Data protection and confidentiality agreement
Agreement on a shared responsibility
IMPORTANT NOTE: This is an English translation of our Agreement on shared responsibility for Germany. For all legal intents and purposes, the official Terms of Service in German will hold. Click here to view the official Terms of Service in German.
"Responsible (A)" means the company that registers on the website https://www.moberries.com as "Company" and creates a user account and this agreement on a joint responsibility for the placement of applicants, by clicking the field " I accept the Privacy and Confidentiality Agreement” on the website https://www.moberries.com.
- Responsible (A) -
“Responsible (B)” means MoBerries GmbH with its registered office at Schwedter Str. 9a, 10119 Berlin, Germany, which is entered in the commercial register of the Berlin Charlottenburg District Court under number HRB 165716 B.
- Responsible (B) -
1. Subject of the agreement
(1) There is a contractual relationship between the parties ("main contract – Partner Terms"), which includes the joint implementation of the project " General Terms and Conditions for the Placement of Applicants " by the persons responsible (A) and (B). The parties agree that they share with regard to this interaction on the purpose and means of processing within the meaning of Art. 4 No. 7 GDPR and to the extent that there is a shared responsibility.
(2) This Agreement constitutes the agreement between jointly responsible within the meaning of Art. 26 GDPR is between the parties. This contract arrangements are made to what obligations of GDPR in connection with common e processing enforcement of personal data.
2. Description of data processing
(1) The purpose, nature and extent of processing of personal data resulting from the main contract which between the parties as well as the extent possibly additionally included contractual arrangements.
(2) The type of data and the categories of data subjects are:
a) Type (s) of personal data
- First name
- Last name
- Email address
b) Categories of data subject
- Customers of those responsible
- Employees of those responsible
3. Responsibility and responsibilities for processing steps / phases
(1) In Appendix 1 to this contract, the parties have described the processing steps that are subject to joint responsibility and have assigned the respective responsibilities. If no information is given and the contract does not assign any other responsibilities, it can be assumed that both parties are equally responsible for the processing of the respective data type (s).
(2) In Appendix 1, the parties can also define responsibilities for the processing and implementation of measures to be taken on the occasion of exercising the rights of data subjects under Art. 15-21 GDPR. If no information is given and the contract does not assign any other responsibilities, it can be assumed that both parties are equally responsible for processing the above-mentioned inquiries.
(3) Notwithstanding the provisions in paragraphs 1 and 2, the parties agree that data subjects can contact both parties for the exercise of their respective rights. In such a case, the other party is obliged to immediately forward the request of a person concerned to the party responsible under Appendix 1 to this contract. The parties will provide each other with contact addresses and notify each change in text form without delay.
4. Implementation of data subject rights
(1) Each party is obliged to implement the information obligations under Art. 12-14 GDPR and Art. 26 Para. 2 clause 2 GDPR vis-à-vis the person concerned, insofar as the respective party for the processing step (s) / phase (n) within the meaning of para. 3 of this contract is responsible. The parties ensure that this information is accessible on the Internet and provide each other with the Internet addresses at which the respective information can be called up.
(2) Data subjects must be provided with the required information free of charge in a precise, transparent, understandable and easily accessible form in a clear and simple language.
(3) In an additional Appendix, the parties can agree primary responsibilities for the fulfillment of the information obligations under Art. 12-14 GDPR.
5. Data security
The parties mutually agree to comply with the relevant under Art. 32, to the extent GDPR necessary technical and organizational measures, the processing of personal data is concerned, for which a common responsibility within the meaning of . Art. 26 GDPR exists.
6. Obligation to report data breaches
(1) Each party is the other party promptly of any breach of personal data protection within the meaning of Art. 4 No. 12 GDPR in text form. The parties will mutually and immediately provide all information in connection with the invasion of privacy and will make all details available for any data breach review to satisfy the reporting requirements which are required pursuant to Art. 33, 34 DSGVO.
(2) In the event that there is a notification obligation under Art. 33 GDPR, the parties will coordinate the further procedure within the framework of reasonableness and support each other in the fulfillment of the notification obligations.
(3) If notification of the data subject is required in accordance with Art. 34 GDPR, the parties will cooperate within reason and carry out a joint notification of the data subject, insofar as the parties consider this to be reasonable.
7. Common duties
Both contracting parties must inform each other immediately and completely if errors or irregularities in data processing or violations of provisions of this contract or applicable data protection law (in particular the GDPR) are found.
(1) The assignment of order processors as defined in Art. 4 No. 8 GDPR by one party must be reviewed by the respective party and each party is responsible for adequately selecting service providers.
(2) The other party can request the submission of the order processing contract, which was concluded with the respective processor, in order to check compliance with the requirements of Art. 28 GDPR before the consent is given.
(3) If the processing of personal data takes place in a third country, the client will demonstrate to the other party to this contract the existence of guarantees for an adequate level of data protection in the third country. If there is no adequacy decision by the EU commission, the data transfer to a third country must be supported by suitable guarantees within the meaning of Art 46 DS-GVO.
(4) In the event that an existing order processing contract with a processor is changed, the client is obliged to inform the other party of this contract. In the event that the change in the order processing contract leads to a violation of the requirements of Art. 28 GDPR, the other contracting party can request the client to immediately rectify the contract so that the requirements of Art. 28 GDPR are met.
9. Cooperation with supervisory authorities
(1) Each party is obliged to inform the other party immediately if a data protection supervisory authority contacts them and this concerns processing which is covered by this contract.
(2) The parties will coordinate the response to inquiries from supervisory authorities with regard to the processing of the contract, insofar as this is legally permissible and / or reasonable.
(3) The parties agree that regulatory measures must always be followed. Nonetheless, the parties will act as to whether and to what extent legal remedies will be filed against orders from the authority.
10. Retention and deletion periods
The parties must independently ensure that they comply with all legal retention requirements relating to the data. To do this, the parties have to take appropriate data security precautions (Art.32 ff. GDPR). His applies in particular in the event that the cooperation is terminated.
11. Employees obligation to maintain data secrecy
The parties ensure within their sphere of activity that all employees involved in data processing maintain the confidentiality of the data in accordance with Articles 28 paragraph 3, 29 and 32 GDPR for the time of their activity as well as after the termination of the employment relationship and that this prior to commencing their work, they are obliged to observe data secrecy and be instructed in the data protection provisions that are relevant to them.
(1) The parties are liable towards data subjects in accordance with the statutory provisions.
(2) The parties release each other internally from any liability if the cause of the liability within the scope of responsibility according to para. 3 of this contract is solely the responsibility of one party. This also applies to a fine that may be imposed on a party for violating data protection regulations.
13. Final provisions
(1) The provisions of the main contract apply to the term and termination of the contract. In the event of contradictions between this contract and other agreements between the parties, especially the main contract, the provisions of this contract take precedence.
(3) Should individual provisions of this contract be or become invalid or contain a loophole, the remaining provisions remain unaffected. The parties undertake to replace the ineffective regulation with a legally permissible regulation which comes as close as possible to the purpose of the ineffective regulation and which best meets the requirements of Art. 26 GDPR.
(3) German law including the GDPR applies.