Privacy Policy - GDPR
- DATA PROTECTION
1.1 The parties will comply with all applicable requirements of Regulation no.2016/679 (General Data Protection Regulations / GDPR) (the “Data Protection Legislation”). This clause is in addition to, and does not relieve, remove or replace, a party's obligations under the Data Protection Legislation. The terms used in this clause shall have the same meaning given to them in Article 4 of the Data Protection Legislation).
1.2 The parties acknowledge that for the purposes of the Data Protection Legislation we are the Data Controller and you are the Service Provider are the Data Processor (where Data Controller and Data Processor have the meanings as defined in the Data Protection Legislation). Without prejudice to the generality of clause 1.1, we will ensure that we have all necessary appropriate consents and notices in place to enable lawful transfer of the Personal Data to the Service Provider for the duration and purposes of this agreement.
1.3 Without prejudice to the generality of clause 1.1, the Service Provider shall, in relation to any Personal Data processed in connection with the performance by the Service Provider of its obligations under this Agreement:
(a) Process that Personal Data only on our written instructions unless the Service Provider is required by the laws of any member of the European Union or by the laws of the European Union applicable to the Service Provider to process Personal Data (Applicable Laws). Where the Service Provider is relying on laws of a member of the European Union or European Union law as the basis for processing Personal Data, the Service Provider shall promptly notify us of this before performing the processing required by the Applicable Laws unless those Applicable Laws prohibit the Service Provider from so notifying us;
(b) ensure that it has in place appropriate technical and organisational measures to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting Personal Data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it);
(c) ensure that all personnel who have access to and/or process Personal Data are obliged to keep the Personal Data confidential; and
(d) not transfer any Personal Data outside of the European Economic Area unless the following conditions are fulfilled:
(i) the Service Provider has provided appropriate safeguards in relation to the transfer;
(ii) the data subject has enforceable rights and effective legal remedies;
(iii) the Service Provider complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any Personal Data that is transferred; and
(iv) the Service Provider complies with reasonable instructions notified to it in advance by us with respect to the processing of the Personal Data.
(e) assist us, at our cost, in responding to any request from a Data Subject and in ensuring compliance with its obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators;
(f) notify us without undue delay on becoming aware of a Personal Data breach;
(g) at our written direction delete or return Personal Data and copies thereof to us on termination of the agreement unless required by Applicable Law to store the Personal Data; and
(h) maintain complete and accurate records and information to demonstrate its compliance with this clause 1.3.
1.4 The Service Provider shall only engage the services of another sub-processor under the following conditions:
(b) a list of the sub-processors performing any processing in relation to the Agreement is kept up to date by you. Furthermore, you undertake to provide to us, on request by us, the list of sub-processors;
(c) we can oppose use of any particular sub-processor by informing you of this in writing. In this case, you will then propose another sub-processor or maintain the sub-processor that had been appointed by implementing, where applicable, the corrective measures requested by us. If none of these possibilities is conceivable, you will cease to engage this sub-processor or we can terminate all or part of the Agreement that require you making use of this sub-processor;
(d) a contract is concluded by you with your sub-processor including obligations at least equivalent to those to which you are bound in this Agreement, with it being set out that you remain fully liable towards the data controller (us) for the performance of the obligations incumbent upon your sub-processors.
- Indemnity
2.1 YOU SHALL DEFEND, INDEMNIFY AND HOLD US HARMLESS FROM AND AGAINST ANY CLAIM IN TORT CONTRACT OR OTHERWISE ARISING FROM ANY ERROR OR OMISSION BY YOU IN PROCESSING PERSONAL DATA. FOR THE AVOIDANCE OF DOUBT, THIS CLAUSE SHALL APPLY IF THE INFORMATION COMMISSIONER OFFICE (ICO) OR ANY OTHER COMPETENT AUTHORITY IMPOSES A FINE OR PENALTY ON US AND/OR A DATA SUBJECT CLAIMS COMPENSATION FROM US RESULTING FROM ANY ERROR OR OMISSION BY THE SERVICE PROVIDER IN PROCESSING THE PERSONAL DATA.
2.2 CLAIM MEANS ANY CLAIM, DEMAND, CAUSE OF ACTION, PROCEEDINGS, JUDGMENTS, AWARD (INCLUDING REASONABLE LEGAL FEES, COSTS AND EXPENSES AND REASONABLE SUMS PAID BY WAY OF SETTLEMENT OR COMPROMISE), LIABILITY, LOSS, EXPENSE, PENALTY, FINE AND DAMAGES AND THE LIKE ARISING FROM, RELATING TO, OR IN CONNECTION WITH THE PERFORMANCE, MIS-PERFORMANCE OR NON-PERFORMANCE OF THE CONTRACT.
