top of page

DATA PROCESSING AGREEMENT

Name:

WebinGO OÜ

Headquarters

Sepapaja 6. 15551 Tallinn, Estonia

Tax number

EE102410954

 

as a data processor (hereinafter: "WebinGO" or "data processor")

Data controller and WebinGO OÜ hereinafter together: Parties), on the undersigned date and place according to the following conditions:

 

Parties a Regulation 2016/679/EU on the protection of natural persons with regard to the processing of personal data and the free flow of such data (hereinafter: "GDPR"), the Agreement is supplemented with the following and their legal relationship is arranged as follows.

 

Agreement

 

  • The parties state that in their contractual legal relationship, the Data Controller acts as a data controller, while WebinGO OÜ acts as a data processor.
     

  • The parties confirm that they always act in accordance with the GDPR and other relevant data protection legislation when handling personal data.
     

  • The parties state that ensuring that the data management is tied to a legal purpose, the legal basis of data management, and the legal conditions for data transfer fall within the scope of the data controller's duties. The Data Processor is not entitled to perform additional data management operations in addition to the data management operations specified in the Agreement.

 

The Data Processor performs the tasks set out in the Contract on the basis of the database provided to it by the data controller. The data manager declares that he is authorized to manage the data in the database and has the appropriate legal basis.

 

The parties expressly state that the data processor bears no responsibility for the legality of the resulting database.

 

  • The data controller expressly consents to the data processor using an additional data processor for the performance of its tasks, of which, however, it is obliged to notify the data controller in advance. Data controller is authorized to object to further data processors, however, you may not exercise this right in an abusive manner.

  • The Data Processor undertakes that if it uses an additional data processor, it will also install the data protection obligations contained in this agreement on the additional data processor.The data processor is obliged to ensure that all further data processors sign a written agreement containing terms and conditions that ensure the level of protection of personal data expected in this agreement and meet the requirements of applicable legislation. In addition, the data processor undertakes to hand over the agreements concluded with other data processors to the data controller upon request.

  • The data processor handles personal data exclusively based on the written instructions of the data controller, the purpose and method of data management is determined exclusively by the data controller. If, according to the data processor's point of view, additional data processing operations are also necessary for the proper performance of the Contract, then the data processor is obliged to immediately initiate a consultation with the data controller.

  • Persons authorized to process personal data, who are employed or in other legal relationships with a data processor, undertake a duty of confidentiality, and only those persons whose access to them is absolutely necessary handle personal data. This confidentiality obligation also exists after the termination of the contract.

  • The data processor ensures the security of personal data by means of technical and organizational measures, thus complying with the provisions of Article 32 of the GDPR, thus particularly but not exclusively ensuring the protection of personal data, as well as against unauthorized or illegal data processing and unforeseen data loss, destruction or damage. defense.

  • The parties will cooperate if a request from the data subject or the data protection authority is received by either party. The Parties are obliged to provide each other with all the support and information necessary for the Parties to fulfill their legal obligations. If a data processor receives a request to exercise data subject rights, it will immediately forward it to the data controller.

  • In the event of a data protection incident, the Parties shall immediately take all necessary and appropriate measures to remedy the underlying causes of the incident and prevent a new incident, and shall notify each other in writing as soon as possible after the occurrence of the incident, describing in sufficient detail (in particular, the nature of the data protection incident, categories of data subjects and information on the categories and approximate number of data subjects), as well as supporting the incident and its probable impact on the subjects of the personal data with evidence. In each case, the data controller decides whether to notify the affected parties of the incident and the action plan necessary for remediation. During the investigation of the incident, the data processor is obliged to comply with the instructions of the data controller immediately.

  • The data processor is obliged to delete or return all personal data to the data controller after the termination of the Agreement or the fulfillment of the data management purpose, and to delete existing copies. If the legislation applicable to the data processor does not allow the deletion of part or all of the transmitted personal data, the data processor guarantees that it will continue to ensure the confidentiality and security of the personal data and will not actively manage the transferred personal data after the termination of the legal relationship.

  • The data processor is obliged to provide the data controller with all information necessary to certify behavior in accordance with the GDPR and current legislation, and is obliged to facilitate the data controller to check its activities if necessary.

  • Parties appoint a contact person within our organization - either a data protection officer or another person - who is entitled and obliged to respond to inquiries related to the management of personal data, and who cooperates in good faith and within a reasonable time with the other Party, the data subject or the data protection authority in relation to all inquiries . The Parties undertake that in the event that a data subject or the data protection authority initiates an investigation or lawsuit against any of the Parties, the Parties will immediately inform each other of this fact and cooperate in good faith in order to resolve the matter peacefully and within a reasonable time. arrange inside.

  • The Parties' liability towards each other is limited to directly caused damage, with the exception of damages caused intentionally or through gross negligence.

  • The terms used in this agreement - especially personal data, data controller, data processor, data management, data processing, data protection incident - have the content according to Article 4 Definitions of the GDPR.

  • This contract will enter into force on November 17, 2022 and will last for the duration of the contract, with the exception of all the obligations that the Parties are obliged to observe even after termination, including, in particular, but not exclusively, the obligation of confidentiality.

  • This agreement is valid only in writing, based on the mutual agreement of the Parties. The Parties may terminate this agreement by written mutual agreement.

  • In matters not regulated in this agreement, the relevant provisions of the GDPR and the data protection legislation in force at all times shall govern.

 

Budapest, November 17, 2022.

 

  1. s. Annex - Description of the processing of personal data

 

Contact person's name and contact information

Data controller

Data processor

 

WebinGO OÜ

I was touched

Data management covers the following categories of data subjects:

  • Clients

  • Prospective customers

  • Employees

  • Suppliers

  • Contact persons

  • Other (Please specify!):

 

Categories of personal data

The data management covers the following categories of personal data:

  • Personal identification data

  • Contact details

  • Financial data, billing data

  • Image and/or sound recording

  • Other (Please specify!):

 

Special personal data

 

Special category of personal data

 

Is special data processed?

Personal data referring to racial or ethnic origin, political opinion, religious or worldview beliefs or trade union membership, as well as genetic and biometric data for the unique identification of natural persons, health data and personal data relating to the sex life or sexual orientation of natural persons

YES/NO

 

If YES, please specify:

 

The purpose of processing personal data:

Direct marketing activity

 

Detailed description of data management activity:

Direct marketing activity in order to increase and popularize the awareness of the Data Controller and the products and services defined by it, to reach new partners and target groups, to explore needs and business opportunities, and to arouse interest by contacting the target segment by telephone or sending an e-mail newsletter

 

Name and contact details of additional data processors

WebinGO OÜ

hello@webingo.group


 

Data transfer to a country outside the European Economic Area

Will data be transferred to countries outside the European Economic Area?

YES/NO

If yes, please provide details:

bottom of page