Agreement pursuant to GDPR Article 28 between clubs and KlikBit
Data Controller: the RC club or organization managing a RCMan account. Processor: KlikBit, based in the Netherlands, provider of RCMan. Data Subjects: the members and other persons whose data is processed via RCMan. GDPR: General Data Protection Regulation (EU) 2016/679.
KlikBit processes personal data solely for the purpose of providing the RCMan service to the data controller. Processing takes place on written instructions from the data controller, unless legal obligations require otherwise.
Data subjects: members, board members, and contact persons of the club. Data categories: name, contact details (email, phone, address), date of birth, membership data, payment status, model/aircraft data. Special categories of personal data are not processed unless explicitly agreed.
KlikBit commits to: process data only on the controller's instructions; maintain confidentiality; implement appropriate technical and organizational measures; bind staff to confidentiality obligations; assist the controller in fulfilling obligations toward data subjects.
KlikBit uses sub-processors for hosting and payment processing. The data controller grants general authorization. KlikBit concludes written agreements with sub-processors imposing at minimum the same obligations as this agreement. A current list is available on request.
KlikBit implements: encryption (TLS and encryption at rest), access security and authentication, regular backups, monitoring and logging, need-to-know access restrictions. Measures are periodically evaluated and updated.
In case of a data breach likely to result in risk to data subjects, KlikBit will notify the data controller without undue delay and within 72 hours of discovery. The notification includes: nature of the breach, categories and scope of data subjects and data affected, measures taken.
KlikBit assists the data controller in handling requests from data subjects (access, rectification, erasure, etc.) to the extent technically feasible. Requests from data subjects submitted directly to KlikBit will be forwarded to the data controller.
The data controller has the right (maximum once per year) to conduct an audit of compliance with this agreement, with at least 30 days prior notice and at own expense. KlikBit will provide all reasonably necessary information.
Upon termination of the service, data will be returned upon request or, if not otherwise requested, permanently deleted after 30 days. KlikBit will confirm deletion in writing upon request.
This data processing agreement runs parallel to the main agreement (subscription) and automatically ends upon its termination. Confidentiality and deletion provisions remain in force after termination.
Last updated: March 2025