Please wait...
By continuing to browse our website, you agree to our use of cookies. If you do not consent to the use of cookies, please alter your browser settings or do not use our website. For more information, visit our Privacy Policy.
Aici puteti citi termenii portalului nostru

Data Protection rights and obligations

Data Protection rights and obligations
  1. Ingram Micro as supplier (“Ingram Micro”) and the recipient of goods and services (“Client”), hereinafter together referred to as the Parties, acknowledge and agree to comply with the applicable data protection and privacy laws and regulations (“Data Protection Laws and Regulations”), including without limitation the EU General Data Protection Regulation (“Regulation (EU) 2016/679 (“GDPR”). In this regard, both Parties certify and agree to comply with the Data Protection Laws and Regulations when using, handling, disclosing, transferring, sharing or processing in any way and for any purpose, any information about an identified or identifiable individual (“Personal Data”) of the other Party, including employee, vendor or customer Personal Data, during the Parties’ commercial relationship under the applicable terms and conditions (“Terms and Conditions”), and in respect of Parties’ respective obligations under these Terms and Conditions and the Data Protection Laws and Regulations. Client will not by any act or omission put Ingram Micro in breach of its legal obligations under the applicable Data Protection Laws and Regulations and in connection with the Terms and Conditions.
  2. Parties acknowledge and agree that all Personal Data shared and processed as part of the Parties’ commercial relationship under the Terms and Conditions is confidential information and is subject to confidentiality obligations under the applicable laws and Terms and Conditions.
  3. Parties acknowledge and agree that Client is the data controller in respect of any Personal Data provided to Ingram Micro by Client and which Ingram Micro processes on behalf of Client under the Terms and Conditions and in the course of providing the goods and the services and that Ingram Micro is the data processor. However, in regard to all Personal Data provided by Ingram Micro to Client and processed by the latter on behalf of Ingram Micro, Ingram Micro is the data controller and Client is the data processor.
  4. Ingram Micro and Client retain all rights, title and interest in any Personal Data it may pass to the other Party during the commercial relationship between the Parties.
  5. To the extent that Ingram Micro or Client process Personal Data on behalf of the other party, the processor shall:
    1. Only process the Personal Data passed on by the other Party in accordance with its instructions and in compliance with the provisions set forth in the Data Protection Laws and Regulations.
    2. Use the Personal Data for the purposes defined by the data controller and for no other purpose, except if allowed by law.
    3. Not perform cross-border transfers, disclose or otherwise permit access to the Personal Data to any third party for any purpose, without the other Party’s prior written consent, except where it is strictly necessary in order to comply with a legal obligation, the terms and obligations under the Terms and Conditions or if necessary for the execution of the commercial relationship between the Parties.
    4. Take reasonable steps to ensure the reliability of staff having access to the Personal Data processed as part of the execution of the commercial relationship and the Terms and Conditions and that all staff to whom the processor discloses Personal Data are made aware that the Personal Data is confidential information and subject to confidentiality obligations.
    5. Maintain and will continue to maintain during the commercial relationship between the Parties under the Terms and Conditions, appropriate technical and organizational measures to ensure the security, availability, confidentiality and integrity of its computers and other information systems and services, and to prevent the unauthorized or unlawful processing, disclosure, copying or use of Personal Data and against accidental loss or destruction of, or damage to Personal Data.
    6. Provide reasonable assistance to controller in order to allow it to comply with its obligations under the Data Protection Laws and Regulations.
    7. Inform as soon as possible controller of any data subject request, third party notices, breach of security or loss of controller’s Personal Data and cooperate with controller in order to impede any consequences thereof and ensure compliance with the applicable Data Protection Laws and Regulations.
    8. Upon termination of the commercial relationship between the Parties, cease all processing of controller’s Personal Data and shall delete or, upon controller’s request, return, all files containing the Personal Data. Notwithstanding the above, the processor may retain controller’s Personal Data to the extent required by the applicable laws and for such period as required by the applicable laws.
    9. Not subcontract any of its processing operations regarding controller’s Personal Data without the express prior written consent of controller which consent could not be unreasonably withheld.
  6. In the event that a legal requirement prevents processor from complying with controller’s instructions or requires it to process that Personal Data for a particular purpose or to disclose the Personal Data to a third party, processor shall, unless such legal requirement prohibits it from doing so, promptly inform controller in writing of the relevant legal requirement before carrying out the relevant processing activities and co-operate with controller regarding the manner of such disclosure.
  7. Processor agrees, upon reasonable notice and once every 12 months, to submit to audits or have an independent third-party auditor, inspector, regulator, and other representative, designated in writing by controller and subject to confidentiality obligations, to perform an audit on his behalf in order to validate processor’s compliance with its obligations under the Terms and Conditions and the Data Protection Laws and Regulations.
  8. In the event any of the Parties breaches and fails to comply with the terms and conditions on data protection provided in the Terms and Conditions, the breaching Party shall be held liable for all damages and costs incurred by the other Party.
  9. Client shall indemnify and hold Ingram Micro harmless from any liability, losses, claims, penalties, damages, costs and expenses of whatever nature, imposed by the Supervisory Authority on Ingram Micro and arising out of any claims, actions, proceedings or settlements, resulting from the breach or non-compliance of Client with the terms and conditions on data protection laid down in the Terms and Conditions and/or with the Data Protection Laws and Regulations.
  10. According to the provisions of the Data Protection Laws and Regulations, all data subjects have the right to exercise their rights of access, rectification, amendment, restriction of processing or deletion (“right to be forgotten’), data portability, objection to the processing of that individual's Personal Data or any other right provided to data subjects under the Data Protection Laws and Regulations. Processor shall provide Controller with all reasonable cooperation and assistance in order to enable Controller to comply with its legal obligations in relation to the handling of data subject requests. All data subject request should be either logged on the following address: https://corp.ingrammicro.com/Contact-Us.aspx or directly send to the following e-mail address: privacy@ingrammicro.com.
  11. For more information please consult Ingram Micro’s Privacy Policy on the following address: https://corp.ingrammicro.com/privacy-statement.aspx.