- SaaS for the creation and management of a talent pool  


Este acuerdo marco de servicios regula la adquisición y el uso de losservicios BWCD (beWanted Compañía Descrita) por parte del cliente. Si elcliente se registra para una prueba gratuita de los servicios BWCD o utilizaservicios gratuitos, las disposiciones de este acuerdo también regirán dichaprueba gratuita o dichos servicios gratuitos. Al aceptar este acuerdo, ya seahaciendo clic en una casilla que indica la aceptación, ejecutando un formulariode pedido que hace referencia a este acuerdo o utilizando servicios gratuitos,el cliente acepta los términos establecidos en este acuerdo. Si la persona queacepta este acuerdo lo hace en nombre de una empresa u otra entidad legal, estádeclarando que tiene la autoridad para obligar a dicha entidad y sus afiliadasa estos términos y condiciones. En este caso, "Cliente" se refiere ala entidad y sus afiliadas. Si la persona que acepta este acuerdo no tienedicha autoridad o no está de acuerdo con estos términos y condiciones, no debeaceptar este acuerdo y< no podrá utilizar los servicios.


This Agreement was last updated on March 27, 2023. It is effective between Customer and BWDC as of the date Customer accepts this Agreement (the "Effective Date").


1. Purpose


BWCD will provide the Client with access to its software-as-a-service (SaaS) platform for the creation of a talent pool, its management as well as the collection of reports derived from the data that the talent pool provides (the "Service").


Annex I - Technical Proposal contains the specific services covered by this Agreement and the functional process between the Client and BWCD for the provision of such services.


BWDC: ContractingEntity, Notices, Governing Law, and Venue.


If Customer is domiciled in:

The BWDC entity entering into this Agreement is:

Notices should be addressed to:

Governing law is:

Courts with exclusive jurisdiction are:

Any country other than Spain, the United Kingdom, Germany, and Mexico.

Alumni Global Search, SL, a limited liability company incorporated in Spain

C/ Príncipe de Vergara 128, 28002, Madrid, Spain. Att VP Sales.


Madrid, Spain

United Kingdom

BeWanted UK Limited, a limited liability company incorporated in England

C/ Príncipe de Vergara 128, 28002, Madrid, Spain. Att VP Sales.


London, England


beWanted Spain, SL, a limited liability company incorporated in Spain

C/ Príncipe de Vergara 128, 28002, Madrid, Spain. Att VP Sales.


Madrid, Spain


beWanted Germany UG, a limited liability company incorporated in Germany

C/ Príncipe de Vergara 128, 28002, Madrid, Spain. Att VP Sales.


Berlin, Germany


Alumni SA de CV, a limited liability company incorporated in Mexico.

C/ Príncipe de Vergara 128, 28002, Madrid, Spain. Att VP Sales.


CDMX, Mexico





The amount to be paid by the Client to BWCD for the provision of the Services subject of this Agreement shall be the amount set forth in the "purchase order" signed by the Client.


BWCD will issue the corresponding invoices for the Services rendered according to the amounts established in the order signed by the Client. Such invoices shall be paid by the Client as indicated in the order signed by the Client.




For the provision of the Services, both the Client and the users designated by the Client (the "Users"), will have a personal account that will allow them to access the Platform, through passwords that BWCD will provide to the authorized persons.


In case of loss or theft of passwords, the Client must inform BWCD immediately in order to avoid misuse of the Platform by third parties. If the passwords are stolen by a third party, BWCD will not be responsible for any damages suffered.


BWCD reserves the right to cancel the Client's account and to take appropriate legal action in the event that the account has been misused.


Likewise, BWCD reserves the right to cancel the Client's account in the event that the Client has not paid the corresponding consideration for the provision of the Services within the established term.




The Client undertakes to use the Platform only for the purposes described in Annex I.


Likewise, the Client shall ensure that employers do not publish job offers or candidate search processes that could imply any discrimination, that are defamatory, offensive or that do not comply with the applicable legislation, and undertakes to indemnify BWCD for any damage or harm that could be caused as a consequence of the publication of any offer or process that does not comply with the above requirements. In any case, BWCD may edit or remove any job offer or candidate search process that, in its opinion, could be discriminatory, without the Client being able to request the reimbursement of the amounts paid or pending with respect to the publication.


Client agrees to deal fairly and professionally with persons who may respond to postings or invitations and will not do anything to discredit BWCD. In the event of a claim against BWCD by any applicant as a result of Client's breach of this or any other obligations under the Agreement, BWCD may seek damages from Client.


BWCD does not guarantee the accuracy of the data provided by candidates in their profiles or their suitability for the positions applied for. It is the employer's responsibility to carry out all necessary checks and procedures to ensure that candidates are suitable for the advertised job and that they have the required qualifications and personal characteristics.


BWCD does not warrant that the Platform will be available at all times and that the Platform will be free of bugs, viruses and/or other harmful applications.




The duration of the Agreement is of one (1) year, coming into force on the date of signature and being automatically extended for annual periods, unless otherwise notified by either of the Parties.


Either Party may terminate the Agreement in the event of a breach of the Agreement by the other Party if such breach cannot be cured within ten days of notice by the defaulting Party.


The Customer may also terminate the Agreement at any time, in which case the amounts paid will not be refunded and outstanding invoices will remain due and payable. If the Customer terminates the Agreement before the end of the agreed term, this will result in the loss of any discounts that have been agreed for the full term of the Agreement.




The Parties mutually authorize each other to use their respective names, logos and images on the Platform for the duration of this Agreement, without in any case implying a transfer of ownership rights over them to the other Party.


Either Party may object to this use at any time by notifying the other Party by e-mail.




In the event the Client makes a claim against BWCD, for any reason whatsoever, BWCD's liability (if any) shall not exceed the price paid, or payable, for the Services by the Client. In no event shall BWCD be liable for any consequential, direct, indirect or special losses resulting from any loss of profit, revenue, interest, goodwill, or otherwise in connection with Client's business.




All intellectual property rights related to the Services and the BWCD Platform shall remain the property of BWCD.


The Customer may not reproduce, copy, modify, adapt, publish, transmit, distribute or in any way commercially exploit any material that is the subject of intellectual property rights.




The Parties agree to maintain strict confidentiality on any data or information provided by one of the Parties to the other, to which they have had access and/or of which they become aware in the course of the collaboration which constitutes the subject matter of this Agreement, in particular any information relating to know-how, know-how, methodologies, products, services, customers or business activities of the other Party (hereinafter, the Confidential Information) by not allowing such information to be transferred or made accessible to third parties not expressly authorized.


This obligation of confidentiality shall extend to the personnel in the service of any of the Parties and/or any other person involved in the provision of the services covered by this Agreement.


The confidentiality obligations set forth in this Clause shall remain in force during the term of this Agreement, and shall survive indefinitely after the termination of this Agreement.




The user of the BWCD website accepts the use of cookies by BWCD. If you do not agree, you are free to disable cookies in your browser.




In accordance with the provisions of the General Data Protection Regulation and the Organic Law 3/2018, of December 5, 2018, on the Protection of Personal Data and guarantee of digital rights, the parties inform each other of the following issues in relation to the processing of the other party's personal data:

Responsibility for the processing: are, in each case, the parties to this contract with the company names and data indicated in the heading.

Purpose of processing: each party will use the personal data of the other for the proper maintenance, development and control of the contractual relationship and the services deriving from it.

Legitimacy of the treatment: the legal basis that legitimizes the processing of personal data of each party is that it is necessary for the execution of this contract and, if the requirements of the LOPDGDD are met, in the legitimate interest.

Recipients of the data: there will be no assignments or international transfers of data, unless it is necessary for the execution of the contractual relationship or for the fulfillment of legal obligations.

Retention period: personal data will be kept for the duration of the contractual relationship and, after its termination, for the periods necessary to comply with legal obligations.

Data protection rights: each party may contact the other party to request access to their personal data, rectification, deletion, limitation of processing, opposition to processing, as well as their right to data portability. To do so, a written request must be sent to the other party at the address indicated in the heading.

Claim before the AEPD: in any case, any of the parties may file a claim before the Spanish Data Protection Agency, either through its electronic headquarters or at its address, calle Jorge Juan, nº 6, C.P. 28001 de Madrid.

With respect to the processing of data that BWCD will carry out on behalf of the client, acting as data processor of the client, the provisions of Annex II of this Agreement shall apply.


In any case, each of the Parties shall be exclusively responsible for the fulfillment of its obligations in terms of data protection, in accordance with the European and Spanish legislation on Personal Data Protection.







The creation and management of the Talent Pools will be carried out through the beWanted Technology Platform:

a) The creation of personalized landing pages for job seekers and job offers that allow quick, simple and efficient access and ensure an effective connection between supply and demand in the labor market.


b) The creation of talent ecosystems with the employability index (Jobrank) and filtering tools for screening and managing information (Sentinel).


a) The creation ofmatchmaking processes and access to the tool through the different user roles created.


d) Access to global statistics in relation to selection processes.

For a proper functioning of the Talent Pools there are several implementation and maintenance services, as well as operation and support.



a) Dissemination and communication: Landing Page - Registration pages

All the diffusion actions will be redirected to the personalized landing page for the Client. You can create as many landings as you want for the processes (by associations, in different languages, for different projects, companies, etc.).

When the candidates access, they will find the tool personalized on any of its pages with the brand of the Client or of the company to which the landing belongs.

Through the tracking code (code that is added to each of the URL's that lead to this landing), you can accurately measure all the actions carried out on the Client's or beWanted's channels. The tracking code marks the registrants according to the communication channel through which they have accessed it. This allows you to measure the effectiveness of recruitment campaigns and the quality of the candidates (JobRank).

The landing page willalso allow you tolink any candidate database with your profile onbeWanted for profile certification (option to connect with schools for certification and other references).

Each landing page can be integrated in three different ways, depending on the agreement with the Client:


- By integrating the landing page into the company's website.

- Through a link on the company's website to the landing page.

- Through the diffusion of the landing pagelink through different channels.


b) Categorized and standardized information

The different sources of information are integrated into unified databases whose structure allows:

- Obtain the JobRank, which is the employability index obtained thanks to an algorithm that evaluates each professional profile to assign it a score, comparable with the rest of the professionals on the platform. This weighting changes in real time, adapting to the needs of the applicants.

- Sort and filter user information through Sentinel, which is the platform's database screening tool.

These databases must be kept up to date, so we must identify all the channels that feed them in order to monitor them and make them more efficient. This is the process we call user acquisition for the platform and it is of vital importance for the proper functioning of a single channel. The debeWanted technology makes it possible to obtain all the information in real time on the performance of the channels and thus take the appropriate measures to make them more efficient.

The creation of these databases allows us to apply beWanted technology so that employers can proactively invite the candidates that best meet the requirements of each vacancy. This makes the process more effective and reduces the cost of acquiring candidates for each vacancy by 25% compared to the average investment of different employers.

c) Talent Ecosystem

Creation of talent ecosystems with profiles that have a common denominator and are made up of candidates registered in beWanted and other databases. Candidates can access their profiles for continuous updating.

The recruitment actions of all teams or companies will have a direct impact on the creation of these talent ecosystems.

In addition, it will allow direct and filterable access to the profiles already contacted on other occasions by any user of the company offering employment, as well as total accessibility for the Client.

d) Deselection processes: Matchmaking

- Filtering.

Some of the filters that allow you to search for candidates in the Talent Pool through thePlatform are:

× Branch of study

× Tuition

× Languages and level

× Location by country/province or distance

× Experience

× References

× Date of availability

× Average score

× Graduate students

× Volunteers

× Study center

× International exchanges

Candidates appear as search results sorted by JobRank.

The system allows to adapt the registration and filtering processes to the fields that the Client deems necessary for the efficient operation of the system.

- Invitation

Sending invitations to participate in the selection process. In the invitation the candidates will be able to see the details of the position offered, accept it, answer the Killer Questions or reject it. If you accept, we will see it in our candidate management, but if you reject, we will ask you to indicate the reasons and we will collect the data to take it into account for statistical purposes.

- Management Panel.

In the management panel we will be able to access the complete CV of the candidates who have responded to our invitation:

× View and score KQ(specific questions associated with each selection process).

× Change of application phase.

× Access to individual and mass messaging for communication with candidates.

× Candidate's history with my company.

× Include notes in the candidates' profiles.

e) Statistics and system monitoring

All of the above will allow the Client to have a system that collects all the statistical information of the labor market and to access different analytics in real time.

In addition to real-time statistics, reports can be generated with all the information on web traffic, communication and recruitment campaigns, users, agent interactions, employability, aspirations, performance and other issues.

- Global statistics dashboard

You get an overview of all selection processes, candidates and registered companies, process volume and candidate quality according to JobRank:

- Target Candidate Acceptance Ratio.

- Demographics of the best candidates: cities, provinces, universities...

- Reasons for rejection of invitations.

- Ideal profile for your company.

- Impact statistics in social networks and other channels.

- Landing page registration data.

- Quality of your candidates according to JobRank.

- Validated profiles



beWanted will be responsible for the implementation and technical maintenance of the Platform.

These implementation and maintenance services are always provided by beWanted's own team, not outsourced, so that the expected quality in the start-up and incident management processes is maintained. Given beWanted's international coverage, maintenance services can cover 24 hours a day, always ensuring the proper functioning of the tool.

3.1. Operation and support

beWanted has a dedicated operational support team in charge of training the Users designated by the Client to manage the tool.

The work units that will participate in the project for the development of the Platform are the following:

- Marketing: responsible for the design and implementation of the landing pages, as well as for controlling the traffic generated on them and the subsequent activity reports (companies, candidates, associations, etc.).

- KAM(Key Account Management): responsible for meeting agent requirements and executing a tailored plan for each agent. The team is in charge of communicating with the offerers and job seekers to ensure that both parties are tuned in and can use the tool smoothly.

- Technical Support: responsible for ensuring the proper functioning of the tool. He is in charge of making sure that the JobRank algorithm works properly and that it is constantly being updated.


3.2. Functionalities


Landing page for a company offering jobs.

You can create as many landing pages as you consider appropriate for the realization of the project. For example, a general landing page for the Client, one for each of the companies, etc.


Registered companies will have personalized company access, so they will create their company profile within the system and will be marked within the database.


In addition, these companies will have the opportunity to create their own selection processes or processes sponsored by the Client.


All companies will be accessible to managers in their company manager and they will be able to enter as managers of all of them.


For each company, managers can assign different roles for each user so that they have different access permissions to use the different functionalities.

User roles (permissions for companies).

Hiring Manager(Manager of the selection process).

- Company user access to the tool.

- Creation of Job applications to account managers and recruiters.

- Notifications of acceptance or rejection of your vacancy requests.

- Access to statistics of the processes requested by him.

- Evaluation of profiles through comments on candidates' CVs.


Recruiter (License Administrator).

- Company user access to the tool.

- Approval of applications, sending of invitations to candidates, changes of phase within the selection processes.

- Discarding of candidacies.

- Access to instant messaging with candidates participating in the process.

- Access to Talent Pool with candidates from the candidate database to invite to selection processes.

- Creation of agestor vacancy requests.

- Access to all selection process statistics.

User roles (permissions for talent pool manager)

- Multiple company user access to the tool. The user can select from all the companies he/she manages to enter the system through which company he/she wants to enter the system.

- Approval of applications, sending of invitations to candidates, changes of phase within the selection processes.

- Discarding of candidacies.

- Access to instant messaging with candidates participating in the process.

- Access to Talent Pool with candidates from [XXXXXX] database to invite to selection processes.

- Access to all the statistics of selection processes and comparison between the companies offering jobs that it manages.

- Creation of Recruiter and Manager users for others.

- Assignment of permissions for all users of the accounts you manage.

- Access to pre-records of candidates in the database of [XXXXXX] not yet registered in beWanted.

- Access to profile certification and references.


















1. Purpose of the processing order


The Client, as data controller, authorizes Alumni Global Search, SL (beWanted Corporate), acting as data processor, to process on its behalf the personal data necessary to provide the services covered by the Agreement.


The processing shall consist of the processing operations necessary for the fulfillment of this Agreement, with the specification of the following processing operations to be carried out with the data accessed as a result of the provision of the contracted service:


X Collection  

X Registration


X Modification

X Conservation  

X Extraction

X Consultation  

X Broadcast communication

X Dissemination  

X Interconnection

X Collation  

X Limitation

X Suppression  

X Destruction

X Communication  

X Other(Specify)

X Copy  

X Analysis

X Shipping


Identification of the affected information


For the execution of this Agreement, the Client, as the entity responsible for the processing, makes available to beWanted Corporate, as processor, the information and personal data necessary for the provision of the contracted professional services, being in particular those described below:

- Personal data of registered candidates, having in this case access to all the data that the candidates have published in their profile, according to the fields enabled for this purpose in the platform developed by beWanted Corporate.

- Data of companies and/or professionals associated to the Client as well as identification data and profile of the users authorized to access the platform developed by beWanted Corporate.



3. Duration


Upon termination of the Collaboration Agreement, the data processor must, as instructed by the data controller, delete or return to the data controller's designee both the personal data and any documents and/or media to which he/she has had access and delete, with appropriate safeguards, any copies in his/her possession.

In the event that the data controller chooses to return the data, the processor must do so, in relation to automated processing, in a structured, commonly used and machine-readable format, with technological neutrality, thus being accessible and readable by the data controller without the need to use the data processor's own programs or technologies.


4. Obligations of the data processor


The person in charge of the treatment is obliged to:


a) Use the personal data being processed, or those collected for inclusion, only for the purpose of this order. Under no circumstances may it use the data for its own purposes.


b) Process the data in accordance with the controller's instructions. If the processor considers that any of the instructions infringes the GDPR or any other EU or Member State data protection provisions, the processor shall immediately inform the controller. If you are unclear about any instructions from the controller on how the processor is to act with regard to the personal data to which he/she has access, you must contact the controller and clarify the instruction before any data processing is carried out.


c) Keep, in writing, a record of all categories of processing activities carried out on behalf of the controller, containing:


1. The name and contact details of the data processor(s) and of each controller on behalf of whom the data processor is acting and, where appropriate, of the representative of the data controller or data processor and of the data protection officer.


2. The categories of treatments carried out on behalf of each person in charge.


3. Where applicable, transfers of personal data to a third country or international organization, including the identification of such third country or international organization and, in the case of transfers referred to in the second subparagraph of Article 49(1) of the GDPR, documentation of appropriate safeguards.


4. A general description of the technical and organizational security measures, as a minimum, relating to:


● Pseudonymization and encryption of personal data.

● The ability to ensure the ongoing confidentiality, integrity, availability and resilience of treatment systems and services.

● The ability to restore availability and access to personal data quickly, in the event of a physical or technical incident.

● The process of regular verification, evaluation and assessment of the effectiveness of technical and organizational measures to ensure the security of processing.


In order to be able to check that the contracted processor offers sufficient guarantees to implement appropriate technical and organizational measures, so that the processing complies with the requirements of the General Data Protection Regulation and ensures the protection of the data subject's rights, the controller may require the processor to provide information on such measures both before contracting and during the provision of services. Likewise, and if the data controller deems it appropriate, he/she may audit the systems and media containing the personal data being processed.


d) Not to communicate the data to third parties, except with the express written authorization of the data controller, in the legally admissible cases.


The processor may communicate the data to other processors of the same controller, in accordance with the instructions of the controller. In this case, the data controller shall identify, in advance and in writing, the entity -company name, VAT number and address- to which the data must be communicated, the data to be communicated and the security measures to be applied in order to proceed with the communication.


If the processor has to transfer personal data to a third country or an international organization under Union or Member State law applicable to it, it shall inform the controller of this legal requirement in advance, unless such law prohibits it for important reasons of public interest.


With regard to the international transfer of data, the data processor must notify the data controller and provide written proof of compliance with the requirements of current data protection regulations before proceeding with the transfer, ensuring that the entity receiving the data will provide the same security and comply with all the requirements of the General Data Protection Regulation.


e) Subcontracting. The data processor may not subcontract any of the services forming part of the object of this contract involving the processing of personal data, except for the auxiliary services necessary for the normal operation of the services of the data processor.


In the event of having to subcontract data processing to other companies, the data processor must give prior written notice to the data controller, 7 days in advance, clearly and unequivocally identifying the processing to be subcontracted, the subcontracting company and its contact details. Subcontracting may be carried out if the data controller does not express his opposition within 7 days.


The subcontractor, who also has the status of data processor, is also obliged to comply with the obligations established in this document for the data processor and the instructions issued by the controller. It is up to the initial processor to regulate the new relationship, so that the new processor is subject to the same conditions (instructions, obligations, security measures...) and with the same formal requirements as the latter, as regards the proper processing of personal data and the guarantee of the rights of the data subjects.


f) To maintain the duty of secrecy with respect to the personal data to which it has had access by virtue of this assignment, even after the end of its purpose.


g) Ensure that the persons authorized to process personal data undertake, expressly and in writing, to respect confidentiality and to comply with the corresponding security measures, of which they must be duly informed.


h) Maintain at the disposal of the person in charge the documentation accrediting compliance with the obligation established in the preceding paragraph.


i) To guarantee the necessary and updated training on personal data protection for the persons authorized to process personal data.


j) To assist the data controller in responding to the exercise of the rights of: (i) access, rectification, erasure and objection; (ii) limitation of processing; (iii) data portability; and (iv) not to be subject to automated individualized decisions (including profiling).


When the data subjects exercise some of the above rights before the data processor, the latter must communicate it by e-mail to the address provided by the data controller. The communication must be made immediately and in no case later than the working day following the day of receipt of the request, together, where appropriate, with other information that may be relevant to resolve the request.


k) Right to information: it is the responsibility of the data controller to provide data subjects, at the time of data collection, with information on the processing of their personal data.


l) Notification of data security breaches: The processor shall notify the controller, without undue delay, and in any case not later than 72 hours, and through the e-mail address provided by the controller, of any breaches of security of the personal data under its responsibility of which it becomes aware, together with all relevant information for the documentation and communication of the incident.


A "personal data breach" is any breach of security resulting in the accidental or unlawful destruction, loss or alteration of, or unauthorized disclosure of or access to, personal data transmitted, stored or otherwise processed within the meaning of the General Data Protection Regulation.


Notification is not required when such a breach of security is unlikely to constitute a risk to the rights and freedoms of natural persons.


If available, at least the following information shall be provided in writing:

A description of the nature of the personal data security breach, including, where possible, the categories and approximate number of data subjects affected, and the categories and approximate number of personal data records affected.

The name and contact details of the data protection officer or other point of contact where further information can be obtained.

Description of the possible consequences of a breach of the security of personal data.

Description of the measures taken or proposed to be taken to remedy the breach of security of personal data, including, where appropriate, measures taken to mitigate any adverse effects.

If and to the extent that it is not possible to provide the information simultaneously, the information shall be provided gradually without undue delay.

Communication should be in clear and simple language and should, as a minimum:

a.Explain the nature of the data breach.

b. Provide the name and contact details of the data protection officer or other point of contact where further information can be obtained.

c. Describe the possible consequences of a breach of personal data security.

d. Describe the measures taken or proposed by the controller to remedy the breach of security of the personal data, including, where appropriate, measures taken to mitigate any adverse effects.


m) To support the data controller in carrying out data protection impact assessments, where appropriate.


n) Support the data controller in carrying out prior consultations with the supervisory authority, where appropriate.


o) Make available to the person in charge all the information necessary to demonstrate compliance with its obligations, as well as for the performance of audits or inspections carried out by the person in charge or another auditor authorized by him/her.


p) Perform a risk assessment of the risks to personal data involved in the processing of data that beWanted will perform on behalf of the CLIENT and implement appropriate technical and organizational security measures to ensure a level of security appropriate to the risk. In any case, it shall implement mechanisms to:


× Ensuring the continued confidentiality, integrity, availability and resiliency of

× treatment systems and services.

× Restore the availability and access to personal data quickly, in the event that

× physical or technical incident.

× c) Verify, evaluate and assess, on a regular basis, the effectiveness of the technical and organizational measures implemented to ensure the security of the processing.

× Pseudonymize and encrypt personal data, if necessary.


q) Appoint a data protection officer and communicate his or her identity and contact details to the person in charge.


r) Destination of the data: Upon termination of this contract, at the choice of the controller, the processor must return to the controller or transmit to another processor designated by the controller the personal data and delete any copies in its possession.

In the event that the data controller chooses to return the data, the processor must do so, in relation to automated processing, in a structured, commonly used and machine-readable format, with technological neutrality, thus being accessible and readable by the data controller without the need to use the data processor's own programs or technologies.

The return must entail the total deletion of the existing data on the computer equipment used by the person in charge.

However, the person in charge may keep a copy, with the data duly blocked, for as long as any liability may arise from the performance of the services.


5. Obligations of the person in charge of the file and/or processing


It is the responsibility of the person in charge of the treatment:


1. Deliver the data referred to in clause 2 of this Annex to the Responsible Party.


2. Perform, if necessary, an assessment of the impact on the protection of personal data of the processing operations to be carried out by the processor.


3. To carry out, if necessary, the corresponding prior consultations.


4. To ensure, in advance and throughout the processing, compliance with the GDPR by the processor.


Supervise treatment, including conducting inspections and auditing.


6. Responsibility of the data processor

The obligations arising for the Data Processor by virtue of this contract shall also be binding on its employees, collaborators, both external and internal, for which it shall be liable to the Data Controller in the event of non-compliance by its employees and, where appropriate, by its subcontractors.

In the event that the data processor, including its employees, uses the personal data for purposes other than those set out in this contract, communicates them to third parties or uses them in breach of the provisions set out in the contract, it will be considered responsible for the processing and will be liable for any infringements it may have personally incurred.

However, the data processor shall not be held liable when, following an express indication from the data controller, he/she communicates the data to a third party designated by the data controller, to whom he/she has entrusted the provision of a service.