processing of this personal data of can be found in the privacy statement of Affic available via https://affic.com/privacy-statement.
2. Affic qualifies as a processor within the meaning of article 4 paragraph 8 of the GDPR regarding the processing of personal data of Users, as this personal data is processed on the instruction of Platform Partner and Affic solely provides the ability to process requests and/or bookings by facilitating the technical interface between Platform Partner and location partners. Detailed information on how Affic processes this personal data can be found in the DPA that Parties concluded and that is included in these Terms in Annex 1.
3. Both Parties will comply with (their obligations under) the GDPR and any other applicable laws and regulations concerning privacy and data protection within the Affic of this Agreement.
4. The Services may contain information, including personal data and links to other websites and resources provided by users or third parties. Affic has no control over the websites, resources or information uploaded by (employees of) Platform Partner, Users or originated from third parties and assumes no responsibility or liability for such information. Affic shall not be liable for any loss or damage that may arise from Platform Partner’s or User’s use of this information.
1. Parties shall not, directly or indirectly, disclose confidential information as defined in 9.2 to third parties, except if the disclosure is i) necessary in connection with the performance of the Agreement between Parties, ii) made pursuant to a legal obligation, iii) the disclosure is expressly permitted under this Agreement, or iv) is made with the express prior written consent of the other Party.
2. With confidential information is meant all information disclosed by or on behalf of Affic or location partners or Platform Partner in whatever medium, in written, oral, visual or electronic form, including all business, financial, commercial, technical, operational, organisational, legal and marketing information which is either marked as being confidential or which would reasonably be deemed to be confidential in the ordinary course of business.
3. Each Party takes all necessary steps to protect the confidential nature of all confidential information of the other Party.
4. The obligation to maintain confidentiality does not apply to information:
a. available to the general public;
b. disclosed to one of the Parties by a third party without any obligation of confidentiality;
c. already in the possession of or known to one of the Parties at the time of disclosure;
d. developed independently of the confidential information by the other Party; or
e. if and to the extent to which one of the Parties and/or their employees are obliged under an act or by decision of a court or administrative authority to disclose such information.
10. Fees, invoicing and payment
1. Affic will provide the Services to Platform Partner at the rates and fees as described on the website and in the ordering process of Affic and will take place in Euro’s.
2. Annually on 1 January the agreed (annual) fees and ongoing payments may be adjusted byAffic, provided that this has been announced to Platform Partner at least one (1) month in advance. This adjustment is limited to a maximum of the change of the last published ‘Dienstenprijsindex’ (2015=100)' published by the CBS or its successor. This price increase in accordance with this clause shall under no circumstance give Platform Partner the right to terminate the Agreement.
3. Affic also reserves the right to make further price adjustments and to institute new charges at any time (including, for clarity, for any renewal), provided that this has been announced to Platform Partner at least one (1) month in advance. Platform Partner’s use of the Service following such notification constitutes Platform Partner’s acceptance of any new or increased fees.
4. All offers and fees are exclusive of VAT and any other legal levies and taxes and shall be added to Platform Partner’s invoice, where appropriate and at the appropriate rate.
5. Affic shall invoice Platform Partner for the fees due as set out on the website and in the ordering process of Affic, such invoices shall be due for payment within fourteen (14) days after the invoice date.
11. Force Majeure
1. Neither Party is obliged to fulfil any obligation under the Agreement, including any warranty agreed upon between the Parties, if it is prevented from doing so as a result of force majeure, being events or omissions beyond its reasonable control.
2. Force majeure shall in any case include: i) failures on the part of the hosting provider mentioned in clause 6.1 of this Agreement ii) failures of electricity, internet, computer network or telecommunication services on the part of Affic or its suppliers, iii) war situations.
12. Liability and indemnification
1. The Services are provided "as-is" and “as-available”, to the maximum extent permitted byapplicable law. Affic makes no warranties or representations, express or implied, as to any matter, including without limitation non-infringement of third party rights, non-infringement to use data or any other data, merchantability, integration, or fitness for any particular purpose, or that the Services will meet the requirements of the Platform Partner or will function properly when used in conjunction with other software or hardware. Furthermore Affic makes no warranties for, nor is in any way responsible or liable for any third party services such as the services of location partners, software or hardware which may be used to provide access to and use of the Services.
2. In no event shall Affic, or its licensors or subcontractors, be liable for any direct or indirect, consequential, punitive, special or incidental damages, including, without limitation, damages for loss of profits, revenue, business, goodwill, (personal) data, or costs to prevent, mitigate or determine such damages.
3. Affic shall not be liable for any damages or costs arising out of or related to the reasonable suspension, termination and/or limitation of access to and use of theServices.
4. Affic’s maximum liability for any damages or costs arising out of or related to theAgreement, whether in contract or tort, or otherwise, shall be limited to the amount of the fees Platform Partner paid to Affic for the access and use of the Services in one contract year per event giving rise to the liability (for this purpose interrelated events will be treated as a single event), whereby Affic’s total liability in one contract year shall never exceed EUR 5.000,- (five thousand euro’s).
5. The limitations and exclusions mentioned in the previous paragraphs of this clause will cease to apply if and insofar as the damages or costs are the result of or related to the intent or wilful recklessness (‘opzet of bewuste roekeloosheid’) on the part of the management of Affic, or otherwise in violation of any mandatory legal provisions.
6. Platform Partner will defend, indemnify and hold Affic harmless from any demands, claims, damages, liabilities, expenses or harms, including attorney’s fees, of any third party arising out or resulting from: (i) its own use or use by its Users of the Services in violation of the Agreement (ii) any information or other material uploaded or transmitted via any account, smartphone or other device of a User that infringes, violates, or misappropriates the rights of any person or third party (including any intellectual property rights or privacy rights), and (iii) the violation of any mandatory law or regulation which applies to Platform Partner. Platform Partner shall make all reasonable efforts to aid Affic in defending itself against any claims and/or lawsuits, and provide Affic upon first request, without undue delay, with all relevant information that may be necessary to defend itself against and/or settle such claims and/or lawsuits.
13. Duration and termination
1. This Agreement shall enter into effect on the date of creating an account at Affic, for an indefinite period of time and may be cancelled (‘opzeggen’) by either Party, providing at least thirty (30) calendar days’ written notice to the other Party, or is otherwise terminated in accordance with this Agreement.
2. Each Party is entitled to dissolve (‘ontbinden’) the Agreement with immediate effect by means of a registered letter:
a. when the other Party applies for a suspension of payment or is granted a suspension of payment;
b. when the other Party files for bankruptcy or is declared bankrupt;
c. upon the other Party's dissolution or ceasing to do business; or
d. in case a situation of force majeure has lasted for more than sixty (60) days.
3. Affic is entitled to dissolve the Agreement with immediate effect by means of a registered letter:
a. when access to the Services by Platform Partner is suspended by Affic pursuant to this Agreement;
b. if Platform Partner commits a material breach of any term of the Agreement and Platform Partner fails to remedy that breach within a period of seven (7) days after being notified in writing to do so;
c. if any User of Platform Partner uses the Services in any manner in which Affic, acting reasonably, believes may adversely impact another person’s use of the Services.
4. A dissolution within the meaning of this clause shall only have effect for the future and shall not oblige the Parties to undo any performance which they have carried out prior to the dissolution.
5. In the event of termination of this Agreement on any ground whatsoever, access to the Services will immediately cease and all and all outstanding debts, such as unpaid fees, shall become due and payable immediately.
14. Governing law and competent court
1. This Agreement and any offer or agreement between Affic and Platform Partner are construed in accordance with and shall be exclusively governed by the laws of the Netherlands.
2. Any and all disputes that may arise under or in connection with this Agreement or any offer or agreement between Affic and Platform Partner shall be exclusively referred to the competent court in Amsterdam, the Netherlands.
1. Obligations that are by their nature intended to continue after the end of the Agreement, such as intellectual property, confidentiality, warranties and liability and indemnification, shall continue to exist after the ending of the Agreement for any reason whatsoever.
2. If any provision of the Agreement is found to be invalid, unenforceable, nullified or non-binding, this will not affect the validity of the rest of the Agreement. Parties will enter into consultation with a view to agreeing on a change to that provision, in accordance with the spirit and purport of this Licence Agreement in general and the provision concerned in particular.
3. Affic is entitled to amend this Agreement unilaterally and without prior notice to Platform Partner. Only if and to the extent that, in the reasonable opinion of Affic, such an amendment will have a material effect on the Services to which the Platform Partner is entitled under the Agreement, Affic will give Platform Partner prior notice of the relevant amendments.
4. In the event that Affic would like to assign its legal relationship with Platform Partner to a third party, Platform Partner hereby grants permission in advance for and its cooperation to such an assignment as required by Article 6:159 (1) of the Dutch Civil Code.
5. Platform Partner may not sell, assign, sublicense, transfer, lease, rent, disclose or share its rights or any portion thereof granted under this Agreement.
Annex 1 - DPA
Take the following into consideration:
A. As part of the Agreement between Affic, (“Processor”) and Platform Partner (“Controller”), personal data will be processed (i.e. stored, shared and deleted) by Processor;
B. Pursuant to the provisions of Article 28 of the General Data Protection Regulation (“GDPR”), the arrangements for the processing and security of this personal data by Processor must be laid down in a processing agreement;
C. Parties have laid down the arrangements concerning the processing of personal data by Processor in this Data Processing Agreement (“DPA”).
Declare to have agreed as follows:
The terms used in this DPA that are written with a capital letter have the following meaning:
a. Data Subject: the person to whom the Personal Data relates.
b. Personal Data: all information about an identified or identifiable natural person that is processed by Processor in the context of the execution of the Services.
c. Platform: the online platform built by Processor via which the Services are accessible.
2. Processing of personal data
1. The categories of Data Subjects and types of Personal Data processed by Processor are included in Annex A of this DPA.
2. Processor shall only process the Personal Data disclosed to it on the basis of written instructions from the Controller and solely in the context of providing the Services, unless a provision of Union or Member State law applicable to Processor obliges it to do so. In that case, Processor shall notify Controller of that legal provision prior to processing, unless that legislation prohibits such notification for important reasons of public interest.
3. Processor has no control over the purpose and means of the processing of the Personal Data. Nothing in this DPA is intended to transfer control of the Personal Data to Processor in any way.
4. Processor shall not be permitted to:
a. process the Personal Data for its own purposes;
b. process the Personal Data for other or further purposes than reasonably necessary in the context of the Services;
c. share the Personal Data with third parties, insofar as this is not permitted in connection with the Services, on the basis of this DPA, a mandatory statutory provision, a court order and/or a request to that effect from supervisory or investigative authorities.
5. Controller allows Processor to process Personal Data at an aggregated level for statistical and analysis purposes.
Processor has the obligation to keep the Personal Data confidential and shall ensure that the persons authorised to process the Personal Data are also bound to confidentiality.
4. Assistance of Processor
1. Processor shall, taking into account the information available to it, provide assistance to reasonable requests from the Controller that relate to requests of Data Subjects to Controller for exercising their rights laid down in chapter III of the GDPR. If Processor is approached directly by a Data Subject, it will refer this Data Subject to the Controller as soon as possible.
2. Processor will cooperate with Controller in the performance of a Data Protection Impact Assessment (“DPIA”) and/or a Prior Consultation, at least insofar as this is possible in view of the information available to it and the nature of the processing. The reasonable costs incurred by Processor as a result of this duty to cooperate will be borne by Controller.
3. Processor will provide Controller, upon its request, with the necessary information to enable Controller to assess Processor’s compliance with the provisions of this DPA and/or article 28 of the GDPR.
4. If, as a result of the information provided in paragraph 3 of this article, the Controller has reason to believe that the processing of Personal Data is not taking place in accordance with this DPA, it may arrange for an audit to be carried out at its expense no more than once a year by an independent, certified, external expert who is bound by confidentiality. Processor can refuse an audit or instruction of the expert if, in its opinion, this is in conflict with the GDPR or other laws and regulations.
5. The parties shall consult with each other as soon as possible about the results of the audit. Processor will implement the proposed improvement measures insofar as these are appropriate in its opinion, taking into account the processing risks associated with the Services, the state of the art, the implementation costs, the market in which it operates and the intended use of the Services.
6. Processor reserves the right to charge the reasonable costs it makes in connection with the provisions of this article to Controller.
5. Security measures
Processor will take appropriate technical and organisational measures, which include the measures mentioned in Annex B. In the opinion of Processor and Controller, the described security measures offer a level of security appropriate to the risk, taking into account the state of the art, the implementation costs, as well as the nature, the scope, the context and the processing purposes, and the risks associated with the Services, which vary in terms of probability and seriousness.
6. Data breach
1. Processor will inform Controller without delay, but in any event within 48 hours of becoming aware of a breach in connection with Personal Data and will, to the best of its knowledge, provide the information referred to in article 33, paragraph 3 GDPR to Controller.
2. Processor shall keep Controller fully informed at all times of the progress of the recovery and all relevant developments regarding the breach referred to in paragraph 1 of this article and its consequences. Processor will take all measures that can reasonably be expected of it to remedy or limit as much as possible the adverse consequences of the breach.
7. Sub processors
1. Processor hereby obtains permission to subcontract parts of the processing of the Personal Data to the sub processors as listed in Annex C for the duration of the Agreement.
2. Processor shall notify the Controller of any intended changes concerning the addition or replacement of other sub processors, giving the Controller the opportunity to object to these changes within 30 days after the notification. Processor shall notify Controller of changes concerning sub processors via a published list on its website, accessible via: https://affic.com/sub-processors.
3. Processor shall guarantee that all sub processors engaged by it that play a role in the processing of Personal Data in connection with the Services shall comply with the obligations set out in this DPA, in particular the obligation to provide adequate guarantees regarding the application of appropriate technical and organisational measures in order to guarantee an equivalent level of protection of the Personal Data.
8. Transfers of Personal Data
1. Processor shall ensure that any processing of Personal Data carried out by or on behalf of Processor, including the third parties engaged by it, in connection with the Services shall take place within the European Economic Area (EEA) or in countries offering an adequate level of protection in accordance with the GDPR.
2. Without the prior written consent of Controller, Processor will not transfer or store Personal Data in a country outside the EEA or make Personal Data accessible from a non-EEA country, unless this country offers an adequate level of protection, a valid GDPR-transfer mechanism is used, - or a provision of Union or Member State law applicable to Processor obliges the transfer of Personal Data. In that case, Processor shall notify Controller of that legal provision prior to the processing, unless that legislation prohibits such notification for important reasons of public interest.
9. Rights and obligations
Controller guarantees that the data processing will take place in accordance with the laws and regulations. This means in any case that Controller guarantees that it has the right to collect the Personal Data or have them collected and that it is entitled to have these Personal Data processed by Processor.
1. Processor is not liable for any direct or indirect damage of Controller and/or Data Subjects, on any ground whatsoever, including but not limited to: consequential damage, loss of profit, missed savings, reduced goodwill, damage as a result of malfunctioning of the internet, data network or telecommunication facilities, damage due to mutilation, destruction or loss of (Personal) Data and damage caused by viruses, worms, Trojan horses or other malware spread via the Services or the Platform. Processor is also not liable for any administrative fine or order subject to a penalty imposed on Controller. These exclusions and limitations shall cease to apply if and insofar as the damage is the result of intent or deliberate recklessness on the part of the Processors management.
2. Furthermore, the liability between Parties shall be governed by the relevant arrangements about liability in the Terms.
11. Duration and termination
1. This DPA enters into force at the moment of acceptance in the ordering process of Processor and is entered into for the duration of the Services.
2. As soon as the Services terminate or end, for whatever reason, this DPA will remain in force for as long as Personal Data are processed by Processor for the benefit of the Controller, after which this DPA will end by operation of law.
3. After the termination of this DPA, Processor shall, at the choice of Controller, return all Personal Data or delete it within one year.
4. Processor shall only retain a copy of the Personal Data if it is obliged to do so under a mandatory provision of law.
12. Applicable law and competent court
1. This Agreement and any offer or agreement between Processor and Controller are construed in accordance with and shall be exclusively governed by the laws of the Netherlands.
2. Any and all disputes that may arise under or in connection with this DPA or any offer or agreement between Processor and Controller shall be exclusively referred to the competent court in Amsterdam, the Netherlands.
1. The Parties shall act in accordance with the provisions of the GDPR and the Dutch GDPR Implementation Act (Uitvoeringswet Algemene Verordening Gegevensbescherming) and future (European) laws and regulations relating to the processing of personal data. If future laws and regulations require the amendment of this DPA, the Parties will enter into consultation in order to make new arrangements which will maintain the purport of this DPA as far as possible.
2. Amendments and supplements to this DPA are only valid if they are agreed upon in writing by the Parties.
3. Obligations that are by their nature intended to continue after the end of the DPA, such as liability and confidentiality, shall continue to exist after the ending of the DPA for any reason whatsoever.
4. If any provision of the DPA is found to be invalid, unenforceable, nullified or non-binding, this will not affect the validity of the rest of the DPA. Parties will enter into consultation with a view to agreeing on a change to that provision, in accordance with the spirit and purport of this DPA in general and the provision concerned in particular.
5. In the event that Processor would like to assign its legal relationship with Controller to a third party, Controller hereby grants permission in advance for and its cooperation to such an assignment as required by Article 6:159 (1) of the Dutch Civil Code.
Annex A – types of personal data and categories of data subjects
We process the following personal data of customers of Platform Partners (Users):
- First name
- Last name
- Email address
- Phone number
Annex B – technical and organisational security measures
Processor shall implement and employ appropriate technical and organisational measures to protect the Personal Data against unauthorised use or access, loss, destruction, theft, or disclosure. Processor shall at least take the security measures described below in order to protect the Personal Data:
- Responsibility for information security shall be assigned to relevant management;
- An appropriate information security policy shall be available, approved by management and communicated to all staff members;
- Members of staff shall receive regular security and privacy awareness training;
- All access to Personal Data shall be authenticated by way of passwords, PKI, or biometrics;
- Access to Personal Data shall be controlled based on a need to know, using the least-privilege principle;
- Network transmissions of Personal Data shall be encrypted using Transport Layer Security (TLS);
- Network services providing access to Personal Data shall be protected by firewalls with a default-deny setting;
- Appropriate physical security measures shall be implemented regarding the access to the Personal Data.