User conditions Simple-Simon

The service “Simple-Simon, the Smart Work Order app”, in the following called SimpleSimon, is offered to you through the internet as Software-as-a-Service by the company Mobile Operating B.V. Thee use of Simple-Simon is subject to the conditions below. By using Simple-Simon, you agree with these. Deviations from these general conditions are only binding if they have been accepted in writing by Mobile Operating B.V.

Deviations from these terms and conditions are only binding if explicitly accepted in writing by Mobile Operating B.V.

Article 1. Use of the Service

1.1 Simple-Simon offers you the possibility of managing work order in Simple-Simon’s office program and to process with the Simple-Simon app. You decide yourself what information you have filled out and what to do with the results.

1.2 To be able to use Simple-Simon, you must first register. After completing your registration, you can log in on your account directly and use the service.

1.3 You must shield access to your account by way of the username and password from unauthorised people. You must especially keep the password strictly secret. Mobile Operating B.V. may assume that everything which takes place from your account after log-in with your username and password transpires under your direction and supervision. So, you are liable for all these actions. You can easily change your password and those of your colleagues, so you have control over this aspect as well. Passwords are stored destructively hashed, so Mobile Operating B.V. cannot retrace your passwords.

1.4 With Simple-Simon, you may possibly process personal data. This may be client data, work addresses, or other personal data. Mobile Operating B.V. hereby acts as a processor in the sense of privacy legislation ‘Wet bescherming persoonsgegevens’. You safeguard Mobile Operating B.V. against all claims by data subjects under this law.

Artikel 2. Rules of use

2.1 It is prohibited to use Simple-Simon for actions which violate Netherlands or other applicable legislation and regulations. This includes, amongst other things, the storage or distribution through the service of information which is defamatory, slanderous, or racist.

2.2 It is especially prohibited to ask for personal data without having published an adequate privacy policy. Also, for other processing of personal data you must observe said law ‘Wet bescherming persoonsgegevens’.

2.3 In addition, it is prohibited at Simple-Simon to:

• Use indecent language;

• Place information in locations where such is undesirable (off topic);

• Spread information which is pornographic or erotic (also if it is legal in itself);

• Spread information which violates copyrights, or to place hyperlinks to such information;

• Assist others with infringing on third-party rights, for example by linking to hack tools or explaining cyber-crime in a manner which apparently intends to enable the reader to (let) commit the described criminal conduct and not to be able to defend oneself against it;

• Violate the privacy of third parties, for example by distributing, without permission or necessity, third-party personal data, or by repeatedly badgering third parties with information they do not want;

• Deploy it for commercial purposes;

and furthermore, to do anything which is in violation of the netiquette.

2.4 If Mobile Operating B.V. notes that you violate the above conditions or receives a complaint concerning, Mobile Operating B.V. may intervene itself to terminate the violation.

2.5 If in the opinion of Mobile Operating B.V. disturbance, damage, or another risk arises for the functioning of the computer systems or the network of Mobile Operating B.V. or third parties and/or for the provision of services through the internet, especially through the excessive forwarding of e-mail or other data, the leaking of personal data or activities of viruses, Trojans, and comparable software, Mobile Operating B.V. is authorised to take all measures which it reasonably deems necessary to avert or prevent this danger.

2.6 Mobile Operating B.V. is authorised at all times to file a police report for such criminal actions as it may identify.

2.7 Mobile Operating B.V. can claim the damage resulting from violations of these rules of use from you. You safeguard Mobile Operating B.V. against all third-party claims which concern damage as a result of a violation of these rules of use.

Article 3. Availability, Maintenance, Support

3.1 Mobile Operating B.V. exerts itself to have the service available but does not guarantee uninterrupted availability.

3.2 Mobile Operating B.V. actively services Simple-Simon. If it is expected that maintenance will lead to a limitation of availability, Mobile Operating B.V. will carry this out when the use of the service is relatively low. Maintenance is announced in advance as much as possible. Maintenance in connection with calamities may take place at any time and is not announced in advance.

3.3 Mobile Operating B.V. may adjust the functionality of Simple-Simon from time to time. Thereby, your feedback and suggestions are welcome, but ultimately Mobile Operating B.V. decides itself what modifications it applies or not.

3.4 After the free trial period which includes a free online demo, functional support in the use of Simple-Simon is mainly offered in the form of paid training. The various options for this are listed on the website. During office hours, a helpdesk can be reached via email in case of technical malfunctions or imperfections.

3.5 Except for master data, records are deleted based on their age in order to keep data storage costs as low as possible. The current retention period for work orders and completed questionnaires is four years, but this can be determined at any time by Mobile Operating

3.6 It is the user’s responsibility to regularly download data from the system via exports or reports. Mobile Operating is explicitly not responsible for creating or restoring backups. Data loss resulting from user errors or system failures can under no circumstances be attributed to Mobile Operating.

Article 4. Intellectual Property

4.1 The service Simple-Simon, the associated software, as well as all information and images on the website are the intellectual property of Mobile Operating B.V. They may not be copied or used in any manner without the separate written consent of Mobile Operating B.V., except in such cases where it is legally permitted.

4.2 Information you store or process through the service is and remains your property (or that of your suppliers). Mobile Operating B.V. has a limited right of use to deploy this information for the service, including for future aspects thereof. You can withdraw this right of use by removing the relevant information and/or by terminating the agreement.

4.3 If you send information to Mobile Operating B.V., for example feedback about an error or a suggestion for improvement, you grant them an unlimited and eternal right of use to use this information for the service. This does not apply to information which you emphatically mark as confidential.

4.4 Mobile Operating B.V. will not take cognizance of data which you store and/or distribute through Simple-Simon, unless this is necessary for a proper provision of services or unless Mobile Operating B.V. is obliged to do so pursuant to a legal provision or court order. In that case, Mobile Operating B.V. will exert itself to limit cognizance of the data as much as possible, to the extent it has control over this.

Article 5. Fee for the service

5.1 For the use of Simple-Simon, a fee is due; Payment Per User, Per Month, all matters as further indicated on the website. This fee is expressed in credits. You purchase these credits in advance.

5.2 Payments can be made by transferring the money yourself to the bank account of Mobile Operating B.V., or in accordance with the payment instructions on the website.

5.3 There is also the option to arrange direct debit to purchase credits.

5.4 You can manage the setup, adjustment and cancellation of the direct debit yourself with the office module. If you wish to stop using the software, it is expressly your own responsibility to cancel the direct debit. No refund will be made if the direct debit is cancelled too late.

5.5 Because the service of purchasing credits is carried out directly, and upon your express request, it is not possible to undo a payment with an appeal to the law on purchasing at a distance.

5.6 Credits are not refunded.

5.7 Simple-Simon offers variously composed packages: Training in combination with Credits and/or setting of links. Composed packages must be paid in advance, unless established otherwise in writing. Purchased packages are not refunded. Payment of the invoice is an irrevocable agreement to purchase the services and licenses included in the invoice.

5.8 A training schedule is established in consultation in advance. If agreed training moments are cancelled, these hours will be deducted from the total training credit without any credit or refund. If a training is cancelled within 2 weeks prior to the execution, an invoice will be sent to use these training hours in a later phase.

5.9 If a payment is received stating an invoice number that has already been paid, a new order will be placed for the same counter value and will be delivered on this order. If no invoice number is stated with payment, delivery will be made on any outstanding order. If this is not available, an order will be placed for the same equivalent value and deliveries will be made. Payments received will not be refunded.

5.10 Maintenance costs for integrations or custom software are charged in full for an entire year upfront. If the service is discontinued partway through the already paid period, no refund will be issued. The received payment constitutes an irrevocable agreement, with no right to partial reimbursement.

5.11 Modules are billed on a monthly or annual basis. If the service is discontinued in the middle of a prepaid period, no refund will be issued. The received payment constitutes an irrevocable agreement, with no right to partial refund.

Article 6. Liability

6.1 The liability of Mobile Operating B.V. is limited to the amount you have used in credits in the period of three months preceding the moment of the damage-causing event until the date of the damage-causing event.

6.2 Mobile Operating B.V. is emphatically not liable for indirect damage, consequential damage, loss of profit, missed savings, and damage due to operational stagnation.

6.3 Condition for any right to compensation arising is that you report the damage no later than within two months after discovery to Mobile Operating B.V. in writing.

6.4 In case of force majeure, Mobile Operating B.V. is never bound to compensate the damage incurred by you as a result. Force majeure can be said to pertain, for example, in case of malfunctions or the failing of the internet, the telecom infrastructure, technical malfunctions on Servers or other network components, power outages, national riots, mobilization, war, traffic stoppages, strikes, exclusion, operational disturbances, stagnation of supplies, fire, and flooding.

Article 7. Duration and cancellation

7.1 This agreement enters into effect as soon as you make use of the service for the first time and will then be effective for one month.After this period, the agreement is tacitly extended by the same period every time. In case you no longer wish to make use of the service you do not have to give notice. At the moment you do not purchase or deploy credits anymore, the agreement is thereby terminated.

7.2 Mobile Operating B.V. can terminate the agreement if you have not deployed any credit(s) for three months.

7.3 While using the service, you can download the data you store or process through the service by way of the interface at any moment. You have this option for as long as credit(s) is/are deployed. If you want to quit the service, you must take care yourself of downloading the data you have stored through the service beforehand.

7.4 At the moment you have not deployed any credit(s) for more than three months, your data may be deleted.

7.5 The service can be tested for free for two weeks. After the test period you can choose to purchase licenses. If you decide not to do so, the data will be deleted one month after the start of the free trial period unless otherwise agreed, verbally or in writing.

7.6 Mobile Operating reserves the right to remove the software requested with email addresses that cannot be contacted, without giving further reasons. This applies, without being limitative, for example for email addresses that are valid for a short period of time.

Article 8. Modification conditions

8.1 Mobile Operating B.V. may modify these conditions as well as the prices at any time.

8.2 Mobile Operating B.V. will announce any changes or additions prior to them taking effect via email notifications, messages in the office module, or on the website. Price changes do not affect credits that have already been purchased

8.3 If you do not wish to accept a modification or addition, you can cancel the agreement until the effective date. Use of the service after the effective date is considered acceptance of the modified or supplemented conditions.

Article 9. Other provisions

9.1 To this agreement, Netherlands legislation is applicable.

9.2 To the extent it is not prescribed otherwise by rules of mandatory legislation, all disputes in connection with Simple-Simon will be submitted to the competent Netherlands court in the district where Mobile Operating B.V. is established.

9.3 If a provision in these user conditions requires that a notification must be carried out “in writing”, it is also met if the notification is made by e-mail or by way of communicating through the service, on condition it has been determined with sufficient certainty that the message truly derives from the declared sender and that the integrity of the message has not been breached.

9.4 The version of communications or information as stored by Mobile Operating B.V. is considered to be correct, unless you provide proof to the contrary concerning.

9.5 If a provision in these user conditions turns out to be void, this does not affect the validity of the entire user conditions. Parties will in such case establish (a) new provision(s) whereby the intention of the original provision will be given concrete expression as much as is legally possible.

9.6 Mobile Operating B.V. has the right to transfer its rights and obligations from the agreement to a third party which takes over Simple-Simon or the relevant business activity from them.

9.7 The privacy conditions from appendix 1 are a part of these user conditions Simple Simon.

 

APPENDIX 1: PRIVACY CONDITIONS

In these privacy conditions, the legal person hiring Simple Simon as a Processor in order to conduct specific processing activities for him is subsequently referred to as “Data Controller”. In these privacy conditions, Simple Simon is the legal person that will carry out processing activities and is subsequently referred to as “Processor”. Data Controller and Processor are individually also referred to as “Party” or jointly as “Parties”.

CONSIDERING THAT:

(a) Processor has received the assignment from Data Controller for the provision of services through the Simple-Simon application (in the following: the “Assignment”), all matters in conformity with the license agreement concluded to that effect between parties (in the following: the “Contract”);

(b) Data Controller, in the context of the implementation of the Assignment and the Contract by Processor, will provide Processor directly or indirectly with data which may qualify as Personal Data, which data Processor will process for the benefit of Data Controller;

(c) Data Controller and Processor, as an addition to the agreements already concluded between parties, including the Contract, wish to conclude the underlying Processor Agreement to establish the rights and obligations with regard to the Processing of Personal Data.

 

DECLARE TO HAVE AGREED AS FOLLOWS

1 Definitions

1.1 In this Agreement, Parties apply the references, abbreviations, and definitions below:

 

2 Object of Processing

2.1 Data Controller acts as the Data Controller for the Processing of the Personal Data flowing from the Contract and Processor will act as Processor, all matters as stipulated in the GDPR.

2.2 The purpose of the Processing of Personal Data by Processor is the implementation of the Contract. Processor therefore processes the Personal Data obtained by or through the Data Controller exclusively by order of the Data Controller, in the context of the Contract.

2.3 The type of Personal Data to be processed, the categories of Data Subjects and the nature of the Processing based on the Agreement have been established in Appendix 1.

2.4 The activities to be carried out by the Processor for the implementation of this Agreement are included in Appendix 1. Processor will Process the Personal Data for no other purpose than the implementation of the Contract, and more specifically the Processor will under no circumstance process the Personal Data for his own purposes, unless approval has been granted for this by Data Controller.

3 Obligations Processor and Data Controller

3.1 During the Processing of Personal Data, Processor is compliant with GDPR and assures the protection of the rights of Data Subjects, as stipulated in the following. Processor enables Data Controller at all times to comply with the GDPR and GDPRIA and will reasonably grant his assistance for this to Data Controller.

3.2 Processor will exclusively process the Personal Data pursuant to the instructions of the Data Controller, also with regard to the transmission of Personal Data to a third country or an international organisation, unless a provision deriving from the Union or a member-state which is applicable to the Processor compels him to Processing. In this case, the Processor informs the Data Controller of that legal requirement prior to this Processing, unless the legislation prohibits such notification for weighty reasons of public interest.

3.3 Data Controller hereby instructs Processor to Process the Personal Data for the following purposes:

3.3.1 Processing as flowing from the Contract;

3.3.2 Processing to comply with such further instructions of the Data Controller as there be pursuant to the Agreement, such as, though not limited to, instructions by e-mail.

3.4 Processor immediately informs the Data Controller if in his opinion an instruction of Data Controller may entail a breach of the Privacy Legislation and Regulations.

3.5 It is not permitted to Processor to use Personal Data for his own purposes.

3.6 Processor is authorised, without needing the prior permission of Data Controller, to take decisions about the means he uses for Processing. Processor is authorised in this context to take decisions with regard to practical matters concerning the Processing which are not in conflict with the Agreement.

4 Cooperation Obligation

4.1 Taking into account the nature of the Processing and the information available to him, Processor will give assistance to Data Controller for realising compliance with the obligations as stipulated in article 35 and 36 GDPR, more specifically Processor will assist Data Controller, after a motivated request to that effect of Data Controller, to assess the need for and the possible execution of a data protection impact assessment and the necessity of applying for a prior consultation.

4.2 Costs resulting from requests of perusal by Data Subject(s), investigations, audits, or seizures by the monitoring authority ‘Autoriteit Persoonsgegevens’ or another monitoring authority with regard to Personal Data will be borne by Data Controller. By these costs is also intended, though they are not limited to, costs for the taking of (additional) technical and organisational security measures in accordance with article 5 of the Agreement and taking into account any possible instructions of said ‘Autoriteit Persoonsgegevens’. If Data Controller requests security measures which exceed the standard of Processor, then Data Controller will bear the additional costs for those.

5 Security Measures

5.1 Taking into account the state of the art, the costs of implementation, as well as the nature, extent, context, and the Processing Purposes, as well as the varying risks, as to probability and gravity, for the rights and liberties of persons, Processor takes appropriate technical and organisational measures to assure a level of security which is adapted to the risk and which, where appropriate, comprise matters like the following:

5.1.1 The pseudonymization and encryption of Personal Data;

5.1.2 The capacity to guarantee the confidentiality, integrity, availability, and resilience of the Processing systems and services on a permanent basis;

5.1.3 The capacity to timely restore the availability of and the access to the Personal Data in the event of a physical or technical incident;

5.1.4 A procedure for the testing, assessment, and evaluation at regular intervals of the efficacy of the technical and organisational measures to secure Processing.

5.2 Processor hereby indicates that the implemented measures, as mentioned in article 5.1 and elaborated in Appendix II, are compliant with what is stipulated in article 32 GDPR.

5.3 Taking into account the nature of the processing and the information available to him, the Processor will provide the Data Controller with assistance to arrange compliance with the obligations on account of article 32 GDPR.

5.4 Processor will regularly evaluate the measures as mentioned in article 5.1 and included in Appendix II and supplement and modify them where necessary to render them compliant with the GDPR.

6 Audits

6.1 Processor provides Data Controller with all information which is reasonably necessary to prove compliance with the obligations from the Agreement and the GDPR. Processor thereby makes available all information to Data Controller to enable audits, also including inspections, by Data Controller or by a controller authorised by Data Controller and contribute to such to the extent this can reasonably be expected from Processor.

6.2 Processor enables Data Controller to control that the Processing of Personal Data takes place as established in this Agreement and grants Data Controller, or a third party designated for this purpose by Data Controller, all reasonable assistance.

7 Incidents and Data leaks

7.1 Processor informs the Data Controller, if possible within 36 hours after discovery, regarding a Data leak.

7.2 In a notification as intended in article 7.1 at least the following is described or communicated:

7.2.1 The nature of the Incident or the Data leak, where possible specifying the categories of Data Subjects and Personal Data Registers in question and, by approximation, the number of Data Subjects and Personal Data Registers involved;

7.2.2 The name and the contact details of the official for data protection or another point of contact where additional information can be obtained if these persons are available;

7.2.3 The probable consequences of the Incident or the Data leak to the extent foreseeable for Processor;

7.2.4 If reasonably possible, the measures which the Processor proposes to deal with the Incident or the Data leak, including, in such case as may occur, the measures to mitigate any possible adverse effects thereof.

7.3 Taking into account the nature of the Processing and the information available to him, the Processor will grant the Data Controller assistance with realising compliance with the obligations on account of article 33 and 34 GDPR, and more specifically, the Processor will give support, where possible and reasonable, to the Data Controller for the purpose of reporting a Data leak or a comparable incident to the monitoring authority and/or the Data Subject.

7.4 If a situation as intended in article 7.1 occurs, Data Controller hereby commits himself to maintain the secrecy of all data in connection with the Incident or the Data leak or the breach of the security, unless a legal obligation opposes this. Data Controller will not, unless in case a legal obligation to do so pertains, divulge any information about this Incident or Data Leak or the breach of security without having consulted with Processor concerning.

7.5 Data Controller is exclusively responsible for any report to the monitoring authority of ‘Autoriteit Persoonsgegevens’ or Data Subjects. If Processor believes he is or could be bound to do so on grounds of the Privacy Legislation and Regulations, then Processor has the right to contact the monitoring authority or to file a report with the monitoring authority regarding the Incident or the Data Leak.

8 Sub-Processors

8.1 Data Controller hereby grants the Processor general written permission to deploy (new) Sub-Processors for the Processing of Personal Data, as well as to replace these Sub-Processors. If the Processor proceeds to deploy Sub-Processors or to replace (one of these) Sub-Processors, then the Processor will:

8.1.1 Inform the Data Controller in writing prior to the deployment of a new SubProcessor or the replacement of a Sub-Processor of his intention to deploy a new or different Sub-Processor, whereby the Processor informs the Data Controller of the relevant information regarding the candidate Sub-Processor;

8.1.2 Enable the Data Controller to object against the changes.

8.2 In all cases in which Processor deploys, as described in this article, a Sub-Processor, the Processor will conclude a written agreement with this Sub-Processor in which is stipulated at least that:

8.2.1 the Sub-Processor must comply with the same obligations regarding data protection as are stipulated in this Agreement for the Processor, especially the obligation to provide sufficient guarantees with regard to the application of appropriate technical and organisational measures, so that the Processing will be in accordance with what is stipulated in the GDPR;

8.2.2 if the deployed Sub-Processor does not comply with his obligations regarding data protection, the first Processor remains fully liable vis-à-vis the Data Controller for complying with the obligations of the Sub-Processor;

8.2.3 the Sub-Processor after the end of the Agreement will permanently remove the Personal Data he has under his control on account of the Processing of Personal Data which is the object of the Agreement, or otherwise will return it to Processor or Data Controller, such at the discretion of the Data Controller;

8.2.4 the Sub-Processor, in case he wants to deploy another Sub-Processor, may only do this if the rules as established in this Agreement with regard to the deployment of Sub-Processors have been complied with.

9 Rights of data subjects

9.1 Processor will, taking into account the nature of the Processing, assist the Data Controller by way of appropriate technical and organisational measures, to the extent possible and reasonable, with the fulfilment of his obligation to respond to requests for the exercise of the rights of the Data Subject as established in chapter III GDPR.

9.2 Processor will not himself proceed to carry out a request of a Data Subject based on the rights which the Privacy Legislation and Regulations attributes to the Data Subject. Immediately upon a request to this effect by Data Controller, Processor will provide all information which the Data Controller may need to exercise the rights of the Data Subjects as established in chapter III GDPR.

9.3 Processor will, to the extent legally permitted and if reasonably possible, inform Data Controller in the event Processor receives a request from a Data Subject in connection with the rights which the Privacy Legislation and Regulations offer to the Data Subject. Processor is not bound to concede any request of a Data Subject without the prior written consent of Data Controller, except to confirm that the request is related to Data Controller.

10 Transmission Personal Data

10.1 Without the prior explicit written permission of Data Controller, Processor will not transport Personal Data outside the EEA, nor will Processor transmit Personal Data to Sub-processors outside the EEA or otherwise (let) Process Personal Data outside the EEA.

11 Non-disclosure

11.1 Processor handles the Personal Data he has under his control from Data Controller and Processes for the benefit of Data Controller with confidentiality.

11.2 Processor assures that the persons authorised for the Processing of Personal Data have committed themselves to observe confidentiality or otherwise are bound by an appropriate legal obligation to observe confidentiality.

11.3 Processor assures that the persons authorised for the Processing of Personal Data have committed themselves to observe confidentiality or otherwise are bound by an appropriate legal obligation to observe confidentiality.

11.4 Parties have the right at all times to disclose details regarding the Processing of Personal Data by Processor to a monitoring authority, such as, though not limited to, the aforementioned ‘Autoriteit Persoonsgegevens’.

12 Liability

12.1 The total liability of Parties on account of an attributable shortcoming in complying with the Agreement, on any legal grounds whatsoever, is limited to the compensation of direct damage up to a maximum of the amount of the price stipulated for the Contract (exclusive of VAT). Under no circumstance will the liability of Processor for direct damage, on any legal ground whatsoever, exceed the sum of EUR 10,000. The direct damage eligible for compensation under this article exclusively regards i) the reasonable costs to prevent or mitigate the damage which may be expected as a consequence of the event on which the liability is based and ii) the reasonable costs to determine the damage and liability.

13 Duration and Termination

13.1 The total liability of Parties on account of an attributable shortcoming in complying with the Agreement, on any legal grounds whatsoever, is limited to the compensation of direct damage up to a maximum of the amount of the price stipulated for the Contract (exclusive of VAT). Under no circumstance will the liability of Processor for direct damage, on any legal ground whatsoever, exceed the sum of EUR 10,000. The direct damage eligible for compensation under this article exclusively regards i) the reasonable costs to prevent or mitigate the damage which may be expected as a consequence of the event on which the liability is based and ii) the reasonable costs to determine the damage and liability.

13.2 Parties can rescind the Agreement without any prior injunction or default notice with immediate effect extrajudicially through a letter by way of registered mail, if the other party applies for (provisional) suspension of payments, if this party applies for its bankruptcy or is declared in a state of bankruptcy, if the business of that party is dissolved, if Processor ceases his business, in the event of a major change of the control over the activities of the company of the other party, if an attachment is placed on a significant part of the assets of the other party or if one of its partners or if the other party, and such at the discretion of the first party, is otherwise no longer deemed capable of complying with the obligations from the Agreement.

14 Exit-Procedure

14.1 After the end of the Agreement, Processor will, at the option of Data Controller, delete all Personal Data which Processor possesses on account of the Agreement or the Contract, or return it to Data Controller and remove the existing copies. This applies, unless an obligation exists, applicable to Processor, to retain the Personal Data for a longer period.

14.2 Processor will, to the extent reasonably possible and feasible, inform Sub-Processors of the end of the Agreement and the obligations which Processor is subject to on account of this article.

14.3 Article 4 (Cooperation obligation), article 11 (Non-disclosure), and article 15 (Applicable law and choice of court) will remain in effect after termination or rescission of this Agreement, on whatever grounds, for an unlimited time.

15 Choice of law and court

15.1 To this Agreement, Netherlands legislation is exclusively applicable.

15.2 All disputes which flow from or are related to the Agreement or the implementation thereof are exclusively submitted to the court of law of Oost-Brabant, place of session ’s-Hertogenbosch.

Appendix I – Specifications Processing

Description of Processing:

Simple-Simon (processor) offers a digital work order. It allows clients of SimpleSimon to process the work orders they use digitally. In Simple-Simon, clients can store, amongst other things, their client, working address, and contact person details. This information is not special in nature and mainly regards name and address details. The personal data of the staff of the Simple-Simon client can also be stored, which are not special in nature either, but mainly name and address information.

Appendix II – Measures

Processor declares to have taken the following measures to be able to comply with what is stipulated in the Agreement:

To guarantee confidentiality:

• All data-traffic between Simple-Simon components is encrypted

• Give Data Controller the possibility to give passwords to all users

• Give Data Controller the possibility to give passwords to all users

To guarantee integrity:

• Personal data are not transmitted

• Modification of personal data can only be done by the Data Controller

To guarantee availability and resilience of used systems and services:

• Every night a back-up is made of the data

• In case of a calamity, access to personal data can be restored within a reasonable term

To timely restore the availability of and the access to the Personal Data after a physical or technical incident:

• To test, assess, and evaluate at regular intervals the efficacy of the technical and organisational measures:

To test, assess, and evaluate at regular intervals the efficacy of the technical and organisational measures

• To test, assess, and evaluate at regular intervals the efficacy of the technical and organisational measures: