Processor agreement

According to the GDPR, the organization has the role of 'controller' and Spotler has the role of 'processor'. As soon as your organization enlists a processor, you are obliged to conclude a processor agreement with this processor. Even if personal data ends up in Spotler through a third party, a processor agreement with that third party is required. The GDPR sets specific requirements for the content of a processor agreement.

Such as:

  • Indicating how you will be using the data of contacts and for what purpose
  • Indicating that the processor is responsible for all technical and organizational security measures
  • Indicating that the processor provides assistance in reporting data leaks, etc.

In Spotler you will find a GDPR-proof model processor agreement from the DDMA. This processor agreement (PA) is free of charge. It is also possible to conclude a customized contract with us. However, this will entail additional costs, as a legal check must be carried out.

Go to the Privacy tab under Account settings. Next, click on Processor Agreement on the left.

If you haven't signed anything yet, the status will read Not signed. Right-click the status and you will see the following drop-down options:

  • Sign
  • View
  • Download signing sheet
  • View approval (only active after PA has been uploaded)
  • Notes (only active after PA has been uploaded)

Accountinstellingen_Privacy_verwerkersovereenkomst_overzicht_ENG.png

The sign sheet and the processor agreement are separate from each other. The reason for this is that the person who checks the PA does not need to be authorized to sign. The contract itself does not have to be signed, just the separate sign sheet.

Sign your processor agreement in 6 steps

Go through the following six steps in Spotler to easily sign the processor agreement:

  1. 1. Right-click on Unsigned and a drop-down menu will appear.
  2. Click on Download sign sheet.
  3. Complete the sign sheet, add your signature and make a scan or take a photo of it.
  4. Next, click on Sign in the drop-down menu.
  5. A pop-up will appear that allows you to choose a file. Select the signed sign sheet.Accountinstellingen_Privacy_verwerkersovereenkomst_ondertekenen_ENG.png
  6. Click on OK.

After uploading, the status will change from Not signed to Signed. In addition, the date of the upload will appear in the table. You will receive an email confirmation which includes the PA and the signed agreement. The main recipient will also receive an email notification. If you have a customized PA, it must be signed on both sides, so also by Spotler. When you conclude such a customized agreement with us, we ensure that this will become visible in your account. 

Tip: Make sure to at least conclude a standard processor agreement with us. That way, you are already GDPR compliant and you can always conclude a customized contract later.

Changes to the PA

If a new version of the standard PA is released in the future, you will see that the version number has become higher. The current PA will remain in effect until the new PA has been signed. It is therefore important that you sign it again and upload the approval. The outdated PA will remain visible and will receive the status Outdated. It is only possible to upload a new sign sheet for the new PA.

Accountinstellingen_Privacy_verwerkersovereenkomst_verouderd_ENG.png

 

Extrainfo_FAQ.jpg When schould a organization conclude a processor agreement with Spotler?
  1. If you are a direct customer of Spotler, even if you don't log in to our software - for example if you have our agency carry out full service activities for you.
  2. If you are an indirect customer of Spotler and you log in to our software. As a user, you will be automatically informed that you have to conclude a PA with Spotler.

When do I not have to conclude a processor agreement with Spotler?

There are two cases in which you don't have to conclude a PA with Spotler.

  1. If you are the customer of a partner of Spotler and you don't log in to Spotler yourself. The partner works for you full-service.
  2. If you are the user of a sub account (Corporate) and a sufficient processor agreement has already been concluded by the main account. Spotler does not mention whether a processor agreement has been concluded by the main account. Please be aware that you have to decide for yourself whether it is necessary to conclude your own processor agreement.

Why should all partners conclude a processor agreement with Spotler?
In a Spotler account, partners have access to personal data. Within this account, they have the possibility to process personal data. Therefore, all partners must conclude a processor agreement with Spotler in the account from which they have access to their client account. This processor agreement applies to all the customers who are served by the partner using Spotler. The customers of the partner fulfil the role of Controller, the partner the role of Processor and Spotler the role of Sub-processor. For special situations, please contact your partner manager.

What should I look out for with regard to a processor agreement if I have a link?
If you have a link which is provided by a third party as a service, it is important that a processor agreement is concluded for this as well. The reason for this is that, through this third party, personal data is placed in Spotler. And if this happens, the GDPR considers this an additional processor. If this is the case, you must conclude an additional processor agreement with the organization that provides the link as a service.

As a customer, do I have to conclude a processor agreement with my partner who supplies Spotler?
Yes, because your partner has access to your account which has personal data. Please note that it is not possible to conclude a processor agreement between a partner and customer within Spotler.