Data processor appointment deed

Whereas:

  • The User has accepted the general conditions (hereinafter “General Conditions”) for the use of the Infomail Service provided by Hoplo S.r.l. a single-member company (hereinafter “the Service”).
  • The User, as data controller of Personal Data pursuant to the Code for the protection of personal data, adopted with Legislative Decree 30 June 2003, n. 196 (hereinafter “the Code”) and the EU Regulation 2016/679 (“GDPR”), with this act appoints Hoplo S.r.l. a single-member company, which accepts, as “Data Controller” pursuant to art. 29 of the Code (hereinafter, “Controller”), in order to carry out the processing operations of Personal Data, with the methods specified below, in relation to the obligations assumed by the Controller pursuant to the General Conditions.
The User entrusts to the Controller the following processing operations of Personal Data on paper, computer and telematic media:
  • processing and use for the purposes deriving from the General Conditions;
  • storage, preservation, and archiving, for the time strictly necessary and in any case within the terms of the law.

The Controller:

  1. is required to carry out the processing operations entrusted to it in compliance with the Law and with the adoption of the security measures applicable from time to time;
  2. must minimize, by adopting appropriate and preventive security measures, the risks of:
    • destruction or accidental loss of Personal Data processed;
    • unauthorized access.
The security measures adopted will be modified, at the discretion of the Controller, by applying the measures prescribed by the applicable legislation, in particular articles 33 – 36 of the Code, and/or any technical improvements progressively made available in the computer sector.

The User declares that:

(a) the Personal Data transmitted by it are accurate and, if necessary, will be updated, are relevant, complete, and not excessive with respect to the purposes for which they are collected or subsequently processed; (b) it has carried out all the administrative obligations required by the Code and will carry out the processing of Personal Data in full compliance with the Code and the related implementing legislation, including authorizations, directives, and communications from the Guarantor for the protection of personal data; (c) grants full and unconditional indemnity in favor of the Controller for any and all claims, demands, damages, prejudices, and in general for any civil, administrative, and/or criminal consequences arising from the falsity, unreliability, or incompleteness of the statements referred to in the previous letters (a), (b).

The Controller provides for:

(a) to appoint within its organization the persons in charge of the processing of personal data, duly instructing them on the performance of their duties and undertaking to supervise their work; (b) to provide, also at the request of the User, to each interested party of the processing or delegate of these the information provided for in art. 7 of the Code in case of request; (c) to immediately notify the User of any request, order, or control activity by the Guarantor for the protection of personal data, or by the judicial authority, of any interested party or third party pursuant to Part III, Titles I and II of the Code in case of request received. Unless the User has promptly communicated its intention to promote opposition in the forms of the law, the Controller is required to execute the orders of the Guarantor or the judicial authority, with the support of the User. This appointment has the same duration and effectiveness as the relationship concerning the provision of the User’s Service and, therefore, will cease upon the cessation of the same. In the event of the above, the Controller, at the User’s discretion, returns the personal