Terms and Conditions

TERMS AND CONDITIONS

INTRODUCTION

This document represents the contract based on which SEMICOLON SRL provides the services presented on the website https://eu-label.info and https://app.eu-label.info. This is to be explicitly accepted through the service order form on this website. Any order is completed online by the customer by accepting this contract. Updated on: 05.12.2023

The Contracting Parties

PROVIDER – SC SEMICOLON SRL, the creator and administrator of the EU LABEL.info platform, with registered office in Valea Lupului, str. Ecaterina Teodoroiu No. 19, room 3, registered at the Trade Registry Office under no. J22/1147/2019 CUI RO40756462, represented by Mr. Șolopa Stefan as Administrator, operator of the https://eu-label.info platform.
CUSTOMER – registered on the website and identified by the data entered in the order form. This information will be stored in the database and can be updated within the account by the beneficiary if necessary.
The user of the EU-Label platform and all services offered through it, have agreed to the following:
– Any order made and confirmed by the CLIENT, by ticking the “I agree with the terms and conditions” box, represents an acceptance by the CLIENT of the PROVIDER’s offer, under the conditions stipulated by art. 9 of the Electronic Commerce Law 365/2002. Completing (checking) this box is mandatory and has the same value as a holographic signature and represents an electronic signature, in the sense of art. 4 point 3 of the Electronic Signature Law no. 455/2001.

DEFINITIONS: https://eu-label.info, EU-LABEL: the website and trade name, as well as the set of services accessible on this website or its subdomains.
SERVICE: the services made available by the Provider through the website https://eu label.info / https://app.eu-label.info, in the form of SAAS (software as a service) based on a subscription.
CLIENT: natural or legal person who places an order on the website https://app.eu label.info or by other methods displayed on the website, such as telephone, email, etc.
ORDER: the purchase action of one or more services displayed on the website https://eu-label.info / https://app.eu-label.info, carried out by a customer who wishes to benefit from that /those services.
VISITOR: natural or legal person, who visits the website https://eu-label.info / https://app.eu-label.info, without having purchased services and without placing an Order.
DISTANCE CONTRACT: according to the law, it represents any contract concluded between EU – LABEL and the CLIENT without the simultaneous physical presence of the two parties, with the exclusive use of one or more means of distance communication, up to and including the moment when the contract is concluded, and which is subject to information requirements of the CLIENT by EU-LABEL, before the effects of the concluded contract are produced;

2. Object and acceptance of this Service Agreement

2.1 . This Service Agreement is applicable to all orders or accounts made via https://app.eu-label.info (order form, contact form, phone, email). The customer undertakes to be aware of these conditions before making a
order or to open an account. All orders and account opening imply acceptance by the Customer of all these terms of service. Acceptance of this contract by the customer is done by checking the “I agree with the terms and conditions” box. By using the website as well as the services offered through the EU-LABEL platform, the CLIENT is directly responsible for the consequences arising from its use. Also, the CLIENT is liable for any material, intellectual, electronic or any other damage caused by him or his employees to the SITE, CONTENT, SERVICE, EU-LABEL or any third party with whom EU-LABEL has concluded a valid contract , in accordance with the legislation in force.
2.2. The PROVIDER reserves the right to modify these terms of service at any time. The version applicable to an order placed is the one in force on https://app.eu-label.info at the time the order was placed by the customer.
2.3. The services can be accessed from a number of interfaces such as: desktop applications that are installed on Windows, Mac and Linux operating systems, iOS and Android applications and web browsers. 2.4. The price list of the services offered can be found at https://eu-label.info/#pricing, as the case may be, from a representative of the PROVIDER, by email or by phone. The price will be set by the PROVIDER depending on the CLIENT’s needs and the period for which the service is paid. The payment of the services by the CLIENT represents his acceptance of the price offered by the PROVIDER.
2.5. The services offered through the EU-LABEL platform may change over time as we improve or add new functionality . We may suspend, modify or discontinue these services at any time without notice. We may also remove any content from the Services at any time.
2.6. This service contract is accompanied and must be interpreted together with Annex 1 – Contract regarding the processing of personal data

3. Duration of the contract

3.1. This contract is concluded for a period of 12 months, depending on the subscription chosen by the CLIENT, starting from the date of placing the order or the date of account creation, and the obligations of the parties come into force from this date. After the expiration of the period, if there is no request to interrupt the services, the subscription will be automatically extended with the same period initially chosen.
3.2 . As soon as the payment of the chosen subscription type is made and confirmed, the CLIENT will have access to the services included in the subscription package from the moment the payment is confirmed by the Provider. The cancellation of the order can be made until the payment is made. Any errors occurring in the order made by the Customer can be corrected until the payment is confirmed by the Service Provider through an email sent to eulabelinfo@gmail.com or no. by phone +40759653566 from Monday to Friday between 08:00 and 16:00.
3.3. If the CLIENT does not notify the cancellation of the chosen subscription at least 30 calendar days before the expiry of the validity period of the subscription, each year the subscription will be automatically extended without any formality.
3.4. If the CUSTOMER wishes to change the type of subscription chosen during the period in which a previously chosen subscription is active, this is possible at https://app.eu-label.info/plan. in the case of upgrading a package, and in the case of downgrading a package, it takes effect after the period for which the CLIENT has already paid expires and makes a new payment, for a smaller package.
3.5. The CLIENT’s account as well as all data entered into the platform (customers, digital labels , nutritional data, appointments, etc.) will be automatically deleted 6 months after the subscription expires.
3.6. The CUSTOMER can request the return of a payment made within 14 days if he is dissatisfied with the contracted service. The return of the payment will be made by the PROVIDER as soon as possible by bank transfer.
3.6.1. If there were interbank commissions for processing/collection of payments, they will be deducted from the amount that will be returned to the CUSTOMER.
3.6.2. In the situation where the CLIENT benefited from an active promotion (30 days free trial), he cannot benefit from the return of the payment.

4. Contract value and payment

4.1. For the services provided, the CLIENT will pay the PROVIDER the amount of the subscription, provided at the time of finalizing the order. In the situation where the CLIENT requests a customized web module / service, in addition to the subscription value, the value of the services provided for the creation of the customized module will also be paid, the amount to be established by mutual agreement, depending on the complexity of the work.
4.2. The PROVIDER, if applicable, will send regular payment notifications according to the type of subscription chosen.
4.3. In the event that your access to https://app.eu-label.info is interrupted for a long period due to the PROVIDER (temporary or permanent interruption of the service for various reasons), you will be able to receive back the amount of money representing the part of subscription remained unused during the period for which the subscription was made, after you have made a request in this regard.
4.4 . In no case, the PROVIDER can be obliged to pay sums of money higher than the value of the remaining subscription.
4.5. All prices displayed on the website and platform at https://app.eu-label.info/plan do not include VAT.

5. Availability of the displayed services

5.1 The PROVIDER’s offer regarding the services and their price is valid as long as it is displayed on https://eu-label.info. The PROVIDER will fulfill its contractual obligations as soon as the CLIENT makes the payment related to the selected service.
5.2. Any changes in rates or regarding the availability of services will be communicated by email to the CLIENT’s contact address in the user account or through the application at least 30 days before any change. Application maintenance services are announced through the application or by email.
5.3. The CUSTOMER is responsible for updating the data in the user account as soon as changes occur. The PROVIDER assumes no responsibility in the event of damages or damages of any kind due to the impossibility of accessing the e-mail address declared in the user account.
5.4. Access to the EU-LABEL services is possible until the termination of the service and/or deletion of the customer account, regardless of technological progress or changes, unless the CUSTOMER ceases to pay his subscription. This access also includes legislative updates for the available services, as well as assistance throughout the duration of this contract.
5.5. Access to EU-LABEL services is possible as long as there is a valid subscription paid up to date. In the event that the CLIENT does not pay the subscription fee after its expiration, his account will be limited and after 60 days of non-payment it will be deleted, considering that the CLIENT no longer wishes to use the contracted services.

5.6. The PROVIDER makes every effort to provide permanent access to the services offered, but can only guarantee the availability of the service to the extent of 99.8%. The availability period does not include maintenance periods announced in advance by email or within the service, but includes those unannounced maintenance periods. As such, considering the dependence of the services offered on Internet access, the possible technical and system limitations that may appear, the PROVIDER assumes an obligation of diligence regarding the availability of the services according to the percentage above. If the CLIENT could not access the service for reasons attributable to the PROVIDER for a period longer than that mentioned above, he may request a proportional refund of the subscription paid for the period in which the service was unavailable.
5.7. In the conditions where the desired service is no longer available, for reasons imputable to the PROVIDER, the CLIENT can export their bookstores and digital labels in tabular format. In the conditions where the desired service is no longer available, for reasons imputable to the CLIENT (non-payment, violation of this contract, etc.), the PROVIDER will endeavor, but without guarantee, to offer the CLIENT access to export its customer nomenclature in tabular format . The PROVIDER cannot assume any obligation related to how this data can be loaded into other IT systems.

5.8 . The services offered on this platform do NOT work offline.

5.9. The Services have certain reasonable usage limits, such as:

SUBSCRIPTION
Free – Maximum number of digital labels 3; – Analytics.
Starter – Maximum number of digital labels 40; – Analytics.
Basic – Maximum number of digital labels 100; – Analytics;
– Import / Export Excel files.

Standard -Maximum number of digital labels 150; – Analytics;
– Import / Export Excel files;
– Customizable QR codes.
Plus – Maximum number of digital labels 400; – Analytics;
– Import / Export Excel files;
– Customizable QR codes;
– The Platform interface can be customized at the CLIENT’s request.

Pro – Unlimited maximum number of digital labels; – Analytics;
– Import / Export Excel files;
– Customizable QR codes;
– The Platform interface can be customized at the CLIENT’s request.
Personalized – All CLIENT requirements will be discussed and agreed.

Note: After exceeding the above limits, no more digital tags can be created until a higher subscription is purchased.

5.10. At the CLIENT’s request, the QR codes that have been put into use can redirect to another URL / web page, the CLIENT is solely responsible for all the content existing at that address.
5.11. Only new labels are charged in the current year
5.12. Previously created tags remain active at no additional cost
5.13 . CUSTOMER costs do not increase progressively
5.14. Existing tags can be maintained by paying the minimum annual subscription – if no more new tags are desired.

6. Rights and Obligations of the Parties

6.1. The rights and obligations of the CUSTOMER
6.1.1. The CUSTOMER is solely responsible for all content in his account or for any violation of the law or the rights of a third party.
6.1.2. The CLIENT undertakes to use the services offered by the PROVIDER in full legality and knowing the legal provisions in force regarding the activity he carries out.
6.1.3. It undertakes to fully comply with the provisions related to copyright and the protection of personal data with regard to the data entered into the system.
6.1.4. It assumes full responsibility for the creation, customization, administration, management, accuracy and legality of the virtual tags issued with the help of the offered services. 6.1.5. The CLIENT will process personal data according to the legal provisions in force and has the obligation to comply with the legislation in this field and to inform its customers in advance that their data will be entered into the EU-LABEL web platform, and the PROVIDER cannot be responsible for any damages or violations of the privacy rights of such persons.
6.1.6. Understand and agree to the Terms and Conditions.

6.2. The rights and obligations of the PROVIDER
6.2.1. The PROVIDER ensures:
– the possibility to create, customize, administer and manage contracted web services through the EU-LABEL web platform;
– data backup;
– connecting to the system through a secure communication protocol (https);
– synchronizing user account data in such a way that it is available from any type of device, from anywhere, through Internet access. The services offered do NOT work in the offline version.
6.2.2. https://app.eu-label.info acts as a host for content added by the CLIENT, under the terms of Law 365/2002 on electronic commerce. At the same time, a limited part of the data is also stored on the CLIENT’s computers. Instead, the data is not kept in the browser or on the mobile. The PROVIDER assumes no responsibility for the loss of access passwords to the user account or for activities that may compromise the CLIENT’s account. If the PROVIDER receives a notification regarding the existence of services with a
illegal appearance made by the CLIENT, reserves the right to suspend the user account or block access to it.
6.2.3 . Each CLIENT will have a system of users who can be configured with a certain set of rights. The CLIENT bears full responsibility if the users approved by the CLIENT violate the provisions of the documents specified in point 2.6 of this contract or engage in illegal or immoral activities.

6.2.4. The PROVIDER does not monitor or exercise any control over the CLIENT’s data and documents.
6.2.5. The PROVIDER offers a non-exclusive and unlimited right of use (license) in time and space during the subscription period, for the use of the services offered. 6.2.6. If the uptime is below 99.8%, we will offer percentage compensation from the subscription value according to article 5.5.
6.2.7. The PROVIDER has the right to collect anonymous data about how to use its services (IP address, date/time, etc.).
6.2.8. The PROVIDER will not collect personal data of users who scan QR codes, the data collected will only include the language, country, browser and type of device used.

7. Registration, Passwords and Responsibilities

7.1 . Register an account at https://app.eu-label.info/auth/signup. The PROVIDER advises registered users not to disclose their access passwords to anyone. 7.2. No data transmission over the Internet can be guaranteed to be 100% secure. Accordingly, despite our efforts to protect your information and use secure information transmission protocols (https), PROVIDER cannot ensure or guarantee the security of information transmitted by CUSTOMER to PROVIDER. Therefore, any information sent to the PROVIDER will be done at the CLIENT’s risk.
7.3. Any unauthorized access to the non-public elements of the website https://app.eu-label.info or the access of other persons other than those authorized to an EU-LABEL account represents the crime of unauthorized access to an IT system and will be sanctioned according Romanian legislation in force.

8. Contractual liability

8.1. The CLIENT guarantees the data entered and bears full responsibility for the manner and purpose in which he uses the services provided by the PROVIDER as well as for the manner in which he configures the system of users who have access to the CLIENT’s account and their behavior.
8.2 . The CUSTOMER is solely responsible for entering the information in a correct and complete manner, as well as for keeping the information accurate or updated in the EU-LABEL account.
8.3. The PROVIDER cannot be held responsible if the CLIENT uses the applications and services made available for illegal or immoral purposes.
8.4. The CUSTOMER agrees that it is solely responsible for and will indemnify the PROVIDER for any damages, costs or profit limitations arising as a result of any fraudulent actions on its part. Through this document, the CLIENT understands and accepts that the PROVIDER will transmit his data to the investigative bodies, if the law obliges him to do so.
8.5. Although at every moment we make efforts to ensure the quality and correctness of the messages published on the site, the PROVIDER cannot guarantee, expressly or implicitly, the content, the software or the products and services published under its auspices. The PROVIDER assumes no liability, under any circumstances, for any damage or error
caused directly or indirectly, for any direct or indirect loss of profit (including but not limited to this enumeration: damages for loss of profit, business interruption, or other pecuniary damages), suffered as a result of use or discontinuance of use or of the lack of regularity of the information and services provided by the site.
8.6. The CLIENT declares that before ordering the service, he checked the free version of the website available at https://app.eu-label.info/ and that this web service offered by the EU LABEL platform fully meets his needs at the time of purchase.

9. Termination of the contract

9.1. This contract terminates in the following cases:
– The parties mutually agree to terminate the contract;
– Non-fulfilment or repeated defective fulfillment of contractual obligations by one of the parties;
– The unilateral decision of one of the parties, sent in writing to the other party, the receipt of the notice of termination must take place at least 30 calendar days before the date established for the termination of collaboration;
– In case of dissolution, liquidation, bankruptcy, withdrawal of the operating authorization of one of the contractors, in which case the parties will be required to satisfy the debts of one to the other, resulting debts until the intervention of the cause of disappearance

10. Disclaimer

10.1 . The PROVIDER will not be liable for any material or moral damage, any damage or costs that may arise from the delay in payments that are the responsibility of the CLIENT, as well as the violation by him of any legal obligations if they are not the fault of the PROVIDER.
10.2. The PROVIDER offers the service and will not be liable for any material or moral damage that may occur through the use of the platform by the CLIENT or the fact that the CLIENT did not fully understand how the contracted service works.
10.3. The PROVIDER makes no direct or indirect guarantees that the SERVICE will meet the CUSTOMER’s requirements or that it will be provided uninterrupted, secure or error-free of any kind, but will make every effort to provide a stable and functional service.
10.4 . The customer is solely responsible for the account and/or access to it. The customer will take all measures not to allow access to the account by unauthorized or malicious persons who could thus perform various operations, add/delete virtual tags, import export tags, redirect or any other change in the account that could affect good functioning of contracted services. The customer will verify the accuracy of the information entered into the system by its employees (platform operators) in order to avoid potential fraud.
10.5. For situations where there are a lot of sales and the transactions made are difficult to verify manually (eg: supermarkets, pharmacies, etc.), we recommend purchasing a dedicated subscription and integrating your internal sales software with EU-Label using interface available here.

11. Confidentiality

11.1. None of the Contracting Parties has the right, without the prior written consent of the other Party:
– to disclose any confidential information to a third party, apart from those persons involved in the development and execution of the contract;
– to use any confidential information or to which he has access during the period of the contract, for a purpose other than that of executing his assumed obligations. All confidential information must be marked as such by the party claiming it to be confidential.
11.2. The aforementioned restriction will not be applicable if:
– the information was known to the contracting party before it was received in the execution of this contract;
– the information was accessible to the public;
– the party in question was obliged in accordance with the legal provisions to disclose the information in question.

12. Force majeure

12.1. Force majeure exempts the parties from liability, in case of partial or total non-execution of the obligations assumed by this contract. Force majeure means an event independent of the will of the parties, unforeseeable and insurmountable, occurring after the conclusion of the contract and which prevents the parties from fully or partially performing the assumed obligations.
12.2. The party invoking force majeure has the obligation to inform the other party, in writing, within a maximum of 5 days from its occurrence.
12.3. The party invoking force majeure has the obligation to notify the other party of the termination of its cause within 15 days of termination.
12.4. If these circumstances and their consequences last for more than 2 months, each partner can renounce the further execution of the contract. In this case, neither party has the right to demand compensation from the other party, but they have the duty to honor all their obligations up to this date.

13. Governing Law

13.1. The rights and obligations of the parties imposed by this contract, as well as all the legal effects it produces, will be interpreted and governed by Romanian law in force.
13.2 . Any dispute relating to this agreement will be resolved amicably, and if amicable settlement is not possible, it will be brought before an arbitrator. In the event that the parties do not agree on the appointment of an arbitrator within 15 days of the notification of the dispute, jurisdiction will revert to the Romanian courts in the county where the PROVIDER is based.

14. Final provisions

14.1. The parties declare that they have negotiated all the terms of this contract and they are expressly accepted by signing the contract, any previous understanding not producing legal effects between them.
14.2 . The PROVIDER reserves the right to periodically update and modify these terms. In such cases, the CLIENT will be informed in advance, by posting this policy on the website 15 days before its entry into force, which is why we recommend the CLIENT to periodically check the content of this document.
14.3. Any notification to the PROVIDER must be sent electronically to the email address eulabelinfo@gmail.com .
14.4. The CLIENT declares that he has understood and agrees that the virtual labels (e label) issued through the PROVIDER’s cloud platform have no accounting or financial value, but only to record the nutritional data and other information about the product by the customers this one.

CONTACT US

In order to resolve a complaint regarding the Platform or to receive further information regarding use of the Platform, please

Appendix 1
to EU-LABEL’s Web Services Contract

EU-LABEL’s personal data processing practices are in accordance with the GDPR. Operator (customer who ordered a service on the eu-label platform), Authorized ( https://app.eu label.info ), EU-LABEL – SC SEMICOLON SRL, provider).
This document is valid starting from the date of _____________ and produces effects for the CLIENT upon its acceptance by placing an order on the EU-LABEL platform. The document provides the specific rules regarding the processing of personal data transmitted by the customer as an operator to EU-LABEL as an authorized representative, in accordance with Regulation (EU) 2016/679 on the protection of natural persons with regard to data processing of a personal nature and regarding the free movement of such data (hereinafter referred to as “GDPR”), as well as any subsequent national legislation regarding the field of personal data protection.
The EU-LABEL user authorizes the provider (SC SEMICOLON SRL) to process personal data in order to provide you with EU-LABEL services, depending on the EU-LABEL subscription you have chosen.
By using the SITE, the provisions of this annex are applicable. Before providing personal data (including email address) by any means, the user is expressly requested to accept this policy.
Art 1. Terms used
In this document, the terms used will be interpreted in accordance with the GDPR, and where applicable, the terms will have the definitions stipulated by art. 4 of the GDPR.
Art 2. Object of processing
Represents the processing by the AUTHORIZED of the personal data sent by the OPERATOR for the purpose of providing the services stipulated in the EU-LABEL main service contract, attached at the top of the file.
Art 3. Required data
Creating a user account on EU-LABEL requires providing certain information, such as username (email address), no. phone number, a password and the data of the company for which the account is created. The username is an email address that we recommend belonging to the company. We use this email address to communicate with you. The personal data you enter into the EU-LABEL platform, of yourself, your customers or your employees, belongs to you. EU-LABEL does not use this data for any other purpose than to provide you with the services for which you have created an EU account
LABEL.
We comply with the legal provisions regarding the protection of personal data and implement technical and organizational measures to protect all operations directly or indirectly related to personal data, which prevent unauthorized or illegal processing, as well as accidental or illegal loss or destruction .
Data about the OPERATOR’s customers
A user can store in EU-LABEL both natural person and legal person customers. All personal data do not refer to the data of a company, but to data that can identify a person, meaning name, surname, email address, no. phone number, date of birth. All these data
they belong to you and EU-LABEL only uses them to provide you with the services for which you have created an EU-LABEL account, appointments according to your subscription plan. The OPERATOR can add, through custom fields, other additional personal data directly to his customer account, which the ATTORNEY has no way of foreseeing. Thus, the OPERATOR must ensure that this data also fully complies with the policy regarding the protection and processing of personal data.
Data about the OPERATOR’s employees
In the EU-LABEL solution you can store data about employees. As with the personal data of your customers, the personal data of your employees belongs to you, and EU-LABEL uses this data only for the purpose of providing you with the services for which you have created an account in the EU-LABEL solution.
Art. 5. Specific instructions
Pursuant to this contract, the OPERATOR gives the following specific instructions to the ATTORNEY:
5.1. To collect and process personal data received from the automated OPERATOR, directly for the purpose provided for in art.7.
5.2. To collect and process information if its documents sent and hosted on the EU-LABEL platform have been opened and/or viewed by the OPERATOR’s clients. Art. 6. Duration of processing
Personal data will be processed during the operation of the main contract for the provision of services.
Art. 7 Purpose and nature of processing
Provision of EU-LABEL services, depending on the service package purchased.
Art. 8 Sub-authorized
In the situation where the processing of the OPERATOR’s data or certain parts of the processing is carried out by the AUTHORIZED through other persons, called SUB-AUTHORIZED, he must comply with the following principles:
8.1. For any sub-authorized persons, the AUTHORIZANT receives a general authorization to subcontract with any other provider, which has an adequate level of protection recognized by decision of the European Commission, which is necessary for certain parts of the data processing under this contract that provides a level of adequate security, at least at the level of this contract. This authorization includes the obligation to inform the OPERATOR, through a message through the account on the AUTHORIZED’s website or by email. The OPERATOR has the possibility to formulate objections within 2 working days.
Art. 9. The rights and obligations of the OPERATOR
9.1. To receive information from the AUTHORIZED or to verify through the auditor whether the AUTHORIZED has and implements adequate technical and organizational measures, so that the processing complies with the requirements of the GDPR; the verification will take place based on a prior written notification, sent at least 10 working days before the verification is carried out;
9.2. To receive assistance from the ATTORNEY for the fulfillment of his obligation to respond to the requests of the persons concerned regarding the exercise of their rights provided by the GDPR;
9.3. To comply with his obligations according to the GDPR as an Operator with regard to the personal data collected or processed by the AUTHORIZED, on his behalf; 9.4 . The obligation to inform the persons concerned according to the GDPR, including regarding the information regarding data processing by the AUTHORIZED pursuant to this contract;
9.5. The obligation to be solely responsible for establishing the legal basis for the processing of personal data that is the subject of this contract;
9.6 . The obligation to implement appropriate technical and organizational measures according to the GDPR, including securing the transfer of data from data subjects to the AUTHORIZED; 9.7. The OPERATOR understands that from the moment the data is deleted after the end of the provision of services by the AUTHORIZED in accordance with GDPR obligations and art. 10 of this contract, the data can no longer be recovered and it is the full responsibility of the OPERATOR to ensure that he has made a complete copy of them.
9.8. In all situations where the OPERATOR is the one who must perform an obligation, such as, for example, informing the data subject about the breach of personal data security, the ATTORNEY cannot be held liable for the OPERATOR’s inactions within the scope of that obligation.
Art. 10. Rights and obligations of the ATTORNEY:
10.1. The obligation to inform the OPERATOR within a maximum of 10 days, if, in the opinion of the ATTORNEY, an instruction violates the GDPR and/or other legal provision regarding the processing of personal data;
10.2. The obligation to ensure the security of personal data processed on behalf of the OPERATOR in accordance with art. 32 of the GDPR and with art. 11 of this Annex; 10.3. The obligation to inform the OPERATOR without undue delay of a violation of the security of the OPERATOR’s personal data during the processing carried out by the AUTHORIZED;
10.4. The obligation to assist the OPERATOR with all the necessary information in order to notify, if necessary, the competent Authority for the breach of data security, but without replacing the OPERATOR in his notification obligation;
10.5 . The obligation to assist the OPERATOR in resolving the requests of the persons concerned or to transmit to the OPERATOR any request received from the persons concerned, in relation to the personal data that have been collected and processed by the Authorized Person, within a maximum of 5 calendar days from its receipt. This assistance does not apply in the situation where the OPERATOR already has, in the technical tools provided by the AUTHORIZED, the possibility to directly resolve the data subject’s request (e.g. Right of access – where the OPERATOR already has all the information about what data they collect);
10.6. The obligation not to transmit personal data and/or confidential information, which may be personal data, of which he became aware during the execution of the contract; 10.7. The obligation to ensure the training of personnel authorized to process personal data, regarding the confidentiality of this data;
10.8 . Obligation to include confidentiality obligations to employees and sub-agents; 10.9. The right to disclose certain personal data by virtue of a legal obligation or other condition provided by law at the request of an authority, public institutions or courts.
10.10. The right to recruit sub-proxies according to art. 8 or in the situation where he received approval from the OPERATOR;
10.11. The right to cover the costs generated by providing assistance to the OPERATOR, in the situations provided for by the GDPR according to art. 9, if they exceed the monthly cost of the services provided by the AUTHORIZED.
10.12 . The right to use anonymized statistical information as a result of the activities performed under this contract or its entire activity.
10.13. THE AUTHORIZED cannot establish purposes or means of personal data processing, these being established exclusively by the OPERATOR.
Art.11 Processing security
11.1. THE AUTHORIZED must implement appropriate technical and organizational measures to ensure adequate security measures related to the risk, in accordance with good industry practices. In determining the appropriate level of security, the Commissioner must take into account the current stage of development, the costs of implementation and the nature, scope, context and purposes of the processing, as well as the risk of varying degrees of probability and severity to the rights and freedoms of natural persons, as and the risks that arise as a result of the processing, in particular with regard to those that may lead, accidentally or illegally, to the destruction, loss, modification, or unauthorized disclosure of personal data transmitted, stored or processed in another way , or to unauthorized access to them.
11.2 . In this context, the ATTORNEY has established the internal application of the following organizational and technical security measures for the security of personal data, taking into account the type of activity performed:
– limited access to the database for a very limited number of employees of the ATTORNEY.
– permanent monitoring of access to the database;
– encryption of the connection used by the OPERATOR to access the service using SSL; – customer passwords stored encrypted;
– regular backups
11.3. Voluntarily, the ATTORNEY may send summaries of the conclusions of the security auditors (after deletion of commercial or confidential information) carried out periodically to the OPERATORS to demonstrate its ongoing activities on this subject.
Art.12 Limitation of liability
The operator agrees to exonerate the ATTORNEY from any liability for damages that may arise from:
– non-compliance with the contract due to events that exceed any liability of the ATTORNEY.
– compliance with the OPERATOR’s instructions or failure to comply with the OPERATOR’s instructions is justified in advance by a notification regarding its illegality;
– the lack or vitiation of the consent of the persons concerned or the use of a wrong legal basis by the Operator.
– non-compliance with the contract due to actions of the OPERATOR. Art.13 Delimitation of liability
The OPERATOR and the ATTORNEY delimit their responsibilities regarding ensuring the protection of personal data (for example ensuring the confidentiality or security of processing), depending on the access and effective control exercised over the data, both from a contractual and technical point of view.