AGREEMENT ON ENTRUSTING PERSONAL DATA PROCESSING
SUBJECT OF THE AGREEMENT
The Parties have entered into a service agreement under the conditions set out in the Terms; in connection with performance of the agreement, the Service Provider ("Administrator") entrusted Pixers LTD ("Processor”) with personal data processing.
- The Service Provider shall be the personal data administrator in the scope in which it uses the following functionalities / services:
- of the Users whose personal data is processed in connection with the Services / Agreement. Based on the Agreement on entrusting, the Administrator entrusts the Processor with data such as: first and last name, address, phone number, email address ("Personal Data”) for processing.
- The Processor shall process Personal Data for the purpose of providing the services defined in the Terms as well as in the scope and time essential for the completion of this goal.
- Personal Data processing shall be subject to the Regulation of the European Parliament and of the Council (EU) No. 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) ("Regulation”). The Processor shall be obliged to process personal data in accordance with the Regulation, other applicable laws and the Agreement.
- The Processor hereby represents that it has the available infrastructure, experience, knowledge and qualified personnel in the scope allowing the adequate performance of the Agreement on entrusting, in accordance with applicable regulations.
- The Processor shall be obliged to:
- apply any and all technical and organizational measures securing the Personal Data in accordance with the Terms laid down in Article 32 of the Regulation;
- assist the Administrator in performing their duties laid down in Articles 32-36 of the Regulation;
- process the Personal Data at the Administrator's request, unless such obligation results from applicable domestic or community law; in such case, before processing, the Processor shall notify the Administrator of such duty insofar as such notification is not prohibited due to significant public interest;
- assist the Administrator with adequate technical and organizational measures in performing the obligation to respond to requests of the person whose data is concerned in the scope of such person exercising their rights defined in chapter III of the Regulation;
- ensure that the persons authorized to process Personal Data oblige to maintain confidentiality, unless these are persons obliged to maintain confidentiality in accordance with applicable laws;
- in the event of ascertaining a violation of Personal Data protection, to immediately notify the Administrator of such violation,
- after the termination of the Agreement, subject to the Administrator's decision, to remove or return Personal Data and to remove any and all its copies, unless stipulated otherwise by universally applicable regulations of law and submit a representation to the Administrator confirming the execution of the aforesaid duty, at each demand of the Administrator.
- The Processor shall be authorized to further entrust Personal Data processing to secondary processing entities. The Processor assures that it shall use the services of only such secondary processing entities which ensure sufficient guarantees of implementing technical and organizational measures that the processing meets the requirements of the Regulation and protects the rights of the persons whose data is concerned. The Processor shall ensure that the secondary processing entities are subject to obligations at least equivalent to those imposed on the Processor under this Agreement on entrusting.
- The Processor shall provide the Administrator with information essential for the performance of the latter's duties related to entrusting of Personal Data processing. The Processor shall enable the Administrator to carry out audits, including inspections, in the scope related to entrusting of Personal Data processing and shall ensure cooperation in this regard.
- The Processor shall be authorized to appoint its agents, including secondary processing entities, for processing of Personal Data on the Administrator's behalf, inclusive of giving instructions concerning Personal Data processing to such entities on the Administrator's behalf.
- Processor shall not transfer Personal Data to third parties (i.e. outside the territory of the EEA) unless it obtains a separate, prior consent of the Administrator; no such consent shall be valid unless given in writing.