Article 1. Definitions

1. In this Agreement the following terms written with a capital letter, have the following meaning:

• GDPR: The EU General Data Protection Regulation;
• Processor: Orange Veins B.V., holding its offices in Breda, the Netherlands, at Rat Verleghstraat 118C (4815 PT)
• Image Materials: Photos and film material made by the Processor of the teams (Responsible) during the period of the Agreement;
• Data Leak: A violation of the security that accidentally or illegally leads to the destruction, the loss, the changing or the unauthorized provision of or the unauthorized access to forwarded, stored or otherwise processed data;
• Agreement: The tournament trip/trip agreement concluded between Responsible and Processor on the basis of which Processor shall process data for Responsible;
• Personal Data: All data that directly or indirectly is retraceable to a natural person as referred to in article 4 (consideration) and under 1 GDPR;
• Participant List or Rooming List: List composed by Responsible with first name, family name and date of birth of travellers;
• Match Images: Matches played by teams of the Responsible that have been recorded on images by the Processor.

Article 2. Privacy Statement

1. Personal Data is necessary for the Processor to receive. Without Personal Data, the Processor cannot execute the agreement. The processing of the Personal Data takes place as declared in the Privacy Statement of Processor. The Privacy Statement can be found on the company website of Processor.

Article 3. Processing Participant List / Rooming List

1. Responsible is responsible for the timely delivery of Participant List / Rooming List to the Processor. By the signing of the Agreement, Responsible agrees with the release of Participant Lists / Rooming Lists.
2. Processor is allowed to share the Participant List / Rooming List with third parties, such as football clubs, accommodation providers, transportation providers and scouts.

Article 4. Processing Image Materials & Match images

1. Responsible gives Processor the right to share Image Materials on Social Media channels that are under management of Processor and on the company website of Processor.
2. Responsible gives Processor the right to use Image Materials for marketing purposes.
3. Processor makes Match images of matches that are played by teams of the Responsible. The images will be shared Social Media channels and designated streaming websites. Match images will, where possible, be streamed live and remain visible on the internet to watch it again at other moments.

Article 5. Technical and organizational facilities

1. Processor shall (let) take suitable technical and organizational measures to secure Participant Lists / Rooming Lists, Image Materials and Match images against loss or illegal Processing. Processor must hereby ensure that the security level has been aligned with the risks. Thereby shall be considered the state of the technique and the costs of the security measures.
2. Processor shall in any case take measures to secure Participant Lists / Rooming Lists, Image Materials and Match images against destruction, accidental and deliberate loss, falsification, non-authorized distribution or access, or against any other form of illegal Processing.

Article 6. Confidentiality

1. Processor shall let all his employees, that are involved in the execution of the Agreement, sign a confidentiality declaration – whether or not deriving from or included in the employment agreement with those employees – in which in any case is included that these employees must observe secrecy regarding the Participant List / Rooming List, Image Materials and Match images. Processor shall take all necessary measures, such as security of information carriers, to warrant that this obligation to secrecy will be complied with.

Article 7. Violation (Data leak)

1. If Processor becomes aware of a Data leak, he shall notify (i) Responsible thereof as soon as possible and in any case within 24 hours after Processor became aware of the existence of the Data leak and (ii) take all reasonable measures to prevent and/or limit (further) violation of the GDPR. When taking the aforementioned measures, Processor shall refrain from taking measures that are irreversible and/or seriously impede an investigation into the causes of the Data leak.
2. Processor shall grant his cooperation to Responsible and support Responsible in the execution of his legal obligations concerning the established incident.

Article 8. Starting date and duration

1. The Processor Agreement starts on the moment of signing of this agreement and shall be in force during the duration of the Agreement. If the Agreement ends, then this Processor Agreement shall end automatically.