Data Processing Terms

Kaizo’s Data Processing Terms are an integral part of Kaizo’s Terms & Conditions (Section 7). By agreeing to Kaizo’s Terms & Conditions you also agree to Kaizo’s Data Processing Terms.

Effective Date:  21.08.2020

  1. The terms used in these Data Processing Terms correspond to the terms used in the General Data Protection Regulation (GDPR) and other applicable privacy laws (together: Data Protection Laws). These Data Processing Terms are in accordance with the Data Protection Laws.
  2. By using the Service, Customer processes personal data for its own purposes, which must be carried out in accordance with the Data Protection Laws.
  3. Parties agree that, in respect of the Service and the resulting processing of personal data, Customer acts as Data Controller (Controller) and Kaizo acts as Data Processor (Processor) within the meaning of the Data Protection Laws. Parties will also be referred to as such.
  4. The Data Protection Laws requires Controller to enter into a data processing agreement with Processor. Parties enter into such a data processing agreement via these Data Processing Terms to regulate the processing of personal data by Kaizo on behalf of Customer.

1. Obligations of a data controller

  1. Data and information: By providing the Service and additional services to Customer, Kaizo will receive and process (personal) data. Customer will also provide all other data which Kaizo may reasonably require to a) provide the Service as agreed in the Terms of Services and b) comply with these Data Processing Terms.
  2. Compliance with the law: The instructions of Customer to Kaizo regarding the processing of (personal) data must be in accordance with the Data Protection Laws.

2. Obligations of a data processor

  1. Nature of the processing: The nature of the processing of the personal data consists of, inter alia, collecting, accessing, storing and deleting the personal data.
  2. Type of personal data and categories of data subjects: The type of personal data processed by Kaizo on behalf of Customer consists of the personal data of Customer’s clients, i.e. names, phone numbers, e-mail addresses and other information regarding the communication with the Customer’s client.
  3. Compliance with the law: Kaizo will comply with the Data Protection Laws, insofar the obligations are directly aimed at processors.
  4. Instructions of Controller, purpose and means of the processing: Kaizo will only process the personal data on behalf of Customer, in accordance with Customer’s written instructions (inter alia the instructions as laid down in these Data Processing Terms) and under the responsibility of Customer, unless Kaizo is legally obligated to process the personal data otherwise. Kaizo will not process the personal data for any other purpose than as determined by Customer. Kaizo does not have any control over the purpose and means of the processing of the personal data.
  5. Confidentiality: Kaizo will treat the personal data and all other information he receives from Customer as confidential. Kaizo ensures that access to this data is limited to employees who need access in order to perform the processing in accordance with these Data Processing Terms. Kaizo ensures all these employees have received adequate training.
  6. Rights of Data Subjects: Kaizo shall assist Customer in the execution of the rights granted to data subjects, if Customer cannot execute these rights himself and Kaizo is in a position to do so.
  7. Non-disclosure: A duty of secrecy rests upon all the personal data and other data Kaizo receives under these Data Processing Terms. Kaizo will not provide these data to third parties other than at the explicit written request of Customer, unless Kaizo is legally obliges to do so.
  8. Data transfer outside the European Union (EU): Kaizo shall not process the personal data outside the EU, unless one of its Sub-Processors is located outside the EU. Kaizo will only transfer the personal data in such cases to countries and organisations in accordance with the standards of the Data Protection Laws. Kaizo will inform Customer at his request in which country or countries the personal data are processed.
  9. Sub-contracting: Kaizo may sub-contract (parts of) the processing activities to the following parties: Google LLC (cloud services within the EU) (Sub-Processors). Customer gives his consent for sub-contracting the processing of personal data to Sub-Processors, if a (sub) processor agreement is entered into with these parties under the same terms as set out in these Data Processing Terms. Kaizo informs Customer about any adding or replacing of such Sub-Processors. Customer may object to the use of specific Sub-Processors.
  10. Security Measures: Kaizo will take appropriate technical and organizational security measures to protect the personal data against unauthorized access, loss, destruction, theft or any other unlawful processing. Kaizo will also assists Customer in ensuring compliance with the obligations pursuant to articles 32 to 36 of the GDPR.
  11. Security incidents: Kaizo will inform Customer about any security incident and/or data breach which may impact the processing of personal data as laid down in these Data Processing Terms. Kaizo will inform Customer immediately after becoming aware of the incident. After reporting the incident, Kaizo will cooperate with Customer in performing a risk assessment, cause analysis and determining corrective measures. Kaizo will cooperate with Customer in performing all required corrective measures which has been agreed between the Parties.
  12. Removal of data after termination Data Processing Addendum: As soon as these Data Processing Terms terminate, Customer may transfer all (personal) data which are held by Kaizo under these Data Processing Terms to another location, for a period of 30 days. After this term, Kaizo will remove or destroy all (personal) data (including all possible copies thereof), unless Kaizo is legally obliged to retain the data.
  13. Audits: Customer has the right to execute audits and inspections regarding the compliance of all (security) obligations by Kaizo under these Data Processing Terms. Customer shall timely inform Kaizo about any audit or inspection. Kaizo shall timely make available all information which makes the audit or inspection possible or contributes to this.
  14. Indemnification and liability: Kaizo shall indemnify Customer against all damages for which Kaizo is liable. Kaizo is only liable for damages caused by (i) non-compliance with legal obligations in the Data Protection Laws directly addressed to processors; or (ii) non-compliance with these Data Processing Terms. Kaizo is not liable for any damages or loss which result from following instructions of Customer, if these instructions conflict with the Data Protection Laws.

3. Miscellaneous

  1. These Data Processing Terms come into effect on the same date and is entered into for the same term as the Terms. Therefore, the processing of personal data by Kaizo behalf of Customer will last as long as Kaizo provides its services to Customer and the Data Processing Terms are effective.
  2. If any provision of the Terms at any time conflicts with the provisions of these Data Processing Terms, these Data Processing Terms shall prevail regarding this subject matter.
  3. These Data Processing Terms replace any previous agreements or commitments regarding this subject matter between the Parties, both in writing and verbal, including any correspondence.