User conditions Simple-Simon
The service « Simple-Simon, the Smart Work Order app », in the following called SimpleSimon, is offered to you through the internet as Software-as-a-Service by the company
Mobile Operating B.V. Thee use of Simple-Simon is subject to the conditions below. By using
Simple-Simon, you agree with these.
Deviations from these general conditions are only binding if they have been accepted in
writing by Mobile Operating B.V.
Article 1. Use of the service
1.1 Simple-Simon offers you the possibility of managing work order in
Simple-Simon’s office program and to process with the Simple-Simon app. You
decide yourself what information you have filled out and what to do with the
results.
1.2 To be able to use Simple-Simon, you must first register. After completing your
registration, you can log in on your account directly and use the service.
1.3 You must shield access to your account by way of the username and password from
unauthorised people. You must especially keep the password strictly secret. Mobile
Operating B.V. may assume that everything which takes place from your account
after log-in with your username and password transpires under your direction and
supervision. So, you are liable for all these actions. You can easily change your
password and those of your colleagues, so you have control over this aspect as well.
Passwords are stored destructively hashed, so MobileOperating B.V. cannot retrace
your passwords.
1.4 With Simple-Simon, you may possibly process personal data. This may be client
data, work addresses, or other personal data. Mobile Operating B.V. hereby acts as a
processor in the sense of privacy legislation ‘Wet bescherming persoonsgegevens’.
You safeguard Mobile Operating B.V. against all claims by data subjects under this
law.
Article 2. Rules of use
2.1 It is prohibited to use Simple-Simon for actions which violate Netherlands or other
applicable legislation and regulations. This includes, amongst other things, the
storage or distribution through the service of information which is defamatory,
slanderous, or racist.
2.2 It is especially prohibited to ask for personal data without having published an
adequate privacy policy. Also, for other processing of personal data you must
observe said law ‘Wet bescherming persoonsgegevens’.
2.3 In addition, it is prohibited at Simple-Simon to:
• Use indecent language;
• Place information in locations where such is undesirable(off topic);
• Spread information which is pornographic or erotic (also if it is legal in itself);
• Spread information which violates copyrights, or to place hyperlinks to such
information;
• Assist others with infringing on third-party rights, for example by linking to hack
tools or explaining cyber-crime in a manner which apparently intends to enable the
reader to (let) commit the described criminal conduct and not to be able to defend
oneself against it;
• Violate the privacy of third parties, for example by distributing, without
permission or necessity, third-party personal data, or by repeatedly badgering
third parties with information they do not want;
• Deploy it for commercial purposes;
and furthermore, to do anything which is in violation of the netiquette.
2.4 If Mobile Operating B.V. notes that you violate the above conditions or receives a
complaint concerning, Mobile Operating B.V. may intervene itself to terminate the
violation.
2.5 If in the opinion of Mobile Operating B.V. disturbance, damage, or another risk
arises for the functioning of the computer systems or the network of Mobile
Operating B.V. or third parties and/or for the provision of services through the
internet, especially through the excessive forwarding of e-mail or other data, the
leaking of personal data or activities of viruses, Trojans, and comparable software,
Mobile Operating B.V. is authorised to take all measures which it reasonably deems
necessary to avert or prevent this danger.
2.6 Mobile Operating B.V. is authorised at all times to file a police report for
such criminal actions as it may identify.
2.7 Mobile Operating B.V. can claim the damage resulting from violations of these rules
of use from you. You safeguard Mobile Operating B.V. against all third-party claims
which concern damage as a result of a violation of these rules of use.
Article 3. Availability and maintenance, support
3.1 Mobile Operating B.V. exerts itself to have the service available but does not
guarantee uninterrupted availability.
3.2 Mobile Operating B.V. actively services Simple-Simon. If it is expected that
maintenance will lead to a limitation of availability, MobileOperating
B.V. will carry this out when the use of the service is relatively low. Maintenance is
announced in advance as much as possible. Maintenance in connection with
calamities may take place at any time and is not announced in advance.
3.3 Mobile Operating B.V. may adjust the functionality of Simple-Simon from time to
time. Thereby, your feedback and suggestions are welcome, but ultimately Mobile
Operating B.V. decides itself what modifications it applies or not.
3.4 After the free trial period which includes a free online demo, functional support in
the use of Simple-Simon is mainly offered in the form of paid training. The various
options for this are listed on the website. During office hours, a helpdesk can be
reached via email in case of technical malfunctions or imperfections.
Article 4. Intellectual property
4.1 The service Simple-Simon, the associated software, as well as all information and
images on the website are the intellectual property of Mobile Operating B.V. They
may not be copied or used in any manner without the separate written consent of
Mobile Operating B.V., except in such cases where it is legally permitted.
4.2 Information you store or process through the service is and remains your property
(or that of your suppliers). Mobile Operating B.V. has a limited right of use to
deploy this information for the service, including for future aspects thereof. You
can withdraw this right of use by removing the relevant information and/or by
terminating the agreement.
4.3 If you send information to Mobile Operating B.V., for example feedback about an
error or a suggestion for improvement, you grant them an unlimited and eternal
right of use to use this information for the service. This does not apply to
information which you emphatically mark as confidential.
4.4 Mobile Operating B.V. will not take cognizance of data which you store and/or
distribute through Simple-Simon, unless this is necessary for a proper provision of
services or unless Mobile Operating B.V. is obliged to do so pursuant to a legal
provision or court order. In that case, Mobile Operating B.V. will exert itself to limit
cognizance of the data as much as possible, to the extent it has control over this.
Article 5. Fee for the service
5.1 For the use of Simple-Simon, a fee is due; Payment Per User, Per Month, all
matters as further indicated on the website. This fee is expressed in credits. You
purchase these credits in advance.
5.2 Payments can be made by transferring the money yourself to the bank
account of Mobile Operating B.V., or in accordance with the payment
instructions on the website.
5.3 There is also the option to arrange direct debit to purchase credits.
5.4 You can manage the setup, adjustment and cancellation of the direct debit
yourself with the office module. If you wish to stop using the software, it is
expressly your own responsibility to cancel the direct debit. No refund will
be made if the direct debit is cancelled too late.
5.5 Because the service of purchasing credits is carried out directly, and upon your
express request, it is not possible to undo a payment with an appeal to the law on
purchasing at a distance.
5.6 Credits are not refunded.
5.7 Simple-Simon offers variously composed packages: Training in combination with
Credits and/or setting of links. Composed packages must be paid in advance,
unless established otherwise in writing. Purchased packages are not refunded.
Payment of the invoice is an irrevocable agreement to purchase the services and
licenses included in the invoice.
5.8 A training schedule is established in consultation in advance. If agreed training
moments are cancelled, these hours will be deducted from the total training credit
without any credit or refund. If a training is cancelled within 2 weeks prior to the
execution, an invoice will be sent to use these training hours in a later phase.
5.9 If a payment is received stating an invoice number that has already been paid, a
new order will be placed for the same counter value and will be delivered on this
order. If no invoice number is stated with payment, delivery will be made on any
outstanding order. If this is not available, an order will be placed for the same
equivalent value and deliveries will be made. Payments received will not be
refunded.
5.10 Maintenance costs for integrations or custom software are charged in full for an
entire year upfront. If the service is discontinued partway through the already paid
period, no refund will be issued. The received payment constitutes an irrevocable
agreement, with no right to partial reimbursement.
5.11 Modules are billed on a monthly or annual basis. If the service is discontinued in
the middle of a prepaid period, no refund will be issued. The received payment
constitutes an irrevocable agreement, with no right to partial refund.
Article 6. Liability
6.1 The liability of Mobile Operating B.V. is limited to the amount you have used in
credits in the period of three months preceding the moment of the damage-causing
event until the date of the damage-causing event.
6.2 Mobile Operating B.V. is emphatically not liable for indirect damage, consequential
damage, loss of profit, missed savings, and damage due to operational stagnation.
6.3 Condition for any right to compensation arising is that you report the
damage no later than within two months after discovery to Mobile Operating
B.V. in writing.
6.4 In case of force majeure, Mobile Operating B.V. is never bound to compensate the
damage incurred by you as a result. Force majeure can be said to pertain, for
example, in case of malfunctions or the failing of the internet, the telecom
infrastructure, technical malfunctions on Servers or other network components,
power outages, national riots, mobilization, war, traffic stoppages, strikes,
exclusion, operational disturbances, stagnation of supplies, fire, and flooding.
Article 7. Duration and cancellation
7.1 This agreement enters into effect as soon as you make use of the service for the first
time and will then be effective for one month.After this period, the agreement is
tacitly extended by the same period every time. In case you no longer wish to make
use of the service you do not have to give notice. At the moment you do not
purchase or deploy credits anymore, the agreement is thereby terminated.
7.2 Mobile Operating B.V. can terminate the agreement if you have not deployed any
credit(s) for three months.
7.3 While using the service, you can download the data you store or process through
the service by way of the interface at any moment. You have this option for as
long as credit(s) is/are deployed. If you want to quit the service, you must take
care yourself of downloading the data you have stored through the service
beforehand.
7.4 At the moment you have not deployed any credit(s) for more than three
months, your data may be deleted.
7.5 The service can be tested for free for two weeks. After the test period you can
choose to purchase licenses. If you decide not to do so, the data will be deleted
one month after the start of the free trial period unless otherwise agreed,
verbally or in writing.
7.6 Mobile Operating reserves the right to remove the software requested with email addresses that cannot be contacted, without giving further reasons. This
applies, without being limitative, for example for email addresses that are
valid for a short period of time.
Article 8. Modification conditions
8.1 Mobile Operating B.V. may modify these conditions as well as the prices at any
time.
8.2 Mobile Operating B.V. will announce any changes or additions prior to them
taking effect via email notifications, messages in the office module, or on the
website. Price changes do not affect credits that have already been purchased
8.3 If you do not wish to accept a modification or addition, you can cancel the
agreement until the effective date. Use of the service after the effective date is
considered acceptance of the modified or supplemented conditions.
Article 9. Other provisions
9.1 To this agreement, Netherlands legislation is applicable.
9.2 To the extent it is not prescribed otherwise by rules of mandatory legislation, all
disputes in connection with Simple-Simon will be submitted to the competent
Netherlands court in the district where MobileOperating B.V. is established.
9.3 If a provision in these user conditions requires that a notification must be
carried out “in writing”, it is also met if the notification is made by e-mail or
by way of communicating through the service, on condition it has been
determined with sufficient certainty that the message truly derives from the
declared sender and that the integrity of the message has not been breached.
9.4 The version of communications or information as stored by MobileOperating
B.V. is considered to be correct, unless you provide proof to the contrary concerning.
9.5 If a provision in these user conditions turns out to be void, this does not affect the
validity of the entire user conditions. Parties will in such case establish (a) new
provision(s) whereby the intention of the original provision will be given concrete
expression as much as is legally possible.
9.6 Mobile Operating B.V. has the right to transfer its rights and obligations from
the agreement to a third party which takes over Simple-Simon or the relevant
business activity from them.
9.7 The privacy conditions from appendix 1 are a part of these user conditions Simple
Simon.
APPENDIX 1: PRIVACY CONDITIONS
In these privacy conditions, the legal person hiring Simple Simon as a Processor in order to
conduct specific processing activities for him is subsequently referred to as “Data
Controller”. In these privacy conditions, Simple Simon is the legal person that will carry out
processing activities and is subsequently referred to as “Processor”. Data Controller and
Processor are individually also referred to as “Party” or jointly as “Parties”.
CONSIDERING THAT:
(a) Processor has received the assignment from Data Controller for the provision of
services through the Simple-Simon application (in the following: the “Assignment”),
all matters in conformity with the license agreement concluded to that effect
between parties (in the following: the “Contract”);
(b)Data Controller, in the context of the implementation of the Assignment and the
Contract by Processor, will provide Processor directly or indirectly with data which
may qualify as Personal Data, which data Processor will process for the benefit of
Data Controller;
(c) Data Controller and Processor, as an addition to the agreements already concluded
between parties, including the Contract, wish to conclude the underlying Processor
Agreement to establish the rights and obligations with regard to the Processing of
Personal Data.
DECLARE TO HAVE AGREED AS FOLLOWS:
1 Definitions
1.1 In this Agreement, Parties apply the references, abbreviations, and definitions
below:
GDPR Regulation (EU) 2016/679 of the European
Parliament and the Council of 27 April 2016
regarding the protection of natural persons in
connection with the Processing of personal data
and regarding the free circulation of those data
and for the repeal of Directive 95/46/EC (General
Data Protection Regulation).
Data Subject The natural person Personal Data
is in reference to.
Data leak A breach of the security which, accidentally or in
an illegitimate manner, leads to the destruction,
the loss, the modification or the unauthorised
provision of or the unauthorised access to
forwarded, stored, or otherwise Processed
Personal Data.
EU The member states of the European Union and,
from the moment that the GDPR has been
incorporated in the agreement regarding the
European Economic Area: Iceland, Liechtenstein,
and Norway.
Incident Any reasonable risk or fear of a breach on the
security which may lead, accidentally or in an
illegitimate manner, to the destruction, loss,
modification, or the unauthorised provision of or
the unauthorised access to, forwarded, stored,
otherwise Processed Personal Data.
Agreement The present processor agreement between Data
Controller and Processor, including the
appendices to which reference is made.
Personal data All information which identifies or renders
identifiable a natural person. Considered
identifiable is a natural person who can be
identified directly or indirectly, especially on the
basis of an identifier such as a name, an
identification number, location data, an on-line
identifier, or of one or more elements which are
characteristic for the physical, physiological,
genetic, psychological, economic, cultural, or
social identity of that natural person.
Privacy Legislation and
Regulations
All laws and regulations, including the laws and
regulations deriving from (any body or institution
of) the European Union, the European Economic
Area, and their member states, as are applicable
to the Processing of Personal Data under the
Contract, such as, though not limited to the GDPR,
and the Dutch General Data Protection Regulation
(Implementation) Act..
Sub-Processor The entity assisting the Processor with the
Processing of Personal Data.
Representative A natural or legal person established in the Union
who, pursuant to article 27 GDPR, has been
designated in writing by the Data Controller or the
Processor to represent the Data Controller or the
Processor in connection with their respective
obligations pursuant to the GDPR.
Processor A natural or legal person, a government
institution, a service or another body who/which
processes personal data for the benefit of the Data
Controller.
Processing A single or a series of act(s) of processing
regarding Personal Data or a whole of Personal
Data, whether or not conducted through
automatic procedures, such as the collecting,
recording, ordering, structuring, storing, updating
or modifying, requesting, perusing, using,
provision by way of forwarding, distributing or
providing in another manner, aligning or
combining, shielding, deleting, or destroying of
Personal Data.
Data Controller The natural or legal person, a government body, a
service or another body who/which, alone or
jointly with others, establishes the purpose of and
the means for the Processing of Personal Data.
GDPRIA Law of 18 May 2018, comprising rules regarding
the protection of personal data Dutch General
Data Protection Regulation (Implementation) Act.
2 Object of Processing
2.1 Data Controller acts as the Data Controller for the Processing of the Personal Data
flowing from the Contract and Processor will act as Processor, all matters as
stipulated in the GDPR.
2.2 The purpose of the Processing of Personal Data by Processor is the implementation
of the Contract. Processor therefore processes the Personal Data obtained by or
through the Data Controller exclusively by order of the Data Controller, in the
context of theContract.
2.3 The type of Personal Data to be processed, the categories of Data Subjects and the
nature of the Processing based on the Agreement have been established in Appendix
1.
2.4 The activities to be carried out by the Processor for the implementation of this
Agreement are included in Appendix 1. Processor will Process the Personal Data for
no other purpose than the implementation of the Contract, and more specifically the
Processor will under no circumstance process the Personal Data for his own
purposes, unless approval has been granted for this by Data Controller.
3 Obligations Processor and Data Controller
3.1 During the Processing of Personal Data, Processor is compliant with GDPR and
assures the protection of the rights of Data Subjects, as stipulated in the following.
Processor enables Data Controller at all times to comply with the GDPR and GDPRIA
and will reasonably grant his assistance for this to Data Controller.
3.2 Processor will exclusively process the Personal Data pursuant to the instructions of
the Data Controller, also with regard to the transmission of Personal Data to a third
country or an international organisation, unless a provision deriving from the Union
or a member-state which is applicable to the Processor compels him to Processing.
In this case, the Processor informs the Data Controller of that legal requirement
prior to this Processing, unless the legislation prohibits such notification for weighty
reasons of public interest.
3.3 Data Controller hereby instructs Processor to Process the Personal Data for the
following purposes:
3.3.1 Processing as flowing from the Contract;
3.3.2 Processing to comply with such further instructions of the Data
Controller as there be pursuant to the Agreement, such as, though
not limited to, instructions by e-mail.
3.4 Processor immediately informs the Data Controller if in his opinion an instruction of
Data Controller may entail a breach of the Privacy Legislation and Regulations.
3.5 It is not permitted to Processor to use Personal Data for his own purposes.
3.6 Processor is authorised, without needing the prior permission of Data Controller, to
take decisions about the means he uses for Processing. Processor is authorised in
this context to take decisions with regard to practical matters concerning the
Processing which are not in conflict with the Agreement.
4 Cooperation obligation
4.1 Taking into account the nature of the Processing and the information available to
him, Processor will give assistance to Data Controller for realising compliance with
the obligations as stipulated in article 35 and 36 GDPR, more specifically Processor
will assist Data Controller, after a motivated request to that effect of Data Controller,
to assess the need for and the possible execution of a data protection impact
assessment and the necessity of applying for a prior consultation.
.
4.2 Costs resulting from requests of perusal by Data Subject(s), investigations, audits, or
seizures by the monitoring authority ‘Autoriteit Persoonsgegevens’ or another
monitoring authority with regard to Personal Data will be borne by Data Controller.
By these costs is also intended, though they are not limited to, costs for the taking of
(additional) technical and organisational security measures in accordance with
article 5 of the Agreement and taking into account any possible instructions of said
‘Autoriteit Persoonsgegevens’. If Data Controller requests security measures which
exceed the standard of Processor, then Data Controller will bear the additional costs
for those.
5 Security measures
5.1 Taking into account the state of the art, the costs of implementation, as well as the
nature, extent, context, and the Processing Purposes, as well as the varying risks, as
to probability and gravity, for the rights and liberties of persons, Processor takes
appropriate technical and organisational measures to assure a level of security
which is adapted to the risk and which, where appropriate, comprise matters like the
following:
5.1.1 The pseudonymization and encryption of Personal Data;
5.1.2 The capacity to guarantee the confidentiality, integrity, availability, and
resilience of the Processing systems and services on a permanent basis;
5.1.3 The capacity to timely restore the availability of and the access to the
Personal Data in the event of a physical or technical incident;
5.1.4 A procedure for the testing, assessment, and evaluation at regular
intervals of the efficacy of the technical and organisational measures to
secure Processing.
5.2 Processor hereby indicates that the implemented measures, as mentioned in article
5.1 and elaborated in Appendix II, are compliant with what is stipulated in article 32
GDPR.
5.3 Taking into account the nature of the processing and the information available to
him, the Processor will provide the Data Controller with assistance to arrange
compliance with the obligations on account of article 32GDPR.
5.4 Processor will regularly evaluate the measures as mentioned in article 5.1 and
included in Appendix II and supplement and modify them where necessary to render
them compliant with the GDPR.
6 Audits
6.1 Processor provides Data Controller with all information which is reasonably
necessary to prove compliance with the obligations from the Agreement and the
GDPR. Processor thereby makes available all information to Data Controller to
enable audits, also including inspections, by Data Controller or by a controller
authorised by Data Controller and contribute to such to the extent this can
reasonably be expected from Processor.
6.2 Processor enables Data Controller to control that the Processing of Personal Data
takes place as established in this Agreement and grants Data Controller, or a third
party designated for this purpose by Data Controller, all reasonable assistance.
7 Incidents and Data leaks
7.1 Processor informs the Data Controller, if possible within 36 hours after discovery,
regarding a Data leak.
7.2 In a notification as intended in article 7.1 at least the following is described or
communicated:
7.2.1 The nature of the Incident or the Data leak, where possible specifying the
categories of Data Subjects and Personal Data Registers in question and, by
approximation, the number of Data Subjects and Personal Data Registers
involved;
7.2.2 The name and the contact details of the official for data protection or
another point of contact where additional information can be obtained if
these persons are available;
7.2.3 The probable consequences of the Incident or the Data leak to the extent
foreseeable for Processor;
7.2.4 If reasonably possible, the measures which the Processor proposes to deal
with the Incident or the Data leak, including, in such case as may occur, the
measures to mitigate any possible adverse effects thereof.
7.3 Taking into account the nature of the Processing and the information available to
him, the Processor will grant the Data Controller assistance with realising
compliance with the obligations on account of article 33 and 34 GDPR, and more
specifically, the Processor will give support, where possible and reasonable, to the
Data Controller for the purpose of reporting a Data leak or a comparable incident to
the monitoring authority and/or the Data Subject.
7.4 If a situation as intended in article 7.1 occurs, Data Controller hereby commits
himself to maintain the secrecy of all data in connection with the Incident or the Data
leak or the breach of the security, unless a legal obligation opposes this. Data
Controller will not, unless in case a legal obligation to do so pertains, divulge any
information about this Incident or Data Leak or the breach of security without
having consulted with Processor concerning.
7.5 Data Controller is exclusively responsible for any report to the monitoring authority
of ‘Autoriteit Persoonsgegevens’ or Data Subjects. If Processor believes he is or could
be bound to do so on grounds of the Privacy Legislation and Regulations, then
Processor has the right to contact the monitoring authority or to file a report with
the monitoring authority regarding the Incident or theData Leak.
8 Sub-Processors
8.1 Data Controller hereby grants the Processor general written permission to deploy
(new) Sub-Processors for the Processing of Personal Data, as well as to replace these
Sub-Processors. If the Processor proceeds to deploy Sub-Processors or to replace
(one of these) Sub-Processors, then the Processor will:
8.1.1 Inform the Data Controller in writing prior to the deployment of a new SubProcessor or the replacement of a Sub-Processor of his intention to
deploy a new or different Sub-Processor, whereby the Processor informs
the Data Controller of the relevant information regarding the candidate
Sub-Processor;
8.1.2 Enable the Data Controller to object against the changes.
8.2 In all cases in which Processor deploys, as described in this article, a Sub-Processor,
the Processor will conclude a written agreement with this Sub-Processor in which is
stipulated at least that:
8.2.1 the Sub-Processor must comply with the same obligations regarding data
protection as are stipulated in this Agreement for the Processor, especially
the obligation to provide sufficient guarantees with regard to the
application of appropriate technical and organisational measures, so that
the Processing will be in accordance with what is stipulated in the GDPR;
8.2.2 if the deployed Sub-Processor does not comply with his obligations
regarding data protection, the first Processor remains fully liable vis-à-vis
the Data Controller for complying with the obligations of the SubProcessor;
8.2.3 the Sub-Processor after the end of the Agreement will permanently remove
the Personal Data he has under his control on account of the Processing of
Personal Data which is the object of the Agreement, or otherwise will
return it to Processor or Data Controller, such at the discretion of the Data
Controller;
8.2.4 the Sub-Processor, in case he wants to deploy another Sub-Processor, may
only do this if the rules as established in this Agreement with regard to the
deployment of Sub-Processors have been complied with.
9 Rights of Data Subjects
9.1 Processor will, taking into account the nature of the Processing, assist the Data
Controller by way of appropriate technical and organisational measures, to the
extent possible and reasonable, with the fulfilment of his obligation to respond to
requests for the exercise of the rights of the Data Subject as established in chapter III
GDPR.
9.2 Processor will not himself proceed to carry out a request of a Data Subject based on
the rights which the Privacy Legislation and Regulations attributes to the Data
Subject. Immediately upon a request to this effect by Data Controller, Processor will
provide all information which the Data Controller may need to exercise the rights of
the Data Subjects as established in chapter III GDPR.
9.3 Processor will, to the extent legally permitted and if reasonably possible, inform
Data Controller in the event Processor receives a request from a Data Subject in
connection with the rights which the Privacy Legislation and Regulations offer to the
Data Subject. Processor is not bound to concede any request of a Data Subject
without the prior written consent of Data Controller, except to confirm that the
request is related toData Controller.
10 Transmission Personal Data
10.1 Without the prior explicit written permission of Data Controller, Processor will not
transport Personal Data outside the EEA, nor will Processor transmit Personal Data
to Sub-processors outside the EEA or otherwise (let) Process Personal Data outside
the EEA.
11 Non-disclosure
11.1 Processor handles the Personal Data he has under his control from Data Controller
and Processes for the benefit of Data Controller with confidentiality.
11.2 Processor assures that the persons authorised for the Processing of Personal Data
have committed themselves to observe confidentiality or otherwise are bound by an
appropriate legal obligation to observe confidentiality.
11.3 Parties handle the content of this Processor Agreement with confidentiality and only
provide information to third parties with the prior written consent of Data
Controller.
11.4 Parties have the right at all times to disclose details regarding the Processing of
Personal Data by Processor to a monitoring authority, such as, though not limited to,
the aforementioned ‘AutoriteitPersoonsgegevens’.
12 Liability
12.1 The total liability of Parties on account of an attributable shortcoming in complying
with the Agreement, on any legal grounds whatsoever, is limited to the
compensation of direct damage up to a maximum of the amount of the price
stipulated for the Contract (exclusive of VAT). Under no circumstance will the
liability of Processor for direct damage, on any legal ground whatsoever, exceed the
sum of EUR 10,000. The direct damage eligible for compensation under this article
exclusively regards i) the reasonable costs to prevent or mitigate the damage which
may be expected as a consequence of the event on which the liability is based and ii)
the reasonable costs to determine the damage and liability.
13 Duration and termination
13.1 The Agreement is concluded and enters into effect from the moment of the first use
of Simple Simon and is entered into for the duration of the Contract. The Agreement
legally ends when the Contract ends, for whatever reason. The duration of the
Processing of Personal Data by Processor is equal to the duration of the Agreement.
13.2 Parties can rescind the Agreement without any prior injunction or default notice
with immediate effect extrajudicially through a letter by way of registered mail, if the
other party applies for (provisional) suspension of payments, if this party applies for
its bankruptcy or is declared in a state of bankruptcy, if the business of that party is
dissolved, if Processor ceases his business, in the event of a major change of the
control over the activities of the company of the other party, if an attachment is
placed on a significant part of the assets of the other party or if one of its partners or
if the other party, and such at the discretion of the first party, is otherwise no longer
deemed capable of complying with the obligations from the Agreement.
14 Exit-procedure
14.1 After the end of the Agreement, Processor will, at the option of Data Controller,
delete all Personal Data which Processor possesses on account of the Agreement or
the Contract, or return it to Data Controller and remove the existing copies.
This applies, unless an obligation exists, applicable to Processor, to retain the
Personal Data for a longer period.
14.2 Processor will, to the extent reasonably possible and feasible, inform Sub-Processors
of the end of the Agreement and the obligations which Processor is subject to on
account of this article.
14.3 Article 4 (Cooperation obligation), article 11 (Non-disclosure), and article 15
(Applicable law and choice of court) will remain in effect after termination or
rescission of this Agreement, on whatever grounds, for an unlimited time.
15 Choice of law and court
15.1 To this Agreement, Netherlands legislation is exclusively applicable.
15.2 All disputes which flow from or are related to the Agreement or the implementation
thereof are exclusively submitted to the court of law of Oost-Brabant, place of
session ’s-Hertogenbosch.
Appendix I –Specifications Processing
Description of Processing:
Processing
service
Nature of
Processing
Type of Personal
Data
Categories of
Data Subjects
The receipt and
processing of
the Personal
Data of
employees and
clients of Data
Controller in
the context of
the provision
of services
through the
Simple-Simon
application.
Processing of
non-special
Personal Data:
name and
address details.
• Name
and
address;
• E-mail
address and
• Phone
numbers
• GPS location
• Other
contact
details
Employees and clients of
Data Controller.
Simple-Simon (processor) offers a digital work order. It allows clients of SimpleSimon to process the work orders they use digitally. In Simple-Simon, clients can
store, amongst other things, their client, working address, and contact person
details. This information is not special in nature and mainly regards name and
address details. The personal data of the staff of the Simple-Simon client can also be
stored, which are not special in nature either, but mainly name and address
information.
Appendix II – Measures
Processor declares to have taken the following measures to be able to comply with what
is stipulated in the Agreement:
To guarantee confidentiality:
– All data-traffic between Simple-Simon components is encrypted
– Give Data Controller the possibility to give passwords to all users
– The data of all Simple-Simon clients are stored separately from those of
other clients
To guarantee integrity:
– Personal data are not transmitted
– Modification of personal data can only be done by the
Data Controller
To guarantee availability and resilience of used systems and services:
– Every night a back-up is made of the data
– In case of a calamity, access to personal data can be restored within a
reasonable term
To timely restore the availability of and the access to the Personal Data after a physical or
technical incident:
– A high-quality SLA has been concluded with the supplier of the infrastructure.
To test, assess, and evaluate at regular intervals the efficacy of the technical and
organisational measures:
– The availability of the software and data is controlled in a continuous process
and improved where necessary.