General terms and conditions.
1. Definitions
The terms contained in the Agreement and these Terms and Conditions beginning with a capital letter are defined and have the meaning as set out in this Article:
- Agreement: the agreement concluded between XIS BV and Client, including all associated appendices, to which these Terms and Conditions apply.
- Applicable Law: (i) all applicable laws and regulations, government requests and codes of conduct laid down by competent authorities or industries that apply to providing or receiving the Service and/or End User Service in the country where the Service and/or the End User Service is delivered; and also (ii) all regulations, guidelines, conditions, policy rules and/or other requirements that are used by Operators in the country where the Service and/or the End User Service is delivered.
- Client: the Party with whom XIS BV concludes the Agreement.
- XIS: the private limited liability company XIS BV (VAT BE0821588020).
- End User: a natural person who is authorized by Client to make use of the Client’s End User Services.
- End User Service: service provided by Client to its End Users, via the Platform of Xtreme Internet Solutions BV.
- Platform: the computing environment of XIS BV designed to create the connection between an electronic communication network andc the system of the Client.
- Service: a service XIS BV provides to the Client under the Agreement.
- Working Day: Monday to Friday from 9.00 a.m. to 6.00 p.m. Central European (Summer) Time (CE(S)T), excluding generally recognized public holidays in Belgium.
2. Scope
- 2.1 These Terms and Conditions apply to all requests, offers, relations, quotations and Agreements between XIS BV and the Client, unless the Parties have expressly agreed otherwise in writing.
- 2.2 The applicability of any general (purchasing) terms and conditions used by Client is hereby expressly excluded.
- 2.3 Reference to “writing” anywhere in this Agreement shall be considered all communication in either electronic or paper format.
- 2.4 Applicable Law applies to End User Services and will take precedence upon conflict with the provisions of the Agreement or these Terms and Conditions. Upon request, XIS BV may inform the Client concerning the contents and/or applicability of said Applicable Law. However, it is the Client’s sole responsibility to familiarize itself with all Applicable Law and to procure independent legal advice in respect thereof and XIS BV will not provide warranties in this regard. If for any reason whatsoever the provisions of the Applicable Law shall be deemed not to apply to the relations between XIS BV and the Client, or be declared inapplicable, the provisions of the Agreement and these Terms and Conditions shall take precedence.
3. Offers
- 3.1 All offers made by XIS BV are without obligation and are non-binding unless expressly stated otherwise in writing. If not stated otherwise, an agreement with Xtreme Internet Solutions BV shall not be concluded until XIS BV has expressly accepted or confirmed an order to that effect in writing.
- 3.2 XIS BV expressly reserves the right to amend its pricing and/or pricing model with regard to general price lists, brochures, information on websites and other information provided in the context of offers.
4. Prices, payment and taxes
- 4.1 All prices stated are in Euros and are exclusive of value added tax (VAT) and/or any other taxes, charges or levies imposed by any government authority.
- 4.2 The applicable prices and rates are listed on the website of XIS BV and/or described in the Agreement. Unless a fixed price has been expressly agreed, Xtreme Internet Solutions BV is reserves the right to change prices and rates at any time without notice. The Client shall be charged for all Traffic that is sent to, and received by the Platform of Xtreme Internet Solutions BV via the connection of Client. The billing period is based on CE(S)T time zone.
- 4.3 If a fixed price has been expressly agreed in the Agreement for one or more destinations, Xtreme Internet Solutions BV is only entitled to change the agreed fixed price(s) after written agreement by the Client.
- 4.4 Notwithstanding article 4.3, XIS BV is in every instance entitled to change its prices following from changes to Applicable Law, from an increase in the purchase price of messages and/or from rates changes effected by Operators. XIS BV shall inform the Client in advance of such price increases as soon as reasonably possible.
- 4.5 The Client shall pay all invoices without suspension, set-off or deduction within thirty (30) days of the invoice date, unless the Agreement explicitly contains different payment terms.
- 4.6 In the event that Client fails to pay XIS BV the amounts due within the agreed period, statutory commercial interest shall be applied and will fall due accordingly by the Client on the outstanding amount without any requirement from XIS BV to communicate a notice of default.
- 4.7 Client is responsible for payment of the applicable value added tax (VAT) and/or any other tax or levy on its End User Service. The Client shall indemnify XIS BV for and against all claims by tax authorities in this regard and shall indemnify XIS BV for all losses, penalties and costs arising thereof.
- 4.8 Where bank fees occur, Client shall bear the costs imposed by its own bank, any intermediate bank and the bank of XIS BV as indicated on the invoice when making payments under the Agreement. The net amount received by XIS BV shall correspond to the amount invoiced. In this regard, the Client remains liable to pay the any shortfall of outstanding amounts due.
- 4.9 Notwithstanding article 4.3, XIS BV shall have the right to make adjustments to its prices (fixed or general) on an annual basis at the beginning of each subsequent calendar year to reflect the annual changes in the national Consumer Price Index (CPI).
5. Obligations
- 5.1 Client will ensure a secure, continuously working connection at its own cost to the Platform of XIS BV.
- 5.2 Client shall ensure that access to the aforementioned connection and the account of Client is limited to authorized employees of Client and that log-in credentials are stored securely. It is not permitted to authorize use to other persons and/or third parties.
- 5.3 Client shall only use the Services for its intended and normal purpose and/or purposes as agreed and described in the Agreement. Any change to the Service is to be requested in writing.
- 5.4 Client is responsible for the content of Traffic sent by Client, the lawfulness of the Traffic and the identity of the relevant End User, including as to whether such End User has “opted in” to receive applicable Traffic, and guarantees that these comply with Applicable Law. The Client will maintain up to date records of end user consent or proof of lawful basis and provide these to Xtreme Internet Solutions BV upon request. The Client will not send any unsolicited traffic, nor other unethical, illegal, punishable or otherwise fraudulent or illicit traffic or content.
- 5.5 Client shall cooperate with XIS BV and provide any information reasonably required for boarding and acceptance procedures of Operator(s). Client will provide XIS BV the full name of its company, its address, Chamber of Commerce or company registration number and VAT number (if applicable) and the name of its director(s) authorized to sign the Agreement. Changes to these details must be passed on to Xtreme Internet Solutions BV in writing.
- 5.6 Client accepts that XIS BV may be obliged by Operators and/or competent authorities to provide the data of Client as described in the previous paragraph and the data of other parties that are being connected via Client. Client shall provide all such data requested by XIS BV within three (3) Working Days.
- 5.7 Client shall cooperate with any audit which investigates whether the Client is acting in accordance with Applicable Law.
6. Warranty and indemnification
- 6.1 Client warrants that the content and the promotion of the End User Service under no circumstances infringes the (intellectual property) rights of third parties or is in breach of Applicable Law.
- 6.2 Client shall indemnify, defend and hold harmless XIS BV and its affiliates against all liabilities, losses, damages, claims, penalties, fines and costs (including reasonable legal costs) resulting from or arising out of the failure by Client to comply with article 5 and/or Applicable Law. The indemnity includes, but is not limited to claims made by authorities, organizations and institutions that supervise compliance with the Applicable Law and the content of the Traffic, claims by third parties and also all claims made by Operators in connection with the failure by Client to comply with the Applicable Law.
- 6.3 XIS BV will not be responsible for any Service failures or faults which occur, or losses suffered by the Client, as a result of a breach by the Client of the provisions of this Agreement, including but not limited to the Client’s obligations in Article 5.
7. Suspension
- 7.1 If the Client acts contrary to an obligation under the Agreement, these Terms and Conditions, Applicable Law, Operator guidelines or the obligation to pay the amounts due to XIS BV within the agreed payment term, XIS BV is entitled to suspend provision of the Service without limitation to any other remedy available to XIS BV, including cancellation of this Agreement and/or a claim for specific performance and/or damages.
- 7.2 The Client remains liable for payment for the period that the provision of the Service is suspended in accordance with the provisions of this Article.
- 7.3 As soon as the reason for suspension in accordance with the provisions of this Article is removed by Client, XIS BV shall resume delivery of the Service unless XIS BV believes that the nature and/or frequency of Client’s non-compliance is such that the provision of the Services should be cancelled permanently. If applicable, the activation costs which XIS BV incurs in this respect will be charged to the Client.
8. Connection to the Platform
- 8.1 Client is responsible for the sending and/or delivery of Traffic up to the point of interconnection with the Platform of XIS BV. Client is responsible for appropriate encryption and security of its Traffic.
- 8.2 XIS BV makes no warranty or guarantee that any Traffic will be correctly delivered to or received by End Users after leaving the Platform of XIS BV. XIS BV provides no warranty or guarantee on behalf of any carrier and/or Operator regarding system capacity, throughput, response times or delivery. XIS BV cannot guarantee that Traffic will be accepted by any Operator or that any of the Operators will maintain connectivity with XIS BV.
10. Disputes regarding amounts payable
- 10.1 If the Client disputes the accuracy of an invoice sent by XIS BV, Client will provide a motivated complaint within the payment term applicable to the invoice in question by written notice to XIS BV.
- 10.2 The Client will only be entitled to suspend payment of the disputed part of the invoice, if the amount disputed by the Client exceeds 5% of the total amount of the invoice in question (excluding VAT). If the dispute is not resolved within twenty (20) Working Days after the due payment date of the invoice in question, the Parties will be able to submit the dispute to an external expert. This external party will be appointed in mutual consultation. The Parties will also make agreements in this regard concerning the costs involved in engaging the external party.
11. Confidentiality and Client data
- 11.1 Parties shall keep confidential all information and data received from each other that is marked confidential or evidently confidential from its nature, unless a legal obligation exists to disclose such information and/or data. The non-disclosure obligation shall end one year after the Agreement ends.
- 11.2 The Client solely receives the user rights and authorities expressly granted under the Agreement, these Terms and Conditions or otherwise, and for the remainder shall not disclose, reproduce or make copies of any materials it receives on the basis of this Agreement from XIS BV, nor shall the Client process or modify these materials, without prejudice to further arrangements between XIS BV and the Client in this matter.
- 11.3 Personal data of the Client is collected by XIS BV at registration. This data is required for contract management and customer support. The data can additionally be used for statistical research and to contact Client for marketing activities of XIS BV and its affiliates.
- 11.4 XIS BV processes traffic data (including personal data), for the following purposes: providing continuous information to Client through XIS BV Analytics, billing, financial administration, handling complaints and disputes, traffic control, providing information to emergency services, preventing fraud and criminal activities.
- 11.5 The processing of data mentioned in the previous articles 11.3 and 11.4 is necessary for the delivery and operation of the Services and associated invoicing, therefore XIS BV is considered to be a Controller for the aforementioned data. XIS BV will act according to Applicable Law associated with its status as Controller.
12. Intellectual property rights
- 12.1 The Parties accept and respect each other’s intellectual and other property rights. All intellectual property rights to any materials, developed by XIS BV for or made available to the Client on the basis of the Agreement, such as equipment, software, analyses, designs, documentation, reports and/or offers, and any preparatory material belonging thereto, shall solely be held by XIS BV and/or its licensors.
13. Liability
- 13.1 The Client recognizes that access to the internet, the GSM network and other communication media is subject to uncertainties, including but not limited to, in relation to availability of services, reliability of transmission, authorizations, authenticity and data security. There is no warranty that the Services are, or will be completely free of faults or defects. XIS BV shall not be liable if an interruption of the service was due to a fact beyond its control, such as, but not limited to, disturbance of radiotelephone and/or telecom transmissions outside the Platform of XIS BV. In the event of a fault or defect, XIS BV shall use its reasonable efforts to restore the Service in accordance with proper practices recognized in the electronic communications industry.
- 13.2 If XIS BV suffers a loss as a consequence of the Client acting contrary to an obligation under the Agreement, these Terms and Conditions or Applicable Law, the Client is obliged to compensate XIS BV for the resulting loss.
- 13.3 Neither Party will be liable under or in relation to this Agreement or arising out of the provision of the Service, to the maximum extent permitted by applicable law, even if advised of the possibility of such damages and whether in relation to tort, including negligence, breach of contract or otherwise, or any other liability for any of the following: (i) loss of profits, revenues or sales; (ii) loss of bargain; (iii) loss of opportunity; (iv) loss of use of any service or any computer equipment; (v) loss of time on the part of management or other staff; (vi) professional fees or expenses; (vii) business interruption, related to this agreement or the Services provided hereunder, (viii) loss of income by the Client because the Client did not set up correct rates for the Traffic, (ix) damage to or loss of data; (x) loss of goodwill or reputation, or (xi) any other indirect, special, incidental or consequential damages of any kind howsoever arising.
- 13.4 XIS BV’s liability shall be limited in aggregate to an amount equal to the average monthly invoice of Client with a maximum of ten thousand euro (€ 10.000) for the total duration of the Agreement. In no event shall the total compensation by XIS BV for any and all claims under this Agreement exceed ten thousand euro (€ 10,000.00).
- 13.5 The limitations on liability specified in Article 13.3 and 13.4 shall cease to apply if and insofar as the loss is due to the willful intent or gross negligence of the liable party, or in case of damage to life, body and health.
- 13.6 Client can agree to purchase beta releases of Services (meaning Services under development and not final yet). Those services may have some irregularities that still need to be worked out. If the Client has explicitly accepted a beta release of a service, XIS BV can’t be held liable for any loss or damage caused by this service. Beta releases are provided “as is”, “as available” and without any warranties.
- 13.7 No right to compensation shall ever arise unless the Party in question reports the loss to the other Party in writing within ten (10) Working Days after it has arisen. The other Party then has ten (10) Working Days to remedy the loss, if possible.
14. Force majeure
- 14.1 XIS BV is not bound to meet any obligation under the Agreement if it is prevented from doing so as a consequence of force majeure. The term ‘force majeure’ is used in this context to include but is not limited to: government interventions, strikes, acts of terrorism or threat thereof, interruption of operations, energy disruptions, interruptions in telecommunications facilities of third parties, failure or late compliance by ancillary suppliers of XIS BV or other third parties engaged by XIS BV, as well as every other circumstance that XIS BV could not reasonably have avoided or prevented, which creates an obstacle to the normal performance of the Agreement.
- 14.2 If XIS BV is prevented from complying with its obligations due to force majeure, it shall make this known to the Client within ten (10) Working Days following the day on which the situation of force majeure arose.
15. Duration and termination of the Agreement
- 15.1 The Agreement is entered into for the initial duration agreed between the Parties in the Agreement, failing which a period of one (1) year shall apply.
- 15.2 After the initial period the Agreement shall be renewed for the duration specified in the Agreement, failing which a period of one (1) year shall apply. After the initial period, the Parties may terminate the Agreement in writing by giving three (3) months’ notice.
- 15.3 XIS BV may unilaterally terminate the Agreement or the provision of a Service prematurely if it considers that further execution of the Service cannot reasonably be expected on economic grounds. This is to be announced and substantiated in writing to Client.
- 15.4 Either Party may terminate the Agreement for cause, wholly or partially, by registered letter if the other Party imputably fails to comply with its obligations under the Agreement, and – unless compliance is permanently impossible – if, after sending the most detailed possible written notice of default while allowing a term of ten (10) Working Days to remedy the failure, the other party continues to fail to comply. The nature and/or extent of the shortcoming must justify this premature termination.
- 15.5 Either Party may terminate the Agreement for cause, wholly or partially and with immediate effect, by registered letter without need for notice of default: a. if the other Party – whether temporarily or not – is granted suspension of payments, or if a petition in the other Party’s bankruptcy is filed, or if the other Party is declared bankrupt, or if a significant part of the other Party’s assets are seized, or the other Party’s business is liquidated or terminated other than for the purposes of restructuring or merging undertakings; b. if the situation of force majeure as referred to in Article 14 lasts longer than twenty (20) Working Days; c. if such termination is required by the authorities or because of changes to the terms and conditions of Operator(s).
- 15.6 If at the time of such termination as is referred to in Article 15.4 and 15.5 the Client has already received any performance in the execution of the Agreement, any amounts invoiced by XIS BV before the termination in connection with that received performance shall remain fully due and shall become immediately payable upon termination.
- 15.7 Provisions which by their nature are intended to survive termination of the Agreement shall continue to apply after the end of the Agreement. These provisions among other things form part of articles regarding warranties & indemnification (6), setting-of (9), confidentiality & client data (11), intellectual property rights (12), liability (13), force majeure (14) and applicable law & disputes (17) of these Terms and Conditions, as well as this and the previous paragraph in this Article.
16. Transfer of rights and obligations; subcontracting
- 16.1 This Agreement may not be assigned by either Party without the written consent of the other Party, such consent not to be unreasonably withheld; provided, however, either Party may assign this Agreement to any affiliate of such entity or to any entity acquiring all or substantially all of assets of such entity. Any prohibited assignment shall be null and void. Subject to the foregoing, this Agreement shall be binding upon and shall inure to the benefit of the successors and permitted assigns.
- 16.2 XIS BV is entitled to engage affiliates and third parties for the performance of the Agreement.
17. Applicable law and disputes
- 17.1 All offers from and Agreements with XIS BV and their performance, as well as these Terms and Conditions are governed exclusively by Belgian law.
- 17.2 Any disputes, including those which are only considered as such by one Party, resulting from or connected with the Agreement to which these Terms and Conditions apply or the Terms and Conditions themselves, will – notwithstanding the possibility of appeal – be submitted to the competent court in Hasselt, Belgium.
18. Miscellaneous provisions
- 18.1 Without prejudice to article 18.3, amendments and additions to the Agreement or other notifications only apply if they are agreed in writing and have been signed by the persons authorized for this purpose on behalf of both Parties. Any amendment or addition will only apply to the relevant Agreement.
- 18.2 Contact persons may only represent and bind Parties insofar as this concerns the operational performance of the Agreement.
- 18.3 XIS BV is authorized to modify this Terms and Conditions at any time. XIS BV will inform Client of any modifications. If Client doesn’t object in writing within a month from the date of sending of the modification notification, the modifications to the terms and conditions are deemed accepted by Client. If Client objects, the previous terms and conditions will still apply. However, XIS BV then alternatively has the right to cancel the Agreement with Client by giving one (1) month written notice.
- 18.4 Failure by one of the Parties to demand compliance with any obligation will not affect the right still to demand compliance, unless the Party in question has expressly agreed to the non-compliance in writing.
- 18.5 In the event that one or more of the conditions in this Agreement or these Terms and Conditions is or becomes null and void, or is set aside by a court, the remaining conditions will continue to apply in full. The Parties will consult each other as regards the invalid provisions in order to agree, if possible, on a similar provision that is permitted by law.
Part II. Data Processing
This Part II specifies the obligations of the Parties in relation to the Processing of Personal Data of which the Client is the Controller, or in respect of which the Client has a Processing or sub-processing relationship with the Controller, for the purposes of the applicable Data Protection Laws, within the scope of and related to the Agreement for the provision of Services between the Parties. Article 17(2) of the Data Protection Directive 95/46/EC (the “Directive”) as well as Article 28(3) of the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (“GDPR”) places certain obligations upon Client acting as a Controller or Processor, to ensure that any processor it engages provides sufficient guarantees in respect of the technical security measures and organizational measures governing the Processing to be carried out.
Under the applicable telecom and Data Protection Laws providers of public electronic communication services shall act as independent controllers with respect to the Processing of Personal Data which is necessary for the operation of the electronic communication service, which shall include any information Processed for the purpose of the conveyance of a communication (Traffic Data) on an electronic communications network or for the billing thereof.
19. Definitions and interpretation
In Part II of these Terms and Conditions, except where set forth otherwise, the following terms shall have the following meanings:
- 19.1 Data Protection Laws: the Data Protection Laws of the country in which Client is established and any Data Protection Laws applicable to Client and/or XIS BV in connection with the Agreement.
- Personal Data: any information relating to an identified or identifiable natural person (‘Data Subject’) that is Processed by XIS BV in its role as Processor as part of providing the Service to Client under the Agreement. For the avoidance of doubt, Processing of personal data which is necessary for the operation of the electronic communication service and business contact information of Client shall not be subject to Part II of these Terms and Conditions.
- Processing/to Process: any operation or set of operations which is performed on Personal Data, whether or not by automatic means, including collecting, accessing, storing, using, combining, transferring, disclosing or deleting of Personal Data.
- Technical and Organizational Measures: measures to protect Personal Data against accidental or unlawful destruction or accidental loss, alternation, unauthorized disclosure or access and against all other unlawful forms of Processing.
- Personal Data Breach: a breach of security leading to the accident or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise Processed.
- The expressions such as, ‘Data Subject’, ‘Processor’, ‘Controller’, ‘Data protection impact assessment’, etc. shall have the meaning ascribed to them in the Data Protection Laws.
- 19.2 References in Part II of these Terms and Conditions to the Data Protection Laws shall be replaced with or incorporate references to any laws replacing or amending those Data Protection Laws, and the equivalent terms defined in such laws, once in force and applicable.
- 19.3 Notwithstanding anything in Part II of these Terms and Conditions, XIS BV will have the right to collect, extract, compile, synthesize and analyze non-personal identifiable data or information resulting from Client’s use or operation of the Services including, by way of example and without limitation, information relating to volumes, frequencies, bounce rates, or any other information regarding communications (“Service Data”) Client, its End Users or recipients generate and send using the Services. To the extent any Service Data is collected or generated by XIS BV such data will be solely owned by XIS BV and may be used by XIS BV for any lawful business purpose without a duty of accounting to Client, provided that such data is used only in an aggregated form, without directly identifying any person. For the avoidance of doubt, Part II of these Terms and Conditions will not apply to Service Data containing Personal Data.
- 19.4 In case of any conflict, the provisions of this Part II concerning Processing of Personal Data shall take precedence over the provisions of the Agreement and/or Part I. Where individual provisions of this Part II are invalid or unenforceable, the validity and enforceability of the other provisions shall not be affected.
20. Obligations of the Client
- 20.1 Compliance
- 20.1.1 Client shall, in its use of the Service, Process Personal Data in accordance with the requirements of Data Protection Laws. For the avoidance of doubt, Client’s instructions for the Processing of Personal Data shall comply with Data Protection Laws. Client shall have sole responsibility for the accuracy, quality, and legality of Personal Data and the means by which Client acquired Personal Data.
- 20.1.2 Client shall maintain accurate and complete records of the use of the Service under the Agreement during the term and as required under the Data Protection Laws. Upon reasonable written notice, Client shall provide information as requested and where required by XIS BV, any Operator, regulator or other competent authority. Without limiting the generality of any other provision of the Agreement, prior to using the Service, Client shall obtain verifiable informed consent of the End Users or be able to provide confirmation of the lawful basis for Processing in accordance with applicable legislation and regulations, and shall maintain a record of each such consent and/or lawful basis.
21. Obligations of the Processor
- 21.1 Instructions
- 21.1.1 XIS BV shall Process Personal Data in accordance with this Part II and the Agreement, and for the purposes and in the manner specified by Client from time to time in the Agreement and further instructions within the scope of the Agreement.
- 21.1.2 In case XIS BV is required to Process Personal Data under mandatory law as specified in this Part II or the Agreement, XIS BV shall for those purposes be considered an independent controller. If XIS BV is required to Process Personal Data under mandatory law XIS BV shall inform Client hereof in writing before Processing unless the law prohibits providing such information.
- 21.2 Technical and Organizational Measures
- 21.2.1 Taking into account the state of the art, the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, XIS BV shall implement appropriate Technical and Organizational Measures (including protection against unauthorized or unlawful Processing and against accidental or unlawful destruction, loss or alteration or damage, unauthorized disclosure of, or access to, Personal Data) to ensure a level of security appropriate to the risk.
- 21.2.2 XIS BV shall test, assess and evaluate the effectiveness of Technical and Organizational Measures for ensuring the security of the Processing on an ongoing basis. XIS BV shall continuously enhance and improve Technical and Organizational Measures.
- 21.3 Personnel requirements
- 21.1XIS BV ensures that persons authorized to Process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
- 21.4 Confidentiality:
- XIS BV agrees that it shall maintain the Personal Data in confidence. In particular, XIS BV agrees that it shall not disclose any Personal Data supplied to XIS BV by, for, or on behalf of Client to any third party without Client’s prior consent, except as foreseen and required for the performance of the Service under the Agreement or mandatory law.
- 21.5 Data Subject Rights
- 21.5.1 Where Client so instructs XIS BV, XIS BV shall transfer, correct, delete or block Personal Data if Client receives a request from a Data Subject to exercise the Data Subject’s right of access, right to rectification, restriction of Processing, erasure (“right to be forgotten”), data portability, object to the Processing, or its right not to be subject to an automated individual decision making (“Data Subject Request”).
- 21.5.2 XIS BV shall promptly notify Client if XIS BV receives a Data Subject Request. Taking into account the nature of the Processing, XIS BV shall assist Client, for the fulfilment of Client’s obligation to respond to a Data Subject Request under Data Protection Laws. XIS BV shall assist Client in responding to such Data Subject Request, to the extent XIS BV is legally permitted to do so and the response to such Data Subject Request is required under Data Protection Laws. To the extent legally permitted, Client shall be responsible for any costs arising from XIS BV’s provision of such assistance.
- 21.6 Assistance with Client’s compliance:
- XIS BV shall provide to Client further assistance reasonably required to ensure compliance with Client’s obligations under Data Protection Laws, including with respect to: (a) data protection impact assessment, by providing such information and cooperation as Client may require for the purpose of assisting Client in carrying out a data protection impact assessment and periodic reviews to assess if the Processing of Personal Data is performed in compliance with the data protection impact assessment; (b) prior consultation with a data protection supervisory authority regarding high risk Processing.
- 21.7 Compliance, information and audit
- 21.7.1 Client has the right to appoint an accredited external expert at most once per year to audit the procedures regarding the data Processing for Client. XIS BV will cooperate with such audit upon a reasonable prior written notice of no less than ten working days. Client shall reimburse XIS BV for any time expended by XIS BV for any such audit at XIS BV’s then-current professional services rates, which shall be made available to Client upon request. Before the commencement of any such audit, the Parties shall mutually agree upon the scope, timing, and duration of the audit in addition to the reimbursement rate for which Client shall be responsible.
- 21.7.2 XIS BV is entitled to request that the external expert signs a confidentiality declaration in favor of XIS BV. The confidentiality declaration shall contain the terms and conditions that are usual for this type of declaration. Any report or statement provided by the external expert shall be made available to XIS BV. Client shall ensure that the audit hinders XIS BV ‘s operations as little as possible.
- 21.8 Records:
- XIS BV shall maintain complete, accurate and up to date records of Processing activities carried out on behalf of its Clients.
- 21.9 Affiliates and Sub-processors
- 21.9.1 Some or all of XIS BV’s obligations under the Agreement may be performed by Affiliates of XIS BV. For the purpose hereof an “Affiliate” means a legal entity directly or indirectly Controlling, Controlled by, or under common Control with XIS BV, for so long as such Control lasts. “Control” shall exist through the direct or indirect ownership of more than 50% of the share capital of the legal entity or of more than 50% of the issued share capital entitling the holders to vote for the election of directors or persons performing similar functions. XIS BV and its Affiliates have entered into intra-company arrangements, under which its Affiliates Processing Personal Data adopt safeguards consistent with those of XIS BV. XIS BV is responsible for compliance of its Affiliates’ with this Agreement.
- 21.9.2 Client acknowledges and agrees that (a) XIS BV’s Affiliates may be retained as Sub-processors; and (b) XIS BV and XIS BV’s Affiliates respectively may engage third-party Sub-processors in connection with the provision of the Services. Provided always XIS BV or a XIS BV Affiliate has entered into a written agreement with each Sub-processor containing data protection obligations not less protective than those in this Agreement with respect to the protection of Personal Data to the extent applicable to the nature of the Service provided by such Sub-processor.
- 21.9.3 XIS BV shall be responsible for each of its Sub-processors to the same extent XIS BV would be responsible if performing the services of each Sub-processor directly under the terms of the Agreement.
- 21.10 International Data Transfers:
- Any transfer of Personal Data outside the European Economic Area (“EEA”) requires appropriate safeguards, and conditions that include enforceable data subject rights and ensure effective legal remedies for data subjects are available. XIS BV shall ensure that transfer of Personal Data outside of the EEA takes place pursuant to a written contract including provisions relating to security and confidentiality of the Personal Data and includes appropriate safeguards, and conditions that enforceable Data subject rights and effective legal remedies for data subjects are available. Such contract shall comply with article 46 of the EU General Data Protection Regulation.
- 21.11 Breach Notification:
- In respect of a Personal Data Breach, XIS BV shall: (a) notify Client of a Personal Data Breach involving XIS BV or a sub-contractor without undue delay (but in no event later than forty-eight hours after becoming aware of the Personal Data Breach). (b) provide reasonable cooperation and assistance to Client in relation to any action to be taken in response to a Personal Data Breach under applicable Data Protection Laws, such as Art. 33(3) and 34(3) GDPR, including regarding any communication of the Personal Data Breach to the Data Subject and data protection authorities.
- XIS BV will promptly investigate a Personal Data Breach and take reasonable measures to identify its root cause(s) and prevent a recurrence. As information is collected or otherwise becomes available, unless prohibited by law, XIS BV will provide Client with a description of the Personal Data Breach, the type of data that was the subject of the Personal Data Breach, and other information Client may reasonably request. The Parties agree to coordinate in good faith on developing the content of any related public statements or any required notices for the affected Data Subjects and/or the relevant data protection authorities.
22. Indemnification
XIS BV shall indemnify and hold harmless Client against claims by Data Subjects and/or penalties or fines imposed by a competent authority incurred by Client or for which Client might become liable, due to an attributable failure by XIS BV to comply with the obligations under this Part II or applicable Data Protection Laws. For the avoidance of doubt, the indemnification provided is strictly limited to the third party claims as detailed in this article.
23. Storage, retention and deletion of Personal Data
XIS BV shall Process and retain data, including Personal Data, in accordance with applicable law, regulations, including but not limited to national telecom legislation and Data Protection Laws. The data, including Personal Data, submitted to the platform of XIS BV shall be Processed and stored in accordance with the XIS BV’s data retention policy.
The Personal Data shall be retained for no longer than is necessary for providing the Services under the Agreement, for the purposes as states in Part I and as far as required under applicable law. XIS BV shall de-identify or depersonalize data into anonymized data after the applicable retention period. This results in data that includes no Personal Data or unique identifiers that could later be used to refer to the Personal Data to which the data was once associated.
24. Description of Processing
- 24.1 Nature and Purpose of Processing:
- XIS BV will Process Personal Data as necessary to perform the Services pursuant to the Agreement, as further specified in the Agreement, and as further instructed by Client in its use of the Services.
- 24.2 Categories of Data Subjects:
- Client may submit data to XIS BV in using the Service, the content of which is determined and controlled by Client in its sole discretion, and which may include, but is not limited to Personal Data relating to the following categories of Data Subjects:
- (Potential) customers (who are natural persons) of Client or its clients;
- Employees, contractors, advisors, freelancers or persons hired by (customers of) Client;
- Contact persons of Client’s prospects, customers and business partners;
- Client’s users authorized by Client to use the Services.
- 24.3 Type of Personal Data:
- Client may submit Personal Data to the Services, the extent of which is determined and controlled by Client in its sole discretion, and which may include, but is not limited to the following categories of Personal Data: First and last name, Contact information (company, address, email, phone), IP address.
- 24.4 Purposes of Processing:
- The Personal Data is Processed for the following purposes: Provision of the Services as detailed in the Agreement, handling complaints and disputes, providing information to emergency services, preventing fraud and criminal activities on XIS BV’s platform.