Appendix 2 to the Terms of Service for the Tauplan

§1

[Applying]

This appendix constitutes a data processing agreement between a User who is a data controller within the meaning of GDPR and Marcin Drwięga Yesit Doradztwo IT, Armi Krajowej 11 m. 39, 38-500 Sanok, NIP (Tax ID No): 6871884264, hereinafter Tauplan.

§2

[Subprocessing]

1. The User agrees to sub-processing of personal data - using the services of another processor
2. The use of another processor shall require the conclusion of a written or electronic agreement imposing at least identical standards to this Agreement
3. Tauplan will inform the User of any change or addition of any other processing entity by email.
4. The User may object by sending an objection to [email protected] within three days to be informed.

§3

[Processing rules]

1. This data processing agreement continues until the date of termination of the User's account.
2. Processing takes place in order to provide the service from Tauplan, on the principles described in the Terms and Conditions, by storing information constituting personal data in electronical form.
3. Tauplan is bound by the following rules and obligations:
1. Processing takes place exclusively at the documented instruction of the User, including the transfer to third states within the meaning of GDPR and international organizations, unless otherwise required by law. If the transfer results from legal regulations and is legally permissible, Tauplan will inform the user of this prior to the start of the processing;
2. Persons with access to personal data are required to maintain their confidentiality by law or contractual obligation;
3. the measures required by Article 32 of the GDPR have been taken;
4. supports the User in exercising the rights of the person specified in Chapter III of the GDPR in accordance with the nature of the processing;
5. taking into account the nature of the processing and the information available to it, assists the User in fulfilling the obligations set out in Articles 32-36 of the GDPR;
6. Copies of personal data will be deleted within 90 days from date of termination of this Agreement,
7. Provide the User with all information necessary to demonstrate compliance with the obligations set forth in Article 28 of the GDPR and enable and contribute to User or User-authorized auditor to conduct audits, including inspections.

§4

[Final provisions]

1. The termination of this Agreement shall be equal to the termination of the Terms and Conditions.
2. Any further amendments to this agreement shall be made as described in Terms and Conditions.