2112 Leaflet Distribution GDPR Statement
1. Definitions
Data Protection Legislation: up to but excluding 25 May 2018, the Data Protection Act 1998 and thereafter (a) unless and until the GDPR is no longer directly applicable in the United Kingdom, the GDPR and any national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the United Kingdom and then (b) any successor legislation to the GDPR or the Data Protection Act 1998.
GDPR: The General Data Protection Regulation (Regulation (EU) 2016/679).
Client: Any business or individual who commissions the Company to carry out any work for them.
Contract: Is the terms and conditions set out in our Terms & Conditions and/or Terms of Engagement relating to the Project.
Sub-Contractor: Any person or company engaged by the Company to work on a Project.
Project: Any work being undertaken by the Company on behalf of the Client.
Company: 2112 Direct Marketing Ltd., Company number SC352956.
2. Both the Client and the Company shall comply with all applicable requirements of the Data Protection Legislation. This paragraph 1.2 is in addition to, and does not relieve, remove or replace, either the Client’s or the Company’s obligations under the Data Protection Legislation.
3. Both the Client and the Company acknowledge that for the purposes of the Data Protection Legislation, you are the data controller and we are the data processor (where controller and processor are as defined in the Data Protection Legislation).
4. Set out below is a summary of the specific processing activities to be undertaken by the Company in connection with a Contract in relation to personal data (where processing and personal data are as defined in the Data Protection Legislation):
4.1 Subject matter of the processing: the performance by the Company of the Services pursuant to a Contract.
4.2 Duration of the processing: the duration of a Contract and/or as required by the Data Protection Legislation and/or other Applicable Law (as defined below).
4.3 Nature of the processing: such activities as shall be comprised within the Services which the Company is engaged by the Client to perform.
4.4 Purpose of the processing: the provision by the Company of the Services which the Company is engaged by the Client to perform.
4.5 Type(s) of personal data processed: as determined and controlled by the Client in the Clients sole discretion, and which may include, but is not limited to the following categories of personal data: name, street address, email address and telephone number(s).
4.6 Categories of data subjects (as defined in the Data Protection Legislation) whose personal data will be processed: as determined and controlled by the Client at the Clients sole discretion, and which may include, but is not limited to the following categories of data subjects:
4.6.1 The Client’s prospects, customers, business partners and vendors (who are natural persons);
4.6.2 Officers, employees, agents, advisors and sub-contractors of the Client’s prospects, customers, business partners and vendors; and
4.6.3 The Client’s officers, employees, agents, advisors and sub-contractors.
5. Without prejudice to the generality of section 2, the Client shall ensure that they have all necessary appropriate consents and notices in place to enable lawful transfer of any relevant personal data to the Company for the duration and purposes of a Contract.
6. Without prejudice to the generality of paragraph 2, the Company shall, in relation to any personal data processed in connection with the performance by the Company of their obligations under the Contract:
6.1 Process that personal data only on the Client’s written instructions unless the Company are required by the laws of any member of the European Union or by the laws of the European Union applicable to the Company to process personal data (Applicable Laws). Where the Company are relying on laws of a member of the European Union or European Union law as the basis for processing personal data, the Company shall promptly notify the Client of this before performing the processing required by the Applicable Laws unless those Applicable Laws prohibit the Company from so notifying the Client;
6.2. Ensure that the Company have in place appropriate technical and organisational measures to protect against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, encrypting personal data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to personal data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by the Company or by a Sub-Contractor where used);
6.3 Ensure that all personnel who have access to and/or process personal data are obliged to keep the personal data confidential;
6.4 Not transfer any personal data outside of the European Economic Area without the prior written consent of the Client and the following conditions are fulfilled:
6.4.1 The Client and/or the Company (as appropriate) have provided appropriate safeguards in relation to the transfer;
6.4.2 The data subject has enforceable rights and effective legal remedies;
6.4.3 The Company comply with their obligations under the Data Protection Legislation by providing an adequate level of protection to any personal data that is transferred; and
6.4.4 The Company comply with reasonable instructions notified to the Company in advance by the Client with respect to the processing of the personal data;
6.5 Assist the Client, at their expense, in responding to any request from a data subject and in ensuring compliance with the Client’s obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators;
6.6 Notify the Client without undue delay on becoming aware of a personal data breach;
6.7 At the Client’s written direction, delete or return personal data and copies thereof to the Client on termination of the Contract unless required by the Data Protection Legislation and/or other Applicable Law to store the personal data; and
6.8 Maintain complete and accurate records and information to demonstrate the Company’s compliance with this paragraph 6.