Enimbos Global Services, S.L. (hereinafter
"Enimbos"), located in calle Faraday nº 7. 28049 Madrid, with Company
Tax Number B87596953, offers the provision of services focused on transforming
companies in the use of infrastructures in the Cloud environment. Its main
activity is in the field of solutions aimed at applications, infrastructures,
systems operation and business continuity.
Both the Client and Enimbos are interested in starting
a contractual agreement, under which the Client is entitled to receive the
provision of certain Services by Enimbos, according to the conditions and
clauses established therein, in exchange for the payment of the Fees and according
to the specifications established in this Contract.
And the Parties, having reached a complete agreement on the
terms and conditions under which the provision of the services contracted here
shall be carried out, enter into this Contract in accordance with the
following.
1.1. The
purpose of this Agreement is to establish the terms and conditions of the
collaboration between the Client and Enimbos in relation to the contracting by
the Client of the Services provided by Enimbos and this party expressly
accepts, by submitting a contract offer (the "Offer").
1.2. The
Offers, once accepted by the Client, shall be considered an integral part of
this Contract as an Annex to it, constituting jointly this Contract and the
Offer, in question, the contract for the provision of the Services agreed
between the Client and Enimbos.
1.3. When both
Parties have reached an agreement on the Services to be contracted, the content
thereof will be included in the Offer. The acceptance thereof will be executed
through the signing of said Offer by a representative of each party for which
he/she is duly empowered, or the issuance of an order (the "Order")
to Enimbos, with explicit reference to the aforementioned Offer. Each Offer
accepted shall be considered automatically incorporated, as an Annex, to this
Agreement.
1.4. The types
of services that may be requested by the Client, under this Contract, are the
following: IT-infrastructure services, private, public and hybrid cloud
migration aimed at applications, infrastructures, system operations and
business continuity.
1.5. The
characteristics of the services, their terms and conditions, their scope,
financial conditions, technical, material and human resources contracted by the
Client from Enimbos are those agreed upon by the Parties in each Technical
Offer that will be attached as Annexes to this Contract.
1.6. Therefore,
only those situations or services in which the stipulations of this contract,
the Technical Offer, and any other document that, forming part of the contract,
are breached will be considered a contractual breach by Enimbos in the
provision of the Services, that forming part of the contract, contains any
obligation for Enimbos in relation to said service provision.
1.7. Enimbos
will not be held responsible, in any way, for delays and breaches that may
occur in third-party works or supplies, linked to the Client, subject to the
object of the Contract, or for those caused by errors or delays in the
information provided by the Client.
2.1. This Contract
will have a minimum term of 1 year,
calculated from the date hereof.
In the event that the Client
contracts a Service that exceeds the duration of this Contract, the
effectiveness of this Contract will be extended until the end of the last Service
contracted. Without prejudice to the foregoing, the duration of the Services
contracted will be specified in the corresponding Offer, and this duration does
not necessarily have to coincide with that of this Contract.
2.2. Notwithstanding
the minimum duration established in the previous paragraph, the Contract may be
extended for additional periods of 1
year.
The Contract shall be tacitly extended
unless expressly rejected in writing by one of the Parties at least two (2)
months in advance with respect to the start date of the first and subsequent
extension(s). Once said minimum period of notice has expired without any of the
Parties having indicated their willingness to terminate the Contract, it will
automatically be extended.
3.1. Enimbos
will issue, on a monthly basis,
an invoice pursuant to clause 3.2 including the corresponding amounts agreed to
in the Offer for the services provided
in the corresponding month in which the invoice is issued (paid monthly in arrears)
and, if any, the amounts corresponding to variable amounts, according to the
Offer, provided in the month in which the invoice is issued.
3.2. In the
event that the provision of Services has not taken place during a full month,
the corresponding invoice shall include the amounts accrued for that item
prorated in proportion to the time which the services were provided over the
yearly total.
3.3. Payment of
the total amount of the Services will be made by direct debit by Enimbos from the Client’s current account
within thirty (30) days from the
issued invoice.
3.4. In the
event that an invoice is overdue, Enimbos will be entitled to apply a late
payment interest in two points to the Euribor one month from the due date and,
taking the index published at 11 a.m. as a reference. (or the Index that
substitutes it) corresponding to the payment date indicated in clause 3.2 of
the invoice/s from the moment of the breach until it has been paid.
3.5. The Client
shall bear all the expenses and bank fees that occur as a result of payment of
the pre-agreed price.
The Parties agree that during the term of the Contract, the
Service Fees will be increased each year in the modification that the General
Consumer Price Index (CPI) undergoes, in accordance with the Indexes set by the
National Institute of Statistics or the Body that substitutes it, for the
Nation as a whole. This adjustment will be made annually on 1 January of each
year from the Start Date of the Provision of the Services, modifying the
current rates in the same proportion that the aforementioned index has varied
during the immediate previous twelve-month period. For the assumption that, on
the date on which the revision may take place, the definitive indexes have been
published, the provisional ones could be applied if they are known, proceeding
to make the appropriate rectifications when those others become known, being
paid in one go, in the first monthly payment after the definitive information becomes
known.
4.1. The responsibility of the Parties in the event of any contractual breach of any of the agreements and clauses of this Contract, arising from fault or negligence of either party, shall be governed by the provisions of this Clause and shall, in any case, be limited to the amount of the Offer.
4.2. Enimbos will only be considered to have been in breach of contract when, among others, the quality and levels of provision of the Services provided to the Client do not comply with the parameters, levels and conditions agreed by the Parties to that effect, in the corresponding Offer.
4.3. However, in no case shall the Parties be liable to each other for indirect damages, lost earnings, loss of profits, income or business opportunities that may arise for either party in the execution of this Contract, as a consequence of a prior breach of contract by the other party.
4.4. Each of the Parties will be responsible for the behaviour of its own workers exclusively, as well as the payment of the corresponding Social Security contributions, in accordance with the provisions of labour regulations in this regard.
4.5 By means of the present Contract Enimbos is obliged to:
a) Provide the Services
contracted by the Client in accordance with the provisions of the Contract and
its Offer.
b) Optimally manage the services
provided in accordance with the Service Level Agreements published in the
client area:
https://servicedesk.enimbos.com/support/solutions/articles/4000004835-ans-acuerdo-de-nivel-de-servicios
c) Provide all the information
that the Client needs in relation to the services provided, as long as they do
not imply disclosing the Confidential Information of other Clients or Enimbos'
own Confidential Information.
d) Make available to the client,
when so requested, a copy of the Civil Liability Insurance Certificate.
4.6 By means of
the present Contract the Client is obliged to:
a) Pay the Amounts stipulated within the term established in accordance with clause 3 of this Contract.
b) Provide all information and documentation necessary to provide the service contracted on behalf of Enimbos.
5.1 The present Contract will come to an end where
one of the following circumstances arises:
a) Mutual Agreement between the Parties.
b) End of the initial period of duration and subsequent
extension(s) pursuant to clause 2 of the present contract.
c) Termination due to the breach by one of the Parties of the
obligations derived from the Contract. In this case, the party that considers
the other party to be in breach of any obligation of this Contract, shall duly
notify the latter, granting a period of fifteen (15) calendar days from said
notification to resolve said breach. If, after this period the breach is still
present, the party not in breach may request the termination of the Contract.
Notwithstanding the foregoing,
the Parties expressly agree that Enimbos may automatically terminate the
Contract, without following the procedure described in the preceding paragraph,
if the Client is late in the payment of two (2) monthly instalments, whether
consecutive or not, within a period of twelve (12) months. This right is
understood without prejudice to the payment of the amounts due to Enimbos in
accordance with the Rates contained in this Contract, applying the interest on
arrears established in the clause.
In addition, the Parties
expressly agree that Enimbos may terminate the Contract if the Client fails to
provide or does not constitute the guarantees established in clause 6 of this
Contract.
Any event of force majeure or
fortuitous event that would prevent the fulfilment of all or a substantial part
of the obligations of the other Party for a continuous period of one (1) month
from the date on which such obligation should have been fulfilled.
5.2. In the event that the Client decides to unilaterally terminate the Contract and/or any of its services included in the Offer, before the expiry thereof, without, according to section 5.1 above, there being a right to such termination, it will be obliged to pay Enimbos the Rate for Services that the Client would have had to pay to Enimbos during the remaining term of provision of the Services, (in accordance with the provisions of clause 2 of this Contract).
5.3. In the event that Enimbos terminates the Contract and/or any of its services included in the Offer, by virtue of clause 5.1.c) of the same, the Client will be obliged to pay Enimbos the Service Rate that it would have had to pay during the remaining term of provision of the Services (in accordance with the provisions of clause 2 of the Contract), without prejudice to the obligation to pay the Rates subject to non-compliance, applying the interest on arrears established in clause 3.3.
5.4. In case of early termination of this Contract, all amounts due by the Client, for any reason, will be payable and due on the date of said termination.
6.1. Confidential information will be understood as any information or documentation that any of the Parties provides the other with in the development and execution of this Contract and that the contributing party has identified as such, considering it as a valuable trade secret of the person who contributed it, not being able to communicate it to third parties without the express consent of the contributing party.
6.2. In order to achieve the faithful fulfilment of the commitment assumed in the previous paragraph, both Parties declare that they have the necessary physical and organizational security measures, and they are obliged to send the appropriate instructions to the people who handle such information directly or indirectly.
6.3. The Parties exclude from the category of confidential information, any information that becomes public at no fault of either of the parties, that which is to be disclosed in accordance with the laws or with a judicial ruling or imperative measure from a competent authority or that is already known to the Parties as having been independently developed by it outside the scope of this contract or known by other public or private means.
6.4. This obligation of confidentiality will remain in force throughout the duration of the Contract, and once terminated, it will remain for an additional period of twelve (12) months.
6.5. Neither Party will acquire any right over any confidential information or other assets or property rights of any kind from the other party as a result of this Agreement.
6.6. The Parties agree to make this Contract confidential, undertaking not to disclose any of the points herein to third parties without the previous and express consent of the other party.
6.7. Upon termination of this Agreement, both Parties shall return, delete or destroy all confidential information belonging to the other party, regardless of the medium in which said information is recorded. To this end, the party to whom the confidential information belongs shall indicate to the other party if the latter should destroy it, delete it or return it, and following the procedure that the disclosing party of the confidential information states in writing.
7.1. Each of the Parties undertakes to respect, not to disseminate or use in the future, the scientific or technical information or specific aspects of the activity owned by the other party to which it may have had access in the development of the Services corresponding to the object of this Contract.
7.2. Source programs, listings, documentation, information, load tests, functional diagrams, data, specifications, any computer programs, user manuals, technical documentation used by one of the Parties and/or provided or made available to the other party during the execution of the Services and/or generated in any other way in connection with this Contract shall be subject to the industrial and intellectual property rights indicated herein. Therefore, and unless otherwise expressly agreed in writing, this Agreement does not imply the acquisition by any of the parties of industrial and/or intellectual property rights of any kind from the other party, in relation to the services provided in the execution of the Services.
7.3. In addition, in the event that the activities carried out within the framework of this Contract result in any material subject to industrial and intellectual property rights, they shall correspond to the party that developed them.
8.1.
None of the Parties shall be responsible for
breaches of their obligations under the Contract, provided that such breach is
the result of a case of force majeure or fortuitous event, according to the
legal definition pursuant to Article 1.105 of the Civil Code and related
provisions
9.1. Both Parties are obliged to comply with the provisions of Law 15/1999, of 13 December, on the Protection of Personal Data (hereinafter, LOPD), as well as its development regulations.
9.2. In accordance with the foregoing, Enimbos informs the Client that the personal data that may be provided as a result of the contracting of the Services will be incorporated into a file, the Client consenting, by signing this Contract, to the processing thereof.
9.3. The purpose of the file is only to carry out the maintenance and management of the contractual relationship with The Client, as well as to keep it promptly informed of all updates and offers related to the Services that may be offered by Enimbos.
9.4. Enimbos undertakes to fulfil its obligation to keep secret the personal data and guarantees that it has adopted the necessary measures to guarantee the confidentiality of such data.
9.5. The Client may exercise its rights of access, modification, cancellation and opposition by sending a written communication to the address that appears in the Notification clause or, failing that, to the address that appears in the heading of the Contract.
9.6. For the services provided by Enimbos to the Client, the Parties expressly agree to sign an Agreement regarding the Processing of Client Data that is incorporated into the Contract as Annex I, in accordance with the provisions of article 12 of the LOPD.
10.1. Communications relating to this Contract must be hand delivered with acknowledgement of receipt, by mail or Bureau Fax with acknowledgement of receipt or by any other means to prove receipt thereof as well as the date of receipt.
10.2.
For the purposes of this Agreement, the Parties will
expressly designate addresses for communication purposes.
10.3.
Any modification of these addresses must be
notified beforehand to the other party by one of the procedures indicated
above.
10.4.
The Parties must indicate to whom it is desired
that the communications that have to be made in relation to the Services be
sent.
11.1.
The Client is not permitted to assign this
Agreement to third parties, or any of the rights or obligations arising
therefrom, without the prior written consent from Enimbos. The Customer shall
be obliged to notify Enimbos of the proposed assignment of the Contract at
least fifteen (15) days before the effective date of such assignment.
11.2.
In the communication made by the assignor to Enimbos,
the following data of the assignee must be specified: contact person, contact
telephone number and address for notification purposes, and bank details.
11.3.
In any case, the Client who assigns its Contract
shall be jointly and severally liable with the assignee during the entire
period of validity of all the obligations derived from the Contract.
11.4.
Enimbos may assign this Contract to companies of
its own Business Group (companies of the same Business Group shall be those
entities directly or indirectly controlled by any of the Parties, in accordance
with the definition established for this purpose by article 4 of Law 24/1988,
of 28 July, on the Stock Market, modified by the law 13/1992), as well as to
third parties, the credit rights under it, without the need for the Client's
consent.
12.1.
The waiver by any of the Parties to exercise
their rights in the event of breach of any provision of this Contract by the
other party will not be considered as a general waiver to exercise them before
any other breach, both of the same or of another stipulation.
13.1.
This Contract and its Annexes constitutes the
entire agreement between the Parties and supersedes any prior agreement,
representations and understandings made previously between the Parties. In the
event of contradiction between the Contract and the Annexes, it will be the
result of the first in relation to the object of the same.
13.2.
No variation, modification or addition to this Agreement
will be considered valid unless made in writing and signed by both Parties.
13.3.
In the event that any arbitral tribunal or court
with competent jurisdiction determines that any of the clauses of this
Agreement is totally or partially invalid, illegal or cannot be enforced in any
way, such determination will not affect the validity or enforceability of the
rest of the contract. The Parties undertake to replace clauses declared
invalid, illegal or unenforceable by valid clauses with an economic effect as
close as possible to the clauses declared invalid, illegal or unenforceable.
14.1.
The present Contract will be interpreted and
fulfilled in its own terms and, where not provided for in specific regulations
applicable thereto, shall be governed by Spanish legislation on this issue in
force in the city of Madrid, complying the obligations and responsibilities of
the Parties to it. To the extent that the agreed arbitration should not or
could not be made effective, the judges and courts of the city of Madrid shall
be competent to hear any disputes that may arise in relation to this Contract.
15.1.
Any controversy or disagreement arising from
this contract or that is related to it, will be definitively resolved by
arbitration.
15.2.
The arbitration shall be conducted in accordance
with the provisions of the Regulations of the Chamber of the International
Court (CCI), whose provisions are understood to be incorporated by reference in
this clause. (The arbitration will be carried out in accordance with the
Spanish legislation in force at the time the dispute arises).
15.3.
The Arbitral Tribunal will be composed of three
arbitrators appointed in accordance with the aforementioned Regulation.
15.4.
The place of arbitration will be in Spain and in
the city of Madrid and Spanish law will be applied to resolve the dispute. The
language of arbitration will be Spanish.
15.5.
The arbitration award shall have full effect for
both parties and must be complied with.
15.6.
For all cases of non-compliance in which credits
are generated in favour of Enimbos not exceeding 30,000 euros, the ordinary
jurisdiction, specifically, the Courts and Tribunals of the city of Madrid,
will be exclusively competent.
I.- That the DATA CONTROLLER has files, which contain certain information considered as "personal data", to which certain processes must be carried out in order to provide the service:
ü Encrypted backup copies On-Premise/Cloud
ü Cloud platform maintenance
Migration to Cloud platform
Management of On-Premise environment
ü Management of Cloud environment
Technical Consultancy
Business Continuity Services
Cloud Reselling
II.- That all parties recognize their legal capacity and act sufficiently to contract and be bound, and their respective powers to grant and sign this contract are in force.
THEREFORE, they decide to enter into this contract in accordance with the following
That the DATA PROCESSOR will use the data provided by the DATA CONTROLLER, only and exclusively for the data processing that has been entrusted to it and that has been included in the service contract that both have signed. It will not apply or use the data for purposes other than those set out in this contract, nor will they communicate them, even for their conservation, to third-parties.
Processing will consist of:
ü Encrypted backup copies On-Premise/Cloud
ü Cloud platform maintenance
Migration to Cloud platform
Management of On-Premise environment
ü Management of Cloud environment
Technical Consultancy
Business Continuity Services
Cloud Reselling
For the execution of the benefits derived from the fulfilment of the object of this contracted service, the DATA CONTROLLER, makes the information described below available to the DATA PROCESSOR:
All information that can be stored to guarantee the service of the previous clause.
The present agreement shall be concluded for as long as the established contractual relationship is maintained between the DATA CONTROLLER and the DATA PROCESSOR.
When the present contract comes to an end, the DATA PROCESSOR must return the storage media and documents to the DATA CONTROLLER where the personal data is contained and destroy all the information, referring to said data, which is duplicated in its computer system or in any other format.
The present agreement shall be concluded for as long as the established contractual relationship is maintained between the DATA CONTROLLER and the DATA PROCESSOR. However, the obligations of confidentiality established in this contract shall have an indefinite duration, remaining in force after the termination, for any reason, of the relationship between the DATA CONTROLLER and the DATA PROCESSOR.
The data processor and all its staff undertake to:
4.1. Use personal data subject to processing, or those collected for inclusion, only for the purpose of the contracted service. In no case may it use the data for its own purposes.
4.2. Process the data according to the instructions of the data controller. If the data processor considers any of the instructions to be in breach of the GDPR or any other data protection provision of the Union or of the Member States, the data processor shall immediately inform the data controller.
4.3. Keep a written record of all categories of processing activities carried out on behalf of the data controller, which must contain:
· The name and contact information of the processor(s) and of each controller on behalf of which the processor and, where appropriate, the representative of the controller or processor and the data protection delegate act.
· The processing categories carried out by each data controller.
· Where applicable, the transfer of personal data to a third-party country or international organization, including the identification of said third-party country or international organization and, in the case of the transfers indicated in article 49 paragraph 1, second paragraph of the GDPR, the documentation of adequate guarantees.
· A general description of the technical and organizational security measures related to:
o The pseudonymization and the encryption of personal data.
o The ability to guarantee the confidentiality, integrity, availability and permanent resilience of the processing systems and services.
o The ability to restore availability and access to personal data quickly, in the event of a physical or technical incident.
o The process of regular verification, evaluation and assessment of the effectiveness of technical and organizational measures to ensure the safety of processing.
4.4. Not to communicate the data to third parties, unless the express authorization of the controller has been given, in the legally admissible cases.
The data processor may communicate the data to other data processors in agreement with the data controller's instructions. In this case, the data controller shall identify, in advance and in writing, the entity to which the data must be communicated, the data to be communicated and the security measures to be applied in order to proceed with the communication.
If the data processor must transfer personal data to a third-party country or to an international organization, by virtue of the law of the Union or of the Member States that is applicable to it, it shall inform the data controller of that legal requirement in advance, unless such Law prohibits it for important reasons of public interest.
4.5. Subcontracting. The data processor is authorized to subcontract with hosting management companies for both private and public cloud to guarantee the functioning and continuity of the aforementioned services.
In order to subcontract with other companies, the data processor must inform the data controller in writing, clearly and unambiguously identifying the subcontracted company and its contact information. Subcontracting may be carried out if the data controller does not raise any objections within 15 days. The subcontractor, who also holds the status of data processor, is also obliged to comply with the obligations established in this document for the data processor and the instructions given by the data controller. It is the initial data processor’s responsibility to regulate the new relationship, so that the new processor is subject to the same conditions (instructions, obligations, security measures...) and with the same formal requirements it has, in relation to the correct processing of personal data and to guarantee the rights of the people concerned. In the event of non-compliance by the sub-processor, the initial processor will remain fully responsible before the data controller for compliance with the obligations.
4.6. Maintain the duty of secrecy with respect to personal data to which it has had access under this contracted service, even after the object thereof comes to an end.
4.7. Ensure that the persons authorized to process personal data undertake, expressly and in writing, to respect confidentiality and to comply with the corresponding security measures, of which they must be informed accordingly.
4.8. Make all the documentation proving compliance with the obligation established in the previous section available to the data controller.
4.9. Guarantee the necessary training in terms of protection of personal data of the people authorized to process personal data.
4.10. Help the data controller when it comes to answering the execution of the rights of:
· Access, rectification, elimination and opposition
· Restriction of processing
· Data portability
· Not being subject to automated individualized decisions (including profiling)
When the person concerned exercises the rights of access, rectification, elimination and opposition, limitation of the treatment, data portability and not being subject to automated individualized decisions, before the data processor, this must be communicated by email (email address indicated by the data controller). Communication must be made immediately and in no case after the working day following the reception of the request, together with, where appropriate, other information that may be relevant to resolve the request.
4.11. Right to information. It is the data controller's responsibility to facilitate the right to information at the time of collecting the data.
4.12. Notification of data security violations
4.13. The data processor shall notify the data controller, without undue delay, and in any case, within a maximum period of 72 hours, through email, of the breaches of the security of the personal data it is responsible for of which it has knowledge, together with all the relevant information for the documentation and communication of the incident.
Notification will not be necessary when it is unlikely that such a breach of security constitutes a risk to the rights and freedoms of natural persons. If it is available, at least the following information shall be provided:
· Description of the nature of the violation of the security of personal data, including, when possible, the categories and the approximate number of interested parties affected, and the categories and approximate number of personal data records affected.
· The name and contact information of the data protection delegate or other point of contact where more information may be obtained.
· Description of the possible consequences of the violation of the security of personal data.
· Description of the measures adopted or proposed to remedy the violation of the security of personal data, including, if applicable, the measures adopted to mitigate the possible negative effects.
If it is not possible to provide the information simultaneously, and insofar as possible, the information will be provided gradually without undue delay.
It is the responsibility of the data processor to report the data security breaches to the Data Protection Authority.
The communication shall contain, as a minimum, the following information:
· Description of the nature of the violation of the security of personal data, including, when possible, the categories and the approximate number of interested parties affected, and the categories and approximate number of personal data records affected.
· Name and contact information of the data protection delegate or other point of contact where more information can be obtained.
· Description of the possible consequences of the violation of the security of personal data.
· Description of the measures adopted or proposed to remedy the violation of the security of personal data, including, if applicable, the measures adopted to mitigate the possible negative effects.
If it is not possible to provide the information simultaneously, and insofar as possible, the information will be provided gradually without undue delay.
It is the responsibility of the data processor to communicate the data security breaches to the interested parties as soon as possible, when it is likely that the violation poses a high risk to the rights and freedoms of natural persons.
Communication must be made using clear and simple language and must, at least:
· Explain the nature of the data breach.
· Indicate the name and contact details of the data protection delegate or other contact point where more information can be obtained.
· Describe the possible consequences of the violation of the security of personal data.
· Describe the measures adopted or proposed by the data controller to remedy the violation of the security of personal data, including, if applicable, the measures adopted to mitigate the possible negative effects.
4.14. Give support to the data controller in carrying out the impact evaluations related to data protection, when appropriate.
4.15. Give support to the data controller in carrying out the consultations prior to the control authority, when appropriate.
4.16. Provide the data controller with all the information necessary to demonstrate compliance with their obligations, as well as for the performance of audits or inspections carried out by the data controller or by another auditor authorized by it.
4.17. Implement the following security measures:
· The security measures established in the business continuity plans according to regulation 27001.
In any case, the following mechanisms must be implemented to:
· Ensure the confidentiality, integrity, availability and permanent resilience of the treatment systems and services.
· Restore availability and access to personal data quickly, in case of physical or technical incident.
· Verify, evaluate and assess, on a regular basis, the effectiveness of the technical and organizational measures implemented to guarantee the safety of the treatment.
· Pseudonymize and encrypt personal data, if applicable.
4.18. Designate a data protection delegate and communicate his/her identity and contact information to the data controller.
4.19. Destroying the data once the provision of service has been completed. Once destroyed, the data processor must certify the destruction thereof in writing and must deliver the certificate to the data controller. However, the data processor may keep a copy, with the data duly blocked, as long as responsibilities for the execution of the provision can be derived.
It is the responsibility of the data controller to:
5.1. Deliver the data referred to in clause 2 of this document to the data processor.
5.2. Carry out an evaluation of the impact on the protection of personal data of the treatment operations to be carried out by the data processor.
5.3. Carry out the corresponding prior consultations.
5.4. Ensure, prior to and throughout the processing, compliance with the GDPR by the data processor.
5.5. Supervise the processing, including carrying out inspections and audits.
In the event that any or some of the clauses of this contract become invalid, illegal or unenforceable by virtue of any legal regulation, they will be considered ineffective as far as applicable, but this contract will remain valid for the rest.
With express waiver of any other jurisdiction or venue, all parties submit, expressly and formally, to the jurisdiction of the Courts of Madrid for any dispute that may arise in the interpretation or application of this contract.