General Terms and Conditions PCextreme

The rules under which we do business.

PCextreme B.V. | General Terms and Conditions

Version 1.0 | October 2020

These are the General Terms and Conditions of PCextreme B.V., established at Edisonweg 51D in Vlissingen, registered with the Chamber of Commerce under registration number 22053851 and available online at www.pcextreme.nl (hereinafter referred to as: 'the Supplier').

These General Terms and Conditions apply to any Agreement for the provision of Services the Supplier enters into with a natural person who or legal entities that purchases the Services (hereinafter referred to as: 'the Customer').

the Supplier and the Customer are hereinafter jointly referred to as the 'Parties' and individually as the 'Party';

Within the framework of the Supplier's Services, personal data may be processed. The Processing Agreement to which such processing is subject has been included in Annex 1 and forms an integral part of these General Terms and Conditions.


Article 1. Definitions

In these general terms and conditions, all capitalised terms have the meanings set out in this article, both in their singular forms and in their plural forms.

1.1. Account:

every user interface that enables the Customer to manage and configure the Services or certain aspects of the Services after entering login details, as well as the configuration(s) and the files that have been stored for and by the Customer themselves.

1.2. Website:

the Supplier's website, which can be found via the domain referred to in the preamble of these General Terms and Conditions.

1.3. General Terms and Conditions:

the provisions set out in this document.

1.4. Consumer:

a Customer who, rather than in the course of a profession or business, acts in his capacity as a natural person.

1.5. Services:

the products and/or services that the Supplier will provide the Customer pursuant to an Agreement.

1.6. Intellectual Property Rights:

all intellectual property rights and related rights, including but not limited to copyright, database rights, rights to domain names, trade name rights, trademark rights, design rights, neighbouring rights and patent rights, as well as rights to know-how.

1.7. Customer Data:

all data stored by the Customer (or the end users of the Services) via or using the Services, or that the Customer (or the end users of the Services) otherwise provides to the Supplier.

1.8. Materials:

all works, such as websites and applications/web applications, software, corporate identities, logos, flyers, brochures, leaflets, lettering, advertisements, marketing and/or communication plans, drafts, images, texts, sketches, documentation, consultancy, reports and other creations of the mind, as well as the preparatory material thereof and the data carriers (whether or not decoded) on which the Materials are stored.

1.9. Agreement:

every agreement between the Supplier and the Customer pursuant to which the Supplier provides Services to the Customer and of which these General Terms and Conditions and any annexes form an integral part.

1.10. Overview of Supplementary Terms and Conditions:

the online overview of third-party conditions that, in addition to these General Terms and Conditions, apply to certain Services as well. The overview and the relevant conditions can be consulted and downloaded via https://pcextreme.com/terms-conditions.

1.11. Service Level Agreement:

any specific agreement the Parties enter into in which agreements concerning the quality of the Services provided are laid down , which are linked to concrete and measurable key performance indicators.

1.12. High-Risk Applications:

applications as a result of which a defect in the Services could lead to death or serious injury, serious environmental damage or loss of personal or other data resulting in significant consequential loss. Examples of High-Risk Applications are: transportation systems in which a defect could result in derailing trains or aircraft accidents; medical systems in which a defect could result in a patient receiving no treatment or the wrong treatment; systems on which a substantial portion of the population depends for obtaining services, such as the DigiD identification code in the Netherlands; systems storing (large volumes of) medical data or other special categories of data within the meaning of the General Data Protection Regulation (hereinafter referred to as: 'GDPR'), or other highly sensitive information.

1.13. Processing Agreement:

any specific agreement the Parties enter into in which arrangements concerning the handling and protection of personal data are laid down, which will in such case replace Annex 1 of these General Terms and Conditions.

1.14. Working Days:

the days from Monday through Friday, with the exception of official holidays in the Netherlands and other days on which the Supplier has stated in advance that it will be closed.

1.15. Working Hours:

the Supplier's opening hours on Working Days, as indicated on the Website.

Article 2. Applicability and priority

2.1.

These General Terms and Conditions will apply to every offer or quotation made by the Supplier with regard to Services and will form an integral part of every Agreement concerning the provision thereof. This expressly also applies to any future quotations, offers or Agreements in connection with which these General Terms and Conditions have not been provided to the Customer again.

2.2.

Provisions or terms and conditions stipulated by the Customer or other further arrangements between the Supplier and the Customer that differ from or do not appear in these General Terms and Conditions will only be binding upon the Supplier if and insofar as the Supplier has expressly accepted these in writing.

2.3.

Application of any general purchase conditions or other terms and conditions of the Customer is expressly excluded.

2.4.

Insofar as these are applicable, provisions pertaining to specific Services will, in the event of conflict, prevail over the general provisions pertaining to all services.

2.5.

Products and/or services from third parties may also form part of the Services. If that is the case, those products and/or services (or the use thereof) are additionally subject to the general or other terms and conditions of the relevant third party, and will replace any derogating provisions in these General Terms and Conditions. The Customer can consult and download any supplementary conditions via the Overview of Supplementary Conditions.

2.6.

In the event of conflict between the applicable documents, the below ranking order will apply. In all other respects, the applicability of the documents is mutually complementary.

a. Agreement;

b. Service Level Agreement (if applicable);

c. supplementary conditions (if applicable);

d. General Terms and Conditions;

e. Processing Agreement (if applicable).

2.7.

These General Terms and Conditions will take the place of any general or other terms and conditions that were agreed upon with regard to the provision of the Services at an earlier stage. The same applies to any Agreements that have already been entered into.

Article 3. Formation of the Agreement

3.1.

The Customer may use the Website to apply for the Services straight away. The Customer may also request a quotation without obligation. The Agreement is formed when the Supplier sends the email (whether or not that is generated automatically) confirming that the application has been accepted, or the Customer sends an email confirming its acceptance of the quotation. Unless otherwise agreed in writing, this moment is also considered the commencement date for the Services.

3.2.

In derogation from the provisions in Section 6:225(2) of the Dutch Civil Code, the Supplier is not bound by any derogating acceptance by the Customer of an offer from the Supplier.

3.3.

The Supplier is not obliged to accept a request or an acceptance. Grounds for refusal may include, without limitation:

a. the absence of any required information or documentation that is required for entry into the Agreement, which at least includes a copy of a valid, legal identification document and, in the event of representation, sufficient proof of the authority to represent, such as an extract from the Chamber of Commerce or a duly singed power of attorney;

b. errors in the quotation submitted;

c. the Customer being legally incompetent.

3.4.

In the event that the Supplier rejects an application or acceptance, the Supplier will – in principle – inform the Customer thereof within fourteen (14) days of receipt of the application or acceptance, in writing or electronically. Refusal by or absence of a response from the Supplier will under no circumstances lead to liability for any direct or indirect loss that may be suffered as a result.

3.5.

If the Customer is a Consumer, the Customer will have a reflection period of fourteen (14) days from the moment at which the Agreement is formed in which he may cancel the Agreement, in writing, free of charge. The Customer can exercise his right of withdrawal by sending the Supplier an unequivocal statement to that effect within the reflection period. To that end, the Customer can use the model withdrawal form (available via the Website), but is not required to do so.

3.6.

After performance of the Agreement, the right of withdrawal does not apply to Agreements for the provision of Services, if:

a. the performance has commenced with the Customer's express prior consent; and

b. the Customer has expressly waived his right of termination as soon as the Supplier performs the Agreement.

Article 4. Performance of the Agreement

4.1.

After its formation, the Supplier will make every effort to perform the Agreement to the best of its ability and with due care and professional competence.

4.2.

Any delivery periods indicated by the Supplier are only indicative in nature, except if and insofar as this is expressly determined otherwise in writing.

4.3.

The Customer must provide to the Supplier any support that may be required and desirable to enable the correct and timely delivery of the Services. The Customer must in any case provide the Supplier all the data and other information that the Supplier indicates are necessary, or that the Customer should reasonably be able to understand are required in the performance of the Agreement. The term within which the Supplier is required to perform the Agreement will not commence until all the data the Supplier has requested and requires have been received.

4.4.

The Customer will render the Supplier every reasonable assistance in the performance of the Agreement. The Customer will render employees of the Supplier who are carrying out activities at the Customer's offices or working on the Customer's systems for the purpose of supplying Services every assistance they require to be able to perform their activities.

4.5.

If the Customer knows or can assume that the Supplier will need to take additional or other measures in order to comply with its obligations, the Customer will inform the Supplier thereof without delay. This obligation applies, for example, if the Customer knows or should be able to anticipate that the Supplier's systems will be affected by an exceptional peak load, as a result of which there is some degree of probability that Services will become unavailable. Upon receiving warning thereof, the Supplier will make every effort to prevent the Services from becoming unavailable. Unless expressly otherwise agreed in writing, any reasonable additional costs incurred for this purpose will be charged to the Customer.

4.6.

If and where required for the proper performance of the Agreement, the Supplier is authorised to have certain work performed by third parties. Any unforeseen additional costs relating to the above will only be borne by the Customer if this has been agreed upon in writing, in advance. These General Terms and Conditions also apply to all the work that, within the framework of this Agreement, these parties perform as sub-contractors, with due observance of the provisions of Article 2.5.

4.7.

Any changes to the Agreement and any additional work agreed, whether at the Customer's request or as result of the fact that, due to circumstances of whatever nature, an alternative performance is absolutely required, will be deemed to be contract extras if additional costs are involved. Therefore, this is subject to the procedure as laid down in Article 15 (Contract Extras).

Article 5. Accounts

5.1.

If this is part of the Services, the Supplier will – after formation of the Agreement – give the Customer access to an Account by providing login details, or by giving the Customer the option of creating its own login details.

5.2.

All Accounts and the associated login details are strictly confidential and may not be shared with third parties.

5.3.

All actions that are performed using the Customer's Account or an Account created by the Customer will be deemed to take place under the Customer's responsibility and at the Customer's risk. If login details of an Account have been lost or leaked, or the Customer suspects that or may reasonably be expected to suspect or know that an Account is being misused, the Customer must immediately take any measures that may be required or desirable to prevent (further) misuse.

These measures may for instance consist of changing the login details or blocking the Account. In addition, the Customer must immediately inform the Supplier, so that it can take additional measures (if any).

Article 6. Rules of use

6.1.

The Customer is forbidden from using the Services in breach of Dutch law or other laws and regulations to which the Customer or the Supplier is subject and to infringe the rights of other parties.

6.2.

Regardless of whether it is legal, it is forbidden to use the Services to offer or spread materials that:

a. incorporate, or contain a link to, malicious content (such as viruses, malware or other harmful software);

b. infringe on the rights of third parties (e.g. Intellectual Property Rights), or are manifestly defamatory, libellous, offensive, discriminatory or inflammatory;

c. contain information on or information that may aid in infringing third-party rights, such as hack tools or information on computer crime intended to enable readers to commit a crime or have readers commit a crime, and not to enable readers to defend themselves against such crimes;

d. violate the privacy of third parties, which in any case includes, without limitation, the processing of personal data of third parties without permission or another basis; or

e. contain hyperlinks, torrents or links to materials or the location of materials that infringe Intellectual Property Rights;

6.3.

The Customer may only use the Services to distribute solicited or unsolicited commercial, charity-related or idealistic communications with due observance of the applicable laws and regulations.

6.4.

Spreading pornographic Materials via the Services is permitted insofar as this does not cause a nuisance or constitute another breach of these General Terms and Conditions, and only insofar as this option is not excluded in the Agreement.

6.5.

The Customer must refrain from hindering other customers or Internet users or inflicting damage on the systems or networks of the Supplier or other customers. The Customer is forbidden from starting up processes or programs via the Supplier's systems or otherwise that the Customer is aware or may reasonably assume will obstruct or cause a loss to the Supplier, its customers or Internet users.

6.6.

The Customer indemnifies and will hold the Supplier harmless against any type of claim, charges or proceedings instituted by a third party in connection with the content of the data traffic or the Material the Customer, the customers of the Customer and/or other third parties have placed on or distributed via the Service.

6.7.

If, in the opinion of the Supplier, the operation of the computer systems or the Supplier's network or third-party networks and/or service provision via the Internet is hindered, damaged or otherwise at risk, in particular due to the transmission of excessive amounts of email or other data, Denial-of-Service attacks, inadequately secured systems or virus activities, Trojan horses and similar software, the Supplier is authorised to take all reasonable measures it deems necessary to avert or prevent such risk. If and insofar as this can be attributed to the Customer, the Supplier may charge the costs that are reasonably associated with these measures to the Customer.

6.8.

Unless otherwise agreed in writing, the Customer may not use the Services for High-Risk Applications.

6.9.

If the Customer requires any licence or further consent from government authorities or third parties for the Customer's specific use or intended use of the Services, the Customer itself must ensure that it obtains such licence or further consent. The Customer guarantees towards the Supplier that it holds all the necessary licences and/or consent for the Customer's use of the Services.

Article 7. Notice and take-down

7.1.

If a third party informs the Supplier or the Supplier itself concludes that the Services are being used to store or distribute certain materials that infringe third-party rights or are otherwise unlawful, or contravene laws and regulations or the Agreement, the Supplier will inform the Customer of the complaint or the violation as soon as possible.

7.2.

The Supplier will give the Customer an opportunity to respond to the complaint within a reasonable period and take measures if necessary. If the Customer fails to do so, the Supplier itself can take all reasonable measures to put an end to the violation. This may result in certain data being removed or made inaccessible, or access to the Services being blocked in full or in part.

In urgent cases (for example in the event that the Supplier receives reports regarding the possible presence of child pornography), the Supplier may intervene immediately, without warning the Customer. If the Customer is a Consumer, the only form of immediate intervention available to the Supplier will be to remove or block the unlawful material. In such case, the Supplier's statutory rights of suspension and other statutory rights will continue to apply in full.

7.3.

In the event that the materials concern materials that may constitute a criminal offence, the Supplier is entitled to report this to the authorities. The Supplier may in this connection hand over the relevant materials and any relevant information on the Customer and third parties (including customers of the Customer) to the competent authorities and perform all other acts that these authorities request that the Supplier perform as part of the investigation.

7.4.

The Supplier will not be liable for any loss of the Customer, the latter's customers or the end users as a result of a shut-down of the Services or the removal of materials in connection with the procedure described in this article.

7.5.

The Supplier is entitled to provide the name, address and other data identifying the Customer or end user concerned to a third party that has complained that the Customer has violated its rights, provided that the relevant statutory requirements or requirements according to case law have been complied with.

7.6.

The Customer will indemnify the Supplier against any third-party claims based on the assertion that the materials that are stored or distributed using the Services infringe its rights or are otherwise unlawful.

Article 8. Domain names and IP addresses

8.1.

If and insofar as the Services (also) pertain to the provision and/or management of domain names and/or IP addresses, the provisions of this Article 8 will apply.

8.2.

In providing or managing domain names, the Supplier will act as an intermediary between the Customer and the party providing the domain name registration and domain name management services. The Customer expressly authorises the Supplier to do so, and perform the other acts as described in this Article 8.

The Supplier has no influence on the distribution of domain names. The Supplier is not obliged to guarantee the continuity or the right of existence of a registered domain.

8.3.

Provision of, application for, assignation of and possible use of a domain name and/or IP address depend on and are subject to the applicable rules and regulations of the registration authorities concerned, such as the Foundation for Internet Domain Registration in the Netherlands where it concerns .nl domain names (Stichting Internet Domeinregistratie Nederland, SIDN), and Réseaux IP Européens (RIPE) for IP addresses. The Supplier does not guarantee that an application will be honoured. The relevant authorities decide on the assignation.

8.4.

The Customer is obliged to observe the rules set by the registration authorities with regard to the application for and the assignation and use of a domain name. The various domains are managed by different, usually national organisations. All of these organisations have their own general and other terms and conditions with regard to the registration of the relevant domains and sub-level domains, as well as their own regulations with regard to domain name disputes. If domain names are the subject of the Agreement, the additional terms and conditions of – among others – each relevant gTLD (general Top Level Domain) and ccTLD (country code Top Level Domain) will apply. The relevant supplementary conditions can be consulted via the Overview of Supplementary Conditions.

8.5.

The Customer is informed exclusively of the registration by the confirmation from the Supplier, stating that the requested domain name or the IP address has been registered. An invoice for the costs of registration is not a confirmation of registration.

8.6.

The Customer will always inform the Supplier immediately, and in any event within five calendar days, in writing, of any changes relating to the domain holder's details.

8.7.

When using the domain names and/or the IP addresses, the Customer is required to comply with laws and regulations and any conditions set by the registration authorities. Such use takes place entirely under the responsibility of the Customer. The Customer indemnifies the Supplier against any and all loses associated with the use of a domain name or IP address on behalf of or by the Customer. The Supplier is not liable for the Customer losing its right(s) in respect of a domain name (for example in the event of termination by the Customer itself or as a result of decisions in domain name disputes) or in the event that, in the interim, the domain name is applied for and/or obtained by a third party. In such cases, the Customer will not be entitled to a replacement domain name or restitution, except in the event of a wilful act or deliberate recklessness on the part of the Supplier.

8.8.

Notwithstanding the provisions of Article 8.2, the Supplier is authorised to render the domain name and/or IP address inaccessible or unusable or (where applicable) transfer or arrange for the transfer of the domain name and/or IP address to its own name if the Customer demonstrably fails to comply with the Agreement, which action will however only be taken following the expiry of a reasonable term in which to comply with the Agreement after all, as set out in a written notice of default.

8.9.

The IP addresses made available to the Customer will continue to be under the management of the Supplier or its suppliers, and unless otherwise agreed in writing, the Customer cannot take these with it in the event of termination of the Agreement. Multiple customers of the Supplier may operate under a certain IP address. The Supplier has the right to change the IP address or assign the Customer another address at any time.

8.10.

In the event of termination of the Agreement in connection with a breach of contract on the Customer's part, the Supplier will – despite the fact that it is only acting as an intermediary – be authorised to cancel a domain name of the Customer, without being liable for any resulting loss in any way.

Article 9. SSL/TLS certificates

9.1.

If and insofar as the Services (also) pertain to the provision and/or management of SSL/TLS certificates, the provisions of this Article 9 will apply.

9.2.

The application and allocation procedure for SSL/TLS certificates is subject to the rules and procedures of the certifying authority that issues the SSL/TLS certificate. The relevant certifying authority decides on the allocation of the SSL/TLS certificate and, to that end, will perform the required checks. The Supplier will only act as an intermediary with regard to the application, and cannot guarantee that any application will be honoured.

9.3.

Unless it is withdrawn early, the SSL/TLS certificate is valid for the agreed term. Despite the fact that is only acting as an intermediary, the Supplier and the relevant supplier can revoke the SSL/TLS certificate immediately in the event that:

a. it is established that the Customer has provided incorrect information for the benefit of acquiring the SSL/TLS certificate; or

b. in the opinion of the Supplier and/or the relevant supplier, the reliability of the SSL/TLS certificate has been compromised.

c. In using the SSL/TLS certificate, the Customer is obliged to comply with the applicable laws and regulations and all the conditions set by the certifying authority.

9.4.

When using the SSL/TLS certificate, the Customer is required to comply with laws and regulations and all conditions set by the registration authorities or certifying authorities. During the order procedure, the Supplier will refer to these conditions.

9.5.

If the SSL/TLS certificate is revoked, the Customer will not be entitled to a replacement SSL/TLS certificate or restitution of the costs of the SSL/TLS certificate by the Supplier, unless the revocation can be blamed on an attributable default on the Supplier's part. In such case, the Supplier will provide a new SSL/TLS certificate to replace the original SSL/TLS certificate for the remainder of the term of the original certificate. In other cases, the Customer will have to rely on the conditions of the relevant certifying authority.

9.6.

Unless otherwise agreed in writing, the Supplier will make a reasonable effort to inform the Customer when the SSL/TLS certificate is about to lapse and needs to be renewed. However, the Customer itself will at all times remain responsible for renewing SSL/TLS certificates in a timely manner.

Article 10. Installation and configuration of software

10.1.

Unless otherwise agreed in writing, the Customer itself will bear full responsibility for the installation and configuration of the Services. The Supplier can charge costs to the Customer for any support in this connection.

10.2.

Except in the event that and insofar as this follows from the nature of the Service (for example in the event of non-managed virtual private servers), the Customer will not be authorised to independently make adjustments or install software within the Services managed by the Supplier (such as, without limitation, online workplaces and virtual private servers) without the Supplier's written permission.

10.3.

If and insofar as the Services (also) pertain to the installation and/or configuration of software, Article 10.4 will apply.

10.4.

If the Customer wishes to modify the software independently, this will be entirely at the Customer's own risk and responsibility, unless the Customer has reported the intended modification to the Supplier beforehand and the Supplier has approved it, in writing. The Supplier may make such approval subject to conditions.

Article 11. Dedicated hosting

11.1.

If and insofar as the Services (also) pertain to dedicated hosting, the provisions of this Article 11 will apply.

11.2.

In the event of dedicated hosting, the Customer will make personal hardware available to the Customer. This means the storage space and capacity of the hardware will not be shared with other customers of the Supplier. The hardware is and will continue to be the property of the Supplier.

11.3.

The Customer is not entitled to access to the server room, unless, pursuant to the Agreement, it is explicitly responsible for the installation and/or the maintenance with regard to the hardware and access is required in light thereof. Access to the server room is subject to the provisions laid down in Article 13.

11.4.

The Supplier has the right to assign different hardware to the Customer, provided that, such replacement hardware reasonably complies with the requirements that applied to the original hardware. In such case, the Supplier will draw up a plan of action for the planned move with the Customer in advance, except in urgent cases.

Article 12. Colocation

12.1.

If and insofar as the Services (also) pertain to colocation, the provisions of this Article 12 will apply.

12.2.

Within the framework of colocation, the Supplier will only make server room, network facilities and energy facilities available to the Customer. The Customer must provide the hardware itself.

12.3.

The Customer is not entitled to access to the server room, unless, pursuant to the Agreement, it is explicitly responsible for the installation and/or the maintenance with regard to the hardware and access is required in light thereof. Access to the server room is subject to the provisions laid down in Article 13.

12.4.

The Supplier may move the Customer's hardware to a different room in the data centre or to another data centre, provided that the replacement room reasonably meets the requirements that applied for the original room. The Supplier and the Customer will determine the time of the move in mutual consultation, on the understanding that the Customer will always allow the Supplier to perform the move within 14 days of such consultation. If, pursuant to the Agreement, the Customer itself is responsible for the maintenance of the hardware, the Customer will move the hardware within a reasonable term of a maximum of fourteen (14) days of the Supplier's request to that end. In urgent cases, the Supplier may at all times move the server itself.

12.5.

Each Party will bear its own expenses that are associated with the move referred to in the preceding sentence.

12.6.

The Customer guarantees that the hardware will not cause damage to the server room or any third-party hardware or cabling in the server room, and will not interfere with or affect its operation.

12.7.

The Supplier is authorised to move, switch off or remove the hardware if, in its professional opinion, it considers this required, without being liable for any resulting loss in any way.

12.8.

The Customer is obliged to take out adequate insurance for the hardware and keep it insured. At the Supplier's first request, the Customer will provide the policy for the insurance the Customer has taken out.

12.9.

If the Customer fails to comply with the Agreement, the Supplier will be authorised to keep the hardware until the Customer has complied with all its payment obligations.

Article 13. Access to the server room

13.1.

The Customer will only have access to the server room if this explicitly follows from the Agreement and is required for the installation or maintenance of and/or moving the hardware. When accessing the server room, the Customer is required to follow all the conditions set by and reasonable instructions given by the Supplier and/or the relevant third party.

13.2.

The Customer will only have the hardware maintained by sufficiently skilled and competent personnel. Except with the Supplier's written permission, third parties (such as the Customer's customers) may not be given access to the server room.

13.3.

The Customer will perform the installation and maintenance activities with regard to the hardware as efficiently as possible without causing a nuisance to the Supplier or others.

13.4.

The cabling in the server room (including, in any case, the cabling in shared racks and under the floors) will only be installed by the Supplier. The Customer is only responsible for the cabling in private racks.

13.5.

Except with the Supplier's written permission, making changes to the server room is expressly forbidden. If the Customer has made changes to the server room without written permission, the Supplier will be entitled to require that the server room be restored, or restore it (or have it restored) at the Customer's expense.

13.6.

The Supplier will be authorised to enter the server room at any time to check that the Customer is complying with the regulations and any supplementary conditions, procedures and instructions as described above.

13.7.

In the event that the hardware is removed or the Agreement is terminated, the Customer will make the server room available to the Supplier in the condition it was in upon commencement of the Agreement.

13.8.

If the Customer fails to comply with the Agreement, the Supplier will be authorised to deny the Customer access to the server room. If the Customer is a Consumer, this provision only applies if the Customer is in default.

Article 14. Resale of Services

14.1.

The provisions of this Article 14 apply unless the Customer is a Consumer and it is evident from the nature of the relevant Service that it is intended for resale and/or insofar as the Agreement (also) explicitly pertains to resale of Services.

14.2.

The Customer may resell the Services. Unless otherwise agreed in writing, the Customer can only do so in combination with or as part of the Customer's own products or Services and without explicitly naming the Supplier as its supplier or subcontractor (for example in the service description or in advertisements) (hereinafter referred to as: 'White-Label' resale). The Customer indemnifies the Supplier and will hold the Supplier harmless against all claims from its customers. The Supplier may furthermore act in full in the event that the relevant Customer breaches these General Terms and Conditions.

14.3.

Unless otherwise agreed in writing, the Customer will, in the event of resale, be acting in its own name and at its own expense and risk. The Customer is expressly forbidden from entering into agreements for or on behalf of the Supplier or creating the impression that it is acting as an agent or representative of the Supplier.

14.4.

In the event of resale, the Customer will be responsible for offering support in respect of those Services of the Supplier that it has resold to its customers.

14.5.

The Customer is required to impose on its customers at least the same obligations as those applied by the Supplier with regard to the Services. The Supplier may require the Customer to provide evidence thereof. In the event of resale of Services within the framework of domain name registration, the Customer must, at the Supplier's request, provide access to the assignment confirmations with regard to the registration of domain names for the benefit of the Customer's customers.

14.6.

A failure on the part of the Customer's customers to pay or pay in time does not release the Customer from its payment obligations towards the Supplier.

14.7.

If it has been agreed that the resale will take place other than on a White-Label basis, the Customer may only communicate that it makes use of the Services in a business-like manner and may not make use of the Supplier's trade names, brand names, logos or other distinguishing marks in any other respect, except with the Supplier's express permission. The Customer must always strictly comply with any instructions of the Supplier with regard to the use of such distinguishing marks.

14.8.

The Supplier will contact customers of the Customer primarily via the Customer. In urgent cases, however, such as in the case of (imminent) loss, or of nuisance to third parties due to activities of the customer concerned, the Supplier will be authorised to contact customers of the Customer directly, unless otherwise agreed in writing.

14.9.

The Customer will at all times be fully liable towards the Supplier for what its customers do or fail to do via the Services provided by the Supplier. The Customer will indemnify the Supplier against any third-party claims in this connection.

14.10.

In the event of termination or dissolution of the Agreement in connection with breach of contract by the Customer, the Supplier will be authorised to approach the Customer's customers and offer to continue providing the Services itself or have the provision of the Services continued by another reseller. At the Supplier's first request, the Customer will provide all contact details and other data required for this.

Article 15. Contract Extras

15.1.

The Customer may at any time request that the Supplier carry out work that is outside the scope of the Agreement (i.e. request 'contract extras'). The Supplier is however not obliged to comply with such requests.

15.2.

In the event of contract extras, the Supplier will inform the Customer in advance of the (estimated) costs associated with this and will only carry out the contract extras following the Customer's approval. The above will however not apply in the case of contract extras that are required in connection with the Services already agreed. Such contract extras can be carried out on the basis of subsequent costing, without the Customer's permission being required.

15.3.

When carrying out contract extras, the Supplier will always base itself on the agreed rates or, if none have been agreed, on the customary rates. The Supplier can demand that a supplementary agreement be entered into for the carrying out contract extras.

Article 16. Storage and data limits

16.1.

The Supplier may impose a maximum for the capacity (with regard to, for example, the volume of data traffic, processing capacity, memory, storage or electricity) that the Customer may or can actually use within the framework of the Services.

16.2.

If such maximum is exceeded, the Supplier will be entitled to charge additional costs or (following a written warning) restrict the use of the Services or reduce it to the permitted capacity.

16.3.

If a specific limit or capacity applies for the Services, this can be raised or reduced in consultation with the Supplier. An increase in or upgrade of the Services may be implemented with immediate effect, while a decrease or downgrade may only be implemented as of the date of the first renewal of the Agreement, and subsequently as of the end of every month, with due observance of a notice period of one (1) month.

16.4.

Any data traffic credit awarded to the Customer cannot be transferred to a subsequent month, another agreement or another customer of the Supplier.

16.5.

The Supplier will not be liable for the consequences of it being impossible to send, receive, store or change data or any incorrect operation of the Services if the Customer exceeds an agreed limit (for instance, the volume of data traffic, processing capacity, memory, storage or electricity).

Article 17. Fair use

17.1.

If no limit has been set for the capacity (with regard to, for example, the volume of data traffic, processing capacity, memory, storage or electricity) for the Services, a fair use policy will apply to the Services concerned.

17.2.

The Supplier can further specify the fair use policy, which will in such case be made available to the Customer in writing or be available for consultation on the Website. The Supplier reserves the right to amend or supplement the policy at any time and will, in such case, inform the Customer in writing in advance.

17.3.

If there is no expressly defined fair use policy, it will be understood to mean that the Customer may use at most twice as much capacity as other customers of the Supplier that purchase the same or comparable Services in comparable circumstances.

17.4.

If the use of the Services exceeds the fair use policy, the Supplier will be entitled to limit or block the Services, or offer the Customer an alternative Service. If the limits are exceeded, the Supplier will not be responsible if the Services do not function or do not function correctly.

Article 18. Availability, maintenance and support

18.1.

The Supplier will make every effort to ensure good and uninterrupted availability of the Services and the associated systems and networks, and to realise access to the details the Customer has stored through these. However, unless otherwise agreed in the offer by means of a Service Level Agreement (SLA) that has been designated as such, the Supplier provides no guarantee with regard to the quality or availability

18.2.

The performance of maintenance, whether or not as part of the Services provided, may temporarily cause the Services to be unavailable or restricted. If the Supplier foresees that any specific maintenance will result in full or partial non-availability, the Supplier will make every effort to carry out the work at times when the use of the Services is limited.

18.3.

The Supplier will make every effort to announce any maintenance work at least two Working Days in advance, whether or not it is performed as part of the Services provided. Emergency maintenance may however be performed at any time, even without prior announcement thereof to the Customer.

18.4.

Insofar as the applicable SLA does not stipulate otherwise, the Supplier will keep itself available for a reasonable level of remote customer support during Office Hours. Requests for support from the Customer that cannot be handled easily will, at the Supplier's discretion, be considered 'contract extras'. The procedure laid down in Article 15 will therefore apply to those requests.

18.5.

Unless otherwise agreed in the Service Level Agreement (SLA), the Supplier will make every effort to respond to any request for support as soon as possible, but cannot provide any guarantees in respect thereof.

18.6.

If and insofar as the Services (also) pertain to the Supplier's maintenance of software, the provisions of Article 18.7 through Article 18.9 apply.

18.7.

The Supplier will make every effort to keep the software used for the Service up-to-date. However, in this respect, the Supplier is dependent on its supplier(s). The Supplier is authorised to not decide against installing certain updates or patches if, in its opinion, this is of no benefit to a correct service provision.

18.8.

The Supplier will make every effort to adapt the software from time to time in order to improve functionality and correct errors. In the event of new functionalities or modifications that can substantially change software operation, the Supplier will make every effort to inform the Customer thereof in advance.

18.9.

The Supplier will make every effort to add any modifications and new functionalities requested by the Customer to the software. However, the Supplier will at all times be authorised to refuse such a request if, in its opinion, it is unfeasible or if this may compromise the proper performance, controllability or availability of the software.

Article 19. Back-ups

19.1.

Unless otherwise agreed, the Supplier is not obliged to create back-ups. The Supplier may choose to create back-ups of its own accord. These back-ups will in such case be created to be used in the event that there is a breakdown on the Supplier's side. In addition, the Customer can agree with the Supplier that it will purchase Services within the framework of creating back-ups and making these available to the Customer. The other provisions in this article will only apply if this is the case.

19.2.

Any efforts made by the Supplier within the framework of the back-ups for the benefit of the Customer and at the Customer's request will be made for an additional payment. Insofar as the Parties have not agreed otherwise, the payment will be calculated on the basis of the hourly rate the Supplier applies at the time.

19.3.

With regard to the back-ups, the Customer itself will at all times be responsible for the accuracy of the data and any recovery of the back-ups (and the check that precedes such recovery). The back-ups made may be destroyed after termination of the Agreement. The Customer will at all times be responsible for requesting a spare copy in the event of termination.

Article 20. Intellectual Property

20.1.

All Intellectual Property Rights to all the Materials developed or made available by the Supplier as part of the Agreement are vested exclusively in the Supplier or its licensors.

20.2.

The Customer will only acquire the user rights and powers expressly assigned in writing in these General Terms and Conditions, the Agreement or otherwise, and the Customer may not reproduce these Materials or make these public in any other respect.

An exception to the above will be made if its failure to assign such right to the Customer in an explicit manner was indisputably a mistake on the Supplier's part. However, at all times, providing the source code of Materials is only mandatory where this is expressly agreed upon or required pursuant to mandatory law.

20.3.

Unless and insofar as this has been otherwise agreed in writing, the Customer is forbidden from removing or modifying any references relating to Intellectual Property Rights from Materials of the Supplier or its licensors, which includes references relating to the confidential nature and secrecy of the Materials of the Supplier or its licensors.

20.4.

The Supplier is permitted to take technical measures to protect its Materials. If the Supplier has protected these Materials using technical safeguards, the Customer is forbidden from removing or circumventing such protection, except if and insofar as mandatory law provides otherwise.

Article 21. Customer Data

21.1.

All rights to Customer Data, including any Intellectual Property Rights to which these are subject, will be vested in the Customer. The Supplier will not claim any ownership thereof.

21.2.

The Customer hereby grants the Supplier a limited right of use to use the Customer Data during the term of the Agreement insofar as this is necessary for the provision of the Services.

21.3.

Unless otherwise agreed in writing, the Supplier will not be obliged to upload and/or migrate Customer Data as part of the Services. The Supplier may charge the Customer separately for support in this connection.

21.4.

If and insofar as the Customer Data consist of personal data, the arrangements as laid down in Appendix 1 apply.

21.5.

If the Agreement is terminated, the Supplier will – regardless of the reason for such termination – destroy or delete the Customer Data as soon as possible, with due observance however of the provisions of Article 28 (Exit regulations).

Article 22. Prices

22.1.

Unless expressly otherwise stated in respect of any amount, all prices stated by the Supplier are exclusive of turnover tax (VAT) and other duties levied by the government.

22.2.

If a price is based on information provided by the Customer and the information proves to be incorrect, the Supplier is authorised to adjust the prices accordingly, even after the Agreement has already been formed.

22.3.

The Supplier is authorised to increase the prices referred to in this Agreement on an annual basis, by a maximum of 5%, or on the basis of the relevant CBS price index, without this resulting in the Customer being entitled to terminate the Agreement.

In addition, the Supplier may at all times increase prices in the interim in the event that the rates of its own suppliers, such as – without limitation – suppliers of energy, electronic communication services, domain registrations, IP addresses, data centres, software and (public) cloud solutions increase, without this resulting in the Customer being entitled to terminate the Agreement.

22.4.

In derogation from the preceding paragraphs of this article, the Customer will have the option of terminating the agreement if the prices are increased within three months of entry into the Agreement and the Customer is a Consumer.

22.5.

Any price adjustments that do not take place within the framework of Article 22.3 are subject to the same conditions and procedures as apply to changes to the Services and these General Terms and Conditions. If the Supplier wishes to reduce the applicable prices, the Supplier is authorised to implement this reduction with immediate effect, without this resulting in the Customer being entitled to terminate the Agreement.

Article 23. Payment

23.1.

The Supplier will invoice the Customer for the amounts owed by the Customer. The Supplier may issue electronic invoices. The Supplier is authorised to periodically invoice amounts owed prior to delivery of the Services.

23.2.

Unless otherwise agreed in writing, invoices are subject to a payment term of 14 days.

23.3.

If, after expiry of the payment term, the Customer has not paid an invoice in full, it will automatically be in default without notice of default being required.

23.4.

Notwithstanding the above, all costs associated with the collection of outstanding amounts – both judicial and extrajudicial (including lawyer's fees, enforcement agent's fees and collection agency fees) – will be at the Customer's expense without notice of default being required in respect thereof.

23.5.

The Customer may not rely on suspension or deduction.

23.6.

The provisions contained in Article 23.3 through Article 23.5 do not apply if and insofar as the Customer is a Consumer.

23.7.

If the Customer is in default, this will have the following consequences:

a. statutory interest will be owed on the outstanding amount;

b. the websites and other Materials hosted for the Customer may be made inaccessible without further warning, until any outstanding amounts, interest and such have been paid.

23.8.

All the Supplier's claims will be immediately due and payable if the Customer is declared bankrupt, the Customer applies for or is granted a moratorium, the Customer's activities are ceased, or its business is wound up.

Article 24. Liability

24.1.

Within the framework of the formation or performance of the Agreement, the Supplier will not be liable, except in the circumstances referred to below, and to a maximum of the specified limits.

24.2.

For each event or series of related events, the Supplier's total liability for direct loss incurred by the Customer as a result of an attributable failure on the Supplier's part to comply with its obligations under the Agreement, which expressly includes any failure to comply with a guarantee obligation agreed with the Customer, or an unlawful act on the part of the Supplier, its employees or third parties engaged by the Supplier, is limited to a sum equal to the total of the payments (excluding VAT) the Customer has made under this Agreement in the last six (6) months. Under no circumstances, however, will the total compensation for direct loss exceed a sum of ten thousand (10,000) euros (excluding VAT).

24.3.

The Supplier's liability for an attributable failure to comply with its obligations under the Agreement will only arise if the Customer gives the Supplier proper notice of default in writing without delay, giving the Supplier a reasonable period to remedy its failure, and the Supplier continues to fail attributably to comply with its obligations even after that period. The notice of default must contain a description of the non-compliance in as much detail as possible so that the Supplier is able to put forward an adequate response. The notice of default must be delivered to the Supplier within 30 days of the discovery.

24.4.

The Supplier is expressly not liable for any indirect loss, which includes, without limitation, consequential loss, loss of profit, damage to one's image, lost savings and loss due to business interruption.

24.5.

The exclusions and limitations referred to in this Article 24 cease to apply if and to the extent the loss is a consequence of an intentional act or wilful recklessness on the part of the Supplier's management.

24.6.

Any limitation of liability as contained in these General Terms and Conditions does not apply in dealings with Consumers. In dealings with Consumers, the statutory provisions on liability apply.

24.7.

The Customer is liable towards the Supplier for loss arising as a result of an attributable error or failure on the Customer's part. The Customer indemnifies the Supplier against claims concerning non-compliance with the Agreement while the Services are used by or with the consent of the Customer. This indemnification also applies to persons who are not the Customer's employees but have nonetheless used the Services under the responsibility of or with the consent of the Customer.

Article 25. Force majeure

25.1.

The Supplier will not be obliged to comply with the Agreement if compliance is prevented as a result of force majeure. Any liquidity problems on the Customer's part expressly do not qualify as force majeure.

25.2.

Force majeure affecting the Supplier must be understood to mean any circumstance beyond the Supplier's control preventing it from complying with some or all of its obligations towards the Customer, or in connection with which the Supplier cannot reasonably be expected to comply with such obligations, regardless of whether such circumstance should have been foreseen when the Agreement was entered into. Such circumstances will in any case include:

a. emergencies (such as extreme weather conditions, fire and lightning strikes);

b. breakdowns in the telecommunications infrastructure and internet that are beyond the Supplier's control, including – for example – breakdowns in the registers of IANA, RIPE or SIDN, or (D)DOS attacks;

c. breakdowns in third-party (energy) infrastructure outside the data centre;

d. failures on the part of the Supplier's own suppliers that the Supplier could not have foreseen and for which the Supplier cannot hold the relevant suppliers liable, for example because the relevant supplier was also faced with a force majeure situation.

e. faultiness of items, equipment, software or Materials that the Customer has required the Supplier to use;

f. government measures;

g. unavailability of staff (due to illness or otherwise).

h. general transport problems;

i. natural disasters; and

j. strikes, wars, terrorist acts and internal civil commotion.

25.3.

In the event of force majeure, the Customer will not be entitled to any compensation (such as for loss).

25.4.

If the force majeure situation last longer than 3 months, either Party will be entitled to terminate the Agreement in writing, without being obliged to pay the other Party any compensation.

Article 26. Confidentiality

26.1.

The Parties will treat the information they provide each other before, during or after the performance of this Agreement as confidential if such information has been marked as confidential or the receiving Party is aware or may reasonably be expected to assume such information is intended to be confidential. The Parties will also impose this obligation on their employees, as well as on any third parties engaged by them for the purpose of performing the Agreement.

26.2.

The receiving Party will ensure that the confidential information is given the same level of protection against unauthorised access or use as its own confidential information, but at least a reasonable level of protection.

26.3.

The obligation to treat confidential information as confidential will not apply if and insofar as the receiving Party can prove that it:

a. was already in the possession of the receiving Party prior to date on which it was provided;

b. is available from a third party without this party acting in breach of any duty of confidentiality in respect of the disclosing Party by providing it;

c. is available from public sources such as newspapers, patent databases or publicly accessible websites or services;

d. was developed independently by the receiving Party and without the use of any information of the disclosing Party.

26.4.

If a Party receives an order from a competent authority to hand over confidential Information, it will be authorised to do so. The disclosing Party will however be informed of the order as soon as possible (in advance) unless this is prohibited. If the disclosing Party states that it intends to take measures against the order (for instance, by means of preliminary relief proceedings), the receiving Party will – insofar as this is permitted by law – wait before handing over the Confidential Information until a decision has been taken on this.

26.5.

This confidentiality obligation remains in force after termination of the Agreement, regardless of the reason for such termination, and for as long as the Party providing the information can reasonably lay claim to the confidential nature of the information.

Article 27. Duration and termination

27.1.

Unless otherwise agreed in writing, the initial term of the Agreement will be one (1) year. The Parties are not permitted to terminate the Agreement early, save for those cases for which an exception is expressly made in these General Terms and Conditions or in other parts of the Agreement.

27.2.

If the Customer is not a Consumer, the Agreement will be automatically and tacitly renewed upon expiry, by additional terms that are equal to the initial term, unless, at least one (1) month before expiry, one Party indicates to the other Party, in writing, that it does not wish to renew the Agreement.

27.3.

If the Customer is a Consumer, the Agreement will, upon expiry of the initial term, be converted into an Agreement for an indefinite period of time. In such case, the Customer may, after such conversion, terminate the relevant Agreement for an indefinite period of time at any time, in writing, subject to a notice period of one (1) month.

27.4.

The Supplier will be entitled to suspend the Agreement with immediate effect (in full or in part) or terminate or dissolve the Agreement with immediate effect (in full or in part) if:

a. the Customer fails to comply with its obligations pursuant to the Agreement or fails to comply with these in time, and does not remedy the failures within a reasonable period of being given notice of default. Prior notice of default is however not required in those cases where default arises by operation of law;

b. the Customer petitions for its liquidation/files for bankruptcy or is declared bankrupt/put into liquidation, applies for or is granted a moratorium, the Customer's business is liquidated, or its business activities are discontinued;

c. due to delay on the Customer's side, the Supplier can no longer be required to comply with the Agreement under the terms and conditions originally agreed; or

d. circumstances arise due to which performance of the Agreement is rendered impossible, or due to which the Supplier cannot be reasonably required to maintain the Agreement unchanged.

27.5.

In the abovementioned circumstances, the right to suspension will apply to all Agreements with the Customer simultaneously, even if the Customer is only in default with regard to one Agreement, and without prejudice to the Supplier's right to compensation of loss, lost profit and interest.

27.6.

In the event that the Agreement is dissolved, the amounts already invoiced for the performance already delivered will remain payable without any obligation to nullify. In the event that the Customer terminates the Agreement, the Customer may only terminate that portion of the Agreement that the Supplier has not yet performed.

27.7.

If the Supplier suspends compliance with the obligations, this will not affect its statutory rights or rights under the Agreement, including the right to payment for the Services that it has suspended. This does not apply if the Customer is a Consumer. In such case, the statutory rights of suspension apply.

27.8.

If a termination is attributable to the Customer, the Supplier is entitled to compensation of any loss that arises as a result thereof, whether directly or indirectly.

27.9.

If the Agreement is terminated or set aside, the Supplier's claims against the Customer will become immediately due and payable.

27.10.

If the Customer can deactivate, switch off or remove certain (parts of) Services itself, the Customer itself will be responsible for doing so before the date on which the Agreement ends. If the Customer fails to do this, the Supplier can charge costs for keeping the Services available and the Agreement will be deemed to have been extended for the period during which the Services are used. The Supplier will only deactivate, switch off or remove the Services concerned at the Customer's express request.

Article 28. Exit regulations

28.1.

If the Agreement is terminated, the Supplier will make every effort to provide reasonable assistance in the migration or switch to another service or another ICT supplier, by disclosing relevant details and providing access to the parts of the relevant Service(s) that are to be migrated.

Any costs associated with this will be completely at the Customer's expense. The Supplier will under no circumstances take responsibility for the switch or migration to the new supplier itself. This will always be the Customer's responsibility.

28.2.

If the Customer wishes to make use of the exit support referred to in the preceding paragraph, the Customer must submit a request to that end, in writing, no later than on the date on which the Agreement ends.

28.3.

The Supplier will only be obliged to render the above-mentioned cooperation in the Customer's migration or switch if all amounts owed by the Customer and any other obligations under the Agreement have been paid or complied with in full.

28.4.

The Customer will have no access to any configurations made by the Supplier. Under no circumstances will the Supplier provide the configurations upon termination of the Agreement. The Supplier will delete the configurations. The Customer is not entitled to a refund of installation and configuration costs.

28.5.

Insofar as this is reasonably possible, the data stored for the Customer will always be deleted while taking special precautions to render deletion of the data irreversible.

Article 29. Change

29.1.

The Supplier reserves the right to amend or supplement the Services and these General Terms and Conditions. Amendments also apply to Agreements already entered into, subject to a notice period of one (1) month following the announcement of such amendment. Any amendments will be announced in writing.

29.2.

If the Customer does not wish to accept an amendment, the Customer may lodge a written objection within fourteen (14) days of the announcement. If the Supplier decides to proceed with the amendment despite the Customer's objection, the Customer may terminate the Agreement, in writing, with effect from and no later than the date on which the amendment takes effect.

29.3.

The procedure described above does not apply to amendments of minor significance, amendments made pursuant to the law and amendments that benefit the Customer. The Supplier may implement such amendments unilaterally and with immediate effect.

Article 30. Choice of law and forum

30.1.

The Agreement is subject to Dutch law. If the Customer is a Consumer, he will be protected by mandatory statutory provisions that apply in the Consumer's residence.

30.2.

Insofar as mandatory statutory provisions do not prescribe otherwise, any disputes that may arise from the Agreement will be submitted to the competent Dutch court in the district in which the Supplier has its offices.

Article 31. Miscellaneous provisions

31.1.

If any provision in the Agreement proves to be void, this will not affect the validity of the entire Agreement. In such case, the parties will adopt a new provision or new provisions to replace any such provisions, which will reflect the purport of the original Agreement and the General Terms and Conditions as much as legally possible.

31.2.

Any information and communication on the Website, including price indications, may be subject to programming and typing errors. In the event of inconsistencies between the Website and the Agreement, the Agreement will prevail.

31.3.

The log files and other administrative records of the Supplier, whether electronic or not, will constitute conclusive evidence of the Supplier's statements, and the version of any electronic or other communication received or stored by the Supplier will be considered authentic, subject to evidence to the contrary to be submitted by the Customer. This provision will only apply if the Customer is a Consumer.

31.4.

At all times, the Parties will inform each other in writing without delay of any changes in their names, postal addresses, email addresses and telephone numbers, as well as – if requested – bank and giro account numbers.

31.5.

Where, in the Agreement, reference is made to 'written/in writing', this must be understood to include email and, where the Services include access to a customer portal through which the Parties can exchange messages, that customer portal, provided that the identity of the sender and the integrity of the email messages or the messages within the customer portal can be sufficiently established.

31.6.

Subject to mandatory statutory provisions, all legal claims of the Customer under this Agreement will lapse after the expiry of one year, calculated from the date on which compliance with the obligations arising from the Agreement between the Parties became exigible. This provision will not affect the standard limitation period for the Supplier's claims.

31.7.

Each Party is only authorised to transfer its rights and obligations under this Agreement to a third party with the other Party's prior written consent. Such consent is not required, however, in the event of a company takeover or an acquisition of the majority of the shares of the relevant Party.



Annex 1| Processing of personal data

This annex is inextricably linked to the Agreement the Parties have entered into. All capitalised terms have the meaning as laid down in the General Terms and Conditions, both in the singular form and in the plural form. However, the Supplier will be referred to as the 'Processor' and the Customer as the 'Controller', regardless of whether, in its relationship with its own customers, the Customer is a processor itself. Where definitions are used that correspond with the definitions in the General Data Protection Regulation (hereinafter referred to as: 'GDPR'), these definitions will have the same meaning; The contents of this annex will hereinafter be referred to as 'the Processing Agreement'.

Article 1. Purposes of the processing

1.1.

The Processor commits to processing personal data on the Controller's instruction, subject to the conditions of this Processing Agreement. The data will only be processed within the framework of the performance of the Agreement and for those purposes that are reasonably associated with this or will be determined by mutual agreement.

1.2.

In connection with the activities referred to above, the Processor will make every effort to process the personal data made available by or via the Controller with due care.

1.3.

The Processor primarily provides hosting services. In this context, the processing of personal data is of secondary importance. This is because, in principle, the Processor will not look at the personal data. Within this framework, the processing may be limited to the Controller storing data on the Processor's systems. In many cases, this will automatically involve the Processor processing all categories of personal data concerning all categories of data subjects that the Controller stores via the hosting services.

Article 2. Processor's obligations

2.1.

The Processor will process data for the benefit of the Controller for the purposes referred to in Article 1. The Processor will not process the personal data for its own purposes.

2.2.

In processing the personal data, the Processor will act in accordance with the GDPR.

2.3.

The Processor will inform the Controller without delay if, in its opinion, instructions are contrary to the applicable laws on the processing of personal data or are otherwise unreasonable.

2.4.

If this is reasonably within its scope of influence, the Processor will assist the Controller in complying with its legal obligations. This concerns assisting the latter in complying with its obligations under Articles 32 to 36 of the GDPR, such as assisting in the carrying out of a Data Protection Impact Assessment ('DPIA') and prior consultation for processing operations involving a high risk. The Processor may charge the costs incurred in this to the Controller.

2.5.

The Controller guarantees that the content, the use and the instruction for the processing of the personal data pursuant to the Processing Agreement are not unlawful and do not infringe any third-party rights, and indemnifies the Processor against any claims in this regard.

Article 3. Transfer of personal data

3.1.

The Processor may process the personal data in countries within the European Economic Area ('EEA'). In addition, the Processor is allowed to transfer the personal data to a country outside the EEA, provided that the relevant country guarantees an appropriate level of protection and the Processor meets its other obligations under this Processing Agreement and the GDPR.

3.2.

At the Controller's first request, the Processor will inform the Controller of the country or countries concerned. The Processor warrants that countries outside the EEA have an appropriate level of protection.

Article 4. Engagement of sub-processors

4.1.

The Processor may engage sub-processors within the framework of the Processing Agreement.

4.2.

The sub-processors engaged by the Processor at the time this Processing Agreement was entered into are listed in Annex 1A. The Controller is authorised to submit a substantiated written objection against any new sub-processor or change with regard to the sub-processors within two weeks of the Processor informing it thereof. If the Controller submits an objection, the Parties will enter into consultation in order to reach a solution.

4.3.

Annex 1A furthermore contains the identity and location of the sub-processor(s) already engaged.

4.4.

The Processor will impose obligations on the sub-processors engaged by it that are similar to those agreed between the Controller and the Processor.

Article 5. Duty of confidentiality

5.1.

The Processor is obliged to preserve the confidentiality of the personal data that the Controller discloses to the Processor. The Processor will ensure that the persons authorised to process the personal data are contractually obliged to preserve the confidentiality of the personal data that come to their attention.

Article 6. Duty to report data breaches

6.1.

The Processor will inform the Controller without unreasonable delay of any personal data breach as referred to in Article 4(12) of the GDPR (hereinafter referred to as: 'Data Breach'). In that connection, the Processor will implement reasonable measures to limit the consequences of the Data Breach and prevent further and future Data Breaches.

6.2.

The Processor will provide assistance to the Controller with regard to the Data Breach or new developments concerning the Data Breach, taking account of the nature of the processing and the information available to it.

6.3.

Insofar as this is known at the time, the notice to the Controller must, in any case, contain:

a. the nature of the Data Breach;

b. the consequences of the Data Breach, including expected consequences;

c. the categories of personal data that have been affected by the Data Breach;

d. whether and how the relevant personal data were secured;

e. the proposed and implemented measures to limit the consequences of the Data Breach or prevent further Data Breaches;

f. the categories of data subjects involved;

g. the estimated or confirmed number of data subjects involved; and

h. any derogating contact details with regard to the follow-up of the notice.

Article 7. Rights of data subjects

7.1.

In the event that a data subject submits a request to exercise his statutory rights as set out in Chapter III of the GDPR to the Processor, the Processor will forward the request to the Controller and inform the data subject thereof. The Controller will subsequently handle the request independently.

7.2.

In the event that a data subject submits a request to exercise one of his statutory rights to the Controller, the Processor will – if the Controller so desires – cooperate in this insofar as this is possible and reasonable. The Processor may charge the Controller reasonable costs for doing so.

Article 8. Security measures

8.1.

The Processor will make every effort to implement appropriate technical and organisational measures to protect the personal data that are processed for the benefit of the Controller against loss or any form of unlawful processing.

8.2.

Upon request, the Processor will provide an overview of the security measures. The Processor has in any case taken the following measures:

a. Logical access control using passwords or keys;

b. Physical measures for access protection;

8.3.

The Processor does not guarantee that the security will be effective in all circumstances. The Processor will make every effort to ensure that, given the state of the art, the sensitivity of the personal data and the costs associated with the security measures taken, the level of security is not unreasonable.

8.4.

The Controller will only make personal data available to the Processor for processing if it is certain that the required security measures have been taken. The Controller is responsible for ensuring compliance with the measures agreed by the Parties.

Article 9. Audit

9.1.

The Controller is entitled to have the compliance with the Processor's obligations under this Processing Agreement audited. The Controller may have this audit performed no more than once a year, by an independent third party that is subject to a duty of confidentiality, if there is a reasonable and well-founded suspicion of a breach of this Processing Agreement that is communicated in writing.

9.2.

If, in any year, an independent third party has already performed an audit and, within that same year, another audit of the Processor's compliance with its obligations under the Processing Agreement is requested, it will – in derogation from the provisions of the preceding paragraph – be sufficient for the Processor to provide access to the relevant portions of the report.

9.3.

The Processor and the Controller will decide on the date, the time and the scope of the audit in mutual consultation.

9.4.

The reasonable costs of cooperating in the audit will be borne by the Controller, on the understanding that the costs of the independent third party to be engaged will always be borne by the Controller.

9.5.

The Controller will treat the audit and its results confidentially.

Article 10. Termination of the Processing Agreement

10.1.

Upon termination of the Agreement, the Processor will, without unreasonable delay, at the Controller's request and expense:

a. return the personal data stored on the Processor's own infrastructure or the infrastructure managed by the Processor to the Controller; or

b. delete the personal data as soon as possible.