These EU Standard Contractual Clauses (the “Clauses”) are part of the contractual relationship between Eivod.com ("Data Exporter") and its users, customers, and business partners located within the European Economic Area (EEA) or where Eivod.com processes personal data on behalf of such entities or individuals (the "Data Importer"). The Clauses are designed to ensure compliance with the EU General Data Protection Regulation (GDPR) and are incorporated into our data processing agreement with respect to transfers of personal data from the EEA to non-EEA countries.
SECTION I: PURPOSE AND SCOPE
Purpose
These Clauses provide appropriate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer of personal data from the Data Exporter (within the EEA) to the Data Importer (outside the EEA).
Scope
The Clauses apply to the transfer of personal data from Eivod.com, acting as a Data Exporter, to third parties outside the EEA that process personal data on behalf of Eivod.com, acting as Data Importer.
SECTION II: OBLIGATIONS OF THE PARTIES
2.1. Obligations of the Data Exporter
- The Data Exporter warrants that the processing of personal data, including the transfer itself, has been carried out in compliance with the GDPR.
- The Data Exporter shall ensure that the Data Subject has been informed of the transfer, the purpose for the transfer, and their rights under the GDPR.
2.2. Obligations of the Data Importer
- The Data Importer agrees to process the personal data in accordance with the instructions of the Data Exporter and in compliance with the GDPR.
- The Data Importer shall not transfer personal data to a third party without the prior written consent of the Data Exporter, unless such transfer is required by law.
- The Data Importer must implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including encryption, pseudonymization, and measures to ensure ongoing confidentiality, integrity, and availability of processing systems.
- The Data Importer agrees to promptly notify the Data Exporter of any request for access to personal data by public authorities unless prohibited by law.
2.3. Data Subject Rights
- The Data Importer shall provide an accessible mechanism to enable Data Subjects to exercise their rights under the GDPR, including the rights to access, rectification, erasure, and data portability.
- The Data Importer must comply with any request from the Data Exporter to amend or delete personal data upon request by a Data Subject.
SECTION III: LIABILITY
3.1. Liability of the Parties
- Both the Data Exporter and the Data Importer shall be liable for any material or non-material damage caused to the Data Subject by any violation of these Clauses.
- If a Data Subject claims compensation for damages, the Data Exporter and the Data Importer may agree on who shall handle the claim. If no agreement is reached, both parties may be held jointly and severally liable.
3.2. Indemnity
The Data Importer agrees to indemnify and hold the Data Exporter harmless against any losses, liabilities, damages, or claims (including legal fees) arising out of any breach of these Clauses by the Data Importer.
SECTION IV: COOPERATION WITH SUPERVISORY AUTHORITIES
4.1. Supervision
The Data Importer agrees to submit its data processing facilities, documentation, and procedures for review by the Data Exporter or an independent auditor authorized by the Data Exporter upon request.
4.2. Cooperation
The Data Importer agrees to cooperate with the competent supervisory authority in all cases involving data transfers under these Clauses, including providing access to relevant records and responding to inquiries or complaints from supervisory authorities.
SECTION V: DATA SECURITY
5.1. Security Measures
The Data Importer shall implement and maintain the appropriate security measures, including those required under Article 32 of the GDPR, to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.
5.2. Data Breach Notification
In the event of a data breach, the Data Importer shall immediately notify the Data Exporter of the incident and provide sufficient details to allow the Data Exporter to comply with its own legal obligations, including informing the supervisory authorities and affected individuals where required.
SECTION VI: SUBPROCESSING
6.1. Subprocessing
The Data Importer shall not engage a subprocessor without prior written authorization from the Data Exporter. Any subprocessing must be governed by a written agreement that imposes the same obligations on the subprocessor as those in these Clauses.
The Data Importer shall remain fully liable to the Data Exporter for the performance of any subprocessor’s obligations.
SECTION VII: TERMINATION AND CONSEQUENCES
7.1. Termination
These Clauses shall automatically terminate if the Data Importer ceases to process personal data on behalf of the Data Exporter or if either party violates its obligations under the Clauses.
7.2. Consequences of Termination
Upon termination, the Data Importer must return all personal data to the Data Exporter or securely delete it. Upon request, the Data Importer must certify that it has complied with this requirement.
SECTION VIII: DISPUTE RESOLUTION
8.1. Governing Law
These Clauses are governed by the laws of the Member State in which the Data Exporter is established.
8.2. Jurisdiction
Any disputes arising under these Clauses shall be subject to the jurisdiction of the courts of the Data Exporter's Member State.