Data Processing Agreement (DPA)
This Data Processing Agreement ("DPA") is incorporated into the Terms and Conditions of Business between Jim Pirrie Ltd ("We", "Us", or "Our") and You ("You" or "Your").
[[img_68a315c4b17e1_75]]
1. Definitions
- Controller: The entity that determines the purposes and means of the processing of Personal Data.
- Processor: The entity that processes Personal Data on behalf of the Controller.
- Personal Data: Any information relating to an identified or identifiable natural person.
- Processing: Any operation performed on Personal Data, including collection, storage, alteration, retrieval, use, disclosure, or deletion.
- Applicable Data Protection Law: UK GDPR, Data Protection Act 2018, and other applicable laws governing personal data protection.
2. Roles
You are the Controller of Personal Data. We are the Processor only to the extent that We process Personal Data on Your behalf in connection with Our Services.
3. Scope and Purpose
We will process Personal Data only:
- On documented instructions from You;
- For the purpose of delivering Services under Our agreement;
- In compliance with Applicable Data Protection Law.
4. Confidentiality
We ensure that persons authorised to process the data are under a duty of confidentiality.
5. Security
We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk.
6. Sub-processors
We currently use the following sub-processors to support service delivery and data processing:
| Name | Purpose | Location |
|---|---|---|
| Microsoft 365 | Contact management and data storage | EU |
| DropBox | Data storage | USA |
| Descript | Video processing | USA |
| MailJet | Email communication | EU |
| Groove Apps | Email communication | USA |
| Ionos VPS | Data storage | London |
We ensure sub-processors are bound by equivalent data protection obligations.
7. Data Subject Rights
We assist You in fulfilling Your obligations to respond to data subject requests, including access, rectification, erasure, and portability, within the legal timeframe.
8. Assistance and Breach Notification
We will inform You without undue delay of any personal data breach. We will assist with data protection impact assessments and consultations with supervisory authorities, as required.
9. Data Transfers
We will not transfer Personal Data outside the UK without appropriate safeguards in place in accordance with Applicable Data Protection Law.
10. Termination and Deletion
Upon termination of the agreement or upon Your request, We will delete or return all Personal Data unless otherwise required by law.
11. Audits
We will provide necessary information to demonstrate compliance with this DPA and permit audits conducted by You or Your auditor (subject to reasonable notice and confidentiality obligations).
12. Contact
For questions related to this DPA, please contact [email protected].
This DPA forms part of Our Terms and Conditions of Business.