Data Processing Addendum
Please refer here to Value Squared's Data Processing Addendum
1.1 In this Data Processing Addendum:
(a) Applicable Data Protection Laws: means:
(i) To the extent the UK GDPR applies, the law of the United Kingdom or of a part of the United Kingdom which relates to the protection of personal data.
(ii) To the extent the EU GDPR applies, the law of the law of the European Union or any member state of the European Union to which the Supplier is subject, which relates to the protection of personal data.
(b) UK GDPR: has the meaning given to it in section 3(10) (as supplemented by section 205(4)) of the Data Protection Act 2018.
(c) EU GDPR: means the General Data Protection Regulation ((EU) 2016/679), as it has effect in EU law.
1.2 In this Data Processing Addendum, the terms controller, processor, data subject, personal data, personal data breachand processing shall have the meaning given to them in the UK GDPR.
1.3 Both parties will comply with all applicable requirements of the Applicable Data Protection Laws. The parties have determined that for the purposes of Applicable Data Protection Laws we shall process the personal data as set out in the Schedule.
1.4 You consent to (and shall procure all required consents, from your personnel, representatives and agents, in respect of) all actions taken by us in connection with the processing of your personal data, provided these are in line with the activities set out in the schedule to this Data Processing Addendum.
1.5 Without prejudice to clause 1.3, you will ensure that you have all necessary appropriate consents and notices in place to enable lawful transfer of your personal data and lawful collection of the same by us for the duration and purposes of this agreement.
1.6 The schedule to this Addendum sets out the scope, nature and purpose of processing by us, the duration of the processing and the types of personal data and categories of data subject.
1.7 We shall:
(a) process your personal data only the purposes set out in the schedule or otherwise agreed with you unless we are required by Applicable Laws to otherwise process that Customer Personal Data (Purpose);
(b) implement the appropriate technical and organisational measures to protect against unauthorised or unlawful processing of your personal data and against accidental loss or destruction of, or damage to it, having regard to the state of technological development and the cost of implementing any measures;
(c) ensure that any personnel engaged and authorised by us to process your personal data has committed themselves to confidentiality or are under an appropriate statutory or common law obligation of confidentiality;
(d) assist you insofar as this is possible (taking into account the nature of the processing and the information available to us), and at your cost and written request, in responding to any request from a data subject and in ensuring your compliance with your obligations under Applicable Data Protection Laws with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators;
(e) notify you without undue delay on becoming aware of a personal data breach involving your personal data;
(f) at the written direction of you, delete or return your personal data and copies thereof to you on termination of the agreement unless we are required by Applicable Law to continue to process that personal data.
1.8 You provide your prior, general authorisation for us to:
(a) appoint processors to process the personal data, provided that we:
(i) shall ensure that the terms on which we appoint such processors comply with Applicable Data Protection Laws, and are consistent with the obligations imposed on us in this Data Processing Addendum;
(ii) shall remain responsible for the acts and omission of any such processor as if they were the acts and omissions of us; and
(iii) shall inform you of any intended changes concerning the addition or replacement of the processors.
(b) transfer your personal data outside of the UK as required for the Purpose, provided that we shall ensure that all such transfers are effected in accordance with Applicable Data Protection Laws. For these purposes, the Customer shall promptly comply with any reasonable request of the Supplier, including any request to enter into standard data protection clauses adopted by the EU Commission from time to time (where the EU GDPR applies to the transfer) or adopted by the Commissioner from time to time (where the UK GDPR applies to the transfer).
Schedule
How we process your personal data
1. We collect data from your employees and team members to understand their views on your business, ways of working and structure to help us make recommendations to help improve your business and allow your people to thrive.
2. The data we collect can include:
a. Full name
b. email address
c. job role
d. duration of time at company
e. views on the company and colleagues; and
f. hopes and expectations for role and the company.
3. We typically collect this information via online surveys e.g. Google forms, and will typically process it in report form so we can present our findings back to the company and facilitate discussion.
4. We will only process personal data for the duration of the services we provide to you and will keep the data for a period of 3 months after we finish a project in case you re-engage us for further work.
Please contact sam@valuesquared.io if you require further information.