* Please read and accept the T&C at the bottom.

DPA TERMS AND CONDITIONS

This Agreement is between the User (“Client”) and INFOCREDIT GROUP LIMITED (Registration no. HE4404) a company organized and registered under the Laws of the Republic of Cyprus, having its registered address at 5A Hadjigeorgiou Philippou, 2006, Acropolis, Nicosia, hereinafter collectively referred to as the “Parties”.

  1. OBLIGATIONS

The Client hereby instructs Infocredit to provide the Service, and Infocredit hereby agrees to provide the Service subject to and in accordance with the Terms and Conditions. The Client shall have no legal obligations towards Infocredit and Infocredit shall have no legal obligations towards the Client, other than as specifically stated in this Terms and Conditions. Infocredit shall at all times act as an independent contractor. This Terms and Conditions shall not be described by the Parties or construed to establish any different relationship, including, without limitation, that of employer and employee, partnership, joint venture or agency of any kind. Infocredit has the right to amend these Terms and Conditions at any time and will be effective immediately upon posting, where Infocredit will take reasonable steps to inform the Customer about this change.

  1. USE OF INFORMATION AND CONFIDENTIALITY

All information provided by Infocredit under these Terms and Conditions shall be confidential and shall not otherwise than pursuant unless pursuant to a statutory duty or court order be communicated, copied or otherwise divulged to any other person or party whatsoever. The Client undertakes to use any report or item of information supplied by Infocredit only to assist in making a business decision and not as the sole basis for any such decisions and all information is meant for the Client to use for its own business. Any abuse of the system, suspected or detected, will mean termination of services provided under this Terms and Conditions. The Client is responsible for informing its employees that will be using the system regarding the relevant clauses for the use of information and confidentiality; and to immediately notify Infocredit Group of any change of address of its operation.

  1. LIABILITY

Reports and information provided to the Client upon Client’s instructions may in whole or part represent data supplied by third parties, and Infocredit shall take every reasonable step to ensure that personal data are accurate and, where necessary, kept up to date. Infocredit will accept no liability for any errors therein or omissions therefrom except when the acts or omissions are a result of willful misconduct or gross negligence of Infocredit and is adjudged to be liable for these.

All times and dates quoted for delivery of any report and / or information are estimates only and Infocredit shall not be liable for any loss or damage arising from the delay or failure itself or its officers or employees in procuring, presenting, communicating or otherwise providing the reports and / or information. Infocredit shall not be liable for any loss or damage whatsoever as a result of the Client’s use of the report and / or information, including any loss suffered by the Client as a result of any claim by the subject of any such report and / or information or other third parties or for any reason howsoever arising.

The client is liable for any misusage of the system conducted by its employees. Any misusage should be reported immediately to Infocredit. In case of change in employees that are users of the system the client should report it to Infocredit prior to the last date of the employee, so that the user is disabled and new access codes are created to a new user that the client will appoint. The Client is not authorized to make copies of Infocredit databases, connect them to any outside database or process them in any other way without prior written agreement with Infocredit.

  1. INDEMNITY

The Client shall indemnify Infocredit in respect of any loss or damage whatsoever (including costs and any necessary payments made in order to settle or compromise any claim) which it or they may suffer or incur directly or indirectly from any breach of these Terms and Conditions by the Client or by the Client’s employees, agents or by any other party acting through or with the Client to the limit of the cost of the purchased services.

  1. PAYMENT

The fee payable by the Client shall be in accordance with the quoted rate on Infocredit’s websites and Systems which, along with the VAT shall be due within 15 days from the date that the invoice is received by the Client. Payment shall be made in full without any discounts, unless otherwise stated. If payment in full is not made on the due date interest shall accrue on the outstanding amount from the date payment becomes due from day to day until the payment is received at a rate of 8% and shall accrue at such a rate after as well as before any judgment. Bank or any additional charges will burden by the Client.

  1. Representations and Warranties

Infocredit hereby represents and warrants that it has the ability and the qualifications to perform its obligation under this Terms and Conditions and has taken all necessary actions for the purpose of such execution and performance. Its obligations constitute its legal, valid and binding obligations enforceable in accordance with their terms and will be performed with reasonable care and skill and to the best of its ability. It undertakes the obligation to disclose any development which may have a material impact on its ability to carry out the Service provided effectively and in compliance with applicable laws and regulatory requirements. It adopts all means to ensure that no explicit or potential conflicts of interest with the Company that may impair the provision of the Service provided exist.

  1. DURATION OF THE TERMS AND CONDITIONS

This Terms and Conditions shall remain in force for a period of one (1) year from the time the user have access or purchase a product and shall be automatically extended from year to year unless the user delete their account or Infocredit withdraws access to the user.

  1. TERMINATION

Infocredit may terminate this terms and conditions if for any reason is unable to continue supporting the service (or any part of it) or making available to the Client, or if the Client fails to pay any invoice for Infocredit’ s charges hereunder without good cause, fails to remedy any breach of this Terms and Conditions within 30 days of receipt of notice of that breach, ceases to pay its debts as they fall due, or ceases in business, or goes into receivership or voluntary liquidation winding up or bankruptcy proceedings are commenced in respect of it.

The Client has a right to terminate the Terms and Conditions at any time, however even after the termination the user is still obligated to be governed by them.

  1. FORCE MAJEURE

Parties shall not be liable for any default due to any act of god, war, strike, lock-out, industrial action, fire, flood, drought, tempest or other event beyond its reasonable control.

  1. ASSIGNMENT

This Terms and Conditions shall not be assigned or transferred without the prior written consent of all Parties hereto.

  1. WAIVER

Failure by either Party to exercise or enforce any right conferred shall not be deemed to be a waiver of any such right nor operate so as to bar the exercise or enforcement thereof or of any other right on any later occasion.

  1. PERSONAL DATA

The Client and Infocredit shall be in full compliance with their obligations under Article 28 of the GDPR with regards to the processing of personal data.

  1. ENTIRE TERMS AND CONDITIONS

The Terms and Conditions constitutes the entire agreement between the Parties on all issues to which are referred. Their content cancels and supersedes all previous written or oral commitments and undertakings.

  1. NOTICES

All notices or any other communications to be given or made hereunder for the purposes of this Terms and Conditions shall be given via electronic communications to such representatives of the Parties and at the e-mail addresses as indicated here below and shall be considered as effective from the date that it is received by the other Party.

  1. JURISDICTION AND GOVERNING LAW

This Terms and Conditions shall be governed construed and enforced in accordance with the laws of the Republic of Cyprus and both Parties hereby irrevocably submit to the exclusive jurisdiction of the Courts of the Republic of Cyprus.

AGREEMENT ON PROCESSING OF PERSONAL DATA

This Data Processing Agreement (the “DPA“) is between the User (“Client”) and Infocredit (“Servicer”), hereinafter collectively referred to as the “Parties”.

  1. Processing of the Client’s Personal Data

The Parties acknowledge and agree that with regard to the Processing of Personal Data, the Client is the Controller and the Servicer undertakes to Process Personal Data on behalf of the Client as a Processor under the Terms and Conditions. The Servicer and any Servicer Affiliated Company shall comply with the Data Protection Legislation, in particular with the provisions of art. 28 (3) GDPR.

Servicer or any Servicer Affiliated Company, shall only subcontract any of its Processing operations performed on behalf of the Client under this DPA with the prior and specific written consent of the Client. The Servicer shall provide to the Client prior written notice of the appointment or replacement of any Third-Party Processor, including full details of the Processing to be undertaken, and the Client will have the right to object. Objection, has to be in writing and within 30 days of receipt of that notice. A third-party processor shall not be appointed or have Client Personal Data disclosed, until reasonable measures have been taken to address the objections raised by the Client and the Client has been provided with a reasonable written explanation of the measures set in place and has confirmed in writing that the measures set in place are satisfactory.

Client Instructs and authorises the Servicer and each Servicer Affiliated Company to process the Client’s Personal Data only for the purposes of providing the Services required by the Client. Annex 1 of this DPA, which forms an integral part of the DPA, sets out certain information regarding the Contracted Processors Processing Client Personal Data as required by Article 28(3) of the GDPR.

  1. Security

The Servicer and each Servicer Affiliated Company must comply with Article 32(1) of the GDPR and Annex 1 of this DPA.

  1. Data Subject Rights

The Servicer and Servicer Affiliated Company, shall consider the nature of the processing and assist the client by implementing technical and organisational measure, for the fulfilment of Client’s obligations to respond to requests by Data Subjects exercising their rights under any Data Protection Legislation.

The Servicer shall promptly notify the Client if the Servicer or a Third-Party Processor receives a request from a Data Subject under any Data Protection Legislation in respect of Client Personal Data; and only respond to that request based on the documented instructions of the Client as required by the Data Protection legislation in which the Contracted Processor is subject, and inform the Client, to the extent permitted, of that legal requirement prior to responding to the request.

  1. Personal Data Breach

The Servicer shall notify the Client immediately once the Servicer or any Third-Party Processor becomes aware of a Personal Data Breach affecting Client Personal Data. Such a notification shall as minimum describe the nature of the Personal Data Breach and where this is possible, the categories and numbers of Data Subjects concerned, and the categories and numbers of Personal Data records concerned; communicate the name and contact details of the Servicer’s data protection officer or other relevant contact from whom more information may be obtained, describe the likely consequences of the Personal Data Breach and the measures taken or proposed to be taken to address the Personal Data Breach. The Servicer shall provide the Client all necessary information in order for the Client to meet any obligations to report to the Supervisory Authority or inform Data Subjects of the Personal Data Breach under any Data Protection Regulation. The Servicer shall co-operate with the Client and take such reasonable commercial steps as are directed by the Client to assist in the investigation, mitigation and remediation of each such Personal Data Breach.

  1. Data Protection Impact Assessment and Prior Consultation

The Servicer and each Servicer Affiliated Company shall cooperate with the Client and shall provide reasonable assistance to the Client with any data protection impact assessments, and prior consultations with Supervising Authorities or other competent data privacy authorities, which the Client reasonably considers to be required by Article 35 or 36 of the GDPR or equivalent provisions of any other Data Protection Legislation, taking into account the nature of the Processing and information available to, the Contracted Processors.

  1. Deletion or return of Client’s Personal Data

The Servicer and each Servicer Affiliated Company shall promptly and in any event delete or return to the Client all Client Personal Data when this is requested by the Client. Servicer shall provide written confirmation to the Client that it and each Servicer Affiliated Company has fully complied with these obligations. The Client shall promptly and in any event by written notice within 30 days of the Cessation Date require the Servicer and Servicer Affiliated company to return a complete copy of all Client Personal Data by secure file transfer in the format requested by the Client; and delete and procure the deletion of all copies of those Company Personal Data. The Servicer and Servicer Affiliated company shall comply within 60 days of the Cessation Date.

Each Contracted Processor may retain Client Personal Data to the extent required by the Data Protection Legislation and only to the extent and for such period as required by the Data Protection Legislation and provided that the Servicer and each Servicer Affiliated Company shall ensure the confidentiality of all such Client Personal Data is ensured and shall ensure that such Client Personal Data is only Processed as necessary for the purposes specified in the Data Protection Legislation requiring its storage and for no other purpose.

  1. Audit Rights

The Servicer and each Servicer Affiliated Company shall make available to the Client on request all information necessary to demonstrate compliance with this DPA, and shall allow for and contribute to audits, including inspections, by the Client or an auditor mandated by the Client in relation to the Processing of Client Personal Data by the Contracted Processors. When undertaking an audit, the Client shall give the Servicer and each Servicer Affiliated Company reasonable notice of any audit or inspection to be conducted and shall make and ensure that each of its mandated auditors makes reasonable endeavours to avoid causing any damage, injury or disruption to the Contracted Processors’ premises, equipment, personnel and business while its personnel are on those premises in the course of such an audit or inspection.

A Contracted Processor need not give access to its premises for the purposes of such an audit or inspection to any individual unless he or she produces reasonable evidence of identity and authority; outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and the Client has given notice to the Servicer and each Servicer Affiliated Company; or for the purposes of more than one audit or inspection, in respect of each Contracted Processor, in any calendar year, except for any additional audits or inspections which the Client or an auditor mandated by the Client considers necessary because of genuine concerns as to Servicer’s and each Servicer Affiliated Company’s compliance with this DPA; or the Client is required or requested to carry out by any Data Protection Legislation, a Supervisory Authority or any similar regulatory authority responsible for the enforcement of any Data Protection Legislation in any country or territory,

  1. General Terms

This DPA is governed by the laws of the Republic of Cyprus. The Parties to this DPA hereby submit to the exclusive jurisdiction of the Courts of the Republic of Cyprus, including disputes regarding its existence, validity or termination or the consequences of its nullity. Nothing in this DPA reduces the Servicer’s or any Servicer Affiliated Company’s obligations under the Terms and Conditions in relation to the protection of Personal Data or permits the Servicer or any Servicer Affiliate Company to Process Personal Data in a manner which is prohibited by the Terms and Conditions. In the event of inconsistencies between the provisions of this DPA and any other agreements between the Parties, including the Terms and Conditions and including agreements entered into or purported to be entered into after the date of this DP; the provisions of this DPA shall prevail.

ANNEX 1: DETAILS OF PROCESSING OF CLIENT PERSONAL DATA

This Annex 1 includes certain details of the Processing of Client Personal Data as required by Article 28(3) GDPR.

Subject matter and duration of the Processing of Client Personal Data

The subject matter of the Processing of Client Personal Data is the provision of the Services such as the provision of commercial credit data, debt collection, management and other services as described in the Schedule(s) of the Main Agreement.

The duration of the Processing will be for as long as there is a contractual relationship between the Parties.

The nature and purpose of the Processing of Client Personal Data

The nature and purpose of the Processing of Client Personal Data is to manage Client’s financial risks, protect against fraud, know who the Client is doing business with, according to the Client’s legitimate interests and assist in compliance with regulatory obligations.

The types of Client Personal Data to be Processed

The types of Client Personal Data Processed by the Servicer include the following:

  1. Name and Surname of the Data Subject
  2. Id Number of the Data Subject (including Alien Registration Number or Passport number)
  3. Nationality
  4. Occupation
  5. Date/year of birth
  6. Address of the Data Subject
  7. Possible association of the Data Subject with companies

Categories of Data Subject to whom the Client Personal Data relates

The categories of Client Personal Data Processed by the Servicer include the following:

    Individuals Related with companies as Directors, shareholders, secretaries, alternate directors, alternate secretaries, assistant secretaries or members, legal advisors and correspondents as included in the official company registries.

Minimum technical and organisations measures applied by the Servicer for the protection of Client Personal Data

  • Alarm /fire system
  • Physical access control
  • Confidentiality obligation of the employees of the Servicer and the Servicer’s Affiliated Companies towards the clients of the Services (thereby including the Client)
  • Protection of non-automated files
  • Requirement of passwords for accessing computers and computer systems
  • Firewall, antivirus software