Floynk logo

Data Processing Agreement

Data Processing Agreement for Floynk marketplace management services

Probeer Gratis

Data Processing Agreement

Effective Date: January 1, 2025

This Data Processing Agreement ("DPA") forms part of the Terms and Conditions between you ("Controller" or "Customer") and Floynk B.V. ("Processor" or "Floynk") regarding the processing of personal data in connection with Floynk's marketplace management services.

1. Definitions

For the purposes of this DPA:

  • "Applicable Data Protection Law" means all applicable laws and regulations relating to data protection and privacy, including GDPR, CCPA, and other relevant legislation
  • "Data Subject" means an identified or identifiable natural person whose personal data is processed
  • "GDPR" means Regulation (EU) 2016/679 of the European Parliament and of the Council
  • "Personal Data" means any information relating to an identified or identifiable natural person
  • "Processing" means any operation performed on personal data
  • "Supervisory Authority" means an independent public authority established by an EU Member State

2. Scope and Applicability

2.1 Scope of Processing

This DPA applies to the processing of personal data by Floynk on behalf of the Customer in connection with the provision of marketplace management services.

2.2 Role of the Parties

  • Customer acts as the Data Controller
  • Floynk acts as the Data Processor
  • This DPA governs Floynk's processing activities as a processor

2.3 Precedence

This DPA supplements and forms part of the Terms and Conditions. In case of conflict regarding data processing matters, this DPA takes precedence.

3. Processing Details

3.1 Categories of Personal Data

The personal data processed may include:

  • Customer contact information (names, email addresses, phone numbers)
  • Business representative information
  • End customer data from marketplace transactions
  • Order and transaction data
  • User account and authentication data
  • Technical data (IP addresses, device information)

3.2 Categories of Data Subjects

  • Customer employees and authorized users
  • End customers of the Customer's business
  • Website visitors and prospects

3.3 Purpose of Processing

Personal data is processed for the following purposes:

  • Providing marketplace management services
  • User authentication and account management
  • Customer support and communication
  • Service analytics and improvement
  • Compliance with legal obligations

3.4 Duration of Processing

Personal data will be processed for the duration of the service agreement and retained according to our data retention policy as specified in our Privacy Policy.

4. Customer Obligations as Controller

4.1 Lawfulness of Processing

Customer warrants that:

  • It has a lawful basis for processing personal data
  • It has obtained necessary consents from data subjects
  • It complies with all applicable data protection laws
  • It provides appropriate privacy notices to data subjects

4.2 Instructions to Processor

  • Customer provides clear, lawful instructions for processing
  • Processing is limited to what is necessary for service provision
  • Customer ensures instructions comply with applicable law

4.3 Data Subject Rights

Customer is responsible for:

  • Responding to data subject requests
  • Providing necessary information for Floynk to assist with requests
  • Ensuring accuracy of personal data provided to Floynk

5. Floynk's Obligations as Processor

5.1 Processing Instructions

Floynk will:

  • Process personal data only on documented instructions from Customer
  • Ensure processing is limited to the purposes specified in this DPA
  • Not process personal data for its own purposes

5.2 Personnel

Floynk ensures that:

  • Personnel processing personal data are bound by confidentiality
  • Personnel receive appropriate data protection training
  • Access to personal data is limited to authorized personnel

5.3 Technical and Organizational Measures

Floynk implements appropriate technical and organizational measures to:

  • Ensure security of personal data
  • Protect against unauthorized or unlawful processing
  • Protect against accidental loss, destruction, or damage

6. Security Measures

6.1 Security Standards

Floynk maintains security measures including:

  • Encryption of personal data in transit and at rest
  • Access controls and authentication mechanisms
  • Regular security assessments and updates
  • Network security and firewalls
  • Backup and disaster recovery procedures

6.2 Security Incidents

In case of a personal data breach, Floynk will:

  • Notify Customer without undue delay (within 72 hours)
  • Provide available information about the breach
  • Assist Customer in meeting notification obligations
  • Take measures to mitigate the breach

7. Sub-Processors

7.1 Authorized Sub-Processors

Floynk may engage sub-processors to assist in providing services. Current sub-processors are listed in our Sub-Processors document.

7.2 Sub-Processor Requirements

All sub-processors must:

  • Provide adequate guarantees for data protection
  • Be bound by data protection obligations equivalent to this DPA
  • Be subject to regular monitoring and auditing

7.3 Changes to Sub-Processors

  • Floynk will inform Customer of new sub-processors
  • Customer may object to new sub-processors on reasonable grounds
  • If Customer objects, parties will work together to resolve concerns

8. Data Transfers

8.1 International Transfers

If personal data is transferred outside the EEA, Floynk ensures:

  • Transfers are made to countries with adequate protection levels
  • Appropriate safeguards are in place (e.g., Standard Contractual Clauses)
  • Transfers comply with applicable data protection law

8.2 Transfer Mechanisms

Floynk may rely on:

  • European Commission adequacy decisions
  • Standard Contractual Clauses
  • Binding Corporate Rules
  • Other approved transfer mechanisms

9. Data Subject Rights

9.1 Assistance with Rights Requests

Floynk will assist Customer in responding to data subject requests for:

  • Access to personal data
  • Rectification of inaccurate data
  • Erasure of personal data
  • Restriction of processing
  • Data portability
  • Objection to processing

9.2 Technical and Organizational Assistance

Floynk provides reasonable assistance through:

  • Technical measures to facilitate rights fulfillment
  • Provision of relevant personal data
  • Implementation of requested changes where technically feasible

10. Data Protection Impact Assessments

Floynk will assist Customer in conducting Data Protection Impact Assessments when:

  • Required by applicable data protection law
  • Processing activities pose high risk to data subjects
  • Requested by Customer for legitimate reasons

11. Audits and Compliance

11.1 Audit Rights

Customer may audit Floynk's compliance with this DPA through:

  • Review of compliance documentation
  • Third-party audit reports
  • On-site inspections (with reasonable notice)

11.2 Compliance Documentation

Floynk maintains documentation demonstrating:

  • Implementation of technical and organizational measures
  • Training records for personnel
  • Incident response procedures
  • Sub-processor management

12. Data Retention and Deletion

12.1 Retention Period

Personal data is retained:

  • For the duration of the service agreement
  • As specified in our data retention policy
  • As required by applicable law

12.2 Data Return and Deletion

Upon termination of services, Floynk will:

  • Return personal data to Customer (if requested)
  • Delete personal data from its systems
  • Provide confirmation of deletion
  • Retain data only as required by law

13. Cooperation with Supervisory Authorities

Floynk will:

  • Cooperate with supervisory authority investigations
  • Provide requested information and assistance
  • Notify Customer of any supervisory authority contact
  • Assist Customer in responding to supervisory authority requests

14. Liability and Indemnification

14.1 Data Protection Liability

Each party is liable for compliance with its respective data protection obligations under applicable law.

14.2 Indemnification

Customer indemnifies Floynk against claims arising from:

  • Customer's breach of data protection law
  • Customer's unlawful processing instructions
  • Customer's failure to obtain necessary consents

15. Term and Termination

15.1 Term

This DPA remains in effect for the duration of the service agreement.

15.2 Survival

Data protection obligations survive termination for as long as personal data is processed or retained.

16. Amendments

This DPA may be amended:

  • By mutual written agreement of the parties
  • To comply with changes in applicable law
  • To reflect changes in processing activities

17. Contact Information

For data protection matters, contact:

Data Protection Officer
Floynk B.V.
Email: dpo@floynk.com
Address: Company Address
Netherlands

Customer Data Protection Inquiries:
Email: privacy@floynk.com

Last updated: January 1, 2025