Salonround - Terms & Conditions and Data Processing Agreement
New: Get a professional website for your salon with the Salonround Website Builder New: the Salonround Website Builder
Features Customers Pricing Support
Sign in Start free trial EN
Features Customers Pricing Support Sign in
Start free trial
EN

Terms & Conditions and Data Processing Agreement

General Terms and Conditions and Data Processing Agreement

General Terms and Conditions

Article 1 – Definitions

1. Customer: Any natural person or legal entity that enters into, wishes to enter into, or has entered into a legal relationship with Roundly B.V.
2. General Terms and Conditions: These present general terms and conditions.
3. Roundly B.V.: Roundly B.V., a private limited liability company, having its office in Almere, the Netherlands (Chamber of Commerce number 98662554).
4. Agreement: Any agreement and/or other legal relationship between Roundly B.V. and Customer regarding the provision of services and/or goods and related matters.
5. Parties, respectively Party: Roundly B.V. and/or Customer.
6. Supplier: Any supplier of Roundly B.V., including but not limited to email service providers, hosting providers, SMS service providers, and other suppliers.
7. Customer Portal: The online environment where the Customer arrives after logging in.


Article 2 – Applicability of the General Terms and Conditions

1. These General Terms and Conditions apply to all Agreements and every relationship between Customer and Roundly B.V. This means, among other things, that the conditions apply to all quotations, offers, work, agreements, and deliveries of services, software, or products by or on behalf of Roundly B.V.
2. The applicability of other general terms and conditions, including general terms and conditions of the Customer, is expressly rejected.
3. By using the services and/or software of Roundly B.V., including use during a trial subscription, by taking out a subscription with Roundly B.V. and/or entering into an agreement with Roundly B.V., Customer acknowledges having read and accepted the General Terms and Conditions, the privacy policy, and the data processing agreement.
4. Deviations from these General Terms and Conditions are only possible if expressly agreed in writing between the Parties. If the provisions of these General Terms and Conditions deviate from the content of the Agreement, the content of the Agreement shall prevail.

Article 3 – Conclusion and term of the Agreement

1. The Agreement between Roundly B.V. and Customer is concluded at the moment Customer registers via one of Roundly B.V.’s websites, including but not limited to Salonround.com, Salonround.com, Salonround.nl, Salonround.nl, Salonround.cz, and Salonround.cz.
2. If the Agreement has been entered into for a fixed period, the Customer cannot terminate the Agreement prematurely. After expiry of this period, the Agreement is tacitly renewed for the same period, unless the Agreement is terminated at least one (1) month before the end of the period. In the case of an Agreement for an indefinite period, the Agreement may be terminated by Customer or Roundly B.V. subject to a notice period of at least one (1) month.
3. The Agreement may be terminated prematurely by Customer and Roundly B.V. if:
- the other Party imputably fails to fulfil an obligation under the Agreement, and performance does not take place after that Party has been given notice of default, granting a reasonable period for performance;
- the other Party has applied for or has been granted suspension of payments;
- the other Party has been declared bankrupt or a bankruptcy petition has been filed against that Party;
- the other Party is liquidated or ceases its activities.
4. If Customer does not comply with the obligations under the General Terms and Conditions and/or Agreement, Roundly B.V. is at all times entitled to deny that Customer access to the services, including the SaaS solution and the software, and to deactivate Customer’s account, without prejudice to the other rights of Roundly B.V. under the Agreement and General Terms and Conditions.
5. Upon termination of the Customer’s subscription, including but not limited to cancellation of the subscription by Customer, termination of the Agreement by Customer or Roundly B.V., expiry of the Customer’s subscription, deletion of the account by Customer, and expiry of the trial period without timely taking out a subscription, Roundly B.V. is entitled to delete Customer’s data without prior notice.

Article 4 – Access to account and services

1. After conclusion of the Agreement, Roundly B.V. grants Customer access to the parts of the software and/or services that belong to the subscription chosen by the Customer.
2. Customer only obtains a non-exclusive and non-transferable right to use the services and/or software for the duration of the Agreement.
3. It is assumed that Customer uses a modern web browser. If Customer uses an outdated web browser, not all functions of the services and software may work optimally.
4. As soon as Customer gains access to the services and software, Customer has 48 hours to carry out a check. If there is a non-conformity, Customer is obliged to report this within 48 hours after gaining access to the services and software, by email ([email protected] or [email protected]). If no report is made within 48 hours after Customer has gained access to the services and software, Customer is deemed to have unconditionally accepted the delivery.

Article 5 – Fees

1. Customer owes Roundly B.V. a fixed monthly or yearly fee, as determined and published by Roundly B.V. for the package chosen by Customer, unless otherwise agreed in writing. All prices are exclusive of VAT and any other government levies, unless expressly stated otherwise.
2. Roundly B.V. is entitled to reasonably adjust the rates for its packages once per calendar year. Roundly B.V. will inform Customer in writing or electronically at least one (1) calendar month before the effective date of the new rates. If Customer does not agree, Customer has the right to terminate the Agreement as of the effective date, provided this is notified in writing before that date.
3. Customer owes Roundly B.V. an amount for SMS messages sent via the system, at the rate per SMS determined and published by Roundly B.V., unless otherwise agreed in writing. These costs are exclusive of VAT, unless expressly stated otherwise.
4. Roundly B.V. may, at any time and in a reasonable manner, adjust the rates applicable to SMS messages. Roundly B.V. will inform Customer in writing or electronically at least one (1) calendar month before the effective date of the new SMS rates. This gives Customer the opportunity, for example, to set that no SMS messages are sent automatically anymore.
5. The system also offers the possibility to send emails, including marketing emails. From a number of marketing emails per month determined and published by Roundly B.V., Customer owes an amount per email sent, as determined and published by Roundly B.V., unless otherwise agreed in writing. These costs are also exclusive of VAT, unless expressly stated otherwise.
6. The rates for marketing emails and the number of marketing emails from which these rates apply may be adjusted by Roundly B.V. at any time in a reasonable manner. Roundly B.V. will inform Customer about this in writing or electronically at least one (1) calendar month before the effective date of the changes. In that case, Customer has the opportunity, for example, to set that no marketing emails are sent anymore.
7. If Customer orders marketing material from Roundly B.V., such as business cards or other printed matter, Customer owes Roundly B.V. a fee in accordance with the rates determined and published by Roundly B.V. These costs are exclusive of VAT, unless expressly stated otherwise.
8. The rates for this printed matter may be changed by Roundly B.V. at any time. Customer has the opportunity, before placing an order, to decide whether to place an order at the rate in force at that time.

Article 6 – Payments

1. Roundly B.V. has the right to provide invoices to Customer electronically (by email/online).
2. The invoices of Roundly B.V. are automatically collected on the invoice date by Roundly B.V. via direct debit, unless expressly agreed otherwise. If collection is not possible, invoices must be paid within 14 days of the invoice date, unless agreed otherwise.
3. Customer is not entitled to suspend, set off, or compensate the invoices of Roundly B.V. with claims against Roundly B.V.
4. In the event of exceeding the payment term, Customer owes statutory interest, without further notice of default being required. In the event of exceeding the payment term, Roundly B.V. is also entitled to suspend the performance of the Agreement. Roundly B.V. is also entitled in that case to claim compensation for extrajudicial collection costs, set at a minimum of 15% of the total invoice amount, without prejudice to the other rights of Roundly B.V. under the Agreement and General Terms and Conditions.

Article 7 – Support

1. If Customer needs help, Customer can contact Roundly B.V.’s customer service free of charge. This can be done via chat, via WhatsApp, and via email ([email protected] and [email protected]).
2. Roundly B.V.’s customer service will make every effort to help Customer as quickly as possible.

Article 8 – Confidentiality

Parties will not share information of the other Party with third parties without having obtained prior written consent from the other Party, where the Party sharing the information knows or can reasonably suspect that this information is secret or confidential. This also includes business-sensitive information. This duty of confidentiality does not apply to information that must be disclosed on the basis of a legal obligation or a court order.

Article 9 – Obligations of Customer

1. Customer is solely responsible for managing usernames, passwords, accounts, and the data that Customer stores or processes in the system of Roundly B.V. Customer must ensure that strong passwords are set. Customer is prohibited from sharing usernames, passwords, or other access data with third parties. Roundly B.V. is not liable for damage or loss resulting from Customer’s failure to comply with these obligations.
2. Roundly B.V. may assume that all actions performed via an account, after logging in with the corresponding username and password, take place under the direction and supervision of Customer or the users authorised by Customer. Customer is fully liable for these actions.
3. If Customer suspects that a third party has unauthorised access, for example by obtaining the password, Customer must immediately change the password and inform Roundly B.V. of this in writing or by email ([email protected] or [email protected]).
4. Customer is responsible for all accounts under its control, which means that if Customer chooses to give its employees accounts, Customer is fully responsible for those accounts and any use of those accounts. This means, among other things, that Customer is fully responsible for these accounts with regard to compliance with the General Terms and Conditions.
5. Customer ensures that the data provided by Customer to Roundly B.V. is correct and complete. In case of changes to that data, Customer will inform Roundly B.V. immediately.
6. It is prohibited to use the services and software for acts that are in violation of applicable laws and regulations, including but not limited to European regulations, the laws of the country in which Customer is established, or the regulations of the country from which the services and software are used.
7. Customer is at all times solely responsible for ensuring that the use of the services and software complies with applicable laws and regulations, including but not limited to laws and regulations on personal data, and Customer must verify this independently.
8. Roundly B.V. is not liable for damage or liability towards third parties arising from actions, configurations, or decisions of Customer within the software and services, nor for Customer’s failure to use the software and services correctly or for incorrect use of the software by Customer.
9. Customer is fully responsible for the correct use of the services and software, including entering correct data, complying with applicable laws and regulations, and managing features such as, but not limited to, setting the correct VAT rates and entering information that is required to be visible due to regulations in Customer’s web store.
10. Customer understands that the services and software are tools that must be correctly configured and used by Customer in order to comply with applicable laws and regulations.
11. Customer keeps information relating to Roundly B.V., which Customer knows or can reasonably suspect to be confidential or secret, including business-sensitive information, or where Customer can expect that its disclosure could cause damage to Roundly B.V., confidential.
12. If Customer adds its own additional text to transactional emails, including but not limited to appointment confirmations, appointment reminders, notifications of changes to appointments, notifications of appointment cancellations, no-show confirmations, “Confirmation required” emails, notifications of receipt of appointment requests, notifications of acceptance of appointment requests, notifications of rejection of appointment requests, requests to complete forms, emails with digital receipts, emails with digital gift cards, emails with invoices for online gift cards, confirmations of purchased packages, confirmations of web store orders, notifications that web store orders have been shipped or are ready for pickup, waiting list confirmations, notifications of available time slots via the waiting list function, review requests, emails with responses to reviews, it is not permitted for these texts to contain marketing content. If Customer uses the services and/or software of Roundly B.V. to create forms, it is also not permitted to include text and/or questions with marketing purposes in these forms. Except for features explicitly intended for Customer’s marketing, including newsletters, automated marketing emails, and the website builder, Customer is not permitted to use the services and software of Roundly B.V. to distribute texts with marketing purposes.
13. Customer indemnifies Roundly B.V. against any claim by third parties in connection with the performance of the Agreement and/or the use of the services or software by Customer.

Article 10 – Liability

1. Roundly B.V. is only liable for direct damage resulting from an imputable failure by Roundly B.V. Direct damage exclusively means:
- The reasonable costs incurred to determine the cause and extent of the damage, insofar as such determination relates to damage within the meaning of these conditions;
- Any reasonable costs incurred to have the defective performance of Roundly B.V. comply with the Agreement, insofar as they can be attributed to Roundly B.V.;
- Reasonable costs incurred to prevent or limit damage, insofar as Customer demonstrates that these costs have resulted in limiting direct damage as referred to in these General Terms and Conditions.
2. For other forms of damage, on any basis whatsoever, including indirect damage, including but not limited to consequential damage, lost investments, missed savings, lost assignments, loss of customers, damage due to damaged or lost data, damage due to business interruption, loss of profit, or damage to third parties, Roundly B.V. is not liable.
3. The total liability of Roundly B.V. for direct damage, on any basis whatsoever, is per event – where a series of related events is regarded as one event – at all times limited to an amount equal to the subscription fees (excluding VAT) paid by Customer to Roundly B.V. over the ten (10) months prior to the event causing the damage, with a maximum of the amount paid out by Roundly B.V.’s liability insurance.
4. Customer can only claim compensation if Customer has notified Roundly B.V. in writing within thirty (30) days from the moment Customer could reasonably have discovered the damage.
5. The limitations of liability included in these General Terms and Conditions do not apply if the damage is due to intent or gross negligence on the part of Roundly B.V.

Article 11 – Force majeure

In the event of force majeure, Roundly B.V. is never obliged to compensate the damage thereby incurred by Customer. Force majeure includes, but is not limited to: disruptions or failure of the internet, disruptions or failure of telecommunications infrastructure, seizures, delays at or bankruptcy of third parties engaged by Roundly B.V., a (D)DoS attack, power failures, mobilisation, war, civil unrest, force majeure of suppliers of Roundly B.V., failure of suppliers of Roundly B.V. to properly fulfil their obligations, transport difficulties, strikes, lockouts, stagnation in supply, fire, flooding and other natural disasters, government measures, (cyber)crime, and (cyber)vandalism.

Article 12 – Availability

1. Roundly B.V. strives for high availability of the services and software but cannot guarantee that these will function uninterrupted and/or free of errors at all times. In the event of malfunctions, technical problems, or other issues, Roundly B.V. will make every effort to resolve them as soon as possible and within reasonable limits. Although Roundly B.V. will make every effort to minimise disruptions, it cannot guarantee that the services and software will always function uninterrupted or without errors. Temporary unavailability, malfunctioning, and/or interruption or failure of (parts of) the services or software cannot be fully excluded. Customer remains obliged to pay the full fee, even if the services or software are temporarily unavailable. If the unavailability and/or malfunctioning of the services or software continues for more than five (5) consecutive working days, counted from the day on which Customer has reported the unavailability in writing to Roundly B.V., Roundly B.V. may, at its own discretion, apply a reasonable discount to the fee, in proportion to the duration of the unavailability.
2. To safeguard the quality of the software and services, Roundly B.V. regularly carries out maintenance work and implements updates. Roundly B.V. will try to limit the impact on the availability of the software and services as much as possible. Nevertheless, certain work may cause temporary disruptions or limitations in accessibility. Where reasonably possible, Roundly B.V. will inform Customer in advance of planned maintenance work, unless this is not feasible or necessary in view of the circumstances.
3. The above does not entitle Customer to any form of compensation from Roundly B.V.

Article 13 – Intellectual property

1. All intellectual property rights related to the software and the services, including but not limited to the rights to the software’s program code (including future updates or upgrades of the software), the code, the features, the documentation, the technical information, and data related thereto, the templates of, among others, the Design & Print Studio, the Social Studio, and the digital gift card editor, the themes of, among others, the Website Builder, are and remain the exclusive property of Roundly B.V. and can never become the property of Customer. The intellectual property rights to all modifications or improvements of the software, the services, or other matters related thereto, regardless of whether they result from requests, suggestions, or ideas originating from Customer, also rest exclusively with Roundly B.V. Roundly B.V. is the sole owner of all parts of its software, all parts of its services, and/or other intellectual property rights related thereto and will always remain so.
2. Data and information of Customer that Customer stores or processes via Roundly B.V., such as data of its customers, are and remain the property of Customer.
3. Customer obtains only a non-exclusive and non-transferable right to use the software and services for the duration of the Agreement for Customer’s normal business operations (hereinafter: Right of Use).
4. The Right of Use is limited to the components and features that belong to the subscription chosen by Customer and applies only to the number of users for whom Customer has taken out a subscription.
5. Roundly B.V. may take technical measures to protect the software and services, and Customer may not remove or circumvent this protection.
6. For services from a Supplier of Roundly B.V. that have not been developed by Roundly B.V., the terms and conditions of the relevant Supplier apply.

Article 14 – Suppliers

Roundly B.V. is not liable for damage resulting from acts, omissions, or failures of its Suppliers, except in the case of gross negligence or intent on the part of Roundly B.V.

Article 15 – Changes

1. Roundly B.V. reserves the right to modify, remove, or discontinue a service, version, or any component of the services or software at any time and at its own discretion (hereinafter: “Changes”). Such Changes may be implemented for various reasons, including but not limited to:
- complying with applicable laws or regulations;
- ensuring security;
- changes imposed by an external supplier;
- terminating cooperation with an external supplier that is essential for the provision of the services or software;
- necessary changes as a result of adjustments in the software or services of Suppliers; and/or
- changes that, in the opinion of Roundly B.V., will lead to an improvement of the services or software.
2. Roundly B.V. will make efforts to inform Customers in a timely manner about such Changes, unless this is not reasonably possible or necessary.
3. Roundly B.V. is not obliged to maintain, add, or modify specific features or characteristics of the software and/or services for Customer.

Article 16 – Stripe and Sendcloud

Roundly B.V. enables Customer to make use of the services of Stripe (https://stripe.com) and Sendcloud (https://sendcloud.com). If Customer chooses to use the services of Stripe, Customer enters into a direct contractual relationship with Stripe and agrees to Stripe’s terms and conditions. If Customer chooses to use the services of Sendcloud, Customer enters into a direct contractual relationship with Sendcloud and agrees to Sendcloud’s terms and conditions.

Article 17 – Applicable law and competent court

1. These General Terms and Conditions, the data processing agreement, and every Agreement between Customer and Roundly B.V. are exclusively governed by Dutch law.
2. All disputes arising out of or relating to the General Terms and Conditions, the data processing agreement, and the Agreements, and/or their performance shall be submitted exclusively to the competent court in the district of The Hague.
3. The applicability of the Vienna Convention on Contracts for the International Sale of Goods 1980 (CISG) is excluded.

Article 18 – Language and interpretation

1. These General Terms and Conditions have been translated from Dutch into several languages, including Czech, Danish, German, French, and English. In the event of any dispute regarding the interpretation, scope, or content of these conditions, the Dutch text shall be decisive.

Article 19 – Amendment of the General Terms and Conditions

1. Roundly B.V. reserves the right to amend these General Terms and Conditions. Amendments will be communicated to Customer in writing or electronically, for example by email or by publication in the Customer Portal, and will take effect on the date stated in the notice.

Article 19 – Other provisions

1. If any provision of these General Terms and Conditions is null and void or annulled, this shall not affect the validity of the remaining provisions. In that case, the original provision will be replaced by a valid provision that most closely matches the purpose and intent of the original provision.
2. The provisions which by their nature are intended to remain in force after termination of the Agreement shall remain applicable after termination of the Agreement, regardless of the reason or manner of termination.
3. Roundly B.V. is entitled to transfer and/or outsource its rights and obligations under any Agreement, in whole or in part.



Data Processing Agreement

Recitals

- The processor of personal data is Roundly B.V. (hereinafter: the “Processor”).
- The Customer is the controller (hereinafter: the “Controller”).
- The Controller processes personal data for the purposes listed in Annex 1.
- The Controller and the Processor have concluded an agreement (hereinafter: the “Agreement”), of which this data processing agreement forms an integral part.
- In the context of the Agreement, the Processor will process personal data on behalf of the Controller, whereby the Controller acts as controller and the Processor as processor within the meaning of the General Data Protection Regulation (Regulation (EU) 2016/679 of 27 April 2016) (hereinafter: the “GDPR”).
- The Controller and the Processor wish, in accordance with the General Data Protection Regulation, to lay down their mutual rights and obligations for the processing of personal data in this data processing agreement (hereinafter: this “Data Processing Agreement”).
- “General Terms and Conditions” means the general terms and conditions of Roundly B.V., which form an inseparable part of the Agreement.
- The provisions of the Agreement and the General Terms and Conditions apply to this Data Processing Agreement; in case of contradictions concerning the processing of Personal Data, the provisions of this Data Processing Agreement prevail.

Article 1 – Data Processing

1. In the context of performing the work for the Controller, the Processor will process personal data according to the instructions and under the responsibility of the Controller. The personal data that the Processor will process under this Data Processing Agreement are further described in Annex 2 (hereinafter: the “Personal Data”). The individuals whose data are recorded (hereinafter: the “Data Subjects”) are further described in Annex 3.
2. The Personal Data may only be used by the Processor for the purposes described in Annex 1, unless the Processor is required to process the Personal Data on the basis of a legal obligation.
3. The Processor will inform the Controller immediately if the Processor must process Personal Data on the basis of a legal obligation, unless applicable law prohibits the Processor from informing the Controller.
4. The Processor is not permitted to process the Personal Data obtained from or on behalf of the Controller for its own (commercial) purposes, to combine them with (other files containing) personal data, or to provide them to third parties.
5. In processing the Personal Data, the Processor will act in accordance with the Agreement, the applicable (European) laws and regulations regarding the protection of personal data, including but not limited to the GDPR, as well as any codes of conduct, policy documents, and guidelines of the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, hereinafter: the “AP”) applicable to the Controller and/or the Processor.
6. The Processor will, as far as reasonably possible, provide the Controller with all cooperation necessary to carry out data protection impact assessments (DPIAs) regarding the impact of the processing on the privacy of Data Subjects and to comply with the Controller’s legal obligations in this respect.
7. At the Controller’s request, the Processor will inform the Controller about the measures it has taken with regard to its obligations under this Data Processing Agreement and the applicable privacy legislation.
8. The Controller warrants that the content, the manner in which it is used, and the instructions given by the Controller for the processing of Personal Data comply with all applicable laws and regulations and do not infringe the rights of third parties.

Article 2 – Technical and organisational measures

1. The Processor will take, maintain, and where necessary adjust appropriate technical and organisational measures to protect the Personal Data against destruction (whether accidental or unlawful), accidental loss, alteration, unauthorised disclosure or access, or any other form of unlawful processing. Taking into account the state of the art and the costs of implementation, these measures shall ensure an appropriate level of security, having regard to the risks presented by the processing and the nature of the data to be protected. These measures are also aimed at preventing unnecessary collection and further processing of personal data. To that end, the Processor will in any case, but not exclusively, adhere to the security level set out in Annex 4. The Processor may unilaterally update Annex 4 to reflect the most recent security standards.
2. The Processor may only transfer the Personal Data to a country outside the European Economic Area or to an international organisation in compliance with the applicable legal requirements for such transfers.
3. The Processor will instruct its (own or contracted) staff so that they do not act in contravention of this Data Processing Agreement.
4. If there is a personal data breach at the Processor (hereinafter: a “Data Breach”), the Processor will inform the Controller within 48 hours after discovery. The notification will at least include the following information: a) the nature of the breach (including the time of the breach, moment of notification/discovery, content/nature of the incident), b) recommended measures to limit the negative consequences of the breach, c) the measures the Processor has taken or proposes to remedy these consequences, and d) the contact details of the departments/contact persons within its organisation where more information about the breach can be obtained. If the Processor is unable to provide all this information immediately, it will supply this to the Controller in stages.
5. The Processor will take measures as soon as possible to remove the causes of the Data Breach and to limit or undo its possible adverse consequences as much as possible.

Article 3 – Confidentiality

1. The Personal Data is subject to a duty of confidentiality towards third parties.
2. The Processor will require the persons employed by it or performing work for it to maintain confidentiality with regard to the Personal Data they may become aware of.

Article 5 – Engagement of Sub-processor

1. The Processor is permitted to use a third party (hereinafter: the “Sub-processor”) in relation to the processing of Personal Data under this Data Processing Agreement if and to the extent that the Controller has given its prior consent. Each Sub-processor engaged by the Processor is listed in Annex 5.
2. The Processor will, also on behalf of the Controller, impose the same obligations on the Sub-processor by means of an agreement as those arising for the Processor from this Data Processing Agreement.

Article 7 – Audits

1. The Controller has the right to carry out (or have carried out) an audit no more than once per year, with the aim of verifying whether the measures and provisions implemented by the Processor comply with this Data Processing Agreement. The costs associated with this audit are borne by the Controller. The Processor will cooperate with this and make all information relevant to the audit available in a timely manner.
2. The Controller must announce the audit at least 14 days in advance. The execution of the audit may not unreasonably disrupt the normal business operations of the Processor.

Article 8 – Requests and complaints from Data Subjects

1. If and insofar as the Processor receives a request (for example pursuant to Article 15 GDPR or Chapter 3 GDPR) from a Data Subject regarding Personal Data that the Processor processes of that Data Subject, the Controller will handle this request. The Processor will forward such a request to the Controller as soon as possible.
2. If the Processor receives complaints about the way in which Personal Data is processed by it, it will inform the Controller thereof. In addition, the Processor will ensure proper handling of the complaint. The Processor will also inform the Controller about the handling of the complaint.

Article 9 – Liability and indemnification

1. The provisions regarding indemnifications, liability, and compensation in the General Terms and Conditions apply in full to this Data Processing Agreement.

Article 10 – Duration, termination, and amendment of the Data Processing Agreement

1. This Data Processing Agreement has the same duration as the associated Agreement and cannot be terminated separately from the Agreement. The grounds for termination are in accordance with those of the Agreement.
2. As soon as this Data Processing Agreement has ended, the Processor will, at the first request of the Controller, delete the Personal Data and/or other relevant information held by the Processor or transfer it to the Controller, and subsequently ensure the destruction of any remaining copies, unless the Processor is legally obliged to retain Personal Data.
3. In the event of changes in the services provided by the Processor, legislation, or other relevant circumstances that affect the processing of the Personal Data, the Processor and the Controller will consult about any necessary amendment of the Data Processing Agreement.

Article 11 – Language and interpretation

This Data Processing Agreement has been translated from Dutch into several languages, including Czech, Danish, German, French, and English. In the event of a dispute regarding the interpretation, scope, or content of this Data Processing Agreement, the Dutch text shall be decisive.

Annex 1: Purposes

Providing Customer with access to and use of the software of Roundly B.V. to support Customer’s daily business operations, including making appointments, using a cash register, managing customers, and using marketing tools.

Annex 2: Personal Data

- First and last name

- Date of birth

- Gender

- Data related to appointments, including photos and notes

- Internet browser and device type

- Financial data

- Address details

- Telephone number

- Email address

- IP address

Annex 3: Data Subjects

Customers of the Customer, as well as employees working for the Customer.

Annex 4: Security measures

The measures to be taken by the Processor as referred to in Article 2 of this Data Processing Agreement will consist of at least, but not limited to:

1. complying with the obligations set out in Article 2 (Security) and Article 3 (Confidentiality) of this Data Processing Agreement;
2. installing and keeping up to date a system with which access to the Personal Data is protected by an authentication method such as a password or by similar means that are at least equally reliable. The Processor will ensure that the persons it engages comply with the “best practices” associated with such authentication methods, including at least handling the password confidentially;
3. protecting the system with which the Processor processes the Personal Data by means of preventive, detective, and corrective measures (including but not limited to timely implementation of current security patches and virus checks) and protecting information systems and technology against malware (including but not limited to viruses, spyware, and spam);
4. logging and monitoring access to the system (including checking for signs of unauthorised access to the Personal Data, such as incorrect login attempts and exceeding authorisation levels);
5. assigning authorisations for access to systems to employees and third parties based on role descriptions;
6. maintaining documentation in which it is recorded to which third parties the Personal Data is provided;
7. adequate physical protection of the premises in which and the equipment on which the Personal Data is stored (such as access security, temperature control, measures to prevent and combat fire and water damage);
8. pseudonymising and/or encrypting the Personal Data insofar as this is necessary in view of the risks of the processing and the nature of the personal data to be protected;
9. implementing the above information security measures within the organisation.

Annex 5: Sub-processors

- DigitalOcean: servers, database, and file storage
- Postmark: emails
- GatewayAPI: SMS
- tawk.to: chat
- Stripe: payment provider
- Sendcloud: web store labels
- Mailchimp: integration with Mailchimp