Article 1: Definitions
1.1 Services: the entire work of Expivi for the implementation of this Agreement.
1.2 Fault: a defect in the Software that leads to the Software not functioning in accordance with the Specifications or otherwise, non-compliance of the Software with the License Agreement.
1.3 Defect: a fault in the Software that leads to the Software not functioning in accordance with the agreed Specifications or otherwise, non-compliance of the Software with the Agreement.
1.4 Incidents: an event that causes the Software not to function in accordance with the agreed Specifications or not to be available for use at the Location.
1.5 License Agreement: the agreement between Licensee and Expivi [or third party], on the basis of which, the Licensee obtains user rights for the Software.
1.6 New Version: a subsequent version of the Software with predominantly new or changed functionalities, whether or not released with a different name.
1.7 Support: the provision of assistance by employees in the case of Incidents, as well as advising on the use and functionality of the Software.
1.8 In Writing: the term ‘in writing’ also includes by email, fax or other electronic medium.
1.9 Website: www.expivi.com.
1.10 Specifications: a description of the functionality and operation of the Software in connection with the browser configuration.
1.11 Start date: the date the (main) contract was entered into.
1.12 Temporary License: time-limited, non-exclusive rights to use the Software. These user rights are granted by Expivi to the Licensee in exchange for payment of a periodic fee.
1.13 Update(s): a new release of the Software, in which previously known Defects have been removed and/or a limited improvement or expansion of the existing functionality has taken place.
Article 2: Services
2.1 From the Start Date, Expivi will make the Software available and keep it available for use in accordance with the License Agreement.
2.2 Expivi hereby grants the Licensee the Temporary License with regard to the Software as further described on the Website.
2.3 Expivi will provide Licensee with support in the application of the Service and possible problems encountered with it by Licensee’s employees.
3.1 The Temporary License has the following limitations:
1. The Licensee is not permitted to give the Software to third parties or to use it for third parties, unless agreed otherwise.
2. The Licensee is not permitted to change or modify the Software.
3. The Licensee is not permitted to reconstruct the source code of the Software by means of reverse engineering. If the Licensee requires information to effect interoperability of the Software with computer software of the Licensee itself or of third parties, the Licensee will request the necessary information from Expivi in writing, stating reasons for this. Expivi will then notify the Licensee, within a reasonable period of time, whether the Licensee can obtain the requested information and the conditions under which it is provided.
4. The Licensee is not permitted to remove any designation concerning copyrights, trademarks, trade names or other rights of (intellectual) property from the Software and/or the Documentation.
3.2 Expivi is entitled to investigate whether the Licensee is using the Software in a manner that corresponds with the terms and conditions of the License Agreement. The Licensee undertakes to cooperate with such an audit. Expivi bears the costs incurred for such an audit, both its own costs and the Licensee’s costs.
Article 4: Compensation
4.1 Immediately after entering into the License Agreement, Expivi is entitled to invoice the License Fee which is due for the first year that this License Agreement proceeds. All additional costs are billed monthly, in arrears. The Licensee shall pay Expivi the relevant parts of the License Fee within 14 days after receipt of the invoice concerned.
4.2 Expivi is only entitled to change the level of (the remaining parts of) the License Fee in the following cases:
1. Once a year, for the first time one year after the entry into force of this License Agreement, with a maximum of 5%.
4.3 Taxes, levies and other additional costs due on the License Fee are not included in the License Fee.
4.4 If the Licensee does not pay the amounts due within the agreed terms, once the Licensee is in default, the Licensee will then owe Expivi the statutory commercial interest on the outstanding unpaid amount.
Article 5: Updates and New versions
5.1 From time to time, Expivi will issue Updates in connection with the maintenance or optimisation of the Software. Expivi does not require (written) permission from the Licensee to do so.
5.2 If Expivi releases a New Version, it will also make it available to the Licensee.
Article 6: Cooperation of the Licensee
6.1 Expivi’s obligations pursuant to this Agreement with regard to the implementation of the services do not affect the Licensee’s obligation to establish, maintain and implement adequate procedures and control mechanisms, taking into account the nature and scope of the interests of use, as well as preventing or limiting damage resulting from possible irregularities in the service. The Licensee will ensure that its staff are adequately trained and informed about the operation of the Software.
6.2 Specifically, the Licensee will ensure adequate information and contractual agreements with external users who, for example, via the internet, without the actual intervention of a member of the Licensee’s staff, perform actions that also make use of the Software, about the risks associated with the use of an automated system for carrying out transactions and related services.
Article 7: Intellectual property rights
7.1 The intellectual property rights relating to the Software are vested with Expivi or its licensor(s).
7.2 The Licensee retains the ownership rights to files, designs, models, datasets, images, documents or similar material produced by the Licensee and sent or uploaded by the Licensee.
7.3 Expivi indemnifies the Licensee in legal proceedings instituted against the Licensee by third parties for all claims based on the statement that the use of the Software infringes the intellectual property rights belonging to this third party, unless:
1. the Licensee fails to notify Expivi immediately of the claim In Writing; or
2. the claims of third parties are caused by changes to the Software which have been made by Licensee or by third parties it employs; or
3. the claims of third parties are caused by the use of the Software in a way that is otherwise contrary to the terms of this License Agreement.
7.4 The indemnity referred to in Article 7.3 is only applicable if the Licensee entrusts Expivi with the handling of the case, including the conducting of settlement negotiations, and, if requested, the Licensee will provide Expivi with the required cooperation.
7.5 The Licensee declares that if a claim, as referred to in Article 7.3, is filed, it will agree with Expivi’s choice that it:
1. will modify the Software in such a way that it no longer constitutes an infringement;
2. will replace the Software with a functionally equivalent product;
3. will terminate the License Agreement and pay a fee to the Licensee equivalent to the full License Fee.
Article 8: Transfer
8.1 The parties are not permitted to transfer the rights and obligations from the License Agreement to a third party without the prior written consent of the counter-party. The party that is asked for permission is entitled to attach conditions to the granting of this permission.
Article 9: Change to this License Agreement
9.1 Expivi reserves the right to change or supplement this License Agreement.
9.2 Changes also apply to contracts which have already been entered into, with due observance of a period of 30 days after notification to the client, but only if the relevant agreements serve to provide services for a period of 12 (twelve) months or longer.
9.3 Expivi will seriously consider any objections reported by the client within this period, and may revoke or adjust the relevant changes on the basis of these objections. If Expivi makes an objection, the client will be entitled to terminate the agreement at the end of this period.
Article 10: Other provisions
10.1 Expivi’s General Terms and Conditions are applicable to this License Agreement.
10.2 The agreement between the client and Expivi is governed by Dutch law.
10.3 If a dispute is not settled amicably, the Judge of the Court of Overijssel, the Netherlands, is competent to settle the matter.
Article 1: Purposes of processing
1.1 The Processer undertakes to process personal data on assignment from the Processing Officer, pursuant to the conditions of this Processor Agreement. Processing shall only take place in the framework of the hosting of parts of the Processing Officer’s website, and associated online services, storage of the Processing Officer’s data in the ‘cloud’, and associated online services, plus those purposes which are reasonably related thereto, or that are determined in further consent.
1.2 The Processor shall only process (special) personal data on assignment from the Processing Officer which has been provided by the Processing Officer to the Processer in the framework of this Processing Agreement and which shall be hosted by Processor.
1.3 The Processor shall not make any independent decisions about the processing of the personal data for other purposes, including the provision thereof to third parties and the duration of the storage of data. The control over personal data provided to the Processor in the framework of this Processor Agreement or other agreements between the parties, as well as the data processed by the Processor within that framework, is vested with the Processing Officer.
1.4 The personal data to be processed on assignment from the Processing Officer remains the property of the Officer and/or the data subjects concerned.
1.5 The Processing Officer guarantees to keep a register of the processing operations regulated under this Processor Agreement. The Processing Officer indemnifies the Processor against all legal claims and claims relating to the non-compliance or incorrect compliance with the registration obligation.
Article 2: Processor’s obligations
2.1 With regard to the processing operations referred to in article 1, the Processor shall ensure compliance with applicable laws and regulations, including, in any case, the laws and regulations relating to the protection of personal data, such as the General Data Protection Regulation.
2.2 The Processor shall inform the Processing Officer, on first request, of the measures it has taken with regard to its obligations pursuant to this Processor Agreement.
2.3 The Processor’s obligations arising from this Processor Agreement also apply to those who process personal data under the authority of the Processor, including but not limited to employees, in the broadest sense of the word.
2.4 The Processing Officer shall extend the necessary cooperation to the Processing Officer, if, in the context of processing, a Data Protection Impact Assessment (DPIA) or prior consultation of the supervisory authority, is necessary.
Article 3: Transfer of personal data
3.1 The Processor may process the personal data in countries within the European Union. Transfer to countries outside the European Union is prohibited, without the prior written consent of the Processing Officer.
Article 4: Distribution of responsibility
4.1 The Processor shall make ICT resources available for the processing operations that can be used by the Processing Officer for the aforementioned purposes. The Processor only carries out processing on the basis of separate agreements.
4.2 The Processor is solely responsible for the processing of the personal data pursuant to this Processing Agreement, in accordance with the assignment from the Processing Officer and under the explicit (final) responsibility of the Processing Officer. The Processer is explicitly not responsible for the other processing of personal data, including, in any case, but not limited to the collection of the personal data by the Processing Officer, processing for purposes not reported to Processor by the Processing Officer, processing by third parties and/or for other purposes.
4.3 The Processing Officer guarantees that the content, the use and the assignment for the processing of the personal data as referred to in this Agreement are not unlawful and do not infringe any rights of third parties.
Article 5: Engaging third parties or subcontractors
5.1 The Processing Officer hereby gives the Processor permission to engage a third party in the processing of personal data, based on this Processor Agreement, with due observance of the applicable privacy legislation.
5.2 The Processor shall make every effort to ensure that these third parties undertake the same obligations, in writing, as those agreed between the Processing Officer and the Processor regarding the processing of personal data.
Article 6: Security
6.1 The Processor shall take the appropriate technical and organisational measures with regard to the processing of personal data, against loss or against any form of unlawful processing (such as unauthorised inspection, violation, modification or provision of the personal data).
6.2 In any case, the Processor has taken the following measures:
– Logical access control, using passwords or keys.
– Physical measures for access security.
6.3 The Processor does not guarantee that the security is effective under all circumstances. If an explicitly described security measure is missing from the Processor Agreement, the Processor shall make every effort to ensure that the security shall fulfil a level that, as regards the state-of-the-art, the sensitivity of the personal data and the costs associated with providing the security, are not unreasonable.
6.4 The Processing Officer shall only make personal data available to the Processer for processing, if it has been ensured that the required security measures have been taken. The Processing Officer is responsible for compliance with the measures agreed by the Parties.
Article 7: Reporting obligation
7.1 In the case of a data leak concerning the personal details from the Processing Officer, the Processor shall inform the Processing Officer of this immediately, or within 24 hours of the discovery of the leak, as a result of which the Processing Officer shall assesses whether it shall inform the data subjects and / or the relevant regulator(s) or not. The Processor shall make every effort to ensure the information provided is complete, correct and accurate. The reporting obligation applies regardless of the impact of the leak.
7.2 If the laws and/or regulations so require, the Processor shall cooperate in informing the relevant authorities and/or the data subjects.
7.3 The reporting obligation, in any case, includes reporting the fact that there has been a leak, as well as:
– The date on which the leak occurred (if no exact date is known: the period within which the leak occurred);
– What is the (alleged) cause of the leak;
– The date and time at which the leak became known to the Processor or to a third party or subcontractor engaged by it;
– Whether the data is encrypted, hashed, or is otherwise incomprehensible or inaccessible to unauthorised persons;
– What are the intended measures and/or measures already taken to plug the leak and to limit its consequences;
– Contact details for the follow-up of the report.
Article 8: Data subjects’ rights
8.1 In the case that a data subject submits a request to the Processor to exercise his/her legal rights, the Processor shall forward the request to the Processing Officer and inform the data subject of this. The Processing Officer shall then continue to process the request independently.
8.2 In the case that a data subject submits a request to the Processing Officer to exercise one of his/her legal rights, the Processor shall, if this is required by the Processing Party, cooperate insofar as this is possible and reasonable. The Processor may charge to the Processing Officer the reasonable costs incurred for this.
Article 9: Secrecy and confidentiality
9.1 All personal data received by the Processor from the Processing Officer and/or which is collected b in the framework of this Processor Agreement is subject to a confidentiality obligation with regard to third parties. The Processor shall not use this information for any purpose other than the purpose for which it has obtained this information; even if the information has been put in such a form that it cannot be traced back to the data subjects
9.2 This confidentiality obligation does not apply insofar as the Processing Officer has given explicit permission to provide the information to third parties, if the provision of the information to third parties is logically necessary in view of the nature of the assignment and the execution of this Processor Agreement, or if there is a legal obligation to provide the information to a third party.
Article 10: Audit
10.1 The Processing Officer has the right to have audits carried out by an independent ICT expert, who is bound by a confidentiality obligation, in order to check compliance with all the points in this Processor Agreement.
10.2 This audit shall only take place after the Processing Officer has requested and assessed similar audit reports from the Processor and presented reasonable arguments which justify an audit initiated by the Processing Officer. Such an audit is justified when the similar audit reports from the Processor give no information or insufficient information regarding the compliance with this Processor Agreement by the Processor. The audit initiated by the Processing Officer shall take place two weeks after prior notification by the Processing Officer, and, at most, once a year.
10.3 In the case that an audit takes place, all reasonably relevant information, including supporting data, such as system logs and employees, shall be made available in as timely a manner as possible and within a reasonable period of time; with a maximum period of two weeks being reasonable. The Processing Officer shall ensure that the audit causes the least possible operational disruption to the Processor’s other work.
10.4 The findings resulting from the audit shall be assessed by the Parties in mutual consultation and, in response thereto, shall be implemented by one of the Parties or jointly by both Parties.
10.5 The costs of the audit are borne by the Processing Officer.
Article 11: Liability
11.1 The Processor’s liability for damage as a result of a culpable shortcoming in compliance with the Processor Agreement, whether from an unlawful deed or otherwise, is excluded. Insofar as the aforementioned liability cannot be excluded, per event (a series of consecutive events counts as one event) it is limited to the compensation of direct damage, to a maximum of the amount of the fees received by the Processor for the work pursuant to this Processor Agreement for the month proceeding the event which caused the damage. The Processor’s liability for direct damage, in total, shall never be more than the amount of compensation received for the work pursuant to Processor Agreement over the three months prior to the event causing the damage.
– Direct damage is exclusively understood to mean all damage consisting of:
– Damage directly inflicted on material property (“property damage”);
– Reasonable and demonstrable costs to remind the Processor to perform the Processor Agreement (again) properly;
– Reasonable costs to determine the cause and extent of the damage, insofar as this concerns the direct damage as referred to here; and
– Reasonable and demonstrable costs incurred by the Processing Officer to prevent or limit the direct damage as referred to in this article.
11.3 The liability of the Processor for indirect damage is excluded. Indirect damage is understood to mean all damage that is not direct damage and, therefore, in any case, but not limited to, consequential loss, lost profit, missed savings, reduced goodwill, loss due to business stagnation, damage due to non-determination of marketing objectives, damage related to the use of data or data files prescribed by the Processing Officer, or loss, malformation or destruction of data or data files.
11.4 The exclusions and limitations referred to in this article shall lapse, if and insofar as the damage is the result of intent or deliberate recklessness on the part of the Processor or its Management.
11.5 Unless compliance by the Processor is permanently impossible, the liability of Processor due to a culpable shortcoming in the fulfilment of the Agreement only arises if Processing Officer immediately informs the Processor in writing, establishing reasonable term for remedying the shortcoming; and after that term, the Processor remains in culpable non-compliance with the fulfilment of its obligations. The notice of default must contain as complete and detailed a description of the shortcoming as possible, so that the Processor is given the opportunity to adequately remedy it.
11.6 Any claim for compensation by Processing Officer against Processer, which has not been specified and explicitly reported, shall expire with the passage of twelve (12) months after the time at which the claim arose.
Article 12: Duration and termination
12.1 This Processor Agreement is entered into at the moment that acceptance by the Processing Officer is communicated to the Processor and shall continue for the duration of the Agreement and, in the absence of such term, for the duration of the (further) cooperation.
12.2 As soon as the Processor Agreement has been terminated, for whatever reason and in whatever way, the Processor shall return all personal data which it has in its possession to the Processing Officer or delete and/or destroy this data.
12.3 The Processing Officer may be charged the reasonable costs for the return of the personal data and/or any copies thereof by the Processor.
12.4 The parties may only amend this agreement by mutual consent.
Article 13: Applicable law and dispute resolution
13.1 The Processor Agreement and its execution are governed by Dutch law.
13.2 All disputes that may arise between the Parties in connection with the Processor Agreement shall be submitted to the competent court of the district in which the Processor is established.
13.3 Logs and measurements made by the Processor apply as compelling evidence, subject to proof to be provided by the Processing Officer.