Terms and Conditions

Terms and Conditions Aizy B.V.

Aizy B.V. is located at Baronielaan 1, 4818 PA in Breda and registered in the Trade Register of the Chamber of Commerce under number: 95180672.

When using Aizy B.V.’s Cloud software, personal data may be processed. Pursuant to the General Data Protection Regulation (AVG), Aizy B.V. is considered a ‘processor’. You, as a user of the Cloud Software, have the role of ‘controller’. This means that you are and remain responsible for the personal data you make available to Aizy B.V..

Under Article 28(3) of the AVG, the processor (Aizy B.V.) and the data controller (you) are required to make agreements about the processing of personal data so that the privacy of data subjects whose personal data is involved is guaranteed.

These processor terms define the arrangements for data processing.

The agreement entered into by Aizy B.V. with you for the use of the Cloud software (the SaaS agreement) is referred to in these processing terms as the “Main Agreement”. For other terms, please refer to Article 1 of the General Terms and Conditions.

 

Article 1 – Duration of these processing conditions.

  1. These processor terms will remain applicable to the Master Agreement for the entire term of the Master Agreement. This means that the processor terms cannot be terminated in the interim.
  2. Upon termination of the Master Agreement, these processing conditions will also terminate automatically. Because the personal data being processed will remain yours, Aizy B.V. will ensure that the personal data will be returned to you in its original form or destroyed after termination of these processing terms. This does not apply to data that Aizy B.V. is required to retain by law.
  3. The agreements in Article 5 Confidentiality and Article 9 Liability and Indemnity from these processor terms and conditions do continue to apply after termination of these processor terms and conditions.

Article 2 – Purpose, nature and subject matter of processing

  1. Aizy B.V. offers Cloud software that allows social media and Google Ads to be automated. In this software, personal data is stored via a pixel from ad accounts on social media that are connected to customers of Aizy B.V.. This involves the following personal data:
    1. hashed IP addresses;
    2. browser type and version;
    3. operating system;
    4. referral source (e.g., website or page that directed the user to the client’s website;
    5. pages visited on the customer’s website;
    6. date and time of the visit;
    7. Clicking on links and buttons on the client’s website;
    8. interactions with forms on the customer’s website (e.g., search queries or form submissions;
    9. Other similar anonymous data that may be used for analysis and marketing purposes.
  2. Aizy B.V. processes these personal data only to the extent necessary for the performance of the Main Agreement. The purpose of the processing is to automate social media and Google ads.
  3. Aizy B.V. may also use the personal data for quality assurance purposes including conducting surveys among data subjects, statistical research for the purpose of improving the quality of the services of Aizy B.V. and/or the software provider and training the artificial intelligence and algorithms of the Cloud software.
  4. Aizy B.V. may only process the personal data for other purposes if you have given your prior Written consent. However, if in the future additional functionalities are offered that belong to the purposes mentioned in paragraph 2, this falls within the remit of the Main Agreement and Aizy B.V. does not need to ask for additional consent for this.

 

Article 3 – Processing of personal data

  1. Aizy B.V. will exercise all due care when processing personal data and will comply with applicable privacy legislation, including the AVG.
  2. Aizy B.V. will not process personal data in violation of any legal obligation.
  3. Aizy B.V. processes personal data only within the European Economic Area (EEA). If Aizy B.V. does transfer personal data to a country outside the EEA, this will only happen if that country guarantees an adequate level of protection and complies with the obligations under the AVG and these processing conditions. In the event that you yourself transfer personal data to countries outside the EEA, you indemnify Aizy B.V. against all legal claims by third parties alleging that you are acting in violation of the AVG.
  4. Aizy B.V. will ensure that you maintain access to the personal data at all times, even in the event of bankruptcy or suspension of payments.
  5. AizyV. keeps a register of the personal data processed on your behalf (processing register). At your request, Aizy B.V. will provide you with insight into this processing register.

Article 4 – Engaging third parties (sub-processors).

  1. Aizy B.V. may engage so-called sub processors when processing personal data. These are persons or organizations that are engaged to execute the Main Agreement such as the software supplier.
    Aizy B.V. currently works with Billy Grace, AWS and Data Bricks. By agreeing to these terms of processing, you consent to this.
  2. Aizy B.V. only uses sub-processors who can sufficiently guarantee that they provide appropriate security measures so that the processing of personal data meets the requirements of the AVG and the protection of the rights of data subjects is guaranteed.
  3. Aizy B.V. remains responsible and liable for the actions of sub-processors engaged by Aizy B.V..

 

Article 5 – Secrecy

  1. All personal data that Aizy B.V. receives from you and/or collects itself is subject to strict confidentiality from third parties.
  2. Aizy B.V. is not obliged to maintain confidentiality if Aizy B.V. is obliged to share the personal data on the basis of a legal obligation or if you have given your express consent to share the personal data with third parties.
  3. Confidentiality shall also not apply in the event of sub-processing. Aizy B.V. shall ensure that any sub-processors engaged observe confidentiality and adhere to the same level of security regarding the protection of personal data. Confidentiality is also imposed on personnel of Aizy B.V.
  4. All login codes, passwords and information about security measures provided by you to Aizy B.V. are confidential and will be treated by Aizy B.V. as such.

 

Article 6 – Security

  1. Aizy B.V. will take appropriate and adequate measures to protect personal data processed by Aizy B.V. against loss, modification, deletion or unauthorized access. Among other things, Aizy B.V. does this by: regularly making a backup, using strong passwords, encrypting personal data and using a secure network connection via Secure Socket Layer (SSL).
  2. You in turn guarantee that you use our Cloud Software responsibly.
  3. To the extent possible, the measures taken by Aizy B.V. comply with the provisions of Article 32 of the AVG. This means that when taking the security measures, Aizy B.V. takes into account the state of the art, implementation costs, the nature, scope, context, processing purposes, likelihood and severity of the various risks to the rights and freedoms of individuals. However, Aizy B.V. cannot guarantee that the security measures taken are effective under all circumstances.
  4. In the event you require a higher level of security than required by the AVG, Aizy B.V. may charge you reasonable costs for this.
  5. In the event of a security incident (data breach), Aizy B.V. will notify you, within forty-eight (48) hours of discovery. Aizy B.V. will also provide you with any information that Aizy B.V. is required to provide under the AVG. Of course, Aizy B.V. will try to undo the consequences of the security incident as soon as possible. It is then your responsibility to assess whether the security incident should be reported to the Personal Data Authority and to data subjects, and if so, to make this report.

Before making such a report, you will notify Aizy B.V. of this fact. In case the Personal Data Authority decides to launch an investigation, Aizy B.V. will of course cooperate with that investigation.

  1. Aizy B.V. records all security incidents in a manner that is comprehensible to you. This record will contain at least the following information:
    a description of the security incident;
    b. the number of people affected by the security incident;
    c. the date and time of the security incident;
    d. the nature of the breach;
    e. the type of data affected;
    f. the possible consequences for the data subject;
    g. the technical and organizational measures taken as a result of the security incident.

At your request, Aizy B.V. will provide access to the data breach register.

Article 7 – Rights of data subjects

  1. Aizy B.V. will provide all cooperation in the implementation of rights that data subjects have under the AVG: request for inspection, restriction of processing, rectification, data erasure, data portability or objection (Article 15-22 AVG).
  2. Aizy B.V. will notify you, as the data controller, as soon as possible of a complaint, a request, a question or an order submitted to Aizy B.V. by a data subject in connection with the processing of personal data. Aizy B.V. will not respond to these requests itself, but may inform the data subject of the transfer. You are obliged to comply with the rights of data subjects.

Article 8 – Audits and inspections.

  1. You have the right to monitor compliance with these processing conditions. You can do this by performing audits or having audits performed a maximum of once (1) per calendar year. You will inform Aizy B.V. of this in writing no later than fourteen (14) calendar days before the start of the audit.
  2. Aizy B.V. will cooperate in audits and inspections through which you can verify Aizy B.V.’s compliance with its obligations under the AVG. Among other things, Aizy B.V. will grant access to databases for this purpose and provide all necessary information upon request. It is not permitted to communicate the results of audits with third parties without Aizy B.V.’s prior Written consent.
  3. The cost of audits and inspections requested by you, will be at your expense.

 

Article 9 – Liability and indemnity.

  1. Parties mutually indemnify each other for fines and penalties imposed by the Authority for Personal Data because it has been established that the other Party does not comply with applicable privacy legislation. In addition, Parties shall indemnify each other against claims from data subjects.
  2. Each party is and will remain solely responsible for any damages it causes as a result of violations of laws and regulations.
  3. In the event Aizy B.V. is liable for damages because such damages can be attributed to Aizy B.V., such liability shall be limited to what is agreed in the Main Agreement.


Article 10 – Other agreements

  1. If during the implementation of these processor terms it becomes apparent that for proper implementation thereof it is necessary to modify the processor terms, the Parties will mutually agree to modify the processor terms. Adjustments will be attached to these processor terms as an appendix.
  2. If any article of these processing conditions is void or voidable (invalid), the remaining provisions of these processing conditions shall continue to apply. In that case, the Parties will mutually agree on a new arrangement that is as close as possible in purpose and scope to the original provision.
  3. If any provision of these processor terms contradicts the Master Agreement, these processor terms take precedence over the Master Agreement.
  4. These processing conditions are exclusively governed by Dutch law.
  5. All disputes between Parties will be resolved as much as possible among themselves. If this fails, disputes will be submitted to the competent court of the District Court of Zeeland-West Brabant, unless a mandatory statutory provision prevents this. This also applies to disputes that only one of the Parties considers to be a dispute.