IDT S.p.A., having its registered office in via Quittengo 35 (Turin), C.F.-P.IVA 10010450012 hereby represented by its pro tempore legal representative (hereinafter, “IDT”), created and is the owner of a website for online sale of products and for the supply of the dropshipping service, whose domain is www.bdroppy.com (hereinafter “DB Main Domain”) 

IDT wants to offer users regularly registered on the DB Main Domain (hereinafter, “User”), under regular price payment (hereinafter, “Price”), a membership service giving the User the opportunity to sell online IDT products supplied in dropshipping (hereinafter, the “Service”) listed in the catalogue (hereinafter, the “Catalogue”) through the user’s online shop (therefore provided through own plugins for the automatic exchange of catalog and order data) or through a ready-to-use e-commerce with domain owned by the User created by IDT and integrated with the dropshipping service provided by the latter (hereinafter “User Domain”). 

In light of the above,

THE FOLLOWING IS AGREED

1. The User’s request to activate the Service amounts to a proposal. The User shall register on the DB Main Domain, within the manner and the terms established in Annex A, choosing the desired Service and accepting the conditions of the present contract by ticking the acceptance box, also in relation to the clauses under articles 1341 and 1342 Italian Civil Code. It is understood that the registration is subject to the electronic acceptance through the ticking of the present contract terms and conditions. The User’s proposal will be deemed to be accepted, and thus the contract concluded, at the moment of the Service activation by IDT, which will happen upon verification of the User’s regular registration on the DB Main Domain and the success of the Price payment, as detailed in Annex A. By registering, requesting the Service activation and accepting by clicking on the acceptance button, the User declares to have read and to accept all contents in the present contract also in relation to the provisions under articles 1341 and 1342 Italian Civil Code. It is understood that the present contract between the User and IDT will be concluded only in digital form by accepting the present conditions through the electronic point-and-click procedure by the User on the DB Main Domain.
2. The User may proceed with the Price payment through the modes indicated in Annex A. The User undertakes to adopt all necessary measures to ensure the successful outcome of the payment. In the event that the payment of the amounts due to IDT is not successful, IDT reserves the right to suspend the Service supply until the moment of the effective payment.
3. The User is not bound by any non-competition obligation and therefore is entitled to directly or indirectly handle competitor products other than IDT’s. The User does not enjoy any exclusive rights for IDT’s product. It is understood that IDT is free to handle the online and offline sale with end customers directly or through agents, other partners or intermediaries. In any case, IDT may not be considered responsible for products, sold by the User on his/her own User Domain, which are not listed in the Catalogue proposed by IDT
4. The User may use trademarks owned by IDT or by third parties with a mere descriptive function necessary to indicate the industrial origin of the product and ensure its originality. IDT does not authorize the use of logos, symbols or other distinguishing marks exclusively owned by IDT or by third parties. It is understood that IDT cannot be deemed responsible for the eventual misuse of such logos, symbols, marks or other distinguishing signs by the User.
5. The User shall hold IDT harmless and shall indemnify it from any kind of claims, such as damages, liability, costs, burdens and expenses claims, including eventual legal fees, deriving from any User’s non-compliance with obligations under this contract.
6. The Service has a minimum duration of 1 or 12 months and starts running from the date of its activation by the User. The Service will automatically be renewed for the same period. It is understood that the User will have to pay the current Price at the time of each renewal.
7. It is understood that IDT, in any case and at any time, may terminate the present contract and interrupt the Service, by means of an e-mail notice to the address provided by the User, who will not have the right to any compensation or reparation. In case of termination of the contract by IDT, the Price eventually paid for the period during which the Service will not be used will be reimbursed to the User.
8. The Parties reciprocally ensure the respect of any norms related to personal data process. The personal data provided will be processed exclusively for the pursuance of contractual purposes. By registering and accepting the present contract as outlined above, the User gives his/her consent in order for IDT to process his/her personal data, provided at the time of registration and of the Service request, and to transfer the User via e-mail any communications relating to the execution of the present contract, to the Service and to the promotion of the Catalogue products. The User, as owner of the data of his/her customers, appoints IDT responsible for the treatment with reference to the data of the end users that are transmitted to him in order to perform the Service, by signing the contract referred to in the Annex “Designation of the data processing manager”.
9. The sales between IDT and the User will be subject to IDT’s general sale conditions provided by the present contract.
10. The present contract is governed by Italian law.
11. All disputes arising out of or in connection with the present contract, both contractual and non contractual, shall be exclusively and finally settled by the competent Court of the place where IDT has its registered office
12. The present contract repeals and replaces any other precedent written or verbal agreement, eventually entered into force between the parties on the matter covered by the contract.
13. Any amendment or integration shall be made in writing, otherwise they should be void.
14. The present contract cannot be transferred, in whole or in part, unless previously agreed in writing by the parties.
15. IDT’s Dropshipping service is not for resale to third parties.
16. In the event of non-compliance with the present contract by the other party, the failure to exert a remedy or a right shall not constitute waiver to exert such remedy or right in the future.
17. The Whereas and the Annexes shall be considered a constitutive part of the present Terms of BDroppy.
18. The service is not refundable.

19. Depending on the country in which it operates, the client may have to open a VAT position to fulfill the tax obligations of their country. IDT is not responsible in case of non-compliance.

1. Cost of the service

The Dropshipping service can be activated in the following ways:

BSOCIAL – 1 Integration (1 list and 1 channel) 29 €/month – 290€/year

BASIC – 1 integration (1 list and 1 channel) 99 € / month – 990 € / year

PLUS – 3 integrations (3 lists and 3 channels) 199 € / month – 1990 € / year

The turnkey site service can be activated in the following ways:

EASY – we will provide you with an ecommerce site with all our integrated catalog, basic template, recommended hosting up to 5000 products, monolingual and mono currency site – 990 € / year

ENTERPRISE- we will provide you with an e-commerce site on the Prestashop platform, premium template, recommended hosting over 5000 products, multilingual site (3 languages ​​to choose from 20) and multi-currency (up to 3 currencies to choose from 24 available), integration with 2 Amazon and eBay marketplaces – 1990 € / year

The cost of the service is not refundable, in accordance with the EU Directive on consumer rights

The activation of the service takes place within 24 hours of receipt of payment.

The User can pay for the service by credit card (Stripe) or Paypal.

Depending on the plan chosen, the service will have a duration of 1 or 12 months

The User can change the subscription plan of the service directly from his profile in the “Plans and prices” section

The user can deactivate the renewal of the subscription by contacting Customer Service

2. Service content

Dropshipping

Once one of the Dropshipping plans proposed for the type of service requested is activated, the User can select the products for one or more lists, consequently integrate them into the selected channel (s) or download the files in the desired format: (XLSX, CSV, XML, or JSON) in the “Manage import lists” area.

The data provided on the selected product are:

Brand

Product code (SKU)

Barcode

Made in

Available stock

Category

Season

Gender

Description in 20 languages ​​(Italian, English, French, German, Spanish, Romanian, Portuguese, Polish, Dutch, Slovak, Hungarian, Swedish, Estonian, Czech, Finnish, Danish, Bulgarian, Lithuanian and Greek)

Volumetric weight Link to 3 product photos

Italian retail price (VAT included)

Selling price (VAT excluded)

Suggested price (VAT included)

The price of the products is the same as the one in the “Search products” section of BDroppy under Cost (VAT excluded). Bdroppy.com does not retain any percentage on the sale of the products.

In order to protect the collaboration with the different brands, Bdroppy recommends selling prices (suggested_price) available in the different formats provided (xlsx, csv, xml and json) and suggests not to drop below 30% of net margin. IDT provides advertising material useful for sponsoring the products on sale, however the use of a logo or registered trademark is prohibited without the authorization of the owner of the trademark itself. It is understood that IDT cannot be held responsible for any incorrect use of these logos, symbols, brands or other distinctive signs by the User. Technical management is entirely entrusted to the User. IDT provides assistance within 48h via e-mail, ticket and chat for information and problems related to the service offered. For assistance with the plugins, the user will be required to provide complete access information (admin and ftp) to carry out a correct diagnosis and resolution of the verified problems. In the event that interventions are requested to the BDroppy staff, for example installation and setting of the plugins or resolutions of problems not related to the operation of the plugins provided by BDroppy or in general of functions not included in the BDroppy offer, the user will be requested a payment of 199 € for extra intervention required. In the case of a free role and therefore in the absence of subscription to a dropshipping plan or in the absence of renewal of one of the subscription services of your choice, the previously selected catalogues will be removed within 72h of the creation of the catalogue/expiration of the service.

3. Orders and Shipments

All Bdroppy plugins provide the automatic transmission of orders received on the user’s shop. It is also possible to place the order manually by accessing the Orders section of the Bdroppy Dashboard and completing the order procedure.

The User agrees to place the order on Bdroppy, only once the purchase has been made and confirmed by his/her end users on his/her e-shop. This order is considered in a “booked” status and awaiting payment. Any changes/cancellations are accepted only if the order is in the “booked” status. Once the receipt of the payment has been confirmed, the order is processed and passed on to the logistics processing, therefore it is no longer possible to make changes/cancellations. In the event that the shipment should return to sender, for an incorrect address or for non-acceptance by the end user, a credit note will be provided and consequent credit net of shipping costs. With Bdroppy’s Dropshipping service, the User can choose whether to:

ship orders to final customers via IDT courier* by activating the option “Ship to customer” in the Catalogue Settings

independently manage the packing and shipping of the orders of his/her end customers: in this case it is necessary to make cumulative orders, to be received in your logistics through IDT courier or own courier by activating the “Ship to me” option in the Catalogue Settings

*IDT delivers the products directly to the end customer in the countries and at the costs indicated in the “Shipping fees” section inside the Dashboard. Packages sent to the end customer do not contain any reference to Bdroppy.com. For all non-EU countries to which IDT does not provide shipments to the end customer, orders must be cumulative and reach a minimum of 1,000 €. The User can request quotes with IDT courier or organize the collection with his/her own courier. Shipping costs are always to be paid by the User. For shipments to non-EU countries, customs duties and charges may apply depending on the regulations of the country of destination of the goods. The User is invited to contact their local customs office for further information.

4. Product payment terms

Once the end customer has purchased the product on the User’s e-shop, the User must then create the order (or the order will be automatically generated) on the BDroppy platform, by entering his/her billing information and the shipping details of the end customer (or another address where he/she wishes to receive the goods). If payment is not made within 24 hours, then the order expires.

Orders can be paid by credit card (Stripe)or Paypal. The order will be automatically confirmed in case of existing credit on the User’s profile. If the credit does not cover the entire cost of the order, then the payment of the missing amount will be required. An invoice is issued for any payment made, both for single order or for multiple orders, the User can download it from his/her profile page. For Italian customers: the electronic invoice will be duly sent to the SDI who will arrange for it to be delivered to your electronic inbox (certified e-mail address or recipient code). Invoices are also available on the User’s BDroppy profile, yet they are not valid for tax purposes.

 

5. Post-sales and product return policy

The User can request a return within 20 days of receiving the order, for the following reasons: if he/she dislikes the product; if the product is too big/small, damaged, does not correspond to the product ordered, or if it is not actually in the package, etc. To start the return request, it is necessary to follow these instructions:

In order to make a return on Bdroppy, log in to your profile and go to ORDERS > My orders.
Idendify the order for which you wish to make a return request.
To be able to make a return request, the order status must be DISPATCHED.
Under the “Actions” column, you will have to click on the three dots and a drop-down menu will appear.

Then click on REQUEST RETURN, enter the quantity and the reason for the return.
Then click on Send request.
All your return requests will be visible in the section Orders > My returns.

IDT reserves the right not to refund in the following cases:

• The product is damaged or the original packaging (shoe box, sunglasses case, dust-proof bag) is missing or damaged.
• Return code and/or order number are missing
• Unauthorized or after return deadline

The shipping, return costs and customs duties are to be paid by the User unless otherwise instructed. Also in the case of damaged or non-compliant products, a return request must be made as indicated above. The damage must be described in detail and photos must be attached demonstrating its extent within and no later than 20 days from receipt of the order. Please send all details to the appropriate contact form. The refund is issued in the form of a credit loaded on the User’s profile within a maximum of 10 working days of receipt of the product and is visible at the bottom of the profile page of your account. The credit is automatically deducted when a new order is placed. The credit is available for 2 years following the issuance of the credit note. Bdroppy does not exchange goods. It is necessary to make a return request for the product that the User wishes to return and create a new order deducting any credit charged on the User’s profile.

BSocial

The BSocial service allows customers who do not have an ecommerce site to sell products selected by them through link sharing on social platforms, messages and emails. The shared url is common for those who use the service with the addition of parameters that allow BDroppy to identify the seller both for the creation of the order on its dashboard, and for the direct forwarding of the collection to the customer’s PayPal account. Bdroppy uses the stated PayPal email to forward the money so it is the customer’s responsibility to make sure the account is correct. The money is forwarded at the time of payment. Any block of this value therefore concerns the relationship between customer and PayPal and the company IDT SpA is in no way to be held responsible. (https://www.paypal.com/it/smarthelp/article/come-faccio-a-sbloccare-i-pagamenti-bloccati-faq3743)

The sales prices of the product are those suggested that can be discounted in case of goods in stock or the list price for products of the current collection. The customer will have to pay for the orders generated on his dashboard within 72 hours of taking charge of them. The order will be forwarded to the supplier and subsequently processed after such payment.

Turnkey website

In addition to the features already listed in the Dropshipping service included in each Turnkey Site plan:

• Site created via WordPress platform with Woocommerce Plugin for Easy plan, with Prestashop platform for Enterprise plan, with the integration of the Catalogue of products made available by IDT S.p.A.
• Responsive Layout: suitable for both Desktop and Mobile versions
• Monolingual for the Easy plan, up to 3 languages for the Enterprise plan (to be chosen among the 20 available)
• Single currency for Easy plan, up to 3 currencies for Enterprise plan (to be chosen among the 24 available)
• Compatible with all types of browsers
• Integrated PayPal+Stripe payment for both the Easy and Enterprise plans.
• Mailchimp Plugin Installation
• Plug-in Elementor installation for both Easy and Enterprise plans
• Social media connection
• Automatic synchronization of orders
• Marketplace integration: not available for the Easy plan, integration to both Amazon and eBay channels for the Enterprise plan.
• Technical support: by e-mail or ticket within 48 working hours.

Hosting

The hosting provided by IDT S.p.A. through third parties includes: 

Amazon Web Service Hosting (Recommended for up to 5,000 products) RAM: 1GB /Transfer: 2 TB

Product categories

The products are divided into product categories, the site is provided with the selection of the catalog made by the User or with the entire catalogue available on BDroppy.com, the user can subsequently modify and customize his/her offer.

Data transmission

Following the User will receive by e-mail the request to fill out a form with the request of the following information in order to be able to start processing the User’s site:

name of the User Domain that is requested to be activated;

In case of already registered domain, information will be provided with the necessary procedure to correctly redirect the domain to the servers reported by IDT

• name of the User Domain that is requested to be activated;
• if you have already registered your domain, you will be provided with the information necessary to correctly redirect the domain to our servers
• language
• currency

Important: without the correct and complete compilation of the form, IDT staff will not be able to proceed with the processing of the site purchased by the User. 

The contents of the User Domain, including but not limited to, all information, end customer data, communications, text documents, databases, drawings and any other audiovisual material are owned by the User. In particular, IDT will provide mere models of contractual texts relating to the general conditions of sale and the privacy policy which must be adapted and verified by the User. It is understood that IDT cannot be held in any way responsible for the contents published on the User Domain. IDT undertakes to provide the User with an efficient and adequate hosting service for the activity carried out on the User Domain. It is understood, however, that IDT cannot be held responsible for any problems related to the hosting service that do not depend on their own default or negligence. IDT undertakes to provide the User with a functioning e-commerce site with plugins already installed. It is understood, however, that IDT cannot be held responsible for any malfunctions of the latter or of additional external plugins installed by the User which are incompatible with those already installed by IDT. 

The technical management is entirely entrusted to the User. IDT undertakes to deliver the e-commerce site within 15 working days from the reception of the correctly completed form by the customer and to provide free assistance for malfunctions related to the e-commerce site reported by the User by opening a ticket within 7 working days from the time of communication of activation of the site by IDT. Beyond this term, the assistance provided by IDT must be paid according to the rates indicated in Annex A. The Service has a minimum duration of 1 or 12 months, starting from the date of its activation by IDT. The Service will be renewed automatically for the same period unless canceled by the User, cancellation to be sent at least 1 month before the expiry of the Service by email. It is understood that the User will have to pay the Price in effect at the time of each renewal. In the event that the User cancels in the manner and within the deadline set above, he/she can choose whether to completely disable the Service or keep the e-commerce by ceasing to use the dropshipping service offered by IDT by paying, in this case IDT S.p.A. within 7 days will delete the domain from its servers. The User is therefore asked to address the domain to the new server within these times.

ANNEX A – Subscription types

BSOCIAL – 1 Integration (1 list and 1 channel) 29 €/month – 290€/year

BASIC – 1 integration (1 list and 1 channel) 99 € / month – 990 € / year

PLUS – 3 integrations (3 lists and 3 channels) 199 € / month – 1990 € / year

Integrations of your choice between Woocommerce, Prestashop, Amazon *, Ebay * and Squarespace

* for the Amazon and Ebay channels there is a maximum limit of 1000 references

Stock updates available every 5 minutes

Product descriptions in 20 languages

High resolution product images

Editorial images for advertising purposes

Tutorials and sales tips

EASY – an ecommerce site with all our catalog integrated on the Woocommerce platform, basic template, recommended hosting up to 5000 products, monolingual and mono currency site – 990 € / year

ENTERPRISE – an e-commerce site on Prestashop platform, premium template, recommended hosting over 5000 products, multilingual site (3 languages ​​to choose from 20) and multi-currency (up to 3 currencies to choose from 24 available), integration with 2 Amazon marketplaces and eBay – 1990 € / year

If you choose a DroppryCommerce Easy Turnkey Site, the features are:

ECOMMERCE SITE

CMS: Woocommerce

1 language

1 currency

“Hosting and Domain Included – AWS Hosting

Memory RAM: 1GB / Transfer: 2 TB “

1 choice of 4 templates

Mailchimp Plugin Installation

Plugin Stripe and Paypal installation

If you choose a DroppryCommerce Enterprise Turnkey Site, the features are:

ECOMMERCE SITE

CMS Prestashop

Hosting and Domain included – AWS Memory Hosting

Memory RAM: 4GB / Transfer: 4TB

2 integrations with marketplace (Amazon + Ebay)

Multilingual website (up to 3 languages ​​of your choice)

Multi-currency site (up to 3 currencies of your choice)

Installing the Mailchimp plugin

Payment gateway: Paypal – Stripe

ANNEX B – Appointment of the Data Processor

BETWEEN

The Client – the Controller –

AND

IDT S.p.A., with its registered office in Torino, via Quittengo 35, C.F. – P.IVA 10010450012 – the Processor

1. Object, duration, processed personal data

1.1. The Processor will carry out the following activities: management of shipments to the addresses communicated by and on behalf of the Controller. 1.2. The duration of this appointment is equal to the duration of the main contract. 1.4. The categories of processed personal data are the following: fundamental personal data contact details contractual data purchase history billing and payment information and accounting data others: …………………………………………….. [specify] 1.4. The personal data collected and processed relate to: customers potential customers subscribers employees and partners officers agents and representatives contact point people others …………………………………………….. [specify]

2. Processing within the UE and the EEA

2.1. The operations of data process regulated by the present appointment contract will be carried out within the European Union (EU) or the European Economic Area (EEA). Any data transfer to a third country outside the EU or the EEA is subjected to prior written authorization by the Controller and can occur only according to specific conditions set out under articles 44 et seq. GDPR 2.2. The legal basis for the transfer under the GDPR are: an adequacy decision by the European Commission (art. 45 par. 3) binding corporate rules (art. 46 par. 2 point b) and art. 47) standard data protection clauses (art. 46 par. 2 points c) and d)) codes of conduct (art. 46 par. 2 point e) and art. 40) a certification mechanism (art. 46 par. 2 point f) and art. 42) others: …………………………………………….. (art. 46 par. 2 point a), par. 3 points a) and b))

3. Technical and organizational measures

3.1. The Processor ensures the security of processing pursuant to articles 28 par. 3 point c) and 32 GDPR, in particular pursuant to article 5 paragraphs 1 and 2 GDPR. Such measures must ensure the security of data and a level of protection appropriate to the risk for confidentiality, integrity, availability and resilience of the systems. Pursuant to article 32 par. 1 GDPR, the state of the art, implementation costs, nature, object and purposes of processing, as well as the probability of a violation of personal data and the seriousness of the risks potentially deriving from it to natural persons’ rights and freedom, should all be taken into account. 3.2. The technical and organisational measures are subjected to technical and technological development and progress. Therefore, the Processor may adopt alternative measures adequate to the changed technological context. In such cases, the level of processing security cannot be reduced. Any substantial modification must be documented.

4. Rectification, restriction and erasure of data

4.1. The Processor cannot, rectify, erase or restrict the processing of the data assigned by the Controller on his own initiative, but only upon documented instruction by the Controller. 4.2. Should a data subject contact directly the Processor with regard to a question of processing rectification, erasure or restriction, the Processor shall forward such a request immediately to the Controller. The erasure, rectification, portability and access requests shall be processed without undue delay on the basis of the Controller’s documented instructions.

5. Warranties and other Processor’s obligations

In addition to the provisions of the present contract, the Processor is bound to respect all legal requirements outlined in articles 28-33 GDPR. To this end, the Processor ensures to comply in particular with the following conditions: Appointment of a Processor for the Protection of Personal Data (Data Protection Officer, DPO) The current DPO is: Ida Tafuri The Processor will communicate without undue delay every DPO change to the Controller. Confidentiality The processing activity regulated by this appointment contract will be carried out only by employees, partners or appointed people previously instructed by the Processor on the correct processing of personal data and contractually bound by the obligation of confidentiality under articles 28 par. 3(b) and 32 GDPR. The Processor, as well as any other person under his authority and able to access to personal data, shall not process personal data unless instructed to do so by the Controller, not even through the present appointment, unless expressly provided by the law. Technical and organizational measures Implementation and respect of adequate technical and organizational measures in the context of the present appointment contract, pursuant to what specified under article 32 GDPR. The Processor controls periodically the internal procedures and the technical and organizational measures to ensure that the processing within his competent area is compliant with the legal requirements under the discipline of the protection of personal data and data subjects’ rights. The Processor ensures to the Controller the verifiability of the technical and organizational measures among his supervisory powers as set out under point 7 of the present contract. Partnership with supervisory authorities The Controller and the Processor cooperate, under request, with the supervisory authority. The Controller is immediately informed of all inspections and the measures executed by the supervisory authority, in so far as they refer to activities carried out according to this contract. This is true also in case the Processor is subject to or involved in an investigation by a competent authority with regard to a violation of any provision relating to personal data processing occurred in activities pursuant to the present contract. In so far as the Controller is subject to investigation by the supervisory authority, administrative pecuniary sanctions, precautionary measures or criminal proceedings, claims by data subjects or by third parties, or any other legal actions relating to the data processing by the Processor pursuant to the present appointment, the Processo shall do everything possible to support the Controller. 

6. Sub-tasks

6.1. the Processor may delegate part of processing activities regulated by the present contract to further Sub-processors, who shall be subject to the contractual obligations set out under article 28 par. 4 GDPR where provided by the law. 6.2. The Processor appoints from now the following Sub-processors, provided that contractual agreements complying with what required under article 28 par. 2-4 GDPR are concluded:

6.3. The transfer of data to a Sub-processor may occur only upon satisfaction of all abovementioned conditions for Sub-processors appointment. 6.4. The Processor is integrally responsible for the appointed Sub-processors’ conduct. Any modification to the Sub-processors list must be communicated to the Controller without undue delay, giving the latter the right to object to it. In case of objection, the Processor has the right to withdraw from the contract with the Controller without prior notification. 6.5. In particular, should the Sub-processor work outside the EU/EEA, the Processor shall ensure with adequate means the respect of EU law on personal data protection, as described under point 2 of the present contract.

7. Controller’s supervisory power

7.1. In coordination with the Processor, the Controller has the right to carry out inspections or have an auditor, instructed on each occasion, carry them out. The auditor shall have the right to assess the Processor’s compliance with the present appointment contract as far as it concerns his own entrepreneurial activities, by means of random checks, which shall be communicated in advance as a general rule. 7.2. The Processor shall allow the Controller to verify his compliance with his obligations, as set out in article 28 GDPR. Upon request, the Processor shall provide the Controller with any necessary information as well as, in particular, with evidence of the adoption of technical and organizational measures. 7.3. The evidence of the adoption of such measures, which may refer also to activities other than those falling within the scope of the present contract, may be provided also by means of compliance with approved codes of conduct pursuant to article 40 GDPR;L certifications issued according to an approved certification mechanism pursuant article 42 GDPR; current auditors’ certifications, reports or extracts of reports written by independent organs. (e.g. auditors, personal data protection officers, IT security department, data protection auditors) Adequate certifications issued by IT security or personal data protection auditors. 7.4. The Processor may charge the Controller a reasonable remuneration for the inspections execution.

8. Controller assistance

8.1. The Processor shall assist the Controller in carrying out his obligations relating to the personal data security, in reporting data breaches, in the impact assessments on the data protection and in the pre-emptive consultations referred to in the articles from 32 to 36 GDPR, also ensuring adequate protection standards by means of technical and organizational measures, taking into account nature, circumstances and purposes of processing, probability of data breaches and of the seriousness of the risks deriving from it for natural persons ensuring the immediate detection of infringements reporting without undue delay any data breach to the Controller assisting the Controller in processing data subjects’ requests to exert their rights 8.2. The Processor may request a reasonable remuneration for the assistance services that are not included in the description of the services and that are not due to errors attributable to the Processor.

9. Controller’s executive powers

9.1. The Processor shall process no personal data pursuant to the present appointment if not under the Controller’s instruction, unless he is bound to do that under the law of the EU or of Member States. 9.2. Should the Controller ask for a modification of the personal data processing envisaged in the documented instructions pursuant to point 2, the Processor informs immediately the Controller if he considers that such modification could entail a violation of the provisions on data protection. The Processor may abstain from carrying out any activity that could result in such a violation.

10. Liability

10.1. Each party of the present contract undertakes to compensate the other for damages or expenses deriving from his own negligent non-compliance with the present contract, including any negligent non-compliance committed by his own legal representative, Subprocessors, employees or other agents. Furthermore, each party undertakes to indemnify the other from any claim by third parties deriving from or relating to any negligent violation committed by the other. 10.2. It remains unchanged the requirement under article 82 GDPR 11. Destruction or returning of personal data

11.1. The Processor does not create copies or duplicates of data unbeknownst to and without the Controller’s consent, except for security copies, in so far as they are necessary to ensure the ordered processing of data, as well as for the data whose storage is required by the law. 11.2. Upon the conclusion of the service supply, the Controller may choose to have the Processor erase or return all personal data collected and processed pursuant to the present appointment, in compliance with data protection, unless the applicable legal provisions do not require further conservation of personal data. In any case, the Processor may keep all information necessary to demonstrate the ordered and conformed execution of the processing activities also beyond the termination of the contract, in accordance with the storage period prescribed by the law. 11.3. The documents used to demonstrate an ordered processing of data pursuant to the appointment contract shall be stored by the Processor beyond the duration of the contract in compliance with the respective storage period. The Processor may give such documents to the Controller at the end of the duration of the contract to discharge himself from such contractual obligation.