Privacy & Data Protection Terms
The General Terms & Conditions apply to the Privacy & Data Protection Terms in addition to these Privacy & Data Protection Terms.
Unless detailed in clause 1 in these Privacy & Data Protection Terms, any definitions are as defined in the General Terms & Conditions.
For the purposes of this Agreement:
1.1 “Scholar Web Services” means Scholar Web Services Limited, a limited company registered in England and Wales with registered number 09045808.
1.2 the “Client” means the client to whom Scholar Web Services is supplying goods and/or services.
1.3 the terms “data processor”, “data controller”, “data subject”, “personal data” and “process” shall be as defined in the EU General Data Protection Regulation ((EU) 2016/679) (“GDPR”).
1.4 Data Protection Laws means (i) unless and until the GDPR is no longer directly applicable in the UK, the General Data Protection Regulation ((EU) 2016/679) and any national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK and then (ii) any successor legislation to the GDPR or the Data Protection Act 1998.
1.5 “Services” means the goods and/or services to be provided by Scholar Web Services to the Client in accordance with Scholar Web Services’ terms of business.
2 PRIVACY & DATA PROTECTION NOTICE (SCHOLAR WEB SERVICES ACTING AS A DATA CONTROLLER)
2.1 This clause 2 shall apply to the extent that Scholar Web Services processes personal data provided by or relating to the Client in its capacity as a data controller as part of the Services. This includes but is not limited to any contact information and payment information relating to the Client that is obtained by or on behalf of Web Scholar Services as part of the Services.
2.2 Scholar Web Services shall be the data controller and responsible for personal data processed in accordance with this clause 2. The Client shall inform Scholar Web Services of any change to such personal data as soon as is reasonably practicable.
2.3 Scholar Web Services shall act in accordance with good industry practice in protecting such personal data, and shall not sell or otherwise transfer it to third parties for marketing activities in any circumstance without the Client’s prior consent. It may collect personal data directly from the Client, or indirectly from third parties or publically available sources (for example it may receive financial and transaction data from providers of payment services).
2.4 On occasion, Scholar Web Services may need to provide the Client’s name and delivery address to third parties that Scholar Web Services may use for the purposes of delivering specific services to the Client or its proposed successors. It may also share personal data with its professional advisers HM Revenue & Customs, regulators and other authorities and third parties to whom it may choose to sell, transfer, or merge parts of its business or assets. Scholar Web Services requires all third parties to respect the security of personal data and to treat it in accordance with the law. It does not allow its third-party service providers to use such personal data for their own purposes and only permit them to process the personal data for specified purposes and in accordance with its instructions.
2.5 Scholar Web Services shall be entitled to use the personal data of the Client in the due performance of the Services, this Agreement and (unless opted out in writing from time to time) for communication to the Client of Scholar Web Services’ own marketing information. The Client can ask Scholar Web Services to stop sending marketing messages at any time by following the opt-out links on any marketing message it receives.
2.6 Scholar Web Services does not transfer personal data outside of the European Economic Area.
2.7 If the Client fails to provide the personal data required by Scholar Web Services to carry out its Services, Scholar Web Services may not be able to perform the contract it has with the Client. In this case, Scholar Web Services may have to cancel Services the Client has requested upon notifying the Client.
2.8 Scholar Web Services will only use personal data for the purposes for which it collected the data, unless it reasonably considers that it needs to use it for another reason and that reason is compatible with the original purpose. If it needs to use the personal data for an unrelated purpose, it will notify the Client and explain the legal basis which allows it to do so. Please note that Scholar Web Services may process personal data without the Client’s knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
2.9 Scholar Web Services will only retain personal data for as long as necessary to fulfil the purposes it collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
2.10 Under certain circumstances, the data subject of such data has rights under data protection laws, which includes the following:
(a) Request access to the personal data (commonly known as a “data subject access request”). This enables the data subject to receive a copy of the personal data held about them and to check that it is being lawfully processed.
(b) Request correction of the personal data that is held about them. This enables them to have any incomplete or inaccurate data corrected, though Scholar Web Services may need to verify the accuracy of the new data provided.
(c) Request erasure of the personal data where there is no good reason for Scholar Web Services to continue to process it.
(d) Object to processing of the personal data where Web Scholar Services is relying on a legitimate and there is something about the data subject’s particular situation which makes them want to object to processing on this ground as they feel it impacts on their fundamental rights and freedoms.
(e) Request restriction of processing of the personal data (a) if the data subject wants Scholar Web Services to establish the data’s accuracy; (b) where Scholar Web Services’ use of the data is unlawful but they do not want Scholar Web Services to erase it; (c) where the data subject needs Scholar Web Services to hold the data even if Scholar Web Services no longer requires it as the data subject need it to establish, exercise or defend legal claims; or (d) the data subject has objected to Scholar Web Services’ use of the data but Scholar Web Services needs to verify whether it has overriding legitimate grounds to use it.
(f) Request the transfer of personal data to them or to a third party. Note that this right only applies to automated information which the data subject initially provided consent for Scholar Web Services to use or where Scholar Web Services used the information to perform a contract with the data subject.
(g) Withdraw consent at any time where Scholar Web Services is relying on consent to process the personal data.
The Client should contact Scholar Web Services if it wishes to exercise any of these rights.
2.11 Scholar Web Services has appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this Agreement.
3 DATA PROCESSING NOTICE (SCHOLAR WEB SERVICES ACTING AS A DATA PROCESSOR)
3.1 This clause 3 shall apply to the extent that Scholar Web Services processes personal data provided by the Client on the Client’s behalf as part of the Services. This shall include but not be limited to any personal data relating to the Client’s customers and end users. The parties acknowledge that for the purposes of the Data Protection Laws, the Client is the data controller and Scholar Web Services is the data processor in such instances.
3.2 Both parties will comply with their respective obligations under the applicable requirements of the Data Protection Laws. This obligation is in addition to, and does not relieve, remove or replace, a party’s obligations under the Data Protection Laws.
3.3 The following sets out the scope, nature and purpose of processing by Scholar Web Services, the duration of the processing and the types of personal data and categories of data subject:
(a) Processing by Scholar Web Services: The provision of data hosting services for the Client and indirectly its customers.
(b) Types of personal data: Each of the Client or its customers decide individually which users’ data is processed by configuration of data specific fields in the provided software or interface. Often, these are: first name(s), surname, department / organization, telephone number, fax number, e-mail address, IP address, address, payment details, other contact detail, location and personal data within the content of material transmitted and/or stored. Special or sensitive personal data is usually not requested or collected unless incidentally within content itself or unless the Client notifies Scholar Web Services of any in writing.
(c) Categories of data subject:
(i) Each of the Client or its customers decide individually the category of data subjects. Usually, these are: employees of or workers within the organisation as well as employees/workers of their partners and customers.
(ii) To submit ideas or create other content, users need to register accounts. In these accounts, personal data is managed by the user (in particular, registration, correction, deletion) in each case subject to any agreed written variation or addition between the Client and Scholar Web Services.
3.4 The Client declares and acknowledges that Scholar Web Services has no control, involvement, role or responsibility as to the type or use of data put by the Client itself or third parties generally including, without limitation, the Client’s servants, employees, agents, customers or representatives or end-users of the Client’s or Client’s customers’ services and Scholar Web Services merely provides an IT repository for data with a specified conduit for its movement to and from the Client or third party infrastructure. Scholar Web Services’ processing does not include the manipulation, selection, ordering, searching or monitoring of such personal data other than in a generic sense of storage in the scope of the Services. The Client is responsible for the cleansing, updating, timely deletion and maintenance of such personal data as far as Data Protection Laws permits.
3.5 The Client will ensure that it has all necessary appropriate consents and notices in place to enable lawful transmission of the personal data to Scholar Web Services and its processing in accordance with this Agreement for the duration and purposes of this Agreement.
3.6 Without prejudice to the generality of clause 3.2, Scholar Web Services shall, in relation to any personal data processed in connection with the performance by Scholar Web Services of its obligations under clause 3 of this Agreement:
(a) process that personal data only in accordance with the performance of the Services or as otherwise required under this Agreement (this Agreement being agreed to constitute written instructions from the Client for processing of personal data) or by variation of Services agreed with Scholar Web Services;
(b) process that personal data if required by the laws of any member of the European Union or by the laws of the European Union applicable to Scholar Web Services to process personal data (Applicable Laws). Where Scholar Web Services is relying on laws of a member of the European Union or European Union law as the basis for processing personal data outside of pre-agreed processing, Scholar Web Services shall promptly notify the Client of this before performing the processing required by the Applicable Laws unless those Applicable Laws prohibit Scholar Web Services from so notifying the Client;
(c) ensure that it has in place appropriate technical and organisational measures to protect against unauthorised or unlawful processing of that personal data and against accidental loss or destruction of, or damage to, the personal data, having regard to the state of technological development and the cost of implementing any and taking reasonable steps to comply with good industry standard for England, subject always to Scholar Web Services’ terms of business;
(d) ensure that all personnel who have access to and/or process such personal data are obliged not to permit disclosure of the personal data except as required by law or for the purposes of this Agreement; and
(e) not transfer such personal data outside of the European Economic Area (other than the Client’s transmission and receipt of data over the Internet and the use of similar networks that may involve part of the network being located outside the European Economic Area and/or the UK), unless the prior written consent of the Client has been obtained;
(f) assist the Client, at the Client’s cost using Scholar Web Services’ then current standard time rates, in responding to any request from a data subject and in ensuring compliance with its obligations under the Data Protection Laws with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators;
(g) notify the Client without undue delay on becoming aware of a material personal data breach committed by Scholar Web Services, its servants or agents and take reasonable steps to prevent further disclosure or breach and mitigate the potential adverse effects on affected data subjects in cooperation with the Client;
(h) at the written direction of the Client, delete or return to the Client or allow the Client to retrieve from dedicated equipment the personal data and copies thereof on termination of the Services unless required by Applicable Law to store the personal data (the Client acknowledge’s that where Scholar Web Services’ terms of business allow or require it to destroy data then the Client will already have deemed to given written instructions to delete the data in such instances and that Scholar Web Services will not be required to return to this data);
(i) maintain appropriate records and information to demonstrate its compliance with this clause 3;
(j) in accordance with Data Protection Laws, make available to the Client such information as is reasonably necessary to demonstrate Scholar Web Services’ compliance with its obligations under Article 28 of the GDPR (and under any Data Protection Laws equivalent to that Article 28), and allow for and contribute to audits, including inspections, by the Client’s professional appointee for this purpose, subject to the Client:
(i) giving Scholar Web Services reasonable prior notice of such information request, audit and/or inspection being required by the Client;
(ii) ensuring that all information obtained or generated by the Client or its auditor(s) in connection with such information requests, inspections and audits is kept strictly confidential (save for disclosure to the supervisory authority under Data Protection Laws or as otherwise required by Applicable Laws);
(iii) ensuring that such audit or inspection is undertaken during normal business hours, with minimal disruption to Scholar Web Services’ business, any sub-processors’ business and the business of other customers of Scholar Web Services; and
(iv) paying Scholar Web Services costs using the then current standard time rates of Scholar Web Services for assisting with the provision of information and allowing for and contributing to inspections and audits.
3.7 The Client consents to Scholar Web Services appointing third party processor of personal data under this Agreement. Scholar Web Services confirms that it has entered or (as the case may be) will enter with the third-party processor into a written agreement substantially on that third party’s standard terms of business (to be supplied to the Client if requested other than commercially sensitive information). Scholar Web Services may, at any time on not less than 30 days’ notice, revise this clause 3 by replacing it with any applicable controller to processor standard clauses or similar terms forming part of an applicable certification scheme (which shall apply when replaced by addition of an attachment or schedule to this Agreement). In addition and notwithstanding any other provisions of this clause, the approval requirements for subcontracting shall not apply in cases where Scholar Web Services subcontracts ancillary deliverables to third parties; such including, the provision of external contractors, data back-up and disaster recovery, telecoms providers, third party hosting providers, third party colocation providers, mail, shipping and receiving services, and maintenance services. Scholar Web Services may conclude, with such third parties, any agreement reasonably necessary for the adequate protection of personal data.
3.8 Scholar Web Services shall nominate a point of contact for all issues related to data privacy and protection within the scope of the Agreement and pending notification otherwise this will be the Managing Director of Scholar Web Services.
3.9 The Client shall immediately confirm oral instructions (at the minimum in text form) relevant to this Agreement or Data Protection Laws.
3.10 If Scholar Web Services informs the Client that it considers that an instruction violates Data Protection Laws then it shall be entitled to suspend the execution of the relevant instructions until the Client demonstrates their compliance or changes them to be compliant to the reasonable satisfaction of Scholar Web Services.
3.11 The Client shall, without undue delay, inform Scholar Web Services of any defect that the Client considers has occurred in their and/or Scholar Web Services’ compliance with Data Protection Laws and provide all information reasonably requested by Scholar Web Services in relation to the same.
3.12 The Client shall be obliged to maintain the public register of processing in accordance with Article 30 (1) GDPR.