Log in

Boek een demo

Boek een demo

Terms and conditions

TERMS and conditions (V. 20260610)
Applicability and validity of offers

1.1. These terms and conditions (the “Terms”), apply to all Offers, all use by the Client of the Platform and all Services provided by Hejj, unless expressly agreed otherwise. The Client hereby waives its own general or special terms and conditions even where it is stated therein that only those conditions apply and even if such terms and conditions were not protested by Hejj.

1.2. By executing an Offer referring to these Terms, (or clicking on an “I agree” via the available self-service) or by using the Platform, the Client acknowledges that it has read, understands and accepts these Terms and agrees to be bound by them. An Offer shall become legally binding upon such acceptance by the Client. Hejj shall have the right to expressly reject the Client’s acceptance within five (5) business days, failing which the Offer and these Terms shall remain binding upon the Parties. If you are an employee (or contractor) of the Client accepting these Terms on behalf of the Client, you warrant that you have the authority to bind the Client to the Agreement.

1.3. Unless otherwise stated in the Offer, Offers are valid for thirty (30) days. The Parties shall only be bound by an Offer if signed by both Parties.

2. Definitions
2.1. Capitalized terms shall have the meaning ascribed to them below:

“Agreement”: the contractual relation between Hejj and the Client, including these Terms, all Offers and any annexes or schedules thereto.

“Hejj”: Hejj BV, a limited liability company with office at Nelson Mandelaplein 2, 8500 Kortrijk, Belgium, and with company number 1022.874.896, (RLE Ghent (division Kortrijk)).

“Client”: the legal entity identified in the Offer. 

Confidential Information” of a Party means the information of such Party, whether in written, oral, electronic or other form, and which (i) is explicitly marked as confidential or proprietary, or (ii) should reasonably be considered confidential given its nature, regardless of whether it is expressly marked as confidential, including information concerning clients, prospects, personnel, suppliers, partners, affiliates or others, training methods and materials, financial information, marketing plans, devices, discoveries, ideas, know-how, techniques, formulas, blueprints, software (in object and source code form), documentation, designs, prototypes, methods, processes, procedures, codes, and any technical or trade secrets, including all copies of any of the foregoing or any analyses, studies or reports that contain, are based on, or reflect any of the foregoing. The Confidential Information of Hejj shall in any event include any information related to the Platform and Services.

“Intellectual Property Rights”: (non-exhaustive list) patents, trademarks, copyrights, rights in software programs (both in object code and source code), design rights, database rights, proprietary rights in know-how and all rights or forms of protection of a similar nature as the afore listed which may subsist anywhere in the world and any existing or future applications for or registrations of such rights.

“Offer”: a written or electronic document executed or accepted by both parties, regardless of its name (offer, quotation, order form, etc.), indicating the nature, number and other specifics of the license to the Platform and Services ordered by the Client. 

“Services”: the professional services (such as maintenance, support, training, consultancy or any other professional services) related to the Platform provided by Hejj as described in the Offer or as otherwise mutually agreed in writing.

“Platform”: the proprietary performance and workforce software platform developed and owned by Hejj, through which users may access and manage performance reviews, evaluations, talent development, analytics, insight and related workforce or HR management services. The Platform comprises all underlying software, computer programs, applications, systems, algorithms (whether in source or object code), methodologies, and any associated APIs, as may be further described in the applicable Offer.

3. Licence to use the Platform
3.1 Subject to the Agreement and timely payment of applicable fees, Hejj grants the Client a personal, restricted, non-exclusive, non-transferrable and non-assignable license to access and use the Platform during the subscription term (as specified in the Offer), for its internal business purposes and in accordance with the documentation (as made available by Hejj from time to time). The Client’s affiliates (i.e. any entity that controls, is controlled by or is under common control of the Client), may use the Platform in accordance with the terms of the Agreement, provided (i) the Client informs the affiliates of the terms of the Agreement; (ii) the Client shall be fully liable for the (in)actions of its affiliates; and (iii) when an affiliate ceases to be an affiliate of the Client, the Client shall immediately inform Hejj thereof in writing and the relevant sublicense granted hereunder to said affiliate shall immediately and automatically terminate.

3.2. This license is limited to the scope (including the relevant packages, functionalities and volume limitations, if any) as specified in the Offer and only includes access to such features and functionalities as set out in and as available on the date of the Offer. Hejj may make future features, functionalities or subscription packages of the Platform subject to payment of additional license fee and/or additional conditions, in which event a new Offer shall be concluded.

3.3. Use of the Platform is subject to a fair usage principle. The Client may only use the Platform in a commercially reasonable manner consistent with its intended purpose. Usage may be limited based on factors such as the number of users, data volume, feature packages, hosting capacity, etc. Excessive or improper use, including activities causing undue system load, additional hosting fees, or misuse of the Platform, may result in suspension, restriction of access, or additional charges. Hejj will notify the Client where reasonably possible before taking such measures.

3.4. The Client shall not (directly or indirectly through the actions of any of its affiliates, employees, representatives, subcontractors, or in general, any third party): (i) sub-license, assign, distribute, transfer, sell, lease, or otherwise commercialize, deal in or encumber its rights to the Platform; (ii) permit any unauthorized person to access the Platform; (iii) use the Platform to provide services to third parties; (iv) (attempt to) copy, modify, duplicate, reverse engineer, reverse compile, disassemble or otherwise reproduce or create derivative works based on the Platform the underlying ideas, user interface techniques, algorithms, models, or methodologies; (v) use the Platform other than in accordance with the Agreement, its intended purpose and/or applicable laws; (vi) use the Platform in any computer environment not expressly permitted under the Agreement; (vii) violate intellectual, privacy and data protection rights of other users, try to collect personal data of other users either manually or automatically via ‘spider’, ‘crawler’, search or other retrieval applications or methods to access the Platform and any data or information available via the Platform; (viii) transmit any information or data that can be regarded as offensive, illegal, disrespectful, insulting, defamatory, obscene, racist, sexual or otherwise objectionable; and/or (ix) work around any technical limitation in the Platform.

4. Free trial
4.1. Free trial users are granted a personal, restricted, non-exclusive, revocable, non-transferrable, non-assignable and non-sublicensable, right to use a free trial version of the Platform and subject to the Free trial user’s continued compliance with this Agreement. The free trial version of the Platform only provides access to a limited version of the Platform and will only be available during the free trial term (i.e. in principle fourteen (14) days, including the day of registration, unless another term is expressly stated in the Offer or on the website). Upon expiry of the free trial period, access to the Platform shall automatically terminate unless the user converts its trial use into a paid subscription in accordance with Hejj’s then-current rates and applicable subscription terms.

5. Accounts and set-up
5.1.The Client acknowledges, that one unique user account must be set-up for each individual user accessing the Platform. The Platform may only be used by the users in accordance with the applicable user roles for each user profile. The Client shall remain responsible for their users’ compliance with these Terms.

5.2. The Client acknowledges that its users need to be at least eighteen (18) years of age. Individuals under the age of 18 are not permitted to register for, access, or use the Platform.

5.3. The Client remains responsible for the set-up, onboarding and configuration of the Platform in accordance with the Documentation, unless otherwise agreed in writing (and subject to the payment of the relevant fees as indicated by Hejj).

6. Services
6.1. During the term of this Agreement, Hejj shall provide such Services as set forth in the Offer or as otherwise agreed in writing between the Parties. Hejj shall exercise reasonable care and skill in performing the Services. The obligation to perform the Services shall be regarded as an obligation of means and shall not bind Hejj to achieve a predefined result. The Services shall be performed in complete independence and Hejj shall plan its activities as it sees fit. Hejj shall be free to subcontract the performance of this Agreement in whole or in part to its affiliates and third party service providers, provided that Hejj shall remain responsible for such parties. Any timelines included in an Offer or otherwise specified are indicative only, unless expressly agreed otherwise. The Services and/or deliverables (if any) resulting from the Services (such as reports, etc.) provided by Hejj shall be deemed accepted upon delivery.

7. Support
7.1. During the term of the Agreement, Hejj will provide maintenance (such as minor software updates) and support services as set forth in the Agreement. The Client acknowledges that to ensure a correct functioning of the Platform, maintenance services are needed from time to time. Hejj shall carry out such maintenance services at its sole discretion and shall use all reasonable endeavors to minimize the impact on the Client. Hejj reserves the right to make, at its own discretion, operational or technical changes and updates to the Platform, and to modify, add or remove certain functionalities from time to time, provided Hejj shall not change any material functionalities of the Platform without prior notification to the Client. 

7.2. The Client may notify Hejj of an incident related to the Platform resulting in it not performing in accordance with its functional description. Such notifications must be made via the applicable support channels as communicated from time to time. Upon notification, Hejj shall endeavor to provide a resolution or workaround as soon as commercially possible. Such support is provided during Hejj’s normal business hours. Hejj makes no warranty whatsoever to provide a resolution or workaround for each specific problem that could arise or that the Platform shall be completely free of bugs or defects. Hejj will use reasonable commercial efforts to achieve an average 99.5% uptime measured annually, excluding scheduled maintenance, emergency maintenance, force majeure events and security maintenance. To the extent reasonably feasible, Hejj shall inform the Client if such maintenance or defect remediation can cause unavailability. In any event, Hejj shall not be liable for the unavailability of the Platform due to (i) force majeure events; (ii) the actions or inactions of the Client or its users; and/or (iii) usage in combination with or defects in third-party systems, software or platforms.

8. Client Data
8.1. All Client data shall remain the property of the Client. For a proper functioning of the Platform, sufficient and accurate Client data must be provided or inputted to the Platform. The Client hereby grants Hejj (and its (hosting) service providers) the right to use the Client data as necessary for the execution of this Agreement (including to continuously improve the Platform and Services).

8.2. The Client warrants that the Client data, will not infringe the (intellectual property) rights of any person, and will not breach the provisions of any law, statute or regulation, in any jurisdiction and under any applicable law. The Client shall solely be liable and responsible for the accuracy and correctness of the Client data.

8.3. The Client is solely liable and responsible for the accuracy and correctness of Client data and to make sufficient back-up copies thereof prior to inputting such data in to the Platform. Hejj is not responsible for damages or liability resulting from inaccurate or incorrect data used in connection with the Platform.

9. Client Obligations
9.1. The Client agrees that in order for Hejj to effectively perform the Services in a proper, timely and efficient manner, the Client must cooperate in good faith with Hejj, including by providing timely and appropriate access to the Client’s facilities, personnel, equipment, resources and systems, and any relevant information (to be accurate and complete) as necessary to execute the Services and adhere to any other dependencies or requirements as set out in the relevant Offer. Hejj shall not be responsible or held liable for any delay or failure in the provision of the Services resulting from the Client’s failure to cooperate in good faith. The Client shall ensure that during the execution of the Services, one or more technical Single Points of Contacts for coordination shall remain available to provide assistance and answer questions from Hejj.

9.2. The Client acknowledges that it is solely responsible for:

a) assigning, managing and maintaining appropriate user roles and user authorization rights to the Client data and systems (including data and information generated and uploaded in the platform by its users) on a need-to-know basis (for the performance of its staff’s and users’ duties), in accordance with its internal policies, user access levels, permissions and governance rules; and

b) properly configuring and defining user roles in accordance with its own policies and for clearly communicating the applicable rules and guidelines to its employees.

c) the usage of the Platform in accordance with the Documentation and other reasonable instructions communicated by Hejj from time to time.

9.3. Hejj shall not be responsible for any liabilities, damages or delays resulting from the Client’s failure to comply with this section or resulting from deficiencies in the Client systems or management of access rights.

9.4. The Client acknowledges that all actions within the Platform may be logged, creating a transparent record of data transactions, access, and modifications, for security reasons and to verify compliance with this Agreement and applicable laws.

10. Third party software integrations, infrastructure and hosting
10.1. The Platform may contain features that interoperate with third-party software, applications, or services through APIs or similar technologies, such as HRIS systems, communication tools, or identity providers. Where agreed between the Parties, Hejj may provide API endpoints or other technical means to enable such interoperability. The Client shall be solely responsible, at its own expense, for obtaining and maintaining all necessary subscriptions, licenses, access rights, consents, and permissions required to use the third-party software and systems and to connect them to the Platform, as well as for maintaining the necessary infrastructure, hardware, networks, operating systems, communication applications, and other equipment required to access and use the Platform.

10.2. The Client acknowledges that any third-party software and systems are provided and governed exclusively by the terms and conditions of the relevant third-party provider, and that any commitments, warranties or obligations of Hejj under this Agreement do not apply to such third-party software and systems. Hejj does not control and is not responsible for the availability, functionality, security, or performance of any third-party software or integrations. Hejj does not warrant that the Platform will remain compatible or interoperable with any third-party software or system at all times and shall not be responsible for any defect, malfunction, reduced performance, interruption, data loss, security incident, or other damage arising from or relating to any third-party software or system, including any failure, outage, change, discontinuation, or data breach attributable to a third-party provider.

10.3. Hejj may suspend, disable, modify or discontinue any integration where a third-party provider ceases to make its software, service, or API available, or where continued integration is no longer reasonably feasible. In such event, the Client shall not be entitled to any refund, compensation or any other remedy. If changes to a third-party software or system require modifications or additional development work to maintain interoperability with the Platform, the Parties may agree separately on the scope, timeline, and applicable fees for such work. The Client shall not be entitled to any refund, compensation, or other remedy as a result of any such suspension, modification, or discontinuation.

10.4. The Platform will be hosted in the datacenters of Hejj’s hosting partner and such hosting is subject to the applicable service offering of the hosting partner. Hejj does not warrant that the Platform shall be available on an uninterrupted basis. The Platform may be unavailable during periods of planned or unplanned maintenance undertaken by Hejj or the hosting partner.

10.5. The Client is responsible to provide the necessary infrastructure, such as networks, operating systems, and/or other (third party) software and equipment (as may be further specified in the Offer or communicated from time to time by Hejj) as necessary to use the Platform (the “Infrastructure”). The Client agrees that it is solely responsible, at its own costs, to procure sufficient access or usage rights to the Infrastructure for the Client and Hejj as necessary for the execution of the Agreement. Hejj shall not be responsible for any unavailability of the Platform due to third party Infrastructure.

11.Intellectual Property Rights
11.1. Hejj is and remains the sole and exclusive proprietary owner of all Intellectual Property Rights related to the Platform, any APIs and the Services (including any software patches, enhancements, improvements or amendments thereto, any updates, new releases or modifications in respect thereof and any derivatives based thereon). Nothing in this Agreement shall convey any title, proprietary rights or Intellectual Property Rights in or over the Platform, APIs and/or Services to the Client or any third party. Except for the limited license granted pursuant to this Agreement, no other rights in respect of the Platform and the Services shall be granted or transferred to Client in connection with this Agreement.

11.2. Hejj shall be entitled to use the ideas, concepts, methods, models, processes and know-how developed or created by Hejj in the execution of this Agreement for itself or others to develop similar or other services or products, unless this would result in a breach of Hejj’s confidentiality undertakings.

12.Confidentiality
12.1. Each party (the “Receiving Party”) understands that the other party (the “Disclosing Party”) may disclose Confidential Information relating to the Disclosing Party’s business. Each party hereby undertakes to keep the Confidential Information of the Disclosing Party secret and not to disclose it, in whole or in part, to any person other than (i) with the prior written consent of the Disclosing Party, or (ii) its employees, directors and subcontractors who have a direct need to know  such Confidential Information for the execution of the Agreement. The Receiving Party shall ensure that these persons are bound by (contractual or statutory) confidentiality obligations which are not less stringent than those set out in the Agreement. The Parties shall implement appropriate measures (at least as stringent as those to protect their own Confidential Information) to protect the Confidential Information of the Disclosing Party.

12.2. The provisions of this article shall not apply to any information that: (i) is published or comes into the public domain other than by a breach of the Agreement; (ii) can be shown to have been known by the Receiving Party before disclosure by the Disclosing Party; (iii) is lawfully obtained from a third party; or (iv) can be shown to have been created by the Receiving Party independently of the disclosure under this Agreement. The restrictions in this article do not apply to the extent that any Confidential Information is required to be disclosed by any law or regulation or by any judicial or governmental order or request. 

12.3. The provisions of this article shall commence as of the start of negotiations and shall continue in force during five (5) years following the termination or expiry of the Agreement (unless such Confidential Information is protected under trade secret or Intellectual Property laws, in which event the obligations of this article shall remain in force for as long as such Confidential Information is protected under such laws).

13.Privacy and Data protection
13.1. Each Party shall comply with its obligations under the applicable data protection legislation when processing personal data.

13.2. If and to the extent Hejj processes personal data on behalf of the Client, Hejj shall do so in accordance with the data processing agreement as concluded between the Parties and as attached in Annex 1. The Client warrants that it has the legal right to disclose any personal data made available under or in connection with the Agreement and that it shall inform all data subjects in accordance with applicable law about the processing activities taking place under this Agreement.

14.AI
14.1. The usage and deployment of AI systems shall at all times be executed in a responsible manner in accordance with industry ethical and human-centric standards, taking into account their intended purpose as well as the generally acknowledged state of the art on AI and AI-related technologies. The Client shall take appropriate measures to ensure a sufficient level of AI literacy, skills, knowledge and understanding of their staff and other persons involved in the operation and use of AI systems on their behalf, allowing them to use and deploy AI systems in an informed and responsible manner. Such measures shall take into account (i) the individual’s knowledge, experience and education; (ii) the specific context wherein the AI systems are to be used; and (iii) the persons or groups of persons on/by whom the AI systems are to be used.

14.2. The Client acknowledges and agrees that any output, recommendation, analysis, advice or other content generated by AI systems made available through the Platform (“Output”) is generated automatically on the basis of algorithms, machine learning models and data processing techniques, and may contain inaccuracies, omissions, biases or outdated information. The Client understands that (i) the Platform is solely intended to be used as a tool to facilitate the Client’s internal HR and evaluation operations and decision-making; and (ii) that the accuracy of the Platform’s Output and insights/recommendations generated by the Platform depend on the quality of the data input provided by the Client, its users, employees and representatives. The Platform is intended to support, not replace, HR staff or decisions. Human involvement remains essential for evaluating technical skills, conducting evaluations and making HR decisions. The Client remains solely responsible for assessing, verifying and determining the suitability, legality and accuracy of any Output before relying on, implementing, communicating or otherwise using such Output in any manner. Hejj shall not be responsible or liable for decisions taken, actions performed, or omissions made by the Client or any third party on the basis of the Output. The Client understands that the use of the Platform does not release the Client in any way from its obligation to comply with applicable law and regulations, and that such compliance shall be the Client’s sole responsibility.

14.3. Hejj may use, reproduce, store, analyze and otherwise process data, usage information, prompts, inputs and feedback provided through or generated by the use of the Platform, including data derived therefrom, for the purposes of operating, maintaining, securing, training, testing, improving and developing the Platform, AI systems and related technologies, provided that such use shall at all times be carried out in accordance with applicable data protection legislation and Hejj’s privacy obligations under the Agreement.

15.Security
15.1. The Parties shall implement safety and security systems, policies and procedures, in accordance with industry best practices, ensuring an adequate protection of all software, systems and devices used in the execution of this Agreement and under its control. The foregoing shall in any case include an incident management process and technical and physical safeguards designed to protect data in its possession from unauthorized access, accidental loss and unauthorized alteration, and which shall enable the Parties to discover and assess security incidents and to take appropriate action in relation to those security incidents.

15.2. The Parties shall notify each other immediately if they become aware of any security incident, including a plan for remediation and respond without delay to all queries and requests for information from the other Party about the security, in particular bearing in mind the extent of any reporting obligations the Parties may have under applicable laws. In the event security incidents are detected or discovered, each Party shall reasonably assist the other Party upon its request, at such requesting Party’s cost, to (i) mitigate the security incident and any losses or damages, and (ii) restore the affected software, systems and materials to their original operating and security efficiency.

16.Fees and Payment Terms
16.1. The Client shall pay the subscription fees and service fees in the amounts and on the times set forth in the Offer. Unless expressly agreed otherwise the subscriptions fees shall be billed and payable yearly upfront on a per-user and volume basis as set out in the Offer and article ‎3. In any event, one unique license and account must be set-up for each individual user accessing the Platform. Hejj has the right to verify whether the subscription fee correctly reflects the amount of effective users and processing volumes.

16.2. If the Client’s actual use of the Platform at any time exceeds the scope of the license granted under this Agreement and Offer, including but not limited to exceeding the number of permitted users or any other agreed usage limits, the Client shall pay (pro rata) such excess subscription fees reflecting the actual level of use and corresponding price as set out in the Offer. If during the term of its subscription the Client wishes to increase its current subscription plan, the Parties shall execute an additional Offer and any additional subscription fees shall be invoiced pro rata (and will thereafter automatically renew in accordance with the provisions of the Agreement). Hejj is entitled to monitor, log, and inspect the usage of the Platform for security, compliance, and auditing purposes, including to verify whether the license fee correctly reflects the effective usage of the Platform.

16.3. Services (if any) shall, unless otherwise agreed in writing be charged monthly in arrears on a time and material basis at Hejj’s then-current rates, which will be provided upon request. Any fee estimations (in an Offer, or otherwise), are indicative and do not limit Hejj to charge all Services actually performed.

16.4. Hejj shall be entitled to pass through any increase in third-party software, platform, cloud hosting, infrastructure, API usage, AI or LLM-ingestion costs incurred in connection with the provision of the Platform and Services. Such cost increases shall become effective upon written notice to the Client and shall be limited to the actual increase imposed on Hejj by the relevant third-party supplier. In any event, the usage of the Platform is subject to fair use limitations, Hejj may reasonably allocate and adjust usage thresholds or pricing where the Client’s usage materially exceeds typical or anticipated usage patterns, provided that any such adjustment shall be reasonable, proportionate, and communicated to the Client in advance where reasonably practicable.

16.5. All undisputed invoices (or parts thereof) must be paid within fourteen (14) days after the invoice date. Disputes must be notified (containing the reason for such disputes) within seven (7) business days after the invoice date, failure to do so shall result in the invoice being deemed accepted by the Client. All amounts due hereunder are payable in euro (unless agreed otherwise) and are exclusive of VAT, costs and expenses which shall be charged separately by Hejj.

16.6. Any amounts of undisputed invoices (or parts thereof) that have not been paid on the due date shall automatically be subject to a late payment interest equal to the rate applicable pursuant to the law of 2 august 2002 (with a minimum of ten percent (10 %)), which interest shall be compounded daily as of the due date until receipt of full payment. In addition, the Client shall pay all costs incurred by Hejj, as a result of the (extra)judicial enforcement of the Client’s payment obligations, with a minimum of two hundred euro (€200). Additionally, Hejj shall be entitled to suspend the Client’s access to the Platform until receipt of all overdue amounts.

16.7. All amounts due hereunder shall be paid without the right to set off or counterclaim and free and clear of all deductions or withholdings whatsoever, unless the same are required by law, in which case the Client undertakes to pay Hejj such additional amounts as are necessary in order that the net amounts received by Hejj after all deductions and withholdings shall not be less than such payments would have been in the absence of such deductions or withholding. All fees paid by the Client are final and non-refundable.

16.8. Each contract year Hejj shall have the right to increase the fees due under the Agreement on the first (1st) of January by using the following formula: P = P0 x [0.2 + 0.8 x (S/S0)], whereby: "P" stands for the revised price; "P0" stands for the price on the effective date of the relevant Offer; "S0" shall be the national average reference salary as published by Agoria (i.e. Agoria DIGITAL) ("Reference Salary") on the effective date of the Offer available at www.agoria.be (or, if this index is no longer published, the index replacing); "S" shall be the Reference Salary at the time of the price revision.

17.Warranty and Liability
17.1. Except to the extent otherwise provided in this Agreement, the Platform, Output and the Services are provided “as is”. Hejj does not make any other representations or warranties, express or implied, concerning any matter under this Agreement, including (without limitation) any implied warranties of accuracy or completeness of data, fitness for a particular purpose, merchantability, or non-infringement.

17.2. Subject to the maximum extent permitted under applicable law, Hejj’s liability under this Agreement shall per event (or series of connected events) and in the annual aggregate per contract year not exceed an amount equal to all fees paid hereunder during the twelve (12) months preceding the damage incurring event.

17.3. Free trial users agree that, subject to the maximum extent permitted under applicable law, Hejj’s liability under this Agreement shall in no event exceed the fixed amount of EUR fifty (€ 50) considering free trial users do not pay any fees.

17.4. Subject to the maximum extent permitted under applicable law, under no circumstances shall a Party be liable for any indirect, punitive, special, consequential or similar damages (including damages for loss of profit, lost revenue, loss of business, loss of corruption of data, loss of clients and contracts, loss of goodwill, the cost of procuring replacement goods or services, and reputational damage) whether arising from negligence, breach of contract or of statutory duty or otherwise howsoever.

17.5. Hejj bears no responsibility or liability for damages caused by (defects in) systems, actions or inactions of the Client or third parties. Under no circumstances shall Hejj be liable for any damage resulting from (incorrect and/or incomplete) information, data or other materials provided or transmitted by the Client to Hejj and/or its appointees, Users or subcontractors.

17.6. To the maximum extent permitted under applicable law, the Client agrees, and accepts, not to hold the advisers, agents, contractors, directors, employees, representatives, and subcontractors of Hejj personally liable for or in connection with the Agreement. Any liability claim for or in connection with the Agreement (including any extra-contractual liability claim) shall be brought by the Client exclusively against Hejj.

17.7. The right to claim damages for defaults attributable to a Party forfeits irrevocably twelve (12) months after the occurrence of the alleged default.

18.Term and termination
18.1. The Agreement shall commence on the date specified in the Offer and shall continue in effect for an initial term of one (1) year (the “Initial Term”), unless otherwise agreed in writing. Upon expiry of the Initial Term, the term shall be automatically renewed for subsequent periods of one (1) year (each a “Renewal Term”), unless either party provides the other party with written notice of its intention to not renew at least one (1) month prior to the end of the Initial Term or Renewal Term or unless otherwise terminated in accordance with this agreement.

18.2. Either party may immediately terminate (or Hejj may alternatively suspend) the whole or any portion of the Agreement without any judicial intervention, without being liable for compensation and without prejudice to its rights to damages and any other rights, remedies and/or claim to which it may be entitled by law, upon providing the other party with written notice of termination if (i) the other party performs a material breach to any provision of the Agreement and fails to cure such material breach within thirty (30) calendar days after receipt of written notice of the material breach, (ii) the other party becomes insolvent, is subject to voluntary or involuntary bankruptcy, insolvency or similar proceeding or otherwise liquidates or ceases to do business, or (iii) the other party breaches its obligations under the provisions regarding the license, Intellectual Property Rights and confidentiality. 

18.3. Upon expiration or termination of the Agreement, for any reason, and unless otherwise agreed between the parties: (i) all licenses granted hereunder shall cease; (ii) the Client shall immediately pay any outstanding amounts to Hejj up to the date of termination; and (iii) each Party shall return, within a reasonable time of such termination or expiration all Confidential Information of the other Party (or alternatively destroy any copies thereof and confirm in writing that such copies have been destroyed). The provisions of the Agreement that are expressly or implicitly intended to survive termination, shall survive termination.

19.Miscellaneous
19.1. Entire agreement: this Agreement constitutes the entire agreement and understanding between the parties with respect to the subject matter hereof and supersedes all prior oral or written agreements and understandings between the parties relating to the subject matter hereof.

19.2. Changes: Hejj reserves the right to update these Terms. In such case, the Client will be notified thereof and the revised terms shall enter into force fourteen (14) days after notification to the Client. If the Client does not agree to the changes, it shall have the right to terminate its subscription without charge within fourteen (14) days after notification of the modified terms. The Client’s continued use of the Platform after the terms have been changed will constitute acceptance of the modified terms.

19.3. Severability: if any provision of this Agreement is held to be unenforceable, the other provisions shall nevertheless continue in full force and effect. Each party shall use its best efforts to immediately negotiate in good faith a valid replacement provision with an equal or similar economic effect.

19.4. Waiver: This Agreement may be waived only by a written document signed by the party entitled to the benefits of such waiver. Each such waiver or consent shall be effective only in the specific instance and for the purpose for which it was given and shall not constitute a continuing waiver or consent.

19.5. Notices: With the exception of notices of default or termination, any notice required to be served by the Agreement shall in first instance be given by electronic mail to the email addresses indicated in the Offer (or such other email addresses as notified by either Party). All notices given by electronic mail, shall only be valid in case confirmation of receipt was expressly given from the receiving Party within five (5) business days. In case no confirmation of receipt was given by the receiving Party within said period, or for notices of default or termination, all notices can be served by personal delivery or registered letter.

19.6. Publicity: Hejj shall have the right to use any trademarks or other marks of Client (including Client’s corporate name) for marketing or promotion purposes, such as (but not limited hereto) client references on Hejj’s website, announcement of a new Client and sales presentations.

19.7. Independence: the relationship between the parties is that of independent contractors.

19.8. Force Majeure: neither party will be responsible or liable for any failure or delay in the performance of its non-monetary obligations under the Agreement arising out of or caused by force majeure (including power failures, labor actions, changes to the law, embargo, failures in goods, software or materials of third parties, government measures, disruption of internet, data network or telecommunication facilities or servers, cyber-attacks, virus or other infections and electricity outages). If the delay in performance is likely to extend for a period of ninety (90) days or more, the Parties shall have the right to terminate the Agreement.

19.9. Non-Assignment: neither party shall assign or otherwise transfer any of its rights or obligations under this Agreement without the other party’s prior written consent (not to be unreasonably withheld), unless in case of reorganization or acquisition.

19.10. Conflict: If there is a conflict between these Terms and any Offer, these Terms shall govern, except where it is expressly stated in an Offer that a specific provision of these Terms is to be varied or overridden. If there is a conflict between these Terms and a schedule or any of the schedules hereto the relevant schedule as to its subject matter shall prevail.

19.11. Applicable law and jurisdiction: this Agreement shall be governed by and construed in accordance with the laws of Belgium, without giving effect to its conflict of law principles. The parties hereto submit any disputes that cannot be settled amicably within a reasonable time to the exclusive jurisdiction of the competent courts of Ghent. The United Nations Convention for the International Sale of Goods shall not apply to this Agreement.


Annex 1 - Data Processing AGREEMENT

1. Scope and purpose

1.1. This Annex 1 describes the modalities whereunder personal data is processed by Hejj (acting in the capacity of Processor) on behalf of the Client (acting in the capacity of Controller). This Annex contains the mandatory clauses required by Article 28(3) of the GDPR for contracts between Controllers and Processors.

2. Definitions and interpretation

2.1. Capitalized terms used in this Annex 1 shall have the meaning ascribed below. Capitalized terms used in this Annex 1 but not defined herein shall have the meaning set forth elsewhere in the Agreement. 

Business Purposes” means the provisions of the Platform and Services as described in the Agreement (including the continuous improvement of the Processor’s product and service offering) and/or any other purpose specifically identified in Annex A.

Data Protection Legislation” means the Belgian and European data protection laws including the GDPR (and any applicable implementation legislation under Belgian law).

GDPR” means Regulation (EU) 2016/679 of the European Parliament and of Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (“General Data Protection Regulation”).

Controller, Data Protection Impact Assessment, Data Subject, Personal Data, Personal Data Breach, process(ing) and Processor shall have the meaning ascribed thereto in the GDPR.

2.2. This Annex 1 is governed by and subject to the terms of the Agreement and is hereby incorporated into the Agreement by reference. Any Annexes to this Annex 1, form an integral part of this Annex 1.

2.3. In the case of conflict or ambiguity between:

  1. any provision contained in the body of this Annex 1 and any provision contained in the Annexes, the provision in the Annexes will prevail; and 

  2. any of the provisions of this Annex 1 and the provisions of the Agreement, the provisions of this Annex 1 will prevail.

3. Personal Data types and processing purposes

3.1. The Controller retains control of the Personal Data and remains responsible for its compliance with the obligations under the applicable Data Protection Legislation, including for providing any required notices and obtaining any required consents, and for the processing instructions it gives to the Processor. The Controller shall inform the Processor of any additional national and/or sector-specific mandatory legislation that applies to the processing by the Processor as a result of the processing by the Controller.

3.2. Annex A describes the nature and purpose of processing, the retention term(s) and the Personal Data categories and Data Subject types in respect of which the Processor may process to fulfil the Business Purposes.

4. Processor's obligations

4.1. The Processor will only process the Personal Data to the extent, and in such a manner, as is necessary for the Business Purposes and in accordance with the Controller's written instructions (including any additional purposes set forth in Annex A). The Processor will not process the Personal Data for any other purpose. The Processor must promptly notify the Controller if, in its opinion, the Controller's instruction would not comply with the Data Protection Legislation. In said event, the Processor shall have the possibility to (i) suspend the implementation of the instruction in question until the Controller confirms, modifies or withdraws its instruction, or (ii) to terminate the Agreement or cooperation, if, after consultation, the Controller persists in the breach or the unlawful instruction.

4.2. The Processor will reasonably and to the best of its abilities assist the Controller with meeting the Controller's compliance obligations under the Data Protection Legislation, taking into account the nature of the Processor's processing and the information available to the Processor, including in relation to Data Subject rights, Data Protection Impact Assessments and reporting to and consulting with supervisory authorities under the Data Protection Legislation.

4.3. The Controller shall reimburse the Processor in accordance with clause ‎12 (Costs) of this Annex for services rendered in connection with this clause, unless this assistance is the result of a proven non-compliance by the Processor with this Annex 1 or the Data Protection Legislation.

5. Processor's employees

5.1. The Processor will ensure that all its employees:

  1. are informed of the confidential nature of the Personal Data and are bound by appropriate confidentiality obligations (statutory or conventional) and use restrictions in respect of the Personal Data; and

  2. are aware of the Processor's duties and their personal duties and obligations under the Data Protection Legislation and this Annex 1.

5.2. The Processor will maintain the confidentiality of all Personal Data and will not disclose Personal Data to third parties unless the Controller or this Annex 1 specifically authorizes the disclosure, or as required by law.

6. Security

6.1. The Processor must implement appropriate technical and organizational measures against unauthorized or unlawful processing, access, disclosure, copying, modification, storage, reproduction, display or distribution of Personal Data, and against accidental or unlawful loss, destruction, alteration, disclosure or damage of Personal Data, as further described in Annex A. In assessing the appropriate level of security, the Parties shall take due account of the state of the art, the costs of implementation, the nature, scope, context and purposes of processing and the risks involved for the Data Subjects.

6.2. The Controller shall provide sufficient guarantees regarding the implementation of appropriate technical and organizational measures so that the processing complies with the requirements set out in the GDPR and so that the protection of the rights of Data Subjects is ensured. In particular, the Controller shall only make personal data available to the Processor for processing if it has verified that the appropriate security measures are in place.

7. Personal Data Breach

7.1. The Processor will without undue delay and in any case within seventy-two (72) hours notify the Controller after it becomes aware of a Personal Data Breach.

7.2. Where the Processor becomes aware of a Personal Data Breach, it shall, without undue delay, provide the Controller with the following information:

  1. description of the nature of the Personal Data Breach, including the categories and approximate number of both Data Subjects and Personal Data records concerned;

  2. the details of a contact point where more information concerning the Personal Data Breach can be obtained;

  3. the likely consequences; 

  4. the (alleged) cause, the date on which the Personal Data Breach occurred (if no exact date is known: the period within which the Personal Data Breach occurred), the date and time on which the breach became known to the Processor or to a Sub-Processor engaged by it; and 

  5. a description of the measures taken or proposed to be taken to address the Personal Data Breach, including measures to mitigate its possible adverse effects.

Where and insofar as, it is not possible to provide all this information at the same time, the initial notification shall contain the information then available and further information shall, as it becomes available, subsequently be provided without undue delay.

7.3. Immediately following a Personal Data Breach, the Parties will co-ordinate with each other to investigate the matter. The Processor will reasonably and to the best of its abilities co-operate with the Controller in the Controller's handling of the matter, including:

  1. assisting with any investigation;

  2. taking reasonable and prompt steps to mitigate the effects and to minimize any damage resulting from the Personal Data Breach.

7.4. The Processor will not inform any third party of any Personal Data Breach without first obtaining the Controller's prior written consent, except when required to do so by law. It is and remains the responsibility of the Controller to report (if applicable) a Personal Data Breach to the supervisory authority and/or the Data Subject(s).

7.5. The Controller shall reimburse the Processor in accordance with clause ‎‎12 of this Annex 1 for services rendered in connection with this clause and all reasonable expenses associated with the Processor’s performance under this clause unless the Personal Data Breach arose from the Processor's negligence or willful misconduct.

8. Cross-border transfers of Personal Data

8.1. The Processor (or any Sub-Processor) shall not transfer or otherwise process Personal Data outside the European Economic Area (EEA) without obtaining the Controller's prior written consent (e.g. by authorization in Annex A).

8.2. Such consent of Controller is not required when the transfer of Personal Data to countries outside the EEA is mandatory under EU or EU member state provisions.

8.3. The Controller agrees that where the Processor engages a Sub-Processor in accordance with this Annex 1 for carrying out specific processing activities (on behalf of the Controller) and those processing activities involve a transfer of Personal Data within the meaning of Chapter V of the GDPR, the Processor and the Sub-Processor can ensure compliance with Chapter V of the GDPR by using standard contractual clauses adopted by the European Commission in accordance with Article 46(2) of the GDPR or any other instruments approved by the European Commission that ensure that the transfer of Personal Data to a country outside the EEA complies with appropriate safeguards as required by the GDPR.

9. Subcontractors

9.1. The Processor may only authorize a third party (“Sub-Processor”) to process the Personal Data if:

  1. the Controller is provided with an opportunity to object to the appointment of such Sub-Processor within fourteen (14) days after the Processor has notified the Controller of its intention to appoint such Sub-Processor, it being understood that the Controller shall only object to such appointment in writing and on reasonable and evidenced grounds; and

  2. the Processor enters into a written contract with the Sub-Processor that contains, as to their subject matter, terms substantially the same as those set out in this Annex 1.

9.2. Those Sub-Processors approved at the commencement of this Annex 1 are as set out in Annex A. The Processor has a general written authorization from the Controller to engage Sub-Processors with a profile similar to the Sub-Processor(s) approved in Annex A. Upon request, the Processor shall provide an updated list of the engaged Sub-Processors to the Controller.

9.3. Subject to clause ‎‎15 (Miscellaneous), the Processor shall remain fully liable to the Controller for any failure by a Sub-Processor to fulfil its obligations as set forth in this Annex 1.

10. Complaints, Data Subject requests and third-party rights

10.1. The Processor must take such technical and organizational measures as set forth in Annex A, and promptly (i.e. within fourteen (14) calendar days upon receipt of a request) provide such information to the Controller as the Controller may reasonably require, to enable the Controller to comply with:

  1. the rights of Data Subjects under the Data Protection Legislation; and

  2. information or assessment notices served on the Controller by any supervisory authority under the Data Protection Legislation.

10.2. The Processor must notify the Controller without undue delay (e.g. within fourteen (14) calendar days upon receipt) if it receives a request from a Data Subject for access to their Personal Data or to exercise any of their related rights under the Data Protection Legislation.

10.3. The Processor will reasonably and to the best of its abilities cooperate with, and assist, the Controller in responding to any complaint, notice, communication or Data Subject request.

10.4. For the avoidance of doubt, it is and remains the sole responsibility of the Controller to respond to and answer Data Subject or third party requests. The Processor shall not respond to such request itself, unless expressly authorized in writing to do so by the Controller.

10.5. The Controller shall reimburse the Processor for all services rendered under this clause in accordance with clause ‎‎12 (Costs) of this Annex 1.

11. Term and termination

11.1. This Annex 1 will remain in full force and effect so long as:

  1. the Agreement remains in effect; or

  2. the Processor retains any Personal Data related to the Agreement in its possession.

11.2. Any provision of this Annex 1 that expressly or by implication should come into or continue in force on or after termination of the Agreement (including, but not limited to, clause ‎‎15) will remain in full force and effect.

12. Costs

12.1. The services performed under this Annex 1 for which the Processor may charge the Controller will be charged on the basis of the amount of hours worked and the Processor's then standard hourly rates. Upon request, the Processor shall inform the Controller of its standard rates. The Processor will invoice these amounts on a monthly basis in accordance with the payment modalities set forth in the Agreement. All payments by the Controller to the Processor shall be executed in accordance with the terms of the Agreement.

12.2. For the avoidance of doubt, only the services executed by the Processor to ensure the Controller can adhere to its obligations under the Data Protection Legislation shall be charged. Services provided by the Processor under this Annex 1 to ensure the Processor adheres to its own obligations under the Data Protection Legislation, shall not be reimbursed, unless expressly agreed otherwise in writing. Such non-reimbursable services include: (i) the Processor’s internal compliance activities (e.g., maintaining its own records of processing activities or staff training on data protection); (ii) implementing and maintaining general security measures required by law (e.g., firewalls, encryption, access control); and (iii) addressing data breaches or non-compliance resulting from the Processor’s own fault or negligence.

13. Data return and destruction

13.1. Upon termination of the Agreement for any reason or upon expiry of its term, the Processor will securely delete or destroy or, if directed in writing by the Controller, return and not retain, all or any Personal Data in its possession pursuant to the Agreement or this Annex 1, except to the extent the Processor must retain such Personal Data for a longer term pursuant to applicable law.

14. Audit

14.1. The Processor shall make available to the Controller all information reasonably necessary to demonstrate compliance with the obligations under this Annex 1 and the Data Protection Legislation and allow the Controller’s authorized third party auditors to perform audits regarding the compliance by the Processor with its obligations under this Annex 1. The Processor shall reasonably assist the Controller to the best of its abilities and to the extent commercially reasonable in the execution of such audits.

14.2. Any such audit may not take place more than once every contract year (unless there are serious and objective indications that the Controller breached its obligations under this Annex 1), shall be at the sole expense of the Controller and shall be subject to the Controller providing the Processor with at least thirty (30) days prior written notice of its intention to perform an audit. The audit shall take place during the normal business hours of the processor and shall not unreasonably interfere with the Processor’s business activities. The Controller's confidentiality obligations towards third parties must be taken into account when conducting such an audit. Both the Controller and its auditors shall keep the information disclosed in the context of an audit confidential and shall only use it for the purpose of verifying the Processor’s compliance with this Annex 1. The Processor shall have the right to require any third-party auditor to enter into a non-disclosure agreement prior to performing the audit.

14.3. The findings of the audit will be assessed by the Parties in mutual consultation and, will (if necessary) lead to the implementation of adjustments by one of the Parties or by both Parties jointly, as far as this is reasonable in the context of the performance of the Agreement. The relevant Party shall have the possibility to (i) suspend the implementation of the instruction in question until the other Party confirms, modifies or withdraws its instruction, or (ii) to terminate the Agreement or cooperation, if, after consultation, the Party persists in the breach or the unlawful instruction.

14.4. The Processor shall be entitled to full compensation for the assistance mentioned in this clause in accordance with clause ‎‎12 , unless this assistance is the result of a proven non-compliance by the Processor with this Annex 1 or the Data Protection Legislation.

15. Miscellaneous

15.1. To the extent permitted under applicable law, any limitations and/or exclusions of liability in the Agreement are applicable to this Annex 1. In any event, the Processor shall only be liable under these provisions if it has (i) failed to comply with its specific obligations under the GDPR, or (ii) acted outside or in breach of the Controller's lawful instructions.

15.2. This Annex 1 will be governed by, and construed in accordance with, the laws and other miscellaneous clauses applicable to the Agreement, unless the context would require otherwise.

ANNEXES:

ANNEX A - Description of processing and contact information

1. Purposes and specific instructions regarding the processing

☒ execution of the Business Purpose;

☐ other (please specify): _______________________

2. Nature of the processing

☒ collection
☒ recording
☒ organization
☒ structuring
☒ storage
☒ adaptation or alteration
☒ retrieval
☒ consultation
☒ use
☒ disclosure by transmission, dissemination or otherwise making available 
☒ alignment or combination
☒ restriction, erasure or destruction of data (whether or not by automated means)
☐ other (please specify): _______________________

3. Categories of Data Subjects

☒ (Potential/ex-) customers of the Client
☒ Applicants, (ex-) employees or interns
☒ (Potential)/(ex) self-employed consultants 
☒ Users of the following service/website/application: the Platform 
☒ (Potential/ex-) suppliers
☒ (Potential/ex-) business partners
☐ Minors (below the age of 16)
☐ Other (please specify): _______________________

4. Categories of Personal Data

☒ Personal identification data (name, address, telephone number, etc.) 
☒ Electronic identification data (IP address, MAC address, cookies, etc.) 
☒ Financial data (bank account numbers, insurance, salary, order and payment history, etc.)
☐ Personal characteristic (age, gender, date of birth, place of birth, citizenship, visas, etc.) 
☒  Psychological data (opinions about personality, work ethic, etc.) 
☐ Family (marital status, cohabitation, name of spouse/partner, children, parents, etc.) 
☐ Memberships (professional and non-professional memberships, clubs, groups, associations, etc.)
☐ Judicial data (data concerning convictions and offences, suspicions, indictments and administrative sanctions )
☐ Financial and insurance products (loans, mortgages, etc.)
☐ Location data (GPS, mobile phone or other tracking mechanisms, etc.)
☒ Education (curriculum, financing of studies, qualifications, professional experience, publications, etc.) 
☐ Housing characteristics (type of home, residence time, etc.)
☐ Health related data (physical health, mental health, genetic data, treatments, prescriptions, etc.)  
☒ Profession and job (current job, work description, job application data, career, salary, data concerning IT equipment, passwords and codes, etc.)
☐ Lifestyle and (consumption) habits 
☒ Account data (Usernames, passwords and any other log-in data, etc.)
☐ Pictures or videos 
☐ Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade-union membership.
☐ Genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or sex life or sexual orientation
☒ All other categories of personal data uploaded in or generated by the usage of Processor’s Platform and/or Services by the Controller or its users or as otherwise provided by the Controller or its users to the Processor in the execution of the Agreement; 
☐ Other (please specify): _______________________

5. Retention period

☒ During the term of the Agreement and up to one (1) year after termination of the Agreement;
☐  For as long as the Controller makes Personal Data available to the Processor in the context of the Agreement;
☐ Specific retention periods, please specify: _______________________

6. Contact information for the person responsible for data protection compliance

Processor email: stijn@hejj.io

7. List of Sub-Processors

The Controller has authorized the use of the following Sub-Processors: 

☒ hosting providers (including without limitation cloud and storage providers);
☒ email and other communication and customer service providers;
☒ IT service providers;
☒ independent service providers, consultants and freelancers, generally engaged in the Processors’ day-to-day activities;
☒ professional advisors (including without limitation lawyers, bankers, auditors, and insurers); 
☒ affiliated entities;
☐ Other, please specify: _______________________

8. Transfer of personal data

Category and location recipients of Personal Data outside the EEA:

☒ Not applicable
☐ Controller, who is located outside the EEA;
☐ Controller’s end users, employees, officers, freelancers, contractors and/or consultants; who are located outside the EEA; 
☐ The following Sub-Processors authorized under point 7 of this Annex (please specify): _______________________
☐ Other (please specify): _______________________

Purpose(s) for transfer of Personal Data outside the EEA

☐ The purposes as defined in point 1 of this Annex A
☒ Other (please specify): N/A

9. Technical and organizational measures

The Processor takes appropriate technical and organizational measures such as:

  • Measures of pseudonymization and encryption of personal data

  • Measures for ensuring ongoing confidentiality, integrity, availability and resilience of processing systems and services

  • Measures for ensuring the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident

  • Processes for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures in order to ensure the security of the processing

  • Measures for user identification and authorization

  • Measures for the protection of data during transmission

  • Measures for the protection of data during storage

  • Measures for ensuring physical security of locations at which personal data are processed

  • Measures for ensuring events logging

  • Measures for ensuring system configuration, including default configuration

  • Measures for internal IT and IT security governance and management

  • Measures for certification/assurance of processes and products

  • Measures for ensuring data minimization

  • Measures for ensuring data quality

  • Measures for ensuring limited data retention

  • Measures for ensuring accountability

  • Measures for allowing data portability and ensuring erasure.

The Processor is committed to ensuring that personal data is protected at all levels - technical, physical, and organizational. The Processor’s organizational measures and security practices are continuously reviewed and updated to address evolving threats and maintain a high level of data security and privacy. In order to continuously stay at pace with the evolving security standards, the Controller acknowledges and agrees that the measures described herein, will be updated and amended from time to time (at Processor’s sole discretion). Upon request, Processor shall provide any updated version of this Annex A.

Despite the above described measures, the Parties hereby acknowledge that there are always risks associated with sending personal data over the internet and that the security and protection of personal data can never be fully guaranteed, nor can it be guaranteed that unauthorized third parties will never be able to defeat those measures or use the personal data processed by Processor for improper purposes.

Processor’s Sub-Processors implement mutatis mutandis (and to the extent applicable for the scope of their services and obligations) the technical and organizational measures as defined in this Annex A, or such other measures resulting in an equivalent or higher level of protection of personal data as deemed useful or necessary by such Sub-processors. Upon request, Processor can request its Sub-Processors to provide the latest version of the implemented technical and organizational measures by said Sub-Processor.