English
German
French
Spanish
Portuguese
Italian
Turkish
Romanian
Greek
Bulgarian
Arabic
Hindi
CONFIDENTIALITY AND DATA PROTECTION AGREEMENT (NDA)
between
Evomatec
(hereinafter referred to as “EVOMATEC”)
and
……………………………………………………………………………
(hereinafter referred to as the “BUSINESS PARTNER”)
EVOMATEC and the BUSINESS PARTNER are hereinafter jointly referred to as the “Parties” and individually as a “Party”.
Date: …………………
Place: …………………
Preamble
The Parties intend to enter into a business cooperation under which EVOMATEC will obtain access to confidential information and personal data of the BUSINESS PARTNER and its customers.
The purpose of this Agreement is to ensure a high and professional level of protection for all confidential information and personal data, to protect the BUSINESS PARTNER against any misuse of such information and to clearly define the roles of the Parties from a data protection and commercial perspective.
In consideration of the foregoing, the Parties enter into the following Confidentiality and Data Protection Agreement.
§ 1 Parties and Subject Matter of the Agreement
1.1 EVOMATEC is a company operating in particular in the field of mechanical engineering, service, maintenance, technical consulting and related services.
1.2 The BUSINESS PARTNER is a company which cooperates or intends to cooperate with EVOMATEC within the framework of specific projects, services or service agreements and which grants EVOMATEC access to confidential information and personal data for this purpose.
1.3 The subject matter of this Agreement is to define the rights and obligations of the Parties with regard to
the confidentiality of all information and data transmitted by the BUSINESS PARTNER to EVOMATEC, and
data protection in connection with the processing of personal data by EVOMATEC on behalf of the BUSINESS PARTNER.
1.4 This Agreement applies to all forms of cooperation in which EVOMATEC receives or may gain access to information and data of the BUSINESS PARTNER, irrespective of whether a separate main contract (e.g. service agreement, supply contract) has been concluded.
§ 2 Purpose of the Transfer of Data and Information
2.1 In the course of the cooperation, the BUSINESS PARTNER may in particular transfer the following information to EVOMATEC:
identification data of customers and potential customers
contact details (e.g. address, telephone number, e-mail address, position)
information on machines, products and services offered or purchased
service, maintenance, complaint and spare parts requests as well as technical information
project-related commercial and technical data, drawings, descriptions and documentation
2.2 EVOMATEC undertakes to use all information transmitted by the BUSINESS PARTNER exclusively
for the maintenance, handling and support of customer relationships established by the BUSINESS PARTNER,
for the provision of service, maintenance, commissioning and technical support services,
for the supply of spare parts, technical solutions and recommendations,
as well as for other legitimate business purposes expressly agreed in writing between the Parties
and in each case in the name and on behalf of the BUSINESS PARTNER.
2.3 Any use of the information for independent sales, marketing or competitive purposes that are separate from and not aligned with the BUSINESS PARTNER’s interests is expressly prohibited unless the BUSINESS PARTNER has given its prior express written consent.
§ 3 Definition of Confidential Information
3.1 “Confidential Information” within the meaning of this Agreement shall mean all information and data, irrespective of their form (including, without limitation, written, oral, electronic, digital, graphical, audiovisual or any other form), which
the BUSINESS PARTNER directly or indirectly makes available to EVOMATEC, or
EVOMATEC obtains in connection with the cooperation with the BUSINESS PARTNER,
including all personal data of customers, contact persons, employees or other data subjects.
3.2 Confidential Information includes, in particular but without limitation:
a) commercial, technical and financial information of the BUSINESS PARTNER and its customers
b) customer lists, customer databases, customer contracts, project and offer documents, cost calculations, price lists, discount schemes, sales terms and conditions
c) service, maintenance, quality and incident reports, technical drawings, CAD data, designs, specifications, software configurations, documentation, internal records and reports
d) personal data of customers, contact persons, employees or other data subjects (e.g. name, address, telephone number, e-mail address, position, order, service and purchase history)
e) the existence, content and conditions of this Agreement as well as all negotiations relating thereto
f) strategic information of the BUSINESS PARTNER, including market and competition analyses, business plans, development and investment planning
3.3 It is not required that information be expressly marked as “confidential”. The decisive factor is whether the information would typically be regarded as confidential in light of an objective assessment and the circumstances of its disclosure. In cases of doubt, information shall be treated as confidential in favour of the BUSINESS PARTNER.
§ 4 Confidentiality Obligations of EVOMATEC
4.1 EVOMATEC undertakes to treat all Confidential Information
strictly confidentially,
to protect it against unauthorised access, loss, alteration or unauthorised disclosure by means of appropriate technical and organisational measures,
and to use it exclusively within the scope of and for the purposes defined in this Agreement.
4.2 EVOMATEC may disclose Confidential Information within its own organisation only to those persons who
necessarily require such information for the performance of tasks resulting from the cooperation (need-to-know principle), and
are bound by contractual or statutory confidentiality obligations which provide a level of protection at least equivalent to that of this Agreement.
4.3 EVOMATEC shall ensure that all employees, corporate bodies, affiliated companies, external consultants, IT service providers and other vicarious agents who gain access to Confidential Information are informed in advance of the confidentiality requirements and are properly bound to confidentiality. EVOMATEC shall be liable for the acts and omissions of such persons as for its own acts and omissions.
4.4 Without the prior express written consent of the BUSINESS PARTNER, EVOMATEC is in particular not entitled to
reproduce, copy, export or transfer Confidential Information to other media beyond the scope necessary for the performance of the contract,
integrate Confidential Information into its own databases unless this serves exclusively the performance of tasks on behalf of the BUSINESS PARTNER,
contact existing or potential customers of the BUSINESS PARTNER in a manner that circumvents or economically disadvantages the BUSINESS PARTNER,
use Confidential Information for its own or third-party marketing, sales or competitive activities or to make such information available to third parties, whether for consideration or free of charge.
§ 5 Exceptions to Confidentiality
5.1 The confidentiality obligation shall not apply to information for which EVOMATEC can prove that
a) such information was already publicly known at the time it was disclosed by the BUSINESS PARTNER or became publicly known thereafter without any fault on the part of EVOMATEC,
b) such information was lawfully known to EVOMATEC without any confidentiality obligation prior to its disclosure by the BUSINESS PARTNER,
c) such information was lawfully disclosed to EVOMATEC by a third party without breach of a confidentiality obligation vis-à-vis the BUSINESS PARTNER,
d) such information must be disclosed due to mandatory statutory provisions, final court decisions or binding orders of public authorities.
5.2 In the event of a disclosure obligation pursuant to § 5.1 (d), EVOMATEC shall, to the extent legally permissible and practically feasible,
inform the BUSINESS PARTNER without undue delay in writing,
limit the scope of disclosure to the legally required minimum, and
cooperate with the BUSINESS PARTNER in reviewing and implementing any protective or defensive measures.
§ 6 Processing of Personal Data (Data Protection)
6.1 The Parties acknowledge that, in the course of their cooperation, personal data within the meaning of the General Data Protection Regulation (GDPR) and other data protection laws may be processed. The protection of such data is of high priority to the Parties – in particular for the benefit of the BUSINESS PARTNER.
6.2 Insofar as EVOMATEC processes personal data on behalf of the BUSINESS PARTNER, the following shall apply:
the BUSINESS PARTNER is the controller within the meaning of the GDPR,
EVOMATEC is the processor within the meaning of the GDPR.
6.3 EVOMATEC undertakes
to process personal data solely in accordance with the documented instructions of the BUSINESS PARTNER,
to use personal data only for the purposes specified in § 2 of this Agreement and/or agreed separately,
and to implement appropriate technical and organisational measures pursuant to Article 32 GDPR to ensure a level of security appropriate to the risk.
6.4 EVOMATEC shall not engage any subcontractors (sub-processors) for the processing of personal data without the prior express written consent of the BUSINESS PARTNER. In the event that consent is granted, EVOMATEC shall ensure that each sub-processor is bound by contractual terms which meet at least the data protection requirements of this Agreement.
6.5 EVOMATEC shall inform the BUSINESS PARTNER without undue delay – preferably within 48 hours – if it becomes aware of any personal data breach (e.g. loss, unauthorised access, manipulation or unauthorised disclosure of personal data) affecting personal data of the BUSINESS PARTNER. EVOMATEC shall take all reasonable measures to contain, investigate and mitigate the breach and shall closely cooperate with the BUSINESS PARTNER in this respect.
6.6 The BUSINESS PARTNER remains responsible, as controller, for the fulfilment of the rights of data subjects (in particular rights of access, rectification, erasure, restriction of processing, data portability and objection). EVOMATEC shall support the BUSINESS PARTNER to a reasonable extent in fulfilling these obligations, especially by providing necessary information and technical assistance.
6.7 Upon termination of the cooperation or upon the express written request of the BUSINESS PARTNER, EVOMATEC shall – subject to any statutory retention obligations –
return to the BUSINESS PARTNER all personal data of the BUSINESS PARTNER, and
return or securely delete or destroy all copies, backups and derivatives of such data,
and shall confirm the complete return or deletion to the BUSINESS PARTNER in writing.
§ 7 Audit and Information Rights of the BUSINESS PARTNER
7.1 To protect the interests of the BUSINESS PARTNER, EVOMATEC undertakes, upon request of the BUSINESS PARTNER, to
provide appropriate evidence demonstrating compliance with this Agreement and the applicable data protection provisions (e.g. certificates, internal policies, audit reports), and
provide information on the technical and organisational measures implemented.
7.2 The BUSINESS PARTNER shall be entitled, subject to reasonable prior notice, to conduct appropriate audits (e.g. inspections, spot checks) at EVOMATEC itself or through auditors appointed by the BUSINESS PARTNER who are bound by confidentiality, insofar as this is necessary to verify compliance with this Agreement. In carrying out such audits, the legitimate security and operational interests of EVOMATEC shall be duly considered.
§ 8 Intellectual Property Rights
8.1 All intellectual and industrial property rights in and to the Confidential Information shall remain exclusively with the BUSINESS PARTNER or the respective rights holders.
8.2 This Agreement does not grant EVOMATEC any licences, rights of use or other proprietary rights in or to the Confidential Information, unless expressly agreed otherwise in writing in a separate contract.
8.3 EVOMATEC is not entitled to use the company name, trademarks, logos, product names or other distinctive signs of the BUSINESS PARTNER without the prior express written consent of the BUSINESS PARTNER.
§ 9 Liability
9.1 Unless the BUSINESS PARTNER has expressly agreed otherwise in writing, it does not assume any warranty for the completeness, accuracy or suitability of the information provided for a particular purpose.
9.2 EVOMATEC shall be liable to the BUSINESS PARTNER for all damages resulting from a culpable breach of the confidentiality, data protection or data security obligations set out in this Agreement. This includes, in particular:
demonstrable direct damages,
indirect and consequential damages,
loss of profit, to the extent legally permissible, and
justified claims of third parties (in particular customers, data subjects, authorities).
9.3 Without the prior express written consent of the BUSINESS PARTNER, EVOMATEC is not entitled to
contact existing or potential customers of the BUSINESS PARTNER in its own name or in the name of third parties,
independently request information, documents or data from such customers,
independently conclude contracts, offers or other business relationships with such customers in its own name.
All customer-related requests shall be coordinated exclusively through the BUSINESS PARTNER. The exclusive right to the direct management, substantive structuring and contractual design of customer relationships lies with the BUSINESS PARTNER.
Only if the BUSINESS PARTNER has previously given EVOMATEC its express written authorisation shall EVOMATEC be entitled to communicate directly with customers of the BUSINESS PARTNER, and then only within the scope and limits of such authorisation.
§ 10 Term and Survival
10.1 This Agreement shall enter into force upon signature by both Parties.
10.2 The confidentiality and data protection obligations shall apply for the duration of the business relationship between the Parties and shall continue to apply for a period of at least ten (10) years after the termination of the cooperation or after the date of the last disclosure of Confidential Information, whichever occurs later.
Longer statutory retention and limitation periods, in particular with regard to personal data, shall remain unaffected.
10.3 The termination of the cooperation – irrespective of the legal grounds – shall not affect the validity of the provisions of this Agreement regarding confidentiality, data protection and the protection of the BUSINESS PARTNER’s interests.
§ 11 Return and Deletion of Documents
11.1 Upon written request of the BUSINESS PARTNER or upon termination of the cooperation, EVOMATEC shall
return to the BUSINESS PARTNER all documents, data carriers and other media containing Confidential Information of the BUSINESS PARTNER, or
upon the express request of the BUSINESS PARTNER, securely and permanently delete or destroy such documents and data.
11.2 Insofar as mandatory statutory retention obligations prevent complete deletion, EVOMATEC shall be entitled to store the relevant data solely for the purpose of fulfilling such retention obligations and only for the duration required by law. After expiry of this period, the data shall be deleted without undue delay.
11.3 EVOMATEC is not entitled to assert any rights of retention in relation to data or documents of the BUSINESS PARTNER insofar as they constitute Confidential Information or personal data.
§ 12 Written Form, Assignment, Governing Law, UN Sales Convention (CISG) and Jurisdiction
12.1 Any amendments and supplements to this Agreement, including any side agreements, shall only be valid if made in writing and signed by both Parties. This shall also apply to any waiver of this written form requirement.
12.2 Neither Party may assign any rights or obligations under this Agreement, in whole or in part, to any third party without the prior express written consent of the other Party. Any deviation from this requirement shall be subject to a separate written agreement signed by both Parties.
12.3 This Agreement shall be governed by and construed in accordance with the laws of the Federal Republic of Germany, to the exclusion of the provisions of private international law.
The United Nations Convention on Contracts for the International Sale of Goods (UN Sales Convention, CISG) shall not apply to this Agreement.
12.4 For all commercial disputes arising out of or in connection with this Agreement, the courts having subject-matter jurisdiction in Stuttgart shall have exclusive jurisdiction.
12.5 If any provision of this Agreement is or becomes invalid or unenforceable, in whole or in part, the validity of the remaining provisions shall not be affected. The Parties undertake to replace the invalid or unenforceable provision with a valid and enforceable provision that comes as close as possible to the economic intent of the invalid or unenforceable provision.
§ 13 Final Provisions and Counterparts
13.1 This Agreement constitutes the entire agreement between the Parties with respect to the subject matter of confidentiality and data protection in the context of their cooperation. Any prior oral or written agreements relating to the same subject matter shall be superseded by this Agreement unless they are expressly continued in writing.
13.2 This Agreement is executed in two counterparts of equal wording and validity. Each Party shall receive one counterpart.
Signatures
Evomatec
Name / Position: ……………………………
Signature: ………………………………………
BUSINESS PARTNER
Company: ………………………………………
Name / Position: ……………………………
Signature: ………………………………………