Agreement on the processing of personal data
using online store solution from Moo Gruppen AS
1. PARTIES TO THE AGREEMENT
1.1 PARTIES
The agreement is entered into between the data controller in the company: Demostore (Org. 898989898). (Hereinafter referred to as data controller)
and data processor: MooGruppen AS (Org. 917 021 384) (hereinafter referred to as data processor).
The agreement is concluded when the user has submitted the correct order form and received confirmation that Moo Gruppen AS has received this form. Moo Gruppen AS reserves the right to reject any order at its sole discretion.
So the team at MooCommerce would recommend you have assistance with support, and maintenance as soon as possible to ward off other impediments in the future.
1.2 CONTACT PERSON DATAHANDLER
- Name: Dragan Popovic
- Rolle: Chief Product Officer
- E-mail address: [email protected]
- Phone: 98 54 44 44
The agreement is concluded when the user has submitted the correct order form and received confirmation that Moo Gruppen AS has received this form. Moo Gruppen AS reserves the right to reject any order at its sole discretion.
So the team at MooCommerce would recommend you have assistance with support, and maintenance as soon as possible to ward off other impediments in the future.
2. THE PURPOSE OF THE AGREEMENT
The purpose of the agreement is to regulate the processing of personal data that the data processor makes on behalf of the data controller under it at any given time applicable data protection regulations, including «REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)» (hereinafter referred to as the GDPR or the «Regulation»). The agreement deals with the processing carried out due to the use of Moo Gruppen AS’s online store platform for the delivery of online stores to the data controller. The data processor may only process personal data on behalf of the data controller in accordance with this agreement and other instructions provided by the data controller. This agreement shall be clearly stated if the data processor can hand over personal data to others for storage, processing or other processing. Subcontractor(s) used by the data processor are included on this website http:moocommerce.no/underleverandører..
3. DURATION AND TERMINATION
The agreement applies as long as the data processor processes personal data on behalf of the data controller in accordance with the regulations. purpose specified in sections 2 and 5 of the Agreement. In the event of a breach of this Agreement or the data protection regulations, the data controller may order the data processor to stop the further processing of the data with immediate effect.
4. THE PARTIES' AREA OF RESPONSIBILITY UNDER THE GDPR WITH PROSECUTION POINTS
The data controller is, in accordance with the GDPR, regarded as the data controller, cf. Art. 4 No. 7. The data controller is responsible for ensuring that the requirements, including requirements for safety, set out in the Regulation are met. This also entails, among other things, that the data controller is responsible for ensuring that the requirements are met in connection with the retention and use of the personal data of the data processor, cf. Art. Article of the Regulation. 28 Nos. 1 and 2, as well as Art. 32. The data processor is regarded as a data processor according to GDPR Art. 4 No. 8, and may only process personal data on behalf of the Data Controller in accordance with this Agreement, cf. Art. Art. 28 No. 2. Any other use of the personal data shall be agreed in advance specifically and in writing with the data controller. The data processor shall ensure that personal data made available by the data controller is kept separate from one’s own and others’ information and services, unless otherwise agreed in writing. Upon the end of the agreement, the data processor shall ensure that all personal data made available by the data controller is shredded/deleted or returned to the data controller if agreed with the data controller. Both the data controller and the data processor are obliged to familiarize themselves with all relevant articles of the GDPR, in particular Art. 24, 28 and 32, as well as familiarize themselves with the data subject’s rights under the Regulation, cf. Art. 12 through Art. 23.
5. DESCRIPTION OF THE PURPOSE AND DURATION OF THE USE OF DATA PROCESSOR
The data processor may only process the personal data in accordance with the purposes determined by the data controller and in accordance with the terms set out in this agreement: The Data Processor provides a technology platform for easy setup of online stores. The data controller makes use of such an online store solution in order to offer its customers good and modern online store solutions. The data processor operates the platform, and therefore relies on anonymous user data for troubleshooting in its own platform. Data processor has access to anonymous user statistics. Data processors also have access to customer and purchase data in their online stores. Customer and purchase data is stored in the platform, but is not processed by the data processor beyond storage, unless the data controller requests assistance in handling orders or other customer service that requires the data processor to process this data. The platform, as well as all the online stores operated on this platform, are stored at Moo Gruppen AS (data processor). The data processor also uses anonymous user statistics to continuously improve data security in the online store, thus complying with Art. 28 No. 1 and Art. 32 in the Regulation. The processing mentioned above is carried out until the agreement on the delivery of an online store solution no longer applies, typically upon termination by either party.
6. SPECIFICATION OF CURRENT DATA
Data stored in your online store:
In connection with purchases:
End customers’ name, address, phone number, email address, purchase history, choice of payment solution, as well as goods purchased.
Other data:
Newsletter lists in online store, customer profiles in online store.
Data in the two preceding points («In connection with purchases», as well as «Other Data») is not processed by the data processor beyond storage, unless the data controller requests customer service or otherwise requests such processing. Data used for troubleshooting, maintaining and securing the online store platform:
Anonymous visitor and user statistics.
7. INFORMATION SECURITY REQUIREMENTS
The data processor shall fulfil the requirements for security measures imposed in the gdpr art. 28 no. 1, as well as Art. 32. The data processor shall document routines and other measures to meet these requirements. The documentation shall be available at the data controller’s request. Nonconformity report in the form of the Regulation 33 shall take place by the data processor reporting the nonconformity to the data controller without undue delay. The data controller is responsible for ensuring that the nonconformity notification is sent to the Norwegian Data Protection Authority.
8. USE OF SUBCONTRACTORS
If either party engages outsiders (subcontractors) to perform benefits a resulting from this Agreement, the party is fully responsible for the performance of these services in the same manner as he himself stood for the performance. The data processor shall ensure that the subcontractor signs and undertakes to comply with the data controller’s data processing agreement. The subcontractors used at all times for the processing of personal data on behalf of the data controller are included on this page:http://moocommerce/subcontractors. If a new subcontractor is to be used, or replaced subcontractor, the data processor will notify the data controller in writing in a reasonable time before the switch takes place, so that the data controller can provide feedback if it does not accept the change in the use of subcontractors.
9. DUTY OF CONFIDENTIALITY
The parties shall maintain confidentiality of all confidential information, someone’s personal circumstances, security and business matters, information that may harm either party or that may be exploited by outsiders. The duty of confidentiality applies to the parties’ employees and others acting on behalf of the parties in connection with the performance of the contract. The parties are obliged to take the precautions necessary to ensure that material or information is not disclosed to others in violation of this section. Employees and others who resign from their service with one of the data processors shall be subject to confidentiality also after resignation on matters as mentioned above. This provision also applies after the termination of the agreement.