Terms and Conditions and Data Protection Agreement

Reditus | Terms and Conditions and Data Protection Agreement

Version 1.0 | November 2020

This document contains the General Terms and Conditions of Reditus B.V., with its principal office located at Europalaan 100 in Utrecht (3526KS), the Netherlands and registered with the Dutch Chamber of Commerce under registration no. 77814487 (hereinafter referred to as “Reditus”)

Reditus helps other SaaS companies to create, manage, and grow a partner/affiliate revenue channel. Within Reditus SaaS businesses can set up their requirements for the partner program. Once all set up the program can be found in the marketplace by new (potential) partners. The marketplace will help the SaaS & Partner to grow their (new) revenue channel as quickly as possible, all within one platform

  1. Definitions

The capitalized terms used in these Terms and Conditions, both in the singular and the plural, are understood to have the meaning as described in this article.

    1. Account: the account of the User, which provides access to certain parts of the Platform and allows the User to use the Service.
    2. Agreement: the agreement between the Parties under which Reditus provides its Services to the User, of which these Terms and Conditions and any accepted Quotations form an integral part.
    3. Intellectual Property Rights: all intellectual property rights and related rights, including but not limited to copyrights, database rights, domain name rights, trademark rights, brand rights, model rights, neighbouring rights, patent rights and rights to know-how.
    4. Materials: all materials, including but not limited to websites, logo’s, leaflets, images, texts, video’s, audio, and all other content made available by any Party under the Agreement.
    5. Partner Agreement: an agreement between Partner and SaaS Business, under the terms and conditions of which Partner will provide the SaaS Business with Referral Services. Reditus may offer templates for Partner Agreements as part of the Services, however, Reditus is not a party to the Partner Agreement or any other agreement concluded between the Users. The Partner Agreement and the terms and conditions applicable to it are offered independently by the SaaS Business.
    6. Partner: any legal entity or natural person that concludes an Agreement with Reditus, in accordance with Article 2.1.b, to use the Platform with an Account that allows it to agree to a Partner Agreement in order to provide a SaaS Business with Referral Services in exchange for commission.
    7. Party: Reditus and the User (plural) or either Reditus or the User (singular).
    8. Platform: the platform to which access is provided by Reditus as part of the Services and which allows Partners and SaaS Businesses to connect with each other and conclude a Partner Agreement.
    9. Quotation: an offer for the provision of paid Services to the SaaS Business by Reditus, through the Website or otherwise, specifying the applicable Service Plan.
    10. Referral Services: referral services provided by the Partner to the SaaS Business in exchange for a commission in accordance with a Partner Agreement. Types of Referral Services may include (but are not limited to): the generation of unique website traffic, and/or the generation of website traffic that completes the SaaS Business’s onboarding process (for example by registering an account or purchasing a service).
    11. SaaS Business: any legal entity that concludes an Agreement with Reditus, in accordance with Article 2.1.a, to use the Platform with an Account that allows it to offer terms for a Partner Agreement in order to receive Referral Services from a Partner.
    12. Service Plan: the service plan under which certain Services will be provided to the SaaS Business under the Agreement. Depending on the agreed service plan, different features of the Service will be made available to Users and different pricing may apply.
    13. Services: the services provided by Reditus to the User under the Agreement, including but not limited to the provision of access to the Platform, the provision of tools to track the performance of certain parts of Partner Agreements (insofar as tracking of the relevant Referral Services has been explicitly indicated by Reditus to be supported by the Platform) and the provision of templates for Partner Agreements which may be used between the Users.
    14. Terms and Conditions: these general terms and conditions.
    15. User Data: any data processed through the Services by the User.
    16. User: every user of the Platform, including the Partner and the SaaS Business.
    17. Website: www.getreditus.com
  1. Conclusion and fulfilment of the Agreement
    1. The Agreement is concluded with:
      1. the SaaS Business’s completion of the registration form for a SaaS Business Account, and subsequent receipt of a registration confirmation from Reditus, automated or otherwise; or
      2. the Partner’s completion of the registration form for a Partner Account on the Website, and subsequent receipt of a registration confirmation from Reditus, automated or otherwise.
    2. After conclusion of the Agreement, access to the Platform is granted for the duration of the Agreement.
    3. After conclusion of the Agreement, the SaaS Business may complete an order form for any of the Service Plan Quotations on the Website, in order to gain access to certain functionalities of the Service.
    4. Reditus will perform the Agreement to the best of its ability and with due care and expertise. Upon conclusion of the Agreement, Reditus will use reasonable endeavors to initiate fulfilment of the Agreement and allow the User to access the Services as soon as possible.
    5. The User is obliged to do everything that is reasonably required and desired to ensure that the Service is performed correctly in a timely manner. In particular, the User will ensure that all information designated by Reditus as essential or in respect of which the User should reasonably understand that it is required for the purpose of performing the Services, is provided to Reditus in a timely fashion. The User makes sure that the information and details are correct, complete and up to date.
    6. The Services may require implementation (such as the implementation of tracking scripts and related tools on the User’s website) in order to function properly. The User is solely responsible for the implementation of the Services.
    7. The sections 6:227b and 6:227c of the Dutch Civil Code are excluded, insofar as possible.
  2. Term and termination
    1. In the event the User concluded the Agreement as a Partner or concluded the Agreement as a SaaS Business without selecting a Service Plan, the Agreement will be entered into for an indefinite period of time. In this case, the User may terminate this Agreement at any time by removing its Account through the Platform.
    2. In the event the SaaS Business accepts a Quotation for a Service Plan, the Agreement will have the duration of the initial period indicated on the Quotation and will each time be tacitly renewed with successive periods of an equal duration, unless either Party provides the other Party with a notice of non-renewal:
      1. at least seven (7) days before the renewal date in the event of a period with a duration of no more than one (1) month; and
      2. at least thirty (30) days before the renewal date in the event of a longer period.
    3. Without prejudice to any other rights and remedies hereunder, Reditus will be entitled to suspend or terminate the Agreement if the User commits a breach of any of its obligations under this Agreement and such breach is irremediable or – if such breach is remediable – the User fails to remedy that breach within a reasonable period after being notified in writing to do so.
    4. Reditus may suspend or give notice to terminate the Agreement in writing with immediate effect, without notice of default being required, in the event the User is declared bankrupt, the User applies for or is granted suspension of payments, the User’s activities are ceased or its business is wound up.
    5. Termination of the Agreement will in no case affect the amounts owed or payable to Reditus under the Agreement. Furthermore, termination of the Agreement will in no case result in restitution of the amounts paid to Reditus under the Agreement. In the event that the Agreement is terminated, the amounts owed to Reditus by the User will become immediately due and payable (irrespective of the reason for the termination).
    6. Where Reditus suspends the performance of the Agreement, Reditus will retain all its rights and claims under the Agreement and the applicable laws and regulations.
    7. Terms and conditions which by their nature are meant to remain in force after termination, will remain fully in force after the Agreement ends for whatever reason, including but not limited to Article 6.9, Article 14 (Confidentiality) and Article 16 (Liability).
  3. Accounts
    1. To access and use the Services, the User may create an Account and be asked to provide login information (a unique username and password) during or after conclusion of the Agreement.
    2. The User is obliged to use any Accounts made available by Reditus in a careful manner and to keep its login information secure and strictly confidential. Reditus has the right to assume that all acts performed after logging into these accounts have been performed under the supervision and with the approval of the User. The User is obliged to notify Reditus immediately if it suspects abuse of and/or unauthorised access to its Accounts.
  4. Partner Agreements
    1. The Platform enables SaaS Businesses and Partners to agree to and conclude a Partner Agreement among themselves. Reditus is not a contracting party to any Partner Agreements or other agreements concluded between Users via the Platform. In light of the Partner Agreements, Reditus’ role is strictly limited to the provision of the Platform and the provision of technical tools (such as tracking scripts and related tools) to track the performance of certain parts of Partner Agreements. Reditus may also offer templates for Partner Agreements as part of the Services, however, the Partner Agreement and the terms and conditions applicable to it are decided and offered independently by the SaaS Business and mutually agreed to by the Users. The User will indemnify and hold Reditus harmless from any claim(s) made against Reditus with respect to that User’s (non-)performance of any such Partner Agreements or other such agreements which Reditus is not a party to.
    2. Reditus is not a contracting agent and there is no fiduciary relationship between Reditus and Users of the Platform. The Partners and SaaS Businesses respectively offer their Referral Services and Partner Agreements independently and will not be considered to be employees or principals of Reditus.
    3. Without prejudice to the above, the Parties acknowledge that in order for Reditus to properly provide its Platform and Services, the Users must include in every Partner Agreement and provide to Reditus (via the designated fields on the Platform) all agreements and information concerning:
      1. the type of Referral Service provided to the SaaS Business by the Partner (e.g. generation of unique website traffic or generation of visitors that complete the SaaS Business’s onboarding process), as well as the conditions for the receipt of commission (such as purchases by the Lead of eligible services, products or subscriptions);
      2. the amount or percentage of commission the Partner may become entitled to in exchange for its Referral Services for each successful referral and/or other specific performance (in accordance with the type of Referral Service);
      3. the frequency with which the commission owed to the Partner is calculated and becomes payable; and
      4. (if applicable) the threshold that determines whether commission accrued by the Partner will be paid out, or rolled over into the next commission payment period.
    4. The Users are solely responsible for compliance with any laws and regulations (such as tax laws) that are applicable to their respective obligations in performance of the Partner Agreement.
  5. Use of the Services
    1. It is prohibited to use the Services in a manner that is in violation of these Terms and Conditions or applicable laws and regulations. Additionally, using the Services in a manner that may cause hindrance or loss and/or damage to Reditus or any third party is expressly not permitted.
    2. Reditus fulfils an intermediary role on the Platform and is not responsible for information and Materials made available via the Platform by the Users. The User acknowledges and agrees that Reditus does not moderate or pre-screen any information or Materials stored or made available by the Users.
    3. It is explicitly prohibited to use the Platform (even if legally permitted to do so):
      1. to wilfully distribute malware or any other harmful software;
      2. to store or make available information or Materials that infringe upon any Intellectual Property Rights or other third-party rights;
      3. to promote or provide instructions or information about how to engage in illegal conduct, commit illegal activities or promote physical harm or injury;
      4. to store or make available Materials that are threatening, libellous, defamatory, obscene, misleading, offensive or unlawful in any way whatsoever;
      5. in any manner that may cause hindrance for other users of the Platform, or that may damage and/or impede the systems and networks of Reditus or third parties.
    4. If Reditus determines that the User has violated Article 5, this Article 6 or applicable laws and regulations, or receives a complaint in this regard, Reditus may take measures to end the violation. These measures may include the suspension or termination of access to the Platform, or termination of the Agreement.
    5. If, in Reditus’ opinion, the operation of the computer systems or network of Reditus or third parties and/or provision of services via the Internet is obstructed, impaired or otherwise at risk, in particular as a result of the transmission of excessive amounts of data, leaked personal data or virus activity, malware and similar harmful software, Reditus is authorised to take any and all measures it deems reasonably necessary to avert or prevent such risk. These measures include, but are not limited to, suspension of the Services and termination of the Agreement.
    6. Supplier is entitled to disclose the name, address and other identifying data of the User or the end user concerned to a third party who complains that the User has violated its rights, provided that the applicable legal and/or jurisprudential requirements have been met.
    7. Reditus will be entitled to report any acts that may be punishable as criminal offences. In doing so, Reditus may provide the relevant Materials and all relevant information about the User and any involved third parties to the competent authorities and perform all other acts that these authorities request Reditus to perform in the context of an investigation.
    8. The User will follow all reasonable instructions issued by Reditus in relation to the use of the Services.
    9. Reditus may recover from the User any loss and/or damage sustained as a result of the User’s violations of Article 5 and this Article 6. The User will indemnify Reditus and hold Reditus harmless against any and all third-party claims pertaining to loss and/or damage arising from a violation of Article 5 and this Article 6.
  6. Payment
    1. Access to the Platform is provided to the Partner free of charge. Use of the Platform by the SaaS Business may be subject to a monthly or yearly subscription fee, depending on the Service Plan specified in the accepted Quotation.
    2. All amounts owed in consideration for the Service, if any, will be invoiced digitally and paid in advance. All amounts must be paid within fourteen (14) days after the invoice date.
    3. If the User fails to pay the amounts due within the agreed term, the User will be liable for payment of the statutory commercial interest, referred to in Section 6:119a of the Dutch Civil Code, on the outstanding amount, as well as any extrajudicial costs, including costs for lawyers, bailiffs and legal experts, without notice of default being required.
    4. A claim for payment becomes immediately due and payable in the event the User is declared bankrupt, applies for a suspension of payment, all or part of its assets are attached or is liquidated.
    5. Under no circumstance is the User allowed to set off its payment obligations under the Agreement with a claim they might have, on whatever grounds, on Reditus.
  7. Pricing
    1. Unless specifically indicated otherwise, all prices and fees indicated by Reditus are exclusive of VAT and other government levies.
    2. If a price or fee is based on information provided by the User and this information proves to be incorrect, Reditus has the right to adjust the prices or fees accordingly, even in the event the Agreement has already been concluded.
    3. Reditus is entitled to increase its prices and fees at any time. Reditus will inform the User of any such changes at least two months in advance. In the event of a price or fee increase, the User has the right to terminate the Agreement at the latest on the date on which the price or fee increase takes effect, subject to one (1) months’ notice.
    4. Reditus is entitled to increase its prices and fees annually, during the month of January, by a maximum of five percent or by the relevant consumer price index provided by the Dutch CBS, without this creating a possibility for the User to terminate the Agreement.
    5. Prices may be increased by Reditus with immediate effect if the prices of its suppliers of, for example, electricity, software licenses or data center services increase, without this creating a possibility for the User to terminate the Agreement.
    6. If Reditus wishes to reduce its applicable prices or fees, Reditus is entitled to do so immediately without this creating a possibility for the User to terminate the Agreement.
  8. User Data
    1. All User Data will remain the property of the User. Reditus will not make any proprietary claims with regard to any User Data.
    2. The User provides Reditus with a non-transferable – and as far as necessary for performance of the Agreement – sublicensable license to use the User Data for the duration of the Agreement, insofar this is required for the provision of the Services.
    3. In addition to the license specified in the previous subsection, Reditus will receive an irrevocable and unrestricted license to use any analyses, reports and results generated by using User Data, in anonymized or aggregated form for its own purposes, such as improvement of its services – provided all relevant applicable legislation, such as the General Data Protection Regulation, is adhered to.
    4. Reditus will use reasonable endeavours to protect the Services against misuse, abuse and unauthorised access to the User Data.
    5. The User represents and warrants that any submission or provision of User Data to Services is lawful and that the processing of such data in accordance with the Agreement does not contravene any applicable privacy laws and regulations.
    6. Upon termination of the Agreement, Reditus will have the right to remove or destroy all User Data.
  9. Privacy and data protection
    1. The fulfilment of the Agreement may entail the processing of personal data by Reditus on behalf of the User. In the event that personal data are processed, the Parties agree on the terms concerning data processing as attached in Annex 1, in which agreements on the processing and security of such personal data are be laid down.
  10. Availability and back-ups
    1. Reditus will use all reasonable endeavours to ensure continuous availability of the Services but cannot warrant uninterrupted availability.
    2. Measures taken by Reditus under circumstances as described in Article 6.5 may result in a temporary interruption in the availability of the Platform.
    3. Reditus will make a back-up of all User Data once every day These back-ups are made as a precaution for technical failures or disruptions on the side of Reditus. Reditus does not provide a back-up service and is not held to restore specific User Data or on the User’s request (for example when the User has accidentally removed specific User Data). If Reditus nevertheless decides to honour such a request, it may charge the User with all reasonable costs incurred.
  11. Maintenance
    1. From time to time, Reditus may perform maintenance on the Platform and make changes to the Platform in the form of updates or upgrades. Such updates or upgrades may result in a change in the functionality of the Platform. Suggestions by the User are welcome, but Reditus determines which changes will be made.
    2. The performance of maintenance-related activities may result in interruptions in the availability of the Platform. In the event Reditus is able to foresee certain maintenance-related activities resulting in such interruptions, it will apply reasonable endeavors to ensure the activities do not take place during peak-hours – but instead during times when the demand for access to the Services is lowest.
    3. Reditus will use reasonable endeavors to notify the User of all planned maintenance-related activities – through e-mail or through the Platform – at least two (2) days in advance. Emergency maintenance may still occur at any time, without prior notification of the User.
    4. Updates or upgrades to the Platform are performed at times to be determined by Reditus. The User will not be able to use an older version of the Platform once an update or upgrade has been performed. Nor will the User have any right or claim to an update or upgrade that was announced by Reditus, but was not performed.
  12. Support
    1. Documentation with regard to implementation, troubleshooting and general use of the Platform and Services is provided through the Website.
    2. In addition to the online documentation, Reditus provides remote support to the User through the use of a helpdesk. The helpdesk can be reached through the Website.
    3. Reditus will assume that Users will consult the online documentation before contacting the helpdesk. The Reditus helpdesk may refer the User back the documentation in case the User’s question or issue can be answered or solved by consulting the documentation.
    4. Reditus will use reasonable endeavors to respond to each support request as quickly as possible. Yet it cannot warrant that a response or solution will be provided by the helpdesk in a set amount of time, as such response times are dependent on the nature and complexity of the question or issue at hand.
  13. Confidentiality
    1. The Parties will treat as confidential (i) the contents of this Agreement, as well as the nature and content of the relationship between the Parties and (ii) the information they provide to each other before, during or after the performance of this Agreement if this information has been marked as confidential or if the receiving Party knows or should reasonably assume that this information was intended to be confidential. The Parties also impose this obligation on their employees and on the third parties engaged by them for the performance of the Agreement.
    2. This Article 14 will not apply to any information which:
      1. is or becomes generally available to the public other than as a result of a disclosure by the receiving Party in breach of the Agreement;
      2. was within the receiving Party’s possession prior to its disclosure to it by or on behalf of the disclosing Party;
      3. becomes available to the receiving Party on a non-confidential basis from a source other than the disclosing Party not under obligation to keep such information confidential; or
      4. is developed independently by the receiving Party.
    3. In the event that a receiving Party becomes legally compelled to disclose any confidential information provided pursuant to the Agreement, such receiving Party will provide the disclosing Party with prompt written notice so that disclosing Party may seek a protective order or other appropriate remedy and/or waive compliance with the confidentiality provisions of the Agreement.
    4. Promptly after the expiration or termination of the Agreement for any reason, each receiving Party will deliver to each disclosing Party all originals and copies of any material in any form containing or representing the confidential information in its possession or will destroy the same at the request of the disclosing Party.
  14. Intellectual Property Rights
    1. All Intellectual Property Rights relating to the Services and the Platform, and any Materials developed and/or made available by Reditus under the Agreement are vested in Reditus or its licensors. The User will be granted the rights of use with regard to the aforementioned as described in this Article 15 or as otherwise ensuing from the Agreement.
    2. Insofar as required for the performance of the Agreement, the User will acquire a non-exclusive, non-transferable and non-sublicensable right to use the Platform and any other Materials provided by Reditus for the term of the Agreement and in accordance with the conditions set forth in the Agreement.
    3. The User is not entitled to make changes to the Platform or any Materials developed and/or made available by Reditus under the Agreement and are not entitled to a copy of the source code, except where this is permitted by mandatory law. The User is not permitted to retrieve the source code by means of reverse engineering, decompilation or otherwise.
    4. Reditus may take (technical) measures to protect the Platform and its Materials. If Reditus has taken such security measures, the User is not permitted to evade or remove such security measures.
    5. The User may not remove or modify any designation of Intellectual Property Rights or remove any mark indicating a confidential nature from Reditus’ Materials.
  15. Liability
    1. Reditus can only be liable towards the User for direct damages as a result of an attributable failure in the performance of this Agreement. Reditus’ liability for indirect damages is excluded. For the purposes of this Agreement, indirect damages include lost savings, loss of data, loss of profit, damage to reputation and damage due to business interruption.
    2. Without prejudice to the foregoing, Reditus’ liability for direct damages per year is limited to the amount (excluding VAT) that the User has paid Reditus under the Agreement during the two (2) months prior to the event causing the damages, but in no event for a higher amount than the amount paid in relation to the event causing the damages by Reditus’ insurer.
    3. Reditus’ liability for an attributable failure to perform the Agreement only arises if the User gives Reditus prompt and proper written notice of default, giving Reditus a reasonable time period to remedy the default, and Reditus continues to fail to perform its obligations even after that time period. The notice of default must contain as detailed a description of the breach as possible so that Reditus is able to respond adequately.
    4. The limitation of liability as referred to in the previous paragraphs of this Article 16 will lapse if and to the extent that the damage is the result of intent or deliberate recklessness on the part of Reditus’ management.
    5. Any right to compensation is subject to the condition that the User notifies Reditus in writing of the damage within 30 days after discovery.
  16. Force majeure
    1. Reditus cannot be obliged to perform any obligation under the Agreement if the performance is prevented due to force majeure. Reditus is not liable for any loss and/or damage due to force majeure.
    2. Force majeure is considered to exist in any event in case of power outages, Internet failures, telecommunication infrastructure failures, network attacks (including D(DOS) attacks), attacks by malware or other harmful software, civil commotion, natural disaster, terror, mobilisation, war, import and export barriers, strikes, stagnation in supplies, fire, floods and any circumstance whereby Reditus is not enabled to perform or prevented from performing by its suppliers, irrespective of the reason.
    3. If a force majeure situation has lasted for more than ninety (90) days, both Parties will be entitled to give notice to terminate the Agreement in writing with immediate effect. The Services which in that case have been delivered by Reditus prior to the occurrence of the force majeure situation and during the force majeure situation will be paid for on a pro rata basis.
  17. Amendments
    1. Reditus may amend these Terms and Conditions at any time if the changes are not significant or are required by applicable mandatory law.
    2. Reditus will announce any changes or additions to these Terms and Conditions to the User in writing at least thirty (30) days before they take effect, to enable the User to take note of them.
    3. If the User does not wish to accept a change or addition which falls outside the scope of Article 18.1 and such change negatively affects the position of the User, the User may give notice to terminate the Agreement until the date it takes effect. Use of the Services after the effective date will be regarded as acceptance of the amended or supplemented Terms and Conditions.
  18. Miscellaneous provisions
    1. This Agreement is governed exclusively by Dutch law.
    2. Any dispute between the Parties in connection with or rising from the Agreement will be submitted to the competent court in the Netherlands in the district where Reditus has its registered office – unless the provisions of mandatory law dictate otherwise.
    3. Where the Agreement refers to “written” or “in writing”, this also includes e-mail communication provided the identity of the sender and the integrity of the content can be adequately established.
    4. The version of any communication of information as recorded by Reditus will be deemed to be authentic unless the User supplies proof to the contrary.
    5. Any general terms and conditions of the User will not form part of the Agreement.
    6. If any provision of the Agreement is found to be contrary to applicable law, or is otherwise unenforceable, this provision will be amended to the extent that it is in accordance with applicable law, with due observance of the intended meaning of the relevant provision.
    7. The User will not be authorised to transfer this Agreement or any of its rights and obligations arising therefrom to a third party without the express consent of Reditus. Reditus will be authorised to transfer this Agreement and all its rights and obligations arising therefrom to a third party that acquires the business operations to which this Agreement is subject.

Annex 1| Data Processing Agreement

This Data Processing Agreement (“Data Processing Agreement”) describes the conditions of the processing of personal data by Reditus on behalf of the User on the basis of the Agreement between the parties. This Data Processing Agreement forms an integral and inseparable part of the Terms and Conditions applicable to Reditus.

  1. Definitions
    1. Where in this Data Processing Agreement terms are used that correspond to definitions from the General Data Protection Regulation (“GDPR”), these terms shall have the samen meaning as in the GDPR.
    2. Reditus is considered processor within the meaning of Article 4 paragraph 8 of the GDPR and User is considered controller within the meaning of Article 4 paragraph 7 of the GDPR.
    3. Reditus processes personal data in the sense of Article 4 paragraph 1 of the GDPR for the performance of its services, on behalf of User.
  2. Purpose of prosessing
    1. Reditus hereby agrees, under the terms of this Data Processing Agreement, to process personal data on behalf of User. Processing shall be done solely for the purpose of the Agreement and all purposes compatible therewith or as determined jointly. Moreover, processing may be done on the basis of a legal obligation.
    2. The processing sees on the purposes as determined by User, in regard to the categories of personal data and data subjects as set out in Appendix A to this Data Processing Agreement.
  3. Processor obligatios
    1. Reditus shall only process the personal data for the purposes as mentioned in article 2 of this Data Processing Agreement.
    2. Regarding the processing operations as referred to in article 2, Reditus shall comply with the GDPR.
    3. Reditus shall inform User if in its opinion an instruction of User would violate the applicable legislation regarding the processing of personal data or is otherwise unreasonable.
    4. Reditus shall, for as far as this is within his control and as far as necessary, provide assistance to User to fulfil User’s legal obligations under the GDPR. This concerns the provision of assistance in the fulfilment of its obligations under Articles 32 to 36 of the GDPR, such as providing assistance in carrying out a data protection impact assessment (DPIA). Reditus may charge User for any reasonably incurred costs.
    5. All obligations of Reditus under this Data Processing Agreement shall apply equally to any persons processing personal data under the supervision of Reditus, including but not limited to employees.
  4. Confidentiality obligations
    1. In addition to the provisions as laid down in article 14 of the Terms and Conditions, Reditus shall maintain the confidentiality of personal data provided by User. Reditus ensures that the persons who are authorized to process the personal data, are contractually obliged to maintain the confidentiality of the personal data of which he or she is handling.
    2. The confidentiality obligation shall not apply to the extent User has granted explicit permission to provide the information to third parties, the provision to third parties is reasonably necessary considering the nature of the assignment to Reditus or the provision is legally required.
  5. Notification and communication of personal data breaches
    1. User is responsible at all times for notification of any personal data breaches, as referred to in Article 4 paragraph 12 of the GDPR (“Personal Data Breach”), to the competent supervisory authority, and for possible communication about the Personal Data Breach to data subjects.
    2. In order to enable User to comply with this legal requirement, Reditus shall notify User without undue delay after discovering a Personal Data Breach. Reditus will take reasonable measures to limit the consequences of the Personal Data Breach and to prevent further and future Personal Data Breaches.
    3. A notification under the previous clause shall be made at all times, but only for actual Personal Data Breaches.
    4. If necessary and reasonable, Reditus will provide assistance to User, taking into account the reasonableness of the request, nature of the processing, and the information available to him, in regard to (new developments about) the Personal Data Breach.
    5. The notification to User shall include, as far as known at that moment, at least:
      1. the nature of the Personal Data Breach;
      2. the (likely) consequences of the Personal Data Breach;
      3. the categories of personal data concerned;
      4. if and which security measures have been taken to protect the personal data;
      5. the measures taken or proposed to be taken to address the Personal Data Breach and prevent future Personal the categories of data subjects concerned;
      6. the categories of data subjects concerned;
      7. approximate number of data subjects concerned; and
      8. where necessary the deviating contact details to address the notification.
  6. Rights of data subjects
    1. In the event a data subject makes a request to exercise his or her legal rights under the GDPR (Articles 15-22) to Reditus, Reditus shall pass on such request to User. Reditus may inform the data subject of such request being forwarded. User will then further process the request independently.
    2. In the event that a data subject makes a request to exercise his or her legal rights to User, Reditus will, if User requires this, cooperate as far as possible and reasonable. Reditus may charge User for reasonable incurred costs.
  7. Security measures
    1. Reditus shall use reasonable efforts to implement appropriate technical and organizational measures to secure the processing operations involved, against loss or any form of unlawful processing (in particular against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed).
    2. Reditus does not warrant that the security is effective under all circumstances. Reditus shall use best efforts to ensure a level of security appropriate to the risk taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.
    3. User shall only provide personal data to Reditus for processing if it has ensured that the required security measures have been taken.
  8. Audit
    1. User has the right to verify compliance by Reditus, of all points under this Data Processing Agreement, by means of an audit performed by an independent third party EDP-auditor, who is bound by confidentiality obligations. The audit may only be performed in case of a reasonable and well-founded suspicion of violation of this Data Processing Agreement, which is communicated in writing to Reditus.
    2. If an independent third party has already carried out an audit in the past year, Reditus can fulfil its obligation by giving access to the relevant parts of the audit report of that year, only if a verification of compliance of the obligations of Reditus in this Data Processing Agreement is requested within the same year.
    3. Reditus and User jointly decide a date, time and scope of the audit.
    4. Reditus shall give its full cooperation to the audit and shall make available any employees and all reasonably relevant information, including supporting data such as system logs.
    5. The audit findings shall be assessed by the Parties in joint consultation and may or may not be implemented by either Party or jointly.
    6. The costs of the audit shall be borne by Reditus in case the audit reveals discrepancies in the compliance of Reditus to this Data Processing Agreement, which are directly attributable to Reditus. In all other cases the costs of the audit shall be borne by User.
    7. The audit and the results thereof will be treated confidentially by User.
  9. Involvement of subprocessor(s)
    1. User authorizes Reditus to involve subprocessors in providing the services under this Data Processing Agreement.
    2. A list of the subprocessors engaged by Reditus at the time of entering into this Data Processing Agreement is set out in Appendix B of this Data Processing Agreement.
    3. Reditus will notify User of any update of this list. User is entitled to object in writing on reasonable grounds to a specific new, or changing of, subprocessor(s) within two weeks after Reditus has sent the notification. If User makes an objection, the Parties will consult to reach a solution. An up-to-date list of the subprocessors engaged by Reditus is available on https://www.getreditus.com/terms-and-conditions/ or can be requested via privacy@getreditus.com.
    4. Reditus imposes at least the same obligations on the engaged subprocessor(s) as agreed between User and Reditus in this Data Processing Agreement.
    5. Reditus shall ensure that these third parties shall comply with the obligations under this Data Processing Agreement and is liable for any damages caused by violations by these third parties as if it committed the violation itself.
  10. Transfer of personal data
    1. Reditus may process the personal data in any country within the European Economic Area (EEA).
    2. In addition, Reditus may transfer the personal data to a country outside the EEA, provided that country ensures an adequate level of protection of personal data and complies with other obligations imposed on it under this Data Processing Agreement and the GDPR, including the availability of appropriate safeguards and enforceable data subject rights and effective legal remedies for data subjects.
    3. Reditus is hereby authorized to, where necessary, enter into a model contract in name of User concerning the transfer of personal data from a controller located within the European Union to a processor in a third country, in accordance with the Commission Decision of 5 February 2010 (2010/87/EU).
    4. A list of the processing locations at the time of entering into this Data Processing Agreement is set out in Appendix B to this Data Processing Agreement.
    5. An up-to-date list of the processing locations is available on https://www.getreditus.com/terms-and-conditions/ or can be requested via privacy@getreditus.com.
  11. Liability
    1. Parties explicitly agree that regarding liability, the provisions as laid down in article 16 of the Terms and Conditions apply.
  12. Term and termination
    1. This Data Processing Agreement is entered into for the duration set out in the Agreement.
    2. Derogations from this Data Processing Agreement shall be binding only if they have been expressly agreed in writing between the Parties.
    3. If changes in legislation or regulations give cause for changes, this shall be assessed by the Parties in joint consultation and may or may not be implemented.
    4. This Data Processing Agreement may be changed in the same manner as the Agreement.
    5. Upon termination of the Data Processing Agreement Reditus shall, at the request, and at the expense, of User:
  • return to User in original format all personal data available to it; or
  • destroy all personal data available to it.

The following appendices have been added to the Data Processing Agreement:

Appendix A: Specification of personal data and data subjects

Appendix B: SubprocessorsAppendix A | Specification of personal data and data subjects

Personal data

Reditus shall process the following types of personal data, under the supervision of User, for the performance of the Agreement:

  • Full Name
  • Email
  • Payment details; credit card details, VAT number
  • (company) address

Of the following categories of data subjects:

  • Customers
  • Company Addresses
  • Users

User represents and warrants that the description of personal data and categories of data subjects in this Appendix A is complete and accurate and shall indemnify and hold harmless Reditus for all faults and claims that may arise from a violation of this representation and warranty.Appendix B | Subprocessors

The following Subprocessors are engaged by Reditus at the time of entering into this Data Processing Agreement:

  • Heroku, Inc. – United States
  • Freshworks, Inc. – United States
  • MailChimp (The Rocket Science Group LLC) – United States
  • Google LLC – United States

An up-to-date list of Subprocessors engaged by Reditus is available on https://www.getreditus.com/terms-and-conditions/ or can be requested via privacy@getreditus.com.