GDPR
GLOBALFINEX B2B DATA PROCESSING AGREEMENT
1. DEFINITIONS
“Agreement” This Agreement sets out the terms on which the Customer and GlobalFinex B2B agrees to abide by the General Data Protection Regulation laws.
“Data Controller” or “Customer” means any person or entity that has bought from or contracted with GlobalFinex B2B for GlobalFinex B2B’s products and/or services.
“Data Processor” means GlobalFinex B2B.
“Data Protection Requirements” means the General Data Protection Regulation, local data protection laws, and any subordinate legislation or regulation implementing the General Data Protection Regulation, and all privacy laws.
“General Data Protection Regulation” means the European Union Regulation for the protection of individuals with regard to the processing of personal data and to the free movement of such data.
“Personal Data” means information about an individual that (a) can be used to identify, contact or locate a specific individual, including data that the Customer chooses to provide to the Data Processor for services such as customer-relationship management (CRM); (b) can be combined with other information that can be used to identify, contact or locate a specific individual; or (c) is defined as “personal data” or “personal information” by applicable laws or regulations relating to the collection, use, storage or disclosure of information about an identifiable individual.
“Personal Data Breach” means any unlawful destruction, unauthorised alteration or unauthorised disclosure of, or unauthorised access to a Customer’s Personal Data.
“Process” and its cognates mean any operation or set of operations that is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Subprocessor” means any entity that provides processing services to GlobalFinex B2B in furtherance of GlobalFinex B2B’s processing on behalf of a Customer.
2. CUSTOMER OBLIGATIONS
The Customer agrees to:
Provide instructions to GlobalFinex B2B to determine the purpose and general use by which GlobalFinex B2B processes Personal Data in accordance with business agreements;
An example of personal data in a GlobalFinex B2B context is “name@company.com”, as it is assigned to a specific person at a company. It implies who the owner of the address is, or at least gives GlobalFinex B2B enough information to identify a specific person at a company for support and business-related requirements.
2.2 Comply with its protection, security and other obligations with respect to Personal Data prescribed by the Data Protection Requirements for Data
Controllers by:
(a) establishing and maintaining a procedure for the exercise of the rights of the individuals whose Personal Data are processed;
(b) processing only data that has been lawfully and validly collected and ensuring that such data will be relevant and proportionate to the respective uses; and
(c) ensuring compliance with the provisions of this Agreement by its personnel or by any third-party accessing or using Personal Data on its behalf.
3. GLOBALFINEX B2B OBLIGATIONS
3.1 Processing Requirements
GlobalFinex B2B agrees to:
a. Process Personal Data:
(i) only for the purposes of providing and supporting GlobalFinex B2B’s services, using appropriate technical and organisational security measures; and
(ii) in compliance with the instructions received from the Customer. GlobalFinex B2B will not use or process the Personal Data for any other purpose. GlobalFinex B2B will promptly inform the Customer in writing if it cannot comply with the Customer’s requirements.
b. Inform the Data Controller promptly if, in GlobalFinex B2B’s opinion, an instruction from the Customer violates the Data Protection Requirements;
c. Take commercially reasonable steps to ensure that (i) persons employed by GlobalFinex B2B and (ii) other persons engaged to perform on GlobalFinex B2B’s behalf comply with the terms of the Agreement;
d. Ensure that GlobalFinex B2B’s employees, authorised agents and Subprocessors are required to comply with, acknowledge and respect the confidentiality of the Customer’s Personal Data, including after the end of their respective employments, contracts or assignments;
e. If GlobalFinex B2B intends to engage Subprocessors to help it satisfy its obligations in accordance with this Agreement or to delegate all or part of the processing activities to such Subprocessors, GlobalFinex B2B will (i) maintain a list of all its Subprocessors and ensure that it is updated; and (ii) make contractual arrangements with such Subprocessors, binding them to provide the same level of data protection and information security to that provided herein by this Agreement; and
f. Inform the Customer if GlobalFinex B2B undertakes an independent security review.
3.2 Notice to Customer
GlobalFinex B2B will inform the Customer if GlobalFinex B2B becomes aware of:
a. Any non-compliance by GlobalFinex B2B or its employees of the Data Protection Requirements relating to the protection of Personal Data processed under this Agreement;
b. Any legally binding request for disclosure of Personal Data by a law enforcement authority, unless GlobalFinex B2B is otherwise forbidden by law to inform the Customer, for example to preserve the confidentiality of an investigation by law enforcement authorities;
c. Any notice, inquiry or investigation by a supervisory authority with respect to Personal Data; or
d. Any complaint or request (in particular, requests for access to, rectification of, or blocking of Personal Data) received directly from data subjects of Customers. GlobalFinex B2B will not respond to any such request without the Customer’s prior written authorisation.
3.3 Assistance to Customer
GlobalFinex B2B will provide reasonable assistance to the Customer regarding:
a. Any requests from the Customer’s data subjects in respect of access to or the rectification, erasure, restriction, portability, blocking or deletion of Personal Data that GlobalFinex B2B processes for the Customer. In the event that a data subject sends such a request directly to GlobalFinex B2B, GlobalFinex B2B will promptly send such a request to the Customer;
b. The investigation of Personal Data Breaches and the notification to the Customer regarding such Personal Data Breaches.
3.4 Required Processing
If GlobalFinex B2B is required by Data Protection Requirements to process any Personal Data for any reason other than providing the services described in the Agreement, GlobalFinex B2B will inform the Customer of this requirement in advance of any processing, unless GlobalFinex B2B is legally prohibited from informing the Customer of such processing.
3.5 Security
GlobalFinex B2B will:
a. Maintain appropriate organisational and technical security measures (including with respect to personnel, facilities, hardware and software,
storage and networks, access controls and monitoring and logging) to protect against unauthorised access, unauthorised alteration, unauthorised disclosure or unlawful destruction of Personal Data;
b. Be responsible for the sufficiency of the security, privacy, and confidentiality safeguards with respect to Personal Data;
c. Take reasonable steps to confirm that all GlobalFinex B2B personnel are protecting the security, privacy and confidentiality of Personal Data consistent with the requirements of this Agreement; and
d. Notify the Customer of any Personal Data Breach by GlobalFinex B2B, its Subprocessors, or any other third-parties acting on GlobalFinex B2B’s behalf without
undue delay and in any event.
4. DATA TRANSFERS
For transfers of European Union Personal Data to GlobalFinex B2B for processing by GlobalFinex B2B in a jurisdiction other than a jurisdiction in the European Union or the European Commission-approved countries providing ‘adequate’ data protection, GlobalFinex B2B agrees it will provide an adequate level of data protection for European Union personal data on a best effort basis.
GlobalFinex B2B shall promptly notify the Customer of any inability by GlobalFinex B2B to comply with the provisions of this Section.
5. DATA RETURN AND REMOVAL
The parties agree that on the termination of the data processing services or upon the Customer’s reasonable request, GlobalFinex B2B shall, and shall cause any Subprocessors to, at the choice of the Customer, return all Personal Data or copies of such data to the Customer or remove them within GlobalFinex B2B’s systems, unless Data Protection Requirements prevent GlobalFinex B2B from returning or removing all or part of the Personal Data disclosed. In such a case, GlobalFinex B2B agrees to preserve the confidentiality of the Personal Data retained by it and that, if it actively processes such Personal Data after the termination date, it will only be done in order to comply with applicable laws.
6. TERM
This Agreement shall remain in effect as long as GlobalFinex B2B carries out Personal Data processing operations on behalf of the Customer, or until the termination of the GlobalFinex B2B Contract (and all Personal Data has been returned or deleted in accordance with Section 6 above).
7. GOVERNING LAW, JURISDICTION, AND VENUE
Notwithstanding anything in the Agreement that is to the contrary, this Agreement shall be governed by the laws of the country in which the service contract between GlobalFinex B2B and the Customer was signed, and any action or proceeding related to this Agreement (including those arising from non- contractual disputes or claims) will be brought in that country’s courts.
Last Updated: 10-Nov-2025