2024: V2

Processing of Personal Data

circle imagecircle image

We’re here to help.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Get in touch

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique

Address

1821 12th Street,
Noe Valley, San Francisco
California
Envelop
exmaple@gmail.com
Phone
1800 832 993

Social Media

Power 365 Solutions Ltd processing of Personal Data in the provision of Services

Except as defined in these provisions, capitalised terms shall have the meanings given to them in the Statement of Work and/or the master services agreement (the “Agreement”) (as the case may be) entered into by the parties. These provisions shall apply to the processing of Client personal data by the Supplier in the provision of the Services.

  1. 1 Definitions
  1. 1.1 For the purposes of these provisions, the following definitions shall apply:
  1. 1.2 “Applicable Data Protection Legislation” means:
  1. (a). To the extent the UK data protection law applies: all applicable data protection and privacy legislation in force from time to time in the UK including the UK GDPR; the Data Protection Act 2018 (DPA 2018) (and regulations made thereunder) and the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426) as amended.
  2. (b). To the extent the EU GDPR applies: the law of the European Union or any member state of the European Union to which the Supplier is subject, which relates to the protection of personal data;
  1. 1.3 “Client Personal Data” means any personal data which the Supplier processes in connection with this Agreement, in the capacity of a processor on behalf of the Client;
  2. 1.4 “EU GDPR” means the General Data Protection Regulation ((EU) 2016/679) as it has effect in EU law; and
  3. 1.5 “UK GDPR” has the meaning given to it in section 3(10) (as supplemented by section 205(4)) of the Data Protection Act 2018.
  1. 2 Obligations of the Parties
  2. 2.1 The terms controller, processor, data subject, personal data, personal data breach and processing shall have the meaning given to them in the Applicable Data Protection Legislation.
  3. 2.2 Both Parties will comply with all applicable requirements of Applicable Data Protection Legislation. These provisions are in addition to, and do not relieve, remove or replace, a Party's obligations or rights under Applicable Data Protection Legislation.
  4. 2.3 The Parties have determined that, for the purposes of Applicable Data Protection Legislation, the Supplier shall process the personal data set out in the Statement of Work, as a processor on behalf of the Client and the Client is the controller of the personal data.
  5. 2.4 In relation to the Client Personal Data, the applicable Statement of Work sets out the scope, nature and purpose of processing by the Supplier, the duration of the processing and the types of personal data and categories of data subject.
  6. 2.5 Without prejudice to the generality of Clause 2.2, the Client will ensure that it has all necessary appropriate consents and notices in place to enable lawful transfer of the Client Personal Data to the Supplier for the duration and purposes of its master services agreement (“Agreement”).
  7. 2.6 Without prejudice to the generality of Clause 2.2 the Supplier shall, in relation to Client Personal Data:
  1. (a). process that Client Personal Data only on the documented instructions of the Client, which shall be to process that Personal Data for the purpose as set out in the applicable Statement of Work;
  2. (b). implement appropriate technical and organisational measures to protect against unauthorised or unlawful processing of Client Personal Data and against accidental loss or destruction of, or damage to, Client Personal Data, which the Client has reviewed and confirms are appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures;
  3. (c). ensure that any personnel engaged and authorised by the Supplier to process Client Personal Data have committed themselves to confidentiality or are under an appropriate statutory or common law obligation of confidentiality;
  4. (d). assist the Client insofar as this is possible (taking into account the nature of the processing and the information available to the Supplier), and at the Client's cost and written request, in responding to any request from a data subject and in ensuring the Client's compliance with its obligations under Applicable Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators;
  5. (e). notify the Client without undue delay on becoming aware of a personal data breach involving the Client Personal Data;
  6. (f). at the written direction of the Client, delete or return Client Personal Data and copies thereof to the Client on termination of this Agreement unless the Supplier is required by Applicable Laws to continue to process that Client Personal Data. For the purposes of this Clause 2.6(f) Client Personal Data shall be considered deleted where it is put beyond further use by the Supplier; and
  7. (g). maintain records to demonstrate its compliance with these provisions and allow for reasonable audits by the Client or the Client's designated auditor, for this purpose, on reasonable written notice.
  1. 2.7 The Client hereby provides its prior, general authorisation for the Supplier to:
  1. (a). appoint processors to process the Client Personal Data, provided that the Supplier:
  1. (i) shall ensure that the terms on which it appoints such processors comply with Applicable Data Protection Legislation, and are consistent with the obligations imposed on the Supplier in these provisions;
  2. (ii) shall remain responsible for the acts and omission of any such processor as if they were the acts and omissions of the Supplier; and
  3. (iii) shall inform the Client of any intended changes concerning the addition or replacement of the processors, thereby giving the Client the opportunity to object to such changes provided that if the Client objects to the changes and cannot demonstrate, to the Supplier's reasonable satisfaction, that the objection is due to an actual or likely breach of Applicable Data Protection Legislation, the Client shall indemnify the Supplier for any losses, damages, costs (including legal fees) and expenses suffered by the Supplier in accommodating the objection;
  1. (b). transfer Client Personal Data outside of the UK as required to deliver the Services, provided that the Supplier shall ensure that all such transfers are effected in accordance with Applicable Data Protection Legislation. For these purposes, the Client shall promptly comply with any reasonable request of the Supplier, including any request to enter into standard data protection clauses adopted by the EU Commission from time to time (where the EU GDPR applies to the transfer) or adopted by the Information Commissioner’s Office (see section 114, DPA 2018) from time to time (where the UK GDPR applies to the transfer).