Data Processing Information
The PARTIES: Clients of the platform referred to as "the client".
and
Silverfish CSR Limited (Company number: 08726657) registered in England with offices at Silverfish CSR Limited in the United Kingdom referred to as "the Processor",
hereinafter also individually referred to as a "Party" and collectively as "the Parties",
CONSIDERING THAT:
- "THE CLIENT" receives services and/or products from the Processor (hereinafter referred to as the "Agreement");
- Under the Agreement, the Processor Processes Personal Data on behalf of and under instruction from "THE CLIENT";
- Under the Applicable Privacy Legislation, "THE CLIENT" is the "Data Controller" (the party with responsibility for the Processing) and the Processor is the processor of that Personal Data;
- The Parties to this agreement (hereinafter the "Data Processing Agreement"), having regard to the provisions of Article 28, paragraph 3 of the General Data Protection Regulation (GDPR), wish to make further arrangements with regard to the Processing of Personal Data by the Processor in performance of the Agreement, and that this Data Processing Agreement is a schedule of and forms part of the Agreement.
Definitions
Applicable Laws:
- a) To the extent the UK GDPR applies, the law of the United Kingdom or of a part of the United Kingdom.
- b) To the extent EU GDPR applies, the law of the European Union or any member state of the European Union to which Silverfish CSR is subject.
Applicable Data Protection Laws:
- a) To the extent the UK GDPR applies, the law of the United Kingdom or of a part of the United Kingdom which relates to the protection of personal data.
- b) To the extent the EU GDPR applies, the law of the European Union or any member state of the European Union to which Silverfish CSR is subject, which relates to the protection of personal data.
EU GDPR: the General Data Protection Regulation ((EU) 2016/679).
Purpose: the purposes for which the User Personal Data is processed, as set out in paragraph 1.8(a).
Silverfish Personal Data: any personal data which Silverfish CSR processes in connection with these Terms in the capacity of a controller.
User Personal Data: any personal data which Silverfish CSR processes in connection with these Terms, in the capacity of a processor on your behalf.
UK GDPR: has the meaning given to it in the Data Protection Act 2018.
1. Data Protection
- 1.1 For the purposes of this paragraph 1, the terms controller, processor, data subject, personal data, personal data breach and processing shall have the meaning given to them in the UK GDPR.
- 1.2 Both parties will comply with all applicable requirements of Applicable Data Protection Laws. This paragraph 1 is in addition to, and does not relieve, remove or replace, a party's obligations or rights under Applicable Data Protection Laws.
- 1.3 The parties have determined that, for the purposes of Applicable Data Protection Laws:
- (a) Silverfish CSR shall act as controller in respect of the personal data and processing activities set out in Part 1 of Appendix 1 to this Annex; and
- (b) Silverfish CSR shall process the personal data set out in Part 2 of Appendix 1 to this Annex, as a processor on your behalf in respect of the processing activities set out in Part 2 of Appendix 1 to this Annex.
AGREE AS FOLLOWS: