13.1 Both parties will comply with all applicable requirements of the Data Protection Legislation. This clause 13 is in addition to, and does not relieve, remove or replace, a party’s obligations or rights under the Data Protection Legislation.
13.2 The parties acknowledge that:
- 13.2.1 if Adstream processes any personal data on the Customer’s behalf when performing its obligations under this agreement, the Customer is the controller and Adstream is the processor for the purposes of the Data Protection Legislation.
- 13.2.2 the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and Adstream’s other obligations under this agreement.
13.3 Without prejudice to the generality of clause 13.1, the Customer will ensure that it has all necessary appropriate consents and notices in place to enable lawful transfer of the personal data to Adstream for the duration and purposes of this agreement so that Adstream may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer’s behalf.
13.4 Without prejudice to the generality of clause 13.1, Adstream shall, in relation to any personal data processed in connection with the performance by Adstream of its obligations under this agreement:
- 13.4.1 process that personal data only on the documented written instructions of the Customer unless Adstream is required by the laws of any member of the European Union or by the laws of the European Union applicable to Adstream and/or Domestic UK Law (where Domestic UK Law means the UK Data Protection Legislation and any other law that applies in the UK) to process personal data (Applicable Laws). Where Adstream is relying on Applicable Laws as the basis for processing personal data, Adstream shall promptly notify the Customer of this before performing the processing required by the Applicable Laws unless those Applicable Laws prohibit Adstream from so notifying the Customer;
- 13.4.2 not transfer any personal data outside of the European Economic Area and the United Kingdom unless the following conditions are fulfilled:
- (a) the Customer or Adstream has provided appropriate safeguards in relation to the transfer;
- (b) the data subject has enforceable rights and effective legal remedies;
- (c) Adstream complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any personal data that is transferred; and
- (d) Adstream complies with reasonable instructions notified to it in advance by the Customer with respect to the processing of the personal data;
- 13.4.3 assist the Customer, at the Customer’s cost, in responding to any request from a data subject and in ensuring compliance with its obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators;
- 13.4.4 notify the Customer without undue delay on becoming aware of a personal data breach;
- 13.4.5 at the written direction of the Customer, delete or return personal data and copies thereof to the Customer on termination of the agreement unless required by Applicable Law to store the personal data (and for these purposes the term “delete” shall mean to put such data beyond use); and
- 13.4.6 maintain complete and accurate records and information to demonstrate its compliance with this clause 13 and immediately inform the Customer if, in the opinion of Adstream, an instruction infringes the Data Protection Legislation.
13.5 Each party shall ensure that it has in place appropriate technical and organisational measures, reviewed and approved by the other party, to protect against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting personal data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to personal data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it).
13.6 As between the Customer and Adstream, Adstream shall remain fully liable for all acts or omissions of any third-party processor appointed by it pursuant to this clause 13.
13.7 Either party may, at any time on not less than 30 days’ notice, revise this clause 13 by replacing it with any applicable controller to processor standard clauses or similar terms forming part of an applicable certification scheme (which shall apply when replaced by attachment to this agreement).
Contents{/a}
Definitions{/a}
1. Interpretation{/a}
2. Overriding Provisions{/a}
3. Access to the Services{/a}
4. Payment of Charges, VAT & Withholding Taxes{/a}
5. Warranties{/a}
6. Confidentiality{/a}
7. Customer Data and Information Security{/a}
8. Intellectual Property{/a}
9. Term And Termination{/a}
10. Consequences of Termination and Expiry{/a}
11. Acknowledgements, Liability and Indemnities{/a}
12. Force Majeure{/a}
13. Data Protection{/a}
14. Transfer and Sub-Contracting{/a}
15. The Contracts (Rights of Third Parties) Act 1999{/a}
16. Dispute Resolution{/a}
17. Waiver and Severability{/a}
18. Previous Terms and Conditions{/a}
19. Entire Agreement and Variation{/a}
20. Notices{/a}
21. Youtube{/a}
22. Law and Jurisdiction{/a}