Either you and/or your affiliates, including subsidiaries and holding companies (collectively “you” and “your”), receive services from AERTEL LTD t/a Xinix World.
With effect from 25th May 2018, the terms set out below will come into force between you and AERTEL so that you and AERTEL comply with the General Data Protection Regulation.
“Data Controller”, “Data Processor”, “Data Subject”, “Personal Data” and “Processing” have the same meanings given to those terms in the Data Protection Legislation;
“Data Protection Legislation” means the DPA, the EU Data Protection Directive 95/46/EC, the Regulation of Investigatory Powers Act 2000, the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 (SI 2000/2699), the Electronic Communications Data Protection Directive 2002/58/EC, the Privacy and Electronic Communications (EC Directive) Regulations 2003 and all applicable laws and regulations relating to processing of personal data and privacy from time to time including the General Data Protection Regulation (EU) 2016/679;
“DPA” means the Data Protection Act 1998 and any successor legislation;
“Processing Details” the processing details set out in the Annex which sets out the scope, nature and purpose of Processing by AERTEL, the duration of the Processing, the types of Personal Data and the categories of Data Subject.
“Subprocessor” means any person (including any third party, but excluding an employee of AERTEL appointed by or on behalf of AERTEL to process Personal Data on your behalf.
“Working Day” means any day excluding Saturdays, Sundays and the usual bank holidays in England.
1. You and AERTEL and our respective employees shall observe the requirements of the Data Protection Legislation and shall comply with any request made or direction given to the other which is directly due to the requirements of the Data Protection Legislation.
2. You and AERTEL agree that for the purposes of the Data Protection Legislation you shall, in respect of all your data which is Personal Data, be the Data Controller and AERTEL shall be the Data Processor.
3. You confirm that any Personal Data supplied to AERTEL has been collected and disclosed in accordance with the Data Protection Legislation and AERTEL is entitled to process the Personal Data.
4. The Processing Details sets out the scope, nature and purpose of Processing by AERTEL, the duration of the Processing, the types of Personal Data and the categories of Data Subject. You will keep us updated as to the types of Personal Data and categories of Data Subjects that may be included in the processing of Personal Data on your behalf.
5. AERTEL shall take all measures required pursuant to Article 32 GDPR and also appropriate technical and organisational measures against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data. AERTEL shall ensure that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
6. AERTEL shall not transfer any Personal Data outside of the European Economic Area unless you have given us prior written consent. AERTEL shall comply with reasonable instructions notified to AERTEL in advance by you with respect to the processing of Personal Data.
7. AERTEL shall assist you, at your cost, with all Data Subject access requests under the Data Protection Legislation which may be received from the Data Subject of any Personal Data forming part of your data.
8. AERTEL shall notify you without undue delay of and about any actual incident of unlawful destruction or accidental loss or disclosure or access to your data that may include Personal Data.
9. AERTEL shall make available to you all information reasonably necessary to demonstrate compliance with its obligations laid down in Article 28 of the GDPR and allow for and contribute to audits, including inspections, conducted by you or another auditor mandated by you. Notwithstanding such rights AERTEL may, in its absolute discretion, use independent third party auditors to verify the adequacy of the security controls that apply to the services we provide to you and AERTEL’s compliance with its obligations under the provisions contained in this Addendum.
10. On your written direction, AERTEL shall delete or return to you, at your cost, all Personal Data on termination of the contract between us unless AERTEL is required by any law to store the Personal Data.
11. You and AERTEL each agree the following provisions so far as they relate to Subprocessors:
12. You acknowledge that if any claim or action is brought by a Data Subject arising from any action or omission by AERTEL, AERTEL shall not be liable to the extent such action or omission resulted directly or indirectly from your instructions.
AERTEL processes Personal Data to enable it to provide the services under your contract with AERTEL and to comply with any legal obligations imposed upon it.
AERTEL shall process Personal Data no longer than is necessary in order to perform its obligations under the contract with you or in order to comply with any legal requirement regarding the Processing of Personal Data.
If there are any inconsistencies between the terms contained above and the contract between you and AERTEL the terms contained above shall take priority.
The provisions contained in this letter shall not affect any other provision contained in the contract between you and AERTEL and the contract shall remain in full force and effect.