These terms and conditions, together with our Privacy Policy http://deliverhub.site/privacy.aspx and the Agreement signed between the Customer and the Company, constitute the entire agreement between you and Deliverhub Inc. in relation to your use of our services. If you disagree with these terms and conditions or any part of these terms and conditions, you must not use our services.

1.Scope of these Terms

1.1 These terms and conditions shall apply when Deliverhub Inc., a company registered in the Republic of the Marshall Islands, with registration number 97105 (hereinafter referred to as the “Company”) processes personal data on behalf of the Customer, under the Agreement the parties have concluded. In this case, the Customer acts as the Controller and the Company acts as the Processor of personal data.

1.2 If Customer transfers personal information from a data subject to Company, Customer hereby warrants that Customer has the full legal authority and consent to transfer the data subject’s information to the Company. If the Customer has not obtained signed Consent Forms from the data subject, Customer does not have the legal authority to transfer data subject’s information to Company and will be held liable.

1.3 Each Party hereby agrees to comply (and to procure the required compliance of all of their respective directors, officers, employees or agents) with all relevant provisions of the GDPR and any applicable data protection laws relating to the data maintained or processed by it, under this Agreement.

2. Definitions

2.1 Personal data means any information relating to an identified or identifiable natural person or to any other personal data referred to in the GDPR [679/2016].

2.2 Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

2.3 Processing means any operation or set of operations that the Company performs on behalf of the Customer under the Agreement the parties have concluded and that is performed on personal data or sets of personal data, whether or not by automated means, or to any other processing of personal data referred to in the GDPR.

2.4 Controller means a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of processing of personal data, or to any other Controller referred to in the GDPR.

2.5 GDPR means the General Data Protection Regulation [679/2016] of the European Union (also referred to herein as “data protection legislation”), any other applicable data protection provisions, and any regulations and instructions issued by the data protection authorities. Each Party warrants that it shall follow and bear the applicable responsibilities under the GDPR, as a data controller and data processor.

3. General Rights and Responsibilities in the Processing of Personal Data

3.1 We aim to keep our Customers informed on the detailed processing of their personal data, by describing:

1. The nature and purpose of such processing;
2. The type of personal data and categories of data subjects;
3. The applicable data protection measures used by the Company;
4. The Customer’s rights and responsibilities;
5. The object and duration of the personal data processing under the Agreement;

Shall be described in more detail in the Agreement between the parties. 3.2 The Company and the Company’s employees hereby confirm that they shall process personal data in compliance with the applicable data protection legislation [GDPR 679/2016], the Agreement between the parties, and the written instructions the Customer gave to the Company (if any). Should the Company consider that the data subject’s instructions infringe the data protection legislation, the Company shall immediately notify the Customer without delay. 3.3 As the Controller, the Customer shall take the necessary measures to ensure that the processing of personal data to be transferred to the Company complies with the data protection legislation. 3.4 At the Customer’s request, and unless any legal obligations require the personal data to be kept, the Company shall provide the Customer with all information needed to fulfill his/her individual rights, any access rights, or to comply with the data protection supervisory authority’s requirements or instructions. The Company shall inform the Customer of all requirements and inquiries made by the data subject, authorities or any other entity. The Company has the right to invoice the Customer for the tasks specified in the Agreement signed between the parties.

4. Audits

4.1 The Company assures the rights that the Customer has under the data protection legislation to audit the Company’s subcontractors.

4.2 Any audits conducted by the Customer shall not limit the obligations and responsibilities of the Company or its subcontractors under these special terms and conditions or the agreement.

4.3 Each party to the Agreement is liable for its part for the audit costs.

5. Data Security

5.1 The Company shall take appropriate technical and organizational measures (such as SSL, multi layer encryption and password encryption, FW, limited access to personal data etc.) to keep the Customer’s data safe, prevent unauthorized, unlawful processing of personal data and prevent unintentional loss, change, destruction or damage to personal data.

5.2 Should the Company have any reason to believe that data security has been affected, the Company shall notify the Customer in writing without undue delay of any data security violations targeted at personal data.

5.3 The Company shall further ensure that each person processing personal data has obtained a signed consent form from the data subject and that all data is processed only in connection with the duties stated in the Agreement signed between the Parties.

5.4 The Company shall document all violations of data security, compromising the facts relating to the violation, its effects and the remedial action taken.

6. Location of Personal Data

6.1 If personal data is processed outside the European Union, each party to the Agreement shall ensure for its part that the processing of personal data complies with the data protection legislation.

7. Use of Third Party Subcontractors

7.1 Unless otherwise agreed in writing, the Company is entitled to use another data processor as its subcontractor in the processing of personal data.

7.2 When the Company uses a subcontractor in the processing of personal data, the following terms and conditions are applicable:

1. the assignment is governed by a written agreement; and
2. the written Agreement requires the subcontractor to fulfill the same responsibilities and commitments that are applicable to the Company under this Agreement and the GDPR. This also provides the Customer with the same rights towards the Subcontractor as the Customer has towards the Company.

7.3 Before changing any subcontractors participating in the processing of personal data or hiring new subcontractors, the Company shall notify the Customer of this in writing without undue delay. If the Customer does not approve the change of subcontractors or the use of new subcontractors, the Company has the right to terminate the Agreement by giving 30 days notice.

8. Deleting and Returning Personal Data

8.1 During the period of validity of the agreement, the Company shall not delete any personal data processed on behalf of the Customer, unless the Customer specifically requests so. However, it is to be noted that in some cases the Company might be obliged to retain data subject’s information to comply with legal obligations, resolve disputes and enforce agreements.

8.2 Upon the expiry of the agreement, the Company shall, according to the Customer’s choice, either delete all personal data processed on the behalf of the Customer or return it to the Customer and delete all copies of it, unless the legislation, any regulatory authority, requires the Company to retain it. If the Customer does not request the Company to delete or return the personal data processed on behalf of the Customer, the Company shall retain the personal data processed on behalf of the Customer for 12 months after the expiry of the agreement, after which the Company shall delete all copies of it, unless the legislation or any regulatory authorities require the Company to keep it.

9. Liability

If a party fails to comply with these terms, and/or the GDPR, it shall indemnify the other party against any loss or damage sustained or incurred by the other as a result of that failure, such indemnity to include but not to be limited to any fine which may be levied under the GDPR.

10. Contact Us

If you have any questions about these Terms or the use of the Company’s Website and/or services, please contact us at: info@deliverhub.net.