Processor Agreement

Several concepts are used in this Agreement. The meaning of the concepts is explained below. The concepts referred to are written
with a capital letter in Agreement. The description of the concept from the laws and regulations in the field of privacy is often used in
the summary below.
Person involved: Those to whom the Personal data pertains.
Processor: A natural or legal person, a government agency, a professional service or another body that
processes Personal data on behalf of the Processing Controller, without being subject to his
direct authority.
Sub-processor: Another processor that is used by the Processor to perform specific processing activities on behalf of the Processing Controller.
Processing Controller/Responsible Official: A natural or legal person, a government agency, a professional service or any other body that, alone or together with others, determines the purpose and means for the processing of personal data.
Particular Personal data: This is data from which race or ethnic origin, political opinions, religious or philosophical beliefs, or membership of a trade union, and genetic data, biometric data with the view to the unique identification of a person, data on health, or data related to a person’s sexual behaviour or sexual orientation become apparent. As well as personal data regarding criminal convictions and acts or related security measures.
Data leak / Infringement regarding personal data: An infringement of the security that inadvertently or unlawfully leads to - or where it cannot reasonably be excluded that it may lead to - the destruction, the loss, the modification or the unauthorized disclosure of or unauthorized access to the transmitted, stored or otherwise processed personal data.
Third Parties: People other than You, Us and Our Employees.
Data leaks notification obligation: The obligation to notify the Personal Data Authority and (in some cases) to the Person/Persons involved of the Data leaks.
Employees: Persons working with You or with Us, or temporarily hired as an Employee.
Agreement: This Processor Agreement.
Personal data: All information about an identified or identifiable natural person (“the Person Involved”) processed in the context of the Distributorship; an identifiable natural person who can be identified directly or indirectly, in particular by means of an identifier such as a name, an identification number, location data, an online identifier or one or more elements characteristic of the physical, physiological, genetic, psychological, economic, cultural or social identity of the natural person.
Personal details of a sensitive nature: Personal data where loss or unlawful processing can lead to (among other things) stigmatization or exclusion of the Person Involved, damage to health, financial losses or (identity) fraud. The following must anyway be classified as these categories of personal data:
• Particular personal data
• Data on the financial or economic situation of the Person Involved
• (Other) data that may lead to stigmatization or exclusion of the Person Involved
• User names, passwords and other log-in details
• Data that can be misused for (identity) fraud
Process / Processing: A process of set of processes relating to personal data or a set of personal data, whether performed via automated procedures, such as collecting, recording, organizing, structuring, storing, updating or modifying, retrieving, consulting, using, disclosing by transmission, distributing or otherwise forwarding, aligning or combining, guarding, deleting or destroying data.
GDPR: General Data Protection Regulation, including the implementing law on this regulation. The GDPR replaces the Wbp [Data Protection Act] on 25 May 2018.

2.1 This Processor Agreement governs the Processing of Personal Data by the Beyuna Independent Sales Representative in the
context of the Agreement.
2.2 The nature and purpose of the Processing, the type of Personal Data and the categories of Personal Data, Persons Involved
and recipients are described in Appendix 1.
2.3 The Beyuna Independent Sales Representative guarantees the application of appropriate technical and organizational
measures as described in Appendix 2, so that the Processing complies with the requirements of the Regulation and the
protection of the rights of the Person Involved is ensured.
2.4 The Beyuna Independent Sales Representative guarantees compliance with the requirements of the applicable laws and
regulations regarding the Processing of Personal Data.

3.1 This Agreement takes effect as soon as it has been signed by both Parties.
3.2 This Processor Agreement ends after and insofar as the Beyuna Independent Sales Representative has deleted or returned all
Personal Data in accordance with Article 10.
3.3 None of the Parties can terminate this Processing Agreement in the interim. Beyuna can adjust the Processor Agreement at
any time. The Beyuna Independent Sales Representative is informed of this.

4.1 The Beyuna Independent Sales Representative Processes the Personal Data exclusively in the way that is needed to
support the downline and support customers where necessary. This means that it is possible to respond to contact forms and
assistance may be rendered at business level by means of insight into the merits. Customers may not be approached in any
other way unless permission has been given and this permission has also been recorded.
4.2 If, based on a statutory provision, the Beyuna Independent Sales Representative is required to disclose Personal Data, he will
inform Beyuna immediately, and, if possible, prior to the disclosure.
4.3 The Beyuna Independent Sales Representative has no control over the purpose and means for the Processing of Personal
Data.

5.1 The Beyuna Independent Sales Representative takes the technical and organisational security measures as described in
Appendix 2.
5.2 The parties acknowledge that guaranteeing an appropriate level of security can constantly force additional security measures
to be taken. Beyuna Independent Sales Representative guarantees a risk-adjusted security level.
5.3 If and insofar as Beyuna expressly requests doing so in writing, the Beyuna Independent Sales Representative will take
additional measures with a view to securing the Personal Data.
5.4 The Beyuna Independent Sales Representative does not Processes Personal Data outside of the European Union, unless he
has received explicit written permission from Beyuna and subject to deviating legal obligations.
5.5 The Beyuna Independent Sales Representative informs Beyuna without unreasonable delay as soon as he becomes aware of
unlawful Processing of Personal Data or infringements of security measures as referred to in the first and second paragraph.

6.1 The Personal Data is of a confidential nature and this entails a confidentiality obligation on Third Parties.
6.2 At Beyuna’s request, the Beyuna Independent Sales Representative demonstrates that his Staff is committed to observe
confidentiality.

When the Beyuna Independent Sales Representative engages another processor to perform processing activities for Beyuna, the same
data protection obligations are imposed on this other processor in an agreement as those included in this Processor Agreement.

The Beyuna Independent Sales Representative assists Beyuna in fulfilling its obligation to respond to requests to exercise the rights of
the Party Involved as set out down in Chapter III of the Regulation.

9.1 The Beyuna Independent Sales Representative informs Beyuna within 48 hours, as soon as he has become aware of an
Infringement regarding Personal Data, in accordance with the agreements as set out in Appendix 3.
9.2 The Beyuna Independent Sales Representative also informs Beyuna within 48 hours of a notification based on the first
paragraph about developments concerning the Infringement in connection with Personal Data.
9.3 The Parties each bear the costs to be incurred by them in connection with the notification to the Competent Supervisory
Authority and the Person Involved.

After termination of the distributorship with Beyuna, the Beyuna Independent Sales Representative will be responsible for deleting all
Personal Data. The Beyuna Independent Sales Representative will delete copies, subject to deviating legal regulations.

11.1 The Beyuna Independent Sales Representative makes all information, necessary to demonstrate that the obligations under
this Processing Agreement have been and are being fulfilled, available.
11.2 The Beyuna Independent Sales Representative provides all necessary assistance to audits.

The subject / nature and purpose of the Processing - Contact other Beyuna Independent Sales Representatives to provide support in doing business.
The type of Personal Data - Name, address, e-mail, telephone number, insight into turnover
Description of categories of Personal Data - Normal Personal Data
Description of categories of Persons Involved - Distributeurs
Description of categories of recipients of Personal Data - Processors

The subject / nature and purpose of the Processing - Contact customers in the Beyuna Independent Sales Representative’s organisation if there are any questions.
The type of Personal Data - Name, address, Email, Telephone number, insight into orders
Description of categories of Personal Data - Normal Personal Data
Description of categories of Persons Involved - Customers
Description of categories of recipients of Personal Data - Processors

The subject / nature and purpose of the Processing - Making contact in response to the contact form. Please note: these people may not be mailed.
The type of Personal Data - Name, E-mail
Description of categories of Personal Data - Normal Personal Data
Description of categories of Persons Involved - Potential Customers
Description of categories of recipients of Personal Data - Processors

Among others, the registration that the Processing Controller must hold based on Article 30 of the Regulation can be used for the
content of this Appendix.

In this appendix, the standards and measures that the Beyuna Independent Sales Representative must use in the context of the securi-
ty of the Processing must be specified.

1. The data available in Cloud Office may not be shared with anyone.
2. Telephone / tablet / computer / laptop or other devices must never be publicly logged into Cloud Office and left behind.
3. Telephone / tablet / computer / laptop or other devices must be secured with the latest updates and must have virus scanners, firewalls and software against malware attacks.
4. Telephone / tablet / computer / laptop or other devices with access to e-mail through which contact forms can enter, must be secured by means of a 6-digit code.
5. Exports of data from Cloud Office may not be stored on public computers.
6. Exports of data from Cloud Office may only be stored on secured servers.
7. Telephone / tablet / computer / laptop or other devices with access to the Beyuna app are secured by means of a 6-digit code.

Information that must at least be provided by the Beyuna Independent Sales Representative once a data Infringement has taken place.
This must be reported to Beyuna by telephone within 48 hours.
• Nature of the Infringement regarding Personal data
• The Personal details and Person involved
• Probable consequences of the Infringement regarding Personal data
• Measures proposed or taken by the Beyuna Independent Sales Representative to address the Infringement regarding
Personal Data, including, where appropriate, measures to limit any adverse consequences.