Data processor appointment deed

Whereas:

The User has accepted the general conditions (hereinafter “General Conditions”) for the use of the ShopCall service provided by Shopcall S.r.l., a single-member private liability company (hereinafter “the Service”).
The User, as Data Controller pursuant to the Personal Data Protection Code, adopted by Italian Legislative Decree No. 196, 30 June 2003 (hereinafter “the Code”), hereby appoints Shopcall S.r.l., a single-member private liability company, as “Data Processor” pursuant to article 29 of the Code (herein “Data Processor”), which accepts in order to carry out the processing of Personal Data, in the manner given below, in relation to the obligations undertaken by the Data Processor pursuant to the General Conditions.

The User entrusts the Data Processor with the following data processing operations via paper, computer and telematic means:

  • processing and use for the purposes deriving from the General Conditions;
  • storage, preservation and archiving, for the time strictly required and, in any case, in accordance with the law.

The Data Processor:

  • must carry out the processing operations that it has been entrusted with in compliance with the Law and by implementing the security measures that may apply from time to time;
    via the adoption of suitable preventive security measure, it must minimise the risks of:

    • destruction or loss, including accidental, of the Personal Data processed;
    • unauthorised access.

The security measures adopted will be modified, by the Data Processor, by applying the measures prescribed by the applicable legislation, specifically, articles 33 – 36 of the Code, and/or any technical improvements that are gradually made available within the IT sector.


The User declares that:

(a) the Personal Data they send are correct and, if necessary, will be updated, are relevant, complete and not excessive with regard to the purposes for which they have been collected or subsequently processed;

(b) they have carried out all their administrative obligations required by the Code and they will process the Personal Data in full compliance with the Code and the relative implementing regulations, including the authorisations, the directives and the communications of the Italian Data Protection Authority in regard to personal data protection; (c) grants full and unconditional indemnity towards the Data Processor in regard to any claims, requests, damage, prejudice and in general for any civil, administrative and/or criminal consequences that may derive from falsehoods, untruthfulness or the incompleteness of the declarations given in points (a), and (b) above.

The Data Processor will see to:

(a) appointing personal data processors within its organisation, duly instructing them on the manner in which to carry out their tasks and undertaking to monitor their work;

(b) providing any data subject or their representative with the information provided for in article 7 of the Code when requested, also on the instructions of the User;

(c) immediately informing the User about any request, order or controls carried out by the Italian Data Protection Authority, or the judicial authority, on any data subject or third parties pursuant to Chapter III, Part I and II of the Code, when requested.

Unless the User has promptly communicated their intent to oppose the procedures, the Data Processor is required to carry out the orders of the Italian Data Protection Authority or the judicial authority, with the support of the User.

This appointment has the same duration and effectiveness as the relationship concerning the provision of the User’s Service and, therefore, will cease when said service is also terminated.

In the event that the above scenario occurs, the Data Processor, at the User’s discretion, will either return the personal data that is part of the Processing Operations, or see to their complete destruction. In both instances, the Data Processor will issue a written statement attesting to the fact that they no longer hold any copies.