Data Process Agreement | no-more

Data Processing Agreement

You can find the standard terms and conditions for using no-more services in the PDF below:

Get PDF

 

Introduction

Preamble

The processing is based on the agreement between the parties for the provision of numerous services by

the Contractor (Main Agreement).

 

Parties

Contractor/Data Processor:

NoMore ApS

Toldbodgade 95A

1253 Copenhagen

Denmark

 

Client/Data Controller:

The person or company that use or intend to potentially use no-more’s services.

Please see the definition as per the Main Agreement.

 

Definitions

“Data controller”

Refers to the “Client” or the person or company that use or intend to potentially use no-more’s services.

 

“Data processor”

Refers to NoMore ApS – see parties

 

“Contractor”

Refers to NoMore ApS – see parties

 

“Main agreement”

Refers to the Standard Terms and Conditions also mentioned below in list of appendices OR any customized agreement accepted by both parties in writing prior to May 25 2018.

 

“No-More Client Platform”

The web-based client interface available for all Clients and accessible via https://app.nomorehours.com/login

 

“Vetted specialists”

The individuals identified as part of NoMore’s talent network, responsible for conducting parts of the orders as described within the Main Agreement.

Appendix

Standard Terms and Conditions

The Standard Terms and Conditions at any time applicable for Clients deciding to use no-more’s services, which can be accessed via: https://nomorehours.com/terms

 

 

Section 1: Overall purpose of the agreement

1.1

Introduction 

The Contractor collects/processes/uses personal data on behalf of the Client.

1.2

Subject of the service

The purpose of the service is to process data by collecting, recording, organizing, sorting, storing, reading, querying, using, disclosing through transmission, dissemination or any other form of provision, matching or linking, restriction, erasure or destruction of data exclusively in connection with the services listed in the Main Agreement.

The data will not be processed for other purposes. The contractual services will be executed exclusively in member states of the EU or in one of the contracting states of the agreement on the European Economic Area on the part of the data processor. A transfer of the services or of partial work to a third country may occur only if the special requirements of Art. 44 et seq. GDPR are met and this is absolutely required for the provision of the services.

For the purpose of reading a very selected subset of certain personal data: Personal information included in input material shared by the Client e.g. PowerPoint or Excel files. can be read by people located outside the above mentioned geographic areas.

Changes of the processing object and procedural changes are to be mutually agreed

1.3

Duration of the service

The agreement begins with the acceptance of the Main Agreement by both parties.

1.4

Type of data processing

The Contractor processes a well-specified list of personal data of the Client, of Client‘s employees, and on very rare occasions on behalf of the Client‘s customers.

1.5

Type of personal data

Personal data required for the execution of the service:

-          personal master data (name, company name)

-          contact information (email, phone number)

-          task request information (ticket system information)

-          design preferences and guidelines

-          invitation information (between Client employees)

-          information about how much the service has been used

-          personal information contained within task information

-          billing and payment data

 

 

Section 2: Rights and obligations of the Client

2.1

Responsibility

The   Client   is   solely   responsible   for   the   assessment   of   the   lawfulness   of   the   data collection/processing/use as well as for the protection of the rights of all personal data shared with the Contractor.

2.2

Issue of orders

The Client issues all orders or partial orders in writing or in a documented electronic format as outlined in the Main Agreement.

2.3

Instructions of personal data

The Client is entitled to give the Contractor written instructions regarding the processing of personal data provided by Client.

2.4

Transparency

Prior to the start of data processing and then in regular intervals the Client is entitled to verify the compliance of the Contractor with any agreed technical and organizational measures and with the obligations arising from this Agreement. The Client can also use third parties to carry out this verification. The Client undertakes to enumerate all expenses incurred by the Contractor as a result of making this verification possible.

2.5

Obligation to inform

The Client informs the Contractor immediately if he detects any errors or irregularities in the examination of the services.

2.6

Confidentiality

The Client is obliged to treat with confidentiality all knowledge acquired about business secrets and data security measures of the Contractor resulting from the contractual relationship. This obligation remains valid even after termination of this Agreement.

 

Section 3: Obligations of the Contractor

3.1

Limitations of scope

The Contractor shall only process personal data in accordance with the agreements, legal requirements and instructions of the Client in accordance with the GDPR, unless he is required to process it under the laws of the European Union or of the member state the processor is subject to (for example investigations of law enforcement and state protection authorities). In this case, the processor must notify the controller of such legal requirements prior to processing, unless such communication is prohibited due to important public interests under applicable law (Art. 28 (3) sentence 2 (a) GDPR).

3.2

Responsibility to act upon orders

The Contractor shall correct, delete and block personal data under the contractual relationship or restrict its processing if the Client so requests in the agreement or instructs him so unless this contradicts the legitimate interests of the Contractor. When an affected person directly contacts the Contractor in this regard, the Contractor will immediately forward this request to the Client. The Contractor may act upon such a request if the Client does not respond to requests by affected data subjects within reasonable time.

3.3

Restrictions of usage

The Contractor does not use the personal data provided for data processing for any other, especially not for own purposes. Copies or duplicates are not created without the knowledge of the Client. The Contractor assures the contractual processing of all agreed measures in the area of order-based processing of personal data. Contractor assures that the processed data is strictly separated from other data.

3.4

Obligation to inform

The Contractor will immediately inform the Client if, in his opinion, an instruction issued by the Client violates statutory provisions. The Contractor shall be entitled to suspend the execution of the relevant instruction until it has been confirmed or changed by the person responsible at the Client.

3.5

Entitlement to control

The Contractor agrees that the Client – by appointment – is entitled to control compliance with this agreement to the extent required under Art. 28 GDPR either directly or through third parties commissioned by the Client. The Contractor undertakes to provide the Client with the necessary information and to prove the implementation of the technical and organizational measures.

3.6

Deletion upon cancellation

After a potential termination of the contractual obligations as specified in the Main Agreement, the Contractor shall delete all data, documents and processing or utilization results, which were obtained in connection with the contractual relationship if requested by the Client in writing or via the no-more Client Platform unless doing so is not possible due to legal or factual grounds.

3.7

Data protection officer

Data protection officer of the Contractor is Anders Haugbølle Thomsen.

Changes of the data protection officer shall be notified to the Client without undue delay.

3.8

Confidentiality 

The Contractor undertakes to maintain confidentiality when processing personal data provided by the Client. This obligation shall survive the termination of the agreement.

3.9

Employees and subcontractor involvement

The Contractor warrants that the employees and subcontractors involved in the provision of the services are familiar with the requirements of data protection relevant to their work and that they are bound to maintain confidentiality for the duration of their employment as well as after termination of the relationship.

3.10

Consent for sharing

The Contractor may only provide information to third parties, not considered subcontractors as outlined in section 4, or the data subject about personal data obtained during the service with prior instruction or written consent of the Client, or when as this information is provided based on legal requirements.

 

Section 4: Subcontractors

4.1

Use of Subcontractors

The use of subcontractors for the processing of accounting information, payment information, email processing, and to the limited extend to which it is required within task delivery services e.g. visualizations of presentations, research work etc. is permitted due to the nature of the process of executing services using a global talent platform to execute orders under the Main Agreement. The approval required under Art. 28 (2) and (9) GDPR is hereby granted.

4.2

Selection of subcontractors

The Contractor shall ensure that he has carefully selected the subcontractor with special consideration of the suitability of the technical and organizational measures taken by the subcontractor in accordance with Art. 32 GDPR.

4.3

Subcontractors in third countries

Subcontractors in third countries may only be commissioned if the special conditions of Art. 44et seq. GDPR are met (for example adequacy decisions by the European Commission, model data protection clauses, approved codes of conduct) or when their commissioning is necessary for the provision of the service by the Contractor in order to execute the orders as specified in the Main Agreement. Thus, Vetted Specialists, which to some extend can be considered subcontractors, on the no-more talent platform is given access to data (only read permission) if, and only if, such data is included in the task input provided by clients, and might in some cases be read by subcontractors (Vetted Specialists) in third countries.

4.4

Subcontractor obligations

The Contractor must ensure that the agreed regulations between the Client and this Agreement also apply to subcontractors to the greatest extent possible and will regularly review compliance with the obligations of the subcontractor(s).

4.5

Specification for sub-Contractors

In the agreement with the subcontractor the responsibilities of the parties shall be so specific to allow a clear distinction. If multiple subcontractors are used this also applies to the responsibilities between these subcontractors.

4.6

Existing subcontractors

The Client agrees that the subcontractors currently engaged in the processing of personal data for the Contractor, including the Vetted Specialists working as part of no-more’s talent platform as mentioned under 4.1, are to continue handling data, but only to the extend required in order to execute orders as outlined in Main Agreement.

 

Section 5: Subcontractors

5.1

Level of data protection

The Contractor shall ensure an appropriate level of protection for any data processing in accordance with the risks towards the rights and freedoms of data subjects affected by the processing. This shall at a minimum take into account the protection objectives of confidentiality, availability and integrity of the systems and services, as well as their resilience in terms of the nature, extent, circumstances and purpose of the processing so as to permanently reduce such risks by means of appropriate technical and organizational corrective measures.

5.2

Data   protection   concept

The   data   protection   concept   utilized   by   the   Contractor   has   selected   its   technical   and organizational measures by considering the protection objectives in accordance with the state of the art of the IT systems and processing processes.

5.3

Principles of proper data processing

The Contractor shall comply with the principles of proper data processing. He shall ensure the contractually agreed and legally required data security measures.

5.4

Technical and organizational development

The technical and organizational measures may be modified to keep pace with technical and organizational developments over the course of the contractual relationship. The contractor shall establish procedures for the periodic review and evaluation of the effectiveness of the measures to ensure the safety of the processing. Significant changes will be communicated to the client in documented form.

5.5

Obligation of notifications

The Contractor shall immediately notify the Client of any disruptions, violations against data protection regulations or the stipulations made under this agreement by the Contractor or persons under his employ, as well as about the suspicion of data breaches or irregularities in the processing of   personal   data.  This   applies   in   particular   with   regard   to   any   notification   and   notification obligations of the Client in accordance with Art. 33 and 34 GDPR. The Contractor agrees to adequately support the Client in his duties according to Art. 33 and 34 GDPR.

 

Section 6: Liability

6.1

Serious violations

In the case of serious violations of the terms of this agreement, in particular against compliance with applicable data protection regulations, the Client entitled to a special right of immediate termination. Further sanctions, in particular contractual penalties, are excluded.

6.2

Other termination

For all other intents and purposes, the existing liability terms for the respective services as agreed in the Main Agreement apply.

 

Section 7:  Miscellaneous

7.1

Serious violations

In the case of serious violations of the terms of this agreement, in particular against compliance with applicable data protection regulations, the Client is entitled to a special right of immediate termination. Further sanctions, in particular contractual penalties, are excluded.

7.2

Side arguments

The written form is required for side agreements.

7.3

Terms definition

Terms used in this Agreement are to be understood according to their definitions in the EU General Data Protection Regulation.

 

Section 8:  Effectiveness of the agreement

7.1

Validity of individual terms

Should individual terms or clauses of the agreement be invalid or unenforceable, this does not affect the validity of the agreement otherwise. The invalid or unenforceable provision shall be replaced by a valid and enforceable provision that comes closest to the economic purpose pursued by the parties with the invalid or unenforceable provision.

 

Section 9: List of subcontractors – not including Vetted Specialists

8.1

Accounting & Billing

Stripe Inc (www.stripe.com)

3180 18th Street

San Francisco, CA 94110

United States

 

Billy ApS (www.billy.dk, CVR: 33 23 91 06 )

Bredgade 33C, st. th

1260 København K

8.2

Ticket handling & Email

Zendesk Inc (www.zendesk.com)

1019 Market St

SAN FRANCISCO   CA   94103-1612 USA

 

Champaign Monitor (www.campaignmonitor.com)

631 HOWARD ST. SUITE #500

SAN FRANCISCO, CA 94105 USA

8.3

Data storage and processing

Amazon Web Services, Inc. (https://aws.amazon.com/)

1200 12th Avenue South

Suite 1200

Seattle, WA 98144 USA

 

DigitalOcean (www.digitalocean.com)

101 Avenue of the Americas

10th Floor

New York, NY 10013

United States

 

8.4

Product improvement

Amplitude (www.amplitude.com)

185 Berry Street

Suite 4807

San Francisco, CA 94107

United States

 

Hojtar Limited (www.hotjar.com)

Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta

 

8.5

Marketing

Google Analytics (www.google.com/intl/da/analytics/)

1600 Amphitheatre Parkway Mountain View

CA 94043 United States

 

Facebook Inc (www.facebook.com)

1 Hacker Way

Menlo Park, California

 

 

 

Do you have more questions?

Let us know what is on your mind