Data Processing Agreement

This Data Processing Agreement is an integral part of the Agreement between Cleeng B.V. ("we" or "us") and you and applies to all Services pursuant to which we act as a data processor for you as data controller. This Data Processing Agreement does not apply to Cleeng Merchant Services. Please refer to our privacy policy available via [link] in respect of our privacy commitments regarding the Cleeng Merchant Services

1. DESCRIPTION OF THE PROCESSING

Pursuant to the Service Agreement we provide you with Services pertaining to the administration and management of online subscriptions. If and to the extent that we Process Personal Data in the provision of the Services, we process personal data on your behalf. Consequently, you act as a data controller and we act as a data processor

2. DOCUMENTED INSTRUCTIONS

We shall process personal data as a data processor as necessary to perform our obligations under the Agreement, and strictly in accordance with your instructions as documented herein.

3. NON-DISCLOSURE AND CONFIDENTIALITY

We shall impose a duty of confidentiality on all the natural persons and legal entities we engage to process personal data, including but not limited to employees, subprocessors, third parties and other recipients.

4. SECURITY

We shall implement and maintain security measures within our IT domain to meet our security obligations under applicable law, including Article 32 of the GDPR. We are SOC Type 2 certified and we shall use reasonable efforts to enforce the SOC Type 2 measures related to processing of personal data.

5. SUBCONTRACTING

We shall not subcontract any processing of personal data to a third party sub-processor without your prior written consent. You hereby consents that we may subcontract processing to Amazon Web Services, Looker and Zendesk. In addition, you consent to us engaging third party sub-processors to process personal data provided that: (i) we provide prior notice of the addition of any sub-processor (including details of the (part of the) processing it will perform); and (ii) we impose personal data protection terms on any sub-processor we appoint that protect the personal data to the same standard provided by this Data Processing Agreement. You may object to this sub-processor. If you refuse to consent to the appointment of a third party sub-processor on reasonable grounds relating to the protection of the personal data, then we will either not appoint the sub-processor or we may elect to suspend or terminate the Agreement without penalty

6. COOPERATION AND INDIVIDUALS' RIGHTS

We shall provide all reasonable and timely assistance to you to enable you to respond to: (i) any request from an individual to exercise any of its rights under the GDPR in the context of processing; and (ii) any other correspondence, enquiry or complaint received from an individual, regulator, court or other third party in connection with the processing. In the event that any such request, correspondence, enquiry or complaint is made directly to us, we shall promptly inform you providing details of the same and, where appropriate, refer the relevant party to you.

7. PERSONAL DATA BREACH

Upon becoming aware of a personal data breach, we shall inform you without undue delay (and, in any event, within 48 hours after becoming aware of it) and shall provide all such timely information and cooperation as you may require in order for you to fulfill your personal data breach obligations under (and in accordance with the timescales required by) applicable law

8. DELETION OR RETURN OF DATA

Upon termination or expiration of the Agreement, we shall in accordance with the Agreement, destroy or return to you all personal data directly related to the processing (including all copies of the personal data) in our possession or our control. This requirement shall not apply to the extent that we are required by any applicable law to retain some or all of the Personal Data, in which event we shall retain such Personal Data as a data controller but only to the extent required by such lawIn the absence of any specific contractual agreement, an automatic script or manual script (for ad-hoc requests) is initiated on Cleeng platform containing customer data. This will either remove or update the Customer data with masking techniques

9. AUDIT

No more than once during any twelve (12) month period, upon at least thirty (30) days prior written notice, you may, at your expense, engage an independent auditor registered in the Netherlands to review the processing of personal data for the sole purpose of verifying our compliance with this Data Processing Agreement. The results of such an audit need to be provided to use as soon as available. If the audit shows any non-compliance we will work together to resolve such non-compliance.

Annex A – Description of the Data Processing

In connection with the delivery of one or more of the below Services we shall process personal data as a data processor for you as a data controller.

Cleeng Core;
Cleeng ChurnIQ;
Cleeng Hi5;
Cleeng Live-pay-per-view;
and any other service provided by us to you.

The personal data comprises identification data, professional life data, connection data or localization data (including IP addresses whether dynamic or not). You may also upload data to our platform which may include personal data, the extent of which is determined and controlled by the Client in its sole discretion, like personal data of the Client’s customers.You warrant that you are entitled to provide such personal data to use and you shall indemnify us for all third party claims based on the assertion that we are not entitled to process such data for you.

The duration of the processing will be: until the earliest of (i) expiry/termination of the Agreement, or (ii) the date upon which processing is no longer necessary for the purposes of either party performing its obligations under the Agreement;

The processing will comprise: Processing necessary to provide the Service to you, pursuant to the Agreement;
The purpose(s) of the processing is/ are: performance of the Agreement and legitimate grounds;
Version: August 18th, 2021.
‍