Where Apexloop acts as a data processor of personal data you manage under the GDPR, the following terms apply:

1. Apexloop processes personal data stored within the context of its use or accessible for development, maintenance or operation purposes. This typically includes data of employees, customers or suppliers (name, contact details, photographs, etc.) and data that users upload to Apexloop.
2. Data is processed solely for the purpose of providing Apexloop, or as individually agreed, and only for the duration of its use. Apexloop handles data exclusively on the basis of your instructions or legal requirements.
3. Apexloop has implemented technical, organisational and security measures against unauthorised access, modification, loss or misuse of data.
4. Apexloop employees and authorised persons process data only in accordance with instructions and applicable law.
5. At your request, Apexloop will correct, update, delete or transfer data (where functionality allows).
6. In fulfilling GDPR obligations, Apexloop acts with professional care.
7. Apexloop may engage further processors (in particular IT providers) provided they meet EU standards, without requiring the client's explicit consent.
8. Where another service is integrated into Apexloop, the client consents to data being processed by the third party under that party's terms.
9. After Apexloop service provision ends, active processing stops. Backups may be retained for up to 1 year, after which data will be deleted unless required by law.
10. Apexloop maintains confidentiality regarding data and ensures the same of its employees. This obligation continues after the end of cooperation.
11. The client may request a reasonable audit of compliance with processing obligations. The date must be agreed at least 30 days in advance, the audit must not disrupt operations and costs are borne by the client.
12. Confidentiality also applies to security measures and continues after the end of cooperation.