Privacy policy on data processing

Background       

  1. This data protection policy is part of the contractual agreement between the subscriber and Emileon BVBA with company code 0656.857.373 (“OptimEyes”)

  2. The parties recognise that OptimEyes may process personal data that comes into its possession as a result of or in connection with its performance of its obligations under the existing agreement. The personal data shall include any data in the subscriber data and the named user.

  3. The parties recognise that such processing must be in accordance with the EU data protection Directive 95/46/EC, the Data Protection Act 1998, the privacy and Electronic Communications (EC Directive) Regulations 2003 (SI 2426/2003) and any laws that replace or amend any of these including without limitation the General Data Protection Regulation 2016 and, when enacted, the Data Protection Act 2018 and any applicable data protection laws and regulations relating to individual privacy as amended from time to time (together the "Data Protection Laws")

  4. Any terms used in this Privacy Policy that are defined in the Data Protection Laws shall have the meaning given to them in such laws, including, without limitation, "Controller". "Processor", "Personal Data" and "processing".

Data Protection

  1. The parties agree that the Subscriber is the Controller and OptimEyes the Processor in respect of the processing of Personal Data pursuant to the Existing Agreement.

  2. The Subscriber will ensure that it has all necessary and appropriate policies, consents or notices in place to enable lawful transfer of the Personal Data to OptimEyes for the duration and purposes of the Existing contractual Agreement.

  3. The parties acknowledge and agree that the Description of Processing is an accurate description of the processing undertaken by OptimEyes pursuant to the Existing Agreement

  4. The processing of personal data is as follows:

    1. OptimEyes will process the Personal Data of the Named Users to be able to supply the services to the Supplier and the Named Users.

    2. The Personal Data will be held securely on the Supplier's OptimEyes domain.

    3. Data subjects

      1. The personal data concern the following categories of data subjects

      2. The Named Users which includes full time or part time employees, contractors, students, interns of the Subscriber.

    4. Purposes of the Processing

      1. The processing is necessary for the following purposes:

      2. the legitimate interests of the Controller, (the Subscriber) to utilise the Services of OptimEyes in accordance with the Existing Agreement

    5. Categories of data

      1. The personal data processed fall within the following categories of data.

      2. Name, email address and job title

    6. Instructions with regards to the processing of personal data:

    7. OptimEyes shall process the Personal Data only in accordance with terms of the Existing  Agreement and the instructions received in writing by the Subscriber from time to time.

  5. OptimEyes shall (and procure that any of its employees, staff. workers, agents or consultants shall):

    1. Implement appropriate technical and organisational measures to protect Personal Data against accidental or unlawful destruction, loss, alteration. unauthorised disclosure  of, or access to Personal Data processed by it;

    2. Preserve so far as possible the security of Personal Data and prevent any loss, disclosure, theft, manipulation or interception of Personal Data;

    3. Check for and delete any malicious materials from its systems and not intentionally or negligently transfer any malicious materials onto any of the Subscriber's IT systems or onto any media containing the Personal Data;

    4. Only process the Personal Data for the purposes of complying with its obligations under the Existing Agreement and for no other purpose whatsoever, and at all times in accordance with  the Subscriber's documented instructions from time to time, the Description of Processing attached hereto and all applicable Data Protection Laws and not transfer any Personal Data outside of the European Economic Area unless the prior written consent of the Subscriber has been obtained.

    5. provide such information and assistance as the Subscriber may require, at the Subscribers cost and expense, in relation to.

      1. any request from any Data Subject for: access, rectification or erasure of the Subscriber Personal Data, or any objection to Processing;

      2. the Subscriber’s decision to undertake a data protection impact assessment where the Subscriber reasonably considers (in its sole discretion) that the type of processing is likely to result in a high risk to the rights and freedoms of data subjects; and

      3. any application for approval of the Information Commissioner or other data protection supervisory authority to any processing of Personal Data, or any request, notice or investigation by such supervisory authority.

    6. Immediately (and in any event within 2 calendar days) and fully notify the Subscriber in writing if any Personal Data has been disclosed in breach of the Existing Agreement or if it is lost, becomes corrupted, is damaged or is deleted in error;

    7. notify the Subscriber immediately if it suspects or becomes aware of any actual, threatened or potential breach of security of Personal Data and any personal data breach (as defined in the Data Protection Laws) and shall ensure all such notices include full and complete details relating to such breach, in particular

      1. the nature and facts of such breach including the categories and number of Personal Data records and, if applicable, data subjects concerned;

      2. the contact details of the data protection officer or other representative duly appointed by OptimEyes from whom the Subscriber can obtain further information relating to such breach, and

      3. the likely consequences or potential consequences of such breach.

    8. keep detailed, accurate and up-to-date records relating to its processing of the Personal Data, and

    9. during the term of the Existing Agreement or on the expiry or termination of the Existing Agreement provide a copy or return all of the Personal Data.

  6. At the Subscriber's cost, OptimEyes shall allow for an audit (no more than once per annum) by the Subscriber and any auditors appointed by it in order for OptimEyes and its supplier i-nexus to demonstrate its compliance with this Addendum. For the purposes of such audit, upon reasonable notice, OptimEyes shall make available to the Subscriber and any appointed auditors all information that the Subscriber deems necessary (acting reasonably) to demonstrate OptimEyes compliance with this privacy policy.

In OptimEyes reasonable opinion, to the extent that it believes that any instruction received by it in accordance with clause 9 or 10 likely to breach the Data Protection Laws or any other applicable law, OptimEyes shall promptly inform the Subscriber and shall be entitled to withhold its permission for such audit the provision of the relevant Services until the Subscriber amends its instruction so as not to be in breach.

  1. This Agreement shall be construed and enforced under the laws of Belgium, without reference to the choice of law principles thereof. Customer hereby consents to and submits to the jurisdiction of the courts located in Antwerp - Belgium. User waives any defences based upon lack of personal jurisdiction or venue, or inconvenient forum 

© 2017 by OptimEyes