Data Processing Agreement – Grande Cure BV
Last updated: 01-07-2025
This processing agreement forms part of the collaboration between Grande Cure BV (Controller) and its processors.
- Purpose and scope
- Processor processes personal data solely for the benefit of Grande Cure, for the performance of logistical, administrative, or support services.
- Obligations of the Processor
- Processor will only process on written instructions from Grande Cure.
- Processor shall take appropriate security measures.
- Processor guarantees confidentiality of all personal data.
- Subprocessors
- The use of subcontractors is permitted provided that they meet the same obligations and Grande Cure is informed in advance.
- Data breach reporting obligation
- Processor shall immediately report any data leaks to Grande Cure.
- Processor supports compliance with reporting obligations towards the supervisory authority or data subject.
- Security
- Processor uses measures such as encryption, access control, firewalls and regular backups.
- Liability
- The Processor is liable for damages resulting from deficiencies in security and processing in accordance with the GDPR, unless there is force majeure.
- Duration and termination
- This agreement is valid for as long as the main order between the parties exists.
- After termination, Processor will delete or return all personal data, unless otherwise required by law.
- Audits
- Grande Cure has the right to conduct or have audits conducted at the Processor's premises.
- Applicable law
- This agreement is governed by Dutch law.
- Disputes will be submitted to the competent court in Alkmaar.