Article 1. Definitions
For each Agreement to which these General Terms and Conditions have been declared applicable, the following words and expressions are defined as follows:

1.1. Additional or special conditions: conditions for a specific service that apply in addition to these General Terms and Conditions.
1.2. Account: the personal account ITQ makes available to the Principal for the purpose of being able to use certain purchased Services, and additional (sub)accounts created by the Principal or ITQ.
1.3. General Terms and Conditions: the present conditions, including the associated modules.
1.4. GDPR: the General Data Protection Regulation.
1.5. Consignment Hours: hours outside Working Hours.
1.6. Consultancy: the consultancy services that ITQ is to provide to the Principal pursuant to the Agreement, such as – without limitation – consultancy services in the context of VMware environments.
1.7. Service: a service that is to be/has been provided by ITQ, as further indicated in the Agreement entered into between ITQ and the Principal. These services may include – without limitation – Consultancy and/or ICT Services, or the rental of Hardware.
1.8. EULA: the VMware Inc. End User Licence Agreement, or software licence agreement, defining and governing the permitted use of the VMware licence(s) for end users. The most recent version will always apply.
1.9. Hardware: the equipment the Principal rents from ITQ pursuant to the Agreement.
1.10. Intellectual Property Rights: all intellectual property rights and related rights, including – without limitation – copyrights, database rights, rights to domain names, trade name rights, trademark rights, design rights, neighbouring rights and patent rights, as well as rights to know-how.
1.11. ICT Services: the ICT services ITQ is to provide to the Principal pursuant to the Agreement, such as – without limitation – consultancy services in the context of VMware environments.
1.12. ITQ: the private company ITQ Consultancy B.V., registered with the Chamber of Commerce under registration number 28107312, the private company ITQ Managed Services B.V., registered with the Chamber of Commerce under registration number 80474276, or other related companies.
1.13. Candidate: the natural person, who may or may not be an ITQ employee, whom ITQ makes available to the Principal to carry out work for the Principal.
1.14. Customer Data: all data that are stored by the Principal (or the end users of the Services) via or using the Services, or are otherwise provided to ITQ by the Principal (or the end users of the Services).
1.15. Quotation: a written offer from ITQ in which the Services provided are specified, which forms an Agreement between ITQ and the Principal. Every Quotation automatically includes the terms of the Master Agreement and the General Terms and Conditions.
1.16. Principal: a natural person or legal entity acting in the exercise of a profession or business who has or that has entered into an Agreement with ITQ for the provision of Services.
1.17. Agreement: every Quotation on the basis of which ITQ provides Services to the Principal, including the Master Agreement and General Terms and Conditions and any other appendices.
1.18. Parties: the parties to the Agreement, ITQ and the Principal.
1.19. Personal Data: any information on an identified or identifiable natural person within the meaning of Article 4(1) of the GDPR.
1.20. Service Level Agreement: any specific agreement entered into between the Parties in which arrangements concerning the quality of the Services provided are laid down, which are linked to concrete and measurable key performance indicators.
1.21. Controller: the Principal who, in the performance of the Agreement, determines the purpose and means of the processing of Personal Data within the meaning of Article 4(7) of the GDPR.
1.22. Processor: ITQ, which, in the performance of the Agreement, processes Personal Data within the meaning of Article 4(8) of the GDPR on the Controller’s behalf.
1.23. Processing Agreement: Module on the Processing of Personal Data in which arrangements are made on the handling of Personal Data as referred to in Article 28(3) of the GDPR. This Module applies in addition to the general part of the General Terms and Conditions and – insofar as applicable – the Module on ICT Services, if and insofar as ITQ processes Personal Data for the Principal’s benefit. The Module on the Processing of Personal Data forms part of the General Terms and Conditions.
1.24. Working Days: Monday through Friday, with the exception of Dutch national holidays, or national holidays in the country in which ITQ carries out the work.
1.25. Working Hours: hours on Working Days between 08:00 hours and 18:00 hours.

Article 2. Applicability of the General Terms and Conditions

2.1. These General Terms and Conditions apply to all offers, including the offers made by ITQ, the carrying out of work by or in the name of ITQ and the performance of all current and future Agreements. Additional or special conditions may apply to an offer or Agreement. In the event of a conflict between the General Terms and Conditions and the additional or special terms and conditions, the additional or special terms and conditions will prevail.
2.2. The applicability of any purchase conditions or other general or other terms and conditions of the Principal is expressly excluded. Provisions or terms and conditions stipulated by the Principal that differ from or do not appear in these General Terms and Conditions will only be binding upon ITQ if and insofar as these have been expressly accepted by ITQ in writing.
2.3. If any provision of these General Terms and Conditions proves to be invalid or are voided, the other provisions of these General Terms and Conditions will continue to apply in full, and ITQ and the Principal will enter into consultations in order to agree on new provisions to replace the invalid or voided provisions, taking as much account as possible of the purpose and purport of the invalid or voided provisions.
2.4. If the Principal makes use of additional services offered by ITQ, the provisions of these General Term and Conditions will apply by analogy to those additional services, unless otherwise indicated in the description of the relevant additional service.
2.5. Any changes to the General Terms and Conditions will be announced on ITQ’s website, by means of an email to the Principal or via another channel that allows ITQ to prove that the Principal received the notice. Non-substantive minor changes can be implemented at all times, without requiring notification.
2.6. If the Principal does not wish to accept a change to the General Terms and Conditions, the Principal must inform ITQ thereof, in writing, within fourteen (14) days of being informed thereof, providing reasons. This may give ITQ cause to review the change. If ITQ does not subsequently revoke the change, the Principal may terminate the Agreement with effect from the date on which the new terms and conditions take effect.

Article 3. Offer and acceptance

3.1. Any Quotations, estimates and offers from or on behalf of ITQ are without obligation, unless ITQ has stated otherwise in advance, in writing or by e-mail.
3.2. ITQ has based itself on the information provided by the Principal. In the event of significant additional work due to this information being incorrect or incomplete, ITQ is entitled to charge the additional costs involved to the customer.
3.3. Subject to revocation, a Quotation, estimate or offer from ITQ will be valid for thirty (30) days.
3.4. The Agreement is entered into after the Principal’s written acceptance of the Quotation or offer. Sending a purchase order, procurement order or any other order confirmation or other confirmation in response to a Quotation sent by ITQ will be considered written acceptance of ITQ’s Quotation.
3.5. If the Principal does not explicitly indicate that it agrees to the Quotation, but nevertheless agrees or creates the impression that it agrees to ITQ carrying out work that falls within scope of the description of the Services, the Quotation is deemed to have been accepted. The same applies when the Principal requests that ITQ carry out certain work, without waiting for a formal Quotation.

Article 4. The Agreement

4.1. Any additions and amendments to the Agreement can only be agreed between the Parties in writing.
4.2. Without ITQ’s written permission, the Principal cannot transfer its rights and/or obligations arising from or in connection with the Agreement and/or the additional services to third parties, whether in full or in part.
4.3. ITQ is entitled to transfer the rights and obligations from the Agreement or part thereof to a third party that, in ITQ’s opinion, at the time of transfer, is capable of complying with the obligations arising from or in connection with this Agreement, without requiring the Principal’s permission.
4.4. The Parties will each be responsible for complying with their legal obligations, including – without limitation – the obligations arising from the GDPR that are applicable to the relevant Party.

Article 5. Prices

5.1. Unless otherwise stated, the prices stated in the Quotations, offers and Agreements are expressed in euros, and exclusive of VAT and any other levies arising from statutory regulations.
5.2. ITQ is authorised to charge the Principal additional fees for any work carried out outside of Working Days and/or Working Hours.

5.3. ITQ is entitled to index the rates stated in this Agreement in the month of January of every year, based on the consumer price index of Statistics Netherlands (CBS), with effect from January relative to January of the previous year.
5.4. Furthermore, ITQ may adjust the agreed prices at any time on the basis of changed rates of ITQ’s suppliers, which will be passed on proportionally to the Principal.
5.5. In circumstances as described in the preceding two paragraphs of this article, the Principal does not have the right to terminate the Agreement.

Article 6. Payment conditions

6.1. The payment term of a submitted invoice is thirty (30) days after the invoice date. ITQ is entitled to invoice electronically.
6.2. Payment is to take place through transfer of the amount due to the account stated on the invoice sent by ITQ, without set-off or suspension.
6.3. If the customer fails to comply with its payment obligation as agreed between the Parties in due time, the customer will be in default without further notice of default being required, and ITQ reserves the right to temporarily or permanently suspend its work. From the moment the customer is in default, it is obliged to pay ITQ the interest as referred to in Section 6:119a of the Dutch Civil Code, and to reimburse the actual collection costs incurred by ITQ, which are set at a minimum of € 250.00.

Article 7. Performance and planning

7.1. ITQ will endeavour to provide the Services – in accordance with the Agreement – as soon as possible after the Agreement is formed. Any terms communicated by ITQ are indicative and are not to be considered strict deadlines.
7.2. The Principal will provide ITQ with any support that may be necessary and desirable to allow for the correct and timely provision of the Services. The Principal will in any case provide any information that ITQ indicates is required, or that the Principal may reasonably be expected to understand is required in the provision of the Services;
7.3. The Principal is authorised to cancel the Consultancy free of charge, in writing, up to five (5) Working Days before the date of the provision of the Consultancy. In the event of cancellation between five (5) and two (2) Working Days before the date of the Consultancy, ITQ is authorised to invoice the Principal fifty (50) percent of the fee. If the Principal cancels within two (2) Working Days before the date of the Consultancy, ITQ is authorised to charge the Principal the entire fee for the Consultancy. In this context, cancellation includes postponing the order.

Article 8. Replacement, illness

8.1. ITQ is authorised to replace a Candidate with a different Candidate, without this resulting in it being liable to pay compensation and/or a contribution towards the costs.
8.2. In the event that, due to illness or any other cause, the Candidate is unable to carry out work for the benefit of the Principal for longer than five (5) Working Days, ITQ will endeavour to provide a replacement Candidate as soon as possible, whose qualifications will be as similar as possible.

Article 9. Contract extras

9.1. The Principal can request that ITQ carry out work that is outside the scope of the Agreement (i.e. request ‘contract extras’) at any time. However, ITQ is not obliged to comply with such requests.
9.2. In the event of contract extras, ITQ will inform the Principal in advance of the estimated or actual costs associated with this and will only carry out the contract extras following approval from the Principal. The above will however not apply in the case of contract extras that are required in connection with the Services already agreed. Such contract extras can be carried out on the basis of subsequent calculation, without the Principal’s permission being required.
9.3. When carrying out contract extras, ITQ will always base itself on the agreed rates, or – if none have been agreed – on the customary rates. ITQ can demand that a supplementary agreement be entered into to carry out contract extras.

Article 10. Termination

10.1. Without prejudice to the provisions in the Agreement, ITQ is entitled to terminate the Agreement, in writing, with immediate effect and without judicial intervention being required, if the Principal fails to comply with one or more of its obligations towards ITQ, fails to comply with these properly or in due time, or acts contrary to these obligations.
10.2. ITQ is entitled to terminate the Agreement, with immediate effect and without notice of default or judicial intervention being required, if the Principal is declared bankrupt, has applied for or been granted a moratorium or has otherwise lost the right to dispose of all or part of its assets.
10.3. In the circumstances referred to in Article 10.1 and 10.2, the Principal will have no right to compensation.

Article 11. Intellectual property rights

11.1. All Intellectual Property Rights to the Services are exclusively vested in ITQ or its licensors. Unless expressly otherwise agreed in writing, these rights will under no circumstances be transferred to the Principal.
11.2. The Principal is to respect the Intellectual Property Rights relating to the Services and indemnifies ITQ against any third-party claims.
11.3. All rights to Customer Data, including any Intellectual Property Rights applying to these, will be vested in the Principal. ITQ will refrain from claiming any ownership thereof.
11.4. The Principal hereby grants ITQ a limited right of use to use the Customer Data during the term of the Agreement, insofar as this is necessary for the provision of the Services.
11.5. If and insofar as the Customer Data consist of Personal Data, the arrangements as laid down in the Module on the Processing of Personal Data of these General Terms and Conditions will apply to these.

Article 12. Obligations of the Principal

12.1. If and insofar, pursuant to the Agreement, the Candidate is required to work on the Principal’s premises, the Principal will provide the Candidate an adequate and safe workplace in accordance with the applicable working conditions regulations and/or working conditions legislation. Unless otherwise agreed in the Agreement, the Principal must make online (remote) working possible for ITQ and the Candidate.
12.2. The Principal will always provide the Candidate with all the data and information that are important in the proper carrying out of the work in due time.

Article 13. Reporting of defects

13.1. The Principal must submit a written claim in respect of any defects in the Services provided and/or the invoice amount no later than fourteen (14) Working Days after the date it is sent, or within fourteen (14) Working Days of the defect being discovered, failing which any claim against ITQ will lapse.
13.2. If the Principal’s claim is well-founded, ITQ will adjust or compensate the Services after consultation. Reporting defects does not suspend the Principal’s obligations.

Article 14. Force majeure

14.1. Unless ITQ fails attributably in the compliance with its obligations, it is not liable. Insofar as compliance is not permanently impossible, its obligations will be suspended. If the period in which compliance is not possible due to force majeure lasts or is going to last longer than thirty (30) days, each of the Parties affected by the force majeure will be authorised to terminate the Agreement with immediate effect. In such case, any Services that ITQ provided before the force majeure situation arose and provides during the force majeure situation will be charged on a proportional basis.
14.2. If, when the force majeure situation arises, ITQ has already complied with some of its obligations or is only able to comply with some of its obligations, ITQ will be entitled to invoice the Services and/or Hardware that have already been provided/delivered separately and the Principal will be obliged to pay this invoice.
14.3. Force majeure on ITQ’s part must be understood to mean any external causes as a result of which ITQ is unable or cannot reasonably be required to comply with its obligations towards the Principal, regardless of whether this circumstance was foreseeable at the time of entry into the Agreement. These include – without limitation – government-imposed obligations that affect the Service, breakdowns in the systems that are part of the Principal’s infrastructure, the telecommunications infrastructure or breakdowns in networks, malware attacks or attacks by other malicious software, civil commotion, acts of God, terror, mobilisation, war, import and export impediments, strikes, stagnations in supply, fire, floods and the situation in which its suppliers fail to enable ITQ to comply with its obligations, regardless of the reason for that.
14.4. If ITQ is unable to carry out the Consultancy at the time agreed upon between the Parties, or the assignment needs to be postponed or cancelled due to circumstances affecting the Principal, the provisions of Article 7.3 will apply regardless of the nature of the circumstances affecting the Principal.

Article 15. Liability

15.1. If one of the Parties fails to comply with one or more obligations under the Agreement, the other Party will give written notice of default, in which notice the defaulting Party will be given a reasonable period in which to comply with its obligation(s) after all, unless compliance with the relevant obligation(s) is already permanently impossible, in which case the defaulting Party will immediately be in default.
15.2. Any liability of ITQ as a result of a default in the performance of the Agreement, a wrongful act or otherwise, will be limited to half of the invoice amount (exclusive of VAT) associated with the Agreement with regard to which one of the Parties has attributably failed to comply with its obligations per event (with a series of successive events counting as one event), but in any case to the amount of € 50,000.00 per Agreement.
15.3. ITQ is only liable for direct loss arising from an attributable failure in the performance of the Agreement. ‘Direct loss’ must exclusively be understood to mean:

a) material damage to tangible property of the Principal or third parties (‘property damage’);
b) any reasonable and demonstrable costs the Principal has incurred in demanding that ITQ perform or resume performing the Agreement properly, unless the unsatisfactory performance is not attributable to ITQ;
c) any reasonable costs incurred in determining the cause and the extent of the loss;
d) any reasonable and demonstrable costs incurred in having the Agreement performed by a third party, if, having received a demand from the Principal, ITQ fails to perform or resume performing the agreement properly within the reasonable period stipulated in the notice.
e) any reasonable and demonstrable costs the Principal has incurred in preventing or limiting the direct loss, insofar as the Principal can demonstrate that such costs have resulted in limitation of the loss.

15.4. ITQ is not liable for any form of loss other than that referred to in Article 15.3.
15.5. Any limitation or exclusion of liability in the Agreement will not apply in the event that the loss is attributable to an intentional act or wilful recklessness on the part of ITQ’s management, or death or bodily injury.
15.6. If an event as referred to in Article 15.2, results in more than one claim being submitted and the combined claims exceed the limits set in the relevant paragraph, the Party liable for compensation will only be obliged to pay the combined claims in proportion to the limits set in Article 15.2.
15.7. In the event of loss of and/or damage to the Customer Data that is due to actions on ITQ’s part, ITQ will endeavour to restore this for the Principal.
15.8. Each of the Parties must report any loss or damage to the other Party, in writing, as soon as possible, though no later than within four weeks of such loss arising. Loss or damage that has not been reported within this period will not be eligible for compensation, unless the other Party can demonstrate that a timely written response could not reasonably have been expected from it.
15.9. The parties agree that, in the following articles, applicability of Section 6:271 of the Dutch Civil Code and the effect of its provisions are excluded.

Article 16. Confidentiality

16.1. The Parties and the Parties’ employees are obliged to keep confidential all that comes to their knowledge by virtue of the Agreement, insofar as this relates to the development, implementation and processes, in the broadest sense, of the Service and/or the Hardware. These obligations also apply after the Agreement has been terminated.
16.2. The Parties and the Parties’ employees will refrain from using, in any way whatsoever, the information referred to in the preceding paragraph or any part thereof for any purpose other than performance of the Agreement, including – without limitation – multiplication and publication.

Article 17. Takeover of staff

17.1. Throughout the carrying out of the assignment and for one (1) year after termination of the assignment, neither of the Parties may employ Candidates who are or have been involved in the carrying out of the other Party’s assignment, or negotiate with these Candidates about employment, except in consultation with the other Party.

Article 18. Applicable law

18.1. The Agreement is exclusively governed by Dutch law.
18.2. Any disputes will be submitted exclusively to the competent court in the District of Noord-Holland [the Netherlands].

MODULE – ICT SERVICES
This Module on ICT Services applies in addition to the general part of the General Term and Conditions
if and insofar as ITQ provides ICT Services to the Principal pursuant to the Agreement.

Article 19. Accounts
19.1. If this is part of the Services, ITQ will, after formation of the Agreement, provide the Principal with access to an Account by providing login details, or by making it possible for the Principal to create its own login details.
19.2. All Accounts and the associated login details are strictly confidential and may not be shared with third parties.
19.3. Each action that takes place using the Principal’s Account or an Account created by the Principal will be deemed to take place under the Principal’s responsibility and at the Principal’s risk. If login details for an Account are lost or leaked, or the Principal suspects or may reasonably suspect or be expected to know that an Account is being misused, the Principal must immediately take any measures that may be necessary and desirable in order to prevent or stop the misuse. These measures may, for example, consist of changing the login details or blocking the Account. In addition, the Principal must report this to ITQ without delay, so that ITQ can take any additional measures that may be required.

Article 20. Rules of use

20.1. The Principal is forbidden from using the Services to violate Dutch law or other laws and regulations applicable to the Principal or ITQ, or to infringe the rights of other parties.
20.2. Regardless of whether it is legal, the Services may not be used to offer or spread materials that:

a) incorporate, or contain a link to, malicious content (such as viruses, malware or other harmful software);
b) infringe third-party rights (e.g. Intellectual Property Rights), or are manifestly defamatory, libellous, offensive, discriminatory or inflammatory;
c) contain information on (or may aid in) infringing third-party rights, such as hacking tools or information on computer crime intended to enable readers to commit a crime or to have a third party commit a crime, rather than enabling readers to defend themselves against such crimes;
d) violate the privacy of third parties, which in any case includes – without limitation – the processing of Personal Data of third parties without permission or another basis; or
e) contain hyperlinks, torrents or links to materials or the location of materials that infringe Intellectual Property Rights.

20.3. The Principal must refrain from hindering other customers or Internet users or inflicting damage on the systems or networks of ITQ or other customers. The Principal is prohibited from starting up processes or programs, whether by using ITQ’s systems or otherwise, that the Principal knows or may reasonably assume will obstruct or inflict damage on ITQ, its customers or Internet users.
20.4. The Principal indemnifies ITQ and will hold ITQ harmless against any type of claim, charges or proceedings instituted by a third party in connection with the data traffic or the material the Principal, the Principal’s customers and/or other third parties post on or distribute via the Service, or the content of such data traffic or material.
20.5. If, in ITQ’s opinion, the operation of ITQ’s computer systems or network, third-party computer systems or networks and/or the service provision via the Internet is hindered, damaged or otherwise at risk, in particular due to the transmission of excessive amounts of email or other data, Denial-of-Service attacks, inadequately secured systems or virus activities, Trojan horses and similar software, ITQ will be authorised to take any measures it may reasonably deem necessary to avert or prevent such risk. If and insofar as this can be attributed to the Principal, ITQ may charge the costs that are reasonably associated with these measures to the Principal.
20.6. A good internet connection is required for the provision of ICT Services. The Principal will be responsible for having an internet connection with sufficient bandwidth. In the event of problems in the Principal’s internet connection, ITQ cannot be required to comply with its obligations under the Agreement and ITQ will be entitled to suspend compliance with these obligations until the internet connection has been restored.

Article 21. Notice and take-down
21.1. In the event that a third party informs ITQ or ITQ itself concludes that the Services are being used to store or distribute certain materials that infringe third-party rights, or the use thereof is otherwise unlawful or constitutes a violation of laws and regulations or the Agreement, ITQ will inform the Principal of the complaint or the violation as soon as possible.
21.2. ITQ will offer the Principal the opportunity to respond to the complaint within a reasonable period and take measures if necessary. If the Principal fails to do so, ITQ itself can take all reasonable measures to put an end to the violation. This may result in certain data being removed or made inaccessible, or access to the Services being blocked in full or in part. In urgent cases, ITQ can intervene immediately, without warning the Principal.
21.3. In the event that the materials may constitute a punishable offence, ITQ is entitled to report this to the authorities. ITQ may in this connection hand over the data concerned and any relevant information on the Principal and third parties (including the Principal’s customers) to the competent authorities and carry out any other acts that these authorities request ITQ carry out as part of the investigation.
21.4. ITQ will not be liable for any loss of the Principal, the latter’s customers or the end users that may arise from a shut-down of the Services or the removal of materials in connection with the procedure described in this article.
21.5. ITQ is entitled to provide the name, address and any other data identifying the Principal or the relevant end user to a third party that has complained that the Principal has infringed its rights, provided that the requirements that apply to this under the law or case law have been complied with.
21.6. The Principal will indemnify ITQ against any third-party claims that are based on the assertion that the materials that are stored or distributed through use of the Services infringe its rights or are otherwise unlawful.

Article 22. Installation and configuration of software

22.1. Unless otherwise agreed in writing, the Principal itself will be fully responsible for the installation and configuration of the Services. ITQ can charge the Principals costs for any support provided in this connection.
22.2. Unless otherwise agreed in writing, the Principal is not entitled to carry out modifications independently or install software within Services administrated by ITQ (such as – without limitation – online workplaces) without ITQ’s written permission.
22.3. If the Principal wishes to modify the software independently, this will be entirely at the Principal’s own risk and on the Principal’s own responsibility, unless the Principal has reported the intended modification to ITQ beforehand and ITQ has approved it, in writing. ITQ may make this approval subject to conditions.

Article 23. Storage and data limits

23.1. ITQ may impose a maximum on the capacity (such as the volume of data traffic, the processing capacity, the memory, the storage or the electricity) that the Principal is allowed to or can actually use within the framework of the Services.
23.2. If this maximum is exceeded, ITQ will be entitled to charge additional costs or – following a written warning – restrict the use of the Services or reduce it to the permitted capacity.
23.3. If a specific limit or capacity applies for the Services, this can be raised or reduced in consultation with ITQ. An increase or upgrade of the Services can be implemented with immediate effect, whereas a reduction or downgrade can only be implemented with effect from the date of the first extension of the Agreement, and subsequently by the end of every month.
23.4. Any data traffic credit awarded to the Principal cannot be transferred to a subsequent month, another agreement or another ITQ customer.
23.5. ITQ will not be liable for the consequences of being unable to send, receive, store or change data or any incorrect operation of the Services if the Principal exceeds an agreed limit (such as the volume of data traffic, the processing capacity, the memory, the storage or the electricity).

Article 24. Fair use

24.1. If no limit has been set for the capacity (such as the volume of data traffic, the processing capacity, the memory, the storage or the electricity) for the Services, a fair use policy will apply to the relevant Services.
24.2. ITQ may specify the fair use policy in further detail, which will in such case be made available to the Principal in writing and can be consulted via ITQ’s website. ITQ reserves the right to amend or supplement the policy at any time and will, in such case, inform the Principal, in writing, in advance.
24.3. If there is no expressly defined fair use policy, it will be understood to mean that the Principal may use at most twice as much capacity as other customers of ITQ that purchase the same or comparable Services in comparable circumstances.
24.4. If the use of the Services exceeds the fair use policy, ITQ will enter into consultation with the Principal about – for example – the purchase of an alternative Service or service level. If the Parties do not reach agreement within a reasonable period to be determined by ITQ, ITQ is entitled to limit or block the Services. If the limits are exceeded, ITQ will not be responsible if the Services do not function or do not function correctly.

Article 25. Availability, maintenance and support

25.1. ITQ will endeavour to realise good and uninterrupted availability of the Services and the associated systems and networks, and to realise access to the details the Principal has stored through these. However, unless otherwise agreed by means of a Service Level Agreement (SLA) that has been designated as such, ITQ provides no guarantee with regard to quality or availability In this respect, ITQ is dependent on its supplier(s)
as well.
25.2. ITQ will keep itself available for a reasonable level of remote customer support during Working Hours, insofar as the applicable SLA does not stipulate otherwise.
25.3. ITQ will endeavour to respond to every support request as quickly as possible, but – unless otherwise agreed in the SLA – cannot give any guarantees in this regard.
25.4. ITQ will endeavour to keep the software used for the Service up-to-date. However, in this respect, ITQ is dependent on its supplier(s). ITQ is authorised to decide against installing certain updates or patches if, in its opinion, this is of no benefit to correct service provision.
25.5. ITQ will endeavour to adapt the software from time to time in order to improve the functionality and correct errors. In the event of new functionalities or modifications that may substantially change the operation of the software, ITQ will seek consultation with the Principal in advance.
25.6. ITQ will endeavour to add changes and new functionalities requested by the Principal to the software. However, ITQ is at all times entitled to refuse such a request if, in its opinion, this is infeasible or may impede the proper operation, manageability or availability of the software.
25.7. ITQ will endeavour to support the Principal in the event of continuity or security incidents. Unless otherwise stipulated in a Service Level Agreement, ITQ is entitled to charge for the above-mentioned support, at the hourly rates applicable at that time.

Article 26. Backups

26.1. Where the Parties have explicitly agreed on this in writing, ITQ will regularly make backups of the data stored by the Principal on systems of ITQ or its suppliers and make these available to the Principal at the Principal’s request at a fee. Any other efforts made by ITQ in the context of the backups and at the Principal’s request will be provided for an additional fee. Insofar as the Parties have not agreed otherwise, the fee will be calculated on the basis of the hourly rate applied by ITQ at that time.
26.2. Unless otherwise agreed, with regard to the backups, the Principal itself will at all times be responsible for the accuracy of the data, any recovery of the backups, and any checks preceding such recovery. The backups made may be destroyed after termination of the Agreement. In the event of termination, the Principal will at all times be responsible for requesting a spare copy.

Article 27. Third-party conditions

27.1. Third-party products and/or services may form part of the Agreement as well. In such case, any general terms and conditions and other conditions of the relevant third party will apply to those products and/or services and the use thereof as well.

Article 28. Resale of VMware licences

28.1. The conditions of this Article 28 apply if ITQ (re)sells VMware licences to the Principal within the framework of the Agreement.
28.2. The EULAs govern the use of VMware licences under the agreement. The Principal is aware that it must agree to the relevant EULA before the Principal can make use of the VMware licence (to be provided by ITQ).
28.3. ITQ will make every effort to ensure compliance with the provisions of the EULA by its supplier of the VMware licence, however, the Principal acknowledges that ITQ is dependent on the relevant supplier in this regard. ITQ in any case makes no further commitments regarding liability, guarantees, availability, suitability and the quality of the software that is granted under the VMware licence beyond those set out in the EULA and/or as agreed between ITQ and its supplier.
28.4. The Principal indemnifies ITQ and will hold ITQ harmless against any type of claim, charges or proceedings instituted by a third party in connection with the infringement of the conditions of the EULA and/or actions that are not permitted under the EULA provided to the Principal.

MODULE – RENTAL OF HARDWARE
This Module on the Rental of Hardware applies in addition to the general part of the General Terms and Conditions if and insofar as, pursuant to the Agreement, the Principal rents Hardware from ITQ.

Article 29. Delivery

29.1. ITQ will endeavour to make the Hardware available to the Principal – in accordance with the Agreement – once the Agreement has been formed, or within a reasonable period after the Agreement is formed.
29.2. For the duration of the Agreement – or, if a different lease term has been agreed upon, for the duration of the agreed lease term – ITQ grants the Principal the right to use the Hardware in accordance with the terms and conditions in this Module and any additional terms and conditions agreed upon by the Parties.
29.3. Without ITQ’s express prior written permission, the Principal is forbidden from transferring, sub-leasing, pledging or otherwise encumbering the Hardware.
29.4. The risk of loss or theft of or damage to the Hardware passes to the Principal from the moment ITQ has delivered the Hardware to the agreed address,
29.5. The Hardware will be deemed to have been delivered undamaged, unless, within 5 Working Days of the delivery, the Principal informs ITQ, in writing and with adequate substantiation, that the Hardware was already damaged before delivery.
29.6. Insofar as permitted by law, the Parties agree that application of Sections 7:203 through 7:211 of the Dutch Civil Code will be excluded.

Article 30. Installation

30.1. If this has been agreed upon, ITQ will install the Hardware in a location and manner stipulated in the Agreement. ITQ is entitled to refuse to install Hardware at a specific location if, in its professional opinion, doing so is not possible, or the proper operation of the Hardware cannot be guaranteed at the relevant location.
30.2. The Principal itself will remain responsible for the correct power supply and network connections. If the above-mentioned facilities are not available, ITQ may be unable to carry out a correct and complete installation.
30.3. ITQ is entitled to engage third parties in the installation of the Hardware as referred to in the preceding paragraph.
30.4. The Principal will provide ITQ or the third parties engaged by ITQ access to the designated location and provide any cooperation that may be necessary in the installation of the Hardware.

Article 31. Use

31.1. The Principal will only use the Hardware for the purposes for which, according to its nature, it is intended and will in this connection carefully follow any instructions provided by ITQ and/or the manufacturer.
31.2. Without ITQ’s prior written permission, the Principal is forbidden from making changes to the Hardware. If the Principal makes such changes without ITQ’s prior written permission, any costs of repair or replacement will be at the Principal’s expense.
31.3. ITQ will endeavour to ensure the Hardware is available to the Principal and to resolve any breakdowns and technical issues as quickly as possible. The Principal can only rely on specific Service Level Agreements, such as a certain level of availability or response times, if this has been agreed upon in writing.

Article 32. Operation and guarantees

32.1. The Principal accepts that the Hardware possesses only the functionality and other features in the condition in which the Principal finds these at the time of delivery. Unless the Agreement explicitly provides for additional guarantees, the Hardware is delivered ‘as is’ (i.e. with any visible and invisible faults and defects).

Article 33. Risk and insurance

33.1. After delivery, the risk of loss or theft of or damage to the Hardware will, throughout the use thereof, be at the Principal’s expense, regardless of the cause of such loss. In this connection, with regard to its obligations towards ITQ, the Principal cannot rely on force majeure within the meaning of Section 6:75 of the Dutch Civil Code.
33.2. Any loss or theft of or damage to the Hardware will not affect the agreed payment obligations of the Principal. Any costs involved in repair or replacement of the Hardware will be at the Principal’s expense.
33.3. The Principal will be obliged to inform ITQ of any loss or theft of or damage to the Hardware, in writing, without delay. In such case, ITQ will endeavour to repair or replace the Hardware or to have a third party repair or replace the Hardware within a reasonable period, at the Principal’s expense.
33.4. Throughout the term of the Agreement, the Principal is required to – at its own expense – keep the Hardware adequately insured against fire, water damage, theft and other risks of the Hardware.
33.5. The Principal must ensure that, within the framework of the above-mentioned insurance, ITQ is designated as a third party beneficiary or co-insured. If this is not reasonably possible, the Principal will assign its claim on the relevant insurer to ITQ.
33.6. At ITQ’s first request, the Principal will provide copies of the policy for the abovementioned insurance and/or submit proof of full and timely premium payment.

Article 34. Ownership

34.1. The Hardware is and will continue to be the property of ITQ. Nothing in the Agreement provides for the transfer of ownership of the Hardware to the Principal or third parties.
34.2. ITQ may place markings or labels on the Hardware (or the software installed on it) that make the Hardware recognisable as the property of ITQ. The Principal is expressly forbidden from changing, removing such markings or labels or making these unreadable.
34.3. If a third party seeks to (have a third party) levy attachment on the Hardware, establish rights in respect of the Hardware or exercise rights in respect of the Hardware, the Principal must inform ITQ thereof, in writing, without delay. In that connection, the Principal hereby irrevocably grants ITQ permission to, in such a case, enter all sites at which the Hardware is located and to repossess it.
34.4. The provisions of the preceding paragraph also apply if the Principal suspects or may reasonably suspect that third parties will (have a third party) levy attachment on the Hardware or exercise rights in respect thereof. Such a presumption will in any case exist if the Principal is no longer able to pay its debts or knows that it will no longer be able to pay its debts in the near future.
34.5. If creditors of the Principal levy attachment on the Hardware or such attachment is levied in connection with a dispute involving the Principal, this will not release the Principal from its payment obligations.

Article 35. Returns

35.1. In the event of expiration or termination of the Agreement, the Principal must return the Hardware as soon as possible, though no later than within 14 days, in accordance with ITQ’s instructions. If the Principal fails to return the Hardware in due time, the Principal will owe ITQ the agreed rent for the entire period until the Hardware is returned.
35.2. Any costs associated with returns will be at the Principal’s expense. The Principal will ensure that the Hardware is adequately packaged and will return it by means of an insured shipment.
35.3. Save for normal wear and tear, the Principal is obliged to return the Hardware to ITQ in undamaged condition. In the event that ITQ concludes that the Principal has made changes to the Hardware without ITQ’s written permission, or the Hardware is damaged, any costs associated with the repair or replacement thereof will be completely at the Principal’s expense.

MODULE – PROCESSING OF PERSONAL DATA
This Module on the Processing of Personal Data applies in addition to the general portion of the General Terms and Conditions and – if applicable – the Module on ICT Services and/or the Module on the Rental of Hardware if and insofar as ITQ processes Personal Data on the Principal’s behalf.

Article 36. Introduction

36.1. The parties have entered into an Agreement. ITQ may be regarded as a Processor within the meaning of Article 4(8) of the GDPR and the Principal as a Controller within the meaning of Article 4(7) of the GDPR.
36.2. Insofar as this is within its power, ITQ is willing to comply with the obligations pursuant to the GDPR.
36.3. The GDPR imposes on the Controller the obligation to ensure that the Processor provides sufficient guarantees in respect of the technical security measures and organisational measures governing the processing to be carried out, as well as the obligation to monitor compliance with those measures.
36.4. Partly in view of the requirements under Article 28(3) of the GDPR, the Parties wish to lay down their rights and obligations by means of this Module.

Article 37. Purposes of the processing

37.1. ITQ undertakes to process Personal Data for the Principal’s benefit, subject to the conditions of this Module. Processing will only take place within the framework of this Module for the duration and purpose specified in Article 40 of this Module, and those purposes that, in further consultation between the Parties, are specified in the Agreement.
37.2. The Personal Data that ITQ processes or is to process within the framework of the Agreement, and the categories of data subjects to whom the Personal Data pertain, depend on the service that ITQ provides pursuant to the Agreement. The categories of Personal Data and types of data subject(s) of whom ITQ processes Personal Data are specified in further detail in Article 40 of this Module. ITQ will refrain from processing the Personal Data for any purpose other than that determined by the Principal. Where these are not already stated in the Module, the Principal will inform ITQ of the purposes of the processing.
37.3. ITQ has no control over the purpose and the means of the processing of Personal Data. ITQ will take no independent decisions with regard to the receipt and use of the Personal Data, provision of the data to third parties and the term for which Personal Data will be stored.

Article 38. Obligations of ITQ

38.1. ITQ will ensure compliance with the conditions that, pursuant to the GDPR, apply to ITQ’s processing of Personal Data based on its role as Processor.
38.2. The obligations arising for ITQ from this Module will also apply to those who process Personal Data under ITQ’s authority.
38.3. ITQ must inform the Principal without delay if it feels that an instruction provided by the Principal is contrary to the GDPR.
38.4. Insofar as this lies within its power, ITQ will assist the Principal in complying with the obligations pursuant to Articles 32 through 36 of the GDPR, which includes carrying out data protection impact assessments (DPIAs) and any required prior consultation with the Dutch Data Protection Authority. ITQ may charge reasonable costs for doing so.

Article 39. Transfer of personal data

39.1. ITQ may process the Personal Data in countries within the European Economic Area (EEA). In addition, ITQ is allowed to transfer the Personal Data to a country outside the EEA, provided that the relevant country guarantees an appropriate level of protection and it meets its other obligations under this Module and the GDPR.

Article 40. Division of responsibility

40.1. ITQ will carry out the permitted processing activities within an automated or semiautomated environment.
40.2. ITQ is only responsible for the processing of the Personal Data pursuant to this Module, in accordance with the Principal’s instructions and under the Principal’s express (ultimate) responsibility. ITQ is not responsible for any other processing of Personal Data, which in any case includes – without limitation – the Principal’s collection of Personal Data, processing for purposes the Principal has not communicated to ITQ, processing by third parties and/or processing for other purposes. The responsibility for any such processing rests solely with the Principal.
40.3. The Principal guarantees that the content and use of the Personal Data and the instruction to process it as referred to in the present Module are not unlawful and do not infringe any third-party rights.

Article 41. Engagement of third parties or sub-contractors

41.1. The Principal hereby grants ITQ permission to engage a third party in the processing of Personal Data pursuant to this Module, with due observance of the GDPR. The third parties engaged by ITQ at the time of entry into the Agreement are listed in Article 47.
41.2. At the Principal’s request, ITQ will inform the Principal of any third parties it has engaged. The Principal has the right to object to any third party engaged by ITQ, in writing, providing reasons. If the Principal objects to third parties engaged by ITQ, the Parties will consult in order to reach a solution.
41.3. ITQ will in any case ensure that such third parties assume obligations comparable to those agreed between the Principal and ITQ, in writing. ITQ warrants correct compliance with these obligations by such third parties and, in the event of errors committed by such third parties, will be liable towards the Principal for any loss suffered as if it had committed the errors itself.

Article 42. Security

42.1. ITQ will endeavour to take appropriate technical and organisational measures against loss or any form of unlawful processing (such as unauthorised inspection of, damage to, or alteration or provision of the Personal Data) in connection with the processing of Personal Data.
42.2. ITQ will endeavour to ensure that, in view of the state of the art, the sensitivity of the Personal Data and the costs associated with the security measures taken, the level of security is appropriate.
42.3. If a vital security measure is found to be absent, ITQ will ensure that the security provided meets a standard that is not unreasonable in view of the state of the art, the sensitivity of the Personal Data and the costs associated with the security measures taken.

Article 43. Data breaches

43.1. ITQ will inform the Principal of any data breach (which must be understood to mean: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise processed (Article 4.12 GDPR)) without unreasonable delay, on the basis of which information the Principal will decide whether or not it will inform the supervisory authorities and/or the data subjects. ITQ will endeavour to ensure that the information provided is complete, correct and accurate.
43.2. The Principal will ensure compliance with any statutory or other notification obligations. If required by the rules and/or regulations, ITQ will cooperate in informing the relevant authorities and any data subjects. ITQ may charge reasonable costs for doing so.
43.3. The notification obligation will in any case include reporting that a breach has occurred, as well as, insofar as known to ITQ:

  • the date on which the breach occurred (if no exact date is known: the period in which the breach occurred);
  • the cause or suspected cause of the breach;
  • the date and time at which ITQ, or a third party or subcontractor engaged by it, became aware of the breach;
  • the number of people whose Personal Data have been breached (or, if the exact number is not known: the minimum and maximum number of people whose data have been breached);
  • a description of the group of persons whose data have been breached, including a description of the type or types of Personal Data that have been breached;
  • whether the data were encrypted, hashed or otherwise rendered incomprehensible or inaccessible to unauthorised parties;
  • the measures that are intended to be taken and or have already been taken in order to remedy the breach and limit the consequences thereof;
  • contact details for following up the notification.

Article 44. Rights of data subjects

44.1. In the event that a data subject submits a request to exercise his/her statutory rights to ITQ, ITQ will forward the request to the Principal and inform the data subject thereof. The Principal will subsequently process the request independently. If the Principal requires ITQ’s assistance in processing a request from a data subject, ITQ may charge a reasonable fee for this.

Article 45. Confidentiality

45.1. All Personal Data ITQ receives from the Principal and/or collects itself within the framework of this Module are subject to a duty of confidentiality towards third parties. ITQ will refrain from using this information for any purpose other than the one for which it was provided to ITQ, unless it has been rendered into a form in which it cannot be traced back to the data subjects.
45.2. This duty of confidentiality does not apply insofar as the Principal has expressly granted permission to provide the information to third parties, if providing the information to third parties is logically required in view of the instruction given and the performance of this Module, or in the event of a statutory obligation to provide the information to a third party.

Article 46. Audit

46.1. The Principal is authorised to have audits carried out by an independent expert who is bound to secrecy in order to verify compliance with the security requirements.
46.2. Such an audit will only take place after the Principal has requested and assessed similar audit reports that ITQ already had available, and presents reasonable arguments that still warrant an audit initiated by the Principal. Such an audit is justified if the similar audit reports that ITQ already had available provide an insufficient or inconclusive answer regarding compliance with the security requirements. The audit initiated by the Principal will take place after two weeks’ prior notice from the Principal, and once a year at the most.
46.3. ITQ will cooperate in the audit and will make available any information that may reasonably be relevant to the audit, including supporting information such as system logs, as well as employees as soon as possible, with a period of no more than two weeks being deemed reasonable unless an urgent interest dictates otherwise. The Principal will ensure that the audit causes as little disruption as possible to ITQ’s other activities.
46.4. The Parties will assess the findings based on the audit that has been conducted in mutual consultation and determine on that basis whether or not those findings will be implemented by one of the Parties or both Parties jointly.
46.5. The costs of the audit will be at the Principal’s expense.

Article 47. Duration and termination

47.1. This Module applies for the term specified in the Agreement between the Parties, in the absence of which it will at least apply for the duration of the collaboration.
47.2. The Module cannot be terminated prematurely.
47.3. If this Module is terminated, for whatever reason and in whatever manner, ITQ will – at the Principal’s option – return any Personal Data that it holds to the Principal in the original format or in the form of a copy, and/or delete and/or destroy these original Personal Data and any copies that may have been made of it.

Article 48. Information on the processing of Personal Data