As of 25.05.2018
For the purposes of these Terms and Conditions:
getsix® - means the getsix Group Company with which the client has a contract for the provision of services
„REGULATION” means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) also known as GDPR
"Personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, modification, unauthorized disclosure of or unauthorized access to personal data transmitted, stored or otherwise processed;
In connection with the contract for the services provided by getsix® to the client and in connection with the fact that the processing of the personal data entrusted by the client is to be carried out on behalf of the client:
- getsix® declares that it provides sufficient guarantees to implement appropriate technical and organizational measures to ensure that the processing meets the requirements of the Regulation and protects the rights of data subjects.
- Any transfer of personal data from the client to getsix® (for the purpose of performing the service contract) shall be treated as a command for processing.
- Unless otherwise agreed (i.e., a separate agreement for entrusting the processing of personal data has been concluded), the processing by getsix® of personal data entrusted by the client shall take place on the basis of these Terms and Conditions. In particular, this means that:
- getsix® processes personal data only on the documented instruction of the client - which also applies to the transfer of personal data to a third country or an international organization - unless such obligation is imposed by Union law or national law to which getsix® is subject, in which case getsix® shall inform the client of this legal obligation prior to the processing, unless such law prohibits the provision of such information due to an important public interest;
- getsix® shall ensure that persons authorized to process personal data undertake to maintain secrecy or are subject to the relevant statutory obligation of secrecy;
- getsix® takes all measures required under Article 32 of the Regulation;
- getsix® complies with the terms and conditions for the use of another processor;
- getsix®, taking into account the nature of the processing, shall, as far as possible, assist the client, through appropriate technical and organizational measures, to comply with its obligation to respond to the data subject's requests for the exercise of his/her rights set forth in Chapter III of the Regulation;
- getsix®, taking into account the nature of the processing and the information available to it, shall assist the client in complying with the obligations set forth in Articles 32-36 of the Regulation;
- getsix®, upon the termination of the Processing Services depending on the client's decision, shall delete or return to the client any personal data and delete any existing copies thereof, unless Union or national law mandates the retention of personal data;
- getsix® shall make available to the client all information necessary to demonstrate compliance with the obligations set forth in this clause and shall allow and contribute to audits, including inspections, by the client or an auditor authorized by the client.
- The client confirms that it consents to getsix®'s use of further processors in particular, but not exclusively, the Data Center as well as other Companies of the getsix® Group, a list of which can be found at https://getsix.eu/company-information/.
The client has the option to object to getsix®'s use of downstream processors. Expressing an objection with respect to an entity that is a key entity in the performance of getsix® services may result in the need to terminate the Service Agreement.
- If getsix® uses another processor to carry out specific processing activities on behalf of the client, the same data protection obligations as in these Terms and Conditions, in particular the obligation to provide sufficient guarantees for the implementation of appropriate technical and organizational measures so that the processing complies with the requirements of the Terms and Conditions, shall be imposed on that other processor under a contract or other legal act that is subject to Union law or national law. If this other processor fails to comply with its data protection obligations, the full responsibility to the client for fulfilling the obligations of this other processor shall rest with getsix®.
- The contract or other legal act referred to in Section 5 shall be in writing, including electronic form.
- Without prejudice to Articles 82, 83 and 84 of the Regulation, if getsix® violates the Regulation in determining the purposes and means of processing, it shall be deemed to be a controller with respect to such processing.
- getsix® undertakes to notify the client immediately of:
- any request for access to personal data to a competent public authority, unless the prohibition of notification is based on law,
- any discovery or suspicion of a personal data breach (no later than 24 hours),
- any request received from a person whose data it processes on behalf of the client, while refraining from responding to the request.