premium logo white fin
CONTACT

ADDENDUM CONCERNING DATA PROCESSING

Between:
The Customer as defined in the agreement with PREMIUM PLUS.

Hereafter “Controller”;

And:
PREMIUM PLUS, a private limited company incorporated under Belgian law, with registered offices at Belgium, 9100 Sint-Niklaas, Grote Markt 6/a, registered under company number 0844.776.562.

Hereafter “Processor”;

The Controller and the Processor may be referred to individually as a “Party” and collectively as the “Parties”.

General
This addendum (“Addendum”) stipulates how PREMIUM PLUS processes Personal Data as a Processor on behalf of the Customer, being the Controller. This Addendum shall form an integral part of the agreement (“Agreement”) between Processor and the Controller. The provisions of the Agreement shall fully apply to this Addendum unless explicitly stated otherwise and specific provisions in the Agreement (if any) relating to data protection shall be completed or replaced by the terms of this Addendum. This Addendum shall not alter any other provisions of the Agreement that fall outside of the scope of the subject of this Addendum (the Processing and protection of Personal Data).

The purpose of this Addendum is to determine the rights and responsibilities of Controller and Processor in the light of the EU data protection regulation (2016/679) of 27 April 2016 (“Data Protection Regulation”) and the Belgian Act of 30 July 2018 with regard to the protection of natural persons concerning the processing of personal data (“Data Protection Act”), together “Data Protection Legislation”. “Controller”, “Processor”, “Data Subject”, “Personal Data”, “Personal Data Breach” and “Processing” shall have the same meaning as in the Data Protection Regulation.

Data Protection
1.1 Under the Agreement, Personal Data is processed as follows:

  • Subject, nature and purpose of Processing: Processing of Personal Data in the context of data migrations and configuration and integration of IT-tools for the Controller;
  • Duration of Processing: during the term of the Agreement;
  • Categories of Personal Data: name, email address, telephone number, and all the information included in support tickets/data sets;
  • Categories of Data Subjects: personnel, prospects, suppliers and customers of the Controller;The Processing performed by the Processor is expressly limited to the Personal Data and purposes as set out in this Addendum.

    The Processor makes use of the following sub-processors (“Sub-Processors”) to carry out the processing under this Addendum:

    Asana Software Ireland Ltd.

    Project and task management tool

    Google Ireland Ltd.

    Google Workspace

1.2 This Addendum is applicable for the time that the Processor processes the Personal Data of the Controller in performing the Agreement. If the Agreement ends, then this Addendum is automatically terminated too. This Addendum cannot be terminated separately.

1.3 Where Personal Data is processed by Processor, its Sub-Processors or employees under or in connection with the Agreement, Processor shall, and shall procure that its Sub‑Processors and employees shall:

  • 1.3.1 undertake to foresee at all times fitting appropriate technical and organisational measures to comply with the Data Protection Legislation;
  •  
  • 1.3.2 only Process, transfer, modify, amend or alter the Personal Data or disclose or permit the disclosure of the Personal Data to any third party in accordance with the Controller’s instructions (including with regard to transfers of Personal Data to a third country or an international organization) as stated in this Addendum or where required by EU or Member State law to which Processor is subject, in which case Processor shall inform the Controller of that legal requirement before Processing the Personal Data, unless that law prohibits such information being provided to the Controller;
  •  
  • 1.3.3 take all reasonable steps to ensure that all employees and Sub-Processors who may have access to the Personal Data are informed of the confidential nature of the Personal Data and are subject to confidentiality undertakings with respect to (the Processing of) such Personal Data;
  •  
  • 1.3.4 except where statutory guidance indicates that a Personal Data Breach is not required to be notified by a Processor to a Controller, notify the Controller without undue delay upon becoming aware of a Personal Data Breach. Otherwise assist the Controller, taking into account the nature of Processing and the information available to Processor, in meeting its obligations regarding the notification, investigation, mitigation and remediation of a Personal Data Breach under the Data Protection Legislation;
  •  
  • 1.3.5 co‑operate as reasonably requested by the Controller, to the extent necessary to enable the Controller to comply with any exercise of rights by a Data Subject under the Data Protection Legislation in respect of Personal Data Processed by Processor under the Agreement or comply with any assessment, enquiry, notice or investigation under the Data Protection Legislation, including by any regulator, subject to reasonable advance notice and without prejudice to Processors right to charge the Controller any reasonable costs for such assistance;
  •  
  • 1.3.6 only authorise Sub-Processors (whereas this Addendum is a general consent to use Sub-Processors, and more specifically those mentioned in art. 1.1) to Process the Personal Data subject to (i) informing the Controller of the identity of a new Sub-Processor (that replaces or complements an existing Sub-Processor) beforehand where Controller has the right to object on reasonable grounds within five working days and (ii) including terms in the agreement between Processor and the Sub-Processor which are substantially the same as those set out in this Addendum and (iii) Processor remaining fully liable to the Controller, in accordance with the terms of this Addendum and the Agreement relating to liability (and if no such terms are applicable, in accordance with the clauses regarding liability in the Data Protection Legislation), for any failure by a Sub-Processor to fulfil its obligations in relation to the Processing of any Personal Data;
  •  
  • 1.3.7 cease Processing the Personal Data upon the termination or expiry of the Agreement and, at the Controller’s option, either return or delete the Personal Data (and any copies of it or of the information it contains), without prejudice to any EU Member State legal obligation to further store such Personal Data;

1.4 Upon request, Processor shall make available to the Controller all information necessary to demonstrate compliance with its obligations under this Addendum and allow for and contribute to audits, including inspections, conducted by the Controller or another auditor mandated by the Controller, without prejudice to Processors right to charge the Controller any reasonable costs for such assistance. Audits will only be possible once every calendar year and only upon reasonable and written notice to the Processor of 10 working days beforehand.

1.5 Processor shall provide reasonable assistance to the Controller related to a Data Protection Impact Assessment and prior consultations with the competent data protection authority, if and when the Controller reasonably considers this to be necessary under article 35 or 36 of the Data Protection Regulation, solely in relation to Processing of Personal Data by Processor, without prejudice to Processors right to charge the Controller any reasonable costs for such assistance.

1.6 The Processor is responsible for the Processing of the Personal Data under this Addendum, in accordance with the instructions of the Controller. The Controller guarantees that its instructions for the Processing of the Personal Data are not unlawful and do not infringe any third party right. Furthermore, the Controller guarantees that the Personal Data that is provided to the Processor is collected, processed and transferred in accordance with the principles of the Data Protection Legislation and with due regard for the rights of the Data Subjects.

The Processor is under no circumstances liable for the content of the Personal Data it has received from the Controller. The Controller is solely liable for the collection, the use and the transmission of the Personal Data to the Processor. The Controller shall indemnify the Processor and/or reimburse the latter’s damage in the event of a complaint or legal action by a Data Subject or third party as a result of a breach on the part of the Controller.

Data Processing Agreement

We empower businesses to solve CX challenges by using Zendesk ⊕

VAT No: BE 0844.776.562
IBAN BE70 0018 1080 8225 – BIC GEBABEBB

Envelope Instagram Youtube Facebook Linkedin Pinterest X-twitter
Join our newsletter

Stay informed about all CX and AI trends and get invited to webinars and events

Subscribe

Services

New to Zendesk
Zendesk Optimisation
Apps & integrations
For Zendeskians

Products

Customer Support
AI Agents
Agent Copilot
PolyAI
Aircall

Themes

Ready-to-use themes
Custom themes

References

Sport clubs
Retail & e-commerce
Facility teams

Premium Plus

About us
Career
Events
Blog
FAQ
Sustainability
Transparency Charter

zendesk white
artboard 2 copy 6
Data Processing Agreement
2020
untitled design
Aircall Gold Partner
eos
image 70

© 2024/2025 Premium Plus – Terms and conditions. | Data Processing Agreement | Privacy Policy | Pricing Conditions Apply