Data Processing Agreement

DEFINITIONS

  • Applicable Laws: means:
    1. To the extent the UK GDPR applies, the law of the United Kingdom or of a part of the United Kingdom.
    2. To the extent EU GDPR applies, the law of the European Union or any member state of the European Union to which the Supplier is subject.
  • Applicable Data Protection Laws: means:
    1. To the extent the UK GDPR applies, the law of the United Kingdom or of a part of the United Kingdom which relates to the protection of personal data.
    2. To the extent the EU GDPR applies, the law of the European Union or any member state of the European Union to which the Supplier is subject, which relates to the protection of personal data.
  • Customer Personal Data: any personal data which the Supplier processes in connection with this agreement, in the capacity of a processor on behalf of the Customer.
  • EU GDPR: the General Data Protection Regulation ((EU) 2016/679).
  • Purpose: the purposes for which the Customer Personal Data is processed, as set out in clause 8(a).
  • UK GDPR: has the meaning given to it in the Data Protection Act 2018.
  1. DATA PROTECTION
    1.1 For the purposes of this clause 1, the terms controller, processor, data subject, personal data, personal data breach and processing shall have the meaning given to them in the UK GDPR.

    1.2 Both parties will comply with all applicable requirements of Applicable Data Protection Laws. This clause 1 is in addition to, and does not relieve, remove or replace, a party's obligations or rights under Applicable Data Protection Laws. 

    1.3 The parties have determined that, for the purposes of Applicable Data Protection Laws the Supplier shall process the personal data set out in Appendix 1, as a processor on behalf of the Customer in respect of the processing activities set out in Appendix 1.

    1.4 Should the determination in clause 3 change, then each party shall work together in good faith to make any changes which are necessary to this clause 1 or the related schedules. 

    1.5 By entering into this agreement, the Customer consents to (and shall procure all required consents, from its personnel, representatives and agents, in respect of) all actions taken by the Supplier in connection with the processing of Supplier Personal Data, provided these are in compliance with the then-current version of the Supplier's privacy policy available at https://www.pushfar.com/privacy-policy/ (Privacy Policy). In the event of any inconsistency or conflict between the terms of the Privacy Policy and this agreement, the Privacy Policy will take precedence. 

    1.6 Without prejudice to the generality of clause 2, the Customer will ensure that it has all necessary appropriate consents and notices in place to enable lawful transfer of the Supplier Personal Data and Customer Personal Data to the Supplier for the duration and purposes of this agreement. 

    1.7 In relation to the Customer Personal Data, Appendix 1 sets out the scope, nature and purpose of processing by the Supplier, the duration of the processing and the types of personal data and categories of data subject. 

    1.8 Without prejudice to the generality of clause 2 the Supplier shall, in relation to Customer Personal Data: 

    (a) process that Customer Personal Data for the purposes set out in Appendix 1 unless the Supplier is required by Applicable Laws to otherwise process that Customer Personal Data. Where the Supplier is relying on Applicable Laws as the basis for processing Customer Processor Data, the Supplier shall notify the Customer of this before performing the processing required by the Applicable Laws unless those Applicable Laws prohibit the Provider from so notifying the Customer on important grounds of public interest. The Supplier shall inform the Customer if, in the opinion of the Supplier, the instructions of the Customer infringe Applicable Data Protection Laws; 

    (b) implement appropriate technical and organisational measures to protect against unauthorised or unlawful processing of Customer Personal Data and against accidental loss or destruction of, or damage to, Customer Personal Data, having regard to the state of technological development and the cost of implementing any measures; 

    (c) ensure that any personnel engaged and authorised by the Supplier to process Customer Personal Data have committed themselves to confidentiality or are under an appropriate statutory or common law obligation of confidentiality; 

    (d) assist the Customer insofar as this is possible (taking into account the nature of the processing and the information available to the Supplier), and at the Customer's cost and written request, in responding to any request from a data subject and in ensuring the Customer's compliance with its obligations under Applicable Data Protection Laws with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators; 

    (e) notify the Customer without undue delay on becoming aware of a personal data breach involving the Customer Personal Data; 

    (f) at the written direction of the Customer, delete or return Customer Personal Data and copies thereof to the Customer on termination of the agreement unless the Supplier is required by Applicable Law to continue to process that Customer Personal Data. For the purposes of this clause 8(f) Customer Personal Data shall be considered deleted where it is put beyond further use by the Supplier; and 

    (g) maintain records to demonstrate its compliance with this clause 1. 

    1.9 The Customer hereby provides its prior, general authorisation for the Supplier to: 

    (a) appoint processors to process the Customer Personal Data, provided that the Supplier:
        • shall ensure that the terms on which it appoints such processors comply with Applicable Data Protection Laws, and are consistent with the obligations imposed on the Supplier in this clause 1;
        • shall remain responsible for the acts and omission of any such processor as if they were the acts and omissions of the Supplier; and
        • shall inform the Customer of any intended changes concerning the addition or replacement of the processors, thereby giving the Customer the opportunity to object to such changes provided that if the Customer objects to the changes and cannot demonstrate, to the Supplier's reasonable satisfaction, that the objection is due to an actual or likely breach of Applicable Data Protection Law, the Customer shall indemnify the Supplier for any losses, damages, costs (including legal fees) and expenses suffered by the Supplier in accommodating the objection. 

(b) transfer Customer Personal Data outside of the UK as required for the Purpose, provided that the Supplier shall ensure that all such transfers are effected in accordance with Applicable Data Protection Laws. For these purposes, the Customer shall promptly comply with any reasonable request of the Supplier, including any request to enter into standard data protection clauses adopted by the EU Commission from time to time (where the EU GDPR applies to the transfer) or adopted by the UK Information Commissioner from time to time (where the UK GDPR applies to the transfer).

 

Appendix 1: Particulars of the processing

1.Particulars of processing


1.1 Scope 
The provision of the Services


1.2 Nature

Mentor relationships, matching profiles, mentor management, tracking and reporting

 

1.3 Purpose of processing

Data collection and/or processing and/or storage and/or access

 

1.4 Duration of the processing

Term of the Agreement

 

2. Types of Personal Data

By default we capture the following:

First name, Last name, Email address, Town/City, Country, Job Title, Company Name, Mentoring Experience

Any additional fields, such as Telephone, Ethnicity or Gender may be captured, subject to the Customer's preferences.

 

3. Categories of Data Subject

Participants wishing to engage in the Services