«Privacy Pact» is an online platform and service made accessible through the www.privacypact.com website.
1) Privacy Pact enables legal entities (hereafter referred as the “Applicant”) to publicly make a voluntary and legally binding commitment that they will respect and comply with the rules and principles contained in the European Regulation EU 2016/679 on the protection of personal data, also known as the «General Data Protection Regulation (GDPR) (hereafter referred as the «GDPR»), regardless of their geographic location. Privacy Pact offers the possibility for instance to companies located outside of the European Union to voluntarily and unilaterally commit to endorse and comply with the European data protection rules stated in the GDPR.
2) Privacy Pact provides Applicants with the opportunity to unilaterally commit and express its commitment to respect the GDPR through an online contractual instrument. However, all Parties, including Applicants, visitors and users of Privacy Pact, acknowledge and agree that:
Privacy Pact facilitates the publication of unilateral commitments by the Applicant, but it does not assess the effective compliance of Applicants with the GDPR. The GDPR compliance remains under the sole and exclusive responsibility of the respective Applicants.
Privacy Pact does not constitute a certification of compliance, such as defined in article 42 of the GDPR, and it cannot guarantee that Applicants are effectively complying with the referred legal obligations.
Privacy Pact and the entities in charge of its management are exonerated of and decline any responsibility whatsoever regarding the effective compliance, actions, measures and practices of the Applicants.
The entities in charge of managing Privacy Pact service are exonerated of any responsibility and liability related to the information of the website to the extent admissible by law. This service is provided on a best effort basis and relies on the assumption that Applicants provide information in good-fait and accordingly published.
3) The Applicant voluntarily undertakes to comply with the obligations arising out of the Privacy Pact in order to demonstrate its compliance with the GDPR and/or establish safeguards and standards for the collection, processing, transfer, storage and maintenance of Personal Information.
4) In case a commitment would be contested by a third party, a request to cancel a registration can be applied only if grounded on decision of a qualified tribunal or a Data Protection Authority which identifies a registered company (an Applicant) as non-compliant with the GDPR rules and provisions. In principle, the contract with the entity can be receded and removed from the public list only if such a decision has been taken. Nevertheless, the entity in charge of managing the Privacy Pact registry reserves the right to temporarily or permanently withdraw a company from the public registry.
5) The Pact is provided against a registration fee intended to support this service. The price is determined by The Privacy Pact service is provided against a registration fee intended to support the administration of the pact and to further develop this service. The fees are not refundable.
6) The fees are established by the European Center for Certification and Privacy (ECCP) and published on the Privacy Pact website. The fees can change over time and are by default indicated in Euros, VAT not included. The fees are currently set at:
- 190.00 - Euros per year for companies with less than 50 employees AND less than 10 Mios turnover;
- 390.00 - Euros per year for companies with less than 250 employees AND less than 45 Mios turnover;
- 590.00 - Euros per year for companies with either more than 250 employees or more than 45 Mios turnover.
7) The Privacy Pact online service is provided for periods of 1 year (365 days) that can be renewed manually or automatically. The initial periods of 365 days starts on the date of the initial purchase of the service by the Applicant. However, the publication of the commitment and the official start date on the Privacy Pact registry will be defined according to the uploaded contractual documents once the required contractual documents have been uploaded by the Applicant and validated by the team in charge of managing the Privacy Pact service. Registrations that are not renewed, are automatically terminated and the registry is accordingly uptaded.
8) In case of withdrawal, termination, legal decision and/or Data Protection Authority non-compliance decision, or upon request by the ECCP the Applicant should remove without undue delay from its website/materials the iFramed Label issued by Privacy Flag upon signature of the Pact .
9) Any privacy or data protection breach made by any of the Applicants shall be reported to the qualified Data Protection Authority.
10) A Data Protection Officer (DPO) and supervising expert is entrusted by the Privacy Pact to handle the privacy and other legal issues to be addressed by Privacy Pact and can be contacted at: privacy@privacypact.com For administrative issues, the Privacy Pact service can be contacted at: contact@privacypact.com
11) Neither Privacy Pact, nor the entities linked to its management ARE RESPONSIBLE FOR ANY LITIGATION (or LITGATION SOLVING), between third parties and the Applicants.
12) The contract is governed by the law of Luxembourg and any legal dispute shall be addressed exclusively through the tribunal of Luxembourg.
By checking the following box, I hereby confirm, as qualified representative of the applying company, that the company agrees with and commits to respect these terms and conditions.