Privacy policy - Rodger Plaswekker

Privacy and personal data policy

A. Parties mutually undertake to act in accordance with personal data protection legislation. Parties shall act in accordance with the Data Breach Notification Policy Rules of the Authority for Personal Data, the AVG and the AVG Implementation Act.

B. A data breach is defined as any security incident that causes the protection of personal data to be breached at any time or exposes personal data to loss or unlawful processing. It may include, for example, the loss of a USB drive or computer, sending an e-mail in which the e-mail addresses are visible to all addressees, a calamity such as fire in a data center or malware infection.

C. Rodger will determine for each processing whether it operates in the role of processor or controller. Rodger processes personal data to fulfill deliveries and rental agreements.

D. If a controller has become aware of a data breach, it must report it to the Personal Data Authority immediately, where possible within 72 hours. If this is not possible, an explanation must be given for the delay.

E. If Rodger is found to have a data breach that must be reported by the Client to the Personal Data Authority and/or the data subject(s), Rodger will inform the Client as soon as possible after Rodger becomes aware of the data breach. Rodger will endeavor to promptly provide the Client with all the information it needs to make a complete notification to the Personal Data Authority and/or the data subject(s).

F. The parties shall take appropriate technical and organizational measures to secure the personal data against loss or any form of unlawful processing.

G. Client, in consultation with Rodger, is entitled during the term of the Agreement to audit compliance in the area of personal data protection through an independent expert. Client shall bear all costs related to this audit.

H. Rodger may engage third parties (sub-processors) to perform certain activities, for example if these Third Parties have specialist knowledge or resources not available to Rodger. If engaging Third Parties results in the processing of Personal Data, Rodger will make (written) arrangements with those Third Parties about the security of Personal Data. By entering into an agreement with Rodger, Client consents to the use of the Third Parties.

I. Rodger processes Personal Data only within the European Economic Area, unless Rodger has made other written arrangements with Client in this regard.

J. Rodger shall not be liable for any fines or claims if Client fails to comply with its obligations under personal data protection laws and regulations.