Skip to content

Data Processing

Processing Agreement between FourteenRockets/TwelveTrains and Customer under the General Data Protection Regulation (GDPR).

Read about our visual representation philosophy

This is an appendix to our general Terms & Conditions.

1. Definitions

The names and terms in this appendix that are written with a capital letter have the following meanings.

1.1 Personal Data: any information relating to an identified or identifiable natural person.

1.2 Processing: any operation or set of operations involving Personal Data or a set of Personal Data, whether or not carried out by automated means, such as collection, recording, organisation, structuring, storage, updating or modification, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction of data.

1.3 Privacy legislation: all applicable laws and regulations on the processing of personal data – but not limited to – the General Data Protection Regulation (AVG).

1.4 Data breach(s): a personal data breach, or any breach of security that results in the accidental or unlawful destruction, loss, alteration or unauthorised disclosure of, or unauthorised access to, transmitted stored or otherwise processed data. 1.5 Controller: Customer, being the (legal) person who (alone or together with others) determines the purpose and means for the Processing of personal data and is obliged on the basis of Privacy Legislation to take the safeguards that are necessary for such Processing.

1.6 Processor: FourteenRockets/TwelveTrains, being the (legal) person who processes Personal Data on behalf of the Processor.

1.7 Sub-processor: the (legal) person who in turn processes Personal Data on behalf of TwelveTrains.

1.8 Agreement: the Agreement concluded between the Parties concerning the provision of services by FourteenRockets/TwelveTrains to Customer, of which this Appendix forms an Annex.

2. Subject

    2.1 FourteenRockets/TwelveTrains (Processor) will process Personal Data on behalf of Customer (Controller) in or in connection with the performance of its Services.

    2.2 On the basis of Privacy Legislation, Customer is in this capacity designated as Controller of the Processing of Personal Data and TwelveTrains as Processor. This Annex contains the terms and conditions of this Processing of Personal Data by TwelveTrains.

    3. Obligations of TwelveTrains

    3.1 TwelveTrains shall only process Personal Data to the extent necessary in or in connection with the execution of the Agreement entered into by the Parties. TwelveTrains will process Personal Data in a proper and careful manner, in accordance with Privacy Legislation and in conformity with the (written) instructions of Customer. Customer guarantees that instructions given by it are in accordance with Privacy Legislation.

    4. Sub-processors

    4.1 TwelveTrains is authorised to engage Sub-processors in the Processing of Personal Data, provided TwelveTrains ensures that the Sub-processors to be engaged will at least assume the same obligations as are incumbent on TwelveTrains under this Appendix.

    4.2 TwelveTrains will remain Customer’s contact in this relationship.

    5. Transfer of Personal Data

    5.1 TwelveTrains will only transfer Personal Data to a country outside the European Economic Area, provided that that country ensures an adequate level of protection and it complies with the other obligations it has under this Appendix and Privacy Legislation.

    5.2 TwelveTrains will only transfer Personal Data to the United States on the basis of an EU model contract or to companies certified by the US Department of Commerce on the basis of the Privacy Shield.

    6. Security

    6.1 TwelveTrains will endeavour to take sufficient appropriate technical and organisational measures to secure the servers (hardware) and the Personal Data stored thereon against loss and against any form of unlawful Processing. These measures guarantee, taking into account the state of the art, the implementation costs, an appropriate security level considering the risks of the Processing and the nature, scope and context of the Personal Data to be protected.

    6.2 Customer is itself responsible for taking appropriate technical and organisational security measures with regard to the software and applications used.

    7. Duty to Report

    7.1 To enable Customer to comply with the statutory Duty to Report Data Breaches, TwelveTrains shall notify Customer immediately after it becomes aware of a Data Breach. This notification if includes a description of:

    • The Data Breach.
    • The nature of the breach (e.g. copying, alteration, deletion, theft, unknown).
    • When the Data Breach occurred.
    • The technical measures taken by TwelveTrains to stop the breach and prevent future breaches.

    7.2 At Customer’s request, TwelveTrains will provide further information about the Data Breach, to the extent necessary for Customer to fulfil its statutory obligations to report to the Personal Data Authority and Data Subjects.

    7.3 TwelveTrains may have the obligation under the Telecommunications Act to independently report (security) incidents and Data Breaches to the Office for Notification Obligations under the Telecommunications Act.

    8. Rights of Data Subject(s)

    8.1 Taking into account the nature of the processing, TwelveTrains shall, to the extent possible, assist Processor in fulfilling its duty to answer requests for exercising the Data Subjects’ rights set out in Chapter III AVG, by means of appropriate technical and organisational measures.

    8.2 TwelveTrains shall promptly notify Customer of a request(s) of Data Subjects directly addressed to TwelveTrains. TwelveTrains will see to it that sub-Processors engaged by it do not independently respond to requests as referred to in Article 8.1 of this Processor Agreement, unless it has been instructed to do so in writing.

    9. Data protection impact assessment

    9.1 To the extent possible, TwelveTrains shall assist Customer in performing a data protection impact assessment by making available all relevant information to assess the effect of the intended processing activities on the protection of Personal Data.

    10. Audits

    10.1 If the information and documentation made available by TwelveTrains do not sufficiently demonstrate TwelveTrains’ compliance with this Processing Agreement, Customer has the right to conduct an audit or have an audit conducted. The costs of the audit will be borne by Customer.

    10.2 An audit initiated by Customer will take place once a year at the latest two weeks after prior notice, provided with a description of the parts to be audited and the process.

    10.3 Processor shall cooperate in the audit and make available all information reasonably relevant to the audit, including supporting data, as timely as possible and within a reasonable period of time. The parties will assess the outcome of the audit in mutual consultation.

    11. Confidentiality

    11.1 TwelveTrains undertakes, unconditionally and irrevocably, to keep confidential during and after the termination of this Agreement all Personal Data of which it knows or can reasonably suspect the confidential nature.

    11.2 TwelveTrains guarantees that persons employed by or working for TwelveTrains and (possibly) having access to Personal Data are bound by the obligation of confidentiality as described in this Article and refrain from copying, passing on, transferring or otherwise distributing Personal Data to third parties.

    11.3 This obligation shall only not apply if and insofar as disclosure is required by law and/or court order, in which case the information to be disclosed shall be kept as limited as possible.

    12. Liability

    12.1 If TwelveTrains fails to fulfil its obligation under this Processing Agreement, Customer may declare TwelveTrains in default. Notice of default will be given in writing, granting TwelveTrains a reasonable term to still fulfil its obligations.

    12.2 TwelveTrains is liable under the provisions of Article 82 AVG, for damage or disadvantage resulting from non-compliance with this Processing Agreement. This liability is limited to the amount mentioned in Article 6.5.4 of the General Terms and Conditions.

    12.3 The Parties mutually indemnify each other against all claims of third parties (including fines from Authorities) in respect of an act or omission in breach of Privacy Legislation of the other Party.

    13. Duration and termination

    13.1 TwelveTrains’ obligations under this Annex shall continue unabated even after termination of the Agreement, if and insofar as TwelveTrains still has access to Personal Data.

    13.2 Upon termination of the Agreement, Customer is responsible for exporting Personal Data. Thirty (30) days after termination or dissolution of the Agreement, TwelveTrains will delete the data and Personal Data present on its servers and (back-up) systems.

    13.3 TwelveTrains may deviate from this in so far as with regard to certain Personal Data a statutory retention period applies to it (including the Dutch Telecommunications Data Retention Act) or in so far as this is necessary to prove to Customer the fulfilment of its obligations.

    Contact details

    FourteenRockets
    Prinsengracht 439 G
    1016 HM Amsterdam
    The Netherlands

    hello@fourteenrockets.com

    Trade names

    We make use of the following trade names:

    FourteenRockets
    TwelveTrains

    We are currently in the process of moving all hosting related services from TwelveTrains to FourteenRockets. For this reason, you may still see both trade names in this Data Processing Agreement.

    See our Terms & Conditions
    See our Data Processing Agreement

    Latest update February 2025

    WordPress

    WordPress maintenance and editor support subscriptions.

    Hosting

    Host your LGBTQ+ website safely and securely with us.

    Domains

    Find and register your new domain name with us.

    Mailboxes

    Get secure e-mail mailboxes with your own domain name extension.

    Security

    Secure your website with SSL Certificates & anti-hacking firewall.