Privacy Policy

Last updated: 1/12/2019

PRIVACY AND DATA PROTECTION

1.    For the purposes of understanding roles in regard to the General Data Protection Regulation (GDPR)(Regulation (EU) 2016/679) - SocialChief Limited is defined as the DataProcessor and the Client is the Data Controller.

2.    Use of the Website and the Services is also governed by SocialChief’s Privacy Policy which is incorporated into these terms and conditions by this reference.

3.    The Client, as Data Controller, appoints SocialChief as a Processor to process the Personal Data as described on the Client’s behalf.

4.    SocialChief will only process the Personal Data to provide the Services or otherwise to comply with applicable laws or
regulatory requirement.

5.    SocialChief will ensure that any person with access to or processing the Personal Data is subject to a duty of confidence.

6.    SocialChief will take appropriate technical and organisational security measures to ensure the security of processing and protect the Personal Data from accidental or unlawful destruction, loss, alteration, unauthorised access or disclosure or unlawful processing. TheClient authorises SocialChief to appoint sub-processors as they deem appropriate or necessary for the provision of the Services.

7.    SocialChief will assist the Client in providing subject access and allowing data subjects to exercise their rights under theGDPR.

8.    SocialChief will assist the Client in meeting itsGDPR obligations in relation to the security of processing, the notification of personal data breaches and data protection impact assessments.

9.    SocialChief will provide mechanisms for the Client to download all Personal Data at any time, to delete the record of a single DataSubject, and to delete all Personal Data at the end of the contract.

10.  The Client may exercise their right of Audit under GDPR legislation through SocialChief providing an audit report not older than 18 months prepared by an independent external auditor demonstrating SocialChief’s technical and organisational measures are sufficient to meet the obligations of a DataProcessor under GDPR.

11.  SocialChief will submit to Client audits and inspections, provided the Client pays an applicable audit fee in full, and in advance of the commencement of such audit.

12.  SocialChief will immediately inform the Client if it is asked to do something infringing the GDPR or other data protection law of the EU or a member state.

13.  Nothing within this contract relieves SocialChief of its own direct responsibilities and liabilities under the GDPR.