Processing Agreement CARD Solutions

PLEASE FILL IN AND SIGN AT THE BOTTOM!

PART 1: DATA PRO STATEMENT
This Data Pro Statement, together with the Standard Clauses for Processing, forms the processing agreement for the product or service of the company that has drawn up this Data Pro Statement.GENERAL INFORMATION
1. This Data Pro Statement has been drawn up by:
CARD Solutions B.V.
Ossenkamp 2c
8024AE ZwolleFor questions about this Data Pro Statement or data protection, please contact:
S. Wessel
wessel@cardsolutions.nl
038 4 203 203

2. This Data Pro Statement is effective as of May 23, 2018.
We regularly update the security measures described in this Data Pro Statement to ensure that we remain prepared and up to date with regard to data protection. We will keep you informed of new versions through our normal channels.

3. This Data Pro Statement applies to the following products and services of the data processor
Web, FileMaker, server, and NAS hosting, domain registration/management, (remote) FileMaker, Apps, and web development, and server monitoring.

4. Description of products/services
Hosting and development of websites, iOS/Android apps, NAS, (dedicated) servers, FileMaker and SQL databases. These are made available online for use by customers and their customers/users. The markets for which these services can be used are numerous and customer-specific.

5. Intended use
The product/services are designed and configured to process the following types of data.
For these products and services, the following information is recorded in any case:
Company name, contact person (first name, middle name, last name), street name, house number, postal code, city, email address, telephone number(s). And, where necessary, specific login details required to access these products and services, such as (and others not excluded):
IP address(es), login names, passwords, VPN details, server address(es), login methods. These products/services do not take into account the processing of special personal data or data relating to criminal convictions and offenses. The processing of this data with the product or service described above by the client is at the client’s own discretion.6. The data processor uses the Data Pro Standard Clauses for processing, which can be found at data-pro-standardclause.
7. The data processor processes the personal data of its clients within the EU/EEA.8. The data processor uses the following sub-processors:
None.9. Upon termination of the agreement with a client, the data processor shall, in principle, delete the personal data it processes for the client within two months in such a way that it can no longer be used and is no longer accessible (render inaccessible).10. After termination of the agreement with the client, the data processor shall, upon request, return all personal data that it processes for the client within one month in the following manner:

Provide digitally as an encrypted packaged file that will be temporarily accessible.

SECURITY POLICY
11. The data processor has taken the following security measures to protect its product or service:
The products and/or services referred to in paragraph 3 are protected by:
Restricted (physical) access for administrators only to server rooms, firewalls, routers, VPN, login names, and passwords (stored in encrypted form). IT facilities and equipment are physically protected against unauthorized access, damage, and malfunctions. Procedures are in place to grant authorized users access to the information systems and services they need to perform their tasks and to prevent unauthorized access to information systems.

12. The data processor has complied with the following Information Security Management System (ISMS):
– Not applicable

13. The data processor has the following certifications:
– Data pro certificate

DATA BREACH PROTOCOL
14. In the event that something does go wrong, the data processor will apply the following data breach protocol to ensure that the client is informed of incidents:

There is a procedure for reporting incidents internally. If the data processor discovers a data breach within its organization, the data processor will notify its client as soon as possible by contacting the relevant contact person and sending an email to the corresponding email address.

The data processor shall provide as much relevant information as possible, including a description of the incident, the nature of the breach, the nature of the personal data or categories of data subjects involved, the estimate of the number of data subjects and potentially affected databases, and an indication of when the incident occurred;

Contact details of contact person:
S. Wessel
wessel@cardsolutions.nl
038 4 203 203

Notifications will be made to clients within 48 hours, if possible. The data processor will not make any notifications to the Dutch Data Protection Authority or data subjects. Whether or not to make a notification remains the responsibility of the controller. The data processor will support the client or controller with the notification process if requested.

The data processor uses the following monitoring tools/methods to identify potential security incidents:
monitoring software with automatic notifications.

Part 2. Standard clauses for processing

For Data processor

CARD Solutions B.V.
Name: Martin Geijtenbeek
Function: General manager
Date: &nsbp;

Signed

For the Controller:

Our cases

A SELECTION FROM OUR WEB DEVELOPMENT CASES

OUR CASES

Want to exchange ideas?

CONTACT US, WE ARE HAPPY TO HELP. AND BY THE WAY, THE COFFEE IS READY!