Data Processing Terms

Schedule 2

Last Updated 17th September, 2020

Definitions

  1. The following terms shall have the following meaning: “Data Protection Legislation” means the data protection laws applicable to the processing of personal data in connection with the Services, including, where applicable, the General Data Protection Regulation, Data Protection Act 2018 and similar laws, or the applicable data privacy laws of any other relevant jurisdiction, in each case as amended, extended or re-enacted from time to time. The terms “personal data”, “process(ing)”, “data subject”, “personal data breach” “controller”, and “processor” shall have the meaning given to them in the applicable Data Protection Legislation which, however, shall be limited to the extent they relate to the processing of Client Personal Data. “Client Personal Data” means the personal data processed in connection with the Services by WildPress on behalf of Client and companies within the Client’s Group, as the case may be, as further described in the Statement of Work (Details of data processing).
  2. Each party shall comply with Data Protection Legislation.
  3. Both parties acknowledge that under this Agreement:
    1. Client is the controller in relation to Client Personal Data; and
    2. WildPress is a processor in relation to Client Personal Data.
  4. In relation to its processing of Client Personal Data during the Term, save as otherwise provided by law, WildPress agrees to:
    1. process personal data only as required in connection with the Services in accordance with the Client’s documented lawful instructions reasonably given in the context of the Services from time to time, and inform the Client if, in WildPress’ opinion, an instruction infringes the Data Protection Legislation;
    2. implement appropriate technical and organisational measures to appropriately safeguard Client Personal Data having regard to the nature of Client Personal Data which is to be protected and the risk of harm which might result from any personal data breach as required under Data Protection Legislation;
    3. notify the Client without undue delay if it becomes aware of a personal data breach. Where practicable, WildPress will provide phased notifications as information becomes available. WildPress will investigate the personal data breach and take reasonable action to identify, prevent and mitigate the effects of the personal data breach caused by WildPress. At the Client’s expense, WildPress will take such further action as the Client may reasonably request to comply with Data Protection Legislation;
    4. inform without undue delay the Client of any data subject requests under Data Protection Legislation or regulatory or law enforcement requests relating to Client Personal Data. WildPress may acknowledge each data subject access request. Where agreed, WildPress may, at Client’s expense, respond to the subject access request on Client’s behalf;
    5. not transfer any Client Personal Data outside the UK or European Economic Area except where required by law or to a Subprocessor (as defined below) appointed in accordance with paragraph 1.5 of this Schedule 2 and subject to implementing appropriate safeguards as required by law, such as, where applicable, executing European standard contractual clauses with the recipient;
    6. ensure that persons authorised to process Client Personal Data have committed themselves to confidentiality;
    7. at Client’s expense, provide such assistance as the Client may reasonably require in order to ensure the Client’s compliance with Data Protection Legislation in relation to data security, data breach notifications, data protection impact assessments and prior consultations with the Information Commissioner’s Office;
    8. at Client’s expense, assist the Client in complying with its obligations under the Data Protection Legislation by making available to the Client the information necessary to demonstrate its compliance with the Data Protection Legislation and allowing for and contributing to audits and inspections carried out by an independent third party, as the parties may agree from time to time; and
    9. delete or return all Client Personal Data to the Client after the end of the provision of Services in accordance with clause 11.2(c) of the Agreement. WildPress may delete or destroy any Client Personal Data that are no longer needed in order to provide the Services.
  5. With the Client’s consent pursuant to clause 15.1 of the Agreement, WildPress will engage subcontractors to process Client Personal Data (each a “Subprocessor”) subject to paragraph 1.6 of this Schedule 2.
  6. When engaging a Subprocessor, WildPress will:
    1. carry out reasonable due diligence;
    2. enter into a contract on terms, as far as practicable, same as those in this Schedule 2, and which may include European standard contractual clauses to provide adequate safeguards with respect to the processing of Client Personal Data. However, where the Subprocessor provides industry standard services (e.g. AWS, Gmail) and operates on non-negotiable terms, then, notwithstanding anything to the contrary in this Agreement, WildPress may accept such terms. WildPress will on request, subject to confidentiality, provide a copy of such terms to Client and both parties agree to comply with such terms. WildPress’ liability to Client in respect of data protection obligations of such Subprocessor shall be limited in the same way as that of the Subprocessor under its non-negotiable terms; and
    3. inform the Client of any intended changes concerning the addition or replacement of a Subprocessor from time to time. If the Client objects to any such change on reasonable grounds, then acting in good faith the parties will work together to resolve such objection. If they are unable to resolve the objection, WildPress may terminate the Agreement without liability by notice with immediate effect.
  7. The Client shall promptly provide such assistance as WildPress may reasonably require in order to comply with its data protection and security obligations under this Agreement.
  8. The Client warrants and represents on a continuous basis that its instructions under this Schedule 2 will not put WildPress or any Subprocessor in breach of the law and that it and its agents will not deliberately do or omit to do anything which may put WildPress or any Subprocessor in such breach.
  9. The Client shall pay to WildPress within 7 days of invoice date or within such other Payment Term as may be specified in the Statement of Work any costs and expenses including without limitation reasonable attorney fees and the cost of preparing and sending correspondence incurred by WildPress and/or companies in WildPress’ Group in connection with carrying out duties at the Client’s expense under this Schedule 2.
  10. Save as otherwise required by law, the Client may not publish any filing, communication, notice, press release, or report concerning any personal data breach involving WildPress without WildPress’ prior written approval; such approval shall not be unreasonably withheld.
  11. The rights under this Schedule 2 must not be exercised in bad faith to cause the Services to be suspended or frustrated. The suspension or frustration of the Services on grounds relating to this Schedule shall not affect the Client’s liability to pay any charges or expenses under the Agreement for the remainder of the Term. Any Client request that, acting reasonably, WildPress believes is disproportionate, taking into account the context of the Services and the parties’ obligations under Data Protection Legislation, will be subject to a prior discussion between the parties in good faith and an agreement on the scope of services required and, where applicable, the payment of reasonable charges and expenses.
  12. Apart from the Client and WildPress or their successors no other party shall have any rights under this Schedule.
  13. In addition to any exclusion and limitation of liability under clause 7 of the Agreement, WildPress shall not be liable under Data Protection Legislation or this Schedule 2 to the extent any loss or damage is caused or contributed to by Client, its group companies, contractors or agents. `