Data Processing Terms
Intros.at – Data Processing Terms The customer agreeing to these terms (“Customer”), and Intros.at Ltd (Intros), have entered into (or are intending to enter into) an agreement under which Intros provides guest app-related services to the Customer (the “Agreement”). These Data Processing Terms supplement and are part of the Agreement. Defined terms used in the Agreement Capitalised terms not otherwise defined in these Data Processing Terms shall have the meaning given to them in the Agreement. Except as modified below, the terms of the Agreement shall remain in full force and effect. Except where the context requires otherwise, references in these Data Processing Terms to the Agreement are to the Agreement as amended by, and including, these Data Processing Terms. 1.1 To the extent that Intros shall process Guest Personal Data as Data Processor of the Customer, it shall do so in compliance with the obligations placed on it under Data Protection Laws and the terms of the Agreement. 1.2 The Customer shall at all times comply with all Data Protection Laws in connection with the processing of Guest Personal Data. The Customer shall ensure all instructions given by it to Intros in respect of Guest Personal Data (including the terms of this Agreement) shall at all times be in accordance with Data Protection Laws. The Customer shall indemnify and keep indemnified Intros against all losses, claims, damages, liabilities, fines, sanctions, interest, penalties, costs, charges, expenses, compensation paid to Data Subjects, demands and legal and other professional costs arising out of or in connection with any breach by the Customer of its obligations under these Data Processing Terms. 1.3 Intros shall: (a) only process the Guest Personal Data in accordance with this Agreement (and not otherwise unless alternative processing instructions are agreed between the parties in writing) except where otherwise required by applicable law (and shall inform the Customer of that legal requirement before processing, unless applicable law prevents it doing so on important grounds of public interest); and (b) if Intros believes that any instruction received by it from the Customer is likely to infringe the Data Protection Laws, promptly inform the Customer and be entitled to cease to provide the relevant Services until the parties have agreed appropriate amended instructions which are not infringing. 1.4 Taking into account the state of technical development and the nature of processing, Intros shall implement and maintain the technical and organisational measures set out in Security Summary Document to protect the Guest Personal Data against accidental, unauthorised or unlawful destruction, loss, alteration, disclosure or access.
1.5 Intros shall inform the Customer of any addition, replacement or other changes of third parties authorised by Intros to have logical access to and process Guest Personal Data in order to provide parts of the Services (“Sub-processors”) and provide the Customer with the opportunity to reasonably object to such changes on legitimate grounds. The Customer acknowledges that these Sub-processors are essential to provide the Services and that objecting to the use of a Sub-processor may prevent Intros from offering the Services to the Customer. Intros will enter into a written agreement with the Sub-processor imposing on the Sub-processor obligations comparable to those imposed on Intros under this Agreement, including appropriate data security measures. In case the Sub-processor fails to fulfil its data protection obligations under such written agreement with Intros, Intros will remain liable towards the Customer for the performance of the Sub-processor’s obligations under such agreement. By way of the Agreement, the Customer provides general written authorisation to Intros to engage Sub-processors as necessary to perform the Services; 1.6 Intros shall (at the Customer’s cost): (a) assist the Customer in ensuring compliance with the Customer’s obligations pursuant to Articles 32 to 36 of the GDPR (and any similar obligations under applicable Data Protection Laws) taking into account the nature of the processing and the information available to Intros; and (b) taking into account the nature of the processing, assist the Customer (by appropriate technical and organisational measures), insofar as this is possible, for the fulfilment of the Customer’s obligations to respond to requests for exercising the Data Subjects’ rights under Chapter III of the GDPR (and any similar obligations under applicable Data Protection Laws) in respect of any Guest Personal Data. 1.7 Intros may transfer Guest Personal Data processed under this Agreement outside the European Economic Area (“EEA”) or Switzerland as necessary to provide the Services. If Intros transfers Guest Personal Data to a jurisdiction for which the European Commission has not issued an adequacy decision, Intros will ensure that appropriate safeguards have been implemented for the transfer of Guest Personal Data in accordance with Data Protection Laws. 1.8 Intros shall, in accordance with Data Protection Laws, make available to the Customer such information that is in its possession or control as is necessary to demonstrate Intros’ compliance with the obligations placed on it under this clause 1 and to demonstrate compliance with the obligations on each party imposed by Article 28 of the GDPR (and under any equivalent Data Protection Laws equivalent to that Article 28), and allow for and contribute to audits, including inspections, by the Customer (or another auditor mandated by the Customer) for this purpose (subject to a maximum of one audit request in any 12 month period). 1.9 Intros shall notify the Customer without undue delay and in writing on becoming aware of any security breach in respect of any Guest Personal Data.
1.10 On the end of the provision of the Services relating to the processing of Guest Personal Data, at the Customer’s cost and the Customer’s option, Intros shall either return all of the Guest Personal Data to the Customer or securely dispose of the Guest Personal Data (and thereafter promptly delete all existing copies of it) except to the extent that any applicable law requires Intros to store such Guest Personal Data. This clause 1 shall survive termination or expiry of this Agreement. 1.11 The Customer shall ensure that: Guests are provided with appropriate information regarding the processing of their Guest Personal Data, including by means of offering a transparent and easily accessible public privacy notice. 1.12 Processing of the Guest Personal Data by Intros under this Agreement shall be as set out below. (a) Subject-matter of processing: Processing Guest Data (b) Duration of Processing: For the duration of the provision of the Guest App Services. (c) Nature and purpose of the processing: providing Guests with access to and use of the Grip mobile application and the services available on it; sending messages to Guests on behalf of the Customer, regarding the operation of the Services. (d) Type of Personal Data: Email address; name; details of job role and position; demographic data; event being attended. (e) Categories of Data Subjects: Guests