1.1. The provision of corporate services described in the "Terms and Conditions of Therapyside’s Corporate Services," to which this document is linked, requires the client to provide Therapyside with personal data of its staff. In accordance with the General Data Protection Regulation (hereinafter “GDPR”), this communication will be considered a "Transfer of Personal Data."
1.2. Specifically, the purpose is to allow the client’s employees access to the Therapyside platform so they can benefit from the contracted services in accordance with the terms agreed upon by both entities.
1.3. As the recipient of the data in its capacity as a data controller, Therapyside will be bound to comply with all obligations applicable in accordance with current personal data protection regulations. Specifically, by way of example but not limited to, Therapyside will be obligated to:
a) Use the data solely for the purposes outlined in section 1.2, unless it has another legal basis that allows it to process the data for other purposes, provided that such purposes are not incompatible with the obligations contained in the Agreement.
b) Comply with the obligations set forth in personal data protection regulations applicable to data controllers as a result of assuming this role following the communication of the data governed by this Agreement.
c) Provide the data subject with appropriate information regarding the processing of their personal data, in compliance with Article 14 of the GDPR.
d) Enable the data subject, as the holder of the personal data communicated, to exercise their rights over their personal data (access, rectification, deletion, objection, restriction of processing, and portability) by providing an electronic address to facilitate the exercise of such rights.
e) Respect the confidentiality of the data transferred under this Agreement and not disclose it to or make it available to third parties unless required by a Court, Supervisory Authority, or competent Administrative Authority.
f) Maintain a record of processing activities related to the data processing carried out under its responsibility, containing the information stipulated in Article 30 of the GDPR.
g) Adopt appropriate security measures in accordance with the risk analysis conducted, in compliance with Article 32 of the GDPR.
h) Comply with any applicable obligations under current regulations in case the other party communicates the personal data received as a result of this Agreement to a third party.
1.4. The client, acting as the transferor of personal data, guarantees compliance with its obligations under this Agreement and the current personal data protection regulations. In this regard, the transferor:
a) Guarantees the lawful origin of the personal data communicated, ensuring that the data was obtained in compliance with the requirements set forth in current regulations.
b) Declares that it has informed the data subjects of the purpose of using their personal data and, where applicable, has provided sufficient information regarding the data communication as articulated through this Agreement.
c) Declares that it counts with a legitimate legal basis to carry out the data communications governed by this Agreement.
d) Guarantees that it has adopted adequate security measures in accordance with the risk analysis conducted, ensuring the confidentiality and integrity of the personal data communicated.
e) Commits to informing the other party of any rectifications or deletions of information transmitted under this Agreement as soon as possible, and in any case, within the legally established timeframes.
1.5. The parties agree that there will be no transfer of data from Therapyside to the client. Any subsequent reporting from Therapyside will consist of aggregated and anonymized data regarding the client’s employees’ use of the platform.
1.6. The parties acknowledge that Therapyside is not responsible for the processing of data resulting from the actual assistance provided to each employee, as this responsibility lies with the therapists who deliver the services.
1.7. Both Parties must indemnify the other against any claim, damage, liability, loss, fine, penalty, costs, or expenses, including reasonable attorneys’ fees, arising from any breach by one party of any of the obligations contained in this clause and/or current personal data protection regulations, without prejudice to the rights and obligations contained in this Agreement.
1.8. The Parties mutually commit not to disclose the personal data that may be obtained to other individuals or legal entities, except where such disclosure to a third party is necessary for the performance or management of the Agreement's purpose and provided that all applicable obligations are fulfilled in accordance with current regulations. The parties shall not transfer personal data to third parties unless there is a legal obligation to do so.