Client Terms
Last updated: 18 February 2026
Agreement
By accessing and using the Platform and using the Services, Client agrees to the terms of this Treebytree Platform Services Agreement (Agreement). The individual entering into the Agreement on behalf of Client represents and warrants that they are an authorised representative of Client and that they provide full and unconditional consent to the Agreement on behalf of Client.
1. Definitions
The following capitalised terms are defined in this Agreement as follows:
1.1. Account: a personal account that every Client User gains access to after registration. Through the Account, Client Users have access to and can use the Services.
1.2. Agreement: The agreement as set out below, which governs the relationship between Treebytree and Client in relation to the Services.
1.3. Credentials: The username and password chosen by Client Users to access the Platform.
1.4. Client: The company or other organisation that uses or wants to use the Services.
1.5. Client User: personnel of Client representing Client and using the Services through an Account on behalf of Client.
1.6. Confidential Information: Any information in any form that is disclosed by one Party to the other Party in connection with this Agreement, which is either (i) designated as confidential at the time of disclosure or (ii) should reasonably be understood to be confidential given the nature of the information and the context of its disclosure. Confidential Information includes, but is not limited to, business plans, customer lists, financial data, product designs, technical specifications, proprietary software, trade secrets, and any other information that is not generally known to the public.
1.7. DCC: The Dutch Civil Code (Burgerlijk Wetboek).
1.8. Campaign Services: creating branded Gift campaigns and follow-up communication campaigns towards (potential) Recipients. This includes the (re-)sending of e-mail invitations on behalf of Client to potential Recipients, as designated by Client, to accept a Gift, and including the registration of opt-outs on behalf of Client.
1.9. Fee(s): The Fees as specified in clause 0.
1.10. Gift: The services provided to Recipients through the Platform, which include enabling Recipients to get back, track, and monitor the growth and impact of trees or other objects via a dashboard.
1.11. Gift Recipient Terms: The terms that apply to the relationship between Treebytree and the Recipients.
1.12. Intellectual Property Rights: All intellectual property rights as set out in clause 9, such as, but not limited to, patents, patent applications, trademarks, trademark applications, service marks, trade names, copyrights, trade secrets, licenses, domain names, know-how, URLs and web addresses, ownership rights and processes, databases and data collections.
1.13. Parties: Treebytree and Client.
1.14. Platform: The Treebytree platform accessible via (www.treebytree.earth).
1.15. Platform Services: The services provided through the Platform, which include (i) enabling Recipients to track and monitor the growth and impact of trees and other objects via an online dashboard and (ii) monitoring the environmental impact of the forest and managing Gifts via an online dashboard (iii) sharing the company forest and its impact on our Platform and (iv) sending Gifts via Platform to Recipients.
1.16. Recipients: a natural or legal person invited by Treebytree on behalf of Client to use the Platform and has registered an account as agreed between Treebytree and the Recipient in the Gift Recipient Terms.
1.17. Services: The Campaign Services, Platform Services, and Tree Care Services.
1.18. Contract Term: The term as specified under clause 5.
1.19. Treebytree: Treebytree B.V., having its corporate seat in Den Haag (Binckhorstlaan 36, Unit M219, 2516BE), trade register number 86955411.
1.20. Tree Care Services: Treebytree’s efforts to engage with third-party non-governmental organisations that ensure the proper care and maintenance of the trees.
1.21. Website: The Treebytree website at www.treebytree.earth.
1.22. Digital Experience: The bundled digital experience is an integral part of the Gift and is required for the Gift to function, consisting of thirteen (13) mandatory touchpoints. These include (i) one initial touchpoint enabling the Recipient to claim the tree and activate access to the Platform, followed by (ii) twelve (12) consecutive e-mails sent quarterly over a period of three (3) years, containing updates about the status of the tree and other relevant data.
Additionally, capitalised terms may be defined elsewhere in the Agreement.
2.Subject matter
2.1. Treebytree shall provide the Services to Client under this Agreement for the duration of the Contract Term.
2.2. Treebytree will provide the Platform Services and Tree Care Services independently, to the best of its knowledge and ability, at its own discretion and without being supervised or managed by Client.
3.Platform access
3.1. Client must create an Account to use the Platform. Once such Account has been successfully created, Treebytree shall grant Client User access to the Platform in accordance with this Agreement.
Registration of Client Users
3.2. Treebytree will give Client further instructions if needed for successful registration of Client User. Client shall cooperate regarding practical details concerning the onboarding of Client User onto the Platform.
3.3. Client may be required to provide information on Client Users in order to register Client User Accounts on the Platform. Client ensures that any such information shall be accurate, complete, and up-to-date.
3.4. Client Users will be required to choose a username and password (Credentials). Client is entirely responsible for maintaining the security of the Credentials and agrees not to disclose any Credentials to any third party. Client ensures that all actions taken by Client Users are done under the supervision and with the approval of Client. Client is obliged to notify Treebytree immediately if it suspects abuse by Client Users, their Accounts, or their Credentials.
3.5. Client ensures that Client Users shall use the Services solely for Client’s internal business purposes, provided that Client ensures its Client Users comply with the terms of this Agreement.
3.6. Client is liable for actions of Client Users in relation to the Agreement. If Treebytree identifies a violation by a Client User, Treebytree will notify Client thereof. Client shall take any action to remedy the violation and take appropriate measures to prevent similar violations in the future. Treebytree may implement all measures it considers necessary to end the violation and to prevent similar violations in the future. Client shall provide Treebytree, upon its first written request, with any information Treebytree deems reasonably necessary to end the violation and prevent similar violations.
Campaign Services
3.7. Treebytree shall provide a designated mechanism on the Platform through which Client can upload the e-mail addresses of its business contacts (i.e., prospective Recipients). Treebytree shall use these e-mail addresses to send out the e-mail invitation to accept the Gift, which will include one or more reminders (if necessary) in case of no response. Treebytree will delete the e-mail addresses for which it receives no response after that reminder, and the Client instructs Treebytree to do so.
3.8. The invitation e-mail of Treebytree shall be sent by Treebytree on behalf of Client. Client may provide Treebytree with the material and brand guidelines to ensure that the e-mail has the look and feel of the Client communications.
3.9. Each such e-mail shall include an opt-out possibility for Recipients to refuse future e-mails by Treebytree on behalf of Client. Treebytree will communicate each opt-out to Client through the Platform. It is Client’s responsibility to process such opt-out in its own customer relationship management system.
3.10. Client shall only upload the e-mail addresses from business contacts who have opted in for receiving unsolicited commercial e-mails from Client.
Registration of Recipients
3.11. Treebytree shall only provide access to the Platform and Tree Care Services to Recipients who successfully registered an account and have agreed to the Gift Recipient Terms.
3.11A. Digital Experience Acceptance by Recipients: By accepting and claiming a Gift through the Platform, each Recipient expressly agrees that the Digital Experience forms an integral and inseparable part of the Gift and is required for the Gift to be functional. The Digital Experience consists of thirteen (13) mandatory touchpoints, including one initial touchpoint enabling the Recipient to claim the tree and activate access to the Platform, followed by twelve (12) consecutive e-mails distributed quarterly over a period of three (3) years containing updates on the status of the tree and other relevant data. The Recipient’s acceptance of the Gift and registration on the Platform constitutes consent to receive these communications as essential service communications forming part of the contractual performance of the Gift.
3.12. Treebytree may refuse or revoke access to the Platform and Tree Care Services towards specific Recipients or Clients at any time for any reason.
3.13. When Treebytree refuses to provide or revokes access to the Platform and Tree Care Services towards a Recipient, Treebytree will inform Client that such access and the Tree Care Services have been denied or revoked. Treebytree will provide/resume the access and Tree Care towards the Recipient when Treebytree is satisfied that the reasons for refusing such access no longer exist.
3.14. Any payment obligation in relation to a refused Recipient is suspended as long as Treebytree refuses to provide access to the Platform and Tree Care Services to the Recipient.
3.15. After the termination of the Agreement, Treebytree may continue to provide access to the Platform and Tree Care Services towards Recipients who have accepted a Gift during the Term of the Agreement.
4.Fees
4.1. Treebytree charges Client a fee (Fee) for providing the Services in advance, starting at the moment Client makes use of the Services. The then current Fees for the Services are included on the website of Treebytree.
4.2. All Fees communicated in Euros and exclusive of VAT and other levies imposed by relevant authorities, unless specified otherwise.
4.3. All Fees shall be either (i) invoiced at the end of the calendar month, (ii) directly via a payment tool as designated by Treebytree to Client, or (iii) directly on our Website. Client consents to electronic invoicing of the Fees.
4.4. If Client has opted to pay via invoices, Client shall pay the invoiced Fees within thirty (30) days after the invoice date.
4.5. If Client does not pay invoiced Fees on time: a) statutory commercial interest within the meaning of Section 6:119a DCC shall be due in respect of the outstanding invoice without requiring further notice of default; and b) client is obliged to fully compensate both the judicial and extrajudicial collection costs, including (i) reasonable lawyer’s fees, (ii) bailiff’s fees, (iii) and the costs of collection agencies, in addition to the amount that is owed and the interest due in respect thereof.
4.6. In the event of non-payment or untimely payment by Client, Treebytree may limit the use of the Services by Client after written notice thereof to Client. After a second written notice to Client, Treebytree may suspend the use of the Services by Client and its Client Users until the Fees, including accrued interest and costs, are paid in full.
4.7. A claim for payment becomes immediately due and payable in the event Client (i) is declared bankrupt, (ii) applies for a suspension of payment, (iii) a substantial part of its assets is attached, or (iv) is liquidated and/or dissolved.
4.8. Treebytree reserves the right to adjust the prices for new Gifts at any time. These adjustments will be published on the following page of our Website: https://portal.treebytree.earth/start/amount. No prior notice to the Client is required, and the adjusted prices will apply immediately for any new Gifts purchased after publication. Treebytree reserves the right to annually index the applicable Fees using the Services Producer Price index (SPPI) calculated by Statistics Netherlands (CBS) (https://www.cbs.nl). The adjustment shall be calculated by comparing the SPPI for the current year with the SPPI for the previous year.
5.Duration and termination of the Agreement
5.1. The Agreement is agreed upon for the duration of twelve (12) months (Initial Term), which is automatically extended by twelve (12) additional months (Each a Renewal Term, and jointly with the Initial Term: the Contract Term).
5.2. Treebytree may terminate (opzeggen) this Agreement: a) per the end of the Initial Term or Renewal Term, upon two (2) months prior written notice to the other Party; b) with immediate effect and without notice of default being required, if Client (including its Client Users) use the Services in breach of these Terms, or in any manner that Treebytree deems inappropriate or in violation of applicable law.
5.3. The Client may terminate this Agreement at any time, unless there are any outstanding Fees due from Client to Treebytree. Treebytree reserves the right to continue providing services to the Recipient under the Gift Recipient Terms.
5.4. In deviation of clause 5.2 and 5.3, the Agreement may be terminated by either Party with immediate effect and without notice of default being required if: c) the other Party is granted a suspension of payments, whether or not provisional; d) a petition for bankruptcy is filed by or against the other Party; or e) the other Party is liquidated or dissolved other than for restructuring purposes or for a legal (de-)merger of companies.
5.5. Upon termination of the Agreement, Client must cease immediately, and shall ensure that Client Users cease immediately, any use of the Services and – if applicable – destroy any copies of associated software within its possession and control.
6.Availability and security
6.1. To the maximum extent permitted by Applicable Law, Treebytree hereby disclaims all implied warranties regarding the availability of the Platform Services, fitness for a particular purpose, or non-infringement. The Platform Services are provided “as is” and “as available” without warranty of any kind, meaning that Treebytree does not guarantee that the Platform Services are (i) free of errors and (ii) function without any interruptions. In addition, Treebytree rejects all implied warranties that the Platform Services comply with Client’s expectations thereof.
6.2. Treebytree shall take reasonable efforts to make the Platform Services available as much as possible. Treebytree shall maintain a yearly availability of the Platform Services of 99%. The availability of Platform Services is always measured in such a way that unavailability due to preventive, corrective, or adaptive maintenance service, or other forms of service that Treebytree has notified Client of.
6.3. Treebytree may continue to provide the Platform Services using a new or modified version of the underlying software. Treebytree shall make commercially reasonable efforts to improve the functionality of the Platform Services, including through updates, and to correct faults/errors. Treebytree is not obliged to maintain, modify, or add particular features or functionalities of the Platform Services specifically for Client, unless it is aligned with Treebytree’s principles and vision for the Platform’s growth and its ability to serve all Clients fairly.
6.4. Client acknowledges that Treebytree may be dependent on its supplier(s) when implementing modifications.
6.5. Treebytree does not guarantee that the Platform Services are timely adapted to any amendments in the relevant laws and regulations.
6.6. Treebytree hereby reserves the right to make modifications to the Platform and the Services at any time.
7.Liability
7.1. Treebytree shall only be liable for direct damage suffered by it in the event of an imputable failure in the performance of the Services. Such liability is limited to the maximum specified in this clause.
7.2. Treebytree is not liable for any loss or damages resulting from Client’s and Client User’s use of the Platform. If Treebytree is liable, for any reason, the total aggregate liability of Treebytree to Client shall not exceed the total amount of Fees paid by Client in the calendar year in which the event(s) causing any such liability occurred.
7.3. Liability for indirect damage, including consequential loss, loss of profits, lost savings, reduced goodwill, loss due to business interruption, loss as a result of claims of Client’s Users or Recipients, damage and/or claims of third parties, damage to Client’s or Recipient’s or Client User’s software, items, assets, or other materials, corruption or loss of data, and regulatory fines are explicitly excluded.
7.4. The right to compensation for damages exclusively arises if Client reports the damage to Treebytree in writing as soon as possible after the damage has occurred. Any claim for compensation of damages filed against Treebytree lapses (vervalt) by the mere expiry of a period of twelve (12) months following the inception of the claim, unless Client has instituted a legal action for damages prior to the expiry of this term.
7.5. Before a Party may invoke the right to dissolve (ontbinding) this Agreement or the right to claim damages due to an imputable failure in the performance of any obligations (if any), the non-breaching Party must first issue a written notice of default (ingebrekestelling) to the breaching Party. This notice must provide a reasonable period for the breaching Party to remedy the failure. The breaching Party shall only be in default (verzuim) if the breach is not remedied within the specified period in the notice of default.
7.6. Nothing in this Agreement will exclude or limit the liability of Treebytree if this cannot be excluded or limited underthe Applicable Law, such as in the case of wilful intent or gross negligence by Treebytree.
8.Data protection
8.1. When a Client makes use of the Services, Treebytree will collect certain Personal Data of Client Users. Hereby Treebytree acts as Controller within the meaning of the General Data Protection Regulation (Algemene Verordening Gegevensbescherming) (GDPR). More information about the processing of such Client User personal data is included in the Treebytree Privacy Notice.
8.2. For any processing of Personal Data of Recipients for the Campaign Services, i.e., before a Recipient agrees to the Gift Recipients Terms, Treebytree acts as a Processor within the meaning of the GDPR on behalf of Client. For this processing, Parties will enter into a Data Processing Agreement, as required by the GDPR. This Data Processing Agreement is attached as Annex A.
9.Intellectual property
9.1. Treebytree is the exclusive owner of all intellectual property rights relating to the Platform and underlying source and object code (Intellectual Property Rights). Nothing in this Agreement shall be construed to assign or confer to Client any Intellectual Property Rights pertaining to the Platform. Treebytree grants Client the right to use the Platform during the Contract Term of the Agreement.
9.2. Client may use Treebytree’s trademarks and related logos to promote the Platform, provided this does not create confusion about its status as Client of Treebytree. Treebytree has the right to issue reasonable instructions concerning the correct use of promotions, which Client must adhere to.
9.3. Client hereby grants Treebytree a non-transferable and non-exclusive license to use Client’s trademarks, logos, and other materials supplied by Client for use (i) in communications towards Recipients and (ii) on the Platform. Treebytree may also display Client’s trademarks and/or logos on the Website and use them for purposes of reference and acknowledgement.
10. Confidentiality
10.1. Each Party will keep confidential and will not disclose, reveal, or use for any purpose (other than to execute the Agreement) any Confidential Information, unless such Confidential Information:
a) is known or becomes known to the public in general, other than as a result of a breach of this clause by such Party;
b) is or has been independently developed or conceived by such Party without use of Confidential Information; or
c) is or has been disclosed to such Party by a third party without a breach of an obligation of confidentiality that such third party has to the other Party to this Agreement.
10.2. This clause does not restrict a Party from disclosing Confidential Information:
d) to professional advisors (such as attorneys, accountants, and consultants) that are subject to a duty of confidentiality, to the extent reasonably necessary to obtain their services;
e) to any affiliate, partner, member, or shareholder of such Party in the ordinary course of business, provided that such Party informs the receiver that such information is confidential and directs the receiver to maintain the confidentiality of such information;
f) in legal proceedings to the extent reasonably necessary to exercise its rights under this Agreement; or
g) as may be required by Applicable Law or by order of a competent court or governmental authority, provided that such Party notifies the other Party prior to such disclosure and shall consult the other Party with respect to timing and content of any such disclosure.
11. Miscellaneous
11.1. The Agreement embodies the entire understanding and agreement between the Parties respecting the subject matter of the Agreement and supersedes any and all prior understandings and agreements between the Parties respecting such subject matter.
11.2. Failure to exercise or any delay in exercising any right under this Agreement or Applicable Law by any Party, including a Party granting of an extension of time in which to perform its obligations under any provision hereof, will not be deemed to constitute waiver or forfeiture (rechtsverwerking) of such right.
11.3. The invalidity or unenforceability of any provision of this Agreement shall not affect any other provisions of this Agreement, unless any such provision is inextricably linked to the invalid or unenforceable provision. Any invalid or unenforceable provision shall be replaced or, insofar as possible under Applicable Law, deemed to be replaced by a valid and enforceable provision which differs as little as possible from the invalid or unenforceable provision and reflects the intent of the invalid or unenforceable provision.
11.4. Except as explicitly permitted under this Agreement, no Party shall assign or transfer this Agreement or any of its rights or obligations hereunder, either in whole or in part, without the prior written consent of the other Parties.
11.5. Treebytree is entitled to sell, transfer, or pledge (verpanden) its claims of payment to any third party.
11.6. Treebytree reserves the right to change the Agreement. Treebytree will announce any material changes and additions to the Agreement at least thirty (30) days in advance to Client. If Client does not agree with the changes or additions, Client has the right to terminate the Agreement until the date such change or additions enter into effect. Continued use after the effective date conveys acceptance of the amended Agreement.
12. Governing law and jurisdiction
12.1. This Agreement, and any matter, claim, or dispute arising in connection with it, whether contractual or non-contractual, is governed by the laws of the Netherlands (Applicable Law).
12.2. The Parties shall in good faith attempt to resolve any dispute in connection with this Agreement through constructive discussion and negotiation.
12.3. The courts of Amsterdam, the Netherlands, shall have exclusive jurisdiction in the first instance to settle any dispute arising out of or in connection with this Agreement, whether contractual or non-contractual, without prejudice to the right of appeal and that of appeal to the Supreme Court (Hoge Raad).
Annex A:
Data Processing Agreement
This Data Processing Agreement (DPA) is an annex to Client Terms (Agreement). The DPA forms integral part of the Agreement between Treebytree (Processor) and Client (Controller).
1. Definitions
The following capitalised terms are defined in this DPA as follows:
1.1 Data Subjects: means the natural persons whose Personal Data is provided by Client to Treebytree through the channel, as designated by Treebytree, and processed under the Agreement.
1.2 GDPR: the EU General Data Protection Regulation (2016/679/EC) and any related and applicable national implementing legislation.
1.3 Non-Adequate Country: means a country that is deemed not to provide an adequate level of protection of Personal Data within the meaning of Article 45 GDPR.
1.4 Personal Data: has the meaning as described in article 4 (1) GDPR, and insofar as processed by Processor or a Sub-Processor under the DPA.
1.5 Personal Data Breach: has the meaning as described in article 4 (12) GDPR.
1.6 Sub-Processor: means any third party that processes Personal Data under the instruction or supervision of Processor but that does not fall under the direct authority of Processor.
Additionally, capitalised terms may be defined elsewhere in the DPA or the Agreement. Otherwise, Capitalised terms shall follow their definition under the GDPR.
2. Description of the processing
2.1 The subject matter of the DPA is the processing of Personal Data by Processor on behalf of Controller and in accordance with Controller’s written instructions as described in the Agreement, this DPA or otherwise in writing. This includes the following activities:
a) Processor processes Personal Data to invite Data Subjects via email sent on behalf of the Controller to use the Platform. Once the Data Subject becomes a Recipient (i.e., successfully registers an account on the Platform and agrees to the Gift Recipient Terms), Treebytree acts as a controller under the GDPR (finding its legal ground in performance of an agreement with that Data Subject). Once the Data Subject becomes a Recipient and claims the Gift through the initial activation touchpoint, Treebytree provides the Digital Experience as defined in the Agreement. This includes sending twelve (12) quarterly service communications over a period of three (3) years containing updates about the status of the tree and other relevant data. These communications form an essential and functional part of the Gift and are processed by Treebytree in its capacity as Controller pursuant to the Gift Recipient Terms.
b) The nature of the processing of the Personal Data consists of, inter alia, receiving, accessing, storing, transferring, and deleting the Personal Data as well as using the Personal Data to contact the Data Subjects by e-mail on behalf of the Controller.
c) The types of Personal Data processed by Processor on behalf of Controller consist of all Personal Data provided by the Controller for the subject matter of this DPA, including: name, e-mail address, and the content of correspondence with Data Subjects.
2.2 For the avoidance of doubt, Treebytree acts as the Processor for the processing activities specified in clause 0, which are covered by this DPA. For other processing activities, Treebytree acts as a Controller, such as account creation and (continued) provision of the platform, for which Client hereby gives its consent to Treebytree. The processing activities performed by Treebytree in its capacity as a Controller do not fall under the scope of this DPA.
2.3 Processor is obliged to comply with the provisions of this DPA as long as Personal Data is processed by Processor on behalf of Controller.
3. Instructions
3.1 Processor shall process the Personal Data only (i) on behalf of and for the benefit of Controller, (ii) in accordance with Controller’s written instructions, and (iii) for the purposes authorised by the Agreement, this DPA, or otherwise in writing by Controller. Parties shall comply with the GDPR when carrying out these processing activities.
3.2 Processor shall not process the Personal Data further than as instructed in writing, or as required by applicable EU or EU member state law. In case of such a requirement of EU or EU member state law, Processor shall inform Controller of that legal requirement before the processing takes place, unless that law prohibits such information on important grounds of public interest.
4. Compliance with the GDPR and ePrivacy law
4.1 Processor shall comply with the GDPR when processing Personal Data.
4.2 Controller shall comply with the GDPR and ePrivacy law when giving instructions to Processor regarding the processing of Personal Data by Processor. In particular, Controller warrants to Processor that the instructions to Processor in relation to the processing of Personal Data are in accordance with the GDPR. Specifically, Controller warrants that:
a) it has a valid legal basis for transmitting the Personal Data of Data Subjects to Processor, and for having the Personal Data processed by Processor, i.e., having obtained consent from Data Subjects;
b) it will properly and promptly address any opt-out requests from Data Subjects resulting from e-mails sent by Processor on behalf of Controller, in accordance with the GDPR and the ePrivacy law (Dutch Telecommunications Act, Telecommunicatiewet, or any other law or regulation that will replace this Act).
4.3 Processor shall inform Controller if Processor believes that an instruction under this DPA violates the GDPR or if Processor can no longer comply with this DPA or the GDPR.
5. Security and confidentiality
5.1 Processor shall implement and maintain appropriate technical and organisational security measures to prevent accidental or unlawful destruction, loss, alteration, or unauthorised disclosure of, or access to Personal Data. The security measures shall take into account the state of the art, the costs of the implementation, and the nature, scope, context, and purposes of the processing under the Agreement, as well as the risk of likelihood and severity for the rights and freedoms of the Data Subjects.
5.2 Processor shall ensure that any employee, agent, contractor, or any other person working under the direct authority of Processor is committed to respecting and maintaining the confidentiality and security of the Personal Data.
6. Sub-processors
6.1 Processor shall only permit Sub-Processors to process Personal Data with the general prior written consent of Controller, which shall not be unreasonably delayed or withheld. Controller is deemed to have consented to the processing of Personal Data by the following Sub-Processor(s): Microsoft Corporation (Azure Cloud Services), Twilio, Inc (Sendgrid), Hubspot, Inc, Notion Labs, Inc, OpenAI Group PBC.
6.2 Processor shall inform Controller of any intended changes concerning the addition or replacement of other processors, thereby giving Controller the opportunity to object to such changes, which objection shall never be unreasonable. Failing the Controller’s objection within one (1) month, it will be deemed to consent to the engagement of the relevant Sub-processor.
6.3 If the Controller objects to the engagement of a new Sub-processor, the Processor and the Controller will consult to find a reasonable alternative for the relevant Processing. Any additional costs incurred in the agreed alternative will be payable by the Controller.
6.4 Processor will remain fully liable to Controller for each Sub-Processor’s performance of the Agreement and this DPA. Processor shall ensure that Sub-Processors are contractually bound to the same data protection obligations as those to which Processor is bound under this DPA.
7. Cooperation obligations
7.1 Processor shall deal promptly and appropriately with reasonable requests of Controller for cooperation and provide reasonable assistance in cases where Data Subjects wish to exercise their rights of access, rectification, erasure, restriction, or data portability under the GDPR.
7.2 Processor shall cooperate with and assist Controller where Controller reasonably requests such cooperation or assistance in the scope of its Data Protection Impact Assessment and prior consultation obligations under the GDPR.
8. Personal data breaches
8.1 Processor shall inform Controller without undue delay after becoming aware of a Personal Data Breach.
8.2 In the event of a Personal Data Breach, Processor shall promptly take adequate remedial measures. Furthermore, Processor shall promptly provide Controller with all relevant information and assistance as reasonably requested by Controller regarding the Personal Data Breach.
9. Retention, return, and destruction of personal data
9.1 Processor shall keep the Personal Data on behalf of Controller for as long as necessary to provide the services as described in this DPA to Controller. This means that for:
a) Data Subjects who accept the Gift by registering at Processor’s Platform, Processor will cease to be a Processor for the Personal Data, and process the Personal Data for its own purposes as a Controller, as further described in Processor’s privacy policy [link].
b) Data Subjects who, after one reminder, do not accept the Gift, i.e., do not register at Processor’s platform, Processor will delete the Personal Data one month after the reminder was sent.
9.2 In addition to clause 9.1, Processor shall, upon termination of the Agreement or at the written request of Controller, at the option of Controller, return the Personal Data and all copies thereof to Controller and/or shall securely destroy such Personal Data and all copies thereof, except to the extent applicable EU or EU member state law provides longer storage. In such a case:
a) Processor shall inform Controller of such legal obligation, shall keep the Personal Data confidential, and shall only process the Personal Data to the extent required by the applicable EU or EU member state law.
b) Controller shall reimburse any costs associated with the foregoing to Processor.
10. Compliance and right of audit
10.1 Processor shall make available to Controller all information reasonably necessary to demonstrate compliance with the obligations laid down in this DPA. In addition, Processor shall allow for and contribute to audits, including inspections, conducted by Controller or another auditor mandated by Controller, to the extent that such audits do not unreasonably interfere with Processor’s business operations.
11. International data transfer
11.1 Any transfer of Personal Data to a Non-Adequate Country to a Sub-Processor shall be governed by the terms of the appropriate EC Standard Contractual Clauses or another transfer mechanism as included in Chapter 5 of the GDPR.
12. Indemnifications and liability
12.1 Processor is only liable under the DPA for damages caused by (i) non-compliance with legal obligations in the GDPR directly addressed to processors; or (ii) non-compliance with this DPA. Processor is not liable for any damages or loss that result from following the instructions of Controller if these instructions conflict with the GDPR or the Agreement. The limitations of liability as described in clause 7 of the Agreement apply.
12.2 Controller shall indemnify, keep indemnified, and hold harmless Processor against all claims, damages, and losses of any third parties, including Data Subjects, and enforcement actions of the Data Protection Authorities arising out of or resulting from Controller’s failure to comply with clause 4.2.
13. Miscellaneous
13.1 All terms of the Agreement remain in effect. In case of conflicts or inconsistencies between this DPA and the Agreement, the provisions of this DPA prevail.
Treebytree B.V.
info@treebytree.earth
+31 (0)70 219 6884
KvK 86955411
Binckhorstlaan 36
unit M219, 2516 BE, Den Haag
BTW NL864158178B01
IBAN NL78ABNA0113339097
Agreement
By accessing and using the Platform and using the Services, Client agrees to the terms of this Treebytree Platform Services Agreement (Agreement). The individual entering into the Agreement on behalf of Client represents and warrants that they are an authorised representative of Client and that they provide full and unconditional consent to the Agreement on behalf of Client.
1. Definitions
The following capitalised terms are defined in this Agreement as follows:
1.1. Account: a personal account that every Client User gains access to after registration. Through the Account, Client Users have access to and can use the Services.
1.2. Agreement: The agreement as set out below, which governs the relationship between Treebytree and Client in relation to the Services.
1.3. Credentials: The username and password chosen by Client Users to access the Platform.
1.4. Client: The company or other organisation that uses or wants to use the Services.
1.5. Client User: personnel of Client representing Client and using the Services through an Account on behalf of Client.
1.6. Confidential Information: Any information in any form that is disclosed by one Party to the other Party in connection with this Agreement, which is either (i) designated as confidential at the time of disclosure or (ii) should reasonably be understood to be confidential given the nature of the information and the context of its disclosure. Confidential Information includes, but is not limited to, business plans, customer lists, financial data, product designs, technical specifications, proprietary software, trade secrets, and any other information that is not generally known to the public.
1.7. DCC: The Dutch Civil Code (Burgerlijk Wetboek).
1.8. Campaign Services: creating branded Gift campaigns and follow-up communication campaigns towards (potential) Recipients. This includes the (re-)sending of e-mail invitations on behalf of Client to potential Recipients, as designated by Client, to accept a Gift, and including the registration of opt-outs on behalf of Client.
1.9. Fee(s): The Fees as specified in clause 0.
1.10. Gift: The services provided to Recipients through the Platform, which include enabling Recipients to get back, track, and monitor the growth and impact of trees or other objects via a dashboard.
1.11. Gift Recipient Terms: The terms that apply to the relationship between Treebytree and the Recipients.
1.12. Intellectual Property Rights: All intellectual property rights as set out in clause 9, such as, but not limited to, patents, patent applications, trademarks, trademark applications, service marks, trade names, copyrights, trade secrets, licenses, domain names, know-how, URLs and web addresses, ownership rights and processes, databases and data collections.
1.13. Parties: Treebytree and Client.
1.14. Platform: The Treebytree platform accessible via (www.treebytree.earth).
1.15. Platform Services: The services provided through the Platform, which include (i) enabling Recipients to track and monitor the growth and impact of trees and other objects via an online dashboard and (ii) monitoring the environmental impact of the forest and managing Gifts via an online dashboard (iii) sharing the company forest and its impact on our Platform and (iv) sending Gifts via Platform to Recipients.
1.16. Recipients: a natural or legal person invited by Treebytree on behalf of Client to use the Platform and has registered an account as agreed between Treebytree and the Recipient in the Gift Recipient Terms.
1.17. Services: The Campaign Services, Platform Services, and Tree Care Services.
1.18. Contract Term: The term as specified under clause 5.
1.19. Treebytree: Treebytree B.V., having its corporate seat in Den Haag (Binckhorstlaan 36, Unit M219, 2516BE), trade register number 86955411.
1.20. Tree Care Services: Treebytree’s efforts to engage with third-party non-governmental organisations that ensure the proper care and maintenance of the trees.
1.21. Website: The Treebytree website at www.treebytree.earth.
1.22. Digital Experience: The bundled digital experience is an integral part of the Gift and is required for the Gift to function, consisting of thirteen (13) mandatory touchpoints. These include (i) one initial touchpoint enabling the Recipient to claim the tree and activate access to the Platform, followed by (ii) twelve (12) consecutive e-mails sent quarterly over a period of three (3) years, containing updates about the status of the tree and other relevant data.
Additionally, capitalised terms may be defined elsewhere in the Agreement.
2.Subject matter
2.1. Treebytree shall provide the Services to Client under this Agreement for the duration of the Contract Term.
2.2. Treebytree will provide the Platform Services and Tree Care Services independently, to the best of its knowledge and ability, at its own discretion and without being supervised or managed by Client.
3.Platform access
3.1. Client must create an Account to use the Platform. Once such Account has been successfully created, Treebytree shall grant Client User access to the Platform in accordance with this Agreement.
Registration of Client Users
3.2. Treebytree will give Client further instructions if needed for successful registration of Client User. Client shall cooperate regarding practical details concerning the onboarding of Client User onto the Platform.
3.3. Client may be required to provide information on Client Users in order to register Client User Accounts on the Platform. Client ensures that any such information shall be accurate, complete, and up-to-date.
3.4. Client Users will be required to choose a username and password (Credentials). Client is entirely responsible for maintaining the security of the Credentials and agrees not to disclose any Credentials to any third party. Client ensures that all actions taken by Client Users are done under the supervision and with the approval of Client. Client is obliged to notify Treebytree immediately if it suspects abuse by Client Users, their Accounts, or their Credentials.
3.5. Client ensures that Client Users shall use the Services solely for Client’s internal business purposes, provided that Client ensures its Client Users comply with the terms of this Agreement.
3.6. Client is liable for actions of Client Users in relation to the Agreement. If Treebytree identifies a violation by a Client User, Treebytree will notify Client thereof. Client shall take any action to remedy the violation and take appropriate measures to prevent similar violations in the future. Treebytree may implement all measures it considers necessary to end the violation and to prevent similar violations in the future. Client shall provide Treebytree, upon its first written request, with any information Treebytree deems reasonably necessary to end the violation and prevent similar violations.
Campaign Services
3.7. Treebytree shall provide a designated mechanism on the Platform through which Client can upload the e-mail addresses of its business contacts (i.e., prospective Recipients). Treebytree shall use these e-mail addresses to send out the e-mail invitation to accept the Gift, which will include one or more reminders (if necessary) in case of no response. Treebytree will delete the e-mail addresses for which it receives no response after that reminder, and the Client instructs Treebytree to do so.
3.8. The invitation e-mail of Treebytree shall be sent by Treebytree on behalf of Client. Client may provide Treebytree with the material and brand guidelines to ensure that the e-mail has the look and feel of the Client communications.
3.9. Each such e-mail shall include an opt-out possibility for Recipients to refuse future e-mails by Treebytree on behalf of Client. Treebytree will communicate each opt-out to Client through the Platform. It is Client’s responsibility to process such opt-out in its own customer relationship management system.
3.10. Client shall only upload the e-mail addresses from business contacts who have opted in for receiving unsolicited commercial e-mails from Client.
Registration of Recipients
3.11. Treebytree shall only provide access to the Platform and Tree Care Services to Recipients who successfully registered an account and have agreed to the Gift Recipient Terms.
3.11A. Digital Experience Acceptance by Recipients: By accepting and claiming a Gift through the Platform, each Recipient expressly agrees that the Digital Experience forms an integral and inseparable part of the Gift and is required for the Gift to be functional. The Digital Experience consists of thirteen (13) mandatory touchpoints, including one initial touchpoint enabling the Recipient to claim the tree and activate access to the Platform, followed by twelve (12) consecutive e-mails distributed quarterly over a period of three (3) years containing updates on the status of the tree and other relevant data. The Recipient’s acceptance of the Gift and registration on the Platform constitutes consent to receive these communications as essential service communications forming part of the contractual performance of the Gift.
3.12. Treebytree may refuse or revoke access to the Platform and Tree Care Services towards specific Recipients or Clients at any time for any reason.
3.13. When Treebytree refuses to provide or revokes access to the Platform and Tree Care Services towards a Recipient, Treebytree will inform Client that such access and the Tree Care Services have been denied or revoked. Treebytree will provide/resume the access and Tree Care towards the Recipient when Treebytree is satisfied that the reasons for refusing such access no longer exist.
3.14. Any payment obligation in relation to a refused Recipient is suspended as long as Treebytree refuses to provide access to the Platform and Tree Care Services to the Recipient.
3.15. After the termination of the Agreement, Treebytree may continue to provide access to the Platform and Tree Care Services towards Recipients who have accepted a Gift during the Term of the Agreement.
4.Fees
4.1. Treebytree charges Client a fee (Fee) for providing the Services in advance, starting at the moment Client makes use of the Services. The then current Fees for the Services are included on the website of Treebytree.
4.2. All Fees communicated in Euros and exclusive of VAT and other levies imposed by relevant authorities, unless specified otherwise.
4.3. All Fees shall be either (i) invoiced at the end of the calendar month, (ii) directly via a payment tool as designated by Treebytree to Client, or (iii) directly on our Website. Client consents to electronic invoicing of the Fees.
4.4. If Client has opted to pay via invoices, Client shall pay the invoiced Fees within thirty (30) days after the invoice date.
4.5. If Client does not pay invoiced Fees on time: a) statutory commercial interest within the meaning of Section 6:119a DCC shall be due in respect of the outstanding invoice without requiring further notice of default; and b) client is obliged to fully compensate both the judicial and extrajudicial collection costs, including (i) reasonable lawyer’s fees, (ii) bailiff’s fees, (iii) and the costs of collection agencies, in addition to the amount that is owed and the interest due in respect thereof.
4.6. In the event of non-payment or untimely payment by Client, Treebytree may limit the use of the Services by Client after written notice thereof to Client. After a second written notice to Client, Treebytree may suspend the use of the Services by Client and its Client Users until the Fees, including accrued interest and costs, are paid in full.
4.7. A claim for payment becomes immediately due and payable in the event Client (i) is declared bankrupt, (ii) applies for a suspension of payment, (iii) a substantial part of its assets is attached, or (iv) is liquidated and/or dissolved.
4.8. Treebytree reserves the right to adjust the prices for new Gifts at any time. These adjustments will be published on the following page of our Website: https://portal.treebytree.earth/start/amount. No prior notice to the Client is required, and the adjusted prices will apply immediately for any new Gifts purchased after publication. Treebytree reserves the right to annually index the applicable Fees using the Services Producer Price index (SPPI) calculated by Statistics Netherlands (CBS) (https://www.cbs.nl). The adjustment shall be calculated by comparing the SPPI for the current year with the SPPI for the previous year.
5.Duration and termination of the Agreement
5.1. The Agreement is agreed upon for the duration of twelve (12) months (Initial Term), which is automatically extended by twelve (12) additional months (Each a Renewal Term, and jointly with the Initial Term: the Contract Term).
5.2. Treebytree may terminate (opzeggen) this Agreement: a) per the end of the Initial Term or Renewal Term, upon two (2) months prior written notice to the other Party; b) with immediate effect and without notice of default being required, if Client (including its Client Users) use the Services in breach of these Terms, or in any manner that Treebytree deems inappropriate or in violation of applicable law.
5.3. The Client may terminate this Agreement at any time, unless there are any outstanding Fees due from Client to Treebytree. Treebytree reserves the right to continue providing services to the Recipient under the Gift Recipient Terms.
5.4. In deviation of clause 5.2 and 5.3, the Agreement may be terminated by either Party with immediate effect and without notice of default being required if: c) the other Party is granted a suspension of payments, whether or not provisional; d) a petition for bankruptcy is filed by or against the other Party; or e) the other Party is liquidated or dissolved other than for restructuring purposes or for a legal (de-)merger of companies.
5.5. Upon termination of the Agreement, Client must cease immediately, and shall ensure that Client Users cease immediately, any use of the Services and – if applicable – destroy any copies of associated software within its possession and control.
6.Availability and security
6.1. To the maximum extent permitted by Applicable Law, Treebytree hereby disclaims all implied warranties regarding the availability of the Platform Services, fitness for a particular purpose, or non-infringement. The Platform Services are provided “as is” and “as available” without warranty of any kind, meaning that Treebytree does not guarantee that the Platform Services are (i) free of errors and (ii) function without any interruptions. In addition, Treebytree rejects all implied warranties that the Platform Services comply with Client’s expectations thereof.
6.2. Treebytree shall take reasonable efforts to make the Platform Services available as much as possible. Treebytree shall maintain a yearly availability of the Platform Services of 99%. The availability of Platform Services is always measured in such a way that unavailability due to preventive, corrective, or adaptive maintenance service, or other forms of service that Treebytree has notified Client of.
6.3. Treebytree may continue to provide the Platform Services using a new or modified version of the underlying software. Treebytree shall make commercially reasonable efforts to improve the functionality of the Platform Services, including through updates, and to correct faults/errors. Treebytree is not obliged to maintain, modify, or add particular features or functionalities of the Platform Services specifically for Client, unless it is aligned with Treebytree’s principles and vision for the Platform’s growth and its ability to serve all Clients fairly.
6.4. Client acknowledges that Treebytree may be dependent on its supplier(s) when implementing modifications.
6.5. Treebytree does not guarantee that the Platform Services are timely adapted to any amendments in the relevant laws and regulations.
6.6. Treebytree hereby reserves the right to make modifications to the Platform and the Services at any time.
7.Liability
7.1. Treebytree shall only be liable for direct damage suffered by it in the event of an imputable failure in the performance of the Services. Such liability is limited to the maximum specified in this clause.
7.2. Treebytree is not liable for any loss or damages resulting from Client’s and Client User’s use of the Platform. If Treebytree is liable, for any reason, the total aggregate liability of Treebytree to Client shall not exceed the total amount of Fees paid by Client in the calendar year in which the event(s) causing any such liability occurred.
7.3. Liability for indirect damage, including consequential loss, loss of profits, lost savings, reduced goodwill, loss due to business interruption, loss as a result of claims of Client’s Users or Recipients, damage and/or claims of third parties, damage to Client’s or Recipient’s or Client User’s software, items, assets, or other materials, corruption or loss of data, and regulatory fines are explicitly excluded.
7.4. The right to compensation for damages exclusively arises if Client reports the damage to Treebytree in writing as soon as possible after the damage has occurred. Any claim for compensation of damages filed against Treebytree lapses (vervalt) by the mere expiry of a period of twelve (12) months following the inception of the claim, unless Client has instituted a legal action for damages prior to the expiry of this term.
7.5. Before a Party may invoke the right to dissolve (ontbinding) this Agreement or the right to claim damages due to an imputable failure in the performance of any obligations (if any), the non-breaching Party must first issue a written notice of default (ingebrekestelling) to the breaching Party. This notice must provide a reasonable period for the breaching Party to remedy the failure. The breaching Party shall only be in default (verzuim) if the breach is not remedied within the specified period in the notice of default.
7.6. Nothing in this Agreement will exclude or limit the liability of Treebytree if this cannot be excluded or limited underthe Applicable Law, such as in the case of wilful intent or gross negligence by Treebytree.
8.Data protection
8.1. When a Client makes use of the Services, Treebytree will collect certain Personal Data of Client Users. Hereby Treebytree acts as Controller within the meaning of the General Data Protection Regulation (Algemene Verordening Gegevensbescherming) (GDPR). More information about the processing of such Client User personal data is included in the Treebytree Privacy Notice.
8.2. For any processing of Personal Data of Recipients for the Campaign Services, i.e., before a Recipient agrees to the Gift Recipients Terms, Treebytree acts as a Processor within the meaning of the GDPR on behalf of Client. For this processing, Parties will enter into a Data Processing Agreement, as required by the GDPR. This Data Processing Agreement is attached as Annex A.
9.Intellectual property
9.1. Treebytree is the exclusive owner of all intellectual property rights relating to the Platform and underlying source and object code (Intellectual Property Rights). Nothing in this Agreement shall be construed to assign or confer to Client any Intellectual Property Rights pertaining to the Platform. Treebytree grants Client the right to use the Platform during the Contract Term of the Agreement.
9.2. Client may use Treebytree’s trademarks and related logos to promote the Platform, provided this does not create confusion about its status as Client of Treebytree. Treebytree has the right to issue reasonable instructions concerning the correct use of promotions, which Client must adhere to.
9.3. Client hereby grants Treebytree a non-transferable and non-exclusive license to use Client’s trademarks, logos, and other materials supplied by Client for use (i) in communications towards Recipients and (ii) on the Platform. Treebytree may also display Client’s trademarks and/or logos on the Website and use them for purposes of reference and acknowledgement.
10. Confidentiality
10.1. Each Party will keep confidential and will not disclose, reveal, or use for any purpose (other than to execute the Agreement) any Confidential Information, unless such Confidential Information:
a) is known or becomes known to the public in general, other than as a result of a breach of this clause by such Party;
b) is or has been independently developed or conceived by such Party without use of Confidential Information; or
c) is or has been disclosed to such Party by a third party without a breach of an obligation of confidentiality that such third party has to the other Party to this Agreement.
10.2. This clause does not restrict a Party from disclosing Confidential Information:
d) to professional advisors (such as attorneys, accountants, and consultants) that are subject to a duty of confidentiality, to the extent reasonably necessary to obtain their services;
e) to any affiliate, partner, member, or shareholder of such Party in the ordinary course of business, provided that such Party informs the receiver that such information is confidential and directs the receiver to maintain the confidentiality of such information;
f) in legal proceedings to the extent reasonably necessary to exercise its rights under this Agreement; or
g) as may be required by Applicable Law or by order of a competent court or governmental authority, provided that such Party notifies the other Party prior to such disclosure and shall consult the other Party with respect to timing and content of any such disclosure.
11. Miscellaneous
11.1. The Agreement embodies the entire understanding and agreement between the Parties respecting the subject matter of the Agreement and supersedes any and all prior understandings and agreements between the Parties respecting such subject matter.
11.2. Failure to exercise or any delay in exercising any right under this Agreement or Applicable Law by any Party, including a Party granting of an extension of time in which to perform its obligations under any provision hereof, will not be deemed to constitute waiver or forfeiture (rechtsverwerking) of such right.
11.3. The invalidity or unenforceability of any provision of this Agreement shall not affect any other provisions of this Agreement, unless any such provision is inextricably linked to the invalid or unenforceable provision. Any invalid or unenforceable provision shall be replaced or, insofar as possible under Applicable Law, deemed to be replaced by a valid and enforceable provision which differs as little as possible from the invalid or unenforceable provision and reflects the intent of the invalid or unenforceable provision.
11.4. Except as explicitly permitted under this Agreement, no Party shall assign or transfer this Agreement or any of its rights or obligations hereunder, either in whole or in part, without the prior written consent of the other Parties.
11.5. Treebytree is entitled to sell, transfer, or pledge (verpanden) its claims of payment to any third party.
11.6. Treebytree reserves the right to change the Agreement. Treebytree will announce any material changes and additions to the Agreement at least thirty (30) days in advance to Client. If Client does not agree with the changes or additions, Client has the right to terminate the Agreement until the date such change or additions enter into effect. Continued use after the effective date conveys acceptance of the amended Agreement.
12. Governing law and jurisdiction
12.1. This Agreement, and any matter, claim, or dispute arising in connection with it, whether contractual or non-contractual, is governed by the laws of the Netherlands (Applicable Law).
12.2. The Parties shall in good faith attempt to resolve any dispute in connection with this Agreement through constructive discussion and negotiation.
12.3. The courts of Amsterdam, the Netherlands, shall have exclusive jurisdiction in the first instance to settle any dispute arising out of or in connection with this Agreement, whether contractual or non-contractual, without prejudice to the right of appeal and that of appeal to the Supreme Court (Hoge Raad).
Annex A:
Data Processing Agreement
This Data Processing Agreement (DPA) is an annex to Client Terms (Agreement). The DPA forms
integral part of the Agreement between Treebytree (Processor) and Client (Controller).
1. Definitions
The following capitalised terms are defined in this DPA as follows:
1.1 Data Subjects: means the natural persons whose Personal Data is provided by Client to Treebytree through the channel, as designated by Treebytree, and processed under the Agreement.
1.2 GDPR: the EU General Data Protection Regulation (2016/679/EC) and any related and applicable national implementing legislation.
1.3 Non-Adequate Country: means a country that is deemed not to provide an adequate level of protection of Personal Data within the meaning of Article 45 GDPR.
1.4 Personal Data: has the meaning as described in article 4 (1) GDPR, and insofar as processed by Processor or a Sub-Processor under the DPA.
1.5 Personal Data Breach: has the meaning as described in article 4 (12) GDPR.
1.6 Sub-Processor: means any third party that processes Personal Data under the instruction or supervision of Processor but that does not fall under the direct authority of Processor.
Additionally, capitalised terms may be defined elsewhere in the DPA or the Agreement. Otherwise, Capitalised terms shall follow their definition under the GDPR.
2. Description of the processing
2.1 The subject matter of the DPA is the processing of Personal Data by Processor on behalf of Controller and in accordance with Controller’s written instructions as described in the Agreement, this DPA or otherwise in writing. This includes the following activities:
a) Processor processes Personal Data to invite Data Subjects via email sent on behalf of the Controller to use the Platform. Once the Data Subject becomes a Recipient (i.e., successfully registers an account on the Platform and agrees to the Gift Recipient Terms), Treebytree acts as a controller under the GDPR (finding its legal ground in performance of an agreement with that Data Subject). Once the Data Subject becomes a Recipient and claims the Gift through the initial activation touchpoint, Treebytree provides the Digital Experience as defined in the Agreement. This includes sending twelve (12) quarterly service communications over a period of three (3) years containing updates about the status of the tree and other relevant data. These communications form an essential and functional part of the Gift and are processed by Treebytree in its capacity as Controller pursuant to the Gift Recipient Terms.
b) The nature of the processing of the Personal Data consists of, inter alia, receiving, accessing, storing, transferring, and deleting the Personal Data as well as using the Personal Data to contact the Data Subjects by e-mail on behalf of the Controller.
c) The types of Personal Data processed by Processor on behalf of Controller consist of all Personal Data provided by the Controller for the subject matter of this DPA, including: name, e-mail address, and the content of correspondence with Data Subjects.
2.2 For the avoidance of doubt, Treebytree acts as the Processor for the processing activities specified in clause 0, which are covered by this DPA. For other processing activities, Treebytree acts as a Controller, such as account creation and (continued) provision of the platform, for which Client hereby gives its consent to Treebytree. The processing activities performed by Treebytree in its capacity as a Controller do not fall under the scope of this DPA.
2.3 Processor is obliged to comply with the provisions of this DPA as long as Personal Data is processed by Processor on behalf of Controller.
3. Instructions
3.1 Processor shall process the Personal Data only (i) on behalf of and for the benefit of Controller, (ii) in accordance with Controller’s written instructions, and (iii) for the purposes authorised by the Agreement, this DPA, or otherwise in writing by Controller. Parties shall comply with the GDPR when carrying out these processing activities.
3.2 Processor shall not process the Personal Data further than as instructed in writing, or as required by applicable EU or EU member state law. In case of such a requirement of EU or EU member state law, Processor shall inform Controller of that legal requirement before the processing takes place, unless that law prohibits such information on important grounds of public interest.
4. Compliance with the GDPR and ePrivacy law
4.1 Processor shall comply with the GDPR when processing Personal Data.
4.2 Controller shall comply with the GDPR and ePrivacy law when giving instructions to Processor regarding the processing of Personal Data by Processor. In particular, Controller warrants to Processor that the instructions to Processor in relation to the processing of Personal Data are in accordance with the GDPR. Specifically, Controller warrants that:
a) it has a valid legal basis for transmitting the Personal Data of Data Subjects to Processor, and for having the Personal Data processed by Processor, i.e., having obtained consent from Data Subjects;
b) it will properly and promptly address any opt-out requests from Data Subjects resulting from e-mails sent by Processor on behalf of Controller, in accordance with the GDPR and the ePrivacy law (Dutch Telecommunications Act, Telecommunicatiewet, or any other law or regulation that will replace this Act).
4.3 Processor shall inform Controller if Processor believes that an instruction under this DPA violates the GDPR or if Processor can no longer comply with this DPA or the GDPR.
5. Security and confidentiality
5.1 Processor shall implement and maintain appropriate technical and organisational security measures to prevent accidental or unlawful destruction, loss, alteration, or unauthorised disclosure of, or access to Personal Data. The security measures shall take into account the state of the art, the costs of the implementation, and the nature, scope, context, and purposes of the processing under the Agreement, as well as the risk of likelihood and severity for the rights and freedoms of the Data Subjects.
5.2 Processor shall ensure that any employee, agent, contractor, or any other person working under the direct authority of Processor is committed to respecting and maintaining the confidentiality and security of the Personal Data.
6. Sub-processors
6.1 Processor shall only permit Sub-Processors to process Personal Data with the general prior written consent of Controller, which shall not be unreasonably delayed or withheld. Controller is deemed to have consented to the processing of Personal Data by the following Sub-Processor(s): Microsoft Corporation (Azure Cloud Services), Twilio, Inc (Sendgrid), Hubspot, Inc, Notion Labs, Inc, OpenAI Group PBC.
6.2 Processor shall inform Controller of any intended changes concerning the addition or replacement of other processors, thereby giving Controller the opportunity to object to such changes, which objection shall never be unreasonable. Failing the Controller’s objection within one (1) month, it will be deemed to consent to the engagement of the relevant Sub-processor.
6.3 If the Controller objects to the engagement of a new Sub-processor, the Processor and the Controller will consult to find a reasonable alternative for the relevant Processing. Any additional costs incurred in the agreed alternative will be payable by the Controller.
6.4 Processor will remain fully liable to Controller for each Sub-Processor’s performance of the Agreement and this DPA. Processor shall ensure that Sub-Processors are contractually bound to the same data protection obligations as those to which Processor is bound under this DPA.
7. Cooperation obligations
7.1 Processor shall deal promptly and appropriately with reasonable requests of Controller for cooperation and provide reasonable assistance in cases where Data Subjects wish to exercise their rights of access, rectification, erasure, restriction, or data portability under the GDPR.
7.2 Processor shall cooperate with and assist Controller where Controller reasonably requests such cooperation or assistance in the scope of its Data Protection Impact Assessment and prior consultation obligations under the GDPR.
8. Personal data breaches
8.1 Processor shall inform Controller without undue delay after becoming aware of a Personal Data Breach.
8.2 In the event of a Personal Data Breach, Processor shall promptly take adequate remedial measures. Furthermore, Processor shall promptly provide Controller with all relevant information and assistance as reasonably requested by Controller regarding the Personal Data Breach.
9. Retention, return, and destruction of personal data
9.1 Processor shall keep the Personal Data on behalf of Controller for as long as necessary to provide the services as described in this DPA to Controller. This means that for:
a) Data Subjects who accept the Gift by registering at Processor’s Platform, Processor will cease to be a Processor for the Personal Data, and process the Personal Data for its own purposes as a Controller, as further described in Processor’s privacy policy [link].
b) Data Subjects who, after one reminder, do not accept the Gift, i.e., do not register at Processor’s platform, Processor will delete the Personal Data one month after the reminder was sent.
9.2 In addition to clause 9.1, Processor shall, upon termination of the Agreement or at the written request of Controller, at the option of Controller, return the Personal Data and all copies thereof to Controller and/or shall securely destroy such Personal Data and all copies thereof, except to the extent applicable EU or EU member state law provides longer storage. In such a case:
a) Processor shall inform Controller of such legal obligation, shall keep the Personal Data confidential, and shall only process the Personal Data to the extent required by the applicable EU or EU member state law.
b) Controller shall reimburse any costs associated with the foregoing to Processor.
10. Compliance and right of audit
10.1 Processor shall make available to Controller all information reasonably necessary to demonstrate compliance with the obligations laid down in this DPA. In addition, Processor shall allow for and contribute to audits, including inspections, conducted by Controller or another auditor mandated by Controller, to the extent that such audits do not unreasonably interfere with Processor’s business operations.
11. International data transfer
11.1 Any transfer of Personal Data to a Non-Adequate Country to a Sub-Processor shall be governed by the terms of the appropriate EC Standard Contractual Clauses or another transfer mechanism as included in Chapter 5 of the GDPR.
12. Indemnifications and liability
12.1 Processor is only liable under the DPA for damages caused by (i) non-compliance with legal obligations in the GDPR directly addressed to processors; or (ii) non-compliance with this DPA. Processor is not liable for any damages or loss that result from following the instructions of Controller if these instructions conflict with the GDPR or the Agreement. The limitations of liability as described in clause 7 of the Agreement apply.
12.2 Controller shall indemnify, keep indemnified, and hold harmless Processor against all claims, damages, and losses of any third parties, including Data Subjects, and enforcement actions of the Data Protection Authorities arising out of or resulting from Controller’s failure to comply with clause 4.2.
13. Miscellaneous
13.1 All terms of the Agreement remain in effect. In case of conflicts or inconsistencies between this DPA and the Agreement, the provisions of this DPA prevail.
Treebytree B.V.
+31 (0)70 219 6884
KvK 86955411
Binckhorstlaan 36
unit M219, 2516 BE, Den Haag
BTW NL864158178B01
IBAN NL78ABNA0113339097
