This Addendum is entered into between Avasam Limited (t/a Esetrix), a company registered in England and Wales with company number 11556922, whose registered office is at 9 Oliver Business Park, Oliver Road, London, NW10 7JB, United Kingdom; and the Controller (the "Client"), who has agreed to the Esetrix Terms of Service.
In this Addendum, the following terms shall have the meanings set out below:
As detailed in Annex 1 of this Addendum.
Esetrix shall process Personal Data only on documented instructions from the Controller, including with regard to transfers of Personal Data to a third country, unless required to do so by applicable law. In such a case, Esetrix shall inform the Controller of that legal requirement before Processing, unless prohibited by law.
Esetrix shall comply with all applicable Data Protection Legislation in the Processing of Personal Data.
Esetrix shall ensure that all personnel authorised to process Personal Data are bound by confidentiality obligations or are under an appropriate statutory obligation of confidentiality.
Esetrix shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:
Esetrix shall assist the Controller by appropriate technical and organisational measures, insofar as possible, in fulfilling the Controller's obligations to respond to requests to exercise Data Subject rights under the Data Protection Legislation.
Esetrix shall notify the Controller without undue delay (and in any event within 24 hours) upon becoming aware of a Personal Data Breach affecting the Personal Data Processed under this Addendum.
Esetrix shall provide the Controller with sufficient information to meet any obligations to report or inform Data Subjects of the Personal Data Breach under the Data Protection Legislation.
Esetrix shall assist the Controller with data protection impact assessments and prior consultations with supervisory authorities or other competent data privacy authorities, if required.
At the choice of the Controller, Esetrix shall delete or return all Personal Data to the Controller after the end of the provision of Services relating to Processing, and delete existing copies unless applicable law requires storage of the Personal Data.
Esetrix shall make available to the Controller all information necessary to demonstrate compliance with the obligations laid down in this Addendum and allow for and contribute to audits, including inspections, conducted by the Controller or an auditor mandated by the Controller.
The Controller shall give reasonable notice of any audit or inspection and shall make reasonable efforts to minimise disruption to Esetrix's business.
Esetrix shall not transfer Personal Data outside the UK unless it takes such measures as are necessary to ensure the transfer is in compliance with Data Protection Legislation.
Where applicable, Esetrix shall enter into Standard Contractual Clauses or rely on other approved transfer mechanisms to ensure adequate protection of Personal Data.
The Controller shall comply with all obligations applicable to it under the Data Protection Legislation with respect to Processing of Personal Data.
The Controller shall provide documented instructions to Esetrix for the Processing of Personal Data.
The Controller shall ensure that its instructions comply with Data Protection Legislation and that the Processing of Personal Data in accordance with such instructions will not cause Esetrix to be in breach of any Data Protection Legislation.
The Controller warrants that:
The Controller shall indemnify and hold harmless Esetrix against all claims, actions, third-party claims, losses, damages, and expenses incurred by Esetrix arising from any breach of this Addendum or Data Protection Legislation by the Controller.
Both parties shall implement and maintain appropriate technical and organisational measures to protect Personal Data against unauthorised or unlawful Processing and against accidental loss, destruction, damage, theft, alteration, or disclosure.
Each party shall maintain accurate records to demonstrate compliance with this Addendum and Data Protection Legislation.
Each party's liability arising out of or related to this Addendum, whether in contract, tort, or under any other theory of liability, is subject to the limitations and exclusions of liability set out in the Agreement.
This Addendum may be amended at any time by a written agreement between the parties.
Esetrix reserves the right to update this Addendum as necessary to reflect changes in law or best practices. Any amendments will be communicated to the Controller in writing.
This Addendum is governed by the laws of the United Kingdom.
Any disputes arising from or in connection with this Addendum shall be subject to the exclusive jurisdiction of the courts of England and Wales.
If any provision of this Addendum is held to be invalid or unenforceable, the remaining provisions shall remain in full force and effect.
Processing of Personal Data necessary to provide the Services under the Agreement, including facilitating order placement, fulfilment, and related support activities.
For the duration of the Agreement and until all Personal Data is deleted or returned in accordance with this Addendum.
Customers of the Controller who place orders through the Controller's sales channels integrated with the Esetrix platform.
None intentionally collected or processed.
Esetrix shall process Personal Data only as necessary to provide the Services in accordance with the Agreement and this Addendum.
Esetrix may engage the following categories of Subprocessors:
A current list of Subprocessors can be provided upon request.
If you have questions about this Data Processing Addendum or need to request the current list of Subprocessors, please contact us.