This Data Processing Agreement ("Agreement") supplements the Eyk Terms and Conditions and is entered into between Eyk B.V. ("Data Processor") and a customer who uses Eyk’s services ("Data Controller"), collectively referred to as the "Parties" and each individually as a "Party", in connection with the processing of personal data by Data Processor on behalf of Data Controller.
a. "Personal Data" shall have the meaning ascribed to it under the applicable data protection laws, including but not limited to the General Data Protection Regulation (GDPR).
b. "Data Controller" shall mean the entity that determines the purposes and means of the processing of Personal Data.
c. "Data Processor" shall mean the entity that processes Personal Data on behalf of the Data Controller.
d. "Subprocessor" shall mean any third-party processor engaged by Data Processor for the processing of Personal Data on behalf of Data Controller.
e. "Data Warehouse" shall mean the cloud-based storage system used by Data Processor to store the processed marketing data extracted from tools like Facebook Ads, Google Search Console, and Shopify.
a. Data Processor shall ensure that all personnel involved in the processing of Personal Data are subject to appropriate obligations of confidentiality.
b. Data Processor shall take all necessary measures to protect the confidentiality of Personal Data and prevent unauthorized access to or disclosure of Personal Data.
c. Data Processor shall promptly notify Data Controller in writing of any actual or suspected unauthorized access, use, or disclosure of Personal Data.
a. Data Controller hereby provides general authorization to Data Processor to engage Subprocessors for the processing of Personal Data.
b. Data Processor shall ensure that any Subprocessor engaged by it is bound by contractual obligations that are equivalent to those set out in this Agreement.
c. Data Processor shall be fully liable to Data Controller for the acts and omissions of any Subprocessor with respect to the processing of Personal Data.
a. Data Processor's liability for any damages arising out of or in connection with the processing of Personal Data under this Agreement shall be limited to the amount paid by Data Controller to Data Processor for the services giving rise to the liability during the 12 months prior to the event giving rise to the liability.
b. Data Processor shall not be liable for any indirect, incidental, special, consequential, or punitive damages, including but not limited to loss of profits, loss of revenue, loss of data, or loss of business opportunities.
a. Data Processor shall process Personal Data solely for the purpose of providing the software as a service product that extracts, loads, and transforms marketing data from tools to the Data Warehouse, in accordance with the instructions of Data Controller.
b. Data Processor shall implement appropriate technical and organizational measures to protect Personal Data against unauthorized or unlawful processing and accidental loss, destruction, or damage.
c. Data Processor shall assist Data Controller in fulfilling its obligations under applicable data protection laws, including but not limited to providing Data Controller with the necessary information to respond to data subject requests, data breaches, and other data protection-related incidents.
d. Data Processor shall not transfer Personal Data to any third country or international organization without the prior written consent of the Data Controller.
a. This Agreement shall commence on the effective date and shall continue in effect until the termination of the underlying agreement between Data Controller and Data Processor for the provision of the software as a service product.
b. Upon termination of the underlying agreement, Data Processor shall delete or return all Personal Data to Data Controller, unless required to retain the Personal Data by applicable law.