1. Roles

​

For the purposes of applicable data protection law:

​

• The Client is the Data Controller

• The Company is the Data Processor

​

2. Scope of Processing

​

The Company shall process personal data solely for the purpose of delivering agreed services.

​

3. Nature of Data

​

Processing may include personal data relating to:

​

• Employees

• Customers

• Business operations

​

4. Processor Obligations

​

The Company shall:

​

• Process data only on documented instructions from the Client

• Ensure confidentiality of personnel

• Implement appropriate technical and organisational measures

• Not process data for its own purposes

​

5. Sub-Processing

​

The Company may engage sub-processors where necessary, provided that appropriate safeguards and contractual protections are in place.

​

6. International Transfers

​

Where data is transferred outside the UK, appropriate safeguards shall be implemented in accordance with applicable law.

 

7. Data Subject Rights

​

The Company shall provide reasonable assistance to enable the Client to comply with data subject rights.

 

8. Data Breach

​

The Company shall notify the Client without undue delay upon becoming aware of a personal data breach.

 

9. Audit

​

Any audit requests shall be reasonable and proportionate and must not disrupt normal business operations.

 

10. Liability

​

All liability arising under this Agreement shall be governed by the Company’s Terms & Conditions of Service.

 

11. Limitation & Hierarchy

​

This Agreement shall be read in conjunction with the Company’s Terms & Conditions. In the event of conflict, the Terms & Conditions shall prevail.

​

12. Governing Law

​

This Agreement shall be governed by the laws of England and Wales.