1. GENERAL INFORMATION

1.1. DEFINITIONS

Affiliate : Affiliate, as defined by EU company directives, means, in relation to a person, any company or other entity, whether or not with legal personality, which directly or indirectly controls, is controlled by or is under joint control with that person. For this purpose, a person is deemed to control a company or entity if it (a) owns, directly or indirectly, at least 50 percent of the capital of the other company, or (b) in the absence of such ownership interest, substantially has the power to direct or cause the direction of the management and set the policies of such company or entity.

Agreement : the entire agreement entered into between the Parties, which consists of the documents referred to in Article 1.2.2. of these General Terms and Conditions, including all attached annexes. Each Order Form and related documents constitute a separate Agreement binding upon the Parties with respect to the Services/Products concerned.

Business day: Every day except Saturdays, Sundays and Belgian public holidays unless otherwise specified in the Agreement.

Business hours: All hours between 08:00 and 18:00 CET/CEST on any Business Day, except where explicitly mentioned otherwise in the Specific terms and conditions.

Calendar day: Any day of the Gregorian calendar.

Codit: Codit BV with registered offices at Gaston Crommenlaan 14 b0301, 9050 Ghent, with KBO / BCE number 0471.349.823.

Customer : the beneficiary of the Services/Products provided by Codit, as identified in the relevant Order Form.

End user: Natural person who ultimately uses or is intended to ultimately use the Product or Service.

Incident:   An unplanned interruption to a Service or a reduction in the Quality of a Service. Failure of a configuration item that has not yet impacted Service is also an Incident.

Intellectual Property Rights : means any and all intellectual property rights (including but not limited to  as copyright, database rights, right on computer programs, trademark and patents rights) and other proprietary rights , such as knowhow and  protection of trade secrets.

Product:   Products provided or assigned to the Customer under   the Agreement.

Service: any and all services to be provided by Codit to the Customer in accordance with the Agreement.

Specific Terms and Conditions : terms applicable to the provision of a specific Product or Service.

1.2. SCOPE

1.2.1. This document defines the general terms and conditions applicable to the provision of Products and/or  Services by Codit to the Customers.

1.2.2. The Agreement consists of the following documents : (i) these general terms and conditions; (ii) the specific terms and conditions and (iii) the Order Form including any particular terms and conditions applicable to the Customer if any).

1.2.3. By ordering and/or using the Service/Product, the Customer explicitly acknowledges having received the documents enumerated in Article 1.2.2 above or having been informed of the existence of  said documents, having taken cognizance of them and approving them. As such, the Customer renounces his own general and/or specific terms and conditions, even if it is stated in these that they shall prevail and/or they are attached to the Order Form.

1.2.4. The Customer has the right to issue Order Forms for the benefit of his Affiliates. In  that case, the Affiliates shall be bound by the contractual terms and conditions applicable to the Services and/or Products ordered and the Customer shall be jointly and severally liable for the implementation of all the commitments, guarantees and obligations, including the payment obligations of the Affiliates under the Agreement.

Codit reserves the right to refuse an Order Form or request from the Customer the reimbursement of all undue discounts perceived when  Customer has set up a structure or grouping for the sole purpose of enabling their Affiliates to benefit from this Agreement or when the legal entity does not fit with the Affiliate definition

 

1.3. DOCUMENT PRIORITIZATION

In case of conflict or inconsistencies between the documents of the Agreement, the following order of precedence shall apply in decreasing order of priority:

– the  Order  Form,  including, if the case may be,any  particular terms  and conditions applicable to the Customer;

– the specific terms and conditions (including Annexes, if relevant);

– the General Terms and Conditions(including Annexes);

2. AGREEMENT PROCEDURE

2.1. REQUEST BY THE CUSTOMER

2.1.1. By submitting the  request for the Products and/or Services the Customer confirms that he has the power and authority required to represent and bind the Customer.

2.1.2. Upon Codit’s first request, the Customer must provide the following documents and information:

1. a) if the Customer is a legal person or a de facto association: a copy of the bylaws published in the Appendixes of the Belgian national Official Gazette or any other official public records (if applicable), and any amendments that may have been made thereto;
2. b) if the person is a representative of a natural or legal person or of a de facto association: the person must provide proof of his identity and the power of attorney.

Codit must be immediately informed in writing of any changes to the Customer’s name or address, the registered office, or the name or legal form of the legal person. The Customer is solely responsible for the information he provides to Codit.

2.2. ENTRY INTO EFFECT, TERM AND END OF THE AGREEMENT

2.2.1. Codit may reject the Customer’s order or additional services and options on a discretionary basis, including, without limitation, any of the following grounds:
– the Customer has not complied and refuses to comply with the conditions stipulated in Article 2.1 of these General Terms and Conditions;
– the Customer has failed to honor the obligations incumbent upon him under another contract concluded with Codit ;
– in case of proven fraud or serious doubt regarding the Customer’s identity or  solvency;
– the Customer refuses to comply with Codit ‘s first request to pay a down payment or provide an unconditional bank guarantee;
– for technical reasons  (e.g Codit does not support the Customer  infrastructure).

2.2.2. Unless stated otherwise in the Specific Terms and Condition(s) or the corresponding Order Form(s), the initial Agreement term shall be two (2) years (the Initial Term).

2.2.3. Unless stated otherwise in the Specific Terms and Condition(s) or the corresponding Order Form(s) ,the Initial Term takes effect on the day after the date on which the Products and/or Services are made available to the Customer (the Initial Date) Should this date be postponed by more than five (5) Business  days for reasons attributable to the Customer, Codit reserves the right to bill for all Products and/or Services that were already provided to the Customer on the Initial Date.

2.2.4. Unless stated otherwise in the Specific Terms and Condition(s) or the corresponding Order Form(s), at the end of the Initial Term, the Agreement will be tacitly renewed for successive twelve-months periods. Should one Party not wish to extend the Agreement, it must notify the other in writing at least three (3) months before the end of the Initial Term or the current extension.

2.2.5. Either Party may terminate the Agreement  unilaterally, at any time and without referral to the courts, by written notifice to the other Party if the latter materially breaches any of its obligations under the Agreement or (insofar as remedy is possible) fails to rectify this within thirty (30) days of written notice.

Will in any case  be considered as material breaches (without being restricted to the following cases):

– the violation by a Party of the confidentiality undertakings under Article 7;

– non-payment by Customer of the bill (article 6.3.5);

– the violation by the Customer of Article 4.8. (non sollicitation clause); Article 8 (Data Protection) ; Article 9 (Intellectual Property);

– the use by the Customer and/or its End-Users of the Products/Services or their subject for fraudulent or illegal purposes  and more generally in violation of Article 4.5.

2.2.6. To the maximum extent permitted by law, the Agreement shall automatically be terminated if either Party ceases its activities, becomes insolvent or goes into bankruptcy, is dissolved or undergoes a similar procedure.

2.2.7. In case the Customer terminates the Agreement prematurely, the Customer shall pay all amounts due for the remainder of the Initial Term or the current Agreement extension, without prejudice to the reimbursement of any discount that the Customer may have unduly benefitted from. In addition, any arrangements made for deferred payment shall become null and void, and any outstanding sums relating to, for example, the installation or infrastructure costs, shall be due immediately.

2.2.8. In case the Agreement is terminated due to the Customer failing to comply with his obligations,  the  amounts  referred  to  in  Article 2.2.7 shall apply and may be increased with administrative charges and damages for all loss, damage, costs or expenses sustained by Codit as a result of the fault of the Customer or his employees, including, but not limited to, reasonable legal fees and legal expenses.

2.2.9. Should Codit decide to end the provision of a certain Product or Service, it must notify the Customer in writing at least three (3) months in advance. The notice period will start the first working day of the following month following the date of the registered letter. Such notification shall contain, at the very least, the full reference of the Product or Service concerned and the date on which the Service or Product is end of life. Codit will not be liable to pay the Customer any compensation.

2.2.10. Unless stated otherwise, every offer issued by Codit has a validity  period limited to sixty  (60) Calendar days.

2.2.11. Within ten (10) Business days after the termination of this Agreement for any reason whatsoever, each Party shall return all information belonging to the other Party, including the carriers on which this is located, to the other Party, except where this information through its form or nature may not be subject to return or unless otherwise specified. In such cases, the information and documentation shall be destroyed or deleted with the help of all appropriate resources and the returning Party shall confirm in writing within three (3) Business days after the termination that it has proceeded to destroy or erase the information in question. This destruction or erasure of the information in question does not apply if, and only to that extent, the returning Party has a legal or regulatory obligation of safekeeping in respect of that information.

3. AMENDMENTS TO THE AGREEMENT

3.1. Codit reserves the right to amend the Agreement  and the technical features of the Products and/or Services, even if this affects the price or quality of the Service/Product. Codit shall notify the Customer of such amendments at least one (1) month before their entry into effect, by any means it deems appropriate. The publication of a notice on the Codit website and/or an enclosure with an invoice and/or a notification by e-mail (on the address mentioned on the relevant Order Form) shall be deemed to constitute appropriate means.

3.2. Aside from the price adjustment referred to in Article 6.1.2, Customers who do not accept changes that are to their disadvantage may cancel the Order Form(s) affected by the changes in question without any compensation for early termination  being due, provided that they inform Codit in writing within fifteen (15) Calendar days of receiving Codit notification. In the absence of such timely notification by the Customer, the Customer shall be deemed to have accepted these changes.

3.3. Should any Belgian, European or any other authorities or regulations require Codit to amend the Agreement, or to refrain from supplying some or all of the Products and/or Services, Codit shall have the right to provide for these amendments or to refrain from supplying the Products and/or Services without having to apply the procedure described above and  without paying any compensation to the Customer. Such event is deemed to be a Force majeure event.

3.4. In case of circumstances beyond the Parties’ control occurring after the conclusion of the Agreement and which are likely to result in a major imbalance between the obligations covered by the Agreement, the Parties shall be entitled to request a renegotiation of the Agreement in order to restore the initial balance.

A major imbalance between the obligations of the Parties in the sense of this Article occurs if it is demonstrated that, following a change in the price of raw materials, customs duties, the tariffs of Codit suppliers or the exchange rates (for the conversion rate, the reference applicable shall be the conversion  factor of the Central European Bank published daily on its official website), there is an increase or decrease of at least 10% in relation to the initial price.

Upon failure to reach an agreement within two (2) months of a renegotiation of the Agreement being requested by one of the Parties, and provided that the latter was able to show the aforementioned impact of more than 10%, either Party shall have the right to terminate the Agreement, without compensation being due, subject to giving two  (2) months’ notice.

4. THE CUSTOMER’S RIGHTS AND OBLIGATIONS

4.1. The Customer shall cooperate with Codit as required for the proper performance of this Agreement. This includes (but is not limited to):

– providing files, documents or other relevant information for the delivery of the Product or Service;

– ensuring network access to his ICT infrastructure (meaning IT equipment/hardware and associated software that is owned/possessed by of the Customer) for the purpose of remote acces by Codit. The Customer will secure this remote access by using the highest safety standards/tools that are available. access The Customer shall immediately take all necessary measures to solve any problem (eg failure, leak, defect, virus,  etc)  notified by Codit.

– ensuring that Codit shall have access at any time during Business hours to the premises of the Customer and if outside of the Business  hours, through a single notification by Codit to the Customer;

– allowing Codit to carry out any operation, by any means deemed necessary or useful for the preparation and execution of its obligations under the Agreement, without being required to consult the Customer beforehand;

– designating one or a limited number of contact persons for technical, administrative and other matters related to the Products and/or Services within the scope of the Agreement in the relevant Order Form.

The Customer acknowledges and accepts that any failure on his part to provide such cooperation, information or adequate access to Codit for the provisioning of the Products and/or Services may affect this provisioning. Therefore, Codit declines any liability in  case of late delivery of or damage to the Products and/or Services insofar as this is attributable to the Customer or a third party. In addition, Codit reserves the right to invoice at the then current rate any unnecessary travel attributable to the Customer.

4.2. The Customer shall make a backup of all his data before the Service and/or Product is installed and take all the steps as are necessary to ensure that his equipment (including the software) is compatible with that of Codit. The Customer undertakes to regularly make security copies of its operating systems, applications and data, and in any event before any technical intervention.

4.3. The Customer shall preserve the secrecy and confidentiality of any identification code (password, user name, etc.) provided to him. The Customer shall be solely responsible for all use of these identification elements. The Customer shall notify Codit immediately in the event of loss, theft or fraudulent use of any of these elements and confirm this by registered letter.

4.4. The Customer undertakes to use the Products and/or Services with due diligence, for lawful purposes and in accordance with the provisions of this Agreement and any documentation provided by Codit in relation with the Services and/or the Products and in accordance with the applicable legislation (including data protection rules if applicable) and other third party rights. The Customer shall refrain from making (and not allow third parties) any abusive or fraudulent use of the Products and/or Services. The Customer shall use the Products and/or Services only for his own account and professional usage. Unless stated otherwise, use of the Products and/or Services by the Customer is limited to the term of the Agreement. He shall not under any circumstances transfer them, resell them, rent them out, lend them out or make them available to third parties without prior written consent from Codit.

4.5. Before the submission of the Order Form and throughout the term of the Agreement, the Customer shall comply with the prerequisites mentioned in the documentation put at its disposal by Codit. In the event of non-compliance, Codit shall not be liable for the malfunctioning of the Service and any possible Service Level Agreement will no longer apply. Codit reserves the right to invoice the Customer for any additional costs to remedy these.

The Customer recognizes that the Service is based on an ever-changing technology. Therefore, the Customer understands and accepts that Codit or its suppliers may change, at any time, the specifications with which the prerequisites must comply without this being regarded as an amendment to the Service or the Agreement. The Customer shall comply with them, at his own expense, within the delay fixed by Codit.

4.6 The Customer shall ensure that all End Users who have access to the Service and/or Product comply with the obligations arising under this Agreement and shall assume liability for this. In this regard, the Customer shal inform End Users of the obligations set in the present Agreement.

4.7. The Customer is responsible for, and shall bear the costs of, obtaining and retaining any license, registration, permit or approval necessary to comply with his obligations under this Agreement. The Customer shall keep the required and appropriate licenses, registrations, permits or authorizations for the term of the Agreement, including any extensions thereof.

4.8. Throughout the term of this Agreement and for a period of twelve (12) months following the end of the Agreement, each of the Party shall not directly or indirectly solicit the employment of, hire or engage as an independent contractor or otherwise, any of the other Party staff (employee, consultant or other), without the concerned Party prior written consent. Should one of the Party fail to comply with this obligation, this Party shall pay the other Party a damages equal to twelve (12) times the gross monthly salary that the person earned with the concerned Party in the last full month of his employment, without prejudice to the concerned Party’s right to claim further damages. The non-solicitation provisions under this Article do not apply if the concerned employee spontaneously applied for employment at the other Party, provided that this spontaneous application can be proved.

5. CODIT’S RIGHTS AND OBLIGATIONS

5.1. Codit is responsible for delivering the Products and/or Services of the Agreement, as agreed in the applicable Order Form and corresponding Specifc Terms and Conditions.

5.2. The Service will be provided with reasonable skill and care and in accordance with generally accepted industry standards. Codit commitments must be qualified as obligations of means (obligation de moyens/ middelenverbintenis). Codit will make every reasonable commercial effort to perform the Agreement at the agreed time. Unless stated otherwise, the execution time are given for information purpose only.

5.3. The maintenance or development of the Service/Product may require Codit to restrict or temporarily suspend the Service/Product. In that case, Codit will (1) make maximum use of the planned works window if agreed between the Parties and (2) limit the period of restriction or suspension to the time needed for the applicable interventions. In any case where planned maintenance works entail an interruption of more than 30 minutes, regardless of whether these works take place within or outside the planned maintenance window, Codit shall use reasonable efforts to notify by any means the Customer five (5) Business Days before the start of the planned maintenance works. The planned works are not taken into account in the Service Level Agreement calculation, if any.

5.4. The Customer expressly acknowledges that Codit may be assisted by subcontractors which it chooses freely, without any prior information or consent from the Customer, and for whom it is personally liable. Codit will make sure its subcontractors are fully compliant with this agreement and delivering quality up to the standards of the Customer and Codit.

5.5. Without prejudice to Article 8, Codit will use the information provided by the Customer in good faith and for the sole purpose of performing this Agreement.

5.6.Codit will only provide itself access to the Customer’s network and systems herein, including the IT System, to the extent necessary to supply the Products/Services. This obligation applies to both remote access and to the access at the premises of the Customer.

5.7. Codit reserves the right to charge the Customer for efforts spent in handling of Incident when the cause of Incident is not imputable to the Codit.

5.8. Codit reserves the right to take, at any time, on its own initiative and without prior notice, the measures required in case the security, integrity or the proper functioning of its services, products, networks or infrastructure (or the ones of its subcontractors or suppliers) are or could be compromised, or in case of (suspected) abuse or (suspected) fraud  by the Customer or any third party. Such measures may consist of, inter alia, the activation of protective measures or the suspension of the Customer’s access to its Service. In no event shall Codit be liable to Customer for any and all consequences that would arise from the implementation of these measures.

6.PRICING, PAYMENT AND INVOICING

6.1. PRICING

6.1.1. Unless otherwise mentioned, the prices of the Products and Services indicated in the Offer or Order Form are expressed in Euro and are exclusive of VAT.

With the exception of income tax payable by Codit, the Customer shall pay all taxes and levies imposed by any competent authority  whatsoever, including fines and interest, on the installation and commercial operation of the Products and/or Services with the Customer. The Customer shall reimburse any sum that Codit has paid to a competent authority in this regard upon first request and within 15 Calendar days by the latest.

This clause includes, but is not limited to, the VAT (including fines and interest) that Codit is held (jointly or severally) liable for in relation to the Services (in Belgium or abroad). The amount of VAT, including the fines and interest, will be payable by the Customer to Codit upon first request. If requested by the Customer, Codit can decide at its own discretion to file an administrative or judicial appeal against the claim of the competent tax authority. In such a case the costs of the procedure, including legal fees and expert fees, will be borne by the Customer.

6.1.2. Codit reserves the right to adjust the prices before the submission of the Order Form and on the Agreement anniversary date, in accordance with the Agoria Digital Index and the following price adjustment formula:

Pn = Po x (0.2 + 0.8 x (In / Io))

Where:

Pn = the price applicable in year n

Po = the price applicable at the start of the Work Assignment

Io = the Agoria Digital index (wage reference of January) on (i) the date of the previous instance of indexation or (ii) the date one year before the current moment of indexation if no previous instance of indexation has occurred yet;

In = the Agoria Digital index (wage reference of January) of year n

where the Agoria Digital index is the wage index for PC200 for contracts from august 2022 (https://tools.agoria.be/nl/Refertelonen-237172 / https://tools.agoria.be/fr/Salaires-de-reference-237173).

A price adjustment based on the price adjustment formula shall not give the Customer any right to terminate the Agreement without an early termination fee.

If Codit decides not to index its prices or certain price components at a given indexation occasion, this shall not be considered as a waiver of this right and Codit explicitly reserves the right to adjust the prices or other price components accordingly at a future occasion of indexation.

• If the adjusted price is lower, pursuant to Article 6.1.2., than the applicable initial/previous price, then the applicable initial/previous price shall remain in effect.
• Travel & Expenses
  • AIR TRAVEL – The Travel Desk of Codit is responsible for evaluating and choosing the most economical routing as well as ordering and issuing tickets. Generally speaking, reservations must be made as early as possible in order to obtain the best prices. All changes to a flight schedule entail not only extra administrative work, but additional costs too. Therefore, customers are expected to prepare their business agendas carefully and to limit changes to a strict minimum and only under exceptional circumstances. Travellers may be asked to depart, return or stay over on a weekend if this reduces the overall cost for the travel. All international and domestic air travel must be in economy class. Flights are generally restricted to regular, scheduled and certified airlines. Flying with airlines which are generally known to be ‘unsafe’ is avoided.

 

• RENTAL CAR – The car category will be B or C, depending on availability. The full insurance package will be applied.

 

• TAXI – If no public transport or rental car service are available to cover the distance, the traveller is expected to use only registered taxis and ask for a receipt.

 

• RAIL TRAVEL – Domestic and international rail travel will be in economy class. First class will be booked if no seats are available in economy.

 

• ACCOMODATION – Codit uses 4-star hotels or equivalent depending on the negotiated rates. Codit employees can make use of laundry service for a minimum stay of 7 days.

 

• MEALS – Breakfast will be included in the hotel expenses. Normal lunch and dinner expenses will be incurred.

 

• TRAVEL TIME – Upon the submission of supporting documentation, the Customer will pay Codit all costs that Codit has had to pay regarding the implementation of the Agreement. If those appointed by Codit travel abroad in the context of the Agreement, the hours spent on travel during Business Hours (all working days in Belgium are from 8.00 hours to 18.00 hours) are charged at 50% of the agreed rate for appointed persons.

 

• Codit will charge the customer for all expenses made for which receipts can be presented. A copy of the receipts will be handed over to the Customer. The invoice of the expenses will include the following information:

a description of travel and/or invitees;

b copies of the receipts;

c name of the project, country and subsidiary location;

d VAT number (if applicable);

e the amount.

6.2. PAYMENT

6.2.1. The amounts due under the terms of this Agreement will be billed in accordance with the terms and conditions set out in the Order Form and/or the specific terms and conditions. Unless otherwise mentioned on the invoice, the payment term is thirty (30) Calendar days as from the invoice date.

6.2.2. The only valid payment method shall be by bank transfer to the account number specified by Codit, citing the relevant reference details and within the due date mentioned on the bill. The Customer shall bear all the costs linked to the payment of the bill.

6.2.3. The bills shall be addressed to the Customer or to a third-party payer designated by the Customer. The designation of a third-party payer does not exempt the Customer from his obligation to pay in case the third-party payer defaults. The third-party payer shall not acquire any right to the Products and/or Services.

6.2.4. Codit reserves the right to perform a screening of the Customer’s financial situation before and during the Agreement term. If the results of this screening lead Codit to have serious doubts as to the Customer’s solvency, Codit may bill additional intermediate amounts or demand advance payments, bank guarantees or any other type of financial guarantee. Codit reserves the right to suspend the Service to the Customer should the latter fail to submit such guarantee within three (3) Business days of Codit request.

6.2.5. Customer is not entitled to set off any amounts payable to Codit under this Agreement against any possible amounts payable by Codit to the Customer under this Agreement or or any and all other agreement.

6.3. LATE AND PARTIAL PAYMENT

6.3.1. In case an undisputed bill is not paid by the due date, the defaulting Customer or, where applicable, his third-party payer, will receive a reminder from Codit.

6.3.2. In case the payment due date is not complied with, the Customer shall automatically and without notice be liable for the payment of interest on arrears calculated at the legal rate. Codit also reserves the right to claim a penalty from the Customer amounting to 15% of the billing total with a minimum amount of 60 Euro.

6.3.3. If a Customer makes a partial payment and this payment does not correspond in full to the amount outstanding for the use of the Codit Service and/or Product; Codit reserves the right to attribute this payment to any other open invoice.

6.3.4. In the event of late payment, Codit has the right to cancel any discount permitted for cash payment.

6.3.5. The Parties agree that the non-payment (either partial or total) of an undisputed bill shall be considered as a material breach pursuant to Article  2.2.5. of the present General Terms and Conditions and, without prejudice to any other remedies in Law, Codit is entitled to suspend the provision of the Products/ Services until payment is received in full.

6.4. DISPUTED INVOICES

6.4.1. Any notification of a disputed bill must be received by Codit within fifteen (15) Calendar days of the billing date. Beyond that deadline, the bill will be deemed to have been irrevocably accepted by the Customer.

• If the Customer’s contestation proves to be unjustified, the disputed amount shall become payable immediately.

7. CONFIDENTIALITY

7.1 Confidential information means any information specifically marked as being confidential  and/or which the other Party should be reasonably held to be aware of the confidential nature provided by one of the Party to the other about the activities of the Parties, any Affiliates or its customers, obtained directly or indirectly by the other Party, under or in connection with the Agreement, including (but not limited to):

1. this Agreement
2. the information contained in all proposals, marketing and sales plans, contracts;
3. financial information of any kind;
4. computer programs including source codes, algorithms and software models developed and/or installed by Codit or that are the subject of a license issued by Codit or otherwise provided by Codit;
5. the methods, strategies, opportunities, customer lists, know-how (including, but not limited to, models, production and commercialization procedures), trade secrets and know-how of the Parties.

Shall not be considered as confidential, the information that:

– Is or becomes part of the public domain without intervention on the part of the receiving Party;

– Has been generated by the receiving Party independently, without using confidential information from the disclosing Party;

-Information which was rightfully disclosed to the receiving party by another person.7.2. . Confidential Information shall remain the property of the disclosing party. Disclosure of Confidential Information does not imply the transfer or granting of any intellectual property or industrial right.

7.3. The Parties shall not be liable for the use made of it by the other Party.

7.4. If the receiving Party is required by law or by the order of a court of a competent jurisdiction or a public authority to disclose, in part or in full, any Confidential Information, that Party shall immediately notify the disclosing Party thereof in writing provided that it is legally authorised, and give the latter the opportunity to seek any legal remedies to maintain the confidentiality of the Confidential Information. In any case, the receiving Party shall only disclose Confidential Information that it is legally required to disclose and shall take all possible measures to maintain the confidentiality of the Confidential Information.

7.5. The obligation of confidentiality set out in this section shall survive the expiration or termination of the Agreement for three (3) years.

8. PROCESSING OF PERSONAL DATA

8.1.      GENERALITIES

8.1.1. The terms and concepts related to the processing of personal data in this article 8 shall have the meaning given to them in the EU Regulation 2016/679 of April 27th, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, hereinafter referred to as the “GDPR”.

The Data Protection Legislation means i) the GDPR, (ii) the applicable national legislation implementing or supplementing the GDPR (for Belgium, this is the law of July 30th, 2018 on the protection of natural persons with regard to the processing of personal data), (iii) the national laws implementing the Directive on Privacy and Electronic Communications (2002/58/EC), and (iv) any future legislation that modifies, replaces and/or supplements (i) (ii) and/or (iii).

8.1.2. The Customer represents and warrants that he complies with the Data Protection Legislation and he shall continue to do so during the term of the Agreement.

8.1.3. Codit shall comply with the Data Protection Legislation when processing personal data in relation to or in the execution of the Agreement.

8.2.    CODIT ACTING AS DATA CONTROLLER

Whenever in relation to or in the execution of the Agreement, Codit processes personal data of the Customer (including its staff, representatives, contact persons, users, End Users, etc.) and Codit has defined the purposes and the means of such processing, then Codit acts as controller. The Codit Privacy Policy, available at https://www.codit.eu/en/privacy-policy/ describes the processing of personal data by Codit when acting as controller.

8.3.    CODIT ACTING AS DATA PROCESSOR

Whenever in the execution of the Agreement, Codit processes personal data on behalf of the Customer (or the Customer’s data controller in case the Customer is a processor), then Codit acts as processor (or sub-processor). In such case Codit shall comply with the provisions of the data processing agreement which is set out as an annex to these General Terms and Conditions.

9. INTELLECTUAL PROPERTY

9.1. Unless explicitely stated otherwise in the Specific terms and conditions, any and all Intellectual Property Rights in relation to the Products and Services (including all documents issued by Codit in the framework of the Agreement)  shall remain the exclusive property of Codit and/or its Affiliates  and/or its suppliers The Customer may not claim any right to this Intellectual properties. .

The Customer is thus not granted with any Intellectual Property Rights or any rights other than those explicitly specified in this Agreement. The Customer is not authorized (and shall not authorize or permit any third party including any End User) to duplicate, copy, delete, modify the Service or create derivative works based on the Product and Service, reverse engineer or decompile, decrypt, disassemble or reduce the Service to human-readable form, except as allowed by law.

9.2. All trademarks, service marks, commercial names, logos or other words or symbols referring to the Products and/or Services or to Codit business activities in general (hereafter referred to as “the Trademarks”) are and shall remain the exclusive property of Codit or of its Affiliates  or suppliers. The Customer shall not commit any act which would pose a threat to these property rights, nor acquire any right to these Trademarks, unless otherwise    stipulated    in    the    Agreement.    The Customer shall not remove, modify or obscure  labels, plaques or other distinctive badges affixed to this Product by Codit, its Affiliates or its suppliers.

10. LIMITATION OF LIABILITY

Unless applicable law requires otherwise, the liability of Codit is limited as descibed in this section 10.

10.1. Codit can only be held liable in the event of fraud or serious misconduct on its part or on the part of one of its employees. In such a case, Codit liability shall be limited to repairing only that damage suffered by the Customer that was foreseeable, direct, personal and certain, excluding the repair of any indirect or intangible damage such as additional expenses, loss of income, loss of profits, loss of customers, loss of or damage to data, loss of agreements, damage to third parties, etc.

10.2. Neither Party  is  liable for damage resulting from the other Party ‘s failure to meet his obligations.

10.3. Codit shall not be held liable for the content of information that is processed or stored by the Customer or any  third party  using the Codit Products and/or Services.

10.4. Codit’ liability towards the Customer per event giving rise to liability shall be limited to the total amounts that the Customer paid to Codit under the Agreement over the six (6) months preceding such event causing  damage . In addition, Codit’ liability towards the Customer shall, in no event exceed an aggregate amount of EUR 200,000  per calendar year. This limitation does not apply in the event of physical injury or death caused by Codit.

10.5. Liability with respect to Intellectual Property Rights:

10.5.1. In the event any claim or action for infringement of  Intellectual Property Rights in relation to the Products and/or Services against the Customer, the Customer shall immediately notify of such event and allow  Codit the sole right to control any defense of any such claim or action at its own expense.

Codit shall indemnify the Customer against any damages and costs ultimately awarded for the infringement of Intellectual Property Rights in relation to the Products and/or Services  either (a) under a definitive decision of a competent jurisdiction establishing said infringement of Intellectual Property Rights in relation to the Products and/or Services or (b) in a settlement agreement entered by Codit.

Such obligation is conditioned on pain of forfeiture, on: (i) the Customer immediately informing Codit in writing of any claim or action involving (alleged) infringement of  Intellectual  Property Rights when it knows or  reasonably should  know the existence of such claim or action, and at the latest within ten (10) Calendar days of the event occurring); (ii) the Customer giving Codit  the sole control of any defense of any such claim or, and any related settlement negotiations, (iii) the Customer cooperating fully to such defense and  not undertaking any action or initiative which might be detrimental to Codit’s position in any way whatsoever.

10.5.2. Where the Products and/or Services become or are likely to become the subject of infringement of Intellectual Property Rights,  then Codit may, at its sole discretion either:

(i) obtain for the Customer the right to continue to use the Products and/or Services;

(ii) modify or adapt the Products and/or Services or a component thereof so that it becomes non-infringing, or replace Products and/or Services by an available substitute, insofar as this does not lead to any substantial loss of functions or services.

or (iii)  within the context of the economic balance between the parties as agreed or reasonably virtually agreed, solely terminate, with immediate effect and without judicial intervention the Agreement, including, as the case may be, the right to use the Products and Services. In such event, Codit shall refund the Customer the sums paid for the Products and/or Services which the Customer has not yet been able to benefit from. For the avoidance of doubt, in such event (i) the Customer cannot claim the performance of the Agreement and (ii)  Codit’s maximum liability is limited to the amounts defined in  Article 10.4 of the General Terms and Conditions.

10.5.3. The remedies specified in this section shall constitute the Customer’s sole remedies from Codit with respect to claims related to  Intellectual Property Rights.

10.5.4. The obligations and remedies described in this section 10 shall not apply to infringements attributable to or resulting from  (i)  the Customer through their own acts or omissions or other persons than Codit, including modifications   made to the Products and/or Services,  (ii) the use of the Products and/or Services in conjunction with other Intellectual property, software or hardware, (iii) use of the Product/Service in a manner contrary to the Agreement or instructions given to the Customer by Codit, (iv) modification of the Product/Service by anyone other than Codit or a third party acting on Codit’s behalf (v) any functionality or capability  provided by Codit in accordance with the express written technical designs, specifications, or instructions provided by the Customer or (iv) service or products of third party.

11. CONFIGURATION AND INSTALLATION

11.1. The Product  and/or infrastructure shall be installed and/or configurated by Codit if this  is expressly provided for in the Specific Terms and Conditions or Order Form.

11.2.  In case of installation at a Site designated by the Customer, the Customer shall provide a suitable place for the installation, use and maintenance of the equipment. In accordance with the recommendations of the Belgian Electrotechnical Committee (Comité  électrotechnique belge/Belgisch Elektrotechnisch Comité), the Customer shall provide any electrical connections and/or groundings and connections to the computer material necessary for the proper functioning of the equipment. The Customer shall comply with the requirements mentioned by Codit.

Should the Customer fail to make the necessary preparations for installation by the agreed installation date, Codit reserves the right to terminate the Agreement or may  make these arrangements itself or instruct a third party to do so. In these cases, Codit shall have the right to recover the total cost from the Customer.

Codit is not liable for any damage to property that cannot be avoided in performing the work necessary for the installation, alteration or removal of the equipment or provision of technical assistance therefor.

11.3. Except if the installation is made by the Customer himself, a functional test is carried out at the end of the installation.

Acceptance of the configuration and/or installation shall definitively and irrevocably occur or be deemed to occur on the earliest of the following:

– signed confirmation by the Client that the tests, if any, have been successful, or

– if no confirmation is signed, five (5) Business  days after the completion of the configuration, installation or execution of the agreed tests, unless the Client has provided within this five (5) Business  day period written notice to Codit to reject the installation or the configuration. Such notice must set forth in detail how the installation fails to satisfy any agreed   acceptance   tests   in   one   or   more material respect(s). Parties will use all reasonable efforts to remedy any reported and accepted problems and rerun the acceptance procedure as soon as possible.

12. DELIVERY

12.1. In the event that the Products/Services are delivered damaged, or are not complete, or in the case of error, or any other conformity defect, the Customer shall be obliged to reject the Products/Services or to accept these only under written reservation. Any comment or complaint concerning the Products/Services must be sent to Codit in writing within ten (10) Calendar days  after delivery. After this period, the Products/Services will be deemed accepted by the Customer.

12.2. A response from Codit to a belated complaint shall not prejudice the aforementioned and shall always be subject to all rights and without any prejudicial acknowledgement. The putting into use of the supplied Products/Services, even if the Customer has communicated its possible complaint under Article 10.5, shall also serve as an unconditional acceptance of the Products/Services.

12.3. Communicating a complaint to Codit or the refusal or return of the Products/Services ordered however shall not suspend the obligation of the Customer to pay the invoice.

12.4.  If a complaint is considered well-founded by Codit, without being liable for any further compensation for damage, Codit will – at its own option – take back/repair/replace the Products/Services and/or proceed to refund or partially refund of the price received for the non-conforming part of the Agreement.

13. FORCE MAJEURE

13.1. Codit shall not be held liable for any delays or shortcomings in the provision of its Products/Services whenever these are the result of events or circumstances that are beyond its control, unpredictable or unavoidable, such as acts of war, riots, disturbances, civil unrest, actions of civil or military authorities, embargoes, explosions, bankruptcy of a licensor or a supplier, strikes or labor conflicts (including those involving its employees), cable cuts, unavailibility of the remote access, power blackouts (including those blackouts arising from the application of a power cut plan drawn up by the authorities), flooding, prolonged frost, fires or storms.

13.2. If it invokes such Force Majeure, Codit shall have the right to suspend or limit delivery of the Products/the Services , without the Customer being entitled to claim any damages whatsoever.

13.3. If invoking such Force Majeure, Codit shall  make every reasonable effort to strictly limit the duration thereof.

13.4. Should these events or circumstances of Force Majeure are definitive or continue for more than three (3) months, either Party may lawfully and in writing  terminate this Agreement without any compensation being due.

14.PUBLICITY

14.1. Both during the Agreement and for one (1) year following its termination, each Party undertakes to inform the other Party in advance if it intends to make a communication to the public, concerning a completed mission or a mission in progress.

14.2. Without prejudice to the article 9.2, in the framework of the Agreement, neither Party shall place/publish a written advertisement or public relations or promotional material that relates to the other Party or use the brands of the other Party without its prior written consent, except with regard to the logo of the Customer that Codit may depict on its websites as well as the logo of the Customer and the information about the project, which Codit may use in connection with its sales activities such as in its PowerPoints and Sales Sheets to prospects. This Article shall remain in force for a period of ten (10) years after the termination of the Agreement.

15. MISCELLANEOUS

15.1. Should one or more provisions of the Agreement be found to be invalid, unlawful or unenforceable, such provisions shall be construed in a manner consistent with applicable law to reflect as nearly as possible the original intentions of the Parties, and the remaining portion of such provisions shall remain in effect.

15.2.  The Parties hereby agree that any communications exchanged by
e-mail shall have the same legal value as written or signed correspondence. The Parties likewise agree that information relating to any communications, contracts or payments held by Codit on a lasting and inalterable medium shall have probative force until there is evidence to the contrary.

15.3. This Agreement shall constitute the entire agreement between the Parties on the Products and/or Services, to the exclusion of any prior written or oral communications, proposals and agreements.

15.4. Codit has the right to transfer all or some of its rights and obligations under the Agreement to a third party, without the Customer’s consent. The Customer may only transfer his rights and obligations under the Agreement when Codit has given its specific written agreement beforehand.

15.5. In case the Customer purchases Codit’s Azure Reselling Services, Customer needs to agree to the Microsoft Customer Agreement which can be found on https://www.microsoft.com/licensing/docs/customeragreement

15.6 This Agreement is governed by Belgian law excluding the UN Convention on Contracts for the International Sale of Goods, and without regard to conflict-of-laws principles, . In the event of a dispute that cannot be settled amicably, the courts of Ghent shall have sole jurisdiction.

 

Annex 1 – Data Processing Agreement

16. Signature

Done at Ghent (Belgium) in as many copies as there are Parties, whereby each Party acknowledges having received its original copy.

Codit Signature: Name: Stijn DEGRIECK Position: Director Date: 19/06/2024	Customer Name: Signature: Name: Position: Date:

 

ANNEX 1 – DATA PROCESSING AGREEMENT

1. SUBJECT

This data processing agreement including its annexes governs the processing of personal data by Codit (hereafter referred to as the “Processor”) on documented instructions from the Customer within the context of providing products and services under the Agreement. It supersedes any prior agreement between the Parties on this subject.

As an annex to these General Terms and Conditions the present data processing agreement becomes an integral part of the Agreement.

The subject-matter and duration of the processing, the type of personal data and the categories of data subjects, as well as the nature and purposes of the processing, are described in the GDPR PROCESSING TERMS of this data processing agreement.

2. OBLIGATIONS OF THE PROCESSOR

The Processor shall only process the personal data in accordance with the provisions of the Data Protection Legislation and the stipulations of this data processing agreement. In particular, the Processor (and, where mentioned and/or by virtue of the applicable legislation, the Customer) has the following obligations regarding the personal data:

2.1 Processing on documented instructions of the Customer

The Processor shall process the personal data only on documented instructions of the Customer and exclusively for the purposes described in this data processing agreement, unless required to otherwise process or transfer the personal data under the laws of the European Union or or the local law applicable to the Processor. In such a case, the Processor shall inform the Customer of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest. The Agreement and this data processing agreement are the Customer’s complete instruction to the Processor in this respect. All additional or alternative instructions must be agreed upon in writing by the Parties.

2.2. Technical and organisational measures

The Processor shall take the technical and organizational measures agreed in this data processing agreement to ensure a level of security appropriate to the risks that are presented by the processing, in particular risks from accidental or unlawful destruction, loss, alteration, unauthorized disclosure, use or access and against all other unlawful forms of processing and taking into account the state of the art, the costs of implementation and the nature of the personal data and the potential risks.

The Processor undertakes to take the necessary technical and organizational measures to:

• Limit access to the personal data to those acting under his authority and taking part in the realisation of the tasks assigned to them by the Processor. Everyone who is authorised to access personal data will only take cognisance of the personal data he needs for the realisation of the tasks entrusted to him by the Processor.
• Ensure that the IT systems of the Processor are properly protected, among other things and insofar as reasonably possible and in conformity with Article 32 of the GDPR.

The description of the technical and organisational measures taken by the Processor with regard to safety is added in section 2.2. “technical and organisational measures” of the GDPR PROCESSING TERMS.

2.3. Confidentiality and limited access to the personal data

The Processor undertakes to process the personal data in a strictly confidential manner and not to copy, reveal or process it in any way without the explicit consent of the Customer, unless this is required by the laws of the European Union or the local law applicable to the Processor or unless this is necessary for the performance of the Agreement.

The Processor ensures that persons authorised to process the personal data under its authority, have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality and shall not process the personal data except on instruction from the Customer, unless required to otherwise process or transfer the personal data under the laws of the European Union or the local law applicable to the Processor or the sub-processor.

2.4. Assistance to the Customer

At the Customer’s request and taking into account the nature of the processing as well as the information available to the Processor, and insofar as possible, the Processor shall provide reasonable assistance in:

• dealing with requests from data subjects exercising their data subject rights under the GDPR.
• implementing technical and organisational measures to comply with the Customer’s obligation of security in relation to the processing of the personal data.
• notifying personal data breaches affecting the personal data to the supervisory authority and to the data subject, as the case may be, and
• conducting data protection impact assessments and consult the supervisory authority in such context.

The Processor reserves the right to claim a reasonable compensation forthis assistance.

2.5. Notification to the Customer

• Notification of the instructions given

The Processor shall immediately inform the Customer if he believes that an instruction of the Customer results in an infringement of the Data Protection Legislation. In this case the Processor may suspend the realisation of the instruction in question until this has been confirmed or changed by the Customer.

• Notification of an infringement related to personal data

The Processor shall inform the Customer without undue delay after becoming aware of a personal data breach in the framework of the performance of the Agreement.

2.6. Cooperation in audits

At the request of the Customer the Processor shall make available to the Customer all information necessary to demonstrate compliance with the obligations laid down in this data processing agreement and Article 28 GDPR and allow for and contribute to audits, including inspections, conducted by the Customer or another auditor mandated by the Customer.

The Customer reserves the right to examine whether the personal data the Processor is processing, is actually processed according to the terms of this data processing agreement and on his documented instructions.

As part of such audit, he can carry out random checks in relation to the protection and safety of the personal data. Audits must be announced to the Processor in writing at least 72 hours in advance and take place during office hours without impact on the Processor’s business. The Customer will bear its own expenses as well as the cost of the Processor’s internal resources required to conduct the audit.

Audits will be limited to data privacy aspects and take up to a maximum of 3 business days.

The Processor and the Customer agree to limit the audits to a strict minimum and with a maximum of once every 2 years, unless serious reasons for an earlier audit would exist or if a data protection authority would require so.

2.7. Sub processing

The Customer hereby provides a general written authorisation to the Processor to engage sub-processors, including free-lance collaborators, for the processing of the personal data (i) to the extent needed to fulfil its contractual obligations under the Agreement and (ii) as long as the Processor remains responsible for any acts or omissions of its subcontractors in the same manner as for its own acts and omissions hereunder.

The Processor shall inform the Customer by e-mail of any intended additions or replacement of sub-processors, giving the Customer the opportunity to object to such addition or replacement. If the Customer has a legitimate reason for objection that relates to the processing of personal data he shall inform the Processor thereof by e-mail within 15 calendar days following the day on which the Processor has informed the Customer. In the event the Customer informs the Processor of its objection to add or replace the sub-processor, the Processor may not be in the position to continue to provide the products and services to the Customer and shall in such case be entitled to terminate the Agreement without any compensation being due by the Processor.

If the Processor engages (an)other processor(s) for carrying out specific processing activities on behalf of the Customer, he commits to enforce similar obligations on data protection as those laid down in this data processing agreement, in particular with regard to offering sufficient guarantees on the application of suitable technical and organisational measures to meet the GDPR. The Processor in any case remains fully liable towards the Customer for the realisation by such processor(s) of his/their obligations according to the terms and conditions of this data processing agreement.

2.8. Transfer of personal data outside the European Economic Area

The Processor shall be entitled to transfer the personal data to a country located outside the European Economic Area which has not been recognised by the European Commission as ensuring an adequate level of data protection, if the Processor (i) has provided appropriate safeguards in accordance with the GDPR or (ii) can rely on a derogation foreseen by the GDPR.

3. OBLIGATIONS OF THE CUSTOMER

The Customer shall provide the Processor in an effective manner and at his own costs with information and assistance that is reasonably required/useful for the performance of this data processing agreement, taking into account the nature of processing and the information available to the Customer.

The Customer guarantees to have all rights, titles, authorizations and consents – as the case may be, from the data subject in accordance with the Data Protection Legislation- in order to allow the Processor to legitimately process the personal data on behalf of the Customer. The transparency obligation towards the data subject lies on the Customer.

4. LIABILITY – INSURANCE

The Processor is liable for the damage caused by processing only where it has not complied with obligations of the Data Protection Legislation specifically directed to processors or where it has acted outside or contrary to lawful instructions of the Customer. However, if the Processor can prove that it is not in any way responsible for the event giving rise to damage it can be exempt from liability.

The liability of the Processor shall be limited to the amount specified in the Agreement.

The Parties acknowledge that they can be held liable for the entire damage in order to ensure effective compensation of the data subject. Where one of the Parties paid full compensation for the damage suffered, that Party shall be entitled to reclaim from the other Party involved in the same processing that part of the compensation corresponding to their part of the responsibility for the damage.

The Parties may want to include the obligation for each Party to take out and maintain insurance policies to the value sufficient to meet their respective liabilities under or in connection with their collaboration and to be able to provide evidence that such insurance is in place.

5. DURATION

This data processing agreement remains in force during the term of the Agreement. The termination of the Agreement, for whatever reason, shall automatically cause the termination of this data processing agreement.

At the termination of the Agreement and when relevant in the scope of the processing performed under this data processing agreement, the Processor, according to the Customer’s choice, must delete all personal data or return it to the Customer and destroy the existing copies, unless European Union Law or the the local law applicable to the Processor requires the storage of the personal data.

Those provisions which expressly state that they will extend after the term of the Agreement, for whatever reason, as well as those provisions which are intended to extend after the term of the Agreement including, without limitation, Article 4 (Liability – insurance) shall remain in force after the end of this data processing agreement for as long as necessary for their purpose.

6. MISCELLANEOUS

Codit undertakes not to transfer all or part of its rights and obligations arising under this data processing  agreement, to third parties without the prior written consent of the Customer. Such prior written is not needed in case of a transfer of all or part of its rights and obligations arising under this data processing agreement to an affiliated company of Codit. Affiliated companies of Codit being any legal entity, in Belgium or abroad, existing, to be acquired or to be created, that directly or indirectly, is controlled by, controls, or is under common control with Codit, whereas the term “control” as used herein shall refer to the possession of the power to direct or cause the direction of the management and the policies of an entity, whether through the ownership of a majority of the outstanding voting rights or by contract or otherwise. The Customer shall not unreasonably withhold its consent in case Codit wants to transfer all or part of its rights and obligations under this data processing agreement to a third party that is not an affiliated company of Codit. Codit in any case remains fully liable in respect of the Customer for the realisation by the such party of his obligations, subject to the stipulations of Article 4 “Liability – insurance”.

No modification to this data processing agreement can take place without this first being negotiated, authorized, and signed by a duly authorized representative of each Party.

The invalidity of one of the provisions of this data processing agreement will in no way affect the enforceable nature of the other provisions. The Parties agree that if, and to the extent, that it is established by a competent judicial or supervisory authority that a provision of this data processing agreement is unlawful, void, or unenforceable, such provision will be replaced by a provision that is lawful, valid and enforceable and that follows the intent of the Parties as closely as possible.

No negligence of either Party in the exercise of a right stipulated in its favour in this data processing agreement, shall be interpreted as a waiver of the future rights with respect to those rights.

This data processing agreement is governed by law that governs the Agreement. The courts that have competence over the Agreement also have competence to take note of whatever dispute that might arise with respect to this data processing agreement.

GDPR PROCESSING TERMS

1. DATA PROCESSING TERMS

1.1. Subject-matter of the processing

The Processor provides products and services to the Customer as described in the Agreement.

1.2. Nature and the purpose of the processing

During the provision of the products and services under the Agreement, depending on the products and services that are ordered by the Customer, the Processor shall perform all or some of the following processing activities:

• During the provision of the IT consultancy services (delivery) the Processor needs to access data, potentially including personal data, (hereinafter referred to as the “personal data”) that is stored in the environment of the Customer in order to analyse the personal data (structure, format, etc.). The access to the personal data is provided by the Customer or defined in agreement with the Customer. In most cases, access is done remotely, exceptionally access takes place on premise (at the Customer’s location).
• During the provision of the managed services (customer care), the Processor needs to access the personal data that is stored in the environment of the Customer in order to provide support services (such as for example troubleshooting or delivery of workarounds for identified problems).

The access to the personal data is provided by the Customer or defined in agreement with the Customer. In principle such access shall be remote, exceptionally upon request of the Customer or if the managed services require so, the personal data shall be accessed on premise (at the location of the Customer).

Exceptionally the Processor may need to copy certain personal data sets for example to resolve an identified problem or deliver a workaround for an identified problem.

• At the request of the Customer, the Processor shall access the Invictus software that is installed in the environment of the Customer. During such access the Processor might see personal data that would be processed by Invictus.

1.3. Duration of the processing

The Processor shall process the personal data as long as it provides products and services in the scope of the Agreement.

1.4. Type of personal data

All types of personal data that the Customer processes and to which the Customer provides the Processor with access.

Possible examples of such personal data are:

• Identification data
• Contact data
• Authentication data
• Technical identifiers
• Login data
• Configuration data

1.5.Categories of data subjects

Those categories of data subjects to which personal data the Processor has access during the provision of goods and services in the scope of the Agreement.

Possible examples of categories of data subjects are:

• customers of the Customer,
• employees of the Customer,
• suppliers of the Customer
• potential customers of the Customers.

1.6. Sub-processors

The Customer has authorized the Processor to engage the project team (as described hereafter) for the processing of the personal data:

Codit’s way of working

• Codit team

Codit together with all the other Codit Entities* forms one team of available IT resources with specific skills (the “Codit team”). The Codit team includes both employees and freelancers of all the Codit Entities.

The Codit team also includes freelancers located outside the European Economic Area (e.g. Thailand and India) in order to provide specific services such as, for example, providing customer care services outside the business hours of the Codit Entities (CET 8h – 17h).

• Project team

Based on the skills that are required to provide the services to the customer and based on the availability of persons with these skills, out of the Codit team a project team will be formed for the customer.

It may happen that both at the start of the services and during the further course of the services, certain skills required in the project team are not available or not present in the Codit team, in which case Codit or one of the other Codit Entities will call upon additional resources who have these skills.

Since the composition of the project team is very dynamic based on the specific requirements needed at certain times, it is difficult to provide customers with an up to date list of the members of the project team. If you wish to know who is part of your project team at a certain moment in time, you can always send an e-mail to your Codit contact person.

*“Codit Entities” means: Codit Holding BV, Codit BV, Codit Managed Services BV, VOTIJNIT Lda, Codit Switzerland AG, Codit Integration Ltd, Codit France SAS, Codit Mare Ltd, Codit Malta Ltd en Codit Nederland B.V.

2. TECHNICAL AND ORGANISATIONAL MEASURES

Given that the processing by the Processor during the provision of the products and services under the Agreement, is limited to remotely getting access to personal data that is stored in the environment of the Customer, the Customer defines the technical and organisational measures for such access.

In addition thereto, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing as well as the risk of varying likelihood and severity for the rights and freedoms of the data subjects, the Processor implements the following technical and organisational measures described hereafter.

• The personnel and sub-processors of the Processor annually must attend an online data privacy training.
• Passwords that are provided to the Processor to access the environment of the Customer must be stored in a specific and secure tool provided by the Processor.
• A strong password/ multi factor authentication (MFA) must be used to access the devices that are used to access the environment of the Customer.
• The accessing of the environment of the Customer will be through Codit managed devices, which automatically have latest policies and rules enforced, are monitored, and protected by the Processors chosen virus and threat protection.
  • If the device used to connect to the environment of the Customer is not managed by the Processor, the Customer will be informed.
• The Processor shall immediately inform the Customer by e-mail when a member of the team no longer needs access to the Customer’s environment to allow the Customer to block any future access by the team member to the Customer’s environment.

In the event of a change in such means the Processor undertakes in any case to replace these with means of equivalent or superior performance.

Changes may in no event lead to a reduction in the level of security.