Data Processing

Data Processing Insight: Learn how we handle your information responsibly. Our commitment to data security and privacy is unwavering. Explore details on data processing. #DataProcessing

Data Processing Information

The PARTIES: Clients of the platform referred to as "the client".

and

Silverfish CSR Limited (Company number: 08726657) registered in England with offices at Silverfish CSR Limited in the United Kingdom referred to as "the Processor",

hereinafter also individually referred to as a "Party" and collectively as "the Parties",

CONSIDERING THAT:

"THE CLIENT" receives services and/or products from the Processor (hereinafter referred to as the "Agreement");
Under the Agreement, the Processor Processes Personal Data on behalf of and under instruction from "THE CLIENT";
Under the Applicable Privacy Legislation, "THE CLIENT" is the "Data Controller" (the party with responsibility for the Processing) and the Processor is the processor of that Personal Data;
The Parties to this agreement (hereinafter the "Data Processing Agreement"), having regard to the provisions of Article 28, paragraph 3 of the General Data Protection Regulation (GDPR), wish to make further arrangements with regard to the Processing of Personal Data by the Processor in performance of the Agreement, and that this Data Processing Agreement is a schedule of and forms part of the Agreement.

Definitions

Applicable Laws:

a) To the extent the UK GDPR applies, the law of the United Kingdom or of a part of the United Kingdom.
b) To the extent EU GDPR applies, the law of the European Union or any member state of the European Union to which Silverfish CSR is subject.

Applicable Data Protection Laws:

a) To the extent the UK GDPR applies, the law of the United Kingdom or of a part of the United Kingdom which relates to the protection of personal data.
b) To the extent the EU GDPR applies, the law of the European Union or any member state of the European Union to which Silverfish CSR is subject, which relates to the protection of personal data.

EU GDPR: the General Data Protection Regulation ((EU) 2016/679).

Purpose: the purposes for which the User Personal Data is processed, as set out in paragraph 1.8(a).

Silverfish Personal Data: any personal data which Silverfish CSR processes in connection with these Terms in the capacity of a controller.

User Personal Data: any personal data which Silverfish CSR processes in connection with these Terms, in the capacity of a processor on your behalf.

UK GDPR: has the meaning given to it in the Data Protection Act 2018.

1. Data Protection

1.1 For the purposes of this paragraph 1, the terms controller, processor, data subject, personal data, personal data breach and processing shall have the meaning given to them in the UK GDPR.
1.2 Both parties will comply with all applicable requirements of Applicable Data Protection Laws. This paragraph 1 is in addition to, and does not relieve, remove or replace, a party's obligations or rights under Applicable Data Protection Laws.
1.3 The parties have determined that, for the purposes of Applicable Data Protection Laws:
- (a) Silverfish CSR shall act as controller in respect of the personal data and processing activities set out in Part 1 of Appendix 1 to this Annex; and
- (b) Silverfish CSR shall process the personal data set out in Part 2 of Appendix 1 to this Annex, as a processor on your behalf in respect of the processing activities set out in Part 2 of Appendix 1 to this Annex.

AGREE AS FOLLOWS:

Appendix 1: Role of the Parties

Part 1: Where Silverfish CSR acts as a controller: In connection with any and all personal data collected from End Users when creating an account to access and use Silverfish CSR, subscribe to any electronic marketing messages and/or in connection with any and all information collected via the placement of cookies and other similar technology services.
Part 2: Where Silverfish CSR acts as a processor: In connection with any and all personal data inputted by you into Silverfish CSR and/or otherwise provided to Silverfish CSR with written instructions on how Silverfish CSR should handle and process such personal data.

Appendix 2: Particulars of the processing

1. Particulars of processing:

1.1 Scope and Nature: For the purposes of Silverfish CSR fulfilling its obligations under these Terms.
1.2 Purpose of processing: For the purposes of Silverfish CSR fulfilling its obligations under these Terms.
1.3 Duration of the processing: For the Term.

2. Types of Personal Data: As set out in Silverfish CSR's Privacy and Cookies Policy.

3. Categories of Data Subject: Clients and End Users (each as defined in the Terms).

Appendix 3: Contact persons (and substitutes)

Processor	Name and position	Telephone numbers	Extra information including email address
Contact person	Laura DA SILVA GOMES	+44 75 26 77 31 00	laura@silverfish.fr
Substitute 1	Support		hello@digitalrg.com

Data Processing

Data Processing Information

CONSIDERING THAT:

Definitions

1. Data Protection

AGREE AS FOLLOWS:

1. Definitions

2. The objective of this Data Processing Agreement

3. Access to Personal Data and confidentiality

4. Security measures

5. Data Breaches

6. Audit and compliance

7. Investigation by a supervisory authority

8. Cooperation with questions, requests and complaints

9. Retention periods, the return/destruction of Personal Data

10. Indemnification

11. Transfer to a Non Recognised Country

12. Obligation to renegotiate terms

13. Duration and termination

14. Applicable law and jurisdiction

Appendix 1: Role of the Parties

Appendix 2: Particulars of the processing

Appendix 3: Contact persons (and substitutes)