Terms and conditions
Versie 1 Januari 2023
Definitions used in these General Terms and Conditions have the meaning assigned to them in the Agreement or as described below:
- General Terms and Conditions: these general terms for the use and provision of the Services.
- Services: the services that SmartTrackers provides to Customer as described in the Agreement.
- End user: a person who, under the responsibility of the Customer, makes use of and can log in as a user to the Customer’s environment of the Software.
- Customer: the person who purchases the Services under the Agreement.
- Agreement: the order confirmation, agreement or addendum or similar legally binding document on the basis of which Customer and SmartTrackers agree to provide the Services.
- Party(ies): SmartTrackers (registered at the Chamber of Commerce in The Netherlands under the name SmartTrackers B.V.) and Customer individually as a Party or jointly as Parties.
- Software: the Service consisting of software functionality that is made available and kept available to the Customer on the basis of Software as a Service ‘remotely’ via the internet or another data network.
- SmartTrackers: the legal entity that is part of the Visma group and that provides the Services as further specified in the Agreement.
- Visma group: Visma Nederland BV and all its direct and indirect subsidiaries.
- These General Terms and Conditions apply to all offers and agreements, including the Agreement, whereby Services are provided by SmartTrackers to Customer.
- During the term of the Agreement, SmartTrackers is entitled to change these General Terms and Conditions after prior written notification to the Customer with due observance of a period of at least 30 days before the changes take effect. During this period, the Customer has the right to object to such changes to SmartTrackers. In case the Customer does not use the right to object, the amended General Terms and Conditions automatically enter into force after the period during which these objections can be made, is over.
- If any provision of the General Terms and Conditions is void or voided, the other provisions of the General Terms and Conditions will remain in full force and effect. In that case, SmartTrackers will inform the customer about agreeing on a new provision to replace the void or voided provisions, taking into account as much as possible the purpose and intent of the void or voided provisions.
- Oral communications, undertakings, offers or agreements expressly have no legal force unless confirmed in writing by SmartTrackers.
PERFORMANCE OF THE AGREEMENT
- SmartTrackers will make every effort to perform the Services as a good contractor and with care in accordance with the provisions of the Agreement and the General Terms and Conditions. The Services are performed on the basis of a best efforts obligation unless explicitly agreed otherwise.
- The Customer will provide SmartTrackers in a timely manner with the information and cooperation deemed necessary for SmartTrackers, which is reasonably necessary for the performance of the Agreement. The Customer guarantees that the information it provides is correct and complete.
- Customer is responsible for the management and appropriate use, including control of the settings, of the use of the Services provided by SmartTrackers and the way in which the results of the Services are used. The Customer is also responsible for the instruction and use by End Users. Management includes:
a. In the web application the Customer can assign accounts to employees and auxiliaries (“users”). The Customer is responsible for user names, passwords, tokens and other codes that are solely intended for obtaining access to the web application (“login
details”) and the Customer is required to handle these details carefully.
b. The Customer will use the supplementary safety precautions SmartTrackers offers for their account on the web application, such as two-factor authentication, and will see to it their users do as well.
c. The login details are personal for each user and may not be shared with or transferred to another party or person, within or outside of the Customer’s organization. The Customer and users are required to keep the login details strictly secret.
- In the event that SmartTrackers employees perform work at the Customer’s location, the Customer will provide the facilities reasonably desired by those employees, such as a workspace with computer, data and telecommunications facilities, free of charge. The workspace and facilities will meet all legal and other applicable requirements regarding working conditions. The Customer will make the house and security rules applicable within its organization known to the employees deployed by SmartTrackers before the work commences.
USE OF DATA
- When using the Software, the Customer adds data to the Software (Customer Data) and usage data is generated by the End Users (hereinafter “Usage”), collectively referred to as Data. Customer Data and Usage Data may include Personal Data as well as non-personal data.
- Technical information and traffic data, such as operating system type, browser type, device, keyboard language and IP address;
- Aggregated data generated by Customers or End Users, such as the duration of sessions, the number of users, the number of generated reports, password resets, number and type of documents and records processed;
- Non-Aggregated Customer or End User Generated Data, such as the context and content of support tickets, chat boxes, security logs, and the like, and;
- Production data, such as images, files or databases of Customer Data, is subject to strict safeguards.
Use of Data, as set forth above, is limited to the following purposes:
- Improvement of Software and user experience, for example by analyzing aggregated usage patterns, enabling individual user preferences, or as set forth above for limited production data.
- Marketing and displaying relevant information, for example for additional or value-added Software and providing relevant market updates or information.
- Security and related purposes, for example by analyzing session and login data (including in real time), incident registrations and the like to prevent, investigate and document security vulnerabilities and incidents (such as breaches, fraud and various forms of hacking), and the security of the Software.
- Statistics and research, for example, regarding the number of measures that are calculated via our systems or the number of norms and standards used for compliance, including the use of aggregated and anonymous statistics in general marketing, and as value-added Software or services, such as in-app market statistics relevant to Customer.
- Compliance, SmartTrackers may use and analyze Usage Data for compliance purposes with the Terms and Conditions, for example by logging in when a Customer accepts the Terms and Conditions.
- Development and testing, for example, by analyzing aggregate usage patterns, providing Data to develop new technologies and products, improving the user experience, testing the load of new or updated Software, or technology feasibility.
- SmartTrackers may also use relevant information from publicly or commercially available sources and combine such information with Data as described above, for example to provide lookup functions in company registers.
- A precondition for the use of Data for the above purposes is that this use is in accordance with the applicable legislation, including the necessary security measures to guarantee the confidentiality, integrity and availability of the Data. To the extent that Personal Data is part of such Data Processing, it must be anonymised. If anonymization is not possible for technical or practical reasons, SmartTrackers will take alternative measures to ensure the same level of protection.
SmartTrackers may share Data with other Visma group companies, vendors and partners subject to the same conditions and restrictions as set forth herein. SmartTrackers will only share Data with third parties in the following situations:
- to comply with law or regulation, or to respond to a legally binding request from authorities, such as a court order or warrant;
- to investigate serious security threats or fraud, or to prevent;
- any reorganization, merger, sale or purchase of SmartTrackers, in whole or in part, whereby confidential information may be disclosed to other companies of the Visma group, or to potential purchasers who comply with the obligations herein by means of a confidentiality agreement.
- Unless otherwise provided herein, SmartTrackers will not sell, rent or lease Data to any third party.
- SmartTrackers will promptly notify Customer of any request for disclosure of Data received directly from government authorities, unless such notification is prohibited by law. SmartTrackers will not respond to such requests unless the Customer has given its consent. SmartTrackers will only disclose Data to government authorities to comply with legally binding requests, such as a court order or warrant.
- The Customer remains entitled to the Data. The Customer itself determines and is responsible for which Data is stored, edited, processed or otherwise entered using the Software. SmartTrackers is not obliged to check the correctness and completeness of the Data and is therefore not liable for the consequences of the use of incorrect and/or incomplete Data supplied by the Customer. The Customer indemnifies SmartTrackers against claims from third parties for compensation for damage that these third parties could recover from SmartTrackers in any way, insofar as this claim is based on the use of the Software, by the Customer.
INTELLECTUAL PROPERTY RIGHTS
- All intellectual property rights in the Software or other materials developed or made available to Customer under the Agreement are vested exclusively in SmartTrackers, its licensors or suppliers. The Customer acquires the rights of use that are expressly granted by these General Terms and Conditions, the Agreement and the law. A right of use accruing to Customer is non-exclusive, non-transferable, non- pledgeable and non-sublicensable.
- SmartTrackers indemnifies Customer against any claim by a third party based on the allegation that Software or other materials developed by SmartTrackers itself infringe an intellectual property right of that third party, provided that Customer immediately informs SmartTrackers in writing of the existence and leaves the content of the claim and the handling of the case, including making any settlements, entirely to SmartTrackers. To this end, the Customer will provide SmartTrackers with the necessary. powers of attorney, information and cooperation to defend itself against these claims. This obligation to indemnify lapses if the alleged infringement is related (i) to materials made available to SmartTrackers by the Customer for use, processing or maintenance, or (ii) to changes made by the Customer to the Software or other materials without SmartTrackers’s written consent.
RATES AND PAYMENT
- The rates to be paid by the Customer to SmartTrackers are stated in (an appendix to) the Agreement.
- All rates are exclusive of VAT and in euros.
- The Customer can never derive any rights or expectations from a cost estimate or budget issued by SmartTrackers. An available budget made known by the Customer to SmartTrackers shall never be regarded as a (fixed) price agreed between the Parties for the services to be performed by SmartTrackers. SmartTrackers is only obliged to inform the Customer in the event of an imminent exceeding of a cost estimate or budget issued by SmartTrackers if this has been agreed in writing between the Parties.
- SmartTrackers has the right to increase the rates periodically, (in principle once per year but maximally twice per year in case of exceptional circumstances) on the basis of indexation or as a result of general price and cost increases.
- three months have elapsed since the conclusion of the Agreement. Also, SmartTrackers may change the fees for the Services twice a year upon prior notice to Customer of at least 3 months.
- The parties will record in the Agreement the date or dates on which SmartTrackers will charge the Customer for the agreed performance. Amounts owed are paid by the Customer in accordance with the
payment conditions agreed or stated on the invoice. In the absence of a specific arrangement, the Customer will pay within a period of 30 days after the invoice date. Payment must be made to a bank account to be specified by SmartTrackers. If the Customer does not agree with the amount stated on the invoice, the Customer must report this to SmartTrackers in writing and substantiated within 30 days of the date of the invoice. After the expiry of the aforementioned term, the Customer is deemed to have agreed to the invoice. The Customer is not entitled to suspend any payment, nor to set off any amounts owed.
- Unless otherwise agreed in writing, all fees are due and non-refundable in advance, including unused credits, user accounts, Software, or days remaining in a subscription period. This unless the availability of the Software is significantly reduced for reasons attributable solely to SmartTrackers. SmartTrackers may, in its sole discretion and as its sole remedy, offer a reasonable refund for the fees accrued during such period of reduced availability.
- If the Customer does not pay the amounts due within the agreed term, the Customer will owe the statutory interest for commercial transactions on the outstanding amount, immediately and without any further notice of default being required. If the claim is handed over, the Customer is also obliged to pay a reasonable compensation for the extrajudicial costs and the actual costs involved in legal proceedings, related to the collection of this claim or the exercise of legal rights in any other way.
- If the Customer fails to fulfil its obligations towards SmartTrackers and is in default, SmartTrackers has the right, after careful consideration of interests and written notice, to suspend further performance of the Agreement, in whole or in part.
- Additional work will only be invoiced with the next invoice after written order has been issued by the Customer or after completion of the additional work. Additional work is understood to mean the work that falls outside the content or scope of the work agreed in writing.
- Either Party may obtain Confidential Information from the other Party that should reasonably be deemed to be owned by the providing Party, to be confidential or to be competitively sensitive (Confidential Information). The Parties will keep Confidential Information confidential and take reasonable steps to protect the other Party’s Confidential Information, and will not disclose it to third parties unless the other Party is authorised to do so, or if required by mandatory legal provisions.
- The Customer acknowledges that the Services provided by SmartTrackers are always of a confidential nature and that they contain trade secrets of SmartTrackers, its suppliers or the producer of the Software.
- Unless otherwise agreed in writing, SmartTrackersis permitted to mention the conclusion or existence of the Agreement in one or more (press) releases. SmartTrackers is entitled to place the Customer’s name and logo on the SmartTrackers website and/or a reference list and to make these available to third parties for information.
- Insofar as the Agreement entails processing of the personal data by SmartTrackers on behalf of and for the purposes of the Customer, SmartTrackers acts as processor in this regard. In that capacity, SmartTrackers will comply with all legal obligations incumbent on it as a processor. SmartTrackers will process the personal data under the conditions as set out in the data processing agreement applicable between the Parties.
- All terms stated by SmartTrackers have been determined to the best of its knowledge on the basis of the information known to SmartTrackers when the Agreement was entered into and will be observed as much as possible.
- Insofar as delivery dates and/or terms are stated in any Agreement, appendix, action plan or quotation, these are indicative and do not constitute strict deadlines, unless expressly stated otherwise. In all cases, therefore also if the Parties have expressly agreed a deadline in writing, SmartTrackers will only be in default after it has been given a proper, detailed and written notice of default by the Customer and SmartTrackers after the expiry of a reasonable period given in that notice of default, still not properly fulfilled its obligations.
- SmartTrackers is not bound by (delivery) terms that can no longer be met due to circumstances beyond its control that occurred after the Agreement was entered into. If any term threatens to be exceeded, SmartTrackers and the Customer will enter into consultation as soon as possible.
- If SmartTrackers (for example by the service center, by sales personnel, or by consultants) provides Customer employees with substantive information or advice in the field of taxation, legislation and regulations and/or other subjects of legal or administrative nature, this is done under the condition and in the expectation that the Customer will verify the information and/or advice or have it verified by experts. SmartTrackers accepts no responsibility or liability for the correctness and/or completeness of this information/advice.
- The total liability of SmartTrackers due to an attributable shortcoming in the fulfillment of the agreement or on any legal ground whatsoever, expressly including any shortcoming in the fulfillment of a warranty obligation or indemnification agreed with the Customer, is limited to compensation for direct damage up to a maximum of the amount of the price stipulated for that agreement (excl. VAT). If the agreement is mainly a continuing performance agreement with a term of more than one year, the price
stipulated for that agreement is set at the total of the fees (excl. VAT) stipulated for one year. In no event shall SmartTrackers’s total liability, cumulative liability for any reason whatsoever, exceed EUR 100,000 (one hundred thousand euros).
- SmartTrackers can only be held liable for compensation for direct damage. Direct damage is exclusively understood to mean: a) the costs which the Customer has incurred for keeping its old system or systems and associated facilities operational for a longer period of time because SmartTrackers has failed to perform on a date which is binding for it, less any savings resulting from the delayed performance; b) reasonable costs incurred to determine the cause and extent of the damage, insofar as the determination relates to direct damage within the meaning of this article; c) reasonable costs incurred to prevent, limit or repair damage, insofar as the Customer demonstrates that these costs have led to limitation of direct damage within the meaning of this article; d) the costs of emergency facilities, such as switching to other systems, hiring third parties or using emergency procedures or different working methods.
- SmartTrackers is not liable for any indirect damage, including loss of turnover and profit, loss of data, (damage) claims from third parties, fines or additional assessments, missed proceeds or savings, reputational damage, Customers’ incompliance or late compliance with norms, standards, laws or regulations or other indirect or consequential damage arising from or in connection with the non- compliance with any obligation or any unlawful act by SmartTrackers.
- A condition for the existence of any right to compensation is always that the Customer reports the damage in writing to SmartTrackers as soon as possible after discovery (but no later than within one (1) month).
- SmartTrackers’s liability for damage resulting from death, physical injury or material damage to property will never exceed EUR 1,250,000 (one million two hundred and fifty thousand euros). The previous paragraphs of this article do not apply if and insofar as the relevant damage is caused by intent or wilful misconduct on the part of SmartTrackers.
- In the event of force majeure on the part of one of the Parties, the obligations under this Agreement will be suspended as long as the force majeure situation continues. Force majeure also includes a shortcoming on the part of SmartTrackers’s suppliers. However, the suspension will not apply to the obligations to which the force majeure does not relate and/or the obligations that arose before the force majeure situation occurred.
- If the force majeure situation lasts longer than sixty days, the Parties have the right to terminate the Agreement by means of a registered letter, unless it is foreseeable that the force majeure situation will be resolved within a reasonable period of time. In that case, what has already been performed as a result of the Agreement will be settled proportionally, without the Parties owing each other anything.
SUBCONTRACTING AND ASSIGNMENT
- SmartTrackers is allowed to use third parties in the performance of its obligations. The effect of art. 7:404 of the Dutch Civil Code is hereby expressly excluded. The Customer is not permitted to transfer the rights under the Agreement to a third party without the prior written consent of SmartTrackers.
DURATION AND TERMINATION
- The Agreement commences on the date agreed in the Agreement or, failing that, the date of signature of the Agreement by both Parties. The Agreement is entered into for the duration specified in the Agreement or, failing that, for an initial duration of three (3) years. After the initial period has expired, the Agreement is always tacitly renewed for a period of one year every time. The Customer has the opportunity to lock the renewal period for multiple years.
- Unless expressly agreed otherwise, the Parties are only entitled to terminate the Agreement in writing at the end of the agreed term of the Agreement, subject to a notice period of two (2) months.
- Unless expressly provided otherwise in the General Terms and Conditions or agreed in the Agreement, the Parties are not permitted to terminate the Agreement prematurely. Article 7:408 of the Dutch Civil Code does not apply.
In addition to the right to terminate the Agreement in accordance with Article 14.2, a Party is entitled to dissolve the Agreement in whole or in part with immediate effect, without notice of default and without judicial intervention, without any obligation to compensate the other Party for any damage, if one of the following circumstances occurs:
- the other Party is declared bankrupt;
- the other Party is granted a (temporary or otherwise) suspension of payments;
- the other Party’s business is liquidated or discontinued.
- In the event of dissolution, the dissolution will only have effect for the obligations arising after the moment of dissolution and the dissolution will therefore not have retroactive effect.
- Upon termination of the Agreement, all rights of Customer with regard to the Services will expire. Rights and obligations under the Agreement between SmartTrackers and Customer, which by their nature and content are intended to last, including with regard to intellectual property, liability, confidentiality, force majeure and dispute settlement, shall remain in full force and effect after termination or dissolution of the Agreement.
FURTHER PROVISIONS FOR SOFTWARE
- The provisions as described in this article 15 only apply to the provision of Services by SmartTrackers and the use thereof by the Customer if it concerns Software.
Execution of Software
- SmartTrackers will make reasonable efforts to ensure that the agreed Software functions properly and strives for the highest possible availability, quality and security of the Software. SmartTrackers reserves the right to change the technical and functional properties of the Software in the interim in order to improve them and to correct any errors or to comply with applicable laws and regulations. If such an adjustment leads to a material deviation in the functionality of the Software, SmartTrackers will inform the Customer thereof in writing or electronically.
- SmartTrackers does not guarantee that the Software will function without errors, malfunctions or interruptions. SmartTrackers will make an effort to repair errors in the Software, equipment, infrastructure and/or management environment within a reasonable period of time if and insofar as it concerns Software, equipment, infrastructure or management environment that has been developed or built by SmartTrackers itself and the faults concerned have been reported to SmartTrackers by the Customer in a detailed manner. SmartTrackers may, where appropriate, postpone the repair of the defects until a new version of the Software, equipment, infrastructure or management environment is brought into use. SmartTrackers cannot guarantee that all errors will be corrected. SmartTrackers is entitled to implement temporary solutions, work-arounds or problem-avoiding restrictions in the Software.
- SmartTrackers may temporarily shut down the Software in whole or in part for preventive, corrective or adaptive maintenance or other forms of service. SmartTrackers will not allow the decommissioning to last longer than necessary and, if possible, have it take place outside its usual office hours.
- SmartTrackers may continue to execute the Software using a new or modified version of the Software. SmartTrackers is not obliged to maintain, change or add certain features or functionalities of the service or Software specifically for the customer.
- In the event of introducing a replacement application with equivalent and/or more extensive functionality than existing Software, SmartTrackers is allowed to migrate the Customer to this replacement application, which will then be a Software within the meaning of the Agreement. In such cases, SmartTrackers has the right to charge reasonable costs for the migration separately to Customer. SmartTrackers will announce these costs in advance. If the Customer then indicates that it does not wish to bear any costs, the Parties have the right to terminate the Agreement prematurely, subject to a notice period of one year. The Customer can use the original Software during this notice period.
- SmartTrackers is entitled to communicate directly with end users within the Software (i) insofar as this is necessary with regards to guaranteeing the security and/or the quality of its services (ii) to send notifications regarding maintenance or new functionalities and/or products, or (iii) to directly offer related additional services.
Access to the Software
- For the use of the Software, SmartTrackers and/or the Customer will generate a username and password for each End User, in accordance with the protocols prescribed by SmartTrackers, with which the Software can be used by an End User. This username and password are non-transferable and strictly personal. Customer and Each End User are responsible for the confidential use of username, password and for (the consequences of) any misuse thereof.
- SmartTrackers is entitled to restrict access to the Software in the event of unauthorized use or misuse of the Software by the Customer and/or End User and/or in the event of unauthorized use of the Software by third parties. If this is reasonably possible in view of the urgency of the case, SmartTrackers will inform the End User about this prior to restricting access. SmartTrackers will never be obliged to pay any compensation to the End User due to restricting access in the aforementioned cases.
The Customer guarantees that he, and the End User, observe the following rules when using the Software:
- The Customer and End User will protect its equipment, software, infrastructure and internet connection against viruses, computer crime and (other) unlawful use by the user(s) or third parties;
- The Customer and End User will not disrupt or damage the Software, (computer) networks or infrastructures of SmartTrackers or other users, or cause nuisance, limited use or unforeseen use (for other users) in relation thereto;
- The Customer and End User will not misuse means of access or breach and/or attempt to breach the security of the Software;
- The Customer and End User will not do or omit anything that they know or should reasonably have known that could lead to use of the Software that is punishable or unlawful towards SmartTrackers and/or third parties;
- The Customer and End User will not without permission enter a computer system or a part thereof that is connected to the Software (hacking);
- Customer and End User shall in no way infringe any intellectual property rights of SmartTrackers and/or third parties in connection with the Services; and
- Customer and End User will not disclose, reproduce or otherwise use information and data that SmartTrackers provides in the context of the Software, other than for use in the internal business operations of the Customer.
- The use of the Software by Customer and End User is at their own discretion and risk and Customer and End User are responsible for any damage to a computer system or loss of data resulting from the use of the Software.
- The Customer is obliged to report errors which it discovers in the Software made available by SmartTrackers to SmartTrackers without delay.
Integrations and data exchanges with third parties.
- The Customer may enter into agreements with third parties in order to enter into integrations/data exchanges and/or purchase services in addition to the Services.
- The Customer will enter into the agreements referred to in article 15.11 directly with the third parties concerned, in which SmartTrackers (in its capacity as supplier of the Services) is in no way involved. Such parties are not sub-processors of SmartTrackers and SmartTrackersis not liable in any form for the actions of these parties.
- If Customer chooses to (directly) connect/integrate the Software environment with a third party, whether or not using one or more interfaces from SmartTrackers, Customer hereby grants SmartTrackers permission for the exchange of data between SmartTrackers and the party concerned insofar as this is considered necessary by this party for the services. This can also mean the exchange of personal data and the storage of access or identification codes / tokens in order to realise this data exchange / integration.
- Customer is responsible for the correct design and realisation of integrations and/or data exchanges (including authorisations), whether or not using one or more interfaces from SmartTrackers, between the Software and the third party or parties selected by Customer. SmartTrackers is never responsible and/or liable for the (correct) functioning of Customer software and/or third parties which communicate with
- If Customer uses one or more integrations made available by SmartTrackers, the Customer is granted a non-transferable, non-exclusive and non-sublicensable right of use for the duration of the Agreement to use the integration within its own organisation for internal purposes only. SmartTrackers reserves the right to charge additional costs for the use of the links by the Customer and/or third party/parties.
- SmartTrackers is permitted to apply application throttling at its own discretion at any point in time when the traffic generated by the Customer via the connection overloads the SmartTrackers system to such an extent that the performance for other users is degraded or impaired.
Consequences of Software Termination
- After termination of the Agreement, the Customer may request a one-off delivery of the data entered when using the Software. SmartTrackers will make the data available to the Customer in a generally accepted format so that this data can reasonably be processed by the Customer. Other than by virtue of provisions of mandatory Dutch law, SmartTrackers does not accept any obligation to retain the data and information entered by the Customer. If the Customer has not indicated immediately after termination of the agreement that it wishes the aforementioned transfer of data, SmartTrackers is entitled to delete and destroy data which is stored, processed or otherwise entered by means of the Software, with immediate effect, without prior notification, from the system on which this is stored.
- In addition to the provisions in article 15.17, in the event of termination of the Agreement (other than in the event of dissolution by SmartTrackers), the Parties will always cooperate in good faith with regard to any support still required by the Customer after the expiry of the agreement for the migration of the Services to the Customer or to a third party designated by the Customer (exit period). SmartTrackers can however not be obliged to provide this cooperation for a period longer than 3 months and its efforts
during the exit period are on the basis of best effort and as far as commercially reasonable (at the discretion of SmartTrackers). A maximum of uninterrupted availability of the data and Services is central during the exit period. No later than 2 months before the end of the agreement, the parties will consult about the effort that the Customer requires from SmartTrackers. SmartTrackers will charge the costs which it incurs in connection with the exit period to the Customer on the basis of subsequent calculation.
- Information on new functions, price changes or planned maintenance is provided in the software, on the web pages of the software, in the online community or by e-mail.
- Notifications regarding order confirmations, information of special interest, security or privacy, will be sent to the e-mail address of the primary contact.
- The Customer is responsible for providing up-to-date contact information at all times, including a primary maintained contact email.
- All notices shall be deemed to have been sent and shall take effect immediately when sent or posted by SmartTrackers.
APPLICABLE LAW AND DISPUTES
- Dutch law applies to the Agreement and the General Terms and Conditions. All disputes arising from or in connection with the Agreement and the General Terms and Conditions shall be settled by the competent court in the district where SmartTrackers has its registered office.
APPENDIX 1: Data processor agreement
- This Appendix 1 applies to the processing (as defined herein) of Personal data (as defined herein) by the Data Processor in behalf of the Data Controller under the Agreement.
- The definition of Personal Data, Special Categories of Personal Data (Sensitive Personal Data), Processing of Personal Data, Data Subject, Controller and Processor is equivalent to how the terms are used and interpreted in applicable privacy legislation, including the EU 2016/679 General Data Protection Regulation (“GDPR”).
- The Agreement regulates the Processor’s Processing of Personal Data on behalf of the Controller, and outlines how the Processor shall contribute to ensure privacy on behalf of the Controller and its registered Data Subjects, through technical and organisational measures according to applicable privacy legislation, including the GDPR.
- The purpose behind the Processor’s Processing of Personal Data on behalf of the Controller is to fulfil the Service Agreement(s).
- This Agreement takes precedence over any conflicting provisions regarding the Processing of Personal Data in the Service Agreements or in other former agreements or written communication between the Parties. This Agreement is valid for as long as agreed in Appendix A.
The Processor’s rights and obligations
- The Processor shall only Process Personal Data on behalf of and in accordance with the Controller’s written instructions. By entering into this Agreement, the Controller instructs the Processor to process Personal Data in the following manner; i) only in accordance with applicable law, ii) to fulfill all obligations according to the Service Agreement, iii) as further specified via the Controller’s ordinary use of the Processor’s services and iv) as specified in this Agreement.
- The Processor has no reason to believe that legislation applicable to it prevents the Processor from fulfilling the instructions mentioned above. The Processor shall, upon becoming aware of it, notify the Controller of instructions or other Processing activities by the Controller which in the opinion of the Processor, infringes applicable privacy legislation.
- The categories of Data Subject’s and Personal Data subject to Processing according to this Agreement are outlined in Appendix A.
- The Processor shall ensure the confidentiality, integrity and availability of Personal Data are according to the privacy legislation applicable to The Processor. The Processor shall implement systematic, organisational and technical measures to ensure an appropriate level of security, taking into account the state of the art and cost of implementation in relation to the risk represented by the Processing, and the nature of the Personal Data to be protected.
- The Processor shall assist the Controller by appropriate technical and organisational measures, insofar as possible and taking into account the nature of the Processing and the information available to the Processor, in fulfilling the Controller’s obligations under applicable privacy legislation with regards to request from Data Subjects, and general privacy compliance under the GDPR article 32 to 36.
- If the Controller requires information or assistance regarding security measures, documentation or other forms of information regarding how the Processor processes Personal Data, and such requests exceed the standard information provided by the Processor to comply with applicable privacy legislation as Processor, the Processor may charge the Controller for such request for additional services.
- The Processor and its staff shall ensure confidentiality concerning the Personal Data subject to Processing in accordance with the Agreement. This provision also applies after the termination of the Agreement.
- The Processor will, by notifying the Controller without undue delay, enable the Controller to comply with the legal requirements regarding notification to data authorities or Data Subjects about privacy incidents.
Further, the Processor will to the extent it is appropriate and lawful notify the Controller of;
- requests for the disclosure of Personal Data received from a Data Subject,
- requests for the disclosure of Personal Data by governmental authorities, such as the police
- The Processor will not respond directly to requests from Data Subjects unless authorised by the Controller to do so. The Processor will not disclose information tied to this Agreement to governmental authorities such as the police, hereunder Personal Data, except as obligated by law, such as through a court order or similar warrant.
- The Processor does not control if and how the Controller uses third party integrations through the Processor’s API or similar, and thus the Processor has no ownership to risk in this regard. The Controller is solely responsible for third party integrations.
- The Processor might Process Personal data about users and the Controllers use of the service when it is necessary to obtain feedback and improve the service. The Controller grants the Processor the right to use and analyze aggregated system activity data associated with your use of the Services for the purposes of optimizing, improving or enhancing the way the Processor provides the services and to enable the Processor to create new features and functionality in connection with the services. SmartTrackers shall be considered the
Controller for such processing and the processing is therefore not subject to this Agreement.
- When using the service, the Controller will add data to the Software (“Customer Data”). The Controller acknowledges and does not object to the Processor using Customer Data in an aggregated and anonymized format for improving the services delivered to customers, research, training, educational and/or statistical purposes.
The Controller’s rights and obligations
The Controller confirms by accepting this Appendix 1 that:
- The Controller has legal authority to process and disclose to the Processor (including any subprocessors used by the Processor) the Personal Data in question.
- The Controller has the responsibility for the accuracy, integrity, content, reliability and lawfulness of the Personal Data disclosed to the Processor.
- The Controller has fulfilled its duties to provide relevant information to Data Subjects and authorities regarding processing of Personal Data according to mandatory data protection legislation.
- The Controller shall, when using the services provided by the Processor under the Services Agreement, not communicate any Sensitive Personal Data to the Processor, unless this is explicitly agreed in Appendix A to this Agreement.
Use of subprocessors and transfer of data
- As part of the delivery of services to the Controller according to the Service Agreements and this Agreement, the Processor will make use of subprocessors and the Controller gives its general consent to usage of subprocessors. Such subprocessors can be other companies within the Visma group or external third party subprocessors. All subprocessors are included in Appendix B. The Processor shall ensure that subprocessors follow GDPR requirements.
- An overview of the current subprocessors with access to Personal Data can be found in the SmartTrackers privacy statement on this web site: https://www.smarttrackers.nl/en/privacy-statement/. The Processor may engage other EU/EEA located companies in the Visma Group as subprocessors without the Visma company being listed in this statement and without prior approval or notification to the Controller. This is usually for the purposes of development, support, operations etc. The Controller may request more detailed information about subprocessors.
- If the subprocessors are located outside the EU or the EEA, the Controller gives the Processor authorisation to ensure proper legal grounds for the transfer of Personal Data out of the EU /EEA on behalf of the Controller, hereunder by entering into EU Standard Contractual Clauses (SCCs).
- The Controller shall be notified in advance of any changes of subprocessors that Process Personal Data. If the Controller objects to a new subprocessor within 30 days after a notification is given, the Processor and Controller shall review the documentation of the subprocessors compliance efforts in order to ensure fulfilment of applicable privacy legislation. If the Controller still objects and has reasonable grounds for this, the Controller can not reserve themselves against the use of such a subprocessor (due to the nature of online
standard Software in particular), but the Customer may terminate the Service Agreement for which the subprocessor in dispute is being used for.
- The Processor is committed to provide a high level of security in its products and services. The Processor provides its security level through organisational, technical and physical security measures, according to the requirements on information security measures outlined in the GDPR article 32.
- The Controller may audit the Processor’s compliance with this Agreement up to once a year. If required by legislation applicable to the Controller, the Controller may request audits more frequently. To request an audit, the Controller must submit a detailed audit plan at least four weeks in advance of the proposed audit date to the Processor, describing the proposed scope, duration, and start date of the audit. If any third party is to conduct the audit, it must as a main rule be mutually agreed between the Parties. However, if the
processing environment is a multitenant environment or similar, the Controller gives the Processor authority to decide, due to security reasons, that audits shall be performed by a neutral third party auditor of the Processor’s choosing.
- If the requested audit scope is addressed in an ISAE, ISO or similar assurance report performed by a qualified third party auditor within the prior twelve months, and the Processor confirms that there are no known material changes in the measures audited, the Controller agrees to accept those findings instead of requesting a new audit of the measures covered by the report.
- In any case, audits must be conducted during regular business hours at the applicable facility, subject to the Processors policies, and may not unreasonably interfere with the Processors business activities.
- The Controller shall be responsible for any costs arising from the Controller’s requested audits. Requests for assistance from the Processor may be subject to fees.
Term and termination
- This Agreement is valid for as long as the Processor processes Personal Data on behalf of the Controller after the Service Agreements or as otherwise agreed in Appendix A.
- This Agreement is automatically terminated upon termination of the Service Agreement. Upon termination of this Agreement, the Processor will delete or return Personal Data processed on behalf of the Controller, according to the applicable clauses in the Service Agreement. Such deletion will take place as soon as reasonably practicable, unless EU or local law requires further storage. The costs for such actions will be borne by the Processor, unless these actions demand an unreasonable burden from the Processor. In such case, reasonable costs will be charged to the Controller, based on; i) hourly rates for the time spent by the Processor and ii) the complexity of the requested process.
Changes and amendments
- Changes to the Agreement shall be included in a new Appendix to this Agreement and signed by both Parties in order to be valid.
- If any provisions in this Agreement become void, this shall not affect the remaining provisions. The Parties shall replace the void provision with a lawful provision that reflects the purpose of the void provision.
- For the avoidance of doubt, the Parties agree and acknowledge that each Party shall be liable for and held accountable to pay administrative fines and damages directly to data subjects which the Party has been imposed to pay by the data protection authorities or authorized courts according to applicable privacy legislation. Liability matters between the Parties shall be governed by the liability clauses in the Service Agreement between the Parties.
Governing law and legal venue
- This Agreement is subject to the governing law and legal venue as set out in the Service Agreement between the parties.
- Appendix A – Data subjects, Types of personal data, Purpose, Nature, Duration
A.1 Categories of Data Subjects
- customer end users
- customer employees
- customer contact persons
A.2 Categories of Personal Data
- contact information such as name, phone, address, email etc.
- job information such as position, company, location, etc
- work related information such as mobility, IP-addresses, etc.
- Other personal data that you actively provide for example by creating a profile on this website, in correspondence and by telephone
- Information about your activities on our website
- Internet browswer and device type
- Other personal data that you actively submit by
When the Customer submits other categories of personal data into the system, the Customer is responsible to add this list A.2 accordingly, via the SmartTrackers contact person.
A.3 Special categories of Personal Data (Sensitive Personal Data)
In order for the Processor to process such data on behalf of the Controller, the types of Sensitive Personal Datanin question must be specified below by the Controller.
The Controller is also responsible for informing the Processor of, and specifying below, any additional types of sensitive Personal Data according to applicable privacy legislation.
|The Processor shall on behalf of the Controller, process information regarding:||Yes||No|
|racial or ethnic origin, or political, philosophical or religious beliefs,||x|
|trade union membership||x|
|genetic or biometric data||x|
A.4 Purpose of the processing
The purpose of the data processor’s processing of personal data on behalf of the data controller is: To deliver the services in accordance with the Agreement. This includes for example:
Supporting and improving our services
- To enable you to create accounts
- To be able to deliver services
- To improve and develop the quality, functionality and user experience of our products
- To be able to contact you in case that is required to execute our service delivery
- To handle payments
- To detect, reduce and prevent security risks and abuse and to execute maintenance and debugging
- Managing and distribution of marketing preferences and content, or information updates.
- Establish interest profiles to be able to inform about other relevant services
A.5 Nature of the processing
The data processor’s processing of personal data on behalf of the data controller shall mainly pertain to (the
nature of the processing): The correct functioning of the service, including storage/hosting, testing, changing/editing, reporting and distributing tasks.
A.6 Duration of the processing:
The duration of the processing of personal data is for as long aas the Agreement applies. Afterwards, a maximum storage duration of 1 year applies, due to our back-up procedures.
Appendix B – Overview of subprocessors
The subprocessors of the Processor with access to the Controller’s Personal Data are listed in the privacy statement of SmartTrackers, which can be found on the website: https://www.smarttrackers.nl/en/privacy- statement/