By becoming a visitor, user, and/or customer of WPCS you agree to the following:
Article 1. Definitions
- AP: the Dutch Data Protection Authority, “Autoriteit Persoongegevens”;
- AVG: the General Data Protection Regulation, “Algemene Verordening Gegevensbescherming”;
- Client: a visitor, user, and/or customer of WPCS;
- General Terms and Conditions: the general terms and conditions of the Processor, which form an inseparable part of the policy;
- Data Breach: a breach of the security of Personal Data that accidentally or unlawfully leads to the destruction, loss, alteration or unauthorized disclosure of or unauthorized access to transmitted, stored or otherwise processed data;
- Service: the product or service that the Client has purchased from WPCS;
- Product Space: The part of the WPCS platform that is made available by WPCS to the Client and that can be used to exploit websites.
- Agreement: the agreement concluded between the Client and WPCS by usage of the Platform, on the basis of which WPCS will Process Personal Data for the Client;
- Personal data: all data, including Client’s customers and / or potential customers data, that can be traced directly or indirectly to a natural person as referred to in Article 4 opening lines and under 1 GDPR;
- Platform: the WPCS platform as offered.
- Sub-processor: the subcontractor engaged by WPCS, who processes Personal Data of the Client in the chamber of this Processing Agreement as referred to in Article 28 paragraph 4 GDPR;
- Processing: the processing of Personal Data as referred to in Article 4 opening lines and under 2 GDPR;
- Data Processing Policy: the present policy which forms part of the Legal Policy;
- Processing: the processing of Personal Data by WPCS for the Client on the basis of the Agreement;
The provisions of the Legal Policy are fully applicable to the Data Processing Policy. With regard to the processing of Personal Data, the provisions of this Data Processing Policy always prevail.
Article 2. Responsible for and processor of the data
- WPCS processes Personal Data on behalf of the Client in the performance of the Agreement. The provisions of this Data Processing Policy apply to this Processing.
- The Processing relates to the following categories of data subjects:
- Users of the Product Space that WPCS makes available to the Client
- Visitors to the websites built and operated by the Client
- The Client’s customers and / or potential customers
- The processing takes place for the following purposes and concerns the following categories of personal data:
All websites in the Product space:
- Purposes: Delivery and improvement of the Product Space: fulfillment of the agreement.
- Categories of personal data: All data that the Client makes available to us through the use of our Service.
Other activities
- Purposes: Providing hosting, optionally the associated e-mail address: compliance with the conditions in the agreement with the Client: compliance with the agreement.
- Categories of personal data: All data that the Client makes available to us through the use of our Service.
- WPCS only processes the Personal Data for the activities specified in this Data Processing Policy and / or the Agreement. WPCS will not use the Personal Data in any other way, unless the Client has given explicit written permission for this, or a legal provision obliges WPCS to do so. In that case, WPCS will inform the Client, prior to the Processing, which legal provision it concerns, unless that legislation opposes this.
Article 3. Processor’s general duty of care
WPCS ensures compliance with this Data Processing Policy and the legal rules (such as the AVG) that apply to WPCS. If the Client so requests, WPCS will inform the Client about the actions and measures WPCS has taken in the context of this general duty of care of the Processor.
Article 4. Technical and organizational facilities
- WPCS will take appropriate technical and organizational measures or have them taken to protect Personal Data against loss or unlawful Processing. WPCS must ensure that the security level is tailored to the risks. The state of the art and the costs of the security measures will be taken into account.
- WPCS will in any case take measures to protect Personal Data against destruction, against accidental and deliberate loss, forgery, unauthorized distribution or access, or against any other form of unlawful Processing.
- WPCS will inform the Client about the fulfillment of the security obligations that rest on the Client himself. When this is laid down in an Agreement, WPCS will also implement these security changes on the Service.
- WPCS will provide upon request a document on request stating the technical and organizational measures that WPCS has taken. In that case, this document forms part of the Processing Agreement and will be enclosed as an attachment
Article 5. Confidentiality
WPCS will have all its employees, who are involved in the implementation of the Agreement, sign a confidentiality agreement – whether or not arising from or included in the employment agreement with those employees – which in any case states that these employees must observe confidentiality with regard to the Personal Data. WPCS takes all necessary measures, such as screening employees and securing data carriers, to guarantee that this confidentiality obligation is observed.
Article 6. Third parties and subcontractors
- WPCS is permitted to use Sub-processors in the context of this Data Processing Policy and the Agreement. If WPCS wishes to engage another Sub-processor, WPCS will inform the Client of the intended changes. The Client must object to these changes within five (5) working days. WPCS will respond to the Client’s objection within five (5) working days. Wildcloud BV will provide a complete list of sub-processors at the first request of the Client. Wildcloud BV will immediately inform the Client of changes regarding an addition or replacement of sub-processors, whereby the Client will be offered the opportunity to object to the changes.
- WPCS contractually obliges each sub-processor to comply with the confidentiality obligations, reporting obligations and security measures with regard to the Processing of Personal Data, which obligations and measures must at least comply with the provisions of this Data Processing Policy.
Article 7. Liability
The liability of WPCS towards the Client is regulated in the contract.
Article 8. Breach of Personal Data (Data Breach)
- If WPCS becomes aware of a Data Breach, it will (i) notify the Client thereof without unreasonable delay, after WPCS has become aware of the existence of the Data Breach, and (ii) take all reasonable measures to (further) prevent and / or limit violations of the GDPR. When taking the aforementioned measures, WPCS will refrain where possible from taking measures that are irreversible and / or seriously hinder an investigation into the causes of the Data Breach.
- WPCS will cooperate with the Client and support the Client in the performance of its legal obligations with regard to the established incident.
- WPCS will support the Client with the obligation of the Client to report the breach in connection with Personal Data to the Dutch Data Protection Authority (“AP”) and / or the data subject, as referred to in Article 33 paragraph 3 and 34 paragraph 1 GDPR. WPCS will refrain from independently reporting a breach of Personal Data to the AP and / or the data subject.
Article 9. Assistance to the Client
- WPCS will, as far as reasonably possible, assist the Client in fulfilling its duty under the GDPR to answer requests to exercise the rights of a data subject, in particular the right of access (art. 15 GDPR), rectification (Art. 16 GDPR), erasure (Article 17 GDPR), limitation (Article 18 GDPR), portability (Article 20 GDPR) and the right to object (Articles 21 and 22 GDPR). WPCS will forward a complaint or a request from a data subject regarding the Processing of Personal Data to the Client, who is responsible for handling the request. WPCS is entitled to charge any costs involved in the cooperation to the Client.
- WPCS will, as far as reasonably possible, support the Client in fulfilling its obligation under the GDPR to carry out a data protection impact assessment (art. 35 and 36 GDPR).
- WPCS enables the Client to check compliance with the Data Processing Policy and, in particular, the security measures taken by WPCS, no more than once per calendar year, subject to a reasonable term and with the consent of WPCS. Such a check will at all times be carried out in a manner that has the least possible effect on the normal business operations of WPCS and is at the expense of the Client. WPCS is entitled to charge any costs involved in the provisions of this article to the Client. If WPCS is of the opinion that an instruction in connection with the provisions of this paragraph constitutes a violation of the GDPR or other privacy legislation applicable to it, WPCS will immediately notify the Client.
- The audit in article 10.3 will only take place after the Client has requested and assessed the similar audit reports available at WPCS and submits reasonable arguments that justify an audit initiated by the Client. Such an audit is justified if the similar audit reports available at WPCS provide no or insufficient information about compliance with this Data Processing Policy.
Article 10. Termination & Miscellaneous
- With regard to termination of this Data Processing Policy, the specific provisions of the Agreement apply. Without prejudice to the specific provisions of the Agreement, WPCS will, at the first request of the Client, delete all Personal Data or return it to him, and delete existing copies, unless WPCS is legally obliged to store the Personal Data.
- The Client will adequately inform WPCS about (legal) retention periods that apply to the Processing of Personal Data for the Processor. WPCS will not Process the Personal Data for longer than in accordance with these retention periods.
- The obligations under this Data Processing Policy that by their nature are intended to survive termination will remain in force even after termination of this Data Processing Policy.