Standard Processor Agreement
This is an additional agreement between Scitodate B.V. and their Client (version 1.0 as of 05-25-2018).
Taking into account that:
The Client has entered into an agreement with Scitodate by signing a contract.
This agreement contains provisions regarding the processing of data, to be qualified as a Processor Agreement as referred to in the General Data Protection Regulation (hereinafter: GDPR). This page can be consulted at any time.
In the context of the execution of the Agreement between the Client and Scitodate, Scitodate can store and process data for the Client to visualise or find academic entities which operate in a specific field of expertise (hereinafter: Academic entity data). The parties agree that, in so far as Scitodate processes data on behalf of the Client, Scitodate can be regarded as the Controller Party in the sense of the GDPR. Scitodate determines the purpose of the data processing (to provide Academic entity data), how the data processing is done and which resources are used are determined by Scitodate. Once Scitodate hands over the data to the Client in the context of the execution of the Agreement, the Client becomes Controller of the data.
In the context of the execution of the Agreement between the Client and Scitodate, Scitodate may store and process data provided by the Client (hereinafter: Verification Data of the Client). The Parties agree that, in so far as Scitodate processes Verification Data for the Client, Scitodate can be regarded as the Processor within the meaning of the GDPR and the Client as the Controller. The Client makes an effort to communicate as little as possible personal data to Scitodate.
Client protects his passwords and takes full responsibility for his own account as well as the use by third parties of his accounts. Client is responsible for all activities that take place under his Account, with the exception of the activities of Scitodate support staff as mentioned in this article. The Client will inform Scitodate immediately after it has become known to the Client of unauthorized use of the Client's account or any other breach of the security of which the Client is aware. The support staff of Scitodate (or its 100% subsidiaries) may from time to time log in to the Service using the password of Client (password is always hidden) to maintain or improve the Service, including to help Client in case of problems or support.
The Client and Scitodate guarantee that they fully comply with all applicable legal obligations, including but not limited to the obligations arising from the GDPR, with respect to the data and in particular personal data.
The Client warrants to Scitodate that the data provided by the Client (Verification Data) to Scitodate are not unlawful and do not infringe the rights of third parties, (ii) that they are entitled to provide the data to Scitodate, and (iii) that they entitled Scitodate as processor of the concerning data. Client grants Scitodate the right to use (sub) processor (s) themselves, provided (sub) processor (s) meet the agreements as laid down in this Processor Agreement.
Scitodate warrants to the Client that the data provided by Scitodate (Academic entity data) to the Client are not unlawful and do not infringe the rights of third parties, (ii) that they are entitled to provide the data to the Client. The Client will not use the data provided by Scitodate (Academic entity data) for the purposes of direct marketing, unrequested large-scale email campaigns or any other unlawful activity.
In the case of a data breach involving data from or for the Client, Scitodate undertakes to report this to the Client within 72 hours.
In the case of a data breach involving data from Scitodate, Client undertakes to report this to Scitodate within 72 hours.
Scitodate states that the Client data, if it contains personal data, are only stored on servers within the European Union.
Both Scitodate and Client make all reasonable efforts in their systems and the data transfer between Client and Scitodate to protect against loss and / or against any form of unlawful use. All parties involved will implement appropriate technical and organizational measures, taking into account, among other things, the state of the technology. Client declares to have taken note of the measures taken by Scitodate and to have established that these measures guarantee an adequate level of security with regard to the data being processed.
Scitodate declare they won’t store personal data provided by the Client for no longer than is strictly necessary for the performance of its service or after termination of the Agreement, unless this is based on a legal obligation.
Both Scitodate and Client are bound to secrecy of all data and information that it processes as a result of this Processing Agreement, except to the extent that such data or information is apparently not secret or confidential, or are already generally known.
This Processor Agreement will be in force during the term of the Agreement between the Client and Scitodate. If the Agreement ends, this Processor Agreement shall end by operation of law, except when the nature of the processing and / or the nature of the provision require the continuation of the specific provisions of this Processor Agreement.
The leading supervisor is the Dutch Data Protection Authority (DPA).