This Data Processing Agreement (the “DPA”) constitutes a legally binding agreement between Uniqode and Customer. Customer and Uniqode are hereinafter referred to individually as a “Party” and collectively as the “Parties”). Customer is required to read this DPA carefully as this DPA forms an integral part of the terms of service available at https://www.uniqode.com/terms-of-service (the “Terms”) and is applicable where Uniqode are the Processors of Customer’s Personal Data originating from the EEA and/or Switzerland.
Terms not specifically defined herein shall have the meaning ascribed thereto in the terms.
In this DPA, the following terms shall have the following meanings:
“Data Protection Laws” shall mean the data protection laws of the country in which Customer are established and any data protection laws applicable to Customer in connection with the Terms, including but not limited to (a) the GDPR; (b) in respect of the UK, the GDPR as saved into United Kingdom by virtue of section 3 of the United Kingdom European Union (Withdrawal) Act 2018 (“UK GDPR”) and the UK Data Protection Act, 2019 (together, “UK Data Protection Laws”); (c) the Swiss Federal Data Protection Act and its implementing regulations (“Swiss DPA”); in each case, as may be amended or superseded.
“GDPR” shall mean the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the Processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
“UK GDPR” shall mean the GDPR as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of the European Union (Withdrawal) Act 2018
“Personal Data” shall mean any information relating to an identified or identifiable natural person as defined by the General Data Protection Regulation of the European Union ("GDPR" EC-2016/679) that is Processed by the Processor as part of providing the Services to Customer.
“Restricted Transfer” means: (i) where the GDPR applies, a transfer of Personal Data from the EEA to a country outside the EEA which is not subject to an adequacy determination by the European Commission; (ii) where the UK GDPR applies, a transfer of Personal Data from the UK to any other country which is not based on adequacy regulations pursuant to Section 17A of the Data Protection Act 2018; and (iii) where the Swiss DPA applies, a transfer of Personal Data to a country outside of Switzerland which is not included on the list of adequate jurisdictions published by the Swiss Federal Data Protection and Information Commissioner.
“Standard Contractual Clauses” or “SCCs” means (i) where the GDPR applies, the standard contractual clauses as approved by the European Commission (Implementing Decision (EU) 2021/914 of 04 June 2021) Implementing Decision (EU) 2021/914 of 04 June 2021) and available at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32021D0914 (“EU SCCs”); (ii) where the UK GDPR applies, the International Data Transfer Addendum to the EU SCCs issued by the UK Information Commissioner, Version B1.0, in force from 21 March 2022 set forth as Schedule D (“UK SCCs”) and (iii) where the Swiss DPA applies, the applicable standard data protection clauses issued, approved or recognized by the Swiss Federal Data Protection and Information Commissioner (the “Swiss SCCs”) (in each case, as updated, amended or superseded from time to time).
“Sensitive Personal Information” means information that relates to an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health, or data concerning a natural person's sex life or sexual orientation. It also includes information about an individual's criminal offences or convictions, as well as any other information deemed sensitive under applicable data protection laws
“Controller”, “Data Subject”, “Personal Data Breach”, “Processor” and “Process” shall have the meaning given to them in the GDPR.
Beacosntac will restrict it’s personnel from Processing Personal Data without authorization. Uniqode will impose appropriate contractual obligations upon it’s personnel, including relevant obligations regarding confidentiality, data protection and data security.
Uniqode shall implement and maintain appropriate technical and organizational security measures to ensure that Personal Data is Processed according to this DPA, to provide assistance and to protect Personal Data against a Personal Data Breach ("TOMs"). Such measures shall include the measures set out in Schedule B.
In respect of any Personal Data Breach (actual or reasonably suspected), Uniqode shall:
Upon termination of Customer’s Account, Uniqode may delete all Service Data, including Personal Data in accordance with the procedure set forth in the Terms. This requirement shall not apply to the extent that Uniqode is permitted by applicable law to retain some or all of the Personal Data, in which event Uniqode shall isolate and protect the Personal Data from any further processing.