DATA TRANSFER ADDENDUM

The Data Controllers in this addendum are:

  1. The private company with limited liability BoldData B.V. operating under the name CompanyData.com, with its registered office in Amsterdam, the Netherlands, and with its principal place of business at De Vijzelgracht 53D, 1017 HP Amsterdam, the Netherlands (“CompanyData”);

  2. The company that received and accepted a commercial offer from CompanyData (“Company”);

CompanyData and Company herein separately also referred to as “Party” and jointly as “Parties”.

PREAMBLE

  1. Parties have entered into one or more agreements for the performance of certain data delivery services or will enter into such an agreement (“Agreement”);

  2. In performing the Agreement, CompanyData will transfer data to Company for the Purpose as set out below. These data include Personal Data within the meaning of the General Data Protection Regulation (EU) 2016/679 (“GDPR”). CompanyData and Company are and remain separately responsible for their own purposes and means with respect to the processing of such transferred personal data.

  3. Parties wish to comply with the GDPR and to lay down in this Data Transfer Addendum the following terms and conditions with respect to such transfer of personal data (“Transfer Addendum”).

DEFINITIONS

Capitalized terms used in this Transfer Addendum have the following meanings, whereby the singular includes the plural and vice versa:

Purpose: the delivery of one or more licensed datasets. The use of the dataset does not permit resell, redistribute, sublicense, publish, or otherwise make the licensed dataset (or substantial parts thereof) available to any third party without CompanyData’s prior written consent.

Applicable Laws: the law and jurisdiction governing the Agreement and all applicable laws relating to data protection, the processing of personal data and privacy, including but not limited to the GDPR and any amendments or replacements.

Controller, Data Subject, Personal Data, Process, Processor and Processing have the meanings ascribed to them in the GDPR.

Recipients: the Parties to this Transfer Addendum, the employees of each Party and any third parties engaged to perform obligations in connection with this Transfer Addendum.

Transferred Personal Data: the Personal Data transferred by CompanyData to Company under this Transfer Addendum for the Purpose.

TERMS AND CONDITIONS

  1. Transferred Personal Data shall be restricted to the following categories of information: names, professional roles and positions, and business contact details including business email addresses, business telephone numbers and business addresses of individuals acting in a professional capacity such as directors, officers and other business contacts of legal entities.

  2. Each Party shall process Personal Data as a separate Controller and comply with all obligations imposed on a Controller under the Applicable Laws.

  3. CompanyData ensures that it has all necessary notices and consents in place to enable lawful transfer of the Transferred Personal Data to the Recipients for the Purpose hereunder.

  4. If Company transfers Personal Data to CompanyData, Company ensures that it has all necessary notices and consents for lawful transfer.

  5. Company warrants and guarantees that:

    • It shall use the Transferred Personal Data in compliance with Applicable Laws;

    • It shall not use the data for any purpose other than the Purpose;

    • The data shall only be used by the Recipients;

    • The data shall not be shared or distributed to any other third party;

    • Appropriate IT safeguards will be implemented to ensure security and confidentiality.

  6. Each Party shall provide full information to Data Subjects whose data is processed under this Transfer Addendum.

  7. Each Party shall assist the other Party in complying with Applicable Laws, including responding to data subject requests, complaints or regulatory enquiries.

  8. The Transferred Personal Data will be treated as strictly confidential and provided in a secured electronic format.

  9. Each Party acknowledges it has no control over the use of the data by the other Party.

  10. Each Party shall indemnify the other Party against liabilities or losses resulting from breaches of Applicable Laws or this Addendum, except in cases of gross negligence or wilful misconduct.

  11. No intellectual property rights are transferred with the data. Any applicable rights remain with CompanyData.

  12. Any amendment to this Addendum must be made in writing and agreed by both Parties.

  13. This Addendum remains valid from the acceptance of the commercial offer and entry into the Agreement for a period of one year.

  14. Nothing in this Addendum establishes a partnership or agency relationship between the Parties.

  15. Dutch law applies and disputes shall be subject to the courts of Amsterdam, the Netherlands.

APPENDIX 1 – STANDARD CONTRACTUAL CLAUSES

Controller-to-Controller

Clause 1 – Purpose and scope

The purpose of these standard contractual clauses is to ensure compliance with Regulation (EU) 2016/679 (GDPR) for the transfer of personal data to a third country.

Clause 2 – Effect and invariability

These clauses set out appropriate safeguards including enforceable data subject rights and legal remedies pursuant to Article 46 of the GDPR.

Clause 3 – Third-party beneficiaries

Data subjects may invoke and enforce these clauses against the data exporter and/or importer as third-party beneficiaries.

Clause 4 – Interpretation

Terms defined in the GDPR have the same meaning within these clauses.

Clause 5 – Hierarchy

In the event of contradictions between these clauses and other agreements, these clauses prevail.

Clause 6 – Description of transfer

Details of the data transfer are specified in Annex I.B.

ANNEX I

A. List of Parties

Data exporter:

BoldData B.V. (CompanyData.com)
Vijzelgracht 53D
1017 HP Amsterdam
The Netherlands

Activities: collection, aggregation, maintenance and lawful transfer of B2B personal data.

Role: Data Controller

Data importer: Company, as specified in the Agreement.

Role: Data Controller

B. Description of Transfer

Categories of data subjects:
Directors, officers and business contacts of legal entities.

Categories of personal data:
Names, professional roles, business email addresses, business phone numbers and business addresses.

No sensitive personal data is transferred.

Nature of processing:
Collection, storage, organisation and controlled disclosure of B2B personal data.

Retention period:
For the duration of the Agreement unless earlier deletion is required by law.

C. Competent Supervisory Authority

Dutch Data Protection Authority / Autoriteit Persoonsgegevens

ANNEX II

Technical and Organisational Security Measures

  • Access to personal data limited to authorised personnel

  • Encryption of data in transit and at rest

  • Logical access controls and authentication

  • Logging and monitoring of system access

  • Incident detection and breach response procedures

  • Data minimisation and retention controls

  • Business continuity and disaster recovery measures

  • Staff confidentiality obligations and security training

Amazon
Booking.com
Salesforce
Uber
Wolters Kluwer
Zalando
The Economist
TomTom
Sennheiser
Samsonite
Samsung
Porsche
Philips
Rentokil
P&G
Nespresso
Nike
Mercedes-Benz
Mitsubishi
NEC
LG
McDonald's
McKinsey
Lebara
Lenovo
Kantar
JBL
Just Eat
Grohe
Hello Fresh
Google
Getir
E.ON
Essity
EY
Danone
Deloitte
Dyson
Bosch
Casio
CM
BASF
Blom
ATAG
Bain & Company
Airbnb
Accenture
Adecco
Abbott Laboratories
Engie
Porsche
Mercedes-Benz
NEC
Terre des Hommes
The Economist

What our customers say

Request FreeData Sample
Call us
Call us: +31 (0)20 705 2360