Data Processing Agreement – Grande Cure BV

Last updated: 01-07-2025

This processing agreement forms part of the collaboration between Grande Cure BV (Controller) and its processors.

  1. Purpose and scope
  • Processor processes personal data solely for the benefit of Grande Cure, for the performance of logistical, administrative, or support services.
  1. Obligations of the Processor
  • Processor will only process on written instructions from Grande Cure.
  • Processor shall take appropriate security measures.
  • Processor guarantees confidentiality of all personal data.
  1. Subprocessors
  • The use of subcontractors is permitted provided that they meet the same obligations and Grande Cure is informed in advance.
  1. Data breach reporting obligation
  • Processor shall immediately report any data leaks to Grande Cure.
  • Processor supports compliance with reporting obligations towards the supervisory authority or data subject.
  1. Security
  • Processor uses measures such as encryption, access control, firewalls and regular backups.
  1. Liability
  • The Processor is liable for damages resulting from deficiencies in security and processing in accordance with the GDPR, unless there is force majeure.
  1. Duration and termination
  • This agreement is valid for as long as the main order between the parties exists.
  • After termination, Processor will delete or return all personal data, unless otherwise required by law.
  1. Audits
  • Grande Cure has the right to conduct or have audits conducted at the Processor's premises.
  1. Applicable law
  • This agreement is governed by Dutch law.
  • Disputes will be submitted to the competent court in Alkmaar.