Back to Home | Previous Page

Part D: Data Protection

D.1. DEFINITIONS

Applicable Law means:

  1. any law, statute, regulation, byelaw or subordinate legislation in force from time to time to which a party is subject and/or in any jurisdiction that the Services are provided to or in respect of;
  2. the common law and laws of equity as applicable to the Parties from time to time;
  3. any binding court order, judgment or decree;
  4. any applicable direction, policy, rule or order that is binding on a party and that is made or given by any regulatory body having jurisdiction over a party or any of that Party’s assets, resources or business;

Data Controller: has the meaning given to that term (or to the term ‘controller’) in Data Protection Legislation;

Data Processor: has the meaning given to that term (or to the term ‘processor’) in Data Protection Legislation;

Data Protection Legislation: means any Applicable Law in the UK relating to the processing, privacy, and use of Personal Data, as applicable to the Customer, Cloudview UK and/or these Terms, including:

  1. in the United Kingdom:
    1. the Data Protection Act 1998 and the Privacy and Electronic Communications (EC Directive) Regulations 2003, SI 2003/2426, and any laws or regulations implementing or replacing Directive 95/46/EC (Data Protection Directive) or Directive 2002/58/EC (ePrivacy Directive); and/or
    2. the General Data Protection Regulation (EU) 2016/679 (GDPR), and/or any corresponding or equivalent national laws or regulations; and
  2. any judicial or administrative interpretation of any of the above, any guidance, guidelines, codes of practice, approved codes of conduct or approved certification mechanisms issued by any relevant Supervisory Authority;

Data Subject: has the meaning given to that term in Data Protection Legislation;

Personal Data: has the meaning given to that term in the Data Protection Legislation;

Personal Data Breach: means any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, any Personal Data;

processing: has the meanings given to that term in the Data Protection Legislation (and related terms such as process have corresponding meanings); and

Supervisory Authority: means any local, national or multinational agency, department, official, parliament, public or statutory person or any government or professional body, regulatory or supervisory authority, board or other body responsible for administering Data Protection Legislation.

D.2. DATA PROTECTION

D.2.1 Both Parties will comply with all applicable requirements of the Data Protection Legislation. This clause D.2 is in addition to, and does not relieve, remove or replace, a Party's obligations under the Data Protection Legislation.

D.2.1 The Parties acknowledge that for the purposes of the Data Protection Legislation, the Customer is the Data Controller and Cloudview UK is the Data Processor. In accordance with the requirements of the Data Protection Legislation Error! Reference source not found. sets out the scope, nature and purpose of processing by Cloudview UK, the duration of the processing and the types of personal data and categories of Data Subject.

D.2.3 Without prejudice to the generality of Clause D.2.1, the Customer shall:

D.2.3.1 ensure that it has all necessary appropriate consents and notices in place to enable the processing of the Personal Data to Cloudview UK for the duration and purposes of these Terms;

D.2.3.2 ensure that any Personal Data that it provides is lawfully disclosed or provided to Cloudview UK;

D.2.3.3 not cause Cloudview UK to be in breach of the Data Protection Legislation;

D.2.3.4 ensure that any instructions provided to Cloudview UK regarding the processing of Personal Data are lawful and shall, at all times, be in accordance with Data Protection Legislation;

D.2.3.5 have sole responsibility for the technical and organisational measures employed in its own environments and shall put in place any reasonable measures (including any reasonable measures recommended by Cloudview UK) in respect of the security of the Personal Data, which may include the pseudonymisation and encryption of the Personal Data;

D.2.3.6 indemnify Cloudview UK for any costs, damages, penalties, awards or fines suffered or incurred by Cloudview UK as a result of any claim by a third party, including a Data Subject or which are imposed upon by a Supervisory Authority in the event of any breach of this clause D.2 by the Customer.

D.2.4 Without prejudice to the generality of Clause D.2.1, Cloudview UK shall, in relation to any Personal Data processed in connection with the performance by Cloudview UK of its obligations under these Terms:

D.2.4.1 process that Personal Data only on the written instructions of the Customer unless Cloudview UK is required by the laws of any member of the European Union or by the laws of the European Union applicable to Cloudview UK to process Personal Data. Where Cloudview UK is relying on laws of a member of the European Union or European Union law as the basis for processing Personal Data, Cloudview UK shall promptly notify the Customer of this before performing the processing required by the Applicable Laws unless those Applicable Laws prohibit Cloudview UK from so notifying the Customer;

D.2.4.2 ensure that it has in place appropriate technical and organisational measures, reviewed and approved by the Customer, to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, ensuring the pseudonymisation, encryption, confidentiality, integrity, availability and resilience of its systems and services, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it);

D.2.4.3 ensure that all personnel who have access to and/or process the Personal Data are obliged to keep the Personal Data confidential; and

D.2.4.4 not transfer any Personal Data outside of the European Economic Area unless the prior written consent of the Customer has been obtained and the following conditions are fulfilled:

  1. the Customer or Cloudview UK has provided appropriate safeguards in relation to the transfer;
  2. the Data Subject has enforceable rights and effective legal remedies;
  3. Cloudview UK complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any Personal Data that is transferred; and
  4. Cloudview UK complies with reasonable instructions notified to it in advance by the Customer with respect to the processing of the Personal Data.

D.2.4.5 Cloudview UK shall assist the Customer in responding to any request from a Data Subject and in ensuring compliance with its obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with Supervisory Authorities or regulators and Cloudview UK shall be entitled to levy an additional charge on the Customer for its reasonable time and effort utilised in providing such prompt cooperation and assistance as well as any costs and expenses incurred;

D.2.4.6 notify the Customer without undue delay on becoming aware of a Personal Data breach and/or if any instructions of the Customer shall, to the knowledge of Cloudview UK, infringe Data Protection Legislation;

D.2.4.7 at the written direction of the Customer, delete or return the Personal Data and copies thereof to the Customer on termination of these Terms unless required by Applicable Law to store the Personal Data; and

D.2.4.8 maintain complete and accurate records and information to demonstrate its compliance with this clause D.2;

D.2.4.9 Cloudview UK shall allow for and contribute to audits, including inspections, conducted by the Customer (or another independent auditor proposed by the Customer and approved by Cloudview UK) for the purpose of demonstrating compliance by Cloudview UK and with their obligations under this clause D.2 provided that the Customer gives Cloudview UK reasonable prior notice of such audit and/or inspection and they are limited to no more than once per annum unless otherwise agreed by Cloudview UK. Cloudview UK shall be entitled to levy an additional charge on the Customer for its reasonable time and effort utilised in providing such contribution and assistance as well as any costs and expenses incurred.

D.2.5 The Customer consents to Cloudview UK appointing those third parties notified to the Customer as a third-party processor of the Personal Data. Cloudview UK confirms that it has entered into, or (as the case may be) will use its reasonable endeavours to enter into a written agreement incorporating terms which are substantially similar to and as far as reasonably possible on terms that are no less onerous than those set out in this clause D.2. As between the Customer and the Cloudview UK, Cloudview UK shall remain fully liable for all acts or omissions of any third-party processor appointed by it pursuant to this clause D.2.

D.2.6 Cloudview UK shall promptly notify Customer in writing of any loss or damage to the Customer Data. In the event of any loss or damage to Customer Data, Customer's sole and exclusive remedy shall be for Cloudview UK to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest backup of such Customer Data. Cloudview UK shall not be responsible for any loss, destruction, alteration or unauthorised disclosure of Customer Data caused by any third party (except those third parties subcontracted by Cloudview UK to perform services related to Customer Data maintenance and back-up) nor for the security or integrity of any Customer Personal Data during its transmission via public telecommunications facilities, the Internet or similar.

Data Processing Details:

SUBJECT-MATTER OF PROCESSING:

DURATION OF THE PROCESSING:

NATURE AND PURPOSE OF THE PROCESSING:

TYPE OF PERSONAL DATA:

CATEGORIES OF DATA SUBJECTS:

PROCESSING INSTRUCTIONS: