TERMS OF USE OF “EASY CONFIGURATOR”

  1. The service provided through the “Easy Configurator” tool is a free service offered by Volvo Penta España, which reserves the right to withdraw it at any time without prior notice.
  2. The quotation provided through the “Easy Configurator” tool includes approximate prices, which may vary from those that result once the engine configuration is completed and the order is placed through Prosales.


DATA PROCESSING AGREEMENT

On the one hand, the user of the service provided through the “Easy Configurator” tool, with a registered user in the service (hereinafter, THE DATA CONTROLLER, THE CONTROLLER, or THE USER), identified and registered digitally through this acceptance.

And, on the other hand, Volvo Group España S.A.U (Volvo Penta Division) (hereinafter, THE DATA PROCESSOR or THE PROCESSOR), with its registered office at C/ Basauri 7 and 9, 28023 Madrid, and CIF A79842654.

The parties acknowledging the capacity and representation with which they act,


STATE:

  1. That, under the corresponding agreement, THE PROCESSOR has committed to providing THE USER with the services of a Web Quotation Configurator.
  2. That, for the execution of these services, THE PROCESSOR needs to process the personal data for which THE USER is, for legal purposes, the data controller.
  3. That, for this purpose, THE PROCESSOR expressly declares that:
    1. It offers sufficient guarantees that it will apply appropriate technical and organizational measures, ensuring that the processing of personal data complies with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation or GDPR), and guarantees the protection of the rights of data subjects.
    2. As of the date of signing this agreement, it has never been sanctioned for non-compliance with the regulations on the protection of personal data.
The parties, based on the above,

AGREE:

  1. OBJECT.-

    The purpose of this agreement is to regulate the conditions under which THE PROCESSOR will process the personal data for which THE USER is, in accordance with applicable regulations, the data controller, for the provision of the services mentioned in Clause I of this agreement.

  2. DURATION.-

    This agreement will remain in effect as long as the service provision relationship referred to in Clause I is in force. Once this relationship is terminated, this agreement will automatically be resolved, without prejudice to the provisions contained in Clause VIII regarding the obligations that apply to THE PROCESSOR after such resolution.

  3. CONDITIONS OF DATA PROCESSING.-
    1. Nature and purpose of processing.-

      The processing of personal data by THE PROCESSOR will be limited to what is necessary to carry out the provision of services and will always be performed within this framework. Specifically, the processing activities to be carried out by THE PROCESSOR are as follows: Collection, Recording, Structuring, Modification, Storage, Consultation, Access, Deletion.

      If THE PROCESSOR considers it necessary to carry out processing of data outside these limits, it must first request authorization from THE USER. In the absence of such authorization, THE PROCESSOR may not carry out such processing.

      In any case, THE PROCESSOR may not process the data for purposes other than those established in this agreement.

    2. Types of personal data processed.-

      The types of personal data that THE PROCESSOR will process under this agreement are as follows:

      • Identifying data (name and surname, email, phone number)
    3. Categories of data subjects.-

      The categories of data subjects whose data will be processed by THE PROCESSOR under this agreement are as follows:

      • Customers and users.
  4. OBLIGATIONS OF THE PROCESSOR

    THE PROCESSOR agrees to comply with the following obligations:

    1. It will only process the data in accordance with THE USER's instructions, which must be documented. As a general rule, the instructions that THE PROCESSOR must follow in the processing of personal data are those that logically derive from the nature of the contracted services and are necessary for their fulfillment.

      The obligation to adhere to THE USER's instructions and prior authorization for processing will also apply, where applicable, to any international data transfers that THE PROCESSOR may consider carrying out, unless legally required to do so, in which case it will only inform THE USER in writing of this legal requirement prior to processing.

      If THE PROCESSOR considers that an instruction from THE USER may be contrary to applicable data protection regulations, it will immediately notify THE USER.

    2. THE PROCESSOR agrees to maintain the duty of confidentiality regarding the personal data it accesses under this agreement, even after the termination of its purpose.

    3. THE PROCESSOR may not transfer or disclose the data, even for storage, to third parties, except with the express indication of THE USER.

      THE PROCESSOR will disclose the data to other processors designated by THE USER when THE USER has previously instructed it to do so, in writing, specifying the entity to which the data must be disclosed, the data to be disclosed, and the security measures to be applied for the disclosure.

    4. THE PROCESSOR agrees to implement in its technical and organizational systems the appropriate measures to ensure the security of THE USER's personal data files and processing, in accordance with the risk assessment it conducts for this purpose.

      These security measures will include mechanisms to: a) Ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services; b) restore the availability and access to personal data promptly in the event of a physical or technical incident; c) regularly test, assess, and evaluate the effectiveness of technical and organizational measures implemented to ensure the security of processing; and d) pseudonymize and encrypt personal data, where applicable.

      THE PROCESSOR will ensure that individuals under its authority who must process personal data expressly and in writing commit to maintaining confidentiality and complying with the corresponding security measures. THE PROCESSOR must ensure the necessary training of these individuals in personal data protection and the security measures to be followed.

  5. SUBCONTRACTING

    THE PROCESSOR is authorized to subcontract to the company MY FOCUS SYSTEMS S.L the services involving the following data processing: HOSTING.

    If it becomes necessary to subcontract any processing other than the one indicated or with a different company, THE PROCESSOR must communicate this fact in writing to THE USER in advance, with a notice of three calendar days, indicating the processing it intends to subcontract and identifying the subcontractor. The subcontracting may proceed if THE CONTROLLER does not express opposition within this period.

    In any case, the subcontractor, who will also have the status of a data processor, is equally obliged to comply with the obligations set out in this document for THE PROCESSOR and the instructions issued by THE USER.

    In any case, THE USER will impose by contract on the other data processor the same obligations imposed on it in this document and, in particular, the provision of sufficient guarantees that it will apply appropriate technical and organizational measures to ensure that the processing complies with applicable regulations.

    If the other data processor fails to comply with its obligations, THE PROCESSOR will be liable to THE USER for such non-compliance.

  6. COOPERATION WITH THE CONTROLLER

    THE PROCESSOR agrees to assist THE USER and cooperate with it so that THE USER can fulfill its obligation to respond to requests aimed at exercising the rights of data subjects (access, rectification, erasure, and objection; restriction of processing; data portability; and not to be subject to automated individual decision-making, including profiling).

    In this regard, when data subjects exercise the aforementioned rights with THE PROCESSOR, THE PROCESSOR must notify THE USER by email immediately and in no case later than three working days after receiving the request. The communication will be accompanied by any other information that may be relevant to resolving the request.

    Likewise, THE PROCESSOR will be available to THE USER, upon request, to assist in fulfilling the obligations to apply appropriate security measures, conduct data protection impact assessments, where applicable, and carry out prior consultations with the supervisory authority, also where applicable.

  7. NOTIFICATION OF DATA SECURITY BREACHES

    THE PROCESSOR will notify THE USER by email, without undue delay and in any case no later than two working days, of any personal data security breaches of which it becomes aware. The communication will be accompanied by all relevant information for documenting and reporting the incident.

    Notification will not be required if the security breach is unlikely to pose a risk to the rights and freedoms of natural persons.

    If available, the following information will be provided at a minimum: a) Description of the nature of the personal data security breach, including, where possible, the categories and approximate number of data subjects affected, and the categories and approximate number of personal data records affected; b) the name and contact details of the data protection officer or another point of contact where more information can be obtained; c) description of the possible consequences of the personal data security breach; d) description of the measures taken or proposed to remedy the personal data security breach, including, where applicable, measures to mitigate possible adverse effects.

    If all the information cannot be provided at the same time, and to the extent that it is not, the information will be provided in phases without undue delay.

  8. DESTINATION OF DATA AFTER THE TERMINATION OF THE RELATIONSHIP

    Upon termination of the contractual relationship, THE PROCESSOR will request instructions from THE USER regarding the destination of the processed personal data. THE USER will inform THE PROCESSOR of the action, among the following, to be taken with the data:

    1. Return the data to THE USER and, if applicable, the media on which they are stored, once the service has been completed. The return must involve the complete deletion of the data existing on the computer equipment used by THE PROCESSOR.
    2. Deliver the data to another processor designated in writing by THE USER and, if applicable, the media on which they are stored. The return must involve the complete deletion of the data existing on the computer equipment used by THE PROCESSOR.
    3. Destroy the data, once the service has been completed. If THE USER requests it, THE PROCESSOR will certify the destruction in writing.

    In any case, THE PROCESSOR may retain a copy of the data, duly blocked, as long as responsibilities may arise from the execution of the service provision.

  9. LIABILITY IN CASE OF CLAIM

    If THE PROCESSOR becomes involved in an investigation or administrative procedure initiated by a supervisory authority regarding THE USER's data, or in a claim by a third party, it will notify THE USER.

    Both parties, by mutual agreement, commit to being liable for all damages and losses caused to the other in all cases of negligent or wrongful conduct in fulfilling the contractual and regulatory obligations incumbent upon them under this Agreement.

  10. COMPLIANCE MONITORING OF THIS AGREEMENT

    THE PROCESSOR will make available to THE USER all information necessary to demonstrate compliance with the obligations set out in this agreement, when requested by THE USER.

  11. DATA OF THE PARTIES

    Each party is informed that its personal data will be incorporated into the files of the other party to allow the development, execution, and control of the service provision relationship established, the basis for processing being this relationship and the data being retained for the entire duration of the relationship and even after, until any potential liabilities arising from it expire. They may request access to their personal data, rectification, erasure, portability, and restriction of processing, as well as object to processing, at the address of the other party indicated in the header. The data may be disclosed to Public Administrations when required by law and to financial institutions for the management of payments. In the event of any violation of rights, the affected party may file a complaint with the Spanish Data Protection Agency or another supervisory authority.

  12. APPLICABLE LAW AND JURISDICTION

    This agreement will be governed by the clauses contained herein and, for matters not provided for, by the applicable Spanish and European regulations on the processing of personal data.

    The parties, for any matter related to the interpretation or application of this agreement, expressly submit, with waiver of their own jurisdiction, to the courts of the city where this document is signed.

And, in proof of their agreement with the above, THE USER accepts this agreement, and this acceptance is digitally recorded.



Cancelar