Skip to main content

PARTIES TO THIS AGREEMENT

THIS AGREEMENT IS ENTERED INTO BETWEEN:
Any user who creates an account, consults Tooli, or uses its features including downloading files, hereinafter referred to as the “User”.
Buildwise, a company with its registered office in Kleine Kloosterstraat 23, 1932 Zaventem, registered with Banque-Carrefour des Entreprises de Belgique (Belgian Crossroads Bank for Enterprises) under number 0407.695.057, hereinafter referred to as “Buildwise”.

CONTEXT

  1. Buildwise makes available to Users, free of charge, an intelligent legal assistant based on artificial intelligence (“Tooli”) which enables Users to ask questions, up- or download documents, input Data and interact with the Chat in order to obtain automated responses.
  2. The Parties acknowledge that, for the purposes of this Agreement, the User acts as Data Controller in that they determine the purposes and means of processing of Data which they input or introduce into Tooli, and that Buildwise acts as Processor, in that it implements, on behalf of and on the instructions of the User, the processing necessary in order to make Tooli available to Users.
  3. In accordance with the applicable Data Protection Law, the Parties wish to enter into this Processing Agreement (“Agreement”), which defines their respective rights and obligations and constitutes an integral part of the T&Cs.
It is agreed as follows:

1. Definitions

1.1. The terms below are defined as follows:

“Data Controller”, “Processor”, “Sub-processor”, “Data Subject”, “Personal Data” and “processing” (and “process”) have the meaning given in the applicable Data Protection Law;
“Applicable Data Protection Law” means all laws and regulations worldwide relating to the protection of personal data which apply to the Personal Data in question, including, as applicable, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”) and any applicable national data protection law adopted pursuant to or in implementation of the GDPR.
“European Economic Area” or “EEA” means the Member States of the European Union; and (ii) Norway, Liechtenstein and Iceland.
“User” means any user who creates an account, consults Tooli, or uses its features including up- or downloading files, hereinafter referred to as the “User”.

2. Relationship between the Parties

2.1. Appointment as Processor

The User, in their capacity as Data Controller, appoints Buildwise as Processor to process the Personal Data described in Annex I (“Data”). Each Party undertakes to comply with the obligations incumbent upon it under the applicable Data Protection Law.

3. Purposes of processing

3.1. Permitted Purpose

Buildwise undertakes, in its capacity as Processor, to process the Data only for the purposes described in Annex I and solely on documented instructions from the User (“Permitted Purpose”), unless otherwise required by the applicable Data Protection Law.

3.2. Processing Limitations

In no circumstances shall Buildwise process the Data for its own purposes or for those of third parties. Buildwise shall inform the User without delay if it considers that an instruction given by the latter constitutes a breach of the applicable Data Protection Law.

4. Onward transfers

4.1. Transfer Restrictions

Buildwise undertakes not to transfer Data (nor to authorise an onward Sub-processor to transfer Data) to a country or region outside the EEA (“Onward Transfers”) unless that country or region has been recognised by the European Commission as ensuring an adequate level of protection in accordance with the applicable Data Protection Law.

4.2. Safeguards for Transfers

If Data is to be transferred to, stored by or accessed by a Sub-processor located in a country or region outside the EEA for which the European Commission has not adopted an adequacy decision, such an Onward transfer may only take place if Buildwise has implemented appropriate safeguards with the Sub-processor designed to ensure an essentially equivalent level of protection for the transferred Data, in accordance with the applicable Data Protection Law. These safeguards may include, in particular, the conclusion of standard contractual clauses adopted by the European Commission between Buildwise and the Sub-processor concerned.

4.3. Sub-processor List

Buildwise shall inform the User by maintaining an up-to-date list of Sub-processors involved in the processing or transfer of Data, including those located outside the EEA. This list shall specify the location of the Sub-processors and the safeguards implemented to govern the transfers of Data.

5. Confidentiality of processing

5.1. Confidentiality Obligations

Buildwise shall ensure that any person whom it authorises to process the Data (including Buildwise’s staff and Sub-processors) (“Authorised Person”) is subject to a strict obligation of confidentiality (whether contractual or statutory). Buildwise shall prohibit any person not subject to such an obligation of confidentiality from processing the Data. Buildwise shall ensure that any Authorised person processes the Data only in accordance with the Permitted purpose.

6. Security

6.1. Security Measures

Buildwise undertakes to implement appropriate technical and organisational measures in order to ensure a level of security appropriate to the risk and in particular to protect the Data against (i) the destruction, loss, alteration, unauthorised disclosure of Data transmitted, stored or otherwise processed, or (ii) accidental or unlawful unauthorised access to the Data (“Security Incident”). These measures must take into account the state of the art, the implementation costs and the nature, scope, context and purposes of processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.

6.2. Technical Measures

These measures may include, amongst other things and as required:

Data Protection

The pseudonymisation and encryption of Data

System Resilience

Means of ensuring the ongoing confidentiality, integrity, availability and resilience of processing systems and services

Recovery Capability

Means of restoring the availability of and access to Data in a timely manner in the event of a physical or technical incident

Security Testing

A procedure for regularly testing, analysing and evaluating the effectiveness of technical and organisational measures for ensuring the security of processing

7. Onward Sub-processors

7.1. Sub-processor Authorization

The user consents to Buildwise being able to subcontract part or all of the processing of the Data to a third party (“Onward Sub-processor”) provided that: (i) Buildwise informs the User at least 30 days in advance of any addition or removal of an onward Sub-processor, by updating its list of sub-processors, specifying the nature of the processing entrusted and the location of the Sub-processor concerned; (ii) Buildwise imposes on any onward Sub-processor it appoints the same obligations in respect of Data protection as those imposed on Buildwise under this Agreement; and (iii) Buildwise remains liable for any failure by the onward Sub-processor to meet its obligations arising from an act, omission or negligence on the part of the latter.

7.2. Approved Sub-processors

A list of onward Sub-processors approved as at the date of this Agreement is provided in Annex II. Buildwise undertakes to keep this list up to date and to make it available to the User whenever it adds or removes onward Sub-processor(s) in accordance with this clause.

7.3. Objection Process

If the User raises objections, on grounds objectively related to the protection of Personal Data, to the appointment by Buildwise of an onward Sub-processor, the Parties undertake to meet in good faith within a reasonable time frame in order to examine the grounds for such refusal and to seek together an appropriate solution.

7.4. Resolution Options

In the absence of agreement within thirty (30) days following notification of the refusal, the User may, at its option a) accept the proposed appointment subject to, where applicable, additional safeguards provided by Buildwise; or b) suspend or terminate this Agreement, without penalty for Buildwise and without prejudice to obligations already performed.

8. Assistance and data subject rights

8.1. Support Obligations

Buildwise provides the User with reasonable and timely assistance, including through the implementation of appropriate technical and organisational measures in order to enable the User to respond to: (i) any request from a Data Subject concerning the exercise of their rights under the applicable Data Protection Law (including, where applicable, rights of access, rectification, objection, erasure and data portability); and (ii) any other correspondence, enquiry or complaint from a Data Subject, a supervisory authority or any other third party in connection with the processing of the Data. In the event that such a request, correspondence, enquiry or complaint is addressed directly to Buildwise, the latter shall inform the User without delay, without responding to it, and by transmitting all relevant information.

8.2. Assistance Fees

Any request for assistance that is unreasonable or involves disproportionate effort for Buildwise may be subject to specific charges, at an hourly rate of €120 excluding VAT, unless otherwise agreed between the Parties.

9. Security incident

9.1. Incident Notification

As soon as it becomes aware of a Security incident, Buildwise shall inform the User without delay, and provide them, as quickly as possible, with all the information and assistance requested in order to enable the User to satisfy its legal obligations regarding notification of a data breach in accordance with the requirements and time frames provided for by the applicable Data Protection Law. This information includes at least information on the origin, scope and consequences.

9.2. Remediation

Buildwise shall take all necessary measures and actions to remedy the Security incident and/or mitigate its effects, and shall keep the User informed of any developments relating to that Security incident.

10. Deletion or return of Data

10.1. End of Agreement

At the end of this Agreement or in the event of termination thereof, Buildwise must (at the User’s option) either destroy or return to Buildwise all of the Data (including all copies of the Data) in its possession or under its control (including any Data processed by an onward Sub-processor). This Clause does not apply where Buildwise is required, under European Union law or the law of an EEA Member State, to retain some or all of the Data, in which case Buildwise must isolate and protect the Data from any further processing, except to the extent that such processing is required by applicable law, and until their final deletion.

11. Processing log

11.1. Record Keeping

Buildwise undertakes to maintain a record of all processing carried out on behalf of the User in accordance with the applicable Data Protection Law.

12. Audit

12.1. Audit Rights

Buildwise authorises a third party auditor appointed by the User to verify its compliance with its obligations under this Agreement. For this purpose, Buildwise shall make available to the User all information, systems and personnel necessary to conduct the audit.

12.2. Audit Conditions

Buildwise acknowledges that the third party may access its premises for the purposes of carrying out such verification, provided that the User notifies Buildwise of its intention to conduct an audit by giving reasonable notice of at least thirty (30) working days, that the audit is carried out during normal business hours, and all reasonable measures are taken to avoid any disruption to Buildwise’s operations. The User can only exercise this audit right once in a twelve (12) calendar months period, except (i) if a competent data protection authority requires or instructs it or (ii) if the User considers that a further verification is justified by reason of a Security incident occurring at Buildwise.

12.3. Audit Costs

All audits will be conducted at the User’s expense. Any additional assistance requested from Buildwise in relation to the audit may give rise to additional charges, at an hourly rate of €120 excluding VAT, unless otherwise agreed between the Parties.

13. Applicable law and competent jurisdictions

13.1. Governing Law

This Agreement shall be governed by and construed in accordance with Belgian law and shall be subject to the exclusive jurisdiction of the courts of Brussels.

ANNEXES

Annex I: Description of Processing Activities

This Annex I forms an integral part of this Agreement.

1. DATA PROCESSING

A. LIST OF PARTIES

Data Controller:

Name: User’s name
Address: User’s address
Name, position: User’s name and position
Processor:

Name: Buildwise
Address: Kleine Kloosterstraat 23, 1932 Zaventem
Name, position: Pieter van Geite

B. DESCRIPTION OF PROCESSING

The User can enter Data in Tooli. The User determines the categories of Data Subjects concerned. These may include, but are not limited to, Data relating to the following persons:
  • The User’s clients (former, current or prospective)
  • Suppliers, service providers, business partners
  • Buildwise member Users (employees, staff members, directors, representatives, consultants, correspondents, external advisers, etc.)
  • Any identifiable person in the documents entered in Tooli
The User can enter Data in Tooli. The User determines the categories of Data concerned. These may include, but are not limited to, Data from the following categories:
  • Identity data (surname, first name, date and place of birth, nationality, national registration number, professional and/or private contact details, etc.)
  • Contact data (postal address, email address, telephone numbers, etc.)
  • Data relating to professional life (position, employer, company, professional title, etc.)
  • Data relating to economic and financial situation (income, assets, banking information, invoicing, etc.)
  • Other data entered: all personal data entered by the User
The User can enter sensitive Data in Tooli. The User determines the categories of sensitive Data concerned. These may include, but are not limited to, Data from the following categories:
  • Political opinions
  • Philosophical or religious convictions
  • Health data
  • Data relating to criminal offences or convictions
Collection, recording, organisation, structuring, adaptation, extraction, consultation, erasure and destruction.
The processing purposes are defined by the User. Buildwise only processes the Data necessary for the provision of Tooli in accordance with this Agreement and the additional instructions provided by the User in the context of Tooli.
Duration of this Agreement
See Annex II.

Annex II: List of Onward Sub-processors

The Data Controller has authorised the use of the following onward Sub-processors:

WONKA

Location: EU (Belgium)
Description: Supplier/developer of the IA system
Safety mechanism: N/A (EU)
Justification: N/A