Terms & Conditions
Article 1 – Definitions:
- Agreement: Agreement between the Client and PESCHECK for the implementation of the Solution;
- Appendix: appendices to this Agreement which form an integral part of this Agreement.
- Client: the legal person or natural person who verbally or in writing or on has otherwise indicated that it wishes to make use of the Solution offered by PESCHECK, whether or not in the form of an Agreement for a (un) definite period;
- Controller: a natural or legal person, government agency, agency or another body that, alone or in conjunction with others, determines the purpose and means of the processing of Personal Data;
- Data Subject: a natural person on whom the processing of the Solution takes place;
- Fee (s): the financial fee that has been agreed with the Client for the performance of the PESCHECK Agreement, or that applies for the performance of the relevant Work;
- Personal data: all information about an identified or identifiable natural person (the Data Subject); is regarded as identifiable as a natural person who can be directly or indirectly identified, in particular by means of an identifier such as a name, an identification number, location data, an online identifier or one or more elements characteristic of the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person;
- PESCHECK: PESCHECK B.V. the private limited liability company with its registered office in Enschede, also trading under the name PESCHECK®, crypto-kyc.com, kyc.pescheck.io;
- Privacy Policy: PESCHECK’s privacy policy, which states how PESCHECK processes Personal Data;
- Processor: a natural or legal person, a government agency, a service or other body that processes Personal Data for the Controller;
- Screening: In- / Pre-employment screening is the screening of a potential Data Subject before or during employment. The person concerned can also undergo a KYC request or a background screening, if, for example, tenants are screened;
- Solution: offered (screening) solutions from PESCHECK, including its online services with regard to applying for a KYC screening, background screening or pre- / in employment screening. The solutions are offered from various channels including a SaaS application, website, E-mail and API;
- Work: the Activities that PESCHECK performs in the context of offering the Solution to the Client.
Article 2 – Offers
2.1 All quotations from PESCHECK are without obligation and the parties are only bound by a quotation from the moment that an Agreement is concluded between PESCHECK and the Client in accordance with Article 3.1.
2.2 Offers from PESCHECK are valid for a maximum of two (2) months unless stated otherwise.
Article 3 – Agreement
3.1 The Agreement takes effect from the moment that PESCHECK is notified of the acceptance of the offer as described in Article 2.1.
3.2 PESCHECK is obliged to perform the Agreement as of a service provider with a normal professional knowledge, care and attention expected in the industry may be.
3.3 The delivery terms included in the Agreement are to be regarded as target times and cannot be considered deadlines and will only commence after PESCHECK has all the documents required to perform the assignment under the Agreement.
3.4 The Client agrees that PESCHECK will have the Agreement, or parts thereof, carried out (in part) by sub-processors under its responsibility.
3.5 In the event of deviations in the performance of the Agreement, PESCHECK will Inform the client about this as soon as possible.
Article 4 – Working method of PESCHECK
4.1 The Client is obliged to provide PESCHECK with all information and documents that PESCHECK needs for the execution of the Agreement, in a timely manner and in the desired form and in the desired manner.
Article 5 – Fees
5.1 The Client owes PESCHECK a fee per Data Subject for the performance of the Work. The applicable fee is included in the Agreement.
5.2 For making the software available via the internet, as well as security, support and management of data the Client owes a license fee to PESCHECK if this has been agreed upon.
5.3 The prices stated in the Agreement are exclusive of VAT and other levies of government, as well as any costs to be incurred under the Agreement, including shipping and handling charges unless otherwise specified in the Agreement.
5.4 The Work performed by PESCHECK will usually be charged in advance or in another way of this is stated in the Agreement.
5.5 PESCHECK is entitled to adjust the agreed fee periodically.. In the event of an fee increase the Client always has the right to terminate the Agreement.
Article 6 – Payment
6.1 The Client is obliged to pay all invoices from PESCHECK to PESCHECK in euros no later than fourteen (14) days after the date or as much earlier as agreed between the parties. Objections to the amount of the invoices do not suspend the Client’s payment obligation.
6.2 If the Client fails to pay within the period of fourteen (14) days, the Client will be in default by operation of law. The Client shall then be liable for an interest of 10% per month, unless the statutory interest is higher in which case the statutory interest rate shall apply. The interest on the amount due will be calculated from the moment the Client is in default until the total outstanding amount is paid..
6.3 In the event that PESCHECK takes recovery measures against the Client who is in default, the collection costs associated with this matter– with a minimum of 10% of the outstanding invoices and excluding extrajudicial collection costs – are fully borne by the Client.
6.4 Any payments made by the client shall always be allocated towards the settlement of all outstanding interest and costs, and subsequently towards the oldest outstanding invoices, even if the client states that the payment is intended for a later invoice..
Article 7 – Quality
7.1 The Client guarantees the correctness and completeness of the information provided to PESCHECK data. PESCHECK guarantees that it is based on the information provided by the Client data will perform correct and complete Work for the Contractor.
7.2 Complaints about the Work performed by PESCHECK must be reported to PESCHECK by the Client within eight (8) days after discovery, but no later than three (3) months after completion of the Work concerned. Such notice of default must contain as detailed a description as possible of the shortcoming stated by the Client so that PESCHECK is able to respond adequately.
7.3 If a complaint is justified, PESCHECK will be given the opportunity to perform the Work again. In the event that it is no longer possible to perform the relevant Work according to objective standards, PESCHECK will only be liable for any damage within the limits of Article 9 of these general terms and conditions.
7.4 PESCHECK is obliged to observe secrecy with regard to the Personal Data as well as everything connected with the processing of the Personal Data. PESCHECK is obligated to impose the same confidentiality requirements on its employees who have access to the Personal Data.
7.5 Where the client can be regarded as a Controller within the meaning of the applicable privacy laws and regulations, including but not limited to the General Data Protection Regulation (“GDPR”), it has its own responsibility with regard to the processing of Personal Data.
Article 8 – Liability
8.1 The liability of PESCHECK towards the Client and third parties for damages arising from or related to the performance of the Agreement is always limited to the amount reimbursed by the insurer, up to €1,250,000.00 (one million two hundred fifty thousand euros) per occurrence, and up to €2,500,000.00 (two million five hundred thousand euros) per PESCHECK insurance year..
8.2 The Client indemnifies PESCHECK against all claims of the Client, the Parties involved and third parties – including fines imposed by the authorized supervisors – in connection with or arising from (the content of) the Personal Data provided by the Client to PESCHECK.
8.3 When engaging third parties, including subcontractors, PESCHECK will exercise due care. However, PESCHECK shall not be liable for any shortcomings of third parties engaged by them. The liability limitations set forth in these general terms and conditions also apply if PESCHECK is liable for errors of third parties engaged by PESCHECK or for the improper functioning of equipment, software, data files, or other items used by PESCHECK in the performance of the Agreement..
8.4 The aforementioned limitations of liability do not apply in the event of intent or gross negligence by PESCHECK.
Article 9 – Privacy Policy and privacy laws and regulations
9.1 PESCHECK’s Privacy Policy applies to the performance of the Agreement by PESCHECK. PESCHECK will process the Personal Data in a careful manner in accordance with the Privacy Policy and the applicable privacy laws and regulations – including in any case but not limited to the GDPR.
9.2 PESCHECK and the Client agree that PESCHECK is considered the Processor within the meaning of the General Data Protection Regulation (GDPR) regarding the processing of personal data, and that the responsibility for compliance with the obligations related to the processing of personal data through the Work or otherwise lies solely with the Client. In this regard, the provisions in the Appendix apply to the processing of personal data.
9.3 The Client warrants to PESCHECK that the processing of personal data is lawful and does not infringe upon the rights of third parties. The Client shall indemnify PESCHECK against any legal claims brought by third parties, regardless of the grounds, if such claims are related to the processing of personal data, as well as against any fines imposed on the Client by the Data Protection Authority or other competent supervisory authorities and attributable to the Client.
Article 10 – Force majeure
10.1 Force majeure means any circumstance on the basis of which (further) fulfillment of the Agreement cannot be reasonably required by PESCHECK. This includes in any case – but not exclusively – data loss as a result of computer failure, virus infection or computer breach by third parties, machine breakdown and other calamities that prevent or limit the operation of PESCHECK.
10.2 If PESCHECK is unable to perform the Work due to force majeure, either in full or in part, PESCHECK has the right to suspend the performance of the Agreement or consider it dissolved, without the need for legal intervention. PESCHECK retains the discretion to take this action, and is not obligated to compensate the Client for any damages incurred as a result.
Article 11 – Applicable law and competent court
11.1 These general terms and conditions are effective from 26-07-2023.
11.2 This Agreement and all disputes arising from or related to it shall be governed by Dutch law.
11.3 A The Parties shall endeavour to settle their disputes amicably. All disputes arising out of or in connection with this Agreement, which cannot be solved amicably, shall be finally settled by the District Court of Overijssel, location Almelo, without prejudice to any other jurisdiction.
APPENDIX
PROCESSING AGREEMENT
The undersigned:
This Processing Agreement as referred to in Article 28.3 of the General Data Protection Regulation (hereinafter: GDPR) applies to the processing of personal data carried out by PESCHECK B.V., registered with the Dutch Chamber of Commerce under number 70886393 (hereinafter: Processor), and the Client to whom it provides services (hereinafter: Controller).
Article 1 Definitions
Where terms are used in this Processing Agreement that is defined in Article 4 of the GDPR, these terms shall have the meanings ascribed to them in the GDPR.
Annexes: appendices to this Processing Agreement which form part of this Processing Agreement.
Supervisory Authority: the Dutch Personal Data Authority (Autoriteit Persoonsgegevens or AP) is the independent administrative body appointed as the supervisory authority for the supervision of the processing of personal data in the Netherlands.
Controller: a natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Processor: a natural or legal person, government agency, service or other body which processes personal data on behalf of the Controller. The person who processes personal data on behalf of the Controller, on the instructions of the Processor, is a Subprocessor.
Solution: offered (screening) solutions from PESCHECK, including its online service for applying for a Certificate of Good Conduct (‘VOG’). KYC, background screening or pre-/in employment screening. The solutions are offered through various channels including a SaaS application, website, E-mail and API.
Data Subject: a natural or legal person to whom the processing of the Solution pertains..
VOG: Certificate of Good Conduct.
Processing Agreement: this agreement including any Annexes.
Article 2 Commencement date and duration
The term of this Processing Agreement is equal to the term of the agreement/agreements concluded between the parties. In the event that the data processing by the Processor for the Controller (still) continues, this Data Processing Agreement shall remain in force. If no term has been agreed, it may be terminated unilaterally by either party with immediate effect.
In case of conflicting provisions between the Processing Agreement and the agreement or existing arrangements concluded between the parties, the provisions of the agreement or existing arrangements concluded between the parties shall prevail.
Article 3 Subject of this Processing Agreement
The Processor processes the personal data provided by or on behalf of the Controller solely on behalf of the Controller in the context of the provision of the Solution. The Processor shall not process the personal data for any other purpose, except for divergent legal obligations..
The activities to be carried out by the Processor, the categories of personal data and the categories of Data Subjects relating to the provision of the Solution to which this Processing Agreement relates are described in more detail, exhaustively, in the Privacy Policy which is also an integral part of this Processing Agreement.
The Processor commits to process the personal data made available by or on behalf of the Controller with due care.
Article 4 Obligations of Processor
The Processor shall process personal data on behalf of the Controller, in accordance with the written instructions of the Controller..
The Processor does not have control over the personal data provided. The Processor does not make decisions about the receipt and use of the personal data, the disclosure to third parties, or the duration of storage of personal data. Control over the personal data provided under this Processing Agreement shall never be vested in the Processor.
The Processor shall process personal data within the context of the tasks mentioned in Article 3 and in compliance with the applicable laws and regulations on the processing of personal data. The Processor shall follow all reasonable written instructions from the Controller, except for divergent legal obligations. If such divergent legal obligations exist, the Controller shall be informed in writing by the Processor prior to the processing.
The Processor shall at all times make available to the Controller personal data relating to this Processing Agreement.
The Processor shall, to the extent possible, assist the Controller in fulfilling its obligation to respond to requests from Data Subjects to exercise their rights, including but not limited to, the right to access, rectification, erasure, restriction or portability of personal data.
The Processor shall, at the expense of the Controller, and taking into account the nature of the processing and the information available to it, assist the Controller in fulfilling its obligations under the GDPR, including but not limited to its security obligations, data breach notification obligations, conducting a data protection impact assessment, and prior consultation in case of processing with a high risk.
Article 5 Duty of confidentiality
Persons employed by or working on behalf of the Processor, as well as the Processor itself, are obliged to maintain confidentiality with respect to the personal data to which they have access unless a provision given pursuant to or under the law requires disclosure. The employees of the Processor shall sign a confidentiality declaration to this effect..
If the Processor is required to disclose data based on a legal obligation, the Processor shall verify the basis of the request and the identity of the requester and will inform the Controller immediately and accordingly, unless prohibited by legal provisions..
Article 6 Duty to report data leaks and security incidents
The Processor shall inform the Controller as soon as possible but no later than within 72 hours of the first discovery of any (suspected) breaches of security, as well as other incidents that must be reported to the Supervisory Authority or Data Subject(s) under legislation, without prejudice to the obligation to promptly undo or limit the consequences of such breaches and incidents. The Processor shall also, at the request of the Controller, promptly provide all information necessary for the Controller to assess the incident. The Processor shall provide the Data Controller with the following information, at least:
what the (alleged) cause of the breach is;
what the (known and/or expected) consequence is;
what the (proposed) solution is;
contact details for the follow-up of the notification;
The number of individuals affected by the breach (if an exact number is not known: the minimum and maximum number of individuals affected by the breach)a description of the group of individuals whose data are affected by the breach;
the type or types of personal data involved in the breach;
The date on which the breach occurred (if an exact date is not known: the period during which the breach occurred)the date and time on which the breach became known to Processor or to a third party or subcontractor engaged by it;
whether the data is encrypted, hashed or otherwise made incomprehensible or inaccessible to unauthorized persons;
the measures proposed and/or already taken to address the breach and/or limit the potential adverse effects of the breach.
The Processor shall cooperate as necessary in providing additional information to the Supervisory Authority) and/or the Data Subject(s). In doing so, the Processor will in any case provide the information as described above to the Controller.
The Processor shall maintain a logbook of all (suspected) breaches of security, as well as the measures taken in response to such breaches, and shall, upon first request of the Controller, provide access to it.
Article 7 Security measures and control
The Processor shall implement all appropriate technical and organizational measures to secure and keep secure the personal data processed on behalf of the Controller against loss or any form of unlawful processing, in accordance with Article 32 of the GDPR.
The Controller shall have the right to (have) the processing of personal data audited. The Processor is obligated to allow and provide assistance to the Controller, the Supervisory Authority, or any confidential control authority on behalf of the Controller, so that the audit can be effectively carried out.
The audit may only be conducted after prior written notification to the Processor of at least fourteen days.
The Processor shall provide the requested information to the Controller or the third party engaged by the Controller as quickly as reasonably possible. This allows the Controller or the third party engaged by the Controller to form an opinion on the Processor’s compliance with this Processing Agreement. The Controller or the third party engaged by the Controller shall treat all information regarding these audits as confidential. The Processor shall endeavor to implement any recommendations for improvement as indicated by the Controller or the third party engaged by the Controller. The Processor shall report (at the request of the Controller) as quickly as reasonably possible on the design and functioning of the system of measures and procedures aimed at compliance with this Processing Agreement.
The costs arising from the provisions of this Article 7 shall be borne by the Controller, unless the audit reveals that the Processor has not complied with any provision of this Processing Agreement. In that case, the reasonable costs of correcting the identified shortcomings shall be borne by the Processor.
Article 8 Engagement of third parties
The Processor is entitled to outsource the performance of the tasks in whole or in part to third parties/sub-processors without the consent of the Controller.
In these cases, the Processor shall at all times remain responsible for compliance with the provisions of this Processing Agreement.
The Processor may only process the personal data within the European Economic Area (EEA). Transfer to other countries outside the EEA is only permitted with the prior (written) consent of the Processor and in compliance with the applicable laws and regulations.
The Processor shall maintain an up-to-date register of the third parties and subcontractors to which it has outsourced work, including the identity, location, and description of the tasks of the third parties or subcontractors (sub-processors).). This register can be found in the Privacy Policy and will be kept up to date by the Processor.
Article 9 Amendment and termination of Processing Agreement
Amendments to this Processing Agreement must be made in writing. In this context, written also includes digital communication, such as emails and electronically signed documents.
The Controller and the Processor will consult with each other about amendments to this Processing Agreement if changes to legislation or an interpretation of legislation necessitate such changes.
Once the cooperation has ended, the Processor will, at the Controllers ‘s option, (i) make available to the Processor all or part of its personal data made available under this Processing Agreement and remove existing copies (ii) destroy the personal data received from the Processor at all locations, in whatever form, unless the parties agree otherwise. The Controller may, if necessary, make additional reasonable demands regarding the manner of availability in accordance with the GDPR, including requirements for file format. These activities must be completed within a mutually agreed reasonable period.
The Processor shall endeavor to ensure that the availability of personal data described in the preceding paragraph is guaranteed in such a way that there is no loss of functionality or (parts of) data. If a party fails to fulfill an agreed obligation, the other party may declare it in default, granting the defaulting party a reasonable period to fulfill its obligations. If the defaulting party still fails to fulfill its obligations, it shall be in default. A declaration of default is not necessary if the fulfillment is subject to a fixed term, is permanently impossible, or if it can be inferred from a communication or the attitude of the other party that it will not fulfill its obligation.
Article 10 Liability
The Processor shall only be liable, under the provisions of Article 82 of the GDPR, for damage or loss caused by processing if the obligations of the GDPR specifically addressed to processors have not been fulfilled during processing or in violation of the lawful written instructions of the Controller.