RIMMS DATA POLICY
DATA COLLECTION AND USE
1. As between the Parties, the Client Data and any content related to the Client Data contributed and/or created by the Customer shall be fully owned by the Customer. The Customer shall have full control and responsibility regarding the nature of the Client Data collected and its use. The Company’s sole responsibility with respect to the foregoing shall be as a data processor (as defined in “The General Data Protection Regulation” (Regulation (EU) 2016/679)) to enable the collection and management of such Client Data through the Company’s Services.
2. The Company, in providing the Services, shall comply with and maintain industry best-practices and standards in relation to privacy, security and confidentiality.
3. The terms “data processor”, “personal data” and “processing” will have the meaning given to them by the The General Data Protection Regulation (Regulation (EU) 2016/679)
4. With respect to Client Data, the Customer appoints the Company as data processor. The Company will not assume any responsibility for determining the purposes for which, nor the manner in which, the Client Data is processed by the Customer.
5. The Company will:
5.1 Process the Client Data only in accordance with instructions from the Customer as appropriate (which may be specific instructions or instructions of a general nature as set out in this Agreement or as otherwise notified by the Customer during the Rental Term);
5.2 Unless otherwise requested by the Customer, process the Client Data only to the extent and in such a manner as is necessary for the provision of the Services;
5.3 Implement appropriate technical and organisational measures to protect the Client Data against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure which shall include, without limitation, complying with industry best-practices and standards in relation to privacy, security and confidentiality; and
5.4 Notify the Customer of any unauthorised or unlawful processing or any accidental loss, destruction, damage, alteration or disclosure of the Client Data as soon as it is made aware, and will keep the Customer informed of any subsequent, related developments.
6. The Company will not:
6.1 Process the Client Data for their own purposes;
6.2 Include the Client Data in any product or service offered by the Company to third parties;
6.3 Carry out any further research, analysis or profiling activity which involves the use of any element of the Client Data or any information derived from any processing of such Client Data outside the scope of the Services; and
6.4 Pass files containing the Client Data to any third party for further processing by that third party or its agents.
7. The Company acknowledges:
7.1 That the Customer is relying upon the Company’s skill and knowledge in order to assess what is “appropriate” to protect the Client Data against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure; and
7.2 That the technical and organisational measures shall be appropriate to the harm which might result from any unauthorised or unlawful processing and accidental loss, destruction or damage to the Client Data and having regard to the nature of the Client Data which is to be protected.
8. When implementing and updating technical and organisational measures the Company will have regard to:
8.1 The sensitive nature of the personal data contained within the Client Data and the substantial harm which would result from unauthorised or unlawful processing or accidental loss or destruction of or damage to such personal data; and
8.2 The state of technological development and the cost of implementing such measures.
9. The Company will ensure:
9.1 The reliability of any Company employees and personnel who have access to the Client Data;
9.2 That all Company employees and personnel involved in the processing of the Client Data have undergone adequate training in the care, protection and handling of personal data; and
9.3 That all such Company personnel perform their duties strictly in compliance with the provisions of of this Agreement by treating such Customer Data as Confidential Information.
10. The Company will promptly inform the Customer if it receives:
10.1 A request from a data subject concerning any information that may be contained in the Client Data; or
10.2 A complaint, communication or request relating to Customer’s obligations under the relevant data protection legislation from a regulator in a specific territory.
11. Upon reasonable request of the Customer, the Company agrees to submit its data processing facilities, data files and documentation needed for processing the Client Data to reviewing, auditing and/or certifying by the Customer (or any independent or impartial inspection agents or auditors, selected by the Customer and not reasonably objected to by the Company) to ascertain compliance with the warranties and undertakings in this Agreement, with reasonable notice and during regular business hours and subject to execution of proper and reasonable non disclosure agreement.
12. For any Client Data collected within the EEA, the Company will not process or permit the processing of that Client Data outside the European Economic Area other than with the prior written consent of the Customer. Where consent is granted by the Customer pursuant to this clause the Company undertakes to enter into a suitable agreement with the Customer and/or any relevant parties and/or adopt any necessary measures in order to ensure an adequate level of protection with respect to the privacy rights of individuals.
13. The Company will, at its own expense, make all reasonable commercial efforts to assist the Customer in complying with any obligations under any applicable data protection legislation according to instructions provided by the Customer and will not perform its obligations under this Agreement in contrary to such instructions in such a way as to cause the Customer to breach any of its obligations under any applicable data protection legislation.
14. The Company will not export, directly or indirectly, any technical data acquired from the Customer under this Agreement (or any products, including software, incorporating any such data) in breach of any applicable laws or regulations (Export Control Laws), including United States export laws and regulations, to any country for which the government or any agency thereof at the time of export requires an export licence or other governmental approval without first obtaining such licence or approval.