In this Agreement, the following words shall have the following meanings.
“Data Protection Legislation”
means all privacy laws applicable to the Data which is Processed under or in connection with this Agreement, including the General Data Protection Regulation (Regulation (EU) 2016/679) (the “GDPR”) and the Data Protection Act 2018 and all codes of practice, secondary legislation and regulatory guidance issued in respect to the above;
“Data Transfer Agreement”
means the individual who is the subject of any Personal Data;
“Process” and other derivations such as “Processed” and “Processing”
This Agreement shall, unless terminated in accordance with clause 2.2, run from the date the Principal Agreement commences until the date of termination of the Principal Agreement and then automatically expire. For the avoidance of doubt, this Agreement including without limitation the Supplier’s warranties shall also apply in respect of Personal Data (if any) transferred by the Customer to the Supplier prior to the date of this Agreement.
Minimum Security Measures
The Supplier shall use the same degree of care, but never less than a reasonable degree of care, to prevent unauthorized use or publication of Personal Data, as the Customer uses to protect its own information, and will implement any measures to protect Personal Data which are required by applicable law. The Supplier will be given a copy of the Customer’s current applicable privacy and data protection policies and shall (and shall procure that all Third Parties) comply with the same.
At a minimum, the Supplier agrees
Any additional security measures, where any specific requirements of a Project require specific uses of Personal Data, will be included within the Project Documentation.
Standard Contractual Clauses for Data Processors outside the EEA
Standard Contractual Clauses (processors)
For the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection
Both the data exporter (customer) and data importer (JobAdder Operations Pty Ltd) HAVE AGREED on the following Contractual Clauses (the “Clauses”) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Appendix 1.
For the purposes of the Clauses:
Details of the transfer
The details of the transfer and in particular the special categories of personal data where applicable are specified in Appendix 1 which forms an integral part of the Clauses.
Third-party beneficiary clause
Obligations of the data exporter
The data exporter agrees and warrants:
Obligations of the data importer
The data importer agrees and warrants:
The data importer may not rely on a breach by a subprocessor of its obligations in order to avoid its own liabilities.
Mediation and jurisdiction
Cooperation with supervisory authorities
The Clauses shall be governed by the law of the Member State in which the data exporter is established, namely England and Wales.
Variation of the contract
The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause.
Obligation after the termination of personal data processing services
APPENDIX 1 TO THE STANDARD CONTRACTUAL CLAUSES
This Appendix forms part of the Clauses and is consented to both parties
The Member States may complete or specify, according to their national procedures, any additional necessary information to be contained in this Appendix
The data exporter is the Customer pursuant to the Principal Agreement pursuant to which it has engaged the data importer to carry out software development activities
The data importer is the Supplier pursuant to the Principal Agreement pursuant to which it has been engaged by the data exporter to carry out SaaS services and the provision of the Services requires it to have access to data input by the Customer in order to host the software and permit the Customer to obtain the benefit of the SaaS services.
The personal data transferred concern the following categories of data subjects (please specify):
Customers of the data exporter
Employees of the data exporter
Other personnel of the data exporter
Contractors of the data exporter
Targets and leads
Job candidates and prospects
Categories of data
The personal data transferred concern the following categories of data (please specify):
System test data
Marketing data relating to targets and prospects
Data related to job candidates and prospects
Special categories of data (if appropriate)
The personal data transferred concern the following special categories of data (please specify):
The personal data transferred will be subject to the following basic processing activities (please specify):
They will be viewed by the data importer only in the course of providing the SaaS services and providing the software hosting environment to allow this to be provided.
APPENDIX 2 TO THE STANDARD CONTRACTUAL CLAUSES
This This Appendix forms part of the Clauses and must be completed and signed by the parties
Description of the technical and organisational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c) (or document/legislation attached):