1 – Data Processing Terms

 

1.1          The parties to this EULA hereby agree that they shall comply with their respective obligations under the Data Protection Legislation, to the extent that the Data Protection Legislation is applicable to any processing of Customer Personal Data in connection with this EULA.

1.2          We acknowledge that, for the purposes of Data Protection Legislation, , if we process any Customer Personal Data when performing our obligations under this EULA, you are the controller. You acknowledge that we are the processor of Customer Personal Data. A general description of the scope, nature and purpose of processing by us, the duration of the processing and the types of personal data is set out in paragraph 2 of this Schedule.

1.3             Without prejudice to the generality of paragraph 1.1, you shall ensure that you have all necessary appropriate consents and notices in place to enable lawful transfer of the Customer Personal Data to us for the duration and purposes of this EULA so that we may lawfully use, process and transfer the Customer Personal Data in accordance with this EULA on your behalf.

1.4          We shall, in relation to any Customer Personal Data processed in connection with the provision of Support and the performance of our obligations under the EULA:

1.4.1         only process the Customer Personal Data for the purpose set out in paragraph 2 of this Schedule and not for any other purpose unless we are acting on your documented written instructions or where otherwise required to do so by the laws of any member of the European Union or by the laws of the European Union applicable to us (Applicable Law). Where we are relying on Applicable Law as the basis for processing Customer Personal Data, we shall notify you of this before performing the processing required by the Applicable Law (unless prohibited by such Applicable Law);

1.4.2         ensure that we have in place appropriate technical and organisational measures to protect against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, Customer Personal Data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting Customer Personal Data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to Customer Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it);

1.4.3         ensure that all personnel who have access to and/or process personal data are obliged to keep the Customer Personal Data confidential;

1.4.4         ensure we take such measures required pursuant to Article 32 of the GDPR;

1.4.5         at your expense, assist you in responding to any request from a data subject and in ensuring compliance with your obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators;

1.4.6         notify you without undue delay on becoming aware of a personal data breach in relation to the Customer Personal Data;

1.4.7         at your written direction, delete or return the Customer Personal Data and copies thereof to you on termination of this EULA unless required by Applicable Law to store the Customer Personal Data; and

1.4.8         maintain complete and accurate records and information to demonstrate our compliance with this Schedule and allow for audits, including inspections by you or your designated auditor and immediately inform you if, in our opinion, an instruction infringes the Data Protection Legislation.

1.5          You warrant and undertake that any processing of Customer Personal Data which is or may occur in accordance with this EULA has a lawful basis and that any such Personal Data may properly be processed in accordance with the terms of this EULA.

1.6             You agree that we may appoint such sub-processors to process the Customer Personal Data as we deem appropriate for the proper performance of the EULA, provided that we shall impose contractual terms on the sub-processor which are no less onerous than those set out in this Schedule. We shall inform you of any intended changes concerning the addition or replacement of third-party processors, giving you the opportunity to object to such changes.

1.7             We confirm that we have entered or (as the case may be) will enter with any third-party processor(s) into a written agreement substantially on the relevant third-party processor’s standard terms of business or incorporating terms which are substantially similar to those set out in this Schedule 1.

1.8          Without prejudice to the generality of any other provisions of the EULA, we may revise this Schedule by replacing it with any applicable controller to processor standard clauses or similar terms from time to time (which shall apply when replaced by attachment to this EULA).

 

2 – Scope nature and purpose of processing

 

Subject matter and duration of the processing

 

The Customer Personal Data which is provided by you to us or to which you grant us access in connection with the performance of the Support in relation to this EULA.

We shall only process the Customer Personal Data for as long as is required to comply with the provision of Support under the EULA or where we are required to store the Customer Personal Data to comply with Applicable Laws or for regulatory purposes.

Nature and purpose of the processing

Processing of the Customer Personal Data in order to perform Support in relation to this EULA.

Type of personal data

 

The Customer Personal Data may include names, business addresses, mobile phone numbers, email addresses, IT system or account log in details, IP addresses, and such other personal identifiers and data relating to data subjects whose details may be provided (or made available) to us by you in connection with the performance of Support under the EULA.

Categories of data subjects

Individuals whose details may be provided (or made available) by you in connection with the performance of Support under the EULA.