Processor Agreement Beyuna – Independent Sales Representative
The undersigned:
- Beyuna USA Corporation., established in New York, here duly represented by Paul Gebbink, CEO Beyuna, hereinafter referred to as: Beyuna
and - Beyuna Independent Sales Representative hereinafter jointly referred to as: Parties;
TAKING INTO CONSIDERATION THAT:
• for insofar as Beyuna Independent Sales Representative processes Personal Data of Customers and other Independent Sales Representatives in the downline
• Parties to this Processor Agreement, as referred to in Article 28, third paragraph of the Regulation, wish to record their agreements regarding the Processing of Personal Data by Beyuna Independent Sales Representative.
AGREED AS FOLLOWS:
Article 1. Concepts
Several concepts are used in this Agreement. The meaning of the concepts is explained below. The concepts referred to are written with a capital letter in Agreement. The description of the concept from the laws and regulations in the field of privacy is often used in the summary below.
Person involved: Those to whom the Personal data pertains.
Processor: A natural or legal person, a government agency, a professional service or another body that processes Personal data on behalf of the Processing Controller, without being subject to his direct authority.
Sub-processor: Another processor that is used by the Processor to perform specific processing activities on behalf of the Processing Controller.
Processing Controller/ Responsible Official: A natural or legal person, a government agency, a professional service or any other body that, alone or together with others, determines the purpose and means for the processing of personal data.
Particular Personal data: This is data from which race or ethnic origin, political opinions, religious or philosophical beliefs, or membership of a trade union, and genetic data, biometric data with the view to the unique identification of a person, data on health, or data related to a person’s sexual behaviour or sexual orientation become apparent. As well as personal data regarding criminal convictions and acts or related security measures.
Data leak / Infringement regarding personal data: An infringement of the security that inadvertently or unlawfully leads to - or where it cannot reasonably be excluded that it may lead to - the destruction, the loss, the modification or the unauthorized disclosure of or unauthorized access to the transmitted, stored or otherwise processed personal data.
Third Parties: People other than You, Us and Our Employees.
Data leaks notification obligation: The obligation to notify the Personal Data Authority and (in some cases) to the Person/Persons involved of the Data leaks.
Employees: Persons working with You or with Us, or temporarily hired as an Employee.
Agreement: This Processor Agreement.
Personal data: All information about an identified or identifiable natural person (“the Person Involved”) processed in the context of the Distributorship; an identifiable natural person who can be identified directly or indirectly, in particular by means of an identifier such as a name, an identification number, location data, an online identifier or one or more elements characteristic of the physical, physiological, genetic, psychological, economic, cultural or social identity of the natural person.
Personal details of a sensitive nature: Personal data where loss or unlawful processing can lead to (among other things) stigmatization or exclusion of the Person Involved, damage to health, financial losses or (identity) fraud. The following must anyway be classified as these categories of personal data:
• Particular personal data
• Data on the financial or economic situation of the Person Involved
• (Other) data that may lead to stigmatization or exclusion of the Person Involved
• User names, passwords and other log-in details
• Data that can be misused for (identity) fraud
Process / Processing: A process of set of processes relating to personal data or a set of personal data, whether performed via automated procedures, such as collecting, recording, organizing, structuring, storing, updating or modifying, retrieving, consulting, using, disclosing by transmission, distributing or otherwise forwarding, aligning or combining, guarding, deleting or destroying data.
GDPR: General Data Protection Regulation, including the implementing law on this regulation. The GDPR replaces the Wbp [Data Protection Act] on 25 May 2018.
Article 2. Subject of this Processor Agreement
2.1 This Processor Agreement governs the Processing of Personal Data by the Beyuna Independent Sales Representative in the context of the Agreement.
2.2 The nature and purpose of the Processing, the type of Personal Data and the categories of Personal Data, Persons Involved and recipients are described in Appendix 1.
2.3 The Beyuna Independent Sales Representative guarantees the application of appropriate technical and organizational measures as described in Appendix 2, so that the Processing complies with the requirements of the Regulation and the protection of the rights of the Person Involved is ensured.
2.4 The Beyuna Independent Sales Representative guarantees compliance with the requirements of the applicable laws and regulations regarding the Processing of Personal Data.
Article 3. Commencement and duration
3.1 This Agreement takes effect as soon as it has been signed by both Parties.
3.2 This Processor Agreement ends after and insofar as the Beyuna Independent Sales Representative has deleted or returned all Personal Data in accordance with Article 10.
3.3 None of the Parties can terminate this Processing Agreement in the interim. Beyuna can adjust the Processor Agreement at any time. The Beyuna Independent Sales Representative is informed of this.
Article 4. Scope of the processing authorisation Beyuna Independent Sales Representative
4.1 The Beyuna Independent Sales Representative Processes the Personal Data exclusively in the way that is needed to
support the downline and support customers where necessary. This means that it is possible to respond to contact forms and assistance may be rendered at business level by means of insight into the merits. Customers may not be approached in any other way unless permission has been given and this permission has also been recorded.
4.2 If, based on a statutory provision, the Beyuna Independent Sales Representative is required to disclose Personal Data, he will inform Beyuna immediately, and, if possible, prior to the disclosure.
4.3 The Beyuna Independent Sales Representative has no control over the purpose and means for the Processing of Personal Data.
Article 5. Security of the Processing
5.1 The Beyuna Independent Sales Representative takes the technical and organisational security measures as described in Appendix 2.
5.2 The parties acknowledge that guaranteeing an appropriate level of security can constantly force additional security measures to be taken. Beyuna Independent Sales Representative guarantees a risk-adjusted security level.
5.3 If and insofar as Beyuna expressly requests doing so in writing, the Beyuna Independent Sales Representative will take additional measures with a view to securing the Personal Data.
5.4 To the extent that the Beyuna Independent Sales Representative processes any Personal Data protected by EU Data Protection Law under the Agreement and/or that originates from the EEA, in a country that has not been designated by the European Commission of Swiss Federal Data Protection Authority (as applicable) as providing an adequate level of protection for Personal Data, the parties acknowledge that the Beyuna Independent Sales Representative shall be deemed to provide adequate protection (within the meaning of EU Data Protection Law) for any such Personal Data by virtue of having self-certified its compliance with Privacy Shield. The Beyuna Independent Sales Representative agrees to protect such Personal Data in accordance with the requirements of the Privacy Shield Principles. If the Beyuna Independent Sales Representative is unable to comply with this requirement, the Beyuna Independent Sales Representative shall inform Beyuna.
5.5 The Beyuna Independent Sales Representative informs Beyuna without unreasonable delay as soon as he becomes aware of unlawful Processing of Personal Data or infringements of security measures as referred to in the first and second paragraph.
Article 6. Confidentiality by the Beyuna Independent Sales Representative
6.1 The Personal Data is of a confidential nature and this entails a confidentiality obligation on Third Parties.
6.2 At Beyuna’s request, the Beyuna Independent Sales Representative demonstrates that his Staff is committed to observe
Article 7. Sub-processor
When the Beyuna Independent Sales Representative engages another processor to perform processing activities for Beyuna, the same data protection obligations are imposed on this other processor in an agreement as those included in this Processor Agreement.
Article 8. Assistance because of rights of Persons Involved
The Beyuna Independent Sales Representative assists Beyuna in fulfilling its obligation to respond to requests to exercise the rights of the Party Involved as set out down in Chapter III of the Regulation.
Article 9. Infringement regarding personal data
9.1 The Beyuna Independent Sales Representative informs Beyuna within 48 hours, as soon as he has become aware of an Infringement regarding Personal Data, in accordance with the agreements as set out in Appendix 3.
9.2 The Beyuna Independent Sales Representative also informs Beyuna within 48 hours of a notification based on the first paragraph about developments concerning the Infringement in connection with Personal Data.
9.3 The Parties each bear the costs to be incurred by them in connection with the notification to the Competent Supervisory Authority and the Person Involved.
Article 10. Returning or deleting Personal Data
After termination of the distributorship with Beyuna, the Beyuna Independent Sales Representative will be responsible for deleting all Personal Data. The Beyuna Independent Sales Representative will delete copies, subject to deviating legal regulations.
Article 11. Information obligation and audit
11.1 The Beyuna Independent Sales Representative makes all information, necessary to demonstrate that the obligations under this Processing Agreement have been and are being fulfilled, available.
11.2 The Beyuna Independent Sales Representative provides all necessary assistance to audits.
Appendix 1. The Processing of Personal Data
The subject / nature and purpose of the Processing | Contact other Beyuna Independent Sales Representatives to provide support in doing business.
The type of Personal Data | Name, address, e-mail, telephone number, insight into turnover
Description of categories of Personal Data | Normal Personal Data
Description of categories of Persons Involved | Distributeurs
Description of categories of recipients of Personal Data | Processors
The subject / nature and purpose of the Processing
| Contact customers in the Beyuna Independent Sales Representative’s organisation if there are any questions.
The type of Personal Data | Name, address, Email,Telephone number, insight into orders
Description of categories of Personal Data | Normal Personal Data
Description of categories of Persons Involved | Customers
Description of categories of recipients of Personal Data | Processors
The subject / nature and purpose of the Processing | Making contact in response to the contact form. Please note: these people may not be mailed.
The type of Personal Data | Name, E-mail
Description of categories of Personal Data | Normal Personal Data
Description of categories of Persons Involved | Potential Customers
Description of categories of recipients of Personal Data | Processors
Among others, the registration that the Processing Controller must hold based on Article 30 of the Regulation can be used for the content of this Appendix.
Appendix 2. Appropriate technical and organisational measures
In this appendix, the standards and measures that the Beyuna Independent Sales Representative must use in the context of the securi- ty of the Processing must be specified.
- The data available in Cloud Office may not be shared with anyone.
- Telephone / tablet / computer / laptop or other devices must never be publicly logged into Cloud Office and left
behind. - Telephone / tablet / computer / laptop or other devices must be secured with the latest updates and must have
virus scanners, firewalls and software against malware attacks. - Telephone / tablet / computer / laptop or other devices with access to e-mail through which contact forms can
enter, must be secured by means of a 6-digit code. - Exports of data from Cloud Office may not be stored on public computers.
- Exports of data from Cloud Office may only be stored on secured servers.
- Telephone / tablet / computer / laptop or other devices with access to the Beyuna app are secured by means of a
6-digit code.
Appendix 3. Agreements regarding Infringement regarding personal data:
Information that must at least be provided by the Beyuna Independent Sales Representative once a data Infringement has taken place. This must be reported to Beyuna by telephone within 48 hours.
• Nature of the Infringement regarding Personal data
• The Personal details and Person involved
• Probable consequences of the Infringement regarding Personal data
• Measures proposed or taken by the Beyuna Independent Sales Representative to address the Infringement regarding
Personal Data, including, where appropriate, measures to limit any adverse consequences.