This Processor Agreement applies to all forms of processing of
personal data that Flexamedia, located at Guntersteinweg 377 in The Hague,
registered with the Chamber of Commerce under number 83549137 (hereinafter:
“Processor”) on behalf of the other party to whom it provides services (hereinafter:
In consideration of:
1. Parties have concluded an agreement with regard to hosting services and
domain name registrations, hereinafter referred to as: “Agreement”. To implement the
Agreement processes Processor on behalf of Controller
2. Parties wish carefully and in accordance with the GDPR and other Applicable Laws
regulations regarding the Processing of Personal Data to deal with the
Personal data that are (will be) processed for the execution of the Agreement;
3. Parties wish in accordance with the GDPR and other Applicable Laws and Regulations
regarding the Processing of Personal Data their rights and obligations with regard to the
Processing of Personal Data of Data Subjects To be recorded in writing in this
4. Only the Controller determines the purpose and means of the processing
of personal data and the Processor has no influence on this;
Have agreed as follows:
1.1 Data Subject: the person to whom a Personal Data relates.
1.2 Data breach: a breach of the security of Personal Data that has serious adverse consequences for the protection of Personal Data.
1.3 Personnel: the persons to be engaged by the Parties for the implementation of this Processor Agreement, who will work under their responsibility.
1.4 Personal data: any data concerning an identified or identifiable natural person
person. Pseudonymized personal data also fall under this concept.
1.5 Sub-processor: third party engaged by Processor to perform on behalf of Processor
Process personal data, without being under the direct authority of the Processor
1.6 Controller: the controller for Processing within the meaning of the Act
protection of personal data (WBP) and/or European regulations and guidelines with regard to the protection of personal data (GDPR).
1.7 Processor: the person who, on behalf of the Controller, performs Personal Data
processed without being subject to its direct authority.
1.8 Processing: any act or set of acts with regard to Personal Data, including in any case the collection, recording, organization, storage, updating, modification,
request, consult, use, provide by transmission, dissemination or any other
other form of making available, bringing together, linking together, as well as blocking, erasing or destroying data.
2.1 If the Processor only has access to the Personal Data, without an obligation to process it, the Processor will observe both national and international laws and regulations with regard to personal data and the provisions of this Processor Agreement; if and insofar as the Controller has informed the Processor in good time in advance of the presence of Personal Data and the place (path) where these Personal Data are located.
2.2 If the Processor has undertaken in the Agreement to process
Personal data, the Processor will do this with great care and in accordance with the purposes of the processing, taking into account both national and international laws and regulations regarding personal data and the provisions of this Processor Agreement; if and insofar as the Controller has informed the Processor in good time in advance of the presence of Personal Data and the location where these Personal Data are located.
3. Obligations of the Controller
3.1 Controller will make changes with regard to the Processing (if any)
application) and any consequences thereof to the Processor in a timely manner, in principle within 10 working days.
3.2 The Controller guarantees that the order for the Processing of the
Personal data (if applicable) is not unlawful and does not infringe any rights of third parties.
4. Obligations of the Processor
4.1 Processor will only view and/or process the Personal Data if and insofar as this
necessary for the performance of the Agreement and will follow all reasonable instructions from the Controller.
4.2 Processor will not store the Personal Data in a location outside the European Economic Area. For domain registrations it may be necessary to transfer personal data to countries outside the European Economic Area. This is then limited to what is required by the respective registry.
4.3 Processor guarantees that its Personnel complies with the provisions of this
Processing Agreement, if and insofar as they are in any way involved in the Processing of Personal Data. Processor's employees are bound by a duty of confidentiality.
4.4 Processor has appointed a data protection officer.
4.5 At the first request of the Processing Manager, the Processor will immediately hand over to the Processing Officer all copies of the Processing Officer and/or destroy it upon request.
4.6 Processor will take appropriate technical and organizational security measures to
Protect personal data against loss and against unlawful processing. Taking into account the state of the art and the costs of its implementation, these measures guarantee an appropriate level of security in view of the risks involved in the processing and the nature of the data to be protected.
4.7 Processor keeps a register of all categories of processing activities that it performs
has performed on behalf of the Controller.
4.8 The Processor grants the Controller its full and timely cooperation to
To give data subjects access to their personal data, to have their personal data available
delete or correct, and/or demonstrate that this personal data has been deleted or
have been corrected or, if the Controller disputes the point of view of the Data Subject, to record that the Data Subject considers his personal data to be incorrect.
4.9 Processor takes adequate internal control measures to ensure that the obligations arising from this
comply with the agreement and record it in a way that ensures compliance monitoring
makes possible. When Processing Personal Data, activities and incidents related to the Personal Data are recorded in log files.
4.10 At the request of the Controller, the Processor will cooperate with encryption
(encryption) and pseudonymization of Personal Data. If this leads to higher costs for
Processor, Controller will reimburse these costs.
4.11 The Controller can have the Processing of Personal Data checked once a year for correct compliance with the Processor Agreement by means of an investigation by an independent register EDP Auditor. The Auditor will be bound to secrecy. Processor will provide all information requested by the Auditor. The Auditor will report to Controller in general terms, but will not provide details about the affected
disclose security measures. The costs of the research will be borne by
4.12 Content and scope of the Processing order and the fee to be paid for it is
in accordance with what is arranged in this regard in the Agreement. Processor will receive instructions from
Controller with regard to the processing and/or storage of Personal Data
5.1 The Processor can outsource the performance of the Processor Agreement in whole or in part to a Sub-processor. The Processor remains the contact person for the Controller at all times and is responsible for compliance with the provisions of this Processor Agreement.
5.2 The Processor will impose the same obligations on the Sub-processor – and record this in writing in a contract – as arise for itself from this Processor Agreement and monitor compliance with these by the Sub-processor. Processor is fully liable to Controller for the consequences of outsourcing work to a Sub-processor.
5.3 An exception to Article 5.1 and 5.2 is the outsourcing of domain name registrations. Depending on the Top Level Domain, your personal data may be made public and/or the processor cannot guarantee the security of your personal data.
6. Provision of Personal Data
6.1 The Processor is not permitted to provide Personal Data to others than
To be provided by the Controller, unless on the basis of a legal obligation or for the purpose of the agreement with the Controller.
6.2 If Processor is required to provide Personal Data on the basis of a legal obligation, Processor will:
verify the basis of the request and the identity of the applicant and, prior to the
provision, inform the Controller in this regard;
limit the provision to what is legally required;
Enabling the Controller to exercise the rights of the Controller and Data Subjects and to defend the interests of the Controller and the Data Subjects; upon issue to a Data Subject, provide the data in a structured, common and machine-readable form.
7.1 Controller and Processor will take appropriate technical and organizational
measures to ensure a level of security appropriate to the risk, so that the Processing complies with the requirements of the GDPR and other Applicable Laws and Regulations regarding the Processing of Personal Data and the protection of the rights of Data Subjects is guaranteed. The security measures taken by the Processor are included in Appendix A.
7.2 Controller and Processor will make every effort to
To secure and keep personal data secure against intruders and external disasters as well as against careless processing, unlawful disclosure or unauthorized disclosure and against loss, destruction or damage. Both parties ensure that their IT facilities and equipment are physically protected against unauthorized access and against damage and malfunctions and take measures to prevent unauthorized access to information systems.
7.3 Controller and Processor will continuously monitor whether the
processing systems (continue to) meet adequate requirements of confidentiality, integrity,
availability and resilience (quick recovery after temporary unavailability).
7.4 If the Controller requests this in writing, the Processor will take special measures for the security and/or secrecy thereof with regard to the (categories of) Personal Data indicated therein. If this leads to higher costs for Processor, Controller will reimburse these costs.
8. Data breach
8.1 When a Data Leak occurs at the Processor, the Processor will report this immediately, but in any case within 24 hours, to the Controller, stating the nature of the Data Leak, the (probable) consequences thereof and the measures that have been taken to remedy the consequences. or limit.
9.1 All data of the Controller and its customers are confidential and will be treated as such by the Processor. The Processor is obliged to maintain the confidentiality of all Personal Data and information that it processes, or of which it becomes aware in the context of the Agreement or this Processor Agreement.
9.2 The confidentiality does not apply to information:
Which is publicly known without this disclosure being the result of an unauthorized act; Disclosure of which is required by any statutory provision or Court order, subject to prior written notice from the disclosing party to the party whose information it concerns; Which a Party has independently developed;
Which a Party already possesses without any obligation of confidentiality.
After termination of this Processor Agreement, this article and the
duty of confidentiality remain in force.
10. Intellectual property
10.1 All Intellectual Property Rights, including copyrights, database rights and all other intellectual property rights as well as similar rights to protect information on the collection of data and Personal Data, copies or adaptations thereof, rest with the Controller (or a customer of the Controller).
10.2 All intellectual property rights – including copyrights, database rights and all other intellectual property rights as well as similar rights to protect information – on the products and services of the Processor are vested in the Processor.
11. Liability and insurance
11.1 Processor is liable for damage suffered by the Controller and fines that
The Controller forfeits as a result of non-compliance with, or acting contrary to, the Processor with regulations under or pursuant to the Personal Data Protection Act and/or European regulations and guidelines with regard to the protection of personal data and/or other relevant legislation and/or this Processor Agreement.
11.2 The Processor's liability for damage suffered by the Controller
and/or forfeited fines as referred to in Article 11.1 is limited to € 5 per event. This limitation of liability will lapse if and insofar as the damage is the result of intent or gross negligence (conscious recklessness) on the part of the Processor.
11.3 Controller indemnifies Processor against claims from third parties (in particular
data subjects) and any damage resulting therefrom, based on non-compliance with
regulations under or pursuant to the Personal Data Protection Act and/or European regulations and guidelines with regard to the protection of personal data and/or other relevant laws and regulations and/or this Processor Agreement.
11.4 Processor undertakes to cover the risks as referred to in Articles 11.1 to 11.2
through liability insurance.
12. Duration and Termination
12.1 The Processor Agreement enters into force on the date of signature by the Parties.
12.2 The provisions on duration and termination of the Agreement apply as provisions on duration and termination of the Processor Agreement. When the Agreement ends for whatever reason, the Processor Agreement also ends.
12.3 In the event of termination of the Processor Agreement, the Processor will transfer all Personal Data to the Controller, or, at the explicit written request of the Controller, destroy the Personal Data that the Processor has in its possession.
12.4 Obligations which, by their nature, are intended to be fulfilled even after termination of the
Processing Agreement to continue, will continue to apply after termination. To these obligations
include the provisions on confidentiality, transfer and destruction,
liability and applicable law.
13.1 Each Party may dissolve the Agreement in whole or in part if the other party
imputably fails in the fulfillment of the Processor Agreement and the shortcoming has not been remedied even after notice of default, without prejudice to the right to compensation.
13.2 Each Party may dissolve the Agreement in whole or in part with immediate effect without notice of default if the other party is granted a moratorium, if bankruptcy is filed with regard to the other party, if the other party's company is liquidated or terminated other than for the purpose of reconstruction or amalgamation of companies.
14.1 Amendments to this Agreement or additions thereto will be made between Processor and
Controller agreed in writing. Changes or additions will be
set out in an addendum to this agreement and are binding if this addendum is agreed upon by both
Parties is signed.
14.2 Any disputes arising out of this agreement will, after an attempt to
dispute to be resolved by mutual agreement has proved fruitless, shall be settled by arbitration
according to the rules and procedures of the Netherlands Arbitration Institute, whereby the arbitrator(s)
Dutch law will apply.
Flexamedia uses the Nederland ICT Conditions 2014 from the trade association Nederland ICT.
The Netherlands ICT Conditions 2014 have been filed with the Central Netherlands Chamber of Commerce under number 30174840.
Flexamedia, located at Guntersteinweg 377 2531KA The Hague, is responsible
for the processing of personal data as shown in this privacy statement.
https://flexamedia.nl Guntersteinweg 377 2531KA Den Haag 085 9026700
Personal data that we process
Flexamedia processes your personal data because you use our
services and/or because you provide them to us yourself. Below you will find an overview
of the personal data we process:
- First and last name
- Date of birth
- Address data
- Telephone number
- E-mail address
- IP address
– Other personal data that you actively provide, for example by creating a profile on
this to create a website, in correspondence and by telephone
- Location data
- Information about your activities on our website
– Data about your surfing behavior across different websites (for example
because this company is part of an advertising network)
– List of customer contact details via an app
- Internet browser and device type
- Bank account number
Special and / or sensitive personal data that we process
Our website and/or service does not intend to collect data about
website visitors who are younger than 16 years old. Unless they have permission from
parents or guardian. However, we cannot check whether a visitor older than 16
is. We therefore advise parents to be involved in the online activities of their children
children, to prevent data about children being collected
without parental consent. If you are convinced that without it we
consent to have collected personal information about a minor, please
please contact us via email@example.com and we will remove this information.
For what purpose and on what basis we process personal data
Flexamedia processes your personal data for the following purposes:
- Handling your payment
- Sending our newsletter and / or advertising brochure
– To be able to call or e-mail you if this is necessary to provide our services
- To inform you about changes to our services and products
- To deliver goods and services to you
– Flexamedia analyzes your behavior on the website in order to
improve and tailor the range of products and services to your
– Flexamedia also processes personal data if we are legally obliged to do so,
such as information that we need for our tax return.
Flexamedia does not make decisions based on automated processing
matters that can have (significant) consequences for people. It is about this
decisions made by computer programs or systems, without
there is a person (for example an employee of Flexamedia) in between. Flexamedia
uses the following computer programs or systems: [complete with name of
the system, why it is used, underlying logic, importance and expected
consequences for the person concerned
How long we store personal data
Flexamedia does not store your personal data longer than is strictly necessary to
to realize the purposes for which your data is collected, with a maximum of 6 months.
Sharing personal data with third parties
Flexamedia does not sell your data to third parties and only provides it
if this is necessary for the execution of our agreement with you or to
comply with a legal obligation. With companies that process your data in
our assignment, we conclude a processor agreement to ensure the same
level of security and confidentiality of your data. Flexamedia stays
responsible for these processing operations.
Cookies, or similar techniques, that we use
Flexamedia only uses technical and functional cookies. And analytical cookies
that do not invade your privacy. A cookie is a small text file that
the first visit to this website is saved on your computer, tablet or
smart phone. The cookies we use are necessary for technical
operation of the website and your ease of use. They make sure that the website goes to
works properly and remember, for example, your preferred settings. We can also
optimize our website with this. You can opt out of cookies by your
your internet browser so that it no longer stores cookies. In addition, you can
also all information previously stored via the settings of your browser
View, modify or delete data
You have the right to view, correct or delete your personal data.
In addition, you have the right to withdraw your consent to the
withdraw data processing or object to the processing of your
personal data by Flexamedia and you have the right to
data portability. That means you can submit a request to us
to send the personal data we have about you in a computer file to you or
another organization mentioned by you. You can request access,
correction, deletion, data transfer of your personal data or request
to withdraw your consent or object to the processing of your
send personal data to firstname.lastname@example.org. To make sure it
request for access has been made by you, we ask you for a copy of your proof of identity
to send with the request. Make in this copy your passport photo, MRZ (machine
readable zone, the strip with numbers at the bottom of the passport), passport number and
Citizen Service Number (BSN) black. This is to protect your privacy. We respond
as soon as possible, but within four weeks, at your request. Flexamedia wants you there too
point out that you have the option to lodge a complaint with the national
supervisor, the Dutch Data Protection Authority. You can do that via the following link:
How we protect personal data
Flexamedia takes the protection of your data seriously and takes appropriate
measures to prevent misuse, loss, unauthorized access, unwanted
disclosure and unauthorized modification. If you have the impression that
your data is not properly secured or there are indications of misuse, please
contact our customer service or via email@example.com
What are cookies?
Cookies are small text files that are temporarily placed on your PC, tablet or mobile phone by an internet page. The following websites place cookies or similar techniques:
Below you can read which cookies we use with their functionality.
Thanks to these cookies, you do not have to enter or download the same information every time you come back to us. Think of saving products in your shopping cart or remembering a login. In addition, the chat function with our service desk is made possible by means of cookies.
Flexamedia uses Google Analytics to investigate the use of the websites in order to gain insight into how and how often websites and pages are visited. On the basis of this information, Flexamedia can make adjustments and improvements and Flexamedia ensures that the websites continue to work optimally. Flexamedia processes anonymous statistics about visits to the websites.
Would you rather not have cookies?
Cookies can be easily removed via your browser. Please note that the websites may not function optimally without cookies. Below you will find a list of the most commonly used browsers and a link to more information about deleting cookies:
Notice and Takedown procedure at Flexa Media BV
If you see content (text or image) on a website that is unlawful or punishable and you cannot get in touch with the owner of the website or are unable to resolve it, please report this to us. Of course it has to be a website that is hosted by us.
What is a Notice and Takedown procedure?
The Notice and Takedown procedure is intended for complaints about the content of a website. Via this procedure you can contact the hosting provider where the website is hosted, if it has not been possible to (successfully) file the complaint with the content placer or the owner of the website. This may be because you do not receive a response or the responsible party does not want to take action on the report, but also if the contact information is missing on the website.
The Notice and Take Down procedure states what the parties involved must do with a report.
Content eligible for the Notice and Takedown procedure
Examples of illegal or punishable content:
- child pornography
- plagiarism, copyright and/or trademark infringement
- discrimination, hatred, racism, libel and slander
- supply of illegal or stolen goods
- data that can lead to identity theft
- Invasion of privacy
- cyber stalking
- texts that incite to terrorism
Order of reporting
- The person or organization who posted the content
If you notice illegal or criminal content on a website, please contact the person or organization that posted the content. This can be the owner of the website, but it doesn't have to be. In a forum, all kinds of people post messages on the website.
- The administrator or owner of the website
If this person or party does not respond, please contact the administrator of the forum or the owner of the website. The contact details are usually on the contact page. Sometimes you can contact us via a contact form.
- The domain name holder
Sometimes the domain name owner is another person or organization from the website.
- . Nl
You can find the owner of a .nl domain name via nl
- . Be
You can find the owner of a .be domain name via DNS Belgium
- . EU
The owner of a .eu domain name can be found via eu
- . Info
The owner of a .com domain name can be found via info
- .com, .org, .net and almost all extensions
Via from website Domain Toolscan you find out the owner of a .com, .org or .net domain name
- . Nl
- The hosting provider
Contacting the website hosting provider is the next step. on comyou can find out who the hosting provider is. The information shown is not always correct because, for example, the hosting provider may purchase services from another hosting provider.
- The registrar of the domain name
The registrar is also mentioned in the WHOIS details of a domain name (see point 3, the domain name holder).
How can you submit a Notice and Takedown request?
If the website is hosted by us and it is not possible to reach a solution with the administrator of the website, the domain name holder or with the person or organization that posted the content, you can submit a request to us for the Notice and Execute takedown procedure.
In order to carry out this procedure properly and carefully, it is important that you provide us with sufficient information or evidence. Indicate, among other things, where exactly the content is located, for example by providing direct URLs, and why it would be unmistakably illegal. Undeniable means that it must be established for us without a doubt that the content is unlawful. You can demonstrate this by, for example, sending us source files or other documents on the basis of which you can demonstrate that you have a certain right that is being infringed. It is also important that you demonstrate, where possible, that the person or organization that published the content was not allowed to do so.
In addition, provide information about the attempts you have made to contact the person or organization that posted the content, the website administrator, or the domain name holder. We would also like to hear the reaction of those persons or organizations and why contact with them did not lead to a solution.
Send an email
Send an email to firstname.lastname@example.org with the subject Notice and Takedown request.
The content of your email must contain at least the following information:
- Your contact details: first name, last name, address, telephone number and e-mail address
- The website to which your complaint relates (the URL or URLs)
- Which information (phrase, paragraph, page, image, video, etc.) on the website in question should be removed in your opinion. It's important to be specific.
- Why the information must be removed, for example due to copyright infringement, discrimination, racism, child pornography, identity fraud, etc. Explain this if necessary. In case of copyright infringement: Please state the original location of the material in question.
- Which steps you have already taken and with what result.
- The period within which the information must be deleted. Provide a reasonable and achievable time frame.
- Evidence that you have already approached other parties, such as the owner of the website, for example in the form of an e-mail.
- If applicable: source files or other documents that serve as evidence of illegality.
- Copy of proof of identity, where your photo and the number of the proof of identity are covered.
Follow-up Notice and Takedown
After receiving all information, we will contact our customer with the request to respond to your request. We give our customer a reasonable period of time within which we expect a response. That period depends on the type of content, but is a maximum of one week.
After our customer's response, we decide whether to take the next step in the context of the Notice and Takedown procedure. For this, we check, among other things, whether there is undeniable illegality. If that is the case, we will make access to the content impossible. We will of course inform both you and our customer of our decision.