+44 (0)203 026 2501

team@reputiser.com

Sign in   

DATA PROTECTION AGREEMENT


This Data Protection Agreement ("Agreement") is entered into between Reputiser (operated by J Pawagadhi T/A reputiser.com) and the undersigned Customer identified in the applicable Appendix I under the "Controller" section and the signature block below ("Customer") as of the last date beneath the Customer’s and Reputiser’s signature blocks below ("Addendum Effective Date"). This Agreement forms part of the agreement between the Customer and Reputiser governing the Customer's use of the Services (as defined below).

CLAUSE 1: Purpose and Scope

(a) The purpose of this Agreement is to ensure compliance with Article 28(3) and (4) of Regulation (EU) 2016/679 ("GDPR") on the protection of natural persons regarding the processing of personal data and on the free movement of such data.

(b) The controllers and processors listed in Appendix I have agreed to these Clauses to ensure compliance with Article 28(3) and (4) of the GDPR.

(c) These Clauses apply to the processing of personal data detailed in Appendix II.

(d) Appendices I to III are an integral part of these Clauses.

(e) These Clauses are without prejudice to obligations to which the Customer is subject by virtue of GDPR or other applicable laws.

(f) These Clauses do not by themselves ensure compliance with obligations concerning international transfers in accordance with Chapter V of GDPR. They are complemented by Standard Contractual Clauses (SCCs) for personal data transfers outside the EU/EEA if needed.

CLAUSE 2: Invariability of the Clauses

(a) The Parties undertake not to modify these Clauses except to add information to the Appendices or update them.

(b) This does not prevent the Parties from including these Clauses in a broader contract or adding other clauses, provided that such additions do not contradict or detract from data subjects' fundamental rights or freedoms.

CLAUSE 3: Interpretation

(a) Terms used in these Clauses shall have the same meanings as defined in GDPR.

(b) These Clauses must be read in light of the provisions of GDPR.

(c) These Clauses must not be interpreted in a way that contradicts the rights and obligations enshrined in GDPR or prejudices the rights or freedoms of data subjects.

CLAUSE 4: Hierarchy

In the event of any conflict between these Clauses and other provisions in the agreement between the Parties, these Clauses shall prevail.

CLAUSE 5: Docking Clause

(a) Any entity not originally a Party to these Clauses may accede to them as a controller or processor with the agreement of all Parties by completing and signing Appendix I.

(b) Once the Appendices are signed, the acceding entity is treated as a Party to these Clauses.

(c) No rights or obligations exist under these Clauses for the acceding entity for the period before it joins.

CLAUSE 6: Description of Processing(s)

The details of the processing operations, including the categories of personal data and the purposes, are outlined in Appendix II.

CLAUSE 7: Roles of the Parties

7.1 Instructions (a) Reputiser processes personal data only on documented instructions from the Customer, unless required by applicable law. If required to act without instructions, Reputiser will inform the Customer unless prohibited by law. The Customer may provide documented instructions throughout the processing period.

(b) Reputiser will notify the Customer if an instruction infringes GDPR or other applicable data protection provisions.

7.2 Purpose Limitation Reputiser processes personal data strictly for the purposes specified in Appendix II.

7.3 Duration Processing will take place for the duration outlined in Appendix II.

7.4 Security (a) Reputiser implements the technical and organizational measures specified in Appendix III to secure the personal data. Measures include encryption, access controls, event logging, and more. Adequate measures will be updated to reflect technology and risk factors.

(b) Reputiser ensures that only authorized personnel with confidentiality agreements can access personal data.

7.5 Sensitive Data For processing sensitive data (e.g., racial, health, or biometric data), specific restrictions and safeguards apply.

7.6 Compliance with Instructions Reputiser demonstrates compliance and addresses inquiries promptly.

7.7 Audits Reputiser will provide necessary information or allow audits to confirm compliance but requires prior written notice (14 business days). The Customer may appoint a third-party auditor and consider certifications Reputiser holds.

7.8 Sub-processors (a) Reputiser is authorized to engage sub-processors listed in Appendix II, notifying the Customer of changes. Objections must be made within 15 days.

(b) Sub-processors will be held to contractual obligations aligning with these Clauses.

7.9 Data Transfers Reputiser ensures all data transfers outside the EU/EEA comply with GDPR Chapter V and SCCs are implemented as necessary.

CLAUSE 8: Assistance to the Customer

8.1 Responding to Data Subject Requests (a) Reputiser notifies the Customer of any data subject access requests and assists the Customer in fulfilling legal obligations.

8.2 Other Assistance Reputiser assists the Customer in conducting data protection impact assessments, maintaining data accuracy, and notifying supervisory authorities of breaches.

CLAUSE 9: Notification of Data Breach

Reputiser notifies the Customer promptly in the event of a personal data breach, including all available details of the breach and measures to mitigate its impact.

CLAUSE 10: Termination

10.1 Suspension Reputiser allows the Customer to suspend processing if these Clauses or applicable laws are breached.

10.2 Deletion or Return of Data Upon termination, Reputiser deletes all data or returns it to the Customer unless required otherwise by law.

APPENDICES

APPENDIX I: List of Parties

Controller: Name: [Customer Name]

Address: [Customer Address]

Contact: [Customer Data Protection Officer Contact]

Processor: Name: J Pawagadhi T/A reputiser.com

Address: [Insert Reputiser Address]

Contact: team @reputiser.com

APPENDIX II: Description of the Processing

  • Categories of Data Subjects: Customers and end-users.
  • Categories of Data: Contact details, transaction details, review data.
  • Nature of Processing: Collecting, storing, managing, and analysing reviews.
  • Purpose of Processing: Reputation management for the Customer's business.
  • Duration of Processing: Data is processed for the duration of the Customer's subscription to the Reputiser service. Upon termination, personal data will be returned or deleted.

APPENDIX III: Security Measures

  • Encryption of data (AES-256 at rest, TLS 1.2/1.3 in transit).
  • Access controls and user authentication.
  • Regular backups and disaster recovery.
  • Event and incident monitoring.