Costa Rica DMC Performance of Service Policy
Performance of the Services
Costa Rica DMC Inc. will perform the services in compliance with the applicable laws in the Republic of Costa Rica, and the ordinary standards and practices that would be expected of a provider of services for professional events.
The client shall commit to supply Costa Rica DMC Inc. with all relevant information such as rooming list, flight manifest, special diets, or special requests, in due time and necessary to handle the programme logistics. Required information, formats, and timeline will be mutually agreed upon in due time.
The client shall provide Costa Rica DMC In. with all relevant information, instructions, and content requested by Costa Rica DMC Inc. as set out in the timeline. Costa Rica DMC Inc. shall not be liable for any delay or failure to perform the services to be rendered should the client fails to provide to Costa Rica DMC Inc. the necessary information, instructions, and content as agreed.
For the duration of any agreement and five (5) years after that, Costa Rica DMC Inc. will maintain appropriate written records reporting all activities and financial information related to the event and the agreement’s execution.
The term Confidential Information shall mean any knowledge and information relating to a client’s proprietary products and processes, ingredients, recipes, know-how, business plans, inventions, designs, methods, systems, improvements, materials, trade secrets, customer lists, supplier lists and any other information relating to the business the client, which is not readily available to the public as well as any agreement between parties, and its contents.
We will keep confidential and not disclose any Confidential Information to any third party, including after the end of any agreement. Each party may communicate the Confidential Information received from the other party only to those of its employees, agents, and subcontractors who are directly and necessarily involved in the agreed programme’s performance, and who are bound to the other party.
The term Intellectual Property shall mean any registered and unregistered intellectual property rights such as, but not limited to, patents, designs, trademarks, plant certificates, semiconductor layouts, and corresponding applications, copyrights, know-how, trade secrets, and confidential information. Unless otherwise provided by the client, each party is and shall remain the exclusive owner of the Intellectual Property this party owned or controlled at the effective date of any agreement and any Intellectual Property developed by a party independently of any agreement.
Unless otherwise provided by any agreement, the content and results of all work and activities produced as a result of the services by Costa Rica DMC Inc. according to agreement relating to the event, including but not limited to inventions, discoveries, designs, materials, improvements, computer software, video plans and documentation (the deliverables) shall be the exclusive property of Costa Rica DMC Inc. To the extent that such Intellectual Property in the deliverables does not vest automatically in Costa Rica DMC Inc. Upon request of Costa Rica DMC Inc., the client shall transfer such deliverables to it free of charge and shall execute all documents which may be necessary.
Costa Rica DMC Inc. shall be the exclusive owner of the Intellectual Property in its proprietary processes and business methodologies which are not in the public domain or otherwise known by providers similar to Costa Rica DMC Inc. as of the signing and execution of any agreement (the Costa Rica DMC Inc. Methodologies). Client shall have no right to use Costa Rica DMC Inc. methodologies unless authorized in writing by Costa Rica DMC Inc.
Costa Rica DMC Inc. agrees to comply with the regulations applicable to personal data processing and, in particular, Regulation (EU) 2016/679, if applicable. The company undertakes to fully comply with the specific obligations contained in Costa Rica DMC Inc.’s General Data Protection Regulation (GDPR) policy.
General Data Protection
The purpose of this policy is to define the conditions under which Costa Rica DMC Inc., the data processor, undertakes to carry out the personal data processing operations defined below on behalf of the client, the data controller.
As part of a contractual relationship, the parties shall undertake to comply with the regulations in effect applicable to personal data processing and in particular, Regulation (EU) 2016/679 applicable from 25 May 2018 (hereinafter the “General Data Protection Regulation” or “GDPR”).
Description of the processing carried out by data processors
The data processor is authorised to process personal data on behalf of the data controller that are necessary to provide the services to be contracted.
The details of the processing carried out by processors are as follows:
CATEGORY OF PERSONS CONCERNED:
Period of data retention:
Processor contact person
GUEST, PARTICIPANTS & TRAVEL STAFF
All personal data to be deleted within six (6) months after the event
The agreement’s signatory
This rider is valid as a written instruction for the processing of data by the data processor.
Data processor’s obligations in respect of the data controller
The data processor undertakes to:
1. Process the data solely for the purpose(s) of the subcontracting.
2. Process the data in accordance with the data controller’s documented instructions. If the processor considers that an instruction constitutes an infringement of the General Data Protection Regulation, it must inform the data controller within a reasonable time.
3. Unless otherwise specifically and expressly authorised by the data controller, process data exclusively within the territory of Costa Rica. The data processor undertakes not to disclose, make accessible or transfer any of the data controller’s data, even for routing purposes, to any processing organisation or processor based in a country located outside Costa Rica, except with the data controller’s prior written consent.
In the event of a transfer outside Costa Rica, the data controller acknowledges authorising the transfer. Such transfer may only take place within the strict limits necessary for the performance of the services, and provided said transfer is towards a State whose legislation in respect of personal data protection has been recognised and offering an equivalent level of protection, or is governed by standard contractual clauses or is carried out on the basis of any other alternative arrangements recognised by the General Data Protection Regulation, subject to data controller’s prior agreement to said arrangements in writing. The subcontractor undertakes to append to the present contract the documentary evidence allowing him to make such a transfer.
The data processor will ensure that its own processors sign and comply with the requirements of this clause.
4. Guarantee the confidentiality of the personal data processed under this contract.
5. Ensure that those authorised to process personal data according to this contract undertake to respect confidentiality or are subject to an appropriate statutory confidentiality obligation.
6. Take account of data protection principles and data protection by default from the design stage onwards of tools, products, applications and services.
The data processor may call on another data processor (hereinafter “the subsequent data processor”) to carry out specific processing activities. In this case, they must inform the data controller in advance, and in writing, of any planned changes with regard to adding or replacing other data processors.
This information must clearly indicate the processing activities subcontracted, identity and contact details of the data processor and dates of the subcontracting agreement. The data controller has a minimum period of one (1) month from the date of receipt of said information to present its objections. The subsequent data processor is obliged to fulfil the obligations set out in any contract on behalf of the data controller and in accordance with their instructions. It is the initial data processor’s responsibility to ensure that the subsequent data processor offers the same sufficient guarantees in respect of the implementation of appropriate technical and organisational measures to ensure that the processing meets the requirements of the General Data Protection Regulation.
8. Data subjects’ right to information:
Depending on the choice of the parties, the data controller, or the data processor, is responsible for providing information to those affected by processing operations when data are collected.
9. Exercise of individual rights:
So far as possible, the data processor must help the data controller to fulfil its obligation to respond to requests to exercise their rights by data subjects.
10. Notification of breaches of personal data:
The data processor must notify the data controller of any personal data breach within a maximum of 24 hours after becoming aware of it, by e-mail to the data protection officer. Said notification must be accompanied by any documentation that may be useful in enabling the data controller to inform the relevant regulatory authority of the breach, if applicable. The data processor will also provide all reasonable assistance to the data controller in the case of a notification in respect of any action the latter may be obliged or may choose to take in respect of a personal data breach. The data processor shall cooperate and provide the data controller with the necessary assistance in respect of any complaint formulated by a data subject or any investigation or request issued by a regulatory authority with regard to the General Data Protection Regulation or any other applicable regulation.
11. Assistance from the data processor in relation to the data controller’s fulfilment of its obligations
The data processor shall cooperate with the data controller and use its best endeavours to help the data controller prove that it is compliant with all its legislative and regulatory obligations, notably in respect of the General Data Protection Regulation.
In particular, the data processor shall, where relevant, assist the data controller with carrying out impact analyses in respect of data protection and prior consultation with the regulatory authority.
12. Security measures:
The data processor undertakes to implement technical and organisational means to ensure the security of the processing of personal data carried out on behalf of the data controller.
13. Retention of data:
Once the provision of services relating to the processing of these data is complete, the data processor undertakes to:
- Destroy all personal data or,
- At any time, at the data controller’s written request and at the latest, within 30 calendar days of the end of the Contract, the data processor undertakes to return the data controller’s personal data, in a legible or interoperable form agreed between the parties and to destroy all copies (paper or electronic) of the data controller’s personal data that it may hold.
14. Register of categories of processing activities:
The data processor declares that it holds a written record of all categories of processing activities carried out on behalf of the data.
The data processor shall provide the data controller with the necessary documentation to demonstrate compliance with all its obligations and to enable audits and inspections to be carried out by the data controller
Data controller’s obligations in respect of the processor
The data controller undertakes, throughout the term of any contract, to:
1. Provide the data processor with the data referred.
2. Document in writing any additional instructions regarding the processing of data by the data processor.
3. Ensure, prior to and during the period of processing, compliance with its obligations set out in the General Data Protection Regulation.
4. Supervise the processing, including carrying out audits and inspections at the data processor’s premises in accordance with the provisions of this rider.
The agreements and all disputes relating shall be governed exclusively by the Republic of Costa Rica laws.