Terms and conditions

Home Terms and conditions
General terms and conditions of sale IPEX Group (October 2021 – Rev. 3)
1.    Collective provisions
1.1    Scope and acceptance
1.1.1    These are the general terms and conditions of sale (hereinafter referred to as the “GTC”) of IPEX Group, a public limited company with its registered office at Avenue de Landas 5, 1480 Saintes, VAT number BE 0429 119 090 (hereinafter referred to as the “Supplier”).
1.1.2    The GTC shall apply to all orders for services and/or products (initial and subsequent orders) sent by a customer of the Supplier (hereinafter the “Customer”) and received and accepted by the Supplier (the “Contract(s)”).
1.1.3    The GTC apply to both business and non-business customers, unless specifically stated otherwise.
1.1.4    The applicability of the Customer’s general or special conditions is excluded, unless specifically agreed in advance in writing with the Supplier.
1.2    Prices and payment
1.2.1    The prices specified by the Supplier are exclusive of taxes and charges, unless expressly stated otherwise.
1.2.2    Each invoice from the Supplier is payable in cash, unless the invoice specifies a time limit for payment. Failure to deliver a product and/or service due to an incorrect address, an error by the Customer or any other reason beyond the Supplier’s control shall not suspend or cancel the obligation to pay for the services.
1.2.3    In the event of non-payment on the due date, the defaulting party shall automatically be liable to pay monthly interest of 1% on the amount due, without the need for prior notice of default. The defaulting party is also automatically liable to pay a contractual surcharge of 15% in damages, with a minimum of €75.
1.2.4    In the event of non-payment on the agreed date, the Supplier reserves the right to immediately suspend any further delivery of products and/or services to the Customer.
1.2.5    If the Supplier subcontracts all or part of the services to the Post Office or another postal service provider (hereinafter referred to as the Postal Service Subcontractor), the Customer acknowledges and accepts that the Supplier will pass on any increase in postal rates to the Customer, and that the Subcontractor is entitled to reclassify any type of item (transactional/promotional/format, size and weight), which may have an impact on the postal rates.
1.3    Duration and termination
1.3.1    The period of validity of an offer is in principle specified in the offer. If the offer is not specified, the offer is valid for 1 month from the date of sending.
1.3.2    If the Supplier and the Customer have entered into an Agreement which does not provide for a fixed term, then the Agreement shall apply for an indefinite term and either Party shall be entitled to terminate the Agreement at any time, subject to 3 months’ notice, without having to specify the reason.
1.3.3    Unless expressly stated otherwise, the termination of the Contract does not terminate any orders still in progress.  The only consequence of the termination of the Contract is that no new orders can be placed.
1.3.4    The termination or expiration of an order shall not affect the existence and validity of the Contract or other orders.
1.3.5    In the event of cancellation of an order, the Customer must pay the full amount stated in the Contract. An order may only be cancelled by registered letter with acknowledgement of receipt, with an e-mail copy to the Supplier at infobe@ipexgroup.com. The cancellation of an order shall not affect the existence and validity of the Contract or other orders.
1.3.6    If a Party is guilty of a serious breach of the Agreement which it does not resolve within 15 days, insofar as this is useful, of receipt of the notice of default sent by registered mail, the other Party shall be entitled to terminate the Agreement and/or the orders in progress with immediate effect, without this affecting the right of the other Party to suspend its obligations. Failure to pay one or more invoices on their due date shall always be considered a serious breach of the Contract.
1.4    Claims
1.4.1    If the Customer wishes to make a complaint, he must submit it in full and with reasons within 8 days of the provision of the service or delivery of the product by sending an e-mail to the Supplier at infobe@ipexgroup.com. If a complaint is not complete and well-founded or is submitted too late, it cannot be accepted.
1.4.2    A claim does not relieve the obligation to make payment in accordance with the agreements made between the parties.
1.5    Confidentiality and Personal Data (hereinafter “PD”)
1.5.1    The Parties shall ensure the confidentiality of the information they receive before, during or after the performance of the Contract. The Parties shall also impose this obligation on their employees and any third parties they use.
1.5.2    To the extent that a Party is subject to applicable legal provisions concerning the protection of PDs, it shall comply with them.
1.5.3    The PD communicated by the Customer to the Supplier, and for which the Supplier acts as data controller, shall be processed by the Supplier in accordance with the privacy policy available at https://www.ipexgroup.com/privacy-policy/.
1.6    The PD communicated by the Customer to the Supplier, and in respect of which the Supplier acts as a subcontractor, shall be processed by the Supplier in accordance with the data processing agreement in Section 5.
1.7    Intellectual property
1.7.1    The supply of products and/or services by the Supplier to the Customer does not in any way include the transfer of any intellectual property rights to the Customer.
1.7.2    The delivery of products and/or services by the Supplier to the Customer includes at most a non-exclusive right of the Customer to use the intellectual property rights included in these products and/or services for the Customer’s personal needs, in accordance with the use that follows from the nature, manual, description and documentation of the products and/or services concerned.
1.7.3    It is prohibited to modify, copy, translate, distribute, inform the public, in whole or in part, of any intellectual property rights included in the products and/or services provided by the Supplier to the Customer, without prior written permission from the Supplier, except if and to the extent that this is permitted according to the nature, manual, description and documentation of the products and services concerned.
1.7.4    The trademark, logo, trade name and company names as well as the accompanying distinctive signs of the Supplier are the exclusive property of the Supplier and may not be used by the Customer, in whole or in part, without the Supplier’s prior written consent.
1.8    Responsibility
1.8.1    Neither Party shall be liable if it is unable to fulfil its obligations, in whole or in part, due to unforeseen, unavoidable and external circumstances (“force majeure”). In addition to the cases of force majeure long established by case law, this clause also applies to a pandemic, destruction of computer equipment, cyber-attacks or hacking, total or partial blockage of the bandwidth or servers of the Postal Service Contractor, the suppression or temporary or permanent prohibition of the use of the Internet, networks or means of communication, whatever the reason, the cause being beyond the control of the Parties.
1.8.2    To the extent legally permissible, the Supplier shall not be liable:    if the damage results from negligence or error on the part of the Customer or from the Customer’s failure, whether intentional or unintentional, to comply with the obligations arising directly or indirectly from the GTC, the applicable legal provisions and any other agreement concluded between the Parties;    for any damage or loss proven or alleged to have arisen out of or in connection with the Customer’s use of third party content, advertising, goods or services.    any consequential damages, including loss of income, data or opportunity, loss of profit, loss of reputation of the Client, etc.
1.8.3    To the maximum extent legally permissible, and without prejudice to the aforementioned exclusions, the Supplier shall under no circumstances be liable for any damage exceeding the amount that has actually been paid by the Customer for the products or services concerned. The Customer shall be responsible for limiting the extent of his damage as soon as he is aware of it by taking appropriate measures.
1.9    Final provisions
1.9.1    The Supplier reserves the right to amend the GTC. The amendment will only take effect once the Customer has been informed of it, and will apply to any order placed after that date.
1.9.2    The fact that the Supplier does not require the Customer to comply with its applicable obligations at any given time shall in no way imply that the Supplier waives its right to require compliance at any time. The Supplier’s waiver of a particular breach of the Customer’s obligations shall not constitute a waiver by the Supplier of any other breach of the same or any other provision, nor a declaration of waiver of the obligation in question.
1.9.3    The invalidity of one or more provisions of the GTC shall not affect the validity of the remaining provisions.
1.9.4    The relationship between the Customer and the Supplier is exclusively governed by Belgian law. The courts of the jurisdiction of Walloon Brabant shall have exclusive jurisdiction for any dispute.
2.    Specific provisions for non-professional clients
2.1    Right of withdrawal for the registered e-mail service
2.1.1    The Customer acknowledges that the digital registered e-mail service mentioned in Section 3 will be carried out as soon as the Customer has provided a sending instruction to this effect. The non-professional customer thus explicitly waives any right of withdrawal in this respect pursuant to Section VI.53 of the Belgian Economic Code.
3.    Provisions applicable to the digital registered e-mail service
3.1    Scope of application
3.1.1    This Section 3 applies to the Registered Mail Plus (hereinafter “RMP”) service offered by the Provider to the Customer, either directly on its website or through a means developed by a third party, such as a mobile application, software or a website.
3.1.2    The provisions of this Section 3 shall complement the other general provisions. In cases where Section 1 and Section 3 are in conflict, the provisions of Section 3 shall prevail.
3.2    How the RMP works
3.2.1    The Provider offers a service for the sending, tracking and archiving of RMPs. The service offered to the Customer constitutes proof that the data provided has been processed, proof of the absence of any change, loss, theft or unlawful modification of the data, proof of the sending and receiving of the data at the address provided by the Customer, as well as the time and date of the various activities.
3.2.2    The Customer is informed that the Provider offers different types of RMPs in accordance with Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC (hereinafter the “eIDAS Regulation”). The Customer is aware that the indemnity and legal consequences differ depending on the type of RMP offered by the Provider. For more information on the different types of RMP offered by the Supplier, the Customer may refer to the following website:  https://www.e-registeredmail.com/
3.2.3    In order to use the RMP, the Customer must log in to the Supplier’s RMP platform and enter all the necessary details for sending, including the recipient’s e-mail address, the subject and the attachment.
3.2.4    The automated data (or “Logs”) recorded in the computer systems of the Supplier or its subcontractor shall be considered by the Parties as sufficient, independent and conclusive evidence of the existence, execution and payment of the delivery of the products and/or services by the Supplier, unless proven otherwise.
3.3    Rights and obligations of the Parties
3.3.1    The Provider undertakes to ensure the proper functioning of the RMP to the best of its ability. However, the Supplier reserves the right to suspend the operation of the RMP for tests, audits, activities for the improvement of network traffic, maintenance, server updates, (threat of) failure, without the Supplier being obliged to provide the Customer with a guarantee or payment of any kind.
3.3.2    The Customer acknowledges that the RMP is carried out as soon as it has provided an instruction to send the RMP.
3.3.3    The Customer agrees to provide in a clear, legible and complete form his contact details and in particular a valid e-mail address, the data to be transmitted via the RMP and the complete e-mail address of the recipient. The Customer is solely responsible for the existence, accuracy, integrity and confidentiality of this data until it reaches the Supplier’s server. The Supplier is in no way responsible for the accuracy of the information provided by the Customer.
3.3.4    The Customer shall refrain from any illegal use of the RMP and from any breach of the applicable legislation.
3.3.5    Either Party may suspend its obligations to the other Party if it acts in breach of applicable law or the GTC in any way, without the suspending Party owing the other Party any security or payment of any kind.
3.3.6    It is the Customer’s responsibility to take sufficient security measures on the device used to access the RMP, including a secure password, an up-to-date operating system and anti-virus software.
3.3.7    The Agreement shall not be archived by the Supplier for the Customer and the Customer shall be responsible for archiving his copy of the Agreement.
3.3.8    The Supplier reserves the right to provide the RMP or part of the service with the assistance of one or more subcontractors.
3.3.9    The Supplier reserves the right to adjust, improve and update the RMP at any time. If the adjustment results in a significant difference in the use of the RMP, the Customer will be informed within a reasonable period of time.
3.3.10    The Supplier shall retain the hash code of the e-mail correspondence for at least 7 years for the benefit of the Customer and the recipient or for as long as the Agreement is in force if its duration exceeds 7 years. During this period, the usage overview is available via the dashboard and the hash code can be checked via the website. With the exception of non-business customers, there may be costs associated with this, depending on the method of recovery. No verification is possible without the hash code provided. After 7 years or upon expiry of the Contract, the tickets are withdrawn by the Supplier and the hash code can no longer be verified via the website. However, the Customer has the possibility to export the tickets (before they are removed by the Supplier) via the dashboard. In this case, the integrity of the electronic correspondence can still be checked manually by comparing the note with the hash code of the notification mail.
3.4    Payment for services
3.4.1    Notwithstanding Article 1.2 of the GTC, if the RMP is ordered via an application, software or website of the Provider or of a third party responsible for payment of the service, the Customer agrees that the payment will be debited from his bank account or credit card or charged by the Provider or the third party, as the case may be.
3.5    Responsibility of the Parties
3.5.1    Notwithstanding Article 1.8 of the GTC, it is the Customer’s responsibility to adapt the use of the RMP to the exact and specific characteristics of its needs. The Provider is not responsible for the Customer’s choice to use the RMP, nor for the Customer’s choice to use a qualified (eIDAS art. 43.1, art. 44 in combination with art. 35) or non-qualified (eIDAS art. 43) service within the meaning of the eIDAS Regulation. The Customer also acknowledges that the RMP cannot replace all registered mail, in particular those required by law or on the basis of a contract.
3.5.2    Notwithstanding Article 1.8 of the GTC, the Provider is in no way responsible for the content of details sent via RMP. The Customer is solely responsible for the data sent via RMP, the chosen transmission channel and the recipient’s address. The Provider undertakes not to access the contents of the RMP, unless explicitly requested by the Customer or the authorities. The Supplier cannot guarantee that the files attached by the Customer are free of viruses or other malicious programs, nor can the Supplier systematically check whether the content of the registered e-mail contravenes applicable legislation. However, the Provider reserves the right to suspend or terminate the service if it has good reason to suspect that the content of the registered e-mail may contain a virus, spam or may violate applicable law.
3.5.3    Notwithstanding Article 1.8 of the GTC, to the extent legally permissible, the Supplier shall not be liable:    when the recipient of an RMP sent by the Client refuses to open the RMP it has sent;    due to the non-execution of the RMP sending in case of unavailability of the recipient, either due to an incorrect address of the recipient or due to malfunctioning of the recipient’s mail server;    in case of a hybrid service: for the failure to deliver a registered letter written and posted by the Supplier. The Supplier’s liability in this respect is limited to the delivery of the registered letter to the post office;    for any interruption of the RMP if this is the result of maintenance, network disruption or loss, or computer intrusion: these situations are considered to be cases of force majeure. In the event of a disruption of the RMP, the Supplier will inform the Customer of the start and end of the disruption via its website as far as possible.
3.5.4    With respect to the RMP, the Supplier is liable for damages caused intentionally or negligently to any natural or legal person due to a breach of the obligations under the eIDAS Regulation. The intent or negligence of the Supplier as a qualified TSP is presumed, unless the Supplier proves otherwise.
4.    Provisions applicable to other services
4.1    Scope of application
4.1.1    This Section 4 applies to all services provided by the Supplier to the Customer, other than RMP as defined in Section 3, such as, but not limited to, variable data printing services, promotional e-mails, transactional e-mails, labels, postal or electronic communications and software or API development related to the above services (hereinafter together referred to as the “Printing Service(s)”).
4.1.2    The provisions of this Section 4 shall complement the other general provisions. In cases where Section 1 and Section 4 are in conflict, the provisions of Section 4 shall prevail.
4.2    Responsibility of the Parties
4.2.1    The presentation of a proof ready for production, accepted by the Customer, releases the Supplier from any liability for errors or omissions found before or after production. In any event, the Customer undertakes to accept a certain tolerance with regard to the details printed on the paper, irrespective of the size of the page, the satin effect, etc.
4.2.2    The Customer is solely responsible for the data transmitted, its transmission and its format. In particular, the Customer confirms that the data required for the generation of the barcode or any variable information is provided exclusively under its responsibility and that the Supplier assumes no responsibility for the adequacy of such data.
4.3    Delivery
4.3.1    The Printing Services are provided at the Customer’s own risk. Postage and packaging costs are for the Customer’s account, unless otherwise agreed. Collection or dispatch of the Print Service implies approval of the product or service by the Customer. The use of a part of the Print Service implies acceptance of the service as a whole. A defect in a part of the Print Services does not entitle the Customer to refuse delivery as a whole.
4.3.2    The Print Service delivered by the Customer shall remain the property of the Supplier until full payment has been made. However, the risk shall pass to the Customer upon placing the order or any other form of contract.
4.3.3    The Supplier reserves the right to make partial deliveries and to send an invoice for these deliveries. The Customer shall pay these invoices without waiting for the delivery of the complete order.
4.4    Data retention
4.4.1    Unless otherwise agreed or notwithstanding legal obligations, the Supplier is not obliged to retain the data and data carriers provided by the Customer until the end of the performance of the assignment (irrespective of the medium, paper or electronic).
4.5    Software
4.5.1    Notwithstanding the general provisions of the GTC, these provisions apply to all software offered by the Supplier to its customers, downloaded by the Customer or installed by the Supplier.
4.5.2    The Supplier reserves the right to update and/or modify its software at any time without prior notification or announcement of such change.
4.5.3    The installation of the software by the Supplier is subject to a separate agreement and is not included in the price, unless otherwise stated. The installation shall be deemed to have been carried out by the Supplier once the installation form has been signed.
4.5.4    If the Supplier installs the software, the Customer shall grant the Supplier, or a third party designated by the Supplier, sufficient access and provide all necessary and relevant information.
5.    Personal Data Processing Agreement (“PPA”) – GDPR
5.1    Introductory note
5.1.1    This Section 5 shall apply only if and to the extent that the Supplier acts as a subcontractor and processes PD on behalf of and for the account of the Customer in the performance of the Agreement. The Customer acknowledges and agrees that where the Supplier processes PD which is provided by the Customer under the Contract, the Supplier acts as a subcontractor for the processing of PD vis-à-vis the Customer, who remains the controller in accordance with the obligations arising from the GDPR as defined below in Article 5.2.6.
5.2    Definitions
5.2.1    “Agreement” means the commercial agreement entered into by the Supplier and the Customer under which the Customer entrusts the processing of PD to the Supplier as a Subcontractor.
5.2.2    “PD” means all information, including Sensitive Data relating to a data subject, transmitted by the Customer or generated in the course of the Data Processing.
5.2.3    “Sensitive data” means particular data of a Data Subject, such as information relating to health, genetic data, biometric data or data relating to race or ethnicity, political beliefs, religious or philosophical convictions or trade union membership, as well as data concerning the behaviour or sexual orientation of a person.
5.2.4    “Data Processor” means the Customer.
5.2.5    “Subcontractor” means the Supplier who processes PD on behalf of the Data Controller.
5.2.6    “General Data Protection Regulation” or “GDPR” means Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of PII and on the free movement of such data.
5.2.7    “Data Subject” means the natural person whose PCDs are entrusted by the Customer to the Supplier as a subcontractor in the performance of the Agreement.
5.2.8    “Authorised Person” means the Supplier’s personnel and any subcontractor or third party authorised by the Customer as set out in Article 5.3.1, or any governmental authority on the basis of a legal provision.
5.2.9    “Processing” (and any variant of this word) means any act or series of acts concerning the PDs or all PDs of a Data Subject, whether or not carried out by automated processes, such as collecting, documenting, arranging, structuring, storing, updating or modifying, requesting, consulting, using, making available by transmission, distributing or otherwise making available, aligning or combining, filtering, deleting or destroying data
5.2.10    “Services” means the products and services that the Supplier provides to the Customer under the Agreement.
5.3    Object
5.3.1    The Supplier acts as a Subcontractor of PD provided by the Customer, including any Sensitive Data. The Supplier shall only process the PD provided by the Customer on behalf of and for the account of the Customer for the sole purpose of providing the Services and therefore to comply with the provisions of this Agreement and the Customer’s written instructions.
5.3.2    The Contractor processes the following categories of Personal Data: (i) the name and (electronic) contact details of the intended recipient, as well as the content of an (electronic) shipment that the Supplier arranges for the Customer and (ii) where the sender is not the Customer, the name and (electronic) contact details of the sender, as well as the content of an (electronic) shipment that the Supplier handles for the Customer.  The categories of Persons concerned are the senders and recipients of an (electronic) consignment which the Customer handles on its behalf.
5.3.3     In any event , the Parties shall treat PDs in accordance with the GDPR and, in general, with all legislation to which the Parties are subject.
5.4    Duration of treatment
5.4.1    Notwithstanding anything to the contrary, the Subcontractor shall not retain the PDs for longer than the term of the Agreement.
5.4.2    Notwithstanding the above, the Contractor shall not retain the PDs relating to the Print Services for more than 60 calendar days after the date of receipt or processing, notwithstanding any special filing request from the Customer and notwithstanding the term of the Agreement. After 60 days, the PDs that have been processed for the Customer will be securely deleted. If the Customer asks the immediate deletion of the processed PDs once the Supplier has made the dispatch, the Supplier’s responsibility for the correctness of the services performed for the Customer shall not be called into question in any way.
5.4.3    Notwithstanding the above, the Subcontractor may retain the PDs for a longer period in the event of a dispute relating to the performance of the Agreement.
5.5    Obligations and guarantees of the data controller
5.5.1    The Data Processor guarantees that it has collected PDs in accordance with the GDPR and applicable regulations.
5.5.2    The Data Processor shall ensure that written instructions are provided to the Supplier and request that the Services are provided in accordance with the GDPR and applicable regulations.
5.6    General obligations of the Supplier
5.6.1    The Supplier agrees:    To treat the Customer’s PD with the strictest confidentiality;    To refrain from distributing the Customer’s PD to any third party, excluding Authorised Persons;    To process and disseminate PD only in accordance with the Data Controller’s written instructions, to the extent necessary to perform the Services;    To inform the Customer if any of its instructions appear to be in breach of the GDPR or any other regulation, and to suspend the execution of the instruction in question until confirmation or adjustment by the Data Controller;    Impose confidentiality obligations on its staff who have access to the Customer’s PD;    To take sufficient organisational and technical security measures, as defined in Article 5.7 ;    To assist the Client, as far as possible, in answering the questions of the Persons concerned;    To provide the Customer with all the information necessary for the Customer to establish compliance with what has been agreed in this Agreement and to undertake, where appropriate, to submit to an audit or inspection if required by the supervisory authority. The Data Processor shall give at least 2 weeks’ notice of each audit or inspection; such audits or inspections shall take place no more than once per calendar year;    To assist the Customer, if necessary, for an additional fee, in carrying out a data protection impact assessment.
5.7    Security measures
5.7.1    The Supplier guarantees a secure Processing of PD, taking into account the current technology, in accordance with the appropriate technical and organisational arrangements. The Supplier has procedures in place to protect PDs against loss and unauthorised access, as well as specific procedures, in case the continuity of the business of one of its sites is compromised. The Supplier has incorporated technological security measures that include security software, passwords and firewalls, which are designed to prevent unauthorised access to its computers and servers. The Supplier has also implemented procedures to be informed in real time of any technical incidents and system failures, so that it can resolve such incidents and failures as soon as possible.
5.7.2    When sending the Customer’s PCDs to the Supplier, the Supplier shall provide the Customer with a secure server or request the Customer to transfer such Data in a secure manner. The Supplier specifies that where the Customer sends the Supplier data for the purpose of testing the functionality of the services offered by the Supplier, the Supplier assumes that this is fictitious or anonymised data which does not constitute PD. In any event, if the Customer does not wish to send the PD via a secure server/transfer, the Supplier cannot be held responsible for any attack on the PD during the transfer stage.
5.8    Requirements for the involvement of another subcontractor
5.8.1    To the extent that the Supplier is required to appoint a subcontractor to carry out certain activities on the PD, the Supplier agrees to:    To inform the Data Controller as far as possible and to seek his consent, without prejudice to the general admission included in Article 5.8.3 ;    That the sub-processor provides sufficient guarantees regarding the application of appropriate technical and organisational measures to ensure that the processing of PDs complies with the requirements of the GDPR; that the sub-processor complies with the Supplier’s own obligations under the Agreement;
5.8.2    The Customer accepts that his PDs may be processed by third parties, as indicated above, and that these subcontractors may have access to the PDs within the limits of the Services and for the provision of the Services.
5.8.3    Notwithstanding Article 5.8.1, the Supplier explicitly reserves the right to subcontract part of the Services to third parties without having received prior authorisation from the Customer, for the purpose of performing certain tasks. The Supplier shall ensure that such third parties are subject to a confidentiality agreement and provide sufficient guarantees for the implementation of appropriate technical and organisational measures, ensuring that the Processing of PD by such third parties protects the rights of the Data Subject. As such, the Subcontractor must inform the Client of any changes, additions or replacements of other subcontractors, giving the Client sufficient opportunity to object to such changes.
5.9    Violations of PDs and the duty to assist
5.9.1    The Supplier agrees to inform the Customer without unreasonable delay in writing of any incident involving PD obtained from the Supplier. It is the Customer’s responsibility to assess whether the incident constitutes a breach of PDs.
5.9.2    In this respect, the Supplier agrees to inform the Customer:
  • The nature of the violation of PDs ;
  • The category and number of Persons involved or the number of PCDs involved;
  • Likely consequences of violating PDs;
  • Measures taken regarding this violation.
5.9.3    The Supplier shall take the necessary measures to determine the causes of this violation and to prevent the recurrence of such situations to the extent reasonably possible.
5.9.4    The Supplier shall assist the Customer in any notification of the attack to the supervisory authorities and to the Person(s) concerned. In any event, the Supplier shall cooperate with the Customer on requests for information made by the supervisory authority in relation to the Services.
5.10    Place of treatment
5.10.1    The Supplier is established in the territory of the European Union and endeavours as far as possible to Process the PD in this territory or in a third country which benefits from an adequacy decision of the European Commission. However, where the Supplier uses the IT services of a subcontractor on the basis of Article 5.8 (e.g. Microsoft Office), this subcontractor may be required to Process PDs outside the European Union. In such a case, if the transfer concerns a third country which does not benefit from an adequacy decision of the European Commission, safeguards are taken to ensure an adequate level of protection of PD.
5.11    Third party issues
5.11.1    The Supplier agrees to inform the Customer of any requests from third parties (governments or Data Subjects) to obtain access to the PDs and to collaborate with the Data Processor on the follow-up of such matters. In this regard, the Supplier agrees not to respond to such questions without first obtaining the Customer’s explicit consent in this regard.
5.12    Responsibility
5.12.1    The Contractor’s liability is limited to the provisions of the Agreement.
5.13    Various
5.13.1    Any deviation from this Agreement must be in writing.
5.13.2      A waiver of any provision of this Agreement may only be invoked by one of the Parties upon presentation of an explicit document in writing signed by the other Party.
5.13.3    The validity of this Agreement shall in no way be affected by the invalidity of any provision included in it. In such a case, the aforementioned provisions shall be deemed not to have been established. The Parties shall then agree to replace the clause in question with a valid clause, producing legal and economic effects as close as possible to the clause in question.
5.13.4    In the event of a dispute concerning the validity, interpretation or performance of the Agreement, the Parties shall use their best endeavours to settle the matter amicably, if necessary by means of commercial mediation.