Effective date: March 1, 2021
For European agreements contracted with our European entity, Aspiration Marketing S.R.L., we apply the following
Between Aspiration Marketing S.R.L., also referred to as “Provider” and you, also referred to as “Beneficiary”.
This Agreement regulates the conditions applicable to the processing of personal data by the Provider when and while providing services for the Beneficiary. Through this Agreement, the parties intend to ensure that the processing of personal data is carried out in compliance with the relevant legislation on the protection of personal data, including EU Regulation no. 2016/679, respectively with respect to the rights of individuals whose personal data is processed.
In this Agreement, the following terms shall be defined as follows:
2.1. The Provider will process the Personal Data as an Authorized Person, in order to provide the Services/Scope of Work, when the provision of the Services requires the processing of Personal Data.
2.2. The Provider undertakes to process the Personal Data according to the Operator's instructions and in compliance with the Data Protection Legislation.
2.3. The Beneficiary, as Operator, has the obligation to ensure that:
2.4. The Provider, as the Authorized Person, will ensure that:
3.1. The Provider may subcontract its obligations, respectively may appoint another Authorized Person for the processing of Personal Data, under the following conditions:
4.1. The Provider undertakes to implement the appropriate security measures to ensure the security of the Processing of Personal Data, as well as to ensure the confidentiality of the Personal Data that it processes. In this sense, the Provider will take into account the provisions of art. 32 of Regulation (EU) 2016/679, following to implement the security measures imposed by the Regulation, when they are mandatory.
4.2. The Beneficiary undertakes to implement adequate security measures to ensure the security of Personal Data Processing, in accordance with the provisions of Regulation (EU) 2016/679 and other applicable normative acts and/or good practices, regarding its activities of data processing.
4.3. If the Provider or any Authorized Person empowered by them becomes aware of a breach of the security of personal data, the Provider will immediately inform the Beneficiary and provide them with all the necessary information so that they can fulfill their obligations to report to the adequate Supervising Authority and/or in order to inform the Data Subjects. At the same time, the Provider will provide the Beneficiary with all the necessary assistance, without additional costs, in order to remedy the security incident and mitigate its negative effects.
5.1. The Provider will not transfer the Personal Data that it processes under this Agreement, as an Authorized Person, outside the EEA, unless the transfer is made for the sole purpose of the Scope of Work.
6.1. Within no more than 30 days from the termination of the Scope of Work, the Provider, at the Beneficiary’s choice, will delete or return all Personal Data processed under this Agreement (including any copies in their possession).
6.2. As an exception, even after the termination of the Scope of Work, the Provider will keep Personal Data, if required by a legal obligation. In such a situation, the Provider will archive this data and/or will implement any necessary technical measures to prevent further processing. The provisions of this Agreement shall continue to have effect in respect of such data.
7.1. In the event that the Provider receives any request regarding the Processing of Personal Data from Data Subjects, Supervising Authorities or any other third parties, the Provider will redirect the received request to the Beneficiary. The Beneficiary will formulate and send a response to the request’s author in accordance with the provisions of the Data Protection Legislation.
7.2. The Provider will not respond to any such requests, except in the following situations:
7.3. The Provider will assist the Beneficiary, at no additional cost, by providing any information it holds, so that:
8.1. According to the Regulation, the Provider, as the Authorized Person, is liable for the damage it may cause through its processing operations that violate the provisions of the Regulation when:
8.2. At the same time, in case of breach of the obligations assumed by this Agreement, and/or breach of the legal obligations, the Provider undertakes to fully repair the damage caused to the Beneficiary.
8.3. Any eventual fine applied to the Beneficiary for violating the obligations assumed under the Regulation will be paid by the Provider, if the cause of the fine was the non-fulfillment of the obligations assumed by the Provider according to the Agreement or non-fulfillment of its legal obligations. Also, any damage caused to the Data Subjects will be repaired by the Provider in the situation where the damage was caused by them, even if the Data Subject requests the repair of the damage from the Beneficiary.
8.4. The Beneficiary is liable for the damage caused by its processing operations carried out in violation of the Regulation. The Beneficiary shall also be liable for breach of its obligations under this Agreement under the law.
9.1. Your physical address will determine Jurisdiction, Contracting Entity; Applicable Law; Notice as specfied here.
9.2. This Agreement may only be amended by addendums signed by both parties.