RiskFlag Ltd
RiskFlag Ltd
  • Home
  • Software
  • About us
  • Blog
  • Contact Us
  • Login
  • More
    • Home
    • Software
    • About us
    • Blog
    • Contact Us
    • Login
  • Home
  • Software
  • About us
  • Blog
  • Contact Us
  • Login

Privacy Notice

Definitions:

Adequate Jurisdiction means a country or jurisdiction that is found by the European Commission or the United Kingdom to ensure an adequate level of data protection within the meaning of the Applicable Data Protection Laws and therefore does not require Standard Contractual Clauses.

Applicable Data Protection Laws: means any applicable laws regarding the Processing of Personal Data, including:

·  To the extent the UK GDPR applies, the law of the United Kingdom or of a part of the United Kingdom which relates to the protection of personal data;

·  To the extent the EU GDPR applies, the law of the European Union or any member state of the European Union to which The Supplier  is subject, which relates to the protection of personal data;

and where applicable the guidance and codes of practice issued by the data protection authorities or others in connection with such laws, all as amended from time to time.

Applicable Laws means all applicable laws, statutes, regulation from time to time in force.

Customer Personal Data: means any personal data which The Supplier  processes in connection with this Agreement, in the capacity of a processor on behalf of the Customer.

EU GDPR: means the General Data Protection Regulation ((EU) 2016/679), as it has effect in EU law.

Standard Contractual Clauses means (i) the standard contractual clauses adopted by the European Commission on 4 June 2021 for the transfer of Personal Data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council (“EU SCCs”); (ii) the International Data Transfer Addendum to the EU Commission Standard Contractual Clauses issued by the Information Commissioner’s Office and laid before the UK Parliament in accordance with s119A of the Data Protection Act 2018 on 2 February 2022 (the “UK Addendum to the EU SCCs”) and which came into force on 21 March 2022 , all as amended from time to time.

UK GDPR: has the meaning given to it in section 3(10) (as supplemented by section 205(4)) of the Data Protection Act 2018.

Customer Personal Data

1.         For the purposes of this Addendum, the terms controller, processor, data subject, personal data, personal data breach and processing shall have the meaning given to them in the UK GDPR. Save where expressly stated to the contrary herein, this Addendum is subject to the agreement for the provision of the Service and is incorporated into the agreement. Interpretations and defined terms set forth in the agreement apply to the interpretation of this Addendum unless otherwise defined herein.

2.         Both parties will comply with all applicable requirements of Applicable Data Protection Laws including the Standard Contractual Clauses, where applicable, and shall not cause the other party to breach any of its applicable obligations under the Applicable Data Protection Laws and/or the Standard Contractual Clauses. This Addendum is in addition to, and does not relieve, remove or replace, a party's obligations or rights under Applicable Data Protection Laws and/or the Standard Contractual Clauses.

3.         The parties have determined that, for the purposes of Applicable Data Protection Laws:

(a)       the Supplier shall process the personal data as set out in Part 1 of this Addendum as processor on behalf of the Customer; and

(b)       the Supplier shall act as controller of the personal data set out in Part 2 of this Addendum.

4.         Should the determination in paragraph 3 change, the parties shall use all reasonable endeavours to make any changes that are necessary to this Addendum and to Part 1 and/or Part 2.

5.         Without prejudice to the generality of paragraph 2, the Customer will ensure that it has all necessary appropriate consents and notices in place to enable lawful transfer of the Supplier Personal Data, to the extent applicable, and Customer Personal Data to the Supplier and lawful collection of the same by the Supplier for the duration and purposes of this agreement.

6.         In relation to the Customer Personal Data, Part 1 sets out the scope, nature and purpose of processing by the Supplier, the duration of the processing and the types of personal data and categories of data subject.

7.         Without prejudice to the generality of paragraph 2, the Supplier shall, in relation to Customer Personal Data:

(a)       process that Customer Personal Data only on the documented instructions of the Customer, which shall be to process the Customer Personal Data for the purposes set out in Part 1 (Processing, personal data and data subjects) unless the Supplier is required by Applicable Laws to otherwise process that Customer Personal Data (purpose). Where the Supplier is relying on Applicable Laws as the basis for processing Customer Processor Data, the Supplier shall notify the Customer of this before performing the processing required by the Applicable Laws unless those Applicable Laws prohibit the Supplier  from so notifying the Customer on important grounds of public interest. The Supplier shall inform the Customer if, in the opinion of the Supplier, the instructions of the Customer infringe Applicable Data Protection Laws;

(b)       implement appropriate technical and organisational measures to protect against unauthorised or unlawful processing of Customer Personal Data and against accidental loss or destruction of, or damage to, Customer Personal Data, which are appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures;

(c)       ensure that any personnel engaged and authorised by the Supplier to process Customer Personal Data have committed themselves to confidentiality or are under an appropriate statutory or common law obligation of confidentiality;

(d)       assist the Customer insofar as this is possible (taking into account the nature of the processing and the information available to the Supplier), and at the Customer's cost and written request, in responding to any request from a data subject and in ensuring the Customer's compliance with its obligations under Applicable Data Protection Laws with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators;

(e)       notify the Customer without undue delay on becoming aware of a personal data breach involving the Customer Personal Data;

(f)        at the written direction of the Customer, delete or return Customer Personal Data and copies thereof to the Customer on termination of the Service Terms unless the Supplier is required by Applicable Law to continue to process that Customer Personal Data. For the purposes of this paragraph 7(f) Customer Personal Data shall be considered deleted where it is put beyond further use by the Supplier; and

(g)        maintain records to demonstrate its compliance with the terms of this Addendum, and allow for reasonable audits by the Customer or the Customer's designated auditor, at the Customer’s expense for this purpose, on reasonable written notice.

8.         The Customer provides its prior, general authorisation for the Supplier to:

(a)       appoint processors to process the Customer Personal Data, provided that the Supplier:

(i)         shall ensure that the terms on which it appoints such processors comply with Applicable Data Protection Laws, and are consistent with the obligations imposed on the Supplier in this Addendum and the agreement;

(ii)        shall remain responsible for the acts and omission of any such processor as if they were the acts and omissions of the Supplier; and

(iii)      shall inform the Customer of any intended changes concerning the addition or replacement of the processors.

9.         The Supplier shall not transfer or otherwise process any Customer Personal Data across national borders without the Customer’s prior written consent.  The Customer expressly agrees to the transfers of Customer Personal Data subject to compliance with this clause 9:

(a)       To the extent Customer Personal Data is transferred from the European Economic Area (“EEA”) or the UK to a processor or Customer Affiliate in a non-Adequate Jurisdiction, the EU SCCs and the UK Addendum to the EU SCCs, as applicable will apply respectively. The Standard Contractual Clauses, i.e., the EU SCCs and the UK Addendum to the EU SCCs replace the European Commission Decision of 5 February 2010 on standard contractual clauses for the transfer of personal data to processors established in third countries;

(b)       For the purposes of the Standard Contractual Clauses the following additional provisions shall apply:

(i)         The Customer shall be regarded as the data exporter and the Supplier shall be regarded as the data importer;

(ii)        the parties agree to observe the terms of the Standard Contractual Clauses without substantive modification; and

(iii)      the parties’ signature to this agreement shall be considered as a signature for the Standard Contractual Clauses.

Except where expressly required by the Standard Contractual Clauses or under this Addendum, the Supplier shall not permit any third party to have access to Customer Personal Data transferred to the Supplier by the Customer without the prior consent of the Customer.

In the event of any conflict between the provisions of (1) the Standard Contractual Clauses; and (2) the remaining terms of this Addendum, then the Standard Contractual Clauses, or any replacement thereof, shall take precedence. The terms of this Addendum shall not vary the Standard Contractual Clauses in any way.

10.      Either party may, at any time on not less than 30 days' notice, revise this Addendum by replacing it with any applicable controller to processor standard clauses or similar terms forming part of an applicable certification scheme (which shall apply when replaced by attachment to this Addendum).

11       The Supplier 's liability for losses arising from breaches of this Addendum shall be limited as set out in clauses 13.1 and 13.2 of the agreement.

12.      This Addendum will remain in full force and effect so long as:

(a)       the agreement remains in effect; or

(b)       The Supplier otherwise retains any of the Customer Personal Data related to the Service in its possession or control pursuant to Applicable Laws.

13.      Any provision of this Addendum that expressly or by implication should come into or continue in force on or after termination of the agreement in order to protect the Customer Personal Data will remain in full force and effect.

Part 1

Personal Data processing purposes and details

Subject matter of processing: Provision of Services

Duration of Processing: Throughout the Term of this Agreement

Nature of Processing: To enable the Software to fully function in the provision of the Services

Personal Data Categories: name(s); email address(es); device details; financial details; usage details

Data Subject Types: individuals

Approved Subprocessors:

N/A

Part 2

All personal data which is not included in Part 1.

  • Terms and Conditions
  • Accessibility
  • Privacy Notice
  • Cookie Policy

RiskFlag Ltd

Copyright © 2024 RiskFlag Ltd - All Rights Reserved.

Powered by GoDaddy

This website uses cookies.

We use cookies to analyse website traffic and optimise your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.

DeclineAccept