Data Processing Agreement

This Data Processing Agreement (the “DPA”) forms an Annex to the Terms and Conditions (the “Terms”) between you as the customer (the “Customer”) and HandleData.io ("Handle Data").

Handle Data and the Customer are jointly referred to as the “Parties”.

The definitions of capitalized terms included in the Terms shall also apply in this DPA, unless otherwise specifically stated herein. This DPA is intended to ensure mutual compliance by Handle Data and the Customer with applicable legislation concerning privacy and data protection, and to guarantee an appropriate level of protection of personal data.

Scope and Purpose of Processing

The data, which may be processed and submitted during the course of the Customers use of the Site and subsequently passed to the Customer (the “Customer Data”), may contain personal data. In principle, the Customer is responsible for determining the purpose and means for the processing of such personal data. Therefore, the Customer shall be regarded as the “Controller” of personal data, as defined in European privacy legislation. Handle Data shall be regarded as the Customer’s “Processor”. Handle Data undertakes to process Customer Data solely to provide and improve the Site and the Service for the Customer.

Whenever required, the informed consent from the data subjects affected by the use of the Service shall be obtained, normally by means of acceptance of a privacy policy.

Division of responsibility

Under this DPA, Handle Data is solely responsible for its processing of personal data as a part of delivering the Service to the Customer in accordance with the Customer’s instructions and under the express (final) responsibility of the Customer. The Customer is responsible for acquiring any opt-in permission from the data subjects as may be required pursuant to applicable privacy legislation.

Place of processing

Handle Data may process the personal data in countries within the European Union. In addition, Handle Data may also transfer the personal data to a country outside the European Union, if the European Commission has formally determined that the country in question guarantees an adequate personal data protection level , or if the so-called ‘model clauses’, created for this purpose by the European Commission, are used.

Security Measures

Handle Data will continuously implement and update adequate technical and organisational security measures to prevent loss and unlawful processing of personal data, given the state of the art, the sensitivity of the personal data and the costs related to the security measures. Handle Data cannot guarantee, however, that the security measures will be effective under all circumstances.

Login Details

Both Parties shall exercise proper care with respect to the user login details, in order to avoid unauthorized access to and use of the Site and the Service, and any Customer Data.

Obligation to notify of security breaches

In case Handle Data becomes aware of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Data, and such breach is likely to materially affect the Customer, Handle Data shall promptly inform the Customer hereof. Handle Data shall also have the right to inform any data subject adversely affected by the breach directly, as well as any competent authority, if Handle Data in good faith understands this to be its legal or moral obligation.

Customer Data Retention Team

The Customer Data is stored for as long as necessary to provide the Service and its features to the Customer and its Authorized Users. Customer Data will be deleted [6] months after expiry or termination of the relevant account with Handle Data . The Customer may request the Customer Data of an expired account with Handle Data to be deleted before the regular retention term for the Customer Data has expired.

Term and Termination

This DPA shall come into effect at the same time as the Terms. This DPA shall remain in force until the Terms have expired or been terminated, and Handle Data no longer is in the possession of the Customer’s Customer Data.

Contact

Individuals from the EU may contact our EU representative according to Art. 27 GDPR regarding all requests related to data protection and privacy:

Email us at: support@handledata.io

Write to us at:

3 Trinity House
Bullace Lane
Dartford
Kent