General Terms and conditions
These are the General Terms and Conditions of Remails B.V. (‘Remails’), located at Heresingel 19, 9711 ER, Groningen, the Netherlands, and registered with the Chamber of Commerce under registration number 89044819. Remails provides automated email traffic for the benefit of the business operations of organizations.
- Account: the username, password and any other means of authorization required by a User to log in to – and use – the Services.
- Agreement: the Agreement between the Parties pursuant to which Remails provides its Services to the Client, and of which the General Terms and Conditions form an inseparable part.
- Appendix: all documents that are attached to the Agreement and are therefore an integral part of the Agreement.
- Business Hours: calendar days between 08:30 and 17:00 Dutch time, with the exception of Saturdays, Sundays and official Dutch public holidays.
- Client: the natural person or legal entity, in the exercise of a profession or business, who has entered into an Agreement with Remails.
- Confidential Information: non-public information related to a Party and information that a Party indicates is confidential, or which, by its nature or under the circumstances of disclosure, should be treated as confidential.
- Data: all information stored by Client or Users through the Service, or otherwise provided to Remails under the Agreement.
- General Terms and Conditions: the present General Terms and Conditions.
- Intellectual Property Rights: rights (of intellectual property) including but not limited to copyrights (including, of course, the copyright vested in software), database rights, domain names, trade name rights, trademark rights, design rights, neighboring rights, patent rights, as well as rights to know-how.
- Offer: an offer In Writing made by Remails, as well as any other Written proposal for the performance of Services by Remails.
- Party/Parties: Remails and the Client together or separately.
- Personal Data: any data concerning an identified or identifiable natural person.
- Service Level Agreement/SLA: a document designated as such about the quality of the Service, in which specific agreements are made about availability, response times, maintenance etc., among other things.
- Service(s): the services provided under the Agreement to Client by Remails and/or third parties engaged by it, as well as any other work of any nature whatsoever performed by Remails on behalf of Client in connection with the Agreement, including work not performed at the express request of Client.
- Software: Remails’ software solution made available to Client under the Agreement for the automation email traffic for the benefit of the business operations of Client.
- Users: employees of Client using the Service under the Agreement.
- Written/In Writing: written includes communication by email, provided that the identity of the sender and integrity of the content are sufficiently established.
- Applicability and interpretations
- These General Terms and Conditions are applicable to all Offers of Remails, the acceptance thereof by the Client and the Agreement concluded between Parties. Deviations shall only apply if they have been agreed upon in Writing.
- The applicability of any purchase conditions or other conditions of Client is explicitly excluded.
- In the event that specific product, promotional or service terms and conditions apply in addition to these General Terms and Conditions, those terms and conditions shall also apply.
- In the event of contradictions between the various parts of the General Terms and Conditions, the Agreement and/or further Written arrangements, the following order of precedence shall apply (with the earlier document preceding over the later document):
a) (Specific) Written arrangements.
b) The Agreement.
c) Data Processing Agreement (Appendix 1 of the General Terms and Conditions).
d) Service Level Agreement.
e) Possible other attachments or Written arrangements.
- These General Terms and Conditions replace all previously agreed (general) terms and conditions for the provision of Services. This also applies to Agreements already in progress.
- Conclusion of the Agreement
- The Agreement is established by Client's acceptance of Remails' Offer in Writing, through the relevant communication channels or via the website (https://remails.com).
- All Offers and other proposals made by Remails are free of obligation and valid for a period a period of 30 days, unless otherwise agreed upon in Writing. Remails is not obligated to accept an acceptance of the Offer after this period has expired, but if Remails does, the Offer is still considered to be accepted.
- Acceptance of an Offer that differs from the Offer or contains a change made to it by the Client, is not binding on Remails until acceptance has been explicitly confirmed in Writing to the Client.
- All statements in communications, including the Agreement and the website of Remails, are subject to obvious typing and writing errors. If Client should have understood that this is the case, Remails cannot be held to this.
- Remails is not obliged to accept a request or acceptance. Grounds for refusal include, but are not limited to:
a) the absence of the necessary information or documents required to enter into the Agreement, including at least a copy of a valid, legal means of identification; in case of representation, sufficient proof of representative authority, such as an extract from the Chamber of Commerce or a validly signed authorization.
b) errors in the Quotation issued.
c) legal incapacity of the Client.
- Performance of the Agreement
- After the formation of the Agreement, Remails will perform the Services as soon as possible in accordance with the Offer. These periods are only indicative, subject to changes and do not count as deadlines, unless explicitly agreed otherwise in Writing. If no date of fulfillment has been agreed upon, Remails will immediately commence performance of the Agreement.
- Client acknowledges that it has no power of instruction with respect to the Service to be provided by Remails for the performance of the Agreement.
- Client must do and omit everything that is reasonably necessary and desirable to enable timely correct performance of the Service. In particular, Client must see to it that all information which Remails states is necessary or which Client should reasonably understand to be necessary for performance of the Service are provided to Remails in good time.
- Remails may engage third parties for the purpose of fulfilling the Agreement. The costs of this engagement will be at Remails’ expense, unless the parties agree otherwise. The General Terms and Conditions also apply to work performed by third parties under the Agreement. These third parties are not authorized to represent Remails.
- Remails is not obliged to have work performed by third parties designated by Client.
- Trial version and configuration
- Remails may offer Client the opportunity to try the Service free of charge. Access to the trial version of the Service may be revoked at any time without a prior notice being required.
- The trial version is offered ‘as is’ without any guarantees regarding the quality or fitness of the Service.
- Unless otherwise agreed In Writing, Client is responsible for the configuration of the Service and Remails is not obliged to import, convert, or migrate Client’s Data.
- All articles of these General Terms and Conditions apply without prejudice when using the trial version.
- Intellectual Property Rights and Data
- All Intellectual Property Rights to the Software and other materials, with the exception of Client’s Data, are solely vested in Remails or its licensors. Client is forbidden from removing or amending any notice concerning the confidential nature or concerning Intellectual Property Rights from the Software or other materials.
- Client acquires a non-exclusive, non-transferable, and non-sublicensable right of use to use the Service for the duration and conditions set forth in the Agreement and the General Terms and Conditions.
- All (Personal) Data is and will continue to be the property of Client and/or Users. Remails will merely receive a non-exclusive and non-transferable license to use Client’s Data for the duration of the Agreement, insofar as required for the provision of the Service.
- Client hereby grants Remails permission to use the name and logo of Client on Remails’ website or for other promotional purposes. Client can request Remails to remove these names and logos. Client indemnifies Remails for all claims of third parties regarding the use of these names and logos.
- Remails can take (or have a third party take) technical measures to protect the Software or materials in connection with an agreed limitation in the contents or the duration of the right of use. Client is forbidden from removing (or having a third party remove) such technical measures or to circumvent them (or have a third party circumvent them).
- Client is forbidden from making (or having a third party make) changes or additions to the Software or materials or having a third party perform maintenance or repairs to the Software or materials.
- Client will not perform any acts that may infringe the Intellectual Property Rights of Remails and/or its licensors, including, but not limited to, disclosing and/or reproducing, in whole or in part, that which is referred to in the previous paragraph without permission. Client acknowledges and accepts that any unauthorized use or conduct violates the Agreement and applicable law.
- If Client sends information to Remails, for example feedback about an error or a suggestion for improvement, Client gives Remails an unlimited and perpetual right of use of this information for the Service. This does not apply to information that
- Client expressly marks as Confidential Information.
Without the prior Written consent of Remails, Client is not permitted to publish, reproduce and/or transfer the right of use of these works to third parties.
- Use limitations
- Client, including all Users, is entitled to use the Service under the right of use for Client’s company or institution. In order to use the Service, Client has to set up an Account once, after which the Service can be used.
- The right of use only pertains to the object code of the Software and does not extend to the Software's source code. The source code of the Software will not be made available to Client. Client will under no circumstances be given a physical carrier with or a copy of the Software.
- Unless otherwise agreed, Client will configure the Software itself. Remails is not obliged to convert Client’s (pre-)existing Data so that it can be read or interpreted by the Software. All Data entered into the Software will be saved in the standard format used by Remails.
- Client is fully responsible for acts and omissions on the part of its Users in the use of the Software. Client indemnifies Remails against claims in connection with loss and costs arising from and/or related to the Users' use of the Service. Client further indemnifies Remails that the User complies with the obligations set forth in the Agreement and these General Terms and Conditions.
- Client is not authorized to make the Software public, or to copy, change, decompile and/or reverse engineer the Software, except if and insofar as mandatory law provides otherwise.
- Unless otherwise agreed, Client is forbidden from selling, letting, disposing of or establishing restricted rights in respect of the Service, or making the Service available to third parties in any way or for whatever purpose.
- Remails is entitled to replace the version of the Software in the Service(s) it makes available at any time with a newer version.
- Access to the Service
- Client is fully responsible and liable for the security of the Accounts, such as passwords. In particular, the password must be kept strictly confidential, and the username and password must be safeguarded from unauthorized persons. Remails may assume that everything that happens from Account(s), after login with username and password, happens under the direction and supervision of Client.
- If Account login details have been lost or leaked, the User and/or Client will immediately take all measures reasonably necessary and desirable to prevent misuse of the Account. These measures may include, for example, changing the password or blocking the Account. The User and/or Client shall also immediately report this to Remails, so that any additional measures can be taken to prevent misuse of the Account.
- Client is fully liable for any damages resulting from the failure to comply with the above obligations.
- Availability and back-ups
- Unless the Parties expressly agree otherwise in a Service Level Agreement, the availability of the Service will always be on the basis of best effort and with due observance of the provisions of this article.
- Remails will create daily back-ups of Data of Client. Remails retains these back-ups for a period of 7 days.
- Remails is not a back-up service. Client is responsible for storing Client Data in another location or for making its own back-up. Remails does not have the facilities to restore individual Client Data upon request.
- By default, no backups are made of the Data of Client in the Service. Client may agree with Remails to purchase the making of back-ups as an additional Service, for a fee to be agreed upon.
- Remails will endeavor to keep the Services available as much as possible but cannot guarantee uninterrupted availability. Remails will be entitled to take the Services temporarily out of operation for the purpose of maintenance activities (see article 9 Maintenance for further provisions).
- If any obstruction, loss or other threat arises or may arise for the operation of Remails’ computer systems or network or third-party computer systems or networks, for instance due to excessive sending, uploading or downloading of Data, network attacks, poorly protected systems, or activities or viruses or other harmful Software, Remails will be entitled to take all measures that it deems reasonably necessary to avert or prevent this threat. Remails will inform Client of this in Writing as soon as possible.
- Remails shall be entitled to take its Service or portions thereof out of service temporarily for the purpose of maintenance, modification or improvement thereof, and or maintenance, modification or improvement of related Software or other facilities. Remails shall make every effort to have such taking out of service take place as much as possible outside of Business Hours and to notify Client in a timely manner of the planned taking out of service and may set a time schedule for this with Client.
- In the event that Remails believes that taking the Service out of service - whether or not during Business Hours - is necessary for the proper functioning of the Service, it shall be entitled to take the Service out of service immediately without prior notice to Client. However, Remails shall never be obliged to pay any compensation for damage in connection with such taking out of service.
- Client is entitled to propose updates and changes to Remails. However, the final decision for implementing changes and updates remains exclusively reserved to Remails.
- Rules of use
- Client warrants that the Service will not be used for activities that violate any applicable laws or regulations. In addition, Client is expressly prohibited (whether lawful or not) from offering or distributing through the Services any materials that:
a) Contain malicious content (such as malware or other malicious software).
b) Infringe third party rights (such as Intellectual Property Rights), or are unmistakably libelous, defamatory, offensive, discriminatory or hateful.
c) Contain information about or be instrumental in violating the rights of third parties, such as hacking tools or computer crime explanations designed to (induce) the reader to engage in criminal conduct rather than defend against it.
d) Constitute a violation of the privacy of third parties, including in any case but not limited to the dissemination of Personal Data of third parties without consent or necessity.
e) Contain hyperlinks, torrents or references to (sources of) materials that infringe copyrights or other Intellectual Property Rights.
- Client is only permitted to distribute (unsolicited) commercial, charitable or idealistic communications via the Services in compliance with the applicable law and regulations.
- Client shall refrain from obstructing other clients or internet users or causing damage to systems or networks of Remails or other clients. Client is prohibited from starting up processes or programs, whether or not through the systems of Remails, that Client knows or can reasonably suspect will hinder or damage Remails, its clients or internet users.
- If, in the opinion of Remails, the computer systems or network of Remails or third parties and/or the provision of Services via the internet are hindered, damaged or otherwise endangered, in particular due to excessive sending of email or other Data, (distributed) denial-of-service attacks, poorly secured systems or activities of viruses, Trojans and similar software, Remails is entitled to take all measures it reasonably deems necessary to avert or prevent this danger. Remails may recover the costs reasonably necessary associated with these measures from Client.
- Client shall indemnify Remails against all claims by third parties relating to damage resulting from a breach of these rules of use.
- Client warrants that the Service will not be used for activities that violate any applicable laws or regulations. In addition, Client is expressly prohibited (whether lawful or not) from offering or distributing through the Services any materials that:
- Notice and take down
- If a third party points out to Remails or if Remails itself observes that, with the use of the Services, certain materials are stored or distributed that infringe third-party rights or otherwise violate laws and regulations, the Agreement or these General Terms and Conditions, Remails shall notify Client of the complaint or violation as soon as possible.
- Remails shall give Client the opportunity to respond to the complaint within a reasonable time and take action if necessary. If Client fails to do so, Remails may itself take all reasonable measures to end the violation. This may result in certain Data being deleted or made inaccessible, or access to the Services being blocked in whole or in part. In urgent cases (for example, when Remails receives reports regarding the possible presence of child pornography) Remails may take immediate action, without alerting Client.
- If potentially criminal materials are involved, Remails shall be entitled to report them. In doing so, Remails may hand over the relevant materials and all relevant information about Client and third parties (including Client’s customers) to the competent authorities and perform any other acts that such authorities request Remails to perform as part of the investigation.
- Remails shall not be liable for any damages incurred by Client, its customers or Users as a result of a shutdown of the Services or removal of materials under the procedure described in this Article.
- Remails is entitled to hand over the name, address and other identifying Data of Client or the relevant User to a third party who complains that Client is infringing its rights, provided that the applicable legal or jurisprudential requirements for this are met.
- Client indemnifies Remails against any claims by third parties based on the assertion that materials stored or distributed using the Services infringe its rights or are otherwise unlawful.
- Prices and payment conditions
- All prices named by Remails are exclusive of VAT and other levies imposed by the government. All prices are subject to obvious programming and typographical errors. Unless otherwise indicated, all prices are always in euros and Client is to make all payments in euros.
- The rates listed in the Offer will apply only to the work specified in the Offer. Client cannot claim these rates in relation to other work or Services.
- All amounts pertaining to the Service are always owed each month in advance, unless Parties agree otherwise In Writing. Payment for the Service shall be made by direct debit, unless agreed otherwise In Writing. Payments must be made within 30 days of the invoice date, unless agreed otherwise In Writing or stated otherwise in the invoice.
- During the term of the Agreement, Remails is authorized to increase the prices of its Services once every calendar year to reflect inflation, in accordance with statistics published by the Office for National Statistics, as deemed relevant by Remails. If Remails decides to do so, it shall notify Client at least 1 month before the amendment becomes effective.
- Prices may also be increased at any time by Remails if the rates of its suppliers of, for example, electricity, Data center, software and (public) cloud solutions increase. Remails will notify the Client at least 1 month in advance for this purpose.
- Remails has the right to suspend and/or temporarily block the use of the Services if:
a) Client withdraws the direct debit authorization he has provided
b) Client repeatedly fails to pay invoices submitted by Remails in a timely manner
c) There is a deterioration in Client’s solvency that gives reasonable cause to doubt the payment ability and creditworthiness of Client
d) Abuse or improper use is detected.
- If Client fails to make payment from the due date of the invoice, he shall be in default by operation of law, without prior notice of default being required. Remails shall then be entitled to charge Client the entire amount due, additional administration costs, as well as interest calculated on the amount due at 8% per month from the due date, or, if higher, the statutory commercial interest.
- Any claim for payment shall be deemed immediately due and payable if Client is declared bankrupt, applies for a moratorium, suffers a general attachment of assets, goes into liquidation or is dissolved.
- Remails has the right to suspend and/or temporarily block the use of the Services if the Client revokes the direct debit authorization he has provided or repeatedly fails to pay the invoices submitted by Remails on time.
- All amounts due under the Agreement from Client to Remails shall be paid in full without any set-off, counterclaim, deduction or withholding (other than any deduction or withholding of tax as required by law).
- Remails can inform itself within legal frameworks whether Client can fulfill its payment obligations, but also of all facts and factors that are important for a responsible conclusion of the Agreement. If Remails, on the basis of this investigation, has good grounds not to enter into the Agreement, it will be entitled to refuse an order or request while giving reasons, or to attach special conditions to the Agreement, such as advance payment.
- Parties will maintain strict confidentiality with regard to Confidential Information and protect it against unauthorized access or use. Confidential Information will only be shared on a need-to-know basis, with employees who are bound by secrecy pursuant to an employment agreement or other Written agreement. Remails may share the information also with its subcontractors, agents and advisers as well as with other third parties in order to fulfil its obligations in accordance with this Agreement, provided these persons are bound to a respective confidentiality obligation.
- Parties may also disclose the information required by law, regulation, court order or any order by an institution endowed with legal authority. Sharing the Confidential Information with a third party, save as set out above, requires consent In Writing from the Party who has provided it.
- If a receiving Party becomes legally obligated to disclose Confidential Information provided under the Agreement, such receiving Party shall promptly notify the providing Party in Writing so that such providing Party may seek conservatorship or other appropriate legal remedy and/or waive compliance with the confidentiality provisions of the Agreement. All Confidential Information provided under this Agreement shall remain the exclusive property of the providing Party.
- All Confidential Information provided under the Agreement shall remain the exclusive property of the providing Party. After the end of the Agreement and at the first request of the disclosing Party, the Confidential Information must be removed by the receiving Party. The disclosing Party may require Written confirmation of the removal.
- The obligation to maintain confidentiality shall survive termination of the Agreement, for as long as the disclosing Party can reasonably claim the confidentiality of the information.
- Remails will endeavor to execute the Agreement as carefully and safely as possible but cannot influence the finale use of the delivered Service. Client assumes sole responsibility for results obtained from the use of the Service by Client, and for conclusions drawn from such use. Remails shall have no liability for any damage caused by errors or omissions in any information provided to Remails by Client in connection with the Software and Services, or any actions taken by Remails at Client’s directions.
- Remails shall be liable to Client only for direct damage resulting from an attributable failure to perform the Agreement. The total liability of Remails for direct damages suffered by Client as a consequence of attributable failure in the performance of the Agreement, or by unlawful acts by Remails, it’s employees or third parties engaged by Remails, is per event or a series of related events limited to the amount that the Client owed Remails in the 3 months prior to the event that has caused the damage. If Parties have agreed on annual invoicing, then the maximum set out in this article shall apply without prejudice.
- Direct damages will exclusively include:
a) the reasonable costs incurred to determine the cause and extent of the damage
b) any reasonable costs incurred to Remails faulty performance conform the Agreement, and
c) reasonable costs incurred to prevent or limit damage, insofar as Client demonstrates that these costs have led to the limitation of direct damage.
- For other damages, Remails shall not be liable.
- The limitations of liability under this Agreement shall apply except if and insofar as the damage is the result of intent or deliberate recklessness of Remails.
- The liability of Remails as a consequence of attributable failure in the performance of the Agreement will only arise if Client immediately and properly gives Remails notice of default In Writing, stating a reasonable period to remedy the failure, and Remails continues to fail attributable in the performance of its obligations after that period. The notice of default must contain as detailed a description as possible of the failure so that Remails is able to respond adequately.
- All claims for damages must be reported in Writing to Remails by Client within two months of the occurrence of the damage, under penalty of its cancellation.
- Client indemnifies Remails against all claims by third parties (including clients of Client), regarding compensation for damages, costs or interest, related to this Agreement and/or Service and whose cause is attributable to others than Remails.
- If Remails should be held liable by third parties on that account, Client is obliged to assist Remails both extra-judicially and judicially and to immediately do everything that may be expected of him in that case. Should Client fail to take adequate measures, then Remails is entitled, without notice of default, to take such measures himself. All resulting costs and damage on the part of Remails and third parties shall be borne in full by Client.
- Force majeure
- Remails is not obliged to fulfill any obligation under the Agreement, including any warranty obligation agreed between Parties, if it is prevented from doing so by force majeure
- Force majeure is understood to include in any case, without limitation: force majeure at Remails’ suppliers, network attacks, (D)DoS attacks, attacks using malware or other malicious software, faulty equipment, Software or materials used by the Client or third parties, government measures, power failures, breakdowns of the internet, computer network facilities or telecommunications facilities, war, floods, fire, strikes.
- In case of force majeure, Remails is authorized to suspend compliance with its obligations under the Agreement, or to terminate the Agreement in full or in part, without Remails being liable to pay Client any compensation.
- If the force majeure situation persists for longer than three months, the Parties will have the right to terminate the Agreement in Writing, without Remails being liable to pay any compensation. What has already been performed under the Agreement will in that case be settled proportionally, without Parties owing each other anything else.
- Duration and termination of the Agreement
- Unless otherwise agreed In Writing, the Agreement is entered into by Parties for an indefinite period of time. Termination of the Agreement is subject to a notice period of 1 month.
- In the event of termination, Client will have to pay the full amount, less any savings for Remails resulting from the termination. If the price depends on the actual costs to be incurred by Remails, the price owed by Client will be calculated on the basis of the costs incurred, the labor performed and the profit Remails would have made over the entire work. The amounts remain due after termination of the Agreement and are immediately due and payable from the day of termination.
- Remails may suspend or terminate the Agreement at any time if:
a) Client is declared bankrupt;
b) Client is granted suspension of payment;
c) Client’s company is dissolved or liquidated.
- In case of terminating the Agreement, that which Remails has already provided and/or performed will not be undone and Client will continue to owe the associated payments. With due observance of the provisions in the preceding sentence, amounts invoiced by Remails prior to termination in connection with that which Remails has already properly performed or delivered in the performance of the Agreement will remain payable in full and will become immediately due and payable at the time of termination.
- Obligations which by their nature are intended to continue beyond the end of the Agreement shall continue in full force and effect even after the end of the Agreement and shall apply to Client and its legal successors.
- Protection of Personal Data
- Remails will endeavor to process the Personal Data of (employees of) Client and Client's customers in a responsible manner.
- The processing of Personal Data under the Agreement is governed by the Data Processing Agreement (see Appendix 1).
- Amendment General Terms and Conditions
- Remails has the right to modify or add to these General Terms and Conditions and will give notice of modifications or additions to Client at least 1 month before they take effect.
- If Client does not wish to accept the new General Terms and Conditions, Client may raise a reasoned objection within 14 days after publication, after which Remails will reconsider the addition or modification. If Remails decides to implement the addition or modification anyway, Client may terminate the Agreement In Writing by and no later than the date the new General Terms and Conditions come into effect.
- Changes of minor importance, changes pursuant to law and changes for the benefit of Client, may be made at any time by Remails.
- Final provisions
- The Agreement shall be governed by Dutch law.
- Unless otherwise prescribed by rules of mandatory law, all disputes that may arise in connection with the Agreement will be submitted to the competent Dutch court in the district where Remails is located.
- If any provision in the Agreement or General Terms and Conditions proves to be invalid, this will not affect the validity of the entire Agreement or General Terms and Conditions. Parties will in that case determine (a) new provision(s) to replace it, which will give shape to the intention of the original provision as much as is legally possible.
- Remails is entitled to transfer its rights and obligations under the Agreement to a third party that acquires Remails or Remails’ business.
- Client is not entitled to transfer the rights and obligations under the Agreement to a third party, including merger or takeover, without Remails’ Written consent.
Name: Remails B.V.
Address: Heresingel 19, 9711 ER Groningen
Email address: [email protected]
Appendix 1: Data Processing Agreement
This Data processing agreement (‘Data Processing Agreement’) describes the terms of the processing of personal Data by Remails B.V. (‘Processor’) on behalf of the Client (‘Controller’), based on the Agreement between Parties. This Data Processing Agreement forms an integral and inseparable part of Remails General Conditions and the Agreement between Parties.
- Controller has access to the Personal Data of various Data Subjects.
- Controller and Processor have entered into an agreement (‘Agreement’) and this Agreement results in Controller wishing to have certain types of processing performed by Processor, with Controller designating the purpose and means.
- The processing of Personal Data is subject to the General Data Protection Regulation EU 2016/679 (‘GDPR’) and the Dutch Implementation Act AVG (‘UAVG’).
- Processor is also willing to take the legally required measures regarding security and other aspects of the GDPR, insofar as this is within its power.
- If definitions are used, written with a capital letter, that correspond to the definitions in the GDPR, those definitions have the same meaning.
- Any other capitalized terms shall have the meaning ascribed to them in the General Terms and Conditions.
- This Data Processing Agreement shall apply to the extent that the provision of Services in the Agreement involves one or more Processing of Personal Data.
- The natural persons who actually use the Services of Processor under the Agreement and the (employees of) clients of Client, whose personal Data are processed when using the Service, are hereinafter referred to as "Data Subjects".
- If more and other Personal Data are processed on behalf of Processor or if processing is done differently than described in this article, to the extent possible, this Data Processing Agreement shall also apply to those Processes.
- If in specific cases Processor qualifies as a "sub-processor" within the meaning of the GDPR, the provisions of this Processor Agreement shall continue to apply in full.
- All contact between Remails and Client regarding the Processing of Personal Data shall be between the contact persons that are listed by Parties upon entering the Agreement.
- Purpose of the processing
- Processor hereby agrees under the terms of this Data Processing Agreement to process Personal Data on behalf of the Controller. Processing shall be done solely for the performance of the Agreement, and all purposes compatible therewith or as determined jointly.
- Controller guarantees that it has a legal basis for any processing of Personal Data in which it uses the services of Processor. Controller indemnifies Processor against liability for processing operations without a valid legal basis.
- The Personal Data to be Processed by Processor for the purposes as set out in the previous clause and the categories of Data Subjects involved are set out in Appendix 1A of this Data Processing Agreement. Processor shall not process the Personal Data for any other purpose unless with Controller's consent. Controller shall inform Processor of any processing purposes to the extent not already mentioned in this Data Processing Agreement.
- Processor shall make every effort to carefully Process Personal Data made available by Controller.
- The Personal Data to be processed on behalf of the Controller shall remain property of Controller and/or the concerning Data Subjects.
- Processor’s obligations
- Regarding the processing operations referred to in article 2 (and Appendix 1A), Processor shall comply with all applicable legislation, including at least all Data processing legislation such as the GDPR.
- Upon first request Processor shall inform Controller about any measures taken to comply with its obligations under this Data Processing Agreement. Processor is entitled to refuse requests if, in its opinion, they are unreasonable such as when there is a repetitive nature. This is in any case the case when there is more than one request every 6 months.
- All obligations for Processor under this Data Processing Agreement shall apply equally to any persons processing Personal Data under the supervision of Processor, including but not limited to employees in the broadest sense of the term.
- Processor shall inform Controller without delay if in its opinion an instruction of Controller would violate the legislation referred to in the first clause of this article.
- Processor shall, to the extent within its power, provide assistance to Processor for the purposes of the obligations in articles 32 to 36 AVG.
- Processor shall, in accordance with article 30 GDPR, keep a register of all categories of processing activities which it carries out on behalf of the Controller under this Data Processing Agreement. Controller has no right to access this register, subject to the provisions of article 11 (Audit).
- Processor is entitled to charge Controller for all costs reasonably incurred in fulfilling the obligations in Articles 3.2 and 3.5.
- Transfer of Personal Data
- Processor may process the Personal Data in any country within the European Economic Area (‘EEA’). In addition, Processor may also transfer Personal Data to a country outside of the EEA, provided that such country ensures an adequate level of protection and/or it complies with its other obligations under this Data Processing Agreement and the GDPR.
- Processor shall report to Controller of the countries involved. Processor warrants that, having regard to the circumstances affecting the transfer of the Personal Data or a category of Data transfers, an adequate level of protection is in place with countries outside the European Union.
- In particular, when determining an adequate level of protection, Processor shall take into account the duration of the intended processing, the country of origin and the country of final destination, the general and sectoral rules of law applicable in the country in question, as well as the rules of professional life and security measures observed in those countries.
- Involvement of sub-processors
- Processor may use sub-processors for the purposes of this Data Processing Agreement. Controller expressly consents to the sub-processors listed in Appendix 1B.
- If Processor wishes to engage new or more sub-processors, then Processor shall notify Controller In Writing, including communication by email provided that the identity of the sender and integrity of the content is sufficiently established. Processor may object in writing within two weeks of disclosure if the use of a specific reported Third Party is unacceptable to it. Parties will then consult to reach a solution.
- In any event, Processor shall ensure that any Third Parties are bound to at least the same obligations as agreed between Controller and Processor. Controller has the right to inspect the agreements containing such obligations.
- Processor shall ensure that these Third Parties shall comply with the obligations under this Data Processing Agreement.
- Allocation of responsibilities
- Processor is solely responsible for the processing of Personal Data under this Data Processing Agreement in accordance with the instructions of Controller and under the explicit supervision of Controller.
- For any other processing of Personal Data, including but not limited to any collection of Personal Data by Controller, processing for purposes not reported to Processor, processing by Third Parties and/or for other purposes, the Processor does not accept any responsibility.
- Controller represents and warrants that the content, usage and instructions to process the Personal Data as meant in this Data Processing Agreement are lawful and do not violate any right of any Third Party.
- Processor shall use reasonable efforts to implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk for the processing operations involved, against loss or unlawful processing.
- Processor does not warrant that the security is effective under all circumstances.
- In the absence of an expressly defined security in the Data Processing Agreement, Processor shall make every effort to ensure that the security meets a level that is not unreasonable, given the state of the art, the sensitivity of the Personal Data and the costs associated with implementing the security.
- Controller shall only provide Personal Data to Processor for processing if it has ensured that the required security measures have been taken. Controller is responsible for the Parties' compliance with these security measures.
- Notification and communication of Data Breaches
- Controller is responsible at all times for notification of any security breach and/or Personal Data Breach to the competent supervisory authority and for communication of the same to Data Subjects.
- Controller shall be solely liable for any damages resulting from any failure to report data breaches in accordance with applicable law and regulations.
- In order to enable Controller to comply with this legal requirement, Processor shall notify Controller without unreasonable delay, after becoming aware of an actual or threatened security or Personal Data Breach.
- A notification under the previous clause shall be made at all times, but only for actual Data Breaches.
- The duty to report shall include, to the extent known, at least:
a) The nature of the Data Breach.
b) The categories of Data Subjects and Personal Data.
c) The number of Data Subjects and Personal Data.
d) The name and contact details of the Data Protection Officer or other contact point where more information can be obtained.
e) The likely consequences of the Data Breach.
f) The measures proposed or taken by Processor to address the Data Breach and mitigate any adverse consequence thereof.
- Notification will be made to the contact person mentioned in the Agreement.
- Processor shall document all Data Breaches in accordance with Article 33(5) GDPR, including the facts relating to the Personal Data Breaches, the consequences thereof and the measures taken to correct the respective Data Breach.
- Requests from Data Subjects
- The Controller bears responsibility for handling Data Subjects’ rights and requests.
- In the event a Data Subject makes a request to exercise his or her legal rights under the GDPR (articles 15-23) to Processor, Processor shall pass on such request to Controller, and Controller shall process the request. Processor may inform the Data Subject of this passing on.
- Processor shall, if Controller so requires, cooperate by means of appropriate technical and organizational measures in dealing with requests from Data Subjects to the extent this is possible and reasonable. Processor may charge Controller reasonable costs for this purpose.
- Confidentiality obligations
- All Personal Data that Processor receives from Controller and/or collects itself must be treated as Confidential Information.
- The confidentiality obligation shall not apply to the extent Controller has granted explicit permission to provide the information to Third Parties, the provision to Third Parties is reasonably necessary considering the nature of the assignment to Controller or a legal obligation rests on the Processor to provide the information to a third party.
- If Processor is required to disclose Personal Data processed on behalf of Controller to a Third Party by legal obligation or court order, Processor shall inform Controller accordingly, unless this is prohibited by law.
- Controller has the right to have audits performed on Processor by an independent Third Party bound by confidentiality obligations to verify compliance with the Data Processing Agreement, and all issues reasonably connected thereto.
- This audit may be performed once every 12 months and when Controller indicates with sufficient justification that there is a (specific suspicion of) non-compliance with this Data Processing Agreement.
- Processor shall announce the audit at least 4 weeks in advance of taking place and shall ensure that the audit disrupts Processor's business operations as little as possible.
- Processor shall give its full cooperation to the audit and shall make available employees and all reasonably relevant information, including supporting Data such as system logs.
- The audit findings shall be assessed by the Parties in joint consultation and may or may not be implemented by Processor.
- The costs of the audit shall be borne by Controller. Processor shall be entitled to charge all costs related to this audit to Processor.
- The costs of measures implemented by Processor as a result of an audit shall be borne by Processor.
- Liability and contractual fine
- Parties expressly agree that with respect to liability regarding the Processing of Personal Data, the provision of the General Terms and Conditions (article 15) shall apply, with the exception of the provision regarding the total liability for attributable failure in the performance of the Agreement (article 15.2).
- The total liability of Remails for direct damages suffered by Client as a consequence of attributable failure in the performance of the Data Processing Agreement, or by unlawful acts by Remails, it’s employees or Third Parties engaged by Remails, is per event or a series of related events limited to the amount that the Client owed Remails in the 3 months prior to the event that has caused the damage. If Parties have agreed annual invoicing, then the maximum set out in this article shall apply without prejudice.
- Term and termination
- This Data Processing Agreement is in force for the duration of the Agreement between the Parties.
- Processor shall, upon termination of the Agreement, at Controllers option, return to Controller all Personal Data in its possession in original or copy form, and/or delete and/or destroy such original Personal Data and any copies thereof. This unless storage of the Personal Data is required by Union or Member State law. Processor is entitled to charge all reasonable costs for this.
- Processor is entitled to revise this Data Processing Agreement from time to time. It shall give at least a 1 month notice of the changes to Processor. Processor may terminate by the end of the 1 month if it cannot agree to the changes.
Appendix 1A: Stipulation of Personal Data and Data Subjects
Data Subjects and Personal Data of different purposes
Processor shall process the below Personal Data of the categories Data Subjects from different purposes (with retention period if specified) under the supervision of Controller, as specified in article 1 of the Data Processing Agreement.
The processing will take place solely in the context of:
- The automation of email traffic for the benefit of the Controller’s business operations
With regard to these purposes, the processor will process the following personal Data:
(Employees of) Controller
- First name
- Last name
- Email address
- Phone number
- Email address
Customers of Controller
- Email address
Insofar as applicable:
- First name
- Last name
- Any other Personal Data that Controller may process in the email
Controller represents and warrants that the description of Personal Data and categories of Data Subjects in this Appendix 1 is complete and accurate and shall indemnify and hold harmless process for all faults and claims that may arise from a violation of this representation and warranty.
Appendix 1B: Specification of Third Parties or sub-processors
This Appendix lists the third parties that Processor engages for its Services purchased as determined in the Agreement. In accordance with article 6 of this Data Processing Agreement, processing arrangements have been made with these Third Parties.
Chamber of Commerce number
Amazon Web Services EMEA SARL
GotoAdmins Group Ltd.
Busy Rebel Development Sp. z o.o.
Appendix 1C: technical and organizational measures
Processor has taken the following technical and organizational measures to Process Personal Data responsibly and in accordance with the GDPR:
- The platform is built on AWS EKS and is fully Highly Available (3x).
- Daily backups are created.
There is an extensive monitoring system in place.
- Remails is using a dedicated IP block (22.214.171.124/24) to send the emails from.
- All communication from and to the outside world is encrypted.
- Infrastructure as Code is used for all infrastructure.
Our team is very security minded. We have various security policies in place and new employees are required to read and adhere to our internal security guidelines. Due to the relative small size of our team it is still possible to test our personnel on an ad-hoc basis. However, we are creating policies to make these tests repeatable and measurable.
Employee Contractual obligations
Our employees have all signed confidentiality agreements.
Employee Certificate of conduct
Every Remails employee is required to supply Remails with a Certificate of Conduct before starting their job.
Account sharing is prohibited. In the odd case where account sharing is the only option we enforce password rotation policies, including, but not limited to when an employee chooses to leave our company.
All our employees are required to use a password management tool.
- Passwords must be 20+ characters wherever possible.
- 2-factor-auth is enforced wherever possible.
- Employees are required to use 2-factor authentication wherever possible, even when enforcement is not possible.
- Encryption keys at rest are required to be encrypted with a password.
All our mobile devices are required to have full-disk encryption with a strong password. They are required to be locked through biometric or password protection when not in use.
The use of usb-sticks, cd-roms and other portable media is prohibited.