Introduction

This Data Processing Agreement (the “Agreement”) governs the processing of personal data by Webosa (the “Data Controller”) in cooperation with third parties (the “Processor”). This Agreement ensures that personal data is processed securely, lawfully, and in full compliance with the General Data Protection Regulation (GDPR).

1. Definition of Personal Data

Under the GDPR, personal data is defined as any information relating to an identified or identifiable natural person. This includes information that directly identifies an individual or can reasonably be used to identify them. Examples include, but are not limited to, names, telephone numbers, and other contact details.

2. Purpose of the Agreement

This Agreement ensures that all processing of personal data by the Processor on behalf of the Data Controller is carried out in a secure and lawful manner in accordance with GDPR requirements.

3. Obligations of the Processor

The Processor shall comply with all applicable data protection laws and regulations, including but not limited to:

• Legal Compliance: Adhering to all GDPR requirements.
• Confidentiality: Ensuring that all personal data is treated confidentially.
• Data Security: Implementing appropriate technical and organizational measures to protect personal data.

4. Transfer of Personal Data

The Processor shall process personal data exclusively within the European Union, unless transfer to countries outside the EU is conducted in compliance with applicable legal requirements.

5. Data Breach Notification

In the event of a personal data breach, the Processor shall notify the Data Controller without undue delay and no later than 48 hours after becoming aware of the breach.

6. Duration and Termination

This Agreement shall remain in effect for as long as the Processor processes personal data on behalf of the Data Controller.

7. Governing Law

This Agreement shall be governed by and interpreted in accordance with Dutch law.