Log in 
This Data Processing Agreement (“DPA”), including the appendix below, forms part of our Business Terms of Service and only applies where stated therein (see the Privacy and Data Usage section).
Definitions
Words or expressions enclosed in “quotation marks” have the same meaning whenever used in this DPA. Unless otherwise specified below, all words or expressions defined in the Business Terms of Service have the same meaning when used in this DPA.
• “Applicable Data Protection Law” means all laws and regulations applicable to the processing of relevant data by Klantenvertellen BV under the Business Terms of Service, including the GDPR and all laws and/or regulations implementing, or made under or pursuant to the GDPR
• “Personal Data”, “Special Categories of Personal Data”, “Controller” and “Processor” have the meanings as defined in the GDPR.
• “Klantenvertellen BV”, “we”, “us” or “our” means Klantenvertellen BV (Chamber of Commerce number: 81275048), Dr. Hub van Doorneweg 169, 5026 RC Tilburg, The Netherlands.
Instructions
1. To the extent that Klantenvertellen BV provides review invitation services to you and you are a Controller of the Relevant Data under the GDPR, you (the Controller) appoint Klantenvertellen BV as Processor to process that Relevant Data.
2. This Data Processing Agreement applies to you and us as long as our Business Terms of Service apply to you, or as long as we process Relevant Data on your behalf – whichever period is longer.
3. You instruct Klantenvertellen BV to process the Relevant Data in accordance with this Data Processing Agreement (DPA) and solely for the purpose described in the appendix below (or as otherwise agreed in writing between you and Klantenvertellen BV) (the “Purpose”). Klantenvertellen BV may not process the Relevant Data for other purposes unless required by EU law, EU member state law, or Dutch law. In that case, Klantenvertellen BV will inform you in writing about the reasons why it must process the Relevant Data, unless legally restricted from notifying you.
4. If Klantenvertellen BV believes that an instruction given by you violates the Applicable Data Protection Law, Klantenvertellen BV will immediately notify you.
5. Klantenvertellen BV is currently not aware of any legislation that would prevent it from complying with the Data Processing Agreement, but will promptly notify you if this changes or is expected to change.
Transfer of Relevant Data
6. Klantenvertellen BV will not transfer any relevant data outside the EU unless Klantenvertellen BV has taken the necessary measures to ensure that the transfer complies with applicable data protection law.
Confidentiality
7. Klantenvertellen BV will ensure that any person authorized by Klantenvertellen BV to process the relevant data will maintain the confidentiality of the relevant data under a legal duty of confidentiality or other obligation.
Security Measures
8. Klantenvertellen BV currently implements the technical and organizational measures described in our DPA regarding security measures for Klantenvertellen BV
9. Klantenvertellen BV may modify these measures from time to time but will always maintain appropriate technical and organizational measures that ensure a level of security appropriate to the risk and protect the relevant data against:
• accidental or unlawful destruction, loss or alteration,
• unauthorized disclosure or access, or
• other processing in violation of applicable data protection law.
10. Klantenvertellen BV will also comply with all other applicable data security requirements directly imposed on it, including the data security requirements of the country where Klantenvertellen BV is established and where the data processing will take place.
11. The appropriateness of technical and organizational security measures is based on:
• the current state of technology;
• the costs of implementation; and
• the nature, scope, context, and purposes of processing, as well as the likelihood of risks and the impact on data subjects’ data protection rights and freedoms.
12. Upon your request, Klantenvertellen BV will provide you with sufficient information to enable you to verify that Klantenvertellen BV complies with its obligations under the Data Protection Agreement, including implementing the technical and organizational security measures described above.
Audit
14. You may appoint an independent expert at your own expense who (provided the expert is not a competitor of Klantenvertellen BV) will be given access to Klantenvertellen BV’s premises and information necessary to verify that Klantenvertellen BV complies with its obligations under the Data Processing Agreement, including whether appropriate technical and organizational security measures have been implemented.
15. You must give us at least 14 days’ notice that you want your expert to have access. Before we grant them access, they must enter into a standard confidentiality agreement with Klantenvertellen BV guaranteeing that any information they obtain or receive from Klantenvertellen BV and/or its affiliates will be treated confidentially and may only be shared with you.
16. Any findings or reports prepared based on the expert’s inspection and audit must be shared with Klantenvertellen BV and treated as confidential information.
Authority Requests
17. Klantenvertellen BV will grant access to its physical facilities to authorities who have the right under EU law to enter supplier facilities, provided their representatives can show proper identification.
18. Klantenvertellen BV must notify you in writing, without undue delay after becoming aware of the facts, of any request from an authority for disclosure of the Relevant Data, unless Klantenvertellen BV is expressly prohibited from informing you under EU law.
Security Incidents
19. Klantenvertellen BV must notify you in writing, without undue delay after becoming aware of the facts, of any suspicion or finding of:
• a security breach resulting in accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to the Relevant Data transmitted, stored, or otherwise processed by Klantenvertellen BV
18. Klantenvertellen BV must notify you in writing, without undue delay after becoming aware of the facts, of any request from an authority for disclosure of the Relevant Data, unless Klantenvertellen BV is expressly prohibited from informing you under EU law.
Cooperation and Data Subject Rights
20. Klantenvertellen BV will immediately assist you with handling data subject requests under Chapter III of the GDPR and, where commercially feasible, under other applicable data protection law, including requests for access, rectification, blocking or deletion, relating to our processing of the relevant data.
21. If Klantenvertellen BV receives such a request, Klantenvertellen BV will not respond except to inform the requesting data subject:
• whether a review invitation email has been sent to them on your behalf; and
• that they must submit their request to you, as you are responsible for responding to these requests.
22. Klantenvertellen BV will assist you in complying with other obligations that may be imposed on you under EU law, EU member state law, or UK law regarding data processing, where our assistance is necessary to meet your obligations. This includes providing reasonable cooperation in connection with any data protection impact assessment that may be required under Articles 35 and 36 of the GDPR.
Sub-processors
25. Klantenvertellen BV may engage external sub-processors to process the Relevant Data for the Purpose, provided that Klantenvertellen BV imposes data protection obligations on each sub-processor requiring that the Relevant Data be protected to at least the same standard imposed on Klantenvertellen BV in this DPA. Klantenvertellen BV lists its current sub-processors here. If Klantenvertellen BV intends to add a new sub-processor, Klantenvertellen BV will inform you in advance.
26. You may object to an additional or replacement sub-processor before their appointment, provided your objection is based on objective and reasonable grounds relating to data protection. If Klantenvertellen BV chooses not to propose an alternative sub-processor, or if you object to all alternative sub-processors of Klantenvertellen BV, you may terminate your subscription (if applicable) with one month’s notice to the end of the month.
27. Upon your request, we will provide you with a copy of the data protection obligations in the agreement between Klantenvertellen BV and the sub-processor.
28. Klantenvertellen BV is liable for any breach of this Data Processing Agreement caused by an act, error or omission of one or more of its sub-processors.
Deletion or Return of Relevant Data
29. Klantenvertellen BV retains the Relevant Data for the following periods:
• After a period of 3 months, email and IP addresses are deleted or anonymized.
30. After these periods expire, or upon your earlier request, Klantenvertellen BV will immediately return or delete (including anonymize) the Relevant Data in a manner and form reasonably determined by Klantenvertellen BV. This does not apply to the extent that Klantenvertellen BV is legally required to retain some or all of the Relevant Data.
Data Protection Officer
You can reach our Data Protection Officer by sending an email to: [email protected]
Purpose
• To provide you with one or more of our review invitation services, as defined in the Business Terms of Service (when you (or we on your behalf) send invitations to your consumers requesting them to write a review on our platform about your services and/or your products).
Categories of Data Subjects
• Your customers
Categories of Personal Data
• Name
• Place of residence
• Email address
• Potentially: reference number, such as an order number or similar
• IP address
