As an Association, personal data is managed and processed. This creates the who processes accountability. Drawing up a processor agreement is part of this.
The Association is responsible for the data and is the controller in this.
Klubs processes personal data on behalf of the controller and is the processor (processor) in this.
The processor agreement is the agreement between controller and processor that defines how the processor should handle personal data. The controller who has personal data processed by a processor is obliged to have a processor agreement with the processor.
This applies even if the processor is, for example, a subsidiary of the responsible company, or is located abroad. Anytime a controller "outsources" the processing of personal data, a written agreement is required.
Below is an example of a Processor Agreement
- Clubs Processor Agreement-2022.pdf
Clubs - Processing Agreement
Parties and preamble
Between On the One Hand
The Association, ....
Hereinafter referred to as the "Association"
And on the other hand
Klubs BV, established at Fortveld 2 b14, 2110 Antwerp, registered under KBO number BE 0751.959.935, legally represented here by Jan Renaer, director.
Hereinafter referred to as "Clubs"
Wherein the foregoing parties together are also referred to as the "Parties" or, individually, are referred to as a "Party."
Be observed that which follows:
The parties have entered into an Agreement around the use of the Klubs Software Platform. Additionally, they wish to enter into a Processing Agreement in the context of the GDPR and privacy legislation.These attachments form an inseparable part of this Agreement. Any deviations set forth in the Agreement take precedence over the information contained in the attachments.
Third Parties
| Document Data | Third Parties |
| Web hosting | Combell |
| IT infrastructure | Pandafish |
| Transaction mails | Mailgun |
| Mailings | MailChimp |
| Accounting - Single-entry bookkeeping scheme | Treasurer |
| Accounting - Full accounting schedule | Yuki |
| Online Payments | Mollie |
Privacy Statement
Klubs' Processors Statement
Klubs is committed to protecting personal data and respecting privacy.
In this processor statement, we want to provide clear and transparent information about what data is collected within Klubs and how Klubs handles personal data. Klubs makes every effort to ensure privacy and therefore handles personal data with care. Klubs adheres in all cases to the applicable laws and regulations, including the General Data Protection Regulation (AVG) or Global Data Protection Regulation (GDPR).
This entails:
- personal data are processed in accordance with the purposes for which they were provided. These purposes and types of personal data are described in this privacy statement.
- the processing of personal data is limited to only those data that are minimally necessary for the purposes for which they are processed
- Express consent is sought if Klubs requires it for processing personal data
- appropriate technical and organizational measures are taken to ensure the security of personal data
- no personal data will be passed on to other parties unless necessary to carry out the purposes for which they were provided
Purpose of processing
Personal data is held and processed by Klubs for the following purposes and legal grounds :
- For conducting efficient club management and in particular membership administration
- For the organization and management of activities
- For sending transaction emails and mailings
For the above purposes, Klubs may manage and process the following personal data:
- Personal identity information : name, first name, address, phone number, e-mail, photo, relationships with other members
- Identity data: identity card number, national register number
- Personal characteristics: gender, date of birth, place of birth, nationality
- Business data: company, function, address, VAT no.
- Characteristics in relation to specific areas of interest
Klubs uses the data collected only for the purposes for which it obtained the data.
Provision to third parties
The data transmitted to us for processing may be provided to third parties as necessary to carry out the purposes described above.
For example, we use a third party for:
- taking care of membership records
- Taking care of the internet environment (web hosting)
- Providing IT infrastructure (including IT network, software, app, etc.)
- sending transaction emails (confirmations, confirmations, etc.)
- Providing and distributing mailings
- keeping the accounts
- processing online payments
Klubs never transfers personal data to other parties with whom we have not entered into a processing agreement.
Klubs makes the necessary arrangements with these parties (processors) to ensure the security of personal data.
Secrecy
Klubs will not disclose or share the data provided to third parties unless required and permitted by law. For example, data requested by the Police as part of an investigation.
Also, Klubs may share personal data with third parties if the Association gives us permission (in writing) to do so. The Association has the right to withdraw this consent at any time, without prejudice to the lawfulness of the processing before its withdrawal.
Klubs does not provide personal data to parties located outside the EU.
Personal data of minors (persons under 16 years of age) are processed if written consent is given by the parent or legal representative.
Data security
Klubs has taken appropriate technical and organizational measures to protect personal data from unlawful processing. For example, Klubs has taken the following measures;
- all persons who may learn of your information on behalf of Klubs are bound to secrecy thereof
- all our systems have a username and password policy
- when warranted, personal data is pseudonymized and there is data encryption
- backups of personal data in order to restore them in case of physical or technical incidents
- Procedures for regular testing and evaluation of these measures
- employees are informed of the importance of protecting personal data.
Retention period
Klubs does not retain personal data longer than necessary for the purpose for which it was provided or required by law.
rights regarding your Personal Data
Persons whose data are processed by Klubs have the right to inspect and the right to correct or delete personal data.
To this end, separate GDPR reporting is provided. Within the Klubs tool, the conceived personal data can be displayed and reported in a simple way. A transaction for the right to be forgotten is also provided here.
Contact is always made through the Association. To verify identity, this is done on the basis of a copy of the identity card.
Data Protection Officer - DPO
Klubs has a DPO agreement with a DPO.