Standard Data Processing Agreement from Folq

Folq
Folq AS with Norwegian registration number 918 714 588 and business address Youngs gate 7, 0181 Oslo, is the company that supplies and provides the Marketplace to the Customer and the Consultancy Company and their End Users.

Marketplace
The Marketplace, Folq’s platform for facilitating the sale and purchase of consultancy services between the Consultancy Company and the Customer, on the platform available on app.folq.com and Folq's open websites.

Cooperation Agreement
Standard Cooperation Agreement between Folq and the Customer or the Consultancy Company that wishes to use Folq’s platform the «Marketplace» for the hiring of one or more consultants. This DPA shall be considered an appendix to the Cooperation Agreement and shall not constitute any changes to the commercial conditions in the Cooperation Agreement.

Party
One party to the Cooperation Agreement, either Folq, the Consultancy Company or the Customer referred to individually.

Parties
The Parties referred to collectively, that is Folq, the Consultancy Company or the Customer.

The Parties shall ensure that the processing of personal data complies with the legal obligations applicable to the processing of personal data, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the “GDPR”). As well as local law and regulations implementing the GDPR.

The Parties agree that if one Party processes personal data on behalf of another Party, thereby becoming a controller in relation to the other Party according to GDPR, such processing shall be in accordance with GDPR Article 28:

• processes the personal data only on documented instructions from the controller, including with regard to transfers of personal data to a third country or an international organisation, unless required to do so by Union or Member State law to which the processor is subject; in such a case, the processor shall inform the controller of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest
• ensures that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality
• takes alle measures required pursuant to Article 32
• respects the conditions referred to in paragraphs 2 and 4 for engaging another processor
• taking into account the nature of the processing, assist the controller by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the controller’s obligation to respond to requests for exercising the data subject’s rights laid down in Chapter III
• assists the controller in ensuring compliance with the obligations pursuant to Articles 32 to 36 taking into account the nature of processing and the information available to the processor
• at the choice of the controller, deletes or returns all the personal data to the controller after the end of the provision of services relating to processing, and deletes existing copies unless Union or Member State law requires storage of the personal data
• makes available to the controller all information necessary to demonstrate compliance with the obligations laid down in this Article and allow for and contribute to audits, including inspections, conducted by the controller or another auditor mandated by the controller

The Parties may have different roles in accordance with the GDPR. Folq may be a processor on behalf of the Customer or Consultancy Company when Folq offers services in accordance with the Cooperation Agreement. The Consultancy Company will the Customer’s data processor when the Consultancy Company offers consultancy services to the Customer.

Folq will, in order to perform the Cooperation Agreement, process personal data, including:

• name
• phone number
• address
• place of work
• username and password
• CV information from consultants
• email
• other personal data the Consultancy Company, the Customer, or their End Users upload or otherwise share with Folq

The data subjects are consultants offered through the Marketplace, the Parties’ own employees and hired personnel, company management or owners, or contact persons from suppliers or clients. In addition, the Parties’ contractual parties who use the service according to the Cooperation Agreement as well as other end users a Party associates with the Cooperation Agreement.

For the Parties’ end users who create an account on the Marketplace or use tools for time registration provided by Folq Folq acts as controller.

Folq adheres with the principles and requirements for privacy by default and maintains a high security level for the processing of personal data. For a detailed overview of technical and organizational measurers, see our overview of third-parties.

For an overview of Folq’s sub-contractors, see Folq's Privacy Policy For details on how Folq processes end users’ personal data and ensures the data subjects rights in accordance with the GDPR, see Privacy Policy from Folq.