General terms & conditions – version 2019.1
Article 1 Definitions
- Data subject: an identified or identifiable natural person, within the meaning of Article 4 of the GDPR.
- Personal Data Breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed (‘Data Leak’), within the meaning of Article 4 under 12 GDPR.
- The Client: the legal person or the natural person with whom Validata Group BV (‘Validata’) has entered into an Agreement.
- Agreement: agreement between Validata and the Client.
- Parties: Validata and the Client jointly or separately as ‘party’.
- Privacy Statement: Validata’s Privacy Statement which gives data subjects information on why and how Validata handles the personal data of data subjects.
- Screening: screening or screen, concerns the verification of the relevant personal data of data subject prior to or during the co-operation, commencement of employment, lease or sale of immoveable property.
- Personal data: all information on an identified or identifiable natural person (‘the data subject’) within the meaning article 4 of the GDPR.
- Validata Group BV: a private company with limited liability with its registered office in Amsterdam, also trading under the name Validata.
- Work: the services agreed between parties within the framework of screening of the data subjects.
Article 2 Applicability
- These general terms and conditions apply to all offers and quotations by Validata and to all agreements that the parties conclude.
- The applicability of purchase conditions or other conditions of the Client is expressly rejected.
- Deviations from and additions to these general terms and conditions are only valid if agreed in writing between the parties.
Article 3 Offers, quotations and conclusion of agreement
- All offers and quotations by Validata are valid for a period of two (2) months after the quotation date.
- The agreement is concluded by the Client’s acceptance of the offer or quotation, or at the time at which both parties have signed the agreement.
Article 4 Performance of the agreement
- Validata is obliged to perform the agreement as may be expected of a service provider with normal professional knowledge, care and caution in this sector.
- Validata has the right to engage third parties for the performance of the agreement. Validata shall exercise due care with regard to the selection of third parties. Validata is responsible for the behaviour of any engaged third parties.
- In case abnormalities come up in connection with the performance of the agreement, Validata will inform the Client of this as soon as possible.
- Validata has a right to change the agreed provision of services by means of a written notice to the Client. If Validata makes use of this right to make changes, the Client has the right to terminate the agreement with effect from the date of the change of the provision of services. The Client must send this notice of termination by registered letter, within four (4) weeks of the written notice from Validata concerning the intended change.
Article 5 Provision of information
- The Client is obliged to provide Validata with all data and documents that Validata requires for the performance of the assignment and to do so in good time and to provide such in the desired form and in the desired manner.
- The Client vouches for the correctness and completeness of the data provided to Validata. Validata guarantees that it will carry out work for the Client correctly and completely, on the basis of the data provided by the Client.
Article 6 Rates and fees
- The rates and fees specified in the agreement are exclusive of VAT and other government levies, as well as any costs to be incurred in connection with the agreement, including shipping and administrative costs, unless the agreement specifies otherwise.
- The work carried out by Validata may be charged in advance, while it is being carried out or periodically, unless the agreement states otherwise.
- Validata reserves the right to index its rates and fees annually in accordance with the price index for services (CPI) such as by CBS in the year prior to the increase in charges is published, unless the agreement states otherwise.
Article 7 Invoicing and payment
- The Client must pay all Validata’s invoices in euros no later than fourteen (14) days after the invoice date, unless otherwise agreed in writing between parties. Objections to the amount of the invoices do not suspend the payment obligation of the Client.
- If the Client does not make the payment within the period of fourteen (14) days, the Client is in default by operation of law. Validata reserves the right to claim the statutory interest rate from that time onwards. The interest on the amount due will be calculated from the time at which the Client is in default up to the time at which the total amount due has been paid.
- If Validata takes collection measures against a Client who is in default, the costs payable in connection with such collection – with a minimum of 10% of the due invoices and including extra-judicial collection costs – are fully at the expense of the Client.
- The payments made by the Client will always firstly be applied to the settlement of all interest and costs due and secondly to the settlement of the due invoices that have been outstanding the longest, even if the Client states that the payment pertains to a later invoice.
Article 8 Liability
- Validata is liable for damage or loss suffered by the Client that is a direct consequence of Validata’s attributable failure to perform the obligations under the agreement with respect to the Client.
- Validata is not liable for any damage or loss arising from (the contents of) the data or personal data provided by the Client and/or the data subject. The Client indemnifies Validata against all third-party claims arising and/or directly relating to (the content of) data and/or personal data provided by the Client and/or the data subject.
- Validata’s liability due to an attributable failure to perform an obligation or obligations under the agreement -with or without the involvement of third parties – or on another basis is limited to a maximum amount of € 250.000 per incident and per year.
- In all cases, any liability on the part of Validata is limited to the amount that will be paid out by Validata’s liability insurer, or the amount that Validata can recover from third parties.
- The aforementioned limitations of liability do not apply in the event of intent or gross negligence on the part of Validata.
- The provisions in this article and all other limitations and exclusions of liability mentioned in these General Terms and Conditions also apply in favour of all third parties engaged by Validata with regard to performing this agreement.
Article 9 Force majeure
- Force majeure is understood to mean any circumstance on which grounds (further) performance of the agreement by Validata cannot be reasonable required. This includes – but is not limited to – contingencies that obstruct or restrict the business operations.
- In the event that Validata is unable to, fully or partially, perform its duties, Validata will have the right to suspend the performance of the work or to deem the agreement fully or partially terminated, at its discretion, without judicial intervention, without Validata being liable to pay any damages suffered by the Client.
Article 10 Personal data
- With regard to the personal data of data subjects, parties are referred to as controller within the meaning of the General Data Protection Regulation (GDPR). Both parties shall process the personal data in a fair and proper manner, and in accordance with the obligations resting on them, as controllers, pursuant to the GDPR.
- Validata is required to take all appropriate technical and organisational measures to protect the personal data against loss, destruction or damage, or any other form of unlawful processing.
- Parties shall notify each other – without any unnecessary delay, no later than 24 hours – of any breaches concerning the personal data of the data subject with regard to services that Validata provides on behalf of the Client. If an obligation to report arises due to a breach of thepersonal data on the grounds of Articles 33 and 34 of the GDPR, parties shall consult each other with regard to fulfilling their obligation to notify. Validata can be contacted via firstname.lastname@example.org.
- With regard to co-operation with third parties, Validata has taken all necessary precautions to ensure that the security, secrecy, privacy are safeguarded, and compliance with the applicable laws.
- Validata’s employees who have access to the Client’s confidential information pursuant to the performance of the agreement have been screened and signed a Confidentiality Agreement.
- Validata has drawn up a Privacy Statement which informs data subjects on why and how Validata handles the personal data of data subjects.
- Validata has incorporated security measures in its Information Security Policy. Validata demands that engaged third parties and/or suppliers at the very least have the same security measures in place. These security measures are attached as Appendix 1 to these General Terms and Conditions.
Article 11 Applicable law and competent court
- The legal relationship between Validata and the Client is governed by the law of the Netherlands. All disputes between Validata and the Client that arise from or in connection with the agreement will be settled by the competent court in Amsterdam, to the exclusion of all other authorities.
APPENDIX 1: SECURITY MEASURES
The security measures includes at least the following measures:
Organisation of information security and communication processes
- Validata has an active Information security policy.
- Information security incidents are documented and the Information security policy is optimised by learning from these incidents.
- Staff members are bound by confidentially agreements and information security agreements.
- A system of authorisations is in place that ensures that staff members cannot access more data than is strictly necessary for performing their job.
Physical security and continuity of assets
- Personal data are processed only on equipment that has safeguards that physically secure the equipment and guarantee the continuity of the services.
- Back-ups are made periodically to ensure the continuity of the services.
- These back-ups are treated confidentially and stored in a closed environment.
Network, server and application security and maintenance
- The network environment in which data are processed is secured. To this end, data traffic flows are segregated and encrypted.
- All applications in which personal data are processed are tested for vulnerabilities before they are put into operation.
- Information that is not or no longer used is erased, including from back-ups.
- Cryptographic measures are applied to passwords to ensure that these data are stored safely.
- Personal data are encrypted when shared with third parties.
- Validata’s information security system complies with the standards of ISO 27001 and the OWASP top 10 is used as a guideline.
Measure to identify vulnerabilities
- The information security policy includes internal processes to identify and resolve vulnerabilities.