|
Collaboration agreement as associated operator pursuant to GPDR terms By continuing this procedure and the voluntary granting of the necessary consent, the undersigned, acting as Associated Operator, I understand that for the purpose of implementing the GDPR, starting with 25/05/2018, I shall observe the following legal and social norms provided by the normative acts in force regarding the protection of personal data :
The undersigned I am an Associated Operator of the company LIFE CARE CORP S.R.L. , with registered office in Chisoda, DN 59, Km. 8+550 m Stanga, CP 284, OP 1, Timis County, registered with the Timis County Trade Register Office under no. J35/1827/2005, fiscal code RO 17639166, and as a result I am under legal relations with this company, reason for which I understand that it is imperative to observe the legal norms regarding personal data protection, more specifically the norms provided by Regulation 679/2016 , hereinafter referred to as the regulation, as indicated below.
1.1 Associated operator – any entity (natural or legal person), who, based on the written contract or by enlisting on the company site, has the position of "Life Care Partner", according to the multilevel marketing system and who has access to the database ("partner network") of Life Care partners, totally or partially (own structure developed); 1.2 Operator – LIFE CARE CORP S.R.L. 1.3 Regulation - Regulation 679/2016, of the European Parliament and the Council from 27 April 2016 regarding the protection of natural persons regarding personal data processing and the free flow of these data and for cancelling Directive 95/46/EC (General Regulation regarding data protection) 1.4 The terms processing, personal data, processing restriction, addressee and consent shall keep their meanings mentioned in the Regulation.
Considering the nature, scope, context and the aims of the processing, as well as risks with various degrees of probability and gravity for the rights and liberties of natural persons, the operator applies proper technical and organizational measures in order to guarantee and be able to prove that such processing is done in accordance with this regulation. The said measures are reviewed and updated if necessary. When they are proportional in relation to the processing operations, the above-mentioned measures include the operator applying proper data protection policies. Considering the present level of technology, costs of implementation, the nature, scope, context and aims of the processing, as well as risks with various degrees of probability and gravity for the rights and liberties of natural persons which come along with such processing, the operator, both when establishing the means of processing and when conducting the actual processing, shall apply proper technical and organizational measures, which are destined to efficiently apply the data protection principles, such as minimizing data, integrate the guarantees necessary for the processing, in order to meet the requirements of this regulation and protect the rights of the persons in question. The Operator applies proper technical and organizational measures in order to ensure that, implicitly, only personal data necessary for each specific purpose are processed. That obligation applies to the amount of data collected, the degree of their processing, the storage period and their accessibility. More importantly, such measures ensure that, implicitly, personal data cannot be accessed by an unlimited number of people without the intervention of the person.
The associated operator processes personal data only based on documented instructions from the operator, observing the rules regarding security and access to the operator's database (user + password, etc.), including regarding personal data transfer to third parties or institutions, or to a third party country or an international organization, except when this obligation is for the person authorized under the EU law or internal law applicable; in this case, this legal obligation is notified to the operator before processing, except when that law forbids such a notification for important reasons related to public interest; The associated operator ensures that the person it authorized to process personal data has undertaken to observe the confidentiality or have a proper statutory obligation to confidentiality; The associated operator adopts all the necessary measures pursuant to article 32 of the regulation: Considering the nature of the processing, the Associated Operator shall inform the Operator about meeting the obligations to answer requests regarding the exercising by the person in question of the rights provided at chapter III of the regulation; Helps the operator , if needed, in ensuring the observation of the obligations provided at articles 32-36 of the regulation, considering the nature of the processing and the information at its disposal; At the choosing of the operator , deletes or returns to the operator all personal data after the services are terminated and eliminates all existing copies, except when the law of the EU or the internal law imposes the storage of personal data; Makes available to the operator all the information necessary for proving the observance of the obligations provided in this article, allows the conducting of audits, including inspections made by the operator or another authorized auditor and contributes to these. If the Associate Operator recruits another person for conducting specific processing activities, the same obligations regarding data protection provided in the contract or another legal act concluded between the operator and Associated Operator and coming from the provisions of normative acts (as provided in article 28 para. (3) of the regulation), shall apply to the recruited persons. The responsibility shall be based on a contract or another legal act, based on the EU law or internal law, especially providing enough guarantees for the application of proper technical and organizational measures, so that the processing meets the requirements of this regulation. If the recruited person breaches his/her obligations regarding data protection, the Associated Operator shall remain completely liable towards the operator with regard to the execution of that person's obligations. The Associated Operator shall answer the Operator in writing regarding any complaint or request from the Users or state institutions which is about personal data it has collected, manages, or of which it has become aware during the execution of the contract.
The Associated Operator and any person acting under its authority, who has access to personal data, as they are defined by the Regulation and, depending on the case, in the contract, the Terms and Conditions and respectively the personal data processing agreement from the operator's site club.life-care.com , shall not process such data without the request / consent of the operator , except when the EU law or the internal law obliges it to do so. The Associated Operator keeps a record of the processing activities conducted under its responsibility. Those record shall contain the following information: a. the name and contact data of the person or persons from which personal data has been collected for the provision of the services in collaboration with the operator; b. All the data collected/ supplied from/ by Life Care partners and/or by the Life Care operator, as well as the aim of the data collection; c. If the case, all personal data transfers to a third party (natural or legal person), third party country or an international organization, including the identification of the third party country or the international organization in question and, in case of transfers provided at article 49 paragraph (1) the second item of the regulation, the documentation which proves the existence of proper guarantees; d. Where it is possible, a general description of the technical and organizational measures for security mentioned at article 32 paragraph (1) of the regulation. e. The names of the agents or authorized persons of the Associated Operator who collected, had knowledge, managed or archived personal data.
The Associated Operator implements proper technical and organizational measures for ensuring a proper security level for this risk, including among others, depending on the case: a. name designation and encryption of personal data; b. the capacity to ensure confidentiality, integrity, availability and continuous durability of the processing systems and services; c. the capacity to restore the availability of personal data and access to them in due time in case there is an incident of physical or technical nature; d. a process for testing, evaluating and regular assessment of the efficiency of technical and organizational measures for guaranteeing the security of the processing. The Associated Operator shall inform the operator without undue delay after it learns of a breach of personal data security. The notification sent by the Associated Operator must contain at least: a. a description of the nature of security breach regarding personal data, including, if possible, the categories and approximate number of persons in question, as well as the categories and approximate number of personal data records in question; b. name and contact data of the person responsible with data protection, or another contact point where more information can be obtained; c. description of the probable consequences of breaching personal data security; d. description of the measures taken or proposed to be taken by the operator in order to remedy the personal data breach, including, depending on the case, measures for reducing possible negative effects.
The Associated Operator has the obligation to completely observe the provisions of the regulation, nothing from this agreement making the Associated Operator be outside this obligation; The Associated Operator understands that breaching the provisions of the Regulation and the obligations regarding GDPR from the contract, or, depending on the case, from the Terms and Conditions from the site of Life Care Corp SRL, club.life-care.com , shall cause losses to the company LIFE CARE CORP S.R.L. and make it liable both contractually and legally for the losses caused.
|
|
This agreement has the value of a convention under the meaning of art. 1.166 of the Civil Code and is governed by the provisions of art. 1.270 of the Civil Code, having the power of a law between me and the company Life Care Corp S.R.L. I hereby express my free and unrestricted consent regarding all of the above. |
