Version 2023-08
This data processing agreement is part of the Terms of Service and Privacy Policy of Orange Elements. This agreement takes effect when you agree on the Terms of Service or on the Privacy Policy. This agreements expires when your account is terminated.
When we say “Company”, “Orange Elements”, “we”, “our” or “us” in this document, we are referring to the legal entity 4Kings B.V. using the brand Orange Elements. 4Kings B.V. is registered at the Chamber of Commerce in the Netherlands under number 34185513.
When we say “Services” or “Product”, we mean our websites orangeelements.com and orangeelements.app, created and maintained by Orange Elements.
When we say “Client”, “you” or “your” we mean you, the person or company that has an product account and uses our services.
When talk about Data Controller in this agreement we mean the legal entity or natural person who determines the purpose and means of the processing of personal data.
When we talk about Data Processor we mean the legal entity or natural person who processes personal data on behalf of the data controller.
When we say Data Object we mean the person to whom the personal data relates.
When we talk about GDPR we mean the regulation 2016-679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the Processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
Orange elements will process personal data based on the GDPR requirements and regulations.
Under the European Union General Data Protection Regulation (GDPR) Orange Elements acts as data processor. If the client act as a data processor Orange Elements will act as a sub-processor.
The client has full control over the personal data and act as data controller.
Orange Elements provides a no-code service where the client can define its own data structures. The client is fully responsible for handling the personal data and any data he stores within this service. Orange Elements is not responsible for the data the client stores within the product.
The client agrees to follow the General Data Protection Regulation (GDPR) and to meet all of its requirements under the law.
The client has the means and is responsible to anonymize data if needed. If needed Orange Elements will assist the client.
Orange elements will process the personal data in a proper and secure and careful way under the requirements of GDPR.
Which data is stored is describes in our privacy policy. You can read the privacy policy on our website orangeelements.com.
Orange Elements will not alter or transfer personal data to third parties unless this is required by law. Orange Elements will inform the client if data has to be transferred by law.
The client agrees that it will not store sensitive personal data and will not ask Orange Elements to process them.
For European Union (EU) clients Orange Elements will host the application servers and databases in data centers within the EU.
The client is responsible to fulfill the rights of the data subject as described in GDPR. If needed Orange Elements will assist the client.
When a data object sends a request to Orange Elements regarding his/her personal information, we will handle the request. We will inform the client about this request and the actions taken by us.
To keep your personal information safe and secure, Orange Elements has implemented several security measures.
When needed we encrypt data. For instance passwords and other secrets are fully encrypted. Password cannot be read by anyone, not even by employees from Orange Elements. You can reset or change your password at any time. Within the service you can manage your users yourself. It is your responsibility to manage your users securely.
Any data that is passed from our servers to your browser is encrypted and delivered over TLS. All your data that is communicated between our servers is encrypted using end-to-end encryption. Your data is only accessible by trusted IP addresses and cannot be accessed by other machines.
We use daily backups to make sure we can revert data changes within 7 days if needed.
We test our software and hardware thoroughly, but as all software the service is not bug free. If needed we will make adjustments, if these adjustments affects the client we will inform the client.
Data is only accessible to staff members on a need to know basis.
We will implement organisational procedures to secure and protect your data. When choosing how to protect your personal data, Orange Elements will consider the risks that could happen to it, such as being accidentally or illegally destroyed, lost, changed, or shared without your permission.
At least once a year we validate if all our security measures are still valid or need adjustments. We will inform you if we have taken additional security measures that might impact you.
The client is in full control of the personal data. If needed (s)he can anonymize data as the client feels fit. If needed Orange Elements will assist the client.
Orange Elements will take reasonable steps to ensure the reliability of any staff member, contractor or sub-processor who has access to personal data. Access will always be limited to the relevant personal data. Orange Elements will ensure that all staff members, contractors and sub-processors are informed of the confidential nature of the personal data and are bound by confidentiality obligations.
If you have questions about security contact our security officer at [email protected].
Client agrees that Orange Elements may ask sub-processors to process personal data. The sub-processor will act in compliance with this data processing agreement. Orange Elements is responsible to make sure the sub-processor is in compliance with this data processing agreement.
All Sub-processors are described in our Privacy statement. When we use a new sub-processor we will update our Privacy policy and inform the client about this. If the client does not agree with the new sub-processor, (s)he can contact Orange Elements at [email protected].
When you terminate your account we will delete all data, including personal data after 60 days. Data of expired trial accounts will be deleted after 30 days. There may be edge cases where we aggregate and anonymize your interaction data. When we do, this data is not considered to be personal information anymore and can not be tracked to you personally.
If we have a data breach we are obliged by law to inform the authorities about this. In the Netherlands this is Autoriteit Persoonsgegevens.
We will notify affected clients within 48 hours of discovering a data breach. We will communicate the nature of the breach, the affected data, and the estimated risk. We will also appoint a contact person and describe the steps we are taking to mitigate the problem and protect your data. We will keep you informed of our progress as we investigate the breach further.
If you want to investigate the problem yourself, we will assist you within reasonable measures.