DATA PROCESSING AGREEMENT
monetizelab.com is committed to the correct processing of data and has created
the following Data Processing Agreement in accordance to the applicable Data
Protection Laws. Please be aware the following agreement will hear on be known
as Schedule 1.
(1) DEFINITIONS
“Data Controller” Has the meaning given to ‘Data Controller’, or
‘Controller’ as appropriate, in the Data Protection Laws;
“Data Breach” Means a breach of security leading to the accidental or unlawful destruction,
loss, alteration, unauthorised disclosure of, or access to, Personal Data
transmitted, stored or otherwise processed;
“Data Processor” Has the meaning given to ‘Data Processor’, or ‘Processor’ as
appropriate, in the Data Protection Laws;
“Data Protection Laws” Means any and all laws, statutes, enactments, orders or
regulations or other similar instruments of general application and any other
rules, instruments or provisions in force from time to time relating to the
processing of personal data and privacy applicable to the performance of this
Agreement, including where applicable the Data Protection Act 1998, the Data
Protection Bill, the Regulation of Investigatory Powers Act 2000, the Privacy
and Electronic Communications (EC Directive) Regulations 2003 (SI 2426/2003)
and the GDPR (Regulation (EU) 2016/679), as amended or superseded;
“GDPR” Means Regulation (EU) 2016/679 of the European Parliament and of the
Council of 27 April 2016 on the protection of natural persons with regard to
the processing of personal data and on the free movement of such data, and
repealing directive 95/46/EC as updated, superseded or repealed from the time
to time;
“Personal Data” Has the meaning given in the Data Protection Laws.
(2) DATA PROCESSING
2.1 Each Party shall comply with its obligations as a Data Controller or
Processor under the applicable Data Protection Laws.
2.2 If it is found that the Publisher, pursuant to this Agreement, processes
Personal Data on behalf of monetizelab.com , the Publisher acknowledges that
monetizelab.com is the Data Processor , and that the Publisher is the Data
Controler.
2.3 In the event that clause 2.2 applies, the Data Processor shall comply with
its obligations under applicable Data Protection laws and as set out in this
Schedule I.
(3) COMPLIANCE WITH DATA PROTECTION LAWS
3.1 The Data Processor warrants that it has complied, and shall continue to
comply, with the requirements of the applicable Data Protection Laws and all
other data protection legislation in any jurisdiction relevant to the exercise
of its rights or the performance of its obligations under this Agreement.
(4) DATA CONTROLLER OBLIGATIONS
4.1 In respect of any Personal Data to be processed by the Data Controller
pursuant to this Agreement, the Data Controller shall:
4.1.1 have in place and at all times maintain appropriate technical and
organizational measures in such a manner as is designed to ensure the
protection of the rights of the data subject and to ensure a level of security
appropriate to the risk and shall implement any reasonable security measures as
requested by monetizelab.com from time to time;
4.1.2 not engage any sub-controllers without the prior specific or general
written authorisation of monetizelab.com (and in the case of general written
authorisation; the Data Controller shall inform monetizelab.com of any intended
changes concerning the addition or replacement of other controller and
monetizelab.com shall have the right to object to such changes);
4.1.3 ensure that each of the Data Controller’s employees, agents, consultants,
subcontractors and sub-controllers are made aware of the Data Processor’s
obligations under this Schedule I and enter into binding obligations with the
Data Processor to maintain the levels of security and protection required under
this Schedule I. The Data Controller shall ensure that the terms of this
Schedule I are incorporated into each agreement with any sub-controller,
subcontractor, agent or consultant to the effect that the sub-controller,
subcontractor, agent or consultant shall be obligated to act at all times in
accordance with duties and obligations of the Data controller under this
Schedule I. The Data Controller shall at all times be and remain liable to
monetizelab.com for any failure of any employee, agent, consultant,
subcontractor or sub-controller to act in accordance with the duties and
obligations of the Data Processor under this Schedule I;
4.1.4 process that Personal Data only on behalf of monetizelab.com in
accordance with monetizelab.com instructions and to perform its obligations
under this Agreement or other documented instructions from monetizelab.com and
for no other purpose save to the limited extent required by law;
4.1.5 ensure that all persons authorised to access the Personal Data are
subject to obligations of confidentiality and receive training to ensure
compliance with this Agreement and the Data Protection Laws;
4.1.6 make available to monetizelab.com all information necessary to
demonstrate compliance with the obligations laid out in Article 28 of GDPR and
this Schedule I and allow for and contribute to audits, including inspections,
conducted by monetizelab.com or another auditor mandated by monetizelab.com, of
the Data Controller’s data processing facilities, procedures and documentation
(and the facilities, procedures and documentation of any sub-Controller) in
order to ascertain compliance with Article 28 GDPR and this Schedule I, within
5 working days of request by monetizelab.com , and, following any such audit,
without prejudice to any other rights of monetizelab.com , the Data Controller
shall implement such measures which monetizelab.com considers reasonably
necessary to achieve compliance with the Data Controller’s obligations under
this Schedule I; provided that, in respect of this provision the Data
Controller shall imtely inform monetizelab.com if, in its opinion, an
instruction infringes Data Protection Laws;
4.1.7 taking into account the nature of the processing, provide assistance to
monetizelab.com “ “, within such timescales as monetizelab.com “ “ may require
from time to time, at no charge to monetizelab.com , in connection with the
fulfilment of the monetizelab.com obligation as Data Processor to respond to
requests for the exercise of data subjects’ rights pursuant to Chapter III of
the GDPR to the extent applicable;
4.1.8 provide monetizelab.com with assistance in ensuring compliance with
articles 32 to 36 (inclusive) of the GDPR (concerning security of processing,
data breach notification, communication of a personal data breach to the data
subject, data protection impact assessments, and prior consultation with
supervisory authorities) to the extent applicable to monetizelab.com, taking
into account the nature of the processing and the information available to the
Data Controller;
4.1.9 (at no additional cost to monetizelab.com ) deal promptly and properly
with all enquiries or requests from monetizelab.com relating to the Personal
Data and the data processing activities, promptly provide to monetizelab.com in
such form as monetizelab.com may request, a copy of any Personal Data requested
by monetizelab.com;
4.1.10(at no additional cost to monetizelab.com) assist monetizelab.com (where
requested by monetizelab.com ) in connection with any regulatory or law enforcement
authority audit, investigation or enforcement action in respect of the Personal
Data;
4.1.11 imtely notify monetizelab.com in writing about:
(a) any Data Breach or any accidental loss, disclosure or unauthorised access
of which the Data Controller becomes aware in respect of Personal Data that it
Controlled on behalf of monetizelab.com;
(b) any request for disclosure of the Personal Data by a law enforcement
authority (unless otherwise prohibited);
(c) any access request or complaint received directly from a data subject.
It being accepted by the Data Processor that:
(d)the Data Controller remains responsible for any complaints or claims made by
Data Subjects, third parties or any regulatory or law enforcement authority to
the extent such complaints or claims are the result of an infringement of Data
Protection Laws by the Data Controller.
4.1.12 maintain a record of its processing activities in accordance with
Article 30 of the GDPR.
4.1.13 indemnify monetizelab.com against all liabilities, claims, costs,
expenses, damages and losses (including any direct, indirect or consequential
losses, loss of profit, loss of reputation and all interest, penalties and
legal and other professional costs and expenses) suffered or incurred by
monetizelab.com or for which it may become liable as a result of or in
connection with any failure of the Data Controller, its employees, agents,
consultants, subcontractors or sub-controller’s to comply with this Schedule I.
4.2 monetizelab.com reserves the right to take legal action for any damages
(financial or reputational) and the Data Controller shall indemnify
monetizelab.com and its clients in respect of any fines, damages or complaints
made to us as a result of the Data Controller’s use of personal data.
4.3 Notwithstanding anything to the contrary set out in this Agreement, to the
extent that there is any duplication or conflict between definitions or clauses
used in the Agreement and this Schedule I, the definitions and clauses set out
in this Schedule I will apply and take precedence. In all other respects the
Agreement shall continue to be in effect.
(5) INTERNATIONAL DATA TRANSFERS
5.1 In respect of any Personal Data to be processed by a party acting as
Data Controller pursuant to this Agreement for which the other party is Data
Processor, the Data Controller shall not transfer the Personal Data outside the
EEA or to an international organisation without:
5.1.1 obtaining the written permission of the Data Processor;
5.1.2 ensuring appropriate levels of protection, including any appropriate
safeguards if required, are in place for the Personal Data in accordance with
the Data Protection Laws;
5.1.3 notifying the Data Processor of the protections and appropriate
safeguards in paragraph 5.1.2 above;
5.1.4 documenting and evidencing the protections and appropriate safeguards in
paragraph 5.1.2 above and allowing the Data Processor access to any relevant
documents and evidence.
(6) DETAILS OF PROCESSING ACTIVITIES
6.1. As required by Article 28 of the GDPR if at any point you will be
processing data on behalf of the Data Processor, please specify this to the
Data Processor and they will pass you the relevant pre due diligence questions
before moving forward this this activity.
January 2019