top of page

TERMS AND CONDITIONS

I.PROVIDER'S DETAILS

Company:                           GINA Software s.r.o.

Registered office:       Purkyňova 649/127, 612 00 Brno, Czech Republic Company identification No.: 29254191, tax ID No.: CZ 29254191

Incorporated in the Companies Register kept by the Regional Court in Brno, Section C, Insert 68585

Telephone:                          +420 720 730 830

E-mail:                                     info@ginasystem.com

Bank details:                      270682726/0300, ČSOB, a.s.

Represented by:             Ing. Zbyněk Poulíček, Ing. Boris Procházka,

Branches:                              Purkyňova 649/127, 612 00 Brno, Czech Republic

 

 

II.INTRODUCTORY PROVISIONS
  1. This document entitled Terms and Conditions, under Section 1751 par. 1 Act No. 89/2012 Coll. Civil Code, as amended (hereinafter the "Civil Code"), regulates mutual rights and obligations of the parties and was issued by the Provider for cases where a part of the content of contracts concluded by the Provider is determined by reference to its terms and conditions (hereinafter the "Terms and Conditions"), in particular those arising in connection with sale, provision and use of the Provider's software (hereinafter referred to as "Software Solution"), Provider's hardware (hereinafter referred to as “hardware”), provision of consulting, implementation and other works and services (hereinafter the "Services") (collectively referred to as the "Provider's Products") to the Purchaser.

 

 

III.CONTRACT CONCLUSION, ORDER
  1. The Purchaser and the Provider shall always conclude a separate contract, whose subject shall be in particular sale, provision and use of the Provider's Products. The contract may be replaced with an order sent by the Purchaser to the Provider, followed by the binding confirmation of the Provider (the contract and the order are hereinafter referred to as the "Contract").

  2. The Purchaser may send the order to the Provider by e-mail to the address info@ginasystem.com. The Purchaser shall state correct, accurate and complete information in the order, in particular the correct and complete billing and mailing address, to which the ordered product is to be delivered.

  3. The Provider shall confirm the order to the Purchaser within 7 business days or inform the Purchaser of reasons for not having confirmed the order and for not having concluded the contractual relation with the Purchaser; this to the Purchaser's e-mail address from which the order was sent. The Provider shall always confirm the validity of the Provider's Product prices in the order confirmation. In the event that the Provider quotes a higher price than the price in the order, the Purchaser may accept the new price or cancel the order. In the event that the new price is lower than the price in the order, the product or the service shall be delivered to the Purchaser at the current (lower) price.

  4. The Provider is not obliged to accept the order, in particular if:

    1. the product has been discontinued,

    2. the product price has changed considerably,

    3. the Purchaser has repeatedly breached its duties, especially to pay the purchase price.


 

The application of Section 1729 Civil Code shall be excluded for the purposes of the contractual relation between the Provider and the Purchaser.

  1. Pursuant to the Contract, the Provider is obliged to deliver the requested Provider's Product to the Purchaser within the agreed period, and the Purchaser is obliged to accept the ordered Provider's Product and pay to the Provider the agreed price for the delivery of the Provider's Product.

IV.PAYMENT TERMS
  1. The prices of the Provider's Products are specified in the Contract between the Provider and the Purchaser. VAT under applicable legal regulations shall be added to the price of the Provider's Products.

  2. The price of the Provider's Software Solution and Services and potential costs of the Provider related to the delivery under the Contract shall be settled by the Purchaser to the Provider on the basis of an invoice issued by the Provider:

  • by bank transfer to the Provider's account No. 270682726/0300, kept at Československá obchodní banka, a. s. (hereinafter the "Provider's Account").

  • The invoices issued by the Provider must have all the requisites of the tax document under the applicable legal regulations. The contracting parties agree on the invoice maturity of 14 days of the date of issue unless specified otherwise in the invoice. The date of the invoice settlement is the date on which the Provider's Account was credited with the invoiced amount. In the event of delay in the invoice settlement, the contracting parties agree on the interest on late payments of 0.05 % of the outstanding amount for each commenced day of the delay, and the Provider's entitlement to the interest shall originate as of the day following the maturity date of the invoice.

V.DELIVERY TERMS
  1. The primary method of delivery of the Provider's software products shall be the installation of the SW to the hardware recommended or purchased by the Provider. The Provider's software product may also be installed to the Purchaser's own device in case the Purchaser requires so. In such case the Purchaser acknowledges the risk of potential incompatibility of the Provider's software product and the Purchaser's hardware. The Provider shall not be liable for damage caused through such incompatibility.

  2. The date and method of delivery are agreed between the contracting parties in detail in the Contract. In the event of the Purchaser's failure to provide the assistance necessary for provision and delivery of the Services, the delivery date shall be postponed by the time of the Purchaser's delay in accepting the Provider's Product.

  3. The contracting parties undertake to prepare the Acceptance Certificate on the delivery of the Provider's Product. In case the Purchaser has reservations concerning the delivered Product, such reservations shall be entered by the Purchaser in the Acceptance Certificate and dealt with by the Provider in the agreed time. The results of the Provider's actions shall be accepted by the takeover of the Acceptance Certificate. The Provider's Product is also deemed delivered by the Purchaser by enabling to manipulate with such product.

VI.TECHNICAL SUPPORT
  1. The Provider undertakes to provide the technical support to the Purchaser as part of the Provider's Product. The technical support shall always apply to the current version of the product, which is in the Provider's offer, and to an upgrade from the previous to the current version.

  2. In case the Provider's Product was purchased through a partner supplier, the technical support shall be provided by that supplier upon consultation with the Provider.

  3. Unless stipulated otherwise between the parties, the Provider's technical support shall be available to the Purchaser:

  • by phone at +420 720 730 830 from 8 am to 6 pm (UTC+1) on business days,

  • by e-mail at support@ginasystem.com 24 hours a day.

    1. Detailed specification of levels and conditions of the technical support are stipulated by the contracting parties in the Contract.

VII.AUTOMATIC RENEWAL OF CONTRACT
  1. In case the Provider and the Purchaser concluded the Contract for a definite period, and if not stipulated otherwise therein, the contractual relation shall be automatically renewed under the same conditions after the contractual period expires, for the same period and repeatedly. In case either the Purchaser or the Provider does not wish to renew the contractual relation, it shall notify the other contracting party of its intention in writing no later than 1 month prior to the expiry of the contractual period; otherwise the contractual relation shall be automatically renewed and the Purchaser shall pay the stipulated remuneration. A written notification delivered later than 1 month prior to the expiry of the contractual period shall be disregarded.

VIII.LICENSE TERMS
  1. In case the Provider's Product is the subject of the Contract, by the conclusion of the Contract the Provider shall grant to the Purchaser a non-exclusive, territorially unlimited license to use the Provider's software product for the period stipulated in the Contract. The license price is included in the price for the Provider's Products.

  2. In the case of modifications, updates, enhancements or other changes to the Provider's software product, the license shall be granted also to such modified software products. If the Purchaser acquires an upgraded product version, it may use either the upgraded or the original version; however, it may not use both versions simultaneously.

  3. In case the license period is stipulated in the Contract for a definite period (non-perpetual license), the license shall be automatically renewed under the same conditions after the license period expires, for the same period and repeatedly. In case the Purchaser does not wish to renew the license, it shall notify the Provider of its intention in writing no later than 1 month prior to the expiry of the license period; otherwise the license shall be automatically renewed and the Purchaser shall pay the license fee, which is included in the price for the Provider's Products. A written notification of the Purchaser delivered to the Provider later than 1 month prior to the expiry of the license period shall be disregarded.

  4. The Provider represents that it is entitled to exercise proprietary rights to the software product and such rights are not affected or limited in any way and by anyone, and that it is entitled to provide the license under the terms hereof.

  5. The Purchaser is entitled to use the Provider's software product solely for the purpose stipulated by these Terms and Conditions and by the Contract. The Purchaser undertakes not to take any action that would facilitate unauthorized use of the Provider's software product by the Purchaser or by third parties. The Purchaser may not sublicense the Provider's software product to third parties or assign rights and obligations from the provided license in any other way.

  6. Tampering with or decompilation of program codes, re-engineering and derivation of program versions are unacceptable. The Purchaser's license shall automatically expire in the event of breach of any of the above provisions. In such case the Purchaser is obliged to delete the product, all its copies and related documentation. The Provider reserves the right not to provide any source codes to any of its software products, except the interface description and definition, which serves for integration with other manufacturers' applications.

IX.WARRANTY AND LIABILITY FOR DEFECTS
  1. The Provider provides the Purchaser with warranty for the Provider's hardware products in the scope and period as determined by the warranty terms of the supplier or manufacturer of the Provider's hardware products.

  2. The contracting parties undertake to exert the maximum effort to prevent the damage and to minimize damage arisen. The Provider shall not be liable for damage incurred in consequence of a factually faulty assignment or a different faulty assignment, which was obtained from the Purchaser. The Purchaser acknowledges that the Provider is not liable for defects of the Provider's Products arisen due to ordinary wear and tear or failure to follow the instructions for use or defects caused as a result of deletion, modification or any interference with the Provider's hardware and software products by the Purchaser or a third party.

  3. The Provider shall be liable for damage caused to the other party by breaching its contractual duties. The contracting parties acknowledge that, with regard to the provision of Section 2898 of the Civil Code and to all circumstances related to the conclusion of the Contract, the total foreseeable damage which might arise may not exceed the amount equal to the price paid by the Purchaser for the fulfillment in whose causal relation the damage occurred. In case the value of fulfillment from the Contract cannot be precisely determined, the Purchaser shall be liable only up to the amount of CZK 200,000.

  4. None of the contracting parties is responsible for the delay in fulfillment of its obligations caused by circumstances excluding liability. The contracting parties undertake to notify the other party without undue delay of the arisen circumstances excluding liability, hindering due performance of the Contract. The contracting parties undertake to exert maximum effort to avert and overcome circumstances excluding liability.

  5. The contracting parties agree that all communication concerning assertion of rights from defective fulfillment shall be made solely in writing, using electronic mail. Such procedure shall provide a provable evidence of the communication process both to the Purchaser and the Provider.

  6. The Purchaser may contact the Provider at the below e-mail address in order to assert claims from defective fulfillment: support@ginasystem.com. The Purchaser is obliged to identify its person, date of the Contract conclusion and detailed description of the defect. The Purchaser must also specify its claims from the defective fulfillment.

  7. The Provider undertakes to contact the Purchaser and offer its opinion of the asserted claims and a solution proposal within 7 days of the receipt of the above request. In case the problem is of technical nature only, it shall be dealt with by the technical department that shall communicate with the Purchaser.

  8. The Provider is not liable or responsible for damages caused by hardware migration to another type or other major version of the operating system unless explicitly permitted by the Provider. The installation of security patches, which are indicated by secondary numbers, are allowed without the Provider's consent.

X.PERSONAL DATA PROTECTION
  1. The Provider undertakes to proceed in such way that the data subject shall not be injured in its rights, particularly the right to dignity; the Provider shall also prevent unauthorized interference with private life of the data subject. Personal data voluntarily provided by the Purchaser for the purpose of fulfillment of the order and the Contract are collected, processed and kept in compliance with applicable laws of the Czech Republic, in particular with Act No. 110/2019 Coll. on Personal Data Processing, as amended, as well as with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

  2. The Personal data protection rules are available at the website: https://www.ginasystem.com/download/gdpr-cs.pdf.

  3. In view of the fact that the Provider may act as a personal data processor when performing individual services and advanced customer support services and Licensee is or may be the administrator of such personal data, the Provider and the Licensee have entered into a personal data processing agreement that forms an attachment No. 1 of these General Terms and Conditions. The Personal Data Processing Agreement contains, in addition to other requirements under Article 28 (3) of the General Regulation (EC) 2016/679 of the European Parliament and of the Council on the protection of personal data (hereinafter referred to as the "Regulation"), inter alia the subject matter and time of processing, processing, type of personal data, obligations and rights of the Provider and the Licensee.

XI.PROVIDER'S CONTACT INFORMATION
  1. You can refer your queries and suggestions in connection with the Provider's Products

    1. in writing to the address: GINA Software s.r.o., Purkyňova 649/127, 612 00 Brno, Czech Republic,

    2. by e-mail to the address info@ginasystem.com,

    3. by phone at the number +420 720 730 830 from 8 am to 6 pm (UTC+1) on business days.

  2. The order may be sent by mail or e-mail. The receipt of the order shall be confirmed. We recommend that you consult the order with a competent sales department employee, or directly ask for a quotation. This will help avoid unnecessary errors in the order, and thus delays or defects in delivery.

XII.GOVERNING LAW AND DISPUTE RESOLUTION
  1. The relation between the contracting parties and the Contract itself shall be governed by and interpreted in accordance with laws of the Czech Republic regardless of collision of legal standards.

  2. The parties agree that their potential disputes shall be resolved before courts with material jurisdiction in the Czech Republic. Territorial jurisdiction shall be determined according to the Provider's registered office.

  3. The contracting parties undertake to resolve any disputes arisen from the Contract or in connection therewith primarily by mutual agreement. The contracting parties undertake to initiate extrajudicial talks between the parties to the Contract through their authorized representatives prior to commencing proceedings before the competent court or another state authority. Only after the amicable settlement of the dispute concerning the Contract or related legal relations fails, may the contracting parties resolve the dispute before the competent court in the Czech Republic.

XIII.RULES OF INTERPRETATION
  1. The Terms and Conditions must be interpreted together with the Contract and all the related written documents which are referred to in the Contract and which may be concluded in relation to the Contract. In interpreting the expression of the parties' will, the practice established between the parties in legal relations, circumstances that preceded the legal acts, as well as how the parties subsequently made it clear what content and meaning they attach to the legal acts shall be taken into account.

  2. These Terms and Conditions supplement the provisions of the Contract and in case they are attached to the Contract, they shall become a part thereof. In case application of a certain provision hereof is expressly excluded in the Contract, such provision shall not be used for the contractual relation established by the Contract. In the event of contradiction between the provisions of the Contract and hereof, the provisions hereof shall not be used in the extent in which they contradict the Contract.

XIV.CONFIDENTIAL INFORMATION
  1. The contracting parties acknowledge that confidential information is information mentioned in the Contract and provided by either of the parties in connection with the performance of the Contract, which can be classified as competitively significant, identifiable, assessable and normally unavailable in the relevant circles, which should be kept in secret upon the wish of its originator or owner, in particular non- public information about the Provider's Products and Provider's pricing.

  2. Confidential information is also such information which is expressly designated as confidential. Such designation may include a sign "confidential": e.g. on a data carrier, in an e-mail message, fax message or another type of document.

  3. Both contracting parties undertake to keep such information confidential and not to disclose it or cause its disclosure to a third party without the consent of the other party that is affected by the information, not even as a result of negligence. The contracting parties also undertake to use such information only for the purpose consistent with the intention of the disclosing party. The contracting parties shall inform their authorized staff that could get into contact with the confidential information of the mode of handling confidential information.

XV.CHANGE IN TERMS AND CONDITIONS
  1. The Provider is entitled to amend or modify the Terms and Conditions in the way of publishing their latest wording at www.ginasystem.com. The new version of the Terms and Conditions shall become valid as of the day of publication, unless the new version contains a later date.

  2. The rights and obligations arisen during the validity of the previous version of the Terms and Conditions shall not be affected by the above provision.

  3. The Provider shall inform the Purchaser of a change in the Terms and Conditions via the e-mail address of the Purchaser. The Purchaser is entitled to reject the change in the Terms and Conditions within three business days and withdraw from the contractual relation for that reason with the 1-month notice period.

  4. The Terms and Conditions shall become valid on 8 June 2018.

 

GINA Software s.r.o.

In Brno on 9 October 2019

 

 

ATTACHMENT No. 1

THE PERSONAL DATA PROCESSING AGREEMENT

 

I.GENERAL PROVISIONS
  1. Licencee (hereinafter referred to as “Customer”) concluded a licence agreement or other agreement to use a Software Product created by GINA Software s.r.o., Company Registration No. 29254191 (hereinafter referred to as “GINA”).

  2. In accordance with Article VI of Terms and Conditions (hereinafter referred to as “TAC”), Customer is entitled to individual service, consisting in advanced customer support, e.g. expert servicing and remote administration.

  3. With respect to the fact that Customer acting as administrator entitled to individual service provides GINA with access to all or a part of personal data, which will be stored in GINA servers for a strictly limited purpose within a limited period of time, GINA acts as a processor in accordance with Article 4(8) of Regulation (EU) 2016/679 of the European Parliament and of the Council on personal data protection (hereinafter referred to as “Regulation”).

  4. This agreement on processing of personal data is the Annex No. 1 of TAC and will be referred to as “Annex”.

 
II.SUBJECT OF PROCESSING
  1. The subject of processing may differ based on individual service provided to Customer, which is as follows:

    1. Remote Administration, which includes connection to Customer’s server/PC to configure the server/ PC operating system, setting control or changes in a Software product, setting control or assistance when operating the Software Product, Software Product installation, etc. TeamViewer or “Remote Desktop Services”, which is part of Microsoft Windows Server operating system, are used for remote administration. The above-mentioned tools enable the GINA service support officer (hereinafter referred to as “Service Officer”) to access Customer’s server/PC in real time recording Service Officer’s activity in which the data visible on the end user’s desktop (hereinafter referred to as “User”) may be recorded as well; possibly, personal data found in other applications opened or accessed by the Service Officer. The User is entitled to terminate Remote Service any time.

    2. Service which requires access to Customer’s data. In this case, GINA Customer sends a data file operated through the Software Product via the service box (hereinafter referred to as “Service Box”) or via TeamViewer (“File Transfer” console).

    3. Providing of data room to the Customer for the purpose of storing data via Software product of GINA

    4. Personal data inspection by Service Officer and storing personal data within the record of Service Officer’s activity which is performed during recording of Service Officer’s activity, are the subjects of Remote Administration processing (Article II.1.1). The purpose of processing is to resolve the issues reported by Customer when using the Software Product and to provide a record for complaints and other claims made by Customer which are related to Remote Administration provided.

    5. Storing data file containing personal data, which is performed during providing the Service, are the subjects of processing while Service is being provided (Article II.1.2). The purpose of processing is to analyze the requirement, to resolve it and to provide a record and proof for possible future complaints or other claims made by Customer.

    6. Storing data of the Customers containing personal data to the GINA servers or to other Processers that are  listed  in  the  Personal  data  protection  rules,  which  is  available  at  the  website:

https://www.ginasystem.com/download/gdpr-cs.pdf (hereinafter referred to as “Personal data protection rules”) are the subjects of processing while data space is being provided (Article II.1.3.).

  1. The parties to the Agreement acknowledge that GINA has access to the following personal data which will be processed in compliance with individual service for a limited period of time based on Customer’s instruction. The personal data is as follows:

  • Basic personal identification data and address data (academic title, name and surname, business name, personal identification number, ID, VAT ID, permanent address, registered address or place of business, billing address, identification details of customer representative or contact persons, identification data of payer billing, bank connection, contract and signature)

  • Contact details (contact phone number, contact e-mail)

  • Traffic data and location data (caller's number, dialed number, data link address (e.g., IP address or URL address), date and time of the connection, IMEI terminal, connection duration, number, to the Internet, GPS position, signal quality, system version, end system status)

  • Other data generated in connection with the provision of services

  • Communication data between GINA and the User

    1. The people concerned whose personal data will be processed by GINA are Customer’s workers as well as third persons included in data sentences contained in Software Product operated by the Customer.

    2. Customer acknowledges that servers of ZONER software a.s., Company Registration No. 49437381, or more precisely TeamViewer GmbH, with its head office in 30 Jahnstr. D-73037 Göppingen, Germany, are involved in personal data processing as the so-called further processors when Service Box or TeamViewer are used by Customer.

    3. GINA is entitled to involve another processor to personal data processing without Customer’s prior written consent. GINA is, however, obliged to ensure that any other processor involved in personal data processing meets the processing requirements at least within the same extent as specified in this Annex, especially in terms of adopting technical and organizational measures as it is stated in Article VIII of the Annex. GINA is obliged to inform on involvement of another processor without undue delay on the website in the Personal data protection rules and specify processor’s identification data in the manner providing Customer with an opportunity to lodge well-founded objections to these changes.

    4. Personal data processing can be a secondary obligation of GINA resulting from the Agreement based on Sec I.1 of this Annex. The processing fee is thus included in the price of the individual service.

 

 

III.PROCESSING BASED ON CUSTOMER’S INSTRUCTIONS
  1. GINA, as a processor, is obliged to process personal data only based on instructions of Customer who is the administrator.

  2. GINA provides Remote Administration (Article II.1.1) and Servicing (Article II.1.2) based on a separate order made by Customer:

    1. via e-mail sent to support@ginasystem.com or any other e-mail in the ginasystem.com domain (example Key Customer Manager of the customer), which will have the essential elements listed in Article VI TAV. The Customer is obliged to send an e-mail order from an e-mail address proving the eligibility of the request;

    2. via a monitored telephone call at +420 720 730 830, which will contain the essential elements listed in Article VI. The Customer is obliged to identify and thereby prove the eligibility of the request;

    3. through a service technician who as part of a service intervention performed for the Customer or within the Remote Administration finds that it will be necessary to work with personal data to correct the error.

  3. GINA is not authorized to process personal data based on instructions given in a form other than stated in this Section III.2 of this Annex. GINA is obliged to prove these instructions (in the order) which shall be archived for these purposes. If GINA is in doubt, it shall request Customer to provide a confirmation of his/her instructions.

IV.DURATION OF PROCESSING
  1. The duration of personal data processing is arranged for a limited period of time until the termination of individual service related to the data processing. The individual service related to personal data processing continues even after GINA primary intervention to test and verify functionality of the Software Product, which the individual service is related to, and to handle Customer’s subsequent complaints to which GINA provides warranty.

  2. GINA acknowledges that personal data provided by Customer will not be processed without a valid agreement on personal data processing.

 

 

V.PLACE OF PROCESSING, PROHIBITION OF TRANSFERRING PERSONAL DATA TO THIRD

COUNTRIES

  1. The place of personal data processing is the Czech Republic or another European Union member state. With respect to personal data processing performed for Customer, GINA is not entitled to transfer personal data to third countries or an international organization and to process personal data using tools located in third countries.

  2. Personal data processing in a third country outside the European Union is possible with Customer’s prior written consent, and only if all requirements of transfer to a third country specified in Article 44 et seq. of Regulation are met.

 

 

VI.OBLIGATION OF SECRECY
  1. GINA is obliged to secrecy of all confidential facts learnt in relation to the use of the Software Product, especially to secrecy of personal data made available by Customer or provided otherwise in relation to provision of individual service specified in Article II.1. The obligation of secrecy is neither time-bound nor bound by the duration of the Agreement between GINA and Customer.

  2. GINA is obliged to adopt appropriate organizational measures and familiarize all its employees who could have access to personal data with the obligation of secrecy as well as the fact that the obligation of secrecy is unlimited.

 

 

VII.TECHNICAL AND ORGANIZATIONAL MEASURES FOR PERSONAL DATA PROTECTION
  1. GINA is obliged to adopt appropriate technical measures to protect personal data processed with respect to the latest condition of the processing equipment, nature, scope, context and purposes of this Annex as well as to risks to rights and freedoms of individuals.

  2. GINA hereby declares that appropriate technical measures and in particular the following measures have been adopted:

    1. User shall allow access to Service Officer through TeamViewer when Remote Administration is being performed; User allows access to Service Officer by communicating his/her customer ID and password. While Remote Administration is being performed, User sees in real time what tasks Service Officer is performing on Customer’s device and can restrict access to Service Officer at any time and disconnect.

    2. User shall allow access to Service Officer through Remote desktop when Remote Administration is being performed; User allows access to Service Officer by communicating his/her login and password. While Remote Administration is being performed, User can see in real time what tasks Service Officer is performing on Customer’s device and can restrict access to Service Officer at any time and disconnect.

    3. All communication is performed after a secure connection (HTTPS protocol or equivalent).

    4. The servers of another processor, TeamViewer GmbH, are located in data centres which are in compliance with ISO 27001 and use multiple redundant connections and redundant power sources while using the latest branded hardware; all servers where data is stored during TeamViewer sessions are located in Germany or Austria.

  3. GINA hereby declares to have adopted appropriate organizational measures to protect personal data, which is processed, and which corresponds to risks resulting from processing of personal data based on this Annex; in particular GINA:

    1. has familiarized all relevant employees with the obligation to secrecy of personal data and any other confidential information or business secrets which they may handle, as well as maintain secrecy of security, technical or organizational measures the disclosure of which would jeopardize the security of Customer’s personal data, confidential information or business secrets;

    2. does not allow any unauthorized person (even if it is an unauthorized person from GINA own staff) to access personal data and tools enabling access (in particular to a personal computer, data carriers, keys and passwords enabling access or online service of third parties used to provide individual service within the meaning of this Annex);

    3. restricts groups of Service Officers who are allowed to access Service Box and records all access to Service Box;

    4. does not use any online service of third parties to storing or other processing of personal data without Customer’s prior consent in the form in which instructions are given (Article III.2).

  4. GINA uses Service Box for the purposes of transferring database through Software Product and does not allow its employees to agree with the Customer on another means of transferring or accessing it,

e.g. through cloud storage operated by third parties (e.g. Google Drive). However, if Customer decides to transfer/access his/her database this way, GINA shall not be liable for this action.

  1. GINA will allow Customer or his/her authorized people to inspect on the compliance with its obligations under this Section.

 

 

VIII.GINA COOPERATION, OBLIGATION TO BE ASSISTED
  1. GINA is obliged to provide Customer with all necessary cooperation related to a possible inspection performed by the supervisory authority in terms of personal data protection, e.g. The Office for Personal Data Protection, in particular to provide all information and explanations essential to prove the fact that personal data processing by GINA is in compliance with Regulation and GINA as well as Customer fulfill the basic principles specified in Regulation. GINA is obliged to allow audits, including inspections, performed by Customer or another auditor appointed by Customer, and to provide proper cooperation necessary for audits, inspections and other checks.

  2. GINA is obliged to assist in ensuring compliance with obligations according to Articles 32 to 36 of Regulation especially when personal data security is breached for Customer to consider whether the breach resulted in risk of compromising rights and freedoms of the people concerned; to assist Customer to properly and timely report the breach of personal data security to the supervisory authority (including the data in compliance with Article 33(3) of Regulation) and to report the breach to data subjects. Performing this obligation, GINA is obliged to respond to Customer’s instructions and requirements without undue delay.

  3. If GINA discovers any breach of personal data security, including its unauthorized processing, damage, loss or destruction when providing Customer with individual service, GINA is obliged to inform Customer about this matter without undue delay, within 24 hours at the latest, and report the reason of the breach, personal data specification which it is related to, subjects the personal data of which the breach is related to, a description of possible consequences and measures which GINA adopted to solve particular breach of personal data security including possible mitigation measures if the breach occurred on the side of GINA.

  4. GINA is further obliged, if possible, to assist through appropriate technical and organizational measures to fulfill Customer’s obligations as an administrator to respond to requests for the exercise of rights of data subjects, e.g. rights to deletion, correction, personal data portability, etc. If Customer requires assistance based on this Article of the Annex, GINA will do so for reasonable remuneration.

  5. If individual service related to personal data processing is terminated, GINA is obliged to follow Customer’s instructions and Article IV.1 of this Annex. Unless Customer specifies otherwise in relation to concrete personal data or its categories, GINA is obliged to delete this data from all data repositories when service related to personal data processing is terminated.

bottom of page