1 June 2020
The service “askemo” is offered to you over the internet in the form of Software-as-a-Service by askemo BV (hereafter: “Service Provider”).
The use of services is subject to the below terms and conditions. Using service constitutes acceptance of these terms and conditions. Deviations from these terms and conditions is possible only by means of written confirmation by askemo BV.
1.1. Service Provider (“askemo BV”): established in ’s-Hertogenbosch, Netherlands and registered at Dutch Chamber of Commerce (Kamer van Koophandel) under registration number 77225090.
1.2 Website: the askemo website, which is accessible through https://www.askemo.nl and all associated sub-domains.
1.3 Customer or You: Buyer or User of goods or services from askemo.
1.4 Agreement: any agreement between askemo BV and the Customer, of which these Terms and Conditions are an integral part.
1.5 Conditions: these Terms and Conditions, including appendix “Data Processing Agreement”.
2.1. askemo offers the possibility on the internet (https://www.askemo.nl and all associated sub-domains) to: (a) design feedback forms; (b) send feedback forms to 3rd parties; and (c) view and process the feedback from 3rd parties. You decide which information you want to be filled out and what you do with the results.
2.2. To use askemo you must first register. After your registration is complete, you can log in directly to your account and use the service.
2.3. You must restrict access to your account from unauthorized persons using your personal username and password. In particular, you must keep the password strictly confidential. Askemo BV is safe to assume that actions taken from your account after registration with your username and password are made under your direction and supervision. You are therefore liable for all these actions, unless you have reported to askemo BV that someone else knows your password.
3.1. It is forbidden to use askemo for actions that are in breach of Dutch or other applicable laws and regulations. This includes storing or distributing through the service information that is defamatory or racist.
3.3. In addition, it is prohibited to violate the privacy of third parties, for example by distributing personal data of third parties without permission or necessity or repeatedly harassing third parties with undesired communication; and to do anything that violates netiquette.
3.4. If and when askemo BV finds that you violate the above conditions, or receives a complaint about this, it will warn you. If this does not lead to an acceptable solution, askemo BV may directly intervene to end the violation. In urgent or serious cases, askemo BV can intervene without warning.
3.5. If, in the opinion of askemo BV, nuisance, damage or other danger arises for the services or functioning of servers and/or network of service provider or third parties, in particular through excessive sending of e-mail or other data, leaks of personal data or activities of viruses, Trojans and comparable software, askemo BV is entitled to take all measures that it reasonably considers necessary to avert or prevent this danger.
3.6. askemo BV is at all times entitled to report criminal offenses discovered.
3.7. askemo BV can recover the damage resulting from violations of these rules of conduct. You indemnify askemo BV against all third-party claims relating to damage as a result of a violation of these rules of use.
4.1. askemo BV makes every effort to ensure that the service is available, but does not guarantee uninterrupted availability.
4.2. askemo services are continuously maintained. If maintenance is expected to limit availability, askemo BV will ensure impact to the service is relatively low. Maintenance is announced in advance if possible. Maintenance in connection with calamities can take place at any time and is not announced in advance.
4.3. askemo BV may adjust the functionality of askemo from time to time. Your feedback and suggestions are welcome, but in the end askemo BV decides which adjustments it will release or not.
5.1. The askemo service, the associated software as well as all information and images on the website are the intellectual property of askemo BV. These may not be copied or used in any way without the separate written permission of askemo BV, except in cases where this is permitted by law.
5.2. Information that you store or process through the service is and remains your property (or that of your suppliers). askemo BV has a limited right to use this information for the service, including for future aspects thereof. You can withdraw this right of use by removing the relevant information and / or terminating the agreement.
5.3. If you send information to askemo BV, for example feedback about an error or a suggestion for improvement, you give an unlimited and perpetual right to use this information for the service. This does not apply to information that you explicitly mark as confidential.
5.4. askemo BV will not take note of data that you store and/or disseminate via askemo, unless this is necessary for a good service or askemo BV is obliged to do so under a legal provision or court order. In that case, askemo BV will endeavor to limit the knowledge of the data as much as possible, insofar as this is within its power.
6.1. After an optional trial period, the use of askemo is subject to a fee for the use of certain functionality. You will be informed of the costs for the relevant functionalities. The fee is payable per month or per year, in advance.
6.2. Payment can be made by SEPA direct debit (SDD), by transferring the amount yourself to askemo BV’s bank account, via iDeal payment, via credit card, via PayPal, or according to the payment instructions on the website.
6.3. Because the service is delivered instantly, at your direct request, it is not possible to cancel a payment by relying on the Dutch Distance Selling Act (Wet Koop op Afstand).
7.1. Besides a case of intent or gross negligence, askemo BV’s liability is limited to the amount that you paid in the three months prior to the moment of the damaging event.
7.2. askemo BV is not liable for indirect damage, consequential damage, loss of profit, missed savings and damage due to business interruption.
7.3. Conditions for any right to compensation are that you report the damage in writing to askemo BV within two months of discovery.
7.4. In case of force majeure, askemo BV is never obliged to pay compensation for the damage caused to you. Force majeure includes disruptions or breakdowns of the internet, the telecommunications infrastructure, power failures, domestic disturbances, virus outbreak, mobilization, war, traffic jam, strike, exclusion, business disturbances, supply stagnation, fire and flood.
8.1. This agreement commences as soon as you use the service for the first time by registering and then runs indefinitely.
8.2. If you enter into the agreement with monthly payment terms, you can cancel the agreement at any time with a notice period of two months, counting from the moment of cancellation. If you have opted for a subscription with annual payment terms, cancellation is only possible after each annual subscription period has expired, with a two-month notice period.
8.3. askemo BV can terminate the agreement if you have not logged in for eighteen months. In that case, it will first send a reminder email to the email address associated with your account.
8.4. askemo BV can provide you with a copy of the stored data on request and at extra cost. Inquire about the possibilities and costs.
9.1. askemo BV may adjust these conditions and prices at any time.
9.2. askemo BV will announce the changes or additions at least thirty days before they take effect, so that you can take note of these.
9.3. If you do not wish to accept the updated conditions, you are entitled to cancel the agreement per the effective date of the updated conditions. Use of the service after the beforementioned effective date counts as acceptance of the updated conditions.
10.1. This agreement is subject to Dutch Law.
10.2. Unless otherwise prescribed by the rules of law, all disputes related to askemo will be submitted to the competent Dutch court for the district in which askemo BV is established.
10.3. If a provision in these Conditions requires that a notification must be “in writing”, this shall also be deemed satisfactory if the notification is made by e-mail or communication via the service, provided that it is sufficiently proven that the message actually originates from the alleged sender and that the integrity of the message has not been compromised.
10.4. The version of communication or information stored by askemo BV is deemed to be correct unless you provide evidence to the contrary.
10.5. If a provision in these Conditions proves to be invalid, this does not affect the validity of the entire Conditions. If this occurs, the parties will determine (a) new provision(s) to replace, as far as is legally possible, the intention of the original provision is given shape.
10.6. askemo BV is entitled to transfer its rights and obligations under the agreement to a third party that takes over askemo or the relevant business activity.
This data processing agreement is an appendix to “Terms and conditions for askemo” (hereinafter: the “Conditions”) by and between customer (hereinafter: “Controller”) and askemo BV (hereinafter: “Processor”). With acceptance of the Conditions, this data processor agreement is also accepted by the parties.
1.1. Processor hereby agrees under the terms of this Data Processing Agreement to process personal data on behalf of the Controller. Processing shall be done solely for the purpose of the Conditions, in particular for: (a) storing data in the ‘cloud’ for the benefit of Controller, and associated online services; (b) the transmission of emails and/or newsletters for Controller; (c) managing the customer administration of Controller related to askemo; (d) and all purposes compatible therewith or as determined jointly.
1.2. The personal data to be processed by Processor for the purposes as set out in the previous clause and the categories of data subjects involved are set out in Appendix 1 to this Data Processing Agreement. Processor shall not process the personal data for any other purpose unless with Controller’s consent. Controller shall inform Processor of any processing purposes to the extent not already mentioned in this Data Processing Agreement. Processor however is permitted to use personal data for quality assurance purposes, including surveys to data subjects and statistical research purposes regarding the quality of Processor’s services.
1.3. All personal data processed on behalf of Controller shall remain the property of Controller and/or the data subjects in question.
2.1. Regarding the processing operations referred to in the previous clause, Processor shall comply with all applicable legislation, including at least all data processing legislation such as the GDPR.
2.2. Upon first request Processor shall inform Controller about any measures taken to comply with its obligations under this Data Processing Agreement.
2.3. All obligations for Processor under this Data Processing Agreement shall apply equally to any persons processing personal data under the supervision of Processor, including but not limited to employees in the broadest sense of the term.
2.4. Processor shall inform Controller without delay if in its opinion an instruction of Controller would violate the legislation referred to in the first clause of this article.
2.5. Processor shall provide reasonable assistance to Controller in the context of any data protection impact assessments to be made by Controller.
2.6. Processor shall, in accordance with Article 30 GDPR, keep a register of all categories of processing activities which it carries out on behalf of the Controller under this data processing agreement. At Controller’s request, Processor shall provide Controller access to this register.
3.1. Processor may process the personal data in any country within the European Union.
3.2. Transfer to countries outside the European Union is not permitted.
4.1. Processor shall make available IT facilities to be used by Controller for the purposes mentioned above. Processor shall not itself perform processing operations unless separately agreed otherwise.
4.2. Processor is solely responsible for the processing of personal data under this Data Processing Agreement in accordance with the instructions of Controller and under the explicit supervision of Controller. For any other processing of personal data, including but not limited to any collection of personal data by Controller, processing for purposes not reported to Processor, processing by third parties and/or for other purposes, the Processor does not accept any responsibility.
4.3. Controller represents and warrants that the content, usage and instructions to process the personal data as meant in this Data Processing Agreement are lawful and do not violate any right of any third party.
5.1. Processor shall involve third parties in the processing under this Data Processing Agreement on the condition that such parties are reported in advance to the Controller; Controller may object to a specific third party if its involvement would reasonably be unacceptable to it.
5.2. In any event, Processor shall ensure that any third parties are bound to at least the same obligations as agreed between Controller and Processor.
5.3. Processor shall ensure that these third parties shall comply with the obligations under this Data Processing Agreement and is liable for any damages caused by violations by these third parties as if it committed the violation itself.
6.1. Processor shall use reasonable efforts to implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk for the processing operations involved, against loss or unlawful processing (in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed).
6.2. Processor does not warrant that the security is effective under all circumstances. If any security measure explicitly agreed in this Data Processing Agreement is missing, then Processor shall use best efforts to ensure a level of security appropriate to the risk taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.
7.1. Controller is responsible at all times for notification of any security breaches and/or personal data breaches (which are understood as: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed as described in Article 4 (12) of the GDPR) to the competent supervisory authority, and for communication of the same to data subjects. In order to enable Controller to comply with this legal requirement, Processor shall notify Controller within a reasonable period after becoming aware of an actual or threatened security or personal data breach.
7.2. A notification under the previous clause shall be made only for actual breaches with severe impact.
7.3. The notification shall include at least the fact that a breach has occurred.
In addition, the notification shall:
par. 1. describe the nature of the personal data breach including, where possible, the categories and approximate number of data subjects concerned and the categories and approximate number of personal data records concerned;
par. 2. describe the likely consequences of the personal data breach;
par. 3. include the name and contact details of the Data Protection Officer (if appointed) or a contact person regarding privacy subjects;
par. 4 describe the measures taken or proposed to be taken by the controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.
8.1. In the event a data subject makes a request to exercise his or her legal rights under the GDPR (Articles 15-22) to Processor, Processor shall pass on such request to Controller, and Controller shall process the request. Processor may inform the data subject of this passing on.
9.1. All personal data that Processor receives from Controller and/or collects itself is subject to strict obligations of confidentiality towards third parties. Processor shall not use this information for any goals other than for which it was obtained, not even if the information has been converted into a form that is no longer related to an identified or identifiable natural person.
9.2. The confidentiality obligation shall not apply to the extent Controller has granted explicit permission to provide the information to third parties, the provision to third parties is reasonably necessary considering the nature of the assignment to Controller or the provision is legally required.
10.1. Controller has the right to have audits performed on Processor by an independent third party bound by confidentiality obligations to verify compliance with the security requirements, compliance with data processing regulations, unauthorised use of personal data by Processor personnel, compliance with the Data Processing Agreement, and all issues reasonably connected thereto.
10.2. This audit may be performed in case a substantiated allegation of misuse of personal data has arisen.
10.3. Processor shall give its full cooperation to the audit and shall make available employees and all reasonably relevant information, including supporting data such as system logs.
10.4. The audit findings shall be assessed by the parties in joint consultation and may or may not be implemented by either party or jointly.
10.5. The costs of the audit shall be borne by Controller.
11.1. Parties explicitly agree that any liability arising in connection with personal data processing shall be as provided in the Conditions.
12.1. This Data Processing Agreement enters into force upon signature by the parties and on the date of the last signature.
12.2. This Data Processing Agreement is entered into for the duration of the Conditions.
12.3. Upon termination of the Data Processing Agreement, regardless of reason or manner, Processor shall – at the choice of Controller – return in original format or destroy all personal data available to it.
12.4. This Data Processing Agreement may be changed in the same manner as the Conditions.