In the delivery of its products and services (together the “Services”), as laid down in an agreement (the “Agreement”) entered into between Bizzy Fintech BV, with address at Dok-Noord 4E, PO Box 4, 9000 Ghent, Belgium and with company number 0770.493.071 (hereinafter “Bizzy”) and the customer as defined in the Agreement (hereinafter the “Customer”), Bizzy may have access to certain data processed by the Customer in its capacity as a data controller and which data qualifies as personal data. This Bizzy Data Processing Agreement (the “DPA”) governs the processing of such personal data by Bizzy. This DPA applies in addition to the other provisions as set out in the Agreement (and the documents referred to therein) and forms an integral part thereof.
1 Definitions
1.1 In addition to the notions as defined through this DPA, the following definitions apply:
1.1.1 Data Protection Legislation means any applicable legislation in force regarding the processing and protection of Personal Data.
1.1.2 “Controller”, “Processor”, “Data Subject”, “Personal Data”, “Personal Data Breach” and “Processing”/“Processed”/“Process” shall have the meanings as attributed to these notions in Data Protection Legislation.
2 Bizzy as a Controller
2.1 Bizzy shall act as a Controller with respect to Customer business representative Personal Data, including addresses, email, telephone number and other information which is shared generally and necessarily as a result of the (potential) business relationship between Bizzy and the Customer and their respective representatives.
2.2 The data referred to in clause 2.1 shall be Processed solely for purposes of contract management and customer relationship management (including the promotion of Bizzy’s Services). To this end, such Personal Data shall only be Processed within the Bizzy corporate group and kept for as long as reasonably necessary to achieve the purposes mentioned above.
2.3 Bizzy may, from time to time, make use of third party IT tools which allow the Processing of Personal Data, including standard email programs, CRM / ERP tools and issue and project tracking tools. Such use may entail the transfer of said Personal Data to countries not pertaining to the European Union.
2.4 Customer shall ensure, through its contractual arrangements, that all Personal Data provided to Bizzy by its representatives can be used according to the clauses above and that the relevant Data Subjects have been properly and fully informed by Customer and that Customer either has obtained the relevant consent of each such Data Subject or made appropriate contractual arrangements to this end. Any claims to the contrary shall be Customer’s sole responsibility.
2.5 Notwithstanding the foregoing, Data Subjects have specific rights attributed to them, including a right to access, rectify and have erased data. Such requests can be emailed to privacy@bizzy.org and shall be followed up within the shortest delays. Data Subjects can also lodge a complaint with the competent supervisory authority.
3 Bizzy as a Processor
3.1 As a result of the nature of the Services supplied, Bizzy may have (remote) access to and Process certain Personal Data stored on the Customer’s devices / systems and which are accessed and retrieved by, and stored through, the Services(s) concerned (hereinafter “Customer Personal Data”). Bizzy shall only access Customer’s system and/or devices (and potentially, Customer Personal Data) on the specific written instructions of the Customer, setting out relevant details. For this purpose the Agreement, and the performance of the Agreement, is considered to constitute such written instruction. The technical means allowing such access, and the implications resulting therefrom, are as agreed in the Agreement.
3.2In respect of what is set out in clause 3.1:
3.2.1 Bizzy shall in such capacity act solely as a Processor, not a Controller, and respect the obligations imposed on it as set out in Data Protection Legislation. The Customer agrees and acknowledges that the Processing activities referred to in this clause 3 are an integral part of the Services offering of Bizzy as agreed through the Agreement and are thus performed on the instruction of the Customer, who wishes to make use of the same. The Agreement and its provisions are Customer’s documented instructions to Bizzy for Processing Customer Personal Data. Additionally, where Bizzy is obliged by applicable Law to Process Personal Data, it shall have the right to do so.
3.2.2 Customer shall at all times act as a Controller in relation to its own Personal Data. As a result, Customer shall comply with all of its obligations as a Controller under Data Protection Legislation, including without limitation obtaining and maintaining all necessary and valid consents and providing sufficient transparency. Without limiting the generality of the foregoing, Customer shall (i) have sole responsibility for the accuracy, quality, integrity, legality and reliability of Personal Data and of the means by which it acquired Personal Data, and (ii) comply with all applicable Data Protection Legislation in collecting, compiling, storing, sharing, transferring, accessing and using Personal Data when making use of the Services.
3.3 After termination of the Agreement, Bizzy shall have no further access to Customer Personal Data referred to in this clause 3. Where, after termination of the Agreement, any Customer Personal Data would remain on any of the systems of Bizzy, Customer has the right to request the deletion or return of such Personal Data. Any such request must be submitted to Bizzy in writing.
3.4 Customer acknowledges and agrees that Bizzy may rely on sub-Processors (or “another processor”) to support the provision of the Services described in the Agreement, including its affiliated entities. For the avoidance of doubt, use of sub-Processors will not relieve, waive or diminish any obligation Bizzy has under this DPA. The Customer may request from Bizzy an up-to-date overview of sub-Processors used at any time.
3.5 During the term of the Agreement, Bizzy shall at the Customer’s costs, and to the extent possible for Bizzy and to the extent Customer (who shall at all times be the first contact point of the Data Subject involved) has no other means to meet its obligations under Data Protection Legislation, provide Customer with reasonable assistance to meet its obligations under Data Protection Legislation, including in relation to Data Subject rights. In the event Bizzy would receive any request from a Data Subject to access, delete, correct, block or otherwise Process Personal Data Processed under the Agreement, the parties agree that Bizzy shall inform the Customer of the same and hand over all relevant communications to the Customer.
3.6 The Customer, as a Controller, is entirely and solely responsible for the security of its Personal Data. Notwithstanding the foregoing, and with respect to the access to and Processing of Customer Personal Data by Bizzy in the framework of providing the Services: (i) Bizzy shall ensure that access to Personal Data by Bizzy personnel is limited to those personnel who require such access to perform the Agreement and that those personnel to whom it grants access to such Personal Data are directed to keep such Personal Data confidential; (ii) Bizzy shall maintain appropriate administrative, physical, technical and organizational safeguards to protect the Customer Personal Data having regard its role; (iii) to the extent relevant, and unless notification is delayed by the actions or demands of a law enforcement agency, Bizzy shall report to Customer the unauthorized acquisition, access, use, disclosure or destruction of Personal Data (a “Breach”) promptly following determination by Bizzy that a Breach occurred on its systems.
3.7 Upon Customer’s reasonable request, Bizzy shall provide such information to the Customer necessary to demonstrate its compliance with Data Protection Legislation. The Customer can also request an independent third-party auditor, to be approved in writing by Bizzy, to conduct an audit. The contract with such auditor shall require the auditor to respect Bizzy’s confidentiality obligations, trade secrets and confidential information and shall solely relate to compliance with Data Protection Legislation for the Customer. An audit can only be required taking into account reasonableness and for a maximum of once (1) per two (2) years. Audits shall be conducted at a time agreed with Bizzy in writing, and in each event during normal business hours and without interruption to Bizzy’s normal business operations. The Customer shall bear all costs related to such audits.
4 Term
4.1The DPA remains in effect as long as Customer Personal Data is Processed as part of the Agreement. If the Agreement is terminated, this DPA shall also end, except for the confidentiality obligations imposed upon the parties and any other provisions that, by their nature, survive the termination of this DPA.
5 General
5.1 Any responsibilities and liabilities will be dealt with in accordance with the corresponding provisions as set out in the Agreement and which shall prevail.
5.2 This DPA is governed by Belgian law. Any dispute between the parties regarding the terms of this DPA shall be brought before the competent courts as determined in the Agreement or, in the absence thereof, before the courts of Ghent, Belgium.
5.3 The validity of the DPA or its other clauses shall not be affected by the invalidity or other unenforceability of any of its clauses. Any clause that is declared invalid or otherwise unenforceable shall be replaced by a clause that, within the limits of applicable law, most closely aligns with the original intent of the invalid/unenforceable clause.
5.4 Bizzy may amend this DPA from time to time. The latest version of the DPA always applies to your use of the Services. We therefore recommend that you regularly review the DPA. You will always find the latest revision date at the bottom of the document.
© Bizzy Fintech BV – Last modified in February 2025
