HomeTerms of Service

Terms of Service

1. Introduction

  1. These Terms govern your access to and use of the platform(s) and/or dashboard(s) owned and/or operated by or on behalf of fullinfo B.V., our APIs, and any other software or tools provided on or in connection with our services, including without limitation using our services to submit data requests (collectively, the “Service”).
  2. “You” or “your” means the Customer, i.e. the individual or organization, company or (other) legal entity accepting these Terms. If you accept these Terms on behalf of an organization, company or (other) legal entity, you represent that you have the legal authority to bind that organization, company or (other) legal entity as well as its Affiliates to these Terms, in which case the term “you” or “your” , i.e. the Customer, refers to such entity and its Affiliates. “We” or “us” or “ours” or “fullinfo” refers to fullinfo B.V.
  3. By clicking to accept and/or using our Service, you agree to be bound by these Terms. If you do not agree to these Terms, you may not access or use the Service. These Terms are provided in such a way that users can store them in a readily accessible manner on a durable medium.
  4. We reserve the right to amend these Terms. Amendments to these Terms will only come into effect after they have been published in an appropriate way.
  5. Definitions written with a capital letter in these Terms shall have the meaning ascribed thereto in Annex 1.

2. Account creation

  1. In order to use the Service you have to create and activate an Account. A third party tool may be used to facilitate the onboarding process.
  2. You are solely responsible for keeping your log-in credentials secure.

3. Service access

  1. By clicking a box on our website you subscribe, subject to payment of the applicable Charges (except in case of Trial Services), for the Service as indicated on the website upon which we grant you and any Authorized Users, subject at all times to these Terms, a non-exclusive, non-transferable, limited license to permit Authorized Users to access and use the Service for the duration of the Subscription Term, solely for internal business purposes.
  2. You will inform us about the amount of Authorized Users that will use and/or access the Service through your Account.

4. Trial services

  1. If you register on our website for Trial Services, we will make the applicable Service available to you on a trial basis free of charge until the earlier of (a) the end of the Trial Service Subscription Term, or (b) the start date of a Subscription Term of any purchased version of the Service ordered by you, or (c) written notice of termination from us.
  2. There is no guarantee that features or functions of the Trial Services will be available, or if available will be the same, in the purchased version of the Service, and you should review the Service features and functions before making a purchase.
  3. We will be under no obligation to provide you any maintenance or support services with respect to the Trial Services.
  4. We provide the Trial Services “as is” and “as available” without any warranties or representations of any kind.
  5. Your sole and exclusive remedy in case of any dissatisfaction or breach of these Terms with respect to Trial Services is termination of the Trial Services.

5. Service provision

  1. We deploy the Service on resilient computing infrastructure designed to maintain service availability and continuity in the case of an incident affecting the Service. We will use reasonable endeavours to ensure a significant uptime of the Service (save for (i) planned maintenance and (ii) unplanned maintenance provided fullinfo used reasonable endeavours to give reasonable prior notice), although we do not guarantee that the Service will be uninterrupted or error free.
  2. We may update the Service from time-to-time provided such changes do not materially and negatively impact the functionality, performance or security of the Service. We shall use reasonable efforts to inform you of such changes.
  3. You represent that you comply with all applicable laws (including without limitation export laws and regulations) when using the Service and that you are an adult of the legal age of majority in your country of residence.
  4. Without limitation on any other rights and remedies hereunder, we may suspend your right to access the Service or use any portion or all of the Service immediately upon notice to you if we determine:
    1. you (or an Authorized User’s) use of or access to the Service (i) poses a security risk to us, the Service or any third party; (ii) may adversely impact availability or performance of the Service or the systems or software of any of our other customers; (iii) may subject us or any third party to any liability; or (iv) may be fraudulent; or
    2. you (or an Authorized User), is in breach of these Terms or any other agreement by which software being used on or in conjunction with the Service is licensed.
    3. We shall reinstate the suspended Service once the cause of the suspension has been remedied or ceased to exist.
  5. We only provide support in relation to the Service if and to the extent that this has been agreed in these Terms.
  6. The Customer acknowledges that the Service may enable or assist it to access and use third party products and services and that it does so solely at its own risk. fullinfo makes no representation, warranty or commitment and shall have no liability or obligation whatsoever in relation to the content or use of, or correspondence with, any such third-party products and services, or any transactions completed, and any contract entered into by the Customer, with any such third party. fullinfo does not endorse or approve any third-party products and services nor the content of any of the third-party products and services made available via the Services. You understand and agree that you are subject to any applicable third party terms when you use a third party product or service.

6. Your obligations

  1. You shall not (directly or indirectly): (a) copy or reproduce the Service or the Documentation; (b) submit data requests on or through the Service without sufficient Credits; (c) assign, sell or otherwise transfer the rights granted to you to any third party; (d) remove any copyright or trademark on or contained in the Service or the Documentation; (e) decompile, attempt to derive our code or underlying ideas or algorithms of any part of the Service; (f) modify, reverse engineer or disassemble the Service; (g) prepare derivative works based upon the Service or the Documentation; (h) disrupt the integrity or performance of the Service; (i) use the Service in a manner that infringes on the intellectual property rights or privacy rights of any third party; (j) attempt to gain unauthorized access to the Service or its related systems or networks.
  2. You are solely responsible for ensuring: (i) that only appropriate Authorized Users have access to the Service, (ii) that such Authorized Users have been trained in proper use of the Service, and (iii) proper usage of passwords, tokens and access procedures with respect to logging into the Service and/or your Account.
  3. You shall at all times:
    1. ensure that Authorized Users comply with these Terms;
    2. provide all cooperation necessary for us to provide the Service, including but not limited to provision of all available information and documents reasonably required by us to fulfil our obligations;
    3. prevent any unauthorized access to, or use of, the Service and/or your Account, and shall notify us promptly of any such unauthorized access or use.
  4. Except solely as expressly stated in these Terms, you assume sole responsibility and shall not hold us liable for results obtained from the use of the Service, and for conclusions drawn from such use.
  5. You are responsible for the compliance at all times of yourself and other Authorized Users with these Terms. You accept liability for the applicable acts and omissions of other Authorized Users as if they were acts or omissions of you.
  6. The Service may require the use of mobile applications now or in the future. You shall ensure that you and all other Authorized Users promptly download and install all available updates for the mobile applications. You further acknowledge and agree that the Service may not properly operate should you or any other Authorized User fail to do so, and we are not liable for any damages caused by a failure to update mobile applications accordingly.

7. Charges and payment

  1. In consideration of the provision of the Service by us, we shall invoice, and you shall pay the Charges, unless you opted for Trial Services. The Charges for the Service are stated on our website.
  2. You shall provide accurate, current and complete information on your billing and payment information, address and billing contacts, including email address and phone number, and will promptly notify us if this information changes.
  3. During the Subscription Term, Charges are payable annually or monthly in advance. If you run out of Credits during a Subscription Term, you will continue to have access to your Account for the remainder of your Subscription Term and you will have the possibility to purchase extra Credits within your Account or otherwise as indicated by us.
  4. If you have remaining Credits at the end of a Subscription Term these Credits will expire automatically and can not be transferred to a new Subscription Term. Credits are non-refundable.
  5. All sums payable shall be paid in EURO, unless otherwise agreed. Payment may only take place in accordance with the payment method as set out on our website or as otherwise instructed by us.
  6. You shall not withhold, offset or deduct any amounts from payments for Charges due (other than any deduction or withholding of tax as required by law).
  7. Should you have any questions over the amount of any invoice issued by us, you shall notify us no later than ten (10) Business Days before the due date of the relevant invoice, failing which you shall be deemed to have accepted such invoice as conclusive evidence of the correct amount to be charged.
  8. All sums due to us under or in relation to an Agreement are exclusive of any sales tax (VAT) which shall be charged in addition in accordance with the relevant regulations in force at the time and shall be paid by you in full at the same time as payment is due under the relevant invoice.
  9. If you fail to make payment in accordance with this clause, then we shall be entitled to charge interest on the overdue amount at the lesser of the maximum rate allowed by law or a rate of four percent (4%) per annum above the base rate of the Central Bank of the Netherlands from time to time in force, from the date on which such amount fell due until payment.
  10. All payment obligations are non-cancellable and all payments made are non-refundable, including upon early termination of an Agreement. Notwithstanding the foregoing, solely in the event that an Agreement is terminated pursuant to your termination in accordance with clause 13.5 of these Terms, we shall refund to you on a pro rata basis for each unused Credit of the then-current Subscription Term.
  11. We are authorized to adjust the current prices in writing under observance of a period of notice of three months. If you do not wish to agree to such adjustment, you are entitled to terminate an Agreement in writing forthwith within thirty days after the notification as of the date on which the adjustment would take effect.

8. IP rights & customer data

  1. fullinfo and its licensors own any and all Intellectual Property Rights in the Service. Except solely as expressly stated herein, these Terms do not grant you any rights to, or in, any Intellectual Property Rights in respect of the Service, fullinfo Data or Documentation.
  2. All right, title and interest in and to all of the Customer Data shall remain with Customer, subject to clause 8.4.
  3. You shall at all times have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data and for ensuring that its use does not infringe the rights of any third parties.
  4. You acknowledge that we may utilize a third-party cloud service provider for the storage, access, transfer, and processing of fullinfo Data and Customer Data. We shall use commercially reasonable industry standard security procedures for the transfer, transmission, storage, or accessing thereof.
  5. In no event shall fullinfo be responsible for any loss, destruction, alteration or disclosure of Customer Data to the extent caused directly or indirectly by Customer, its Authorized Users or any third party.

9. CONFIDENTIAL INFORMATION

  1. Each Party shall not use the other Party’s Confidential Information other than as needed for the exercise and performance of its rights and obligations under an Agreement.
  2. The restrictions imposed by clause 9.1 shall not apply to the disclosure of any Confidential Information which:
    1. before any negotiations or discussions leading to the relevant Agreement was already known by the receiving Party (and was obtained or acquired in circumstances under which the receiving Party was not bound by any form of confidentiality obligation); or
    2. is now in or hereafter comes into the public domain other than as a result of a breach of this clause 9;
  3. Each Party shall notify the other Party if it becomes aware of any unauthorized disclosure of any Confidential Information and shall afford reasonable assistance to the other Party, at that other Party’s reasonable expense, in connection with any enforcement proceedings which that other Party may elect to bring against any person.
  4. A Party may disclose Confidential Information to the extent such Confidential Information is required to be disclosed by law, by any governmental or other regulatory authority or by a court or other authority of competent jurisdiction provided that, to the extent it is legally permitted to do so, it gives the other Party as much notice of such disclosure as possible and, where notice of disclosure is not prohibited and is given in accordance with this clause 9.4, it takes into account the reasonable requests of the other Party in relation to the content of such disclosure.

10. Data protection

  1. You are solely responsible for: (i) the content, quality and accuracy of Customer Data as made available by you and by Authorized Users; (ii) providing notice to Authorized Users with regards to how Customer Data will be collected and used for the purpose of the Service; (iii) ensuring you have a valid legal basis for processing Customer Data and for sharing Customer Data with us (to the extent applicable); and (iv) ensuring that the Customer Data as made available by Customer complies with applicable Data Protection Laws.
  2. The Parties shall comply with their respective obligations under the applicable Data Protection Laws. In particular, Parties shall comply with the Data Processing Agreement (DPA) found in Annex 2 if fullinfo acts as data processor for Customer (for example whenever a Customer requests a certain data set containing personal data), which DPA is in such case hereby incorporated into these Terms.

11. Warranties

  1. During the Subscription Term, fullinfo warrants that the Service will perform in substantial conformity with the Documentation. The foregoing warranty shall not apply to the extent of any non-conformance resulted from error, or misuse of the Service (including use not in accordance with the Documentation) by, or is otherwise attributable to, Customer, the Authorized User or by anyone other than us.
  2. You shall report any breach of warranty to us within a period of twenty (20) days of the date on which the incident giving rise to the claim occurred. Your sole and exclusive remedy for breach of these warranties will be for fullinfo, at its expense, to rectify such non-conformity as soon as reasonably practicable.
  3. We disclaim (and disclaim on behalf of our licensors and/or contributors to any third party materials) all other warranties, conditions and other terms, whether express or implied, including the implied conditions and warranties of merchantability and fitness for a particular purpose. We will have no liability for delays, failures or losses attributable or related in any way to the use or implementation of third-party software or services not provided by us.

12. LIABILITY

  1. Subject only to Section 12.3 below, in no event shall our liability to you exceed the aggregate amount paid or payable by you under an Agreement during the twelve (12) months prior to the event giving rise to the claim, whether in contract, tort, under any warranty or any other theory of liability. In no event, however, will our total liability for damages on any basis whatsoever amount to more than five thousand Euro.
  2. Subject only to Section 12.3 below, to the maximum extent permitted by applicable law, neither Party shall be liable for any indirect, consequential, incidental, special, punitive or exemplary loss or damages, or for any loss or damage to data, loss of profits, loss of customers, loss of business, missed savings, loss of goodwill or reputational damages, arising out of or in connection with an Agreement, even apprised of the possibility or likelihood of such damages occurring.  
  3. Nothing in these Terms excludes or limits the liability of either Party for its own wilful misconduct or gross negligence.

13. Term & Termination

  1. The Subscription Term of each Agreement commences by clicking a box indicating the (start of the) Service on our website (the “Commencement Date”).
  2. Subscriptions will automatically renew for additional Subscription Terms equal to the expiring Subscription Term unless you amended the subscription type by upgrading or downgrading your current subscription type at least ten (10) days before the end of the relevant Subscription Term.
  3. If during the Subscription Term you subscribe for an upgrade of your current subscription, the new subscription type will commence immediately. If during the Subscription Term you subscribe for a downgrade of your current subscription, the new subscription type will commence from the day the current Subscription Term ends.
  4. Either Party may terminate an Agreement for convenience (i.e. for any reason or no reason at all) by giving the other Party written notice thirty (30) days in advance of such termination.
  5. Either Party may terminate an Agreement with immediate effect by giving written notice to the other Party if:
    1. the other Party fails to pay any amount due under an Agreement on the due date for payment and remains in default after fourteen (14) days from being notified in writing of such a past-due payment;
    2. the other Party commits a material breach of any term of an Agreement or these Terms and fails to remedy that breach within a period of thirty (30) days after being notified in writing to do so, provided that the notice includes sufficient information regarding the nature of the breach;
    3. the other Party commences bankruptcy, insolvency or similar proceedings or becomes insolvent or is liquidating, dissolving or ceasing business operations.
  6. Termination shall not affect clauses which by their nature are intended to continue to apply after termination.
  7. Upon termination or expiry of an Agreement: (i) you will have no further right to access or use the Service, subject to clause 13.8; (ii) each Party shall cease using the other Party’s Confidential Information and within thirty (30) days after written request return or destroy any Confidential Information of the other Party within its possession or control; and (iii) we may destroy or otherwise dispose of any of the Customer Data in our possession, unless we receive, no later than ten days after the effective date of the termination of the relevant Agreement, a written request for the delivery to the Customer of the then most recent back-up of the Customer Data. We shall use reasonable commercial endeavours to deliver the back-up to the Customer within 30 days of our receipt of such a written request, provided that the Customer has, at that time, paid all Charges outstanding at and resulting from termination (whether or not due at the date of termination).
  8. At the end of the Subscription Term access to the Service will be refused, however upon your request you are entitled to retain your Account without costs for a period of maximum six months (unless indicated otherwise). Within that period you may opt for a new subscription with retention of your Account. After that period or if you do not request to maintain your Account, we will remove the Account, including any saved data, reports or preferences.

14. Miscellaneous

  1. We shall not be in breach of an Agreement or these Terms nor liable for delay in performing, or failure to perform, any of our obligations thereunder if such delay or failure results from events, circumstances or causes beyond our reasonable control, including, without limitation, strikes, lock-outs or other industrial disputes (whether involving the workforce of fullinfo or any other party), failure of a utility service or transport or telecommunications network or the internet, act of God, war, riot, civil commotion, compliance with any law or governmental order, rule, regulation or direction, fire, flood or storm, cybercrime or cybersecurity related events affecting the Service, or failures of our suppliers.
  2. Any amendment or waiver of any provision and any waiver of any default under these Terms shall only be effective if made in writing and signed by Parties subject to the provisions as set out in these Terms.
  3. No failure or delay by a Party in exercising any right or remedy provided by law or under these Terms shall impair the right or remedy, or operate as a waiver or variation of it, or preclude its exercise at any subsequent time. No single or partial exercise of any right or remedy shall preclude any further exercise of the right or remedy or the exercise of any other right or remedy.
  4. If any provision of these Terms, or portion thereof, is held to be void, invalid, illegal or unenforceable, this shall not affect the legality, validity or enforceability of the remaining provisions. The invalid provisions shall, if required, be modified or amended to the fullest extent possible under applicable law so as to reflect the original meaning and intent of the parties.
  5. The mere lapse of a date or agreed time frame for performance of the Service shall not automatically constitute a default under an Agreement or these Terms.
  6. No provision of these Terms creates a partnership between the Parties or makes a Party the agent of the other Party for any purpose, unless expressly stated otherwise. A Party has no authority to bind, to contract in the name of, or to create a liability for the other Party in any way or for any purpose.

15. Applicable law and disputes

  1. These Terms and any Agreement shall be governed by and construed in accordance with the laws of the Netherlands.
  2. The competent court of Amsterdam shall have exclusive jurisdiction over all disputes, controversies or claims between the Parties arising in connection with an Agreement or these Terms.

Annex 1: Definitions

Accountmeans your personal environment managed by fullinfo, through which you and Authorized Users gain access to the Service.
Affiliatemeans any entity that directly or indirectly controls, is controlled by, or is under common Control with the subject entity. “Control,” for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.
Agreementmeans each and every agreement between fullinfo and a Customer relating to access to and use of the Service;
Authorized Usersshall mean employees, agents, consultants, contractors, or vendors authorized by Customer to use the Service solely for the internal use of Customer.
Chargesmeans the charges for the Service, including the Credits;
Commencement Datehas the meaning given to it in clause 13.1;
Confidential Informationmeans information, in whatever form or medium, which has been kept confidential by the Party from whom the information originates and which has not come into the public domain for the duration of any Subscription Term in breach of any obligation of confidence, including without limitation information relating to the commercial or technical know-how, technology, information pertaining to business operations and strategies, and information pertaining to customers, pricing and marketing of a Party;
Customerhas the meaning given to it in clause 1.2 of these Terms.
Customer Datameans data that Customer provides to fullinfo such as by way of uploaded or hosted data, through Customer’s use of the Service;
Credit(s)means digital assets of value which can purchased by Customers via their Accounts or as otherwise indicated by us and which are necessary to submit data requests on or through the Service;
Data Protection Lawsmeans all data protection laws applicable to the processing (including transfer) and use of Personal Data in the context of activities carried out pursuant to an Agreement, including but not limited to the General Data Protection Regulation (GDPR) (and any amendments thereto) and any local legislation implementing the applicable data protection laws in the country where Parties are established;
Documentationshall mean the user guides and specifications for the Service that are made available from time to time at fullinfo’s website or otherwise made available by fullinfo.
fullinfohas the meaning given to it in clause 1.2 of these Terms;
fullinfo Datameans any data created or generated by fullinfo or generated by Customer’s use of the Service (excluding Customer Data).
Intellectual Property Rightsmeans patents, trade marks, service marks, logos, trade names, internet domain names, rights in designs, copyright (including rights in computer software) and moral rights, database rights, semi-conductor topography rights, utility models, rights in know-how and other intellectual property rights, in each case whether registered or unregistered and including applications for registration, and all rights or forms of protection having equivalent or similar effect anywhere in the world;
Partymeans Customer or fullinfo as a party to an Agreement;
Personal Datameans personal data as defined in article 4 GDPR;
Servicehas the meaning given to it in clause 1.1 of these Terms;
Subscription Termmeans the term which shall commence on the Commencement Date and continues until the end of the then-current term, as renewed in accordance with clause 13.2.
Termsmeans these terms of service.
Trial Servicesa free-of-charge version of the Service allowing you to spend up to 10 Credits (or a different amount, if so agreed).

Annex 2: Data Processing Agreement

This Data Processing Agreement forms an integral and inseparable part of the agreement between fullinfo B.V. (hereinafter: fullinfo) and Customer under the Terms of Service and any other agreement that explicitly refers to this Data Processing Agreement, regarding the processing of Personal Data. fullinfo and Customer are jointly referred to as ‘Parties’ and separately as ‘Party’.

  1. Definitions
    1. In this Data Processing Agreement, ‘GDPR’ means the General Data Protection Regulation as well as all laws and regulations that may replace this regulation in the future. Terms defined in the GDPR have the same meaning in this Data Processing Agreement unless another definition is given here. Capitalized terms that are not defined in this Data Processing Agreement, have the same meaning as defined in the Terms of Service.
    2. Terms of Service: the terms agreed upon between fullinfo and Customer, to which this Data Processing Agreement is attached.
    3. Customer is designated as controller, and fullinfo is designated as processor. If (a) customer(s) of Customer determine(s) the purposes and means of the data processing, the Customer is designated as processor, fullinfo as subprocessor and the customer(s) of Customer as the controller(s). However, this does not affect the agreements and designation of the Parties in this Data Processing Agreement.
    4. Personal Data: personal data (as defined in the GDPR) relating to the Data Subjects specified in Schedule 1.
  2. Purposes of processing
    1. fullinfo will process the Personal Data only to the extent necessary to supply the agreed Services to Customer, for purposes reasonably related thereto or which are agreed upon, or to fulfil a legal obligation.
    2. Schedule 1 defines the purposes of processing, the categories of Personal Data processed and the categories of Data Subjects.
    3. fullinfo will not process the Personal Data for any purpose other than as determined by Customer. Customer will inform fullinfo of the processing purposes insofar as they have not already been mentioned in this Data Processing Agreement. However, fullinfo may use the Personal Data for quality purposes, provided that fullinfo only processes the relevant data for these purposes in anonymized form as much as reasonably possible.
  3. The Parties’ obligations
    1. fullinfo and Customer will each comply with the laws and regulations applicable to them, including in any event the laws and regulations related to the protection of Personal Data, such as the GDPR.
    2. fullinfo will inform Customer, at its first request, about the measures it has taken regarding its obligations under this Data Processing Agreement.
    3. The obligations of fullinfo arising from this Data Processing Agreement also apply to those who process Personal Data under the authority of fullinfo, including but not limited to employees.
    4. fullinfo will inform Customer without undue delay if, in its opinion, an instruction from Customer is in violation of the legislation referred to in Article 3.1.
    5. fullinfo will, insofar as it is within its power, aid Customer in the fulfillment of the legal obligations resting on Customer based on Articles 32 to 36 of the GDPR. fullinfo can charge reasonable costs for such assistance to Customer.
  4. Processing location
    1. fullinfo may process the Personal Data in any country within the European Economic Area (‘EEA’). In addition, fullinfo may transfer the Personal Data to a country outside the EEA, under the terms of the GDPR. The processing location is available via privacy@fullinfo.com.
    2. In case Customer is located outside the EEA, in a country that has not received an adequacy decision from the European Commission, the Standard Contractual Clauses as included in Schedule 2, apply
  5. Division of responsibility
    1. fullinfo is responsible for the processing of Personal Data under this Data Processing Agreement, in accordance with the instructions of Customer and under the explicit (final) responsibility of Customer. For any other processing of Personal Data, including in any case, but not limited to, the use of Personal Data by Customer, processing for purposes which have not been reported by Customer to fullinfo, processing by third parties and/or for other purposes, fullinfo is expressly not responsible.
    2. Customer represents and warrants that he has a legal basis to process the Personal Data. Customer guarantees that the content, the use, and the instruction to process Personal Data as referred to in the Data Processing Agreement are not unlawful and do not infringe any rights of third parties. Customer indemnifies fullinfo for any claims.
  6. Subprocessors
    1. Customer hereby grants fullinfo specific written authorization to engage other processors (‘Subprocessors’) when processing Personal Data, on the basis of this Data Processing Agreement. The most recent overview of Subprocessors is available via privacy@fullinfo.com.
    2. Customer hereby grants general written permission for the engagement with other Subprocessors. Customer may subscribe to the mailing list via privacy@fullinfo.com to be informed about intended changes regarding the addition or replacement of Subprocessors. Customer has the right to object to any Subprocessors to be engaged by fullinfo, in writing and substantiated with adequate reasoning, within one week of notification. If Customer objects to the Subprocessor(s) to be engaged by fullinfo, Customer has the right to terminate the Service. If Customer does not object within one week, the Subprocessor will be engaged.
    3. fullinfo ensures that the Subprocessors it engages, assume materially corresponding written obligations as agreed between Customer and fullinfo in this Data Processing Agreement.
    4. In the event of non-compliance by these Subprocessors, fullinfo is itself liable for damages as if it had committed the actions itself.
  7. Security
    1. fullinfo will put in place appropriate technical and organizational measures to secure the Personal Data against loss or any form of unlawful processing, including unnecessary collection, disclosure or further processing. The most recent overview of technical and organizational measures is available via privacy@fullinfo.com.
    2. fullinfo does not warrant that the security is effective under all circumstances. fullinfo shall use best efforts to ensure a level of security appropriate to the risk taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.
    3. Customer will only make Personal Data available to fullinfo if it has ensured that the security measures taken by fullinfo are appropriate in relation to the processing activities.
  8. Handling requests from Data Subjects
    1. If a Data Subject sends fullinfo a request to exercise one of their rights from Chapter III of the GDPR, fullinfo will forward the request to Customer and Customer will follow up on the request. fullinfo may inform the Data Subject that it has done so.
    2. At Customer’s request and when reasonably necessary, fullinfo will, at Customer’s costs, provide support to comply with such request.
  9. Confidentiality
    1. All Personal Data that fullinfo receives from Customer and/or collects itself in the context of this Data Processing Agreement is subject to a duty of confidentiality towards third parties. fullinfo will not use this information for a purpose other than that for which it was obtained.
    2. This duty of confidentiality does not apply insofar as Customer has given explicit consent to provide information to third parties, if the provision of information to third parties is logically necessary in view of the nature of the instruction and the execution of this Data Processing Agreement or the Terms of Service, or if there is a legal obligation to provide the information to a third party.
  10. Audit
    1. Customer is entitled to arrange that a suitable external auditor which is acceptable to fullinfo performs an audit to determine whether fullinfo complies with this Data Processing Agreement. This party will be bound by confidentiality towards third parties.
    2. The audit will only take place in the event of a concrete suspicion of misuse of Personal Data and only after Customer has requested and assessed the similar audit reports present at fullinfo and puts forward reasonable arguments that still justify an audit initiated by Customer.
    3. The audit will be announced at least 15 business days in advance and will take place on a date and time to be determined by the Parties in joint consultation.
    4. In conducting the audit, fullinfo’s security standards will be followed, and an attempt will be made to minimize any impact on fullinfo’s business operations. fullinfo will cooperate in the audit and will make available any information and employees that may reasonably be relevant to the audit as soon as possible.
    5. The findings resulting from the audit will be assessed by the Parties in mutual consultation and, as a result thereof, may or may not be implemented by either Party or both Parties.
    6. The costs of the audit initiated by Customer are borne by Customer, including the costs for the cooperation of fullinfo’s employees.
  11. Notification obligation
    1. In the event of a discovery of a Personal Data Breach as meant in Article 4 (12) of the GDPR, fullinfo will inform Customer without undue delay. Customer is responsible for complying with any statutory reporting obligations.
    2. The reporting obligation in any case includes reporting the fact that there has been a Personal Data Breach and, as far as fullinfo is aware of the information required under Article 33 (3) of the GDPR.
  12. Liability
    1. The Parties agree that the provisions on liability in the Terms of Service, apply to this Data Processing Agreement as well.
  13. Duration and termination
    1. This Data Processing Agreement is applicable when the Terms of Service are applicable.
    2. This Data Processing Agreement will remain in effect for as long as fullinfo processes Personal Data in the context of supplying Services to Customer.
    3. In case the Data Processing Agreement is terminated, for whatever reason and in any way whatsoever, fullinfo will, at the request of Customer, remove and/or destroy all Personal Data it holds and/or return it to Customer in a commonly used digital format. Reasonable costs may be charged for returning the Personal Data in a specific desired digital format.
    4. The Parties may only amend this Data Processing Agreement with mutual written consent.

The following Schedule forms an integral part of this Data Processing Agreement:

Schedule 1. Specification of processing purposes, Personal Data categories, and Data Subject categories

Schedule 2. Standard Contractual Clauses

Purposes

fullinfo processes Personal Data of Customer and its Data Subjects for the provision of its Service, which includes searching for specific company and contact information on request of Customer. Customer acknowledges that after a search has been concluded, fullinfo will include the respective information in its own database and will from this point onwards be the controller for this data.

Personal Data

In the context of the Services, fullinfo may process the following categories of Personal Data:

  • Name and company name
  • Job title
  • Business email address
  • Business telephone number
  • Company employee range
  • Data Subject location (city level)
  • LinkedIn, Twitter and Instagram handler and/or URL
  • Profile image (as included in LinkedIn, Twitter and/or Instagram)
  • Biography (as included in LinkedIn, Twitter and/or Instagram)

This Personal Data concerns the following categories of Data Subjects:

  • Business leads
  • Points of contact within an organization, including management/executives, and employees

Schedule 2. Standard Contractual Clauses

Section I

Clause 1 – Purpose and scope
  1. The purpose of these standard contractual clauses is to ensure compliance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) for the transfer of personal data to a third country.
  2. The Parties:
    1. the natural or legal person(s), public authority/ies, agency/ies or other body/ies (hereinafter ‘entity/ies’) transferring the personal data, as listed in Annex I.A (hereinafter each ‘data exporter’), and the entity/ies in a third country receiving the personal data from the data exporter, directly or indirectly via another entity also Party to these Clauses, as listed in Annex I.A (hereinafter each ‘data importer’)
  3. have agreed to these standard contractual clauses (hereinafter: ‘Clauses’).
  4. These Clauses apply with respect to the transfer of personal data as specified in Annex I.B.
  5. The Appendix to these Clauses containing the Annexes referred to therein forms an integral part of these Clauses.
Clause 2 – Effect and invariability of the Clauses
  1. These Clauses set out appropriate safeguards, including enforceable data subject rights and effective legal remedies, pursuant to Article 46(1) and Article 46(2)(c) of Regulation (EU) 2016/679 and, with respect to data transfers from controllers to processors and/or processors to processors, standard contractual clauses pursuant to Article 28(7) of Regulation (EU) 2016/679, provided they are not modified, except to select the appropriate Module(s) or to add or update information in the Appendix. This does not prevent the Parties from including the standard contractual clauses laid down in these Clauses in a wider contract and/or to add other clauses or additional safeguards, provided that they do not contradict, directly or indirectly, these Clauses or prejudice the fundamental rights or freedoms of data subjects.
  2. These Clauses are without prejudice to obligations to which the data exporter is subject by virtue of Regulation (EU) 2016/679.
Clause 3 – Third-party beneficiaries
  1. Data subjects may invoke and enforce these Clauses, as third-party beneficiaries, against the data exporter and/or data importer, with the following exceptions:
    1. Clause 1, Clause 2, Clause 3, Clause 6;
    2. Clause 7 – Clause 7.1.(b) and Clause 7.3.(b);
    3. Clause 12.1. (c), (d) and (e);
    4. Clause 13.5;
    5. Clause 15;
  2. Paragraph (a) is without prejudice to rights of data subjects under Regulation (EU) 2016/679.
Clause 4 – Interpretation
  1. Where these Clauses use terms that are defined in Regulation (EU) 2016/679, those terms shall have the same meaning as in that Regulation.
  2. These Clauses shall be read and interpreted in the light of the provisions of Regulation (EU) 2016/679.
  3. These Clauses shall not be interpreted in a way that conflicts with rights and obligations provided for in Regulation (EU) 2016/679.
Clause 5 – Hierarchy

In the event of a contradiction between these Clauses and the provisions of related agreements between the Parties, existing at the time these Clauses are agreed or entered into thereafter, these Clauses shall prevail.

Clause 6 – Description of the transfer(s)

The details of the transfer(s), and in particular the categories of personal data that are transferred and the purpose(s) for which they are transferred, are specified in Annex I.B.

Section II – Obligations of the parties

Clause 7 – Data protection safeguards

The data exporter warrants that it has used reasonable efforts to determine that the data importer is able, through the implementation of appropriate technical and organisational measures, to satisfy its obligations under these Clauses.

  1. Instructions
    1. The data exporter shall process the personal data only on documented instructions from the data importer acting as its controller.
    2. The data exporter shall immediately inform the data importer if it is unable to follow those instructions, including if such instructions infringe Regulation (EU) 2016/679 or other Union or Member State data protection law.
    3. The data importer shall refrain from any action that would prevent the data exporter from fulfilling its obligations under Regulation (EU) 2016/679, including in the context of sub-processing or as regards cooperation with competent supervisory authorities.
    4. After the end of the provision of the processing services, the data exporter shall, at the choice of the data importer, delete all personal data processed on behalf of the data importer and certify to the data importer that it has done so, or return to the data importer all personal data processed on its behalf and delete existing copies.
  2. Security of processing
    1. The Parties shall implement appropriate technical and organisational measures to ensure the security of the data, including during transmission, and protection against a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access (hereinafter ‘personal data breach’). In assessing the appropriate level of security, they shall take due account of the state of the art, the costs of implementation, the nature of the personal data, the nature, scope, context and purpose(s) of processing and the risks involved in the processing for the data subjects, and in particular consider having recourse to encryption or pseudonymisation, including during transmission, where the purpose of processing can be fulfilled in that manner.
    2. The data exporter shall assist the data importer in ensuring appropriate security of the data in accordance with paragraph (a). In case of a personal data breach concerning the personal data processed by the data exporter under these Clauses, the data exporter shall notify the data importer without undue delay after becoming aware of it and assist the data importer in addressing the breach.
    3. The data exporter shall ensure that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
  3. Documentation and compliance
    1. The Parties shall be able to demonstrate compliance with these Clauses.
    2. The data exporter shall make available to the data importer all information necessary to demonstrate compliance with its obligations under these Clauses and allow for and contribute to audits.
Clause 8 – Data subject rights

The Parties shall assist each other in responding to enquiries and requests made by data subjects under the local law applicable to the data importer or, for data processing by the data exporter in the EU, under Regulation (EU) 2016/679.

Clause 9 – Redress

The data importer shall inform data subjects in a transparent and easily accessible format, through individual notice or on its website, of a contact point authorised to handle complaints. It shall deal promptly with any complaints it receives from a data subject.

Clause 10 – Liability
  1. Each Party shall be liable to the other Party/ies for any damages it causes the other Party/ies by any breach of these Clauses.
  2. Each Party shall be liable to the data subject, and the data subject shall be entitled to receive compensation, for any material or non-material damages that the Party causes the data subject by breaching the third-party beneficiary rights under these Clauses. This is without prejudice to the liability of the data exporter under Regulation (EU) 2016/679.
  3. Where more than one Party is responsible for any damage caused to the data subject as a result of a breach of these Clauses, all responsible Parties shall be jointly and severally liable and the data subject is entitled to bring an action in court against any of these Parties.
  4. The Parties agree that if one Party is held liable under paragraph (c), it shall be entitled to claim back from the other Party/ies that part of the compensation corresponding to its/their responsibility for the damage.
  5. The data importer may not invoke the conduct of a processor or sub-processor to avoid its own liability.

Section III – Local laws and obligations in case of access by public authorities

Clause 11 – Local laws and practices affecting compliance with the Clauses
  1. The Parties warrant that they have no reason to believe that the laws and practices in the third country of destination applicable to the processing of the personal data by the data importer, including any requirements to disclose personal data or measures authorising access by public authorities, prevent the data importer from fulfilling its obligations under these Clauses. This is based on the understanding that laws and practices that respect the essence of the fundamental rights and freedoms and do not exceed what is necessary and proportionate in a democratic society to safeguard one of the objectives listed in Article 23(1) of Regulation (EU) 2016/679, are not in contradiction with these Clauses.
  2. The Parties declare that in providing the warranty in paragraph (a), they have taken due account in particular of the following elements:
    1. the specific circumstances of the transfer, including the length of the processing chain, the number of actors involved and the transmission channels used; intended onward transfers; the type of recipient; the purpose of processing; the categories and format of the transferred personal data; the economic sector in which the transfer occurs; the storage location of the data transferred;
    2. the laws and practices of the third country of destination- including those requiring the disclosure of data to public authorities or authorising access by such authorities – relevant in light of the specific circumstances of the transfer, and the applicable limitations and safeguards;
    3. any relevant contractual, technical or organisational safeguards put in place to supplement the safeguards under these Clauses, including measures applied during transmission and to the processing of the personal data in the country of destination.
  3. The data importer warrants that, in carrying out the assessment under paragraph (b), it has made its best efforts to provide the data exporter with relevant information and agrees that it will continue to cooperate with the data exporter in ensuring compliance with these Clauses.
  4. The Parties agree to document the assessment under paragraph (b) and make it available to the competent supervisory authority on request.
  5. The data importer agrees to notify the data exporter promptly if, after having agreed to these Clauses and for the duration of the contract, it has reason to believe that it is or has become subject to laws or practices not in line with the requirements under paragraph (a), including following a change in the laws of the third country or a measure (such as a disclosure request) indicating an application of such laws in practice that is not in line with the requirements in paragraph (a).
  6. Following a notification pursuant to paragraph (e), or if the data exporter otherwise has reason to believe that the data importer can no longer fulfil its obligations under these Clauses, the data exporter shall promptly identify appropriate measures (e.g. technical or organisational measures to ensure security and confidentiality) to be adopted by the data exporter and/or data importer to address the situation. The data exporter shall suspend the data transfer if it considers that no appropriate safeguards for such transfer can be ensured, or if instructed by the competent supervisory authority to do so. In this case, the data exporter shall be entitled to terminate the contract, insofar as it concerns the processing of personal data under these Clauses. If the contract involves more than two Parties, the data exporter may exercise this right to termination only with respect to the relevant Party, unless the Parties have agreed otherwise. Where the contract is terminated pursuant to this Clause, Clause 13(d) and (e) shall apply.
Clause 12 – Obligations of the data importer in case of access by public authorities
  1. Notification
    1. The data importer agrees to notify the data exporter and, where possible, the data subject promptly (if necessary with the help of the data exporter) if it:
      1. receives a legally binding request from a public authority, including judicial authorities, under the laws of the country of destination for the disclosure of personal data transferred pursuant to these Clauses; such notification shall include information about the personal data requested, the requesting authority, the legal basis for the request and the response provided; or
      2. becomes aware of any direct access by public authorities to personal data transferred pursuant to these Clauses in accordance with the laws of the country of destination; such notification shall include all information available to the importer.
    2. If the data importer is prohibited from notifying the data exporter and/or the data subject under the laws of the country of destination, the data importer agrees to use its best efforts to obtain a waiver of the prohibition, with a view to communicating as much information as possible, as soon as possible. The data importer agrees to document its best efforts in order to be able to demonstrate them on request of the data exporter.
    3. Where permissible under the laws of the country of destination, the data importer agrees to provide the data exporter, at regular intervals for the duration of the contract, with as much relevant information as possible on the requests received (in particular, number of requests, type of data requested, requesting authority/ies, whether requests have been challenged and the outcome of such challenges, etc.).
    4. The data importer agrees to preserve the information pursuant to paragraphs (a) to (c) for the duration of the contract and make it available to the competent supervisory authority on request.
    5. Paragraphs (a) to (c) are without prejudice to the obligation of the data importer pursuant to Clause 11(e) and Clause 13 to inform the data exporter promptly where it is unable to comply with these Clauses.
  2. Review of legality and data minimisation
    1. The data importer agrees to review the legality of the request for disclosure, in particular whether it remains within the powers granted to the requesting public authority, and to challenge the request if, after careful assessment, it concludes that there are reasonable grounds to consider that the request is unlawful under the laws of the country of destination, applicable obligations under international law and principles of international comity. The data importer shall, under the same conditions, pursue possibilities of appeal. When challenging a request, the data importer shall seek interim measures with a view to suspending the effects of the request until the competent judicial authority has decided on its merits. It shall not disclose the personal data requested until required to do so under the applicable procedural rules. These requirements are without prejudice to the obligations of the data importer under Clause 11.5.
    2. The data importer agrees to document its legal assessment and any challenge to the request for disclosure and, to the extent permissible under the laws of the country of destination, make the documentation available to the data exporter. It shall also make it available to the competent supervisory authority on request.
    3. The data importer agrees to provide the minimum amount of information permissible when responding to a request for disclosure, based on a reasonable interpretation of the request.

Section IV- Final provisions

Clause 13 – Non-compliance with the Clauses and termination
  1. The data importer shall promptly inform the data exporter if it is unable to comply with these Clauses, for whatever reason.
  2. In the event that the data importer is in breach of these Clauses or unable to comply with these Clauses, the data exporter shall suspend the transfer of personal data to the data importer until compliance is again ensured or the contract is terminated. This is without prejudice to Clause 11.6.
  3. The data exporter shall be entitled to terminate the contract, insofar as it concerns the processing of personal data under these Clauses, where:
    1. the data exporter has suspended the transfer of personal data to the data importer pursuant to paragraph (2) and compliance with these Clauses is not restored within a reasonable time and in any event within one month of suspension;
    2. the data importer is in substantial or persistent breach of these Clauses; or
    3. the data importer fails to comply with a binding decision of a competent court or supervisory authority regarding its obligations under these Clauses.
  4. In these cases, it shall inform the competent supervisory authority of such non-compliance. Where the contract involves more than two Parties, the data exporter may exercise this right to termination only with respect to the relevant Party, unless the Parties have agreed otherwise.
  5. Personal data collected by the data exporter in the EU that has been transferred prior to the termination of the contract pursuant to paragraph (3) shall immediately be deleted in its entirety, including any copy thereof. The data importer shall certify the deletion of the data to the data exporter. Until the data is deleted or returned, the data importer shall continue to ensure compliance with these Clauses. In case of local laws applicable to the data importer that prohibit the return or deletion of the transferred personal data, the data importer warrants that it will continue to ensure compliance with these Clauses and will only process the data to the extent and for as long as required under that local law.
  6. Either Party may revoke its agreement to be bound by these Clauses where (i) the European Commission adopts a decision pursuant to Article 45(3) of Regulation (EU) 2016/679 that covers the transfer of personal data to which these Clauses apply; or (ii) Regulation (EU) 2016/679 becomes part of the legal framework of the country to which the personal data is transferred. This is without prejudice to other obligations applying to the processing in question under Regulation (EU) 2016/679.
Clause 14 – Governing law

These Clauses shall be governed by the law of a country allowing for third-party beneficiary rights. The Parties agree that this shall be the law of the Netherlands.

Clause 15 – Choice of forum and jurisdiction

Any dispute arising from these Clauses shall be resolved by the courts of the Netherlands.

Annex I
List of parties

Data exporter:

  • Name: fullinfo B.V.
  • Address: Herengracht 124, 1015BT Amsterdam, the Netherlands
    • Contact person’s name, position and contact details: Data Protection Officer, available via privacy@fullinfo.com
  • Activities relevant to the data transferred under these Clauses: fullinfo processes Personal Data of Customer and its Data Subjects for the provision of its Service, which includes searching for specific company and contact information on request of Customer.
  • Signature and date: included in the Terms of Service
  • Role (controller/processor): processor

Data importer:

  • Name: Customer, as defined in the Terms of Service
  • Address: as defined in the Terms of Service
  • Contact person’s name, position and contact details: as defined in the Terms of Service
  • Activities relevant to the data transferred under these Clauses: Customer acquires data, including personal data, via fullinfo’s Service (as defined in the Terms of Service).
  • Signature and date: included in the Terms of Service.
  • Role (controller/processor): controller
Description of transfer

Categories of data subjects whose personal data is transferred

  • Business leads
  • Points of contact within an organization, including management/executives, and employees

Categories of personal data transferred

  • Name and company name
  • Job title
  • Business email address
  • Business telephone number
  • Company employee range
  • Data Subject location (city level)
  • LinkedIn, Twitter and Instagram handler and/or URL
  • Profile image (as included in LinkedIn, Twitter and/or Instagram)
  • Biography (as included in LinkedIn, Twitter and/or Instagram)

The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis).

The data will be transferred for the duration of the provision of the Service (as defined in the Terms of Service).

Nature of the processing

Collection, structuring, storage, retrieval, use, access of personal data.

Purpose(s) of the data transfer and further processing

fullinfo processes Personal Data of Customer and its Data Subjects for the provision of its Service, which includes searching for specific company and contact information on request of Customer. Customer acknowledges that after a search has been concluded, fullinfo will include the respective information in its own database and will from this point onwards be the controller for this data.

The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period

Customer will retain the data for as long as is necessary for the purpose for which it was obtained.

For transfers to (sub-) processors, also specify subject matter, nature and duration of the processing

The most recent information about Subprocessors is available via privacy@fullinfo.com.

Company

Fullinfo

Fullinfo B.V.

Marconistraat 16
3029 AK Rotterdam
the Netherlands

© 2024 · Fullinfo.com