General Terms & Conditions Validata Group BV - version 2021.2

General Terms & Conditions Validata Group BV – version 2021.2

Article 1 – Definitions

1.1 Data subject: an identified or identifiable natural person, within the meaning of Article 4 of the GDPR.
1.2 Personal Data Breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed (‘Data Leak’), within the meaning of Article 4 under 12 GDPR.
1.3 The Client: the legal person or the natural person with whom Validata Group BV (‘Validata’) has entered into an Agreement.
1.4 Intellectual Property Rights are all intellectual property rights, including but not limited to copyrights, trademark rights, patent rights and trade name rights, with regard to any Work or services, including documents, designs, computer software, customized software and/or other information, whether electronically recorded or not.
1.5 Agreement: agreement between Validata and the Client.
1.6 Parties: Validata and the Client jointly or separately as ‘party’.
1.7 Privacy Statement: Validata’s Privacy Statement which gives data subjects information on why and how Validata handles the personal data of data subjects.
1.8 Screening: screening or screen, concerns the verification of the relevant personal data of data subject prior to or during the co-operation, commencement of employment, lease or sale of immoveable property.
1.9 Personal data: all information on an identified or identifiable natural person (‘the data subject’) within the meaning article 4 of the GDPR.
1.10 Validata Group BV: a private company with limited liability with its registered office in Amsterdam, also trading under the name Validata.
1.11 Work: the services agreed between parties within the framework of screening of the data subjects.

Article 2 – Applicablity

2.1 These general terms and conditions apply to all offers and quotations by Validata and to all agreements that the parties conclude.
2.2 The applicability of purchase conditions or other conditions of the Client is expressly rejected.
2.3 Deviations from and additions to these general terms and conditions are only valid if agreed in writing between the parties.

Article 3 – Offers, quotations and conclusion of agreement

3.1 All offers and quotations by Validata are valid for a period of two (2) months after the quotation date.
3.2 The agreement is concluded by the Client’s acceptance of the offer or quotation, or at the time at which both parties have signed the agreement.

Article 4 – Performance of the agreement

4.1 Validata is obliged to perform the agreement as may be expected of a service provider with normal professional knowledge, care and caution in this sector.
4.2 Validata has the right to engage third parties for the performance of the agreement. Validata shall exercise due care with regard to the selection of third parties. Validata is responsible for the behaviour of any engaged third parties.
4.3 In case abnormalities come up in connection with the performance of the agreement, Validata will inform the Client of this as soon as possible.
4.4 Validata has a right to change the agreed provision of services by means of a written notice to the Client. If Validata makes use of this right to make changes, the Client has the right to terminate the agreement with effect from the date of the change of the provision of services. The Client must send this notice of termination by registered letter, within four (4) weeks of the written notice from Validata concerning the intended change.

Article 5 – Provision of information

5.1 The Client is obliged to provide Validata with all data and documents that Validata requires for the performance of the assignment and to do so in good time and to provide such in the desired form and in the desired manner.
5.2 The Client vouches for the correctness and completeness of the data provided to Validata. Validata guarantees that it will carry out work for the Client correctly and completely, on the basis of the data provided by the Client.

Article 6 – Rates and fees

6.1 The rates and fees specified in the agreement are exclusive of VAT and other government levies, as well as any costs to be incurred in connection with the agreement, including shipping and administrative costs, unless the agreement specifies otherwise.
6.2 The work carried out by Validata may be charged in advance, while it is being carried out or periodically, unless the agreement states otherwise.
6.3 Validata reserves the right to index its rates and fees annually in accordance with the price index for services (CPI) such as by CBS in the year prior to the increase in charges is published, unless the agreement states otherwise.

Article 7 – Invoicing and payment

7.1 The Client must pay all Validata’s invoices in euros no later than fourteen (14) days after the invoice date, unless otherwise agreed in writing between parties. Objections to the amount of the invoices do not suspend the payment obligation of the Client.
7.2 If the Client does not make the payment within the period of fourteen (14) days, the Client is in default by operation of law. Validata reserves the right to claim the statutory interest rate from that time onwards. The interest on the amount due will be calculated from the time at which the Client is in default up to the time at which the total amount due has been paid.
7.3 If Validata takes collection measures against a Client who is in default, the costs payable in connection with such collection – with a minimum of 10% of the due invoices and including extra-judicial collection costs – are fully at the expense of the Client.
7.4 The payments made by the Client will always firstly be applied to the settlement of all interest and costs due and secondly to the settlement of the due invoices that have been outstanding the longest, even if the Client states that the payment pertains to a later invoice.

Article 8 – Liability

8.1 Validata is liable for damage or loss suffered by the Client that is a direct consequence of Validata’s attributable failure to perform the obligations under the agreement with respect to the Client.
8.2 Validata is not liable for any damage or loss arising from (the contents of) the data or personal data provided by the Client and/or the data subject. The Client indemnifies Validata against all third-party claims arising and/or directly relating to (the content of) data and/or personal data provided by the Client and/or the data subject.
8.3 Validata’s liability due to an attributable failure to perform an obligation or obligations under the agreement -with or without the involvement of third parties – or on another basis is limited to a maximum amount of € 250.000 per incident and per year. In this respect, a series of related damage-causing incidents is regarded as one incident and one damage-causing incident.
8.4 In all cases, any liability on the part of Validata is limited to the amount that will be paid out by Validata’s liability insurer, or the amount that Validata can recover from third parties.
8.5 In order to have any right to compensation of damage the Client shall report the damage to Validata in writing as soon as possible (but no later than one (1) year after it arises).
8.6 The aforementioned limitations of liability do not apply in the event of intent or gross negligence on the part of Validata.
8.7 Insofar as Validata depends on the cooperation, services and deliveries of third parties, on which Validata has little or no influence, Validata can in no way be held liable for any damage whatsoever arising from these relationships with Validata or the termination thereof regardless of whether this damage arises or becomes visible during the relationship with Validata
8.8 The provisions in this article and all other limitations and exclusions of liability mentioned in these General Terms and Conditions also apply in favour of all third parties engaged by Validata with regard to performing this agreement.

Article 9 – Force majeure

9.1 Force majeure is understood to mean any circumstance on which grounds (further) performance of the agreement by Validata cannot be reasonable required. This includes – but is not limited to – contingencies that obstruct or restrict the business operations.
9.2 In the event that Validata is unable to, fully or partially, perform its duties, Validata will have the right to suspend the performance of the work or to deem the agreement fully or partially terminated, at its discretion, without judicial intervention, without Validata being liable to pay any damages suffered by the Client.

Article 10 – Personal Data

10.1 With regard to the personal data of data subjects, parties are referred to as controller within the meaning of the General Data Protection Regulation (GDPR). Both parties shall process the personal data in a fair and proper manner, and in accordance with the obligations resting on them, as controllers, pursuant to the GDPR.
10.2 Validata is required to take all appropriate technical and organisational measures to protect the personal data against loss, destruction or damage, or any other form of unlawful processing.
10.3 Parties shall notify each other – without any unnecessary delay, no later than 24 hours – of any breaches concerning the personal data of the data subject with regard to services that Validata provides on behalf of the Client. If an obligation to report arises due to a breach of thepersonal data on the grounds of Articles 33 and 34 of the GDPR, parties shall consult each other with regard to fulfilling their obligation to notify. Validata can be contacted via
10.4 With regard to co-operation with third parties, Validata has taken all necessary precautions to ensure that the security, secrecy, privacy are safeguarded, and compliance with the applicable laws.
10.5.1 The Client has the right, in consultation and after written approval from Validata, to carry out audits or have them carried out by an independent third party.
10.5.2 The findings of the audits are immediately shared with Validata by the Client.
10.5.3 The costs for the audits are borne by the Client.
10.6 Validata’s employees who have access to the Client’s confidential information pursuant to the performance of the agreement have been screened and signed a Confidentiality Agreement.
10.7 Validata has drawn up a Privacy Statement which informs data subjects on why and how Validata handles the personal data of data subjects.
10.8 Validata has incorporated security measures in its Information Security Policy. These security measures are attached as Appendix 1 to these General Terms and Conditions.

Article 11 – Intellectual Property Rights

11.1 All Intellectual Property Rights of Validata remain with Validata or the third party from whom Validata has obtained the right to make the Work or services available to the Client. In no way are the Intellectual Property Rights with regard to any Work or services transferred to the Client. If Validata grants a right of use to the Client, this is a non-exclusive, non-transferable and non-sublicensable right of use.
11.2 All Intellectual Property Rights of the Client remain with the Client or the third party from whom the Client has obtained the right to use the work.
11.3 All Intellectual Property Rights to all software and documentation developed or made available pursuant to the Agreement, as well as preparatory material thereof, rest exclusively with Validata. The Client is not entitled to transfer, encumber or grant a (sub) license with respect to the software and documentation. The Client will not reproduce, publish or make copies of the
software and documentation as well as preparatory material available. The Client is allowed to make copies of screening reports with appendices for internal use.

Article 12 – Applicable law and competent court

11.1 The legal relationship between Validata and the Client is governed by the law of the Netherlands. All disputes between Validata and the Client that arise from or in connection with the agreement will be settled by the competent court in Amsterdam, to the exclusion of all other authorities.


Validata Group BV (hereinafter referred to as Validata) has implemented the following security measures and included them in its information security policy.

Organisation of information security and communication processes

  • Validata has an active Information security policy.
  • Information security incidents are documented and the Information security policy is optimised by learning from these incidents.


  • ISO 27001 certified (all security controls are applicable)
  • ISO 9001:2015 certified

Staff members

  • Staff members are bound by confidentiality agreements and information security agreements.
  • A system of authorisations is in place that ensures that staff members cannot access more data than is strictly necessary for performing their job.

Physical security and continuity of assets

  • Personal data are processed only on equipment that has safeguards that physically secure the equipment and guarantee the continuity of the services.
  • Back-ups are made periodically to ensure the continuity of the services.
  • These back-ups are treated confidentially and stored in a closed environment.

Network, server and application security and maintenance

  • The network environment in which data are processed is secured. To this end, data traffic flows are segregated and encrypted.
  • All applications in which personal data are processed are tested for vulnerabilities before they are put into operation.
  • Information that is not or no longer used is erased, including from back-ups.
  • Cryptographic measures are applied to passwords to ensure that these data are stored safely.
  • Personal data are encrypted when shared with third parties.

Measure to identify vulnerabilities

  • The information security policy includes internal processes to identify and resolve vulnerabilities.

Cloud, hosting and data storage

  • The Validata screening applications are cloud-based and developed based on the Mendix technology/platform.
  • The Core Next Gen screening application is hosted at XS4ALL in Amsterdam (the Netherlands) with backup in the Netherlands.
  • The Valluga screening application is hosted at AWS in Frankfurt (Germany) with backup in Ireland.

More information about Validata its Security Measures

For security reasons, the above security information is shared by default from Validata.
If you as an organization would like additional information or access to certain documentation and or reports, please contact your contact person at Validata. Additional information is available for review only after signing an NDA and will not be provided physically or digitally.