Page Title Shape 1
Page Title Shape 2

Data Protection Agreement for Affiliates (GDPR Article 26)

This Data Protection Agreement (the "Agreement") forms part of, and can only be used in conjunction with, our Affiliate Agreement and general Terms and Conditions. It applies between Lifetivation Rok Šprogar s.p., Kot 52, 8333 Semič, Slovenia (the "Company", "we", "us") and a registered Affiliate ("you"). It does not create any rights or obligations for ordinary visitors to the Website, and it does not by itself make any visitor a controller.

ARTICLE 1 — SCOPE AND ROLES

(1) Each party is the sole and independent controller of the personal data it collects and processes through its own channels for its own purposes, and is independently responsible for complying with the General Regulation in respect of that processing.

(2) The parties act as joint controllers within the meaning of Article 26 GDPR only in respect of the specific processing in which they jointly determine the purposes and means — namely, the collection of leads through lead-generation tools that the Company makes available and that you embed or deploy on your own websites, channels or media, and the subsequent use of those leads to send emails and newsletters. This Agreement governs that joint processing. Where the parties do not jointly determine the purposes and means, paragraph (1) applies and each party is a controller under Article 4(7) GDPR.

(3) The categories of data concerned by the joint processing are typically: email address, name and mailing preferences. The legal basis for the processing is consent and/or the performance of a contract.

ARTICLE 2 — ALLOCATION OF RESPONSIBILITIES

(1) In the context of joint controllership, the Company is responsible for the processing of personal data in operating range A, which covers the operation of the platform, the storage of leads and the sending of emails and newsletters through the Company's systems.

(2) You are responsible for the processing of personal data in operating range B, which covers the lawful collection of leads through the tools you deploy on your own channels, including obtaining any required consent and providing notice to data subjects at the point of collection.

(3) Each party shall ensure compliance with the legal provisions of the GDPR, particularly the lawfulness of processing under joint controllership, and shall take all necessary technical and organisational measures to ensure that the rights of data subjects under Articles 12 to 22 GDPR are guaranteed at all times within the statutory time limits.

ARTICLE 3 — DATA MINIMISATION AND FORMAT

(1) The parties shall store personal data in a structured, commonly used and machine-readable format.

(2) The Company and you shall each ensure that only personal data which are strictly necessary for the legitimate conduct of the process are collected.

ARTICLE 4 — INFORMATION TO DATA SUBJECTS

The parties commit themselves to provide the data subject with the information referred to in Articles 13 and 14 GDPR in a concise, transparent, intelligible and easily accessible form, using clear and plain language, free of charge. The Company provides the information on the processing in operating range A, and you provide the information on the processing in operating range B.

ARTICLE 5 — DATA SUBJECT RIGHTS

(1) The data subject may exercise their rights under Articles 15 to 22 GDPR against each of the joint controllers. In principle, the data subject may receive the requested information from the party to which the request was made.

(2) The Company and you shall each provide access in accordance with Article 15 GDPR. Where necessary, the parties shall provide each other with the information required from their respective operating range, and each party must immediately inform the other of any change of contact person.

(3) If a data subject exercises their rights against one of the parties — in particular the rights of access, rectification or erasure — the parties are obliged to forward the request to the other party without undue delay. The party receiving the request must immediately provide the information within its operating range to the requesting party. If personal data are to be erased, the parties shall inform each other in advance; a party may object to erasure for a legitimate interest, for example where there is a legal obligation to retain the data.

ARTICLE 6 — ERRORS, INFRINGEMENTS AND BREACH NOTIFICATION

(1) The parties shall inform each other immediately if they notice errors or infringements regarding data-protection provisions during the examination of the processing activities.

(2) Both parties are obliged to inform the supervisory authority and the affected data subjects of a personal-data breach in accordance with Articles 33 and 34 GDPR concerning their operating ranges. The parties shall inform each other of any such notification without undue delay and shall forward to one another the information required for the notification without undue delay.

ARTICLE 7 — ESSENCE OF THE ARRANGEMENT (Article 26(2) GDPR)

The parties undertake to make the essential content of this joint-controllership arrangement available to data subjects, as required by Article 26(2) GDPR. Regardless of the terms of this Agreement, a data subject may exercise their rights under the GDPR in respect of and against each of the controllers.

ARTICLE 8 — ACCOUNTABILITY AND CONFIDENTIALITY OF STAFF

(1) Documentation within the meaning of Article 5(2) GDPR, which serves as proof of proper data processing, shall be archived by each party beyond the end of this Agreement in accordance with legal provisions and obligations.

(2) Within their operating range, the parties shall ensure that all persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality in accordance with Articles 28(3), 29 and 32 GDPR. The parties shall observe the data-secrecy provisions and shall be familiar with the relevant data-protection rules.

(3) The parties shall independently ensure that they can comply with all storage obligations regarding the data by implementing appropriate technical and organisational measures (Article 32 et seq. GDPR), in particular in the case of termination of the cooperation. Implementation, default settings and operation of the systems shall comply with the principles of data protection by design and by default.

ARTICLE 9 — PROCESSORS

(1) The parties commit to conclude a contract in accordance with Article 28 GDPR when engaging processors within the scope of this Agreement.

(2) The parties shall inform each other upon request of sub-processors engaged and shall only commission sub-processors who meet the requirements of data-protection legislation and of this Agreement. Ancillary third-party services used to support performance (such as telecommunications and maintenance) are not regarded as processor services within the meaning of this Agreement; nevertheless, the parties shall make appropriate contractual arrangements and take controlling measures to guarantee the protection and security of personal data.

ARTICLE 10 — LIABILITY

Notwithstanding the provisions of this Agreement, the parties are liable for damage resulting from processing that fails to comply with the GDPR. In their external relationship they are jointly liable to the persons concerned. In their internal relationship, the parties are liable only for damage which has arisen within their respective operating range.

ARTICLE 11 — CONFIDENTIALITY OF THE AGREEMENT

Each party must keep this Agreement, and information it receives about the other party and its business in connection with this Agreement ("Confidential Information"), confidential and must not use or disclose that Confidential Information without the prior written consent of the other party, except to the extent that: (a) disclosure is required by law; or (b) the relevant information is already in the public domain.

ARTICLE 12 — NOTICES AND GOVERNING LAW

All notices and communications under this Agreement must be in writing and delivered personally, by post or by email to the address or email address of the relevant party, or to such other address as notified from time to time.

This Agreement is governed by the laws of the Republic of Slovenia. Any dispute arising in connection with this Agreement which the parties are unable to resolve amicably shall be submitted to the exclusive jurisdiction of the court in Novo mesto, Slovenia.

ARTICLE 13 — CONTACT

If you need any information or assistance regarding this Agreement or the processing of personal data, you can contact us at info@precisefunnels.com or via our contact page.