Policy menu

 

Data Processing Terms

These Data Processing Terms (“Terms”) form part of the Terms of Service (“Agreement”) or other agreement between Mgr. Robert Kotrik and its affiliated companies and subsidiaries (“Himdeve”) and Merchants regarding Himdeve’s services. These Terms are binding between Himdeve and Merchants and constitute a data processing agreement. If you do not agree to these Terms, do not use the Site and the Service.

 

1. Definitions

1.1. The capitalized terms not otherwise defined herein shall have the same meaning as set forth in the Agreement.

1.2. “Agreement” means an agreement entered into by Himdeve and the Merchant regarding the use of Himdeve’s Service.

1.3. “Data” means the personal data of the recipients of the Merchant’s products, including the Merchant’s customers, as well as personal data of the Merchant’s representatives, which via the use of Himdeve’s Site and Service is provided to Himdeve by the Merchant.

1.4. “GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

1.5. “Merchant” means any person, be it legal entity or natural person, that uses Himdeve’s Service to execute orders or deliver its products to recipients, including the Merchant’s customers.

1.6. “Parties” means Himdeve and the Merchant.

1.7. “Himdeve” means Mgr. Robert Kotrik and its affiliated companies and subsidiaries.

1.8. “Service” means print-on-demand services offered by Himdeve to Merchants that want to outsource the printing and delivering of their products to their customers, as well as other services offered by Himdeve to Merchants, including branding, warehousing and fulfillment, design, and merchandising services.

1.9. “Site” means www.himdeve.eu.

1.10. The terms “Personal Data”, “Data Subject”, “Controller”, “Processor” and “Supervisory Authority” used in these Terms have the meanings given in the GDPR.

 

2. Subject of the Terms

2.1. These Terms govern the agreement between Himdeve and the Merchant in respect of processing of Data transferred to Himdeve by the Merchant.

2.2. The Merchant acquires Data and via the use of Himdeve’s Site and Service provides Data to Himdeve. The Merchant is a Controller of this Data and Himdeve as the Processor only processes this Data on behalf of the Merchant.

2.3. The Merchant hereby instructs Himdeve to process the Data as prescribed by these Terms, including the transfer of such Data to any country as may be reasonably necessary for the provision of the Service or otherwise for the compliance with the Agreement or applicable law.

 

3. Details of Processing

3.1. Categories of Data Subjects. Himdeve, on behalf of the Merchant, processes the Personal Data of the Merchant’s customers and the Merchant’s representatives that are registered under the Merchant’s Himdeve account.

3.2. Type of Personal Data. Himdeve processes the following information received from Merchants that might contain Personal Data: name, email address, phone number, shipping information, Content shared with Himdeve, and other information about the Merchant’s customers and representatives shared with Himdeve.

3.3. Nature and purpose of processing. Himdeve processes Data in accordance with these Terms in order to provide the Merchant the Service and otherwise ensure fulfilment of the obligations set out in the Agreement between the Merchant and Himdeve if such fulfilment involves the processing of Personal Data. Himdeve only has access to the information that has been provided by the Merchant and uses such information in accordance with the Merchant’s instructions.

3.4. Duration of processing. Data will be processed for the duration of the Agreement.

 

4. Rights and obligations of Himdeve and the Merchant

4.1. Both Parties shall ensure that Data processing under these Terms is carried out in accordance with all applicable laws and regulations in respect of data protection, including the GDPR, and Parties shall comply with their respective obligations as a Controller or Processor laid down by the GDPR.

4.2. The Merchant is responsible for the legality of processing the Data. The Merchant confirms that the Data transferred to Himdeve has been obtained by the Merchant on lawful basis as prescribed by the GDPR and other applicable laws and regulations in respect of data protection, and that the Merchant is entitled to provide the Data to Himdeve and other recipients.

4.3. The Merchant shall not submit to Himdeve any Personal Data that is not necessary for the use of the Service, and any Personal Data if the Merchant has no lawful basis and/or no valid purpose for processing such Personal Data.

4.4. The Merchant confirms that these Terms contain sufficient instructions to Himdeve regarding the processing of Data, as well as the scope and purposes thereof.

4.5. If reasonably necessary, the Merchant may provide Himdeve with additional instructions regarding the processing of Data other than those prescribed by these Terms. Such additional instructions must be reasonably enforceable, properly documented and in compliance with applicable laws and regulations regarding data protection, and must also be accepted by Himdeve.

4.6. Himdeve shall not be liable for any claims or complaints from Data Subjects regarding any action taken by Himdeve as a result of acting in accordance with instructions received from the Merchant.

4.7. The Merchant shall be responsible for the accuracy of Data and keeping it up to date and shall inform Himdeve in case of any changes in the provided Data.

4.8. Himdeve shall process the Data on behalf of the Merchant and shall always follow the Merchant’s instructions prescribed by these Terms, the Agreement or otherwise provided to Himdeve in accordance with these Terms.

4.9. Himdeve confirms that the processing is performed in compliance with the requirements prescribed by the GDPR and other applicable laws and regulations in respect of data protection, Himdeve has implemented appropriate technical and organizational measures and while processing the Data ensures the protection of the Data Subjects’ rights.

 

5. Sub-Processors

5.1. For Himdeve to be able to meet its obligations prescribed by the Agreement and to administer and provide the Service, the Merchant hereby authorizes Himdeve to engage sub-processors and transfer the Data to such sub-processors.

5.2. When processing the Data on behalf of the Merchant, Himdeve uses sub-processors that provide us with different services such as hosting and server co-location services, postal and courier delivery services, and our financial and legal advisors, among others.

5.3. Himdeve hereby confirms that it uses only such sub-processors that are able to guarantee that they have implemented appropriate technical and organizational measures in accordance with the GDPR and other applicable laws and regulations regarding data protection.

5.4. Himdeve hereby confirms that our sub-processors are contractually or otherwise in a binding form required to comply with the same data processing obligations as prescribed by these Terms.

5.5. Himdeve may transfer the Data to sub-processors that are located outside the European Economic Area (“EEA“). Himdeve confirms that the Data are transferred only to such sub-processors outside the EEA that are located in a territory that has been acknowledged by the European Commission as ensuring an adequate level of protection, or otherwise is able to provide appropriate safeguards and always provided that enforceable rights and effective legal remedies are available for Data Subjects.

 

6. Assistance to the Merchant

6.1. Considering the nature of the processing, Himdeve will assist the Merchant with the provision of technical or organizational measures, insofar as possible, for the fulfilment of the Merchant’s obligations as the Controller in relation to:

  1. Any requests from the Data Subjects in respect of access to, or the rectification, erasure, restriction, portability, blocking or deletion of their Personal Data that Himdeve processes on behalf of the Merchant. In the event that a Data Subject sends such a request directly to Himdeve, Himdeve will promptly forward such request to the Merchant; and
  2. The investigation of Personal Data breaches and the notification to the Supervisory Authority and Data Subjects regarding such Personal Data breaches; and
  3. Where appropriate, the preparation of data protection impact assessments and, where necessary, carrying out consultations with any Supervisory Authority.

 

7. Personal Data Security

7.1. By taking into account the state of the art, costs of implementation and the nature, scope, context and purposes of processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Himdeve shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the respective risk.

7.2. Himdeve monitors and ensures that all of Himdeve’s authorized personnel involved in the Processing of Data provided to us have committed themselves to confidentiality obligations.

7.3. Himdeve confirms that rights of access to its authorized personnel are always provided only to the minimum extent necessary for fulfilment of the obligations arising from the Agreement.

 

8. Audit

8.1. Upon the Merchant’s written request, Himdeve shall provide sufficient information to demonstrate compliance with obligations laid down in these Terms and applicable laws and regulations. This information shall be provided to the extent that such information is within Himdeve’s control and Himdeve is not precluded from disclosing it by applicable law, a duty of confidentiality, or any other obligation owed to a third party.

8.2. If information provided upon the Merchant’s request in the Merchant’s reasonable judgement is not sufficient to confirm Himdeve’s compliance with these Terms, then Himdeve agrees to allow for and contribute to data processing audits.

8.3. Such audits are allowed to be carried out by an independent third party with good market reputation, provided that it has sufficient experience and competence to carry out data processing audits, and election of such auditor must be mutually agreed by both the Merchant and Himdeve.

8.4. The timing and other practicalities related to any such audit or inspection are determined by us and any such information and assistance are provided only at the expense of the Merchant, and we reserve the right to charge the Merchant for any additional work or other costs incurred by us in connection with the Merchant using such rights. The Merchant has rights to request the audit once every 2 years.

8.5. The auditor will have to sign a confidentiality agreement, which includes an obligation not to disclose business information in its audit report, and the final report will also have to be provided to Himdeve.

 

9. Return and deletion of Data

9.1. Unless otherwise required by applicable law, Himdeve has no obligation to store the Merchant’s Data after termination of the contractual relationship with Himdeve and deletion of the Merchant’s account.

9.2. At the choice of the Merchant, Himdeve will delete or return all the Data to the Merchant after the end of the contractual relationship relating to the processing of Data, and shall delete existing copies, unless an applicable law requires the Merchant to store such Data.

 

10. Governing Law

These Terms are governed by the laws of the State of Slovakia and are subject to the dispute resolution procedure as prescribed by the Agreement.

 

11. Modifications

Himdeve reserves the right, at its discretion, to modify these Terms at any time. The Merchant shall be responsible for reviewing and becoming familiar with any such modifications. Use of the Service by the Merchant following such notification constitutes the Merchant’s acceptance of the changes in these Terms.