This agreement is between
Data Processor or Dailymails: Dailymails.org, an online Email Marketing service provider company registered in India
Data Controller: a person or company that controls the personal data processed using Dailymails Services.
Website: dailymails.org and any of its subdomains.
Service or Services: all content, services and products available at, or through the Website, including, but not limited to, sending marketing emails using dailymails Website or API. API: Automated application programming interface to connect dailymails Services with other websites, servers or applications. Personal Data: any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier. Data Subject: an individual to whom Personal Data relates. Data Processing: processing of data on behalf of the Data Controller.
GDPR: General Data Protection Regulation (EU) 2016/679
The purpose of processing is to sending marketing email to users. This sending happens in an online, fully automated system. The subject matter of the contract is sending marketing email.
For the purpose of sending marketing email dailymails require the email address, email subject and email content only, it is a contact data.
Data Subjects may fall into any of the following categories: customers, potential customers, subscribers, employees, suppliers, agents, contact persons, or any other categories.
It is agreed that by signing this Data Protection Agreement any previous Data Protection Agreements between the Data Controller and Data Processor are terminated with immediate effect. Nothing within this contract relieves the Data Processor nor the Data Controller of its own direct responsibilities and liabilities under the GDPR.
The Data Processor processes large amount of Personal Data, therefor it has appointed data protection officer: Mr Kamta Prasad Singh (contact DPO: firstname.lastname@example.org).
The Data Processor provides the Data Controller with whatever information it needs to ensure they both meet the obligations under GDPR. The Data Controller is responsible for maintaining Data Subjects’ rights. The Data Processor assists the Data Controller allowing Data Subjects to exercise their rights.
The Data Processor ensures that people accessing the Personal Data are subject to a duty of confidence. The Data Processor may not use sub-processors without the prior written authorisation of the Data Controller.
The Data Processor will keep all Personal Data confidential and not disclose such data to third parties unless it has been authorised by the Data Controller or is required by law.
The Data Controller must have a lawful basis before beginning processing and should document it. The Data Processor reserves the right to ask the Data Controller for their documented lawful basis for processing. If requested the Data Controller must present their documented lawful basis for processing immediately but not later than 7 days.
Real time Data Processing through real time API takes no longer than 1 minute. Data uploaded in files – whether uploaded manually or using bulk API – may be processed as soon as possible after the process initiated by the Data Controller but can not take longer than 7 days. In terms of this agreement the Data Controller may initiate Data Processing as long as dailymails provides its Services.
The Data Processor stores and processes Personal Data on its servers in the India only.
The Data Processor takes appropriate measures to ensure the security of Data Processing. Servers that process or store raw data are accessible through the Data Processor’s own virtual private network only. The Data Processor stores result files in an encrypted format.
The data is processed automatically on the Data Processor’s servers, without human interaction. If the Data Controller requests, or in certain cases when Data Processor wishes to review user activities, the Data Processor’s colleagues have the right to review files uploaded and result files provided on the Data Processor’s Website. In case the Data Processor need to investigate a complaint, the Data Processor might process or re-process data through its system. The Data Processor makes sure the colleagues are vetted and trained before allowing them to complete any review. This review happens in a safe environment, all files are deleted after review.
From time to time the Data Processor might use contractors to develop its Services. These contractors must specifically agree not to use data other than specifically requested by the Data Processor. All employees and contractors of the Data Processor accessing Personal Data are required to sign a non-disclosure agreement. The Data Processor completes data protection impact assessments at least once a year and takes necessary actions to improve data security if any improvement areas are found.
The Data Processor stores original and results files for up to 2 months only, after this period all files are automatically and permanently deleted.
Data Controller may delete their files at any time.
The Data Processor will notify the Data Controller about any Personal Data breaches – including but not limited to accidental or unlawful access or disclosure - within 72 hours of becoming aware of the breach.
The Data Processor shall not be liable for any of the Data Controller’s claims, damages, losses, expenses, costs or other liability in the event of Personal Data breach or loss under any circumstances.
The Data Processor agrees to coordinate with supervisory authorities.
The Data Controller must instruct the Data Processor to process Personal Data. The Data Processor will process as and when
the Data Controller instructs. The Data Processor provides a fully automated system where the Data Controller can initiate
- When the Data Controller manually uploads Personal Data in a file for contacts, the Data Controller must click on a button to start/initiate process.
- Files containing Personal Data uploaded using bulk API will be started automatically.
- Personal Data processed using real time API is processed automatically.
The Data Processor keeps logs of all activities. Such as but not limited to file upload, results download, number of successful API calls.
Either party may terminate this agreement by giving each other 1 weeks notice in writing. If both parties agree to a new Data Protection Agreement, it is effective immediately after signature.
This agreement, and any dispute or claim arising out of or in connection with it shall be governed by the law of India.