Subscribe
Log in

Subscribe
Log in

DATA PROCESSOR SCHEDULE

This Data Processor Schedule forms part of the agreement entered into between PGML and the Client (“Agreement”). This Data Processor Schedule is not intended to act as a stand-alone agreement.

1. DEFINITIONS AND INTERPRETATION

1.1 The definitions used in the term and conditions of the Agreement apply to this data protection addendum.

1.2 If this Data Processor Schedule applies then in the event of any conflict between the terms of the Agreement and this Data Processor Schedule, the Data Processor Schedule shall prevail.

2. DATA PROTECTION

2.1 Both parties will comply with all applicable requirements of the Applicable Data Protection Laws. This data protection addendum is in addition to, and does not relieve, remove or replace, a party’s obligations or rights under the Applicable Data Protection Laws.

2.2 Where this Data Processor Schedule applies, the parties acknowledge that for the purposes of the Applicable Data Protection Laws, the Client is the Controller and PGML is the Processor. Clause 3 to this data protection addendum sets out the scope, nature and purpose of processing by PGML, the duration of the processing and the types of personal data and categories of data subject.

2.3 Without prejudice to the generality of clause 2.1, the Client will ensure that it has all necessary appropriate consents and notices in place to enable lawful transfer of the personal data to PGML and/or lawful collection of the personal data by PGML on behalf of the Client for the duration and purposes of the Agreement.

2.4 Without prejudice to the generality of clause 2.1, PGML shall, in relation to any personal data processed in connection with the performance by PGML of its obligations under the Agreement:

(a) process that personal data only on the documented written instructions of the Client (including as is set out within the Agreement) unless PGML is required by Applicable Laws to otherwise process that personal data. Where PGML is relying on Applicable Laws as the basis for processing personal data, PGML shall promptly notify the Client of this before performing the processing required by the Applicable Laws unless those Applicable Laws prohibit PGML from so notifying the Client;

(b) ensure that it has in place appropriate technical and organisational measures, reviewed and approved by the Client, to protect against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting personal data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to personal data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it);

(c) ensure that all personnel who have access to and/or process personal data are obliged to keep the personal data confidential; and

(d) not transfer any personal data outside of the UK or the European Economic Area unless the prior written consent of the Client has been obtained (other than for transfers to PGML’s overseas Affiliates which the Client hereby consents to) and the following conditions are fulfilled:

(i) the Client or PGML has provided appropriate safeguards in relation to the transfer;

(ii) the data subject has enforceable rights and effective legal remedies;

(iii) PGML complies with its obligations under the Applicable Data Protection Laws by providing an adequate level of protection to any personal data that is transferred; and

(iv) PGML complies with reasonable instructions notified to it in advance by the Client with respect to the processing of the personal data.

(e) assist the Client, at the Client’s cost, in responding to any request from a data subject and in ensuring compliance with its obligations under the Applicable Data Protection Laws with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators;

(f) notify the Client without undue delay on becoming aware of a personal data breach;

(g) at the written direction of the Client, delete or return personal data and copies thereof to the Client on termination of the Agreement unless required by Applicable Laws to store the personal data; and

(h) maintain complete and accurate records and information to demonstrate its compliance with this Data Processor Schedule and allow for audits of the same by the Client or the Client’s designated auditor and immediately inform the Client if, in the opinion of PGML, an instruction infringes the Applicable Data Protection Laws.

2.5 The Client consents to PGML appointing third-party processors of personal data under the Agreement. PGML confirms that it has entered or (as the case may be) will enter with any such third-party processor into a written agreement incorporating terms which are substantially similar to those set out in this data protection addendum and in either case which the Supplier undertakes reflect and will continue to reflect the requirements of the Applicable Data Protection Laws. As between the Client and PGML, PGML shall remain fully liable for all acts or omissions of any third-party processor appointed by it pursuant to this clause 2.5.

3. PROCESSING PARTICULARS

ScopePGML may act as a data processor of the Client when: 1. Obtaining the personal details of the Authorised Users or any employee or contractor of the Client who acts as an administrator in respect of the Services; 2. Setting up Authorised Users with accounts and providing the Authorised Users with access to the Services; and 3. Providing customer support to any Authorised Users and/or the Client, as may be applicable.
NatureWhere PGML is acting as a service provider of the Client.
Purpose of processingTo enable PGML, to provide the Services pursuant to the terms of this agreement, to permit the Authorised Users to access the Services and to administer, update and improve the Services.
Duration of the processingDuring the Term.
Types of Personal DataFirst name, surnames, title, job title, email address, postal address, telephone number.
Categories of Data SubjectEmployees, contractors and directors of the Client (and, where applicable, Affiliates of the Client).