Data Processing

Data Processing Insight: Learn how we handle your information responsibly. Our commitment to data security and privacy is unwavering. Explore details on data processing. #DataProcessing

Data Processing Information

The PARTIES: Clients of the platform referred to as “the client”.

and

Silverfish CSR Limited (Company number: 08726657) registered in England with offices at Silverfish CSR Limited in the United Kingdom referred to as "the Processor",

hereinafter also individually referred to as a "Party" and collectively as “the Parties",

CONSIDERING THAT:
  1. “THE CLIENT” receives services and/or products from the Processor (hereinafter referred to as the "Agreement");
  2. Under the Agreement, the Processor Processes Personal Data on behalf of and under instruction from “THE CLIENT”;
  3. Under the Applicable Privacy Legislation, “THE CLIENT” is the “Data Controller” (the party with responsibility for the Processing) and the Processor is the processor of that Personal Data;
  4. The Parties to this agreement (hereinafter the "Data Processing Agreement"), having regard to the provisions of Article 28, paragraph 3 of the General Data Protection Regulation (GDPR), wish to make further arrangements with regard to the Processing of Personal Data by the Processor in performance of the Agreement, and that this Data Processing Agreement is a schedule of and forms part of the Agreement.

Definitions

Applicable Laws: means:

  • a) To the extent the UK GDPR applies, the law of the United Kingdom or of a part of the United Kingdom.
  • b) To the extent EU GDPR applies, the law of the European Union or any member state of the European Union to which Silverfish CSR Ltd is subject.

Applicable Data Protection Laws: means:

  • a) To the extent the UK GDPR applies, the law of the United Kingdom or of a part of the United Kingdom which relates to the protection of personal data.
  • b) To the extent the EU GDPR applies, the law of the European Union or any member state of the European Union to which Silverfish CSR Ltd is subject, which relates to the protection of personal data.

EU GDPR: the General Data Protection Regulation ((EU) 2016/679).

Purpose: the purposes for which the User Personal Data is processed, as set out in paragraph 1.8(a).

Silverfish Personal Data:any personal data which Silverfish CSR processes in connection with these Terms in the capacity of a controller.

User Personal Data:any personal data which Silverfish CSR processes in connection with these Terms, in the capacity of a processor on your behalf.

UK GDPR:has the meaning given to it in the Data Protection Act 2018.

1. Data Protection

  • 1.1 For the purposes of this paragraph 1, the terms controller, processor, data subject, personal data, personal data breach and processing shall have the meaning given to them in the UK GDPR.
  • 1.2 Both parties will comply with all applicable requirements of Applicable Data Protection Laws. This paragraph 1 is in addition to, and does not relieve, remove or replace, a party's obligations or rights under Applicable Data Protection Laws.
  • 1.3 The parties have determined that, for the purposes of Applicable Data Protection Laws:
    • (a) Silverfish CSR Ltd shall act as controller in respect of the personal data and processing activities set out in Part 1 of Appendix 1 to this Annex; and
    • (b) Silverfish CSR Ltd shall process the personal data set out in Part 2 of Appendix 1 to this Annex, as a processor on your behalf in respect of the processing activities set out in Part 2 of Appendix 1 to this Annex.
  • 1.4 Should the determination in paragraph 1.3 change, then each party shall work together in good faith to make any changes which are necessary to this paragraph 1 or the related Appendix.
  • 1.5 By entering into these Terms, you consent to (and shall procure all required consents, from your End Users, end users, personnel, representatives and/or agents, in respect of) all actions taken by Silverfish CSR Ltd in connection with the processing of Silverfish CSR Ltd Personal Data, provided these are in compliance with the then-current version of Silverfish CSR Ltd’s Privacy and Cookies Policy (as referenced in its T&Cs). In the event of any inconsistency or conflict between the terms of such policy and this Annex, the policy shall take precedence.
  • 1.6 Without prejudice to the generality of paragraph 1.2, you shall ensure that you have all necessary appropriate consents and notices in place to enable lawful transfer of the Silverfish CSR Ltd Personal Data and User Personal Data to Silverfish CSR Ltd and lawful collection of the same by Silverfish CSR Ltd during the Term for the purposes of these Terms.
  • 1.7 In relation to the User Personal Data, Appendix 2 of sets out the scope, nature and purpose of processing by Silverfish CSR Ltd, the duration of the processing and the types of personal data and categories of data subject.
  • 1.8 Without prejudice to the generality of paragraph 1.2 Silverfish CSR Ltdshall, in relation to User Personal Data:
    • (a) process that User Personal Data only on your documented instructions in accordance with these Terms, unless Silverfish CSR Ltd is required by Applicable Laws to otherwise process that User Personal Data. Where Silverfish CSR Ltd is relying on Applicable Laws as the basis for processing User Personal Data, Silverfish CSR Ltd shall notify you of this before performing the processing required by the Applicable Laws unless those Applicable Laws prohibit Silverfish CSR Ltd from so notifying you on important grounds of public interest. Silverfish CSR Ltd shall inform you if, in its opinion, your instructions infringe Applicable Data Protection Laws;
    • (b) implement appropriate technical and organisational measures to protect against unauthorised or unlawful processing of User Personal Data and against accidental loss or destruction of, or damage to, User Personal Data, which are appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures;
    • (c) ensure that any personnel engaged and authorised by Silverfish CSR Ltd to process User Personal Data have committed themselves to confidentiality or are under an appropriate statutory or common law obligation of confidentiality;
    • (d) assist you insofar as this is possible (taking into account the nature of the processing and the information available to Silverfish CSR Ltd ), and at your cost and written request, in responding to any request from a data subject and in ensuring your compliance with its obligations under Applicable Data Protection Laws with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators;
    • (e) notify you without undue delay on becoming aware of a personal data breach involving the User Personal Data;
    • (f) at your written direction, delete or return User Personal Data and copies thereof to you upon expiry or termination of these Terms unless Silverfish CSR Ltd is required by Applicable Law to continue to process that User Personal Data. For the purposes of this paragraph 1.8(f) User Personal Data shall be considered deleted where it is put beyond further use by the Supplier; and
    • (g) maintain records to demonstrate its compliance with this paragraph 1.8.
  • 1.9 You hereby provide your prior, general authorisation for Silverfish CSR Ltd to:
    • (a) appoint processors to process the User Personal Data, provided that Silverfish CSR Ltd:
      • (i) shall ensure that the terms on which it appoints such processors comply with Applicable Data Protection Laws, and are consistent with the obligations imposed on it under this paragraph 1;
      • (ii) shall remain responsible for the acts and omission of any such processor as if they were the acts and omissions of Silverfish CSR Ltd; and
      • (iii) shall inform you of any intended changes concerning the addition or replacement of the processors (such notice being by way of an update to its Privacy and Cookies Policy), thereby giving you the opportunity to object to such changes provided that if you object to the changes and cannot demonstrate, to Silverfish CSR Ltd ’s reasonable satisfaction, that the objection is due to an actual or likely breach of Applicable Data Protection Law, you shall indemnify Silverfish CSR Ltd for any losses, damages, costs (including legal fees) and expenses suffered by Silverfish CSR Ltd n accommodating the objection.
    • (b) transfer User Personal Data outside of the UK as required for the purpose of Silverfish CSR Ltd fulfilling its obligations under these Terms, provided that Silverfish CSR Ltd shall ensure that all such transfers are effected in accordance with Applicable Data Protection Laws. For these purposes, you shall promptly comply with any reasonable request of Silverfish CSR Ltd, including any request to enter into standard data protection clauses adopted by the EU Commission from time to time (where the EU GDPR applies to the transfer) or adopted by the UK Information Commissioner from time to time (where the UK GDPR applies to the transfer).
  • 1.10 Either party may, at any time on not less than 30 days' notice, revise this Annex by replacing it (in whole or part) with any applicable standard clauses approved by the EU Commission or the UK Information Commissioner's Office or forming part of an applicable certification scheme or code of conduct (“Amended Terms”). Such Amended Terms shall apply when replaced by attachment to these Terms, but only in respect of such matters which are within the scope of the Amended Terms.

AGREE AS FOLLOWS:

Appendix 1: Role of the Parties

  • Part 1: Where Silverfish CSR Ltd acts as a controller: In connection with any and all personal data collected from End Users when creating an account to access and use DigitalRG, subscribe to any electronic marketing messages and/or in connection with any and all information collected via the placement of cookies and other similar technology services.
  • Part 2: Where Silverfish CSR Ltd acts as a processor: In connection with any and all personal data inputted by you into DigitalRG and/or otherwise provided to Silverfish CSR Ltd with written instructions on how Silverfish CSR Ltd should handle and process such personal data.

Appendix 2: Particulars of the processing

1. Particulars of processing:

  • 1.1 Scope and Nature: For the purposes of Silverfish CSR Ltd fulfilling its obligations under these Terms.
  • 1.2 Purpose of processing: For the purposes of Silverfish CSR Ltd fulfilling its obligations under these Terms.
  • 1.3 Duration of the processing: For the Term.

2. Types of Personal Data: As set out in Silverfish CSR Ltd’s Privacy and Cookies Policy.

3. Categories of Data Subject: Clients and End Users (each as defined in the Terms).

Appendix 3 Contact persons (and substitutes)

Processor Name and position Telephone numbers Extra information including email address
Contact person Laura DA SILVA GOMES +44 75 26 77 31 00 laura@digitalrg.com
Substitute 1 Support hello@digitalrg.com