Data Processing Agreement
Holvi Payment Services Ltd Published: February 04th, 2021
Version 1.0
1. Scope
Holvi processes the Customers’ data on behalf of the Customer when making available certain related value-added services such as invoicing, reporting, and web shop platform, which may be provided by Holvi or third party service providers. This Data Processing Agreement applies to such processing, and is in force as long as the Customer is using these value-added services. This Data Processing Agreement forms a part of the Terms of Service, and the Customer enters into this Data Processing Agreement by accepting the Terms of Service and using the value-added services.
2. Parties
For the use of value-added services and the hereto related processing on behalf of the Customer regarding personal data that the Customers are turn is collecting, processing and storing on their own customers and/ or contractual parties (i. a. in form of contact information and payment data - “Customers’ Data”), Holvi acts as a data processor and the Customer as a data controller.
3. Basis for processing
Holvi will always process personal data (including Customers’ Data) in accordance with the General Data Protection Regulation 2016/679 (“GDPR”) and the agreements between Holvi and the Customer.
4. Categories of personal data processed
The personal data that Holvi processes on behalf of the Customer includes the information that the Customer transfers to Holvi and Holvi collects on behalf of the Customer (including Customers’ Data). Data types may be further specified in the respective service descriptions.
5. Security and confidentiality
Holvi’s employees processing Customers’ Data are committed to confidentiality when processing that Customers’ Data, and Holvi has taken appropriate technical and organisational measures to ensure the security of processing. Holvi will notify the Customer after becoming aware of a personal data breach that affects the personal data processed on behalf of the Customer.
6. Third parties
To provide payment services and other value-added services for Customers, the Customer accepts that Holvi may engage sub-processors that will provide the same level of safeguards as Holvi acting as a main processor. Third parties that the data may be shared with are listed under here.
7. Co-operation
Holvi will provide the Customer with information necessary to demonstrate compliance with Customer’s compliance with the GDPR and assist the Customer by taking appropriate technical and organisational measures to ensure fulfilment of the controller's obligation to reply to requests by data subjects exercising their rights, and in relation to the security of processing, the notification of personal data breaches and data protection impact assessments, taking into account the information available to Holvi and provided that the Customer is not able to carry out such measures without Holvi’s assistance.
Holvi will contribute to and allow for audits conducted by the Customer or an auditor mandated by the Customer at its expense and at the time and as separately agreed with Holvi.
8. Deletion of the data
At the end of the provision of the services Holvi will delete all personal data of Customers’ Data processed on behalf of the Customer, unless required by law. The Customer acknowledges and accepts that Holvi processes some of the data also in the capacity of a controller, and such data is retained by Holvi in accordance with Holvi’s Privacy Policy.
9. Other provisions
For the sake of clarity, what is agreed on limitations of liability, governing law and venue and amendments on the Terms of Service apply also to this Data Processing Agreement, accordingly.