Canada agents data protection
DATA PROTECTION ADDENDUM
|controller, processor, subprocessor, data subject, personal data, personal data breach, processing, appropriate technical and organisational measures||as defined in the Data Protection Legislation.|
|Data Protection Legislation||Data Protection Legislation means:
· the UK Data Protection Act 2018,
· any applicable additional laws or regulations relating to the processing of personal data,
· any applicable legally binding guidance and codes of practice issued by the UK Information Commissioner’s Office.
2.1. The parties agree that Talkremit is the controller, and the Agent is the processor, in relation to Customer Data. The scope, nature and purpose of processing by the Agent, the duration of the processing and the types of personal data and categories of data subject, are set out further below.
2.2. The Agent will comply with its obligations as processor under Data Protection Legislation and shall:
2.2.1. ensure that any of its staff who have access to and/or process Customer Data are obliged to keep the Customer Data confidential,
2.2.2. take all reasonable steps to ensure the reliability of any of its staff who have access to Customer Data and ensure that access to the Customer Data is limited to such authorised staff only who require access to it for the purpose of complying with the obligations under this Agreement,
2.2.3. not transfer any such Customer Data to any third party without the consent of Talkremit,
2.2.4. not transfer any such Customer Data outside Canada (other than to Talkremit) without the consent of Talkremit, and
2.2.5. only act on the instructions of Talkremit and in accordance with the terms of this Agreement when processing such personal data. The parties agree that this Agreement represents the documented instructions of Talkremit.
3. Data Protection Impact Assessment
3.1. The Agent will, at Talkremit’s request, assist Talkremit with the preparation of any Data Protection Impact Assessment required by the Data Protection Legislation before commencing any processing (including provision of detailed information and assessments in relation to processing operations, risks and measures).
4. Data Subject Requests
4.1. The Agent shall notify Talkremit of any subject requests it receives and shall assist Talkremit in the handling of subject request.
5.1. If Agent engages sub-processors for carrying out specific processing activities on behalf of the Agent, the same data protection obligations set out in this Schedule shall be imposed on that sub-processor by way of a contract, so as to meet the requirements of the Data Protection Legislation.
6. Information Security
6.1. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the Agent shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:
6.1.1. the pseudonymisation and encryption of personal data,
6.1.2. the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services,
6.1.3. the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident,
6.1.4. a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
7. Personal Data Breach
7.1. The Agent shall notify Talkremit immediately upon becoming aware of any Personal Data Breach and shall take all reasonable steps to mitigate such breach. the Agent shall cooperate with Talkremit and any regulator in connection with such breach.
8.1. the Agent shall Provide such assistance to Talkremit as is set out for processors in the Data Protection Legislation.
9. Bad instructions
9.1. the Agent or any sub-processor shall immediately inform Talkremit if, in its opinion, an instruction infringes the Data Protection Legislation.
10. Termination or expiry
10.1. At the termination or expiry of this Agreement the Agent shall, at Talkremit’s written request, delete or return to Talkremit the Customer Data.
11. Scope, nature and purpose of processing
11.1. Subject matter of the processing: Processing of personal data in relation to transfer or money.
11.2. Duration of the processing: For the term of this Agreement.
11.3. Nature and purposes of the Processing: Processing of personal data in relation to the transfer of money.
11.4. Type of Personal Data:
Name, address, contact details, bank detail, ID documents.
11.5. Categories of Data Subject: Persons wishing to transfer or receive money.
11.6. Plan for return or destruction of the data once the Processing is complete: As set out in this Agreement.