Co-Administrators' arrangements

1. This information is connected with the fulfillment of duties defined in particular in Article 26(2) of the GDPR and concerning joint control.

2. Capitalized terms not defined in the Mutual Agreements of the Joint Controllers (hereinafter: “Mutual Arrangements”) shall be understood as defined in the Privacy Policy.

3. Mutual Arrangements are applicable if they are expressly included by reference by the rules and regulations of the service provided by WP (“Service Rules and Regulations”) or agreements on services provided by WP (“Agreement”) If there is any discrepancy between the provisions of the Service Rules and Regulations or the Agreement and the provisions of the Mutual Arrangements, the latter shall prevail.

4. WP and the Client (hereinafter: “Joint Controllers”) are joint controllers of Personal Data pursuant to Article 26 of the GDPR in the scope defined in the Service Rules and Regulations or the Agreement. The scope of the joint control is described in the Service Rules and Regulations or the Agreement.

5. The Mutual Arrangements defined the scope of the Joint Controllers’ responsibility for ensuring compliance with the provisions of the GDPR with regard to joint control. The Mutual Arrangements refer to all the actions where the Joint Controllers, their employees or processors of Personal Data are engaged in joint control.

6. The Joint Controllers ensure compliance with the present content of the Mutual Arrangements.

7. The scope of the Joint Controllers’ responsibility concerning the fulfillment of duties following from the provisions of the GDPR with regard to joint control is defined as follows

Duty following fromprovisions of the GDPR	WP	Client
Having a legal basis for the joint control (Article 6)	YES with regard to the processing of Personal Data in connection with the joint control by WP	YES with regard to the processing of Personal Data in connection with the joint control by the Client
Exercising the right to withdraw consent (Article 7(3))	YES with regard to handling a request to withdraw consent in connection with the joint control	NO the Client shall only provide information about a request to withdraw consent in connection with the joint control
Providing information about the joint control (Articles 13, 14)	YES disclosing a list of Joint Controllers with information about the joint control and content of the Mutual Arrangements	YES reference to the content of the Mutual Arrangements with a link at the Client’s website
Providing data subjects with information on the arrangements regarding the responsibilities of the Joint Controllers and the relationships between them and data subjects (Article 26(2))	YES this includes providing data subjects with a list of Joint Controllers with information about the joint control and the content of the Mutual Arrangements	YES reference to the content of the Mutual Arrangements with a link at the Client’s website
Exercising the rights of data subjects (Articles 15-21)	YES With regard to the Personal Data processed by WP in connection with the joint control and in reference to the Personal Data for which WP acts as an independent Controller. A data subject may exercise their rights in connection with the joint control in respect of each of the Joint Controllers.	NO The Client shall only provide information about a data subject’s request immediately but not later than within 3 business days of the moment of receiving the request. A data subject may exercise their rights in connection with the joint control in respect of each of the Joint Controllers.
Exercising the right not to be subject to a decision based solely on automated processing, including profiling (Article 22)	YES with regard to handling a request to withdraw consent in connection with the joint control	NO the Client shall provide information about a request to withdraw consent in connection with joint control
Maintaining a record of processing activities (Article 30(1))	YES with regard to the processing of Personal Data in connection with the joint control by WP	YES with regard to the processing of Personal Data in connection with the joint control by the Client
Implementation of appropriate technical and organizational measures, including risk analysis in connection with the processing of Personal Data (Article 32 of the GDPR)	YES with regard to ensuring the security of the Service	YES with regard to the correct implementation of the Service
Notification of a Personal Data breach concerning the joint control of Personal Data (Articles 33, 34)	YES handling and possibly reporting to a regulatory authority unless a Personal Data breach concerns WP’s obligations in accordance with the content of the Mutual Arrangements	YES handling and possibly reporting to a regulatory authority unless a Personal Data breach concerns the Client’s obligations in accordance with the content of the Mutual Arrangements
Performance of tasks of a contact point for data subjects	YES with regard to the processing of Personal Data in connection with the joint control by WP	YES with regard to the processing of Personal Data in connection with the joint control by the Client
Performance of tasks of a contact point for the regulatory authority	YES	NO The Client shall only provide information about contact from the regulatory authority immediately but not later than within 3 days

5. With regard to Article 32 of the GDPR, the technical and organizational measures applied by WP in a version periodically updated (e.g. in connection with technological changes) may be presented at the Client’s justified request.
6. The Joint Controllers undertake to control personal data in compliance with the laws in force, including in particular provisions of the GDPR.
7. The Joint Controllers are responsible individually for other obligations with regard to the fulfillment of duties following from provisions of the GDPR with reference to the processing of Personal Data subject to the joint control.
8. Information about registered offices and contact data of each Joint Control and their Data Protection Officers are available at the Joint Controllers’ websites.
9. If the Mutual Arrangements are amended, the continued use of the Service is tantamount to accepting the amended provisions. If you do not accept the amended version, please discontinue using the Service.