DATA PROCESSING AGREEMENT
This Data Processing Agreement is an integral part of the General Terms and Conditions of the contract of SEMOS jd.oo, headquartered at Slavko Kovačića section 8-C, Sesvete, VAT ID: HR34193795394 (hereinafter: SEMOSonline), available at https://www.semos-informatika.eu/ (hereinafter: the General Terms and Conditions of the Contract) and with them in accordance with point 2.6. It also forms an integral part of the Service Agreement.
Ovaj Ugovor o obradi podataka primjenjuje se u odnosu na Usluge, sukladno njihovoj definiciji iz Općih uvjeta ugovora, koje SEMOSonline pruža Korisniku Usluga, ako Usluge uključuju obradu Osobnih podataka ispitanika u skladu s GDPR-om i ako je Korisnik sukladno GDPR-u Voditelj obrade (ili Izvršitelj obrade, ako je primjenjivo) Osobnih podataka ispitanika, kako su definirani ispod, a SEMOSonline Izvršitelj obrade (ili pod-Izvršitelj obrade Osobnih podataka ispitanika, ako je primjenjivo).
This Data Processing Agreement shall enter into force on May 25, 2018, or the date of the conclusion of the Service Agreement between SEMOSonline and the User, whichever is later, and shall terminate at the same time as the Termination of Service Agreement.
For the purposes of this Data Processing Agreement, the following terms have the following meanings:
- “Respondent Personal Data” means Personal Data uploaded, stored, published, displayed or backed up using SEMOSonline Services, as described in clause 4 of this Data Processing Agreement;
- “GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC together with other implementing regulations in any Member State of the European Union, including the Republic of Croatia, and includes any amendments, supplements, corrections, consolidated texts and subsequent regulations that will be in force for the duration of the Service Agreement; and
- “Personal data”, “Personal data breach”, “Respondent”, “Supervisory authority”, “Data protection impact assessment”, “Processing”, “Processing executor” and “Processing manager” have the meaning given to them in Article 4 of the GDPR. Initial capitalization terms not defined in this article have the meaning given to them in the appropriate part of this Data Processing Agreement or the General Conditions of the Agreement.
This Data Processing Agreement applies to the processing of Respondents’ Personal Data, which includes the Personal Data of the Customer’s customers or potential clients, suppliers, business partners, resellers and other end users, the extent of which is determined and managed by the User at its sole discretion.
Respondents Personal Data includes Personal Data whose scope is determined and managed by the User at its sole discretion and contained in any application, file, data, information or other content uploaded, stored, published, displayed or backed up by Users or end users using the SEMOSonline Services.
For the purposes of this Data Processing Agreement, Customer and SEMOSonline agree that the User is the Respondent’s Personal Data Processing Manager, while SEMOSonline is the Data Processing Executor unless the User acts as the Personal Data Processing Executioner, in which case SEMOSonline is a sub-processing agent. If the User is a Processing Executor, the User warrants that his instructions to SEMOSonline in relation to the Respondent’s Personal Data, including User’s engagement of SEMOSonline as a sub-Executor, have been approved by the appropriate Processing Manager.
SEMOSonline undertakes to process the Respondent’s Personal Data on behalf of and solely in accordance with the User’s prior written instructions, and undertakes not to process the Respondent’s Personal Data for any other purpose. The User hereby instructs SEMOSonline to process the Respondent’s Personal Data only to the extent necessary for the provision of the Services contracted in accordance with the Service Agreement.
The Customer and SEMOSonline undertake to comply with their respective obligations under the GDPR to the extent necessary for the processing of any Personal Information of the respondents in the context of the provision of the Services. The User agrees to (i) comply with all applicable privacy and data protection regulations regarding the processing of Respondents’ Personal Data and Processing Instructions issued by the User to SEMOSonline, and (ii) obtain all privileges and rights necessary for SEMOSonline to exercise Processing of Respondents Personal Data in accordance with this Data Processing Agreement.
The User acknowledges and agrees that the processing of the personal data of the respondents in accordance with this Agreement on data processing is carried out in the Republic of Croatia, or exclusively in one of the Member States of the European Union or in one of the Member States of the European Economic Area. SEMOSonline agrees not to transfer personal data from respondents outside the European Economic Area.
The User acknowledges and agrees that SEMOSonline is dependent on the User’s instructions regarding the processing of the Respondent’s Personal Data. Consequently, SEMOSonline does not respond in the event of any request made by the Respondent resulting from the act or omission of SEMOSonline, which in turn is a direct consequence of acting on the User’s instructions or the User’s failure to comply with his obligations arising from the applicable data protection regulations.
If for any reason (including changes to the applicable regulations) SEMOSonline is unable to follow the User’s instructions regarding the processing of the personal data of the respondents, SEMOSonline agrees
- inform the User immediately of such impossibility and give reasons why he / she cannot follow the instructions; and
- stop processing the Respondent’s Personal Data (with the exception of the storage and safekeeping of the Respondent’s own Personal Data) until the User has issued new instructions that SEMOSonline may follow. In cases where this provision applies, SEMOSonline will not be liable to the User for not providing the Services until the User issues new instructions regarding the Processing.
SEMOSonline undertakes to entrust the processing of personal data of the respondents on behalf of the User only to persons who have undertaken to maintain the confidentiality of such Personal data of the respondents.
SEMOSonline undertakes to implement appropriate technical and organizational measures to protect against the accidental or unlawful destruction, loss, unauthorized disclosure or access to the Personal Data of respondents, in accordance with Article 32 of the GDPR.
Provided that the User pays the appropriate fees according to the applicable SEMOSonline price list and any costs, SEMOSonline undertakes, at the request of the Customer, to assist the User to fulfill its obligations related to the security of the Respondent’s Personal Information.
The User authorizes SEMOSonline to hire Processing Contractors to perform special processing activities on behalf of SEMOSonline, which may include the processing of Respondents’ Personal Data by such other Processing Contractors.
If SEMOSonline engages another Executor to process the Respondent’s Personal Data, SEMOSonline agrees to:
- notify the User of any planned changes regarding the addition or replacement of other Processing Performers so that the User can file a reasoned objection to such changes within 15 days of receipt of the notification. If the User and SEMOSonline cannot agree on such a complaint, either party may terminate the Service Agreement by sending written notice to the other party;
- notify the User of any changes to the roles or status of another Processing Performer; and
- enter into a written agreement with another Processing Provider that imposes on another Processing Contractor the same obligations that apply to SEMOSonline under this Data Processing Agreement.
Ako SEMOSonline angažira drugog Izvršitelja za obradu Osobnih podataka ispitanika, SEMOSonline se obvezuje:
- obavijestiti Korisnika o svim planiranim izmjenama u vezi s dodavanjem ili zamjenom drugih Izvršitelja obrade kako bi Korisnik imao mogućnost uložiti obrazloženi prigovor na takve izmjene u roku od 15 dana od primitka obavijesti. Ako se Korisnik i SEMOSonline ne mogu sporazumno dogovoriti u pogledu takvog prigovora, bilo koji od njih može raskinuti Ugovor o pružanju usluga slanjem o tome pisane obavijesti drugoj strani;
- obavijestiti Korisnika o svim promjenama uloga ili statusa drugog Izvršitelja obrade; i
- s drugim Izvršiteljem obrade sklopiti pisani ugovor koji drugom Izvršitelju obrade nameće iste obveze koje se primjenjuju na SEMOSonline sukladno ovom Ugovoru o obradi podataka.
Provided that the User pays the appropriate fees according to the applicable SEMOSonline price list and possible costs, SEMOSonline undertakes, at the user’s request, to assist the User to fulfill its obligations regarding responding to requests for the exercise of the respondents’ rights. The User acknowledges and agrees that he is solely responsible for responding to such requests.
SEMOSonline is committed to:
- notify the User without undue delay after learning of any Personal Data Infringement affecting any of the Respondent’s Personal Information; and
- Provided that the User pays the appropriate fees according to the applicable SEMOSonline price list and any costs, at the User’s request, provide the User with the reasonable assistance necessary to inform the User about the relevant personal data breach and / or the affected Respondents. li>
Provided that the User pays the appropriate fees according to the applicable SEMOSonline price list and any costs, SEMOSonline undertakes, at the User’s request, to provide the User with reasonable assistance in order to facilitate:
- the implementation of the Data Protection Impact Assessment, if the Beneficiary has such an obligation under the GDPR; and
- consultation with the Authority, if the Beneficiary has an obligation to provide such advice in accordance with the GDPR, in any event solely to the extent that such assistance is required and relates to the processing of the Personal Data of the respondents by SEMOSonline, taking into account the nature of the Processing and information available to SEMOSonline.
SEMOSonline agrees to allow the User to download and / or delete the Personal Data of the respondents prior to the termination of the Service Agreement. The User hereby instructs SEMOSonline to permanently and securely delete all Personal Data of the respondents in the possession or control of SEMOSonline within 30 days from the termination of the Service Agreement and at the latest within 90 days of the termination of the Service Agreement. or any other Processing Performer. This provision shall not apply if there is an obligation to store personal data in accordance with EU or Member State law.
Provided that the User settles the appropriate fees according to the applicable SEMOSonline price list and possible costs and that the User or the Authorized Auditor is not in competition with SEMOSonline, SEMOSonline undertakes at the User’s request to provide the User with all information necessary for him demonstrating compliance with, and contributing to, GDPR compliance with audits, including inspections, conducted by the User or other auditor authorized by the User, to the extent that such information is not under the control of SEMOSonline and SEMOSonline information in accordance with applicable regulations, confidentiality obligations or any other obligation towards a third party.