Data processing agreement

Between:

Sports club or voluntary organisation (hereinafter referred to as the “Data Controller”),

and

Teamsupport1 AS (hereinafter referred to as “Data Processor”), org.nr. 927 387 387, with address Gudolf Blakstadsvei 55, 1386 Asker

 

  1. Purpose

This Agreement regulates the processing of personal data that the Data Processor performs on behalf of the Data Controller, in accordance with the General Data Protection Regulation (GDPR). The purpose of the processing is to enable communication with the club’s members and keep track of the club’s turnover related to the members’ activities.

  1. Personal data that is processed

The Data Processor shall process the following personal data about the members of the club:

  • Name
  • E-mail adresse
  • Telephone number

This information will only be used:

  • To communicate with Club members on behalf of the Data Controller.
  • To keep track of turnover related to each member, team and the club as a whole.

 

  1. Basis for processing

The processing of the personal data takes place on the basis of the Data Controller’s legitimate interest pursuant to GDPR Article 6 (1) letter f, or on other relevant legal basis that the Data Controller has established with its members.

 

  1. Data Processor’s Duties

4.1. Instructions

The Data Processor shall only process personal data in accordance with the instructions of the Data Controller, as set out in this Agreement. The processing shall be limited to what is necessary for the purposes described in section 2.

4.2. Security measures

The Data Processor shall implement the necessary technical and organizational measures to ensure that the personal data is protected against unauthorized access, loss or other unauthorized processing. This includes, but is not limited to, encryption, access control, and training employees on GDPR obligations.

4.3. Employees

The Data Processor shall ensure that employees who process personal data are obliged to confidentiality and only have access to information that is necessary to perform their work tasks.

4.4. Use of subcontractors

The Data Processor is not permitted to use subcontractors for the processing of personal data without the prior written consent of the Data Controller. Upon approval, a data processing agreement must be entered into with the subcontractor that ensures that the personal data is processed in accordance with the GDPR and this agreement.

 

  1. Duties of the Data Controller

5.1. Access and control

The Data Controller has the right to carry out checks, including audits, to verify that the Data Processor complies with its obligations under this Agreement and the GDPR. The Data Processor shall facilitate and contribute to such controls.

5.2. Members’ rights

The Data Controller is responsible for handling requests from members for access, correction, deletion or restriction of their personal data, as well as the right to withdraw consent. The Data Processor shall assist the Data Controller in the fulfilment of these rights as necessary.

 

  1. Data storage and deletion

6.1. Deletion of data

Personal data shall be deleted or permanently anonymized in the following cases: – When a member terminates his/her membership in the club. – When the Data Controller terminates the agreement with the Data Processor. – When a member requests the deletion of his/her data, insofar as it is compatible with the Data Controller’s obligations.

6.2. Deletion upon termination of the agreement

Upon termination of the agreement between the Data Controller and the Data Processor, the Data Processor shall immediately delete all personal data they have processed on behalf of the Data Controller, unless further storage is required by law.

 

  1. Liability and indemnification

Both parties are responsible for complying with their respective obligations under the GDPR. The Data Processor is responsible for indemnifying the Data Controller for any loss or damage caused by the breach of this Agreement or the GDPR.

 

  1. Duration

This agreement applies as long as the Data Processor processes personal data on behalf of the Data Controller. Upon termination of the processing relationship, the Data Processor shall delete all personal data processed on behalf of the Data Controller, in accordance with Section 6.

 

  1. Confidentiality

The Data Processor undertakes to treat all information covered by this Agreement as confidential. The Data Processor must ensure that employees and any subcontractors are also obliged to confidentiality.

 

  1. Changes to the Agreement

The Data Processor can make changes to this agreement as long as these changes are required by law.

 

  1. Acceptance of the Agreement

This agreement is considered accepted by both parties when the Data Controller completes registration and starts using the Data Processor’s system.