Services Pricing Insights Contact

Data Processing Agreement

Your privacy matters. Here's how we handle your data at Green Orbit Digital.

In short – We promise to look after your data, and have in place clear policies to ensure that our processes comply with our legal obligations, and our obligations to you, as our client. The necessary legal blurb follows below. If it’s too legal jargon-y, please let us know!

The Details

Parties

  1. Green Orbit Digital Ltd, incorporated and registered in England and Wales (Processor)
  2. Client Company – details as per those given on this quote (Controller)

From this point onwards, collectively referred to as ‘Parties’ and individually as a ‘Party’.

Background

References to the term “Data Processing Agreement” means this Agreement and the schedules outlined at the end of this agreement.

  • Schedule 1 – Services, Processing, Personal Data and Data Subjects
  • Schedule 2 – Security Measures

The Parties have agreed to enter into this Agreement to ensure compliance with the applicable data protection legislation (“Data Protection Legislation”) relating to the processing of Personal Data by the Processor for the Controller.

1. Agreed Terms

The terms and expressions set out in this Agreement shall have the following meanings:

1.1 Data Protection Legislation
(i) unless and until the GDPR is no longer directly applicable in the UK, the General Data Protection Regulation ((EU) 2016/679) and any national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK and then (ii) any successor legislation.
1.2 Controller / Processor / Processing / Data Subject
Shall have the meanings given to them in the Data Protection Legislation.
1.3 ICO
The Information Commissioner’s Office.
1.4 Personal Data
All such “personal data” as defined in the Data Protection Legislation processed by the Processor on behalf of the Controller.
1.5 Services
Those services described in Schedule 1 provided by the Processor to the Controller.
1.6 Security Measures
The security measures set out in Schedule 2.

… (retain full agreement text: Scope of Processing, Security Measures, Breach Notification, Sub-Processing, Warranties, Confidentiality, Termination, General).

Schedule 1 – Services, Processing, Personal Data and Data Subjects

1. Services

The services as outlined in this quote, plus any additional services agreed by both parties as necessary for project completion.

2. Processing

Personal Data will only be used in the manner the Controller instructs, and as required to provide the agreed services.

3. Personal Data

  • Company accounts information
  • Website credentials
  • Names and email addresses
  • Other special categories of data

4. Data Subjects

  • Controller’s employees
  • Customer contacts
  • Subcontractor employees

Schedule 2 – Security Measures

  1. Maintain security measures appropriate to the harm that might result from unlawful processing or accidental loss, and to the nature of the data.
  2. Security policy with risk assessment, responsibilities, staff dissemination, and feedback loop.
  3. Safeguards and virus protection in line with best practice.
  4. Prevent unauthorised access to Personal Data.
  5. Secure storage and transfer of Personal Data (encryption, couriers, password protection).
  6. Confidentiality and reliability requirements for all personnel with access to Personal Data.
  7. Secure backup, disposal, and breach detection procedures.
  8. Adherence to ISO/IEC 27001:2013 standards as appropriate.