Between WLC EXPERT SERVICES SRL and the client, hereinafter individually referred to as the "Provider" or the "Beneficiary," within this agreement, both parties act as data controllers. The terms used in this agreement are defined by Regulation (EU) 2016/679 of the European Parliament.
The object of this agreement is to establish the manner and methods by which each Party will process the personal data of the other Party.
Each Party will carry out the processing of these data in accordance with the applicable legal provisions in force at the time of processing.
The Parties may process the personal data of employees and/or other beneficiaries or designated representatives of the Parties in accordance with applicable legal provisions and:
Other purposes for which the Parties’ personal data may be used in specific situations are the following:
Legal Basis for Processing
The legal basis for processing is in accordance with:
The data to be processed by the Parties for the specified purposes are as follows:
In specific situations for the mentioned purposes, other data may also be requested, such as:
Validity
This Agreement takes effect from the date it is signed by the Parties and will remain in force for the entire period during which the Parties process personal data under the terms of the Contract.
The Parties undertake to comply with the applicable provisions regarding the protection of personal data, including the provisions of the GDPR, the implementing legislation, and the decisions periodically issued by the Romanian Supervisory Authority (ANSPDCP) when processing personal data in the execution of the order.
The personal data of the Parties’ employees and/or other designated beneficiaries and/or their representatives involved in the provision of the service will be collected by the Parties in the context of providing the services according to the order/contract.
The Parties will disclose only the personal data they are authorized to disclose or have the right to disclose under applicable legal provisions and the contracts/orders to which they are parties, ensuring that there is an adequate legal basis for data processing and that data subjects are properly informed about the disclosure of their personal data, according to the order/contract.
The Parties agree not to disclose under any circumstances other personal data concerning the employees of the Parties and/or other designated beneficiaries and/or their representatives, except those necessary for the provision of services in accordance with the order/contract.
Each Party will implement appropriate technical and organizational measures to protect the personal data of the Beneficiaries against unauthorized or unlawful processing and against accidental loss, destruction, or damage, providing an appropriate level of security.
The Parties will ensure that access to the personal data of the Beneficiaries is limited to personnel involved in providing the Services and/or persons expressly authorized by each of them.
The Parties will aim to reduce the volume of processed data only to the data strictly necessary for each specific processing purpose.
The Parties are responsible, in accordance with the applicable personal data protection regulations, for properly informing the data subjects about their own personal data processing operations, including the processing of personal data based on the order.
Security of Personal Data
The Parties are obliged to establish and maintain appropriate technical and organizational security measures at all times to protect personal data against accidental or unlawful destruction or accidental loss, damage, alteration, disclosure, or unauthorized access, especially when processing involves the transmission of data over a network, as well as against any other unlawful forms of processing.
The Parties must undertake appropriate technical and organizational measures to protect the security of any networks or electronic communication services used for the transfer or transmission of personal data (including measures designed to ensure the confidentiality of communications and prevent unauthorized access to any computer or system, thereby guaranteeing the security of communications).
Applicable Law
This Agreement is governed by Romanian law.
The Parties agree to make every effort to amicably resolve any differences arising in connection with this Agreement. If the Parties fail to resolve such differences amicably, they will be submitted for resolution to the competent courts of law.
Liability
Each Party will act as an independent data controller for its own data processing related to the Contract, and neither Party will accept any liability for a breach by the other Party of the applicable personal data protection legislation.
The Beneficiary is obliged to inform the employees and/or designated beneficiaries as users of the vehicles subject to the rental contract about the processing of their personal data by the Provider. For more details, please consult our Privacy Policy available on our website [...].
[ALTERNATIVE OPTION – The WLC EXPERT SERVICES Privacy Policy can be found in Annex No. 1 – Information Notice on the Processing of Personal Data, attached to this Agreement.]
Final Provisions
This Agreement represents the Parties' understanding regarding the processing of personal data in connection with the performance of the Contract and supersedes any other provisions, agreements, and prior understandings, regardless of their form, concluded by the Parties regarding their roles and obligations concerning the processing of personal data for the performance of the Contract.
This Agreement may be supplemented or amended only in writing, by mutual agreement of the Parties.