Processing Agreement

Article 1: Definitions.

  • This article contains definitions of key terms used in the agreement, such as "Data Subject," "Personal Data," "Processor," "Controller," and "Processing.

Article 2: Duration and termination

  • The contract runs for as long as the Processor processes personal data for the Controller and is not terminable in the interim.
  • Upon termination of the contract, the Processor will delete or destroy all personal data, unless a legal retention period applies or it is necessary to prove fulfillment of commitments.

Article 3: Subject matter

  • Processor will process personal data on behalf of the Controller, for the purposes set forth in Exhibit 1.
  • Personal data remains the property of the Respondent.

Article 4: Implementation of processing

  • Processor is only responsible for processing personal data according to the terms of this agreement.
  • Processor shall not process personal data outside the European Economic Area (EEA) without the prior written consent of the Controller.

Article 5: Personal Data Security.

  • Processor must implement appropriate technical and organizational security measures to protect personal data from loss, unauthorized access, and other risks.
  • Security requirements will be regularly reviewed and improved.

Article 6: Monitoring

  • Respondent has the right to conduct an annual (penetration) test to verify compliance with the Agreement.

Article 7: Duty to report data breaches & monitoring

  • Processor must immediately notify Respondent of any data breach.
  • Respondent will inform Data Subjects and other affected parties of data breaches as necessary.

Article 8: Secrecy

  • Processor and its personnel must maintain the confidentiality of personal data, except where consent has been given by the Controller or in cases where disclosure is required by law.

Article 9: Rights of Data Subjects.

  • Processor must cooperate with Respondent to handle requests from Data Subjects regarding their personal data.

Article 10: Engaging and sharing personal data with sub-processor

  • Processor may engage third parties to process personal data, but must ensure that these third parties meet the same obligations as set forth in this Agreement.

Article 11: Retention period

  • Processor will retain personal data according to the established retention period, usually 25 months.

Article 12: Final provisions

  • Changes to the agreement must be agreed upon in writing.
  • Belgian law applies to this agreement.
  • Disputes will be submitted to the court having jurisdiction in Processor's place of business.

Personal Data Processed:

  • Name
  • Address
  • Residence
  • Phone number
  • Email address
  • Gender
  • Debtor and invoice information

Categories of Data Subjects:

  • Debtors

Purposes of Processing:

‍Personaldata shall be processed for the following purposes:a) Collection of receivables held by Respondent through Processor;b) Establishing a scoring value based on current and historical data for collection, which allows the probability of recoverability to be determined;c) Contributing to the prevention of over-indebtedness and other problematic debt situations among data subjects;d) Performing the services as agreed between Respondent and Processor.

Mode and Means of Processing:

‍PersonalData shall be processed and stored in the relevant software systems of Processor. Processor may also engage third parties to perform services, such as website hosting and maintenance, mail processing, bailiffs, email, SMS and telephone dispatch service providers, and banks or financial institutions with which Processor partners for financing.

For a current list of the names of parties with whom Processor shares data, as well as a description of the data and the purpose of the sharing, please contact backoffice@monvy.com.

Security:

The listed security areas and aspects in the information security policy are important to ensure the confidentiality, integrity and availability of personal data. Some of these areas include:

  1. Secure personnel: Ensuring that employees are aware of security protocols and procedures and that they handle data in a secure manner.
  2. Access Security: Controlling and restricting access to systems and data to prevent unauthorized access.
  3. Physical security: Protecting physical access points and equipment where personal data is stored.
  4. Information security incident management: Having procedures in place to respond quickly to security incidents and data breaches.
  5. Business continuity management: planning for maintaining business continuity in the event of emergencies so that data remains available.
  6. Compliance: Compliance with applicable data protection and privacy laws and regulations, such as the General Data Protection Regulation (GDPR) in the European Union.

We will gladly make the declaration of applicability available to you confidentially and upon request.

Debit net "MONVY"

Trade register number: 0769.274.930, VAT: BE0769274930

Headquarters: Avenue Brugmann 921190 Forest, Belgium