X

Request a demo

* indicates required

Software
Data Processing

Data Processing Addendum

1. This Data Processing Addendum (Addendum) forms part of the Agreement between Fuze Software Limited (the Supplier) and the Customer identified in the relevant Contract.

2. The Supplier provides services to the Customer under the terms of the Agreement, including provision of software and related services which enable the Customer to manage its relationships with and contract with its end customers. In the course of providing such services, the Supplier may be required to receive and process certain Personal Data (as defined below) on behalf of the Customer. Such processing may continue during the term of the Agreement.

3. This Addendum sets out the additional terms, requirements and conditions on which the Supplier will process Personal Data when providing services under the Agreement.

4. In this Addendum, the following additional definitions apply:

  • Business Purposes: the provision of software and related services by the Supplier to the Customer under the Agreement, which also form the subject matter of the processing, and any other purposes specifically agreed between the parties from time to time.
  • Controller, Processor, Data Subject, Personal Data, Personal Data Breach, processing and appropriate technical and organisational measures: as defined in the Data Protection Legislation.
  • Data Protection Legislation: all applicable data protection and privacy legislation in force from time to time in the UK including the UK GDPR; the Data Protection Act 2018 (DPA 2018) (and regulations made thereunder); the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426) as amended; and all other legislation and regulatory requirements in force from time to time which apply to a party relating to the use of Personal Data (including, without limitation, the privacy of electronic communications).
  • Domestic Law: the law of the United Kingdom or a part of the United Kingdom.
  • UK GDPR: has the meaning given to it in section 3(10) (as supplemented by section 205(4)) of the Data Protection Act 2018.

5. This Addendum is subject to the terms of the Agreement and is incorporated into the Agreement. Interpretations and defined terms set out in the Agreement apply to this Addendum. Annex A forms part of this Addendum and has effect as if set out in full in the body of this Addendum. References to this Addendum include Annex A.

6. The parties will review the effectiveness of this Addendum every 12 months, having consideration to the Business Purposes.

7. The parties acknowledge that for the purposes of the Data Protection Legislation:

  • a. the Customer is the Controller and the Supplier is the Processor;
  • b. the Customer retains control of the Personal Data and remains responsible for its compliance obligations under the Data Protection Legislation, including but not limited to, providing any required notices and obtaining any required consents, and for the written processing instructions it gives to the Supplier;
  • c. Annex A out the nature of processing by the Supplier, the duration of the processing and the types of Personal Data and categories of Data Subject.

8. The Customer warrants and represents that the Supplier's expected use of the Personal Data for the Business Purposes and as specifically instructed by the Customer will comply with the Data Protection Legislation.

9. The Supplier will, in relation to any Personal Data processed in connection with the performance by the Supplier of its obligations under the Agreement:

  • a. process that Personal Data to the extent, and in such a manner, as is necessary for the Business Purposes in accordance with the Customer's written instructions unless the Supplier is required by Domestic Law to otherwise process that Personal Data. Where the Supplier is relying on Domestic Law as the basis for processing Personal Data, the Supplier will promptly notify the Customer of this before performing the processing required by the Domestic Law unless the Domestic Law prohibits the Supplier from doing so;
  • b. comply promptly with any Customer written instructions requiring the Supplier to amend, transfer, delete or otherwise process the Personal Data, or to stop, mitigate or remedy any unauthorised processing;
  • c. promptly notify the Customer if, in its opinion, the Customer's instructions do not comply with the Data Protection Legislation;
  • d. ensure that access to the Personal Data is limited to those employees who need access to the Personal Data to enable the Supplier to fulfil its rights and obligations under this Addendum and under the Agreement and that such employees are obliged to keep the Personal Data confidential;
  • e. ensure that it has in place appropriate technical and organisational measures to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures;
  • f. not transfer any Personal Data outside of the UK or EEA unless the prior written consent of the Customer has been obtained and the following conditions are fulfilled: (i) the Supplier is processing the Personal Data in a territory which is subject to adequacy regulations under the Data Protection Legislation that the territory provides adequate protection for the privacy rights of individuals (ii) the Customer or the Supplier has otherwise provided appropriate safeguards in relation to the transfer; (iii) the Data Subject has enforceable rights and effective legal remedies; (iv) the Supplier complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any Personal Data that is transferred; and (v) the Supplier complies with reasonable instructions notified to it in advance by the Customer with respect to the processing of the Personal Data;
  • g. provide reasonable assistance to the Customer, at the Customer's cost, in responding to any request from a Data Subject and in ensuring compliance with its obligations under the Data Protection Legislation with respect to: (i) Data Subject Rights, (ii) security of processing, (iii) breach notifications/reporting, (iv) data protection impact assessments and (v) consultations with supervisory authorities or regulators;
  • h. at the written direction of the Customer, delete or return Personal Data and copies thereof to the Customer on termination of the agreement unless required by Domestic Law to store the Personal Data;
  • i. without undue delay, notify the Customer in writing if it becomes aware of: (i) the loss, unintended destruction or damage, corruption, or un-usability of part or all of the Personal Data; (ii) any accidental, unauthorised or unlawful processing of the Personal Data; or (iii) any Personal Data Breach. Immediately following any such incident, the parties will co-ordinate with each other to investigate the matter. Further, the Supplier will reasonably co-operate with the Customer in the Customer's handling of the matter;
  • j. maintain and make available to the Customer sufficient records and information to demonstrate its compliance with the obligations laid down in the Data Protection Legislation and this Addendum and allow for and contribute to audits, including inspections, conducted by the Customer or another auditor mandated by the Customer.

10. The Supplier may continue to use those subcontractors already engaged by the Supplier as at the date of the Agreement. The Supplier may authorise further subcontractors to process Personal Data if: (i) the Customer is provided with a reasonable opportunity to object to the addition or replacement of any subcontractor; (ii) the Supplier enters into a written contract with the subcontractor that contains terms substantially the same as those set out in this Addendum, in particular, in relation to requiring appropriate technical and organisational data security measures; (iii) the subcontractor's contract terminates automatically on termination of this Addendum for any reason; and (iv) the Supplier remains fully liable to the Customer for the subcontractor's performance of its agreement obligations.

Data Processing Summary

Nature of Processing
The Personal Data shared under the Agreement may be subject to the following basic Processing activities together with such other activities as the Customer may direct:

  • Collection
  • Recording
  • Storage
  • Adaptation or alteration
  • Retrieval
  • Consultation
  • Use
  • Disclosure by transmission
  • Erasure or destruction

Types of Personal Data
Types of personal data may include the following: Name (which may include suffix, first name, middle name and last name); address; telephone number, email address. To the extent that the Software is used to facilitate a financial arrangement or payment, it is acknowledged that financial data may be transmitted via the Software to a third-party payment merchant (e.g. Stripe) or finance provider but such data will not be stored in the Software or otherwise held by the Supplier. The Customer must not use the Software to collect special category personal data.

Categories of Data Subjects
The category of Data Subjects will be employees, agents, contractors, or other contact persons of the Customer and/or the Customer’s end customers (being natural persons).

We use cookies to analyse our traffic, ensure our website works properly and to improve our service.
By clicking "Continue" to browse the website, you agree to the storing of cookies on your device. You can find out more by viewing our Privacy Policy.

Continue