Terms and Conditions for Data Processing

The Customer hereby accepts the following terms and conditions applicable to the Customer's transaction with edgemo green, Danish company ID no. 32840647. Said transaction consists of edgemo green providing a service in which is it expressly left to the sole discretion of edgemo green to manage the actual processing of personal data. 

 

Agreed Terms and Conditions for Data Processing

The Customer hereby accepts the following terms and conditions applicable to the Customer's transaction with edgemo green, Danish company ID no. 32840647. Said transaction consists of edgemo green providing a service in which is it expressly left to the sole discretion of edgemo green to manage the actual processing of personal data. 

Pursuant to the General Data Protection Regulation, edgemo green will serve as the data processor for the Customer upon providing the agreed-upon services. The Customer and edgemo green, jointly referred to as the Parties, acknowledge that edgemo green’s processing of personal data on behalf of the Customer is subject to the General Data Protection Regulation and the Data Protection Act.

The terms and conditions for data processing are created in order for the Parties to adhere to section 28, subsection 3 of regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) when edgemo green serves as the data processor for the Customer.

The terms and conditions for data processing shall apply from the time when the Customer accepts same and the terms and conditions for data processing will immediately replace any previous data processing agreement entered into between the Parties. The terms and conditions for data processing are a supplement to the agreement between the Parties and shall supersede any conflicting terms.

Data Processor Agreement

The Data Processing Terms are outlined in the Parties’ data processor agreement and govern the processing of the personal data provided by the Customer to edgemo green when the agreed-upon services are provided.

The Data Processing Terms outlines the rights and obligations applicable when edgemo green processes personal data on behalf of the Customer and the Data Processing Terms outline the overall security precautions taken by edgemo green.

As it relates to the processing activities assigned to edgemo green to perform on behalf of the Customer, edgemo green serves as the data processor in accordance with the applicable data protection regulations, and the Customer either serves as the processor or the controller in accordance with the applicable data protection regulations.

Each Party shall comply with the obligations outlined in the applicable data protection regulations and the Data Processing Terms shall in no way release edgemo green or the Customer from any such obligations.

Duration

The Data Processing Terms shall apply until such time when edgemo green has deleted the Customer’s data pursuant to the terms of these Data Processing Terms. The Data Processing Terms and the agreement of the Parties are mutually dependent on each other and as such, the agreements cannot be terminated separately.

 

Specific warranties of edgemo green

edgemo green warrants to the Customer that is has the necessary expertise, reliability, and resources to take the necessary precautions in order to adhere to the General Data Protection Regulation as it relates to those processing activities performed by edgemo green on behalf of the Customer pursuant to the agreement.

The Customer’s specific obligations

The Customer is responsible for complying with the governing laws on personal data at any given time as it relates to the personal data provided to edgemo green for processing.

Pursuant to this agreement, the Customer is specifically responsible to edgemo green and warrants that:             The customer has the necessary jurisdiction to process and permit the processing to be performed by edgemo green of the personal data transferred pursuant to the services provided to the Customer by edgemo green. In those instance in which the Customer serves as the data processor of the personal data transferred to processing by edgemo green, the Customer expressly warrants to edgemo green that the instructions by the Customer as expressed by and through these Data Processing Terms and the agreement of the Parties as well as the use of edgemo green and the sub-processor of edgemo green, that it has the authority of the controller. The instructions given pursuant to which edgemo green shall process the personal data on behalf of the Customer are in compliance with all applicable laws.   

 

Nature and purpose of the processing

The agreed-upon nature of the processing performed on the data contained in the IT services performed by edgemo green for the Customer is determined by the Parties. This will include any deletion of personal data when providing the agreed-upon services. Thus, edgemo green will process the transferred personal data pursuant to the agreed-upon purpose in their performance of the agreed-upon services.

 

Type of information

The transferred data for processing encompasses the types of personal data which the Customer transfers to edgemo green in relation to the delivery of the agreed-upon services. The processing encompasses ordinary, non-sensitive, personal data, including names, email addresses, and telephone numbers unless the controller has provided express information related to same.

Categories of registered persons

The categories of registered persons about whom edgemo green is transferred personal data to process, include those categories which the Customer provides to edgemo green in relation to the delivery of the agreed-upon services. The categories of the registered persons will include the employees and business associates of the Customer, for instance.

Extent of processing activities

edgemo green is solely permitted to perform processing of the Customer’s personal data according to the instructions of the Customer as documented in a written agreement accepted by edgemo green.

Upon the Customer accepting the Data Processing Terms, the Customer instructs edgemo green to process the Customer’s personal data as part of the performance of the agreed-upon services.

In addition to that, the Customer may request that edgemo green be given additional written instructions related to the processing of personal data for the Customer. Upon receipt of such a request, edgemo green is free to chose whether it wishes to accept or reject any such additional instructions. However, edgemo green will always accept any instruction to cease any further processing which will entail edgemo green deleting the Customer’s data as outlined in the section under the heading Delivery and Deletion of the Customer’s Data as outlined below.

edgemo green will comply with any instruction approved by edgemo green unless any such processing would violate any applicable law on data protection to which edgemo green falls subject. In the event of such circumstances, edgemo green will notify the Customer of same.

However, regardless of instructions from the Customer, edgemo green is obligated to conduct processing of the Customer’s personal data, including deletion, if any such processing is performed as a result of a court ordered obligation placed upon edgemo green. In the event of such circumstances, the Customer will be notified of same before the processing is performed unless any such notification would be considered unlawful. As such, the Customer determines the purpose and extent of the processing activities transferred to edgemo green.

Duration of Processing activities

edgemo green shall perform processing of the Customer’s Personal Data as long as edgemo green remains obligated to do so pursuant to the agreement. In addition to that, the Customer may instruct edgemo green to delete the data at any earlier point in time pursuant to the paragraph titled Delivery and Deletion of the Customer’s Data.

 

Security precautions

edgemo green shall initiate all precautions requires pursuant to article 32 of the General Data Protection Regulation. Pursuant to same, edgemo green will put appropriate, technical, and organizational security precautions in place in order to protect any transferred personal data from accidental or illegal destruction, loss, change, unauthorized transfer or access in general.

On an ongoing basis, edgemo green may make changes to the security precautions in place, however, in the event of such changes to the security precautions, edgemo green shall strive to ensure that the changes an overall scale do not diminish the security level.

However, edgemo green will put the security precautions in place based on an average assessment of what is appropriate and as such, the Parties agree that the Customer is inter partes responsible for assessing whether the precautions put in place are sufficient to ensure that the security level matches the risk associated with the processing activities to be performed by edgemo green.

In the contractual relationship between the parties, the Customer shall maintain the obligations for its own decisions about security including the Customer’s selection of equipment and services, etc..

 

Reporting a security breach

Should edgemo green become aware of a break of the personal data security as it relates to edgemo green’s services provided to the Customer, edgemo green shall notify the Customer of the personal data breach without undue delay after edgemo green has become aware of any such breach.

Without undue delay after having become aware of any such breach in the personal data security, edgemo green shall implement reasonable and proportional measures to limit the damage caused by the breach.  

In addition to notifying the Customer of the breach, edgemo green shall provide a description of the circumstances surrounding the breach, the nature of the breach, the measures taken by edgemo green or to be taken by edgemo green to limit the damage caused by the breach. Furthermore, edgemo green shall notify the Customer of any issues the Customer should pay special attention to in relation to the breach in terms of the Customer complying with its obligations in the event of a security breach pursuant to the deadlines provided by the General Data Protection Regulation. The notification may be sent via email to the Customer’s designated contact person.

edgemo green’s notification of a breach of personal data security shall in no way amount to an acknowledgement of fault or culpability as it related to any breach of the personal data security.

 

At the request of the Customer, edgemo green shall assist the Customer in complying with its obligations pursuant to articles 33 and 34 of the General Data Protection Regulation considering the nature of the processing performed on the personal data and the information available to edgemo green as it relates to the breach in personal data security occurred at edgemo green.  

Use of sub-processors

By accepting these Data Processing Terms, the Customer provides its general consent to edgemo green using other data processors (sub-processors).

When using the service of a sub-processor, edgemo green shall ensure that a written agreement with the sub-processor is in place and that same ensures that:

  • The necessary warranties of the sub-processor that it will put the appropriate, technical, and organizational precautions in place to the extent that the processing complies with all terms of the General Data Protection Regulation.
  • The sub-processor shall assume the same data protection obligations as those outlined in these Data Processing Terms which then also encompasses all terms of article 28(3) in the General Data Protection Regulation, and that
  • Only the sub-processor processes the Customer personal data to the extent required to comply with the delivery terms accepted by the sub-processor from edgemo green and that the processing will be performed pursuant to the agreed-upon instructions.

If the sub-processor does not fulfil its data protection obligations, edgemo green remains fully obligated to the Customer to fulfill the data protection obligations of the sub-processor.

edgemo green ensures an ongoing oversight of the sub-processors used. In the event the Customer has a documented need for such information, the Customer may request to be provided the name of the specific sub-processor.  

If the Customer has any objections to a specific sub-processor, it may terminate the agreement with edgemo green effective immediately or from the expiration of calendar month in which the termination occurs. Any termination made pursuant to this paragraph shall be made within 30 days of edgemo green providing the Customer with information about the sub-processor used. Termination of this Agreement shall remain the Customer’s sole remedy against edgemo green in a situation founded in this paragraph.

Transfer of data

edgemo green will store the Customer’s data within the EU and therefore, personal data is not transferred to third countries.

However, edgemo green may make an exception and transfer the Customer’s data including personal data to a third country or an international organization when required pursuant to the Court of the EU or a national court of a member state to which edgemo green is subject and in such an event, the Customer shall be notified of this court requirement before processing occurs unless the court in question has prohibited any such notification due to important societal concerns.

 

Assistance of the Customer

edgemo green shall be obligated to provide the following assistance to the Customer upon receipt of a written request for same by the Customer: edgemo green will assist the Customer, while providing consideration to the nature of the transferred data, to the extent possible through appropriate technical and organizational measures to assist the Customer in complying with its obligation in responding to requests related to the rights of the registered individuals as outlined in chapter iii of the General Data Protection Regulation.

Should edgemo green receive a request directly from a registered or potentially registered person exercising his rights, edgemo green shall immediately forward any such request to the Customer who may then determine if the assistance of edgemo green is requested.

edgemo green shall further assist the Customer in complying with its obligations pursuant to articles 32-36 of the General Data Protection Regulation while considering the nature of the processed data and the information available to edgemo green.

edgemo green shall be entitled to a separate fee for the work performed in assisting with the Customer’s requests pursuant to this paragraph referred to as Assistance of the Customer. The fee shall be calculated based on time spent by edgemo green multiplied by edgemo green’s hourly rates for any such task. As it relates to assistance provided to the Customer in ensuring compliance pursuant to articles 33-34 of the General Data Protection Regulation, edgemo green shall not be entitled to any fee for compliance with the obligations of edgemo green pursuant to the paragraph named Reporting of Security Breach.  

Delivery and Deletion of the Customer’s Data

Unless otherwise required by the Customer, edgemo green shall delete all of the personal data provided by the Customer and edgemo green shall delete any existing copies unless edgemo green is subject to any legal obligation requiring edgemo green to preserve the personal information.

edgemo green’s compliance with the Customer’s instructions to delete or deliver the Customer’s information shall occur in accordance with the requirements of the General Data Protection Regulation and as quickly as practicably possible.

In the event that the Customer has required other processing than deletion, part of any such request will entail that, and the Customer hereby consents to, the Customer’s data being included in a backup procedure from which the data is deleted when the backup is destroyed in accordance with edgemo green’s backup procedures.

 

Liability and liability limitation

Any damages or other compensation to be paid to the registered person as a result of a violation of the General Data Protection Regulation shall be subject to Article 82 of the General Data Protection Regulation and any additional regulations contained in the Data Protection Act. This, the parties shall each be inter partes liable to determine the pro rata share of any such amount corresponding to their share of the liability for the damage occurred and while applying these terms and conditions for data processing. If necessary, the pro rata share of the liability shall be determined by a court of competent jurisdiction.

In the event of any fine or other punitive measure imposed as a result of any illegal processing of personal data performed by edgemo green on behalf of the Customer, the final internal pro rata share of any such fine shall be calculated by the same principles as above regardless of which party is imposed the fine initially. In this calculation, the mutual warranties made by the parties to each other shall be considered as well.

 

Record keeping of edgemo greens

edgemo green shall be obligated to keep a record of the categories of the processing activities performed for the Customer pursuant to article 30 of the General Data Protection Regulation.

The Customer has a duty to provide edgemo green with the name and contact information for any Customer representative and data protection advisor as well as update any such information to ensure correct record keeping by edgemo green.

The information shall be provided to edgemo green by the Customer to the contact information provided below under edgemo green’s contact information.

Confidentiality

edgemo green shall ensure that all persons authorized by edgemo green to process the personal information from the Customer are subject to a confidentiality requirement or an appropriate legal requirement of confidentiality.

edgemo green and any person performing work for edgemo green with access to the Customer’s personal information shall only be permitted to process that information as instructed by the Customer and accepted by edgemo green unless any other processing is required pursuant to a legal requirement or court order to which edgemo green is subject.

egemo green may only authorize persons with a strict need for same to have access to the personal information in order to fulfil edgemo green’s obligations to the Customer. edgemo green must assess the authorized access on an ongoing basis and terminate access when the authorizations expire or cease.  

Inspection and audit

edgemo green provides all information to the Customer necessary to demonstrate compliance with the requirements of article 28 of the General Data Protection Regulation as well as the requirements of edgemo green determined by these Data Processing Terms.

edgemo green allows for and will contribute to any audits to include inspections to be performed by the Customer or other auditor authorized by the Customer. The Customer may request a physical inspection of edgemo green’s location.

Any request for same shall be shall be in written form and shall indicate what the Customer wishes to include in the inspection. The parties will then agree on the specific arrangements and scope of the inspection which will include the time for the inspection and the nature of the report.

The inspection may only be performed by a person willing to be subject to edgemo green’s ordinary security precautions and who will commit themselves to a confidentiality clause in direct privity with edgemo green. edgemo green may object to a person identified by the Customer to perform the inspection if the appointed person, as reasonably determined by edgemo green, is not suitable or qualified to perform the inspection which will include that the person (1) is not independent, (2) is a direct competitor of edgemo green, or (3) that the person for any other obvious reason is not suitable to perform the task. If edgemo green makes an objection to an appointed person, the Customer shall appoint another person to perform the inspection.  

Any inspection of a sub-processor for edgemo green shall occur by and through edgemo green. However, the Customer may chose to initiate and participate in the physical inspection also, at the location of the sub-processor. In such an event, the inspection shall be performed subject to the terms for inspections in place for the sub-processor.

Any cost associated with performing a physical inspection or an inspection at either edgemo green’s facility or the sub-processor’s facility which has been incurred by edgemo green or the sub-processor shall be reimbursed by the Customer. edgemo green and any possible sub-processor is furthermore entitled to a fee for the time spent on the inspection based on the current price list at that given time.

 

Changes to the Data Processing Terms

edgemo green shall be permitted to make changes to these Data Processing Terms providing 90 days’ notice. Any change that must occur without the ability to provide advance notice shall occur immediately.

Information about planned changes is sent to the Customer. If the Customer does not accept the upcoming planned changes, the Customer may chose as remedy to terminate its agreement. The Customer shall have no additional remedy or recourse as a result of a change to the Data Processing Terms.  

 

edgemo green’s contact information

Any inquiry of edgemo green regarding data protection including requests for audits or inspections shall be directed to Lars Baun (CEO), edgemo green – lbj@danofficeit.com

 

The storage requirements of the Parties

edgemo green and the Customer shall both be required to store a copy of these Data Processing Terms and the agreement between the parties, as well as any other potential agreements and/or information of relevance to or supplementing these Data Processing Terms.

Let us help you with your used it