These special terms and conditions shall apply when Panda Trading Applications Ltd. DBA
Panda Trading Systems (hereinafter referred to as the "Company") processes
personal data on behalf of the Client under the Standard Terms and Condition
("Agreement") the parties have concluded.
If Client transfers personal information from a data subject to Company, Client hereby warrants that Client has the full legal authority and consent to transfer the data subject's information to the Company. If the Client has not obtained signed Consent Forms from the data subject, Client does not have the legal authority to transfer data subject's information to Company and will be held liable.
Each Party hereby agrees to comply (and to procure the required compliance of all of their respective directors, officers, employees or agents) with all relevant provisions of the GDPR relating to the data maintained or processed by it, under this Agreement.
In addition to these special terms, the Company's general terms and conditions shall apply. In case of inconsistency between these special terms and the general terms and conditions, these terms and conditions relating to the processing of personal data shall apply.
Personal data means any information relating to an identified or identifiable
natural person or to any other personal data referred to in the GDPR [679/2016].
Processor means a natural or legal person, public authority, agency or other
body which processes personal data on behalf of the controller.
Processing means any operation or set of operations that the Company performs on
behalf of the Client under the Agreement the parties have concluded and that is performed on personal data or sets of personal data, whether or not by automated means, or to any other processing of personal data referred to in the GDPR.
Controller means a natural or legal person, public authority, agency or other
body which, alone or jointly with others, determines the purposes and means of processing of personal data, or to any other Controller referred to in the GDPR.
GDPR means the General Data Protection Regulation [679/2016] of the European
Union (also referred to herein as "data protection legislation"), any other applicable data protection provisions, and any regulations and instructions issued by the data protection authorities. Each Party warrants that it shall follow and bear the applicable responsibilities under the GDPR, as a data controller and data processor.
General Rights and Responsibilities in the Processing of Personal Data
We aim to keep our Clients informed on the detailed processing of their personal data, by describing:
a. The nature and purpose of such processing;
b. The type of personal data and categories of data subjects;
c. The applicable data protection measures used by the Company;
d. The Client's rights and responsibilities;
e. The object and duration of the personal data processing under the Agreement;
Shall be described in more detail in the Agreement between the parties.
The Company and the Company's employees hereby confirm that they shall process personal data in compliance with the applicable data protection legislation [GDPR 679/2016], the Agreement between the parties, and the written instructions the Client gave to the Company (if any). Should the Company consider that the data subject's instructions infringe the data protection legislation, the Company shall immediately notify the Client without delay.
As the Controller, the Client shall take the necessary measures to ensure that the processing of personal data to be transferred to the Company complies with the data protection legislation.
At the Client's request, and unless any legal obligations require the personal data to be kept, the Company shall provide the Client with all information needed to fulfill his/her individual rights, any access rights, or to comply with the data protection supervisory authority's requirements or instructions. The Company shall inform the Client of all requirements and inquiries made by the data subject, authorities or any other entity. The Company has the right to invoice the Client for the tasks specified in the Agreement signed between the parties.
The Client or an auditor mandated by the Client has the right to audit whether the Company meets its obligations related to the processing of personal data in order to assess the compliance of the Company and its subcontractors with the obligations set by these special terms and conditions for the processing of personal data.
The Company assures the rights that the Client has under the data protection legislation to audit the Company's subcontractors.
Any audits conducted by the Client shall not limit the obligations and responsibilities of the Company or its subcontractors under these special terms and conditions or the agreement.
Each party to the Agreement is liable for its part for the audit costs.
The Company shall take appropriate technical and organizational measures such as: Secure Sockets Layer (SSL) software which encrypts information you input, and Panda's costume encryption algorithm (which is Panda's IP), based on AES, MDS and Rijndael, to keep the Client's data safe, prevent unauthorized, unlawful processing of personal data and prevent unintentional loss, change, destruction or damage to personal data.
Should the Company have any reason to believe that data security has been affected, the Company shall notify the Client in writing without undue delay of any data security violations targeted at personal data.
The Company shall further ensure that each person processing personal data has obtained a signed consent form from the data subject and that all data is processed only in connection with the duties stated in the Agreement signed between the Parties.
The Company shall document all violations of data security, compromising the facts relating to the violation, its effects and the remedial action taken.
Location of Personal Data
Further to obtaining a signed Consent Form by the data subject, the Company shall be entitled to transfer personal data freely within the European Union or the European Economic Area in order to provide the required services.
If personal data is processed outside the European Union, each party to the Agreement shall ensure for its part that the processing of personal data complies with the data protection legislation.
Use of Third Party Subcontractors
Unless otherwise agreed in writing, the Company is entitled to use another data processor as its subcontractor in the processing of personal data. At the Client's written request, the Company shall inform the Client in writing of the subcontractor(s) it uses.
When the Company uses a subcontractor in the processing of personal data, the following terms and conditions are applicable:
a. the assignment is governed by a written agreement; and
b. the written Agreement requires the subcontractor to fulfill the same responsibilities and commitments that are applicable to the Company under this Agreement and the GDPR. This also provides the Client with the same rights towards the Subcontractor as the Client has towards the Company.
Before changing any subcontractors participating in the processing of personal data or hiring new subcontractors, the Company shall notify the Client of this in writing without undue delay. If the Client does not approve the change of subcontractors or the use of new subcontractors, the Company has the right to terminate the Agreement by giving 30 days notice.
Deleting and Returning Personal Data
During the period of validity of the agreement, the Company shall not delete any personal data processed on behalf of the Client, unless the Client specifically requests so. However, it is to be noted that in some cases the Company might be obliged to retain data subject's information to comply with legal obligations, resolve disputes and enforce agreements.
Upon the expiry of the agreement, the Company shall, according to the Client's choice, either delete all personal data processed on the behalf of the Client or return it to the Client and delete all copies of it, unless the legislation, any regulatory authority, requires the Company to retain it. If the Client does not request the Company to delete or return the personal data processed on behalf of the Client, the Company shall retain the personal data processed on behalf of the Client for as long as it is required by law, after the expiry of the agreement, after which the Company shall delete all copies of it, unless the legislation or any regulatory authorities require the Company to keep it.
If a party fails to comply with these terms, and/or the GDPR, it shall indemnify the other party against any loss or damage sustained or incurred by the other as a result of that failure, such indemnity to include but not to be limited to any fine which may be levied under the GDPR.
If you have any questions about these Terms or the use of the Company's Website and/or
services, please contact us at: firstname.lastname@example.org.